Enrico Scholz <git...@ensc.de> added the comment:
IMO the SELinux security attributes must not be copied (except when requested explicitly). Doing so will create badly labeled systems else. It would be better to use default transition rules and call optionally selinux_restorecon() then. E.g. when copying selinux.* attributes, after "cp /tmp/foo /bin/" the resulting "/bin/foo" would have a "tmp_t" label (which is wrong). Without copying attributes, it would be labeled as "bin_t" (which is more realistic). When there are SELinux rules for "/bin/foo", it might be relabeled e.g. to "bin_foo_t" by the manual selinux_restorecon(). Ignoring errors silently will make operations very unpredictable. ---------- nosy: +ensc2 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38893> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com