On Tue, Jan 4, 2022 at 12:31 AM Michael Orlitzky <m...@gentoo.org> wrote: > > On Tue, 2022-01-04 at 03:38 +0000, Sam James wrote: > > > > ACL is kind of similar to what Ionen said for PAM, i.e. sometimes > > people may want to turn it off and it makes sense to expose > > this option for those who do, but we don't need to try support it. > > > > This is another important one. It has security implications, is highly > confusing, requires kernel support, and is nonstandard as a USE flag > and as an implementation. Most people should have it off to avoid > surprises, but disabling it in the kernel can make the userland > software complain when explicitly built with ACL support.
I disagree with the claim that "most people" should disable ACL support at build time. That just gives you partially functional tools. The ACL behavior can generally be controlled using runtime options. Also, you might be able to get away with disabling ACL support on a server, but desktop users will want ACL support enabled to get properly functioning udev rules.
