Created attachment 14322 [details] vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited The option in File Explorer for disabling inheritance and converting inherited permissions into explicit permissions does not work with zfsacl enabled. The issue is trivial to reproduce, but I'm happy to provide pcaps and logs if they are required. On FreeBSD this was a two-part fix. I already patched sysutils/libsunacl to expose ACE_INHERITED_ACE. This patch adds a new configuration option for setting the dacl_protected control flag in the zfsacl vfs module, and defaults to preserving previous behavior. If ACE_INHERITED_ACE isn't present in the any of the members of the ACL, then set dacl_protected.