Re: [PATCH 0/6][v4][RFC] NFSv3: implement extended attribute protocol (XATTR)

[Casey Schaufler <casey@schaufler-ca.com>]

Jamie Lokier wrote:
> Casey Schaufler wrote:
>   
>> Jamie Lokier wrote:
>>     
>>> Casey Schaufler wrote:
>>>   
>>>       
>>>> Jamie Lokier wrote:
>>>>     
>>>>         
>>>>> Brad Boyer wrote:
>>>>>   
>>>>>       
>>>>>           
>>>>>> On Mon, Mar 08, 2010 at 09:49:27PM -0800, Casey Schaufler wrote:
>>>>>>     
>>>>>>         
>>>>>>             
>>>>>>> Another is to NFS mount the filesystem back on to the server,
>>>>>>> in which case James' scheme works just dandy. It's a trick that
>>>>>>> I've used more than once in the Unix world for this exact purpose.
>>>>>>> Of course you have to arrange your mount points in advance with
>>>>>>> malice aforethought, but that's likely something you're used to
>>>>>>> by now.
>>>>>>>       
>>>>>>>           
>>>>>>>               
>>>>>> That would definitely work, but it's not ideal. Obviously if it's
>>>>>> being accessed over NFS in one place it probably good enough
>>>>>> everywhere, but it's overhead that could be eliminated.
>>>>>>     
>>>>>>         
>>>>>>             
>>>>> As a real example:
>>>>>
>>>>> Each user has a PC with their own home directory being local, fast
>>>>> storage, but /home is filled with NFS auto-mounts to everyone else's
>>>>> home directories, on their individual PCs.  The auto-mount map has an
>>>>> exception, so the local user's home directory is a symlink to the
>>>>> local storage, instead of an NFS mount.
>>>>>
>>>>> A scheme like that works very well for occasional access to other
>>>>> peoples files, and for logging to each other's machines transparently,
>>>>> yet having fast performance for their own files when using their local
>>>>> machine.
>>>>>
>>>>> In an environment where I've used that, forcing local access to go
>>>>> over local NFS would have destroyed performance for things like big
>>>>> compiles, running find, git, grep etc. that people do on their own
>>>>> directories.
>>>>>
>>>>>   
>>>>>       
>>>>>           
>>>> Sure. The original objection can be readily addressed. There are
>>>> performance implications. Just like you'd have if the home directories
>>>> resided on a storage appliance. Some people pick security for the
>>>> masses over performance for the few. Some the other way round.
>>>> It's not an issue for people who want labeled NFS3 badly enough
>>>> to install it.
>>>>     
>>>>         
>>> It seems in this case, the performance implications are totally unnecassary.
>>>
>>> Why not a mount option for the xattr name translation?
>>>
>>>   
>>>       
>> As much as we might like it to be otherwise, an NFS mounted
>> filesystem behaves differently from an ext3 local filesystem.
>> To get consistent behavior the same mechanism needs to be used
>> for all of the machines on which the data is accessed. That
>> means using NFS everywhere because you can't use the local
>> filesystem in multiple places. Usually the variations can be
>> ignored, but there are cases where it matters.
>>     
>
> Sure - but is this case one of them?

Well, that's the debate. If James' NFS3 labeling uses a different
namespace for the label attribute it could very well result in a
difference in behavior. Look at "ls -Z", which reports the value
of a specific attribute.

>   If so, what's the difference?
>
> Sometimes a 10x performance improvement(*) is preferred over rigidly
> consistent behaviour, if the differences don't matter.  Besides, if
> something is working over NFS, it almost certainly works locally.
> Problems only tend to occur the other way around.
>
> I've never yet had a problem running the combination of local mount
> locally and NFS mount remotely on the same filesystem.  This change
> seems to be creating a problem where there wasn't one before - unless
> I'm missing something.
>   

You're missing something. Privilege semantics are different. The
behavior of unlinked files is different. Locking is different. You
are correct that in most cases it does not matter. We're not talking
about the common case, we're talking about using xattrs to store
information that is used to make security decisions. It is quite
difficult to make security claims when an object can be accessed
under two different sets of semantics.


> (*) Measured during big "makes".
>
> -- Jamie
>
>
>