* [Virtio-fs] multiple virtiofsd's + overlapping shared subtree -> enforced compatible xattr maps?
@ 2021-06-30 19:58 Harry G. Coin
2021-07-01 8:33 ` Dr. David Alan Gilbert
0 siblings, 1 reply; 4+ messages in thread
From: Harry G. Coin @ 2021-06-30 19:58 UTC (permalink / raw)
To: virtio-fs
If two or more instances of virtiofsd have a common full or partially
shared directory tree path -- how will those instances 'enforce' a
'compatible' xattr map lest the host+guest(s) have quite the selinux
attribute salad? How much does virtiofsd need to feel like nfsd...?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Virtio-fs] multiple virtiofsd's + overlapping shared subtree -> enforced compatible xattr maps?
2021-06-30 19:58 [Virtio-fs] multiple virtiofsd's + overlapping shared subtree -> enforced compatible xattr maps? Harry G. Coin
@ 2021-07-01 8:33 ` Dr. David Alan Gilbert
2021-07-01 15:02 ` Harry G. Coin
0 siblings, 1 reply; 4+ messages in thread
From: Dr. David Alan Gilbert @ 2021-07-01 8:33 UTC (permalink / raw)
To: Harry G. Coin; +Cc: virtio-fs
* Harry G. Coin (hgcoin@gmail.com) wrote:
> If two or more instances of virtiofsd have a common full or partially
> shared directory tree path -- how will those instances 'enforce' a
> 'compatible' xattr map lest the host+guest(s) have quite the selinux
> attribute salad?
Virtiofsd instances are independent; it's upto whatever runs the daemons
to pick the options in a sane way.
> How much does virtiofsd need to feel like nfsd...?
What does nfsd do for this?
Dave
>
>
>
>
>
>
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://listman.redhat.com/mailman/listinfo/virtio-fs
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Virtio-fs] multiple virtiofsd's + overlapping shared subtree -> enforced compatible xattr maps?
2021-07-01 8:33 ` Dr. David Alan Gilbert
@ 2021-07-01 15:02 ` Harry G. Coin
2021-07-01 15:31 ` Dr. David Alan Gilbert
0 siblings, 1 reply; 4+ messages in thread
From: Harry G. Coin @ 2021-07-01 15:02 UTC (permalink / raw)
To: Dr. David Alan Gilbert; +Cc: virtio-fs
On 7/1/21 3:33 AM, Dr. David Alan Gilbert wrote:
> * Harry G. Coin (hgcoin@gmail.com) wrote:
>> If two or more instances of virtiofsd have a common full or partially
>> shared directory tree path -- how will those instances 'enforce' a
>> 'compatible' xattr map lest the host+guest(s) have quite the selinux
>> attribute salad?
> Virtiofsd instances are independent; it's upto whatever runs the daemons
> to pick the options in a sane way.
While that's the current case, because the intention was to rely on the
underlying fs to manage contention among virtiofsds: the moment
xattrmaps happened virtiofsd entered the layer all network file system
daemons face. Roughly speaking: a shift from one process per client to
some IPC or threaded approach with a 'manager' process/thread that
coordinates 'compatible' xattrmaps, acl maps, 'root squashing' etc. etc..
>> How much does virtiofsd need to feel like nfsd...?
> What does nfsd do for this?
A couple attempts over the last decade, the most landed in 5.9:
https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.9-NFS-Server-User-Xattr
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Virtio-fs] multiple virtiofsd's + overlapping shared subtree -> enforced compatible xattr maps?
2021-07-01 15:02 ` Harry G. Coin
@ 2021-07-01 15:31 ` Dr. David Alan Gilbert
0 siblings, 0 replies; 4+ messages in thread
From: Dr. David Alan Gilbert @ 2021-07-01 15:31 UTC (permalink / raw)
To: Harry G. Coin; +Cc: virtio-fs
* Harry G. Coin (hgcoin@gmail.com) wrote:
>
> On 7/1/21 3:33 AM, Dr. David Alan Gilbert wrote:
> > * Harry G. Coin (hgcoin@gmail.com) wrote:
> >> If two or more instances of virtiofsd have a common full or partially
> >> shared directory tree path -- how will those instances 'enforce' a
> >> 'compatible' xattr map lest the host+guest(s) have quite the selinux
> >> attribute salad?
> > Virtiofsd instances are independent; it's upto whatever runs the daemons
> > to pick the options in a sane way.
>
> While that's the current case, because the intention was to rely on the
> underlying fs to manage contention among virtiofsds: the moment
> xattrmaps happened virtiofsd entered the layer all network file system
> daemons face. Roughly speaking: a shift from one process per client to
> some IPC or threaded approach with a 'manager' process/thread that
> coordinates 'compatible' xattrmaps, acl maps, 'root squashing' etc. etc..
I really want to stick with one process per client; it makes the
security a lot easier; you never have to worry about accidentally
leaking data between clients within the process.
Now, that doesn't mean you can't have some coordination up a layer -
i.e. something that starts all the qemu's and virtiofsd's (like libvirt
etc) but that chose sane mappings.
> >> How much does virtiofsd need to feel like nfsd...?
> > What does nfsd do for this?
>
> A couple attempts over the last decade, the most landed in 5.9:
> https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.9-NFS-Server-User-Xattr
So I saw that; but what I didn't see was a descriptionof what they
actually do with their xattr's; do the NFS servers just pass them
through or do they map?
Dave
>
>
>
>
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-07-01 15:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-30 19:58 [Virtio-fs] multiple virtiofsd's + overlapping shared subtree -> enforced compatible xattr maps? Harry G. Coin
2021-07-01 8:33 ` Dr. David Alan Gilbert
2021-07-01 15:02 ` Harry G. Coin
2021-07-01 15:31 ` Dr. David Alan Gilbert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.