This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Friendlier EPERM.


On 01/08/2013 06:57 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Traditionally, if a process attempts a forbidden  operation, errno for that
thread is set to EACCES or EPERM, and a call to strerror() returns a localized
version of "Permission Denied" or "Operation not permitted". This string
appears throughout textual uis and syslogs. For example, it will show up in
command-line tools, in exceptions within scripting languages, etc.

There are an increasing number of ways in which you can fail to have
permission to do something:

     classic POSIX discretionary access controls
     Linux security modules (e.g. SELinux mandatory access controls)
     capabilities
     seccomp denials
     ...

As we continue to add mechanisms for the Kernel to deny permissions, the
Administrator/User is faced with just a message that says "Permission Denied"
Then if the administrator is lucky enough or skilled enough to know where to
look, he might be able to understand why the process was denied access.

In Fedora we had an idea about making it possible for strerror() to contain
richer information about permissions failures.

See:
   https://fedoraproject.org/wiki/Features/FriendlyEPERM

We would like to open up discussion about this with the glibc developers to
see what they think of the idea before opening it up to a larger community.

How does this sound from a glibc perspective?


I like the idea but don't think we should restrict the interface to EPERM/EACCES only. Other error conditions could use the same framework. EPERM might be the first to use it and show us whether it works but the framework needs to be extensible.

Andreas
--
 Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
  SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
   GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
    GPG fingerprint = 93A3 365E CE47 B889 DF7F  FED1 389A 563C C272 A126


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]