From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from out02.mta.xmission.com ([166.70.13.232]:52949 "EHLO
	out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752034AbcHIAlL (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 8 Aug 2016 20:41:11 -0400
From: ebiederm@xmission.com (Eric W. Biederman)
To: Nikolaus Rath <Nikolaus@rath.org>
Cc: fuse-devel@lists.sourceforge.net, linux-fsdevel@vger.kernel.org,
	Miklos Szeredi <miklos@szeredi.hu>,
	Michael j Theall <mtheall@us.ibm.com>,
	Jean-Pierre =?utf-8?Q?Andr=C3=A9?= <jean-pierre.andre@wanadoo.fr>,
	Seth Forshee <seth.forshee@canonical.com>
References: <1470086846-19844-1-git-send-email-seth.forshee@canonical.com>
	<874m6u3j1p.fsf@thinkpad.rath.org>
Date: Mon, 08 Aug 2016 19:27:50 -0500
In-Reply-To: <874m6u3j1p.fsf@thinkpad.rath.org> (Nikolaus Rath's message of
	"Mon, 08 Aug 2016 17:03:30 -0700")
Message-ID: <87popilrax.fsf@x220.int.ebiederm.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [RFC v3 0/2] Support for posix acls in fuse
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Nikolaus Rath <Nikolaus@rath.org> writes:

> On Aug 01 2016, Seth Forshee <seth.forshee@canonical.com> wrote:
>>  - Remove passthrough of acl xattrs when fuse acl support is disabled or
>>    default_permissions is not used.
>>
>> This last change is user visible, but as fuse filesystems cannot
>> meaninfully support acls today it's not really a regression.
>
> Are you sure about that? I believe there are FUSE file systems out there
> that are parsing/constructing the kernel's xattr representation and
> (together with no_default_permissions) support ACLs. Or is there another
> problem?

fuse_permission does not have a mode where it always call into the
filesystem.  Without FUSE_DEFAULT_PERMISSIONS set the underlying
filesystem is at most called when the syscalls chdir, access, and
execve are called. (Basically

Which means there is no way to enforce any kind of general acls in fuse
without changes.

That said I we seem to have figured out an implmenetation where
passthrough is maintained for the time being when posix acl support is
not enabled.  And Miklos figures libfuse needs to parse the the xattr
anyway so that the filesystems can have atomic mode changes instead of
having two separate calls, one to setattr and another to setxattr.

So I don't believe when the dust settles there is any danger of
regression, despite the code not yet working in a way that enforces
acls.


Eric