From: Murray McAllister <mmcallis@redhat.com>
To: russell@coker.com.au
Cc: SE Linux <selinux@tycho.nsa.gov>
Subject: Re: user guide drafts: Maintaining SELinux Labels
Date: Sun, 12 Oct 2008 16:18:39 +1000 [thread overview]
Message-ID: <48F196BF.50102@redhat.com> (raw)
In-Reply-To: <200810112217.15754.russell@coker.com.au>
Russell Coker wrote:
> On Saturday 11 October 2008 15:15, Murray McAllister <mmcallis@redhat.com>
> wrote:
>> When files and directories are copied, the SELinux context of the new
>> file or directory depends on the context of the creating process, and
>> the context of the target, parent directory: the type is inherited from
>> the target, parent directory (unless a type transition rule exists[1]);
>> the SELinux user identity and level are inherited from the creating
>> process; and the role is always object_r, which is a generic role for
>> files. This helps ensure files and directories are labeled with the
>> correct SELinux context after being copied.
>
> I'm not sure how the last sentence is supposed to link with the rest - it
> certainly doesn't correspond to the second-last sentence.
>
> object_r is for future support and also to give a regular format of the
> context for all operations. Note that files under /proc that relate to
> processes have different roles.
>
>> Also, when a file is copied over an existing file, the existing file's
>> context is maintained, unless the user specified cp options to preserve
>> the context of the original file, such as --preserve=context.
>
> Also the -Z option to cp deserves a mention.
I started changing the examples to show cp, cp --preserve=context, and
cp -Z. I had problems with cp -Z on rawhide and fedora 9[1], so I will
leave that out for now.
Cheers.
[1] <https://bugzilla.redhat.com/show_bug.cgi?id=466653>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-10-12 6:19 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <737og9$5vh3i@dmzms99902.na.baesystems.com>
2008-10-09 0:26 ` user guide drafts: Maintaining SELinux Labels Murray McAllister
2008-10-10 12:55 ` Stephen Smalley
2008-10-11 4:15 ` Murray McAllister
2008-10-11 11:17 ` Russell Coker
2008-10-11 23:44 ` Murray McAllister
2008-10-12 2:02 ` Russell Coker
2008-10-14 14:18 ` Stephen Smalley
2008-10-14 19:46 ` Russell Coker
2008-10-14 19:53 ` Stephen Smalley
2008-10-12 6:18 ` Murray McAllister [this message]
2008-10-14 14:15 ` Stephen Smalley
2008-10-15 1:30 ` Murray McAllister
2008-10-15 12:45 ` Stephen Smalley
2008-10-08 17:05 Clarkson, Mike R (US SSA)
-- strict thread matches above, loose matches on Subject: below --
2008-10-08 2:45 Murray McAllister
2008-10-08 14:54 ` Daniel J Walsh
2008-10-08 15:46 ` Glenn Faden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48F196BF.50102@redhat.com \
--to=mmcallis@redhat.com \
--cc=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.