* highlights.xml: Rearrange itemizedlist markup slightly.

* new-features.xml (ov-new1.7.33): Add setfacl -b option.
	* utils.xml (setfacl): Ditto.
This commit is contained in:
Corinna Vinschen 2014-10-27 10:34:17 +00:00
parent 8170e43b48
commit f1271e19c3
4 changed files with 29 additions and 10 deletions

View File

@ -1,3 +1,9 @@
2014-10-27 Corinna Vinschen <corinna@vinschen.de>
* highlights.xml: Rearrange itemizedlist markup slightly.
* new-features.xml (ov-new1.7.33): Add setfacl -b option.
* utils.xml (setfacl): Ditto.
2014-10-24 Luke Kendall <luke.kendall@cisra.canon.com.au>
* ntsec.xml: More language and typo fixes.

View File

@ -245,8 +245,9 @@ support for cloning address space between processes and several
features actively undermine a reliable <literal>fork</literal>
implementation. Three issues are especially prevalent:</para>
<para><itemizedlist>
<listitem>DLL base address collisions. Unlike *nix shared
<itemizedlist mark="bullet">
<listitem><para>DLL base address collisions. Unlike *nix shared
libraries, which use "position-independent code", Windows shared
libraries assume a fixed base address. Whenever the hard-wired
address ranges of two DLLs collide (which occurs quite often), the
@ -259,18 +260,18 @@ statically-linked dlls (dependencies known at compile time) are
resolved before <literal>cygwin1.dll</literal> initializes and
cannot be fixed afterward. This problem can only be solved by
removing the base address conflicts which cause the problem,
usually using the <literal>rebaseall</literal> tool.</listitem>
usually using the <literal>rebaseall</literal> tool.</para></listitem>
<listitem>Address space layout randomization (ASLR). Starting with
<listitem><para>Address space layout randomization (ASLR). Starting with
Vista, Windows implements ASLR, which means that thread stacks,
heap, memory-mapped files, and statically-linked dlls are placed
at different (random) locations in each process. This behaviour
interferes with a proper <literal>fork</literal>, and if an
unmovable object (process heap or system dll) ends up at the wrong
location, Cygwin can do nothing to compensate (though it will
retry a few times automatically).</listitem>
retry a few times automatically).</para></listitem>
<listitem>DLL injection by
<listitem><para>DLL injection by
<ulink url="http://cygwin.com/faq/faq.html#faq.using.bloda">
BLODA</ulink>. Badly-behaved applications which
inject dlls into other processes often manage to clobber important
@ -279,7 +280,9 @@ collisions which rebasing cannot fix. The only way to resolve this
problem is to remove (usually uninstall) the offending app. See
<xref linkend="cygwinenv-implemented-options"></xref> for the
<literal>detect_bloda</literal> option, which may be able to identify the
BLODA.</listitem></itemizedlist></para>
BLODA.</para></listitem>
</itemizedlist>
<para>In summary, current Windows implementations make it
impossible to implement a perfectly reliable fork, and occasional

View File

@ -15,6 +15,11 @@ without having to create /etc/passwd and /etc/group files. Introduce
/etc/nsswitch.conf file to configure passwd/group handling.
</para>
<listitem><para>
Add -b/--remove-all option to setfacl to reduce the ACL to only the entries
representing POSIX permission bits.
</para></listitem>
<para>
For bordercase which require to use /etc/passwd and /etc/group files,
change mkpasswd/mkgroup to generate passwd/group entries compatible with

View File

@ -1683,11 +1683,13 @@ Example: regtool.exe get '\user\software\Microsoft\Clock\iFormat'
<title>setfacl</title>
<screen>
Usage: setfacl [-r] (-f ACL_FILE | -s acl_entries) FILE...
setfacl [-r] ([-d acl_entries] [-m acl_entries]) FILE...
Usage: setfacl [-r] {-f ACL_FILE | -s acl_entries} FILE...
setfacl [-r] {-b|[-d acl_entries] [-m acl_entries]} FILE...
Modify file and directory access control lists (ACLs)
-b, --remove-all remove all extended ACL entries
-d, --delete delete one or more specified ACL entries
-f, --file set ACL entries for FILE to ACL entries read
from a ACL_FILE
@ -1699,7 +1701,7 @@ Modify file and directory access control lists (ACLs)
-h, --help output usage information and exit
-V, --version output version information and exit
At least one of (-d, -f, -m, -s) must be specified
At least one of (-b, -d, -f, -m, -s) must be specified
</screen>
<para> For each file given as parameter, <command>setfacl</command> will
@ -1733,6 +1735,9 @@ At least one of (-d, -f, -m, -s) must be specified
<para> The following options are supported: </para>
<para> <literal>-b</literal> Remove all extended ACL entries. The base
ACL entries of the owner, group and others are retained.</para>
<para> <literal>-d</literal> Delete one or more specified entries from the
file's ACL. The owner, group and others entries must not be deleted.
Acl_entries to be deleted should be specified without permissions, as in