From owner-freebsd-hackers@FreeBSD.ORG  Sat Nov  9 21:06:34 2013
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 8D024312
 for <freebsd-hackers@freebsd.org>; Sat,  9 Nov 2013 21:06:34 +0000 (UTC)
 (envelope-from kientzle@freebsd.org)
Received: from monday.kientzle.com (99-115-135-74.uvs.sntcca.sbcglobal.net
 [99.115.135.74])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 69390234B
 for <freebsd-hackers@freebsd.org>; Sat,  9 Nov 2013 21:06:33 +0000 (UTC)
Received: (from root@localhost)
 by monday.kientzle.com (8.14.4/8.14.4) id rA9L6PAk030065;
 Sat, 9 Nov 2013 21:06:25 GMT (envelope-from kientzle@freebsd.org)
Received: from [192.168.2.123] (CiscoE3000 [192.168.1.65])
 by kientzle.com with SMTP id sgh2kmq63kn3g2w6edd38vfijw;
 Sat, 09 Nov 2013 21:06:25 +0000 (UTC)
 (envelope-from kientzle@freebsd.org)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
Subject: Re: Are extended attributes data or meta-data?
From: Tim Kientzle <kientzle@freebsd.org>
In-Reply-To: <20131108234505.GC8321@server.rulingia.com>
Date: Sat, 9 Nov 2013 13:06:24 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <502A2D02-6AB3-42FC-94D8-261A208751ED@freebsd.org>
References: <20131108234505.GC8321@server.rulingia.com>
To: Peter Jeremy <peter@rulingia.com>
X-Mailer: Apple Mail (2.1822)
Cc: freebsd-hackers Hackers <freebsd-hackers@freebsd.org>
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Nov 2013 21:06:34 -0000


On Nov 8, 2013, at 3:45 PM, Peter Jeremy <peter@rulingia.com> wrote:

> I've been getting regular error messages logged by afpd:
> Nov  9 00:00:19 server afpd[1966]: sys_getextattr_size: error: =
Permission denied
> I have spent some time digging into it and it's triggered by
> extattr_get_link(2) returning EACCESS because a file is not readable,
> but stat(2) on the file succeeded.
>=20
> According to extattr(2), "[n]amed extended attributes are meta-data
> associated with vnodes" but the actual code for VOP_GETEXTATTR() (at =
least
> for ufs & zfs) checks for VREAD access, whereas the VOP_GETATTR() call
> (used by stat(2)) doesn't include any access checks (so stat(2) will
> succeed unless namei() fails).
>=20
> IMHO, this behaviour is inconsistent:  The extended attributes are
> documented as "meta-data" and but the access checks are for "data".
> Which is correct?

Practically speaking, extended attributes are used both
for data and metadata.

I would consider the existing behavior (extattr calls fail on
non-readable files) to be correct in the absence of NFSv4
ACLs (which include a specific permission for extattr readability).

The extattr(2) manpage should probably document that
the calls fail on non-readable files.

Tim