[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Make mv work better with SELinux.
|
From: |
Daniel J Walsh |
|
Subject: |
Re: Make mv work better with SELinux. |
|
Date: |
Fri, 19 Oct 2012 17:52:48 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/16/2012 09:32 AM, Jim Meyering wrote:
> Daniel J Walsh wrote:
>> On 10/09/2012 08:54 AM, Jim Meyering wrote:
>>> Pádraig Brady wrote:
>>>> On 10/08/2012 09:24 PM, Daniel J Walsh wrote:
> ...
>>> [in a follow-up]
>>>> Thinking further, --context without an option, is not too clear to
>>>> the user. They might think they were copying the original context
>>>> rather than setting a new context.
>>>
>>>> Pity the long option wasn't called --new-context. I suppose we could
>>>> have that as an alias for --context and deprecate the former?
>>>
>>> Sounds reasonable. Adjust the other --context=CTX commands, mkdir,
>>> mkfifo, mknod at the same time.
>>
>> I just want to make sure that you guys are expecting a patch from me?
>
> I am. That'd be great, especially if you can add NEWS entries and tests to
> exercise the new code.
>
Here is what I have thus far. Major problem I have not figured out yet is how
to get selinux.c code to work in the library, so it is hacked to just be
included as part of the selinux.h file.
Just looking to get feedback that I am not going down the wrong path.
Made -Z and --context take optional context for apps that have had these flags
for a while
mkdir, mkfifo, mknod and cp
Added -Z --context to mv without optional flag. ( I would love to dump the
optional flag but it has been in place for years.)
Not sure how man pages get created so I modified in patch. Also modified info
stuff.
Basically there are two new functions, restorecon which fixed file labels
after they are created, this is not optimal since there is a potential race
condition, but since mv does a rename this is all we can do.
defaultcon will tell SELinux what to label a file before it is created.
I have added the function mode_to_security_class to libselinux for Fedora 18,
but it is not in all versions of libselinux. I can back port this, but for
now left it in patch.
This patch is based off of fedora package, not sure if I should have merged
all SELinux changes into patch to send upstream.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCBy7AACgkQrlYvE4MpobPloACbBa6uiXbKzUs50is4rylABr6u
lXAAmQGsBJ0RYCiHBcHcCPdmUGz84IjD
=Q+pd
-----END PGP SIGNATURE-----
coreutils-restorecon.patch
Description: Text Data
- Make mv work better with SELinux., Daniel J Walsh, 2012/10/08
- Re: Make mv work better with SELinux., Pádraig Brady, 2012/10/08
- Re: Make mv work better with SELinux., Pádraig Brady, 2012/10/08
- Re: Make mv work better with SELinux., Jim Meyering, 2012/10/09
- Re: Make mv work better with SELinux., Daniel J Walsh, 2012/10/16
- Re: Make mv work better with SELinux., Jim Meyering, 2012/10/16
- Re: Make mv work better with SELinux.,
Daniel J Walsh <=
- Re: Make mv work better with SELinux., Jim Meyering, 2012/10/20
- Make coretutils work better with SELinux., Daniel J Walsh, 2012/10/30
- Re: Make coretutils work better with SELinux., Pádraig Brady, 2012/10/31