Stefan Berger wrote:
The security.evm extended attribute is fully owned by the Linux kernel
and cannot be directly written from userspace. Therefore, we can always
skip it.
---  (see below "...")...

   Please put this on a switch or option.

The security.evm field seems only special on Mandatory Access
systems (from, and seems like it
should be copyable by root on non-Mandatory Access systems.

At the very least, a "dd" from one file system to another, would copy it,
so the security doesn't rely on it being copied WITH the rest of
its attrs, but with the field being a check on those fields not being


Reading further, a better solution might be to provide a list
of extended attributes to ***exclude*** from copying, making your
patch "general case", as well as an option to ONLY copy a list of
xattrs, that match an expression or list.

I'm against hardcoding specific cases into rsync, as they won't apply
to all systems rsync runs on as well as hard-coding current trends
in integrity-measurement (which may be subject to change).

Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options:
Before posting, read:

Reply via email to