Red Hat Bugzilla – Full Text Bug Listing
|Summary:||cp preserve security context documentation inconsistencies|
|Product:||[Fedora] Fedora||Reporter:||Petr Šplíchal <psplicha>|
|Component:||coreutils||Assignee:||Ondrej Vasik <ovasik>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||coreutils-6.9-18.fc8||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-08-19 07:51:18 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Petr Šplíchal 2008-04-01 11:17:28 EDT
Description of problem: There are several inconsistencies between documentation and behavior of cp command regarding security context preservation. Version-Release number of selected component (if applicable): coreutils-6.9-17.fc8 cp-ing /etc/shadow with respective options give these results: system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-dpPR system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-p system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow--preserve system_u:object_r:shadow_t:s0 /tmp/shadow--preserve=all system_u:object_r:shadow_t:s0 /tmp/shadow--preserve=context system_u:object_r:shadow_t:s0 /tmp/shadow-a man page and --help says option -a is the same as -dpPR but it preserves security context too (should there be -cdpPR?) man page --preserve option description says: preserve the specified attributes (default: mode,ownership,timestamps) AND security contexts, if possible additional attributes: links, all which sounds like security contexts are preserved too (but they are not) moreover "if possible attributes" condition is somewhat confusing... and context attribute is not mentioned at all --- i suggest using something like this: preserve the specified attributes and security contexts, if possible (default: mode,ownership,timestamps) additional attributes: context, links, all option -c is missing in the man page completely...
Comment 1 Ondrej Vasik 2008-04-01 15:13:05 EDT
Thanks for report Petr, could be easily duplicate of #197064 - as there are more things to complete in SELinux documentation of coreutils. But it is more specific, so I will keep it opened until it will get fixed(hopefully in next rawhide coreutils build).
Comment 2 Ondrej Vasik 2008-04-07 16:37:44 EDT
Most of things fixed in rawhide coreutils-6.10-18.fc9, unfortunately such changes causes troubles with translations. Therefore the part with --preserve was not used yet, will propose some changes to upstream later - so it could be fixed by documentation project afterwards.
Comment 3 Ondrej Vasik 2008-04-10 02:04:10 EDT
And additionally, there is a bit difference between --preserve=context , -c, --preserve=all - those are trying to store security context - and when it is not possible, it will cause failure(you could check this easily by check on NFS mount which can't store contexts. Option -a will not cause the failure if storing context is not possible. Anyway, this is undocumented (and intentional) behaviour, so I think the addition of -c to -a set documentation is ok. In the version for upstream it would be better to mention it.
Comment 4 Fedora Update System 2008-08-12 14:23:30 EDT
coreutils-6.9-18.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Ondrej Vasik 2008-08-19 07:51:18 EDT
Closing CURRENTRELEASE ... it looks like automatic closing bot is lazy to do that. Fixed in coreutils-6.9-18.fc8.