From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37625 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S934137AbcIUUvC (ORCPT ); Wed, 21 Sep 2016 16:51:02 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u8LKmoWG001564 for ; Wed, 21 Sep 2016 16:51:02 -0400 Received: from e32.co.us.ibm.com (e32.co.us.ibm.com [32.97.110.150]) by mx0b-001b2d01.pphosted.com with ESMTP id 25kjkxsv20-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 21 Sep 2016 16:51:02 -0400 Received: from localhost by e32.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 21 Sep 2016 14:51:01 -0600 Subject: Re: [fuse-devel] [PATCH 0/2] Support for posix ACLs in fuse From: Michael Theall To: Miklos Szeredi , Jean-Pierre =?ISO-8859-1?Q?Andr=E9?= Cc: Andreas Gruenbacher , fuse-devel , Seth Forshee , Nikolaus Rath , linux-fsdevel@vger.kernel.org Date: Wed, 21 Sep 2016 15:50:55 -0500 In-Reply-To: References: <1472478397-131967-1-git-send-email-seth.forshee@canonical.com> <57E27C3F.5080608@wanadoo.fr> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <1474491055.1314.4.camel@linux.vnet.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, 2016-09-21 at 16:14 +0200, Miklos Szeredi wrote: > On Wed, Sep 21, 2016 at 2:25 PM, Jean-Pierre André > wrote: > > > > > The code for Posix ACLs support within the kernel is > > already present in ntfs-3g (just have to define the > > macro KERNELACLS in order to disable the checks > > within ntfs-3g and rely on the kernel ones). > > > > This however relies on assumptions I made a few years > > back, and might be invalid now. I will at least have > > to set some flag in the init callback. > > > > The ACLs are supposed to be set and retrieved through > > the extended attributes system.posix_acl_access and > > system.posix_acl_default. Recent posts about it in > > this list mention "xattr handlers", do they mean > > getxattr() and setxattr() on these extended attributes ? > Right. > > > > > Also the sync with the file mode is done natively, > > as the ACLs and modes are translated to a single > > object (an NTFS ACL). There is no need for fuse to > > duplicate the mode to a ACL setting or conversely. > > > > Now the main problem for ntfs-3g is to migrate to > > libfuse3, still keeping the compatibility with non-Linux > > implementations (MacOSX, OpenIndiana, and others). > > I have not done anything about it yet. > > > > Does the Posix ACL in-kernel support require libfuse3 ? > Not really, the most important change (and apparently the only one > that ntfs-3g cares about) will be the added capability flag, but it's > trivial to add it to libfuse2. > > Thanks, > Miklos Hi, I'm currently trying to port my code to take advantage of this. I've found myself in sort of a catch-22 situation: I don't know whether to pass default_permissions or not. Right now, I support ACLs by not using default_permissions. However, the FUSE_POSIX_ACL capability is only given when default_permissions is turned on. If I unconditionally set FUSE_POSIX_ACL in the "want" flags, the capability remains disabled if default_permissions is off. I need to support ACLs on backlevel platforms with default_permissions off, and the coming platforms with default_permissions on. How do you suggest I determine whether to provide it or not? Regards, Michael Theall