** Description changed: Binary package hint: coreutils Attempting to demonstrate the power of selinux I tried the following demo (works in RHEL): [EMAIL PROTECTED]:/var/www# ls -lZ /etc/shadow -rw-r-----+ 1 root shadow system_u:object_r:shadow_t 1193 2008-03-17 17:55 /etc/shadow [EMAIL PROTECTED]:/var/www# cp -a /etc/shadow . [EMAIL PROTECTED]:/var/www# ls -lZ shadow -rw-r-----+ 1 root shadow unconfined_u:object_r:var_t 1193 2008-03-17 17:55 shadow As you can observe, while the cp -a (cp -p obviously is no different) preserves ownership and permissions, the selinux context is not preserved. This has been flagged as a potential security risk because, as you can see, selinux becomes quite useless if contexts can't be preserved while copying things around. Note: the "mv" command preserves the selinux context as expected. + More info: + [EMAIL PROTECTED]:/var/www# cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=8.04 DISTRIB_CODENAME=hardy DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)" [EMAIL PROTECTED]:/var/www# apt-cache policy coreutils coreutils: Installed: 6.10-3ubuntu1 Candidate: 6.10-3ubuntu1 Version table: *** 6.10-3ubuntu1 0 500 http://us.archive.ubuntu.com hardy/main Packages 100 /var/lib/dpkg/status
-- "cp" command doesn't preserve selinux context https://bugs.launchpad.net/bugs/203433 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs