Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-25 Thread J. Bruce Fields
On Fri, Sep 25, 2015 at 01:25:41PM +0200, Andreas Gruenbacher wrote: > Here is another minor improvement that produces deny aces with fewer > permissions in them and avoids creating unnecessary deny aces in some > cases. Looks good.--b. > > Andreas > > --- > fs/richacl_compat.c | 5 ++--- > 1

Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-25 Thread Andreas Gruenbacher
Here is another minor improvement that produces deny aces with fewer permissions in them and avoids creating unnecessary deny aces in some cases. Andreas --- fs/richacl_compat.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/richacl_compat.c b/fs/richacl_compat.c ind

Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-23 Thread Andreas Gruenbacher
2015-09-22 21:02 GMT+02:00 J. Bruce Fields : > On Sat, Sep 05, 2015 at 12:27:20PM +0200, Andreas Gruenbacher wrote: >> + * Compute the permissions already denied to @who. > > I'm not sure, but may be worth commenting on the lack of everyone denies > here as you do in a couple places below. Ok

Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-23 Thread J. Bruce Fields
On Wed, Sep 23, 2015 at 03:11:45PM +0200, Andreas Gruenbacher wrote: > 2015-09-22 18:06 GMT+02:00 J. Bruce Fields : > > On Sat, Sep 05, 2015 at 12:27:20PM +0200, Andreas Gruenbacher wrote: > >> When applying the file masks to an acl, we need to ensure that no > >> process gets more permissions than

Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-23 Thread Andreas Gruenbacher
2015-09-22 18:06 GMT+02:00 J. Bruce Fields : > On Sat, Sep 05, 2015 at 12:27:20PM +0200, Andreas Gruenbacher wrote: >> When applying the file masks to an acl, we need to ensure that no >> process gets more permissions than allowed by its file mask. >> >> This may require inserting an owner@ deny ac

Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-22 Thread J. Bruce Fields
Oh, and my only comments were nits, this looks good to me: Reviewed-by: J. Bruce Fields --b. On Sat, Sep 05, 2015 at 12:27:20PM +0200, Andreas Gruenbacher wrote: > When applying the file masks to an acl, we need to ensure that no > process gets more permissions than allowed by its file

Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-22 Thread J. Bruce Fields
On Sat, Sep 05, 2015 at 12:27:20PM +0200, Andreas Gruenbacher wrote: > When applying the file masks to an acl, we need to ensure that no > process gets more permissions than allowed by its file mask. > > This may require inserting an owner@ deny ace to ensure this if the > owner mask contains fewe

Re: [RFC v7 25/41] richacl: Isolate the owner and group classes

2015-09-22 Thread J. Bruce Fields
On Sat, Sep 05, 2015 at 12:27:20PM +0200, Andreas Gruenbacher wrote: > When applying the file masks to an acl, we need to ensure that no > process gets more permissions than allowed by its file mask. > > This may require inserting an owner@ deny ace to ensure this if the > owner mask contains fewe