Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}

From: Dave Chinner <david@fromorbit.com>
To: Andreas Gruenbacher <agruenba@redhat.com>
Cc: Brian Foster <bfoster@redhat.com>, xfs@oss.sgi.com
Subject: Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}
Date: Tue, 27 Oct 2015 16:30:45 +1100	[thread overview]
Message-ID: <20151027053045.GL8773@dastard> (raw)
In-Reply-To: <CAHc6FU68MYTGWKM5S14_dQBqXeebd2GwQcKj4RztLvPWL2eksA@mail.gmail.com>

On Tue, Oct 27, 2015 at 12:52:10AM +0100, Andreas Gruenbacher wrote:
> On Mon, Oct 26, 2015 at 10:32 PM, Dave Chinner <david@fromorbit.com> wrote:
> > Really, I'm struggling to understand what the problem is with XFS
> > doing translation to it's own special xattr names for ACLs
> > underneath the posix layer.
> 
> Right now, setting one of the SGI_ACL attributes leads to stale i_acl
> / i_default_acl fields and in the case of SGI_ACL_FILE, possibly to
> outdated permissions in i_mode. You would get different information
> from getfacl than what's stored on disk.

That's because we're not marking the cached acl as stale when
setting the acl directly...

> > Yes, there's a caching issue when someone directly manipulates
> > the underlying xattr,
> 
> "Directly manipulating" could be doing a setxattr of an attribute that
> was previously retrieved by getxattr, like restoring a backup.

Sure, that's what xfsdump/restore effectively does.

> > but you need root to shoot yourself in the foot that way, and that is easily
> > solveable.
> 
> What do you mean, it's easily solvable?

forget_all_cached_acls()

Cheers,

Dave.
-- 
Dave Chinner
david@fromorbit.com

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs