I checked and it looks like append has been a 1 for permission weighting since
the very beginning. But that makes no sense - append lets you write to files.
So this should be a 10.
I changed all instances of append but, honestly, I'm not clear on many of them.
I did verify that if you open a file with O_APPEND and then write to that file
you only need append - you don't need write. Here is my test program:
int main(int argc, char** argv) {
int fd = open("test_file", O_APPEND | O_CREAT | O_WRONLY, S_IRWXU | S_IRWXG);
char buf[256];
ssize_t b = write(fd, buf, 256);
printf("%zd\n", b);
}
Running this in a domain with no permissions shows that we need:
allow lprog user_home_dir_t:file { append create open };
Which is what I expected - but this being wrong for so long made me question
my understanding of how this worked.
I checked and it looks like append has been a 1 for permission weighting since the very beginning. But that makes no sense - append lets you write to files. So this should be a 10.
I changed all instances of append but, honestly, I'm not clear on many of them.
I did verify that if you open a file with O_APPEND and then write to that file you only need append - you don't need write. Here is my test program:
int main(int argc, char** argv) { int fd = open("test_file", O_APPEND | O_CREAT | O_WRONLY, S_IRWXU | S_IRWXG); char buf[256];
ssize_t b = write(fd, buf, 256); printf("%zd\n", b); }
Running this in a domain with no permissions shows that we need:
allow lprog user_home_dir_t:file { append create open };
Which is what I expected - but this being wrong for so long made me question my understanding of how this worked.