kre wrote:
>I am going to ignore all the noise from the past day on this issue,
>and concentrate only on the technical issues.
[snip]

Thanks!  And since positive feedback is so rare, I just say it
all sounded pretty sensible to me fwiw.  

While I may have no immediate need for associated meta data and such,
I like the idea of a generic mechanim for providing it, and your model
sounds pretty plausible.

As to ACL's; I've only used them on Multics many years ago, and while at 
first blush unix groups are easier to use, I've had numerous occasions 
since for which ACL's would have been a better solution.

I can't help feeling that ACL's are pointless if they can be by-passed
so storing them in the FS and enforcing them in the kernel seem to me the
only viable approach.  Using an FS overlay is fine though for developing
the service.  As to the old fsck issue "don't do that" is probably the 
right solution ;-)

--sjg