Package: coreutils Version: 8.5-1 Severity: normal If you use install(1) to put a file in a setgid directory then it will end up with the GID specified by the directory permissions and no warning will be given.
If you run install as non-root and the source is owned by a different user then the result will be a file owned by your account and no warning will be given. If you run install on a SE Linux system and the target directory has a file context other than "<<None>>" specified (which means pretty much any directory on a regular filesystem other than /tmp, /var/tmp, and /media) then by default it will try to label the file according to the file contexts specified in SE Linux policy. If this relabelling attempt fails then a warning will be displayed. >From reading the source it seems that there are two options for preventing this, one is the -Z option to explicitely specify the context. This doesn't work in automated environments (such as debian/rules) as you won't know what will be a valid context - and in any case the ability to build on a non-SE system is desirable. The other is the --preserve-context option. This aims to make the context on the destination file the same as the source, but of course this doesn't work if the source has a context that you can't write - a trivial example of this is "install --preserve-context /etc/passwd /tmp/foo". What is needed is an option to install without doing anything special with the SE Linux context. This will be good for debian/rules (as Debian packages contain no information on SE Linux contexts) and for lots of other things. Also if the default is to remain looking up the file contexts database and matching the file name then this needs to be documented in the man page. -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (700, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages coreutils depends on: ii libacl1 2.2.49-4 Access control list shared library ii libattr1 1:2.4.44-2 Extended attribute shared library ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libselinux1 2.0.96-1 SELinux runtime shared libraries coreutils recommends no packages. coreutils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
