From nobody Sat Aug  3 16:10:05 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WbnjR1QsKz5Sfqb
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sat, 03 Aug 2024 16:10:19 +0000 (UTC)
	(envelope-from asomers@gmail.com)
Received: from mail-oo1-f46.google.com (mail-oo1-f46.google.com [209.85.161.46])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WbnjQ4qy2z4WX4
	for <freebsd-hackers@freebsd.org>; Sat,  3 Aug 2024 16:10:18 +0000 (UTC)
	(envelope-from asomers@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-oo1-f46.google.com with SMTP id 006d021491bc7-5d5e97b8adbso3811487eaf.1
        for <freebsd-hackers@freebsd.org>; Sat, 03 Aug 2024 09:10:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1722701417; x=1723306217;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wmYcJChwULjKxG+8OpmvGvGRfkVbM4VXLdC0Ya9fLK8=;
        b=Me730G3Y7zVqep7wRW665ttPK8iF+tnVAdmuJHgYTc4KMGTJR1lStDk+PrGioBrtVq
         8xha16+i8N+kTq4xMC8vMGDzPtimWCTx8D5Gcao/JISeIHdV+gTEZ85EpAQY2sRQ+nuq
         unCXzB4FUGhl4If1vYWprbWNeDxjgUPIZA6KDqdUegFUEoXAxievck6IcsUcBZXoZ7Yh
         HEqx6HCu7Vl22EpSugIhH/PY8iR/i84Q99+2UGQIYYx8ucS8eK4c7nbymqD4DiD/R/+V
         fm2lHVglkQVG1s9QqMx6v4Aelp0aKGq6I1BR2xplNDCS/eiNkYQsgfq1/1xotIVt2JlH
         cZGA==
X-Forwarded-Encrypted: i=1; AJvYcCX7ekGWI6QbfnVpyJ50TvPl5YI4O6VDNBSpDdekS47YhWnwGi+qJERVHtcxVvuy3DHMlLGgg4VpSUcOz2a/Ti799eWJRee0qXP+5JE=
X-Gm-Message-State: AOJu0Yy90aFGj64jC8ELoBsuEBRnZGPJ1erQ0S2SD0AoFa+hpsE9ZeP8
	kLif4tv0NJBHIpLLbv6JpEPRhZ2sgFpR7ONE2P9qVrUFUVLn/nd2C21O3NaiGuRMW8YGdzGrLKA
	x27WD4N9k5w+M1RB+l+NBiOY/tTvFeA==
X-Google-Smtp-Source: AGHT+IE4kXP+nIYWw0LjgFbszs4RU5zEd13zSU8IF7JyEGW+/ZylxVPIkIrjwM2m5eE7mrrs41iiwhb6paTK2340O2I=
X-Received: by 2002:a05:6358:6f97:b0:1a4:e539:26af with SMTP id
 e5c5f4694b2df-1af3bac1a68mr827152455d.27.1722701417231; Sat, 03 Aug 2024
 09:10:17 -0700 (PDT)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
References: <CAOtMX2jska_8yG0tf31nEFDQCkQODim8yLBt2qRQ4LbBVc8ZAQ@mail.gmail.com>
 <202408030413.4734D5gd042998@donotpassgo.dyslexicfish.net>
 <CAOtMX2gHnNna_o6ig23PEPabWnQzPvQe-N8N+V8CAdsY-AzCBQ@mail.gmail.com> <drs3qfdinxk4siilsayycgp6imlzkmtxihhvtyhw3bssyszjgh@v7v4cav4ibcx>
In-Reply-To: <drs3qfdinxk4siilsayycgp6imlzkmtxihhvtyhw3bssyszjgh@v7v4cav4ibcx>
From: Alan Somers <asomers@freebsd.org>
Date: Sat, 3 Aug 2024 10:10:05 -0600
Message-ID: <CAOtMX2gBrEO0NdoUkLPJQ8M81DmPwhRuSxuRkJuf=H1JwOn7WQ@mail.gmail.com>
Subject: Re: RFC: ACLs on fusefs
To: Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: Jamie Landeg-Jones <jamie@catflap.org>, freebsd-hackers@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]
X-Rspamd-Queue-Id: 4WbnjQ4qy2z4WX4

On Sat, Aug 3, 2024 at 10:00=E2=80=AFAM Shawn Webb <shawn.webb@hardenedbsd.=
org> wrote:
>
> On Sat, Aug 03, 2024 at 09:03:38AM -0600, Alan Somers wrote:
> > On Fri, Aug 2, 2024 at 10:13=E2=80=AFPM Jamie Landeg-Jones <jamie@catfl=
ap.org> wrote:
> > >
> > > Alan Somers <asomers@FreeBSD.org> wrote:
> > >
> > > > TLDR;
> > > > how useful would it be if fusefs(4) could support ACLs?
> > >
> > > I, personally, don't use ACLs generally, so have not missed them on
> > > fusefs.
> > >
> > > However, I do make extensive use of XATTRs, so those are what I've
> > > really missed.
> > >
> > > I didn't know xatrs were now supported - is that a new thing, or mayb=
e
> > > the client I use (borgs sshfs implementation) needs to be updated?
> > >
> > > Cheers, Jamie
> >
> > Our fusefs has supported xattrs for a long time.  But the specific
> > fuse file system needs support too.  Looking right now, I don't see
> > any support in sysutils/fusefs-sshfs .
>
> In fact, I have a (significantly buggy) proof-of-concept fusefs server
> that stores file payload data as extended attributes. Since the tar
> file format supports extended attributes, this makes data exfiltration
> somewhat easier.
>
> Though, I suppose, since my proof-of-concept is buggy, using my
> solution would make data exfil somewhat more difficult. ;-)
>
> Hopefully someday, I'll have the time to finish the PoC and make it
> usable for production.
>
> PoC code: https://git.hardenedbsd.org/shawn.webb/altfs

That's interesting.  It looks like the opposite of what Tomoaki was
describing.  What's the intended application?  Is it like a sort of
unionfs, used to place a second file system on-top of an existing one?