Re: [RFC v3 0/2] Support for posix acls in fuse

[ebiederm@xmission.com (Eric W. Biederman)]

Nikolaus Rath <Nikolaus@rath.org> writes:

> On Aug 01 2016, Seth Forshee <seth.forshee@canonical.com> wrote:
>>  - Remove passthrough of acl xattrs when fuse acl support is disabled or
>>    default_permissions is not used.
>>
>> This last change is user visible, but as fuse filesystems cannot
>> meaninfully support acls today it's not really a regression.
>
> Are you sure about that? I believe there are FUSE file systems out there
> that are parsing/constructing the kernel's xattr representation and
> (together with no_default_permissions) support ACLs. Or is there another
> problem?

fuse_permission does not have a mode where it always call into the
filesystem.  Without FUSE_DEFAULT_PERMISSIONS set the underlying
filesystem is at most called when the syscalls chdir, access, and
execve are called. (Basically

Which means there is no way to enforce any kind of general acls in fuse
without changes.

That said I we seem to have figured out an implmenetation where
passthrough is maintained for the time being when posix acl support is
not enabled.  And Miklos figures libfuse needs to parse the the xattr
anyway so that the filesystems can have atomic mode changes instead of
having two separate calls, one to setattr and another to setxattr.

So I don't believe when the dust settles there is any danger of
regression, despite the code not yet working in a way that enforces
acls.


Eric