-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add native NFSv4 style ZFS ACL support for Linux #16967
Open
usaleem-ix
wants to merge
5
commits into
openzfs:master
Choose a base branch
from
truenas:nfsacl-1
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amotin
reviewed
Jan 21, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few comments on the kernel side:
13 tasks
This implements NFSv41 (RFC 5661) ACLs in a manner compatible with vfs_nfs4acl_xattr in Samba. There are three key areas of change in this commit: 1) NFSv4 ACL management through system.nfs4_acl_xdr xattr. Install an xattr handler for "system.nfs4_acl_xdr" that presents an xattr containing full NFSv41 ACL structures generated through rpcgen using specification from the Samba project. This xattr is used by userspace programs to read and set permissions. 2) add an i_op->permissions endpoint: zpl_permissions(). This is used by the VFS in Linux to determine whether to allow / deny an operation. Wherever possible, we try to avoid having to call zfs_access(). If kernel has NFSv4 patch for VFS, then perform more complete check of avaiable access mask. 3) add capability-based overrides to secpolicy_vnode_access2(). There are various situations in which ACL may need to be overridden based on capabilities. This logic is almost directly copied from Linux VFS. Switch to using ns-aware checks rather than capable(). Expand optimization allow bypass of zfs_zaccess() in case of trivial ACL if MAY_OPEN is included in requested mask. This is commit was initially inspired by work from Paul B. Henson to implement NFSv4.0 (RFC3530) ACLs in ZFS on Linux. Key areas of divergence are as follows: - ACL specification, xattr format, xattr name - Addition of handling for NFSv4 masks from Linux VFS - Addition of ACL overrides based on capabilities Authored-by: Andrew Walker <[email protected]> Signed-off-by: Umer Saleem <[email protected]>
Adds ability for xattr handler to "strip" NFSv4.1 ACLs. Since there is no libc equivalent of strip operation in Linux for NFSv4 ACLs, as there are in POSIX ACLs and on FreeBSD, this commit handles the operation entirely in ZFS. Expose ACL_IS_TRIVIAL and ACL_IS_DIR flags as ACL-wide flags in the system.nfs4_acl_xdr generated on getxattr requests. This are non-RFC flags that are useful for userspace applications. ACL_IS_TRIVIAL helps to avoid relatively expensive ACL-related operations. Advertise support for large xattrs. SB_LARGEXATTR is used to indicate to the kernel that the filesystem supports large-size xattrs greater than 64KiB. This flag is used to evaluate whether to allow large xattr read or write requests (up to 2 MiB). Force BSD semantics for group ownership if NFSV4ACL. Since there is no hard-and-fast rule about creation semantics for NFSv4 ACLs on Linux, opt for what is least likely to break users permissions on change from FreeBSD to Linux. Improves zpl_permission performance. This function can be frequently called with MAY_EXEC|MAY_NOT_BLOCK during RCU path walk. Authored-by: Andrew Walker <[email protected]> Signed-off-by: Umer Saleem <[email protected]>
This commit adds common ACL libraries, libzfsacl for Linux and FreeBSD to provide helper functions to access ACLs. On Linux, libsunacl provides acl() and facl() to be consumed by vfs_zfsacl.c in Samba. libpyzfsacl.c provides python bindings for libzfsacl. Python bindings are packaged in python3-libzfsacl. A new package is added for libzfsacl and libsunacl. Authored-by: Andrew Walker <[email protected]> Signed-off-by: Umer Saleem <[email protected]>
This commit adds zfs_getnfs4facl and zfs_setnfs4facl. zfs_getnfs4facl will display the NFSv4 ACLs for a file or directory on a ZFS filesystem with acltype set to nfsv4 that exposes NFSv4 ACLs as a system.nfs4_acl_xdr xattr. zfs_setnfs4facl manipulates the NFSv4 ACLs of one or more files or directories, on a ZFS filesystem with acltype set to nfsv4. Both scripts provide output compatible with getfacl and setfacl on FreeBSD, and provides support for viewing and managing ACL features present in the NFSv4.1. Signed-off-by: Umer Saleem <[email protected]>
This commit adds test suite for NFSv4.1 ACLS. The test suite uses libzfsacl python bindings to validate functionality of NFS ACLs. The test suite validates the basic behavior of ACLs by verifying default ACEs and then moves to testing all the flags and permissions for deny and allow permissions. Test suite also verifies that allow ACEs don't work without setting the specific permission flag, i.e. to perform an operation, it's permission is required. Similarly, test suite also verifies that allow ACE for a specific permission only allows that perticular permission and user does not have access to other permissions. Signed-off-by: Umer Saleem <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation and Context
So far, ZFS on Linux does not support NFSv4 style native ZFS ACLs. ZFS on Linux has implemented POSIX ACL type. The ACL types are not interchangeable, so existing pools cannot be used across different platforms without loss of ACLs.
See also: #13186 and #9709
Description
This PR adds support for NFSv4.1 style native ZFS ACLs for ZFS on Linux through xattr.
A new xattr
sysem.nfs4_acl_xdr
is added, that is used to store NFSv4.1 ACL structures. A new inode operations endpoint is added aszpl_permssions()
, that is used by VFS in Linux to determine whether to allow/deny an operation. There are certain situations where ACL may need to be overridden based on capabilities. This is handled insecpolicy_vnode_access2()
and the logic is almost directly copied from Linux VFS.The PR contains all the improvements and fixes after initial implementation for NFSv4.1 ACLs:
ACL_IS_TRIVIAL
andACL_IS_DIR
are exposed.zpl_permission()
.This PR also adds a common library,
libzfsacl
, for Linux and FreeBSD for accessing and manipulating NFSv4 style ACLs.libpyzfsacl
provides python bindings forlibzfsacl
. Python bindings are used to write Get (zfs_getnfs4facl
) / Set (zfs_setnfs4facl
) tools for NFSv4.1 ACLs.libsunacl
provides an interface for Samba to accessacl()
andfacl()
forvfs_zfsacl.c
in Samba.Since, Linux kernel does not support NFSv4 style ACLs, there are some limitations:
PERM_READ_ATTRIBUTES
is currently not implemented for Linux. It does not have any equivalent in POSIX ACLs as well.PERM_WRITE_OWNER
is not supported without patching the Linux kernel.For RPM/DEB packaging,
zfs_getnfs4facl
andzfs_setnfs4facl
are packaged inzfs
package. Forlibzfsacl
,libsunacl
, python bindings and test suite, a new packagepython3-libzfsacl
is created.For native Debian packaging,
zfs_getnfs4facl
andzfs_setnfs4facl
are packaged inopenzfs-zfsutils
package. Forlibzfsacl
,libsunacl
, python bindings and test suite, a new packageopenzfs-python3-libzfsacl
is created.Further details can be found in individual commit messages.
How Has This Been Tested?
The test suite
zfsacltests
uses python bindings forlibzfsacl
for verifying the behavior of NFSv4.1 ACLs. The test suite tries to cover almost all aspects of the NFSv4.1 ACLs.ALLOW
andDENY
.Types of changes
Checklist:
Signed-off-by
.