Received: by 10.223.185.116 with SMTP id b49csp4241305wrg; Mon, 26 Feb 2018 13:53:16 -0800 (PST) X-Google-Smtp-Source: AH8x224IOOx9WLqmHd5kgaBrff3bnD70rsiqNf+5MBf9CJMvBE9O9FwhxnAGQdsT62FgpalqvkJ4 X-Received: by 2002:a17:902:bcc6:: with SMTP id o6-v6mr12085579pls.16.1519681995958; Mon, 26 Feb 2018 13:53:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519681995; cv=none; d=google.com; s=arc-20160816; b=RWXjvRyVfinVtvxXsGpj63CAjEX4JAiAtGtdlZLwXP1cY34DdMtAjWZs/Tjhor6XBE sbJq6w1fel3b8W6rZBfe94Lqqk5BnFnWiWohzAfevo08AZ1JtsxiJ4fXT8Bybs+DOX3K 6aAKN7ymf0jRhmkygD9KF58pSZnDbR05/2Iz8zhVUG/eJmGh9KfPdw6giSRs3Fsi2QOu QNGSjoL7UM5vw1NcBZR1jCyTH2dSFl60e7DE3+Z00vAFBxP230hcgSedvWlXbKWwsLjP q//mBDMtJCpjTBDLcnnZKbZNrs+nhAsBd08adrdpTWaSen1pDf9uy1k2/1emtx6wxSSX aDAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from :arc-authentication-results; bh=e4s45XTXFkH1P4GEppT+GjOKCByKvVDJoiMemaq6daM=; b=wG754VGZxWAswH9B2PtXQbhmHmhko3AFZ12IKKDYAaAToagIMrsRSYGvJViuXb1FaN 7m1m5VmANHOOp2U7bnortuUCAql9Zn5sGQxSNB8m+612Pok8ELn8nrT8orDyaB2Yx4jy lEV5uPvwyHA+IArRuhkkB7wwk0jgLTUal5CHkH36r0ctkW4Rh2C4Ch5YCGL3PXVobigp cGY7VWtNg1N2VkhCTj5qsWsU2iNxcNicEfjdNxm+GqgwAffhKQ7T6mOT6bNxcle9CKux sEPQ4inGJkkQActYRJA4H38BatSVs2h0QZEUp/I/NIobCCN6NcYf4yg0FzGoYsTykpOH VuJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w130si7364889pfd.280.2018.02.26.13.52.59; Mon, 26 Feb 2018 13:53:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751656AbeBZVvx (ORCPT + 99 others); Mon, 26 Feb 2018 16:51:53 -0500 Received: from out02.mta.xmission.com ([166.70.13.232]:37338 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750842AbeBZVvv (ORCPT ); Mon, 26 Feb 2018 16:51:51 -0500 Received: from in02.mta.xmission.com ([166.70.13.52]) by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eqQgX-0002ue-SB; Mon, 26 Feb 2018 14:51:49 -0700 Received: from 174-19-85-160.omah.qwest.net ([174.19.85.160] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eqQgX-0003Ox-BZ; Mon, 26 Feb 2018 14:51:49 -0700 From: ebiederm@xmission.com (Eric W. Biederman) To: Miklos Szeredi Cc: lkml , Linux Containers , linux-fsdevel , Alban Crequy , Seth Forshee , Sargun Dhillon , Dongsu Park , "Serge E. Hallyn" References: <878tbmf5vl.fsf@xmission.com> <20180221202908.17258-4-ebiederm@xmission.com> <87inao6dfa.fsf@xmission.com> <87mv004p0t.fsf@xmission.com> <87zi3v1zga.fsf@xmission.com> Date: Mon, 26 Feb 2018 15:51:16 -0600 In-Reply-To: <87zi3v1zga.fsf@xmission.com> (Eric W. Biederman's message of "Mon, 26 Feb 2018 10:35:17 -0600") Message-ID: <87lgff1ktn.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1eqQgX-0003Ox-BZ;;;mid=<87lgff1ktn.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=174.19.85.160;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19wiORoqZ4ShUda4JKFCt7F8hUGmUp64t4= X-SA-Exim-Connect-IP: 174.19.85.160 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa06.xmission.com X-Spam-Level: X-Spam-Status: No, score=0.5 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TVD_RCVD_IP,T_TM2_M_HEADER_IN_MSG,T_TooManySym_01, XMSubLong autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.7 XMSubLong Long Subject * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4999] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Miklos Szeredi X-Spam-Relay-Country: X-Spam-Timing: total 195 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 2.6 (1.3%), b_tie_ro: 1.79 (0.9%), parse: 1.02 (0.5%), extract_message_metadata: 10 (5.2%), get_uri_detail_list: 1.21 (0.6%), tests_pri_-1000: 6 (2.9%), tests_pri_-950: 1.13 (0.6%), tests_pri_-900: 0.96 (0.5%), tests_pri_-400: 19 (9.7%), check_bayes: 18 (9.2%), b_tokenize: 6 (2.9%), b_tok_get_all: 6 (3.1%), b_comp_prob: 1.85 (1.0%), b_tok_touch_all: 2.5 (1.3%), b_finish: 0.64 (0.3%), tests_pri_0: 145 (74.4%), check_dkim_signature: 0.64 (0.3%), check_dkim_adsp: 2.4 (1.3%), tests_pri_500: 7 (3.5%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH v6 4/5] fuse: Ensure posix acls are translated outside of init_user_ns X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ebiederm@xmission.com (Eric W. Biederman) writes: > Miklos Szeredi writes: > >> On Thu, Feb 22, 2018 at 11:50 PM, Eric W. Biederman >> wrote: >> >>> So if we could figure out how to use the generic acl support for the old >>> brand of fuse filesystems that don't set FUSE_POSIX_ACL it would be much >>> easier to support them long term. >> >> Simplest and most robust way seems to be to do everything the same (as >> with FUSE_POSIX_ACL) but tell the vfs not to cache the acl. > > Good point. That sounds like for the !fc->posix_acl case we just > need a careful use of "forget_all_cached_acls(inode)". > > I will take a quick look at that, and see if that is easy/sufficient to > cover the legacy fuse case. Otherwise I will go with what I already > have here. > > That feels like a better path. And internally I would call what is > today fc->posix_acl fc->cached_posix_acl. To better convey the intent. > Fingers crossed. It looks like simply setting "inode->i_acl = inode->i_default_acl = ACL_DONT_CACHE;" is the secret sauce needed to disable caching in the legacy case and make everything work. I had to tweak the calls to forget_all_cached_acls so that won't clear the ACL_DONT_CACHE status but otherwise that was an absolutely trivial change to combine those two code paths. I will post my updated patches shortly. Eric