Date: Sat, 3 Aug 2024 08:53:05 -0600 From: Alan Somers <asomers@freebsd.org> To: Ka Ho Ng <khng300@gmail.com> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: RFC: ACLs on fusefs Message-ID: <CAOtMX2gagBHtQTpZoYk66To4ayekErb__iUYq8bTwo8bkn3Ukw@mail.gmail.com> In-Reply-To: <CANnchUZAvj8WkJ5FOsd8=3MAcDCeqEvGtDyzHh4x3jSaDoZ8QA@mail.gmail.com> References: <CAOtMX2jska_8yG0tf31nEFDQCkQODim8yLBt2qRQ4LbBVc8ZAQ@mail.gmail.com> <CANnchUbF1Pe=HcLJ%2BNTEFHB92Jv12zFZ76OJz8DD-LOGfOfOuA@mail.gmail.com> <CANnchUZAvj8WkJ5FOsd8=3MAcDCeqEvGtDyzHh4x3jSaDoZ8QA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 2, 2024 at 8:53=E2=80=AFPM Ka Ho Ng <khng300@gmail.com> wrote: > > Having said that, I am not sure if the FUSE protocol itself is extensible= to accommodate the needs to directly implement the counterparts of our exi= sting ACL syscalls. Otherwise XATTR tunneling for both NFSv4 and POSIX 1.e = on FUSE might be the only way to go. Not currently. There's no way to send an ACL to a fuse server except as an extended attribute. That's similar to how ACLs work on UFS. Some kind of FUSE_SETFACL operation could be added, but only if there's a file system that needs it. > > May I know if there're any users of the XATTR approach besides the e2fspr= ogs/fuse2fs implementation of the EXT4 filesystem? Actually, fusefs-ext2 doesn't make use of ACLs. Neither do sysutils/e2fsprogs-core or sysutils/fusefs-lkl. I don't know of any fuse file system that does, though I haven't grepped them all. > > Ka Ho > > > On Fri, Aug 2, 2024, 22:34 Ka Ho Ng <khng300@gmail.com> wrote: >> >> I would rather see the support of XATTR and NFSv4 ACL being two orthogon= al things, just like how it's being worked out on ZFS. >> >> >> On Fri, Aug 2, 2024, 19:58 Alan Somers <asomers@freebsd.org> wrote: >>> >>> TLDR; >>> how useful would it be if fusefs(4) could support ACLs? >>> >>> The current state of fusefs is that while it has full support for >>> extended attributes, it lacks any support for ACLs. If a file system >>> image contains files with ACL entries, the user can look them up with >>> getextattr, but they'll just look like a binary blob. getfacl won't >>> work at all. And the file system won't be able to enforce the ACLs >>> during VOP_ACCESS. >>> >>> Fixing this situation for posix.1e ACLs would require three things: >>> * A good test suite for posix.1e ACLs. pjdfstest has some tests, but >>> it's incomplete. >>> * An example file system to use for testing the kernel driver. It >>> isn't sufficient for the example file system merely to support xattrs, >>> because the file system server must also enforce inheritance of >>> default ACLs. >>> * The actual kernel support. Enforcing ACLs during VOP_ACCESS must be >>> done within the kernel, not the server. The important parts are >>> already in sub_acl_posix1e.c. The fusefs test suite would need a few >>> more test cases for VOP_GETACL and VOP_SETACL, but wouldn't need to >>> test any of the fancy stuff, like inheritance or enforcement during >>> access. >>> >>> Fixing the situation for NFSv4 ACLs would require the above, and also >>> a small extension to the fusefs protocol. >>> >>> All of the above might make a good GSoC project. But is it worth our >>> time? How many real-world users would benefit? Alternatively, doing >>> just the kernel support would be fairly easy. That would be too small >>> for GSoC. But we could easily overlook important bugs if we don't do >>> the other steps, too. >>> >>> So my question is: is this worthwhile? Does anybody know of a >>> real-world workload that would benefit? >>>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2gagBHtQTpZoYk66To4ayekErb__iUYq8bTwo8bkn3Ukw>