NFSD: Add a Kconfig setting to enable support for NFSv4 POSIX ACLs

A new IETF draft extends NFSv4.2 with POSIX ACL attributes:

  https://www.ietf.org/archive/id/draft-ietf-nfsv4-posix-acls-00.txt

This draft has not yet been ratified. A build-time configuration
option allows developers and distributors to decide whether to
expose this experimental protocol extension to NFSv4 clients. The
option is disabled by default to prevent unintended deployment of
potentially unstable protocol features in production environments.

This approach mirrors the existing NFSD_V4_DELEG_TIMESTAMPS option,
which gates another experimental NFSv4 extension based on an
unratified IETF draft.

Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
index 0b5c1a0bf1cf75afc7bbbe1429e8028b7aeaaff9..4fd6e818565ea24e4e16844a3f82e808dbc558f8 100644 (file)
--- a/fs/nfsd/Kconfig
+++ b/fs/nfsd/Kconfig
@@ -186,3 +186,22 @@ config NFSD_V4_DELEG_TIMESTAMPS
          draft-ietf-nfsv4-delstid-08 "Extending the Opening of Files". This
          is currently an experimental feature and is therefore left disabled
          by default.
+
+config NFSD_V4_POSIX_ACLS
+       bool "Support NFSv4 POSIX draft ACLs"
+       depends on NFSD_V4
+       default n
+       help
+         Include experimental support for POSIX Access Control Lists
+         (ACLs) in NFSv4 as specified in the IETF draft
+         draft-ietf-nfsv4-posix-acls. This protocol extension enables
+         NFSv4 clients to retrieve and modify POSIX ACLs on exported
+         filesystems that support them.
+
+         This feature is based on an unratified IETF draft
+         specification that may change in ways that impact
+         interoperability with existing clients. Enable only for
+         testing environments or when interoperability with specific
+         clients that implement this draft is required.
+
+         If unsure, say N.