[PATCH][WIP] Make vfs_acl_xattr use hash of the posix ACL

Sun Oct 14 09:15:58 MDT 2012

On Sun, 2012-10-14 at 21:47 +1100, Andrew Bartlett wrote:
> On Sun, 2012-10-14 at 10:34 +0200, Volker Lendecke wrote:
> > On Sat, Oct 13, 2012 at 04:27:10PM -0400, simo wrote:
> > > On Sat, 2012-10-13 at 15:09 +1100, Andrew Bartlett wrote:
> > > > On Fri, 2012-10-12 at 17:53 -0400, simo wrote:
> > > > 
> > > > > Sorry I am afraid you didn't explain why it is ok to keep mappings on
> > > > > disk that do not match anymore.
> > > > 
> > > > Thinking about this some more, we can now do that.  We can confirm if
> > > > the mapping NT -> posix has changed (because we have stored the result
> > > > of that), as well as tell if the posix ACL itself has changed, or
> > > > (because I store both hashes) the posix ACL is unchanged but the posix
> > > > -> NT mapping has changed.
> > > > 
> > > > We couldn't do that before, all we would know is that *either* the posix
> > > > -> NT mapping (which is the mapping this module is specifically trying
> > > > to avoid returning to the client) has changed, or the the posix ACL has
> > > > changed. 
> > 
> > I haven't fully followed this discussion, so excuse me if
> > I'm talking rubbish here and just ignore me...
> > 
> > To be really correct, I think we need to properly version
> > the NT SD in the acl_xattr module and provide upgrade
> > routines. Whenever we change the mapping code, a new version
> > is created. I know upgrade routines are really a pain, but
> > if we want data on disk to remain valid across versions, I
> > think this is the only way to avoid horrible confusion with
> > multiple hashes and their different meanings.
> 
> The IDL structure written to the disk is a union with a version.  This
> will be version 4.  The code reads the old version fine.  The code will
> write the old version (3) and so behave unchanged if the sys_acl_blob
> function fails (current eg would be a NFSv4 ACL).  Writing the old
> version (3) using a parametric smb.conf option would be a trivial change
> if desired.
> 
> I'm also trying to push as much extra metadata as I can think of (a
> description of what the system ACL hash if of, and the current time)
> into the xattr, so we can recover from a planned or unplanned change to
> what goes into the hash.
> 
> Also, because we have a hash of what the NT -> POSIX mapping produced
> (the system ACL) we can reset the posix ACL if we detect that it is the
> NT -> POSIX mapping that has changed, rather than the POSIX ACL itself. 
> 
> In short, my strongest priority is increasing robustness here.

Andrew be careful of the amount of data you push, 4k of space are not
much and every byte of metadata you add is one less byte of actual ACL
you can store.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>