From eaca820e876bfcdc67323eac6dd43ecc420968f2 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 7 Feb 2021 20:01:16 +0100
Subject: fusefrontend: do not encrypt ACLs

Pass through system.posix_acl_access and system.posix_acl_default
unencrypted to fix "cp -a" problems.

"cp -a" uses "setxattr" even to set normal permissions, see
https://www.spinics.net/lists/linux-nfs/msg63986.html .

Fixes https://github.com/rfjakob/gocryptfs/issues/543
---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 7846ad3..b44071e 100644
--- a/README.md
+++ b/README.md
@@ -196,6 +196,9 @@ vNEXT, in progress
 * Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier
   when mounting via [/etc/fstab](Documentation/MANPAGE.md#fstab) ([#539](https://github.com/rfjakob/gocryptfs/issues/539))
 * Make it work with MacFUSE v4.x ([#524](https://github.com/rfjakob/gocryptfs/issues/524))
+* **Disable ACL encryption**, it causes a lot of problems ([#543](https://github.com/rfjakob/gocryptfs/issues/543), [#536](https://github.com/rfjakob/gocryptfs/issues/536))
+  * Old encrypted ACLs are reported by `gocryptfs -fsck` but otherwise ignored
+  * This fixes inheritance, but does not yet enforce them correctly
 
 v2.0-beta2, 2020-11-14
 * Improve [performance](Documentation/performance.txt#L69)
@@ -222,7 +225,7 @@ v2.0-beta1, 2020-10-15
 
 v1.8.0, 2020-05-09
 * Enable ACL support ([#453](https://github.com/rfjakob/gocryptfs/issues/453))
-  * **Warning 2021-02-07: This feature is incomplete!**
+  * **Warning 2021-02-07**: This feature is incomplete! Do not use ACLs before gocryptfs v2.0 final!
     Reading and writing ACLs works, but they are not enforced or inherited ([#542](https://github.com/rfjakob/gocryptfs/issues/542))
 * Ignore `.nfsXXX` temporary files
   ([#367](https://github.com/rfjakob/gocryptfs/issues/431))
-- 
cgit v1.2.3