[PATCH][WIP] Make vfs_acl_xattr use hash of the posix ACL

[Jeremy Allison]

On Tue, Oct 09, 2012 at 12:12:45PM -0700, Jeremy Allison wrote:
> On Tue, Oct 09, 2012 at 10:58:17PM +1100, Andrew Bartlett wrote:
> > This patch (still a work in progress, as I know it fails some tests) is
> > what I've been talking about for months, and which I got VFS changes in
> > (almost - one small change in this patch) into 4.0.0rc1.
> > 
> > The idea is simple, have the ACL modules (the posix ACL modules in
> > particular) provide a blob form of the ACL, and then hash that, rather
> > than an NT ACL that might change if our ACL mapping code changes. 
> > 
> > So far I've made it simply fall back in the NFSv4 case, but we can
> > define these in IDL as well if we want to do the same there. 
> > 
> > The idea is to insulate these on-disk values from any required change we
> > have to make. 
> > 
> > I'm proposing these changes (once finished) for master, and will son
> > have some more tests for this code.
> > 
> > Any thoughts or comments most appreciated.
> 
> I'm not very keen on the talloc_steal code in here.
> 
> Why are you moving the talloc hierarcies around ?
> 
> The current ACL code is very simple, in that the
> returned ACLs to any FGET_NT_ACL/GET_NT_ACL are
> always allocated on the talloc_tos() of the caller.
> 
> There are no cases I know of where the context is
> anything other than containing talloc_tos() (actually
> this causes an issue in one place, but the place to
> fix that is in the caller of [F]GET_NT_ACL).
> 
> I don't see the need for making this more complicated
> than that.

Yeah, looking again - this part:

+       /* The VFS API is that the ACL is expected to be on NULL */
+       *ppdesc = talloc_steal(NULL, psd);

is incorrect. The ACL is always on talloc_tos(). If we have
docs saying it's on NULL, we need to fix those.

Jeremy.