Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)

From:	Russell Coker
Subject:	Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)
Date:	Sat, 31 Mar 2007 01:16:07 +1100
User-agent:	KMail/1.9.5

On Friday 30 March 2007 23:13, Jim Meyering <address@hidden> wrote:
> What did you think of the proposal (in the link above) for
>
>     fscon CTX mkdir /new/directory
>
> IMHO, it's not so much less "user friendly" than this equivalent:
>
>     mkdir -C CTX /new/directory

How about:
umask whatever ; mkdir /new/directory

Instead of mkdir -m whatever /new/directory?

> > I think that all programs which set the uid and gid of a file should also
> > be able to set the SE Linux context.
> >
> > It also seems reasonable that a program which can create a file with
> > particular permissions should also be permitted to create it with a
> > particular context.
>
> I was hoping for feedback on whether the proposed alternative (using
> fscon and maybe runcon proxies) looked viable from a usability standpoint.

Firstly there is the issue that fscon needs kernel changes to implement, then 
there is the issue that inheriting fscon can potentially give undesired 
results if privileged programs such as /bin/passwd forget to unset it, so 
therefore we need a policy method to control whether such inheriting of the 
fscon is permitted.

Adding an option to utilities is by far the easiest option.

-- 
address@hidden
http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

[Prev in Thread]

Current Thread

[Next in Thread]

SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Pádraig Brady, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Russell Coker, 2007/03/30
  - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Russell Coker <=
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Andreas Schwab, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Karl MacMillan, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Karl MacMillan, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Daniel J Walsh, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Christopher J. PeBenito, 2007/03/30
    - Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Karl MacMillan, 2007/03/30

Prev by Date: Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)
Next by Date: Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)
Previous by thread: Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)
Next by thread: Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)
Index(es):
- Date
- Thread