[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)
From: |
Russell Coker |
Subject: |
Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?) |
Date: |
Sat, 31 Mar 2007 01:16:07 +1100 |
User-agent: |
KMail/1.9.5 |
On Friday 30 March 2007 23:13, Jim Meyering <address@hidden> wrote:
> What did you think of the proposal (in the link above) for
>
> fscon CTX mkdir /new/directory
>
> IMHO, it's not so much less "user friendly" than this equivalent:
>
> mkdir -C CTX /new/directory
How about:
umask whatever ; mkdir /new/directory
Instead of mkdir -m whatever /new/directory?
> > I think that all programs which set the uid and gid of a file should also
> > be able to set the SE Linux context.
> >
> > It also seems reasonable that a program which can create a file with
> > particular permissions should also be permitted to create it with a
> > particular context.
>
> I was hoping for feedback on whether the proposed alternative (using
> fscon and maybe runcon proxies) looked viable from a usability standpoint.
Firstly there is the issue that fscon needs kernel changes to implement, then
there is the issue that inheriting fscon can potentially give undesired
results if privileged programs such as /bin/passwd forget to unset it, so
therefore we need a policy method to control whether such inheriting of the
fscon is permitted.
Adding an option to utilities is by far the easiest option.
--
address@hidden
http://etbe.blogspot.com/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
- SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Pádraig Brady, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Russell Coker, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?),
Russell Coker <=
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Andreas Schwab, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Karl MacMillan, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Jim Meyering, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Karl MacMillan, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Daniel J Walsh, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Christopher J. PeBenito, 2007/03/30
- Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?), Karl MacMillan, 2007/03/30