> On Tue, Jan 13, 2015 at 04:16:13PM -0500, J. Bruce Fields wrote: > > > > Right, but look at the case above carefully again--it's *much* more > > special than the one the container people hit. > > > > You can absolutely still represent weird modes like 026 with a Richacl > > and it will deny permissions in the traditional way. > > > > What you can't do is represent the above POSIX ACL. Of course implementing 026 requires use of DENY ACEs, though the group DENY ACEs could be ordered after all group ALLOW ACEs, thus 026 would operate as expected, while GROUP 501:r--, GROUP 502:-w- would allow a user who is a member of both groups RW access since the ACL would be: GROUP 501: Allow r-- GROUP 502: Allow -w- GROUP 501: Deny -wx GROUP 502: Deny r-x Sorting of the user ACEs isn't important since a process can only belong to one user. > > This is a case that you can *only* hit with POSIX ACLs (not with mode > > bits). And that's because the POSIX ACL is doing something bizarre > > and useless that I've never seen any other ACL system do (denying read > > and write together when each would be permitted separately). > > > > Using the usual "if a tree fell in a forest and nobody heard it..." > > criterion, I think this change would be unlikely to cause us trouble. > > Agreed. I scratched my head and simply couln't think of a case where this > could affect security of the system - only backwards bug compatibility. Yea, I can't think of anything since you can always open two file descriptors. Frank -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
