Linux 6.2 Introducing Dedicated VFS POSIX ACL API

Written by Michael Larabel in Linux Storage on 14 December 2022 at 05:49 AM EST. 8 Comments
Microsoft's Christian Brauner has reached the finish line on his work to create a proper VFS POSIX Access Control List (ACL) API with the code now being merged for Linux 6.2.

Up to now dealing with POSIX Access Control Lists for file/directory permissions has involved using Linux's generic extended attributes "xattr" API but has been described as error prone, hard to maintain, and type unsafe. Brauner has described the existing POSIX ACLs as being "special-cased to death all the way through the VFS" and "an uncounted number of hacks" in the code as well as "a range of hacks and duct tape exist to make this work."

The existing code isn't too pleasant...

The Linux engineer at Microsoft thus took to creating a dedicated POSIX ACL API built around the get/set inode operations. In turn the code cleans up all the existing "hackiness" around the prior code.

The dedicated VFS POSIX ACL API implementation was merged this week for Linux 6.2. Those interested in more details on this low-level code rework around POSIX ACL handling can see this pull request with Brauner's lengthy write-up on the matter.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week