[OpenAFS] ACLs and open-afs

[Nickolai Zeldovich]

> I'm guessing that it would take a change to Solaris itself.  I'd assume
> that the acl(2) call goes "Is this a UFS filesystem?", sees that it's
> not, and returns an error.

No; the acl syscall actually uses the getsecattr and setsecattr vnode
ops to access the underlying ACL.  Solaris tends to be pretty modular.
The problem with implementing getsecattr and setsecattr calls for AFS
is that the permission bits that those calls assume are different from
the rlidwka permission bits in AFS.  You could try to map the rlidwka
bits into thet unix-style rwx bits, but what's the point?  You wouldn't
be able to usefully map them back, when the user tries to change them
with setfacl.

-- kolya