From: Andreas Gruenbacher <agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Austin S Hemmelgarn <ahferroin7-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Alexander Viro
<viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
"Theodore Ts'o" <tytso-3s7WtUTddSA@public.gmane.org>,
Andreas Dilger
<adilger.kernel-m1MBpc4rdrD3fQ9qLvQP4Q@public.gmane.org>,
"J. Bruce Fields"
<bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>,
Jeff Layton <jlayton-vpEMnDpepFuMZCB2o+C8xQ@public.gmane.org>,
Trond Myklebust
<trond.myklebust-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org>,
Anna Schumaker
<anna.schumaker-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>,
Dave Chinner <david-FqsqvQoI3Ljby3iVrkZq2A@public.gmane.org>,
linux-ext4 <linux-ext4-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
xfs-VZNHf3L845pBDgjK7y7TUQ@public.gmane.org,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-fsdevel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux NFS Mailing List
<linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"Aneesh Kumar K.V"
<aneesh.kumar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Subject: Re: [PATCH v11 21/48] ext4: Add richacl feature flag
Date: Mon, 19 Oct 2015 22:20:43 +0200 [thread overview]
Message-ID: <CAHc6FU4jcatmY+A39oQb-2x9Gs8WFVsXOD_9eBV=_fgNzZx3Xg@mail.gmail.com> (raw)
In-Reply-To: <56253A35.4070309-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
On Mon, Oct 19, 2015 at 8:45 PM, Austin S Hemmelgarn
<ahferroin7-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> On 2015-10-19 13:33, Andreas Gruenbacher wrote:
>> Please spare me with all that nonsense. Compared to mount options,
>> filesystem feature flags in this case simplify things (you don't have
>> to specify whether a filesystem contains POSIX ACLs or richacls), and
>> they prevent administrator errors: when a filesystem mounts, it is
>> safe to use; when it doesn't, it is not. That's all there is to it.
>
> You're ignoring what I'm actually saying. I've said absolutely nothing
> about needing to use mount options at all, and I'm not arguing against using
> filesystem feature flags, I'm arguing for using them sensibly in a way that
> does not present a false sense of security.
We could be on a multi-user system, and the user mounting the
filesystem may not be the only user on the system. When a filesystem
can be mounted read-only, it should be safe to use read-only. It is
not safe in general to use such a filesystem read-only, so an
incompatible feature flag which prevents such unsafe mounting is more
approporiate than a read-only incompatible feature flag.
Mounting a filesystem read-only doesn't mean that the filesystem is
being recovered, it is perfectly legal to mount a filesystem read-only
for other reasons. I don't want to give people using read-only
filesystems the false sense that everything is okay.
> Making it an incompatible flag will likely cause headaches for some
> legitimate users,
Indeed. It will also make it less likely for users to accidentally
shoot themselves in the foot. If someone knows better, they can clear
the feature flag.
When recovering a broken system that contains richacl filesystems, you
really want to have richacl support in the rescue system as well.
Otherwise, you won't be able to fsck those filesystems.
> and at most delay competent hackers by a few seconds to a
> few minutes, and script kiddies by a few hours, and is really no better than
> security by obscurity (and from a purely logistical standpoint, that's _all_
> it is) in that it actively tries to hide the fact that someone having read
> access to the storage the filesystem is on can bypass the ACL's.
>
> To reiterate, if someone can call mount() on a filesystem, and mount() does
> not return -EPERM, then even if mount() returns a different error, they
> still have the ability to completely bypass all permissions and ACL's in
> that filesystem, because they have the ability to read the entire filesystem
> directly.
>
> The _only_ way to properly protect against people bypassing the ACL's is to
> use full disk encryption and lock down root access on the system, and even
> that can't completely prevent it from happening.
That's all completely beside the point. I'm not talking about
preventing attacks at all, just basic administrative workflows.
Andreas
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <agruenba@redhat.com>
To: Austin S Hemmelgarn <ahferroin7@gmail.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Andreas Dilger <adilger.kernel@dilger.ca>,
"J. Bruce Fields" <bfields@fieldses.org>,
Jeff Layton <jlayton@poochiereds.net>,
Trond Myklebust <trond.myklebust@primarydata.com>,
Anna Schumaker <anna.schumaker@netapp.com>,
Dave Chinner <david@fromorbit.com>,
linux-ext4 <linux-ext4@vger.kernel.org>,
xfs@oss.sgi.com, LKML <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
linux-cifs@vger.kernel.org, Linux API <linux-api@vger.kernel.org>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Subject: Re: [PATCH v11 21/48] ext4: Add richacl feature flag
Date: Mon, 19 Oct 2015 22:20:43 +0200 [thread overview]
Message-ID: <CAHc6FU4jcatmY+A39oQb-2x9Gs8WFVsXOD_9eBV=_fgNzZx3Xg@mail.gmail.com> (raw)
In-Reply-To: <56253A35.4070309@gmail.com>
On Mon, Oct 19, 2015 at 8:45 PM, Austin S Hemmelgarn
<ahferroin7@gmail.com> wrote:
> On 2015-10-19 13:33, Andreas Gruenbacher wrote:
>> Please spare me with all that nonsense. Compared to mount options,
>> filesystem feature flags in this case simplify things (you don't have
>> to specify whether a filesystem contains POSIX ACLs or richacls), and
>> they prevent administrator errors: when a filesystem mounts, it is
>> safe to use; when it doesn't, it is not. That's all there is to it.
>
> You're ignoring what I'm actually saying. I've said absolutely nothing
> about needing to use mount options at all, and I'm not arguing against using
> filesystem feature flags, I'm arguing for using them sensibly in a way that
> does not present a false sense of security.
We could be on a multi-user system, and the user mounting the
filesystem may not be the only user on the system. When a filesystem
can be mounted read-only, it should be safe to use read-only. It is
not safe in general to use such a filesystem read-only, so an
incompatible feature flag which prevents such unsafe mounting is more
approporiate than a read-only incompatible feature flag.
Mounting a filesystem read-only doesn't mean that the filesystem is
being recovered, it is perfectly legal to mount a filesystem read-only
for other reasons. I don't want to give people using read-only
filesystems the false sense that everything is okay.
> Making it an incompatible flag will likely cause headaches for some
> legitimate users,
Indeed. It will also make it less likely for users to accidentally
shoot themselves in the foot. If someone knows better, they can clear
the feature flag.
When recovering a broken system that contains richacl filesystems, you
really want to have richacl support in the rescue system as well.
Otherwise, you won't be able to fsck those filesystems.
> and at most delay competent hackers by a few seconds to a
> few minutes, and script kiddies by a few hours, and is really no better than
> security by obscurity (and from a purely logistical standpoint, that's _all_
> it is) in that it actively tries to hide the fact that someone having read
> access to the storage the filesystem is on can bypass the ACL's.
>
> To reiterate, if someone can call mount() on a filesystem, and mount() does
> not return -EPERM, then even if mount() returns a different error, they
> still have the ability to completely bypass all permissions and ACL's in
> that filesystem, because they have the ability to read the entire filesystem
> directly.
>
> The _only_ way to properly protect against people bypassing the ACL's is to
> use full disk encryption and lock down root access on the system, and even
> that can't completely prevent it from happening.
That's all completely beside the point. I'm not talking about
preventing attacks at all, just basic administrative workflows.
Andreas
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <agruenba@redhat.com>
To: Austin S Hemmelgarn <ahferroin7@gmail.com>
Cc: linux-cifs@vger.kernel.org,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
Theodore Ts'o <tytso@mit.edu>,
Linux API <linux-api@vger.kernel.org>,
Trond Myklebust <trond.myklebust@primarydata.com>,
LKML <linux-kernel@vger.kernel.org>,
xfs@oss.sgi.com, "J. Bruce Fields" <bfields@fieldses.org>,
Andreas Dilger <adilger.kernel@dilger.ca>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Jeff Layton <jlayton@poochiereds.net>,
linux-ext4 <linux-ext4@vger.kernel.org>,
Anna Schumaker <anna.schumaker@netapp.com>,
"Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Subject: Re: [PATCH v11 21/48] ext4: Add richacl feature flag
Date: Mon, 19 Oct 2015 22:20:43 +0200 [thread overview]
Message-ID: <CAHc6FU4jcatmY+A39oQb-2x9Gs8WFVsXOD_9eBV=_fgNzZx3Xg@mail.gmail.com> (raw)
In-Reply-To: <56253A35.4070309@gmail.com>
On Mon, Oct 19, 2015 at 8:45 PM, Austin S Hemmelgarn
<ahferroin7@gmail.com> wrote:
> On 2015-10-19 13:33, Andreas Gruenbacher wrote:
>> Please spare me with all that nonsense. Compared to mount options,
>> filesystem feature flags in this case simplify things (you don't have
>> to specify whether a filesystem contains POSIX ACLs or richacls), and
>> they prevent administrator errors: when a filesystem mounts, it is
>> safe to use; when it doesn't, it is not. That's all there is to it.
>
> You're ignoring what I'm actually saying. I've said absolutely nothing
> about needing to use mount options at all, and I'm not arguing against using
> filesystem feature flags, I'm arguing for using them sensibly in a way that
> does not present a false sense of security.
We could be on a multi-user system, and the user mounting the
filesystem may not be the only user on the system. When a filesystem
can be mounted read-only, it should be safe to use read-only. It is
not safe in general to use such a filesystem read-only, so an
incompatible feature flag which prevents such unsafe mounting is more
approporiate than a read-only incompatible feature flag.
Mounting a filesystem read-only doesn't mean that the filesystem is
being recovered, it is perfectly legal to mount a filesystem read-only
for other reasons. I don't want to give people using read-only
filesystems the false sense that everything is okay.
> Making it an incompatible flag will likely cause headaches for some
> legitimate users,
Indeed. It will also make it less likely for users to accidentally
shoot themselves in the foot. If someone knows better, they can clear
the feature flag.
When recovering a broken system that contains richacl filesystems, you
really want to have richacl support in the rescue system as well.
Otherwise, you won't be able to fsck those filesystems.
> and at most delay competent hackers by a few seconds to a
> few minutes, and script kiddies by a few hours, and is really no better than
> security by obscurity (and from a purely logistical standpoint, that's _all_
> it is) in that it actively tries to hide the fact that someone having read
> access to the storage the filesystem is on can bypass the ACL's.
>
> To reiterate, if someone can call mount() on a filesystem, and mount() does
> not return -EPERM, then even if mount() returns a different error, they
> still have the ability to completely bypass all permissions and ACL's in
> that filesystem, because they have the ability to read the entire filesystem
> directly.
>
> The _only_ way to properly protect against people bypassing the ACL's is to
> use full disk encryption and lock down root access on the system, and even
> that can't completely prevent it from happening.
That's all completely beside the point. I'm not talking about
preventing attacks at all, just basic administrative workflows.
Andreas
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2015-10-19 20:20 UTC|newest]
Thread overview: 146+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-16 15:17 [PATCH v11 00/48] Richacls Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 01/48] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 02/48] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 03/48] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 04/48] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 05/48] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 06/48] richacl: In-memory representation and helper functions Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 07/48] richacl: Permission mapping functions Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 08/48] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 09/48] richacl: Permission check algorithm Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 10/48] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 11/48] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 12/48] vfs: Cache richacl in struct inode Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 14/48] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 15/48] richacl: Create-time inheritance Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 16/48] richacl: Automatic Inheritance Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 16:00 ` Andy Lutomirski
2015-10-16 16:00 ` Andy Lutomirski
[not found] ` <CALCETrXFkB01tk21FuEOqABHWg1XyOQwsT+s=Lq0RYye6X_7xw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-10-16 16:13 ` Andreas Gruenbacher
2015-10-16 16:13 ` Andreas Gruenbacher
2015-10-16 16:13 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 17/48] richacl: xattr mapping functions Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 19/48] vfs: Add richacl permission checking Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 20/48] ext4: Add richacl support Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 22/48] xfs: Fix error path in xfs_get_acl Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 23/48] xfs: Make xfs_set_mode non-static Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 24/48] xfs: Add richacl support Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 25/48] richacl: acl editing helper functions Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 26/48] richacl: Move everyone@ aces down the acl Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 28/48] richacl: Set the owner permissions to the owner mask Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 29/48] richacl: Set the other permissions to the other mask Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 30/48] richacl: Isolate the owner and group classes Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 31/48] richacl: Apply the file masks to a richacl Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 32/48] richacl: Create richacl from mode values Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 34/48] nfsd: Use richacls as internal acl representation Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 36/48] nfsd: Add support for the v4.1 dacl attribute Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 37/48] nfsd: Add support for the MAY_CREATE_{FILE,DIR} permissions Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 37/48] nfsd: Add support for the MAY_CREATE_{FILE, DIR} permissions Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 38/48] richacl: Add support for unmapped identifiers Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 39/48] nfsd: Add support for unmapped richace identifiers Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 40/48] ext4: Don't allow unmapped identifiers in richacls Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 41/48] xfs: " Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 42/48] sunrpc: Allow to demand-allocate pages to encode into Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 43/48] sunrpc: Add xdr_init_encode_pages Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 44/48] nfs: Fix GETATTR bitmap verification Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 45/48] nfs: Remove unused xdr page offsets in getacl/setacl arguments Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 46/48] nfs: Distinguish missing users and groups from nobody Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 47/48] nfs: Add richacl support Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
[not found] ` <1445008706-15115-1-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-10-16 15:17 ` [PATCH v11 13/48] richacl: Update the file masks in chmod() Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 18/48] richacl: Add richacl xattr handler Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` [PATCH v11 21/48] ext4: Add richacl feature flag Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
2015-10-16 15:17 ` Andreas Gruenbacher
[not found] ` <1445008706-15115-22-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-10-16 17:31 ` Austin S Hemmelgarn
2015-10-16 17:31 ` Austin S Hemmelgarn
2015-10-16 17:31 ` Austin S Hemmelgarn
2015-10-16 17:41 ` Andreas Gruenbacher
2015-10-16 17:41 ` Andreas Gruenbacher
[not found] ` <CAHc6FU7sR2zN-K3un74wCv+1NPnrqJ=LYiWo+YQ_2X0kopyoTQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-10-16 18:27 ` Austin S Hemmelgarn
2015-10-16 18:27 ` Austin S Hemmelgarn
2015-10-16 18:27 ` Austin S Hemmelgarn
[not found] ` <562141AD.60302-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-10-17 23:17 ` Dave Chinner
2015-10-17 23:17 ` Dave Chinner
2015-10-17 23:17 ` Dave Chinner
2015-10-19 13:12 ` Austin S Hemmelgarn
2015-10-19 13:12 ` Austin S Hemmelgarn
2015-10-19 13:12 ` Austin S Hemmelgarn
2015-10-19 13:16 ` Austin S Hemmelgarn
2015-10-19 13:16 ` Austin S Hemmelgarn
2015-10-19 13:16 ` Austin S Hemmelgarn
[not found] ` <5624ED40.7040206-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-10-19 15:34 ` Andreas Gruenbacher
2015-10-19 15:34 ` Andreas Gruenbacher
2015-10-19 15:34 ` Andreas Gruenbacher
2015-10-19 16:19 ` Austin S Hemmelgarn
2015-10-19 16:19 ` Austin S Hemmelgarn
2015-10-19 16:19 ` Austin S Hemmelgarn
[not found] ` <5625182C.3050007-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-10-19 16:39 ` Andreas Dilger
2015-10-19 16:39 ` Andreas Dilger
2015-10-19 16:39 ` Andreas Dilger
2015-10-19 17:33 ` Andreas Gruenbacher
2015-10-19 17:33 ` Andreas Gruenbacher
[not found] ` <CAHc6FU75GXGeav1ho-QraPS_F8fpOXnoDyv17+b=koiF=9YE5A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-10-19 18:45 ` Austin S Hemmelgarn
2015-10-19 18:45 ` Austin S Hemmelgarn
2015-10-19 18:45 ` Austin S Hemmelgarn
[not found] ` <56253A35.4070309-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-10-19 20:20 ` Andreas Gruenbacher [this message]
2015-10-19 20:20 ` Andreas Gruenbacher
2015-10-19 20:20 ` Andreas Gruenbacher
2015-10-20 12:33 ` Austin S Hemmelgarn
2015-10-20 12:33 ` Austin S Hemmelgarn
2015-10-16 15:18 ` [PATCH v11 27/48] richacl: Propagate everyone@ permissions to other aces Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 33/48] nfsd: Keep list of acls to dispose of in compoundargs Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 35/48] nfsd: Add richacl support Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` [PATCH v11 48/48] nfs: Add support for the v4.1 dacl attribute Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
2015-10-16 15:18 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHc6FU4jcatmY+A39oQb-2x9Gs8WFVsXOD_9eBV=_fgNzZx3Xg@mail.gmail.com' \
--to=agruenba-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=adilger.kernel-m1MBpc4rdrD3fQ9qLvQP4Q@public.gmane.org \
--cc=ahferroin7-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=aneesh.kumar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=anna.schumaker-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org \
--cc=bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org \
--cc=david-FqsqvQoI3Ljby3iVrkZq2A@public.gmane.org \
--cc=jlayton-vpEMnDpepFuMZCB2o+C8xQ@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-ext4-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=trond.myklebust-7I+n7zu2hftEKMMhf/gKZA@public.gmane.org \
--cc=tytso-3s7WtUTddSA@public.gmane.org \
--cc=viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org \
--cc=xfs-VZNHf3L845pBDgjK7y7TUQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.