lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <558C5E7B.6080607@samba.org>
Date:	Thu, 25 Jun 2015 22:03:07 +0200
From:	"Stefan (metze) Metzmacher" <metze@...ba.org>
To:	Jeremy Allison <jra@...ba.org>,
	Andreas Gruenbacher <andreas.gruenbacher@...il.com>
CC:	linux-nfs@...r.kernel.org, linux-api@...r.kernel.org,
	samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [RFC v3 00/45] Richacls

Hi Andreas,

>> here's another update of the richacl patch queue.  The changes since the last
>> posting (https://lwn.net/Articles/638242/) include:
>>
>>  * The nfs client now allocates pages for received acls on demand like the
>>    server does.  It no longer caches the acl size between calls.
>>
>>  * All possible acls consisting of only owner@, group@, and everyone@ entries
>>    which are equivalent to the file mode permission bits are now recognized.
>>    This is needed because by the NFSv4 specification, the nfs server must
>>    translate the file mode permission bits into an acl if it supports acls at
>>    all.
>>
>>  * Support for the dacl attribute over NFSv4.1 for Automatic Inheritance, and
>>    also for the write_retention and write_retention_hold permissions.
>>
>>  * The richacl_compute_max_masks() documentation has been improved.
>>
>>  * Various minor bug fixes.
>>
>> The git version is available here:
>>
>>   git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \
>> 	richacl-2015-04-24
> 
> FYI. I have a mostly (needs test suite adding) working module
> for Samba for Andreas's richacls code.
> 
> Using it we map incoming Windows ACLs directly to richacls
> using the same mapping as we use for existing ZFS ACLs.

Yes, we need to make sure the code supports everything we require,
proved by working code.

We should avoid the disaster with the mostly unuseable F_SETLEASE
code for kernel oplocks.

Thanks!
metze


Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ