Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Apr 2021 11:41:16 +0300
From:      Gleb Popov <arrowd@freebsd.org>
To:        freebsd-hackers <freebsd-hackers@freebsd.org>
Subject:   ACLs are not reflected in FS extended attributes
Message-ID:  <CALH631m8bC5SoRhC1Q1X1%2BmN7tgT3Ti%2BTwhronSNZeX3Qn%2Bg-g@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hello hackers.

I'm trying to implement Linux acl_extended_file() function [1] within our
libc. On Linux this function is implemented via getxattr, a function that
reads extended attributes from the file [2][3]

My implementation follows the Linux one:


int
acl_extended_file_np(const char *path_p)
{
return _acl_extended_file(extattr_get_file, path_p);
}

int _acl_extended_file(getattr_func f, const char* path_p)
{
int base_size = 9999; // figure out this later
int retval;

retval = f(path_p, POSIX1E_ACL_ACCESS_EXTATTR_NAMESPACE,
POSIX1E_ACL_ACCESS_EXTATTR_NAME, NULL, 0);
printf("Retval1: %d\n", retval);
if (retval < 0 && errno != ENOATTR)
  return -1;
if (retval > base_size)
  return 1;
retval = f(path_p, POSIX1E_ACL_DEFAULT_EXTATTR_NAMESPACE,
POSIX1E_ACL_DEFAULT_EXTATTR_NAME, NULL, 0);
printf("Retval2: %d\n", retval);
if (retval < 0 && errno != ENOATTR)
  return -1;
if (retval > base_size)
  return 1;
return 0;
}


However, when I tried to use it, I stumbled upon following differences:

- It requires root permissions to operate. I guess this is because it tries
to look at "system" extattr namespace.
- It doesn't work anyways due to "Attribute not found" error.

And indeed, the same behavior can be seen when using command line tools.
On Linux:
$ setfacl -m u:someuser:rwx somefile
$ getfattr -d -m - somefile
system.posix_acl_access=<mangled ACL data>


On FreeBSD:
$ setfacl -m u:someuser:rwx:allow somefile
$ sudo getextattr system posix1e.acl_access somefile
failed: Attribute not found

I guess that FreeBSD behaviour is actually not a bug and libacl just uses
some internal knowledge about how ACL/xattr is implemented on Linux. If
this is correct, how should I approach implementing this function on
FreeBSD?

Thanks in advance.

[1] https://linux.die.net/man/3/acl_extended_file
[2]
http://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/acl_extended_file.c
[3]
http://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/__acl_extended_file.c

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALH631m8bC5SoRhC1Q1X1%2BmN7tgT3Ti%2BTwhronSNZeX3Qn%2Bg-g>