[RFC 00/39] Richacls (2)
From: Andreas Gruenbacher
Date: Fri Mar 27 2015 - 13:05:17 EST
Hello,
here is an update to the richacl patch queue. The changes since the last
posting (https://lwn.net/Articles/634870/) include:
* The ACL4_ and ACE4_ prefixes used for various richacl flags were renamed
to RICHACL_ and RICHACE_. The flag values are still identical with NFSv4
for flags that exist in NFSv4.
* The code is now uid/gid namespace aware.
* The nfs server now uses richacls as its internal acl representation;
struct nfs4_acl is gone. On the underlying file system, it uses either POSIX
ACLs or richacls depending on what that file system supports.
* The nfs client now exports NFSv4 acls as richacls in the "system.richacl"
attribute instead of the nfs-specific "system.nfs4_acl" attribute, just like
local file systems.
Note that the richacl xattr format has changed from the previous version and is
incompatible.
The git version is available here:
git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \
richacl-2015-03-27
For comparison, the previous version is available here:
git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \
richacl-2015-02-26
Things still to be done, or which I'm not entirely happy with:
* We may need to add back support for the "system.nfs4_acl" attribute
on nfs mounts for backwards compatible. Is anyone actually using that
attribute?
* While richacls do support Automatic Inheritance, the nfs client and server
don't because they don't support the NFSv4.1 "dacl" attribute yet (see RFC
5661).
* The nfs server performs some access checking on its own before calling into
the vfs which is rersponsible for the actual access checking (see where it
calls inode_permission()). With the additional MAY_ flags introduced in
this patch queue, the nfsd access checks may now be too restrictive in some
cases; I have yet to figure out how to deal with this.
* It would make sense for CIFS to expose Windows ACLs as richacls as well.
Steve maybe?
* The base_acl code is still rather ugly.
* It would be nice if the MAY_DELETE_SELF flag could override the sticky
directory check as it did in the previous version of this patch queue. I
couldn't come up with a clean way of achieving that, though.
Andreas Gruenbacher (37):
vfs: Minor documentation fix
uapi: Remove kernel internal declaration
vfs: Shrink struct posix_acl
vfs: Add IS_ACL() and IS_RICHACL() tests
vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags
vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags
vfs: Make the inode passed to inode_change_ok non-const
vfs: Add permission flags for setting file attributes
richacl: In-memory representation and helper functions
richacl: Permission mapping functions
richacl: Compute maximum file masks from an acl
richacl: Update the file masks in chmod()
richacl: Permission check algorithm
vfs: Cache base_acl objects in inodes
vfs: Cache richacl in struct inode
richacl: Create-time inheritance
richacl: Check if an acl is equivalent to a file mode
richacl: Automatic Inheritance
richacl: xattr mapping functions
vfs: Add richacl permission checking
richacl: acl editing helper functions
richacl: Move everyone@ aces down the acl
richacl: Propagate everyone@ permissions to other aces
richacl: Isolate the owner and group classes
richacl: Apply the file masks to a richacl
richacl: Create richacl from mode values
richacl: Create acl with masks applied in richacl_from_mode()
nfsd: Remove dead declarations
nfsd: Keep list of acls to dispose of in compoundargs
nfsd: Use richacls as internal acl representation
nfsd: Add richacl support
nfs/sunrpc: No more encode and decode function pointer casting
nfs/sunrpc: Return status code from encode functions
nfs3: Return posix acl encode errors
nfs: Remove unused xdr page offsets in getacl/setacl arguments
rpc: Allow to demand-allocate pages to encode into
nfs: Add richacl support
Aneesh Kumar K.V (2):
ext4: Add richacl support
ext4: Add richacl feature flag
Documentation/filesystems/porting | 8 +-
Documentation/filesystems/vfs.txt | 3 +
drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +-
fs/Kconfig | 9 +
fs/Makefile | 3 +
fs/attr.c | 81 ++-
fs/ext4/Kconfig | 15 +
fs/ext4/Makefile | 1 +
fs/ext4/acl.c | 7 +-
fs/ext4/acl.h | 12 +-
fs/ext4/ext4.h | 6 +-
fs/ext4/file.c | 6 +-
fs/ext4/ialloc.c | 7 +-
fs/ext4/inode.c | 10 +-
fs/ext4/namei.c | 11 +-
fs/ext4/richacl.c | 211 ++++++
fs/ext4/richacl.h | 47 ++
fs/ext4/super.c | 41 +-
fs/ext4/xattr.c | 6 +
fs/ext4/xattr.h | 1 +
fs/f2fs/acl.c | 4 +-
fs/inode.c | 15 +-
fs/lockd/clnt4xdr.c | 58 +-
fs/lockd/clntxdr.c | 58 +-
fs/lockd/mon.c | 26 +-
fs/namei.c | 108 ++-
fs/nfs/inode.c | 2 +-
fs/nfs/mount_clnt.c | 24 +-
fs/nfs/nfs2xdr.c | 115 ++--
fs/nfs/nfs3xdr.c | 225 ++++---
fs/nfs/nfs4proc.c | 335 +++++-----
fs/nfs/nfs4xdr.c | 699 ++++++++++++++------
fs/nfs/super.c | 4 +-
fs/nfs_common/Makefile | 1 +
fs/nfs_common/nfs4acl.c | 41 ++
fs/nfsd/Kconfig | 1 +
fs/nfsd/acl.h | 24 +-
fs/nfsd/nfs4acl.c | 467 ++++++-------
fs/nfsd/nfs4callback.c | 29 +-
fs/nfsd/nfs4proc.c | 17 +-
fs/nfsd/nfs4xdr.c | 103 +--
fs/nfsd/xdr4.h | 12 +-
fs/posix_acl.c | 31 +-
fs/richacl_base.c | 549 ++++++++++++++++
fs/richacl_compat.c | 835 ++++++++++++++++++++++++
fs/richacl_inode.c | 195 ++++++
fs/richacl_xattr.c | 210 ++++++
fs/xattr.c | 34 +-
include/linux/fs.h | 47 +-
include/linux/nfs4.h | 16 -
include/linux/nfs4acl.h | 7 +
include/linux/nfs_fs.h | 2 +-
include/linux/nfs_fs_sb.h | 2 +
include/linux/nfs_xdr.h | 8 +-
include/linux/posix_acl.h | 12 +-
include/linux/richacl.h | 330 ++++++++++
include/linux/richacl_compat.h | 40 ++
include/linux/richacl_xattr.h | 52 ++
include/linux/sunrpc/xdr.h | 5 +-
include/uapi/linux/fs.h | 3 +-
include/uapi/linux/nfs4.h | 7 -
include/uapi/linux/xattr.h | 2 +
net/sunrpc/auth.c | 7 +-
net/sunrpc/auth_gss/gss_rpc_upcall.c | 4 +-
net/sunrpc/auth_gss/gss_rpc_xdr.c | 11 +-
net/sunrpc/auth_gss/gss_rpc_xdr.h | 8 +-
net/sunrpc/clnt.c | 5 +-
net/sunrpc/rpcb_clnt.c | 57 +-
net/sunrpc/xdr.c | 8 +
69 files changed, 4283 insertions(+), 1059 deletions(-)
create mode 100644 fs/ext4/richacl.c
create mode 100644 fs/ext4/richacl.h
create mode 100644 fs/nfs_common/nfs4acl.c
create mode 100644 fs/richacl_base.c
create mode 100644 fs/richacl_compat.c
create mode 100644 fs/richacl_inode.c
create mode 100644 fs/richacl_xattr.c
create mode 100644 include/linux/nfs4acl.h
create mode 100644 include/linux/richacl.h
create mode 100644 include/linux/richacl_compat.h
create mode 100644 include/linux/richacl_xattr.h
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/