Linux 6.2 Introducing Dedicated VFS POSIX ACL API

Microsoft's Christian Brauner has reached the finish line on his work to create a proper VFS POSIX Access Control List (ACL) API with the code now being merged for Linux 6.2.

Up to now dealing with POSIX Access Control Lists for file/directory permissions has involved using Linux's generic extended attributes "xattr" API but has been described as error prone, hard to maintain, and type unsafe. Brauner has described the existing POSIX ACLs as being "special-cased to death all the way through the VFS" and "an uncounted number of hacks" in the code as well as "a range of hacks and duct tape exist to make this work."

The existing code isn't too pleasant...

The Linux engineer at Microsoft thus took to creating a dedicated POSIX ACL API built around the get/set inode operations. In turn the code cleans up all the existing "hackiness" around the prior code.

The dedicated VFS POSIX ACL API implementation was merged this week for Linux 6.2. Those interested in more details on this low-level code rework around POSIX ACL handling can see this pull request with Brauner's lengthy write-up on the matter.