← Back to team overview

kernel-packages team mailing list archive

[Bug 1220713] [NEW] Provide LSM hook for access()

 

Public bug reported:

Currently one cannot use access() to see if the call would be blocked by
the LSM. It would be nice if this was in place so application developers
could use a standard method to determine access instead of resorting to
looking up sandbox variables or trying to open files in multiple ways
and falling back. For example, online accounts may want to open the
accounts.db database as read/write if the process is unconfined and
read-only otherwise. Currently it is trying to open read/write and
falling back to read-only; having access() available to say what the LSM
would do would be helpful.

** Affects: linux (Ubuntu)
     Importance: Medium
     Assignee: Ubuntu Security Team (ubuntu-security)
         Status: Triaged

** Affects: linux (Ubuntu T-series)
     Importance: Undecided
         Status: New


** Tags: bot-stop-nagging

** Also affects: linux (Ubuntu T-series)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1220713

Title:
  Provide LSM hook for access()

Status in “linux” package in Ubuntu:
  Triaged
Status in “linux” source package in t-series:
  New

Bug description:
  Currently one cannot use access() to see if the call would be blocked
  by the LSM. It would be nice if this was in place so application
  developers could use a standard method to determine access instead of
  resorting to looking up sandbox variables or trying to open files in
  multiple ways and falling back. For example, online accounts may want
  to open the accounts.db database as read/write if the process is
  unconfined and read-only otherwise. Currently it is trying to open
  read/write and falling back to read-only; having access() available to
  say what the LSM would do would be helpful.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1220713/+subscriptions


Follow ups

References