On Tue, 2006-03-14 at 16:03 -0600, Chris Adams wrote: > Once upon a time, Ivan Gyurdiev <ivg2@xxxxxxxxxxx> said: > > cp has supported selinux for quite some time now. > > The fact that it "supports" SELinux by adding a new option doesn't > really help. People know "cp -p" to preserve ownership and permissions, > but you have to use (the annoyingly verbose) "cp --preserve=all" to get > SELinux attributes. cp -c is the short form for preserving security contexts. It was kept separate from the default behavior for -p because there are definitely cases where an application is allowed to set owner/mode on a file but _not_ necessarily allowed to set a given security label on that file. Thus, pushing those semantics into the default behavior of -p would ultimately lead to breaking existing users of cp -p. Not saying that the coreutils SELinux integration couldn't stand improvement, but there was a reason why they were kept separate, and that was discussed on the public lists I believe. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
