The NFSv4 ACL merging logic that can be enabled with nfs4:acedup=merge incorrectly merges ACEs which have different flags like CI/OI/I e.g. ACL:BUILTIN\Users:ALLOWED/0x0/FULL ACL:BUILTIN\Users:ALLOWED/I/READ gets merged to ACL:BUILTIN\Users:ALLOWED/I/FULL This behaviour is wrong, ACEs with different flags cannot be merged. Patch to come
Created attachment 6723 [details] proposed patch (as in master)
Comment on attachment 6723 [details] proposed patch (as in master) Yes, I think we should take this patch for 3.6.X. But take a look at the subsequent patch I am going to attach
Created attachment 6724 [details] Patch simplifying the check I think when we pass (ace->aceFlags == aceNewFlags) then the next condition is automatic: (ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP == aceNew->aceFlags&SMB_ACE4_IDENTIFIER_GROUP) So this patch removes this second check. (Not yet pushed to master, ambi, please feel free to push.)
The simplification patch has been pushed to master. It applies to v3-6-test unmodified (after applying the first patch). Ambi: * please review. * Assign to Karolin if positive review is granted. Karolin: * No need to force this into 3.6.0 (if it is too late). But we should add it to the next release possible... Cheers - Michael
Comment on attachment 6724 [details] Patch simplifying the check yap, patch is good (i should have seen this obvious optimization by myself)
Karolin, this is for 3.6.x
Pushed to v3-6-test. Will be included in 3.6.0. Closing out bug report. Thanks!