]> git.ipfire.org Git - people/amarx/ipfire-3.x.git/blame - coreutils/patches/coreutils-selinux.patch
projects / people / amarx / ipfire-3.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
coreutils: Update to 8.21.
[people/amarx/ipfire-3.x.git] / coreutils / patches / coreutils-selinux.patch
CommitLineData
e5317bd9
SS		 1diff -urNp coreutils-8.21-orig/configure.ac coreutils-8.21/configure.ac
2--- coreutils-8.21-orig/configure.ac 2013-01-31 01:46:24.000000000 +0100
3+++ coreutils-8.21/configure.ac 2013-02-15 14:31:58.937482694 +0100
4@@ -204,6 +204,13 @@ if test "$gl_gcc_warnings" = yes; then
1d1a6603
SS		 5 AC_SUBST([GNULIB_TEST_WARN_CFLAGS])
6 fi
7
8+dnl Give the chance to enable SELINUX
9+AC_ARG_ENABLE(selinux, dnl
10+[ --enable-selinux Enable use of the SELINUX libraries],
11+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
12+LIB_SELINUX="-lselinux"
13+AC_SUBST(LIB_SELINUX)])
14+
15 AC_FUNC_FORK
16
e5317bd9
SS		 17 optional_bin_progs=
18diff -urNp coreutils-8.21-orig/init.cfg coreutils-8.21/init.cfg
19--- coreutils-8.21-orig/init.cfg 2013-01-31 01:46:24.000000000 +0100
20+++ coreutils-8.21/init.cfg 2013-02-15 14:31:58.957469955 +0100
21@@ -308,8 +308,8 @@ require_selinux_()
22
23 # Independent of whether SELinux is enabled system-wide,
24 # the current file system may lack SELinux support.
25- case $(ls -Zd .) in
26- '? .'|'unlabeled .')
27+ case $(ls -Zd . | cut -f4 -d" ") in
28+ '?'|'unlabeled')
29 skip_ "this system (or maybe just" \
30 "the current file system) lacks SELinux support"
31 ;;
32diff -urNp coreutils-8.21-orig/man/chcon.x coreutils-8.21/man/chcon.x
33--- coreutils-8.21-orig/man/chcon.x 2011-08-23 15:44:01.000000000 +0200
34+++ coreutils-8.21/man/chcon.x 2013-02-15 14:31:58.937482694 +0100
1d1a6603
SS		 35@@ -1,4 +1,4 @@
36 [NAME]
37-chcon \- change file security context
38+chcon \- change file SELinux security context
39 [DESCRIPTION]
40 .\" Add any additional description here
e5317bd9
SS		 41diff -urNp coreutils-8.21-orig/man/runcon.x coreutils-8.21/man/runcon.x
42--- coreutils-8.21-orig/man/runcon.x 2011-08-23 15:44:01.000000000 +0200
43+++ coreutils-8.21/man/runcon.x 2013-02-15 14:31:58.938486496 +0100
1d1a6603
SS		 44@@ -1,5 +1,5 @@
45 [NAME]
46-runcon \- run command with specified security context
47+runcon \- run command with specified SELinux security context
48 [DESCRIPTION]
49 Run COMMAND with completely-specified CONTEXT, or with current or
50 transitioned security context modified by one or more of LEVEL,
e5317bd9
SS		 51diff -urNp coreutils-8.21-orig/src/chcon.c coreutils-8.21/src/chcon.c
52--- coreutils-8.21-orig/src/chcon.c 2013-01-31 01:46:24.000000000 +0100
53+++ coreutils-8.21/src/chcon.c 2013-02-15 14:31:58.939469828 +0100
54@@ -355,7 +355,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\
3badd2da
SS		 55 "),
56 program_name, program_name, program_name);
57 fputs (_("\
58-Change the security context of each FILE to CONTEXT.\n\
59+Change the SELinux security context of each FILE to CONTEXT.\n\
60 With --reference, change the security context of each FILE to that of RFILE.\n\
fa4603be 61 "), stdout);
e5317bd9
SS		 62
63diff -urNp coreutils-8.21-orig/src/copy.c coreutils-8.21/src/copy.c
64--- coreutils-8.21-orig/src/copy.c 2013-02-07 10:37:05.000000000 +0100
65+++ coreutils-8.21/src/copy.c 2013-02-15 14:31:58.941467872 +0100
66@@ -2315,6 +2315,8 @@ copy_internal (char const *src_name, cha
1d1a6603
SS		 67 {
68 /* Here, we are crossing a file system boundary and cp's -x option
69 is in effect: so don't copy the contents of this directory. */
70+ if (x->preserve_security_context)
71+ restore_default_fscreatecon_or_die ();
72 }
73 else
74 {
e5317bd9
SS		 75diff -urNp coreutils-8.21-orig/src/copy.h coreutils-8.21/src/copy.h
76--- coreutils-8.21-orig/src/copy.h 2013-01-31 01:46:24.000000000 +0100
77+++ coreutils-8.21/src/copy.h 2013-02-15 14:31:58.943470982 +0100
78@@ -159,6 +159,9 @@ struct cp_options
1d1a6603 79 bool preserve_timestamps;
e5317bd9 80 bool explicit_no_preserve_mode;
1d1a6603
SS		 81
82+ /* If true, attempt to set specified security context */
83+ bool set_security_context;
84+
85 /* Enabled for mv, and for cp by the --preserve=links option.
86 If true, attempt to preserve in the destination files any
87 logical hard links between the source files. If used with cp's
e5317bd9
SS		 88diff -urNp coreutils-8.21-orig/src/cp.c coreutils-8.21/src/cp.c
89--- coreutils-8.21-orig/src/cp.c 2013-02-07 10:37:05.000000000 +0100
90+++ coreutils-8.21/src/cp.c 2013-02-15 14:31:58.945468929 +0100
1d1a6603
SS		 91@@ -141,6 +141,7 @@ static struct option const long_opts[] =
92 {"target-directory", required_argument, NULL, 't'},
93 {"update", no_argument, NULL, 'u'},
94 {"verbose", no_argument, NULL, 'v'},
95+ {"context", required_argument, NULL, 'Z'},
96 {GETOPT_HELP_OPTION_DECL},
97 {GETOPT_VERSION_OPTION_DECL},
98 {NULL, 0, NULL, 0}
e5317bd9 99@@ -201,6 +202,9 @@ Copy SOURCE to DEST, or multiple SOURCE(
1d1a6603
SS		 100 all\n\
101 "), stdout);
102 fputs (_("\
103+ -c same as --preserve=context\n\
104+"), stdout);
105+ fputs (_("\
106 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
107 --parents use full source file name under DIRECTORY\n\
108 "), stdout);
e5317bd9 109@@ -227,6 +231,7 @@ Copy SOURCE to DEST, or multiple SOURCE(
1d1a6603
SS		 110 destination file is missing\n\
111 -v, --verbose explain what is being done\n\
112 -x, --one-file-system stay on this file system\n\
113+ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
114 "), stdout);
115 fputs (HELP_OPTION_DESCRIPTION, stdout);
116 fputs (VERSION_OPTION_DESCRIPTION, stdout);
e5317bd9
SS		 117@@ -784,6 +789,7 @@ cp_option_init (struct cp_options *x)
118 x->explicit_no_preserve_mode = false;
1d1a6603
SS		 119 x->preserve_security_context = false;
120 x->require_preserve_context = false;
121+ x->set_security_context = false;
122 x->preserve_xattr = false;
123 x->reduce_diagnostics = false;
124 x->require_preserve_xattr = false;
407c5be3 125@@ -933,7 +939,7 @@ main (int argc, char **argv)
1d1a6603
SS		 126 we'll actually use backup_suffix_string. */
127 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
128
129- while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T",
130+ while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:",
131 long_opts, NULL))
132 != -1)
133 {
407c5be3 134@@ -981,6 +987,16 @@ main (int argc, char **argv)
1d1a6603
SS		 135 copy_contents = true;
136 break;
137
138+ case 'c':
139+ if ( x.set_security_context ) {
140+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
141+ exit( 1 );
142+ }
143+ else if (selinux_enabled) {
144+ x.preserve_security_context = true;
145+ x.require_preserve_context = true;
146+ }
147+ break;
148 case 'd':
149 x.preserve_links = true;
150 x.dereference = DEREF_NEVER;
e5317bd9 151@@ -1091,6 +1107,27 @@ main (int argc, char **argv)
1d1a6603
SS		 152 x.one_file_system = true;
153 break;
154
155+
156+ case 'Z':
157+ /* politely decline if we're not on a selinux-enabled kernel. */
158+ if( !selinux_enabled ) {
159+ fprintf( stderr, "Warning: ignoring --context (-Z). "
160+ "It requires a SELinux enabled kernel.\n" );
161+ break;
162+ }
163+ if ( x.preserve_security_context ) {
164+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
165+ exit( 1 );
166+ }
167+ x.set_security_context = true;
168+ /* if there's a security_context given set new path
169+ components to that context, too */
170+ if ( setfscreatecon(optarg) < 0 ) {
171+ (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg);
172+ exit( 1 );
173+ }
174+ break;
175+
176 case 'S':
177 make_backups = true;
178 backup_suffix_string = optarg;
e5317bd9
SS		 179diff -urNp coreutils-8.21-orig/src/id.c coreutils-8.21/src/id.c
180--- coreutils-8.21-orig/src/id.c 2013-01-31 01:46:24.000000000 +0100
181+++ coreutils-8.21/src/id.c 2013-02-15 14:31:58.946469154 +0100
182@@ -106,7 +106,7 @@ int
1d1a6603
SS		 183 main (int argc, char **argv)
184 {
185 int optc;
186- int selinux_enabled = (is_selinux_enabled () > 0);
187+ bool selinux_enabled = (is_selinux_enabled () > 0);
188
189 /* If true, output the list of all group IDs. -G */
190 bool just_group_list = false;
e5317bd9
SS		 191diff -urNp coreutils-8.21-orig/src/install.c coreutils-8.21/src/install.c
192--- coreutils-8.21-orig/src/install.c 2013-02-07 10:37:05.000000000 +0100
193+++ coreutils-8.21/src/install.c 2013-02-15 14:31:58.948469440 +0100
194@@ -280,6 +280,7 @@ cp_option_init (struct cp_options *x)
1d1a6603
SS		 195 x->data_copy_required = true;
196 x->require_preserve = false;
197 x->require_preserve_context = false;
198+ x->set_security_context = false;
199 x->require_preserve_xattr = false;
200 x->recursive = false;
201 x->sparse_mode = SPARSE_AUTO;
e5317bd9 202@@ -639,7 +640,7 @@ In the 4th form, create all components o
3badd2da
SS		 203 -v, --verbose print the name of each directory as it is created\n\
204 "), stdout);
205 fputs (_("\
206- --preserve-context preserve SELinux security context\n\
207+ -P, --preserve-context preserve SELinux security context\n\
208 -Z, --context=CONTEXT set SELinux security context of files and directories\
209 \n\
210 "), stdout);
e5317bd9 211@@ -782,7 +783,7 @@ main (int argc, char **argv)
1d1a6603
SS		 212 we'll actually use backup_suffix_string. */
213 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
214
215- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options,
216+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options,
217 NULL)) != -1)
218 {
219 switch (optc)
e5317bd9 220@@ -853,6 +854,7 @@ main (int argc, char **argv)
3badd2da
SS		 221 no_target_directory = true;
222 break;
223
1d1a6603
SS		 224+ case 'P':
225 case PRESERVE_CONTEXT_OPTION:
226 if ( ! selinux_enabled)
227 {
e5317bd9 228@@ -860,6 +862,10 @@ main (int argc, char **argv)
1d1a6603
SS		 229 "this kernel is not SELinux-enabled"));
230 break;
231 }
232+ if ( x.set_security_context ) {
233+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
234+ exit( 1 );
235+ }
236 x.preserve_security_context = true;
237 use_default_selinux_context = false;
238 break;
e5317bd9 239@@ -871,6 +877,7 @@ main (int argc, char **argv)
1d1a6603
SS		 240 break;
241 }
242 scontext = optarg;
243+ x.set_security_context = true;
244 use_default_selinux_context = false;
245 break;
246 case_GETOPT_HELP_CHAR;
e5317bd9
SS		 247diff -urNp coreutils-8.21-orig/src/ls.c coreutils-8.21/src/ls.c
248--- coreutils-8.21-orig/src/ls.c 2013-02-03 04:24:02.000000000 +0100
249+++ coreutils-8.21/src/ls.c 2013-02-15 14:31:58.953469008 +0100
250@@ -165,7 +165,8 @@ enum filetype
1d1a6603
SS		 251 symbolic_link,
252 sock,
253 whiteout,
254- arg_directory
255+ arg_directory,
256+ command_line
257 };
258
259 /* Display letters and indicators for each filetype.
e5317bd9 260@@ -281,6 +282,7 @@ static void queue_directory (char const
fa4603be 261 bool command_line_arg);
1d1a6603
SS		 262 static void sort_files (void);
263 static void parse_ls_color (void);
1d1a6603
SS		 264+static void print_scontext_format (const struct fileinfo *f);
265
266 /* Initial size of hash table.
267 Most hierarchies are likely to be shallower than this. */
e5317bd9 268@@ -350,7 +352,7 @@ static struct pending *pending_dirs;
1d1a6603
SS		 269
270 static struct timespec current_time;
271
272-static bool print_scontext;
273+static int print_scontext = 0;
274 static char UNKNOWN_SECURITY_CONTEXT[] = "?";
275
276 /* Whether any of the files has an ACL. This affects the width of the
e5317bd9 277@@ -390,7 +392,9 @@ enum format
1d1a6603
SS		 278 one_per_line, /* -1 */
279 many_per_line, /* -C */
280 horizontal, /* -x */
281- with_commas /* -m */
282+ with_commas, /* -m */
283+ security_format, /* -Z */
284+ invalid_format
285 };
286
287 static enum format format;
e5317bd9 288@@ -793,6 +797,9 @@ enum
1d1a6603
SS		 289 SHOW_CONTROL_CHARS_OPTION,
290 SI_OPTION,
291 SORT_OPTION,
292+ CONTEXT_OPTION,
293+ LCONTEXT_OPTION,
294+ SCONTEXT_OPTION,
295 TIME_OPTION,
296 TIME_STYLE_OPTION
297 };
e7f6ab54 298@@ -839,7 +846,9 @@ static struct option const long_options[
1d1a6603
SS		 299 {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
300 {"color", optional_argument, NULL, COLOR_OPTION},
301 {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
302- {"context", no_argument, 0, 'Z'},
303+ {"context", no_argument, 0, CONTEXT_OPTION},
304+ {"lcontext", no_argument, 0, LCONTEXT_OPTION},
305+ {"scontext", no_argument, 0, SCONTEXT_OPTION},
306 {"author", no_argument, NULL, AUTHOR_OPTION},
307 {GETOPT_HELP_OPTION_DECL},
308 {GETOPT_VERSION_OPTION_DECL},
e7f6ab54 309@@ -849,12 +858,12 @@ static struct option const long_options[
1d1a6603
SS		 310 static char const *const format_args[] =
311 {
312 "verbose", "long", "commas", "horizontal", "across",
313- "vertical", "single-column", NULL
314+ "vertical", "single-column", "context", NULL
315 };
316 static enum format const format_types[] =
317 {
318 long_format, long_format, with_commas, horizontal, horizontal,
319- many_per_line, one_per_line
320+ many_per_line, one_per_line, security_format
321 };
322 ARGMATCH_VERIFY (format_args, format_types);
323
e7f6ab54 324@@ -1296,7 +1305,8 @@ main (int argc, char **argv)
1d1a6603
SS		 325 /* Avoid following symbolic links when possible. */
326 if (is_colored (C_ORPHAN)
327 || (is_colored (C_EXEC) && color_symlink_as_referent)
328- || (is_colored (C_MISSING) && format == long_format))
329+ || (is_colored (C_MISSING) && (format == long_format
330+ || format == security_format)))
331 check_symlink_color = true;
332
333 /* If the standard output is a controlling terminal, watch out
e7f6ab54 334@@ -1343,7 +1353,7 @@ main (int argc, char **argv)
1d1a6603
SS		 335 if (dereference == DEREF_UNDEFINED)
336 dereference = ((immediate_dirs
337 || indicator_style == classify
338- || format == long_format)
339+ || format == long_format || format == security_format)
340 ? DEREF_NEVER
341 : DEREF_COMMAND_LINE_SYMLINK_TO_DIR);
342
e7f6ab54 343@@ -1363,7 +1373,7 @@ main (int argc, char **argv)
1d1a6603
SS		 344
345 format_needs_stat = sort_type == sort_time || sort_type == sort_size
346 || format == long_format
347- || print_scontext
348+ || format == security_format || print_scontext
349 || print_block_size;
350 format_needs_type = (! format_needs_stat
351 && (recursive
e7f6ab54 352@@ -1394,7 +1404,7 @@ main (int argc, char **argv)
1d1a6603
SS		 353 }
354 else
355 do
356- gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, "");
357+ gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, "");
358 while (i < argc);
359
360 if (cwd_n_used)
e7f6ab54 361@@ -1565,7 +1575,7 @@ decode_switches (int argc, char **argv)
1d1a6603
SS		 362 ignore_mode = IGNORE_DEFAULT;
363 ignore_patterns = NULL;
364 hide_patterns = NULL;
365- print_scontext = false;
366+ print_scontext = 0;
367
368 /* FIXME: put this in a function. */
369 {
e5317bd9 370@@ -1941,13 +1951,27 @@ decode_switches (int argc, char **argv)
1d1a6603
SS		 371 break;
372
373 case 'Z':
374- print_scontext = true;
375+ print_scontext = 1;
376+ format = security_format;
377 break;
378
379 case_GETOPT_HELP_CHAR;
380
381 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
382
383+ case CONTEXT_OPTION: /* default security context format */
384+ print_scontext = 1;
385+ format = security_format;
386+ break;
387+ case LCONTEXT_OPTION: /* long format plus security context */
388+ print_scontext = 1;
389+ format = long_format;
390+ break;
391+ case SCONTEXT_OPTION: /* short form of new security format */
392+ print_scontext = 0;
393+ format = security_format;
394+ break;
395+
396 default:
397 usage (LS_FAILURE);
398 }
e5317bd9 399@@ -2883,6 +2907,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 400 memset (f, '\0', sizeof *f);
401 f->stat.st_ino = inode;
402 f->filetype = type;
403+ f->scontext = NULL;
404
405 if (command_line_arg
406 || format_needs_stat
e5317bd9 407@@ -2995,7 +3020,7 @@ gobble_file (char const *name, enum file
1d1a6603 408 && print_with_color && is_colored (C_CAP))
6987acf5 409 f->has_capability = has_capability_cache (absolute_name, f);
1d1a6603
SS		 410
411- if (format == long_format || print_scontext)
412+ if (format == long_format || format == security_format || print_scontext)
413 {
414 bool have_selinux = false;
415 bool have_acl = false;
e5317bd9 416@@ -3016,7 +3041,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 417 err = 0;
418 }
419
420- if (err == 0 && format == long_format)
421+ if (err == 0 && (format == long_format || format == security_format))
422 {
6987acf5 423 int n = file_has_acl_cache (absolute_name, f);
1d1a6603 424 err = (n < 0);
e5317bd9 425@@ -3035,7 +3060,8 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 426 }
427
428 if (S_ISLNK (f->stat.st_mode)
429- && (format == long_format || check_symlink_color))
430+ && (format == long_format || format == security_format
431+ || check_symlink_color))
432 {
1d1a6603 433 struct stat linkstats;
764f5877 434
e5317bd9 435@@ -3054,6 +3080,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 436 command line are automatically traced if not being
437 listed as files. */
438 if (!command_line_arg || format == long_format
439+ || format == security_format
440 || !S_ISDIR (linkstats.st_mode))
441 {
442 /* Get the linked-to file's mode for the filetype indicator
e5317bd9 443@@ -3087,7 +3114,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 444 block_size_width = len;
445 }
446
447- if (format == long_format)
448+ if (format == long_format || format == security_format)
449 {
450 if (print_owner)
451 {
e5317bd9 452@@ -3591,6 +3618,13 @@ print_current_files (void)
1d1a6603
SS		 453 print_long_format (sorted_file[i]);
454 DIRED_PUTCHAR ('\n');
455 }
456+ break;
457+ case security_format:
458+ for (i = 0; i < cwd_n_used; i++)
459+ {
460+ print_scontext_format (sorted_file[i]);
461+ DIRED_PUTCHAR ('\n');
462+ }
463 break;
464 }
465 }
e5317bd9 466@@ -3753,6 +3787,67 @@ format_inode (char *buf, size_t buflen,
1d1a6603
SS		 467 : (char *) "?");
468 }
469
470+/* Print info about f in scontext format */
471+static void
472+print_scontext_format (const struct fileinfo *f)
473+{
474+ char modebuf[12];
475+
476+ /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
477+ 1 10-byte mode string,
478+ 9 spaces, one following each of these fields, and
479+ 1 trailing NUL byte. */
480+
481+ char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
482+ char *buf = init_bigbuf;
483+ char *p;
484+
485+ p = buf;
486+
487+ if ( print_scontext ) { /* zero means terse listing */
488+ filemodestring (&f->stat, modebuf);
489+ if (! any_has_acl)
490+ modebuf[10] = '\0';
491+ else if (f->acl_type == ACL_T_SELINUX_ONLY)
492+ modebuf[10] = '.';
493+ else if (f->acl_type == ACL_T_YES)
494+ modebuf[10] = '+';
495+ modebuf[11] = '\0';
496+
497+ /* print mode */
498+
499+ (void) sprintf (p, "%s ", modebuf);
500+ p += strlen (p);
501+
502+ /* print standard user and group */
503+
504+ DIRED_FPUTS (buf, stdout, p - buf);
505+ format_user (f->stat.st_uid, owner_width, f->stat_ok);
506+ format_group (f->stat.st_gid, group_width, f->stat_ok);
507+ p = buf;
508+ }
509+
510+ (void) sprintf (p, "%-32s ", f->scontext ?: "");
511+ p += strlen (p);
512+
513+ DIRED_INDENT ();
514+ DIRED_FPUTS (buf, stdout, p - buf);
515+ size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf);
516+
517+ if (f->filetype == symbolic_link) {
518+ if (f->linkname) {
519+ DIRED_FPUTS_LITERAL (" -> ", stdout);
520+ print_name_with_quoting (f, true, NULL, (p - buf) + w + 4);
521+ if (indicator_style != none)
522+ print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
523+ }
524+ }
525+ else {
526+ if (indicator_style != none)
527+ print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
528+ }
529+}
530+
531 /* Print information about F in long format. */
532 static void
533 print_long_format (const struct fileinfo *f)
e5317bd9 534@@ -3844,9 +3939,15 @@ print_long_format (const struct fileinfo
1d1a6603
SS		 535 The latter is wrong when nlink_width is zero. */
536 p += strlen (p);
537
538+ if (print_scontext)
539+ {
540+ sprintf (p, "%-32s ", f->scontext ? f->scontext : "");
541+ p += strlen (p);
542+ }
543+
544 DIRED_INDENT ();
545
546- if (print_owner || print_group || print_author || print_scontext)
547+ if (print_owner || print_group || print_author)
548 {
549 DIRED_FPUTS (buf, stdout, p - buf);
550
e5317bd9 551@@ -3859,9 +3960,6 @@ print_long_format (const struct fileinfo
1d1a6603
SS		 552 if (print_author)
553 format_user (f->stat.st_author, author_width, f->stat_ok);
554
555- if (print_scontext)
556- format_user_or_group (f->scontext, 0, scontext_width);
557-
558 p = buf;
559 }
560
e5317bd9 561@@ -4207,9 +4305,6 @@ print_file_name_and_frills (const struct
1d1a6603
SS		 562 : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
563 ST_NBLOCKSIZE, output_block_size));
564
565- if (print_scontext)
566- printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext);
567-
568 size_t width = print_name_with_quoting (f, false, NULL, start_col);
569
570 if (indicator_style != none)
e5317bd9 571@@ -4417,9 +4512,6 @@ length_of_file_name_and_frills (const st
1d1a6603
SS		 572 output_block_size))
573 : block_size_width);
574
575- if (print_scontext)
576- len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width);
577-
578 quote_name (NULL, f->name, filename_quoting_options, &name_width);
579 len += name_width;
580
e5317bd9 581@@ -4856,9 +4948,16 @@ Sort entries alphabetically if none of -
1d1a6603
SS		 582 -w, --width=COLS assume screen width instead of current value\n\
583 -x list entries by lines instead of by columns\n\
584 -X sort alphabetically by entry extension\n\
585- -Z, --context print any SELinux security context of each file\n\
586 -1 list one file per line\n\
587 "), stdout);
588+ fputs(_("\nSELinux options:\n\n\
589+ --lcontext Display security context. Enable -l. Lines\n\
590+ will probably be too wide for most displays.\n\
591+ -Z, --context Display security context so it fits on most\n\
592+ displays. Displays only mode, user, group,\n\
593+ security context and file name.\n\
594+ --scontext Display only security context and file name.\n\
595+"), stdout);
596 fputs (HELP_OPTION_DESCRIPTION, stdout);
597 fputs (VERSION_OPTION_DESCRIPTION, stdout);
598 emit_size_note ();
e5317bd9
SS		 599diff -urNp coreutils-8.21-orig/src/mkdir.c coreutils-8.21/src/mkdir.c
600--- coreutils-8.21-orig/src/mkdir.c 2013-01-31 01:46:24.000000000 +0100
601+++ coreutils-8.21/src/mkdir.c 2013-02-15 14:31:58.954469576 +0100
1d1a6603
SS		 602@@ -38,6 +38,7 @@
603 static struct option const longopts[] =
604 {
605 {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
606+ {"context", required_argument, NULL, 'Z'},
607 {"mode", required_argument, NULL, 'm'},
608 {"parents", no_argument, NULL, 'p'},
609 {"verbose", no_argument, NULL, 'v'},
e5317bd9
SS		 610diff -urNp coreutils-8.21-orig/src/mknod.c coreutils-8.21/src/mknod.c
611--- coreutils-8.21-orig/src/mknod.c 2013-01-31 01:46:24.000000000 +0100
612+++ coreutils-8.21/src/mknod.c 2013-02-15 14:31:58.955470548 +0100
1d1a6603
SS		 613@@ -35,7 +35,7 @@
614
615 static struct option const longopts[] =
616 {
617- {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
618+ {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
619 {"mode", required_argument, NULL, 'm'},
620 {GETOPT_HELP_OPTION_DECL},
621 {GETOPT_VERSION_OPTION_DECL},
e5317bd9
SS		 622diff -urNp coreutils-8.21-orig/src/mv.c coreutils-8.21/src/mv.c
623--- coreutils-8.21-orig/src/mv.c 2013-02-07 10:37:05.000000000 +0100
624+++ coreutils-8.21/src/mv.c 2013-02-15 14:31:58.956469593 +0100
625@@ -120,6 +120,7 @@ cp_option_init (struct cp_options *x)
1d1a6603 626 x->preserve_timestamps = true;
e5317bd9 627 x->explicit_no_preserve_mode= false;
1d1a6603
SS		 628 x->preserve_security_context = selinux_enabled;
629+ x->set_security_context = false;
630 x->reduce_diagnostics = false;
631 x->data_copy_required = true;
632 x->require_preserve = false; /* FIXME: maybe make this an option */
e5317bd9
SS		 633diff -urNp coreutils-8.21-orig/src/runcon.c coreutils-8.21/src/runcon.c
634--- coreutils-8.21-orig/src/runcon.c 2013-01-31 01:46:24.000000000 +0100
635+++ coreutils-8.21/src/runcon.c 2013-02-15 14:31:58.956469593 +0100
636@@ -85,7 +85,7 @@ Usage: %s CONTEXT COMMAND [args]\n\
1d1a6603
SS		 637 or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\
638 "), program_name, program_name);
639 fputs (_("\
640-Run a program in a different security context.\n\
641+Run a program in a different SELinux security context.\n\
642 With neither CONTEXT nor COMMAND, print the current security context.\n\
e5317bd9 643 "), stdout);
1d1a6603 644
e5317bd9
SS		 645diff -urNp coreutils-8.21-orig/tests/misc/selinux.sh coreutils-8.21/tests/misc/selinux.sh
646--- coreutils-8.21-orig/tests/misc/selinux.sh 2013-01-31 01:46:24.000000000 +0100
647+++ coreutils-8.21/tests/misc/selinux.sh 2013-02-15 14:31:58.957469955 +0100
407c5be3 648@@ -37,7 +37,7 @@ chcon $ctx f d p ||
1d1a6603
SS		 649
650 # inspect that context with both ls -Z and stat.
651 for i in d f p; do
764f5877
SS		 652- c=$(ls -dogZ $i|cut -d' ' -f3); test x$c = x$ctx || fail=1
653+ c=$(ls -dogZ $i|cut -d' ' -f4); test x$c = x$ctx || fail=1
654 c=$(stat --printf %C $i); test x$c = x$ctx || fail=1
1d1a6603
SS		 655 done
656
Alex's tree of IPFire 3.x