Description of problem: There are several inconsistencies between documentation and behavior of cp command regarding security context preservation. Version-Release number of selected component (if applicable): coreutils-6.9-17.fc8 cp-ing /etc/shadow with respective options give these results: system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-dpPR system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-p system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow--preserve system_u:object_r:shadow_t:s0 /tmp/shadow--preserve=all system_u:object_r:shadow_t:s0 /tmp/shadow--preserve=context system_u:object_r:shadow_t:s0 /tmp/shadow-a man page and --help says option -a is the same as -dpPR but it preserves security context too (should there be -cdpPR?) man page --preserve option description says: preserve the specified attributes (default: mode,ownership,timestamps) AND security contexts, if possible additional attributes: links, all which sounds like security contexts are preserved too (but they are not) moreover "if possible attributes" condition is somewhat confusing... and context attribute is not mentioned at all --- i suggest using something like this: preserve the specified attributes and security contexts, if possible (default: mode,ownership,timestamps) additional attributes: context, links, all option -c is missing in the man page completely...
Thanks for report Petr, could be easily duplicate of #197064 - as there are more things to complete in SELinux documentation of coreutils. But it is more specific, so I will keep it opened until it will get fixed(hopefully in next rawhide coreutils build).
Most of things fixed in rawhide coreutils-6.10-18.fc9, unfortunately such changes causes troubles with translations. Therefore the part with --preserve was not used yet, will propose some changes to upstream later - so it could be fixed by documentation project afterwards.
And additionally, there is a bit difference between --preserve=context , -c, --preserve=all - those are trying to store security context - and when it is not possible, it will cause failure(you could check this easily by check on NFS mount which can't store contexts. Option -a will not cause the failure if storing context is not possible. Anyway, this is undocumented (and intentional) behaviour, so I think the addition of -c to -a set documentation is ok. In the version for upstream it would be better to mention it.
coreutils-6.9-18.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Closing CURRENTRELEASE ... it looks like automatic closing bot is lazy to do that. Fixed in coreutils-6.9-18.fc8.