[Pkg-shadow-devel] files with ACLs in skel dir
pvrabec at redhat.com
Tue Apr 20 15:23:57 UTC 2010
sorry for my late response :)
On Wednesday 31 March 2010 11:29:52 am Nicolas François wrote:
> Hi Peter,
> Sorry for the long delay.
> I had a second look at the patch and would like to propose some changes.
> It seems that the perm_copy_file() API is preferred to
> acl_get_file()/acl_set_file(). (I've read it is because of the handling of
> file system where ACL are not supported)
> perm_copy_file() also makes it easier to set the ACLs (it's much more
> similar to the calls of chmod)
> Would you agree with the attached patch?
> (Also, would it reduce the ACL support portability?)
Yeah I think you have much nicer solution.
> The patch also adds support for preserving extended attributes (which will
> include preserving the SELinux extended attributes).
> Is this a bad idea? I remember you sent me a patch for the SELinux support
> in copy_tree(). This used to set the default SELinux file context before
> files / directories were created. Does it conflict with copying the
> extended attributes?
I'm afraid there is a conflict. The reason is simple. Files in /etc/skell have
different selinux context then files in /home/$user. I'll write to Dan Walsh and
ask him about his opinion. But at this moment I don't recommend using support
for preserving extended attributes.
> Note: the patch is not yet tested (either for compilation or in runtime).
compilation: see the patch
runtime: lets say it works too good ( it preserves more then we want ) ;)
> Best Regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 751 bytes
Desc: not available
More information about the Pkg-shadow-devel