%patch
Index: 2.4.27/Documentation/Configure.help
===================================================================
*** 2.4.27/Documentation/Configure.help.grsec	Fri Oct 15 22:12:37 2004
--- 2.4.27/Documentation/Configure.help	Fri Oct 15 22:03:32 2004
***************
*** 17593,17598 ****
--- 17593,17608 ----
  
    If unsure, say N.
  
+ POSIX ACL support
+ CONFIG_XFS_POSIX_ACL
+   POSIX Access Control Lists (ACLs) support permissions for users and
+   groups beyond the owner/group/world scheme.
+ 
+   To learn more about Access Control Lists, visit the POSIX ACLs for
+   Linux website <http://acl.bestbits.at/>.
+ 
+   If you don't know what Access Control Lists are, say N.
+ 
  Tracing support (EXPERIMENTAL)
  CONFIG_XFS_TRACE
    Say Y here to get an XFS build with activity tracing enabled.
Index: 2.4.27/fs/Config.in
===================================================================
*** 2.4.27/fs/Config.in.grsec	Fri Oct 15 22:12:18 2004
--- 2.4.27/fs/Config.in	Fri Oct 15 22:06:51 2004
***************
*** 102,107 ****
--- 102,108 ----
  dep_mbool '  UFS file system write support (DANGEROUS)' CONFIG_UFS_FS_WRITE $CONFIG_UFS_FS $CONFIG_EXPERIMENTAL
  
  tristate 'XFS filesystem support' CONFIG_XFS_FS
+ dep_mbool    '  POSIX ACL support' CONFIG_XFS_POSIX_ACL $CONFIG_XFS_FS
  dep_mbool    '  Quota support' CONFIG_XFS_QUOTA $CONFIG_XFS_FS
  dep_mbool    '  Realtime support (EXPERIMENTAL)' CONFIG_XFS_RT $CONFIG_XFS_FS $CONFIG_EXPERIMENTAL
  dep_mbool    '  Tracing support (EXPERIMENTAL)' CONFIG_XFS_TRACE $CONFIG_XFS_FS $CONFIG_EXPERIMENTAL
Index: 2.4.27/fs/namei.c
===================================================================
*** 2.4.27/fs/namei.c.grsec	Fri Oct 15 22:12:02 2004
--- 2.4.27/fs/namei.c	Fri Oct 15 22:06:51 2004
***************
*** 1083,1090 ****
  			goto exit_dput;
  		}
  
! 		error = vfs_create(dir->d_inode, dentry,
! 				   mode & ~current->fs->umask);
  		if (!error)
  			gr_handle_create(dentry, nd->mnt);
  
--- 1083,1091 ----
  			goto exit_dput;
  		}
  
! 		if (!IS_POSIXACL(dir->d_inode))
! 			mode &= ~current->fs->umask;
! 		error = vfs_create(dir->d_inode, dentry, mode);
  		if (!error)
  			gr_handle_create(dentry, nd->mnt);
  
***************
*** 1347,1353 ****
  	dentry = lookup_create(&nd, 0);
  	error = PTR_ERR(dentry);
  
! 	mode &= ~current->fs->umask;
  	if (!IS_ERR(dentry)) {
  		if (gr_handle_chroot_mknod(dentry, nd.mnt, mode) ||
  		    gr_handle_chroot_chmod(dentry, nd.mnt, mode)) {
--- 1348,1355 ----
  	dentry = lookup_create(&nd, 0);
  	error = PTR_ERR(dentry);
  
! 	if (!IS_POSIXACL(nd.dentry->d_inode))
! 		mode &= ~current->fs->umask;
  	if (!IS_ERR(dentry)) {
  		if (gr_handle_chroot_mknod(dentry, nd.mnt, mode) ||
  		    gr_handle_chroot_chmod(dentry, nd.mnt, mode)) {
***************
*** 1439,1446 ****
  				error = -EACCES;
  
  			if(!error)
! 				error = vfs_mkdir(nd.dentry->d_inode, dentry,
! 					  mode & ~current->fs->umask);
  			if(!error)
  				gr_handle_create(dentry, nd.mnt);
  			
--- 1441,1449 ----
  				error = -EACCES;
  
  			if(!error)
! 				if (!IS_POSIXACL(nd.dentry->d_inode))
! 					mode &= ~current->fs->umask;
! 			error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
  			if(!error)
  				gr_handle_create(dentry, nd.mnt);
  			
Index: 2.4.27/include/linux/fs.h
===================================================================
*** 2.4.27/include/linux/fs.h.grsec	Fri Oct 15 22:12:57 2004
--- 2.4.27/include/linux/fs.h	Fri Oct 15 22:09:47 2004
***************
*** 111,116 ****
--- 111,117 ----
  #define MS_MOVE		8192
  #define MS_REC		16384
  #define MS_VERBOSE	32768
+ #define MS_POSIXACL	65536	/* VFS does not apply the umask */
  #define MS_ACTIVE	(1<<30)
  #define MS_NOUSER	(1<<31)
  
***************
*** 161,166 ****
--- 162,168 ----
  #define IS_IMMUTABLE(inode)	((inode)->i_flags & S_IMMUTABLE)
  #define IS_NOATIME(inode)	(__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME))
  #define IS_NODIRATIME(inode)	__IS_FLG(inode, MS_NODIRATIME)
+ #define IS_POSIXACL(inode)	__IS_FLG(inode, MS_POSIXACL)
  
  #define IS_DEADDIR(inode)	((inode)->i_flags & S_DEAD)
  
Index: 2.4.27/include/linux/posix_acl_xattr.h
===================================================================
--- 2.4.27/include/linux/posix_acl_xattr.h	Thu Jan  1 10:00:00 1970
+++ 2.4.27/include/linux/posix_acl_xattr.h	Mon Aug  9 13:56:02 2004
@@ -0,0 +1,67 @@
+/*
+  File: linux/posix_acl_xattr.h
+
+  Extended attribute system call representation of Access Control Lists.
+
+  Copyright (C) 2000 by Andreas Gruenbacher <a.gruenbacher@xxxxxxxxxxxx>
+  Copyright (C) 2002 SGI - Silicon Graphics, Inc <linux-xfs@xxxxxxxxxxx>
+ */
+#ifndef _POSIX_ACL_XATTR_H
+#define _POSIX_ACL_XATTR_H
+
+/* Extended attribute names */
+#define POSIX_ACL_XATTR_ACCESS	"system.posix_acl_access"
+#define POSIX_ACL_XATTR_DEFAULT	"system.posix_acl_default"
+
+/* Supported ACL a_version fields */
+#define POSIX_ACL_XATTR_VERSION	0x0002
+
+
+/* An undefined entry e_id value */
+#define ACL_UNDEFINED_ID	(-1)
+
+/* ACL entry e_tag field values */
+#define ACL_USER_OBJ		(0x01)
+#define ACL_USER		(0x02)
+#define ACL_GROUP_OBJ		(0x04)
+#define ACL_GROUP		(0x08)
+#define ACL_MASK		(0x10)
+#define ACL_OTHER		(0x20)
+
+/* ACL entry e_perm bitfield values */
+#define ACL_READ		(0x04)
+#define ACL_WRITE		(0x02)
+#define ACL_EXECUTE		(0x01)
+
+
+typedef struct {
+	__u16			e_tag;
+	__u16			e_perm;
+	__u32			e_id;
+} posix_acl_xattr_entry;
+
+typedef struct {
+	__u32			a_version;
+	posix_acl_xattr_entry	a_entries[0];
+} posix_acl_xattr_header;
+
+
+static inline size_t
+posix_acl_xattr_size(int count)
+{
+	return (sizeof(posix_acl_xattr_header) +
+		(count * sizeof(posix_acl_xattr_entry)));
+}
+
+static inline int
+posix_acl_xattr_count(size_t size)
+{
+	if (size < sizeof(posix_acl_xattr_header))
+		return -1;
+	size -= sizeof(posix_acl_xattr_header);
+	if (size % sizeof(posix_acl_xattr_entry))
+		return -1;
+	return size / sizeof(posix_acl_xattr_entry);
+}
+
+#endif	/* _POSIX_ACL_XATTR_H */