>From fs/nfsd/acl.h
/*
* Maximum ACL we'll accept from a client; chosen (somewhat
* arbitrarily) so that kmalloc'ing the ACL shouldn't require a
* high-order allocation. This allows 204 ACEs on x86_64:
*/
#define NFS4_ACL_MAX ((PAGE_SIZE - sizeof(struct nfs4_acl)) \
/ sizeof(struct nfs4_ace))
I don't know how Bruce feels about increasing that limit. Perhaps he'd
be opened to a patch that increases that.
On Mon, Aug 26, 2019 at 2:30 PM de Vandiere, Louis
<louis.devandiere@xxxxxxxx> wrote:
>
> Thanks Niels, I tried your suggestion. According to the documentation (https://linux.die.net/man/8/mkfs.xfs), the maximum size for the inode is 2048 byte. So I set it to this value, and faced the exact same limitation. On the other hand, when I used setfacl -m on the XFS mounted disk, I did not face any limitation and I was able to set thousands of ACLs on a single file.
>
> When I do a strace, I see two different types of ACL used when the system calls setxattr: system.posix_acl_default and system.nfsv4_acl. I tried to look for hardcoded limits associated with system.nfsv4_acl but I don't have much experience with C and linux kernel.
>
> Thank you for your help.
> Best,
> Louis de Vandière
>
> -----Original Message-----
> From: Niels de Vos <ndevos@xxxxxxxxxx>
> Sent: Monday, August 26, 2019 11:46 AM
> To: de Vandiere, Louis <louis.devandiere@xxxxxxxx>
> Cc: linux-nfs@xxxxxxxxxxxxxxx
> Subject: Re: Maximum Number of ACL on NFSv4
>
> On Mon, Aug 26, 2019 at 02:53:05PM +0000, de Vandiere, Louis wrote:
> > Yes, I assume it's not very frequent to have hundreds of NFSv4 ACLs. For compliance and organizational issue, we cannot use groups efficiently to manage access to the shares, so it's user-based and case by case.
> >
> > My real goal is to be able to replicate some files to a new NFSv4 server while preserving the ACLs. By using "cp -R --preserve=all acl-folder/", I'm able to preserve the ACLs when their number does not exceed 200, above it, I see the "File too large" error while rsync does not work at all (even in version 3.1.3). That's why I'm digging into this and checking what possibly could go wrong.
>
> You might be hitting a limit in the filesystem on the NFS server. The ACLs are stored in extended attributes. Depending on the filesystem, you may be able to configure larger inode sizes (or other storage for xattrs). With XFS this can be done with 'mkfs -t xfs -i size=.. ...',
>
> HTH,
> Niels
>
>
> >
> > Thank you.
> > Best,
> > Louis de Vandière
> >
> >
> > -----Original Message-----
> > From: Goetz, Patrick G <pgoetz@xxxxxxxxxxxxxxx>
> > Sent: Monday, August 26, 2019 8:44 AM
> > To: de Vandiere, Louis <louis.devandiere@xxxxxxxx>;
> > linux-nfs@xxxxxxxxxxxxxxx
> > Subject: Re: Maximum Number of ACL on NFSv4
> >
> > I'm dying to know what the use case is for this, and why you can't just do this with group permissions (unless you're talking about hundreds of group ACLs).
> >
> > On 8/23/19 5:31 PM, de Vandiere, Louis wrote:
> > > Hi,
> > >
> > > I'm currently trying to apply hundreds of ACLs on file hosted on a NFSv4 server (nfs-utils-1.3.0-0.61.el7.x86_64 and nfs4-acl-tools.0.3.3-19.el7.x86_64). It appears that the limit I can apply is 207. After the limit is reached, the command "nfs4_setfacl -a" returned the error "Failed setxattr operation: File too large". The same problem happens if I use an ACL with more than 200 line in it. I did a little debugging session but I was not able to come up with an explanation on why I'm facing such an issue.
> > >
> > > On the other hand, I can apply hundreds of ACLs on XFS without issue. Do you know if it could be a bug with the nfs4-acl-tools package?
> > > Thank you for your support.
> > > Best,
> > > Louis de Vandière
> > >>> This message is from an external sender. Learn more about why this <<
> > >>> matters at https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinks.utexas.edu%2Frtyclf&data=02%7C01%7Clouis.devandiere%40atos.net%7Ce3e196698745444ba59208d72a44ed69%7C33440fc6b7c7412cbb730e70b0198d5a%7C0%7C0%7C637024347858295832&sdata=peZa9vHRp77QbOX2yTj204oWk8iCO%2FxNbSMzkylf38M%3D&reserved=0. <<
> > >
