se_access_check() will be changed in a following commit to remove the
implicit WRITE_DAC right that comes with being the owner of an object.
We want to keep this implicit right for file access, and by using
se_file_access_check() we can preserve the existing behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
}
/* check the acl against the required access mask */
- status = se_access_check(sd, token, *access_mask, access_mask);
+ status = se_file_access_check(sd, token, false, *access_mask, access_mask);
talloc_free(acl);
/* if we used a NT acl, then allow access override if the