Announcement

Collapse
No announcement yet.

User Xattr Support Finally Landing For NFS In Linux 5.9

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • bfields
    replied
    Originally posted by rleigh View Post
    Does anyone know if this will include full first-class support for NFSv4 ACLs in the Linux VFS like we already have on Solaris and FreeBSD?
    It won't. This is essentially *only* meant to support "user." xattrs, which are not interpreted by the system in any way. Security labels, ACLs, etc., are all a different question.

    And of course the NFSv4 protocol itself already has support for NFSv4 ACLs. What's missing is support for NFSv4 ACLs in local fileystems.

    As others say, there was a concerted attempt to support native NFSv4/Windows-like ACLs a few years ago. But VFS folks are skeptical of ACLs to start off with, and especially so of also supporting a second, much more complicated ACL model that's a bit alien to Linux.

    Leave a comment:


  • bfields
    replied
    Originally posted by zdzichu View Post
    Is that mean working SELinux for nfs-root computers? If so – hurray!
    NFS has had SELinux support for a while. You need to use NFSv4.2 and both client and server need to have labeled NFS support.

    On local Linux filesystems the interface used to set and get SELinux labels is xattrs, but the NFS protocol is different, it has dedicated protocol for security labels which doesn't depend on xattrs.

    As stated in the RFC: Xattrs are provided by a file system to associate opaque metadata, not interpreted by the file system

    In Linux terms, we're only adding support for "user." xattrs, not for any xattrs (SELinux labels, ACLs) that have special meaning to the system.

    Leave a comment:


  • rleigh
    replied
    Originally posted by jabl View Post

    AFAICT, no. There has been a patch to add the required functionality to the Linux VFS for ages called richacls, https://www.kernel.org/doc/ols/2010/...ages-19-32.pdf , but the Linux VFS maintainer apparently hates the idea of ACL's in general so the project has never been merged.
    I remember reading this at the time. Shame there has been no progress made on this since. I was aware that the VFS maintainer didn't like them. However, now we have full support for them in other systems, it is now an interoperability burden and Linux is all the poorer for not having them.

    If I export a ZFS filesystem from FreeBSD to Windows over CIFS, or other Unix systems over NFSv4, they all have the full permissions model available. Except Linux. It makes Linux a second-class system as both a client and a server in terms of the available features.

    Leave a comment:


  • rleigh
    replied
    Originally posted by Hibiki Kanzaki View Post
    I agree, however since the idea of embedding metadata into the file has been so pervasive and ubiquitous for so long, I guess these features won't be nearly as big a game-changer as they could have been if they'd been adopted back in the day of ye olde "resource fork".
    Absolutely agreed. I was surprised right from the start that there was never a concerted push to get XATTR support enabled by default in all Linux distributions. I just checked with Linux 5.7 and XATTRs are enabled by default now on filesystems which expose that as a configuration option, but for a long time that was off by default. Looks like ext4 has it on by default and no option to disable? I'm not sure when the defaults switched, but it took too long to get to this point.

    The result of not being able to guarantee that XATTR support was available has meant that no developer could ever make real use of it, which is a real shame. Every application has always had to have a fallback, and in practice most just used the fallback and never bothered with XATTRs.

    Leave a comment:


  • jabl
    replied
    Originally posted by rleigh View Post
    Does anyone know if this will include full first-class support for NFSv4 ACLs in the Linux VFS like we already have on Solaris and FreeBSD?
    AFAICT, no. There has been a patch to add the required functionality to the Linux VFS for ages called richacls, https://www.kernel.org/doc/ols/2010/...ages-19-32.pdf , but the Linux VFS maintainer apparently hates the idea of ACL's in general so the project has never been merged.

    Leave a comment:


  • Hibiki Kanzaki
    replied
    Originally posted by rleigh View Post
    If this is comprehensive and pervasive, it will be a game changer.
    I agree, however since the idea of embedding metadata into the file has been so pervasive and ubiquitous for so long, I guess these features won't be nearly as big a game-changer as they could have been if they'd been adopted back in the day of ye olde "resource fork". But then again FTP had separate control and data channels, and that protocol essentially got tossed. I would also want the attributes to be robustly supported by zip and gzip and any other common kinds of archive files.

    Leave a comment:


  • zxy_thf
    replied
    Just can't stop dreaming of having a NFS Server and another Diskless workstation connected with RDMA over USB4!

    Leave a comment:


  • MadeUpName
    replied
    Originally posted by rleigh View Post
    Does anyone know if this will include full first-class support for NFSv4 ACLs
    That's what I am looking for and it would be awesome.

    Leave a comment:


  • rleigh
    replied
    Originally posted by emblemparade View Post
    I've been wanting this for years!
    Likewise. It's been a major functionality gap.

    Does anyone know if this will include full first-class support for NFSv4 ACLs in the Linux VFS like we already have on Solaris and FreeBSD? Will we also expect to see the same support in native ZFS mounts? How about ZFS mounts over NFSv4 or CIFS? Likewise for exports to other systems?

    If this is comprehensive and pervasive, it will be a game changer. Right now, you have to use ZFS on FreeBSD to get all these goodies, and Linux doesn't see or use any of them. It really surprises me just how backward Linux has been here; this stuff is all over 15 years old at this point, and long available in other systems working perfectly.
    Last edited by rleigh; 08-10-2020, 03:53 PM.

    Leave a comment:


  • rene
    replied
    maybe the author should have plumbed that some decade ago then? ,-)

    Leave a comment:

Working...
X