On Tue, Sep 06, 2022 at 10:07:44AM +0200, Christian Brauner wrote:
> I've tried switching all filesystem to simply rely on
> i_op->{g,s}et_acl() but this doesn't work for at least 9p and cifs
> because they need access to the dentry. cifs hasn't even implemented
> i_op->get_acl() and I don't think they can because of the lack of a
> dentry argument.
>
> The problem is not just that i_op->{g,s}et_acl() don't take a dentry
> argument it's in principle also super annoying to pass it to them
> because i_op->get_acl() is used to retrieve POSIX ACLs during permission
> checking and thus is called from generic_permission() and thus
> inode_permission() and I don't think we want or even can pass down a
> dentry everywhere for those. So I stopped short of finishing this
> implementation because of that.
>
> So in order to make this work for cifs and 9p we would probably need a
> new i_op method that is separate from the i_op->get_acl() one used in
> the acl_permission_check() and friends...
Even if we can't use the existing methods, I think adding new
set_denstry_acl/get_dentry_acl (or whatever we name them) methods is
still better than doing this overload of the xattr methods
(just like the uapi overload instead of separate syscalls, but we
can't fix that).
