[OpenAFS-devel] Re: New volume header field: root DV

[Derrick Brashear]

On Tue, Mar 2, 2010 at 3:47 PM, Andrew Deason <adeason@sinenomine.net> wrote:
> On Tue, 2 Mar 2010 15:15:49 -0500
> Derrick Brashear <shadow@gmail.com> wrote:
>
>> I still advocate the "no, the volume is trashed, we give you a high dv
>> and make the volume readonly" approach. if you lost the root vnode,
>> you're not really in good shape. But I'm unwilling to suggest it's the
>> "one true way"
>
> For clarification/context: the approach described is to encourage the
> user to only use the volume to copy data to a new volume, since the old
> one is fragile/trashed. (At least, that's my take; correct me if I'm
> wrong)

Correct.

> I'm leaning towards agreeing with that, but I'm unsure if our "don't use
> this volume" sign is sufficiently big and flashy. We can log, and we can
> prevent writes (to clarify: you just mean via the root ACL, right?), but
> I'm pretty sure even then someone's going to use it anyway.

That'd be a start; we could certainly go further.

> We can only prevent self-foot-shooting so much... but would it be going
> too far to drop a file in the new root dir, that actually says to not
> use the volume? Since everything in the dir will be orphans, we
> shouldn't need to worry about colliding with another filename.

That seems reasonable, namely, we could make it be the only file whose
name does *not* contain ORPHAN.