Updates

Signed-off-by: Umer Saleem <[email protected]>

lib/libzfsacl/zfsacltests/test_nfsv4acl.py

@@ -1,8 +1,391 @@
 import unittest
+import os
+import pwd
+import shutil
 import libzfsacl
 
 
 class TestNFSAcl(unittest.TestCase):
 
-    def test_one_two(self):
-        self.assertEqual(0, 0, b"zero is not equal to zero")
+    ZFS_ACL_STAFF_GROUP = "zfsgrp"
+    ZFS_ACL_STAFF1 = "staff1"
+    ZFS_ACL_STAFF2 = "staff2"
+    ZFS_ACL_STAFF1_UID = 0
+    ZFS_ACL_STAFF2_UID = 0
+    MOUNTPT = "/var/tmp/testdir"
+    TESTPOOL = "testpool"
+    TESTFS = "testfs"
+    TDIR = '/var/tmp/testdir/test'
+    USER_OBJ_PERMSET = libzfsacl.PERM_READ_DATA | libzfsacl.PERM_LIST_DIRECTORY | \
+         libzfsacl.PERM_WRITE_DATA | libzfsacl.PERM_ADD_FILE | libzfsacl.PERM_APPEND_DATA | \
+         libzfsacl.PERM_DELETE_CHILD | libzfsacl.PERM_ADD_SUBDIRECTORY | libzfsacl.PERM_READ_ATTRIBUTES | \
+         libzfsacl.PERM_WRITE_ATTRIBUTES | libzfsacl.PERM_READ_NAMED_ATTRS | libzfsacl.PERM_WRITE_NAMED_ATTRS | \
+         libzfsacl.PERM_READ_ACL | libzfsacl.PERM_WRITE_ACL | libzfsacl.PERM_WRITE_OWNER | libzfsacl.PERM_SYNCHRONIZE
+
+    # Init UIDs for ZFS users
+    def __init__(self, *args, **kwargs):
+        self.ZFS_ACL_STAFF1_UID = pwd.getpwnam(self.ZFS_ACL_STAFF1).pw_uid
+        self.ZFS_ACL_STAFF2_UID = pwd.getpwnam(self.ZFS_ACL_STAFF2).pw_uid
+        super(TestNFSAcl, self).__init__(*args, **kwargs)
+
+    # Test pool ACL type is NFSv4
+    def test_001_pool_acl_type(self):
+        acl = libzfsacl.Acl(path=f"/{self.TESTPOOL}")
+        self.assertEqual(libzfsacl.BRAND_NFSV4, acl.brand, "ACL type is not NFSv4")
+
+    # Test dataset mountpoint ACL type is NFSv4
+    def test_002_fs_acl_type(self):
+        acl = libzfsacl.Acl(path=self.MOUNTPT)
+        self.assertEqual(libzfsacl.BRAND_NFSV4, acl.brand, "ACL type is not NFSv4")
+
+    # Test default ACE count
+    def test_000_default_ace_count(self):
+        acl = libzfsacl.Acl(path=self.MOUNTPT)
+        self.assertEqual(3, acl.ace_count, "Default ace count is not 3")
+
+    # Try to get first ACE
+    def test_000_get_first_ace(self):
+        acl = libzfsacl.Acl(path=self.MOUNTPT)
+        entry0 = acl.get_entry(0)
+        self.assertEqual(0, entry0.idx, "Failed to get first ACE")
+
+    # Try to get last ACE
+    def test_000_get_last_ace(self):
+        acl = libzfsacl.Acl(path=self.MOUNTPT)
+        entry0 = acl.get_entry(acl.ace_count - 1)
+        self.assertEqual(acl.ace_count - 1, entry0.idx, "Failed to get last ACE")
+
+    # Test default USER_OBJ ACE is present
+    def test_000_default_ace_user_obj(self):
+        acl = libzfsacl.Acl(path=self.MOUNTPT)
+        entry0 = acl.get_entry(0)
+        self.assertEqual(0, entry0.idx, "Default ACE 0 idx is not 0")
+        self.assertEqual(libzfsacl.ENTRY_TYPE_ALLOW, entry0.entry_type, "Default ACE 0 is not ENTRY_TYPE_ALLOW")
+        self.assertEqual(0, entry0.flagset, "Default ACE 0 flagset is not NO_INHERIT")
+        self.assertEqual(libzfsacl.WHOTYPE_USER_OBJ, entry0.who[0], "ACE 0 who type is not USER_OBJ")
+        #self.assertEqual(self.USER_OBJ_PERMSET, entry0.permset, "Default ACE 0 permset does not match USER_OBJ_PERMSET"
+
+    # Test default GROUP_OBJ ACE is present
+    def test_000_default_ace_group_obj(self):
+        acl = libzfsacl.Acl(path=self.MOUNTPT)
+        entry1 = acl.get_entry(1)
+        self.assertEqual(1, entry1.idx, "Default ACE 1 idx is not 1")
+        self.assertEqual(libzfsacl.ENTRY_TYPE_ALLOW, entry1.entry_type, "Default ACE 1 is not ENTRY_TYPE_ALLOW")
+        #self.assertEqual(0, entry1.flagset, "Default ACE 1 flagset is not NO_INHERIT")
+        self.assertEqual(libzfsacl.WHOTYPE_GROUP_OBJ, entry1.who[0], "ACE 1 who type is not GROUP_OBJ")
+
+    # Test default EVERYONE ACE is present
+    def test_000_default_ace_everyone(self):
+        acl = libzfsacl.Acl(path=self.MOUNTPT)
+        entry2 = acl.get_entry(2)
+        self.assertEqual(2, entry2.idx, "Default ACE 2 idx is not 1")
+        self.assertEqual(libzfsacl.ENTRY_TYPE_ALLOW, entry2.entry_type, "Default ACE 2 is not ENTRY_TYPE_ALLOW")
+        self.assertEqual(0, entry2.flagset, "Default ACE 2 flagset is not NO_INHERIT")
+        self.assertEqual(libzfsacl.WHOTYPE_EVERYONE, entry2.who[0], "ACE 2 who type is not EVERYONE")
+
+    # Test an ACE can be appended
+    def test_000_append_an_ace(self):
+        os.makedirs(self.TDIR)
+        dacl = libzfsacl.Acl(path=self.TDIR)
+        orig_cnt = dacl.ace_count
+        newEntry = dacl.create_entry()
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        dacl.setacl(path=self.TDIR)
+        new_cnt = libzfsacl.Acl(path=self.TDIR).ace_count
+        self.assertEqual(orig_cnt + 1, new_cnt, "Failed to add an ace")
+        os.rmdir(self.TDIR)
+
+    # Test an ACE can be prepended
+    def test_000_prepend_an_ace(self):
+        os.makedirs(self.TDIR)
+        dacl = libzfsacl.Acl(path=self.TDIR)
+        orig_cnt = dacl.ace_count
+        newEntry = dacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        dacl.setacl(path=self.TDIR)
+        new_cnt = libzfsacl.Acl(path=self.TDIR).ace_count
+        self.assertEqual(orig_cnt + 1, new_cnt, "Failed to add an ace")
+        os.rmdir(self.TDIR)
+
+    # Test DENY ace can be set
+    def test_000_add_ace_set_entry_type_deny(self):
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_DENY
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        tdacl.setacl(path=self.TDIR)
+        tdacl_entry0 = libzfsacl.Acl(path=self.TDIR).get_entry(0)
+        self.assertEqual(libzfsacl.ENTRY_TYPE_DENY, tdacl_entry0.entry_type, "Failed to add an ACE on mountpoint")
+        os.rmdir(self.TDIR)
+
+    # Test ALLOW ace can be set
+    def test_000_add_ace_set_entry_type_allow(self):
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        tdacl.setacl(path=self.TDIR)
+        tdacl_entry0 = libzfsacl.Acl(path=self.TDIR).get_entry(0)
+        self.assertEqual(libzfsacl.ENTRY_TYPE_ALLOW, tdacl_entry0.entry_type, "Failed to add an ACE on mountpoint")
+        os.rmdir(self.TDIR)
+
+    # Test adding an ACE works on mountpoint
+    def test_003_add_ace_mountpoint(self):
+        mpacl = libzfsacl.Acl(path=self.MOUNTPT)
+        orig_cnt = mpacl.ace_count
+        newEntry = mpacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = 0
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        mpacl.setacl(path=self.MOUNTPT)
+        self.assertEqual(orig_cnt + 1, mpacl.ace_count, "Failed to add an ACE on mountpoint")
+
+    # Test removing an ACE works on mountpoint
+    def test_004_remove_ace_mountpoint(self):
+        mpacl = libzfsacl.Acl(path=self.MOUNTPT)
+        orig_cnt = mpacl.ace_count
+        mpacl.delete_entry(0)
+        self.assertEqual(orig_cnt - 1, mpacl.ace_count, "Failed to delete an ACE from mountpoint")
+
+    # Test adding an ACE works on a directory
+    def test_005_add_ace_dir(self):
+        os.makedirs(self.TDIR)
+        dacl = libzfsacl.Acl(path=self.TDIR)
+        orig_cnt = dacl.ace_count
+        newEntry = dacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = 0
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        dacl.setacl(path=self.TDIR)
+        self.assertEqual(orig_cnt + 1, dacl.ace_count, "Failed to add an ACE on a directory")
+
+    # Test removing an ace from a directory
+    def test_006_remove_ace_dir(self):
+        dacl = libzfsacl.Acl(path=self.TDIR)
+        orig_cnt = dacl.ace_count
+        dacl.delete_entry(0)
+        new_cnt = dacl.ace_count
+        self.assertEqual(orig_cnt - 1, new_cnt, "Failed to delete an ACE from a directory")
+        os.rmdir(self.TDIR)
+
+    # Test adding an ACE to a file
+    def test_007_add_ace_file(self):
+        tfile = f'{self.MOUNTPT}/test.txt'
+        with open(tfile, 'w'):
+            pass
+        facl = libzfsacl.Acl(path=tfile)
+        orig_cnt = facl.ace_count
+        newEntry = facl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = 0
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        facl.setacl(path=tfile)
+        self.assertEqual(orig_cnt + 1, facl.ace_count, "Failed to add an ACE to a file")
+
+    # Test removing an ace from a file
+    def test_008_remove_ace_file(self):
+        tfile = f'{self.MOUNTPT}/test.txt'
+        facl = libzfsacl.Acl(path=tfile)
+        orig_cnt = facl.ace_count
+        facl.delete_entry(0)
+        new_cnt = facl.ace_count
+        self.assertEqual(orig_cnt - 1, new_cnt, "Failed to delete an ACE from a file")
+        os.remove(tfile)
+
+    # Test a flag can be set on file
+    def test_098_basic_flagset(self):
+        tfile = f'{self.MOUNTPT}/test.txt'
+        with open(tfile, 'w'):
+            pass
+        facl = libzfsacl.Acl(path=tfile)
+        newEntry = facl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = 0
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        facl.setacl(path=tfile)
+        facl = libzfsacl.Acl(path=tfile)
+        facl_entry0 = facl.get_entry(0)
+        self.assertEqual(facl_entry0.flagset, 0, "Failed to set basic flagset")
+        os.remove(tfile)
+
+    # Test multiple flags can be set on directory
+    def test_099_advanced_flagset(self):
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        adv_flags = libzfsacl.FLAG_FILE_INHERIT | libzfsacl.FLAG_DIRECTORY_INHERIT | libzfsacl.FLAG_NO_PROPAGATE_INHERIT | libzfsacl.FLAG_INHERIT_ONLY
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = adv_flags
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        tdacl.setacl(path=self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        tdacl_entry0 = tdacl.get_entry(0)
+        self.assertEqual(tdacl_entry0.flagset, adv_flags, "FLAG_INHERITED is set by default.")
+        os.rmdir(self.TDIR)
+
+    # Test no inherited ace is present by default
+    def test_100_flagset_no_inherited_ace_by_default(self):
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        not_inherited = 0
+        for i in range(tdacl.ace_count):
+            if tdacl.get_entry(i).flagset & libzfsacl.FLAG_INHERITED == 0:
+                not_inherited += 1
+        self.assertEqual(not_inherited, tdacl.ace_count, "FLAG_INHERITED is set by default.")
+        os.rmdir(self.TDIR)
+
+    # Test FILE_INHERIT flag functions correctly
+    def test_101_flagset_file_inherit(self):
+        tfile = f'{self.TDIR}/test_file.txt'
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = newEntry.flagset | libzfsacl.FLAG_FILE_INHERIT
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        tdacl.setacl(path=self.TDIR)
+        with open(tfile, 'w'):
+            pass
+        tfacl = libzfsacl.Acl(path=tfile)
+        tfacl_entry0 = tfacl.get_entry(0)
+        self.assertEqual(libzfsacl.FLAG_INHERITED, tfacl_entry0.flagset, "libzfsacl.FLAG_INHERITED is not set")
+        shutil.rmtree(self.TDIR)
+
+    # Test DIRECTORY_INHERIT functions correctly
+    def test_102_flagset_directory_inherit(self):
+        tddir = f'{self.TDIR}/test_dir'
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = newEntry.flagset | libzfsacl.FLAG_DIRECTORY_INHERIT
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        tdacl.setacl(path=self.TDIR)
+        os.makedirs(tddir)
+        tfacl = libzfsacl.Acl(path=tddir)
+        tfacl_entry0 = tfacl.get_entry(0)
+        self.assertEqual(libzfsacl.FLAG_INHERITED | libzfsacl.FLAG_DIRECTORY_INHERIT, tfacl_entry0.flagset, "libzfsacl.FLAG_DIRECTORY_INHERIT is not set")
+        shutil.rmtree(self.TDIR)
+
+    # Test NO_PROPAGATE_INHERIT functions correctly
+    def test_103_flagset_no_propagate_inherit(self):
+        tddir = f'{self.TDIR}/test_dir'
+        ttdir = f'{tddir}/test'
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = newEntry.flagset | libzfsacl.FLAG_DIRECTORY_INHERIT | libzfsacl.FLAG_NO_PROPAGATE_INHERIT
+        newEntry.permset = libzfsacl.PERM_READ_DATA
+        tdacl.setacl(path=self.TDIR)
+        os.makedirs(tddir)
+        os.makedirs(ttdir)
+        ttdacl = libzfsacl.Acl(path=ttdir)
+        not_inherited = 0
+        for i in range(ttdacl.ace_count):
+            if ttdacl.get_entry(i).flagset & libzfsacl.FLAG_INHERITED == 0:
+                not_inherited += 1
+        self.assertEqual(ttdacl.ace_count, not_inherited, "libzfsacl.FLAG_NO_PROPAGATE_INHERIT is not functioning properly")
+        shutil.rmtree(self.TDIR)
+
+    # Test INHERIT_ONLY flag behavior on dirs, if DIRECTORY_INHERIT was
+    # set with INHERIT_ONLY, it is removed from child dirs. If not,
+    # INHERIT_ONLY should be set on shild dirs.
+    def test_flagset_inherit_only_dir(self):
+        tddir = f'{self.TDIR}/test_dir'
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = libzfsacl.FLAG_DIRECTORY_INHERIT | libzfsacl.FLAG_FILE_INHERIT | libzfsacl.FLAG_INHERIT_ONLY
+        newEntry.permset = libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA
+        tdacl.setacl(path=self.TDIR)
+        os.makedirs(tddir)
+        tddacl = libzfsacl.Acl(path=tddir)
+        tdentry0 = tddacl.get_entry(0)
+        tflags = libzfsacl.FLAG_DIRECTORY_INHERIT | libzfsacl.FLAG_FILE_INHERIT | libzfsacl.FLAG_INHERITED
+        self.assertEqual(tdentry0.idx, 0, "Idx of inherited ACE at index 0 should be 0")
+        self.assertEqual(tdentry0.entry_type, libzfsacl.ENTRY_TYPE_ALLOW, "Inherited ACE at index 0 should be of type allow")
+        self.assertEqual(tdentry0.who, (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID), "Inherited ACE who is not correct")
+        self.assertEqual(tdentry0.flagset, tflags, "Flagset on inherited ACE are not correct")
+        self.assertEqual(tdentry0.permset, libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA, "Permse of inherited ACE at index 0 are not correct")
+        os.rmdir(tddir)
+        tdacl.delete_entry(0)
+        tdacl.setacl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = libzfsacl.FLAG_FILE_INHERIT | libzfsacl.FLAG_INHERIT_ONLY
+        newEntry.permset = libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA
+        tdacl.setacl(path=self.TDIR)
+        os.makedirs(tddir)
+        tddacl = libzfsacl.Acl(path=tddir)
+        tdentry0 = tddacl.get_entry(0)
+        tflags = libzfsacl.FLAG_FILE_INHERIT | libzfsacl.FLAG_INHERITED | libzfsacl.FLAG_INHERIT_ONLY
+        self.assertEqual(tdentry0.idx, 0, "Idx of inherited ACE at index 0 should be 0")
+        self.assertEqual(tdentry0.entry_type, libzfsacl.ENTRY_TYPE_ALLOW, "Inherited ACE at index 0 should be of type allow")
+        self.assertEqual(tdentry0.who, (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID), "Inherited ACE who is not correct")
+        self.assertEqual(tdentry0.flagset, tflags, "Flagset on inherited ACE are not correct")
+        self.assertEqual(tdentry0.permset, libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA, "Permse of inherited ACE at index 0 are not correct")
+        shutil.rmtree(self.TDIR)
+
+    # Test INHERIT_ONLY flag behavior on files, ACE should be inheritted
+    def test_flagset_inherit_only_file(self):
+        tfile = f'{self.TDIR}/test.txt'
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = libzfsacl.FLAG_DIRECTORY_INHERIT | libzfsacl.FLAG_FILE_INHERIT | libzfsacl.FLAG_INHERIT_ONLY
+        newEntry.permset = libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA
+        tdacl.setacl(path=self.TDIR)
+        with open(tfile, 'w'):
+            pass
+        tfacl = libzfsacl.Acl(path=tfile)
+        tfentry0 = tfacl.get_entry(0)
+        self.assertEqual(tfentry0.idx, 0, "Idx of inherited ACE at index 0 should be 0")
+        self.assertEqual(tfentry0.entry_type, libzfsacl.ENTRY_TYPE_ALLOW, "Inherited ACE at index 0 should be of type allow")
+        self.assertEqual(tfentry0.who, (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID), "Inherited ACE who is not correct")
+        self.assertEqual(tfentry0.flagset, libzfsacl.FLAG_INHERITED, "Flagset on inherited ACE are not correct")
+        self.assertEqual(tfentry0.permset, libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA, "Permse of inherited ACE at index 0 are not correct")
+        shutil.rmtree(self.TDIR)
+
+    # Test INHERIT_ONLY flag with NO_PROPAGATE_INHERIT, ACE should be
+    # inherited but inheritance flags should be removed
+    def test_flagset_no_propagate_dir(self):
+        tddir = f'{self.TDIR}/test_dir'
+        os.makedirs(self.TDIR)
+        tdacl = libzfsacl.Acl(path=self.TDIR)
+        newEntry = tdacl.create_entry(0)
+        newEntry.entry_type = libzfsacl.ENTRY_TYPE_ALLOW
+        newEntry.who = (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID)
+        newEntry.flagset = libzfsacl.FLAG_DIRECTORY_INHERIT | libzfsacl.FLAG_INHERIT_ONLY | libzfsacl.FLAG_NO_PROPAGATE_INHERIT
+        newEntry.permset = libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA
+        tdacl.setacl(path=self.TDIR)
+        os.makedirs(tddir)
+        tddacl = libzfsacl.Acl(path=tddir)
+        tdentry0 = tddacl.get_entry(0)
+        self.assertEqual(tdentry0.idx, 0, "Idx of inherited ACE at index 0 should be 0")
+        self.assertEqual(tdentry0.entry_type, libzfsacl.ENTRY_TYPE_ALLOW, "Inherited ACE at index 0 should be of type allow")
+        self.assertEqual(tdentry0.who, (libzfsacl.WHOTYPE_USER, self.ZFS_ACL_STAFF1_UID), "Inherited ACE who is not correct")
+        self.assertEqual(tdentry0.flagset, libzfsacl.FLAG_INHERITED, "Flagset on inherited ACE are not correct")
+        self.assertEqual(tdentry0.permset, libzfsacl.PERM_READ_DATA | libzfsacl.PERM_WRITE_DATA, "Permse of inherited ACE at index 0 are not correct")
+        os.rmdir(tddir)
+
+
+
+