|
From: | Paolo Bonzini |
Subject: | Re: copying selinux context |
Date: | Mon, 29 Jun 2009 00:49:07 +0200 |
User-agent: | Thunderbird 2.0.0.17 (X11/20081009) |
About the return value of getfilecon: Why do you ignore only the ENOSYS error and not also ENOTSUP and ENODATA?
I was copying what cp does.
If the context does not exist, or the process has no access to this attribute, errno is set to ENODATA. If extended attributes are not supported by the filesystem, or are dis- abled, errno is set to ENOTSUP.
For ENOTSUP, I think you're right (though in practice SELinux will be disabled in this case, so getfilecon will not be called; even NFS is a supported filesystem).
For ENODATA, SELinux in permissive mode will never return it while in enforcing mode it is correct to treat it as an error. (In permissive mode security violations are reported to the user, but only as warnings).
I can try tomorrow
I don't think so, because most of the time you want restrictive permissions until the file is complete.2) We should also have a module that creates a new, empty file with the security context (uid, gid, mode, ACL and selinux context) of a given file.Why? Is a portion of a file more sensitive than the entire file's contents?
Yes, for example "rm -rf /" is more sensitive than "rm -rf /tmp/blah". Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |