Bug 440056 - cp preserve security context documentation inconsistencies
cp preserve security context documentation inconsistencies
Product: Fedora
Classification: Fedora
Component: coreutils (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Ondrej Vasik
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-04-01 11:17 EDT by Petr Šplíchal
Modified: 2016-05-31 21:36 EDT (History)
2 users (show)

See Also:
Fixed In Version: coreutils-6.9-18.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-08-19 07:51:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Petr Šplíchal 2008-04-01 11:17:28 EDT
Description of problem:

There are several inconsistencies between documentation and behavior of cp
command regarding security context preservation.

Version-Release number of selected component (if applicable):

cp-ing /etc/shadow with respective options give these results:

system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-dpPR
system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow-p
system_u:object_r:unconfined_tmp_t:s0 /tmp/shadow--preserve 
system_u:object_r:shadow_t:s0    /tmp/shadow--preserve=all
system_u:object_r:shadow_t:s0    /tmp/shadow--preserve=context
system_u:object_r:shadow_t:s0    /tmp/shadow-a

man page and --help says option -a is the same as -dpPR
but it preserves security context too (should there be -cdpPR?)

man page --preserve option description says:

   preserve  the  specified  attributes  (default:  mode,ownership,timestamps)
   AND security contexts, if possible additional attributes: links, all

which sounds like security contexts are preserved too (but they are not)
moreover "if possible attributes" condition is somewhat confusing... and context
attribute is not mentioned at all --- i suggest using something like this:

   preserve  the  specified  attributes and security contexts, if possible
   (default: mode,ownership,timestamps)
   additional attributes: context, links, all
option -c is missing in the man page completely...
Comment 1 Ondrej Vasik 2008-04-01 15:13:05 EDT
Thanks for report Petr,
could be easily duplicate of #197064 - as there are more things to complete in
SELinux documentation of coreutils. But it is more specific, so I will keep it
opened until it will get fixed(hopefully in next rawhide coreutils build). 
Comment 2 Ondrej Vasik 2008-04-07 16:37:44 EDT
Most of things fixed in rawhide coreutils-6.10-18.fc9, unfortunately such
changes causes troubles with translations. Therefore the part with --preserve
was not used yet, will propose some changes to upstream later - so it could be
fixed by documentation project afterwards.
Comment 3 Ondrej Vasik 2008-04-10 02:04:10 EDT
And additionally, there is a bit difference between --preserve=context , -c,
--preserve=all - those are trying to store security context - and when it is not
possible, it will cause failure(you could check this easily by check on NFS
mount which can't store contexts. Option -a will not cause the failure if
storing context is not possible. Anyway, this is undocumented (and intentional)
behaviour, so I think the addition of -c to -a set documentation is ok. In the
version for upstream it would be better to mention it. 
Comment 4 Fedora Update System 2008-08-12 14:23:30 EDT
coreutils-6.9-18.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Ondrej Vasik 2008-08-19 07:51:18 EDT
Closing CURRENTRELEASE ... it looks like automatic closing bot is lazy to do that. Fixed in coreutils-6.9-18.fc8.

Note You need to log in before you can comment on or make changes to this bug.