linux/fs/nfsd
J.Bruce Fields 09229edb68 [PATCH] knfsd: nfsd4: acls: relax the nfsv4->posix mapping
Use a different nfsv4->(draft posix) acl mapping which is
	1. completely backwards compatible,
	2. accepts any nfsv4 acl, and
	3. errs on the side of restricting permissions.

In detail:

	1. completely backwards compatible: The new mapping produces the
	same result on any acl produced by the existing (draft
	posix)->nfsv4 mapping; the one exception is that we no longer
	attempt to guess the value of the mask by assuming certain denies
	represent the mask.  Since the server still keeps track of the mask
	locally, sequences of chmod's will still be handled fine; the only
	thing this will change is sequences of chmod's with intervening
	read-modify-writes of the acl.  That last case just isn't worth the
	trouble and the possible misrepresentations of the user's intent
	(if we guess that a certain deny indicates masking is in effect
	when it really isn't).

	2. accepts any nfsv4 acl: That's not quite true: we still reject
	acls that use combinations of inheritance flags that we don't
	support.  We also reject acls that attempt to explicitly deny
	read_acl or read_attributes permissions, or that attempt to deny
	write_acl or write_attributes permissions to the owner of the file.

	3.  errs on the side of restricting permissions: one exception to
	this last rule: we totally ignore some bits (write_owner,
	synchronize, read_named_attributes, etc.) that are completely alien
	to our filesystem semantics, in some cases even if that would mean
	ignoring an explicit deny that we have no intention of enforcing.
	Excepting that, the posix acl produced should be the most
	permissive acl that is not more permissive than the given nfsv4
	acl.

And the new code's shorter, too.  Neato.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-10-04 07:55:20 -07:00
..
auth.c
export.c [PATCH] knfsd: nfsd4: clean up exp_pseudoroot 2006-10-04 07:55:20 -07:00
lockd.c
Makefile
nfs2acl.c [PATCH] knfsd: register all RPC programs with portmapper by default 2006-10-04 07:55:19 -07:00
nfs3acl.c [PATCH] knfsd: register all RPC programs with portmapper by default 2006-10-04 07:55:19 -07:00
nfs3proc.c [PATCH] knfsd: Prepare knfsd for support of rsize/wsize of up to 1MB, over TCP 2006-10-04 07:55:16 -07:00
nfs3xdr.c [PATCH] knfsd: Prepare knfsd for support of rsize/wsize of up to 1MB, over TCP 2006-10-04 07:55:16 -07:00
nfs4acl.c [PATCH] knfsd: nfsd4: acls: relax the nfsv4->posix mapping 2006-10-04 07:55:20 -07:00
nfs4callback.c [PATCH] knfsd: add some missing newlines in printks 2006-10-02 07:57:17 -07:00
nfs4idmap.c
nfs4proc.c [PATCH] knfsd: Avoid excess stack usage in svc_tcp_recvfrom 2006-10-04 07:55:15 -07:00
nfs4recover.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
nfs4state.c
nfs4xdr.c [PATCH] knfsd: Prepare knfsd for support of rsize/wsize of up to 1MB, over TCP 2006-10-04 07:55:16 -07:00
nfscache.c
nfsctl.c [PATCH] knfsd: Allow max size of NFSd payload to be configured 2006-10-04 07:55:16 -07:00
nfsfh.c
nfsproc.c [PATCH] knfsd: Prepare knfsd for support of rsize/wsize of up to 1MB, over TCP 2006-10-04 07:55:16 -07:00
nfssvc.c [PATCH] knfsd: Allow max size of NFSd payload to be configured 2006-10-04 07:55:16 -07:00
nfsxdr.c [PATCH] knfsd: Prepare knfsd for support of rsize/wsize of up to 1MB, over TCP 2006-10-04 07:55:16 -07:00
stats.c
vfs.c [PATCH] knfsd: make nfsd readahead params cache SMP-friendly 2006-10-04 07:55:16 -07:00