From: Dave Chinner <david@fromorbit.com>
To: "Darrick J. Wong" <djwong@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>,
linux-xfs@vger.kernel.org, cem@kernel.org
Subject: Re: [RFC] xfs: opting in or out of online repair
Date: Fri, 26 Jul 2024 11:15:23 +1000 [thread overview]
Message-ID: <ZqL4q/NikzqbRIUq@dread.disaster.area> (raw)
In-Reply-To: <20240726004154.GD612460@frogsfrogsfrogs>
On Thu, Jul 25, 2024 at 05:41:54PM -0700, Darrick J. Wong wrote:
> On Fri, Jul 26, 2024 at 08:33:02AM +1000, Dave Chinner wrote:
> > On Thu, Jul 25, 2024 at 04:14:13PM +0200, Christoph Hellwig wrote:
> > > On Thu, Jul 25, 2024 at 12:05:26PM +1000, Dave Chinner wrote:
> > > > Maybe I'm missing something important - this doesn't feel like
> > > > on-disk format stuff. Why would having online repair enabled make
> > > > the fileystem unmountable on older kernels?
> > >
> > > Yes, that's the downside of the feature flag.
> > >
> > > > Hmmm. Could this be implemented with an xattr on the root inode
> > > > that says "self healing allowed"?
> > >
> > > The annoying thing about stuff in the public file system namespace
> > > is that chowning the root of a file system to a random user isn't
> > > that uncommon, an that would give that user more privileges than
> > > intended. So it could not hust be a normal xattr but would have
> > > to be a privileged one,
> >
> >
> > I'm not sure I understand what the problem is. We have a generic
> > xattr namespace for this sort of userspace sysadmin info already.
> >
> > $ man 7 xattr
> > ....
> > Trusted extended attributes
> > Trusted extended attributes are visible and accessible only
> > to processes that have the CAP_SYS_ADMIN capability.
> > Attributes in this class are used to implement mechanisms
> > in user space (i.e., outside the kernel) which keep
> > information in extended attributes to which ordinary
> > processes should not have access.
> >
> > > and with my VFS hat on I'd really like
> > > to avoid creating all these toally overloaded random non-user
> > > namespace xattrs that are a complete mess.
> >
> > There's no need to create a new xattr namespace at all here.
> > Userspace could manipulate a trusted.xfs.self_healing xattr to do
> > exactly what we need. It's automatically protected by
> > CAP_SYS_ADMIN in the init namespace, hence it provides all the
> > requirements that have been presented so far...
>
> <nod> Ok, how about an ATTR_ROOT xattr "xfs.self_healing" that can be
> one of "none", "check", or "repair". No xattr means "check".
Sounds good to me.
-Dave.
--
Dave Chinner
david@fromorbit.com
next prev parent reply other threads:[~2024-07-26 1:15 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-24 21:38 [RFC] xfs: opting in or out of online repair Darrick J. Wong
2024-07-25 2:05 ` Dave Chinner
2024-07-25 14:14 ` Christoph Hellwig
2024-07-25 22:33 ` Dave Chinner
2024-07-26 0:41 ` Darrick J. Wong
2024-07-26 1:15 ` Dave Chinner [this message]
2024-07-26 13:59 ` Christoph Hellwig
2024-07-26 15:15 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqL4q/NikzqbRIUq@dread.disaster.area \
--to=david@fromorbit.com \
--cc=cem@kernel.org \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox