No announcement yet.

User Xattr Support Finally Landing For NFS In Linux 5.9

  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by jabl View Post

    AFAICT, no. There has been a patch to add the required functionality to the Linux VFS for ages called richacls, , but the Linux VFS maintainer apparently hates the idea of ACL's in general so the project has never been merged.
    I remember reading this at the time. Shame there has been no progress made on this since. I was aware that the VFS maintainer didn't like them. However, now we have full support for them in other systems, it is now an interoperability burden and Linux is all the poorer for not having them.

    If I export a ZFS filesystem from FreeBSD to Windows over CIFS, or other Unix systems over NFSv4, they all have the full permissions model available. Except Linux. It makes Linux a second-class system as both a client and a server in terms of the available features.


    • #12
      Originally posted by zdzichu View Post
      Is that mean working SELinux for nfs-root computers? If so – hurray!
      NFS has had SELinux support for a while. You need to use NFSv4.2 and both client and server need to have labeled NFS support.

      On local Linux filesystems the interface used to set and get SELinux labels is xattrs, but the NFS protocol is different, it has dedicated protocol for security labels which doesn't depend on xattrs.

      As stated in the RFC: Xattrs are provided by a file system to associate opaque metadata, not interpreted by the file system

      In Linux terms, we're only adding support for "user." xattrs, not for any xattrs (SELinux labels, ACLs) that have special meaning to the system.


      • #13
        Originally posted by rleigh View Post
        Does anyone know if this will include full first-class support for NFSv4 ACLs in the Linux VFS like we already have on Solaris and FreeBSD?
        It won't. This is essentially *only* meant to support "user." xattrs, which are not interpreted by the system in any way. Security labels, ACLs, etc., are all a different question.

        And of course the NFSv4 protocol itself already has support for NFSv4 ACLs. What's missing is support for NFSv4 ACLs in local fileystems.

        As others say, there was a concerted attempt to support native NFSv4/Windows-like ACLs a few years ago. But VFS folks are skeptical of ACLs to start off with, and especially so of also supporting a second, much more complicated ACL model that's a bit alien to Linux.