I'm seeing a weir behavior with sys-apps/acl-2.2.53. With 2.2.52-r1, reading and setting acl on a file works as expected: > touch 52 > getfacl 52 # file: 52 # owner: cova # group: cova user::rw- group::r-- other::r-- > setfacl -m g:cova:rwx 52 > getfacl 52 # file: 52 # owner: cova # group: cova user::rw- group::r-- group:cova:rwx mask::rwx other::r-- However, this changes with 2.2.53: > touch 53 > getfacl 53 # file: 53 # owner: cova # group: cova other::r-- > setfacl -m g:cova:rwx 53 setfacl: 53: Malformed access ACL `group:cova:rwx,mask::rwx,other::r--': Missing or wrong entry at entry 1 > getfacl 53 # file: 53 # owner: cova # group: cova other::r-- The system is the same, I've only emerged 2.2.53 and tested again. This causes various side effects, one being udev unable to enforce uaccess param. Reproducible: Always Portage 2.3.50 (python 3.5.5-final-0, default/linux/amd64/17.1/desktop/plasma/systemd, gcc-8.2.0, glibc-2.27-r6, 4.18.11-cova x86_64) ================================================================= System uname: Linux-4.18.11-cova-x86_64-Intel-R-_Core-TM-_i7-6820HQ_CPU_@_2.70GHz-with-gentoo-2.6 KiB Mem: 65296332 total, 60479620 free KiB Swap: 8388604 total, 8388604 free Timestamp of repository gentoo: Sun, 30 Sep 2018 08:46:30 +0000 Head commit of repository gentoo: 68c6695d3490cd7ac86081fc7e3d2bc1a8c60958 sh bash 4.4_p23 ld GNU ld (Gentoo 2.31.1 p3) 2.31.1 app-shells/bash: 4.4_p23::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.26.2::gentoo dev-lang/python: 2.7.15::gentoo, 3.4.8-r1::gentoo, 3.5.5-r1::gentoo, 3.6.6::gentoo, 3.7.0::gentoo dev-util/cmake: 3.12.2::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6-r1::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.11.6-r3::gentoo, 1.13.4-r2::gentoo, 1.16.1-r1::gentoo sys-devel/binutils: 2.31.1-r1::gentoo sys-devel/gcc: 7.3.0-r5::gentoo, 8.2.0-r3::gentoo sys-devel/gcc-config: 2.0::gentoo sys-devel/libtool: 2.4.6-r5::gentoo sys-devel/make: 4.2.1-r4::gentoo sys-kernel/linux-headers: 4.17::gentoo (virtual/os-headers) sys-libs/glibc: 2.27-r6::gentoo Repositories: gentoo location: /usr/portage sync-type: git sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git priority: -1000 sync-git-verify-commit-signature: yes kde location: /var/lib/layman/kde sync-type: laymansync sync-uri: https://github.com/gentoo/kde.git masters: gentoo priority: 50 pypi location: /var/lib/layman/pypi sync-type: laymansync sync-uri: gs-pypi pypi masters: gentoo priority: 50 torbrowser location: /var/lib/layman/torbrowser sync-type: laymansync sync-uri: https://github.com/MeisterP/torbrowser-overlay.git masters: gentoo priority: 50 vmware location: /var/lib/layman/vmware sync-type: laymansync sync-uri: https://anongit.gentoo.org/git/proj/vmware.git masters: gentoo priority: 50 local location: /usr/overlay masters: gentoo priority: 51 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O3 -fgraphite-identity -floop-nest-optimize -ftree-loop-distribution -flto=4 -fuse-linker-plugin -pipe -fpie -fpic -fstack-protector-strong" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /usr/share/sddm/scripts/Xsetup" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O3 -fgraphite-identity -floop-nest-optimize -ftree-loop-distribution -flto=4 -fuse-linker-plugin -pipe -fpie -fpic -fstack-protector-strong" DISTDIR="/usr/portage/distfiles" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs clean-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_IE.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -march=native -O3 -fgraphite-identity -floop-nest-optimize -ftree-loop-distribution -flto=4 -fuse-linker-plugin -pipe -fpie -fpic -fstack-protector-strong -Wl,--as-needed -Wl,--hash-style=gnu" LINGUAS="en it de" MAKEOPTS="-j8" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="3dnow 3dnowext 3dnowprefetch X \ a52 aac aalib acl acpi activities aim alsa amd64 apng appstream ares asf ati audio audiofile avahi bash-completion berkdb bidi bl bluetooth branding bri bzip2 cairo caps cdda cdr cjk cli crypt cups curl cxx dba dbus declarative device-mapper dga divx divx4linux dri dts dv dvb dvd dvdr dvdread eap-sim edl egl emboss encode ethereal evdev exif expat faad fam fame fbcon ffmpeg fftw flac force-cgi-redirect fortran ftp gallium garmin gd gdbm gif gimp glamor gmedia gmp gnutls gphoto2 gpm gps gsm gtk h264 h323 iconv icq icu idn ifp ilbc imagemagick imap innodb ipod iproute2 ipv6 ithreads jabber java javascript joystick jpeg kde kipi kontact kvm kwallet lastfm lcms ldap libnotify libtirpc libvirtd live lm_sensors lua lvm lxc lzma lzo mad maildir matroska mbox mdnsresponder-compat mhash mime mjpeg mmap mmx mmxext mng modules mozdevelop mozilla mp3 mp4 mpeg msn mtp multilib mysql ncurses network networkmanager new-hpcups nfsv4 njb nls nptl nptlonly nsplugin offensive ofx ogg oggvorbis ogm openal openexr opengl openmp oscar pam pango parted pcap pcre pdf phonon php plasma plotutils png policykit ppds pulseaudio qemu qml qt5 readline real rtc ruby samba sasl sdl seccomp semantic-desktop semantic-destkop sha512 sip slang slp smartcard sndfile snmp sox speex spell srt sse sse2 ssh ssl ssse3 startup-notification svg symlink systemd tcltk tcpd telepathy theora threads tiff tk touchpad tremor truetype udev udisks unicode upower usb utempter v4l v4l2 vaapi vcd vde vdpaum vhosts video videos vim-syntax virt-network virtualbox vorbis vulkan wav wayland webkit widgets wifi wmf wmp wps wxwidgets wxwindows x264 xanim xattr xcb xcomposite xface xft xine xinerama xml xosd xpm xscreensaver xsl xv xvid zeroconf zlib zpm" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64 pc" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en it de en_IE" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LLVM_TARGETS="X86" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_4 python3_5 python3_6" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby23 ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="i965 intel nvidia v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
The issue is related to LTO flag for compilation. Removing LTO will make the issue to disappear. I informed upstream about this finding.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=080e9741c7df9ab85f4900fc0500821a28f5755f commit 080e9741c7df9ab85f4900fc0500821a28f5755f Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-11-13 13:08:52 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-11-13 13:16:08 +0000 sys-apps/acl: Filter out -flto* in order to get functional binaries Closes: https://bugs.gentoo.org/667372 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> sys-apps/acl/acl-2.2.53.ebuild | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
(In reply to Fabio Coatti from comment #1) > I informed upstream about this finding. Could you give a link? Thanks.
(In reply to Sam James from comment #3) > (In reply to Fabio Coatti from comment #1) > > I informed upstream about this finding. > > Could you give a link? Thanks. This is the first message of the thread, but the discussion led to nowhere: https://lists.nongnu.org/archive/html/acl-devel/2018-10/msg00000.html I looked at some other distros - Arch, Fedora and openSUSE and none of them have LTO disabled. Might've been fixed at some point, or it was caused by a combination of LTO and all of the other flags.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be0cb5c8f1ecbe8ce907fd5443dda4974d1b3e46 commit be0cb5c8f1ecbe8ce907fd5443dda4974d1b3e46 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-02-25 06:57:11 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-02-25 06:58:07 +0000 sys-apps/acl: drop filter-lto Drop filter-lto given it works fine now. Possibly fixed by upstream commit cad5d69545765e00715d0cb0c88a3b4c20a59c1e. Bug: https://bugs.gentoo.org/667372 Thanks-to: Kostadin Shishmanov <kostadinshishmanov@protonmail.com> Signed-off-by: Sam James <sam@gentoo.org> sys-apps/acl/acl-2.3.2-r2.ebuild | 52 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+)
