feat/acl: add enable-acl flag and version checking (juicedata#4421)

Signed-off-by: jiefeng <[email protected]>
jiefenghuang · Mar 4, 2024 · 91b4505 · 91b4505
1 parent 618450e
commit 91b4505
Show file tree

Hide file tree

Showing 8 changed files with 99 additions and 3 deletions.
diff --git a/cmd/config.go b/cmd/config.go
@@ -242,6 +242,12 @@ func config(ctx *cli.Context) error {
 				format.MaxClientVersion = new
 				clientVer = true
 			}
+		case "enable-acl":
+			// cannot disable
+			if ctx.Bool(flag) {
+				format.EnableACL = true
+				format.MinClientVersion = "1.2.0-A"
+			}
 		}
 	}
 	if msg.Len() == 0 {

diff --git a/cmd/format.go b/cmd/format.go
@@ -191,6 +191,11 @@ func formatManagementFlags() []cli.Flag {
 			Value: 1,
 			Usage: "number of days after which removed files will be permanently deleted",
 		},
+		&cli.BoolFlag{
+			Name:  "enable-acl",
+			Value: false,
+			Usage: "enable POSIX ACL (this flag is irreversible once enabled)",
+		},
 	})
 }
 
@@ -436,7 +441,12 @@ func format(c *cli.Context) error {
 			DirStats:         true,
 			MetaVersion:      meta.MaxVersion,
 			MinClientVersion: "1.1.0-A",
+			EnableACL:        c.Bool("enable-acl"),
 		}
+		if format.EnableACL {
+			format.MinClientVersion = "1.2.0-A"
+		}
+
 		if format.AccessKey == "" && os.Getenv("ACCESS_KEY") != "" {
 			format.AccessKey = os.Getenv("ACCESS_KEY")
 			_ = os.Unsetenv("ACCESS_KEY")

diff --git a/cmd/mount_test.go b/cmd/mount_test.go
@@ -32,9 +32,11 @@ import (
 	"github.com/agiledragon/gomonkey/v2"
 	"github.com/juicedata/juicefs/pkg/meta"
 	"github.com/juicedata/juicefs/pkg/utils"
+	"github.com/juicedata/juicefs/pkg/version"
 	"github.com/juicedata/juicefs/pkg/vfs"
 	"github.com/redis/go-redis/v9"
 	. "github.com/smartystreets/goconvey/convey"
+	"github.com/stretchr/testify/assert"
 	"github.com/urfave/cli/v2"
 )
 
@@ -233,3 +235,62 @@ func Test_configEqual(t *testing.T) {
 		}
 	}
 }
+
+func tryMountTemp(t *testing.T, bucket *string, extraFormatOpts []string, extraMountOpts []string) error {
+	_ = resetTestMeta()
+	testDir := t.TempDir()
+	if bucket != nil {
+		*bucket = testDir
+	}
+	formatArgs := []string{"", "format", "--bucket", testDir, testMeta, testVolume}
+	if extraFormatOpts != nil {
+		formatArgs = append(formatArgs, extraFormatOpts...)
+	}
+	if err := Main(formatArgs); err != nil {
+		return fmt.Errorf("format failed: %w", err)
+	}
+
+	// must do reset, otherwise will panic
+	ResetHttp()
+
+	mountArgs := []string{"", "mount", "--enable-xattr", testMeta, testMountPoint, "--attr-cache", "0", "--entry-cache", "0", "--dir-entry-cache", "0", "--no-usage-report"}
+	if extraMountOpts != nil {
+		mountArgs = append(mountArgs, extraMountOpts...)
+	}
+
+	errChan := make(chan error, 1)
+	go func() {
+		errChan <- Main(mountArgs)
+	}()
+
+	select {
+	case err := <-errChan:
+		if err != nil {
+			return fmt.Errorf("mount failed: %w", err)
+		}
+	case <-time.After(3 * time.Second):
+	}
+
+	inode, err := utils.GetFileInode(testMountPoint)
+	if err != nil {
+		return fmt.Errorf("get file inode failed: %w", err)
+	}
+	if inode != 1 {
+		return fmt.Errorf("mount failed: inode of %s is not 1", testMountPoint)
+	}
+	t.Logf("mount %s success", testMountPoint)
+	return nil
+}
+
+func TestMountVersionMatch(t *testing.T) {
+	oriVersion := version.Version()
+	version.SetVersion("1.1.0")
+	defer version.SetVersion(oriVersion)
+
+	err := tryMountTemp(t, nil, nil, nil)
+	assert.Nil(t, err)
+	umountTemp(t)
+
+	err = tryMountTemp(t, nil, []string{"--enable-acl=true"}, nil)
+	assert.Contains(t, err.Error(), "check version")
+}
diff --git a/pkg/fuse/fuse.go b/pkg/fuse/fuse.go
@@ -17,6 +17,7 @@
 package fuse
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"os/exec"
@@ -445,13 +446,24 @@ func Serve(v *vfs.VFS, options string, xattrs, ioctl bool) error {
 	opt.SingleThreaded = false
 	opt.MaxBackground = 50
 	opt.EnableLocks = true
+	opt.EnableAcl = conf.Format.EnableACL
 	opt.DisableXAttrs = !xattrs
 	opt.EnableIoctl = ioctl
-	opt.IgnoreSecurityLabels = true
 	opt.MaxWrite = 1 << 20
 	opt.MaxReadAhead = 1 << 20
 	opt.DirectMount = true
 	opt.AllowOther = os.Getuid() == 0
+
+	if opt.EnableAcl && conf.NonDefaultPermission {
+		return errors.New("cannot mount without default_permissions when format with enable-acl")
+	}
+
+	if opt.EnableAcl && opt.DisableXAttrs {
+		logger.Infof("The format \"enable-acl\" flag wiil enable the xattrs feature.")
+		opt.DisableXAttrs = false
+	}
+	opt.IgnoreSecurityLabels = !opt.EnableAcl
+
 	for _, n := range strings.Split(options, ",") {
 		if n == "allow_other" || n == "allow_root" {
 			opt.AllowOther = true

diff --git a/pkg/meta/config.go b/pkg/meta/config.go
@@ -92,6 +92,7 @@ type Format struct {
 	MinClientVersion string `json:",omitempty"`
 	MaxClientVersion string `json:",omitempty"`
 	DirStats         bool   `json:",omitempty"`
+	EnableACL        bool
 }
 
 func (f *Format) update(old *Format, force bool) error {

diff --git a/pkg/meta/metadata-sub.sample b/pkg/meta/metadata-sub.sample
@@ -10,7 +10,8 @@
     "EncryptKey": "AQSttslKOSE/hQT/gmaMniCsdPF8JdPRfoYK6zFkdUOnifYwBA==",
     "KeyEncrypted": true,
     "TrashDays": 1,
-    "MetaVersion": 1
+    "MetaVersion": 1,
+    "EnableACL": false
   },
   "Counters": {
     "usedSpace": 115392512,

diff --git a/pkg/meta/metadata.sample b/pkg/meta/metadata.sample
@@ -10,7 +10,8 @@
     "EncryptKey": "AQSttslKOSE/hQT/gmaMniCsdPF8JdPRfoYK6zFkdUOnifYwBA==",
     "KeyEncrypted": true,
     "TrashDays": 1,
-    "MetaVersion": 1
+    "MetaVersion": 1,
+    "EnableACL": false
   },
   "Counters": {
     "usedSpace": 115392512,

diff --git a/pkg/version/version.go b/pkg/version/version.go
@@ -51,6 +51,10 @@ func Version() string {
 	return fmt.Sprintf("%d.%d.%d%s+%s", ver.major, ver.minor, ver.patch, pr, ver.build)
 }
 
+func SetVersion(v string) {
+	ver = *Parse(v)
+}
+
 func Compare(vs string) (int, error) {
 	v := Parse(vs)
 	if v == nil {