Object modes to be RX, not RWX #292
Replies: 3 comments 1 reply
-
|
IMO, from a user's perspective, i.e. the man (or sysadmin) on the street's perspective, I believe the RX convention will not be obvious. It would require a bit of tribal knowledge of fapolicyd to know that writes are not considered. Possibly RWX with the 'W' in light gray or some other low contrast color to function as a placeholder, and a note at the bottom to the pane to communicate that write operations are not analyzed/considered by fapolicyd. |
Beta Was this translation helpful? Give feedback.
-
|
@tparchambault, that's an interesting idea. I've converted this issue over to a discussion, so it can be debated a bit more. |
Beta Was this translation helpful? Give feedback.
-
|
@scholarsmate I brought up the convention because the familiar "RWX" grouping by itself implies a context to the intended user demographic for quickly grokking what the "Mode" column represents. If 'W' is always permitted (which it is) then using the traditional 'RWX' triplet can be one less thing to interpret in a sea (!) of new symbolic conventions, e.g. "ST/AT/U", "A/D" even with the non-varying "W." Or at minimum, provide a dash in the write field, and pop-up help in the column header to explain the situation. |
Beta Was this translation helpful? Give feedback.
-
|
This is now mapped directly to the fapolicyd perm |
Beta Was this translation helpful? Give feedback.
-
fanotify, and by extension, fapolicyd, only cares about if a file is being opened for reading, executing or either reading or executing (any). It does not consider write mode. So the possible states are:
Allow Read
Allow eXecute
Allow any Read or eXexcute
Beta Was this translation helpful? Give feedback.
All reactions