From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-f46.google.com ([209.85.214.46]:37719 "EHLO mail-it0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751040AbcHGDqd (ORCPT ); Sat, 6 Aug 2016 23:46:33 -0400 Received: by mail-it0-f46.google.com with SMTP id f6so56600507ith.0 for ; Sat, 06 Aug 2016 20:46:33 -0700 (PDT) Date: Sat, 6 Aug 2016 22:46:31 -0500 From: Seth Forshee To: Miklos Szeredi Cc: "Eric W. Biederman" , fuse-devel , linux-fsdevel@vger.kernel.org, Michael j Theall , Jean-Pierre =?utf-8?B?QW5kcsOp?= , Nikolaus Rath Subject: Re: [RFC v3 2/2] fuse: Add posix acl support Message-ID: <20160807034631.GA135007@ubuntu-hedt> References: <1470086846-19844-1-git-send-email-seth.forshee@canonical.com> <1470086846-19844-3-git-send-email-seth.forshee@canonical.com> <20160804141159.GA28476@ubuntu-xps13> <87shuiu85b.fsf@x220.int.ebiederm.org> <20160806015250.GA90790@ubuntu-hedt> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Sat, Aug 06, 2016 at 11:09:54PM +0200, Miklos Szeredi wrote: > On Sat, Aug 6, 2016 at 3:52 AM, Seth Forshee wrote: > > On Fri, Aug 05, 2016 at 06:07:44PM -0500, Eric W. Biederman wrote: > > What I'm not convinced of is that the userspace visible changes in > > behavior won't break someone's software, even if they aren't really > > getting acl enforcement. > > That's a key point. Backward compatibility is important, and not even > hard to do because fuse can negotiate supported features with the > userspace filesystem. > > So we can have a new FUSE_POSIX_ACL feature flag in INIT, sent if > "default_permissions" is on. > > If not set in INIT reply just pass all xattrs through to the > filesystem. Caching should not be done. Don't think about whether > it's logical or not, or if anyone could use it for anything sane. > Just do what we are doing currently. Translating uids still makes > sense, but that's another story. Translating uids is actually central to the differing positions that you and Eric have. What Eric wants is for the only path for supporting posix acls to be via the helpers, that way all concerns about translating uids can be addressed there. If fuse is to allow the xattrs to be passed directly through to the filesystem then there has to be a second mechanism which translates the uids for that case. > If the flag is set in INIT reply, then that means userspace filesystem > wants handling of posix acl permission checking in kernel. It would > also mean that caching of posix acl are allowed (lifetime linked to > attribute lifetime). > > If filesystem wants to explicitly disable posix acl support, then it > can reply EOPNOTSUPP to getxattr and setxattr on "system.posix_acl_*". > Alternatively we can add a FUSE_NO_POSIX_ACL feature flag, that > filesystem can return in reply to FUSE_POSIX_ACL. > > I agree that adding CONFIG_FUSE_FS_POSIX_ACL is probably not worth it, > just make any such code dependent on CONFIG_FS_POSIX_ACL. But CONFIG_FS_POSIX_ACL doesn't have an input prompt and thus isn't displayed in menuconfig, etc. If that's what you want, fine, but it seems like an unusual situation. Thanks, Seth