Fix root exec access checks on files with acls
The standard VFS access checks look for at least one +x
bit set before allowing root (CAP_DAC_OVERRIDE) exec
access to the file.
This does the analogous thing for files with acls, looking
for at least 1 effective +x ace on the file before granting
root/CAP_DAC_OVERRIDE exec access.
There has been some discussion on the acl-devel list that
-any- +x on -any- ace (even only the mask) should allow
exec access for root, but I think this method (checking
for effective +x) makes more sense. Easy enough to
change if the consensus shifts.
This should close internal bug 870306, although I forgot
to tell ptools that. :)
Date: Wed Oct 23 07:00:12 PDT 2002
The following file(s) were checked into:
linux/fs/xfs/xfs_acl.c - 1.37
- When checking for CAP_DAC_OVERRIDE exec access on files
with acls, look for an effective exec permission in the
acls before granting access.