Christian Heimes <[email protected]> added the comment:
> That's interesting. In Linux, for example, I would expect the access()
> and faccessat() system calls to also check mandatory permissions. I
> know from experience that at least the [i]mmutable file attribute is
> checked.
access(2) takes extended file attributes like immutable bit and CAPS into
account. For example it returns True for access("testfile", R_OK) for testfile
with DAC permission 0o000 and process context with CAP_DAC_OVERRIDE. I would
also bet that it handles POSIX ACLs correcty.
But LSM and seccomp are not evaluated by access() -- at least SELinux is not. A
seccomp syscall filter can have a BPF program attached to. It's a powerful
feature that allows filtering and blocking by syscall argument.
$ python3
>>> os.access("testfile", os.R_OK)
True
>>> open("testfile")
Traceback (most recent call last):
...
PermissionError: [Errno 13] Permission denied: 'testfile'
# ausearch -m AVC
...
time->Fri Nov 27 16:14:31 2020
type=AVC msg=audit(1606490071.292:4204): avc: denied { read } for pid=293015
comm="httpd" name="testfile" dev="dm-0" ino=399163
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:testcontext_t:s0 tclass=file permissive=0
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue42481>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
