diff -urNp ref/Documentation/Configure.help 2.4.20pre5aa2/Documentation/Configure.help
--- ref/Documentation/Configure.help Fri Sep 6 01:19:24 2002
+++ 2.4.20pre5aa2/Documentation/Configure.help Fri Sep 6 01:19:27 2002
@@ -12540,6 +12540,20 @@ CONFIG_ISP16_CDI
The module will be called isp16.o. If you want to compile it as a
module, say M here and read <file:Documentation/modules.txt>.
+Posix Access Control Lists
+CONFIG_FS_POSIX_ACL
+ Posix Access Control Lists (ACLs) support permissions for users and
+ groups beyond the owner/group/world scheme.
+
+ To learn more about Access Control Lists, visit the Posix ACLs for
+ Linux website <http://acl.bestbits.at/>.
+
+ If you plan to use Access Control Lists, you may also need the
+ getfacl and setfacl utilities, along with some additional patches
+ from the website.
+
+ If you don't know what Access Control Lists are, say N.
+
iSeries Virtual I/O CD Support
CONFIG_VIOCD
If you are running Linux on an IBM iSeries system and you want to
diff -urNp ref/fs/Config.in 2.4.20pre5aa2/fs/Config.in
--- ref/fs/Config.in Fri Sep 6 01:19:24 2002
+++ 2.4.20pre5aa2/fs/Config.in Fri Sep 6 01:19:27 2002
@@ -4,6 +4,8 @@
mainmenu_option next_comment
comment 'File systems'
+bool 'POSIX Access Control Lists' CONFIG_FS_POSIX_ACL
+
bool 'Quota support' CONFIG_QUOTA
dep_tristate ' Old quota format support' CONFIG_QFMT_V1 $CONFIG_QUOTA
dep_tristate ' VFS v0 quota format support' CONFIG_QFMT_V2 $CONFIG_QUOTA
diff -urNp ref/fs/namei.c 2.4.20pre5aa2/fs/namei.c
--- ref/fs/namei.c Fri Sep 6 01:19:22 2002
+++ 2.4.20pre5aa2/fs/namei.c Fri Sep 6 01:19:57 2002
@@ -1058,8 +1058,9 @@ do_last:
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
- error = vfs_create(dir->d_inode, dentry,
- mode & ~current->fs->umask);
+ if (!IS_POSIXACL(dir->d_inode))
+ mode &= ~current->fs->umask;
+ error = vfs_create(dir->d_inode, dentry, mode);
up(&dir->d_inode->i_sem);
#ifndef DENTRY_WASTE_RAM
if (error)
@@ -1294,7 +1295,8 @@ asmlinkage long sys_mknod(const char * f
dentry = lookup_create(&nd, 0);
error = PTR_ERR(dentry);
- mode &= ~current->fs->umask;
+ if (!IS_POSIXACL(nd.dentry->d_inode))
+ mode &= ~current->fs->umask;
if (!IS_ERR(dentry)) {
switch (mode & S_IFMT) {
case 0: case S_IFREG:
@@ -1362,8 +1364,9 @@ asmlinkage long sys_mkdir(const char * p
dentry = lookup_create(&nd, 1);
error = PTR_ERR(dentry);
if (!IS_ERR(dentry)) {
- error = vfs_mkdir(nd.dentry->d_inode, dentry,
- mode & ~current->fs->umask);
+ if (!IS_POSIXACL(nd.dentry->d_inode))
+ mode &= ~current->fs->umask;
+ error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
dput(dentry);
}
up(&nd.dentry->d_inode->i_sem);
diff -urNp ref/include/linux/fs.h 2.4.20pre5aa2/include/linux/fs.h
--- ref/include/linux/fs.h Fri Sep 6 01:19:23 2002
+++ 2.4.20pre5aa2/include/linux/fs.h Fri Sep 6 01:19:27 2002
@@ -111,6 +111,7 @@ extern int leases_enable, dir_notify_ena
#define MS_MOVE 8192
#define MS_REC 16384
#define MS_VERBOSE 32768
+#define MS_POSIXACL 65536 /* VFS does not apply the umask */
#define MS_ACTIVE (1<<30)
#define MS_NOUSER (1<<31)
@@ -161,6 +162,7 @@ extern int leases_enable, dir_notify_ena
#define IS_IMMUTABLE(inode) ((inode)->i_flags & S_IMMUTABLE)
#define IS_NOATIME(inode) (__IS_FLG(inode, MS_NOATIME) || ((inode)->i_flags & S_NOATIME))
#define IS_NODIRATIME(inode) __IS_FLG(inode, MS_NODIRATIME)
+#define IS_POSIXACL(inode) __IS_FLG(inode, MS_POSIXACL)
#define IS_DEADDIR(inode) ((inode)->i_flags & S_DEAD)
diff -urNp ref/include/linux/posix_acl_xattr.h 2.4.20pre5aa2/include/linux/posix_acl_xattr.h
--- ref/include/linux/posix_acl_xattr.h Thu Jan 1 01:00:00 1970
+++ 2.4.20pre5aa2/include/linux/posix_acl_xattr.h Fri Sep 6 01:19:27 2002
@@ -0,0 +1,66 @@
+/*
+ File: linux/posix_acl_xattr.h
+
+ Extended attribute system call representation of Access Control Lists.
+
+ Copyright (C) 2000 by Andreas Gruenbacher <a.gruenbacher@computer.org>
+ */
+#ifndef _POSIX_ACL_XATTR_H
+#define _POSIX_ACL_XATTR_H
+
+/* Extended attribute names */
+#define POSIX_ACL_XATTR_ACCESS "system.posix_acl_access"
+#define POSIX_ACL_XATTR_DEFAULT "system.posix_acl_default"
+
+/* Supported ACL a_version fields */
+#define POSIX_ACL_XATTR_VERSION 0x0002
+
+
+/* An undefined entry e_id value */
+#define ACL_UNDEFINED_ID (-1)
+
+/* ACL entry e_tag field values */
+#define ACL_USER_OBJ (0x01)
+#define ACL_USER (0x02)
+#define ACL_GROUP_OBJ (0x04)
+#define ACL_GROUP (0x08)
+#define ACL_MASK (0x10)
+#define ACL_OTHER (0x20)
+
+/* ACL entry e_perm bitfield values */
+#define ACL_READ (0x04)
+#define ACL_WRITE (0x02)
+#define ACL_EXECUTE (0x01)
+
+
+typedef struct {
+ __u16 e_tag;
+ __u16 e_perm;
+ __u32 e_id;
+} posix_acl_xattr_entry;
+
+typedef struct {
+ __u32 a_version;
+ posix_acl_xattr_entry a_entries[0];
+} posix_acl_xattr_header;
+
+
+static inline size_t
+posix_acl_xattr_size(int count)
+{
+ return (sizeof(posix_acl_xattr_header) +
+ (count * sizeof(posix_acl_xattr_entry)));
+}
+
+static inline int
+posix_acl_xattr_count(size_t size)
+{
+ if (size < sizeof(posix_acl_xattr_header))
+ return -1;
+ size -= sizeof(posix_acl_xattr_header);
+ if (size % sizeof(posix_acl_xattr_entry))
+ return -1;
+ return size / sizeof(posix_acl_xattr_entry);
+}
+
+#endif /* _POSIX_ACL_XATTR_H */
diff -urNp ref/include/linux/posix_cap_xattr.h 2.4.20pre5aa2/include/linux/posix_cap_xattr.h
--- ref/include/linux/posix_cap_xattr.h Thu Jan 1 01:00:00 1970
+++ 2.4.20pre5aa2/include/linux/posix_cap_xattr.h Fri Sep 6 01:19:27 2002
@@ -0,0 +1,27 @@
+/*
+ File: linux/posix_cap_xattr.h
+
+ Extended attribute representation of capabilities
+*/
+#ifndef _POSIX_CAP_XATTR_H
+#define _POSIX_CAP_XATTR_H
+
+#define POSIX_CAP_XATTR "system.posix_capabilities"
+#define POSIX_CAP_XATTR_VERSION 0x0001
+
+typedef __u64 posix_cap_xattr_value;
+
+typedef struct {
+ __u32 c_version;
+ __u32 c_abiversion;
+ posix_cap_xattr_value c_effective;
+ posix_cap_xattr_value c_permitted;
+ posix_cap_xattr_value c_inheritable;
+} posix_cap_xattr;
+
+static inline size_t posix_cap_xattr_size(void)
+{
+ return (sizeof(posix_cap_xattr));
+}
+
+#endif /* _POSIX_CAP_XATTR_H */