coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Make mv work better with SELinux.


From: Pádraig Brady
Subject: Re: Make mv work better with SELinux.
Date: Mon, 08 Oct 2012 23:05:58 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1

On 10/08/2012 09:51 PM, Pádraig Brady wrote:
On 10/08/2012 09:24 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of if not the most common problem people hit with SELinux is the mv
command, which maintains the file context of the source destination.

mv /home/dwalsh/index.html /var/www/html/

This blows up on everybody and then the users have no idea why.

I was thinking about adding -Z (--restorecon) to mv and having it basically do a
internal restorecon on the destination.

Then we could suggest people who get burnt by this to:

alias mv="mv -Z"

In Fedora 18 we have greatly enhanced matchpathcon, by pre-compiling the
regex, so there should be very little slow down in doing this.

I will work on the patch, if people agree with the idea.

I like the idea.
Now cp and install should behave similarly,
and they already have the -Z option.
So I would suggest that cp, mv and install
support the -Z option without an argument,
which means auto set the context based on the destination.

The caveat with that is that short options
with optional args are very problematic.
So I'd just have the long --context have
an optional arg, while -Z would require an arg.

Thinking further, --context without an option,
is not too clear to the user. They might think
they were copying the original context rather
than setting a new context.

Pity the long option wasn't called --new-context.
I suppose we could have that as an alias for --context
and deprecate the former?

cheers,
Pádraig.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]