elsaco
commented
2 months ago @daniejstriata AL2023 is using XFS and it supports ACL by default. Is there any advantage in using brtfs instead of xfs, besides the I want it!?
Open danie-dejager opened 2 months ago
elsaco
commented
2 months ago @daniejstriata AL2023 is using XFS and it supports ACL by default. Is there any advantage in using brtfs instead of xfs, besides the I want it!?
danie-dejager
commented
2 months ago @elsaco I can add multiple subvolumes to one volume. I can create /home. /root, /var/log, /var/log/audit, /tmp and /var/tmp on one volume. Rather than 3. If I use XFS I have to use multiple volumes with most of the volumes more than 90% empty. I enable compression so I get better mileage. BTRFS is already complied/active for the current AL2023 kernel. It's not a big ask. I'm asking to enable ACLs for BTRFS which is already there but not configured with the default value. I want to be able to granularity configure who has access to directories on the host.
So no, I want it to improve my configuration's security.
https://btrfs.readthedocs.io/en/latest/Administration.html#mount-options (default: on)
bjoernd
commented
1 month ago As AL2023 is compiled with BTRFS support, this is a fair ask. I'm relaying this to the AL kernel team. Cannot give an ETA.
Is your feature request related to a problem? Please describe. I am creating some mounts using btrfs to ensure that /var/log is off the root volume. I also harden access to
/var/logand need acl enabled for services like chronyd to access/var/log/chronydbut the Amazon Linux default is not to enable BTRFS ACL.[23036.735024] BTRFS error (device nvme4n1: state M): support for ACL not compiled in!Describe the solution you'd like Would it be possible to review and revert if the kernel can be compiled with ACLs enabled for btrfs? Enabled ACL is the default value and there was a decision made to disable a security control.
I can't mount the volumes with ACL.
The error for instance with setfacl:
setfacl: /var/log/: Operation not supported