On Tue, 2013-05-28 at 20:45 +0200, Jan Alexander Steffens (heftig) wrote: First, it's worth mentioning in the commit that this regression was introduced by 11ec7cede5bd0255e9df7bf95325d8b69993e40f .
> +int acl_calc_mask_if_needed(acl_t *acl_p) { I fully realize you did not introduce the current naming scheme in acl-util.c, but more stomping on the "acl_" namespace that currently lives in libacl.so seems like a bad idea - they'd be fully within their rights to introduce a symbol acl_calc_mask_if_needed() which we'd transparently shadow. Anyways, on to the actual content of the patch...I've sat down with "man 5 acl", and it seems possible to me you're still reintroducing the bug Lennart was trying to fix. From his commit message, I think it's that /var/log had an ACL with group-executable in the default ACL, we'll end up recalculating the mask still, and that would include the group execute. I wonder if it would work better to *not* do the fchmod() #if HAVE_ACL, and instead set that explicitly using the ACL API. Regardless though, Lennart should review this patch, I'm just adding comments since I want to see it in; the current state is totally broken. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel