Chapter 11: Extended Attributes and Access Control Lists
Chapter 11: Extended Attributes and Access Control Lists.................
Attribute names are subdivided into namespaces. This implies that addressing attributes are required to
list the namespace as well. As per notational convention, a dot is used to separate the namespace and
attribute (e.g.,user.mime_type). Only the basic details are covered here — it is assumed that you are
familiar with the manual pageattr(5), where further information about the fine points is given. The
kernel uses macros to define the list of valid top-level namespaces. They are of the formXATTR_*_PREFIX.
A set of accompanying macrosXATTR_*_PREFIX_LENis useful when a name string passed from the
userspace needs to be compared with the namespace prefixes:<xattr.h>
/* Namespaces */
#define XATTR_OS2_PREFIX "os2."
#define XATTR_OS2_PREFIX_LEN (sizeof (XATTR_OS2_PREFIX) - 1)#define XATTR_SECURITY_PREFIX "security."
#define XATTR_SECURITY_PREFIX_LEN (sizeof (XATTR_SECURITY_PREFIX) - 1)#define XATTR_SYSTEM_PREFIX "system."
#define XATTR_SYSTEM_PREFIX_LEN (sizeof (XATTR_SYSTEM_PREFIX) - 1)#define XATTR_TRUSTED_PREFIX "trusted."
#define XATTR_TRUSTED_PREFIX_LEN (sizeof (XATTR_TRUSTED_PREFIX) - 1)#define XATTR_USER_PREFIX "user."
#define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)The kernel provides several system calls to read and manipulate extended attributes:❑ setxattris used to set or replace the value of an extended attribute or to create a new one.
❑ getxattrretrieves the value of an extended attribute.
❑ removexattrremoves an extended attribute.
❑ listxattrprovides a list of all extended attributes associated with a given filesystem object.Note that all calls are also available with the prefixl; this variant does not follow symbolic links by
resolving them but operates on the extended attributes of the link itself. Prefixing the calls withfdoes
not work on a filename given by a string, but uses a file descriptor as the argument.As usual, the manual pages provide more information about how these system calls must be used and
provide the exact calling convention.11.1.1 Interface to the Virtual Filesystem
The virtual filesystem provides an abstraction layer to the userspace such that all applications can use
extended attributes regardless of how the underlying filesystem implementations store the information
on disk. The following sections discuss the required data structures and system calls. Note that although
the VFS provides an abstraction layer for extended attributes, this does not mean that they have to be
implemented by every filesystem. In fact, quite the contrary is the case. Most filesystems in the kernel
do not support extended attributes. However, it should also be noted that all filesystems that are used as
Linux workhorses (ext3, reiserfs, xfs, etc.) support extended attributes.