I'm currently working on getting the native NFSv4 based ZFS ACL working
in the zfs on linux port. As there isn't currently a kernel interface
for this type of ACL, I'm using the same system.nfs4_acl extended
attribute to interface touser space as the NFS client, and the
nfs4-acl-tools implementation to manage them.
I ran into an issue which I traced down to a discrepancy between the
definitions for the flags between ZFS and the nfs4-acl-tools package:
From zfs/acl.h:
#define ACE_INHERITED_ACE 0x0080
#define ACE_OWNER 0x1000
#define ACE_GROUP 0x2000
#define ACE_EVERYONE 0x4000
From nfs4-acl-tools:
#define NFS4_ACE_OWNER 0x00000080
#define NFS4_ACE_GROUP 0x00000100
#define NFS4_ACE_EVERYONE 0x00000200
Does anyone know why these are different? I couldn't find these defined
in the NFSv4 RFC, so I'm not sure where either side got the specific
values they are using. For now, I am mapping between the values as I go
between the zfs internals and the extended attribute values. However,
that is not ideal, particularly as it prevents passing the inherited ace
flag given the value conflicts between the two.