Here is another minor improvement that produces deny aces with fewer permissions in them and avoids creating unnecessary deny aces in some cases. Andreas --- fs/richacl_compat.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/richacl_compat.c b/fs/richacl_compat.c index 2f53394..bc0bcfe 100644 --- a/fs/richacl_compat.c +++ b/fs/richacl_compat.c @@ -605,14 +605,13 @@ __richacl_isolate_who(struct richacl_alloc *alloc, struct richace *who, int n; /* - * Compute the permissions already denied to @who. There are no + * Compute the permissions already defined for @who. There are no * everyone@ deny aces left in the acl at this stage. */ richacl_for_each_entry(ace, acl) { if (richace_is_inherit_only(ace)) continue; - if (richace_is_same_identifier(acl, ace, who) && - richace_is_deny(ace)) + if (richace_is_same_identifier(acl, ace, who)) deny &= ~ace->e_mask; } if (!deny) -- 2.4.3 -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html