Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-7264] store ChangeLog record for security.* xattr changes https://jira.whamcloud.com/browse/LU-7264 Lustre <p>After looking at the patch <a href="http://review.whamcloud.com/15660" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/15660</a> "<a href="https://jira.whamcloud.com/browse/LU-6886" title="declare changelog store for POSIX ACLs in mdd_xattr_del" class="issue-link" data-issue-key="LU-6886"><del>LU-6886</del></a> mdd: declare changelog store for POSIX ACLs" Oleg and I thought that there should also be ChangeLog records for <tt>security.*</tt> xattr changes as a form of audit and tracking potential permission changes.</p> LU-7264 store ChangeLog record for security.* xattr changes Improvement Major Resolved Fixed Henri Doreau Andreas Dilger Wed, 7 Oct 2015 18:53:37 +0000 Sat, 17 Dec 2016 14:22:25 +0000 Sat, 17 Dec 2016 14:22:25 +0000 Lustre 2.8.0 Lustre 2.10.0 0 10 <p>Is there a need for storing the <tt>security.*</tt> xattrs, or is that not appropriate for ChangeLog users?</p> <p>Should the code that decides which xattrs types to add to the ChangeLog in <tt>mdd_xattr_set()</tt> and <tt>mdd_xattr_del()</tt> and their <tt>*&#95;declare()</tt> functions be abstracted into a helper function like <tt>mdd_xattr_needs_changelog()</tt> or similar so that we don't have multiple checks spread throughout the code? Otherwise, as <a href="https://jira.whamcloud.com/browse/LU-6886" title="declare changelog store for POSIX ACLs in mdd_xattr_del" class="issue-link" data-issue-key="LU-6886"><del>LU-6886</del></a> showed, it seems too easy that these checks will again become inconsistent in the future. It is already true that <tt>mdd_declare_xattr_set()</tt> calls <tt>mdd_declare_changelog_store()</tt> for <em>every</em> xattr type, but <tt>mdd_xattr_set()</tt> only records specific xattrs into the ChangeLog. While not harmful, this adds unnecessary overhead to the transaction and would also be fixed by unifying the checks for which xattr changes are being logged.</p> <p>It would definitely be valuable to have changelog records for <tt>security.&#42;</tt>, <tt>trusted.&#42;</tt>, <tt>user.&#42;</tt> (already in place) and <tt>system.&#42;</tt> (i.e. everything but lustre-specific xattrs). The list of desired classes could be controlled from a procfs entry (similar to the changelog mask).</p> <p>Patch: <a href="http://review.whamcloud.com/#/c/22697/" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/#/c/22697/</a></p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="https://review.whamcloud.com/22697/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/22697/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-7264" title="store ChangeLog record for security.* xattr changes" class="issue-link" data-issue-key="LU-7264"><del>LU-7264</del></a> mdd: refactor changelog handling for XATTR ops<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: 9ef9c5f9f0ceeaaaac018702286c0c23a8eb5d4b</p> <p>Landed for 2.10</p> Related LU-6886 Development Rank 1|hzxpuf: Rank (Obsolete) 9223372036854775807