On Friday 30 March 2007 23:13, Jim Meyering <[EMAIL PROTECTED]> wrote:
> What did you think of the proposal (in the link above) for
>
>     fscon CTX mkdir /new/directory
>
> IMHO, it's not so much less "user friendly" than this equivalent:
>
>     mkdir -C CTX /new/directory

How about:
umask whatever ; mkdir /new/directory

Instead of mkdir -m whatever /new/directory?

> > I think that all programs which set the uid and gid of a file should also
> > be able to set the SE Linux context.
> >
> > It also seems reasonable that a program which can create a file with
> > particular permissions should also be permitted to create it with a
> > particular context.
>
> I was hoping for feedback on whether the proposed alternative (using
> fscon and maybe runcon proxies) looked viable from a usability standpoint.

Firstly there is the issue that fscon needs kernel changes to implement, then 
there is the issue that inheriting fscon can potentially give undesired 
results if privileged programs such as /bin/passwd forget to unset it, so 
therefore we need a policy method to control whether such inheriting of the 
fscon is permitted.

Adding an option to utilities is by far the easiest option.

-- 
[EMAIL PROTECTED]
http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development


_______________________________________________
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils

Reply via email to