Andreas pointed out that the way we're setting missing ACEs doesn't
quite conform to what setfacl does. Change it to better conform to
how setfacl does this.
Cc: Andreas Grünbacher <andreas.gruenbacher@xxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
---
fs/nfsd/nfs4acl.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
Chuck, it might be best to fold this into the original patch, if it
looks ok.
diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
index 64e45551d1b6..9ec61bd0e11b 100644
--- a/fs/nfsd/nfs4acl.c
+++ b/fs/nfsd/nfs4acl.c
@@ -742,14 +742,15 @@ static int nfs4_acl_nfsv4_to_posix(struct nfs4_acl *acl,
* no owner, owning group, or others entry, a copy of the ACL
* owner, owning group, or others entry is added to the Default ACL."
*
- * If none of the requisite ACEs were set, and some explicit user or group
- * ACEs were, copy the requisite entries from the effective set.
+ * Copy any missing ACEs from the effective set.
*/
- if (!default_acl_state.valid &&
- (default_acl_state.users->n || default_acl_state.groups->n)) {
- default_acl_state.owner = effective_acl_state.owner;
- default_acl_state.group = effective_acl_state.group;
- default_acl_state.other = effective_acl_state.other;
+ if (default_acl_state.users->n || default_acl_state.groups->n) {
+ if (!(default_acl_state.valid & ACL_USER_OBJ))
+ default_acl_state.owner = effective_acl_state.owner;
+ if (!(default_acl_state.valid & ACL_GROUP_OBJ))
+ default_acl_state.group = effective_acl_state.group;
+ if (!(default_acl_state.valid & ACL_OTHER))
+ default_acl_state.other = effective_acl_state.other;
}
*pacl = posix_state_to_acl(&effective_acl_state, flags);
--
2.41.0
