From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eduardo Madeira Fleury <efleury@br.ibm.com>
Subject: inotify_rm_watch behavior
Date: Mon, 11 Sep 2006 15:05:24 -0300
Message-ID: <200609111505.24567.efleury@br.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id
	k8BI8bpJ017509
	for <linux-audit@redhat.com>; Mon, 11 Sep 2006 14:08:37 -0400
Received: from igw2.br.ibm.com (igw2.br.ibm.com [32.104.18.25])
	by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id k8BI8VZk029626
	for <linux-audit@redhat.com>; Mon, 11 Sep 2006 14:08:31 -0400
Received: from mailhub1.br.ibm.com (unknown [9.18.232.109])
	by igw2.br.ibm.com (Postfix) with ESMTP id C3D0B13CE6
	for <linux-audit@redhat.com>; Mon, 11 Sep 2006 15:03:12 -0300 (BRT)
Received: from d24av02.br.ibm.com (d24av02.br.ibm.com [9.18.232.47])
	by mailhub1.br.ibm.com (8.13.6/8.13.6/NCO v8.1.1) with ESMTP id
	k8BI7vMq2097166
	for <linux-audit@redhat.com>; Mon, 11 Sep 2006 15:07:57 -0300
Received: from d24av02.br.ibm.com (loopback [127.0.0.1])
	by d24av02.br.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id
	k8BI7vWO020251
	for <linux-audit@redhat.com>; Mon, 11 Sep 2006 15:07:57 -0300
Received: from [9.12.241.126] ([9.12.241.126])
	by d24av02.br.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id
	k8BI7tJt020211
	for <linux-audit@redhat.com>; Mon, 11 Sep 2006 15:07:56 -0300
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Hey all,

I'm doing some tests and currently inotify_rm_watch is not performing any 
permission checks, i.e., an ordinary user can remove a watch set by root on a 
file with root:root 400 permission.

Is this the expected behavior? Seems like neither MAC nor MLS checks are being 
done.

Regards,
-- 
Eduardo M. Fleury
IBM Linux Technology Center Brazil
Mobile: +55-19-81224410
email/sametime: efleury@br.ibm.com