Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4343899yba; Tue, 7 May 2019 16:51:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqzDcWWD7ybdXnDkIjZ25eUXwg3lnd4tnF+E4eCCWUNOd6y9HWPb2Qmb8f5qhhP13gRf0WVt X-Received: by 2002:a17:902:bd91:: with SMTP id q17mr17262543pls.13.1557273108320; Tue, 07 May 2019 16:51:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557273108; cv=none; d=google.com; s=arc-20160816; b=ij4GnzUhBiSILtL0WoqufoHbBflFvtoiM0J4C/YjiI4ZDEdrQCEMb1gTva3XUyx+wt kYUleiW+jc0qB5X7mfd4AbJVpRtpBbpxKE2W9M4d7vBBaC1q+Q1jCNrpCQAfJCUJ3ujr AlJrimXdzqLXH7gSccILoIguM8inj1GhlG6mSyNk4Wg2q4D0zCjXHsq1v3HrEq+aUrrs o0uAkgCtskyBUIU2h8ZQpyLg5gviNNfClHDbiKXa1N9MTLrXnodv2TVnzPjmqtv7QFfF GnOYg3gn1u405bWdng4uE3wBppBTe7bULfmiCZaxAQMzsDf9d/XdjLfAiHQBpq3Fpxlh qSQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=QI/fqnuhiSW11sWCMayoSHnLLnr4q0raKlcz3llupho=; b=s2j7RsOcD/jIbSCVFzMtLh3+eXbD3Jt2ZmlpEyzrb7Uv6Ya8PgRpx0LDqmO9lRk7vr HVSYgsdciDbyKQ4d1BRFZru5iWXjXZONdeshqAPdVRpSB4ueV9Brt19tNlC64sCL4oPb HTLksp+1jxNsDDDzdIlQ1akeYn2TIxKwGD/HYphq8g2XCKCoExLmeM8vJxWljMghl9up L1qAC9IazSupovk8sGHYihIW1vdbMsZ6h0D/9jWQSoPdR0BiI28PCbYn5HaCrmvQiOj1 z1vgJeI3FfM5UnzXQlf70UCBGnuZmFEjN6bWnA9w9Yh9WMnG+usTn+JomVA3SYYVB4S9 rQ9w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q73si9290907pfi.5.2019.05.07.16.51.21; Tue, 07 May 2019 16:51:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726378AbfEGXvQ (ORCPT + 99 others); Tue, 7 May 2019 19:51:16 -0400 Received: from fieldses.org ([173.255.197.46]:59706 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726091AbfEGXvQ (ORCPT ); Tue, 7 May 2019 19:51:16 -0400 Received: by fieldses.org (Postfix, from userid 2815) id 583C51DCB; Tue, 7 May 2019 19:51:15 -0400 (EDT) Date: Tue, 7 May 2019 19:51:15 -0400 From: "J. Bruce Fields" To: Miklos Szeredi Cc: NeilBrown , Andreas Gruenbacher , Andreas =?utf-8?Q?Gr=C3=BCnbacher?= , Patrick Plagwitz , "linux-unionfs@vger.kernel.org" , Linux NFS list , Linux FS-devel Mailing List , Linux Kernel Mailing List Subject: Re: [PATCH] overlayfs: ignore empty NFSv4 ACLs in ext4 upperdir Message-ID: <20190507235115.GB16853@fieldses.org> References: <266c571f-e4e2-7c61-5ee2-8ece0c2d06e9@web.de> <20161206185806.GC31197@fieldses.org> <87bm0l4nra.fsf@notabene.neil.brown.name> <20190503153531.GJ12608@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Tue, May 07, 2019 at 04:07:21AM -0400, Miklos Szeredi wrote: > On Fri, May 3, 2019 at 11:35 AM J. Bruce Fields wrote: > > > > On Thu, May 02, 2019 at 12:02:33PM +1000, NeilBrown wrote: > > > > Silently not copying the ACLs is probably not a good idea as it might > > > result in inappropriate permissions being given away. So if the > > > sysadmin wants this (and some clearly do), they need a way to > > > explicitly say "I accept the risk". > > > > So, I feel like silently copying ACLs up *also* carries a risk, if that > > means switching from server-enforcement to client-enforcement of those > > permissions. > > That's not correct: permissions are checked on the overlay layer, > regardless of where the actual file resides. For filesystems using a > server enforced permission model that means possibly different > permissions for accesses through overlayfs than for accesses without > overlayfs. Apparently this is missing from the documentation and > definitely needs to be added. Well, we did have a thread on this pretty recently, I think, and I'm just not remembering the conclusion. Yes, it'd be nice to have this documented. In the case of NFSv4 ACLs, we not only lack storage for them, we don't even have code to evaluate them. --b. > So I think it's perfectly fine to allow copying up ACLs, as long as > the ACL is representable on the upper fs. If that cannot be ensured, > then the only sane thing to do is to disable ACL checking across the > overlay ("noacl" option).