Hi Al... I've been out of the loop for over a week, I only saw your questions yesterday... I have one small debugfs patch on linux-next I will submit for the merge window today, and will have to go back out of the loop for a few more days (temps will drop, I'm insulating the plumbing on my house). When I was writing and testing 4bef69000d93, as I remember, I used getfacl and setfacl to see that things worked as I expected them to. I looked at my code while thinking about your questions, and they seem like good ones. I have a couple of questions that will help me when I return to this in a few days: >> it used to be possible to do >> orangefs_set_acl(inode, NULL, ACL_TYPE_ACCESS) The way I tested (which maybe misses important stuff?) usually caused posix_acl_xattr_set -> set_posix_acl -> orangefs_set_acl ... Is there a simple userspace command that would send a NULL? When would there be a NULL? >> How is one supposed to remove ACLs there? setfacl -m and setfacl -x both seem to work. I also have a userspace test program I wrote that uses the internal orangefs api (not through the kernel) to manipulate xattrs on orangefs files. Going through the kernel with setfacl and looking at the results with my test program seems as expected (I can make acls come and go). >> Moreover, if you change an existing ACL to something >> that is expressible by pure mode... I don't remember having trouble before, but now when I try to set an acl (on orangefs or ext4) that I think is expressible in pure mode, the mode doesn't change, rather the acl is still set... can you suggest a simple setfacl (or other) example I can use to test? I will get back to this in a few days and work to get the code into a condition that you think is reasonable. Thanks! -Mike On Fri, Jan 31, 2020 at 7:56 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > Prior to 4bef69000d93 (orangefs: react properly to > posix_acl_update_mode's aftermath.) it used to be possible > to do orangefs_set_acl(inode, NULL, ACL_TYPE_ACCESS) - > it would've removed the corresponding xattr and that would > be it. Now it fails with -EINVAL without having done > anything. How is one supposed to remove ACLs there? > > Moreover, if you change an existing ACL to something > that is expressible by pure mode, you end up calling > __orangefs_setattr(), which will call posix_acl_chmod(). > And AFAICS that will happen with *old* ACL still cached, > so you'll get ACL_MASK/ACL_OTHER updated in the old ACL. > > How can that possibly work? Sure, you want to > propagate the updated mode to server - after you've > done the actual update (possibly removal) of ACL-encoding > xattr there...
