From: Christian Schoenebeck <linux_oss@crudebyte.com>
To: asmadeus@codewreck.org, Eric Van Hensbergen <ericvh@kernel.org>
Cc: v9fs@lists.linux.dev, Greg Kurz <groug@kaod.org>
Subject: Re: cache fixes (redux)
Date: Thu, 04 Jan 2024 13:37:34 +0100 [thread overview]
Message-ID: <2900064.uouh5yoDIQ@silver> (raw)
In-Reply-To: <CAFkjPTnCoQXMaRXhFuzquZaKe7DFfzEEGi_Z8f7hA6Rn0wHtYA@mail.gmail.com>
On Wednesday, January 3, 2024 11:48:13 PM CET Eric Van Hensbergen wrote:
> One other thing I noticed when looking through the code (related to
> xattrs and acls) - it seems on create we are pre-populating client
> side ACLs -- this requires some extra protocol and steps it feels like
> we don't have to take. So I guess two thoughts:
> - shouldn't the server side be populating ACLs appropriately on create
> if the underlying file system supports them
To resume a discussion we recently had on this topic, i.e. relying on server
handling all permissions: ACLs are actually the line where it becomes
difficult to be handled solely by server on its own. Because AFAICS there is
nothing defined in the protocol to handle ACLs in the first place, instead
client sends xattr queries to 9p server to map ACLs as xattrs on server side:
$ getfattr foo
# file: foo
user.virtfs.gid
user.virtfs.mode
user.virtfs.system.posix_acl_access # <-- client encoded & managed
user.virtfs.system.posix_acl_default # <-- client encoded & managed
user.virtfs.uid
...
Now even if the protocol got extended to handle ACLs, it would still be
difficult for server to handle this task reliably; I am thinking of setups
where e.g. guest runs in an Active Directory domain, LDAP, PAM modules, and
what not (all on guest side that is). A huge bunch of information server would
simply not have and a user would need to duplicate as a setup on host side
(not a good idea for security reasons).
So in short: simple Unix permissions, sure, but anything beyond that, I don't
think so.
> - if this isn't the case it feels like we might be able to get away
> with a slightly reduced approach of walking to the new fid and sending
> the appropriate setacl proto messages and then rely on the inode
> refresh to fill the cache (if the cache is enabled
>
> A bunch of this has come up unwinding complexity in where we are
> "creating inodes" versus using iget with optional create. I think
> everything needs to use the latter so things show up in the hash
> appropriately.
>
> -eric
>
next prev parent reply other threads:[~2024-01-04 12:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-26 16:13 cache fixes (redux) Eric Van Hensbergen
2023-12-27 8:10 ` Dominique Martinet
2023-12-27 18:07 ` Eric Van Hensbergen
[not found] ` <CAFkjPT=8CZHATaraBrqAZGDKjQLOp=U1gdgteJ5jpXRGJyBojQ@mail.gmail.com>
2023-12-28 0:32 ` Dominique Martinet
2023-12-28 10:44 ` Christian Schoenebeck
2023-12-28 15:07 ` Eric Van Hensbergen
2023-12-28 21:48 ` asmadeus
2023-12-29 12:22 ` Christian Schoenebeck
2023-12-29 12:50 ` asmadeus
2023-12-29 16:16 ` Eric Van Hensbergen
2023-12-29 16:06 ` Eric Van Hensbergen
2023-12-29 15:50 ` Eric Van Hensbergen
2024-01-03 18:09 ` cache fixes (redux) (a tale of many inode numbers...) Eric Van Hensbergen
2024-01-03 20:24 ` cache fixes (redux) asmadeus
[not found] ` <CAFkjPT=61yygntbhSJMMWeK4JBrm85EZpz387aPHD_xmHVBbog@mail.gmail.com>
2024-01-03 22:42 ` Fwd: " Eric Van Hensbergen
2024-01-03 22:48 ` Eric Van Hensbergen
2024-01-04 12:37 ` Christian Schoenebeck [this message]
2024-01-04 15:59 ` Eric Van Hensbergen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2900064.uouh5yoDIQ@silver \
--to=linux_oss@crudebyte.com \
--cc=asmadeus@codewreck.org \
--cc=ericvh@kernel.org \
--cc=groug@kaod.org \
--cc=v9fs@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox