| <?xml version='1.0' encoding='utf-8' ?> |
| <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [ |
| ]> |
| <chapter id="xfs-xattr"> |
| <title>XFS Extended Attributes</title> |
| <section> |
| <title>Extended Attributes</title> |
| <para>Extended Attributes (EA) are a set of <name,value> pairs associated with an inode</para> |
| <para>Who uses them?</para> |
| <itemizedlist> |
| <listitem><para>Access Control Lists (ACL)</para></listitem> |
| <listitem><para>SELinux</para></listitem> |
| <listitem><para>Beagle indexer</para></listitem> |
| </itemizedlist> |
| <para>Name is a null terminated string <= 255 chars</para> |
| <para>Value is binary data <= 64K</para> |
| </section> |
| <section> |
| <title>EA Namespaces</title> |
| <para>The EA set is typically divided into namespaces</para> |
| <para>For Linux the namespace is the prefix of the EA name:</para> |
| <itemizedlist> |
| <listitem><para>user</para></listitem> |
| <listitem><para>trusted</para></listitem> |
| <listitem><para>security</para></listitem> |
| <listitem><para>System</para></listitem> |
| </itemizedlist> |
| <para>For XFS, the namespace is encoded in bits in a flags field with these values:</para> |
| <itemizedlist> |
| <listitem><para>“user” has value of 0x0000 – by default an attribute is in the user namespace</para></listitem> |
| </itemizedlist> |
| <para><programlisting> |
| #define ATTR_ROOT 0x0002 /* use attrs in root (trusted) namespace */ |
| #define ATTR_SECURE 0x0008 /* use attrs in security namespace */ |
| #define ATTR_SYSTEM 0x0100 /* use attrs in system (pseudo) namespace */</programlisting></para> |
| <para>So for XFS, EAs are really a triple <name, value, flags></para> |
| </section> |
| <section> |
| <title>EA Command Line Interface</title> |
| <para>attr package maintained by Andreas Gruenbacher and SGI</para> |
| <itemizedlist> |
| <listitem><para>getfattr(1) for getting/listing EAs</para></listitem> |
| <listitem><para>setfattr(1) for setting and removing EAs,</para></listitem> |
| <listitem><para>Names are prefixed with the namespace</para></listitem> |
| </itemizedlist> |
| <para>attr command sets/removes/gets/lists EAs</para> |
| <itemizedlist> |
| <listitem><para>Based on IRIX command, provides common interface for XFS EAs</para></listitem> |
| <listitem><para>Namespace specified with options</para></listitem> |
| <listitem><para>More closely models what XFS actually stores since names are the actual names</para></listitem> |
| </itemizedlist> |
| <para><programlisting> |
| # getfattr -e hex -dm '.*' file1 |
| system.posix_acl_access=0x0200000001000600ffffffff040006... |
| trusted.SGI_ACL_FILE=0x0000000400000001ffffffff0006... |
| # attr -Rl file1 |
| Attribute "SGI_ACL_FILE" has a 52 byte value for file1</programlisting></para> |
| </section> |
| <section> |
| <title>EA Ondisk Format</title> |
| <para>The name can actually be binary data since it has a length field on disk</para> |
| <itemizedlist> |
| <listitem><para>XFS kernel functions have been changed to handle binary names |
| (used for future parent pointer EA's)</para></listitem> |
| </itemizedlist> |
| <para>XFS EA's are stored in a variety of forms according to how big they are</para> |
| <itemizedlist> |
| <listitem><para>Local or short form |
| <itemizedlist> |
| <listitem><para>within the inode</para></listitem> |
| </itemizedlist> |
| </para></listitem> |
| <listitem><para>Attribute-fork extents in either |
| <itemizedlist> |
| <listitem><para>a filesystem leaf block</para></listitem> |
| <listitem><para>btree form with node blocks and leaf blocks</para></listitem> |
| </itemizedlist> |
| </para></listitem> |
| <listitem><para>Extent form |
| <itemizedlist> |
| <listitem><para>the EA value can be in a remote filesystem block if it's large</para></listitem> |
| </itemizedlist> |
| </para></listitem> |
| </itemizedlist> |
| </section> |
| <section> |
| <title>EA Tuning</title> |
| <para>If using ACLs, every file access will require an EA lookup</para> |
| <para>For performance, it is important to keep the EA's within the inode in shortform</para> |
| <itemizedlist> |
| <listitem><para>Only a single filesystem block needs to be read in.</para></listitem> |
| <listitem><para>ACLs are a good example where the access checks occur frequently</para></listitem> |
| </itemizedlist> |
| <para>To increase the chance of being in shortform</para> |
| <itemizedlist> |
| <listitem><para>increase the inode size, and/or</para></listitem> |
| <listitem><para>enable attr2</para></listitem> |
| </itemizedlist> |
| <para><programlisting>mkfs.xfs –i size=512,attr=2 device</programlisting></para> |
| <para>The short-form EA resides at the end of the inode and competes for space with the data extents.</para> |
| </section> |
| <section> |
| <title>EA and Attr2</title> |
| <para>Attr2 overcomes a restriction in the initial EA implementation that divided up the |
| literal area at a fixed location (fork offset)</para> |
| <para>With attr2 the fork offset is variable</para> |
| <para>XXX Insert image</para> |
| </section> |
| <section> |
| <title>EA and Backup</title> |
| <para>Cpio and tar do not backup and restore extended attributes</para> |
| <para>If using extended attributes, an EA backup tool like xfsdump and xfsrestore must be used</para> |
| </section> |
| </chapter> |
| |