Document new ACL code

	* new-features.xml (ov-new2.4): Add new ACL changes.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

3 files changed, 63 insertions, 0 deletions

diff --git a/winsup/cygwin/release/2.4.0 b/winsup/cygwin/release/2.4.0
new file mode 100644
index 000000000..480b61224
--- /dev/null
+++ b/winsup/cygwin/release/2.4.0
@@ -0,0 +1,36 @@
+What's new:
+-----------
+
+- New, unified implementation of POSIX permission and ACL handling.  The
+  new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
+  they allow to inherit the S_ISGID bit.  ACL inheritance now really
+  works as desired, in a limited, but theoretically equivalent fashion
+  even for non-Cygwin processes.
+
+  To accommodate standard Windows ACLs, the POSIX permissions of the
+  owner and all other users in the ACL are computed using the Windows
+  AuthZ API.  This may slow down the computation of POSIX permissions
+  noticably in some circumstances, but is generally more correct.  The
+  new code also ignores SYSTEM and Administrators group permissions when
+  computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
+  doesn't deny access to SYSTEM and Administrators group based on the
+  value of MASK/CLASS_OBJ when creating the new ACLs.
+
+  The new code now handles the S_ISGID bit on directories as on Linux:
+  Setting S_ISGID on a directory causes new files and subdirs created
+  within to inherit its group, rather than the primary group of the user
+  who created the file.  This only works for files and directories
+  created by Cygwin processes.
+
+- New API: rpmatch.
+
+
+What changed:
+-------------
+
+- setfacl(1) now allows to use the -b and -k option combined to allow reducing
+  an ACL to only reflect standard POSIX permissions.
+
+
+Bug Fixes
+---------
diff --git a/winsup/doc/ChangeLog b/winsup/doc/ChangeLog
index 8c929774c..f20a72daf 100644
--- a/winsup/doc/ChangeLog
+++ b/winsup/doc/ChangeLog
@@ -1,5 +1,9 @@
 2015-11-18  Corinna Vinschen  <corinna@vinschen.de>
 
+	* new-features.xml (ov-new2.4): Add new ACL changes.
+
+2015-11-18  Corinna Vinschen  <corinna@vinschen.de>
+
 	* utils.xml (setfacl): Accommodate -b/-k change.
 	* new-features.xml (ov-new2.4): Add setfacl -b/-k change.
 
diff --git a/winsup/doc/new-features.xml b/winsup/doc/new-features.xml
index 059609a20..ff8c03659 100644
--- a/winsup/doc/new-features.xml
+++ b/winsup/doc/new-features.xml
@@ -9,6 +9,29 @@
 <itemizedlist mark="bullet">
 
 <listitem><para>
+New, unified implementation of POSIX permission and ACL handling.  The
+new ACLs now store the POSIX ACL MASK/CLASS_OBJ permission mask, and
+they allow to inherit the S_ISGID bit.  ACL inheritance now really
+works as desired, in a limited, but theoretically equivalent fashion
+even for non-Cygwin processes.</para>
+
+<para>To accommodate standard Windows ACLs, the POSIX permissions of
+the owner and all other users in the ACL are computed using the Windows
+AuthZ API.  This may slow down the computation of POSIX permissions
+noticably in some circumstances, but is generally more correct.
+The new code also ignores SYSTEM and Administrators group permissions
+when computing the MASK/CLASS_OBJ permission mask on old ACLs, and it
+doesn't deny access to SYSTEM and Administrators group based on the
+value of MASK/CLASS_OBJ when creating the new ACLs.</para>
+
+<para>The new code now handles the S_ISGID bit on directories as on Linux:
+Setting S_ISGID on a directory causes new files and subdirs created
+within to inherit its group, rather than the primary group of the user
+who created the file.  This only works for files and directories
+created by Cygwin processes.
+</para></listitem>
+
+<listitem><para>
 New API: rpmatch.
 </para></listitem>