[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cp and SELinux context

From: Jim Meyering
Subject: Re: cp and SELinux context
Date: Tue, 03 Jun 2008 18:31:37 +0200

Bruno Haible <address@hidden> wrote:

> Jim Meyering wrote:
>> >       --preserve[=ATTR_LIST]   preserve the specified attributes (default:
>> >                                  mode,ownership,timestamps), if possible
>> >                                  additional attributes: context, links, all
>> ... it's the SELinux context,
> Why does the default list of preserved attributes (mode,ownership,timestamps)
> not include the SELinux context?
> The SELinux FAQ [1] states that
>   "When backing up and recovering files with a SELinux system, care must be
>    taken to preserve SELinux context information."
> Naïvely, I would think this rule should also hold when copying file trees
> as root using "cp -p"?

That is a reasonable conclusion, but it is not feasible.  Unconditionally
requiring the preservation of each file's SELinux context would
result in unacceptably frequent non-zero exit status from the likes
of cp -p and cross-partition mv.  That would be seen as a regression.
Determining automatically when to attempt to preserve SELinux context,
and when it is not feasible to do so, is not tractable.

BTW, POSIX already specifies what cp -p must copy.  If cp cannot copy
some required-to-copy attribute, POSIX says how it must fail.  Hence,
I think it is inappropriate to make cp -p fail for some new reason like
failure to preserve SELinux context.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]