ls in Debian/Unstable

ls in Debian/Unstable

[Russell Coker]

unstable0:~/coreutils-6.10# ls -l /
total 158
drwxr-xr-x+  2 root root  4096 2008-03-25 10:02 bin
drwxr-xr-x+  6 root root  1024 2008-03-21 12:30 boot
drwxr-xr-x+ 16 root root  3700 2008-03-25 13:38 dev
drwxr-xr-x+ 80 root root  4096 2008-03-25 13:38 etc
drwxr-xr-x+  3 root root  4096 2008-02-15 22:08 home

In Debian/Unstable the output of "ls -l" is as above, the "+" indicates a SE 
Linux security context - which doesn't do much good when every file has one.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590

The above URL has the Debian bug report with a patch.

If you wish to add additional comments then email sent to 
472590@bugs.debian.org will be appended.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ls in Debian/Unstable

[Casey Schaufler]

--- Russell Coker <russell@coker.com.au> wrote:

> unstable0:~/coreutils-6.10# ls -l /
> total 158
> drwxr-xr-x+  2 root root  4096 2008-03-25 10:02 bin
> drwxr-xr-x+  6 root root  1024 2008-03-21 12:30 boot
> drwxr-xr-x+ 16 root root  3700 2008-03-25 13:38 dev
> drwxr-xr-x+ 80 root root  4096 2008-03-25 13:38 etc
> drwxr-xr-x+  3 root root  4096 2008-02-15 22:08 home
> 
> In Debian/Unstable the output of "ls -l" is as above, the "+" indicates a SE 
> Linux security context

The "+" indicates that there is additional security metadata associated
with the file, it could be an ACL, timelock, or just about anything.
This is in accordance with the POSIX P1003.2 specification for ls(1).

> - which doesn't do much good when every file has one.

Well, there is that. 

> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590
> 
> The above URL has the Debian bug report with a patch.

I honestly don't know if this should be considered a bug in ls.
It is behaving as documented and if you've got MCS turned on
the SELinux label is being used to make DAC decisions. The "+"
is there to let you know that the mode bits don't tell the
whole access control story, but as you say, it is pretty silly
when every file has it.

> If you wish to add additional comments then email sent to 
> 472590@bugs.debian.org will be appended.
> 
> -- 
> russell@coker.com.au
> http://etbe.coker.com.au/          My Blog
> 
> http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 
> 
> 


Casey Schaufler
casey@schaufler-ca.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ls in Debian/Unstable

[Jim Meyering]

Russell Coker <russell@coker.com.au> wrote:
> unstable0:~/coreutils-6.10# ls -l /
> total 158
> drwxr-xr-x+  2 root root  4096 2008-03-25 10:02 bin
> drwxr-xr-x+  6 root root  1024 2008-03-21 12:30 boot
> drwxr-xr-x+ 16 root root  3700 2008-03-25 13:38 dev
> drwxr-xr-x+ 80 root root  4096 2008-03-25 13:38 etc
> drwxr-xr-x+  3 root root  4096 2008-02-15 22:08 home
>
> In Debian/Unstable the output of "ls -l" is as above, the "+" indicates a SE
> Linux security context - which doesn't do much good when every file has one.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590
>
> The above URL has the Debian bug report with a patch.

Hi Russell,

Older versions of the POSIX spec for ls clearly require a "+" on
any file with a SE Linux security context.
But the latest allows it to be any non-space printable character.
So eventually we'll make it more useful than a one-size-fits-all "+",
but it must remain a non-' '.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: ls in Debian/Unstable

[Russell Coker]

On Wednesday 26 March 2008 02:08, Jim Meyering <jim@meyering.net> wrote:
> Older versions of the POSIX spec for ls clearly require a "+" on
> any file with a SE Linux security context.
> But the latest allows it to be any non-space printable character.
> So eventually we'll make it more useful than a one-size-fits-all "+",
> but it must remain a non-' '.

Having it remain non-space long-term is OK.  But I think that we need to have 
Lenny released with a version of ls that doesn't display "+" on every file.  
That means that either the code to display some character other than "+" in 
the case of files with a SE Linux context needs to be written reasonably soon 
(and a final decision has to be made on which character it will be) or we 
need to release lenny with the same functionality as etch in this regard.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Bug#472590: ls in Debian/Unstable

[Russell Coker]

On Wednesday 26 March 2008 04:31, Michael Stone <mstone@debian.org> wrote:
> if (acl) then '+'
> else if (selinux) then '.'

Should there be some special marking of files with both a SE Linux context and 
an ACL?

Pity that they didn't choose an "a" to mark an ACL which would then permit 
using "A" for ACL + MAC.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Bug#472590: ls in Debian/Unstable

[Jim Meyering]

Russell Coker <russell@coker.com.au> wrote:

> On Wednesday 26 March 2008 04:31, Michael Stone <mstone@debian.org> wrote:
>> if (acl) then '+'
>> else if (selinux) then '.'
>
> Should there be some special marking of files with both a SE Linux context and
> an ACL?
>
> Pity that they didn't choose an "a" to mark an ACL which would then permit
> using "A" for ACL + MAC.

What if it has an ACL, a MAC, *and* some chattr-style attribute?
Á  ;-)


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Bug#472590: ls in Debian/Unstable

[Russell Coker]

On Wednesday 26 March 2008 10:43, Michael Stone <mstone@debian.org> wrote:
> On Wed, Mar 26, 2008 at 08:24:15AM +1100, Russell Coker wrote:
> >Should there be some special marking of files with both a SE Linux context
> > and an ACL?
>
> (not cc'ing the closed selinux list again)

What is the problem with the list?  Are your messages bouncing?

You should expect that your messages will be delayed until business hours in 
the east coast of the US (unless someone is working on the weekend), but 
that's not really a problem.

> How much can you fit into one char before it gets confusing?

Character 10 in "ls -l" output can have values from "xtT", character 7 can 
have values from "xsS", and character 1 can have many values.

> As I 
> understand it, there can't be a case on an selinux system where you have
> an acl and not an selinux context--so why bother highlighting the case
> where you have both?

On a SE Linux system you can't have a file without a SE Linux context.  
Therefore the issue is whether you have an ACL or not.  Which is why I 
believe that having "+" or " " is a reasonable choice.

If that idea is not well regarded by the people who matter then I am not 
really bothered as long as something better than the current situation is 
chosen and implemented before Lenny freezes.

> If people really want something for that, fine, but 
> I suspect that the ls listings will be come unreadable in short order if
> that trend continues.

Actually I'm more worried about the ease of machine parsing of ls output.  I'm 
sure that someone will suggest a better option than having a shell script 
grep ls output, but there are a lot of people who are used to grepping ls 
output and it would be nice not to break things for them.

-- 
russell@coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Bug#472590: ls in Debian/Unstable

[Jim Meyering]

[ I'm Cc'ing bug-coreutils@gnu.org.
  FYI, this is a continuation of discussion from the SELinux list:
  http://marc.info/?t=120645074000003&r=1&w=2
  and the debian bug tracking system: http://bugs.debian.org/472590

  The problem is that on an SELinux-enabled system, 'ls -l's "+",
  the "alternate access method" indicator, is useless, because it
  appears on every file:

      $ ls -glo /var
      total 164
      drwxr-xr-x+  3 4096 2008-03-29 08:43 kerberos
      drwxr-xr-x+ 39 4096 2008-03-29 08:43 lib
      drwxr-xr-x+  2 4096 2008-03-27 17:33 local
      drwxrwxr-x+  8 4096 2008-03-31 04:15 lock
      drwxr-xr-x+ 20 4096 2008-03-31 09:55 log
      lrwxrwxrwx+  1   10 2008-03-28 23:33 mail -> spool/mail
      ...

  Newer POSIX allows any non-space character as the indicator, and
  that's what we're discussing now.
  ]

Russell Coker <russell@coker.com.au> wrote:
> On Wednesday 26 March 2008 04:31, Michael Stone <mstone@debian.org> wrote:
>> if (acl) then '+'
>> else if (selinux) then '.'
>
> Should there be some special marking of files with both a SE Linux context and
> an ACL?
>
> Pity that they didn't choose an "a" to mark an ACL which would then permit
> using "A" for ACL + MAC.

This is probably as good a time as any to make such a change, though
I doubt it will make the cut for the upcoming release.  I'd like to keep
it simple (i.e., not try to encode all possible combinations).  If you
want to get full details, stat(1) is probably the program to change.

I like Michael's suggestion.  Rephrasing it,

    if (SELinux, with no other MAC or ACL)
      use '.'
    else if (any other combination of alternate access methods)
      use '+'

If someone who already has a copyright assignment on file for coreutils
wants to write the patch (including doc update, tests, NEWS, ChangeLog,
etc.), please speak up ASAP.  Otherwise I'll do it.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Bug#472590: ls in Debian/Unstable

[Russell Coker]

On Monday 31 March 2008 20:02, Jim Meyering <jim@meyering.net> wrote:
> I like Michael's suggestion.  Rephrasing it,
>
>     if (SELinux, with no other MAC or ACL)
>       use '.'
>     else if (any other combination of alternate access methods)
>       use '+'
>
> If someone who already has a copyright assignment on file for coreutils
> wants to write the patch (including doc update, tests, NEWS, ChangeLog,
> etc.), please speak up ASAP.  Otherwise I'll do it.

I still believe that as when running SE Linux all files will have contexts 
(the kernel code generates them if they are on a filesystem that doesn't 
support persistent storage of contexts or if they are unlabelled) then the SE 
Linux access controls should not be listed in "ls -l" output.

That said, the above suggestion makes sense and would work reasonably well.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Bug#472590: ls in Debian/Unstable

[Jim Meyering]

Russell Coker <russell@coker.com.au> wrote:
> On Monday 31 March 2008 20:02, Jim Meyering <jim@meyering.net> wrote:
>> I like Michael's suggestion.  Rephrasing it,
>>
>>     if (SELinux, with no other MAC or ACL)
>>       use '.'
>>     else if (any other combination of alternate access methods)
>>       use '+'
>>
>> If someone who already has a copyright assignment on file for coreutils
>> wants to write the patch (including doc update, tests, NEWS, ChangeLog,
>> etc.), please speak up ASAP.  Otherwise I'll do it.
>
> I still believe that as when running SE Linux all files will have contexts
> (the kernel code generates them if they are on a filesystem that doesn't
> support persistent storage of contexts or if they are unlabelled) then the SE
> Linux access controls should not be listed in "ls -l" output.

I do understand your sentiment.
If you raise the issue with the Austin Group, they'll at least
consider whether to adjust that part of the POSIX ls specification.

> That said, the above suggestion makes sense and would work reasonably well.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RFC: changing the "+" in ls -l output to be "." or "+"

[Jim Meyering]

I wrote this:
> [ I'm Cc'ing bug-coreutils@gnu.org.
>   FYI, this is a continuation of discussion from the SELinux list:
>   http://marc.info/?t=120645074000003&r=1&w=2
>   and the debian bug tracking system: http://bugs.debian.org/472590
>
>   The problem is that on an SELinux-enabled system, 'ls -l's "+",
>   the "alternate access method" indicator, is useless, because it
>   appears on every file:
>
>       $ ls -glo /var
>       total 164
>       drwxr-xr-x+  3 4096 2008-03-29 08:43 kerberos
>       drwxr-xr-x+ 39 4096 2008-03-29 08:43 lib
>       drwxr-xr-x+  2 4096 2008-03-27 17:33 local
>       drwxrwxr-x+  8 4096 2008-03-31 04:15 lock
>       drwxr-xr-x+ 20 4096 2008-03-31 09:55 log
>       lrwxrwxrwx+  1   10 2008-03-28 23:33 mail -> spool/mail
>       ...
>
>   Newer POSIX allows any non-space character as the indicator, and
>   that's what we're discussing now.
>   ]
>
> Russell Coker <russell@coker.com.au> wrote:
>> On Wednesday 26 March 2008 04:31, Michael Stone <mstone@debian.org> wrote:
>>> if (acl) then '+'
>>> else if (selinux) then '.'
>>
>> Should there be some special marking of files with both a SE Linux context and
>> an ACL?
>>
>> Pity that they didn't choose an "a" to mark an ACL which would then permit
>> using "A" for ACL + MAC.
>
> This is probably as good a time as any to make such a change, though
> I doubt it will make the cut for the upcoming release.  I'd like to keep
> it simple (i.e., not try to encode all possible combinations).  If you
> want to get full details, stat(1) is probably the program to change.
>
> I like Michael's suggestion.  Rephrasing it,
>
>     if (SELinux, with no other MAC or ACL)
>       use '.'
>     else if (any other combination of alternate access methods)
>       use '+'
>
> If someone who already has a copyright assignment on file for coreutils
> wants to write the patch (including doc update, tests, NEWS, ChangeLog,
> etc.), please speak up ASAP.  Otherwise I'll do it.

No one spoke up, so here's code, for discussion's sake.
I've tested it only lightly.
This change is not slated for the upcoming release.

Here's sample output, running on an SELinux system:

  $ src/ls -ldgo [ac]*
  -rw-r--r--.  1   42625 2008-04-02 19:31 aclocal.m4
  drwxr-xr-x.  2    4096 2008-04-02 19:31 autom4te.cache
  -rw-r--r--.  1    1597 2008-03-21 16:35 cfg.mk
  -rw-r--r--.  1 1417195 2008-04-02 19:33 config.log
  -rwxr-xr-x.  1   71225 2008-04-02 19:33 config.status
  -rwxr-xr-x.  1 1846424 2008-04-02 19:31 configure
  -rw-r--r--.  1   12014 2008-03-25 23:55 configure.ac

------------------------------------

	Use '.' (not +) as SELinux-only alternate access flag in ls -l output
	* src/ls.c (gobble_file) [long_format]: Map SELinux-only to '.',
	any other nonempty combination of MAC and ACL to '+', and all else
	to the usual ' '.
	* tests/misc/selinux: Adapt: expect '.', not '+'.
	* NEWS: TBD

---
 src/ls.c           |   25 +++++++++++++++++++------
 tests/misc/selinux |    4 ++--
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/ls.c b/src/ls.c
index e029fe0..ae234da 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -151,6 +151,12 @@ verify (sizeof filetype_letter - 1 == arg_directory + 1);
     C_LINK, C_SOCK, C_FILE, C_DIR			\
   }

+enum acl_type
+  {
+    ACL_T_NONE,
+    ACL_T_SELINUX_ONLY,
+    ACL_T_YES
+  };

 struct fileinfo
   {
@@ -179,7 +185,7 @@ struct fileinfo

     /* For long listings, true if the file has an access control list,
        or an SELinux security context.  */
-    bool have_acl;
+    enum acl_type acl_type;
   };

 #define LEN_STR_PAIR(s) sizeof (s) - 1, s
@@ -2671,6 +2677,7 @@ gobble_file (char const *name, enum filetype type, ino_t inode,

       if (format == long_format || print_scontext)
 	{
+	  bool have_selinux = false;
 	  bool have_acl = false;
 	  int attr_len = (do_deref
 			  ?  getfilecon (absolute_name, &f->scontext)
@@ -2689,7 +2696,7 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
 	    }

 	  if (err == 0)
-	    have_acl = ! STREQ ("unlabeled", f->scontext);
+	    have_selinux = ! STREQ ("unlabeled", f->scontext);
 	  else
 	    {
 	      f->scontext = UNKNOWN_SECURITY_CONTEXT;
@@ -2702,15 +2709,19 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
 		err = 0;
 	    }

-	  if (err == 0 && ! have_acl && format == long_format)
+	  if (err == 0 && format == long_format)
 	    {
 	      int n = file_has_acl (absolute_name, &f->stat);
 	      err = (n < 0);
 	      have_acl = (0 < n);
 	    }

-	  f->have_acl = have_acl;
-	  any_has_acl |= have_acl;
+	  f->acl_type = (!have_selinux && !have_acl
+			 ? ACL_T_NONE
+			 : (have_selinux && !have_acl
+			    ? ACL_T_SELINUX_ONLY
+			    : ACL_T_YES));
+	  any_has_acl |= f->acl_type != ACL_T_NONE;

 	  if (err)
 	    error (0, errno, "%s", quotearg_colon (absolute_name));
@@ -3430,7 +3441,9 @@ print_long_format (const struct fileinfo *f)
     }
   if (! any_has_acl)
     modebuf[10] = '\0';
-  else if (f->have_acl)
+  else if (f->acl_type == ACL_T_SELINUX_ONLY)
+    modebuf[10] = '.';
+  else if (f->acl_type == ACL_T_YES)
     modebuf[10] = '+';

   switch (time_type)
diff --git a/tests/misc/selinux b/tests/misc/selinux
index 87d1a8d..ea95112 100755
--- a/tests/misc/selinux
+++ b/tests/misc/selinux
@@ -34,8 +34,8 @@ for i in d f p; do
   c=`stat --printf %C $i`; test x$c = x$ctx || fail=1
 done

-# ensure that ls -l output includes the "+".
-c=`ls -l f|cut -c11`; test "$c" = + || fail=1
+# ensure that ls -l output includes the ".".
+c=`ls -l f|cut -c11`; test "$c" = . || fail=1

 # Copy each to a new directory and ensure that context is preserved.
 cp -r --preserve=all d f p s1 || fail=1
--
1.5.5.rc2.26.g7bba

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: RFC: changing the "+" in ls -l output to be "." or "+"

[Jim Meyering]

Jim Meyering <jim@meyering.net> wrote:
> I wrote this:
>> [ I'm Cc'ing bug-coreutils@gnu.org.
>>   FYI, this is a continuation of discussion from the SELinux list:
>>   http://marc.info/?t=120645074000003&r=1&w=2
>>   and the debian bug tracking system: http://bugs.debian.org/472590
>>
>>   The problem is that on an SELinux-enabled system, 'ls -l's "+",
>>   the "alternate access method" indicator, is useless, because it
>>   appears on every file:
>>
>>       $ ls -glo /var
>>       total 164
>>       drwxr-xr-x+  3 4096 2008-03-29 08:43 kerberos
>>       drwxr-xr-x+ 39 4096 2008-03-29 08:43 lib
>>       drwxr-xr-x+  2 4096 2008-03-27 17:33 local
>>       drwxrwxr-x+  8 4096 2008-03-31 04:15 lock
>>       drwxr-xr-x+ 20 4096 2008-03-31 09:55 log
>>       lrwxrwxrwx+  1   10 2008-03-28 23:33 mail -> spool/mail
>>       ...
>>
>>   Newer POSIX allows any non-space character as the indicator, and
>>   that's what we're discussing now.
>>   ]
>>
>> Russell Coker <russell@coker.com.au> wrote:
>>> On Wednesday 26 March 2008 04:31, Michael Stone <mstone@debian.org> wrote:
>>>> if (acl) then '+'
>>>> else if (selinux) then '.'
>>>
>>> Should there be some special marking of files with both a SE Linux context and
>>> an ACL?
>>>
>>> Pity that they didn't choose an "a" to mark an ACL which would then permit
>>> using "A" for ACL + MAC.
>>
>> This is probably as good a time as any to make such a change, though
>> I doubt it will make the cut for the upcoming release.  I'd like to keep
>> it simple (i.e., not try to encode all possible combinations).  If you
>> want to get full details, stat(1) is probably the program to change.
>>
>> I like Michael's suggestion.  Rephrasing it,
>>
>>     if (SELinux, with no other MAC or ACL)
>>       use '.'
>>     else if (any other combination of alternate access methods)
>>       use '+'
>>
>> If someone who already has a copyright assignment on file for coreutils
>> wants to write the patch (including doc update, tests, NEWS, ChangeLog,
>> etc.), please speak up ASAP.  Otherwise I'll do it.
>
> No one spoke up, so here's code, for discussion's sake.
> I've tested it only lightly.
> This change is not slated for the upcoming release.
>
> Here's sample output, running on an SELinux system:
>
>   $ src/ls -ldgo [ac]*
>   -rw-r--r--.  1   42625 2008-04-02 19:31 aclocal.m4
>   drwxr-xr-x.  2    4096 2008-04-02 19:31 autom4te.cache
>   -rw-r--r--.  1    1597 2008-03-21 16:35 cfg.mk
>   -rw-r--r--.  1 1417195 2008-04-02 19:33 config.log
>   -rwxr-xr-x.  1   71225 2008-04-02 19:33 config.status
>   -rwxr-xr-x.  1 1846424 2008-04-02 19:31 configure
>   -rw-r--r--.  1   12014 2008-03-25 23:55 configure.ac

Thanks to a nudge from Ondřej, I've just completed and pushed this:

Re: RFC: changing the "+" in ls -l output to be "." or "+"

[Vikram Noel Ambrose]

Jim Meyering <jim@meyering.net> wrote:
>>> [ I'm Cc'ing bug-coreutils@gnu.org.
>>>   FYI, this is a continuation of discussion from the SELinux list:
>>>   http://marc.info/?t=120645074000003&r=1&w=2
>>>   and the debian bug tracking system: http://bugs.debian.org/472590
>>>
>>>   The problem is that on an SELinux-enabled system, 'ls -l's "+",
>>>   the "alternate access method" indicator, is useless, because it
>>>   appears on every file:
>>>
>>>       $ ls -glo /var
>>>       total 164
>>>       drwxr-xr-x+  3 4096 2008-03-29 08:43 kerberos
>>>       drwxr-xr-x+ 39 4096 2008-03-29 08:43 lib
>>>       drwxr-xr-x+  2 4096 2008-03-27 17:33 local
>>>       drwxrwxr-x+  8 4096 2008-03-31 04:15 lock
>>>       drwxr-xr-x+ 20 4096 2008-03-31 09:55 log
>>>       lrwxrwxrwx+  1   10 2008-03-28 23:33 mail -> spool/mail
>>>       ...
>>>
>>>   Newer POSIX allows any non-space character as the indicator, and
>>>   that's what we're discussing now.
>>>   ]
>>>
>>> Russell Coker <russell@coker.com.au> wrote:
>>>       
>>>> On Wednesday 26 March 2008 04:31, Michael Stone <mstone@debian.org> wrote:
>>>>         
>>>>> if (acl) then '+'
>>>>> else if (selinux) then '.'
>>>>>           
>>>> Should there be some special marking of files with both a SE Linux context and
>>>> an ACL?
>>>>
>>>> Pity that they didn't choose an "a" to mark an ACL which would then permit
>>>> using "A" for ACL + MAC.
>>>>         
>>> This is probably as good a time as any to make such a change, though
>>> I doubt it will make the cut for the upcoming release.  I'd like to keep
>>> it simple (i.e., not try to encode all possible combinations).  If you
>>> want to get full details, stat(1) is probably the program to change.
>>>
>>> I like Michael's suggestion.  Rephrasing it,
>>>
>>>     if (SELinux, with no other MAC or ACL)
>>>       use '.'
>>>     else if (any other combination of alternate access methods)
>>>       use '+'
>>>
>>> If someone who already has a copyright assignment on file for coreutils
>>> wants to write the patch (including doc update, tests, NEWS, ChangeLog,
>>> etc.), please speak up ASAP.  Otherwise I'll do it.
>>>       
>> No one spoke up, so here's code, for discussion's sake.
>> I've tested it only lightly.
>> This change is not slated for the upcoming release.
>>
>> Here's sample output, running on an SELinux system:
>>
>>   $ src/ls -ldgo [ac]*
>>   -rw-r--r--.  1   42625 2008-04-02 19:31 aclocal.m4
>>   drwxr-xr-x.  2    4096 2008-04-02 19:31 autom4te.cache
>>   -rw-r--r--.  1    1597 2008-03-21 16:35 cfg.mk
>>   -rw-r--r--.  1 1417195 2008-04-02 19:33 config.log
>>   -rwxr-xr-x.  1   71225 2008-04-02 19:33 config.status
>>   -rwxr-xr-x.  1 1846424 2008-04-02 19:31 configure
>>   -rw-r--r--.  1   12014 2008-03-25 23:55 configure.ac
>>     

This is so confusing. What is so horribly wrong with a capital S for 
SELinux or A for ACL?

Vikram

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: RFC: changing the "+" in ls -l output to be "." or "+"

[Jim Meyering]

Vikram Noel Ambrose <noel.ambrose@gmail.com> wrote:
> Jim Meyering <jim@meyering.net> wrote:
...
>>>>     if (SELinux, with no other MAC or ACL)
>>>>       use '.'
>>>>     else if (any other combination of alternate access methods)
>>>>       use '+'
...
>>> Here's sample output, running on an SELinux system:
>>>
>>>   $ src/ls -ldgo [ac]*
>>>   -rw-r--r--.  1   42625 2008-04-02 19:31 aclocal.m4
>>>   drwxr-xr-x.  2    4096 2008-04-02 19:31 autom4te.cache
>>>   -rw-r--r--.  1    1597 2008-03-21 16:35 cfg.mk
>>>   -rw-r--r--.  1 1417195 2008-04-02 19:33 config.log
>>>   -rwxr-xr-x.  1   71225 2008-04-02 19:33 config.status
>>>   -rwxr-xr-x.  1 1846424 2008-04-02 19:31 configure
>>>   -rw-r--r--.  1   12014 2008-03-25 23:55 configure.ac
>>>
>
> This is so confusing. What is so horribly wrong with a capital S for
> SELinux or A for ACL?

A desire for compatibility makes "+" look good.
"." is appealing for SELinux-only because it's inconspicuous.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: RFC: changing the "+" in ls -l output to be "." or "+"

[Mike Edenfield]

Jim Meyering wrote:

> A desire for compatibility makes "+" look good.
> "." is appealing for SELinux-only because it's inconspicuous.

Speaking as a fairly new SELinux user/admin, having a "." 
next to every file in my ls output is just as useful or 
non-useful as having a "+" next to them, so does it really 
buy anything?  I end up needing -Z either way.

Based on the kind of real-world problems I've had, the most 
useful thing ls could tell me about a file on my SELinux 
system would be that it *should* have a label and *doesn't*, 
something like:

if ( selinux_enabled )
   if ( label == NULL || label == fs.defaultlabel )
     use "!"
   else
     use " "
else if ( anything else )
   use "+"





--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: RFC: changing the "+" in ls -l output to be "." or "+"

[Russell Coker]

On Saturday 25 October 2008 00:19, Mike Edenfield <kutulu@kutulu.org> wrote:
> Jim Meyering wrote:
> > A desire for compatibility makes "+" look good.
> > "." is appealing for SELinux-only because it's inconspicuous.
>
> Speaking as a fairly new SELinux user/admin, having a "."
> next to every file in my ls output is just as useful or
> non-useful as having a "+" next to them, so does it really
> buy anything?  I end up needing -Z either way.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590

The above URL has the history of this discussion.  I requested that there be 
no such notification.  I still believe that there should be nothing used in 
the case of SE Linux (although I could be convinced that the "." is OK if 
files with the context "system_u:object_r:file_t:s0" did not have it).

But it seems that I have lost this debate.  Using "." is better than "+", and 
my request to have none of this in Lenny has been accepted so we have some 
time to work on this before Lenny+1.

> Based on the kind of real-world problems I've had, the most
> useful thing ls could tell me about a file on my SELinux
> system would be that it *should* have a label and *doesn't*,
> something like:
>
> if ( selinux_enabled )
>    if ( label == NULL || label == fs.defaultlabel )
>      use "!"
>    else
>      use " "
> else if ( anything else )
>    use "+"

That sounds quite reasonable.

-- 
Russell Coker <russell@coker.com.au>
http://etbe.coker.com.au/          My Blog
http://etbe.coker.com.au/category/security/  My Security blog posts
http://www.coker.com.au/selinux/play.html  My Play Machine, root PW "SELINUX"

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: RFC: changing the "+" in ls -l output to be "." or "+"

[Jim Meyering]

Russell Coker <russell@coker.com.au> wrote:

> On Saturday 25 October 2008 00:19, Mike Edenfield <kutulu@kutulu.org> wrote:
>> Jim Meyering wrote:
>> > A desire for compatibility makes "+" look good.
>> > "." is appealing for SELinux-only because it's inconspicuous.
>>
>> Speaking as a fairly new SELinux user/admin, having a "."
>> next to every file in my ls output is just as useful or
>> non-useful as having a "+" next to them, so does it really
>> buy anything?  I end up needing -Z either way.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590
>
> The above URL has the history of this discussion.  I requested that there be
> no such notification.  I still believe that there should be nothing used in
> the case of SE Linux (although I could be convinced that the "." is OK if
> files with the context "system_u:object_r:file_t:s0" did not have it).
>
> But it seems that I have lost this debate.  Using "." is better than "+", and
> my request to have none of this in Lenny has been accepted so we have some
> time to work on this before Lenny+1.
>
>> Based on the kind of real-world problems I've had, the most
>> useful thing ls could tell me about a file on my SELinux
>> system would be that it *should* have a label and *doesn't*,
>> something like:
>>
>> if ( selinux_enabled )
>>    if ( label == NULL || label == fs.defaultlabel )
>>      use "!"
>>    else
>>      use " "
>> else if ( anything else )
>>    use "+"
>
> That sounds quite reasonable.

Actually, I'm leaning your way, now, and agree.

If you, Russell, write the patch (w/NEWS and docs would be really nice)
I'll make the switch upstream pretty soon.  It'd be nice to give the
austin group a heads up, too, since this behavior would be contrary to
POSIX.  I don't think it's worth it to make this depend on the setting
of the POSIXLY_CORRECT envvar.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: RFC: changing the "+" in ls -l output to be "." or "+"

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim Meyering wrote:
> Russell Coker <russell@coker.com.au> wrote:
> 
>> On Saturday 25 October 2008 00:19, Mike Edenfield <kutulu@kutulu.org> wrote:
>>> Jim Meyering wrote:
>>>> A desire for compatibility makes "+" look good.
>>>> "." is appealing for SELinux-only because it's inconspicuous.
>>> Speaking as a fairly new SELinux user/admin, having a "."
>>> next to every file in my ls output is just as useful or
>>> non-useful as having a "+" next to them, so does it really
>>> buy anything?  I end up needing -Z either way.
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590
>>
>> The above URL has the history of this discussion.  I requested that there be
>> no such notification.  I still believe that there should be nothing used in
>> the case of SE Linux (although I could be convinced that the "." is OK if
>> files with the context "system_u:object_r:file_t:s0" did not have it).
>>
>> But it seems that I have lost this debate.  Using "." is better than "+", and
>> my request to have none of this in Lenny has been accepted so we have some
>> time to work on this before Lenny+1.
>>
>>> Based on the kind of real-world problems I've had, the most
>>> useful thing ls could tell me about a file on my SELinux
>>> system would be that it *should* have a label and *doesn't*,
>>> something like:
>>>
>>> if ( selinux_enabled )
>>>    if ( label == NULL || label == fs.defaultlabel )
>>>      use "!"
>>>    else
>>>      use " "
>>> else if ( anything else )
>>>    use "+"
>> That sounds quite reasonable.
> 
> Actually, I'm leaning your way, now, and agree.
> 
> If you, Russell, write the patch (w/NEWS and docs would be really nice)
> I'll make the switch upstream pretty soon.  It'd be nice to give the
> austin group a heads up, too, since this behavior would be contrary to
> POSIX.  I don't think it's worth it to make this depend on the setting
> of the POSIXLY_CORRECT envvar.
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
If you really wanted to go wild, you could add a qualifier to check
matchpathcon to indicate it differs from the default for the file
system, although it would be very expensive.  Perhaps find would be a
better source.  "find" all files not matching the system defaults.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkLCjEACgkQrlYvE4MpobM3ywCfZtVW9cQE8hgLRVCHYqHKLfU1
cWgAn2/cx41bmoFguBEVJXGbUiqsryzH
=+qTw
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.