]> git.ipfire.org Git - people/arne_f/ipfire-3.x.git/blob - coreutils/patches/coreutils-selinux.patch
Change file layout of the makefiles.
[people/arne_f/ipfire-3.x.git] / coreutils / patches / coreutils-selinux.patch
1 diff -urNp coreutils-8.11-orig/configure.ac coreutils-8.11/configure.ac
2 --- coreutils-8.11-orig/configure.ac 2011-04-14 11:05:27.511308852 +0200
3 +++ coreutils-8.11/configure.ac 2011-04-14 11:06:05.481433832 +0200
4 @@ -132,6 +132,13 @@ if test "$gl_gcc_warnings" = yes; then
5 AC_SUBST([GNULIB_TEST_WARN_CFLAGS])
6 fi
7
8 +dnl Give the chance to enable SELINUX
9 +AC_ARG_ENABLE(selinux, dnl
10 +[ --enable-selinux Enable use of the SELINUX libraries],
11 +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
12 +LIB_SELINUX="-lselinux"
13 +AC_SUBST(LIB_SELINUX)])
14 +
15 AC_FUNC_FORK
16
17 AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
18 diff -urNp coreutils-8.11-orig/man/chcon.x coreutils-8.11/man/chcon.x
19 --- coreutils-8.11-orig/man/chcon.x 2009-09-01 13:01:16.000000000 +0200
20 +++ coreutils-8.11/man/chcon.x 2011-04-14 11:06:05.482433878 +0200
21 @@ -1,4 +1,4 @@
22 [NAME]
23 -chcon \- change file security context
24 +chcon \- change file SELinux security context
25 [DESCRIPTION]
26 .\" Add any additional description here
27 diff -urNp coreutils-8.11-orig/man/runcon.x coreutils-8.11/man/runcon.x
28 --- coreutils-8.11-orig/man/runcon.x 2009-09-01 13:01:16.000000000 +0200
29 +++ coreutils-8.11/man/runcon.x 2011-04-14 11:06:05.483445779 +0200
30 @@ -1,5 +1,5 @@
31 [NAME]
32 -runcon \- run command with specified security context
33 +runcon \- run command with specified SELinux security context
34 [DESCRIPTION]
35 Run COMMAND with completely-specified CONTEXT, or with current or
36 transitioned security context modified by one or more of LEVEL,
37 diff -urNp coreutils-8.11-orig/src/chcon.c coreutils-8.11/src/chcon.c
38 --- coreutils-8.11-orig/src/chcon.c 2011-02-19 18:17:03.000000000 +0100
39 +++ coreutils-8.11/src/chcon.c 2011-04-14 11:06:05.489434075 +0200
40 @@ -356,7 +356,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\
41 "),
42 program_name, program_name, program_name);
43 fputs (_("\
44 -Change the security context of each FILE to CONTEXT.\n\
45 +Change the SELinux security context of each FILE to CONTEXT.\n\
46 With --reference, change the security context of each FILE to that of RFILE.\n\
47 \n\
48 -h, --no-dereference affect symbolic links instead of any referenced file\n\
49 diff -urNp coreutils-8.11-orig/src/copy.c coreutils-8.11/src/copy.c
50 --- coreutils-8.11-orig/src/copy.c 2011-04-12 12:07:43.000000000 +0200
51 +++ coreutils-8.11/src/copy.c 2011-04-14 11:06:05.485433752 +0200
52 @@ -2179,6 +2179,8 @@ copy_internal (char const *src_name, cha
53 {
54 /* Here, we are crossing a file system boundary and cp's -x option
55 is in effect: so don't copy the contents of this directory. */
56 + if (x->preserve_security_context)
57 + restore_default_fscreatecon_or_die ();
58 }
59 else
60 {
61 diff -urNp coreutils-8.11-orig/src/copy.h coreutils-8.11/src/copy.h
62 --- coreutils-8.11-orig/src/copy.h 2011-02-19 18:17:03.000000000 +0100
63 +++ coreutils-8.11/src/copy.h 2011-04-14 11:06:05.487340225 +0200
64 @@ -158,6 +158,9 @@ struct cp_options
65 bool preserve_mode;
66 bool preserve_timestamps;
67
68 + /* If true, attempt to set specified security context */
69 + bool set_security_context;
70 +
71 /* Enabled for mv, and for cp by the --preserve=links option.
72 If true, attempt to preserve in the destination files any
73 logical hard links between the source files. If used with cp's
74 diff -urNp coreutils-8.11-orig/src/cp.c coreutils-8.11/src/cp.c
75 --- coreutils-8.11-orig/src/cp.c 2011-02-19 18:17:03.000000000 +0100
76 +++ coreutils-8.11/src/cp.c 2011-04-14 11:06:05.488433894 +0200
77 @@ -141,6 +141,7 @@ static struct option const long_opts[] =
78 {"target-directory", required_argument, NULL, 't'},
79 {"update", no_argument, NULL, 'u'},
80 {"verbose", no_argument, NULL, 'v'},
81 + {"context", required_argument, NULL, 'Z'},
82 {GETOPT_HELP_OPTION_DECL},
83 {GETOPT_VERSION_OPTION_DECL},
84 {NULL, 0, NULL, 0}
85 @@ -204,6 +205,9 @@ Mandatory arguments to long options are
86 all\n\
87 "), stdout);
88 fputs (_("\
89 + -c same as --preserve=context\n\
90 +"), stdout);
91 + fputs (_("\
92 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
93 --parents use full source file name under DIRECTORY\n\
94 "), stdout);
95 @@ -230,6 +234,7 @@ Mandatory arguments to long options are
96 destination file is missing\n\
97 -v, --verbose explain what is being done\n\
98 -x, --one-file-system stay on this file system\n\
99 + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
100 "), stdout);
101 fputs (HELP_OPTION_DESCRIPTION, stdout);
102 fputs (VERSION_OPTION_DESCRIPTION, stdout);
103 @@ -786,6 +791,7 @@ cp_option_init (struct cp_options *x)
104 x->preserve_timestamps = false;
105 x->preserve_security_context = false;
106 x->require_preserve_context = false;
107 + x->set_security_context = false;
108 x->preserve_xattr = false;
109 x->reduce_diagnostics = false;
110 x->require_preserve_xattr = false;
111 @@ -933,7 +939,7 @@ main (int argc, char **argv)
112 we'll actually use backup_suffix_string. */
113 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
114
115 - while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T",
116 + while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:",
117 long_opts, NULL))
118 != -1)
119 {
120 @@ -981,6 +987,16 @@ main (int argc, char **argv)
121 copy_contents = true;
122 break;
123
124 + case 'c':
125 + if ( x.set_security_context ) {
126 + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
127 + exit( 1 );
128 + }
129 + else if (selinux_enabled) {
130 + x.preserve_security_context = true;
131 + x.require_preserve_context = true;
132 + }
133 + break;
134 case 'd':
135 x.preserve_links = true;
136 x.dereference = DEREF_NEVER;
137 @@ -1090,6 +1106,27 @@ main (int argc, char **argv)
138 x.one_file_system = true;
139 break;
140
141 +
142 + case 'Z':
143 + /* politely decline if we're not on a selinux-enabled kernel. */
144 + if( !selinux_enabled ) {
145 + fprintf( stderr, "Warning: ignoring --context (-Z). "
146 + "It requires a SELinux enabled kernel.\n" );
147 + break;
148 + }
149 + if ( x.preserve_security_context ) {
150 + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
151 + exit( 1 );
152 + }
153 + x.set_security_context = true;
154 + /* if there's a security_context given set new path
155 + components to that context, too */
156 + if ( setfscreatecon(optarg) < 0 ) {
157 + (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg);
158 + exit( 1 );
159 + }
160 + break;
161 +
162 case 'S':
163 make_backups = true;
164 backup_suffix_string = optarg;
165 diff -urNp coreutils-8.11-orig/src/id.c coreutils-8.11/src/id.c
166 --- coreutils-8.11-orig/src/id.c 2011-02-19 18:17:03.000000000 +0100
167 +++ coreutils-8.11/src/id.c 2011-04-14 11:06:05.490435340 +0200
168 @@ -107,7 +107,7 @@ int
169 main (int argc, char **argv)
170 {
171 int optc;
172 - int selinux_enabled = (is_selinux_enabled () > 0);
173 + bool selinux_enabled = (is_selinux_enabled () > 0);
174
175 /* If true, output the list of all group IDs. -G */
176 bool just_group_list = false;
177 diff -urNp coreutils-8.11-orig/src/install.c coreutils-8.11/src/install.c
178 --- coreutils-8.11-orig/src/install.c 2011-04-12 12:07:43.000000000 +0200
179 +++ coreutils-8.11/src/install.c 2011-04-14 11:07:58.333433706 +0200
180 @@ -261,6 +261,7 @@ cp_option_init (struct cp_options *x)
181 x->data_copy_required = true;
182 x->require_preserve = false;
183 x->require_preserve_context = false;
184 + x->set_security_context = false;
185 x->require_preserve_xattr = false;
186 x->recursive = false;
187 x->sparse_mode = SPARSE_AUTO;
188 @@ -622,7 +623,7 @@ Mandatory arguments to long options are
189 -v, --verbose print the name of each directory as it is created\n\
190 "), stdout);
191 fputs (_("\
192 - --preserve-context preserve SELinux security context\n\
193 + -P, --preserve-context preserve SELinux security context\n\
194 -Z, --context=CONTEXT set SELinux security context of files and directories\
195 \n\
196 "), stdout);
197 @@ -765,7 +766,7 @@ main (int argc, char **argv)
198 we'll actually use backup_suffix_string. */
199 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
200
201 - while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options,
202 + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options,
203 NULL)) != -1)
204 {
205 switch (optc)
206 @@ -835,6 +836,7 @@ main (int argc, char **argv)
207 no_target_directory = true;
208 break;
209
210 + case 'P':
211 case PRESERVE_CONTEXT_OPTION:
212 if ( ! selinux_enabled)
213 {
214 @@ -842,6 +844,10 @@ main (int argc, char **argv)
215 "this kernel is not SELinux-enabled"));
216 break;
217 }
218 + if ( x.set_security_context ) {
219 + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
220 + exit( 1 );
221 + }
222 x.preserve_security_context = true;
223 use_default_selinux_context = false;
224 break;
225 @@ -853,6 +859,7 @@ main (int argc, char **argv)
226 break;
227 }
228 scontext = optarg;
229 + x.set_security_context = true;
230 use_default_selinux_context = false;
231 break;
232 case_GETOPT_HELP_CHAR;
233 diff -urNp coreutils-8.11-orig/src/ls.c coreutils-8.11/src/ls.c
234 --- coreutils-8.11-orig/src/ls.c 2011-04-12 12:07:43.000000000 +0200
235 +++ coreutils-8.11/src/ls.c 2011-04-14 11:06:05.498436329 +0200
236 @@ -159,7 +159,8 @@ enum filetype
237 symbolic_link,
238 sock,
239 whiteout,
240 - arg_directory
241 + arg_directory,
242 + command_line
243 };
244
245 /* Display letters and indicators for each filetype.
246 @@ -276,6 +277,7 @@ static void queue_directory (char const
247 static void sort_files (void);
248 static void parse_ls_color (void);
249 void usage (int status);
250 +static void print_scontext_format (const struct fileinfo *f);
251
252 /* Initial size of hash table.
253 Most hierarchies are likely to be shallower than this. */
254 @@ -345,7 +347,7 @@ static struct pending *pending_dirs;
255
256 static struct timespec current_time;
257
258 -static bool print_scontext;
259 +static int print_scontext = 0;
260 static char UNKNOWN_SECURITY_CONTEXT[] = "?";
261
262 /* Whether any of the files has an ACL. This affects the width of the
263 @@ -385,7 +387,9 @@ enum format
264 one_per_line, /* -1 */
265 many_per_line, /* -C */
266 horizontal, /* -x */
267 - with_commas /* -m */
268 + with_commas, /* -m */
269 + security_format, /* -Z */
270 + invalid_format
271 };
272
273 static enum format format;
274 @@ -787,6 +791,9 @@ enum
275 SHOW_CONTROL_CHARS_OPTION,
276 SI_OPTION,
277 SORT_OPTION,
278 + CONTEXT_OPTION,
279 + LCONTEXT_OPTION,
280 + SCONTEXT_OPTION,
281 TIME_OPTION,
282 TIME_STYLE_OPTION
283 };
284 @@ -832,7 +839,9 @@ static struct option const long_options[
285 {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
286 {"color", optional_argument, NULL, COLOR_OPTION},
287 {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
288 - {"context", no_argument, 0, 'Z'},
289 + {"context", no_argument, 0, CONTEXT_OPTION},
290 + {"lcontext", no_argument, 0, LCONTEXT_OPTION},
291 + {"scontext", no_argument, 0, SCONTEXT_OPTION},
292 {"author", no_argument, NULL, AUTHOR_OPTION},
293 {GETOPT_HELP_OPTION_DECL},
294 {GETOPT_VERSION_OPTION_DECL},
295 @@ -842,12 +851,12 @@ static struct option const long_options[
296 static char const *const format_args[] =
297 {
298 "verbose", "long", "commas", "horizontal", "across",
299 - "vertical", "single-column", NULL
300 + "vertical", "single-column", "context", NULL
301 };
302 static enum format const format_types[] =
303 {
304 long_format, long_format, with_commas, horizontal, horizontal,
305 - many_per_line, one_per_line
306 + many_per_line, one_per_line, security_format
307 };
308 ARGMATCH_VERIFY (format_args, format_types);
309
310 @@ -1289,7 +1298,8 @@ main (int argc, char **argv)
311 /* Avoid following symbolic links when possible. */
312 if (is_colored (C_ORPHAN)
313 || (is_colored (C_EXEC) && color_symlink_as_referent)
314 - || (is_colored (C_MISSING) && format == long_format))
315 + || (is_colored (C_MISSING) && (format == long_format
316 + || format == security_format)))
317 check_symlink_color = true;
318
319 /* If the standard output is a controlling terminal, watch out
320 @@ -1336,7 +1346,7 @@ main (int argc, char **argv)
321 if (dereference == DEREF_UNDEFINED)
322 dereference = ((immediate_dirs
323 || indicator_style == classify
324 - || format == long_format)
325 + || format == long_format || format == security_format)
326 ? DEREF_NEVER
327 : DEREF_COMMAND_LINE_SYMLINK_TO_DIR);
328
329 @@ -1356,7 +1366,7 @@ main (int argc, char **argv)
330
331 format_needs_stat = sort_type == sort_time || sort_type == sort_size
332 || format == long_format
333 - || print_scontext
334 + || format == security_format || print_scontext
335 || print_block_size;
336 format_needs_type = (! format_needs_stat
337 && (recursive
338 @@ -1387,7 +1397,7 @@ main (int argc, char **argv)
339 }
340 else
341 do
342 - gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, "");
343 + gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, "");
344 while (i < argc);
345
346 if (cwd_n_used)
347 @@ -1558,7 +1568,7 @@ decode_switches (int argc, char **argv)
348 ignore_mode = IGNORE_DEFAULT;
349 ignore_patterns = NULL;
350 hide_patterns = NULL;
351 - print_scontext = false;
352 + print_scontext = 0;
353
354 /* FIXME: put this in a function. */
355 {
356 @@ -1940,13 +1950,27 @@ decode_switches (int argc, char **argv)
357 break;
358
359 case 'Z':
360 - print_scontext = true;
361 + print_scontext = 1;
362 + format = security_format;
363 break;
364
365 case_GETOPT_HELP_CHAR;
366
367 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
368
369 + case CONTEXT_OPTION: /* default security context format */
370 + print_scontext = 1;
371 + format = security_format;
372 + break;
373 + case LCONTEXT_OPTION: /* long format plus security context */
374 + print_scontext = 1;
375 + format = long_format;
376 + break;
377 + case SCONTEXT_OPTION: /* short form of new security format */
378 + print_scontext = 0;
379 + format = security_format;
380 + break;
381 +
382 default:
383 usage (LS_FAILURE);
384 }
385 @@ -2691,8 +2715,10 @@ clear_files (void)
386 struct fileinfo *f = sorted_file[i];
387 free (f->name);
388 free (f->linkname);
389 - if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
390 - freecon (f->scontext);
391 + if (f->scontext != UNKNOWN_SECURITY_CONTEXT) {
392 + freecon (f->scontext);
393 + f->scontext = NULL;
394 + }
395 }
396
397 cwd_n_used = 0;
398 @@ -2734,6 +2760,7 @@ gobble_file (char const *name, enum file
399 memset (f, '\0', sizeof *f);
400 f->stat.st_ino = inode;
401 f->filetype = type;
402 + f->scontext = NULL;
403
404 if (command_line_arg
405 || format_needs_stat
406 @@ -2843,7 +2870,7 @@ gobble_file (char const *name, enum file
407 && print_with_color && is_colored (C_CAP))
408 f->has_capability = has_capability (absolute_name);
409
410 - if (format == long_format || print_scontext)
411 + if (format == long_format || format == security_format || print_scontext)
412 {
413 bool have_selinux = false;
414 bool have_acl = false;
415 @@ -2866,7 +2893,7 @@ gobble_file (char const *name, enum file
416 err = 0;
417 }
418
419 - if (err == 0 && format == long_format)
420 + if (err == 0 && (format == long_format || format == security_format))
421 {
422 int n = file_has_acl (absolute_name, &f->stat);
423 err = (n < 0);
424 @@ -2885,7 +2912,8 @@ gobble_file (char const *name, enum file
425 }
426
427 if (S_ISLNK (f->stat.st_mode)
428 - && (format == long_format || check_symlink_color))
429 + && (format == long_format || format == security_format
430 + || check_symlink_color))
431 {
432 char *linkname;
433 struct stat linkstats;
434 @@ -2905,6 +2933,7 @@ gobble_file (char const *name, enum file
435 command line are automatically traced if not being
436 listed as files. */
437 if (!command_line_arg || format == long_format
438 + || format == security_format
439 || !S_ISDIR (linkstats.st_mode))
440 {
441 /* Get the linked-to file's mode for the filetype indicator
442 @@ -2944,7 +2973,7 @@ gobble_file (char const *name, enum file
443 block_size_width = len;
444 }
445
446 - if (format == long_format)
447 + if (format == long_format || format == security_format)
448 {
449 if (print_owner)
450 {
451 @@ -3445,6 +3474,13 @@ print_current_files (void)
452 print_long_format (sorted_file[i]);
453 DIRED_PUTCHAR ('\n');
454 }
455 + break;
456 + case security_format:
457 + for (i = 0; i < cwd_n_used; i++)
458 + {
459 + print_scontext_format (sorted_file[i]);
460 + DIRED_PUTCHAR ('\n');
461 + }
462 break;
463 }
464 }
465 @@ -3607,6 +3643,67 @@ format_inode (char *buf, size_t buflen,
466 : (char *) "?");
467 }
468
469 +/* Print info about f in scontext format */
470 +static void
471 +print_scontext_format (const struct fileinfo *f)
472 +{
473 + char modebuf[12];
474 +
475 + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
476 + 1 10-byte mode string,
477 + 9 spaces, one following each of these fields, and
478 + 1 trailing NUL byte. */
479 +
480 + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
481 + char *buf = init_bigbuf;
482 + char *p;
483 +
484 + p = buf;
485 +
486 + if ( print_scontext ) { /* zero means terse listing */
487 + filemodestring (&f->stat, modebuf);
488 + if (! any_has_acl)
489 + modebuf[10] = '\0';
490 + else if (f->acl_type == ACL_T_SELINUX_ONLY)
491 + modebuf[10] = '.';
492 + else if (f->acl_type == ACL_T_YES)
493 + modebuf[10] = '+';
494 + modebuf[11] = '\0';
495 +
496 + /* print mode */
497 +
498 + (void) sprintf (p, "%s ", modebuf);
499 + p += strlen (p);
500 +
501 + /* print standard user and group */
502 +
503 + DIRED_FPUTS (buf, stdout, p - buf);
504 + format_user (f->stat.st_uid, owner_width, f->stat_ok);
505 + format_group (f->stat.st_gid, group_width, f->stat_ok);
506 + p = buf;
507 + }
508 +
509 + (void) sprintf (p, "%-32s ", f->scontext ?: "");
510 + p += strlen (p);
511 +
512 + DIRED_INDENT ();
513 + DIRED_FPUTS (buf, stdout, p - buf);
514 + size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf);
515 +
516 + if (f->filetype == symbolic_link) {
517 + if (f->linkname) {
518 + DIRED_FPUTS_LITERAL (" -> ", stdout);
519 + print_name_with_quoting (f, true, NULL, (p - buf) + w + 4);
520 + if (indicator_style != none)
521 + print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
522 + }
523 + }
524 + else {
525 + if (indicator_style != none)
526 + print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
527 + }
528 +}
529 +
530 /* Print information about F in long format. */
531 static void
532 print_long_format (const struct fileinfo *f)
533 @@ -3698,9 +3795,15 @@ print_long_format (const struct fileinfo
534 The latter is wrong when nlink_width is zero. */
535 p += strlen (p);
536
537 + if (print_scontext)
538 + {
539 + sprintf (p, "%-32s ", f->scontext ? f->scontext : "");
540 + p += strlen (p);
541 + }
542 +
543 DIRED_INDENT ();
544
545 - if (print_owner || print_group || print_author || print_scontext)
546 + if (print_owner || print_group || print_author)
547 {
548 DIRED_FPUTS (buf, stdout, p - buf);
549
550 @@ -3713,9 +3816,6 @@ print_long_format (const struct fileinfo
551 if (print_author)
552 format_user (f->stat.st_author, author_width, f->stat_ok);
553
554 - if (print_scontext)
555 - format_user_or_group (f->scontext, 0, scontext_width);
556 -
557 p = buf;
558 }
559
560 @@ -4060,9 +4160,6 @@ print_file_name_and_frills (const struct
561 : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
562 ST_NBLOCKSIZE, output_block_size));
563
564 - if (print_scontext)
565 - printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext);
566 -
567 size_t width = print_name_with_quoting (f, false, NULL, start_col);
568
569 if (indicator_style != none)
570 @@ -4266,9 +4363,6 @@ length_of_file_name_and_frills (const st
571 output_block_size))
572 : block_size_width);
573
574 - if (print_scontext)
575 - len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width);
576 -
577 quote_name (NULL, f->name, filename_quoting_options, &name_width);
578 len += name_width;
579
580 @@ -4707,9 +4801,16 @@ Mandatory arguments to long options are
581 -w, --width=COLS assume screen width instead of current value\n\
582 -x list entries by lines instead of by columns\n\
583 -X sort alphabetically by entry extension\n\
584 - -Z, --context print any SELinux security context of each file\n\
585 -1 list one file per line\n\
586 "), stdout);
587 + fputs(_("\nSELinux options:\n\n\
588 + --lcontext Display security context. Enable -l. Lines\n\
589 + will probably be too wide for most displays.\n\
590 + -Z, --context Display security context so it fits on most\n\
591 + displays. Displays only mode, user, group,\n\
592 + security context and file name.\n\
593 + --scontext Display only security context and file name.\n\
594 +"), stdout);
595 fputs (HELP_OPTION_DESCRIPTION, stdout);
596 fputs (VERSION_OPTION_DESCRIPTION, stdout);
597 emit_size_note ();
598 diff -urNp coreutils-8.11-orig/src/mkdir.c coreutils-8.11/src/mkdir.c
599 --- coreutils-8.11-orig/src/mkdir.c 2011-02-19 18:17:03.000000000 +0100
600 +++ coreutils-8.11/src/mkdir.c 2011-04-14 11:06:05.499460276 +0200
601 @@ -38,6 +38,7 @@
602 static struct option const longopts[] =
603 {
604 {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
605 + {"context", required_argument, NULL, 'Z'},
606 {"mode", required_argument, NULL, 'm'},
607 {"parents", no_argument, NULL, 'p'},
608 {"verbose", no_argument, NULL, 'v'},
609 diff -urNp coreutils-8.11-orig/src/mknod.c coreutils-8.11/src/mknod.c
610 --- coreutils-8.11-orig/src/mknod.c 2011-02-19 18:17:03.000000000 +0100
611 +++ coreutils-8.11/src/mknod.c 2011-04-14 11:06:05.500309648 +0200
612 @@ -35,7 +35,7 @@
613
614 static struct option const longopts[] =
615 {
616 - {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
617 + {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
618 {"mode", required_argument, NULL, 'm'},
619 {GETOPT_HELP_OPTION_DECL},
620 {GETOPT_VERSION_OPTION_DECL},
621 diff -urNp coreutils-8.11-orig/src/mv.c coreutils-8.11/src/mv.c
622 --- coreutils-8.11-orig/src/mv.c 2011-02-19 18:17:03.000000000 +0100
623 +++ coreutils-8.11/src/mv.c 2011-04-14 11:06:05.501309664 +0200
624 @@ -118,6 +118,7 @@ cp_option_init (struct cp_options *x)
625 x->preserve_mode = true;
626 x->preserve_timestamps = true;
627 x->preserve_security_context = selinux_enabled;
628 + x->set_security_context = false;
629 x->reduce_diagnostics = false;
630 x->data_copy_required = true;
631 x->require_preserve = false; /* FIXME: maybe make this an option */
632 diff -urNp coreutils-8.11-orig/src/runcon.c coreutils-8.11/src/runcon.c
633 --- coreutils-8.11-orig/src/runcon.c 2011-02-19 18:17:03.000000000 +0100
634 +++ coreutils-8.11/src/runcon.c 2011-04-14 11:06:05.502310854 +0200
635 @@ -86,7 +86,7 @@ Usage: %s CONTEXT COMMAND [args]\n\
636 or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\
637 "), program_name, program_name);
638 fputs (_("\
639 -Run a program in a different security context.\n\
640 +Run a program in a different SELinux security context.\n\
641 With neither CONTEXT nor COMMAND, print the current security context.\n\
642 \n\
643 CONTEXT Complete security context\n\
644 diff -urNp coreutils-8.11-orig/tests/init.cfg coreutils-8.11/tests/init.cfg
645 --- coreutils-8.11-orig/tests/init.cfg 2011-04-12 12:07:43.000000000 +0200
646 +++ coreutils-8.11/tests/init.cfg 2011-04-14 11:06:05.503308646 +0200
647 @@ -231,8 +231,8 @@ require_selinux_()
648
649 # Independent of whether SELinux is enabled system-wide,
650 # the current file system may lack SELinux support.
651 - case `ls -Zd .` in
652 - '? .'|'unlabeled .')
653 + case `ls -Zd . | cut -f4 -d" "` in
654 + '?'|'unlabeled')
655 skip_test_ "this system (or maybe just" \
656 "the current file system) lacks SELinux support"
657 ;;
658 diff -urNp coreutils-8.11-orig/tests/misc/selinux coreutils-8.11/tests/misc/selinux
659 --- coreutils-8.11-orig/tests/misc/selinux 2011-01-31 13:40:38.000000000 +0100
660 +++ coreutils-8.11/tests/misc/selinux 2011-04-14 11:06:05.504353757 +0200
661 @@ -37,7 +37,7 @@ chcon $ctx f d p ||
662
663 # inspect that context with both ls -Z and stat.
664 for i in d f p; do
665 - c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1
666 + c=`ls -dogZ $i|cut -d' ' -f4`; test x$c = x$ctx || fail=1
667 c=`stat --printf %C $i`; test x$c = x$ctx || fail=1
668 done
669