[Pkg-shadow-devel] files with ACLs in skel dir

Peter Vrabec pvrabec at redhat.com
Tue Apr 20 15:23:57 UTC 2010

Hi Nicolas,

sorry for my late response :)

On Wednesday 31 March 2010 11:29:52 am Nicolas François wrote:
> Hi Peter,
> Sorry for the long delay.
> I had a second look at the patch and would like to propose some changes.
> It seems that the perm_copy_file() API is preferred to
> acl_get_file()/acl_set_file(). (I've read it is because of the handling of
> file system where ACL are not supported)
> perm_copy_file() also makes it easier to set the ACLs (it's much more
> similar to the calls of chmod)
> Would you agree with the attached patch?
> (Also, would it reduce the ACL support portability?)

Yeah I think you have much nicer solution.

> The patch also adds support for preserving extended attributes (which will
> include preserving the SELinux extended attributes).
> Is this a bad idea? I remember you sent me a patch for the SELinux support
> in copy_tree(). This used to set the default SELinux file context before
> files / directories were created. Does it conflict with copying the
> extended attributes?

I'm afraid there is a conflict. The reason is simple. Files in /etc/skell have 
different selinux context then files in /home/$user. I'll write to Dan Walsh and 
ask him about his opinion. But at this moment I don't recommend using support 
for preserving extended attributes.

> Note: the patch is not yet tested (either for compilation or in runtime).
compilation: see the patch
runtime: lets say it works too good ( it preserves more then we want ) ;)
> Best Regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow-acls_attrs.patch
Type: text/x-patch
Size: 751 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20100420/2dace37c/attachment.bin>

More information about the Pkg-shadow-devel mailing list