[Samba] O_PATH, FreeBSD & acl_xx_fd
Peter Eriksson
pen at lysator.liu.se
Tue May 30 17:40:41 UTC 2023
Urgh…
I modified the FreeBSD kernel to allow all_xx_fd() calls on O_PATH descriptors and that seems make vfs_zfsacl to work fine. Not 100% tested but I could atleast view and modify the ACL on some stuff from a Windows client via Samba that way.
I’m not sure I’ll be able to get them to implement this “officially” though. Reading ACLs via an O_PATH-opened descriptor seems to be on the way of being added though. I can always use my custom kernel but… :-)
Regarding that Linux hack - I wonder if on FreeBSD one might use this to do something similar:
> A file descriptor created with the O_PATH flag can be opened into normal
> (operable) file descriptor by specifying it as the fd argument to
> openat() with empty path and flag O_EMPTY_PATH. Such an open behaves as
> if the current path of the file referenced by fd is passed, except that
> the path walk permissions are not checked. See also the description of
> AT_EMPTY_PATH flag for fstatat(2) and related syscalls.
Hmm… I’ll have to test it. Yes, this seems to work - after this I can read & write ACLs and stuff:
fd = openat(fd, “”, O_EMPTY_PATH);
- Peter
> On 30 May 2023, at 19:20, Jeremy Allison <jra at samba.org> wrote:
>
> On Tue, May 30, 2023 at 09:57:37AM +0200, Peter Eriksson via samba wrote:
>> I’ve been looking at an issue when compiling Samba on FreeBSD 13 with the vfs_zfsacl module.
>>
>> It seems the logic that detect O_PATH support in Samba doesn’t work right with FreeBSD 13 (since it has implemented O_PATH support) and especially with the acl_get_fd() function. This is a bug (or rather a missing feature) in FreeBSD that there is a patch for now (dunno when it’ll appear in a release version).
>>
>> However, one question that has surfaced is if Samba also requires support to change/set ACLs via O_PATH-opened file descriptors? I’m trying to test things but figured I’d put this here too if someone with more internal knowledge of the Samba VFS O_PATH-related stuff knows :-)
>>
>>
>> https://bugzilla.samba.org/show_bug.cgi?id=15376
>>
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271704
>
> Samba uses a horrible hack, as far as I know Linux
> specific, to do this.
>
> Once it has a O_PATH fd, it then uses the path
> based xattr call on the string /proc/<pid>/fd/<fdnum>
> where fdnum is the O_PATH fd we already opened.
> This is proven safe.
More information about the samba
mailing list