On Thu, 2018-05-31 at 16:53 -0500, Goldwyn Rodrigues wrote:
>
> On 05/31/2018 08:30 AM, Miklos Szeredi wrote:
> > On Thu, May 31, 2018 at 3:10 PM, Trond Myklebust
> > <trondmy@xxxxxxxxxxxxxxx> wrote:
> > > >
> > > > I understand. Ignoring nfs4_acl in overlayfs will have the
> > > > same
> > > > result as adding noacl to the underlying NFS mount.
>
> Adding noacl in NFS client mount has no affect to nfs4_acl. Only if
> you
> add noacl in the underlying filesystem of exported directory in the
> server does the nfs4_acl go away.
That would also be specific to Linux servers.
So if that is your final decision, then why not just state in the
overlayfs manpage that
"Our security model assumes that you are using a NFSv3-only Linux knfsd
based server that has mounted the filesystem with the 'noacl' option,
that exports the filesystem with sec=sys only, has disabled server side
identity squashing and has disabled the --manage-gids mountd option"?
At least that would be honest...
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@xxxxxxxxxxxxxxx
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
