On 1/4/08, Tomasz Torcz <tomek@xxxxxxxxxxxxx> wrote: > tar with "--xattrs"? No, I didn't realize --xattrs existed; the tar info page doesn't mention it. Oh, there it is in the man page. Is there some reason why storing extended attributes by default would be undesirable? I normally expect tar to carry all relevant metadata with it; that's sort of the point of using tar. > SELinux don't care about file location. It cares about labels. Policy > for *labeling* files and assorted utilities care for paths, but they are > only additional utilities, not SELinux itself.. > In your situation, ipp.txt must be writable by openvpn daemon. You can > achieve it by labeling (man chcon) ipp.txt as openvpn_var_log_t. By > default files in /etc/openvpn are labeled as openvpn_etc_t (openvpn's > configuration files). Daemons cannot modify their configuration files. I see. I now notice ls has a -Z option that shows the SELinux security context. It would be nice if ls -l would show the security context by default when SELinux is enabled, as the context is apparently just as important as file permissions. People who already know about SELinux can of course just learn to type ls -l --lcontext, but showing the extra information by default would at least give clueless users like me a hint that files have these extra attributes that might somehow be relevant to those strange openvpn failures. IMHO this would be the single best usability improvement to SELinux (despite the fact that it makes the output too wide for an 80-column display). --Ed -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
