Sam Lang wrote:
acl-check-assert.patch:
------------------------
It seems like it should be possible to do that format checking of the
acl when the system.posix_acl_access extended attribute is set. Does
it make sense to add a callouts framework to set-eattr to do format
checking for specific xattrs?
I'm not sure- maybe? I don't actually know how the file system that
triggered this problem got bad acls in the first place.
root-squash.patch:
------------------
For root-squash: I've wondered why the dspace entries for datafile
handles don't carry the ownership and permissions, and it seems like
its only because we don't pass the attributes along with the create
call. The setattr does set the attrs on the metadata handle, but its
primary purpose is to set the datafile handles list in the metadata.
We already have the file's attributes -- they get passed in with the
PVFS_sys_create call. Could we possibly add an object attr field to
the create so that the attr gets set on dspace entry for datafile
handles as well? Once that's done, the credentials passed in the write
request could be checked against the attributes. I think that would
allow us to get the proper semantics for squashing.
The drawback I see in doing this would be that a chmod/chown/chgrp
would require doing setattrs to all the IO servers as well as the
metadata server. It seems like those operations are infrequent enough
that doing so wouldn't be a big deal. Also, the create state machine
on the server would have to do a trove_dspace_setattr after the
trove_dspace_create completed. We could avoid being 2x slower by not
syncing on the create though.
I think the biggest challenge of putting attrs on the dfiles would be
keeping them in sync, for example if a client died halfway through a
chown and only modified a subset of the dfiles.
Thanks for applying the patches!
-Phil
_______________________________________________
Pvfs2-developers mailing list
[email protected]
http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
