[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux - copying ISO file content

On Tue, 2008-10-07 at 14:23 -0400, David P. Quigley wrote:

> I think the main question here is should archive try to retain the
> SELinux context. From what I've heard from people here, initially the
> idea was to try to preserve the context and if that failed fall back to
> labeling based on the parent.

 The context is a permission, it's like saying "when using -a try and
preserve the chmod/ownership/acl value, but if that fails just make a
new one up ... what could possibly go wrong!?".

>  That doesn't seem to be what cp is trying
> to do. If we removed the retain the context part from the archive switch
> of cp you would get labeling based on the parent but then you would be
> required to explicitly specify preserve the context when you wanted to
> archive that as well. 

 We differ from upstream by adding the -c behaviour to -a ... but unless
we want to turn SELinux off that's the right thing to do, IMO.
 The fact that this is another case of "SeLinux telling you in a really
weird way, that what you asked for is wrong" is annoying, but that
doesn't mean we should change what people asked for.

> It doesn't seem like anyone is actually depending on the associate
> permission so it might be worth someone looking into removing it if no
> one is really using it. It has its applications but I don't believe Red
> Hat is using it at this time.


James Antill <james fedoraproject org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]