Bug 1714077

Description of problem:
getfacl follows symlinks, even without -L

Version-Release number of selected component (if applicable):

# rpm -qa | grep -w acl
acl-2.2.51-14.el7.x86_64


How reproducible:
Always

Steps to Reproduce:

Make sure /bin is symlink to /usr/bin

1. # ls -l /bin
lrwxrwxrwx. 1 root root 7 May 24 04:05 /bin -> usr/bin

2. getfacl /bin | grep -w file  | less
# file: bin
# file: bin/grotty
# file: bin/catchsegv
# file: bin/gencat
# file: bin/getent
# file: bin/wall
# file: bin/iconv
# file: bin/nl-route-add


Actual results:
Lists acl of /bin and others by following symlinks

Expected results:

To list acl of only /bin

# getfacl /bin
getfacl: Removing leading '/' from absolute path names
# file: bin/
# owner: root
# group: root
user::r-x
group::r-x
other::r-x


Additional info:
Need to back port the below upstream patch:

http://git.savannah.gnu.org/cgit/acl.git/commit/?id=63451a0

# git show 63451a06b7484d220750ed8574d3ee84e156daf5 
commit 63451a06b7484d220750ed8574d3ee84e156daf5
Author: Andreas Gruenbacher <agruen>
Date:   Tue Jun 23 00:29:45 2009 +0200

    Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
    
    This fixes http://oss.sgi.com/bugzilla/show_bug.cgi?id=790
    "getfacl follows symlinks, even without -L".

diff --git a/doc/CHANGES b/doc/CHANGES
index 327a19b..c5ff1a8 100644
--- a/doc/CHANGES
+++ b/doc/CHANGES
@@ -1,3 +1,6 @@
+* Make sure that getfacl -R only calls stat(2) on symlinks when it needs to.
+  This fixes http://oss.sgi.com/bugzilla/show_bug.cgi?id=790 "getfacl follows
+  symlinks, even without -L".
 * Stop quoting nonprintable characters in the getfacl output: what is printable
   or not depends on the locale settings, and getfacl often gets it wrong. We
   still need to quote a few special characters like newlines so that setfacl
diff --git a/getfacl/getfacl.c b/getfacl/getfacl.c
index fc650e3..b3e6200 100644
--- a/getfacl/getfacl.c
+++ b/getfacl/getfacl.c
@@ -70,7 +70,7 @@ struct option long_options[] = {
 const char *progname;
 const char *cmd_line_options;
 
-int walk_flags = WALK_TREE_DEREFERENCE;
+int walk_flags = WALK_TREE_DEREFERENCE_TOPLEVEL;
 int opt_print_acl;
 int opt_print_default_acl;
 int opt_strip_leading_slash = 1;
@@ -642,7 +642,7 @@ int main(int argc, char *argv[])
                        case 'L':  /* follow all symlinks */
                                if (posixly_correct)
                                        goto synopsis;
-                               walk_flags |= WALK_TREE_LOGICAL;
+                               walk_flags |= WALK_TREE_LOGICAL | WALK_TREE_DEREFERENCE;
                                walk_flags &= ~WALK_TREE_PHYSICAL;
                                break;
 
@@ -650,7 +650,8 @@ int main(int argc, char *argv[])
                                if (posixly_correct)
                                        goto synopsis;
                                walk_flags |= WALK_TREE_PHYSICAL;
-                               walk_flags &= ~WALK_TREE_LOGICAL;
+                               walk_flags &= ~(WALK_TREE_LOGICAL | WALK_TREE_DEREFERENCE |
+                                               WALK_TREE_DEREFERENCE_TOPLEVEL);
                                break;
 
                        case 's':  /* skip files with only base entries */