EA auto-starting at file system mount commit

Robert Watson rwatson at FreeBSD.org
Wed Mar 14 05:43:43 GMT 2001

The attached commit to FreeBSD 5.0-CURRENT should eliminate most nasty
races involving extended attributes and the mounting process, and makes
modifications to /etc/rc (and friends) to start EAs on each file system
unnecessary.  This feature is still experimental, so don't try this on a
production system for a bit.  (I.e., it worked for me, but who knows if it
will work for you -- after all, it does muck with the internals of UFS :-)

It's possible that the recent acl-0.6.0 distribution has a conflict due to
changes to the sys/conf/options file (the only overlap between the two); 
also, Chris has sent me updated getfacl and setfacl releases, so I'll
probably roll an acl-0.6.1 release sometime in the next day or so to take
that into account.  I'll be bringing setfacl and getfacl into the base
source tree later this week, and hopefully the remainder of UFS ACL
support within a week or so also (modulo some time for review by Kirk, et

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at fledge.watson.org      NAI Labs, Safeport Network Services

---------- Forwarded message ----------
Date: Tue, 13 Mar 2001 21:32:32 -0800 (PST)
From: Robert Watson <rwatson at FreeBSD.org>
To: cvs-committers at FreeBSD.org, cvs-all at FreeBSD.org
Subject: cvs commit: src/sys/conf options src/sys/ufs/ffs ffs_vfsops.c         src/sys/ufs/ufs extattr.h ufs_extattr.c ufs_extern.h

rwatson     2001/03/13 21:32:32 PST

  Modified files:
    sys/conf             options 
    sys/ufs/ffs          ffs_vfsops.c 
    sys/ufs/ufs          extattr.h ufs_extattr.c ufs_extern.h 
  o Implement "options FFS_EXTATTR_AUTOSTART", which depends on
    "options FFS_EXTATTR".  When extended attribute auto-starting
    is enabled, FFS will scan the .attribute directory off of the
    root of each file system, as it is mounted.  If .attribute
    exists, EA support will be started for the file system.  If
    there are files in the directory, FFS will attempt to start
    them as attribute backing files for attributes baring the same
    name.  All attributes are started before access to the file
    system is permitted, so this permits race-free enabling of
    attributes.  For attributes backing support for security
    features, such as ACLs, MAC, Capabilities, this is vital, as
    it prevents the file system attributes from getting out of
    sync as a result of file system operations between mount-time
    and the enabling of the extended attribute.  The userland
    extattrctl tool will still function exactly as previously.
    Files must be placed directly in .attribute, which must be
    directly off of the file system root: symbolic links are
    not permitted.  FFS_EXTATTR will continue to be able
    to function without FFS_EXTATTR_AUTOSTART for sites that do not
    want/require auto-starting.  If you're using the UFS_ACL code
    available from www.TrustedBSD.org, using FFS_EXTATTR_AUTOSTART
    is recommended.
  o This support is implemented by adding an invocation of
    ufs_extattr_autostart() to ffs_mountfs().  In addition,
    several new supporting calls are introduced in
      ufs_extattr_autostart(): start EAs on the specified mount
      ufs_extattr_lookup(): given a directory and filename,
                            return the vnode for the file.
      ufs_extattr_enable_with_open(): invoke ufs_extattr_enable()
                            after doing the equililent of vn_open()
                            on the passed file.
      ufs_extattr_iterate_directory(): iterate over a directory,
                            invoking ufs_extattr_lookup() and
                            ufs_extattr_enable_with_open() on each
  o This feature is not widely tested, and therefore may contain
    bugs, caution is advised.  Several changes are in the pipeline
    for this feature, including breaking out of EA namespaces into
    subdirectories of .attribute (this is waiting on the updated
    EA API), as well as a per-filesystem flag indicating whether
    or not EAs should be auto-started.  This is required because
    administrators may not want .attribute auto-started on all
    file systems, especially if non-administrators have write access
    to the root of a file system.
  Obtained from:	TrustedBSD Project
  Revision  Changes    Path
  1.259     +2 -1      src/sys/conf/options
  1.141     +6 -5      src/sys/ufs/ffs/ffs_vfsops.c
  1.10      +2 -1      src/sys/ufs/ufs/extattr.h
  1.23      +304 -2    src/sys/ufs/ufs/ufs_extattr.c
  1.31      +2 -1      src/sys/ufs/ufs/ufs_extern.h

