I've been working on an implementation of extended attributes for NFSv3, which would enable getxattr(2) and friends over the network.
Here's a link to the latest patchset: http://lwn.net/Articles/392944/
and my LinuxCon slides on the topic from last year: http://namei.org/presentations/linuxcon09_nfsv3xattrs.pdf
I've been asked by the upstream NFS maintainers about general use-cases for this feature. We have a concrete requirement to convey security labels over NFS, although it's not clear how much need there is for user-managed extended attributes (e.g. user.foo)
I was wondering if anyone could offer examples or insights into whether Linux desktop apps are making much use of extended attributes, or whether they might if NFS support were available. (I'm aware of Beagle, which is probably not great over NFS in any case).
Thanks for any help.
- James
On Mon, 28.06.10 09:18, James Morris (jmorris@namei.org) wrote:
I've been working on an implementation of extended attributes for NFSv3, which would enable getxattr(2) and friends over the network.
Here's a link to the latest patchset: http://lwn.net/Articles/392944/
and my LinuxCon slides on the topic from last year: http://namei.org/presentations/linuxcon09_nfsv3xattrs.pdf
I've been asked by the upstream NFS maintainers about general use-cases for this feature. We have a concrete requirement to convey security labels over NFS, although it's not clear how much need there is for user-managed extended attributes (e.g. user.foo)
I was wondering if anyone could offer examples or insights into whether Linux desktop apps are making much use of extended attributes, or whether they might if NFS support were available. (I'm aware of Beagle, which is probably not great over NFS in any case).
Well, I think there's a bit of a chicken and egg problem. Since XATTRs are not available on so many file systems (not even tmpfs has them) and there is no nice way to test whether they work (except by creating an attribute), nobody uses them. That said GLib's GIO framework (i..e the API modern gtk programs use to access files) has complete coverage for extended attributes, but probably not many folks actually use those APIs. Also, the fact that they need to be enabled manually (via the user_xattr mount option) is problematic.
Samba uses user xattrs. Then, there's a somewhat standardized scheme for storing the MIME type of a file in an extended attribute, as an optional implementation feature fo rthe XDG MIME info spec:
http://standards.freedesktop.org/shared-mime-info-spec/shared-mime-info-spec...
However, at least Gtk/GLib/GIO do not implement that optional part. I once wrote an Apache module that added support for that user.mime_type xattr to Apache: http://0pointer.de/lennart/projects/mod_mime_xattr/
However, that's mostly where he story ends I think, it is indeed not widely used. Generally I believe they are useful however, and if they would be ubiquitiously available they'd probably be used more often. However, for that to happen we'd also need something like a fpathconf() check or so to figure out whether user xattrs are allowed or not.
I'd be particularly interested in user xattrs support on the virtual file systems such as /proc, /sys and tmpfs. Neither of those file systems have support for this right now, but especially for /proc it could become very handy to export additional meta information about processes on the /proc/$PID directory.
Lennart
On Mon, 2010-06-28 at 16:07 +0200, Lennart Poettering wrote:
On Mon, 28.06.10 09:18, James Morris (jmorris@namei.org) wrote: However, that's mostly where he story ends I think, it is indeed not widely used. Generally I believe they are useful however, and if they would be ubiquitiously available they'd probably be used more often. However, for that to happen we'd also need something like a fpathconf() check or so to figure out whether user xattrs are allowed or not.
I don't think thats quite the full story. Even when they are supported on a filesystem xattrs have problems that make them non-ideal in practice for large-scale desktop use.
For small attributes like selinux labels the default ext3/4 inode size is large enough that the xattrs fit in the inode. But as soon as you add any more data to it, the xattrs won't fit in the inode. In my experiments as little as 4 bytes + a selinux label made it go outside the inode.
This means that to get this data you need an extra seek, and one extra seek per file when doing a readdir operation is extremely costly.
And this performance problem is real, not some theoretical idea. I had a discussion about this with Eric Sandeen in my gvfs metadata blog post (http://blogs.gnome.org/alexl/2009/06/24/data-about-data/ - see the comments near the end).
There a simple test breaks down completely, performance-wise when using xattrs. Reading a directory with 10000 entries with mime sniffing took 6 seconds, adding xattrs made it take 40 seconds.
desktop@lists.fedoraproject.org
-
Alexander Larsson -
James Morris -
Lennart Poettering