Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Daniel J Walsh <dwalsh <at> redhat.com>
Subject: Friendlier EPERM.
Newsgroups: gmane.comp.lib.glibc.alpha
Date: Tuesday 8th January 2013 17:57:53 UTC (over 4 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Traditionally, if a process attempts a forbidden  operation, errno for that
thread is set to EACCES or EPERM, and a call to strerror() returns a
localized
version of "Permission Denied" or "Operation not permitted". This string
appears throughout textual uis and syslogs. For example, it will show up in
command-line tools, in exceptions within scripting languages, etc.

There are an increasing number of ways in which you can fail to have
permission to do something:

    classic POSIX discretionary access controls
    Linux security modules (e.g. SELinux mandatory access controls)
    capabilities
    seccomp denials
    ...

As we continue to add mechanisms for the Kernel to deny permissions, the
Administrator/User is faced with just a message that says "Permission
Denied"
Then if the administrator is lucky enough or skilled enough to know where
to
look, he might be able to understand why the process was denied access.

In Fedora we had an idea about making it possible for strerror() to contain
richer information about permissions failures.

See:
  https://fedoraproject.org/wiki/Features/FriendlyEPERM

We would like to open up discussion about this with the glibc developers to
see what they think of the idea before opening it up to a larger community.

How does this sound from a glibc perspective?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDsXiEACgkQrlYvE4MpobPvMACePXz74Xl8mzCPHUdu7izTqVZi
pwQAn2XoAHjosU/LuqTqkkcPhTCo8QIw
=1FBv
-----END PGP SIGNATURE-----
 
CD: 3ms