Bug 2137866
| Summary: | [RFE] ls: Add support for NFSv4 style ACLs [rhel-9] | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Ondrej <ondrej.valousek> | ||||||
| Component: | coreutils | Assignee: | Kamil Dudka <kdudka> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Radka Brychtova <rskvaril> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 9.0 | CC: | kdudka | ||||||
| Target Milestone: | rc | Keywords: | FutureFeature, Patch, Triaged | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | coreutils-8.32-34.el9 | Doc Type: | If docs needed, set a value | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 2158747 (view as bug list) | Environment: | |||||||
| Last Closed: | 2023-05-09 08:15:47 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 2158747 | ||||||||
| Attachments: |
|
||||||||
Ondrej, thank you for posting the patch upstream! Let's continue the discussion there:
https://lists.gnu.org/archive/html/bug-gnulib/2022-10/msg00031.html
Hello, The Gnulib maintainers are not too willing to accept the patch (which I sort of understand as it should be really in libacl). Hence I submitted a different patch against libacl which works the same way. Unfortunately, I can't get any reply from the libacl maintainer (Andreas Gruenbacher) - is there anything that I can do? Thanks. Created attachment 1927142 [details]
patch adding the requested functionality (final version)
Attaching a final version of the patch implementing checks for non-trivial ACLs returned by NFSv4 server.
Tested under various conditions against Netapp and Linux based NFSv4 server.
Works OK to me.
Also submitted upstream to bug-gnulib and also incorporated few suggestions from Andreas Gruenbacher (libacl maintainer).
I am also attaching the code here in hope it's not forgotten because currently GNUlib/coreutils ignores v4 ACLs completely which is pity
Ondrej, thank you for working on this with gnulib upstream! I will try to cherry-pick your commit(s) from there once they are merged. Hi Kamil,
The patch has finally been accepted by the upstream Gnulib maintainers (it took a while to sort out the paper work), kindly please take a look at it:
commit b0604a8e134dbcc307c0ffdd5ebd3693e9de7081
Author: Ondrej Valousek <ondrej.valousek.xm>
Date: Fri Dec 2 13:40:19 2022 +0100
file-has-acl: Basic support for checking NFSv4 ACLs in Linux.
* lib/acl-internal.h (acl_nfs4_nontrivial): New declaration.
* lib/acl-internal.c (acl_nfs4_nontrivial): New function.
* lib/file-has-acl.c: Include <arpa/inet.h>.
(XATTR_NAME_NFSV4_ACL, TRIVIAL_NFS4_ACL_MAX_LENGTH): New macros.
(file_has_acl): Test for NFSv4 ACLs.
* doc/acl-nfsv4.txt: New file.
Thanks.
Well done, will try to pick it from there. Fixed in coreutils-9.1-10.fc38 and coreutils-9.1-7.fc37 for now: https://src.fedoraproject.org/rpms/coreutils/c/ad57d2b8e82e890a766412caf5014fcc77b00c93?branch=rawhide https://src.fedoraproject.org/rpms/coreutils/c/f338c12bfa958ff994bec168cb8f6c83eb0b40f3?branch=f37 CentOS Stream Merge Request: https://gitlab.com/redhat/centos-stream/rpms/coreutils/-/merge_requests/12 Works OK in Fedora 37, thanks Perfect, thank you for testing it! Thanks! Is there any chance to have it also backported to RHEL-8? From technical point of view, it should be easy. There are no significant changes between RHEL-8 and RHEL-9 in the code in question. I will clone the bug for evaluation... Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (coreutils bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2475 |
Created attachment 1920489 [details] patch adding the requested functionality Description of problem: This is duplicate of #767584 When I add NFSv4 style ACL rights to the file or directory, those are not visible as the "+" sign in the permissions column in the ls -l listing. Attaching a proposed patch which adds the requested functionality