[systemd-devel] [PATCH] journald: DO recalculate the ACL mask, but only if it doesn't exist
Colin Walters
walters at verbum.org
Wed May 29 06:14:05 PDT 2013
On Tue, 2013-05-28 at 20:45 +0200, Jan Alexander Steffens (heftig)
wrote:
First, it's worth mentioning in the commit that this regression
was introduced by 11ec7cede5bd0255e9df7bf95325d8b69993e40f .
> +int acl_calc_mask_if_needed(acl_t *acl_p) {
I fully realize you did not introduce the current naming scheme in
acl-util.c, but more stomping on the "acl_" namespace that currently
lives in libacl.so seems like a bad idea - they'd be fully within their
rights to introduce a symbol acl_calc_mask_if_needed() which we'd
transparently shadow.
Anyways, on to the actual content of the patch...I've sat down with
"man 5 acl", and it seems possible to me you're still reintroducing the
bug Lennart was trying to fix. From his commit message, I think it's
that /var/log had an ACL with group-executable in the default ACL, we'll
end up recalculating the mask still, and that would include the group
execute.
I wonder if it would work better to *not* do the fchmod() #if HAVE_ACL,
and instead set that explicitly using the ACL API.
Regardless though, Lennart should review this patch, I'm just adding
comments since I want to see it in; the current state is totally broken.
More information about the systemd-devel
mailing list