I was looking at POSIX ACL on-disk and in-memory code and it looks like there is a subtle dependency between the on-disk format and what (IMHO) would be considered in-memory declarations. When a POSIX ACL is read from disk, posix_acl_from_mode() copies the file mode (S_I[RWX][UGO]) into the e_perm fields of the ACL default entries. Similarly, in posix_acl_equiv_mode() and posix_acl_create_masq() it uses S_IRWXO to mask the e_perm flags. However, later on in posix_acl_permission() it directly uses the "want" flag contains MAY_{READ,WRITE,EXEC} flags and compares those to e_perm of each ACL entry. In posix_acl_valid() it compares e_perm with ACL_{READ,WRITE,EXECUTE}. While the MAY_[RWX] and ACL_[RWX] currently have the same value as S_I[RWX]OTH, it isn't very clear that these flags MUST all have the same values or POSIX ACLs will break. This definitely doesn't seem quite right. Are the ACL_* constants the values to be used, with "conversion" in between the flags/modes? Should there be a BUILD_BUG_ON() that trips if those values ever differ? Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP