-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/30/2012 11:11 AM, Stephen Smalley wrote: > On Sun, 2012-01-29 at 00:01 +1100, Russell Coker wrote: >> http://www.youtube.com/watch?v=ZThVfm3JXdM >> >> A few years ago Paul Wayper gave an excellent introductory >> lecture about SE Linux (see the above URL). He notes that he >> habitually uses -R for restorecon every time. >> >> It seems to me that the case where -R is not desired will be >> extremely rare. It seems most uncommon that someone will have a >> directory with the wrong label, a subdirectory tree that is >> either too big to scan quickly (and which is known to have the >> correct labels) or which has labels which by design don't match >> the file contexts. >> >> Therefore I think we should make the common case be the default >> and require that anyone who doesn't want that functionality >> specifically request it. chcon uses the -h flag for changing the >> context of a sym-link instead of the target, that might be a >> reasonable option to use for consistency. > > Seems like it might prove surprising to users, both given the > prior default behavior of restorecon and the default behaviors of > similar Unix commands like chown/chmod. I don't think we > can/should change it. > I agree, we should not change it. If a user wants to change the default he can easily add alias restorecon='restorecon -R' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8m4jwACgkQrlYvE4MpobNnBACeK+GjXZMR8uiHfenHSfoq5rRZ ONAAoKdkgR7Px7mvPwmiOrmK0W4R98DB =6p5K -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
