Hi all, We are running into performance bottlenecks in our FUSE system due to the fact that we get GetXAttr lookups for "security.capabilities" for every individual write. Even when writeback caching is enabled, the kernel still sends FUSE this GetXAttr request for every individual write. I found this thread from 2009 that discussed the exact same issue: https://fuse-devel.narkive.com/ZkJ00Lfr/fuse-linux-filesystem-capabilities It seems that the only options are the time were either: 1. Return ENOSYS to disable all extended attributes for the filesystem 2. Disable CONFIG_SECURITY_FILE_CAPABILITIES (which no longer seems to be an option?) We can't make use of ENOSYS because we do actually need to support some other extended attributes. Questions: 1. Does anyone know if there is more recent discussion or any other way to prevent these GetXAttr calls for every write? 2. Would we still see these GetXAttr calls even if we used the new "passthrough" fuse option? I guess one option is to submit a patch to the fuse kernel that allows filesystems to specify that they do not support this security feature, so the fuse kernel can always short circuit security.capability lookups. Does this sound like a reasonable change? I also asked in the fuse-devel mailing list but was advised to ask here as well. Best, Scott
