From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out2-smtp.messagingengine.com ([66.111.4.26]:56700 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932461AbcHIWpC convert rfc822-to-8bit (ORCPT ); Tue, 9 Aug 2016 18:45:02 -0400 From: Nikolaus Rath To: ebiederm@xmission.com (Eric W. Biederman) Cc: fuse-devel@lists.sourceforge.net, linux-fsdevel@vger.kernel.org, Miklos Szeredi , Michael j Theall , Jean-Pierre =?utf-8?Q?Andr=C3=A9?= , Seth Forshee Subject: Re: [RFC v3 0/2] Support for posix acls in fuse References: <1470086846-19844-1-git-send-email-seth.forshee@canonical.com> <874m6u3j1p.fsf@thinkpad.rath.org> <87popilrax.fsf@x220.int.ebiederm.org> Date: Tue, 09 Aug 2016 15:44:59 -0700 In-Reply-To: <87popilrax.fsf@x220.int.ebiederm.org> (Eric W. Biederman's message of "Mon, 08 Aug 2016 19:27:50 -0500") Message-ID: <87r39xy32s.fsf@thinkpad.rath.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Aug 08 2016, ebiederm@xmission.com (Eric W. Biederman) wrote: > Nikolaus Rath writes: > >> On Aug 01 2016, Seth Forshee wrote: >>> - Remove passthrough of acl xattrs when fuse acl support is disabled or >>> default_permissions is not used. >>> >>> This last change is user visible, but as fuse filesystems cannot >>> meaninfully support acls today it's not really a regression. >> >> Are you sure about that? I believe there are FUSE file systems out there >> that are parsing/constructing the kernel's xattr representation and >> (together with no_default_permissions) support ACLs. Or is there another >> problem? > > fuse_permission does not have a mode where it always call into the > filesystem. Without FUSE_DEFAULT_PERMISSIONS set the underlying > filesystem is at most called when the syscalls chdir, access, and > execve are called. (Basically ...plus on open, create, write, read, setattr, etc. On each of these calls, the userspace fs is free to do an ACL check first and return an error if access should not be granted. So I think the only permission that cannot be enforced is execute. That is a bug, but I wouldn't go as far as saying that what's left isn't a meaningful feature that can just be removed entirely. > That said I we seem to have figured out an implmenetation where > passthrough is maintained for the time being when posix acl support is > not enabled. And Miklos figures libfuse needs to parse the the xattr > anyway so that the filesystems can have atomic mode changes instead of > having two separate calls, one to setattr and another to setxattr. > > So I don't believe when the dust settles there is any danger of > regression, despite the code not yet working in a way that enforces > acls. I agree with this though. I was a little behind on emails. Best, -Nikolaus -- GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.«