Lines Matching refs:the
13 (*) Starting the cache.
37 CacheFiles uses a userspace daemon to do some of the cache management - such as
41 The filesystem and data integrity of the cache are only as good as those of the
42 filesystem providing the backing services. Note that CacheFiles does not
43 attempt to journal anything since the journalling interfaces of the various
47 to communication with the daemon. Only one thing may have this open at once,
49 opens this and sends commands down it to control the cache.
54 the filesystem, shrinking the cache by culling the objects it contains to make
55 space if necessary - see the "Cache Culling" section. This means it can be
56 placed on the same medium as a live set of data, and will expand to make use of
57 spare space and automatically contract when the set of data requires more
65 The use of CacheFiles and its daemon requires the following features to be
66 available in the system and in the cache filesystem:
74 - bmap() support on files in the filesystem (FIBMAP ioctl).
76 - The use of bmap() to detect a partial page at the end of the file.
78 It is strongly recommended that the "dir_index" option is enabled on Ext3
96 Configure the culling limits. Optional. See the section on culling
104 Specify the directory containing the root of the cache. Mandatory.
113 Specify a numeric bitmask to control debugging in the kernel module.
115 OR'd into the mask to collect various information:
130 The cache is started by running the daemon. The daemon opens the cache device,
131 configures the cache and tells it to begin caching. At that point the cache
132 binds to fscache and the cache becomes live.
142 Increase the debugging level. This can be specified multiple times and
155 Use an alternative configuration file rather than the default one.
162 Do not mount other things within the cache as this will cause problems. The
164 mountpoints, but the daemon can't avoid them.
166 Do not create, rename or unlink files and directories in the cache whilst the
167 cache is active, as this may cause the state to become uncertain.
169 Renaming files in the cache might make objects appear to be other objects (the
170 filename is part of the lookup key).
172 Do not change or remove the extended attributes attached to cache files by the
173 cache as this will cause the cache state management to get confused.
175 Do not create files or directories in the cache, lest the cache get confused or
178 Do not chmod files in the cache. The module creates things with minimal
187 discarding objects from the cache that have been used less recently than
188 anything else. Culling is based on the access time of data objects. Empty
191 Cache culling is done on the basis of the percentage of blocks and the
192 percentage of files available in the underlying filesystem. There are six
198 If the amount of free space and the number of available files in the cache
204 If the amount of available space or the number of available files in the
210 If the amount of available space or the number of available files in the
221 _not_ appear as 100 minus the percentage displayed by the "df" program.
223 The userspace daemon scans the cache to build up a table of cullable objects.
224 These are then culled in least recently used order. A new scan of the cache is
225 started as soon as space is made in the table. Objects will be skipped if
226 their atimes have changed or if the kernel module says it is still using them.
233 The CacheFiles module will create two directories in the directory it was
240 The active cache objects all reside in the first directory. The CacheFiles
242 to the graveyard from which the daemon will actually delete them.
244 The daemon uses dnotify to monitor the graveyard directory, and will delete
248 The module represents index objects as directories with the filename "I..." or
249 "J...". Note that the "cache/" directory is itself a special index.
253 directory, data objects will have a file in the directory called "data" that
254 actually holds the data.
261 Immediately in the representative directory are a collection of directories
262 named for hash values of the child object keys with an '@' prepended. Into
263 this directory, if possible, will be placed the representations of the child
274 If the key is so long that it exceeds NAME_MAX with the decorations added on to
275 it, then it will be cut into pieces, the first few of which will be used to
276 make a nest of directories, and the last one of which will be the objects
277 inside the last directory. The names of the intermediate directories will have
289 object filenames indicate the encoding:
300 Each object in the cache has an extended attribute label that holds the object
301 type ID (required to distinguish special objects) and the auxiliary data from
302 the netfs. The latter is used to detect stale objects in the cache and update
306 Note that CacheFiles will erase from the cache any file it doesn't recognise or
314 CacheFiles is implemented to deal properly with the LSM security features of
315 the Linux kernel and the SELinux facility.
317 One of the problems that CacheFiles faces is that it is generally acting on
319 security context that is not appropriate for accessing the cache - either
320 because the files in the cache are inaccessible to that process, or because if
321 the process creates a file in the cache, that file may be inaccessible to other
324 The way CacheFiles works is to temporarily change the security context (fsuid,
325 fsgid and actor security label) that the process acts as - without changing the
326 security context of the process when it the target of an operation performed by
330 When the CacheFiles module is asked to bind to its cache, it:
332 (1) Finds the security label attached to the root cache directory and uses
333 that as the security label with which it will create files. By default,
338 (2) Finds the security label of the process which issued the bind request
339 (presumed to be the cachefilesd daemon), which by default will be:
343 and asks LSM to supply a security ID as which it should act given the
348 SELinux transitions the daemon's security ID to the module's security ID
349 based on a rule of this form in the policy.
359 and directories in the cache, to find and access directories and files in the
361 write files in the cache.
365 not read or write files in the cache, and so it is precluded from accessing the
366 data cached therein; nor is it permitted to create new files in the cache.
373 and later versions. In that tarball, see the files:
379 They are built and installed directly by the RPM.
381 If a non-RPM based system is being used, then copy the above files to their own
387 You will need checkpolicy and selinux-policy-devel installed prior to the
391 By default, the cache is located in /var/fscache, but if it is desirable that
392 it should be elsewhere, than either the above policy files must be altered, or
393 an auxiliary policy must be installed to label the alternate location of the
396 For instructions on how to add an auxiliary policy to enable the cache to be
401 When the cachefilesd rpm is installed; alternatively, the document can be found
402 in the sources.
409 CacheFiles makes use of the split security in the task_struct. It allocates
414 bypassing security and calling inode ops directly. Therefore the VFS and LSM
415 may deny the CacheFiles access to the cache data because under some
416 circumstances the caching code is running in the security context of whatever
417 process issued the original syscall on the netfs.
419 Furthermore, should CacheFiles create a file or directory, the security
421 derived from that process that issued the system call, thus potentially
422 preventing other processes from accessing the cache - including CacheFiles's
425 What is required is to temporarily override the security of the process that
426 issued the system call. We can't, however, just do an in-place change of the
427 security data as that affects the process as an object, not just as a subject.
429 the process looks like in /proc.
431 So CacheFiles makes use of a logical split in the security between the
432 objective security (task->real_cred) and the subjective security (task->cred).
433 The objective security holds the intrinsic security properties of a process and
435 process is the target of an operation by some other process (SIGKILL for
438 The subjective security holds the active security properties of a process, and
452 If FS-Cache is compiled with the following option enabled:
464 This shows the breakdown of the number of times each amount of time
470 LOOKUPS Length of time to perform a lookup on the backing fs
471 MKDIRS Length of time to perform a mkdir on the backing fs
472 CREATES Length of time to perform a create on the backing fs
474 Each row shows the number of events that took a particular range of times.
475 Each step is 1 jiffy in size. The JIFS column indicates the particular
476 jiffy range covered, and the SECS field the equivalent number of seconds.
483 If CONFIG_CACHEFILES_DEBUG is enabled, the CacheFiles facility can have runtime
484 debugging enabled by adjusting the value in:
496 The appropriate set of values should be OR'd together and the result written to
497 the control file. For example: