Re: Tar storage of SELinux context, translated or not

[Paul Moore <paul.moore@hp.com>]

On Wednesday, January 10 2007 11:53 am, James Antill wrote:
>  As some of you know, I have done patches to make GNUtar able to
> save/restore ACLs, SELinux context and generic user xattrs. I've
> recently had to fixup the ACL support for compatibility with star etc.,
> and for a couple of reasons that got me thinking about the SELinux
> support as well.
>
>  I had originally decided that the SELinux security context should be
> stored in translated form, Ie. getfilecon => tar => setfilecon, my
> thinking was that if you want to store something over a long period this
> is the better format ... but as I think more about it now I'm not 100%
> convinced (for instance, AIUI ipsec etc. uses raw format to distribute
> context between machines).
>  With the current changes, this is a great time to change it (but I
> really, really, don't want to have an option either way) ... if we want
> to. So should I change it to non-translated?

Regardless of what the tar command does, you could always have the tarfile 
format allow either (store both the context string as well as a flag 
indicating if the context was translated).  This way if things change down 
the road all the existing tar files are still valid.

-- 
paul moore
linux security @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.