On 11/08/2012 10:20 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Another pass at the patch.
This time -Z is not optional, only --context is.
- -Z or --context indicates use default label.
- --context=CTX uses previous behavior.
You can now do
cp -aZ and cp -Za and the right thing will happen.
Excellent.
I have turned off the warning SELinux is disabled if you specify -Z or
- --context. Now it will quietly ignore. I can add a comment to the usage if
you think it is worth while. The reason I want to do this, is to allow
people to do "mkdir -Z /var/run/XYZ" in a script and not worry about whether
or not SELinux is enabled. Currently we have lots of init script that do
things like
mkdir -Z /var/run/XYZ
restorecon /var/run/XYZ
Where restorecon quietly exits if SELinux is disabled.
Yes that makes sense.
--context without args just means set the system default
for the path, which can be nothing if SELinux is disabled.
I've no time to review now,
but hope to review fully and merge over the weekend.
I might get time to do some docs and tests too.
thanks!
Pádraig.
