JM
Uploaded byJames Morris
PDF, PPTX1,671 views

Adding Extended Attribute Support to NFS

This document discusses adding extended attribute support to NFS. It provides background on extended attributes, describes different implementations among operating systems, and outlines a proposal to implement name/value extended attribute support in Linux NFSv3 through a side protocol. Prototype code has been developed and is undergoing review. The work could serve as a model for adding extended attribute support to NFSv4 to enable proper support on Linux and BSD systems.

Technologyâ—¦

Embed presentation

Download as PDF, PPTX
Adding Extended Attribute Support to NFS James Morris Red Hat, Inc. jmorris@redhat.com LinuxCon 2009 – Portland, OR
Introduction
Extended Attributes â—Ź Arbitrary file metadata â—Ź Two main types â—Ź System â—Ź User â—Ź Non-standard, yet widely implemented
Types of Implementation ● Simple name / value pairs ● user.foo = “bar” ● Used by: IRIX, Linux, FreeBSD ● Subfiles / forks ● May: – have file semantics (open, seek etc.) – include subdirectories – be highly structured ● Used by Sun, Apple, Microsoft and others
Name/value model â—Ź All name/value xattr implementations differ, have different APIs, and are generally incompatible â—Ź Some OSs use flags for 'system', 'user' types â—Ź Linux uses text namespaces â—Ź user, system, security, trusted, os2
Linux Implementation â—Ź Simple and effective userland API â—Ź setxattr, getxattr, listxattr, removexattr â—Ź Probably the most flexible such implementation â—Ź System-level xattr use is common â—Ź ACLs, SELinux, SMACK, ecryptfs â—Ź User-level xattrs: beagle, ...
NFS Support â—Ź Extended attributes are not supported in the NFS standards â—Ź NFSv3 is closed wrt IETF activity â—Ź NFSv4 includes Named Attributes, which are based on the Solaris subfile model and incompatible with name/value schemes â—Ź Several non-standard implementations shipped
Proposal for Linux NFSv3 â—Ź Implement simple name/value xattr side- protocol based on the GPL'd IRIX code â—Ź ACL support was added to Linux NFSv3, and this is similar in scope and nature â—Ź Rationale: all major filesystems have xattrs and we should be able to use them over the network!
Proposal for Linux NFSv3 (...) â—Ź Side-protocol does not break existing protocol â—Ź Possibility of interop and establishing a de-facto standard for BSD, legacy IRIX clients etc. â—Ź NFS availability may encourage more xattr adoption (chicken & egg problem)
Linux NFSv3 Status â—Ź Prototype code working! â—Ź In upstream Linux community RFC process â—Ź Initial code â—Ź Limited to user namespace â—Ź Not wire-compatible with IRIX due to differences in OS level implementation â—Ź Interoperability certainly possible; need to consider usefulness vs. code complexity
NFSv4 â—Ź NFSv4 needs xattr extension to properly support Linux/BSD etc. â—Ź Thankfully, NFSv4 was designed for extensibility! â—Ź NFSv3 work should be a useful model for this â—Ź IETF process could be lengthy
Discussion
Resources â—Ź http://namei.org/nfsxattr â—Ź Code, documents â—Ź http://www.linux-nfs.org/ â—Ź Useful stepping off point â—Ź Linux NFS mailing list information

More Related Content

PDF
How Many Linux Security Layers Are Enough?
byMichael Boelen
 
PDF
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
byJames Morris
 
PDF
Directions in SELinux Networking
byJames Morris
 
PDF
Secure and Simple Sandboxing in SELinux
byJames Morris
 
PDF
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
PDF
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 
PDF
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
PPTX
Linux security
bytrilokchandra prakash
 
How Many Linux Security Layers Are Enough?
byMichael Boelen
 
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
byJames Morris
 
Directions in SELinux Networking
byJames Morris
 
Secure and Simple Sandboxing in SELinux
byJames Morris
 
Linux Kernel Security Overview - KCA 2009
byJames Morris
 
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
byJames Morris
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
byAnne Nicolas
 
Linux security
bytrilokchandra prakash
 

What's hot

PPTX
Linux Security Overview
byKernel TLV
 
PPT
Security and Linux Security
byRizky Ariestiyansyah
 
PPT
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
PDF
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
byShawn Wells
 
PPT
Linux Security
bynayakslideshare
 
PPT
Linux Operating System Vulnerabilities
byInformation Technology
 
PPT
Basic Linux Security
bypankaj009
 
PPTX
Bsd ppt
byMuhammad Bilal
 
PDF
The FreeBSD - PRIMER
byMuhammad Moinur Rahman
 
PDF
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
byJames Morris
 
PPTX
File System Implementation & Linux Security
byGeo Marian
 
ODP
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
PPT
Unix Security
byreplay21
 
PDF
Futex Scaling for Multi-core Systems
byDavidlohr Bueso
 
ODP
Introduction To Linux Security
byMichael Boman
 
PDF
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
byThe Linux Foundation
 
ODP
Linux Network Security
byAmr Ali
 
PPTX
bsd
byJessica Chan
 
PPTX
Bsd presentation
byMajda Allani
 
PDF
Linux Security, from Concept to Tooling
byMichael Boelen
 
Linux Security Overview
byKernel TLV
 
Security and Linux Security
byRizky Ariestiyansyah
 
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
byShawn Wells
 
Linux Security
bynayakslideshare
 
Linux Operating System Vulnerabilities
byInformation Technology
 
Basic Linux Security
bypankaj009
 
Bsd ppt
byMuhammad Bilal
 
The FreeBSD - PRIMER
byMuhammad Moinur Rahman
 
Mandatory Access Control Networking Update - Netonf 2006 Tokyo
byJames Morris
 
File System Implementation & Linux Security
byGeo Marian
 
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
Unix Security
byreplay21
 
Futex Scaling for Multi-core Systems
byDavidlohr Bueso
 
Introduction To Linux Security
byMichael Boman
 
XPDS16: XSM-Flask, current limitations and Ongoing work. - Anshul Makkar, Ct...
byThe Linux Foundation
 
Linux Network Security
byAmr Ali
 
bsd
byJessica Chan
 
Bsd presentation
byMajda Allani
 
Linux Security, from Concept to Tooling
byMichael Boelen
 

Similar to Adding Extended Attribute Support to NFS

PDF
The Evolution of Storage on Linux - FrOSCon - 2015-08-22
byLenz Grimmer
 
PDF
The evolution of storage on Linux
byit-novum
 
PDF
5231 140-hellwig
bysprdd
 
PDF
Linux cifs-client-guide
byunixadminrasheed
 
PPT
NFS.ppt shshsjsjsjssjsjsksksksksksisisisisi
bymukul narayana
 
ODP
4. linux file systems
byMarian Marinov
 
PPT
Nfs1
byWaqas !!!!
 
ODP
Linux26 New Features
byguest491c69
 
PDF
Meeting 9 nfs network file system
bySyaiful Ahdan
 
PDF
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
byeurobsdcon
 
PPT
Xfs file system for linux
byAjay Sood
 
PDF
Linuxtag.ceph.talk
byUdo Seidel
 
PPTX
unit-1key fetures of linux of destubtions.pptx
byjadavDinesh3
 
PPT
Distributed System by Pratik Tambekar
byPratik Tambekar
 
PDF
Introduction to distributed file systems
byViet-Trung TRAN
 
PPT
Nfs
byWaqas !!!!
 
PDF
Introduction One of the key goals for the Windows Subsystem for Li.pdf
byanwarfoot
 
PPT
Nfs
bytmavroidis
 
PPT
Nfs
byShingalaKrupa
 
PPTX
Sun NFS , Case study
byShashwat Singh
 
The Evolution of Storage on Linux - FrOSCon - 2015-08-22
byLenz Grimmer
 
The evolution of storage on Linux
byit-novum
 
5231 140-hellwig
bysprdd
 
Linux cifs-client-guide
byunixadminrasheed
 
NFS.ppt shshsjsjsjssjsjsksksksksksisisisisi
bymukul narayana
 
4. linux file systems
byMarian Marinov
 
Nfs1
byWaqas !!!!
 
Linux26 New Features
byguest491c69
 
Meeting 9 nfs network file system
bySyaiful Ahdan
 
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
byeurobsdcon
 
Xfs file system for linux
byAjay Sood
 
Linuxtag.ceph.talk
byUdo Seidel
 
unit-1key fetures of linux of destubtions.pptx
byjadavDinesh3
 
Distributed System by Pratik Tambekar
byPratik Tambekar
 
Introduction to distributed file systems
byViet-Trung TRAN
 
Nfs
byWaqas !!!!
 
Introduction One of the key goals for the Windows Subsystem for Li.pdf
byanwarfoot
 
Nfs
bytmavroidis
 
Nfs
byShingalaKrupa
 
Sun NFS , Case study
byShashwat Singh
 

More from James Morris

PDF
sVirt: Hardening Linux Virtualization with Mandatory Access Control
byJames Morris
 
PDF
OLPC Networking Overview
byJames Morris
 
PDF
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
byJames Morris
 
PDF
SELinux Project Overview - Linux Foundation Japan Symposium 2008
byJames Morris
 
PDF
Kernel Security for 2.8 - Kernel Summit 2004
byJames Morris
 
PDF
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
byJames Morris
 
PDF
The State of Security Enhanced Linux - FOSS.IN/2007
byJames Morris
 
PDF
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
byJames Morris
 
PDF
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
byJames Morris
 
PDF
SELinux Kernel Internals and Architecture - FOSS.IN/2005
byJames Morris
 
PDF
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
byJames Morris
 
sVirt: Hardening Linux Virtualization with Mandatory Access Control
byJames Morris
 
OLPC Networking Overview
byJames Morris
 
Cryptographic Hardware Support for the Linux Kernel - Netconf 2004
byJames Morris
 
SELinux Project Overview - Linux Foundation Japan Symposium 2008
byJames Morris
 
Kernel Security for 2.8 - Kernel Summit 2004
byJames Morris
 
Better IPSec Security Association Resolution - Netconf 2006 Tokyo
byJames Morris
 
The State of Security Enhanced Linux - FOSS.IN/2007
byJames Morris
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
byJames Morris
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
byJames Morris
 
SELinux Kernel Internals and Architecture - FOSS.IN/2005
byJames Morris
 
Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)
byJames Morris
 

Recently uploaded

PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
PPTX
Closing Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
PDF
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
PDF
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 
PDF
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
PDF
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
PPTX
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
PDF
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
PDF
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
PDF
Introduction to Shell Scripting - RHCSA+.pdf
byLinuxCert Guru
 
PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PPTX
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 
PPTX
Agentic AI presentation with Python Exercises
byParth Mane
 
PDF
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
PPTX
Redcentric Data Centres: vision, mission and values
byRedcentric
 
PDF
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
Closing Plenary - Esri UK Welsh Conference 2025
byEsri UK
 
Oracle MySQL HeatWave - Complete - Version 3
byLuca Bonesini
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
Webinar: Introduction to LF Energy SEAPATH
byDanBrown980551
 
Build an AI/ML-driven image archive processing workflow: Image archive, analy...
bywesley chun
 
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 
How Design Systems and AI Agents Accelerate Product Delivery Sixt
byBoyan Dimitrov
 
AWS Cloud Technical Essentials - AWS Certificate
byVICTOR MAESTRE RAMIREZ
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
How to Spot a Fraudulent Shopping Website
byAshwini Singh
 
Introduction to Shell Scripting - RHCSA+.pdf
byLinuxCert Guru
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 
Agentic AI presentation with Python Exercises
byParth Mane
 
Command Line Text Processing - RHCSA +.pdf
byLinuxCert Guru
 
Redcentric Data Centres: vision, mission and values
byRedcentric
 
UiPath DevConnect 2025: UiPath ScreenPlay - The Future of Human-Like Automation
byDianaGray10
 

Adding Extended Attribute Support to NFS

  • 1.
    Adding Extended Attribute Support to NFS James Morris Red Hat, Inc. jmorris@redhat.com LinuxCon 2009 – Portland, OR
  • 2.
  • 3.
    Extended Attributes â—Ź Arbitrary file metadata â—Ź Two main types â—Ź System â—Ź User â—Ź Non-standard, yet widely implemented
  • 4.
    Types of Implementation ● Simple name / value pairs ● user.foo = “bar” ● Used by: IRIX, Linux, FreeBSD ● Subfiles / forks ● May: – have file semantics (open, seek etc.) – include subdirectories – be highly structured ● Used by Sun, Apple, Microsoft and others
  • 5.
    Name/value model â—Ź All name/value xattr implementations differ, have different APIs, and are generally incompatible â—Ź Some OSs use flags for 'system', 'user' types â—Ź Linux uses text namespaces â—Ź user, system, security, trusted, os2
  • 6.
    Linux Implementation â—Ź Simple and effective userland API â—Ź setxattr, getxattr, listxattr, removexattr â—Ź Probably the most flexible such implementation â—Ź System-level xattr use is common â—Ź ACLs, SELinux, SMACK, ecryptfs â—Ź User-level xattrs: beagle, ...
  • 7.
    NFS Support â—Ź Extended attributes are not supported in the NFS standards â—Ź NFSv3 is closed wrt IETF activity â—Ź NFSv4 includes Named Attributes, which are based on the Solaris subfile model and incompatible with name/value schemes â—Ź Several non-standard implementations shipped
  • 8.
    Proposal for LinuxNFSv3 â—Ź Implement simple name/value xattr side- protocol based on the GPL'd IRIX code â—Ź ACL support was added to Linux NFSv3, and this is similar in scope and nature â—Ź Rationale: all major filesystems have xattrs and we should be able to use them over the network!
  • 9.
    Proposal for LinuxNFSv3 (...) â—Ź Side-protocol does not break existing protocol â—Ź Possibility of interop and establishing a de-facto standard for BSD, legacy IRIX clients etc. â—Ź NFS availability may encourage more xattr adoption (chicken & egg problem)
  • 10.
    Linux NFSv3 Status â—Ź Prototype code working! â—Ź In upstream Linux community RFC process â—Ź Initial code â—Ź Limited to user namespace â—Ź Not wire-compatible with IRIX due to differences in OS level implementation â—Ź Interoperability certainly possible; need to consider usefulness vs. code complexity
  • 11.
    NFSv4 â—Ź NFSv4 needs xattr extension to properly support Linux/BSD etc. â—Ź Thankfully, NFSv4 was designed for extensibility! â—Ź NFSv3 work should be a useful model for this â—Ź IETF process could be lengthy
  • 12.
  • 13.
    Resources â—Ź http://namei.org/nfsxattr â—Ź Code, documents â—Ź http://www.linux-nfs.org/ â—Ź Useful stepping off point â—Ź Linux NFS mailing list information