Re: cp -Z in Fedora 12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 08, 2009 at 01:27:34PM -0500, Michael Madore wrote:
> Hi,
> 
> I have been reading through the Fedora 12 selinux documentation:
> 
> http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/
> 
> In section 5.10.1 (Copying Files and Directories), the following
> example is used to demonstrate changing the context of a file when
> copying:
> 
> $ touch file1
> $ cp -Z system_u:object_r:samba_share_t:s0 file1 file2
> $ ls -Z file1 file2
> -rw-rw-r--  user1 group1 unconfined_u:object_r:user_home_t:s0 file1
> -rw-rw-r--  user1 group1 system_u:object_r:samba_share_t:s0 file2
> 
> However, when I try this on my Fedora 12 system i get the following:
> 
> ls -Z file1 file2
> -rw-rw-r--. mmadore mmadore unconfined_u:object_r:user_home_t:s0 file1
> -rw-rw-r--. mmadore mmadore unconfined_u:object_r:user_home_t:s0 file2
> 
> On CentOS 5.4 and Fedora 11, I see the documented behaviour.  Is this
> a bug, or am I doing something wrong?

I think this is due to restorecond -u running in f12. Restorecond -u checks files in the home directory of a user and resets any files context that does not match the system wide context specification.

[root@localhost Desktop]# cd /
[root@localhost /]# touch file1
[root@localhost /]# cp -Z system_u:object_r:samba_share_t:s0 file1 file2
[root@localhost /]# ls -Z file1 file2
-rw-r--r--. root root staff_u:object_r:etc_runtime_t:s0 file1
-rw-r--r--. root root system_u:object_r:samba_share_t:s0 file2

so the file does actually gets copied with the specified context, but restorecond -u immeditiatly notices a file with a "wrong" context in your home dir and resets it to the default context specified for files in your home dir.

It should work if you try it in runlevel 3 or if you try like my example above in a location other then $home.



> 
> Thanks
> 
> Mike Madore
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Attachment: pgp9khPw0tC5d.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux