[Pkg-shadow-devel] files with ACLs in skel dir

Nicolas François nicolas.francois at centraliens.net
Sat Aug 21 17:30:10 UTC 2010


On Tue, Apr 20, 2010 at 05:23:57PM +0200, pvrabec at redhat.com wrote:
> On Wednesday 31 March 2010 11:29:52 am Nicolas François wrote:
> > The patch also adds support for preserving extended attributes (which will
> > include preserving the SELinux extended attributes).
> > Is this a bad idea? I remember you sent me a patch for the SELinux support
> > in copy_tree(). This used to set the default SELinux file context before
> > files / directories were created. Does it conflict with copying the
> > extended attributes?
> I'm afraid there is a conflict. The reason is simple. Files in /etc/skell have 
> different selinux context then files in /home/$user. I'll write to Dan Walsh and 
> ask him about his opinion. But at this moment I don't recommend using support 
> for preserving extended attributes.

I will add the attached patch to make sure that useradd only resets the
selinux context and do not copy the extended attributes when /etc/skel is

usermod will still copy the extended attributes when a home directory is

Best Regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow.diff
Type: text/x-diff
Size: 8576 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20100821/9e05382f/attachment.diff>

More information about the Pkg-shadow-devel mailing list