journald: don't recalculate the ACL mask

Otherwise we might end up with executable files if some default ACL is set for the journal directory.
author: Lennart Poettering <lennart@poettering.net> 2013-05-07 19:07:27 +0200
committer: Lennart Poettering <lennart@poettering.net> 2013-05-07 19:20:26 +0200
commit: 11ec7cede5bd0255e9df7bf95325d8b69993e40f (patch)
tree: 671e329fedd793facf58744737a7fe8815de9169
parent: b00ad20fa0e490dde28e196739b4e18abb10e9b4 (diff)
download: systemd-11ec7cede5bd0255e9df7bf95325d8b69993e40f.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 88163c0116..cc52b8a5c9 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -227,9 +227,9 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
                 }
         }
 
+        /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */
         if (acl_get_permset(entry, &permset) < 0 ||
-            acl_add_perm(permset, ACL_READ) < 0 ||
-            acl_calc_mask(&acl) < 0) {
+            acl_add_perm(permset, ACL_READ) < 0) {
                 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
                 goto finish;
         }
author	Lennart Poettering <lennart@poettering.net>	2013-05-07 19:07:27 +0200
committer	Lennart Poettering <lennart@poettering.net>	2013-05-07 19:20:26 +0200
commit	11ec7cede5bd0255e9df7bf95325d8b69993e40f (patch)
tree	671e329fedd793facf58744737a7fe8815de9169
parent	b00ad20fa0e490dde28e196739b4e18abb10e9b4 (diff)
download	systemd-11ec7cede5bd0255e9df7bf95325d8b69993e40f.tar.gz