Re: SElinux and its own error code?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 03, 2020 at 03:59:22AM -0400, Jeffrey Walton wrote:
> > Among other things, it means that programs potentially have to have
> > special-casing in the error handlers, which are *already* code that doesn't
> > get fully tested in most cases.
> 
> Why is that a bad thing?

The goal is to not break existing userspace programs.  If the kernel
started making up new error numbers for every new way it comes up with
preventing you from doing something, userspace programs would not like
that at all.

> SElinux is an addon. I have no problem checking for seerrno or ESEPERM
> for its specific errors.

And do you want to check for all of the other different security models
that Valdis listed?  What about the 10 new ones that are coming in the
next 2 years?  After that?

All that matters to your program is you were not allowed access to that
resource, it doesn't matter what type of kernel feature/option caused
that to happen.

thanks,

greg k-h

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]

  Powered by Linux