From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 958031F910 for ; Tue, 8 Nov 2022 22:12:40 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="MqYOX4ng"; dkim-atps=neutral Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1osWpN-0002Gc-Ai; Tue, 08 Nov 2022 17:12:17 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1osWpK-0002FW-TC for bug-gnulib@gnu.org; Tue, 08 Nov 2022 17:12:14 -0500 Received: from mail-ej1-x636.google.com ([2a00:1450:4864:20::636]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1osWpI-0003ST-4p for bug-gnulib@gnu.org; Tue, 08 Nov 2022 17:12:14 -0500 Received: by mail-ej1-x636.google.com with SMTP id 13so42228802ejn.3 for ; Tue, 08 Nov 2022 14:12:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=P9OXNF/fI8OrIzit5syp7btVXM49naQvEnnt1IPhfCk=; b=MqYOX4ngQBDVcGRKDmYo8cETR3HVaRX/VUG82OGJol4xbVnkVUTuP4igChclIRfQyW 0DHIIfm9UtsSeH+hdK4tPZvBMC2fao/6jkPe19TA/NCd/ZN5qHULNG0jAuEMiMoBLLXP hY4vVTx2+t9sE+2QEB0HRGly5L5TgU2DgxQzefEgErBy7AR1wRBR71kNVjQsGc98fO4C snr1MzDTPdIh5OUmr1RE3/TpDZx/YbY+SjeRZCHOa7pSEJSmfjK72sT70b0JsOCPhwXA 5R25pJ130CmQyevyvtOTDKDYSOYyGWRJIr1TyMYEk8xOfQXg7Uwfcu76iRBloJY5Ay5U 5ZsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=P9OXNF/fI8OrIzit5syp7btVXM49naQvEnnt1IPhfCk=; b=LTZma/l0DcQR4xThzWoMD/jCMS81bouSG78hbfs0QzOFhDe78Ieen09iB9Tijoejb6 2Iy99lD9jsx7sksdWRhlVjdAtydiI97EVr7ik0vTgDR50ZEoQtxq9n73SbRdBq96NMmr /kAN0Dze4HZ7fwjEq9wRry1Z2YqnmqHGZJ/UyqDkycPsERgS9Xhc8rsfrNbpZHMMMGc9 MLCevGWXoDD7eabYUk7orPHfErxsLarmF/F5QlsEpfFRRWahJ3G03IgAWkv45KGtyBFO ErWu0YXfa0amusg+gbfXEqAvpkKhwHCpSpjIM0RtkZF/Hx7FS/V1PnC/ZvgvQ/LyQZB9 ygpw== X-Gm-Message-State: ANoB5pk2OqfVelx74Y2HFOQu8eU7PvEG7rmmrLMeLW34MwbqvyS2vr8l p8o8vWDWAbqodx7kvTBavp4vlTS/E3AG+ERSFxk= X-Google-Smtp-Source: AMsMyM46kbcybwZdqvLWQM38V8nEpUUdGMz6KpJV7DALOjweNpuYhgZ9mJ/MmnLX7JGwMsBqwfODDV3VCgW3AyTUL08= X-Received: by 2002:a17:906:fe0a:b0:76f:e373:d84b with SMTP id wy10-20020a170906fe0a00b0076fe373d84bmr19230826ejb.297.1667945521225; Tue, 08 Nov 2022 14:12:01 -0800 (PST) MIME-Version: 1.0 References: <20221027093401.813511-1-ondrej.valousek.xm@renesas.com> <3549181.dhzUhtFnW9@nimes> In-Reply-To: From: =?UTF-8?Q?Andreas_Gr=C3=BCnbacher?= Date: Tue, 8 Nov 2022 23:11:47 +0100 Message-ID: Subject: Re: [PATCH] Basic support for checking NFSv4 ACLs in Linux To: Ondrej Valousek Cc: Paul Eggert , Bruno Haible , "bug-gnulib@gnu.org" Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2a00:1450:4864:20::636; envelope-from=andreas.gruenbacher@gmail.com; helo=mail-ej1-x636.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Am Mo., 7. Nov. 2022 um 13:45 Uhr schrieb Ondrej Valousek : > Hi Andreas, > Can you please clarify this? Gnulib commit da6ebc941 ("acl: On Linux, check for acls without libacl") switched from acl_extended_file to getxattr to avoid a runtime dependency on libacl. I think that was mainly a benefit during bootstrapping and in degraded environments. It's been a while, though. > Note I have also submitted a possible patch to the libacl, in case we do not want to put this functionality to gnulib. libacl only knows about POSIX ACLs, and that's on purpose to some degree. The other kinds of ACLs work quite differently, such that the POSIX ACL API doesn't match those kinds of ACLs very well. (For example, the order of entries in POSIX ACLs doesn't matter / is predefined, while different orders can lead to different results in the NFSv4 ACL world.) It wouldn't make any sense to support NFSv4 ACLs in acl_extended_file() only. As far as support for Linux's client-side view of NFSv4 ACLs in gnulib's file_has_acl() function goes, there is precedent for that for other systems and kinds of ACLs, so I don't see why it shouldn't be added there. It's a hopeless and unfixable mess already, and that particular quirk won't change a thing. The implementation should be changed to at least use a static buffer on the stack that's just big enough for trivial NFSv4 ACLs. Instead of probing the size and then reading the ACL, read the ACL right away. If there is no ACL or if the ACL is trivial, we'll know right away. If the ACL is too big, it must be non-trivial. > Afaik you are also maintainer of libacl... right? > Thanks > Ondrej Thanks, Andreas