- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Fix bug where NFSv4 ACL enforcement code wouldn't unconditionally
allow the owner to read and write ACL and file attributes when there
was no entry with subject matching the owner. In other words,
'getfacl meh' shouldn't fail for the owner if the ACL looks like this:

# file: meh
# owner: trasz
# group: wheel
user:root:------a-------:------:allow

Reported by: kientzle

Add module load/unload stubs.

Remove assertion against empty NFSv4 ACLs. An empty ACL is not exactly
valid - we don't allow for setting it on a file, for example - but it's
not something we should assert on.

For STABLE kernel, it changes nothing, because it's not compiled with
INVARIANTS. If it was, it would fix crashes. It also fixes an assert
in libc encountered with NFSv4 without nfsuserd(8) running.

Submitted by: Yuri Pankov (earlier version)
MFC after: 1 month

Make UFS use PSARC/2010/029 NFSv4 ACL semantics by default, bringing
it in line with ZFSv28.

X-MFC-After: ZFSv28.

Move the code around so that libc behaviour does not depend on a variable
that was supposed to be kernel-only. There should be no functional changes.

Temporarily revert r219272; it breaks acl_is_trivial_np(3).

Make UFS use PSARC/2010/029 NFSv4 ACL semantics by default, just like
ZFSv28 does.

MFC after: 2 months

Adapt filesystem-independent NFSv4 ACL code (used by UFS, but not by ZFS)
to PSARC/2010/029. In short, the semantics is simplified - "weird stuff"
no longer happens after chmod, entries don't get duplicated during
inheritance, and trivial ACLs no longer contain three "DENY" entries,
which is also more friendly to MS Windows.

By default, UFS keeps using old semantics. To change it, set sysctl
vfs.acl_nfs4_old_semantics to 0. I'll flip the switch when ZFSv28
hits the tree, to keep these two in sync - ZFS v28 uses PSARC semantics,
and ZFS v15 uses the old one.

Fix uninitialized variable.

Found with: Coverity Prevent(tm)
CID: 8632

Remove workaround for ZFS bug; fix was committed to the //depot/user/pjd/zfs/...
branch some time ago.

MFC after: two weeks

First step at adopting FreeBSD to support PSARC/2010/029. This makes
acl_is_trivial_np(3) properly recognize the new trivial ACLs. From
the user point of view, that means "ls -l" no longer shows plus signs
for all the files when running ZFS v28.

execve(2) has a special check for file permissions: a file must have at
least one execute bit set, otherwise execve(2) will return EACCES even
for an user with PRIV_VFS_EXEC privilege.

Add the check also to vaccess(9), vaccess_acl_nfs4(9) and
vaccess_acl_posix1e(9). This makes access(2) to better agree with
execve(2). Because ZFS doesn't use vaccess(9) for VEXEC, add the check
to zfs_freebsd_access() too. There may be other file systems which are
not using vaccess*() functions and need to be handled separately.

PR: kern/125009
Reviewed by: bde, trasz
Approved by: pjd (ZFS part)

The acl_cnt field is unsigned; no point in checking if it's >= 0.

Found with: Coverity Prevent
CID: 3683

Fix comments.

Now that all the callers seem to be fixed, add KASSERTs to make sure VAPPEND
is not being used improperly.

Interpret VAPPEND correctly in vaccess_acl_nfs4(9).

Add pieces of infrastructure required for NFSv4 ACL support in UFS.

Reviewed by: rwatson

Add part of NFSv4 ACL kernel support code that is required for the upcoming
libc changes to work. Not connected to the kernel build yet; for now,
it will be compiled into libc.

Reviewed by: rwatson