On Tue, Jun 05, 2012 at 03:28:07PM +0200, Matthieu Moy wrote:
> Stefan Beller <stefanbeller@xxxxxxxxxxxxxx> writes:
>
> > Hi,
> >
> > so I applied that patch with git apply, but here 2 out of 4 tests now
> > still fail.
>
> Yes, Jeff's patch checks for a "working" setfacl/getfacl, but does not
> check for subtle brokenness of it.
>
> I'd say a filesystem that accepts setfacl, returns the right line in
> getfacl, and then does not really work is broken, and it's a feature
> that the testsuite shows test failures. A simple fix for you would be to
> disable ACLs, either on your system or in your $HOME.
I found the problem. If you create a file on an ecryptfs filesystem with
a restrictive mode, then the inherited mask bits get cleared. For
example:
# if you don't have one already, create an ecryptfs mount; you
# will need the ecryptfs-utils package on Debian and Ubuntu
ecryptfs-setup-private
ecryptfs-mount-private
cd Private
# now set up an inherited mask
setfacl -m d:m:rwx .
# and create some files with different permissions
perl -MFcntl -e '
sysopen(X, "a", O_WRONLY|O_CREAT, 0666);
sysopen(X, "b", O_WRONLY|O_CREAT, 0600);
'
# and then check the permissions
getfacl a b
which yields:
# file: a
# owner: peff
# group: peff
user::rw-
group::---
mask::r--
other::---
# file: b
# owner: peff
# group: peff
user::rw-
group::---
mask::---
other::---
That just seems wrong to me.
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html