Once upon a time, Les Mikesell <lesmikesell@xxxxxxxxx> said: > What about cp -a and rsync -a? I expect either of these to give me a > working system. cp -a copies SELinux context and ACLs currently. It does not appear to copy arbitrary extended attributes though, so I doubt it will pick up capabilities. rsync -a doesn't copy SELinux context or ACLs, so you've already lost there. Adding -A copies ACLs and -X copies extended attributes (but not security or system attributes, so still no SELinux and probably no capabilities). Of course, tar requires --xattrs to pick up extended attributes, so requiring an extra option already appears to be "standard" (although I don't see an option for cp to pick up arbitrary extended attributes). If my suggestion of having capabilities supersede and disable setuid and setgid bits (so the bits are still set as well) is workable and implemented (I have no idea of the code for that, so it may not be something the kernel guys want), you wouldn't break anything if you copied and didn't get the extended attributes. You'd lose the added security of capabilities, but setuid/setgid would still take effect and programs would still work. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
