[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Make mv work better with SELinux.

From: Daniel J Walsh
Subject: Re: Make mv work better with SELinux.
Date: Tue, 16 Oct 2012 09:09:27 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121011 Thunderbird/16.0.1

Hash: SHA1

On 10/09/2012 08:54 AM, Jim Meyering wrote:
> Pádraig Brady wrote:
>> On 10/08/2012 09:24 PM, Daniel J Walsh wrote:
>>> One of if not the most common problem people hit with SELinux is the
>>> mv command, which maintains the file context of the source
>>> destination.
>>> mv /home/dwalsh/index.html /var/www/html/
>>> This blows up on everybody and then the users have no idea why.
>>> I was thinking about adding -Z (--restorecon) to mv and having it
>>> basically do a internal restorecon on the destination.
>>> Then we could suggest people who get burnt by this to:
>>> alias mv="mv -Z"
>>> In Fedora 18 we have greatly enhanced matchpathcon, by pre-compiling
>>> the regex, so there should be very little slow down in doing this.
>>> I will work on the patch, if people agree with the idea.
>> I like the idea. Now cp and install should behave similarly, and they
>> already have the -Z option.
> Upstream cp does not have -Z. I agree that this seems like the right time
> to add it.
>> So I would suggest that cp, mv and install support the -Z option without
>> an argument, which means auto set the context based on the destination.
>> The caveat with that is that short options with optional args are very
>> problematic. So I'd just have the long --context have an optional arg,
>> while -Z would require an arg.
> [in a follow-up]
>> Thinking further, --context without an option, is not too clear to the
>> user. They might think they were copying the original context rather than
>> setting a new context.
>> Pity the long option wasn't called --new-context. I suppose we could have
>> that as an alias for --context and deprecate the former?
> Sounds reasonable. Adjust the other --context=CTX commands, mkdir, mkfifo,
> mknod at the same time.

I just want to make sure that you guys are expecting a patch from me?

Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


reply via email to

[Prev in Thread] Current Thread [Next in Thread]