Re: [RFC PATCH v2 00/11] NFS/NFSD: nfs4_acl passthru for NFSv4 reexport

[Chuck Lever <chuck.lever@oracle.com>]

On 3/10/26 10:53 AM, Trond Myklebust wrote:
> On Tue, 2026-03-10 at 06:26 -0700, Christoph Hellwig wrote:
>> NAK on this whole thing.  Linux does not support NFSv4 ACLs for
>> pretty
>> good reasons.  If you want to add it you'd have to do it properly
>> (even
>> if that is a bad idea in my opinion).  But adding a weird special
>> case
>> for passthrough is a no-go.  To be honest I really don't understand
>> why
>> your (as in Hammerspae, not you personally) want to abuse the kernel
>> nfsd and nfs client for that.  If you want to pass in the protocol do
>> it in userspace without burdening the kernel with it.
>>
> 
> Like it or not, Linux knfsd _does_ pretend to support NFSv4 ACLs. It
> does so by using a (lossy!) mapping to try to convert the NFSv4 ACL
> into a POSIX style ACL.
> This is a problem when you're re-exporting NFSv4, as we need to do,
> because at best it mangles your ACL. At worst, it throws random error
> codes back at the client.
> 
> So Hammerspace does need that passthrough ACL in order to have re-
> exports work as expected.
> 
> If the upstream community is unwilling to take patches to address the
> issue, then we're quite happy to maintain the code separately. It will
> still be available to those who need it through our github site.

I recognize the need to avoid ACE mapping when re-exporting NFSv4.
This is an issue specifically for NFSD (which remaps NFSv4 ACLs to
POSIX ACLS) and NFSv4 re-export.

I will accept a clean implementation of that for merge, and I've
already pointed out where the prototype implementation can be
improved.


-- 
Chuck Lever