search

mar-file-system / marfs

MarFS provides a scalable near-POSIX file system by using one or more POSIX file systems as a scalable metadata component and one or more data stores (object, file, etc) as a scalable data component.
Other
96 stars 26 forks source link

the system calls getxattr("security.capability") on every FUSE write()! #205

Open jti-lanl opened 6 years ago

jti-lanl commented 6 years ago

We could probably gain some FUSE write performance by short-circuiting this behavior.

See this discussion: https://sourceforge.net/p/fuse/mailman/fuse-devel/thread/889E1F64-C59A-41EE-927E-456640E404ED@nortel.com/

Assuming we don't want (a) to prevent users from using xattrs, or (b) to do this:

In other words, another option is to disable "File POSIX
Capabilities" (under Security options in menuconfig) or
CONFIG_SECURITY_FILE_CAPABILITIES in your kernel configuration.

... then the next-best option (assuming this xattr might be set on any file we manage) is to go ahead and let the query run, the first time it happens on a given filehandle, and cache the result/errno (per filehandle). All subsequent queries can just return the cached result/errno. [Don't forget to clear the cache in setxattr()]

Or (if we are willing to say we'll never have a file with this xattr) we could at least have getxattr test the key, and always return ENODATA for this case. [Don't forget to have setxattr() refuse to set this key.] Or we could provide a build-option to enable this behavior.

shanegoff commented 5 years ago

We should reinvestigate these solutions for the future.