Re: SELinux for upstream coreutils, finally (RFC: does mkdir need -Z?)

[Karl MacMillan]

On Fri, 2007-03-30 at 15:13 +0200, Jim Meyering wrote:
> Russell Coker <address@hidden> wrote:
> > On Friday 30 March 2007 21:18, Jim Meyering <address@hidden> wrote:
> >> Regarding the --context=C (-Z C) option that is now accepted by
> >> mkdir, mknod, mkfifo, and install, I am inclined to
> >
> > Currently mkdir, mknod, and mkfifo support a -m option to set the mode.
> > Install has options to also set the owner and group.
> 
> Hi Russell,
> 
> Thanks for the quick feedback.
> As implied here,
> 
>     http://www.redhat.com/archives/fedora-list/2006-August/msg02264.html
> 
> I agree that one should be able to get the effect you want.  However,
> adding a -Z option to each and every affected program is not the only way.
> 
> What did you think of the proposal (in the link above) for
> 
>     fscon CTX mkdir /new/directory
> 
> IMHO, it's not so much less "user friendly" than this equivalent:
> 
>     mkdir -C CTX /new/directory
> 

I still think that this is problematic from a user perspective (in
addition to the implementation issues). It is not as much the
complication of using the command - though that is not ideal. It is more
that I think it will be much harder for the user to find fscon than an
option if they do not know that they exist.

If there are some selinux options in coreutils it would be natural for a
user to look for other options to accomplish what you want. In this case
I don't think that most users would, upon not finding an option, think
to look for a completely separate tool.

Karl