Re: RFC: ACLs on fusefs

From: Alan Somers <asomers_at_freebsd.org>
Date: Sat, 03 Aug 2024 16:10:05 UTC
On Sat, Aug 3, 2024 at 10:00 AM Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
>
> On Sat, Aug 03, 2024 at 09:03:38AM -0600, Alan Somers wrote:
> > On Fri, Aug 2, 2024 at 10:13 PM Jamie Landeg-Jones <jamie@catflap.org> wrote:
> > >
> > > Alan Somers <asomers@FreeBSD.org> wrote:
> > >
> > > > TLDR;
> > > > how useful would it be if fusefs(4) could support ACLs?
> > >
> > > I, personally, don't use ACLs generally, so have not missed them on
> > > fusefs.
> > >
> > > However, I do make extensive use of XATTRs, so those are what I've
> > > really missed.
> > >
> > > I didn't know xatrs were now supported - is that a new thing, or maybe
> > > the client I use (borgs sshfs implementation) needs to be updated?
> > >
> > > Cheers, Jamie
> >
> > Our fusefs has supported xattrs for a long time.  But the specific
> > fuse file system needs support too.  Looking right now, I don't see
> > any support in sysutils/fusefs-sshfs .
>
> In fact, I have a (significantly buggy) proof-of-concept fusefs server
> that stores file payload data as extended attributes. Since the tar
> file format supports extended attributes, this makes data exfiltration
> somewhat easier.
>
> Though, I suppose, since my proof-of-concept is buggy, using my
> solution would make data exfil somewhat more difficult. ;-)
>
> Hopefully someday, I'll have the time to finish the PoC and make it
> usable for production.
>
> PoC code: https://git.hardenedbsd.org/shawn.webb/altfs

That's interesting.  It looks like the opposite of what Tomoaki was
describing.  What's the intended application?  Is it like a sort of
unionfs, used to place a second file system on-top of an existing one?