Samba File Server and Docker
Andrew Bartlett
abartlet at samba.org
Tue Mar 10 06:14:44 UTC 2020
On Tue, 2020-03-10 at 05:59 +0000, Dan Seguin via samba-technical
wrote:
> I'm writing a VFS module for a back end encryption and KMI system. I
> hope that I can provide something somewhat like the Scanner VFS does,
> i.e. an api for a plugable backend.
>
> I have a design in mind, not sure of the ramifications involving
> disconnected/reconnected sessions and statefulness.
>
> I hope there's interest out there on this, I'll outline how I'm
> approaching this. I'll share what I have as things progress, and
> publish (if deemed solid).
I looked into this for a client a couple of years back, and I strongly
suggested that they use the kernel VFS or block layer encrypted file
systems.
The reason I say this is that is is quite tricky to do this right in
Samba, with complexity and issues similar to the recently removed
'write cache' code.
The challenges is that Samba clients expect to be able to:
- seek to arbitrary file positions
- read and write less than a whole block, and not on block offsets
- do so safely from multiple clients where a write to position A and B
are safe and independent, even if they are in the same encryption
block.
Of course, if your backend is already doing this and you just need to
interface to their userspace VFS interface, then go right ahead, just
don't blame Samba if the backend doesn't quite life up to the promises
it makes :-)
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list