Russell Coker wrote:
On Saturday 11 October 2008 15:15, Murray McAllister <mmcallis@xxxxxxxxxx>
wrote:
When files and directories are copied, the SELinux context of the new
file or directory depends on the context of the creating process, and
the context of the target, parent directory: the type is inherited from
the target, parent directory (unless a type transition rule exists[1]);
the SELinux user identity and level are inherited from the creating
process; and the role is always object_r, which is a generic role for
files. This helps ensure files and directories are labeled with the
correct SELinux context after being copied.
I'm not sure how the last sentence is supposed to link with the rest - it
certainly doesn't correspond to the second-last sentence.
object_r is for future support and also to give a regular format of the
context for all operations. Note that files under /proc that relate to
processes have different roles.
Also, when a file is copied over an existing file, the existing file's
context is maintained, unless the user specified cp options to preserve
the context of the original file, such as --preserve=context.
Also the -Z option to cp deserves a mention.
I started changing the examples to show cp, cp --preserve=context, and
cp -Z. I had problems with cp -Z on rawhide and fedora 9[1], so I will
leave that out for now.
Cheers.
[1] <https://bugzilla.redhat.com/show_bug.cgi?id=466653>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
