Samba File Server and Docker

Andrew Bartlett abartlet at
Tue Mar 10 06:14:44 UTC 2020

On Tue, 2020-03-10 at 05:59 +0000, Dan Seguin via samba-technical
> I'm writing a VFS module for a back end encryption and KMI system. I
> hope that I can provide something somewhat like the Scanner VFS does,
> i.e. an api for a plugable backend. 
> I have a design in mind, not sure of the ramifications involving
> disconnected/reconnected sessions and statefulness. 
> I hope there's interest out there on this, I'll outline how I'm
> approaching this.  I'll share what I have as things progress, and
> publish (if deemed solid). 

I looked into this for a client a couple of years back, and I strongly
suggested that they use the kernel VFS or block layer encrypted file

The reason I say this is that is is quite tricky to do this right in
Samba, with complexity and issues similar to the recently removed
'write cache' code.

The challenges is that Samba clients expect to be able to:
 - seek to arbitrary file positions
 - read and write less than a whole block, and not on block offsets
 - do so safely from multiple clients where a write to position A and B
are safe and independent, even if they are in the same encryption

Of course, if your backend is already doing this and you just need to
interface to their userspace VFS interface, then go right ahead, just
don't blame Samba if the backend doesn't quite life up to the promises
it makes :-)

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list