[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cp and SELinux context
From: |
Jim Meyering |
Subject: |
Re: cp and SELinux context |
Date: |
Tue, 03 Jun 2008 18:31:37 +0200 |
Bruno Haible <address@hidden> wrote:
> Jim Meyering wrote:
>> > --preserve[=ATTR_LIST] preserve the specified attributes (default:
>> > mode,ownership,timestamps), if possible
>> > additional attributes: context, links, all
>>
>> ... it's the SELinux context,
>
> Why does the default list of preserved attributes (mode,ownership,timestamps)
> not include the SELinux context?
>
> The SELinux FAQ [1] states that
> "When backing up and recovering files with a SELinux system, care must be
> taken to preserve SELinux context information."
>
> Naïvely, I would think this rule should also hold when copying file trees
> as root using "cp -p"?
That is a reasonable conclusion, but it is not feasible. Unconditionally
requiring the preservation of each file's SELinux context would
result in unacceptably frequent non-zero exit status from the likes
of cp -p and cross-partition mv. That would be seen as a regression.
Determining automatically when to attempt to preserve SELinux context,
and when it is not feasible to do so, is not tractable.
BTW, POSIX already specifies what cp -p must copy. If cp cannot copy
some required-to-copy attribute, POSIX says how it must fail. Hence,
I think it is inappropriate to make cp -p fail for some new reason like
failure to preserve SELinux context.