Menu
▾
▴
Re: [Audit-test-developer] [PATCH 14/19] misc/tar: use --selinux instead of --xattrs
|
From: Jiri J. <jja...@re...> - 2013-08-28 13:34:25
|
On 08/27/2013 08:08 PM, Linda Knippers wrote: > On 08/21/13 12:23, Jiri Jaburek wrote: >> The test description states that: >> "Verify that the tar program preserves file security contexts." >> >> and tar has an explicit option for that: >> --selinux >> Save the SELinux context to the archive. > > I think "file security contexts" means more than SELinux context. > What about non-selinux security information, like ACLs? Aren't they > also stored in extended attributes? I guess the test was only creating/ > checking SELinux contexts but the other is important as well, even if > not well tested. > I originally assumed it's a SELinux-only test, even though it mentions generic "security contexts". The point is that not all security mechanisms have to use xattrs for storage and the idea of using explicit options for tar would actually be more generic in the end. (With an explicit --acls test.) However the issue seems to be more complex than it seemed in the first place, so let's just drop this patch now and return to it later. Jiri |
