NFSD: Add a Kconfig setting to enable support for NFSv4 POSIX ACLs

chucklever · chucklever · commit feb8a46b14d9 · 2026-01-29T09:48:33.000-05:00
A new IETF draft extends NFSv4.2 with POSIX ACL attributes: https://www.ietf.org/archive/id/draft-ietf-nfsv4-posix-acls-00.txt This draft has not yet been ratified. A build-time configuration option allows developers and distributors to decide whether to expose this experimental protocol extension to NFSv4 clients. The option is disabled by default to prevent unintended deployment of potentially unstable protocol features in production environments. This approach mirrors the existing NFSD_V4_DELEG_TIMESTAMPS option, which gates another experimental NFSv4 extension based on an unratified IETF draft. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
@@ -186,3 +186,22 @@ config NFSD_V4_DELEG_TIMESTAMPS
 	  draft-ietf-nfsv4-delstid-08 "Extending the Opening of Files". This
 	  is currently an experimental feature and is therefore left disabled
 	  by default.
+
+config NFSD_V4_POSIX_ACLS
+	bool "Support NFSv4 POSIX draft ACLs"
+	depends on NFSD_V4
+	default n
+	help
+	  Include experimental support for POSIX Access Control Lists
+	  (ACLs) in NFSv4 as specified in the IETF draft
+	  draft-ietf-nfsv4-posix-acls. This protocol extension enables
+	  NFSv4 clients to retrieve and modify POSIX ACLs on exported
+	  filesystems that support them.
+
+	  This feature is based on an unratified IETF draft
+	  specification that may change in ways that impact
+	  interoperability with existing clients. Enable only for
+	  testing environments or when interoperability with specific
+	  clients that implement this draft is required.
+
+	  If unsure, say N.
