From: Eric Sandeen <sandeen@sgi.com>
Message-Id: <200210231401.g9NE1Cq10406@stout.americas.sgi.com>
Date: Wed, 23 Oct 2002 09:01:12 -0500
Subject: TAKE - Fix root exec access checks on files with acls
Sender: linux-xfs-bounce@oss.sgi.com
Errors-to: linux-xfs-bounce@oss.sgi.com
Precedence: bulk

Fix root exec access checks on files with acls

The standard VFS access checks look for at least one +x
bit set before allowing root (CAP_DAC_OVERRIDE) exec
access to the file.

This does the analogous thing for files with acls, looking
for at least 1 effective +x ace on the file before granting
root/CAP_DAC_OVERRIDE exec access.

There has been some discussion on the acl-devel list that
-any- +x on -any- ace (even only the mask) should allow
exec access for root, but I think this method (checking
for effective +x) makes more sense.  Easy enough to
change if the consensus shifts.

This should close internal bug 870306, although I forgot
to tell ptools that. :)

Date:  Wed Oct 23 07:00:12 PDT 2002
Workarea:  stout.americas.sgi.com:/localhome/src/sandeen/2.4.x-xfs/workarea-alwaysclean

The following file(s) were checked into:
  bonnie.engr.sgi.com:/isms/slinx/2.4.x-xfs


Modid:  2.4.x-xfs:slinx:130837a
linux/fs/xfs/xfs_acl.c - 1.37
	- When checking for CAP_DAC_OVERRIDE exec access on files
	  with acls, look for an effective exec permission in the
	  acls before granting access.