From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH 2/8] move xattr permission checks into the VFS
Date: Tue, 1 Nov 2005 04:24:51 +0100
Message-ID: <20051101032451.GA24312@lst.de>
References: <20051101023019.GB23378@lst.de> <1130815329.19963.8.camel@lade.trondhjem.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Christoph Hellwig <hch@lst.de>, akpm@osdl.org,
	linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from verein.lst.de ([213.95.11.210]:21931 "EHLO mail.lst.de")
	by vger.kernel.org with ESMTP id S964957AbVKADY5 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 31 Oct 2005 22:24:57 -0500
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Content-Disposition: inline
In-Reply-To: <1130815329.19963.8.camel@lade.trondhjem.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Mon, Oct 31, 2005 at 10:22:09PM -0500, Trond Myklebust wrote:
> > +	/*
> > +	 * No restriction for security.* and system.* from the VFS.  Decision
> > +	 * on these is left to the underlying filesystem / security module.
> > +	 */
> > +	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN) ||
> > +	    !strncmp(name, XATTR_SYSTEM_PREFIX, XATTR_SYSTEM_PREFIX_LEN))
> > +		return 0;

> The call to permission() here is not always applicable. Some filesystems
> may have different permissions when it comes to the right to read or set
> ACLs (both AFS and NFSv4, for instance, have such features).
> 
> For the NFSv4 client, therefore, I'd like to be able to override this
> particular check (and leave it up to the server to verify that we are
> authorised).

See the code above.  system namespace attributes (which ACLs are) are
never handled in the VFS but always left to the filesystem.