mbox series

[v4,0/3] virtiofsd: Add support to enable/disable posix acls

Message ID 20210224165837.21983-1-vgoyal@redhat.com (mailing list archive)
Headers show
Series virtiofsd: Add support to enable/disable posix acls | expand

Message

Vivek Goyal Feb. 24, 2021, 4:58 p.m. UTC
Hi,

This is V4 of patches.

In V3 I enabled posix_acl by default. Then I tested with cache=none and
a simple "cat foo.txt" results in two extra GETXATTR(system.posix_acl)
calls. (Note, this happens only if caller is not owner of file). And
this happens on every call of "cat foo.txt" because cache=none does
not cache anything in guest.

So this make me rethink the idea of enabling posix_acl by default. I
prefer not to have any performance regressions in any of the mode
out of the box.

Hence proposing this V4 where posix_acls are disabled by default and
user needs to enable it explicitly if the want posix acls. This probably
can change down the line once somebody can prove enabling it by deafult
really does not impact us much.

Change since V3.

- Do not enable posix_acl by default.
- Error out if user wants to enable it but xattr are disabled.
- Modified help message and docs/tools/virtiofsd.rst to add
  documentation for this new knob (Luis Henriques).
- Captured Reviewed-by tags from Stefan from V3.

Thanks
Vivek

Vivek Goyal (3):
  virtiofsd: Add umask to seccom allow list
  virtiofsd: Add capability to change/restore umask
  virtiofsd: Add an option to enable/disable posix acls

 docs/tools/virtiofsd.rst              |   3 +
 tools/virtiofsd/helper.c              |   1 +
 tools/virtiofsd/passthrough_ll.c      | 125 ++++++++++++++++++++++++--
 tools/virtiofsd/passthrough_seccomp.c |   1 +
 4 files changed, 123 insertions(+), 7 deletions(-)