:: [devuan-dev] bug#498: Bug#966343: b…
Etusivu
Tämä viesti kuuluu seuraavaan säikeeseen:
MNäytä säikeen viestit aikajärjestyksessä
MSamuel Thibault <-
MAurelien Jarno ->
Poista viesti
Vastaa
Lähettäjä: Alessandro Vesely
Päiväys:  
Vastaanottaja: 966343
Kopio: 498
Aihe: [devuan-dev] bug#498: Bug#966343: bug#498: libc6: Permission denied, intermittent in execve
On Mon, 27 Jul 2020 12:13:44 +0200 Samuel Thibault <sthibault@???> wrote:
> Alessandro Vesely, le lun. 27 juil. 2020 11:47:34 +0200, a ecrit:
> > So this turns out to be a documentation bug. The execve man page should mention that EACCESS can result as an (unforeseen) apparmor impediment.
>
> Well, basically all system calls would then need this...


Yeah, likely. How many man pages have snippets like "[...] denied for one of the directories in the path [...]"?

Yet, considering the following examples, they seem to have been written manually rather than resorting to some sort of script: 


       EACCES The requested access to the file is not allowed, or search permission is denied for one of the directories in the  path
              prefix  of  pathname, or the file did not exist yet and write access to the parent directory is not allowed.  (See also
              path_resolution(7).)


       EACCES Search permission is denied on a component of the path prefix of filename or the name of a  script  interpreter.   (See
              also path_resolution(7).)


       EACCES Write access to the directory containing newpath is denied, or search permission is denied for one of  the  directories
              in the path prefix of oldpath or newpath.  (See also path_resolution(7).)


       EACCES Search permission is denied for a component of the path prefix, or the named file is not writable by  the  user.
              (See also path_resolution(7).)


       EACCES Search permission is denied on a component of the path prefix.  (See also path_resolution(7).)



Philip Couling commented that the man page /could/ mention security extensions since they are prevelent. See:
https://unix.stackexchange.com/questions/600174/identical-execve-causes-permission-denied-for-one-program-but-not-another/600529#comment1121270_600529

For execve, for example, one could add that permissions are not derived from file flags only. For example:

OLD: 

       EACCES Execute permission is denied for the file or a script or ELF interpreter.


NEW: 

       EACCES Execute permission for the file or a script or ELF interpreter is denied either by flags or by security modules.



Would that be correct? Do all "DENIED" operations result in EACCES? And what do other security modules do? Hmm... Starting to document that mess from the point of view of programs getting such failure codes would allow better logging and better troubleshooting.


Best
Ale
Viesti on lähetetty seuraaville postituslistoille:
devuan-dev
Tietoa listasta | Läheiset viestit		<-[devuan-dev] bug#498: Bug#966343: bug#498: libc6: Permission denied, intermittent in execve[devuan-dev] bug#499: Smokeping service unable to stop/restart->

Donate to Dyne.org

dyne.org open discussions
ylläpitäjä dyne.org hackers		Lurker (versio 2.3)