Re: Friendlier EPERM - Request for input

From: Rob Landley
Date: Sat Jan 12 2013 - 02:23:42 EST

On 01/09/2013 10:04:23 AM, Eric Paris wrote:
Getting an EPERM/EACCES in userspace really kinda blows. As a user you
don't have any idea why you got it. It could be SELinux, it could be
rwx bits on the file, it could be a missing capability, it could be an
ACL, it could be who knows what.

Adding SELinux, ACL, and capabilities to systems made them so much easier to comprehend, didn't it? (My definition of "secure" includes understanding what the system is doing. Crazy, I know.)

We'd like to start figuring out the
who knows what and hopefully find a way to expose that to userspace.

Obviously the response to having too many mechanisms doing the same thing (badly) is to add a management interface. Piled higher and deeper.

But maybe those great minds on the lists can help me think of ways to
get Friendlier denials that I haven't thought of. Please. What are you
thoughts, concerns, issues?

-EPERM was about file permissions. For SELinux and disability bits and whatever they're calling OS/2 extended attributes this week you need -EBUREAUCRACY.

Ken Thompson had the insight "files are just a flat sequence of bytes" about the same time he invented subdirectories. Bruce Horn shoehorned icon data into the Lisa filesystem metadata because they hadn't implemented subdirectories yet so they couldn't collate files that way, and apparently standard archive formats like "ELF" and "zip/jar" simply didn't occur to him. (Yes really: ).

Copying Bruce's reversion of Ken's insight because Microsoft blindly copied Apple and now Windows doesn't know how to live without this crutch really doesn't fill me with confidence. Oh well, too late now...


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at