[Toybox] Squinting at LSM support in cp.

[Rob Landley]

On 07/14/2015 03:24 PM, enh wrote:
> On Fri, Jul 10, 2015 at 11:33 AM, Rob Landley <rob at landley.net> wrote:
>> Alas I have _no_ idea how to explain that last part concisely in the
>> help text. I'm also aware --no-preserve=context seems like it should
>> strip security context and if people want to argue for that instead, I'm
>> going to rant about how this entire mess is badly designed and there
>> should already be some xattr version of chmod -R that does a regex
>> search and replace on extended attribute key/value pairs, and that if
>> such a tool doesn't already exist to be copied then this LSM stuff
>> doesn't get used by non-bureaucrats, and cp probably isn't that tool
>> although maybe it can share infrastructure with it, and then I'd ask
>> somebody to explain to me what cp --attributes-only is for exactly?
> 
> there's no chmod/chown equivalent in the literal sense, but
> restorecon(8) is probably the closest. basically you don't trust
> arbitrary operations, and you have a tool that applies the correct
> labels based on its configuration. (so you have to get the
> configuration right, but you can largely ignore arbitrary fs
> modifications.)
> 
> note also that most processes can't set a file's label, and not having
> a label is fail-safe in the sense of "that gets you nothing".

Ok, so labels never _restrict_ access to files, they just grant extra
things to them? ("I could do X with this file/directory if it wasn't for
the label on it" does not ever apply?)

That would make the race conditions a lot less of an issue, yes.

Rob

 1436920303.0