LU-974 ignore umask when default acl with mask is set
+# Need to remove trailing '.' when SELinux is enabled
$ umask 022
$ lfs mkdir -i 1 974
$ touch 974/f1
- $ ls -dl 974/f1 | awk '{ print $1 }'
+ $ ls -dl 974/f1 | awk '{ sub(/\\.$/, "", $1); print $1 }'
> -rw-r--r--
$ setfacl -R -d -m mask:007 974
$ touch 974/f2
- $ ls -dl 974/f2 | awk '{ print $1 }'
+ $ ls -dl 974/f2 | awk '{ sub(/\\.$/, "", $1); print $1 }'
> -rw-rw-r--+
$ umask 077
$ touch f3
- $ ls -dl f3 | awk '{ print $1 }'
+ $ ls -dl f3 | awk '{ sub(/\\.$/, "", $1); print $1 }'
> -rw-------
$ rm -rf 974
First, set up a temporary directory and create a regular file with
defined permissions.
+# Need to remove trailing '.' when SELinux is enabled
$ mkdir d
$ cd d
$ umask 027
$ touch f
$ chown nobody:nobody f
- $ ls -l f | awk -- '{ print $1, $3, $4 }'
+ $ ls -l f | awk -- '{ sub(/\\.$/, "", $1); print $1, $3, $4 }'
> -rw-r----- nobody nobody
$ su nobody
$ echo nobody > f
Test if symlinks are properly followed.
+# Need to remove trailing '.' when SELinux is enabled
$ su
$ ln -s f l
- $ ls -l l | awk -- '{ print $1, $3, $4 }'
+ $ ls -l l | awk -- '{ sub(/\\.$/, "", $1); print $1, $3, $4 }'
> lrwxrwxrwx root root
$ su bin
$ getfattr -d l
Test the sticky directories. Only the owner and privileged user can
write attributes.
+# Need to remove trailing '.' when SELinux is enabled
$ su
$ mkdir t
$ chown nobody:nobody t
$ chmod 1750 t
- $ ls -dl t | awk -- '{ print $1, $3, $4 }'
+ $ ls -dl t | awk -- '{ sub(/\\.$/, "", $1); print $1, $3, $4 }'
> drwxr-x--T nobody nobody
$ su nobody
$ setfacl -m g:bin:rwx t
Verify that the additional ACL entry grants user bin permission
to set extended attributes in user.* namespace for directories.
+# Need to remove trailing '.' when SELinux is enabled
$ su
$ mkdir d
$ chown nobody:nobody d
$ chmod 750 d
- $ ls -dl d | awk -- '{ print $1, $3, $4 }'
+ $ ls -dl d | awk -- '{ sub(/\\.$/, "", $1); print $1, $3, $4 }'
> drwxr-x--- nobody nobody
$ su nobody
$ setfacl -m g:bin:rwx d