On Sun, Mar 9, 2025 at 10:15 AM Andrew Walker <awal...@ixsystems.com> wrote: > > On Sun, Mar 9, 2025 at 8:24 AM Rick Macklem <rick.mack...@gmail.com> wrote: > > > > On Sun, Mar 9, 2025 at 5:46 AM Andrew Walker <awal...@ixsystems.com> wrote: > > > > > > Out of curiosity, how are you preventing users from creating / writing > > > xattrs with the `system?` name prefix. In ZFS on FreeBSD IIRC this > > > prefix is used to determine whether the corresponding attribute when > > > accessed via the extattr interface is in the user or system > > > namespaces. > > A couple of comments... > > 1 - My current thinking would be a ZFS fs would be configured for one > > or the other (mixing them is weird as noted by the next comment), > > There is currently the xattr property that can be set to "dir" or "sa". > > 2 - I haven't looked at system space FreeBSD attributes yet (I will), > > but when mixing them, you can get two attributes with the same name > > showing up in the named attribute directory (the open gets the named > > attribute one). I haven't yet figured out how to get rid of the > > duplicate. > > 3 - I assume the patch could include code that excludes "system.xxx" names > > from the directory. (I'll do some testing.) > > This seems to be the NFS equivalent to SMB alternate data streams (or > MacOS resource forks). > > In my opinion it's better to keep them cleanly separated from xattrs / > extattrs (minimally in a different namespace). Solaris IIRC did this > with its SMB server (there xattrs IIRC were written to an SA and > streams were written using the attributes directory). When ZFS got > ported to FreeBSD / Linux, the attr dir got repurposed for extattr / > xattr, and then when performance problems were found (and problems > with expectation of atomicity with ops) they were shifted to SA / > dnode bonus block. > > I think it would be better (inside ZFS) to have a dedicated hard-coded > prefix for stuff written in the attr dir. For example: "stream.". This > can be used to delineate ones that should never be written to SA from > regular user namespace extattrs and regular user namespace ones. This > can correspond to adding a new extattr namespace in the FreeBSD VFS > (for examples "stream") that can be used to present these like we > separate out the prefix for system. > > This gives a few advantages: > 1. It prevents writing to restricted namespace > 2. prevents weird combinations of SA and file > > Unfortunately, this also means having to adjust userspace backup tools > (such as tar) and cp / mv to account for the new extattr namespace. If > the data gets replicated to a system that lacks this support, IIRC the > ZFS streams will appear in the user namespace with the string > "stream." prefixing the extattr. > > It's somewhat awkward, but generally trying to treat two different > sorts of thing (streams and xattrs) as if they're the same thing is > awkward. I do think that this may need to be socialized with upstream > openzfs. Sounds good. You obviously know a lot more about how ZFS does this than I do. Are you volunteering to write some code? (I can probably figure out how to prefix the named attributes with "stream." and keep them separate from the ones handled via the get/setextattr mechanism.)
I think we agree that they need to be kept separate. Alternately, having a new setting for the "xattr" property that does not allow the get/setextattr interface might be a simpler way to do it. (Without that setting, the named attributes would not be allowed.) And, yes, obviously the OpenZFS folk would need to be involved if/when a patch was headed that way. (I think they are fairly flexible so long as the patch only applies to the module/os/freebsd subtree.) rick > > Andrew
