<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Oct 3, 2015, at 14:41, Brandon Allbery <<a href="mailto:allbery.b@gmail.com" class="">allbery.b@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote">On Sat, Oct 3, 2015 at 2:39 PM, Clemens Lang <span dir="ltr" class=""><<a href="mailto:cal@macports.org" target="_blank" class="">cal@macports.org</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> Same thing, but as seen in the 2nd case, no com.apple.rootless attribute, no<br class="">
> restricted (or hidden) flags. :-)<br class="">
<br class="">
</span>Mounts are a nice idea, but not possible without root privileges, and that leaves<br class="">
out everybody that uses a user-only installation of MacPorts. So this could only<br class="">
be done as an optimization, and I'm not sure it's worth it then. Cache<br class="">
invalidation would definitely be easier with it, though…</blockquote></div><br class="">...but at some point the NFS server must access the file, in the original filesystem where all of those exist and will be enforced.</div></div></div></blockquote><br class=""></div><div>To explain why my trick worked...NFS server doesn't know about execs; at that level, it's just getting file read RPCs. So there's nothing for NFS server to enforce. The client could enforce, but not if the NFS implementation doesn't communicate named attributes (and the NFS protocol doesn't support chflags() flags).</div><div><br class=""></div></body></html>