--- Russell Coker <russell@xxxxxxxxxxxx> wrote: > unstable0:~/coreutils-6.10# ls -l / > total 158 > drwxr-xr-x+ 2 root root 4096 2008-03-25 10:02 bin > drwxr-xr-x+ 6 root root 1024 2008-03-21 12:30 boot > drwxr-xr-x+ 16 root root 3700 2008-03-25 13:38 dev > drwxr-xr-x+ 80 root root 4096 2008-03-25 13:38 etc > drwxr-xr-x+ 3 root root 4096 2008-02-15 22:08 home > > In Debian/Unstable the output of "ls -l" is as above, the "+" indicates a SE > Linux security context The "+" indicates that there is additional security metadata associated with the file, it could be an ACL, timelock, or just about anything. This is in accordance with the POSIX P1003.2 specification for ls(1). > - which doesn't do much good when every file has one. Well, there is that. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590 > > The above URL has the Debian bug report with a patch. I honestly don't know if this should be considered a bug in ls. It is behaving as documented and if you've got MCS turned on the SELinux label is being used to make DAC decisions. The "+" is there to let you know that the mode bits don't tell the whole access control story, but as you say, it is pretty silly when every file has it. > If you wish to add additional comments then email sent to > 472590@xxxxxxxxxxxxxxx will be appended. > > -- > russell@xxxxxxxxxxxx > http://etbe.coker.com.au/ My Blog > > http://www.coker.com.au/sponsorship.html Sponsoring Free Software development > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > > > Casey Schaufler casey@xxxxxxxxxxxxxxxx -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
