On Sat, Oct 24, 2015 at 11:22:55AM -0400, Brian Foster wrote: > On Sat, Oct 24, 2015 at 03:58:04PM +0200, Andreas Gruenbacher wrote: > > On Sat, Oct 24, 2015 at 2:57 PM, Brian Foster <bfoster@xxxxxxxxxx> wrote: > > > On Fri, Oct 23, 2015 at 03:52:54PM +0200, Andreas Gruenbacher wrote: ... > > That won't update the file mode when setting a SGI_ACL_* attribute. > > > > Hmm, perhaps this is not sufficient if the mode has to be updated as > well. I suppose we could try to do that as well in this path, but that > implies verification of the data (already in on-disk format) as well. > There's nothing stopping somebody from doing 'setattr -n > trusted.SGI_FILE_ACCESS -v 0 <file>,' after all. The previous patch > wasn't really intended to address that. > > > > An alternative could be to just disallow setting these xattrs directly. > > > > Probably not because that would cause applications to fail in > > unexpected new ways. > > > > I suppose a backup/restore application might want to set these, but I'm > not aware of any other sane usage given they're in a filesystem specific > format at this point. We'd probably have to take a look at xfsdump, see > how it handles this, then see if there's a clean way to run through > necessary acl bits if we're called via setxattr(). > FWIW, the counter argument to this might be that since these are exposed in filesystem specific format, the bug is that they are exposed in the first place and any backup app that wants to support ACLs should do so using appropriate APIs. That implies we would hide the internal xattrs and disallow setting them directly. I'm not sure what the right answer is tbh (or if the xattr exposure is something more than historical accident). I'd have to think about it a bit. Perhaps Dave or others have some thoughts as well... Brian > Brian > > > Thanks, > > Andreas > > _______________________________________________ > xfs mailing list > xfs@xxxxxxxxxxx > http://oss.sgi.com/mailman/listinfo/xfs _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs