From mboxrd@z Thu Jan 1 00:00:00 1970 From: "J. Bruce Fields" Subject: Re: [PATCH] overlayfs: ignore empty NFSv4 ACLs in ext4 upperdir Date: Thu, 2 May 2019 13:16:03 -0400 Message-ID: <20190502171603.GA1778@fieldses.org> References: <20161206185806.GC31197@fieldses.org> <87bm0l4nra.fsf@notabene.neil.brown.name> <875zqt4igg.fsf@notabene.neil.brown.name> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Andreas =?utf-8?Q?Gr=C3=BCnbacher?= Cc: Miklos Szeredi , Andreas Gruenbacher , NeilBrown , Amir Goldstein , Patrick Plagwitz , "linux-unionfs@vger.kernel.org" , Linux NFS list , Linux FS-devel Mailing List , Linux Kernel Mailing List List-Id: linux-unionfs@vger.kernel.org On Thu, May 02, 2019 at 05:08:14PM +0200, Andreas Grünbacher wrote: > You'll still see permissions that differ from what the filesystem > enforces, and copy-up would change that behavior. That's always true, and this issue isn't really specific to NFSv4 ACLs (or ACLs at all), it already exists with just mode bits. The client doesn't know how principals may be mapped on the server, doesn't know group membership, etc. That's the usual model, anyway. Permissions are almost entirely the server's responsibility, and we just provide a few attributes to set/get those server-side permissions. The overlayfs/NFS case is different, I think: the nfs filesystem may be just a static read-only template for a filesystem that's only ever used by clients, and for all I know maybe permissions should only be interpreted on the client side in that case. --b.