Re: [PATCH] Basic support for checking NFSv4 ACLs in Linux

[Paul Eggert]

On 12/24/22 05:00, Ondrej Valousek wrote:

> I do not know which code referenced deny ACE for "EVERYONE@".
This was already in file-has-acl.c under the ACE_GETACL code, used in 
Solaris 10 and 11 for ZFS and NFSv4. Its commentary talks about "6 entries".

> - I would still reference the who strings indirectly, either via macros (i.e. 
> ACE4_WHO_XXXX) or enum using the names in my original code - because that's the 
> way they are defined in Linux kernel, so it's clear what we are referring to 
> the same thing

Where in the Linux kernel is this done? The only instance of "EVERYONE@" 
that I see is in linux/fs/nfsd/nfs4acl.c, and there's no specific name 
given to the string "EVERYONE@". And I see no name for the string in RFC 
7530. I'm not opposed to giving the string a name but would like to know 
where the name comes from so that we can cite it. In contrast, 
ACE4_ACCESS_DENIED_ACE_TYPE does appear in RFC 7530 so names like that 
are citable

.

> - I still think the best would be to keep the code in lib/acl-internal.c as 
> other (similar) code exists there already. I admit however that I have no clue 
> how to resolve the linker problem, tried various options, did not work.

Yes, the main point for putting the trivial-ACL detection into 
file-has-acl.c rather than acl-internal.c is so that programs like GNU 
ls don't have to link with -lacl. These programs need to know only 
whether the ACL is trivial.

For now Gnulib and its users don't need acl_nfs4_nontrivial to be extern 
so let's keep it static. We can always change it later if need be. (Part 
of the appeal of Gnulib is that it's a source code library so these 
sorts of changes are not a big deal.) It's a specialized function so 
there's a chance it'll never need to be public as-is.

Thanks for reviewing the code changes.