Hi, > Hmm, a question on behavior. > > Let's say hallyn_t is allowed to write /var (var_t), but not to do > getattr on /var/secret_process_is_running (secret_t). If hallyn_t > does ls /var/secret_process_is_running, he gets -ENOENT, but what > should he get if he does 'touch /var/secret_process_is_running'? > -EPERM obviously leaks information... In my implementation, -ENOENT can be returned if he tries to create new file with same name as existing unauthorized files. Becase resolving filename is done before DAC permission checking, and security_inode_lookup() is called inside path_walk(). (security_inode_permission() is called _after_ DAC permission checking.) But I'm still thinking what is appropriate error code... # I don't know whether it's true or not. I've heard that commercial Trusted OS # creates a new file in separated namespace on such a situation. # But it's obviously out of the scope of SELinux, I think. Thanks, -- KaiGai Kohei <kaigai@private>
This archive was generated by hypermail 2.1.3 : Sun Jan 01 2006 - 21:58:29 PST