Bug 440056 - cp preserve security context documentation inconsistencies
Summary: cp preserve security context documentation inconsistencies
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: coreutils
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Ondrej Vasik
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-01 15:17 UTC by Petr Šplíchal
Modified: 2016-06-01 01:36 UTC (History)
2 users (show)

Fixed In Version: coreutils-6.9-18.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-08-19 11:51:18 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Petr Šplíchal 2008-04-01 15:17:28 UTC
Description of problem:

There are several inconsistencies between documentation and behavior of cp
command regarding security context preservation.

Version-Release number of selected component (if applicable):
coreutils-6.9-17.fc8

cp-ing /etc/shadow with respective options give these results:

system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-dpPR
system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-p
system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow--preserve 
system_u:object_r:shadow_t:s0    /tmp/shadow--preserve=all
system_u:object_r:shadow_t:s0    /tmp/shadow--preserve=context
system_u:object_r:shadow_t:s0    /tmp/shadow-a

man page and --help says option -a is the same as -dpPR
but it preserves security context too (should there be -cdpPR?)

man page --preserve option description says:

   preserve  the  specified  attributes  (default:  mode,ownership,timestamps)
   AND security contexts, if possible additional attributes: links, all

which sounds like security contexts are preserved too (but they are not)
moreover "if possible attributes" condition is somewhat confusing... and context
attribute is not mentioned at all --- i suggest using something like this:

   preserve  the  specified  attributes and security contexts, if possible
   (default: mode,ownership,timestamps)
   additional attributes: context, links, all
   
option -c is missing in the man page completely...

Comment 1 Ondrej Vasik 2008-04-01 19:13:05 UTC
Thanks for report Petr,
could be easily duplicate of #197064 - as there are more things to complete in
SELinux documentation of coreutils. But it is more specific, so I will keep it
opened until it will get fixed(hopefully in next rawhide coreutils build). 

Comment 2 Ondrej Vasik 2008-04-07 20:37:44 UTC
Most of things fixed in rawhide coreutils-6.10-18.fc9, unfortunately such
changes causes troubles with translations. Therefore the part with --preserve
was not used yet, will propose some changes to upstream later - so it could be
fixed by documentation project afterwards.

Comment 3 Ondrej Vasik 2008-04-10 06:04:10 UTC
And additionally, there is a bit difference between --preserve=context , -c,
--preserve=all - those are trying to store security context - and when it is not
possible, it will cause failure(you could check this easily by check on NFS
mount which can't store contexts. Option -a will not cause the failure if
storing context is not possible. Anyway, this is undocumented (and intentional)
behaviour, so I think the addition of -c to -a set documentation is ok. In the
version for upstream it would be better to mention it. 

Comment 4 Fedora Update System 2008-08-12 18:23:30 UTC
coreutils-6.9-18.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Ondrej Vasik 2008-08-19 11:51:18 UTC
Closing CURRENTRELEASE ... it looks like automatic closing bot is lazy to do that. Fixed in coreutils-6.9-18.fc8.


Note You need to log in before you can comment on or make changes to this bug.