Just did a short google search and found this: http://serverfault.com/questions/294158/enable-acl-for-ecryptfs-mounted-home-directory So I am convinced my filesystem is just broken as you said ;) 2012/6/5 Stefan Beller <stefanbeller@xxxxxxxxxxxxxx>: > Hi, > > sb@sb:~/OSS/git/t$ ./t1304-default-acl.sh --verbose > Initialized empty Git repository in /home/sb/OSS/git/t/trash > directory.t1304-default-acl/.git/ > expecting success: > setfacl -m d:u::rwx,d:g::---,d:o:---,d:m:rwx $dirs_to_set && > setfacl -m m:rwx $dirs_to_set && > setfacl -m u:root:rwx $dirs_to_set && > setfacl -m d:u:"${LOGNAME}":rwx $dirs_to_set && > setfacl -m d:u:root:rwx $dirs_to_set && > > touch file.txt && > git add file.txt && > git commit -m "init" > > [master (root-commit) 47f54f4] init > Author: A U Thor <author@xxxxxxxxxxx> > 0 files changed > create mode 100644 file.txt > ok 1 - Setup test repo > > expecting success: > # SHA1 for empty blob > check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 > > /home/sb/OSS/git/t/trash directory.t1304-default-acl > not ok - 2 Objects creation does not break ACLs with restrictive umask > # > # # SHA1 for empty blob > # check_perms_and_acl .git/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 > # > > expecting success: > git gc && > check_perms_and_acl .git/objects/pack/*.pack > > Counting objects: 3, done. > Writing objects: 100% (3/3), done. > Total 3 (delta 0), reused 0 (delta 0) > /home/sb/OSS/git/t/trash directory.t1304-default-acl > not ok - 3 git gc does not break ACLs with restrictive umask > # > # git gc && > # check_perms_and_acl .git/objects/pack/*.pack > # > > # failed 2 among 3 test(s) > 1..3 > sb@sb:~/OSS/git/t$ cat trash\ directory.t1304-default-acl/actual > # file: .git/objects/pack/pack-ee77696bcc9be7ef581005ee3706bc17fcba376d.pack > # owner: sb > # group: sb > user::r-- > user:root:rwx #effective:--- > user:sb:rwx #effective:--- > group::--- > mask::--- > other::--- > > sb@sb:~/OSS/git/t$ mount > /dev/sda3 on / type ext4 (rw,errors=remount-ro) > proc on /proc type proc (rw,noexec,nosuid,nodev) > sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) > none on /sys/fs/fuse/connections type fusectl (rw) > none on /sys/kernel/debug type debugfs (rw) > none on /sys/kernel/security type securityfs (rw) > udev on /dev type devtmpfs (rw,mode=0755) > devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) > tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) > none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) > none on /run/shm type tmpfs (rw,nosuid,nodev) > /dev/sda4 on /home type ext4 (rw) > binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc > (rw,noexec,nosuid,nodev) > /home/sb/.Private on /home/sb type ecryptfs > (ecryptfs_check_dev_ruid,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=3b9d213e5c5d5780,ecryptfs_fnek_sig=77bec2da523c0338) > gvfs-fuse-daemon on /home/sb/.gvfs type fuse.gvfs-fuse-daemon > (rw,nosuid,nodev,user=sb) > > > So I am using /dev/sda4 on /home type ext4 (rw), but my user account > has its home directory encrypted via ecryptfs. > This is not run inside a virtual machine, it's a native computer. > > > > 2012/6/5 Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx>: >> Junio C Hamano <gitster@xxxxxxxxx> writes: >> >>> Stefan Beller <stefanbeller@xxxxxxxxxxxxxx> writes: >>> >>>> I tried debugging into it: >>>> In git/t/t1304-default-acl.sh there is: >>>> check_perms_and_acl () { >>>> test -r "$1" && >>>> getfacl "$1" > actual && >>>> grep -q "user:root:rwx" actual && >>>> grep -q "user:${LOGNAME}:rwx" actual && >>>> egrep "mask::?r--" actual > /dev/null 2>&1 && >>>> grep -q "group::---" actual || false >>>> } >> >> Can you run it with --verbose and post the result? >> >>> Any ideas (other than "Your filesystem is broken", >>> that is)? >> >> I'm very tempted to go for the "Your filesystem is broken" indeed. >> >>> As far as I can tell, with 'mask::---', these specific users who are >>> given permissions to read from the objects wouldn't be able to read >>> from them, so... >> >> That's my understanding too. >> >> Stefan, which filesystem are you using in the directory where you run >> tests (type "mount" if you don't know)? Are you running on a virtual >> machine? >> >> -- >> Matthieu Moy >> http://www-verimag.imag.fr/~moy/ -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html