Message378031
IMO the SELinux security attributes must not be copied (except when requested explicitly). Doing so will create badly labeled systems else. It would be better to use default transition rules and call optionally selinux_restorecon() then.
E.g. when copying selinux.* attributes, after "cp /tmp/foo /bin/" the resulting "/bin/foo" would have a "tmp_t" label (which is wrong).
Without copying attributes, it would be labeled as "bin_t" (which is more realistic).
When there are SELinux rules for "/bin/foo", it might be relabeled e.g. to "bin_foo_t" by the manual selinux_restorecon().
Ignoring errors silently will make operations very unpredictable. |
|
Date |
User |
Action |
Args |
2020-10-05 14:28:37 | ensc2 | set | recipients:
+ ensc2, christian.heimes, hynek, Leif Middelschulte |
2020-10-05 14:28:37 | ensc2 | set | messageid: <1601908117.07.0.758872035031.issue38893@roundup.psfhosted.org> |
2020-10-05 14:28:37 | ensc2 | link | issue38893 messages |
2020-10-05 14:28:36 | ensc2 | create | |
|