[PATCH] Fix for XDR Backend of NFS4ACL_XATTR module to get it working with NFS4.0 ACL Spec

Jeremy Allison jra at samba.org
Thu Jul 26 18:31:08 UTC 2018


On Thu, Jul 26, 2018 at 06:44:18AM +0200, Volker Lendecke wrote:
> On Wed, Jul 25, 2018 at 03:08:04PM -0700, Jeremy Allison via samba-technical wrote:
> > On Wed, Jul 25, 2018 at 12:24:04PM +0000, Sandeep Nashikkar via samba-technical wrote:
> > > 
> > > Please find attached the updated patch and kindly review it. I added code for
> > > handling those cases where security principals are converted to string identifiers by nfs-ganesha after restart. 
> > 
> > FYI - what platform are you testing this on ?
> > 
> > If I do the following as my own user on Linux/Debian:
> > 
> > $ touch foo
> > $ setfattr -n system.nfs4_acl -v testme foo
> > setfattr: foo: Operation not supported
> 
> Do you have a proper NFSv4 mount on "foo" including ACLs? There that
> precise syscall works for me, albeit using nfs4_setacl:
> 
> strace -o /tmp/x nfs4_setfacl  -a 'A::1005:rtncy' /data/baz
> 
> stat("/data/baz", {st_mode=S_IFREG|0666, st_size=0, ...}) = 0
> stat("/data/baz", {st_mode=S_IFREG|0666, st_size=0, ...}) = 0
> getxattr("/data/baz", "system.nfs4_acl", NULL, 0) = 160
> getxattr("/data/baz", "system.nfs4_acl",
> "\0\0\0\7\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041004\0\0\0\0\0\0\0\0\0\
> 22\0\211\0\0\0\0041004\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041003\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041002\0\0\0
> \0\0\0\0\0\0\36\1\237\0\0\0\6OWNER@\0\0\0\0\0\0\0\0\0@\0\22\0\211\0\0\0\6GROUP@\0\0\0\0\0\0\0\0\0\0\0\22\0\213
> \0\0\0\tEVERYONE@\0\0", 160) = 160
> setxattr("/data/baz", "system.nfs4_acl",
> "\0\0\0\10\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041005\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041004\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041004\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041003\0\0\0\0\0\0\0\0\0\22\0\211\0\0\0\0041002\0\0\0\0\0\0\0\0\0\36\1\237\0\0\0\6OWNER@\0\0\0\0\0\0\0\0\0@\0\22\0\211\0\0\0\6GROUP@\0\0\0\0\0\0\0\0\0\0\0\22\0\213\0\0\0\tEVERYONE@\0\0",
> 180, XATTR_REPLACE) = 0
> 
> > - in other words, the 'system' namespace
> > isn't accessible on Linux. I don't think we
> > can hardcode the 'system' namespace here.
> 
> root at vl-jessie:~# uname -a
> Linux vl-jessie 4.9.0-7-amd64 #1 SMP Debian 4.9.110-1 (2018-07-05) x86_64 GNU/Linux

Ah, so is the "system" namespace only available
to an NFSv4 mounted filesystem ? It certainly
isn't to a standard ext4 one.

Jeremy.



More information about the samba-technical mailing list