From 218b39acae324955b089dcfc191b0270b6bafb62 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 22 Nov 2012 14:49:54 +0000
Subject: New APIs: Implement POSIX ACLs.

This adds the following new APIs:
 - acl_get_file
 - acl_set_file
 - acl_delete_def_file
---
 TODO | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

(limited to 'TODO')

diff --git a/TODO b/TODO
index 4ba003a7..d0939bcf 100644
--- a/TODO
+++ b/TODO
@@ -588,20 +588,11 @@ is very poorly designed and essentially impossible for us to use:
 particularly if we also want to maintain backwards compatibility with
 Ruby 1.8, and/or maintain volatile VALUEs on the stack.
 
-ACLs and capabilities
----------------------
-
-We need to model both filesystem ACLs and filesystem capabilities
-through the API.  This is particularly important in order to be able
-to implement SCAP.
-
-ACLs can be read and written using the acl(5) library and the
-functions like acl_set_file(3) etc.
+Filesystem capabilities
+-----------------------
 
-Setting the ACL on a file sets the extended attribute
-'system.posix_acl_access' to a binary blob.  The kernel has a whole
-bunch of complex code that seems to interpret these
-(linux/fs/posix_acl.c).
+We need to model filesystem capabilities through the API.  This is
+particularly important in order to be able to implement SCAP.
 
 Filesystem capabilities can be read and written using the libcap(3)
 library and functions like cap_get_file, cap_set_file.
-- 
cgit