From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Gruenbacher <agruen@suse.de>
Subject: Re: [RFC] POSIX ACL kernel infrastructure
Date: Fri, 9 Aug 2002 14:22:49 +0200
Sender: linux-fsdevel-owner@vger.kernel.org
Message-ID: <200208091422.49879.agruen@suse.de>
References: <200208041546.35234.agruen@suse.de> <200208091253.55935.agruen@suse.de> <20020809121502.A8178@infradead.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Cc: Nathan Scott <nathans@sgi.com>,
	Christoph Hellwig <hch@infradead.org>,
	Linux-FSDevel <linux-fsdevel@vger.kernel.org>,
	Olaf Kirch <okir@suse.de>, Chris Mason <mason@suse.de>,
	Jeff Mahoney <jeffm@suse.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
To: Christoph Hellwig <hch@infradead.org>
In-Reply-To: <20020809121502.A8178@infradead.org>
List-Id: linux-fsdevel.vger.kernel.org

On Friday 09 August 2002 13:15, Christoph Hellwig wrote:
> On Fri, Aug 09, 2002 at 12:53:55PM +0200, Andreas Gruenbacher wrote:
> > The kernel NFS daemon introduces a number of interesting problems in the
> > kernel that no other component requires; the ACL permission masking hack
> > is one of them. The hack affects NFSv2 and NFSv3
> >
> > It is really important that encode_fattr and encode_fattr3, the functions
> > that include the hack, are efficient; they are used in all the essential
> > NFS RPCs.
>
> IF it's so essential why are you doing another IOP call then instead of
> adding inkernel A retrieving to ->getattr and struct kstat?  encode_fattr*
> has to call it anyway and that's the logical place for ACLs..

I read this as `Why are you not returning the permissions nfsd should see in 
struct, which the inode->getattr IOP fills?'. Please correct me if this is 
not what you wanted to say.

The usual callers of getattr should see the unmasked permissions; it's only 
nfsd that needs this special treatment, and only on filesystems that have 
ACLs enabled. The getattr IOP is used by others as well.

If you had adding an extra field to struct kstat in mind, this just seems too 
intrusive to me for solving the nfsd problem. The problem will go away in the 
future when all NFSv3 clients are using the ACCESS RPC, anyway. It's just a 
hack right now.

-Andreas.

------------------------------------------------------------------
 Andreas Gruenbacher                                SuSE Linux AG
 mailto:agruen@suse.de                     Deutschherrnstr. 15-19
 http://www.suse.de/                   D-90429 Nuernberg, Germany