Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp7498185yba; Thu, 2 May 2019 10:53:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqy8VtDGNpJS+PbbxHxUiYpXQ1rJM6UodGduBB7qxoup2so0hb9x7zh4IwsyvBN28gxxOcyP X-Received: by 2002:a63:3d4c:: with SMTP id k73mr5342374pga.154.1556819624461; Thu, 02 May 2019 10:53:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556819624; cv=none; d=google.com; s=arc-20160816; b=cp4qzUQcbEgKElGX4FcEsvy7zvKXnIczJJU5/6Qz7O6/wTnor/EyZkzQKK2Of1ejjY Q3eAP6f5vssjcK3lb/JnO3Pqc3DatNvM7Bo/XQDdesDueusvvRQ1n9R8h5EJQD+3axz9 /tWRqdRRdGn/IzTvrvy8+Hrudu68NOwuXgYRWEABqmSBLmwC/qiJr69/9ieEdGcxmyhW yivbXE2dhla2s+01987mPH2Bhrq58xg9U8AIfxQ4AZoy0NSBQJSGfyndlY+geGebrGA6 beTL1SJ4+lGZx4NgicrL1j1ORzqU8+K1svw4clX9aJT580Rp0E62NqgCExWivI/r4E63 bK7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version; bh=6zbPykclLZDD4a4vrcJsZXuQGHe0CdB5sLgZbdUVrfo=; b=r3ViulFHyJH4ChR44C9EtjrI8sokelXckNy507CH569989KddfGU5pqsRe01KHxtBT tCjxdzu9GRbpd/xW+ReFwWaXWiA0wmhPBf3fU0n1AjkKd4fU3lpxRv2IcFri+9zwCAdb P4XDIcoUoXG/s7psiZcA/9PlcVUpM5DkhY5MMuTA3PhOQWbDlg89MRXo1Rgzq85IoqEK O5ItTp6Hq/oX0mxvhI7NZgmkxoAn2AMGI8YiSaF0s6e0Uup6EOkRSpDqc3IoeZ5idAQC 0B6QbXe6Dbhi8SbZsFM7r+NhiyI6fzPd+Aa1XTAPxsOx4MyUKgLYXbtUV2PDCArdB8m6 j8jw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cj5si40665346plb.76.2019.05.02.10.53.28; Thu, 02 May 2019 10:53:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726276AbfEBRxZ convert rfc822-to-8bit (ORCPT + 99 others); Thu, 2 May 2019 13:53:25 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:36229 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726175AbfEBRxZ (ORCPT ); Thu, 2 May 2019 13:53:25 -0400 Received: by mail-ot1-f66.google.com with SMTP id b18so2910819otq.3 for ; Thu, 02 May 2019 10:53:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=GBDNR7dZoJr86zYykorTJ/IjzJwi83xXzsZS+RvPfCM=; b=OvqWuB+R9F6pHQmOPsPeh4KcEdPwRtp+uoCAWbJOz2th4T5PMPm5X9C4/fSgx/rOxW R777wtTXBtqVqC2liFHBQ7tQH6w3BBJphzAO8tMkOBHjBeN1YYEDwt239shmsEB4iHO6 FGb36xh0UQ4GSHdiTdk3uNqRVNOwopY+DUj8xFXJ0VlNnAh8R5ae+xM5x40cFL2nGYZV lFJs+TYkEAAyUAoPGFdoPew4EzzHl9uHS8C9YYeELa3zRz5eYCnb0vcFo3Fvjwya2R9b TniLSMxG077/1vW0iTk0bPb8oH6DoqDvD3TBv8LJaKsToPzjf58Nx25BJOy+GPZFMQo4 Ztsw== X-Gm-Message-State: APjAAAWsxK5ucVAULH2CnsRxNVZisCfTTaSfM5rZM3ECncz0LyL05u0W 6SIrHRPd68X7p4xLYzPQ4H4IonwDwH5NeUrBJxHi5g== X-Received: by 2002:a9d:61c6:: with SMTP id h6mr3337115otk.316.1556819604755; Thu, 02 May 2019 10:53:24 -0700 (PDT) MIME-Version: 1.0 References: <20161206185806.GC31197@fieldses.org> <87bm0l4nra.fsf@notabene.neil.brown.name> <875zqt4igg.fsf@notabene.neil.brown.name> <20190502171603.GA1778@fieldses.org> In-Reply-To: <20190502171603.GA1778@fieldses.org> From: Andreas Gruenbacher Date: Thu, 2 May 2019 19:53:13 +0200 Message-ID: Subject: Re: [PATCH] overlayfs: ignore empty NFSv4 ACLs in ext4 upperdir To: "J. Bruce Fields" Cc: =?UTF-8?Q?Andreas_Gr=C3=BCnbacher?= , Miklos Szeredi , NeilBrown , Amir Goldstein , Patrick Plagwitz , "linux-unionfs@vger.kernel.org" , Linux NFS list , Linux FS-devel Mailing List , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Thu, 2 May 2019 at 19:16, J. Bruce Fields wrote: > On Thu, May 02, 2019 at 05:08:14PM +0200, Andreas Grünbacher wrote: > > You'll still see permissions that differ from what the filesystem > > enforces, and copy-up would change that behavior. > > That's always true, and this issue isn't really specific to NFSv4 ACLs > (or ACLs at all), it already exists with just mode bits. The client > doesn't know how principals may be mapped on the server, doesn't know > group membership, etc. > > That's the usual model, anyway. Permissions are almost entirely the > server's responsibility, and we just provide a few attributes to set/get > those server-side permissions. Sure, if the client and server don't share the same user and group databases, ACLs can get a very different meaning. Andreas > The overlayfs/NFS case is different, I think: the nfs filesystem may be > just a static read-only template for a filesystem that's only ever used > by clients, and for all I know maybe permissions should only be > interpreted on the client side in that case. > > --b.