vfs_ceph currently performs POSIX ACL mapping and uses xattrs for retention. libcephfs *disables* ACL support by default and returns -EOPNOTSUPP in the POSIX ACL get/setxattr paths as a result. libcephfs ACL support should be explicitly enabled during mount via the following config: client acl type = posix_acl fuse default permissions = false
Created attachment 15060 [details] fix cherry-pick for 4.9.next and 4.10.next
@Jeff: should NFS-Ganesha be doing something similar for ACLs handling, or are they not currently supported there?
Re-assigning to Karolin for inclusion in 4.10.next, 4.9.next.
(In reply to Jeremy Allison from comment #3) Pushed to autobuild-v4-{10,9}-test.
(In reply to David Disseldorp from comment #2) They're not supported there (yet). FSAL_CEPH only supports ATTRS_POSIX (stuff in struct stat() + a few other things) and ATTR_SEC_LABEL for labeled NFS support (aka SELinux). NFSv4 ACLs are more like Windows ACLs so we'd need to translate them to/from POSIX ACLs (which is always a lossy conversion). I think ganesha has routines for this, so we could probably enable it to use POSIX ACLs there without too much effort. What we should probably do long-term is add richacl support to libcephfs and then have FSAL_CEPH / vfs_ceph use that directly instead. That's a larger project though. FWIW, I also have some concerns about libceph's ACL enforcement in general. ACLs are only enforced on the client AFAICT, and I suspect there could be some ToC/ToU races in certain situations, particularly when the client doesn't hold auth caps.
(In reply to Karolin Seeger from comment #4) Pushed to both branches. Re-assigning to David to keep bug open for further discussion (if needed).
Thanks for the feedback Jeff! (In reply to Jeff Layton from comment #5) > (In reply to David Disseldorp from comment #2) > > They're not supported there (yet). FSAL_CEPH only supports ATTRS_POSIX > (stuff in struct stat() + a few other things) and ATTR_SEC_LABEL for labeled > NFS support (aka SELinux). > > NFSv4 ACLs are more like Windows ACLs so we'd need to translate them to/from > POSIX ACLs (which is always a lossy conversion). I think ganesha has > routines for this, so we could probably enable it to use POSIX ACLs there > without too much effort. FSAL_CEPH POSIX ACL support would be good to have as a lingua franca until richacl support (or similar) is available. > What we should probably do long-term is add richacl support to libcephfs and > then have FSAL_CEPH / vfs_ceph use that directly instead. That's a larger > project though. Agreed, that'd be ideal and would also allow us to bypass kernel support for now (until greater adoption perhaps :). > FWIW, I also have some concerns about libceph's ACL enforcement in general. > ACLs are only enforced on the client AFAICT, and I suspect there could be > some ToC/ToU races in certain situations, particularly when the client > doesn't hold auth caps. Ouch, okay, thanks for the heads-up. Please add me to any tickets that may exist to track this.
(In reply to Karolin Seeger from comment #6) > (In reply to Karolin Seeger from comment #4) > Pushed to both branches. > Re-assigning to David to keep bug open for further discussion (if needed). Thanks Karo - closing...