On Thu, 2008-01-24 at 10:48 -0800, Steve G wrote: > > I would like to propose that we add one or more avc's to deal with > > opening a file. open or open_read open_write. > > > There are situations where apps should only do an open_append to make sure they don't erase anything. syslog, auditd, apache are a few apps that come to mind. Just to clarify: - SELinux already distinguishes append vs. write (checks append permission if opened with O_APPEND and checks write if you later try to clear via fcntl). - I only expect us to add a single "open" permission to control whether a process can directly open a given file at all, not distinct "open_read", "open_write", "open_append" permissions. The usual read/write/append permissions will still get checked, both at open time and upon inheritance/transfer (and rechecked on read/write if the process or file label has changed or the policy has changed), but those are separate checks. The purpose of the new "open" check being proposed is to allow the policy writer to distinguish direct open of a file from inheriting it from another process. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
