From bc8c5dc013e40c11453f80a4e1411926592c9203 Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@samba.org>
Date: Fri, 12 Apr 2019 13:52:43 +0200
Subject: [PATCH 1/2] vfs_ceph: explicitly enable libcephfs POSIX ACL support

libcephfs disables ACL support by default and returns -EOPNOTSUPP in the
POSIX ACL get/setxattr paths as a result. Enable support by setting the
following Ceph config parameters during mount:
        client acl type = posix_acl
        fuse default permissions = false

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4982e282f2f2246952854ccc10d4787ac6653a7f)
---
 source3/modules/vfs_ceph.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index a3fd6095ef5..5ba7ef0bb25 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -119,6 +119,17 @@ static int cephwrap_connect(struct vfs_handle_struct *handle,  const char *servi
 		goto err_cm_release;
 	}
 
+	/* libcephfs disables POSIX ACL support by default, enable it... */
+	ret = ceph_conf_set(cmount, "client_acl_type", "posix_acl");
+	if (ret < 0) {
+		goto err_cm_release;
+	}
+	/* tell libcephfs to perform local permission checks */
+	ret = ceph_conf_set(cmount, "fuse_default_permissions", "false");
+	if (ret < 0) {
+		goto err_cm_release;
+	}
+
 	DBG_DEBUG("[CEPH] calling: ceph_mount\n");
 	ret = ceph_mount(cmount, NULL);
 	if (ret < 0) {
-- 
2.16.4


From 33cb18210c4067bd103cf0024c6136217d7d93d6 Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@samba.org>
Date: Fri, 12 Apr 2019 13:55:50 +0200
Subject: [PATCH 2/2] docs/vfs_ceph: describe new ACL behaviour

vfs_ceph now explicitly enables libcephfs POSIX ACL support.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 12 19:40:25 UTC 2019 on sn-devel-144

(cherry picked from commit 58314d71ea63e36d5f1bbd2c3e190b1edffee726)
---
 docs-xml/manpages/vfs_ceph.8.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs-xml/manpages/vfs_ceph.8.xml b/docs-xml/manpages/vfs_ceph.8.xml
index 453052ebae9..5b32122113a 100644
--- a/docs-xml/manpages/vfs_ceph.8.xml
+++ b/docs-xml/manpages/vfs_ceph.8.xml
@@ -49,6 +49,17 @@
 		list. Modules added to this list to the right of the ceph
 		entry may not have any effect at all.
 	</para>
+
+	<para>
+		<command>vfs_ceph</command> performs mapping between Windows and
+		POSIX Access Control Lists (ACLs). To ensure correct processing
+		and enforcement of POSIX ACLs, the following Ceph configuration
+		parameters are automatically applied:
+	</para>
+	<programlisting>
+		<command>client acl type = posix_acl</command>
+		<command>fuse default permissions = false</command>
+	</programlisting>
 </refsect1>
 
 <refsect1>
-- 
2.16.4