Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2626005pxu; Mon, 7 Dec 2020 11:07:33 -0800 (PST) X-Google-Smtp-Source: ABdhPJxdRfGb9A3ql65C3eGN/Hhlan/a8HkF5wt1XpONmfdjoWQ/+IERzyP/enT/9qYufoeTWIPl X-Received: by 2002:a50:fb97:: with SMTP id e23mr21775625edq.208.1607368053097; Mon, 07 Dec 2020 11:07:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607368053; cv=none; d=google.com; s=arc-20160816; b=wzCjV1AR89egiKiYFaF+EroJaHx8CCRHpUCIWXSlU1hCTgzwvaqeJdpK/mLJ5kjReq 2BlSjSdUhZKVwF5+WiMFLSwXKj+/HUjH3g6z6PBw8u7EEhi7e9ynfDHsq4WSvce8m3fI f9fMrTRX1hqvO8dIOljpqCd1nHrnM0B8iL033CavMAoUlebpGG3JvG6HGycmOBzGj+zG omV97bHfn8g7T8RdMtzsWALPcPYk0LHjFTcpPtjg9MUeVyC+HSLwPWZcqo82edaioqPU YKKBoQlannXHCwtcRuCxVy+2wkDZ7aNqHs7GyOzEyv2tB2HI59oKhxwl+vbi5YUoafpo mzOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=CnTU61U0VfmH5d7Y0floY0nX86RrCNSa09zdCXYBzXk=; b=e768yE9C866Ydl3apQvOg29M3kKkm6vaEqMZ6wqN2LLIImWsS8Uszaf4SlS3WspNcX eHaS19hMsdU6amGXctMawUtGpLB9ltu7mewG1i4LaKaclhqBlHhSqpiazCOhjKB1LSLL 0JNKxGn5jqyPdSsvM8LQsopF4hgQSx0Rea4KkvGbFwx77qh6AZ0rLFaKIuR98dZLIJ5S bPrLNyzQbnAp6FMU2kmDehdxlAdP2obHkpdL5pVWsBC6OZCYgG3ipJiVf8pVOYNfwECI NFO81TEvaWqlLsZqmEJKMOl5B7YZC54kxItg2E/bV4HTvqBW/qfxc5akvXaRgrcROATu XJOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PFOwHotd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z10si9758826edp.346.2020.12.07.11.07.10; Mon, 07 Dec 2020 11:07:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PFOwHotd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725939AbgLGTFs (ORCPT + 99 others); Mon, 7 Dec 2020 14:05:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725781AbgLGTFr (ORCPT ); Mon, 7 Dec 2020 14:05:47 -0500 Received: from mail-ej1-x641.google.com (mail-ej1-x641.google.com [IPv6:2a00:1450:4864:20::641]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6260CC061793; Mon, 7 Dec 2020 11:05:07 -0800 (PST) Received: by mail-ej1-x641.google.com with SMTP id g20so21103825ejb.1; Mon, 07 Dec 2020 11:05:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=CnTU61U0VfmH5d7Y0floY0nX86RrCNSa09zdCXYBzXk=; b=PFOwHotdXDiwAsjMXr+a10ZmP59ofuYod/RNnamWO8iVNjFwnVmSrBeG9mivlKWtXo MxA353m/lANrFXRl33HgKXA3om9hrLWdFJcMPBVMbJEFoKdxhmPDDFFcEjntDbmqswMy MDSx/3CvEjXGej5Zyyfe0wiLu2GIymcWv8D5LEzfYycNIAJO0UoY1tqaUyVsQaxFES3q C0c8tjA4yWs6XARBOTViv+EWIO/z5Usk2KE8/ETnT5IQzd7+w+Iov3AA07Lga40igwz8 G7QHvJjL5DGyOnK2jPCIBcOdbFMNEbeT7/7iHyFdmK/UypiGDPxgW3N3AsKG9+8yB5R8 dYuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=CnTU61U0VfmH5d7Y0floY0nX86RrCNSa09zdCXYBzXk=; b=B5e/yH2q+xCFHXTw4WJRvSTv/MCIRIW8eU9zlYDeZ7iN29vnXYJrzyXnXlUX8eScPq SSmOR/9KrdNYr0QIsNV5Y7V7poqOHDl8Q/VjoHqL7l9GkjXkm3pmxJF09J83jWV4FYVi BnExvn0y7M+aUruBMdHb8ecpEuvch0mbtZRy7G5MJE6tEq4kwRtT+8bXZaEFDkejyQY7 V7ntmbrfdXBMdvIHyFQuTJnXYuYYJmJhfOCaUjSesW3l4QzL385+mCi+o5+DoKDiYoPA wS8k8N/hbbm1CmzLRVI7ho5DMvILKEzoVydqsD7kpL7Xr5boQ0x4BhmqfVdDSr7NeH3Q C+Jg== X-Gm-Message-State: AOAM530SXLMB8noTMnV5KD8sYrwmcxHVNfXV3moH2R8zXtreUZ0xcl06 vSnW+BKxCk3gJB7wk5HtKYct5olo1NNxJ2St+g== X-Received: by 2002:a17:906:604e:: with SMTP id p14mr20917499ejj.515.1607367905955; Mon, 07 Dec 2020 11:05:05 -0800 (PST) MIME-Version: 1.0 References: <20201027204226.26906-1-pboris@amazon.com> In-Reply-To: From: Pavel Shilovsky Date: Mon, 7 Dec 2020 11:04:54 -0800 Message-ID: Subject: Re: [PATCH] Add support for getting and setting SACLs To: Boris Protopopov Cc: Shyam Prasad N , Boris Protopopov , Steve French , linux-cifs , samba-technical , LKML Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Boris, Are you talking about this patch "[PATCH] Extend cifs acl utilities to handle SACLs"? Just for the future, I am trying to monitor the samba-dev mailing list but if you would like to get the fastest response to your patches then please include me directly or at least the linux-cifs mailing list. I stage pending patches in the "next" branch on my github tree, so, will include the one above. https://github.com/piastry/cifs-utils/commits/next -- Best regards, Pavel Shilovsky =D0=BF=D0=BD, 7 =D0=B4=D0=B5=D0=BA. 2020 =D0=B3. =D0=B2 07:28, Boris Protop= opov : > > Hello, Shyam, > > sorry for the delayed reply and thanks for looking at this patch. Yes, > the testing was done using the extended versions of > getcifsacl/setcifsacl (added setting owner and SACL support), the > patch for that posted recently via samba-technical (message ID > <20201120214918.12517-1-pboris@amazon.com>). I have tested > setting/getting the owner, DACL, and SACL, for all the DACL/SACL flags > (-a, -D, -M, -S), SACL type SYSTEM_AUDIT. This testing was done > against 5.10.0-rc1 and 4.14.203 (the latter required porting the > user-space patch). I believe this testing has fully exercised the code > changes in question. > > I will look at contributing to the fsxtesting-cifs code, but I think > the setcifsacl/getcifsact patch that enables easy access to the > descriptor components is a pre-requisite for such contributions. > > Thanks! > > > On Wed, Dec 2, 2020 at 5:43 AM Shyam Prasad N wr= ote: > > > > Hi Boris, > > > > At a high level, the changes look good to me. Will go through the > > changes in more detail tomorrow morning. > > > > On a related note, we may need more test coverage in this area. > > Can you please share your testing output against your changes? > > Or even better, if you can contribute some xfstests for this use case: > > https://wiki.samba.org/index.php/Xfstesting-cifs > > > > Regards, > > Shyam > > > > On Wed, Dec 2, 2020 at 12:24 AM Boris Protopopov > > wrote: > > > > > > Hello, > > > I am checking in to see if anyone had a chance to take a look at this > > > patch. I would appreciate any feedback. > > > Thanks! > > > > > > On Tue, Oct 27, 2020 at 5:01 PM Boris Protopopov via samba-technical > > > wrote: > > > > > > > > Add SYSTEM_SECURITY access flag and use with smb2 when opening > > > > files for getting/setting SACLs. Add "system.cifs_ntsd_full" > > > > extended attribute to allow user-space access to the functionality. > > > > Avoid multiple server calls when setting owner, DACL, and SACL. > > > > > > > > Signed-off-by: Boris Protopopov > > > > --- > > > ... > > > > > > > > -- > > -Shyam