* New inode parent information needed for ACL
[not found] <48893356.18105.1316473250315.JavaMail.root@mail-01.cse.ucsc.edu>
@ 2011-09-19 23:05 ` Noah Watkins
2011-09-23 4:53 ` Sage Weil
0 siblings, 1 reply; 2+ messages in thread
From: Noah Watkins @ 2011-09-19 23:05 UTC (permalink / raw)
To: ceph-devel
Hi,
I've been hacking a bit on xattr-based ACLs for Ceph. It's all working
fine, but I'm having some trouble wiring up the default ACL init code
for new inodes (mknod, create, mkdir, and symlink): New ACLs depend on
the the ACL of the parent. The ideal location seems to be in fill_inode,
but it is unclear how to access the parent inode of the original request
from fill_inode because it is receiving the filler information just from a
mds reply. Is getting the parent information in fill_inode possible?
Alternatively, in each of ceph_mknod, ceph_symlink, etc..., the problem would
be solved trivially if the new inode is available because the parent information
is provided. For example, in ceph_mknod, on success will dentry->d_inode alway point
to the new inode, or is there more async stuff going on?
Thanks,
Noah
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: New inode parent information needed for ACL
2011-09-19 23:05 ` New inode parent information needed for ACL Noah Watkins
@ 2011-09-23 4:53 ` Sage Weil
0 siblings, 0 replies; 2+ messages in thread
From: Sage Weil @ 2011-09-23 4:53 UTC (permalink / raw)
To: Noah Watkins; +Cc: ceph-devel
Hey Noah,
Sorry for the slow reply!
On Mon, 19 Sep 2011, Noah Watkins wrote:
> I've been hacking a bit on xattr-based ACLs for Ceph. It's all working
> fine, but I'm having some trouble wiring up the default ACL init code
> for new inodes (mknod, create, mkdir, and symlink): New ACLs depend on
> the the ACL of the parent. The ideal location seems to be in fill_inode,
> but it is unclear how to access the parent inode of the original request
> from fill_inode because it is receiving the filler information just from a
> mds reply. Is getting the parent information in fill_inode possible?
>
> Alternatively, in each of ceph_mknod, ceph_symlink, etc..., the problem would
> be solved trivially if the new inode is available because the parent information
> is provided. For example, in ceph_mknod, on success will dentry->d_inode alway point
> to the new inode, or is there more async stuff going on?
Let me make sure I understand this: when you create a file, the generic
linux ACL code gives you a new ACL based on the parent directory. Is that
right?
I see two options:
1- in mknod/mkdir/create/symlink, we generate the new acl and pass it to
the MDS along with the create request. "trust the client."
2- the MDS generates the ACL based on the parent directory. "trust the
server."
I think #2 is a more "right" answer, but it also means duplicating
whatever the ACL logic is on the MDS. I also suspect #1 is what labeled
NFS does... :/
In any case, I don't think anything in the reply processing path will be
right. The client should only be presenting what the ACL actually is (on
the server), which means it needs to be part of the request, or generated
on the MDS...
sage
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-09-23 4:53 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <48893356.18105.1316473250315.JavaMail.root@mail-01.cse.ucsc.edu>
2011-09-19 23:05 ` New inode parent information needed for ACL Noah Watkins
2011-09-23 4:53 ` Sage Weil
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.