From: Michael Orlitzky Date: Thu, 1 Mar 2018 22:25:05 +0000 (-0500) Subject: apply_default_acl_ex: don't loop through the ACL unless we're masking exec. X-Git-Tag: v0.2.0~14 X-Git-Url: https://gitweb.michael.orlitzky.com/?p=apply-default-acl.git;a=commitdiff_plain;h=0ff54b9d02fab3c36c91d5e26d280417521fe198 apply_default_acl_ex: don't loop through the ACL unless we're masking exec. --- diff --git a/src/libadacl.c b/src/libadacl.c index 0d07f2c..e75fdec 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -889,7 +889,13 @@ int apply_default_acl_ex(const char* path, */ /* Now we potentially need to mask the execute permissions in the - ACL on fd. First obtain the current one... */ + ACL on fd; or maybe now. */ + if (allow_exec) { + goto cleanup; + } + + /* OK, we need to mask some execute permissions. First obtain the + current ACL... */ new_acl = acl_get_fd(fd); if (new_acl == (acl_t)NULL) { perror("apply_default_acl_ex (acl_get_fd)"); @@ -933,21 +939,19 @@ int apply_default_acl_ex(const char* path, tag == ACL_GROUP_OBJ || tag == ACL_OTHER) { - if (!allow_exec) { - /* The mask doesn't affect acl_user_obj, acl_group_obj (in - minimal ACLs) or acl_other entries, so if execute should be - masked, we have to do it manually. */ - if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_delete_perm)"); - result = ACL_ERROR; - goto cleanup; - } - - if (acl_set_permset(entry, permset) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_set_permset)"); - result = ACL_ERROR; - goto cleanup; - } + /* The mask doesn't affect acl_user_obj, acl_group_obj (in + minimal ACLs) or acl_other entries, so if execute should be + masked, we have to do it manually. */ + if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { + perror("apply_default_acl_ex (acl_delete_perm)"); + result = ACL_ERROR; + goto cleanup; + } + + if (acl_set_permset(entry, permset) == ACL_ERROR) { + perror("apply_default_acl_ex (acl_set_permset)"); + result = ACL_ERROR; + goto cleanup; } }