cp -Z in Fedora 12

Dominick Grift domg472 at gmail.com
Tue Dec 8 18:34:51 UTC 2009 

On Tue, Dec 08, 2009 at 01:27:34PM -0500, Michael Madore wrote:
> Hi,
> 
> I have been reading through the Fedora 12 selinux documentation:
> 
> http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/
> 
> In section 5.10.1 (Copying Files and Directories), the following
> example is used to demonstrate changing the context of a file when
> copying:
> 
> $ touch file1
> $ cp -Z system_u:object_r:samba_share_t:s0 file1 file2
> $ ls -Z file1 file2
> -rw-rw-r--  user1 group1 unconfined_u:object_r:user_home_t:s0 file1
> -rw-rw-r--  user1 group1 system_u:object_r:samba_share_t:s0 file2
> 
> However, when I try this on my Fedora 12 system i get the following:
> 
> ls -Z file1 file2
> -rw-rw-r--. mmadore mmadore unconfined_u:object_r:user_home_t:s0 file1
> -rw-rw-r--. mmadore mmadore unconfined_u:object_r:user_home_t:s0 file2
> 
> On CentOS 5.4 and Fedora 11, I see the documented behaviour.  Is this
> a bug, or am I doing something wrong?

I think this is due to restorecond -u running in f12. Restorecond -u checks files in the home directory of a user and resets any files context that does not match the system wide context specification.

[root at localhost Desktop]# cd /
[root at localhost /]# touch file1
[root at localhost /]# cp -Z system_u:object_r:samba_share_t:s0 file1 file2
[root at localhost /]# ls -Z file1 file2
-rw-r--r--. root root staff_u:object_r:etc_runtime_t:s0 file1
-rw-r--r--. root root system_u:object_r:samba_share_t:s0 file2

so the file does actually gets copied with the specified context, but restorecond -u immeditiatly notices a file with a "wrong" context in your home dir and resets it to the default context specified for files in your home dir.

It should work if you try it in runlevel 3 or if you try like my example above in a location other then $home.



> 
> Thanks
> 
> Mike Madore
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091208/29223f3f/attachment.sig>

More information about the fedora-selinux-list mailing list