whyno check pipeline
eight check layers run unconditionally, outermost first — no short-circuiting
components
- process mount
checks mount options: read-only blocks writes, noexec blocks execution
checks/mount.rsfs/namespace.c - process fsflags
checks filesystem flags: immutable (chattr +i) and append-only (chattr +a)
checks/fsflags.rsfs/namei.c - process traversal
checks execute permission on every ancestor from / to parent
checks/traversal.rslink_path_walk - process dac
standard unix permission check: owner/group/other bits, sticky bit, capability-aware override
checks/dac.rsgeneric_permission - process acl
posix.1e acl evaluation: userobj → named user → group → other with mask
checks/acl.rsposix_acl_permission - process metadata
ownership and capability checks for chmod, chown-uid, chown-gid, setxattr — implements setattr_prepare semantics. skipped (pass) for non-metadata operations.
checks/metadata.rsfs/attr.c - process selinux
mandatory access control via selinux avc — pure function over pre-gathered state. requires --features selinux. degraded when state not gathered.
checks/selinux.rsstate/mac.rs - process apparmor
profile-based mandatory access control — pure function over pre-gathered state. requires --features apparmor. degraded when state not gathered.
checks/apparmor.rsstate/mac.rs