On Tue, 2008-10-07 at 14:23 -0400, David P. Quigley wrote: > I think the main question here is should archive try to retain the > SELinux context. From what I've heard from people here, initially the > idea was to try to preserve the context and if that failed fall back to > labeling based on the parent. The context is a permission, it's like saying "when using -a try and preserve the chmod/ownership/acl value, but if that fails just make a new one up ... what could possibly go wrong!?". > That doesn't seem to be what cp is trying > to do. If we removed the retain the context part from the archive switch > of cp you would get labeling based on the parent but then you would be > required to explicitly specify preserve the context when you wanted to > archive that as well. We differ from upstream by adding the -c behaviour to -a ... but unless we want to turn SELinux off that's the right thing to do, IMO. The fact that this is another case of "SeLinux telling you in a really weird way, that what you asked for is wrong" is annoying, but that doesn't mean we should change what people asked for. > It doesn't seem like anyone is actually depending on the associate > permission so it might be worth someone looking into removing it if no > one is really using it. It has its applications but I don't believe Red > Hat is using it at this time. -ENOPARSE -- James Antill <james@xxxxxxxxxxxxxxxxx> Fedora -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
