From: Trond Myklebust <trondmy@hammerspace.com> To: "miklos@szeredi.hu" <miklos@szeredi.hu>, "rgoldwyn@suse.de" <rgoldwyn@suse.de> Cc: "bfields@fieldses.org" <bfields@fieldses.org>, "agruenba@redhat.com" <agruenba@redhat.com>, "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>, "linux-unionfs@vger.kernel.org" <linux-unionfs@vger.kernel.org> Subject: Re: nfs4_acl restricts copy_up in overlayfs Date: Fri, 1 Jun 2018 13:16:44 +0000 [thread overview] Message-ID: <828f320cde910a45983d91bddb6477d21c5cae33.camel@hammerspace.com> (raw) In-Reply-To: <c59d0be3-a10b-02c3-8126-3402a6a0eab1@suse.de> On Fri, 2018-06-01 at 06:40 -0500, Goldwyn Rodrigues wrote: > > On 05/31/2018 07:49 PM, Trond Myklebust wrote: > > On Thu, 2018-05-31 at 16:53 -0500, Goldwyn Rodrigues wrote: > > > > > > On 05/31/2018 08:30 AM, Miklos Szeredi wrote: > > > > On Thu, May 31, 2018 at 3:10 PM, Trond Myklebust > > > > <trondmy@hammerspace.com> wrote: > > > > > > > > > > > > I understand. Ignoring nfs4_acl in overlayfs will have the > > > > > > same > > > > > > result as adding noacl to the underlying NFS mount. > > > > > > Adding noacl in NFS client mount has no affect to nfs4_acl. Only > > > if > > > you > > > add noacl in the underlying filesystem of exported directory in > > > the > > > server does the nfs4_acl go away. > > > > That would also be specific to Linux servers. > > Sorry, I don't have access to other NFS based servers. Does that mean > "noacl" option on NFS client mount has different interpretations for > different NFS servers? Or do you mean that nfs4_acl cannot be > disabled > for other type of servers? I'm not sure it even makes sense to turn off filesystem acls if your underlying filesystem is something like zfs or apfs (let alone NTFS). Linux really is behind the curve here. > > > > So if that is your final decision, then why not just state in the > > overlayfs manpage that > > No, that is not my final decision. Neither is it for me to make. I am > merely trying to find a way to make writes on overlayfs possible with > NFSv4 in the lower layer. > ...and all I'm doing is pointing out that as long as you insist on client enforcement of file security, then you are heavily limiting the list of servers and server configurations that you will be able to work safely with. There is a reason why, in all the 30 years since the NFSv2 spec was released, nobody has built such a client. -- Trond Myklebust Linux NFS client maintainer, Hammerspace trond.myklebust@hammerspace.com
WARNING: multiple messages have this Message-ID (diff)
From: Trond Myklebust <trondmy@hammerspace.com> To: "miklos@szeredi.hu" <miklos@szeredi.hu>, "rgoldwyn@suse.de" <rgoldwyn@suse.de> Cc: "bfields@fieldses.org" <bfields@fieldses.org>, "agruenba@redhat.com" <agruenba@redhat.com>, "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>, "linux-unionfs@vger.kernel.org" <linux-unionfs@vger.kernel.org> Subject: Re: nfs4_acl restricts copy_up in overlayfs Date: Fri, 1 Jun 2018 13:16:44 +0000 [thread overview] Message-ID: <828f320cde910a45983d91bddb6477d21c5cae33.camel@hammerspace.com> (raw) In-Reply-To: <c59d0be3-a10b-02c3-8126-3402a6a0eab1@suse.de> T24gRnJpLCAyMDE4LTA2LTAxIGF0IDA2OjQwIC0wNTAwLCBHb2xkd3luIFJvZHJpZ3VlcyB3cm90 ZToNCj4gDQo+IE9uIDA1LzMxLzIwMTggMDc6NDkgUE0sIFRyb25kIE15a2xlYnVzdCB3cm90ZToN Cj4gPiBPbiBUaHUsIDIwMTgtMDUtMzEgYXQgMTY6NTMgLTA1MDAsIEdvbGR3eW4gUm9kcmlndWVz IHdyb3RlOg0KPiA+ID4gDQo+ID4gPiBPbiAwNS8zMS8yMDE4IDA4OjMwIEFNLCBNaWtsb3MgU3pl cmVkaSB3cm90ZToNCj4gPiA+ID4gT24gVGh1LCBNYXkgMzEsIDIwMTggYXQgMzoxMCBQTSwgVHJv bmQgTXlrbGVidXN0DQo+ID4gPiA+IDx0cm9uZG15QGhhbW1lcnNwYWNlLmNvbT4gd3JvdGU6DQo+ ID4gPiA+ID4gPiANCj4gPiA+ID4gPiA+IEkgdW5kZXJzdGFuZC4gIElnbm9yaW5nIG5mczRfYWNs IGluIG92ZXJsYXlmcyB3aWxsIGhhdmUgdGhlDQo+ID4gPiA+ID4gPiBzYW1lDQo+ID4gPiA+ID4g PiByZXN1bHQgYXMgYWRkaW5nIG5vYWNsIHRvIHRoZSB1bmRlcmx5aW5nIE5GUyBtb3VudC4NCj4g PiA+IA0KPiA+ID4gQWRkaW5nIG5vYWNsIGluIE5GUyBjbGllbnQgbW91bnQgaGFzIG5vIGFmZmVj dCB0byBuZnM0X2FjbC4gT25seQ0KPiA+ID4gaWYNCj4gPiA+IHlvdQ0KPiA+ID4gYWRkIG5vYWNs IGluIHRoZSB1bmRlcmx5aW5nIGZpbGVzeXN0ZW0gb2YgZXhwb3J0ZWQgZGlyZWN0b3J5IGluDQo+ ID4gPiB0aGUNCj4gPiA+IHNlcnZlciBkb2VzIHRoZSBuZnM0X2FjbCBnbyBhd2F5Lg0KPiA+IA0K PiA+IFRoYXQgd291bGQgYWxzbyBiZSBzcGVjaWZpYyB0byBMaW51eCBzZXJ2ZXJzLg0KPiANCj4g U29ycnksIEkgZG9uJ3QgaGF2ZSBhY2Nlc3MgdG8gb3RoZXIgTkZTIGJhc2VkIHNlcnZlcnMuIERv ZXMgdGhhdCBtZWFuDQo+ICJub2FjbCIgb3B0aW9uIG9uIE5GUyBjbGllbnQgbW91bnQgaGFzIGRp ZmZlcmVudCBpbnRlcnByZXRhdGlvbnMgZm9yDQo+IGRpZmZlcmVudCBORlMgc2VydmVycz8gT3Ig ZG8geW91IG1lYW4gdGhhdCBuZnM0X2FjbCBjYW5ub3QgYmUNCj4gZGlzYWJsZWQNCj4gZm9yIG90 aGVyIHR5cGUgb2Ygc2VydmVycz8NCg0KSSdtIG5vdCBzdXJlIGl0IGV2ZW4gbWFrZXMgc2Vuc2Ug dG8gdHVybiBvZmYgZmlsZXN5c3RlbSBhY2xzIGlmIHlvdXINCnVuZGVybHlpbmcgZmlsZXN5c3Rl bSBpcyBzb21ldGhpbmcgbGlrZSB6ZnMgb3IgYXBmcyAobGV0IGFsb25lIE5URlMpLg0KTGludXgg cmVhbGx5IGlzIGJlaGluZCB0aGUgY3VydmUgaGVyZS4NCg0KPiA+IA0KPiA+IFNvIGlmIHRoYXQg aXMgeW91ciBmaW5hbCBkZWNpc2lvbiwgdGhlbiB3aHkgbm90IGp1c3Qgc3RhdGUgaW4gdGhlDQo+ ID4gb3ZlcmxheWZzIG1hbnBhZ2UgdGhhdA0KPiANCj4gTm8sIHRoYXQgaXMgbm90IG15IGZpbmFs IGRlY2lzaW9uLiBOZWl0aGVyIGlzIGl0IGZvciBtZSB0byBtYWtlLiBJIGFtDQo+IG1lcmVseSB0 cnlpbmcgdG8gZmluZCBhIHdheSB0byBtYWtlIHdyaXRlcyBvbiBvdmVybGF5ZnMgcG9zc2libGUg d2l0aA0KPiBORlN2NCBpbiB0aGUgbG93ZXIgbGF5ZXIuDQo+IA0KDQouLi5hbmQgYWxsIEknbSBk b2luZyBpcyBwb2ludGluZyBvdXQgdGhhdCBhcyBsb25nIGFzIHlvdSBpbnNpc3Qgb24NCmNsaWVu dCBlbmZvcmNlbWVudCBvZiBmaWxlIHNlY3VyaXR5LCB0aGVuIHlvdSBhcmUgaGVhdmlseSBsaW1p dGluZyB0aGUNCmxpc3Qgb2Ygc2VydmVycyBhbmQgc2VydmVyIGNvbmZpZ3VyYXRpb25zIHRoYXQg eW91IHdpbGwgYmUgYWJsZSB0byB3b3JrDQpzYWZlbHkgd2l0aC4gVGhlcmUgaXMgYSByZWFzb24g d2h5LCBpbiBhbGwgdGhlIDMwIHllYXJzIHNpbmNlIHRoZSBORlN2Mg0Kc3BlYyB3YXMgcmVsZWFz ZWQsIG5vYm9keSBoYXMgYnVpbHQgc3VjaCBhIGNsaWVudC4NCg0KLS0gDQpUcm9uZCBNeWtsZWJ1 c3QNCkxpbnV4IE5GUyBjbGllbnQgbWFpbnRhaW5lciwgSGFtbWVyc3BhY2UNCnRyb25kLm15a2xl YnVzdEBoYW1tZXJzcGFjZS5jb20NCg0K
next prev parent reply other threads:[~2018-06-01 13:16 UTC|newest] Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-05-29 20:32 nfs4_acl restricts copy_up in overlayfs Goldwyn Rodrigues 2018-05-29 21:37 ` Trond Myklebust 2018-05-29 21:37 ` Trond Myklebust 2018-05-30 1:08 ` Goldwyn Rodrigues 2018-05-30 1:08 ` Goldwyn Rodrigues 2018-05-30 3:01 ` Trond Myklebust 2018-05-30 3:01 ` Trond Myklebust 2018-05-30 10:33 ` Goldwyn Rodrigues 2018-05-31 0:45 ` J. Bruce Fields 2018-05-31 10:00 ` Miklos Szeredi 2018-05-31 12:47 ` Trond Myklebust 2018-05-31 12:47 ` Trond Myklebust 2018-05-31 12:55 ` Miklos Szeredi 2018-05-31 13:10 ` Trond Myklebust 2018-05-31 13:10 ` Trond Myklebust 2018-05-31 13:30 ` Miklos Szeredi 2018-05-31 14:06 ` bfields 2018-05-31 14:26 ` Miklos Szeredi 2018-05-31 17:52 ` Trond Myklebust 2018-05-31 17:52 ` Trond Myklebust 2018-05-31 21:56 ` Goldwyn Rodrigues 2018-05-31 21:53 ` Goldwyn Rodrigues 2018-06-01 0:49 ` Trond Myklebust 2018-06-01 0:49 ` Trond Myklebust 2018-06-01 11:40 ` Goldwyn Rodrigues 2018-06-01 13:16 ` Trond Myklebust [this message] 2018-06-01 13:16 ` Trond Myklebust 2018-06-01 13:32 ` Miklos Szeredi 2018-06-01 13:50 ` bfields 2018-06-01 14:00 ` Miklos Szeredi 2018-06-01 14:26 ` bfields 2018-06-01 14:43 ` Miklos Szeredi 2018-06-01 16:08 ` bfields 2018-06-01 17:02 ` Miklos Szeredi 2018-06-01 17:43 ` bfields 2018-06-01 19:14 ` Miklos Szeredi 2018-06-02 0:50 ` bfields 2018-06-07 11:50 ` Miklos Szeredi 2018-05-31 18:57 ` J. R. Okajima
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=828f320cde910a45983d91bddb6477d21c5cae33.camel@hammerspace.com \ --to=trondmy@hammerspace.com \ --cc=agruenba@redhat.com \ --cc=bfields@fieldses.org \ --cc=linux-nfs@vger.kernel.org \ --cc=linux-unionfs@vger.kernel.org \ --cc=miklos@szeredi.hu \ --cc=rgoldwyn@suse.de \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.