Recently, with LSM (linux security modules) interface growing stable, it
is becoming easier to implement different access-control systems for
linux. There are already several projects using different approaches to
the access-control problem. Each of them has its own meta-info for each
file. When syncing two hosts which use some security module, one needs to
sync this meta info for each file transferred.
Supporting all sorts of meta-info seem beyond the scope of rsync and in
the spirit of LSM, should be left in the hands of the specific security
module developers. To do this efficiently, a plugin system is required.
Unless there's already a design for such plugin, I'd like to suggest the
plugin described below.
If a lot of users think this is a good idea, and rsync developers are too
busy with other things, I'll jump in and add it to the code myself,
although it will probably take me longer than someone already familiar
with the code. Anyway, lets first agree on what such plugin system should
look like.
I suggest the following simple solution:
The sending side, executed with --xmit-plugin=<prog1>, will execute
<prog1> for every file in the tree prior to syncing it, with the filename
as a param in a manner similar to 'find -exec'. For each file rsync
decides to transmit, it will first send a meta-info block, consisting of
the output of <prog1> for this file.
The receiving side, executed with --recv-plugin=<prog2>, will execute
<prog2> with filename as its param, and pass it the meta-info block via
stdin. <prog2> may return one of two possible return values to be treated
by rsync:
0 - OK, sync the file.
1 - NOT OK. Skip to next without syncing.
If 0 was returned, rsync will sync the file as usual. After that, if
--post-recv-plugin=<prog3> was provided as well, rsync will execute
<prog3> on the file it just created, so <prog3> can set the
post-creation
attributes of the file.
In short, the sending side will allow an external <prog1> to pre-attach a
meta-info block to each synced file, and the receiving side will consult
<prog2> regarding creation of this file and if created, will let
<prog3>
complete the operation by setting meta-info on the file.
With such plugin it will be possible to fully sync systems which use any
access-control system, and also be used as a conversion tool between two
incompatible access-control systems. (<prog1> will be the usual meta-info
program for the source access-control system, and <prog3> will be a script
that converts the meta info from the source system to the target system).
I'm sure other users will find other uses for the ability to execute a
program on every sent/received file.
Looking forward to hear your opinion on this. Suggestions are welcome.
Yoav Weiss
