Received: by 10.192.165.148 with SMTP id m20csp4317653imm; Tue, 8 May 2018 06:39:40 -0700 (PDT) X-Google-Smtp-Source: AB8JxZq+OTASzNdSyzalLD0rZa/XDNageq/ka3lExMAlAqNgvZ6SYNKimqCWbW7szJMBP9IKT/RD X-Received: by 2002:a17:902:9689:: with SMTP id n9-v6mr10718328plp.363.1525786780152; Tue, 08 May 2018 06:39:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525786780; cv=none; d=google.com; s=arc-20160816; b=mncQWZkjkEt2CHug4afj58EDxuy/ainzA6ZDB7sWgWKkS4hXlUgRbNRLr+UktBFbE/ HHLzq5M28ZIIetrl+Clv9xH1MoMiNAHSfgo9rBgdbPcCIb0WQRwpTJEsi1olVW3c1AQ8 uDPPh1Fs6VYyozrM7o0ZxrK1ag29V+VuoRPvqvQdqJMtA1bpznfw3corkKYhb3X3X3sU SQ0Xql/mRut8sXgkt61DDciB2FFOjMC+TYEK/TIpN7G1QLTpHVR/qDEhzLlraNIU9Hu5 vFQJpjwKfbD5MmWS2Fndevzi8mPp+WtxTPxcmJye1gAf5yOB0tvsDVfkUXPkKeCYlZDE 9zrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=5cVmcmyVevXvqk+ZqhUOPWlGshzddKKLt5NkRnYoNlk=; b=zmtJJmv9PNLtlBRGaZtAy81C4ydjwvcmhkDGUyN2EsWRm8iFMopJ6EPqddzQu/xjcK W1xdfo/l1cLOuERrPtTfHTk1BlqjGY820lomUgnFYI48VujoF6vW00/kHFnzoKYTHxTs GEegPLX6ewwH8XhxDAzDafQ8avbVT8BnEvmXDCw3h4Hp7HSoSi4qVGEZOP4aL5QETvWA UJyM5oPx/xjGrW6XSexNgWnF/8jM4DF8LAMi9q/smanu7n9dRznurzsi9VvdrEUrXCe9 HN9hRPduuyCKzSDKv9hxPibXAhjc6W+RnSbuJquujU5bZAuqFDko05fhT2icl/HaT3y/ pfmA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a1-v6si24097411plt.39.2018.05.08.06.39.25; Tue, 08 May 2018 06:39:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932401AbeEHNh4 (ORCPT + 99 others); Tue, 8 May 2018 09:37:56 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:33811 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932240AbeEHNhy (ORCPT ); Tue, 8 May 2018 09:37:54 -0400 Received: from mail-io0-f199.google.com ([209.85.223.199]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1fG2oT-000183-Pt for linux-kernel@vger.kernel.org; Tue, 08 May 2018 13:37:53 +0000 Received: by mail-io0-f199.google.com with SMTP id u16-v6so17285997iol.18 for ; Tue, 08 May 2018 06:37:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=5cVmcmyVevXvqk+ZqhUOPWlGshzddKKLt5NkRnYoNlk=; b=mRYa3ZQBC0/oDnLjZaAnGE8ESlIR1HvVQ2DFLXb6rdyqC5LscQls4NKGgvSsq8sg24 WP581IWx/+RYsTAqcT37oQUKl4VJ3wNqXRL1Umkud6JXKxJo78S00Ka+6xrsL8r4v4eH SQL0DxLFv1iTHRtu+5450uiINRzsWhFP7fsywDHjJ3KWvvMRXoFFTbYSzltp9ASlBDQN itk+ZByCNA3cGMrkwpVEr74FBCyr7Az1nbqtXMRT8xZ9mC8UNHaBhoGYACNXt6mYQSaq B80MyR57R46x+jslda1k9iFxmL/LEL/m+PlvWsGl0SgtMXrvJHm2FmQV/faejTFp5kg9 1KXg== X-Gm-Message-State: ALKqPweT8vbxEi0uwWLUMHfM8ctHu7hbLa9swrOGKS68kKC7kRN8kKRg oSICHsBB4HSEmQybK/27X6uczJcssQ5wqJqLprSc7fM3wD4+L/P6853UeO9B0/ia9Oe8xKd5g8+ ak2iuGqUVaGghPi9qdvp1Th3p2tvJyppQ8YkzQtLRmQ== X-Received: by 2002:a24:144a:: with SMTP id 71-v6mr4314497itg.73.1525786672374; Tue, 08 May 2018 06:37:52 -0700 (PDT) X-Received: by 2002:a24:144a:: with SMTP id 71-v6mr4314454itg.73.1525786671962; Tue, 08 May 2018 06:37:51 -0700 (PDT) Received: from localhost ([2605:a601:ac6:7f20:f1f9:618c:cc94:1dd2]) by smtp.gmail.com with ESMTPSA id x64-v6sm2084317ioe.5.2018.05.08.06.37.50 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 08 May 2018 06:37:50 -0700 (PDT) Date: Tue, 8 May 2018 08:37:50 -0500 From: Seth Forshee To: "Eric W. Biederman" Cc: Miklos Szeredi , lkml , Linux Containers , linux-fsdevel , Alban Crequy , Sargun Dhillon , Dongsu Park , "Serge E. Hallyn" Subject: Re: [PATCH] fuse: Ensure posix acls are translated outside of init_user_ns Message-ID: <20180508133750.GA29084@ubuntu-xps13> References: <87r2mre5b3.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87r2mre5b3.fsf@xmission.com> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 04, 2018 at 11:47:28AM -0500, Eric W. Biederman wrote: > > Ensure the translation happens by failing to read or write > posix acls when the filesystem has not indicated it supports > posix acls. > > This ensures that modern cached posix acl support is available > and used when dealing with posix acls. This is important > because only that path has the code to convernt the uids and > gids in posix acls into the user namespace of a fuse filesystem. > > Signed-off-by: "Eric W. Biederman" > --- > > Miklos after several attempts to handle this better last cycle. I > figure we should go with the stupid version for now. I think I know > how to do better but I don't want that to gate forward progress on > fully unprivileged fuse mounts. Especially as this is the last known > issue to deal with. This seems reasonable as a short-term measure. Acked-by: Seth Forshee