[Bugs] [Bug 1566891] Set ACL policy in distrubte online will be failed which do check ACL permission

bugzilla at redhat.com bugzilla at redhat.com
Fri Apr 13 07:22:04 UTC 2018


https://bugzilla.redhat.com/show_bug.cgi?id=1566891



--- Comment #1 from George <george.lian at nokia.com> ---
>From the code study for posix-acl Xlator part, I have some concern for the
following 2 point.
1)     Configure item “md-cache.cache-posix-acl” is not implement , though the
item is defined in md-cache xlator.
2)     There are more logic in posix_acl_FOP(posix_acl_lookup,posix_acl_create,
and so on)  have the following code script:
        if (acl_permits (frame, loc->parent, POSIX_ACL_EXECUTE))
                goto green;
        else
                goto red;

the above code will check the inode’s parent acl whether the ACL policy is met
or not,  but if we set the ACL policy on the other client, 
the current client(mount point, glusterfs process) have no chance to get the
ACL policy of parent inode in most case with the current implement of glusterfs
, 

I suppose when ACL disabled, the lookup and getattr FOP for parent inode will
be reduced due to  performance consider, but when ACL enabled, it will lead to
ACL policy issue.

and 2 question:
1) do glusterfs support ACL distribute cases?
2) if yes, have there test case agaient distribute ACL setting online case?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.


More information about the Bugs mailing list