Bug 1242385

Summary: [ACL]: Fuse mount with option acl is successful but is not shown in mount output
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Rahul Hinduja <rhinduja>
Component: fuseAssignee: Ravishankar N <ravishankar>
Status: CLOSED NOTABUG QA Contact: storage-qa-internal <storage-qa-internal>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rhgs-3.1CC: chrisw, csaba, nbalacha, ndevos, nlevinki, rnalakka, sankarshan
Target Milestone: ---Keywords: ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-30 13:03:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rahul Hinduja 2015-07-13 08:59:28 UTC 
Description of problem:
=======================

ACL specifies the access rights allowed, denied. Mounting the volume with glusterfs option acl is successful, but when a user issues a mount command it is not shown in the output. If it is not shown in the mount options, not sure how the user will be educated to use this feature of acls at all for fuse mount. 

Mounting volume with NFS options acl is listed correctly in the mount output as:

[root@wingo scripts]# mkdir /mnt/slave /mnt/slave_nfs
[root@wingo scripts]# mount -t glusterfs -o acl 10.70.46.101:/slave /mnt/slave
[root@wingo scripts]#
[root@wingo scripts]# mount -t nfs -o acl,vers=3 10.70.46.101:/slave /mnt/slave_nfs 
[root@wingo scripts]# 

[root@wingo slave]# mount | grep slave
10.70.46.101:/slave on /mnt/slave type fuse.glusterfs (rw,allow_other,max_read=131072)
10.70.46.101:/slave on /mnt/slave_nfs type nfs (rw,acl,vers=3,addr=10.70.46.101)
[root@wingo slave]# 




Version-Release number of selected component (if applicable):
=============================================================

glusterfs-3.7.1-7.el6rhs.x86_64


How reproducible:
=================

Always


Steps to Reproduce:
===================
1. Mount the volume (FUSE and NFS) wit options -o acl
2. Issue mount command
Comment 3 Nithya Balachandran 2016-06-08 05:15:21 UTC 
Assigning this to Ravi as this is a Fuse issue.
Comment 9 Niels de Vos 2016-06-20 12:20:59 UTC 
ACLs are not enabled by default in the GlusterFS FUSE client. Mounting with "-o acl" adds the required option to the command line for the glusterfs executable that does the mount.

I suspect that there is an issue with the show_options() function pointer in the "struct super_operations fuse_super_operations" of fs/fuse/inode.c, or maybe in the function that calls it. The "acl" option is a standard one, so it would be handled in the upper layer. I think the "acl" option is the default for many filesystems, and defaults are not displayed in the /proc/mounts option.

Userspace processes can not communicate with the kernel part and pass mount options that need to be shown in the /proc/mounts file. Some fuse/userspace specific option will be missing.

We could check if mounting with "-o noacl" gets added to /proc/mounts. If that is the case, we can add that as a default option to the /sbin/mount.glusterfs shell script.
Comment 10 Ravishankar N 2016-06-20 15:54:18 UTC 
(In reply to Niels de Vos from comment #9)
> ACLs are not enabled by default in the GlusterFS FUSE client. Mounting with
> "-o acl" adds the required option to the command line for the glusterfs
> executable that does the mount.

Yes, of course.

> 
> I suspect that there is an issue with the show_options() function pointer in
> the "struct super_operations fuse_super_operations" of fs/fuse/inode.c, or
> maybe in the function that calls it. The "acl" option is a standard one, so
> it would be handled in the upper layer. I think the "acl" option is the
> default for many filesystems, and defaults are not displayed in the
> /proc/mounts option.

No, the acl option by itself is not standard (Please see comment #7). It has to be present in the match_table_t tokens (fs/fuse/inode.c for fuse) array defined in each file system. What is standard though is the MS_POSIXACL flag (include/uapi/linux/fs.h) which *could* be passed as a valid argument to mount (2) (in spite of it not described as a valid flag in the man page.) 

The filesystems that do support an acl mount option (say ext4) use it to set/reset this flag in the superblock structure.

Others like XFS use compile time config options to set/reset the flag. 

For FUSE, it seems to be unconditionally enabled and hence my argument in the last couple of lines in comment #7. Also see https://sourceforge.net/p/fuse/mailman/message/30733588/