Re: [RFC v3 2/2] fuse: Add posix acl support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Aug 6, 2016 at 3:52 AM, Seth Forshee <seth.forshee@xxxxxxxxxxxxx> wrote:
> On Fri, Aug 05, 2016 at 06:07:44PM -0500, Eric W. Biederman wrote:
> What I'm not convinced of is that the userspace visible changes in
> behavior won't break someone's software, even if they aren't really
> getting acl enforcement.

That's a key point.  Backward compatibility is important, and not even
hard to do because fuse can negotiate supported features with the
userspace filesystem.

So we can have a new FUSE_POSIX_ACL feature flag in INIT, sent if
"default_permissions" is on.

If not set in INIT reply just pass all xattrs through to the
filesystem.  Caching should not be done. Don't think about whether
it's logical or not, or if anyone could use it for anything sane.
Just do what we are doing currently.  Translating uids still makes
sense, but that's another story.

If the flag is set in INIT reply, then that means userspace filesystem
wants handling of posix acl permission checking in kernel.  It would
also mean that caching of posix acl are allowed (lifetime linked to
attribute lifetime).

If filesystem wants to explicitly disable posix acl support, then it
can reply EOPNOTSUPP to getxattr and setxattr on "system.posix_acl_*".
  Alternatively we can add a FUSE_NO_POSIX_ACL feature flag, that
filesystem can return in reply to FUSE_POSIX_ACL.

I agree that adding CONFIG_FUSE_FS_POSIX_ACL is probably not worth it,
just make any such code dependent on CONFIG_FS_POSIX_ACL.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux