Eduardo Madeira Fleury wrote: [Mon Sep 11 2006, 02:05:24PM EDT] > I'm doing some tests and currently inotify_rm_watch is not performing any > permission checks, i.e., an ordinary user can remove a watch set by root on a > file with root:root 400 permission. > > Is this the expected behavior? Seems like neither MAC nor MLS checks are > being > done.
Yes. As I understand it, an inotify watch is not a data object, and so does not require DAC or MAC checks. Amy -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
