Bug 1185654 - Improved support for POSIX ACLs
Summary: Improved support for POSIX ACLs
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: access-control
Version: mainline
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Niels de Vos
QA Contact:
URL: http://www.gluster.org/community/docu...
Whiteboard:
Depends On:
Blocks: 1188184
TreeView+ depends on / blocked
 
Reported: 2015-01-25 14:57 UTC by Niels de Vos
Modified: 2015-05-14 17:35 UTC (History)
2 users (show)

Fixed In Version: glusterfs-3.7.0beta1
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-05-14 17:26:24 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Niels de Vos 2015-01-25 14:57:59 UTC
This bug has been filed to track the progress of the "Improved POSIX ACLs" feature that has been proposed for inclusion in GlusterFS 3.7.

More details about this feature can be found in the wiki:

http://www.gluster.org/community/documentation/index.php/Features/Improved_POSIX_ACLs

Comment 1 Anand Avati 2015-02-10 18:18:42 UTC
REVIEW: http://review.gluster.org/9627 (posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr) posted (#1) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 2 Anand Avati 2015-02-20 12:21:44 UTC
REVIEW: http://review.gluster.org/9627 (posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr) posted (#2) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 3 Anand Avati 2015-02-21 10:54:25 UTC
REVIEW: http://review.gluster.org/9627 (posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr) posted (#3) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 4 Anand Avati 2015-02-24 19:01:58 UTC
REVIEW: http://review.gluster.org/9627 (posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr) posted (#4) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 5 Anand Avati 2015-02-24 19:02:01 UTC
REVIEW: http://review.gluster.org/9736 (gfapi: add glfs_h_acl_set() and glfs_h_acl_get()) posted (#1) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 6 Anand Avati 2015-03-06 02:04:24 UTC
REVIEW: http://review.gluster.org/9627 (posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr) posted (#5) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 7 Anand Avati 2015-03-09 20:53:03 UTC
COMMIT: http://review.gluster.org/9627 committed in master by Raghavendra Bhat (raghavendra@redhat.com) 
------
commit 72dc1025dc17a650f3838223c78e3205132deba9
Author: Niels de Vos <ndevos@redhat.com>
Date:   Tue Feb 10 19:13:35 2015 +0100

    posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr
    
    Adding support for two virtual extended attributes that are used for
    converting a binary POSIX ACL to a POSIX.1e long ACL text format. This
    makes it possible to transfer the ACL over the network to a different OS
    which can convert the POSIX.1e text format to its native structures.
    
    The following xattrs are sent over RPC in SETXATTR/GETXATTR procedures,
    and contain the POSIX.1e long ACL text format:
    
    - glusterfs.posix.acl: maps to ACL_TYPE_ACCESS
    - glusterfs.posix.default_acl: maps to ACL_TYPE_DEFAULT
    
    acl_from_text() (from libacl) converts the text format into an acl_t
    structure. This structure is then used by acl_set_file() to set the ACL
    in the filesystem.
    
    libacl-devel is needed for linking against libacl, so it has been added
    to the BuildRequires in the .spec.
    
    NetBSD does not support POSIX ACLs. Trying to get/set POSIX ACLs on a
    storage server running NetBSD, an error will be returned with errno set
    to ENOTSUP. Faking support, but not enforcing ACLs seems wrong to me.
    
    URL: http://www.gluster.org/community/documentation/index.php/Features/Improved_POSIX_ACLs
    BUG: 1185654
    Change-Id: Ic5eb73d69190d3492df2f711d0436775eeea7de3
    Signed-off-by: Niels de Vos <ndevos@redhat.com>
    Reviewed-on: http://review.gluster.org/9627
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: soumya k <skoduri@redhat.com>
    Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>

Comment 8 Anand Avati 2015-03-10 09:54:49 UTC
REVIEW: http://review.gluster.org/9848 (configure.ac: Make USE_POSIX_ACLS value consistent with others.) posted (#1) for review on master by Raghavendra Talur (rtalur@redhat.com)

Comment 9 Anand Avati 2015-03-18 14:52:14 UTC
REVIEW: http://review.gluster.org/9736 (gfapi: add glfs_h_acl_set() and glfs_h_acl_get()) posted (#2) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 10 Anand Avati 2015-03-18 17:39:06 UTC
COMMIT: http://review.gluster.org/9736 committed in master by Vijay Bellur (vbellur@redhat.com) 
------
commit 728fcd41eb39f66744d84b979dd8195fd47313ed
Author: Niels de Vos <ndevos@redhat.com>
Date:   Tue Feb 24 19:42:49 2015 +0100

    gfapi: add glfs_h_acl_set() and glfs_h_acl_get()
    
    These two functions add support for POSIX ACLs through the GFAPI-handle
    interface.
    
    The initial infrastructure for POSIX ACLs based on libacl has been added
    with the required changes to the POSIX xlator:
    - http://review.gluster.org/9627
    
    NetBSD does not support POSIX ACLs, so using any of the functions should
    return ENOTSUP.
    
    URL: http://www.gluster.org/community/documentation/index.php/Features/Improved_POSIX_ACLs
    Change-Id: Ie74f3f963c3f9d576cb2f2a1e6d97e3cd4b01eda
    BUG: 1185654
    Signed-off-by: Niels de Vos <ndevos@redhat.com>
    Reviewed-on: http://review.gluster.org/9736
    Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Comment 11 Anand Avati 2015-03-18 21:13:19 UTC
REVIEW: http://review.gluster.org/9937 (gfapi: space/tab conversion in gfapi.map) posted (#1) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 12 Anand Avati 2015-03-19 06:17:39 UTC
REVIEW: http://review.gluster.org/9938 (build: change the o/p for option USE_POSIX_ACLS.) posted (#1) for review on master by Vijay Bellur (vbellur@redhat.com)

Comment 13 Anand Avati 2015-03-19 11:16:42 UTC
COMMIT: http://review.gluster.org/9937 committed in master by Kaleb KEITHLEY (kkeithle@redhat.com) 
------
commit c270d4da8d0cc0a3856969f10ef6415be5615544
Author: Niels de Vos <ndevos@redhat.com>
Date:   Wed Mar 18 22:07:19 2015 +0100

    gfapi: space/tab conversion in gfapi.map
    
    The last two patches incorrectly add symbols indented by spaces. The
    rest of the file uses tabs. This change corrects these occurences.
    
    Change-Id: Ibfb057b78c1203a594bfeb73a2955e798e86c8e1
    BUG: 1185654
    Reported-by: Kaleb S. Keithley <kkeithle@redhat.com>
    Signed-off-by: Niels de Vos <ndevos@redhat.com>
    Reviewed-on: http://review.gluster.org/9937
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>

Comment 14 Anand Avati 2015-03-19 18:37:14 UTC
REVIEW: http://review.gluster.org/9947 (md-cache: cache virtual POSIX ACL xattrs) posted (#1) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 15 Anand Avati 2015-03-27 17:45:21 UTC
COMMIT: http://review.gluster.org/9947 committed in master by Vijay Bellur (vbellur@redhat.com) 
------
commit eeef9bf8c93b9a11df6ef530924ba4ab44e0092a
Author: Niels de Vos <ndevos@redhat.com>
Date:   Thu Mar 19 19:32:44 2015 +0100

    md-cache: cache virtual POSIX ACL xattrs
    
    http://review.gluster.org/9627 introduces two new virtual extended
    attributes that are used similar to the existing POSIX ACL xattrs. These
    new xattrs should get cached in the same way.
    
    BUG: 1185654
    Change-Id: I6294b4f9ade887e29f8bd8ae5a3642891df8a631
    Signed-off-by: Niels de Vos <ndevos@redhat.com>
    Reviewed-on: http://review.gluster.org/9947
    Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Comment 16 Anand Avati 2015-04-10 06:29:59 UTC
REVIEW: http://review.gluster.org/9848 (configure.ac: print yes/no instead of 1/0 in output) posted (#2) for review on master by Raghavendra Talur (rtalur@redhat.com)

Comment 17 Anand Avati 2015-04-13 05:40:18 UTC
COMMIT: http://review.gluster.org/9848 committed in master by Niels de Vos (ndevos@redhat.com) 
------
commit 3fc4f31a78e06dc09e03a958be500683dc9bcd78
Author: Raghavendra Talur <rtalur@redhat.com>
Date:   Tue Mar 10 15:13:29 2015 +0530

    configure.ac: print yes/no instead of 1/0 in output
    
    POSIX_ACLS support in output of configure shows
    0/1 instead of no/yes.
    
    Added BUILD_POSIX_ACLS to make value consistent.
    
    Change-Id: Ife728d0d03ff0eb03d4389fefc04507a76205ccd
    BUG: 1185654
    Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
    Reviewed-on: http://review.gluster.org/9848
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
    Reviewed-by: Niels de Vos <ndevos@redhat.com>
    Tested-by: NetBSD Build System

Comment 18 Niels de Vos 2015-05-14 17:26:24 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Comment 19 Niels de Vos 2015-05-14 17:28:20 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Comment 20 Niels de Vos 2015-05-14 17:35:15 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user


Note You need to log in before you can comment on or make changes to this bug.