SElinux and its own error code?
Jeffrey Walton
noloader at gmail.com
Sat May 2 23:55:02 EDT 2020
Hi Guys,
I lost about four hours chasing inaccurate messages from Apache. It
turns out SElinux was denying access, so the EPERM was not really
accurate. But Apache saw EPERM or EACCESS and logged a message related
to Posix permissions.
As far as I know Posix does not authorize use of EPERM or EACCESS for
SElinux. That is, SElinux should not be hijacking the error code.
I'm wondering why there is no error message for SElinux that would
allow application to return a specific error when SElinux denies
access to an object or operation.
Why does SElinux not have its own error code?
More information about the Kernelnewbies
mailing list