[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC: changing the "+" in ls -l output to be "." or "+"
From: |
Daniel J Walsh |
Subject: |
Re: RFC: changing the "+" in ls -l output to be "." or "+" |
Date: |
Fri, 31 Oct 2008 09:37:53 -0400 |
User-agent: |
Thunderbird 2.0.0.16 (X11/20080723) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jim Meyering wrote:
> Russell Coker <address@hidden> wrote:
>
>> On Saturday 25 October 2008 00:19, Mike Edenfield <address@hidden> wrote:
>>> Jim Meyering wrote:
>>>> A desire for compatibility makes "+" look good.
>>>> "." is appealing for SELinux-only because it's inconspicuous.
>>> Speaking as a fairly new SELinux user/admin, having a "."
>>> next to every file in my ls output is just as useful or
>>> non-useful as having a "+" next to them, so does it really
>>> buy anything? I end up needing -Z either way.
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590
>>
>> The above URL has the history of this discussion. I requested that there be
>> no such notification. I still believe that there should be nothing used in
>> the case of SE Linux (although I could be convinced that the "." is OK if
>> files with the context "system_u:object_r:file_t:s0" did not have it).
>>
>> But it seems that I have lost this debate. Using "." is better than "+", and
>> my request to have none of this in Lenny has been accepted so we have some
>> time to work on this before Lenny+1.
>>
>>> Based on the kind of real-world problems I've had, the most
>>> useful thing ls could tell me about a file on my SELinux
>>> system would be that it *should* have a label and *doesn't*,
>>> something like:
>>>
>>> if ( selinux_enabled )
>>> if ( label == NULL || label == fs.defaultlabel )
>>> use "!"
>>> else
>>> use " "
>>> else if ( anything else )
>>> use "+"
>> That sounds quite reasonable.
>
> Actually, I'm leaning your way, now, and agree.
>
> If you, Russell, write the patch (w/NEWS and docs would be really nice)
> I'll make the switch upstream pretty soon. It'd be nice to give the
> austin group a heads up, too, since this behavior would be contrary to
> POSIX. I don't think it's worth it to make this depend on the setting
> of the POSIXLY_CORRECT envvar.
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to address@hidden with
> the words "unsubscribe selinux" without quotes as the message.
If you really wanted to go wild, you could add a qualifier to check
matchpathcon to indicate it differs from the default for the file
system, although it would be very expensive. Perhaps find would be a
better source. "find" all files not matching the system defaults.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkLCjEACgkQrlYvE4MpobM3ywCfZtVW9cQE8hgLRVCHYqHKLfU1
cWgAn2/cx41bmoFguBEVJXGbUiqsryzH
=+qTw
-----END PGP SIGNATURE-----