Re: Permissions for root user

2016-11-18 Thread Christoph Pleger 
Hello,

> But I'd suggest you to try "icexsys" first, because it doesn't require
> re-compiling.

It works with icexsys. Crazy that I had to re-build aufs-util myself,
because Ubuntu is so smart to use version 4.x+rcN in the kernel, but
version 3.x of aufs-util.

Regards
  Christoph


--

Re: Permissions for root user

2016-11-18 Thread sfjro 

"Christoph Pleger":
> [  193.1356342] aufs au_do_cpup_xattr:96:setupcon[987]: system.nfs4_acl,
> err -95

This message means that
- the internal copy-up happens.
- the file on the lower branch has an XATTR called "system.nfs4_acl".
- as a part of copy-up, aufs tries copying all XATTR from lower to
  upper.
- but the upper branch doesn't support "system.nfs4_acl", and aufs gets
  an error.

In other words, your lower nfs4 branch supports XATTR including its own
specific one, but obviously your upper tmpfs branch doesn't know such
XATTR at all.

Aufs has some branch attributes to address such case.
- read the manual, especially
.TP
.B icexsec | icexsys | icextr | icexusr | icexoth | icex
Ignore the error on copying\-up/down XATTR.
When an internal copy\-up/down happens, aufs tries copying all XATTRs.
Here an error can happen because of the XATTR support on the dst
branch may different from the src branch. If you know how the branch
supports or unsupports XATTR, you can specify these attributes.
`icexsec' means to ignore an error on copying\-up/down XATTR categorized
as "security" (for LSM and capability). And `icexsys,' `icextr,' and
`icexusr,' are for "system" (for posix ACL), "trusted" and "user"
categories individually.
`icexoth' is for any other category. To be convenient, `icex` sets them
all.
See also linux/Documentation/filesystems/aufs/design/06xattr.txt.

These attributes are essentially for the writable branches. But when you
use
.B
aufs_fhsm(5),
you may want to
specify them to the readonly branches too. So they are available for the
readonly branches.

- and specify "icexsys" attr to your upper rw branch, such like
# mount -t aufs -o br:/live/cow=rw+icexsys:/live/image none /your/aufs

For your case, there may exist some other workarounds such like
- specify 'noacl' to branches.
- re-configure and disable xattr.
- etc.
But I'd suggest you to try "icexsys" first, because it doesn't require
re-compiling.


J. R. Okajima

--

Re: Permissions for root user

2016-11-18 Thread Christoph Pleger 
Hello,

> "Christoph Pleger":
>> I am coming back to this old thread from March/April 2015. Because, when
>> just switching from Debian 8 to Ubuntu 16.04 on the NFS client, without
>> changing anything on the NFS server, I get "Operation not supported"
>> again
>> when trying to write anything to a read-write aufs on top of a read-only
>> NFS.
>
> Amazingly old mail thread.
> Anyway, would you try strace and find which systemcall returns the
> error?
> And if you can, try re-compiling aufs module with CONFIG_AUFS_DEBUG=y,
> set the module parameter 'debug' to Y, and reproduce the problem. Then
> we may be able to see something in the kernel log if we have a luck.

After installing the new-compiled module to the initramfs, the test
computer does not boot as far as it did before, but I can see interesting
messages on the console, like this:

[  193.1356342] aufs au_do_cpup_xattr:96:setupcon[987]: system.nfs4_acl,
err -95

I compared the kernel configs of Debian 8 and Ubuntu 16.04 and found that
that the Ubuntu kernel has an option "CONFIG_AUFS_XATTR", which is not
present in the Debian kernel.

Regards
  Christoph


--