From nobody@FreeBSD.org  Fri Dec  7 15:32:40 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id EEC6B815
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Dec 2012 15:32:40 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id D2ED78FC0C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  7 Dec 2012 15:32:40 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id qB7FWe0u071745
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 7 Dec 2012 15:32:40 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id qB7FWe1B071744;
	Fri, 7 Dec 2012 15:32:40 GMT
	(envelope-from nobody)
Message-Id: <201212071532.qB7FWe1B071744@red.freebsd.org>
Date: Fri, 7 Dec 2012 15:32:40 GMT
From: Sandra <littlesandra88@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ZFS can only set 121 ACL's instead of 1024
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         174264
>Category:       kern
>Synopsis:       [zfs] ZFS can only set 121 ACL's instead of 1024
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    trasz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 07 15:40:00 UTC 2012
>Closed-Date:    Mon Dec 10 10:53:36 UTC 2012
>Last-Modified:  Mon Dec 10 10:53:36 UTC 2012
>Originator:     Sandra
>Release:        9
>Organization:
>Environment:
>Description:
According to the ZFS source[1] code[2], ZFS should be able to have 1024 ACL's pr inode. It can only set 121 ACL's.

It works on Solaris with 1024 ACL's. See script and output in "How to repeat the problem".


[1] #define	MAX_ACL_ENTRIES		(1024)	/* max entries of each type */

[2] http://svn.freebsd.org/base/user/eri/pf45/head/sys/cddl/contrib/opensolaris/uts/common/sys/acl.h
>How-To-Repeat:
setfacl -b /tank/project1

i=0
for u in $(ypcat passwd|awk -F':' '{print $1}'); do
    setfacl -m user:$u:rwxpDdaARWcCos:fd----:allow /tank/project1
    let i=i+1
    echo $i $u
done

-----------------
On Solaris 1024 ACL's work.

# cat maxacl
#!/bin/ksh

touch file
i=1
while true; do
  for u in $(getent passwd | nawk -F: '{print $1}'); do
    chmod A+user:$u:read_data:allow file || break 2
    printf "%d %s\n" $i $u
    i=$((i+1))
  done
  ls -v file | head
  ls -v file | wc -l
done

# ls -v file | head
-rw-r--r--+  1 root     root           0 dc   6 13:05 file
     0:user:utku3:read_data:allow
     1:user:utku2:read_data:allow
     2:user:utku1:read_data:allow
     3:user:utku0:read_data:allow
     4:user:utwww:read_data:allow
     5:user:jlliagre:read_data:allow
     6:user:nobody4:read_data:allow
     7:user:noaccess:read_data:allow
     8:user:nobody:read_data:allow
# ls -v file | tail
     1017:user:root:read_data:allow
     1018:owner@:execute:deny
     1019:owner@:read_data/write_data/append_data/write_xattr/write_attributes
         /write_acl/write_owner:allow
     1020:group@:write_data/append_data/execute:deny
     1021:group@:read_data:allow
     1022:everyone@:write_data/append_data/write_xattr/execute/write_attributes
         /write_acl/write_owner:deny
     1023:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
         :allow





>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-fs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Dec 9 17:24:30 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=174264 
Responsible-Changed-From-To: freebsd-fs->trasz 
Responsible-Changed-By: trasz 
Responsible-Changed-When: Mon Dec 10 10:52:00 UTC 2012 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=174264 
State-Changed-From-To: open->closed 
State-Changed-By: trasz 
State-Changed-When: Mon Dec 10 10:53:35 UTC 2012 
State-Changed-Why:  
This is not a bug.  While the limit for ZFS is indeed 1024, the limit in 
the ACL framework is smaller; see /sys/sys/acl.h for details. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=174264 
>Unformatted:
