Re: Inconsistencies with trusted.SGI_ACL

To:	Dave Chinner <david@xxxxxxxxxxxxx>
Subject:	Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}
From:	Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Date:	Tue, 27 Oct 2015 00:52:10 +0100
Cc:	Brian Foster <bfoster@xxxxxxxxxx>, xfs@xxxxxxxxxxx
Delivered-to:	xfs@xxxxxxxxxxx
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat_com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=2xl2oUPT9diIRrDhk3KNqnYy9QRBlUIZXadXOJHCdMY=; b=zEwBjA7Yh7idBCund0daPUqlj0tosElCP1oiBS9ZF9eFNR870NQWtWXKY/LFjaX3HV 5RLPFJ6j3BKefOx7tXGYJdmp8G76s3xwrO6PGbi9kWIXg0ItCIEg1nko8QfeOj50PlgU dKjlquzlcXaWUkDsVBGMpAeEToAH3Sz6DncAX2wEB4RgAuUlLgR3Ws4hCfTczlesK1Ni vtyPJb7RnFn8+U9mH3ujNRVIr+he56TrUkKyINdt4uCkfjoRa3EhQosJVePOXWkPBvoe dTXU1iMnpfal7UdIJyX3RPf6oNbdvodljLSdUvyuMI0LRmze4CeUrMuwWVS65ODOVFPT WnqA==
In-reply-to:	<20151026213228.GI8773@dastard>
References:	<CAHc6FU5gS4BA+iTRHo1oHJMVHkLs4aa0eYd5T1ftLC9biRaxrg@xxxxxxxxxxxxxx> <20151024125659.GA8095@xxxxxxxxxxxxxxx> <CAHc6FU6eVn=KpKvhD2N8hvAgdFQVdBHHS9tUgaVQJf5wnipY=g@xxxxxxxxxxxxxx> <20151024152254.GA22232@xxxxxxxxxxxxxxx> <20151026213228.GI8773@dastard>

On Mon, Oct 26, 2015 at 10:32 PM, Dave Chinner <david@xxxxxxxxxxxxx> wrote:
> Really, I'm struggling to understand what the problem is with XFS
> doing translation to it's own special xattr names for ACLs
> underneath the posix layer.

Right now, setting one of the SGI_ACL attributes leads to stale i_acl
/ i_default_acl fields and in the case of SGI_ACL_FILE, possibly to
outdated permissions in i_mode. You would get different information
from getfacl than what's stored on disk.

> Yes, there's a caching issue when someone directly manipulates
> the underlying xattr,

"Directly manipulating" could be doing a setxattr of an attribute that
was previously retrieved by getxattr, like restoring a backup.

> but you need root to shoot yourself in the foot that way, and that is easily
> solveable.

What do you mean, it's easily solvable?

Thanks,
Andreas

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, (continued) Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, Andreas Gruenbacher Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, Dave Chinner Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, Andreas Gruenbacher Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, Dave Chinner Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, Andreas Gruenbacher [PATCH 1/4] xfs: Validate the length of on-disk ACLs, Andreas Gruenbacher [PATCH 4/4] xfs: SGI ACLs: Prepare for richacls, Andreas Gruenbacher Re: [PATCH 4/4] xfs: SGI ACLs: Prepare for richacls, Andreas Gruenbacher Re: [PATCH 0/4] xfs: SGI ACL Fixes, Brian Foster Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher <= Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Brian Foster

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Wchanzy Trading Co.,Ltd, Zia Malik
Next by Date:	Re: [PATCH 4/4] xfs_repair: Validate richacl attributes, Andreas Gruenbacher
Previous by Thread:	Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner
Next by Thread:	Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Wchanzy Trading Co.,Ltd, Zia Malik

Next by Date:

Re: [PATCH 4/4] xfs_repair: Validate richacl attributes, Andreas Gruenbacher

Previous by Thread:

Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner

Next by Thread:

Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner

Indexes:

[Date] [Thread] [Top] [All Lists]