FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-08-2009, 05:27 PM
Michael Madore
 
Default cp -Z in Fedora 12

Hi,

I have been reading through the Fedora 12 selinux documentation:

http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/

In section 5.10.1 (Copying Files and Directories), the following
example is used to demonstrate changing the context of a file when
copying:

$ touch file1
$ cp -Z system_ubject_r:samba_share_t:s0 file1 file2
$ ls -Z file1 file2
-rw-rw-r-- user1 group1 unconfined_ubject_r:user_home_t:s0 file1
-rw-rw-r-- user1 group1 system_ubject_r:samba_share_t:s0 file2

However, when I try this on my Fedora 12 system i get the following:

ls -Z file1 file2
-rw-rw-r--. mmadore mmadore unconfined_ubject_r:user_home_t:s0 file1
-rw-rw-r--. mmadore mmadore unconfined_ubject_r:user_home_t:s0 file2

On CentOS 5.4 and Fedora 11, I see the documented behaviour. Is this
a bug, or am I doing something wrong?

Thanks

Mike Madore

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-08-2009, 05:34 PM
Dominick Grift
 
Default cp -Z in Fedora 12

On Tue, Dec 08, 2009 at 01:27:34PM -0500, Michael Madore wrote:
> Hi,
>
> I have been reading through the Fedora 12 selinux documentation:
>
> http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/
>
> In section 5.10.1 (Copying Files and Directories), the following
> example is used to demonstrate changing the context of a file when
> copying:
>
> $ touch file1
> $ cp -Z system_ubject_r:samba_share_t:s0 file1 file2
> $ ls -Z file1 file2
> -rw-rw-r-- user1 group1 unconfined_ubject_r:user_home_t:s0 file1
> -rw-rw-r-- user1 group1 system_ubject_r:samba_share_t:s0 file2
>
> However, when I try this on my Fedora 12 system i get the following:
>
> ls -Z file1 file2
> -rw-rw-r--. mmadore mmadore unconfined_ubject_r:user_home_t:s0 file1
> -rw-rw-r--. mmadore mmadore unconfined_ubject_r:user_home_t:s0 file2
>
> On CentOS 5.4 and Fedora 11, I see the documented behaviour. Is this
> a bug, or am I doing something wrong?

I think this is due to restorecond -u running in f12. Restorecond -u checks files in the home directory of a user and resets any files context that does not match the system wide context specification.

[root@localhost Desktop]# cd /
[root@localhost /]# touch file1
[root@localhost /]# cp -Z system_ubject_r:samba_share_t:s0 file1 file2
[root@localhost /]# ls -Z file1 file2
-rw-r--r--. root root staff_ubject_r:etc_runtime_t:s0 file1
-rw-r--r--. root root system_ubject_r:samba_share_t:s0 file2

so the file does actually gets copied with the specified context, but restorecond -u immeditiatly notices a file with a "wrong" context in your home dir and resets it to the default context specified for files in your home dir.

It should work if you try it in runlevel 3 or if you try like my example above in a location other then $home.



>
> Thanks
>
> Mike Madore
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-08-2009, 05:37 PM
Dominick Grift
 
Default cp -Z in Fedora 12

On Tue, Dec 08, 2009 at 01:27:34PM -0500, Michael Madore wrote:
> Hi,
>
> I have been reading through the Fedora 12 selinux documentation:
>
> http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/
>
> In section 5.10.1 (Copying Files and Directories), the following
> example is used to demonstrate changing the context of a file when
> copying:
>
> $ touch file1
> $ cp -Z system_ubject_r:samba_share_t:s0 file1 file2
> $ ls -Z file1 file2
> -rw-rw-r-- user1 group1 unconfined_ubject_r:user_home_t:s0 file1
> -rw-rw-r-- user1 group1 system_ubject_r:samba_share_t:s0 file2
>
> However, when I try this on my Fedora 12 system i get the following:
>
> ls -Z file1 file2
> -rw-rw-r--. mmadore mmadore unconfined_ubject_r:user_home_t:s0 file1
> -rw-rw-r--. mmadore mmadore unconfined_ubject_r:user_home_t:s0 file2
>
> On CentOS 5.4 and Fedora 11, I see the documented behaviour. Is this
> a bug, or am I doing something wrong?

We should probably make a note about restorecond -u in Fedora 12 and/or edit the example to reflect the side effect of restorecond -u. It can be very confusing at times...
>
> Thanks
>
> Mike Madore
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org