Red Hat Bugzilla – Bug 440056
cp preserve security context documentation inconsistencies
Last modified: 2016-05-31 21:36:49 EDT
Description of problem:
There are several inconsistencies between documentation and behavior of cp
command regarding security context preservation.
Version-Release number of selected component (if applicable):
cp-ing /etc/shadow with respective options give these results:
man page and --help says option -a is the same as -dpPR
but it preserves security context too (should there be -cdpPR?)
man page --preserve option description says:
preserve the specified attributes (default: mode,ownership,timestamps)
AND security contexts, if possible additional attributes: links, all
which sounds like security contexts are preserved too (but they are not)
moreover "if possible attributes" condition is somewhat confusing... and context
attribute is not mentioned at all --- i suggest using something like this:
preserve the specified attributes and security contexts, if possible
additional attributes: context, links, all
option -c is missing in the man page completely...
Thanks for report Petr,
could be easily duplicate of #197064 - as there are more things to complete in
SELinux documentation of coreutils. But it is more specific, so I will keep it
opened until it will get fixed(hopefully in next rawhide coreutils build).
Most of things fixed in rawhide coreutils-6.10-18.fc9, unfortunately such
changes causes troubles with translations. Therefore the part with --preserve
was not used yet, will propose some changes to upstream later - so it could be
fixed by documentation project afterwards.
And additionally, there is a bit difference between --preserve=context , -c,
--preserve=all - those are trying to store security context - and when it is not
possible, it will cause failure(you could check this easily by check on NFS
mount which can't store contexts. Option -a will not cause the failure if
storing context is not possible. Anyway, this is undocumented (and intentional)
behaviour, so I think the addition of -c to -a set documentation is ok. In the
version for upstream it would be better to mention it.
coreutils-6.9-18.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Closing CURRENTRELEASE ... it looks like automatic closing bot is lazy to do that. Fixed in coreutils-6.9-18.fc8.