NAS-130475 / 24.10 / Change field name for bypassing ACL validation

src/middlewared/middlewared/plugins/filesystem_/acl.py

@@ -590,7 +590,7 @@ def setacl_nfs4(self, job, data):
             self._strip_acl_nfs4(path)
 
         else:
-            if not options['skip_execute_check']:
+            if options['validate_effective_acl']:
                 uid_to_check = current_acl['uid'] if uid == -1 else uid
                 gid_to_check = current_acl['gid'] if gid == -1 else gid
 
@@ -746,7 +746,7 @@ def setacl_posix1e(self, job, data):
             )
 
         if not do_strip:
-            if not options['skip_execute_check']:
+            if options['validate_effective_acl']:
                 try:
                     # check execute on parent paths
                     uid_to_check = current_acl['uid'] if uid == -1 else uid
@@ -869,7 +869,7 @@ def setacl_posix1e(self, job, data):
                 Bool('recursive', default=False),
                 Bool('traverse', default=False),
                 Bool('canonicalize', default=True),
-                Bool('skip_execute_check', default=False)
+                Bool('validate_effective_acl', default=True)
             )
         ), roles=['FILESYSTEM_ATTRS_WRITE'], audit='Filesystem set ACL', audit_extended=lambda data: data['path']
     )

src/middlewared/middlewared/plugins/pool_/dataset.py

@@ -793,10 +793,12 @@ async def do_create(self, app, data):
         created_ds = await self.get_instance(data['id'])
 
         if acl_to_set:
+            # We're potentially auto-inheriting an ACL containing nested
+            # security groups and so we need to skip the ACL validation
             acl_job = await self.middleware.call('filesystem.setacl', {
                 'path': mountpoint,
                 'dacl': acl_to_set,
-                'options': {'skip_execute_check': True}
+                'options': {'validate_effective_acl': False}
             })
             await acl_job.wait(raise_error=True)