SElinux and its own error code?

Greg KH greg at kroah.com
Sun May 3 03:45:23 EDT 2020


On Sat, May 02, 2020 at 11:55:02PM -0400, Jeffrey Walton wrote:
> Hi Guys,
> 
> I lost about four hours chasing inaccurate messages from Apache. It
> turns out SElinux was denying access, so the EPERM was not really
> accurate. But Apache saw EPERM or EACCESS and logged a message related
> to Posix permissions.
> 
> As far as I know Posix does not authorize use of EPERM or EACCESS for
> SElinux. That is, SElinux should not be hijacking the error code.
> 
> I'm wondering why there is no error message for SElinux that would
> allow application to return a specific error when SElinux denies
> access to an object or operation.
> 
> Why does SElinux not have its own error code?

Because it does not need it, you do not have the correct permission to
access that resource, so it fails and tells you that.  All is good, and
posix has nothing to do with it at all, sorry.

greg k-h



More information about the Kernelnewbies mailing list