Date: Sat, 3 Aug 2024 13:11:34 +0900 From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp> To: Ka Ho Ng <khng300@gmail.com> Cc: Alan Somers <asomers@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: RFC: ACLs on fusefs Message-ID: <20240803131134.20f61fe590d1929a1733abc3@dec.sakura.ne.jp> In-Reply-To: <CANnchUZAvj8WkJ5FOsd8=3MAcDCeqEvGtDyzHh4x3jSaDoZ8QA@mail.gmail.com> References: <CAOtMX2jska_8yG0tf31nEFDQCkQODim8yLBt2qRQ4LbBVc8ZAQ@mail.gmail.com> <CANnchUbF1Pe=HcLJ%2BNTEFHB92Jv12zFZ76OJz8DD-LOGfOfOuA@mail.gmail.com> <CANnchUZAvj8WkJ5FOsd8=3MAcDCeqEvGtDyzHh4x3jSaDoZ8QA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm not understanding the implementation of fusefs, but possible
problem to be considered is the levels of suuports for EAs and ACLs of
each implemented filesystems.
What I recall is the implementation of EAs on OS/2.
IIRC, HPFS natively supported EAs and WPS/Presentation manager-specific
attributes (like registry on recent Windoze).
To support both on FAT, OS/2 used 2 hidden system files named
EA_DATA.SF and WP_ROOT.SF respectively.
What's needed to consider would be:
a) Store EAs and ACLs on hidden system files with fixed name
on the root directory of filesystems which don't support
EAs and/or ACLs.
b) Silently ignore unsupportd attributes/ACLs and store supported
ones only without returning error.
c) Error out if any of unsupported attributes/ACLs are specified.
Maybe b) would be fatally problematic, as admins who don't understand /
don't want to learn about implementations in deep would missingly
believe every attribs/ACLs are completely and flawlessly stored even on
filesystems which does not support them.
a) would be best, if ALL FUSEFS GUYS ON OTHER OS'es agree with the
specific filename and its internals, promissing to implement theirs as
such, too. Unfortunately, maybe not realistic, unless ISO/IEC or POSIX
mandates the support and standardize the name and formats of special
file.
On Fri, 2 Aug 2024 22:53:05 -0400
Ka Ho Ng <khng300@gmail.com> wrote:
> Having said that, I am not sure if the FUSE protocol itself is extensible
> to accommodate the needs to directly implement the counterparts of our
> existing ACL syscalls. Otherwise XATTR tunneling for both NFSv4 and POSIX
> 1.e on FUSE might be the only way to go.
>
> May I know if there're any users of the XATTR approach besides the
> e2fsprogs/fuse2fs implementation of the EXT4 filesystem?
>
> Ka Ho
>
> On Fri, Aug 2, 2024, 22:34 Ka Ho Ng <khng300@gmail.com> wrote:
>
> > I would rather see the support of XATTR and NFSv4 ACL being two orthogonal
> > things, just like how it's being worked out on ZFS.
> >
> > On Fri, Aug 2, 2024, 19:58 Alan Somers <asomers@freebsd.org> wrote:
> >
> >> TLDR;
> >> how useful would it be if fusefs(4) could support ACLs?
> >>
> >> The current state of fusefs is that while it has full support for
> >> extended attributes, it lacks any support for ACLs. If a file system
> >> image contains files with ACL entries, the user can look them up with
> >> getextattr, but they'll just look like a binary blob. getfacl won't
> >> work at all. And the file system won't be able to enforce the ACLs
> >> during VOP_ACCESS.
> >>
> >> Fixing this situation for posix.1e ACLs would require three things:
> >> * A good test suite for posix.1e ACLs. pjdfstest has some tests, but
> >> it's incomplete.
> >> * An example file system to use for testing the kernel driver. It
> >> isn't sufficient for the example file system merely to support xattrs,
> >> because the file system server must also enforce inheritance of
> >> default ACLs.
> >> * The actual kernel support. Enforcing ACLs during VOP_ACCESS must be
> >> done within the kernel, not the server. The important parts are
> >> already in sub_acl_posix1e.c. The fusefs test suite would need a few
> >> more test cases for VOP_GETACL and VOP_SETACL, but wouldn't need to
> >> test any of the fancy stuff, like inheritance or enforcement during
> >> access.
> >>
> >> Fixing the situation for NFSv4 ACLs would require the above, and also
> >> a small extension to the fusefs protocol.
> >>
> >> All of the above might make a good GSoC project. But is it worth our
> >> time? How many real-world users would benefit? Alternatively, doing
> >> just the kernel support would be fairly easy. That would be too small
> >> for GSoC. But we could easily overlook important bugs if we don't do
> >> the other steps, too.
> >>
> >> So my question is: is this worthwhile? Does anybody know of a
> >> real-world workload that would benefit?
> >>
> >>
--
Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240803131134.20f61fe590d1929a1733abc3>