Linux NFSv4 client patch for testing of the POSIX ACL extension

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here is a crude patch for the NFS client that can be used for testing the
POSIX ACL extension to NFSv4.2 described in draft-rmacklem-nfsv4-posix-acls.
It is done against a linux-6.3 kernel, but hopefully can be applied
to newer sources fairly easily.

For now, the patch is here:
https://people.freebsd.org/~rmacklem/linux-posixacl.patch

I am hoping this patch will encourage someone to do testing during
the late Oct. NFSv4 Bakeathon.

Since I am not familiar with the Linux NFS client code, there is a
lot left to clean up before it would be useful for more than testing.
Here's a few items:
- The NFSACL protocol code pre-allocates pages for large ACLs. I do not do that.
  Unlike NFSACL (which puts uids/gids on the wire), the NFSv4 extension
  uses "who" strings, which can be up to 128 bytes (IDMAP_NAMESZ).
  As such, a maximum size POSIX ACL with 1024 ACEs can end up over
  140Kbytes on the wire.
  I currently use xdr_stream_XXX() functions to fill out the encoded xdr,
  which seems to work?
  Thought needs to be put into how to handle large POSIX ACLs.
  - I haven't even tested large ACLs yet.
- When I needed functions that were in nfs3acl.c or in nfs_common/nfsacl.c
  but "static", I just copied them into nfs4proc.c.
  (I think they could go in nfs_common/nfsacl.c as non-static and then
   be used by both nfs3 and nfs4 code, but I wasn't sure what the Linux
   tradition was?)
- There's a bunch of dprintk()s in the code I used for debugging.
  Most of them should go away once the code solidifies.
  (Most start at the left margin of the line.)
  --> I don't know how the trace stuff works.  That needs to be added.
- The GETATTR for the POSIX draft ACLs also acquires the acl_trueform
  attribute.  If that attribute is not set to ACL_MODEL_POSIX_DRAFT,
  a -EOPNOTSUPP is returned.  I think that will make getfacl(1) return
  a POSIX draft ACL based on mode, but I am not sure?
- I probably put stuff in the wrong places for a NFSv4.2 extension?
- There doesn't appear to be any bits left for NFS_CAP_xxx, so I
  just used the NFS_CAP_ACLS one. (There probably should be a separate one,
  but this might work ok?)

This one may only be a configuration problem, but even though I think
I have the uid<->name mapping working, nfs_map_uid_to_name() always
returns the "number in the string".
--> To get setfacl to work, I have to configure my test server to use
    "numbers in strings". (nfs_map_name_to_uid() does seem to work?)

Have fun with it, if you have the chance to look at it, rick
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux