kernelnewbies.kernelnewbies.org archive mirror
 help / color / mirror / Atom feed
From: Greg KH <greg@kroah.com>
To: Jeffrey Walton <noloader@gmail.com>
Cc: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>,
	kernelnewbies <kernelnewbies@kernelnewbies.org>
Subject: Re: SElinux and its own error code?
Date: Sun, 3 May 2020 11:18:45 +0200	[thread overview]
Message-ID: <20200503091845.GA569162@kroah.com> (raw)
In-Reply-To: <CAH8yC8nOkP8wXa_-wvPjZrWcqq_ZDmR2GUrK2ow-g8kWPEx1bA@mail.gmail.com>

On Sun, May 03, 2020 at 03:59:22AM -0400, Jeffrey Walton wrote:
> > Among other things, it means that programs potentially have to have
> > special-casing in the error handlers, which are *already* code that doesn't
> > get fully tested in most cases.
> 
> Why is that a bad thing?

The goal is to not break existing userspace programs.  If the kernel
started making up new error numbers for every new way it comes up with
preventing you from doing something, userspace programs would not like
that at all.

> SElinux is an addon. I have no problem checking for seerrno or ESEPERM
> for its specific errors.

And do you want to check for all of the other different security models
that Valdis listed?  What about the 10 new ones that are coming in the
next 2 years?  After that?

All that matters to your program is you were not allowed access to that
resource, it doesn't matter what type of kernel feature/option caused
that to happen.

thanks,

greg k-h

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

  reply	other threads:[~2020-05-03  9:19 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-03  3:55 SElinux and its own error code? Jeffrey Walton
2020-05-03  7:45 ` Greg KH
2020-05-03  7:50 ` Valdis Klētnieks
2020-05-03  7:59   ` Jeffrey Walton
2020-05-03  9:18     ` Greg KH [this message]
2020-05-03 16:02 ` Bernd Petrovitsch

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200503091845.GA569162@kroah.com \
    --to=greg@kroah.com \
    --cc=kernelnewbies@kernelnewbies.org \
    --cc=noloader@gmail.com \
    --cc=valdis.kletnieks@vt.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).