Provide LSM hook for access()

Bug #1220713 reported by Jamie Strandboge on 2013-09-04
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Ubuntu Security Team
Trusty
Medium
Unassigned

Bug Description

Currently one cannot use access() to see if the call would be blocked by the LSM. It would be nice if this was in place so application developers could use a standard method to determine access instead of resorting to looking up sandbox variables or trying to open files in multiple ways and falling back. For example, online accounts may want to open the accounts.db database as read/write if the process is unconfined and read-only otherwise. Currently it is trying to open read/write and falling back to read-only; having access() available to say what the LSM would do would be helpful.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers