+ acl_entry_t entry;
+ int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
+
+ while (ge_result == 1) {
+ int d_result = acl_delete_entry(acl, entry);
+ if (d_result == -1) {
+ perror("wipe_acls (acl_delete_entry)");
+ result = -1;
+ goto cleanup;
+ }
+
+ ge_result = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
+ }
+
+ /* Catches the first acl_get_entry as well as the ones at the end of
+ the loop. */
+ if (ge_result == -1) {
+ perror("reapply_default_acl_ng (acl_get_entry)");
+ result = -1;
+ goto cleanup;
+ }
+
+ int sf_result = acl_set_file(path, ACL_TYPE_ACCESS, acl);
+ if (sf_result == -1) {
+ perror("wipe_acls (acl_set_file)");
+ result = -1;
+ goto cleanup;
+ }
+
+ cleanup:
+ acl_free(acl);
+ return result;
+}
+
+
+int reapply_default_acl(const char* path) {
+ /* Really reapply the default ACL by looping through it. Returns one
+ for success, zero for failure (i.e. no ACL), and -1 on unexpected
+ errors. */
+ if (path == NULL) {
+ return 0;
+ }
+
+ if (!is_regular_file(path) && !is_directory(path)) {
+ return 0;
+ }
+
+ /* dirname mangles its argument */
+ char path_copy[PATH_MAX];
+ strncpy(path_copy, path, PATH_MAX-1);
+ path_copy[PATH_MAX-1] = 0;
+
+ char* parent = dirname(path_copy);
+ if (!is_directory(parent)) {
+ /* Make sure dirname() did what we think it did. */
+ return 0;
+ }
+
+ int ace_result = any_can_execute(path);
+ if (ace_result == -1) {
+ perror("reapply_default_acl_ng (any_can_execute)");
+ return -1;
+ }
+
+ bool allow_exec = (bool)ace_result;
+
+ acl_t defacl = acl_get_file(parent, ACL_TYPE_DEFAULT);
+