acl-0.6.0 release, update on capabilities work

Robert Watson rwatson at
Sun Mar 11 20:30:51 GMT 2001

I've now released an acl-0.6.0.tgz release on the TrustedBSD downloads
page which takes into account recent commits to the FreeBSD source tree,
fixes to setfacl, and some code reorganization.  I've excerpted the
CHANGES entries below.  The URL for the release is:

Kernel patches included are against FreeBSD 5.0-CURRENT from March 11,
2001, and may not apply cleanly/compile/work against other dates.

We'll probably cut a release in a few more days with an updated getfacl
that takes changes in the acl_get_{fd,file}() implementation into account,
so it can still print ACLs for non-ACL-enabled file systems (as required
by POSIX.2c for getfacl, but not POSIX.1e for acl_get_{fd,file}(), hence
the change).  In addition, both getfacl and setfacl will be committed to
the base source tree by the end of the week (I hope).

I'm also pleased to announce that Thomas Moestl, who recently joined the
FreeBSD committers team, will be assisting in bringing the Capabilities
implementation up-to-date, as well as finishing off some of the less
complete aspects of it.  As this implementation matures, I hope to start
bringing components of it into the base FreeBSD source tree in time for
5.0-RELEASE.  By 5.0-RELEASE, the kernel implementation will most likely
be completely integrated, although the userland components will take more
time (especially getting the boot process working without uid-0

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert at      NAI Labs, Safeport Network Services

0.5.2 to 0.6.0

- Generic ACL support functions have been committed to the FreeBSD
  5.0-CURRENT, and so kernel code included in this release is now reduced
  to the UFS-specific ACL implementation.
- Modify UFS ACL code so that it no longer maps permissions into ACLs if
  the appropriate ACL EAs are not available for that file system.  This
  causes ufs_getacl() to return EOPNOTSUPP if the file system doesn't
  have ACLs enabled, which more closely compliex with POSIX.1e.  As a
  result, getfacl now has to be modified to perform ACL emulation for
  acl-impaired file systems itself.
- Move ACL vnode operations from ufs_vnops.c to ufs_acl.c, seperating
  the ACL code from the remainder of UFS a little.  Modifications are
  still required to ufs_vnops.c to add the new vnode operations, and
  to modify ufs_access(), ufs_mkdir(), and ufs_makeinode().
- Various cleanups in the setfacl tool, including improved sanity checking
  of ACLs, cleanup of ACL mask generation, style cleanup, etc.

To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list