From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sat, 28 Nov 2015 23:41:08 +0000 (-0500)
Subject: acl-util: only set the mask if not present
X-Git-Tag: v229.1~1^2~95
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=7fd82b1492ab3a8987095b237dc8c4b7ab6d00de;hp=7fd82b1492ab3a8987095b237dc8c4b7ab6d00de

acl-util: only set the mask if not present

When we have non-owner user or group entries, we need the mask
for the acl to be valid. But acl_calc_mask() calculates the mask
to include all permissions, even those that were masked before.
Apparently this happens when we inherit *:r-x permissions from
a parent directory — the kernel sets *:r-x, mask:r--, effectively
masking the executable bit. acl_calc_mask() would set the mask:r-x,
effectively enabling the bit. To avoid this, be more conservative when
to add the mask entry: first iterate over all entries, and do nothing
if a mask.

This returns the code closer to J.A.Steffens' original version
in v204-90-g23ad4dd884.

Should fix https://github.com/elogind/elogind/issues/1977.
---