[fmac-discuss] FMAC support needed in file system?

Darren J Moffat Darren.Moffat at Sun.COM
Tue Jul 29 05:48:56 PDT 2008 

Stephen Smalley wrote:
> GNU coreutils has incorporated SELinux support with the following
> behavior:
> - "cp -a" will try to preserve context but failure to do so does not
> change its exit status, so it falls back to just preserving other
> attributes if not allowed to preserve security contexts.
> - "cp --preserve=context" is similar but will fail with a nonzero status
> if it cannot preserve the context.

The OpenSolaris cp has:

      -@    Preserves extended attributes. cp attempts to copy all
            of  the  source  file's extended attributes along with
            the file data to the destination file.


      -/    Preserves  extended  attributes  and  extended  system
            attributes. Along with the file's data, the cp utility
            attempts to copy extended attributes and extended sys-
            tem  attributes  from  each  source file, and extended
            system attributes associated with extended  attributes
            to  the  destination  file.  If  cp  is unable to copy
            extended attributes  or  extended  system  attributes,
            then  a  diagnostic  message  is written to stderr and
            (after processing any remaining operands) exits with a
            non-zero exit status.

Note also:

   /usr/bin/cp
      If the -p option is specified with either the -@  option  or
      the -/ option, /usr/bin/cp behaves as follows

          o    When both -p and -@ are specified in any order, the
               copy fails if extended attributes cannot be copied.

          o    When both -p and -/ are specified in any order, the
               copy  fails if extended system attributes cannot be
               copied.

   /usr/xpg4/bin/cp
      If the -p option is specified with either the -@  option  or
      the -/ option, /usr/xpg4/bin/cp behaves as follows:

          o    When both -p and -@ are specified, the last  option
               specified  determines  whether  the  copy  fails if
               extended attributes cannot be preserved.

          o    When both -p and -/ are specified, the last  option
               specified  determines  whether  the  copy  fails if
               extended system attributes cannot be preserved.

Other utilities (cpio,tar,pax,..) have a -/ and -@ flag as well.


-- 
Darren J Moffat

More information about the fmac-discuss mailing list