On Tue, Jan 13, 2015 at 04:16:13PM -0500, J. Bruce Fields wrote: > > Right, but look at the case above carefully again--it's *much* more > special than the one the container people hit. > > You can absolutely still represent weird modes like 026 with a Richacl > and it will deny permissions in the traditional way. > > What you can't do is represent the above POSIX ACL. > > This is a case that you can *only* hit with POSIX ACLs (not with mode > bits). And that's because the POSIX ACL is doing something bizarre and > useless that I've never seen any other ACL system do (denying read and > write together when each would be permitted separately). > > Using the usual "if a tree fell in a forest and nobody heard it..." > criterion, I think this change would be unlikely to cause us trouble. Agreed. I scratched my head and simply couln't think of a case where this could affect security of the system - only backwards bug compatibility. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
