From: Jan Kara <jack@suse.cz>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Jan Kara <jack@suse.cz>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Dave Chinner <david@fromorbit.com>
Subject: Re: thoughts about fanotify and HSM
Date: Wed, 12 Oct 2022 17:44:02 +0200 [thread overview]
Message-ID: <20221012154402.h5al3junehejsv24@quack3> (raw)
In-Reply-To: <CAOQ4uxjAn50Z03SysRT0v8AVmtvDHpFUMG6_TYCCX_L9zBD+fg@mail.gmail.com>
Hi Amir!
On Fri 07-10-22 16:58:21, Amir Goldstein wrote:
> > > The other use case of automatic inode marks I was thinking about,
> > > which are even more relevant for $SUBJECT is this:
> > > When instantiating a dentry with an inode that has xattr
> > > "security.fanotify.mask" (a.k.a. persistent inode mark), an inode
> > > mark could be auto created and attached to a group with a special sb
> > > mark (we can limit a single special mark per sb).
> > > This could be implemented similar to get_acl(), where i_fsnotify_mask
> > > is always initialized with a special value (i.e. FS_UNINITIALIZED)
> > > which is set to either 0 or non-zero if "security.fanotify.mask" exists.
> > >
> > > The details of how such an API would look like are very unclear to me,
> > > so I will try to focus on the recursive auto inode mark idea.
> >
> > Yeah, although initializing fanotify marks based on xattrs does not look
> > completely crazy I can see a lot of open questions there so I think
> > automatic inode mark idea has more chances for success at this point :).
>
> I realized that there is one sort of "persistent mark" who raises
> less questions - one that only has an ignore mask.
>
> ignore masks can have a "static" namespace that is not bound to any
> specific group, but rather a set of groups that join this namespace.
>
> I played with this idea and wrote some patches:
> https://github.com/amir73il/linux/commits/fan_xattr_ignore_mask
I have glanced over the patches. In general the idea looks OK to me but I
have some concerns:
1) Technically, it may be challenging to call into filesystem xattr
handling code on first event generated by the inode - that may generate
some unexpected lock recursion for some filesystems and some events which
trigger the initialization...
2) What if you set the xattr while the group is already listening to
events? Currently the change will get ignored, won't it? But I guess this
could be handled by clearing the "cached" flag when the xattr is set.
3) What if multiple applications want to use the persistent mark
functionality? I think we need some way to associate a particular
fanotify group with a particular subset of fanotify xattrs so that
coexistence of multiple applications is possible...
Honza
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2022-10-12 15:44 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-11 18:12 thoughts about fanotify and HSM Amir Goldstein
2022-09-12 12:57 ` Jan Kara
2022-09-12 16:38 ` Amir Goldstein
[not found] ` <BY5PR07MB652953061D3A2243F66F0798A3449@BY5PR07MB6529.namprd07.prod.outlook.com>
2022-09-13 2:41 ` Amir Goldstein
2022-09-14 7:27 ` Amir Goldstein
2022-09-14 10:30 ` Jan Kara
2022-09-14 11:52 ` Amir Goldstein
2022-09-20 18:19 ` Amir Goldstein
2022-09-22 10:48 ` Jan Kara
2022-09-22 13:03 ` Amir Goldstein
2022-09-26 15:27 ` Jan Kara
2022-09-28 12:29 ` Amir Goldstein
2022-09-29 10:01 ` Jan Kara
2022-10-07 13:58 ` Amir Goldstein
2022-10-12 15:44 ` Jan Kara [this message]
2022-10-12 16:28 ` Amir Goldstein
2022-10-13 12:16 ` Amir Goldstein
2022-11-03 12:57 ` Jan Kara
2022-11-03 13:38 ` Amir Goldstein
2022-10-28 12:50 ` Amir Goldstein
2022-11-03 16:30 ` Jan Kara
2022-11-04 8:17 ` Amir Goldstein
2022-11-07 11:10 ` Jan Kara
2022-11-07 14:13 ` Amir Goldstein
2022-11-14 19:17 ` Jan Kara
2022-11-14 20:08 ` Amir Goldstein
2022-11-15 10:16 ` Jan Kara
2022-11-15 13:08 ` Amir Goldstein
2022-11-16 10:56 ` Jan Kara
2022-11-16 16:24 ` Amir Goldstein
2022-11-17 12:38 ` Amir Goldstein
2022-11-23 10:49 ` Jan Kara
2022-11-23 13:07 ` Amir Goldstein
2022-11-21 16:40 ` Amir Goldstein
2022-11-23 12:11 ` Jan Kara
2022-11-23 13:30 ` Amir Goldstein
2022-11-23 10:10 ` Jan Kara
2022-11-23 15:16 ` Amir Goldstein
[not found] ` <BY5PR07MB6529795F49FB4E923AFCB062A3449@BY5PR07MB6529.namprd07.prod.outlook.com>
2022-09-14 9:29 ` Jan Kara
2022-09-21 23:27 ` Dave Chinner
2022-09-22 4:35 ` Amir Goldstein
2022-09-23 7:57 ` Dave Chinner
2022-09-23 11:22 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221012154402.h5al3junehejsv24@quack3 \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=david@fromorbit.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.