All of lore.kernel.org
 help / color / mirror / Atom feed
* choice of 'namespace' for ACL's
@ 2013-07-19  8:52 Linda Walsh
  2013-07-19 22:39 ` Ben Myers
  0 siblings, 1 reply; 2+ messages in thread
From: Linda Walsh @ 2013-07-19  8:52 UTC (permalink / raw)
  To: Linux-Xfs




I was looking at the attr and it left me a bit puzzled.

(1) Of minor consideration, was the statement about 'values can be up
to 64KB'...  But there is no mention of how many names can be present
or if there is a cumulative maximum on the names or on the data.  I thought
I remembered there was, but all I found was limits on single datums.

(2) A more confusing issue was the bit describing XFS as having 2
disjoint attrib
namespaces, but later the selectors for the names spaces are given as
[none] = user, [R] = root, and [S] = Security -- making it sound like 3
disjoint
namespaces.  So, how many attrib namespaces are their, 2 or 3?

(3) Adding a bit more to pique my curiosity, I noticed that
file ACL's were in the root-namespace, not the security attribute namespace.
Wouldn't it make more sense if access control was considered a security
attrib?


Another point of confusion was on the attrib manpage where it says:
CAVEATS
       The list option present in the IRIX version of this command is
not sup‐
       ported.  getfattr provides a mechanism to retrieve all of the
attribute
       names.

(4) What does that mean?  i.e.:

when I use attr -l:

> attr -l openssh-6.1p1-hpn13v14.diff.gz
Attribute "DOSATTRIB" has a 56 byte value for openssh-6.1p1-hpn13v14.diff.gz
Attribute "SAMBA_PAI" has a 25 byte value for openssh-6.1p1-hpn13v14.diff.gz

or addint the -q switch with -l:

> attr -ql openssh-6.1p1-hpn13v14.diff.gz
DOSATTRIB
SAMBA_PAI
---
Does "not supported" mean that it is working by accident and may be
removed   ... because....[_________???______]? 

getfattr is suggested as a replacement, but
(5) how can it be used to list the lengths?  and
(6) how can it be used to list the Security or Root namespaces?

Sorry for all the Q's, but it seemed like there were some missing pieces...



_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: choice of 'namespace' for ACL's
  2013-07-19  8:52 choice of 'namespace' for ACL's Linda Walsh
@ 2013-07-19 22:39 ` Ben Myers
  0 siblings, 0 replies; 2+ messages in thread
From: Ben Myers @ 2013-07-19 22:39 UTC (permalink / raw)
  To: Linda Walsh; +Cc: Linux-Xfs, acl-devel

Hey Linda,

On Fri, Jul 19, 2013 at 01:52:47AM -0700, Linda Walsh wrote:
> I was looking at the attr and it left me a bit puzzled.
> 
> (1) Of minor consideration, was the statement about 'values can be up
> to 64KB'...  But there is no mention of how many names can be present
> or if there is a cumulative maximum on the names or on the data.  I thought
> I remembered there was, but all I found was limits on single datums.

IIRC there isn't an artificial cap on the number of entries, and the attribute
code is using similar structures as directories and block maps.  Normally data
are inline with the names, but with remote attributes the large ones will have
the data stored elsewhere..  So the answer is... many?

> (2) A more confusing issue was the bit describing XFS as having 2
> disjoint attrib
> namespaces, but later the selectors for the names spaces are given as
> [none] = user, [R] = root, and [S] = Security -- making it sound like 3
> disjoint
> namespaces.  So, how many attrib namespaces are their, 2 or 3?

There are three:  user, root/trusted, and security.

> (3) Adding a bit more to pique my curiosity, I noticed that
> file ACL's were in the root-namespace, not the security attribute namespace.
> Wouldn't it make more sense if access control was considered a security
> attrib?

The security namespace is being used by selinux.  I'm not clear on all of the
history how it came to be this way..  Maybe someone can pipe up and explain
that.

> Another point of confusion was on the attrib manpage where it says:
> CAVEATS
>        The list option present in the IRIX version of this command is
> not sup‐
>        ported.  getfattr provides a mechanism to retrieve all of the
> attribute
>        names.
> 
> (4) What does that mean?  i.e.:
> 
> when I use attr -l:
> 
> > attr -l openssh-6.1p1-hpn13v14.diff.gz
> Attribute "DOSATTRIB" has a 56 byte value for openssh-6.1p1-hpn13v14.diff.gz
> Attribute "SAMBA_PAI" has a 25 byte value for openssh-6.1p1-hpn13v14.diff.gz
> 
> or addint the -q switch with -l:
> 
> > attr -ql openssh-6.1p1-hpn13v14.diff.gz
> DOSATTRIB
> SAMBA_PAI

It sure seems like 'attr -l' is working for you.

> ---
> Does "not supported" mean that it is working by accident and may be
> removed   ... because....[_________???______]? 

It may be that the manpage is out of date?

> getfattr is suggested as a replacement, but
> (5) how can it be used to list the lengths?  and
> (6) how can it be used to list the Security or Root namespaces?
> 
> Sorry for all the Q's, but it seemed like there were some missing pieces...

Hmm.  Maybe try over on acl-devel@nongnu.org?

Regards,
	Ben

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-07-19 22:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-19  8:52 choice of 'namespace' for ACL's Linda Walsh
2013-07-19 22:39 ` Ben Myers

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.