[PATCH 2/2] vfs_ceph: implement ACL callbacks

Ira Cooper ira at wakeful.net
Wed Feb 17 04:02:58 UTC 2016

On Tue, Feb 16, 2016 at 3:03 PM, Jeremy Allison <jra at samba.org> wrote:

> On Tue, Feb 16, 2016 at 05:15:41PM +0800, Yan, Zheng wrote:
> >
> > > On Feb 16, 2016, at 16:09, Ira Cooper <ira at wakeful.net> wrote:
> > >
> > >
> > > This code is awful in the gluster module, I've commented that we need
> to fix it and get rid of it.
> > >
> > > The #defines, and the structure clearly belong in system or
> ceph/gluster headerfiles.
> > >
> > > So I'm going to NAK this, unless I get strong objections.  We should
> discuss with the ceph community what the right thing to do is.  In this
> case: Copy gluster isn't it ;).
> >
> > Yes, the code is ugly.
> >
> > There is a module vfs_posixacl.cc , which gets acl xattr from local
> filesystem. How about updating that module, make it get acl xattr from vfs
> module below it. By this way, we don’t need to implement acl related
> functions in ceph vfs module.
> Hmmm. vfs_posixacl.c is meant to be the
> lowest layer on top of the filesystem
> so I dont think changing that is a good
> idea.
> Ira, the code is ugly in the gluster VFS
> here, but I would argue that implementing
> the sys_acl_XXX() functions into ceph
> is probably the right way to insulate
> ceph from having to do its own ACL mapping
> in the same way it's done in gluster.
> What other plan do you have in mind ?
> One other thought - both gluster and
> ceph need to prepare for RichACLs going
> into xaddrs, which is slowly making its
> way through the kernel review process.

i'd say "use libacl if we can."  If we can't, my thoughts are:

One copy of crappy code beats two.

If ceph has its own acl handling, use it.  Same for Gluster.

And I agree on RichACL.  Though I think that library is constructed so we
can pass the binary acl in and out, so there's no excuse not just to have a
"RichACL" layer, in samba, and some VFS calls to deal with exactly how the
filesystems deal with it.

I don't know if cephfs is planning RichACL support, that's another valid
question :).



More information about the samba-technical mailing list