On Fri, Jul 01, 2016 at 12:29:24PM -0700, Nikolaus Rath wrote: > On Jun 29 2016, Seth Forshee <seth.forshee@xxxxxxxxxxxxx> wrote: > > Eric and I are working towards adding support for fuse mounts in > > non-init user namespaces. Towards that end we'd like to add ACL support > > to fuse as this will allow for a cleaner implementation overall. Below > > is an initial patch to support this. I'd like to get some general > > feedback on this patch and ask a couple of specific questions. > > > > There are some indications that fuse supports ACLs on the userspace side > > when default_permissions is not used (though I'm not seeing how that > > works). Will these changes conflict with that support, and if how do we > > avoid those conflicts? > > > I think as long as the kernel interprets ACLs only if default_permission > is used, you should be fine. With !default_permission fuse never calls generic_permission so the kernel won't enforce the acls regardless. For the purpose of user namespace mounts it's still useful if the kernel intercepts them so that the posix acl layer can do the uid/gid translation before passing it to the filesystem. The xattrs still get sent on to the filesystem, however cached acls if present would be used to satisfy reads of the acl xatts. Thanks, Seth -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
