On Thu, May 30, 2013 at 03:22:36AM +0200, Jan Alexander Steffens wrote: > On Wed, May 29, 2013 at 3:14 PM, Colin Walters <walt...@verbum.org> wrote: > > I fully realize you did not introduce the current naming scheme in > > acl-util.c, but more stomping on the "acl_" namespace that currently > > lives in libacl.so seems like a bad idea - they'd be fully within their > > rights to introduce a symbol acl_calc_mask_if_needed() which we'd > > transparently shadow. > > Well, another patch can change those two functions then, if needed. I changed the name of the newly added function. Other ones can indeed be changed separately.
> > Anyways, on to the actual content of the patch...I've sat down with > > "man 5 acl", and it seems possible to me you're still reintroducing the > > bug Lennart was trying to fix. From his commit message, I think it's > > that /var/log had an ACL with group-executable in the default ACL, we'll > > end up recalculating the mask still, and that would include the group > > execute. > > I've actually tested this. A "setfacl -d -m g:adm:r-- machine-dir" > gave it the following ACL: > # file: <machine-id> > # owner: root > # group: root > user::rwx > group::r-x > other::r-x > default:user::rwx > default:group::r-x > default:group:adm:r-- > default:mask::r-x > default:other::r-x Seems to be correct to me, applied. Zbyszek _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
