From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 7 May 2013 17:07:27 +0000 (+0200)
Subject: journald: don't recalculate the ACL mask
X-Git-Tag: v204~12
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=11ec7cede5bd0255e9df7bf95325d8b69993e40f;ds=sidebyside

journald: don't recalculate the ACL mask

Otherwise we might end up with executable files if some default ACL is
set for the journal directory.
---

diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 88163c011..cc52b8a5c 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -227,9 +227,9 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
                 }
         }
 
+        /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */
         if (acl_get_permset(entry, &permset) < 0 ||
-            acl_add_perm(permset, ACL_READ) < 0 ||
-            acl_calc_mask(&acl) < 0) {
+            acl_add_perm(permset, ACL_READ) < 0) {
                 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
                 goto finish;
         }