Change the default for ACLs to be posix1e instead of nfsv4 to match FreeBSD.

Requested by chuq.
2021-09-18 03:05:19 +00:00 · 2021-09-18 03:05:19 +00:00 · 292aad7505
parent a043955316
commit 292aad7505
8 changed files with 78 additions and 64 deletions
--- a/7
+++ b/7
@ -1,4 +1,4 @@
-$NetBSD: UPDATING,v 1.320 2021/08/21 09:59:45 andvar Exp $
+$NetBSD: UPDATING,v 1.321 2021/09/18 03:05:19 christos Exp $

 This file (UPDATING) is intended to be a brief reference to recent
 changes that might cause problems in the build process, and a guide for
@ -19,6 +19,11 @@ See also: BUILDING, build.sh, Makefile.
 Recent changes:
 ^^^^^^^^^^^^^^^

+20210917:
+	Changed MNT_ACLS to default to POSIX1e ACLs instead of NFSv4
+	ACLs, to be compatible with FreeBSD. If you are using NFSv4 ACLs
+	and have "acls" in /etc/fstab you'll need to change it to "nfs4acls".
+
 20210711:
 	Updated GMP sources may require cleaning in tools/gmp and/or in
 	external/lgpl3/gmp/lib, particularly if GCC itself does not build.
--- a/include/mntopts.h
+++ b/include/mntopts.h
@ -1,4 +1,4 @@
-/*	$NetBSD: mntopts.h,v 1.19 2020/05/16 18:31:47 christos Exp $	*/
+/*	$NetBSD: mntopts.h,v 1.20 2021/09/18 03:05:20 christos Exp $	*/

 /*-
 * Copyright (c) 1994
@ -44,6 +44,7 @@ struct mntopt {

 /* User-visible MNT_ flags. */
 #define MOPT_ACLS		{ "acls",	0, MNT_ACLS, 0 }
+#define MOPT_NFS4ACLS		{ "nfs4acls",	0, MNT_NFS4ACLS, 0 }
 #define MOPT_POSIX1EACLS	{ "posix1eacls",0, MNT_POSIX1EACLS, 0 }
 #define MOPT_ASYNC		{ "async",	0, MNT_ASYNC, 0 }
 #define MOPT_NOCOREDUMP		{ "coredump",	1, MNT_NOCOREDUMP, 0 }
--- a/sbin/mount_ffs/mount_ffs.c
+++ b/sbin/mount_ffs/mount_ffs.c
@ -1,4 +1,4 @@
-/*	$NetBSD: mount_ffs.c,v 1.29 2020/05/16 18:31:47 christos Exp $	*/
+/*	$NetBSD: mount_ffs.c,v 1.30 2021/09/18 03:05:20 christos Exp $	*/

 /*-
 * Copyright (c) 1993, 1994
@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1993, 1994\
 #if 0
 static char sccsid[] = "@(#)mount_ufs.c	8.4 (Berkeley) 4/26/95";
 #else
-__RCSID("$NetBSD: mount_ffs.c,v 1.29 2020/05/16 18:31:47 christos Exp $");
+__RCSID("$NetBSD: mount_ffs.c,v 1.30 2021/09/18 03:05:20 christos Exp $");
 #endif
 #endif /* not lint */

@ -64,7 +64,7 @@ __dead static void	ffs_usage(void);

 static const struct mntopt mopts[] = {
 	MOPT_STDOPTS,
-	MOPT_ACLS,
+	MOPT_NFS4ACLS,
 	MOPT_POSIX1EACLS,
 	MOPT_ASYNC,
 	MOPT_SYNC,
--- a/sbin/tunefs/tunefs.c
+++ b/sbin/tunefs/tunefs.c
@ -1,4 +1,4 @@
-/*	$NetBSD: tunefs.c,v 1.54 2020/11/26 02:06:01 dholland Exp $	*/
+/*	$NetBSD: tunefs.c,v 1.55 2021/09/18 03:05:20 christos Exp $	*/

 /*
 * Copyright (c) 1983, 1993
@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\
 #if 0
 static char sccsid[] = "@(#)tunefs.c	8.3 (Berkeley) 5/3/95";
 #else
-__RCSID("$NetBSD: tunefs.c,v 1.54 2020/11/26 02:06:01 dholland Exp $");
+__RCSID("$NetBSD: tunefs.c,v 1.55 2021/09/18 03:05:20 christos Exp $");
 #endif
 #endif /* not lint */

@ -361,21 +361,21 @@ main(int argc, char *argv[])
 	if (aflag) {
 		name = "ACLs";
 		if (strcmp(avalue, "enable") == 0) {
-			if (sblock.fs_flags & FS_ACLS) {
+			if (sblock.fs_flags & FS_NFS4ACLS) {
 				warnx("%s remains unchanged as enabled", name);
 			} else if (sblock.fs_flags & FS_POSIX1EACLS) {
 				warnx("%s and POSIX.1e ACLs are mutually "
 				    "exclusive", name);
 			} else {
-				sblock.fs_flags |= FS_ACLS;
+				sblock.fs_flags |= FS_NFS4ACLS;
 				printf("%s set\n", name);
 			}
 		} else if (strcmp(avalue, "disable") == 0) {
-			if ((~sblock.fs_flags & FS_ACLS) == FS_ACLS) {
+			if ((~sblock.fs_flags & FS_NFS4ACLS) == FS_NFS4ACLS) {
 				warnx("%s remains unchanged as disabled",
 				    name);
 			} else {
-				sblock.fs_flags &= ~FS_ACLS;
+				sblock.fs_flags &= ~FS_NFS4ACLS;
 				printf("%s cleared\n", name);
 			}
 		}
@ -386,7 +386,7 @@ main(int argc, char *argv[])
 		if (strcmp(pvalue, "enable") == 0) {
 			if (sblock.fs_flags & FS_POSIX1EACLS) {
 				warnx("%s remains unchanged as enabled", name);
-			} else if (sblock.fs_flags & FS_ACLS) {
+			} else if (sblock.fs_flags & FS_NFS4ACLS) {
 				warnx("%s and ACLs are mutually "
 				    "exclusive", name);
 			} else {
@ -434,8 +434,8 @@ main(int argc, char *argv[])
 		}
 		printf("\tPOSIX.1e ACLs %s\n",
 		    (sblock.fs_flags & FS_POSIX1EACLS) ? "enabled" : "disabled");
-		printf("\tACLs %s\n",
-		    (sblock.fs_flags & FS_ACLS) ? "enabled" : "disabled");
+		printf("\tNFS4 ACLs %s\n",
+		    (sblock.fs_flags & FS_NFS4ACLS) ? "enabled" : "disabled");
 		printf("%s: no changes made\n", getprogname());
 		return 0;
 	}
--- a/sys/sys/fstypes.h
+++ b/sys/sys/fstypes.h
@ -1,4 +1,4 @@
-/*	$NetBSD: fstypes.h,v 1.40 2020/07/05 20:41:50 christos Exp $	*/
+/*	$NetBSD: fstypes.h,v 1.41 2021/09/18 03:05:20 christos Exp $	*/

 /*
 * Copyright (c) 1989, 1991, 1993
@ -94,7 +94,7 @@ typedef struct fhandle	fhandle_t;
 #define	MNT_NOCOREDUMP	0x00008000	/* don't write core dumps to this FS */
 #define	MNT_RELATIME	0x00020000	/* only update access time if mod/ch */
 #define	MNT_IGNORE	0x00100000	/* don't show entry in df */
-#define	MNT_ACLS	0x00200000	/* uses Access Control Lists */
+#define	MNT_NFS4ACLS	0x00200000	/* uses NFS4 Access Control Lists */
 #define	MNT_DISCARD	0x00800000	/* use DISCARD/TRIM if supported */
 #define	MNT_EXTATTR	0x01000000	/* enable extended attributes */
 #define	MNT_LOG		0x02000000	/* Use logging */
@ -104,11 +104,12 @@ typedef struct fhandle	fhandle_t;
 #define	MNT_NODEVMTIME	0x40000000	/* Never update mod times for devs */
 #define	MNT_SOFTDEP	0x80000000	/* Use soft dependencies */
 #define	MNT_POSIX1EACLS	0x00000800	/* shared with EXKERB */
+#define	MNT_ACLS	MNT_POSIX1EACLS	/* synonym */

 #define	__MNT_BASIC_FLAGS \
 	{ MNT_ASYNC,		0,	"asynchronous" }, \
 	{ MNT_AUTOMOUNTED,	0,	"automounted" }, \
-	{ MNT_ACLS,		0,	"acls" }, \
+	{ MNT_NFS4ACLS,		0,	"nfs4acls" }, \
 	{ MNT_POSIX1EACLS,	0,	"posix1eacls" }, \
 	{ MNT_DISCARD,		0,	"discard" }, \
 	{ MNT_EXTATTR,		0,	"extattr" }, \
@ -130,7 +131,7 @@ typedef struct fhandle	fhandle_t;
 #define MNT_BASIC_FLAGS (MNT_ASYNC | MNT_AUTOMOUNTED | MNT_DISCARD | \
    MNT_EXTATTR | MNT_LOG | MNT_NOATIME | MNT_NOCOREDUMP | MNT_NODEV | \
    MNT_NODEVMTIME | MNT_NOEXEC | MNT_NOSUID | MNT_RDONLY | MNT_RELATIME | \
-    MNT_SOFTDEP | MNT_SYMPERM | MNT_SYNCHRONOUS | MNT_UNION | MNT_ACLS | \
+    MNT_SOFTDEP | MNT_SYMPERM | MNT_SYNCHRONOUS | MNT_UNION | MNT_NFS4ACLS | \
    MNT_POSIX1EACLS)
 /*
 * exported mount flags.
@ -174,7 +175,7 @@ typedef struct fhandle	fhandle_t;
     MNT_NOSUID | \
     MNT_NODEV | \
     MNT_UNION | \
-     MNT_ACLS | \
+     MNT_NFS4ACLS | \
     MNT_ASYNC | \
     MNT_NOCOREDUMP | \
     MNT_IGNORE | \
@ -251,7 +252,7 @@ typedef struct fhandle	fhandle_t;
 	"\31MNT_EXTATTR" \
 	"\30MNT_DISCARD" \
 	"\27MNT_GETARGS" \
-	"\26MNT_ACL" \
+	"\26MNT_NFS4ACLS" \
 	"\25MNT_IGNORE" \
 	"\24MNT_FORCE" \
 	"\23MNT_RELOAD" \
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@ -1,4 +1,4 @@
-/*	$NetBSD: ffs_vfsops.c,v 1.372 2020/08/20 20:28:13 christos Exp $	*/
+/*	$NetBSD: ffs_vfsops.c,v 1.373 2021/09/18 03:05:20 christos Exp $	*/

 /*-
 * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@ -61,7 +61,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.372 2020/08/20 20:28:13 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_vfsops.c,v 1.373 2021/09/18 03:05:20 christos Exp $");

 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@ -398,14 +398,14 @@ ffs_mountroot(void)
 static void
 ffs_acls(struct mount *mp, int fs_flags)
 {
-	if ((fs_flags & FS_ACLS) != 0) {
+	if ((fs_flags & FS_NFS4ACLS) != 0) {
 #ifdef UFS_ACL
 		if (mp->mnt_flag & MNT_POSIX1EACLS)
 			printf("WARNING: %s: ACLs flag on fs conflicts with "
 			    "\"posix1eacls\" mount option; option ignored\n",
 			    mp->mnt_stat.f_mntonname);
 		mp->mnt_flag &= ~MNT_POSIX1EACLS;
-		mp->mnt_flag |= MNT_ACLS;
+		mp->mnt_flag |= MNT_NFS4ACLS;

 #else
 		printf("WARNING: %s: ACLs flag on fs but no ACLs support\n",
@ -414,11 +414,11 @@ ffs_acls(struct mount *mp, int fs_flags)
 	}
 	if ((fs_flags & FS_POSIX1EACLS) != 0) {
 #ifdef UFS_ACL
-		if (mp->mnt_flag & MNT_ACLS)
+		if (mp->mnt_flag & MNT_NFS4ACLS)
 			printf("WARNING: %s: NFSv4 ACLs flag on fs conflicts "
 			    "with \"acls\" mount option; option ignored\n",
 			    mp->mnt_stat.f_mntonname);
-		mp->mnt_flag &= ~MNT_ACLS;
+		mp->mnt_flag &= ~MNT_NFS4ACLS;
 		mp->mnt_flag |= MNT_POSIX1EACLS;
 #else
 		printf("WARNING: %s: POSIX.1e ACLs flag on fs but no "
@ -426,8 +426,8 @@ ffs_acls(struct mount *mp, int fs_flags)
 #endif
 	}

-	if ((mp->mnt_flag & (MNT_ACLS | MNT_POSIX1EACLS))
-	    == (MNT_ACLS | MNT_POSIX1EACLS))
+	if ((mp->mnt_flag & (MNT_NFS4ACLS | MNT_POSIX1EACLS))
+	    == (MNT_NFS4ACLS | MNT_POSIX1EACLS))
 	{
 		printf("WARNING: %s: posix1eacl conflicts "
 		    "with \"acls\" mount option; option ignored\n",
@ -435,7 +435,7 @@ ffs_acls(struct mount *mp, int fs_flags)
 		mp->mnt_flag &= ~MNT_POSIX1EACLS;
 	}

-	if (mp->mnt_flag & (MNT_ACLS | MNT_POSIX1EACLS))
+	if (mp->mnt_flag & (MNT_NFS4ACLS | MNT_POSIX1EACLS))
 		mp->mnt_iflag &= ~(IMNT_SHRLOOKUP|IMNT_NCLOOKUP);
 	else
 		mp->mnt_iflag |= IMNT_SHRLOOKUP|IMNT_NCLOOKUP;
--- a/sys/ufs/ffs/fs.h
+++ b/sys/ufs/ffs/fs.h
@ -1,4 +1,4 @@
-/*	$NetBSD: fs.h,v 1.68 2020/05/16 18:31:53 christos Exp $	*/
+/*	$NetBSD: fs.h,v 1.69 2021/09/18 03:05:20 christos Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1993
@ -422,7 +422,7 @@ struct fs {
 * FS_POSIX1EACLS indicates that POSIX.1e ACLs are administratively enabled
 * for the file system, so they should be loaded from extended attributes,
 * observed for access control purposes, and be administered by object
- * owners.  FS_ACLS indicates that NFSv4 ACLs are administratively
+ * owners.  FS_NFS4ACLS indicates that NFSv4 ACLs are administratively
 * enabled.  This flag is mutually exclusive with FS_POSIX1EACLS.
 */
 #define	FS_UNCLEAN	0x001	/* file system not clean at mount (unused) */
@ -430,6 +430,7 @@ struct fs {
 #define	FS_NEEDSFSCK	0x004	/* needs sync fsck (FreeBSD compat, unused) */
 #define	FS_SUJ		0x008	/* file system using journaled softupdates */
 #define	FS_POSIX1EACLS	0x010	/* file system has POSIX.1e ACLs enabled */
+#define	FS_ACLS		FS_POSIX1EACLS	/* alias */
 #define	FS_MULTILABEL	0x020	/* file system is MAC multi-label */
 #define	FS_GJOURNAL	0x40	/* gjournaled file system */
 #define	FS_FLAGS_UPDATED 0x80	/* flags have been moved to new location */
@ -438,11 +439,11 @@ struct fs {
 #define	FS_DOQUOTA2	0x200	/* in-filesystem quotas */
 /*     	FS_INDEXDIRS	0x200	   kernel supports indexed directories (FBSD)*/
 #define	FS_TRIM		0x400	/* discard deleted blocks in storage layer */
-#define FS_ACLS		0x800	/* file system has NFSv4 ACLs enabled */
+#define	FS_NFS4ACLS	0x800	/* file system has NFSv4 ACLs enabled */

 /* File system flags that are ok for NetBSD if set in fs_flags */
 #define	FS_KNOWN_FLAGS	(FS_DOSOFTDEP | FS_DOWAPBL | FS_DOQUOTA2 | \
-	FS_POSIX1EACLS | FS_ACLS)
+	FS_POSIX1EACLS | FS_NFS4ACLS)

 /*
 * File system internal flags, also in fs_flags.
--- a/usr.sbin/dumpfs/dumpfs.c
+++ b/usr.sbin/dumpfs/dumpfs.c
@ -1,4 +1,4 @@
-/*	$NetBSD: dumpfs.c,v 1.64 2018/03/06 07:45:38 mlelstv Exp $	*/
+/*	$NetBSD: dumpfs.c,v 1.65 2021/09/18 03:05:20 christos Exp $	*/

 /*
 * Copyright (c) 1983, 1992, 1993
@ -39,7 +39,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1992, 1993\
 #if 0
 static char sccsid[] = "@(#)dumpfs.c	8.5 (Berkeley) 4/29/95";
 #else
-__RCSID("$NetBSD: dumpfs.c,v 1.64 2018/03/06 07:45:38 mlelstv Exp $");
+__RCSID("$NetBSD: dumpfs.c,v 1.65 2021/09/18 03:05:20 christos Exp $");
 #endif
 #endif /* not lint */

@ -419,8 +419,10 @@ print_superblock(struct fs *fs, uint16_t *opostbl,
 		printf("needs fsck run ");
 	if (fs->fs_flags & FS_SUJ)
 		printf("journaled soft-updates ");
-	if (fs->fs_flags & FS_ACLS)
-		printf("acls ");
+	if (fs->fs_flags & FS_POSIX1EACLS)
+		printf("posix1e acls ");
+	if (fs->fs_flags & FS_NFS4ACLS)
+		printf("nfs4 acls ");
 	if (fs->fs_flags & FS_MULTILABEL)
 		printf("multilabel ");
 	if (fs->fs_flags & FS_GJOURNAL)
@ -434,8 +436,9 @@ print_superblock(struct fs *fs, uint16_t *opostbl,
 	if (fs->fs_flags & FS_TRIM)
 		printf("trim ");
 	fsflags = fs->fs_flags & ~(FS_UNCLEAN | FS_DOSOFTDEP | FS_NEEDSFSCK |
-			FS_SUJ | FS_ACLS | FS_MULTILABEL | FS_GJOURNAL |
-			FS_FLAGS_UPDATED | FS_DOWAPBL | FS_DOQUOTA2 | FS_TRIM);
+			FS_SUJ | FS_POSIX1EACLS | FS_MULTILABEL | FS_GJOURNAL |
+			FS_NFS4ACLS | FS_FLAGS_UPDATED | FS_DOWAPBL |
+			FS_DOQUOTA2 | FS_TRIM);
 #ifdef FS_INDEXDIRS
 	if (fs->fs_flags & FS_INDEXDIRS)
 		printf("indexed directories ");
@ -444,35 +447,38 @@ print_superblock(struct fs *fs, uint16_t *opostbl,
 	if (fsflags != 0)
 		printf("unknown flags (%#x)", fsflags);
 	printf("\nfsmnt\t%s\n", fs->fs_fsmnt);
-	if (!printold)
+	if (!printold) {
 		printf("volname\t%s\tswuid\t%ju\n",
 		    fs->fs_volname, (uintmax_t)fs->fs_swuid);
-	if (printold) {
-		if (fs->fs_old_cpc != 0)
-			printf("blocks available in each of %d rotational "
-			       "positions\n", fs->fs_old_nrpos);
-		else
-			printf("(no rotational position table)\n\n");
-		if (ISOPT(opt_verbose)) {
-			int c, j, k;
-			for (c = 0; c < fs->fs_old_cpc; c++) {
-				printf("cylinder number %d:", c);
-				for (i = 0; i < fs->fs_old_nrpos; i++) {
-					if (old_fs_postbl(&afs, c, opostbl)[i] == -1)
-						continue;
-					printf("\n   position %d:\t", i);
-					for (j = old_fs_postbl(&afs, c, opostbl)[i], k = 1; ;
-							 j += old_fs_rotbl(&afs)[j], k++) {
-						printf("%5d", j);
-						if (k % 12 == 0)
-							printf("\n\t\t");
-						if (old_fs_rotbl(&afs)[j] == 0)
-							break;
-					}
-				}
-				printf("\n");
+		return 0;
+	}
+
+	if (fs->fs_old_cpc != 0)
+		printf("blocks available in each of %d rotational "
+		       "positions\n", fs->fs_old_nrpos);
+	else
+		printf("(no rotational position table)\n\n");
+
+	if (!ISOPT(opt_verbose)) {
+		return 0;
+	}
+
+	for (int c = 0; c < fs->fs_old_cpc; c++) {
+		printf("cylinder number %d:", c);
+		for (i = 0; i < fs->fs_old_nrpos; i++) {
+			if (old_fs_postbl(&afs, c, opostbl)[i] == -1)
+				continue;
+			printf("\n   position %d:\t", i);
+			for (int j = old_fs_postbl(&afs, c, opostbl)[i], k = 1;
+			    ; j += old_fs_rotbl(&afs)[j], k++) {
+				printf("%5d", j);
+				if (k % 12 == 0)
+					printf("\n\t\t");
+				if (old_fs_rotbl(&afs)[j] == 0)
+					break;
 			}
 		}
+		printf("\n");
 	}

 	return 0;