Re: [RFC v3 0/2] Support for posix acls in fuse

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Aug 08 2016, ebiederm@xxxxxxxxxxxx (Eric W. Biederman) wrote:
> Nikolaus Rath <Nikolaus@xxxxxxxx> writes:
>
>> On Aug 01 2016, Seth Forshee <seth.forshee@xxxxxxxxxxxxx> wrote:
>>>  - Remove passthrough of acl xattrs when fuse acl support is disabled or
>>>    default_permissions is not used.
>>>
>>> This last change is user visible, but as fuse filesystems cannot
>>> meaninfully support acls today it's not really a regression.
>>
>> Are you sure about that? I believe there are FUSE file systems out there
>> that are parsing/constructing the kernel's xattr representation and
>> (together with no_default_permissions) support ACLs. Or is there another
>> problem?
>
> fuse_permission does not have a mode where it always call into the
> filesystem.  Without FUSE_DEFAULT_PERMISSIONS set the underlying
> filesystem is at most called when the syscalls chdir, access, and
> execve are called. (Basically

...plus on open, create, write, read, setattr, etc. On each of these
calls, the userspace fs is free to do an ACL check first and return an
error if access should not be granted.

So I think the only permission that cannot be enforced is execute. That
is a bug, but I wouldn't go as far as saying that what's left isn't a
meaningful feature that can just be removed entirely.

> That said I we seem to have figured out an implmenetation where
> passthrough is maintained for the time being when posix acl support is
> not enabled.  And Miklos figures libfuse needs to parse the the xattr
> anyway so that the filesystems can have atomic mode changes instead of
> having two separate calls, one to setattr and another to setxattr.
>
> So I don't believe when the dust settles there is any danger of
> regression, despite the code not yet working in a way that enforces
> acls.

I agree with this though. I was a little behind on emails.

Best,
-Nikolaus


-- 
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux