Debian Bug report logs - #638304
install: The selinux options are confusing and not all useful cases are covered

version graph

Package: coreutils; Maintainer for coreutils is Michael Stone <mstone@debian.org>; Source for coreutils is src:coreutils.

Reported by: Russell Coker <russell@coker.com.au>

Date: Thu, 18 Aug 2011 12:33:02 UTC

Severity: normal

Found in version coreutils/8.5-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Michael Stone <mstone@debian.org>:
Bug#638304; Package coreutils. (Thu, 18 Aug 2011 12:33:30 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Michael Stone <mstone@debian.org>. (Thu, 18 Aug 2011 12:34:53 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: install: The selinux options are confusing and not all useful cases are covered
Date: Thu, 18 Aug 2011 22:13:21 +1000
Package: coreutils
Version: 8.5-1
Severity: normal

If you use install(1) to put a file in a setgid directory then it will end up
with the GID specified by the directory permissions and no warning will be
given.

If you run install as non-root and the source is owned by a different user
then the result will be a file owned by your account and no warning will be
given.

If you run install on a SE Linux system and the target directory has a file
context other than "<<None>>" specified (which means pretty much any directory
on a regular filesystem other than /tmp, /var/tmp, and /media) then by default
it will try to label the file according to the file contexts specified in
SE Linux policy.  If this relabelling attempt fails then a warning will be
displayed.

>From reading the source it seems that there are two options for preventing
this, one is the -Z option to explicitely specify the context.  This doesn't
work in automated environments (such as debian/rules) as you won't know what
will be a valid context - and in any case the ability to build on a non-SE
system is desirable.  The other is the --preserve-context option.  This aims
to make the context on the destination file the same as the source, but of
course this doesn't work if the source has a context that you can't write -
a trivial example of this is "install --preserve-context /etc/passwd /tmp/foo".

What is needed is an option to install without doing anything special with
the SE Linux context.  This will be good for debian/rules (as Debian packages
contain no information on SE Linux contexts) and for lots of other things.

Also if the default is to remain looking up the file contexts database and
matching the file name then this needs to be documented in the man page.

-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (700, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages coreutils depends on:
ii  libacl1                       2.2.49-4   Access control list shared library
ii  libattr1                      1:2.4.44-2 Extended attribute shared library
ii  libc6                         2.11.2-10  Embedded GNU C Library: Shared lib
ii  libselinux1                   2.0.96-1   SELinux runtime shared libraries

coreutils recommends no packages.

coreutils suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Michael Stone <mstone@debian.org>:
Bug#638304; Package coreutils. (Mon, 31 Oct 2011 06:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Michael Stone <mstone@debian.org>. (Mon, 31 Oct 2011 06:45:03 GMT) Full text and rfc822 format available.

Message #10 received at 638304@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: 638304@bugs.debian.org
Subject: directories
Date: Mon, 31 Oct 2011 17:34:40 +1100
Also in regard to this bug when you use "install -d" to create a directory it 
doesn't apply a file context.  No matter what we end up doing I think that 
creation of files and directories should be consistent in regard to contexts.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 11:01:18 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.