[nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
David Noveck <davenoveck@gmail.com> Wed, 24 July 2024 00:18 UTC
Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FFFDC1EBF59 for <nfsv4@ietfa.amsl.com>; Tue, 23 Jul 2024 17:18:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRYxIGOouZpO for <nfsv4@ietfa.amsl.com>; Tue, 23 Jul 2024 17:17:59 -0700 (PDT)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com [IPv6:2607:f8b0:4864:20::f2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29058C1DA2F4 for <nfsv4@ietf.org>; Tue, 23 Jul 2024 17:17:59 -0700 (PDT)
Received: by mail-qv1-xf2c.google.com with SMTP id 6a1803df08f44-6b796667348so3643476d6.0 for <nfsv4@ietf.org>; Tue, 23 Jul 2024 17:17:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721780278; x=1722385078; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YPhhFX21Y7Nlfw0Zf5ZAJVc/8uIuCxxGaoTkOGudHXk=; b=aGHTN03cSqkPCGeuuXxUacUEVgkh4fwdLHvUEbtiqmdw1TOhaQZiP+f0fWWQyMNXlG U0vnkUQc1Hp1QretM105Z/vGtQbQQK0U/Aw+dphDLBRPHXbJdStnxMQaVMdJ7cFlCi7C 5NdaHQOsjKY9hVeLWOorbHYs9YMEEoWO981U5Dl1ZsZ86MvPe4E+YHA3YCdsuEpq3PMp eU2S3yRJjn/baj95vy6t0ADg+jh/IFqP577mF50pd6HIPXMZbB7TWBVjhXuYSP55TJOH Q26ySNSP4zY79hQBMMwNRBvlENmBYai7J2gRixoxxpyoEGvYPIqBOEIZ5cLX+qAcmJIC TVBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721780278; x=1722385078; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YPhhFX21Y7Nlfw0Zf5ZAJVc/8uIuCxxGaoTkOGudHXk=; b=d/EUYx8Jj5tG9XOr3GW9ApyErahczw3cm6wByd7VY9Z7oJBjPR359O5VBC4ktg+Oli McCIBJcx+vI0XhxVjLE36VhIT3d2EXV6ktRFTL3pHgkyQQmaQ1LVKOTpzydkKrDsYZoh y1ZUfs/DFHN8fAj4YWn4j36PiNK1nyB9VTQLOQC2nc0xE1y6Q9MRmIbe0cgdaS9GiqRt 3iMKZhK7IMVvhKkGBcKVCuzRu3kL65IrlT+LTisUlQvOe4kt0Ypu73OiX9hal54FQFV2 4PZaZdMzo8ugZDRJV/XBf47mF69qXHgTOcGmvcxOGyX+YPQQjg1afrZ7q0uhjuV7cnl/ T+2g==
X-Forwarded-Encrypted: i=1; AJvYcCUVHh/aWrggyUDcfTCySSW171F4FBGAku85O4rBXkWa6N4PmsN5B736J23PvX17BgmuHCU07jCYsrqPJxzu9Q==
X-Gm-Message-State: AOJu0Yxx8nVKJLA9KmZ/+JrGABDqbtLsTTubYsqEgodnXybpdG/r+a8X hyPdjkiC6FGWpec0LNX3KqBMTolJ0CcHJ6auF6jcZhyuY1GfgD31GaaPPZP0cPn3UCo2UgllV7J Ew+WEaqhu4LI9foLD38mA0T8YMPj0lg==
X-Google-Smtp-Source: AGHT+IE1ttcRzdXDc3rPF3yW/kLeZfxDRCh+YxMmMp6VIayNMVc6tRLuxkgE/MM+ZhpQ9T78gfJRgxnwanMgTpGAwZU=
X-Received: by 2002:a05:6214:5085:b0:6af:c2ec:3313 with SMTP id 6a1803df08f44-6b991560084mr5675536d6.26.1721780277797; Tue, 23 Jul 2024 17:17:57 -0700 (PDT)
MIME-Version: 1.0
References: <CADaq8jdvZ5pcFNN5zjuVHLTO30v9=2kYKzFdRxxbkTmHYZdTdA@mail.gmail.com> <CAM5tNy7Fw954gCzYHCTjRg7th_njSHhxznni48Zz4xsSXT631A@mail.gmail.com> <53DAEF45-2A4D-4066-97C2-7B09018DE99B@oracle.com> <CAM5tNy6a4ZG90i2ugXzuPqQ1zrsK9m8jLRKmv9VpnFG6m_Pqew@mail.gmail.com> <DD250FBD-A434-4294-818A-5728757CE032@oracle.com> <d1c538065728c17df66a6f9e79e55d90849fc866.camel@gmail.com> <D352FEB9-A487-4B3E-9BC8-DB2C1896F941@oracle.com> <8efc39289ecef97624622cfc431f890736b579a0.camel@hammerspace.com> <33FA1D6E-73B3-43A1-B65C-D806156E39A5@oracle.com> <cf8a48e517210512755455dd78352ae5b64f7949.camel@hammerspace.com> <449AF448-1471-47CD-B5C5-3A3A5FB9FB12@oracle.com> <2e32694382df3e70a93edcf40434a41729031e55.camel@hammerspace.com> <83c39a7b12c05b0f1a0fa6e069b08e399864277a.camel@hammerspace.com>
In-Reply-To: <83c39a7b12c05b0f1a0fa6e069b08e399864277a.camel@hammerspace.com>
From: David Noveck <davenoveck@gmail.com>
Date: Tue, 23 Jul 2024 20:17:46 -0400
Message-ID: <CADaq8jfw1FVH3dxOEJAZLrw_S5y2F6eaGkcfpha4X8BBNWgRSQ@mail.gmail.com>
To: Trond Myklebust <trondmy@hammerspace.com>
Content-Type: multipart/alternative; boundary="000000000000d6eb9c061df33564"
Message-ID-Hash: ZNHKA2T7GSJT6INPTLH2LEKVD5QHOY7Z
X-Message-ID-Hash: ZNHKA2T7GSJT6INPTLH2LEKVD5QHOY7Z
X-MailFrom: davenoveck@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Chuck Lever III <chuck.lever=40oracle.com@dmarc.ietf.org>, "J. Bruce Fields" <bfields@fieldses.org>, NFSv4 <nfsv4@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [nfsv4] Re: Our different approaches to draft POSIX ACL support in NFSv4
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/24JMMFhTkrjvpx4fhr73v88ImG0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>
I agree. The existence of prior art would only prevent us from patenting our protocol, which we don't want to do. On Tue, Jul 23, 2024, 8:09 PM Trond Myklebust <trondmy@hammerspace.com> wrote: > On Tue, 2024-07-23 at 23:15 +0000, Trond Myklebust wrote: > > On Tue, 2024-07-23 at 21:26 +0000, Chuck Lever III wrote: > > > > > > > > > > On Jul 23, 2024, at 4:39 PM, Trond Myklebust > > > > <trondmy@hammerspace.com> wrote: > > > > > > > > On Tue, 2024-07-23 at 19:06 +0000, Chuck Lever III wrote: > > > > > > > > > > > > > > > > On Jul 23, 2024, at 2:09 PM, Trond Myklebust > > > > > > <trondmy@hammerspace.com> wrote: > > > > > > > > > > > > On Tue, 2024-07-23 at 15:27 +0000, Chuck Lever III wrote: > > > > > > > > > > > > > > > > > > > > > > On Jul 23, 2024, at 10:27 AM, Trond Myklebust > > > > > > > > <trondmy@gmail.com> > > > > > > > > wrote: > > > > > > > > > > > > > > > > On Tue, 2024-07-23 at 13:54 +0000, Chuck Lever III wrote: > > > > > > > > > > > > > > > > > > > On Jul 22, 2024, at 7:13 PM, Rick Macklem > > > > > > > > > > <rick.macklem@gmail.com> > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > I just looked at > > > > > > > > > > opensolaris/usr/src/head/rpcsvc/nfs_acl.x > > > > > > > > > > which I think is the closest thing there is to a > > > > > > > > > > spec. > > > > > > > > > > for > > > > > > > > > > NFSACL. > > > > > > > > > > (FreeBSD does not implement this protocol and all I > > > > > > > > > > know > > > > > > > > > > about > > > > > > > > > > it > > > > > > > > > > is what this little .x file indicates.) > > > > > > > > > > > > > > > > > > That's excellent, thanks for finding it. > > > > > > > > > > > > > > > > > > My concern about this is that the cited .x file falls > > > > > > > > > under > > > > > > > > > CDDL, and thus cannot be used directly by a GPL- > > > > > > > > > encumbered > > > > > > > > > OS like Linux, nor can it be contributed to the IETF in > > > > > > > > > its > > > > > > > > > current form. > > > > > > > > > > > > > > > > > > This is clearly prior art. > > > > > > > > > > > > > > > > > > My question then is whether we should endeavor to > > > > > > > > > produce > > > > > > > > > an Informational document that describes NFSACL without > > > > > > > > > encumbrance -- ie, get Sun-Oracle to contribute that > > > > > > > > > work > > > > > > > > > so that it might be used openly. > > > > > > > > > > > > > > > > > > > > > > > > > Why do we care? > > > > > > > > > > > > > > As I explained, we do want to have a protocol specification > > > > > > > for NFSv4 that will not be disruptive to folks who were > > > > > > > using > > > > > > > NFSv3 and are now accessing the same ACLs via NFSv4.2+ > > > > > > > > > > > > No we don't. > > > > > > > > > > > > We need a new protocol specification that works correctly > > > > > > with > > > > > > the > > > > > > draft POSIX acls in use with existing Linux and other > > > > > > filesystem, > > > > > > and > > > > > > that supports all the features of the IEEE 1003.1e draft 17 > > > > > > document > > > > > > that were implemented within Linux and the *BSD. > > > > > > Once we have that, I will happily plug that implementation > > > > > > into > > > > > > the > > > > > > inode 'get_acl()' and 'set_acl()' callbacks, and people will > > > > > > be > > > > > > able to > > > > > > use the bog standard getfacl and setfacl utilities to control > > > > > > the > > > > > > POSIX > > > > > > ACLs as if they were running on a native filesystem. > > > > > > > > > > > > If people then still want to use the nfs4_getfacl and > > > > > > nfs4_setfacl > > > > > > tools to use the existing ACL attribute against a server that > > > > > > implements the draft-ietf-nfsv4-acl-mapping-05 (or whatever > > > > > > it > > > > > > is > > > > > > that > > > > > > the Linux server actually implements) then they can continue > > > > > > to > > > > > > do > > > > > > so > > > > > > without any further help from this committee. There will be > > > > > > no > > > > > > need > > > > > > to > > > > > > encourage the development of further broken implementations, > > > > > > if > > > > > > there > > > > > > is a real NFSv4.2 API that can replace it. > > > > > > > > > > That's all very nice, but.... > > > > > > > > > > I'm not talking about mapped NFSv4 ACLs or > > > > > developing legacy implementations, so let's put > > > > > aside those straw men, please. You seem to be > > > > > getting excited about something I didn't write > > > > > nor did I intend. > > > > > > > > > > The proposed fattr4 POSIX ACL support needs to be > > > > > compatible with NFSACL as well. The view of POSIX > > > > > ACLs from an NFSv3 mount needs to be compatible > > > > > with whatever can be seen via the proposed NFSv4 > > > > > POSIX ACLs. > > > > > > > > > > At the very least, those compatibility requirements > > > > > need to be stated in acls-04. I wasn't necessarily > > > > > looking for an on-the-wire form of compatibility, > > > > > that's just what Rick brought up in the discussion. > > > > > And I had no idea that NFSACL had a version 4. > > > > > > > > > > But semantic compatibility is needed, and that is > > > > > complicated by not having a published first-order > > > > > description of the legacy semantics. > > > > > > > > > > Further, acls-04 needs to address the fact that what > > > > > it is to propose looks semantically and on-the-wire > > > > > a lot like NFSACL, and that protocol has been in the > > > > > wild for 25+ years, has no published specification, > > > > > and is very likely encumbered. This IP issue has to > > > > > be spelled out and addressed somehow. > > > > > > > > > > A simple, concrete proposal would be for Oracle to > > > > > contribute NFSACL to the IETF via an Informational > > > > > document similar to RFC 1813. > > > > > > > > > > > > > The draft POSIX ACL spec is not based on some spec for NFSACL. > > > > The > > > > draft POSIX ACL spec is IEEE 1003.1e draft 17. > > > > > > This distinction is likely to be lost on casual or > > > even somewhat expert readers -- perhaps a reader > > > who is not technically informed but is looking for > > > a legal opportunity. The /purpose/ of NFSACL and the > > > proposed protocol are the same, and so is the set > > > of architects who are working on these protocols. > > > > > > acls-04 should therefore recognize that NFSACL is > > > prior art and explain the differences in provenance > > > that unlink acls-04 from NFSACL. For extra credit, > > > use the term "clean room implementation" in one or > > > more complete sentences. > > > > > > > > > > The contents of the NFSACL xdr file are at best a description of > > > > an > > > > API > > > > that we will not be wanting to follow, because it describes an > > > > RPC > > > > side > > > > band protocol, and is based on NFSv3 semantics. It does not > > > > describe > > > > draft POSIX acls. > > > > > > Which is why I agree that nfs_acl.x by itself is > > > not up to the task of backing up IP claims, and > > > would like to see more substantive documentation. > > > > > > > > > > If you want a reference that is independent of the IEEE draft, > > > > then > > > > why > > > > not instead go for Andreas' Freenix paper from 2003? > > > > > https://www.usenix.org/legacy/publications/library/proceedings/usenix03/tech/freenix03/full_papers/gruenbacher/gruenbacher_html/main.html > > > > That actually describes in detail the spec that needs to be > > > > followed. > > > > > > IMO this doesn't address the IP issue at all. > > > > What IP issue? AFAICS, you've invented the straw man here. > > > > Nothing we do here needs to refer to or infringe upon anything Oracle > > may think it owns w.r.t. nfsacl. There is no need to use anything > > from > > nfsacl.x. > > Put differently: if you claim there is an IP issue that precludes us > from defining our own protocol for draft POSIX acls, then you need to > document what is infringing. The existence of "prior art" for an > implementation does not automatically imply that there is an > intellectual property issue to resolve. > > -- > Trond Myklebust > Linux NFS client maintainer, Hammerspace > trond.myklebust@hammerspace.com > > > _______________________________________________ > nfsv4 mailing list -- nfsv4@ietf.org > To unsubscribe send an email to nfsv4-leave@ietf.org >
- [nfsv4] Our different approaches to draft POSIX A… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Chris Inacio
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Chris Inacio
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… Chris Inacio
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Chris Inacio
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… Trond Myklebust
- [nfsv4] Re: Our different approaches to draft POS… Christoph Hellwig
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Chuck Lever III
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem
- [nfsv4] Re: Our different approaches to draft POS… David Noveck
- [nfsv4] Re: Our different approaches to draft POS… Rick Macklem