lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 24 Oct 2011 05:49:10 -0400
From:	Christoph Hellwig <hch@...radead.org>
To:	"J. Bruce Fields" <bfields@...ldses.org>
Cc:	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
	agruen@...nel.org, akpm@...ux-foundation.org,
	viro@...iv.linux.org.uk, dhowells@...hat.com,
	linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH -V8 00/26]  New ACL format for better NFSv4 acl
 interoperability

On Mon, Oct 24, 2011 at 05:17:16AM -0400, J. Bruce Fields wrote:
> > How do we push these changes to Linus tree ? Andrew, Viro, any comment
> > on how we can get this merged upstream ?
> 
> Andrew, it sounds like you might be willing to shepherd these through?
> Let us know what you'd need.

It really has to through the VFS tree.  And to be honest despite the
repostings there's been exactly zero progress on getting there.

Please as a first thing submit the various small cleanups indepent
of the other changes.  If you can't even those in there's no point
in trying.  Second do not repeat the mistakes of the old ACL code,
that is don't do too much work inside the filesystems.  Al, Linus
and me spent a lot of working on pushing it into common code and
it's not done.  For any new ACL model I really want to see zero
per-fs code except for callouts in chmod & co and actually
setting the xattr vector to a genericly provided one.  And please
wire up all common filesystems to actually prove that point.

I also really hate all the duplication - I want to see a really good
reason why all this code needs to be duplicated.  Just look at
the mess done to check_acl and the ACL caching in the inode and
any normal person would throw up.  There is absolutely no reason
to not implement Posix ACLs as a subset of the NFSv4 ACL (not actually
a subset in the strict mathematical sense, but close enough).

After all this techical work (which was brought up before) has been
done you can resubmit it.  And that point you'd better have very
good and very lengthy rationale for why adding an utterly stupid
ACL model is supposed to be a good idea.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ