[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Make mv work better with SELinux.
|
From: |
Daniel J Walsh |
|
Subject: |
Re: Make mv work better with SELinux. |
|
Date: |
Wed, 04 Dec 2013 12:49:23 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/04/2013 11:11 AM, Pádraig Brady wrote:
> Before I pull the trigger on this release, I'd like to confirm a change you
> did.
>
> You changed `cp --context=CTX` to _not fail_ if selinux is disabled. I'm
> thinking that if the old behavior of giving a specific context is not
> supported, then we should fail?
I have no problem if this fails, since the user was so explicit. My real goal
is to allow people to put commands in init scripts and install post install
scripts or any other scripts that do not need to check if SELinux is enabled.
cp -Z foobar /etc
Should always work.
>
> Also I'm wondering about the -Z case with selinux disabled. I.E. would
> defaultcon() and/or restorecon() support setting file contexts even if
> selinux is currently disabled? I.E. should we attempt those even if selinux
> is disabled, but suppress any associated warnings/errors?
>
> thanks, Pádraig.
>
When a machine comes back from being disabled it will require a full relabel
to work properly whether or not these commands work. Theoretically restorecon
should work, but defaultcon will not.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlKfayMACgkQrlYvE4MpobPmrgCeLcNPtY5/cRNaiCtBN6ZxpZXE
l1sAn0vJW2cBm7IKrquC9T7WkwncQxIC
=GmkQ
-----END PGP SIGNATURE-----