diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-11-28 18:41:08 -0500 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-11-28 18:48:03 -0500 |
commit | 6debb3982612b1fce9b2dd878bad07fe5ae9c0a9 (patch) | |
tree | 5f963a1934f94f28291d9223f402425141649860 /src/nspawn/nspawn-network.h | |
parent | 5bb5b236fe8c663b7d4db5ccaf3e3e7942bf6abd (diff) |
acl-util: only set the mask if not present
When we have non-owner user or group entries, we need the mask
for the acl to be valid. But acl_calc_mask() calculates the mask
to include all permissions, even those that were masked before.
Apparently this happens when we inherit *:r-x permissions from
a parent directory — the kernel sets *:r-x, mask:r--, effectively
masking the executable bit. acl_calc_mask() would set the mask:r-x,
effectively enabling the bit. To avoid this, be more conservative when
to add the mask entry: first iterate over all entries, and do nothing
if a mask.
This returns the code closer to J.A.Steffens' original version
in v204-90-g23ad4dd884.
Should fix https://github.com/systemd/systemd/issues/1977.
Diffstat (limited to 'src/nspawn/nspawn-network.h')
0 files changed, 0 insertions, 0 deletions