From: "Paul B. Henson" <henson@acm.org>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: nfs4-acl-tools 0.3.5
Date: Thu, 23 Aug 2018 17:50:22 -0700 [thread overview]
Message-ID: <584be3e5-f4d1-3082-5e2c-1a4a74248f22@acm.org> (raw)
In-Reply-To: <20180823205703.GH32415@fieldses.org>
On 8/23/2018 1:57 PM, J. Bruce Fields wrote:
> Honestly the system.nfs4_acl extended attribute interface, which
> just exposes the raw xdr of the ACL to userspace, is kind of a
> kludge. It could be made to work for other filesystems but I was
> hoping that other filesystems would adopt something designed for them
> from scratch (like richacls).
I agree; but it's what I have to work with :). And from a pragmatic
perspective I'd rather have something that works even if not perfect
than perfect vaporware I can't use ;). If something like richacls comes
along at some point in the future it should be possible to migrate to it.
> That said, there *is* already an in-kernel filesystem that supports
> system.nfs4_acl: knfsd does actually allow limited re-export of NFS.
> So knfsd code that used system.nfs4_acl when available might actually
> have some use, I don't really know. I'm a little skeptical of the
> idea, to be honest.
Hmm, the door is open a crack :). When I get a chance to put something
together I'll be back…
From a design perspective, would you want this to just take the
verbatim xdr encoded acl from the file system and shove it over the
wire, or would you want the NFS server to decode the acl received from
the extended attribute, process or sanity check as necessary, and then
re-encode it to send over the wire? The same I guess for ones received
over the network, pass as is to fs xattr call or decode/re-encode.
Thanks…
next prev parent reply other threads:[~2018-08-24 4:22 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-07 19:37 nfs4-acl-tools 0.3.4 J. Bruce Fields
2018-08-21 16:51 ` nfs4-acl-tools 0.3.5 J. Bruce Fields
2018-08-21 23:44 ` Paul B. Henson
2018-08-22 0:33 ` J. Bruce Fields
2018-08-22 1:18 ` Paul B. Henson
2018-08-22 15:12 ` J. Bruce Fields
2018-08-22 19:28 ` Paul B. Henson
2018-08-22 19:46 ` J. Bruce Fields
2018-08-23 1:11 ` Paul B. Henson
2018-08-23 14:38 ` J. Bruce Fields
2018-08-23 19:41 ` Paul B. Henson
2018-08-24 5:51 ` Christoph Hellwig
2018-08-23 19:41 ` Paul B. Henson
2018-08-23 20:57 ` J. Bruce Fields
2018-08-24 0:50 ` Paul B. Henson [this message]
2018-08-24 15:26 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=584be3e5-f4d1-3082-5e2c-1a4a74248f22@acm.org \
--to=henson@acm.org \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.