All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stephen Smalley <sds@tycho.nsa.gov>
To: russell@coker.com.au
Cc: SE-Linux <selinux@tycho.nsa.gov>
Subject: Re: install
Date: Thu, 18 Aug 2011 09:40:24 -0400	[thread overview]
Message-ID: <1313674824.21331.21.camel@moss-pluto> (raw)
In-Reply-To: <201108182259.58177.russell@coker.com.au>

On Thu, 2011-08-18 at 22:59 +1000, Russell Coker wrote:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638304
> 
> I've reported a bug against coreutils regarding the SE Linux support in 
> install(1).  In summary my main problem is that there is no way of using 
> install to copy a file without bothering with it's SE Linux context.  For 
> creating Debian packages (which can't store SE Linux contexts) I don't want to 
> set the context to some specific value (which would differ depending on who 
> builds it) and "preserving" the context won't always work either (EG I could 
> use install(1) to copy a file to which I have read-only access).
> 
> As well as this it's not documented well enough.

Looks like if you give it a relative path as the target, it won't try to
set the context, because it doesn't apply realpath(), unlike restorecon,
and matchpathcon() will always fail on a relative path as all of the
file_contexts pathname regexes begin with a slash.  Not sure if that was
intentional or not.

Anyway, how do you address the same issue for the package manager (dpkg
or rpm)?  Is there a way to suppress setting of the security context
when rpm or dpkg unpacks a package?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2011-08-18 13:40 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-18 12:59 install Russell Coker
2011-08-18 13:40 ` Stephen Smalley [this message]
2011-08-18 14:24   ` install Russell Coker
  -- strict thread matches above, loose matches on Subject: below --
2013-01-22  8:00 Install Raenan Guadez
2013-01-22 11:24 ` Install Julian Calaby
     [not found]   ` <CAOctcr9+k_9FBJ=bdbYmxEcrHkk8ihYAV20H+qtSmtk7Yv0f+w@mail.gmail.com>
2013-01-23 22:18     ` Install Julian Calaby
2006-10-25  1:41 Install Other Special

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1313674824.21331.21.camel@moss-pluto \
    --to=sds@tycho.nsa.gov \
    --cc=russell@coker.com.au \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.