aboutsummaryrefslogtreecommitdiff
path: root/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml')
-rw-r--r--net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml172
1 files changed, 172 insertions, 0 deletions
diff --git a/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml b/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml
new file mode 100644
index 000000000000..b19ecafd4056
--- /dev/null
+++ b/net/samba422/files/patch-docs-xml_manpages_vfs__freebsd.8.xml
@@ -0,0 +1,172 @@
+--- docs-xml/manpages/vfs_freebsd.8.xml.orig 2025-07-11 10:55:41 UTC
++++ docs-xml/manpages/vfs_freebsd.8.xml
+@@ -0,0 +1,169 @@
++<?xml version="1.0" encoding="iso-8859-1"?>
++<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
++<refentry id="vfs_freebsd.8">
++
++<refmeta>
++ <refentrytitle>vfs_freebsd</refentrytitle>
++ <manvolnum>8</manvolnum>
++ <refmiscinfo class="source">Samba</refmiscinfo>
++ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
++ <refmiscinfo class="version">&doc.version;</refmiscinfo>
++</refmeta>
++
++<refnamediv>
++ <refname>vfs_freebsd</refname>
++ <refpurpose>FreeBSD-specific VFS functions</refpurpose>
++</refnamediv>
++
++<refsynopsisdiv>
++ <cmdsynopsis>
++ <command>vfs objects = freebsd</command>
++ </cmdsynopsis>
++</refsynopsisdiv>
++
++<refsect1>
++ <title>DESCRIPTION</title>
++
++ <para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle>
++ <manvolnum>7</manvolnum></citerefentry> suite.</para>
++
++ <para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para>
++
++ <para>This module is stackable.</para>
++</refsect1>
++
++
++<refsect1>
++ <title>OPTIONS</title>
++
++ <variablelist>
++
++ <varlistentry>
++ <term>freebsd:extattr mode=[legacy|compat|secure]</term>
++ <listitem>
++ <para>This parameter defines how the emulation of the Linux attr(5) extended attributes
++ is performed through the FreeBSD native extattr(9) system calls.</para>
++
++ <para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>,
++ <emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr)
++ classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis>
++ and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping
++ of one set into another isn't straightforward and can be done in different ways.</para>
++
++ <para>Historically the Samba(7) built-in xattr mapping implementation simply converted
++ <emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding
++ <emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping
++ the class prefix name with the separating dot and using attribute name only within the
++ mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis>
++ and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD
++ provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis>
++ xattr was rejected as invalid.</para>
++
++ <para>This module tries to address this problem and provide secure, where it's possible,
++ way to map Linux xattr into FreeBSD's extattr.</para>
++
++ <para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis>
++ then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr
++ is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis>
++ and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class
++ prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched
++ up to the 4.9 version and that created multiple potential security issues. This mode is aimed for
++ the compatibility with the legacy installations only and should be avoided in new setups.</para>
++
++ <para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments,
++ where it's not possible to write extattrs into the secure SYSTEM namespace, so all four
++ classes are mapped into the USER namespace. To preserve information about origin of the
++ extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis>
++ format.</para>
++
++ <para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure
++ manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis>
++ are stored in the SYSTEM namespace, which can be modified only by root.
++ </para>
++ </listitem>
++ </varlistentry>
++
++
++ </variablelist>
++</refsect1>
++
++<refsect1>
++ <table frame="all" rowheader="firstcol">
++ <title>Attributes mapping</title>
++ <tgroup cols='5' align='left' colsep='1' rowsep='1'>
++ <thead>
++ <row>
++ <entry> </entry>
++ <entry>built-in</entry>
++ <entry>legacy</entry>
++ <entry>compat/jail</entry>
++ <entry>secure</entry>
++ </row>
++ </thead>
++ <tbody>
++ <row>
++ <entry>user</entry>
++ <entry>USER; attribute</entry>
++ <entry>USER; attribute</entry>
++ <entry>USER; user.attribute</entry>
++ <entry>USER; user.attribute</entry>
++ </row>
++ <row>
++ <entry>system</entry>
++ <entry>SYSTEM; attribute</entry>
++ <entry>SYSTEM; attribute</entry>
++ <entry>USER; system.attribute</entry>
++ <entry>SYSTEM; system.attribute</entry>
++ </row>
++ <row>
++ <entry>trusted</entry>
++ <entry>FAIL</entry>
++ <entry>USER; attribute</entry>
++ <entry>USER; trusted.attribute</entry>
++ <entry>SYSTEM; trusted.attribute</entry>
++ </row>
++ <row>
++ <entry>security</entry>
++ <entry>FAIL</entry>
++ <entry>USER; attribute</entry>
++ <entry>USER; security.attribute</entry>
++ <entry>SYSTEM; security.attribute</entry>
++ </row>
++ </tbody>
++ </tgroup>
++ </table>
++</refsect1>
++
++<refsect1>
++ <title>EXAMPLES</title>
++
++ <para>Use secure method of setting extended attributes on the share:</para>
++
++<programlisting>
++ <smbconfsection name="[sysvol]"/>
++ <smbconfoption name="vfs objects">freebsd</smbconfoption>
++ <smbconfoption name="freebsd:extattr mode">secure</smbconfoption>
++</programlisting>
++
++</refsect1>
++
++<refsect1>
++ <title>VERSION</title>
++
++ <para>This man page is part of version &doc.version; of the Samba suite.
++ </para>
++</refsect1>
++
++<refsect1>
++ <title>AUTHOR</title>
++
++ <para>The original Samba software and related utilities
++ were created by Andrew Tridgell. Samba is now developed
++ by the Samba Team as an Open Source project similar
++ to the way the Linux kernel is developed.</para>
++
++ <para>This module was written by Timur I. Bakeyev</para>
++
++</refsect1>
++
++</refentry>
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 05:46:37 +0000