NFSv4 ACL support in star

[Edward Tomasz Napierała]

Wiadomość napisana przez Joerg Schilling w dniu 6 lis 2013, o godz. 18:39:
> Trying to add Andreas Grünbacher who implemented the original 
> POSIX.1e code for Linux.

[..]

> I like to see an implementation that (if implemented as an enhancement of the
> withdrawn POSIX.1e ACL interfaces) gives similar features as libsec does:

In order to make FreeBSD support NFSv4, I did exactly that: I've added
a number of functions, such as acl_get_entry_type_np(3) (basically, this
is for "allow/deny" part of ACL), and extended existing ones, e.g. to add
new permissions.

> -	libsec e.g. calls pathconf(name, _PC_ACL_ENABLED) in order to find
> 	the ACL type that is used for a file and controls which ACL flavor to 
> 	retrieve.

Use the usual pathconf(3), with _PC_ACL_NFS4.

> -	libsec includes code to deal with ephemeral IDs used with CIFS clients.

Hm, isn't this independent from ACL implementation?

> -	libsec offers acl_type(aclp) to find the ACl type without a need to
> 	call acl_totext(), so I could use:

See acl_get_brand_np().

> 	acl_totext(aclp, 0) for UFS ACLs and the known to work postprocess code.
> 
> 	or
> 
> 	acl_totext(aclp, ACL_COMPACT_FMT | ACL_APPEND_ID | ACL_SID_FMT) for
> 	NFSv4 ACLS.

The acl_to_text() function works for both POSIX.1e and NFSv4 ACLs; to change
the output format there is acl_to_text_np().

> See e.g.: http://schillix.berlios.de/man/man3sec/acl_totext.3sec.html
> and other man pages at: 
> 
> 	http://schillix.berlios.de/man/man3sec/
> 
> I am in hope that we could get a final library interface that still stays 
> compatible between FreeBSD and Linux as this was the base for being able to 
> support more platforms with POSIX.1e draft ACLs.

I think porting what I did would be a good choice - it's fully backwards
compatible, API-wise, and not actually hacky.

-- 
If you cut off my head, what would I say?  Me and my head, or me and my body?