| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210428191325.GA7400@fieldses.org>
Date: Wed, 28 Apr 2021 15:13:25 -0400
From: bfields@...ldses.org (J. Bruce Fields)
To: Namjae Jeon <namjae.jeon@...sung.com>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
smfrench@...il.com, senozhatsky@...omium.org, hyc.lee@...il.com,
viro@...iv.linux.org.uk, hch@....de, hch@...radead.org,
ronniesahlberg@...il.com, aurelien.aptel@...il.com,
aaptel@...e.com, sandeen@...deen.net, dan.carpenter@...cle.com,
colin.king@...onical.com, rdunlap@...radead.org,
willy@...radead.org
Subject: Re: [PATCH v2 00/10] cifsd: introduce new SMB3 kernel server
On Thu, Apr 22, 2021 at 09:28:14AM +0900, Namjae Jeon wrote:
> ACLs Partially Supported. only DACLs available, SACLs
> (auditing) is planned for the future. For
> ownership (SIDs) ksmbd generates random subauth
> values(then store it to disk) and use uid/gid
> get from inode as RID for local domain SID.
> The current acl implementation is limited to
> standalone server, not a domain member.
> Integration with Samba tools is being worked on to
> allow future support for running as a domain member.
How exactly is this implementing ACLs? I grepped through the code a bit
and couldn't quite figure it out--it looked like maybe it's both
converting to a POSIX ACL and storing the full SBM ACL in an xattr, is
that correct? When you read an ACL, and both are present, which do you
use?
Also it looked like there's some code from fs/nfsd/nfs4acl.c, could we
share that somehow instead of copying?
--b.
Powered by blists - more mailing lists