[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Make mv work better with SELinux.
|
From: |
Pádraig Brady |
|
Subject: |
Re: Make mv work better with SELinux. |
|
Date: |
Wed, 04 Dec 2013 19:23:59 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 12/04/2013 05:49 PM, Daniel J Walsh wrote:
> On 12/04/2013 11:11 AM, Pádraig Brady wrote:
>> Before I pull the trigger on this release, I'd like to confirm a change you
>> did.
>
>> You changed `cp --context=CTX` to _not fail_ if selinux is disabled. I'm
>> thinking that if the old behavior of giving a specific context is not
>> supported, then we should fail?
> I have no problem if this fails, since the user was so explicit. My real goal
> is to allow people to put commands in init scripts and install post install
> scripts or any other scripts that do not need to check if SELinux is enabled.
>
> cp -Z foobar /etc
>
> Should always work.
>
>> Also I'm wondering about the -Z case with selinux disabled. I.E. would
>> defaultcon() and/or restorecon() support setting file contexts even if
>> selinux is currently disabled? I.E. should we attempt those even if selinux
>> is disabled, but suppress any associated warnings/errors?
>
>> thanks, Pádraig.
>
> When a machine comes back from being disabled it will require a full relabel
> to work properly whether or not these commands work. Theoretically restorecon
> should work, but defaultcon will not.
Great thanks for the info.
I'll probably address this with the attached patch.
thanks,
Pádraig.
selinux-errors.patch
Description: Text Data