Add native NFSv4 style ZFS ACL support for Linux #206
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
usaleem-ix
force-pushed
the
nfsacl
branch
3 times, most recently
from
c4d58bd
to
6506cf6
Compare
amotin
reviewed
Jan 25, 2024
| } | ||
|
|
||
| cr = CRED(); | ||
| crhold(cr); |
There was a problem hiding this comment.
As I can see, in most (all?) cases where ZFS on Linux calls crhold() before calling some ZFS functions it also calls spl_fstrans_mark() to prevent recursion on memory allocation, leading to deadlock, like this: openzfs#15786 . I seems related to MAY_NOT_BLOCK check above, but I wonder if one covers it completely, or there are cases here when recursion is still not desired.
amotin
reviewed
Jan 26, 2024
module/os/linux/zfs/zpl_xattr.c
Outdated
Comment on lines
1602
to
1605
| #define ACES_TO_XDRSIZE(x) (XDRBASE + (x * ACE4SIZE)) | ||
| #define XDRSIZE_TO_ACES(x) ((x - XDRBASE) / ACE4SIZE) | ||
| #define XDRSIZE_IS_VALID(x) ((x >= XDRBASE) && \ | ||
| (((x - XDRBASE) % ACE4SIZE) == 0)) |
There was a problem hiding this comment.
Good practice is to take "x" on the right side into parentheses in case there sill be a complex expression.
amotin
reviewed
Jan 26, 2024
amotin
reviewed
Jan 26, 2024
There was a problem hiding this comment.
Do I understand it right that libzfsacl and libsunacl are packaged into python3-libzfsacl-*? Wouldn't it have sense for them to be independent for use by Samba and possibly other apps, and second package depending on one providing python bindings for those who need them?
This implements NFSv41 (RFC 5661) ACLs in a manner compatible with vfs_nfs4acl_xattr in Samba. There are three key areas of change in this commit: 1) NFSv4 ACL management through system.nfs4_acl_xdr xattr. Install an xattr handler for "system.nfs4_acl_xdr" that presents an xattr containing full NFSv41 ACL structures generated through rpcgen using specification from the Samba project. This xattr is used by userspace programs to read and set permissions. 2) add an i_op->permissions endpoint: zpl_permissions(). This is used by the VFS in Linux to determine whether to allow / deny an operation. Wherever possible, we try to avoid having to call zfs_access(). If kernel has NFSv4 patch for VFS, then perform more complete check of avaiable access mask. 3) add capability-based overrides to secpolicy_vnode_access2(). There are various situations in which ACL may need to be overridden based on capabilities. This logic is almost directly copied from Linux VFS. Switch to using ns-aware checks rather than capable(). Expand optimization allow bypass of zfs_zaccess() in case of trivial ACL if MAY_OPEN is included in requested mask. This is commit was initially inspired by work from Paul B. Henson to implement NFSv4.0 (RFC3530) ACLs in ZFS on Linux. Key areas of divergence are as follows: - ACL specification, xattr format, xattr name - Addition of handling for NFSv4 masks from Linux VFS - Addition of ACL overrides based on capabilities Authored-by: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
Adds ability for xattr handler to "strip" NFSv4.1 ACLs. Since there is no libc equivalent of strip operation in Linux for NFSv4 ACLs, as there are in POSIX ACLs and on FreeBSD, this commit handles the operation entirely in ZFS. Expose ACL_IS_TRIVIAL and ACL_IS_DIR flags as ACL-wide flags in the system.nfs4_acl_xdr generated on getxattr requests. This are non-RFC flags that are useful for userspace applications. ACL_IS_TRIVIAL helps to avoid relatively expensive ACL-related operations. Advertise support for large xattrs. SB_LARGEXATTR is used to indicate to the kernel that the filesystem supports large-size xattrs greater than 64KiB. This flag is used to evaluate whether to allow large xattr read or write requests (up to 2 MiB). Force BSD semantics for group ownership if NFSV4ACL. Since there is no hard-and-fast rule about creation semantics for NFSv4 ACLs on Linux, opt for what is least likely to break users permissions on change from FreeBSD to Linux. Improves zpl_permission performance. This function can be frequently called with MAY_EXEC|MAY_NOT_BLOCK during RCU path walk. Authored-by: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
MS-FSCC 2.6 specifies that for a file, applications can read the file but cannot write to it or delete it. For a directory, applications cannot delete it, but applications can create and delete files from the directory. This commit also fixes a bug whereby owner@ ACL that limits WRITE_DATA access for the owner of a file was not being properly enforced. The owner of a file should be prevented from write access in this case, but being owner of file should still allow the file owner to chmod, chown, and setacl. Authored-by: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
This commit adds common ACL libraries, libzfsacl for Linux and FreeBSD to provide helper functions to access ACLs. On Linux, libsunacl provides acl() and facl() to be consumed by vfs_zfsacl.c in Samba. libpyzfsacl.c provides python bindings for libzfsacl. Python bindings are packaged in python3-libzfsacl. A new package is added for libzfsacl and libsunacl. Authored-by: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
This commit adds zfs_getnfs4facl and zfs_setnfs4facl. zfs_getnfs4facl will display the NFSv4 ACLs for a file or directory on a ZFS filesystem with acltype set to nfsv4 that exposes NFSv4 ACLs as a system.nfs4_acl_xdr xattr. zfs_setnfs4facl manipulates the NFSv4 ACLs of one or more files or directories, on a ZFS filesystem with acltype set to nfsv4. Both scripts provide output compatible with getfacl and setfacl on FreeBSD, and provides support for viewing and managing ACL features present in the NFSv4.1. Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
This commit adds test suite for NFSv4.1 ACLS. The test suite uses libzfsacl python bindings to validate functionality of NFS ACLs. The test suite validates the basic behavior of ACLs by verifying default ACEs and then moves to testing all the flags and permissions for deny and allow permissions. Test suite also verifies that allow ACEs don't work without setting the specific permission flag, i.e. to perform an operation, it's permission is required. Similarly, test suite also verifies that allow ACE for a specific permission only allows that perticular permission and user does not have access to other permissions. Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
Thanks, Updated. |
This is a better approach. I have created a separate package for libzfsacl and libsunacl as libzfsacl1. Python bindings remain in python3-libzfsacl package. |
|
libzfsacl1 is an odd name. |
13 tasks
|
@anodos325 ping. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation and Context
So far, ZFS on Linux does not support NFSv4 style native ZFS ACLs. ZFS on Linux has implemented POSIX ACL type. The ACL types are not interchangeable, so existing pools cannot be used across different platforms without loss of ACLs.
See also: openzfs#13186 and openzfs#9709
The purpose of this PR is to get all the changes reviewed internally once before posting a PR upstream.
Description
This PR adds support for NFSv4.1 style native ZFS ACLs for ZFS on Linux through xattr.
A new xattr
sysem.nfs4_acl_xdris added, that is used to store NFSv4.1 ACL structures. Anew inode operations endpoint is added aszpl_permssions(), that is used by VFS in Linux to determine whether to allow/deny an operation. There are certain situations where ACL may need to be overridden based on capabilities. This is handled insecpolicy_vnode_access2()and the logic is almost directly copied from Linux VFS.The PR contains all the improvements and fixes after initial implementation for NFSv4.1 ACLs for TrueNAS SCALE:
ACL_IS_TRIVIALandACL_IS_DIRare exposed.zpl_permission().This PR also adds a common library,
libzfsacl, for Linux and FreeBSD for accessing and manipulating NFSv4 style ACLs.libpyzfsaclprovides python bindings forlibzfsacl. Python bindings are used to write Get (zfs_getnfs4facl) / Set (zfs_setnfs4facl) tools for NFSv4.1 ACLs.libsunaclprovides an interface for Samba to accessacl()andfacl()forvfs_zfsacl.cin Samba.Since, Linux kernel does not support NFSv4 style ACLs, there are some limitations:
PERM_READ_ATTRIBUTESis currently not implemented for Linux. It does not have any equivalent in POSIX ACLs as well.PERM_WRITE_OWNERis not supported without patching the Linux kernel.For RPM/DEB packaging,
zfs_getnfs4faclandzfs_setnfs4faclare packaged inzfspackage. Forlibzfsacl,libsunacl, python bindings and test suite, a new packagepython3-libzfsaclis created.For native Debian packaging,
zfs_getnfs4faclandzfs_setnfs4faclare packaged inopenzfs-zfsutilspackage. Forlibzfsacl,libsunacl, python bindings and test suite, a new packageopenzfs-python3-libzfsaclis created.Further details can be found in individual commit messages.
How Has This Been Tested?
The test suite
zfsacltestsuses python bindings forlibzfsaclfor verifying the behavior of NFSv4.1 ACLs. The test suite tries to cover almost all aspects of the NFSv4.1 ACLs.ALLOWandDENY.Types of changes
Checklist:
Signed-off-by.