Bug 167613
Summary: | warning: security context not preserved | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ralf Corsepius <rc040203> | ||||
Component: | coreutils | Assignee: | Tim Waugh <twaugh> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4 | CC: | dwalsh | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 5.2.1-49 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2005-09-07 11:19:49 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Ralf Corsepius
2005-09-06 10:08:08 UTC
Please show the output of 'strace mv /users/columbo/xyz .'. Created attachment 118494 [details]
strace mv /users/columbo/xyz /tmp/xyz 2> pr167613.strace
In this case, /users/columbo is nfs-mounted on a remote machine, /tmp/xyz is
local.
On the remote machine:
# ls -lZ xyz
-rw-r--r-- columbo users user_u:object_r:user_home_t xyz
On the local machine:
# ls -lZ /users/columbo/xyz
-rw-r--r-- columbo users
/users/columbo/xyz
After the move, on the local machine:
# ls -lZ /tmp/xyz
-rw-r--r-- columbo users user_u:object_r:tmp_t /tmp/xyz
The warning is correct. NFS doesn't support that. (In reply to comment #3) > The warning is correct. NFS doesn't support that. Well, advertising SELinux as "server enhancement" and then not supporting NFS mounts disqualifies SELinux from being "ready for production server use", IMO. The warning is just saying that the file context on the NFS server (if there is one) cannot be copied onto the local file. This is not an SELinux limitation but an NFS limitation, as I understand it. (In reply to comment #5) > This is not an SELinux limitation but an NFS limitation, as I understand it. It actually doesn't matter who's to blame. The question is: Has this warning to be taken seriously and does this warning indicate any real functional problems? If not, this warning must be removed, because it interferes with user expectations. If yes, this means SELinux is not ready for production use, because it's design does not harmonize with NFS. As NFS is one of the most important feature of *nix systems, I feel justified in naming SELinux "Broken design". Dan, what do you think? Should we warn in this instance? In rawhide we have this comment :^) So I guess we can say it is an SELinux/coreutils bug. revision 1.14 date: 2005/05/31 20:52:29; author: dwalsh; state: Exp; lines: +31 -33 * Tue May 31 2005 Dan Walsh <dwalsh> 5.2.1-49 - Eliminate bogus "can not preserve context" message when moving files. ---------------------------- |