[Pkg-shadow-devel] packaging next 4.1.3

Peter Vrabec pvrabec at redhat.com
Wed Apr 15 12:21:48 UTC 2009 

I think the intention was to SET the context of each copied file, because 
selinux file context is not copied.

see 
#ls -aZ  /etc/skel
-rw-r--r--  root root system_u:object_r:etc_t:s0       .bash_logout
-rw-r--r--  root root system_u:object_r:etc_t:s0       .bash_profile
-rw-r--r--  root root system_u:object_r:etc_t:s0       .bashrc
-rw-r--r--  root root system_u:object_r:etc_t:s0       .zshrc
drwxr-xr-x  root root unconfined_u:object_r:etc_t:s0   public_html

#ls -aZ /home/test
-rw-r--r--  test test system_u:object_r:user_home_t:s0 .bash_logout
-rw-r--r--  test test system_u:object_r:user_home_t:s0 .bash_profile
-rw-r--r--  test test system_u:object_r:user_home_t:s0 .bashrc
-rw-r--r--  test test system_u:object_r:user_home_t:s0 .zshrc
drwxr-xr-x  test test system_u:object_r:httpd_user_content_t:s0 public_html

btw. I'm sending a selinux patch, some things we messed up :(
1. useradd - we always have to call semanage in case the selinux is turned off
2. userdel - wrong position of selinux code, I shouldn't trust 'patch' fuzzy 
so much :(


On Wednesday 15 April 2009 02:20:43 am Nicolas François wrote:
> > I would say that we can call selinux_file_context() from copy_tree().
>
> There's still some points I do not get.
>
> selinux_file_context(<path>) set the default context to the context of
> <path>.
>
> in copy_tree() (in the sub copy*), selinux_file_context is called with the
> destination path. The destination should not exist, so this should use the
> default context of the system for this path.
> (Note regarding the above question: The context may depend on the
> path, so the selinux_file_context has to be called in each copy_*()
> function)
>
> It's not clear to me if copy_tree should reset the context of each file of
> the copied tree to the default context of the system (for this path), or
> if the context of each file should be copied.
>
> My guess would have been for the second, but the first one is implemented.
>
> Best Regards,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow-4.1.3-selinux.patch
Type: text/x-diff
Size: 1476 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20090415/19c69bbe/attachment.patch>

More information about the Pkg-shadow-devel mailing list