Re: SElinux and its own error code?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 02, 2020 at 11:55:02PM -0400, Jeffrey Walton wrote:
> Hi Guys,
> 
> I lost about four hours chasing inaccurate messages from Apache. It
> turns out SElinux was denying access, so the EPERM was not really
> accurate. But Apache saw EPERM or EACCESS and logged a message related
> to Posix permissions.
> 
> As far as I know Posix does not authorize use of EPERM or EACCESS for
> SElinux. That is, SElinux should not be hijacking the error code.
> 
> I'm wondering why there is no error message for SElinux that would
> allow application to return a specific error when SElinux denies
> access to an object or operation.
> 
> Why does SElinux not have its own error code?

Because it does not need it, you do not have the correct permission to
access that resource, so it fails and tells you that.  All is good, and
posix has nothing to do with it at all, sorry.

greg k-h

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]

  Powered by Linux