Moving and Copying Files in Centos Linux

In file system operations, security context must now be considered in terms of the label of the file, the process accessing it, and the directories where the operation is happening. Because of this, moving and copying files with mv and cp may have unexpected results.

Moving and Copying Files in Centos Linux
Moving and Copying Files in Centos Linux
Copying Files: SELinux Options for cp
Unless you specify otherwise, cp follows the default behavior of creating a new file based on the domain of the creating process and the type of the target directory. Unless there is a specific rule to set the label, the file inherits the type from the target directory.
Use the -Z user:role:type option to specify the required label for the new file.
The -p (or --preserve=mode,ownership,timestamps) option preserves the specified attributes and, if possible, additional attributes such as links.
touch bar foo
ls -Z bar foo
-rw-rw-r-- auser auser user_u:object_r:user_home_t bar
-rw-rw-r-- auser auser user_u:object_r:user_home_t foo
If you use the cp command without any additional command-line arguments, a copy of the file is created in the new location using the default type of the creating process and the target directory. In this case, because there is no specific rule that applies to cp and /tmp, the new file has the type of the parent directory:
cp bar /tmp
ls -Z /tmp/bar
-rw-rw-r-- auser auser user_u:object_r:tmp_t /tmp/bar
The type tmp_t is the default type for temporary files.
Use the -Z option to specify the label for the new file:
cp -Z user_u:object_r:user_home_t foo /tmp
ls -Z /tmp/foo
-rw-rw-r-- auser auser user_u:object_r:user_home_t /tmp/foo
Moving Files: SELinux Options for mv
Moving files with mv retains the original type associated with the file. Care should be taken using this command as it can cause problems. For example, if you move files with the type user_home_t into ~/public_html, then the httpd daemon is not able to serve those files until you relabel them. Refer to Section 45.1.3, “Relabeling a File or Directory” for more information about file labeling.

CommandBehavior
mvThe file retains its original label. This may cause problems, confusion, or minor insecurity. For example, the tmpwatch program running in the sbin_t domain might not be allowed to delete an aged file in the /tmp directory because of the file's type.
cpMakes a copy of the file using the default behavior based on the domain of the creating process (cp) and the type of the target directory.
cp -pMakes a copy of the file, preserving the specified attributes and security contexts, if possible. The default attributes are modeownership, and timestamps. Additional attributes are links and all.
cp -Z <user:role:type>Makes a copy of the file with the specified labels. The -Z option is synonymous with --context.
Table Behavior of mv and cp Commands