On 06/12/2016 16:06, Brian Candler wrote:> Ah OK... I've just seen Rowland's reply, "Just don't use ZFS". That's > clear enough :-)FYI, I rebuilt the system using btrfs but initially I got the same issue [^1] It turns out this came from running inside an unprivileged lxd container. After setting "security.privileged true" it was happy. So I guess it might have been all right with ZFS, but I'll leave it as it is now. Regards, Brian. [^1] ... You are not root or your system do not support xattr, using tdb backend for attributes. not using extended attributes to store ACLs and other metadata. If you intend to use this provision in production, rerun the script as root on a system supporting xattrs. ... xattr_tdb_removexattr() failed to get vfs_handle->data! Security context active token stack underflow! PANIC (pid 32130): Security context active token stack underflow!
On Tue, 6 Dec 2016 19:31:39 +0000 Brian Candler via samba <samba at lists.samba.org> wrote:> On 06/12/2016 16:06, Brian Candler wrote: > > Ah OK... I've just seen Rowland's reply, "Just don't use ZFS". > > That's clear enough :-) > > FYI, I rebuilt the system using btrfs but initially I got the same > issue [^1] > > It turns out this came from running inside an unprivileged lxd > container. After setting "security.privileged true" it was happy. > > So I guess it might have been all right with ZFS, but I'll leave it > as it is now. >It wouldn't, ZFS uses NFSv4 ACLs and they are different from the ACLs Samba AD DC expects. I took a try at getting it to work, but got stuck, perhaps I should try again ? Rowland
> It wouldn't, ZFS uses NFSv4 ACLs and they are different from the ACLs > Samba AD DC expects. I took a try at getting it to work, but got > stuck, perhaps I should try again ? > > Rowland > >ZFSonLinux supports Posix ACLs (eg zfs set acltype=posixacl) and should support xattrs. Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. This email is not intended to, nor should it be taken to, constitute advice. The information provided is correct to our knowledge & belief and must not be used as a substitute for obtaining tax, regulatory, investment, legal or any other appropriate advice. "Transact" is operated by Integrated Financial Arrangements Ltd. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856).