]>
Commit | Line | Data |
---|---|---|
e5317bd9 SS |
1 | diff -urNp coreutils-8.21-orig/configure.ac coreutils-8.21/configure.ac |
2 | --- coreutils-8.21-orig/configure.ac 2013-01-31 01:46:24.000000000 +0100 | |
3 | +++ coreutils-8.21/configure.ac 2013-02-15 14:31:58.937482694 +0100 | |
4 | @@ -204,6 +204,13 @@ if test "$gl_gcc_warnings" = yes; then | |
1d1a6603 SS |
5 | AC_SUBST([GNULIB_TEST_WARN_CFLAGS]) |
6 | fi | |
7 | ||
8 | +dnl Give the chance to enable SELINUX | |
9 | +AC_ARG_ENABLE(selinux, dnl | |
10 | +[ --enable-selinux Enable use of the SELINUX libraries], | |
11 | +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) | |
12 | +LIB_SELINUX="-lselinux" | |
13 | +AC_SUBST(LIB_SELINUX)]) | |
14 | + | |
15 | AC_FUNC_FORK | |
16 | ||
e5317bd9 SS |
17 | optional_bin_progs= |
18 | diff -urNp coreutils-8.21-orig/init.cfg coreutils-8.21/init.cfg | |
19 | --- coreutils-8.21-orig/init.cfg 2013-01-31 01:46:24.000000000 +0100 | |
20 | +++ coreutils-8.21/init.cfg 2013-02-15 14:31:58.957469955 +0100 | |
21 | @@ -308,8 +308,8 @@ require_selinux_() | |
22 | ||
23 | # Independent of whether SELinux is enabled system-wide, | |
24 | # the current file system may lack SELinux support. | |
25 | - case $(ls -Zd .) in | |
26 | - '? .'|'unlabeled .') | |
27 | + case $(ls -Zd . | cut -f4 -d" ") in | |
28 | + '?'|'unlabeled') | |
29 | skip_ "this system (or maybe just" \ | |
30 | "the current file system) lacks SELinux support" | |
31 | ;; | |
32 | diff -urNp coreutils-8.21-orig/man/chcon.x coreutils-8.21/man/chcon.x | |
33 | --- coreutils-8.21-orig/man/chcon.x 2011-08-23 15:44:01.000000000 +0200 | |
34 | +++ coreutils-8.21/man/chcon.x 2013-02-15 14:31:58.937482694 +0100 | |
1d1a6603 SS |
35 | @@ -1,4 +1,4 @@ |
36 | [NAME] | |
37 | -chcon \- change file security context | |
38 | +chcon \- change file SELinux security context | |
39 | [DESCRIPTION] | |
40 | .\" Add any additional description here | |
e5317bd9 SS |
41 | diff -urNp coreutils-8.21-orig/man/runcon.x coreutils-8.21/man/runcon.x |
42 | --- coreutils-8.21-orig/man/runcon.x 2011-08-23 15:44:01.000000000 +0200 | |
43 | +++ coreutils-8.21/man/runcon.x 2013-02-15 14:31:58.938486496 +0100 | |
1d1a6603 SS |
44 | @@ -1,5 +1,5 @@ |
45 | [NAME] | |
46 | -runcon \- run command with specified security context | |
47 | +runcon \- run command with specified SELinux security context | |
48 | [DESCRIPTION] | |
49 | Run COMMAND with completely-specified CONTEXT, or with current or | |
50 | transitioned security context modified by one or more of LEVEL, | |
e5317bd9 SS |
51 | diff -urNp coreutils-8.21-orig/src/chcon.c coreutils-8.21/src/chcon.c |
52 | --- coreutils-8.21-orig/src/chcon.c 2013-01-31 01:46:24.000000000 +0100 | |
53 | +++ coreutils-8.21/src/chcon.c 2013-02-15 14:31:58.939469828 +0100 | |
54 | @@ -355,7 +355,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\ | |
3badd2da SS |
55 | "), |
56 | program_name, program_name, program_name); | |
57 | fputs (_("\ | |
58 | -Change the security context of each FILE to CONTEXT.\n\ | |
59 | +Change the SELinux security context of each FILE to CONTEXT.\n\ | |
60 | With --reference, change the security context of each FILE to that of RFILE.\n\ | |
fa4603be | 61 | "), stdout); |
e5317bd9 SS |
62 | |
63 | diff -urNp coreutils-8.21-orig/src/copy.c coreutils-8.21/src/copy.c | |
64 | --- coreutils-8.21-orig/src/copy.c 2013-02-07 10:37:05.000000000 +0100 | |
65 | +++ coreutils-8.21/src/copy.c 2013-02-15 14:31:58.941467872 +0100 | |
66 | @@ -2315,6 +2315,8 @@ copy_internal (char const *src_name, cha | |
1d1a6603 SS |
67 | { |
68 | /* Here, we are crossing a file system boundary and cp's -x option | |
69 | is in effect: so don't copy the contents of this directory. */ | |
70 | + if (x->preserve_security_context) | |
71 | + restore_default_fscreatecon_or_die (); | |
72 | } | |
73 | else | |
74 | { | |
e5317bd9 SS |
75 | diff -urNp coreutils-8.21-orig/src/copy.h coreutils-8.21/src/copy.h |
76 | --- coreutils-8.21-orig/src/copy.h 2013-01-31 01:46:24.000000000 +0100 | |
77 | +++ coreutils-8.21/src/copy.h 2013-02-15 14:31:58.943470982 +0100 | |
78 | @@ -159,6 +159,9 @@ struct cp_options | |
1d1a6603 | 79 | bool preserve_timestamps; |
e5317bd9 | 80 | bool explicit_no_preserve_mode; |
1d1a6603 SS |
81 | |
82 | + /* If true, attempt to set specified security context */ | |
83 | + bool set_security_context; | |
84 | + | |
85 | /* Enabled for mv, and for cp by the --preserve=links option. | |
86 | If true, attempt to preserve in the destination files any | |
87 | logical hard links between the source files. If used with cp's | |
e5317bd9 SS |
88 | diff -urNp coreutils-8.21-orig/src/cp.c coreutils-8.21/src/cp.c |
89 | --- coreutils-8.21-orig/src/cp.c 2013-02-07 10:37:05.000000000 +0100 | |
90 | +++ coreutils-8.21/src/cp.c 2013-02-15 14:31:58.945468929 +0100 | |
1d1a6603 SS |
91 | @@ -141,6 +141,7 @@ static struct option const long_opts[] = |
92 | {"target-directory", required_argument, NULL, 't'}, | |
93 | {"update", no_argument, NULL, 'u'}, | |
94 | {"verbose", no_argument, NULL, 'v'}, | |
95 | + {"context", required_argument, NULL, 'Z'}, | |
96 | {GETOPT_HELP_OPTION_DECL}, | |
97 | {GETOPT_VERSION_OPTION_DECL}, | |
98 | {NULL, 0, NULL, 0} | |
e5317bd9 | 99 | @@ -201,6 +202,9 @@ Copy SOURCE to DEST, or multiple SOURCE( |
1d1a6603 SS |
100 | all\n\ |
101 | "), stdout); | |
102 | fputs (_("\ | |
103 | + -c same as --preserve=context\n\ | |
104 | +"), stdout); | |
105 | + fputs (_("\ | |
106 | --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ | |
107 | --parents use full source file name under DIRECTORY\n\ | |
108 | "), stdout); | |
e5317bd9 | 109 | @@ -227,6 +231,7 @@ Copy SOURCE to DEST, or multiple SOURCE( |
1d1a6603 SS |
110 | destination file is missing\n\ |
111 | -v, --verbose explain what is being done\n\ | |
112 | -x, --one-file-system stay on this file system\n\ | |
113 | + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\ | |
114 | "), stdout); | |
115 | fputs (HELP_OPTION_DESCRIPTION, stdout); | |
116 | fputs (VERSION_OPTION_DESCRIPTION, stdout); | |
e5317bd9 SS |
117 | @@ -784,6 +789,7 @@ cp_option_init (struct cp_options *x) |
118 | x->explicit_no_preserve_mode = false; | |
1d1a6603 SS |
119 | x->preserve_security_context = false; |
120 | x->require_preserve_context = false; | |
121 | + x->set_security_context = false; | |
122 | x->preserve_xattr = false; | |
123 | x->reduce_diagnostics = false; | |
124 | x->require_preserve_xattr = false; | |
407c5be3 | 125 | @@ -933,7 +939,7 @@ main (int argc, char **argv) |
1d1a6603 SS |
126 | we'll actually use backup_suffix_string. */ |
127 | backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); | |
128 | ||
129 | - while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T", | |
130 | + while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:", | |
131 | long_opts, NULL)) | |
132 | != -1) | |
133 | { | |
407c5be3 | 134 | @@ -981,6 +987,16 @@ main (int argc, char **argv) |
1d1a6603 SS |
135 | copy_contents = true; |
136 | break; | |
137 | ||
138 | + case 'c': | |
139 | + if ( x.set_security_context ) { | |
140 | + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); | |
141 | + exit( 1 ); | |
142 | + } | |
143 | + else if (selinux_enabled) { | |
144 | + x.preserve_security_context = true; | |
145 | + x.require_preserve_context = true; | |
146 | + } | |
147 | + break; | |
148 | case 'd': | |
149 | x.preserve_links = true; | |
150 | x.dereference = DEREF_NEVER; | |
e5317bd9 | 151 | @@ -1091,6 +1107,27 @@ main (int argc, char **argv) |
1d1a6603 SS |
152 | x.one_file_system = true; |
153 | break; | |
154 | ||
155 | + | |
156 | + case 'Z': | |
157 | + /* politely decline if we're not on a selinux-enabled kernel. */ | |
158 | + if( !selinux_enabled ) { | |
159 | + fprintf( stderr, "Warning: ignoring --context (-Z). " | |
160 | + "It requires a SELinux enabled kernel.\n" ); | |
161 | + break; | |
162 | + } | |
163 | + if ( x.preserve_security_context ) { | |
164 | + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg); | |
165 | + exit( 1 ); | |
166 | + } | |
167 | + x.set_security_context = true; | |
168 | + /* if there's a security_context given set new path | |
169 | + components to that context, too */ | |
170 | + if ( setfscreatecon(optarg) < 0 ) { | |
171 | + (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg); | |
172 | + exit( 1 ); | |
173 | + } | |
174 | + break; | |
175 | + | |
176 | case 'S': | |
177 | make_backups = true; | |
178 | backup_suffix_string = optarg; | |
e5317bd9 SS |
179 | diff -urNp coreutils-8.21-orig/src/id.c coreutils-8.21/src/id.c |
180 | --- coreutils-8.21-orig/src/id.c 2013-01-31 01:46:24.000000000 +0100 | |
181 | +++ coreutils-8.21/src/id.c 2013-02-15 14:31:58.946469154 +0100 | |
182 | @@ -106,7 +106,7 @@ int | |
1d1a6603 SS |
183 | main (int argc, char **argv) |
184 | { | |
185 | int optc; | |
186 | - int selinux_enabled = (is_selinux_enabled () > 0); | |
187 | + bool selinux_enabled = (is_selinux_enabled () > 0); | |
188 | ||
189 | /* If true, output the list of all group IDs. -G */ | |
190 | bool just_group_list = false; | |
e5317bd9 SS |
191 | diff -urNp coreutils-8.21-orig/src/install.c coreutils-8.21/src/install.c |
192 | --- coreutils-8.21-orig/src/install.c 2013-02-07 10:37:05.000000000 +0100 | |
193 | +++ coreutils-8.21/src/install.c 2013-02-15 14:31:58.948469440 +0100 | |
194 | @@ -280,6 +280,7 @@ cp_option_init (struct cp_options *x) | |
1d1a6603 SS |
195 | x->data_copy_required = true; |
196 | x->require_preserve = false; | |
197 | x->require_preserve_context = false; | |
198 | + x->set_security_context = false; | |
199 | x->require_preserve_xattr = false; | |
200 | x->recursive = false; | |
201 | x->sparse_mode = SPARSE_AUTO; | |
e5317bd9 | 202 | @@ -639,7 +640,7 @@ In the 4th form, create all components o |
3badd2da SS |
203 | -v, --verbose print the name of each directory as it is created\n\ |
204 | "), stdout); | |
205 | fputs (_("\ | |
206 | - --preserve-context preserve SELinux security context\n\ | |
207 | + -P, --preserve-context preserve SELinux security context\n\ | |
208 | -Z, --context=CONTEXT set SELinux security context of files and directories\ | |
209 | \n\ | |
210 | "), stdout); | |
e5317bd9 | 211 | @@ -782,7 +783,7 @@ main (int argc, char **argv) |
1d1a6603 SS |
212 | we'll actually use backup_suffix_string. */ |
213 | backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); | |
214 | ||
215 | - while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options, | |
216 | + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options, | |
217 | NULL)) != -1) | |
218 | { | |
219 | switch (optc) | |
e5317bd9 | 220 | @@ -853,6 +854,7 @@ main (int argc, char **argv) |
3badd2da SS |
221 | no_target_directory = true; |
222 | break; | |
223 | ||
1d1a6603 SS |
224 | + case 'P': |
225 | case PRESERVE_CONTEXT_OPTION: | |
226 | if ( ! selinux_enabled) | |
227 | { | |
e5317bd9 | 228 | @@ -860,6 +862,10 @@ main (int argc, char **argv) |
1d1a6603 SS |
229 | "this kernel is not SELinux-enabled")); |
230 | break; | |
231 | } | |
232 | + if ( x.set_security_context ) { | |
233 | + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); | |
234 | + exit( 1 ); | |
235 | + } | |
236 | x.preserve_security_context = true; | |
237 | use_default_selinux_context = false; | |
238 | break; | |
e5317bd9 | 239 | @@ -871,6 +877,7 @@ main (int argc, char **argv) |
1d1a6603 SS |
240 | break; |
241 | } | |
242 | scontext = optarg; | |
243 | + x.set_security_context = true; | |
244 | use_default_selinux_context = false; | |
245 | break; | |
246 | case_GETOPT_HELP_CHAR; | |
e5317bd9 SS |
247 | diff -urNp coreutils-8.21-orig/src/ls.c coreutils-8.21/src/ls.c |
248 | --- coreutils-8.21-orig/src/ls.c 2013-02-03 04:24:02.000000000 +0100 | |
249 | +++ coreutils-8.21/src/ls.c 2013-02-15 14:31:58.953469008 +0100 | |
250 | @@ -165,7 +165,8 @@ enum filetype | |
1d1a6603 SS |
251 | symbolic_link, |
252 | sock, | |
253 | whiteout, | |
254 | - arg_directory | |
255 | + arg_directory, | |
256 | + command_line | |
257 | }; | |
258 | ||
259 | /* Display letters and indicators for each filetype. | |
e5317bd9 | 260 | @@ -281,6 +282,7 @@ static void queue_directory (char const |
fa4603be | 261 | bool command_line_arg); |
1d1a6603 SS |
262 | static void sort_files (void); |
263 | static void parse_ls_color (void); | |
1d1a6603 SS |
264 | +static void print_scontext_format (const struct fileinfo *f); |
265 | ||
266 | /* Initial size of hash table. | |
267 | Most hierarchies are likely to be shallower than this. */ | |
e5317bd9 | 268 | @@ -350,7 +352,7 @@ static struct pending *pending_dirs; |
1d1a6603 SS |
269 | |
270 | static struct timespec current_time; | |
271 | ||
272 | -static bool print_scontext; | |
273 | +static int print_scontext = 0; | |
274 | static char UNKNOWN_SECURITY_CONTEXT[] = "?"; | |
275 | ||
276 | /* Whether any of the files has an ACL. This affects the width of the | |
e5317bd9 | 277 | @@ -390,7 +392,9 @@ enum format |
1d1a6603 SS |
278 | one_per_line, /* -1 */ |
279 | many_per_line, /* -C */ | |
280 | horizontal, /* -x */ | |
281 | - with_commas /* -m */ | |
282 | + with_commas, /* -m */ | |
283 | + security_format, /* -Z */ | |
284 | + invalid_format | |
285 | }; | |
286 | ||
287 | static enum format format; | |
e5317bd9 | 288 | @@ -793,6 +797,9 @@ enum |
1d1a6603 SS |
289 | SHOW_CONTROL_CHARS_OPTION, |
290 | SI_OPTION, | |
291 | SORT_OPTION, | |
292 | + CONTEXT_OPTION, | |
293 | + LCONTEXT_OPTION, | |
294 | + SCONTEXT_OPTION, | |
295 | TIME_OPTION, | |
296 | TIME_STYLE_OPTION | |
297 | }; | |
e7f6ab54 | 298 | @@ -839,7 +846,9 @@ static struct option const long_options[ |
1d1a6603 SS |
299 | {"time-style", required_argument, NULL, TIME_STYLE_OPTION}, |
300 | {"color", optional_argument, NULL, COLOR_OPTION}, | |
301 | {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION}, | |
302 | - {"context", no_argument, 0, 'Z'}, | |
303 | + {"context", no_argument, 0, CONTEXT_OPTION}, | |
304 | + {"lcontext", no_argument, 0, LCONTEXT_OPTION}, | |
305 | + {"scontext", no_argument, 0, SCONTEXT_OPTION}, | |
306 | {"author", no_argument, NULL, AUTHOR_OPTION}, | |
307 | {GETOPT_HELP_OPTION_DECL}, | |
308 | {GETOPT_VERSION_OPTION_DECL}, | |
e7f6ab54 | 309 | @@ -849,12 +858,12 @@ static struct option const long_options[ |
1d1a6603 SS |
310 | static char const *const format_args[] = |
311 | { | |
312 | "verbose", "long", "commas", "horizontal", "across", | |
313 | - "vertical", "single-column", NULL | |
314 | + "vertical", "single-column", "context", NULL | |
315 | }; | |
316 | static enum format const format_types[] = | |
317 | { | |
318 | long_format, long_format, with_commas, horizontal, horizontal, | |
319 | - many_per_line, one_per_line | |
320 | + many_per_line, one_per_line, security_format | |
321 | }; | |
322 | ARGMATCH_VERIFY (format_args, format_types); | |
323 | ||
e7f6ab54 | 324 | @@ -1296,7 +1305,8 @@ main (int argc, char **argv) |
1d1a6603 SS |
325 | /* Avoid following symbolic links when possible. */ |
326 | if (is_colored (C_ORPHAN) | |
327 | || (is_colored (C_EXEC) && color_symlink_as_referent) | |
328 | - || (is_colored (C_MISSING) && format == long_format)) | |
329 | + || (is_colored (C_MISSING) && (format == long_format | |
330 | + || format == security_format))) | |
331 | check_symlink_color = true; | |
332 | ||
333 | /* If the standard output is a controlling terminal, watch out | |
e7f6ab54 | 334 | @@ -1343,7 +1353,7 @@ main (int argc, char **argv) |
1d1a6603 SS |
335 | if (dereference == DEREF_UNDEFINED) |
336 | dereference = ((immediate_dirs | |
337 | || indicator_style == classify | |
338 | - || format == long_format) | |
339 | + || format == long_format || format == security_format) | |
340 | ? DEREF_NEVER | |
341 | : DEREF_COMMAND_LINE_SYMLINK_TO_DIR); | |
342 | ||
e7f6ab54 | 343 | @@ -1363,7 +1373,7 @@ main (int argc, char **argv) |
1d1a6603 SS |
344 | |
345 | format_needs_stat = sort_type == sort_time || sort_type == sort_size | |
346 | || format == long_format | |
347 | - || print_scontext | |
348 | + || format == security_format || print_scontext | |
349 | || print_block_size; | |
350 | format_needs_type = (! format_needs_stat | |
351 | && (recursive | |
e7f6ab54 | 352 | @@ -1394,7 +1404,7 @@ main (int argc, char **argv) |
1d1a6603 SS |
353 | } |
354 | else | |
355 | do | |
356 | - gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, ""); | |
357 | + gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, ""); | |
358 | while (i < argc); | |
359 | ||
360 | if (cwd_n_used) | |
e7f6ab54 | 361 | @@ -1565,7 +1575,7 @@ decode_switches (int argc, char **argv) |
1d1a6603 SS |
362 | ignore_mode = IGNORE_DEFAULT; |
363 | ignore_patterns = NULL; | |
364 | hide_patterns = NULL; | |
365 | - print_scontext = false; | |
366 | + print_scontext = 0; | |
367 | ||
368 | /* FIXME: put this in a function. */ | |
369 | { | |
e5317bd9 | 370 | @@ -1941,13 +1951,27 @@ decode_switches (int argc, char **argv) |
1d1a6603 SS |
371 | break; |
372 | ||
373 | case 'Z': | |
374 | - print_scontext = true; | |
375 | + print_scontext = 1; | |
376 | + format = security_format; | |
377 | break; | |
378 | ||
379 | case_GETOPT_HELP_CHAR; | |
380 | ||
381 | case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); | |
382 | ||
383 | + case CONTEXT_OPTION: /* default security context format */ | |
384 | + print_scontext = 1; | |
385 | + format = security_format; | |
386 | + break; | |
387 | + case LCONTEXT_OPTION: /* long format plus security context */ | |
388 | + print_scontext = 1; | |
389 | + format = long_format; | |
390 | + break; | |
391 | + case SCONTEXT_OPTION: /* short form of new security format */ | |
392 | + print_scontext = 0; | |
393 | + format = security_format; | |
394 | + break; | |
395 | + | |
396 | default: | |
397 | usage (LS_FAILURE); | |
398 | } | |
e5317bd9 | 399 | @@ -2883,6 +2907,7 @@ gobble_file (char const *name, enum file |
1d1a6603 SS |
400 | memset (f, '\0', sizeof *f); |
401 | f->stat.st_ino = inode; | |
402 | f->filetype = type; | |
403 | + f->scontext = NULL; | |
404 | ||
405 | if (command_line_arg | |
406 | || format_needs_stat | |
e5317bd9 | 407 | @@ -2995,7 +3020,7 @@ gobble_file (char const *name, enum file |
1d1a6603 | 408 | && print_with_color && is_colored (C_CAP)) |
6987acf5 | 409 | f->has_capability = has_capability_cache (absolute_name, f); |
1d1a6603 SS |
410 | |
411 | - if (format == long_format || print_scontext) | |
412 | + if (format == long_format || format == security_format || print_scontext) | |
413 | { | |
414 | bool have_selinux = false; | |
415 | bool have_acl = false; | |
e5317bd9 | 416 | @@ -3016,7 +3041,7 @@ gobble_file (char const *name, enum file |
1d1a6603 SS |
417 | err = 0; |
418 | } | |
419 | ||
420 | - if (err == 0 && format == long_format) | |
421 | + if (err == 0 && (format == long_format || format == security_format)) | |
422 | { | |
6987acf5 | 423 | int n = file_has_acl_cache (absolute_name, f); |
1d1a6603 | 424 | err = (n < 0); |
e5317bd9 | 425 | @@ -3035,7 +3060,8 @@ gobble_file (char const *name, enum file |
1d1a6603 SS |
426 | } |
427 | ||
428 | if (S_ISLNK (f->stat.st_mode) | |
429 | - && (format == long_format || check_symlink_color)) | |
430 | + && (format == long_format || format == security_format | |
431 | + || check_symlink_color)) | |
432 | { | |
1d1a6603 | 433 | struct stat linkstats; |
764f5877 | 434 | |
e5317bd9 | 435 | @@ -3054,6 +3080,7 @@ gobble_file (char const *name, enum file |
1d1a6603 SS |
436 | command line are automatically traced if not being |
437 | listed as files. */ | |
438 | if (!command_line_arg || format == long_format | |
439 | + || format == security_format | |
440 | || !S_ISDIR (linkstats.st_mode)) | |
441 | { | |
442 | /* Get the linked-to file's mode for the filetype indicator | |
e5317bd9 | 443 | @@ -3087,7 +3114,7 @@ gobble_file (char const *name, enum file |
1d1a6603 SS |
444 | block_size_width = len; |
445 | } | |
446 | ||
447 | - if (format == long_format) | |
448 | + if (format == long_format || format == security_format) | |
449 | { | |
450 | if (print_owner) | |
451 | { | |
e5317bd9 | 452 | @@ -3591,6 +3618,13 @@ print_current_files (void) |
1d1a6603 SS |
453 | print_long_format (sorted_file[i]); |
454 | DIRED_PUTCHAR ('\n'); | |
455 | } | |
456 | + break; | |
457 | + case security_format: | |
458 | + for (i = 0; i < cwd_n_used; i++) | |
459 | + { | |
460 | + print_scontext_format (sorted_file[i]); | |
461 | + DIRED_PUTCHAR ('\n'); | |
462 | + } | |
463 | break; | |
464 | } | |
465 | } | |
e5317bd9 | 466 | @@ -3753,6 +3787,67 @@ format_inode (char *buf, size_t buflen, |
1d1a6603 SS |
467 | : (char *) "?"); |
468 | } | |
469 | ||
470 | +/* Print info about f in scontext format */ | |
471 | +static void | |
472 | +print_scontext_format (const struct fileinfo *f) | |
473 | +{ | |
474 | + char modebuf[12]; | |
475 | + | |
476 | + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes, | |
477 | + 1 10-byte mode string, | |
478 | + 9 spaces, one following each of these fields, and | |
479 | + 1 trailing NUL byte. */ | |
480 | + | |
481 | + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1]; | |
482 | + char *buf = init_bigbuf; | |
483 | + char *p; | |
484 | + | |
485 | + p = buf; | |
486 | + | |
487 | + if ( print_scontext ) { /* zero means terse listing */ | |
488 | + filemodestring (&f->stat, modebuf); | |
489 | + if (! any_has_acl) | |
490 | + modebuf[10] = '\0'; | |
491 | + else if (f->acl_type == ACL_T_SELINUX_ONLY) | |
492 | + modebuf[10] = '.'; | |
493 | + else if (f->acl_type == ACL_T_YES) | |
494 | + modebuf[10] = '+'; | |
495 | + modebuf[11] = '\0'; | |
496 | + | |
497 | + /* print mode */ | |
498 | + | |
499 | + (void) sprintf (p, "%s ", modebuf); | |
500 | + p += strlen (p); | |
501 | + | |
502 | + /* print standard user and group */ | |
503 | + | |
504 | + DIRED_FPUTS (buf, stdout, p - buf); | |
505 | + format_user (f->stat.st_uid, owner_width, f->stat_ok); | |
506 | + format_group (f->stat.st_gid, group_width, f->stat_ok); | |
507 | + p = buf; | |
508 | + } | |
509 | + | |
510 | + (void) sprintf (p, "%-32s ", f->scontext ?: ""); | |
511 | + p += strlen (p); | |
512 | + | |
513 | + DIRED_INDENT (); | |
514 | + DIRED_FPUTS (buf, stdout, p - buf); | |
515 | + size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf); | |
516 | + | |
517 | + if (f->filetype == symbolic_link) { | |
518 | + if (f->linkname) { | |
519 | + DIRED_FPUTS_LITERAL (" -> ", stdout); | |
520 | + print_name_with_quoting (f, true, NULL, (p - buf) + w + 4); | |
521 | + if (indicator_style != none) | |
522 | + print_type_indicator (f->stat_ok, f->linkmode, f->filetype); | |
523 | + } | |
524 | + } | |
525 | + else { | |
526 | + if (indicator_style != none) | |
527 | + print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype); | |
528 | + } | |
529 | +} | |
530 | + | |
531 | /* Print information about F in long format. */ | |
532 | static void | |
533 | print_long_format (const struct fileinfo *f) | |
e5317bd9 | 534 | @@ -3844,9 +3939,15 @@ print_long_format (const struct fileinfo |
1d1a6603 SS |
535 | The latter is wrong when nlink_width is zero. */ |
536 | p += strlen (p); | |
537 | ||
538 | + if (print_scontext) | |
539 | + { | |
540 | + sprintf (p, "%-32s ", f->scontext ? f->scontext : ""); | |
541 | + p += strlen (p); | |
542 | + } | |
543 | + | |
544 | DIRED_INDENT (); | |
545 | ||
546 | - if (print_owner || print_group || print_author || print_scontext) | |
547 | + if (print_owner || print_group || print_author) | |
548 | { | |
549 | DIRED_FPUTS (buf, stdout, p - buf); | |
550 | ||
e5317bd9 | 551 | @@ -3859,9 +3960,6 @@ print_long_format (const struct fileinfo |
1d1a6603 SS |
552 | if (print_author) |
553 | format_user (f->stat.st_author, author_width, f->stat_ok); | |
554 | ||
555 | - if (print_scontext) | |
556 | - format_user_or_group (f->scontext, 0, scontext_width); | |
557 | - | |
558 | p = buf; | |
559 | } | |
560 | ||
e5317bd9 | 561 | @@ -4207,9 +4305,6 @@ print_file_name_and_frills (const struct |
1d1a6603 SS |
562 | : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts, |
563 | ST_NBLOCKSIZE, output_block_size)); | |
564 | ||
565 | - if (print_scontext) | |
566 | - printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext); | |
567 | - | |
568 | size_t width = print_name_with_quoting (f, false, NULL, start_col); | |
569 | ||
570 | if (indicator_style != none) | |
e5317bd9 | 571 | @@ -4417,9 +4512,6 @@ length_of_file_name_and_frills (const st |
1d1a6603 SS |
572 | output_block_size)) |
573 | : block_size_width); | |
574 | ||
575 | - if (print_scontext) | |
576 | - len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width); | |
577 | - | |
578 | quote_name (NULL, f->name, filename_quoting_options, &name_width); | |
579 | len += name_width; | |
580 | ||
e5317bd9 | 581 | @@ -4856,9 +4948,16 @@ Sort entries alphabetically if none of - |
1d1a6603 SS |
582 | -w, --width=COLS assume screen width instead of current value\n\ |
583 | -x list entries by lines instead of by columns\n\ | |
584 | -X sort alphabetically by entry extension\n\ | |
585 | - -Z, --context print any SELinux security context of each file\n\ | |
586 | -1 list one file per line\n\ | |
587 | "), stdout); | |
588 | + fputs(_("\nSELinux options:\n\n\ | |
589 | + --lcontext Display security context. Enable -l. Lines\n\ | |
590 | + will probably be too wide for most displays.\n\ | |
591 | + -Z, --context Display security context so it fits on most\n\ | |
592 | + displays. Displays only mode, user, group,\n\ | |
593 | + security context and file name.\n\ | |
594 | + --scontext Display only security context and file name.\n\ | |
595 | +"), stdout); | |
596 | fputs (HELP_OPTION_DESCRIPTION, stdout); | |
597 | fputs (VERSION_OPTION_DESCRIPTION, stdout); | |
598 | emit_size_note (); | |
e5317bd9 SS |
599 | diff -urNp coreutils-8.21-orig/src/mkdir.c coreutils-8.21/src/mkdir.c |
600 | --- coreutils-8.21-orig/src/mkdir.c 2013-01-31 01:46:24.000000000 +0100 | |
601 | +++ coreutils-8.21/src/mkdir.c 2013-02-15 14:31:58.954469576 +0100 | |
1d1a6603 SS |
602 | @@ -38,6 +38,7 @@ |
603 | static struct option const longopts[] = | |
604 | { | |
605 | {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, | |
606 | + {"context", required_argument, NULL, 'Z'}, | |
607 | {"mode", required_argument, NULL, 'm'}, | |
608 | {"parents", no_argument, NULL, 'p'}, | |
609 | {"verbose", no_argument, NULL, 'v'}, | |
e5317bd9 SS |
610 | diff -urNp coreutils-8.21-orig/src/mknod.c coreutils-8.21/src/mknod.c |
611 | --- coreutils-8.21-orig/src/mknod.c 2013-01-31 01:46:24.000000000 +0100 | |
612 | +++ coreutils-8.21/src/mknod.c 2013-02-15 14:31:58.955470548 +0100 | |
1d1a6603 SS |
613 | @@ -35,7 +35,7 @@ |
614 | ||
615 | static struct option const longopts[] = | |
616 | { | |
617 | - {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, | |
618 | + {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, | |
619 | {"mode", required_argument, NULL, 'm'}, | |
620 | {GETOPT_HELP_OPTION_DECL}, | |
621 | {GETOPT_VERSION_OPTION_DECL}, | |
e5317bd9 SS |
622 | diff -urNp coreutils-8.21-orig/src/mv.c coreutils-8.21/src/mv.c |
623 | --- coreutils-8.21-orig/src/mv.c 2013-02-07 10:37:05.000000000 +0100 | |
624 | +++ coreutils-8.21/src/mv.c 2013-02-15 14:31:58.956469593 +0100 | |
625 | @@ -120,6 +120,7 @@ cp_option_init (struct cp_options *x) | |
1d1a6603 | 626 | x->preserve_timestamps = true; |
e5317bd9 | 627 | x->explicit_no_preserve_mode= false; |
1d1a6603 SS |
628 | x->preserve_security_context = selinux_enabled; |
629 | + x->set_security_context = false; | |
630 | x->reduce_diagnostics = false; | |
631 | x->data_copy_required = true; | |
632 | x->require_preserve = false; /* FIXME: maybe make this an option */ | |
e5317bd9 SS |
633 | diff -urNp coreutils-8.21-orig/src/runcon.c coreutils-8.21/src/runcon.c |
634 | --- coreutils-8.21-orig/src/runcon.c 2013-01-31 01:46:24.000000000 +0100 | |
635 | +++ coreutils-8.21/src/runcon.c 2013-02-15 14:31:58.956469593 +0100 | |
636 | @@ -85,7 +85,7 @@ Usage: %s CONTEXT COMMAND [args]\n\ | |
1d1a6603 SS |
637 | or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\ |
638 | "), program_name, program_name); | |
639 | fputs (_("\ | |
640 | -Run a program in a different security context.\n\ | |
641 | +Run a program in a different SELinux security context.\n\ | |
642 | With neither CONTEXT nor COMMAND, print the current security context.\n\ | |
e5317bd9 | 643 | "), stdout); |
1d1a6603 | 644 | |
e5317bd9 SS |
645 | diff -urNp coreutils-8.21-orig/tests/misc/selinux.sh coreutils-8.21/tests/misc/selinux.sh |
646 | --- coreutils-8.21-orig/tests/misc/selinux.sh 2013-01-31 01:46:24.000000000 +0100 | |
647 | +++ coreutils-8.21/tests/misc/selinux.sh 2013-02-15 14:31:58.957469955 +0100 | |
407c5be3 | 648 | @@ -37,7 +37,7 @@ chcon $ctx f d p || |
1d1a6603 SS |
649 | |
650 | # inspect that context with both ls -Z and stat. | |
651 | for i in d f p; do | |
764f5877 SS |
652 | - c=$(ls -dogZ $i|cut -d' ' -f3); test x$c = x$ctx || fail=1 |
653 | + c=$(ls -dogZ $i|cut -d' ' -f4); test x$c = x$ctx || fail=1 | |
654 | c=$(stat --printf %C $i); test x$c = x$ctx || fail=1 | |
1d1a6603 SS |
655 | done |
656 |