pub fn enable_verity_with_retry<H: FsVerityHashValue>(
fd: impl AsFd,
) -> Result<(), EnableVerityError>Expand description
Enable fs-verity on the given file, retrying if file is opened for writing.
This uses enable_verity_raw() and is subject to the same restrictions and features.
A common pattern with fsverity files is:
- Open a read-write file descriptor
- Write data to the read-write file descriptor
- Re-open the file descriptor as a new read-only descriptor
- Close the read-write file descriptor
- Enable fsverity on the read-only file descriptor
However, in a multi-threaded program, it is possible that another
thread calls fork() while the read-write descriptor is valid,
thus making a copy of the read-write descriptor. If the forked
process does not close the file descriptor either explicitly or by
calling exec() via O_CLOEXEC, then attempting to enable fsverity
on the read-only file descriptor will fail with ETXTBSY. It is
generally assumed that the file descriptor will be closed rather
quickly under these circumstances, so this function will try to
enable verity three times, pausing for one millisecond between
attempts.