No more selinux-policy-*-sources
Stephen Smalley
sds at tycho.nsa.gov
Wed Mar 15 14:26:26 UTC 2006
On Tue, 2006-03-14 at 16:03 -0600, Chris Adams wrote:
> Once upon a time, Ivan Gyurdiev <ivg2 at cornell.edu> said:
> > cp has supported selinux for quite some time now.
>
> The fact that it "supports" SELinux by adding a new option doesn't
> really help. People know "cp -p" to preserve ownership and permissions,
> but you have to use (the annoyingly verbose) "cp --preserve=all" to get
> SELinux attributes.
cp -c is the short form for preserving security contexts. It was kept
separate from the default behavior for -p because there are definitely
cases where an application is allowed to set owner/mode on a file but
_not_ necessarily allowed to set a given security label on that file.
Thus, pushing those semantics into the default behavior of -p would
ultimately lead to breaking existing users of cp -p. Not saying that
the coreutils SELinux integration couldn't stand improvement, but there
was a reason why they were kept separate, and that was discussed on the
public lists I believe.
--
Stephen Smalley
National Security Agency
More information about the fedora-devel-list
mailing list