From nobody Sat Aug 3 14:53:05 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Wbm0c17dRz5SYn5 for ; Sat, 03 Aug 2024 14:53:20 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-ua1-f51.google.com (mail-ua1-f51.google.com [209.85.222.51]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wbm0b42Y0z4Kkf for ; Sat, 3 Aug 2024 14:53:19 +0000 (UTC) (envelope-from asomers@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-ua1-f51.google.com with SMTP id a1e0cc1a2514c-8225a1f4d5fso2251856241.0 for ; Sat, 03 Aug 2024 07:53:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722696798; x=1723301598; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BZwQWuLymhgfBw9kuzAtUwTc/JcmyEKrS3jWwVZ0TME=; b=gVmUa03o7fAz4tPRjz5vyBVs0/PR9D4GuLC0z4pK0rfLSLK/EfxfXYy7uL7d6H+Er9 hO5Hg34BuZpRKr1tDdsQAYLCFiqJrHMrNGrGzOtzCUbaoq0JeoLaS+ETfQ8c82W3gxhE TBMo3SOnydc8uI0yMoiBodtAza2Kp53YgohqdOyk8vaY/QR9ieaj5s9/0WqV2A7xsv/R j4GywDqYoxmv0FhJscPTAn+JgSoItUkDxdGpDNajqHrx71lVnMHzx9QuEhlDOkemmURK Y2KwFqAa6fgHG68mQZhRDZtg+hs6niNRmgAYbdlxtE7ZabyMRpKn6Od9osCcwV80m667 P/uw== X-Gm-Message-State: AOJu0YzvjsP5aFtNXL77BVdjSfD11j2XXibbQBTTsrNaVp0S7cT3A3ir G/qwOpxMrLfkPld3DnzlW+qw2EcxSTeZSGCAxyoN1pjdCTkg1d7xPnthqzexoo4+tDRoNemYfqD QfQhWfgVOpbh3JAbFhdngWFusuwQY7w== X-Google-Smtp-Source: AGHT+IH0uOTaNRzPcsWt+BswMjycd+Hn5Xa53kr2RyxaYD6dGrJ+xqSWtzKtwxLiTFDL37nm+Bhr40504UBqYAXiO+I= X-Received: by 2002:a05:6102:26d3:b0:493:bcbd:4633 with SMTP id ada2fe7eead31-4945bdb0381mr6377297137.3.1722696797748; Sat, 03 Aug 2024 07:53:17 -0700 (PDT) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 References: In-Reply-To: From: Alan Somers Date: Sat, 3 Aug 2024 08:53:05 -0600 Message-ID: Subject: Re: RFC: ACLs on fusefs To: Ka Ho Ng Cc: FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4Wbm0b42Y0z4Kkf On Fri, Aug 2, 2024 at 8:53=E2=80=AFPM Ka Ho Ng wrote: > > Having said that, I am not sure if the FUSE protocol itself is extensible= to accommodate the needs to directly implement the counterparts of our exi= sting ACL syscalls. Otherwise XATTR tunneling for both NFSv4 and POSIX 1.e = on FUSE might be the only way to go. Not currently. There's no way to send an ACL to a fuse server except as an extended attribute. That's similar to how ACLs work on UFS. Some kind of FUSE_SETFACL operation could be added, but only if there's a file system that needs it. > > May I know if there're any users of the XATTR approach besides the e2fspr= ogs/fuse2fs implementation of the EXT4 filesystem? Actually, fusefs-ext2 doesn't make use of ACLs. Neither do sysutils/e2fsprogs-core or sysutils/fusefs-lkl. I don't know of any fuse file system that does, though I haven't grepped them all. > > Ka Ho > > > On Fri, Aug 2, 2024, 22:34 Ka Ho Ng wrote: >> >> I would rather see the support of XATTR and NFSv4 ACL being two orthogon= al things, just like how it's being worked out on ZFS. >> >> >> On Fri, Aug 2, 2024, 19:58 Alan Somers wrote: >>> >>> TLDR; >>> how useful would it be if fusefs(4) could support ACLs? >>> >>> The current state of fusefs is that while it has full support for >>> extended attributes, it lacks any support for ACLs. If a file system >>> image contains files with ACL entries, the user can look them up with >>> getextattr, but they'll just look like a binary blob. getfacl won't >>> work at all. And the file system won't be able to enforce the ACLs >>> during VOP_ACCESS. >>> >>> Fixing this situation for posix.1e ACLs would require three things: >>> * A good test suite for posix.1e ACLs. pjdfstest has some tests, but >>> it's incomplete. >>> * An example file system to use for testing the kernel driver. It >>> isn't sufficient for the example file system merely to support xattrs, >>> because the file system server must also enforce inheritance of >>> default ACLs. >>> * The actual kernel support. Enforcing ACLs during VOP_ACCESS must be >>> done within the kernel, not the server. The important parts are >>> already in sub_acl_posix1e.c. The fusefs test suite would need a few >>> more test cases for VOP_GETACL and VOP_SETACL, but wouldn't need to >>> test any of the fancy stuff, like inheritance or enforcement during >>> access. >>> >>> Fixing the situation for NFSv4 ACLs would require the above, and also >>> a small extension to the fusefs protocol. >>> >>> All of the above might make a good GSoC project. But is it worth our >>> time? How many real-world users would benefit? Alternatively, doing >>> just the kernel support would be fairly easy. That would be too small >>> for GSoC. But we could easily overlook important bugs if we don't do >>> the other steps, too. >>> >>> So my question is: is this worthwhile? Does anybody know of a >>> real-world workload that would benefit? >>>