[PATCH] Add tests for our NFSv4 ACL code

Alexander Werth werth at linux.vnet.ibm.com
Wed Apr 17 13:13:46 MDT 2013

On Sun, 2013-04-14 at 22:00 +1000, Andrew Bartlett wrote:
> From here, I want to learn more about the failures, work out at what
> layer we should be doing various inheritance operations (adding
> emulation if required), and possibly patch raw.acls to optionally skip
> SACLs in the comparisons. 

I've merged the inheritance emulation into your nfs4acl_xattr module.
Please find the code in the attached patch.
The idea is that if no xattr with nfs4 acls is found the parent
folders are inspected recursively.
This way any vfs operation reading the acl of a file that just got
created with an open call will return the right security descriptor.

With this the test nfs4acl_xattr.dynamic passes.
The nfs4acl_xattr.inheritance passes as well but there are
warnings since the SDs don't match bit for bit and the torture
test returns a failed even though there was no hard error.
So I guess we have to adjust the torture test before committing
this patch.

With kind regards,
Alexander Werth

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-vfs-Add-inheritance-emulation-to-vfs_nfs4acl_xattr.patch
Type: text/x-patch
Size: 12371 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130417/0cde5396/attachment.bin>

More information about the samba-technical mailing list