Hi. I was hoping to use sftp/vsftpd to transfer a file between two hosts (both) running SELinux, and have the file tag remain the same on both the source and destination. However, it seems that the behaviour I see is like cp (without any options) - that is, the destination file inherits the tag of its containing directory. Is there any way to get the behaviour to be more like mv, in which the tag is maintained? If there is a better way than ftp, I'd be interested in hearing about it. Thanks for your help.
Jeff Becker
Am 31.01.2017 um 00:48 schrieb Jeff Becker:
Hi. I was hoping to use sftp/vsftpd to transfer a file between two hosts (both) running SELinux, and have the file tag remain the same on both the source and destination. However, it seems that the behaviour I see is like cp (without any options) - that is, the destination file inherits the tag of its containing directory.
the selinux file context is saved in FS extended attributes. With for example rsync and the --xattrs (-X) option it should copy this. Seems there is a --xattrs option for tar too.
Don't know if this is possible by sftp/vsftpd at all.
As SElinux is about preventing bad things: how do you ensure you trust the client to set selinux labels?
- Thomas
selinux@lists.fedoraproject.org