bug-coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)


From: Jim Meyering
Subject: Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)
Date: Fri, 30 Mar 2007 15:13:03 +0200

Russell Coker <address@hidden> wrote:
> On Friday 30 March 2007 21:18, Jim Meyering <address@hidden> wrote:
>> Regarding the --context=C (-Z C) option that is now accepted by
>> mkdir, mknod, mkfifo, and install, I am inclined to
>
> Currently mkdir, mknod, and mkfifo support a -m option to set the mode.
> Install has options to also set the owner and group.

Hi Russell,

Thanks for the quick feedback.
As implied here,

    http://www.redhat.com/archives/fedora-list/2006-August/msg02264.html

I agree that one should be able to get the effect you want.  However,
adding a -Z option to each and every affected program is not the only way.

What did you think of the proposal (in the link above) for

    fscon CTX mkdir /new/directory

IMHO, it's not so much less "user friendly" than this equivalent:

    mkdir -C CTX /new/directory

I would prefer not to add new options in so many programs when a
less-invasive approach is possible.

> I think that all programs which set the uid and gid of a file should also be
> able to set the SE Linux context.
>
> It also seems reasonable that a program which can create a file with
> particular permissions should also be permitted to create it with a
> particular context.

I was hoping for feedback on whether the proposed alternative (using
fscon and maybe runcon proxies) looked viable from a usability standpoint.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]