Bug 1229567 - context of access control translator should be updated properly for GF_POSIX_ACL_*_KEY xattrs
Summary: context of access control translator should be updated properly for GF_POSIX_...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: glusterfs
Version: rhgs-3.1
Hardware: All
OS: All
high
high
Target Milestone: ---
: RHGS 3.1.0
Assignee: Jiffin
QA Contact: Apeksha
URL:
Whiteboard:
Depends On: 1215174 1226807 1228155 1229564 1229860 1230327
Blocks: 1202842
TreeView+ depends on / blocked
 
Reported: 2015-06-09 06:02 UTC by Jiffin
Modified: 2015-07-29 04:59 UTC (History)
13 users (show)

Fixed In Version: glusterfs-3.7.1-8
Doc Type: Bug Fix
Doc Text:
Clone Of: 1226807
Environment:
Last Closed: 2015-07-29 04:59:41 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1495 0 normal SHIPPED_LIVE Important: Red Hat Gluster Storage 3.1 update 2015-07-29 08:26:26 UTC

Description Jiffin 2015-06-09 06:02:06 UTC
+++ This bug was initially created as a clone of Bug #1226807 +++

Description of problem:
Ganesha caches the ACLs for a directory too long, needs some re-validation or something. nfs4_setfacl will fails due to that. but succeeds when nfs-ganesha is restarted or when there is a sufficient delay.

Version-Release number of selected component (if applicable):
mainline

How reproducible:
always

Steps to Reproduce:
1.Create and start a volume

2.Export a volume using nfs-ganesha

3.Create any user(user1) and group(group1) in the server and client

4.Mount the volume using nfs4 protocol

5.create directory at mount point : mkdir src

6.set acl(default acl for directory) using nfs4_setfacl on src: nfs4_setfacl -a A:gdf:group1:RWX src 

Actual results:

nfs4_setfacl fails, but succeeds when there is a sufficient delay or when ganesha is restarted.

Expected results:

nfs4_setfacl should succeed

Additional info:
The POSIX ACLs on the brick are set correctly. May be need to invalidate the dentry.

Comment 4 Jiffin 2015-06-16 06:10:58 UTC
This is a known issue , should be fixed in next release.

Comment 6 Jiffin 2015-06-24 13:20:45 UTC
It is related to access control translator in gluster code, when an acl is set on directory , it update the in memory context of access control translator.
A simple workaround for this issue is perform 'ls' on the directory after setting the acl.

Comment 10 Jiffin 2015-07-04 09:01:11 UTC
The patch is posted at https://code.engineering.redhat.com/gerrit/#/c/52284/

Comment 11 Jiffin 2015-07-16 08:36:40 UTC
This one fixed is in https://code.engineering.redhat.com/gerrit/#/c/52284/

Comment 12 Apeksha 2015-07-20 07:05:54 UTC
nfs4_setfacl succeeds.
    
Output:

    # mkdir /mnt/vol5/src1
     
    # nfs4_setfacl -a A:gdf:acl_group.blr.redhat.com:RWX /mnt/vol5/src1
    # nfs4_getfacl /mnt/vol5/src1/
    A::OWNER@:rwaDxtTcCy
    A::GROUP@:rxtcy
    A:g:acl_group.blr.redhat.com:rwaDxtcy
    A::EVERYONE@:rxtcy
    A:fdi:OWNER@:tcy
    A:fdi:GROUP@:tcy
    A:fdig:acl_group.blr.redhat.com:rwaDxtcy
    A:fdi:EVERYONE@:tcy

Comment 13 errata-xmlrpc 2015-07-29 04:59:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html


Note You need to log in before you can comment on or make changes to this bug.