On Friday 30 March 2007 23:13, Jim Meyering <[EMAIL PROTECTED]> wrote: > What did you think of the proposal (in the link above) for > > fscon CTX mkdir /new/directory > > IMHO, it's not so much less "user friendly" than this equivalent: > > mkdir -C CTX /new/directory
How about: umask whatever ; mkdir /new/directory Instead of mkdir -m whatever /new/directory? > > I think that all programs which set the uid and gid of a file should also > > be able to set the SE Linux context. > > > > It also seems reasonable that a program which can create a file with > > particular permissions should also be permitted to create it with a > > particular context. > > I was hoping for feedback on whether the proposed alternative (using > fscon and maybe runcon proxies) looked viable from a usability standpoint. Firstly there is the issue that fscon needs kernel changes to implement, then there is the issue that inheriting fscon can potentially give undesired results if privileged programs such as /bin/passwd forget to unset it, so therefore we need a policy method to control whether such inheriting of the fscon is permitted. Adding an option to utilities is by far the easiest option. -- [EMAIL PROTECTED] http://etbe.blogspot.com/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development _______________________________________________ Bug-coreutils mailing list Bug-coreutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-coreutils
