]> git.ipfire.org Git - people/arne_f/ipfire-3.x.git/blame - coreutils/patches/coreutils-selinux.patch
projects / people / arne_f / ipfire-3.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
coreutils: Update to 8.16.
[people/arne_f/ipfire-3.x.git] / coreutils / patches / coreutils-selinux.patch
CommitLineData
e7f6ab54
SS		 1diff -urNp coreutils-8.13-orig/configure.ac coreutils-8.13/configure.ac
2--- coreutils-8.13-orig/configure.ac 2011-09-09 10:29:52.584690353 +0200
3+++ coreutils-8.13/configure.ac 2011-09-09 10:30:39.524564991 +0200
4@@ -141,6 +141,13 @@ if test "$gl_gcc_warnings" = yes; then
1d1a6603
SS		 5 AC_SUBST([GNULIB_TEST_WARN_CFLAGS])
6 fi
7
8+dnl Give the chance to enable SELINUX
9+AC_ARG_ENABLE(selinux, dnl
10+[ --enable-selinux Enable use of the SELINUX libraries],
11+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
12+LIB_SELINUX="-lselinux"
13+AC_SUBST(LIB_SELINUX)])
14+
15 AC_FUNC_FORK
16
17 AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
e7f6ab54
SS		 18diff -urNp coreutils-8.13-orig/man/chcon.x coreutils-8.13/man/chcon.x
19--- coreutils-8.13-orig/man/chcon.x 2009-09-01 13:01:16.000000000 +0200
20+++ coreutils-8.13/man/chcon.x 2011-09-09 10:30:39.524564991 +0200
1d1a6603
SS		 21@@ -1,4 +1,4 @@
22 [NAME]
23-chcon \- change file security context
24+chcon \- change file SELinux security context
25 [DESCRIPTION]
26 .\" Add any additional description here
e7f6ab54
SS		 27diff -urNp coreutils-8.13-orig/man/runcon.x coreutils-8.13/man/runcon.x
28--- coreutils-8.13-orig/man/runcon.x 2009-09-01 13:01:16.000000000 +0200
29+++ coreutils-8.13/man/runcon.x 2011-09-09 10:30:39.544686472 +0200
1d1a6603
SS		 30@@ -1,5 +1,5 @@
31 [NAME]
32-runcon \- run command with specified security context
33+runcon \- run command with specified SELinux security context
34 [DESCRIPTION]
35 Run COMMAND with completely-specified CONTEXT, or with current or
36 transitioned security context modified by one or more of LEVEL,
e7f6ab54
SS		 37diff -urNp coreutils-8.13-orig/src/chcon.c coreutils-8.13/src/chcon.c
38--- coreutils-8.13-orig/src/chcon.c 2011-07-28 12:38:27.000000000 +0200
39+++ coreutils-8.13/src/chcon.c 2011-09-09 10:30:39.562561252 +0200
3badd2da
SS		 40@@ -356,7 +356,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\
41 "),
42 program_name, program_name, program_name);
43 fputs (_("\
44-Change the security context of each FILE to CONTEXT.\n\
45+Change the SELinux security context of each FILE to CONTEXT.\n\
46 With --reference, change the security context of each FILE to that of RFILE.\n\
47 \n\
fa4603be 48 "), stdout);
e7f6ab54
SS		 49diff -urNp coreutils-8.13-orig/src/copy.c coreutils-8.13/src/copy.c
50--- coreutils-8.13-orig/src/copy.c 2011-07-28 12:38:27.000000000 +0200
51+++ coreutils-8.13/src/copy.c 2011-09-09 10:30:39.564562214 +0200
52@@ -2244,6 +2244,8 @@ copy_internal (char const *src_name, cha
1d1a6603
SS		 53 {
54 /* Here, we are crossing a file system boundary and cp's -x option
55 is in effect: so don't copy the contents of this directory. */
56+ if (x->preserve_security_context)
57+ restore_default_fscreatecon_or_die ();
58 }
59 else
60 {
e7f6ab54
SS		 61diff -urNp coreutils-8.13-orig/src/copy.h coreutils-8.13/src/copy.h
62--- coreutils-8.13-orig/src/copy.h 2011-07-28 12:38:27.000000000 +0200
63+++ coreutils-8.13/src/copy.h 2011-09-09 10:30:39.565563712 +0200
1d1a6603
SS		 64@@ -158,6 +158,9 @@ struct cp_options
65 bool preserve_mode;
66 bool preserve_timestamps;
67
68+ /* If true, attempt to set specified security context */
69+ bool set_security_context;
70+
71 /* Enabled for mv, and for cp by the --preserve=links option.
72 If true, attempt to preserve in the destination files any
73 logical hard links between the source files. If used with cp's
e7f6ab54
SS		 74diff -urNp coreutils-8.13-orig/src/cp.c coreutils-8.13/src/cp.c
75--- coreutils-8.13-orig/src/cp.c 2011-07-28 12:38:27.000000000 +0200
76+++ coreutils-8.13/src/cp.c 2011-09-09 10:30:39.566562062 +0200
1d1a6603
SS		 77@@ -141,6 +141,7 @@ static struct option const long_opts[] =
78 {"target-directory", required_argument, NULL, 't'},
79 {"update", no_argument, NULL, 'u'},
80 {"verbose", no_argument, NULL, 'v'},
81+ {"context", required_argument, NULL, 'Z'},
82 {GETOPT_HELP_OPTION_DECL},
83 {GETOPT_VERSION_OPTION_DECL},
84 {NULL, 0, NULL, 0}
407c5be3 85@@ -204,6 +205,9 @@ Mandatory arguments to long options are
1d1a6603
SS		 86 all\n\
87 "), stdout);
88 fputs (_("\
89+ -c same as --preserve=context\n\
90+"), stdout);
91+ fputs (_("\
92 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
93 --parents use full source file name under DIRECTORY\n\
94 "), stdout);
407c5be3 95@@ -230,6 +234,7 @@ Mandatory arguments to long options are
1d1a6603
SS		 96 destination file is missing\n\
97 -v, --verbose explain what is being done\n\
98 -x, --one-file-system stay on this file system\n\
99+ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
100 "), stdout);
101 fputs (HELP_OPTION_DESCRIPTION, stdout);
102 fputs (VERSION_OPTION_DESCRIPTION, stdout);
407c5be3 103@@ -786,6 +791,7 @@ cp_option_init (struct cp_options *x)
1d1a6603
SS		 104 x->preserve_timestamps = false;
105 x->preserve_security_context = false;
106 x->require_preserve_context = false;
107+ x->set_security_context = false;
108 x->preserve_xattr = false;
109 x->reduce_diagnostics = false;
110 x->require_preserve_xattr = false;
407c5be3 111@@ -933,7 +939,7 @@ main (int argc, char **argv)
1d1a6603
SS		 112 we'll actually use backup_suffix_string. */
113 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
114
115- while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T",
116+ while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:",
117 long_opts, NULL))
118 != -1)
119 {
407c5be3 120@@ -981,6 +987,16 @@ main (int argc, char **argv)
1d1a6603
SS		 121 copy_contents = true;
122 break;
123
124+ case 'c':
125+ if ( x.set_security_context ) {
126+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
127+ exit( 1 );
128+ }
129+ else if (selinux_enabled) {
130+ x.preserve_security_context = true;
131+ x.require_preserve_context = true;
132+ }
133+ break;
134 case 'd':
135 x.preserve_links = true;
136 x.dereference = DEREF_NEVER;
407c5be3 137@@ -1090,6 +1106,27 @@ main (int argc, char **argv)
1d1a6603
SS		 138 x.one_file_system = true;
139 break;
140
141+
142+ case 'Z':
143+ /* politely decline if we're not on a selinux-enabled kernel. */
144+ if( !selinux_enabled ) {
145+ fprintf( stderr, "Warning: ignoring --context (-Z). "
146+ "It requires a SELinux enabled kernel.\n" );
147+ break;
148+ }
149+ if ( x.preserve_security_context ) {
150+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
151+ exit( 1 );
152+ }
153+ x.set_security_context = true;
154+ /* if there's a security_context given set new path
155+ components to that context, too */
156+ if ( setfscreatecon(optarg) < 0 ) {
157+ (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg);
158+ exit( 1 );
159+ }
160+ break;
161+
162 case 'S':
163 make_backups = true;
164 backup_suffix_string = optarg;
e7f6ab54
SS		 165diff -urNp coreutils-8.13-orig/src/id.c coreutils-8.13/src/id.c
166--- coreutils-8.13-orig/src/id.c 2011-07-28 12:38:27.000000000 +0200
167+++ coreutils-8.13/src/id.c 2011-09-09 10:30:39.567562153 +0200
1d1a6603
SS		 168@@ -107,7 +107,7 @@ int
169 main (int argc, char **argv)
170 {
171 int optc;
172- int selinux_enabled = (is_selinux_enabled () > 0);
173+ bool selinux_enabled = (is_selinux_enabled () > 0);
174
175 /* If true, output the list of all group IDs. -G */
176 bool just_group_list = false;
e7f6ab54
SS		 177diff -urNp coreutils-8.13-orig/src/install.c coreutils-8.13/src/install.c
178--- coreutils-8.13-orig/src/install.c 2011-07-28 12:38:27.000000000 +0200
179+++ coreutils-8.13/src/install.c 2011-09-09 10:30:39.569562422 +0200
3badd2da 180@@ -261,6 +261,7 @@ cp_option_init (struct cp_options *x)
1d1a6603
SS		 181 x->data_copy_required = true;
182 x->require_preserve = false;
183 x->require_preserve_context = false;
184+ x->set_security_context = false;
185 x->require_preserve_xattr = false;
186 x->recursive = false;
187 x->sparse_mode = SPARSE_AUTO;
3badd2da
SS		 188@@ -622,7 +623,7 @@ Mandatory arguments to long options are
189 -v, --verbose print the name of each directory as it is created\n\
190 "), stdout);
191 fputs (_("\
192- --preserve-context preserve SELinux security context\n\
193+ -P, --preserve-context preserve SELinux security context\n\
194 -Z, --context=CONTEXT set SELinux security context of files and directories\
195 \n\
196 "), stdout);
197@@ -765,7 +766,7 @@ main (int argc, char **argv)
1d1a6603
SS		 198 we'll actually use backup_suffix_string. */
199 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
200
201- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options,
202+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options,
203 NULL)) != -1)
204 {
205 switch (optc)
3badd2da
SS		 206@@ -835,6 +836,7 @@ main (int argc, char **argv)
207 no_target_directory = true;
208 break;
209
1d1a6603
SS		 210+ case 'P':
211 case PRESERVE_CONTEXT_OPTION:
212 if ( ! selinux_enabled)
213 {
3badd2da 214@@ -842,6 +844,10 @@ main (int argc, char **argv)
1d1a6603
SS		 215 "this kernel is not SELinux-enabled"));
216 break;
217 }
218+ if ( x.set_security_context ) {
219+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
220+ exit( 1 );
221+ }
222 x.preserve_security_context = true;
223 use_default_selinux_context = false;
224 break;
3badd2da 225@@ -853,6 +859,7 @@ main (int argc, char **argv)
1d1a6603
SS		 226 break;
227 }
228 scontext = optarg;
229+ x.set_security_context = true;
230 use_default_selinux_context = false;
231 break;
232 case_GETOPT_HELP_CHAR;
e7f6ab54
SS		 233diff -urNp coreutils-8.13-orig/src/ls.c coreutils-8.13/src/ls.c
234--- coreutils-8.13-orig/src/ls.c 2011-07-28 12:38:27.000000000 +0200
235+++ coreutils-8.13/src/ls.c 2011-09-09 10:30:39.575562845 +0200
236@@ -166,7 +166,8 @@ enum filetype
1d1a6603
SS		 237 symbolic_link,
238 sock,
239 whiteout,
240- arg_directory
241+ arg_directory,
242+ command_line
243 };
244
245 /* Display letters and indicators for each filetype.
fa4603be
SS		 246@@ -282,6 +283,7 @@
247 bool command_line_arg);
1d1a6603
SS		 248 static void sort_files (void);
249 static void parse_ls_color (void);
1d1a6603
SS		 250+static void print_scontext_format (const struct fileinfo *f);
251
252 /* Initial size of hash table.
253 Most hierarchies are likely to be shallower than this. */
e7f6ab54 254@@ -352,7 +354,7 @@ static struct pending *pending_dirs;
1d1a6603
SS		 255
256 static struct timespec current_time;
257
258-static bool print_scontext;
259+static int print_scontext = 0;
260 static char UNKNOWN_SECURITY_CONTEXT[] = "?";
261
262 /* Whether any of the files has an ACL. This affects the width of the
e7f6ab54 263@@ -392,7 +394,9 @@ enum format
1d1a6603
SS		 264 one_per_line, /* -1 */
265 many_per_line, /* -C */
266 horizontal, /* -x */
267- with_commas /* -m */
268+ with_commas, /* -m */
269+ security_format, /* -Z */
270+ invalid_format
271 };
272
273 static enum format format;
e7f6ab54 274@@ -794,6 +798,9 @@ enum
1d1a6603
SS		 275 SHOW_CONTROL_CHARS_OPTION,
276 SI_OPTION,
277 SORT_OPTION,
278+ CONTEXT_OPTION,
279+ LCONTEXT_OPTION,
280+ SCONTEXT_OPTION,
281 TIME_OPTION,
282 TIME_STYLE_OPTION
283 };
e7f6ab54 284@@ -839,7 +846,9 @@ static struct option const long_options[
1d1a6603
SS		 285 {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
286 {"color", optional_argument, NULL, COLOR_OPTION},
287 {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
288- {"context", no_argument, 0, 'Z'},
289+ {"context", no_argument, 0, CONTEXT_OPTION},
290+ {"lcontext", no_argument, 0, LCONTEXT_OPTION},
291+ {"scontext", no_argument, 0, SCONTEXT_OPTION},
292 {"author", no_argument, NULL, AUTHOR_OPTION},
293 {GETOPT_HELP_OPTION_DECL},
294 {GETOPT_VERSION_OPTION_DECL},
e7f6ab54 295@@ -849,12 +858,12 @@ static struct option const long_options[
1d1a6603
SS		 296 static char const *const format_args[] =
297 {
298 "verbose", "long", "commas", "horizontal", "across",
299- "vertical", "single-column", NULL
300+ "vertical", "single-column", "context", NULL
301 };
302 static enum format const format_types[] =
303 {
304 long_format, long_format, with_commas, horizontal, horizontal,
305- many_per_line, one_per_line
306+ many_per_line, one_per_line, security_format
307 };
308 ARGMATCH_VERIFY (format_args, format_types);
309
e7f6ab54 310@@ -1296,7 +1305,8 @@ main (int argc, char **argv)
1d1a6603
SS		 311 /* Avoid following symbolic links when possible. */
312 if (is_colored (C_ORPHAN)
313 || (is_colored (C_EXEC) && color_symlink_as_referent)
314- || (is_colored (C_MISSING) && format == long_format))
315+ || (is_colored (C_MISSING) && (format == long_format
316+ || format == security_format)))
317 check_symlink_color = true;
318
319 /* If the standard output is a controlling terminal, watch out
e7f6ab54 320@@ -1343,7 +1353,7 @@ main (int argc, char **argv)
1d1a6603
SS		 321 if (dereference == DEREF_UNDEFINED)
322 dereference = ((immediate_dirs
323 || indicator_style == classify
324- || format == long_format)
325+ || format == long_format || format == security_format)
326 ? DEREF_NEVER
327 : DEREF_COMMAND_LINE_SYMLINK_TO_DIR);
328
e7f6ab54 329@@ -1363,7 +1373,7 @@ main (int argc, char **argv)
1d1a6603
SS		 330
331 format_needs_stat = sort_type == sort_time || sort_type == sort_size
332 || format == long_format
333- || print_scontext
334+ || format == security_format || print_scontext
335 || print_block_size;
336 format_needs_type = (! format_needs_stat
337 && (recursive
e7f6ab54 338@@ -1394,7 +1404,7 @@ main (int argc, char **argv)
1d1a6603
SS		 339 }
340 else
341 do
342- gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, "");
343+ gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, "");
344 while (i < argc);
345
346 if (cwd_n_used)
e7f6ab54 347@@ -1565,7 +1575,7 @@ decode_switches (int argc, char **argv)
1d1a6603
SS		 348 ignore_mode = IGNORE_DEFAULT;
349 ignore_patterns = NULL;
350 hide_patterns = NULL;
351- print_scontext = false;
352+ print_scontext = 0;
353
354 /* FIXME: put this in a function. */
355 {
e7f6ab54 356@@ -1947,13 +1957,27 @@ decode_switches (int argc, char **argv)
1d1a6603
SS		 357 break;
358
359 case 'Z':
360- print_scontext = true;
361+ print_scontext = 1;
362+ format = security_format;
363 break;
364
365 case_GETOPT_HELP_CHAR;
366
367 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
368
369+ case CONTEXT_OPTION: /* default security context format */
370+ print_scontext = 1;
371+ format = security_format;
372+ break;
373+ case LCONTEXT_OPTION: /* long format plus security context */
374+ print_scontext = 1;
375+ format = long_format;
376+ break;
377+ case SCONTEXT_OPTION: /* short form of new security format */
378+ print_scontext = 0;
379+ format = security_format;
380+ break;
381+
382 default:
383 usage (LS_FAILURE);
384 }
e7f6ab54 385@@ -2757,6 +2783,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 386 memset (f, '\0', sizeof *f);
387 f->stat.st_ino = inode;
388 f->filetype = type;
389+ f->scontext = NULL;
390
391 if (command_line_arg
392 || format_needs_stat
e7f6ab54 393@@ -2869,7 +2896,7 @@ gobble_file (char const *name, enum file
1d1a6603 394 && print_with_color && is_colored (C_CAP))
6987acf5 395 f->has_capability = has_capability_cache (absolute_name, f);
1d1a6603
SS		 396
397- if (format == long_format || print_scontext)
398+ if (format == long_format || format == security_format || print_scontext)
399 {
400 bool have_selinux = false;
401 bool have_acl = false;
e7f6ab54 402@@ -2892,7 +2919,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 403 err = 0;
404 }
405
406- if (err == 0 && format == long_format)
407+ if (err == 0 && (format == long_format || format == security_format))
408 {
6987acf5 409 int n = file_has_acl_cache (absolute_name, f);
1d1a6603 410 err = (n < 0);
e7f6ab54 411@@ -2911,7 +2938,8 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 412 }
413
414 if (S_ISLNK (f->stat.st_mode)
415- && (format == long_format || check_symlink_color))
416+ && (format == long_format || format == security_format
417+ || check_symlink_color))
418 {
419 char *linkname;
420 struct stat linkstats;
e7f6ab54 421@@ -2931,6 +2959,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 422 command line are automatically traced if not being
423 listed as files. */
424 if (!command_line_arg || format == long_format
425+ || format == security_format
426 || !S_ISDIR (linkstats.st_mode))
427 {
428 /* Get the linked-to file's mode for the filetype indicator
e7f6ab54 429@@ -2970,7 +2999,7 @@ gobble_file (char const *name, enum file
1d1a6603
SS		 430 block_size_width = len;
431 }
432
433- if (format == long_format)
434+ if (format == long_format || format == security_format)
435 {
436 if (print_owner)
437 {
e7f6ab54 438@@ -3471,6 +3500,13 @@ print_current_files (void)
1d1a6603
SS		 439 print_long_format (sorted_file[i]);
440 DIRED_PUTCHAR ('\n');
441 }
442+ break;
443+ case security_format:
444+ for (i = 0; i < cwd_n_used; i++)
445+ {
446+ print_scontext_format (sorted_file[i]);
447+ DIRED_PUTCHAR ('\n');
448+ }
449 break;
450 }
451 }
e7f6ab54 452@@ -3633,6 +3669,67 @@ format_inode (char *buf, size_t buflen,
1d1a6603
SS		 453 : (char *) "?");
454 }
455
456+/* Print info about f in scontext format */
457+static void
458+print_scontext_format (const struct fileinfo *f)
459+{
460+ char modebuf[12];
461+
462+ /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
463+ 1 10-byte mode string,
464+ 9 spaces, one following each of these fields, and
465+ 1 trailing NUL byte. */
466+
467+ char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
468+ char *buf = init_bigbuf;
469+ char *p;
470+
471+ p = buf;
472+
473+ if ( print_scontext ) { /* zero means terse listing */
474+ filemodestring (&f->stat, modebuf);
475+ if (! any_has_acl)
476+ modebuf[10] = '\0';
477+ else if (f->acl_type == ACL_T_SELINUX_ONLY)
478+ modebuf[10] = '.';
479+ else if (f->acl_type == ACL_T_YES)
480+ modebuf[10] = '+';
481+ modebuf[11] = '\0';
482+
483+ /* print mode */
484+
485+ (void) sprintf (p, "%s ", modebuf);
486+ p += strlen (p);
487+
488+ /* print standard user and group */
489+
490+ DIRED_FPUTS (buf, stdout, p - buf);
491+ format_user (f->stat.st_uid, owner_width, f->stat_ok);
492+ format_group (f->stat.st_gid, group_width, f->stat_ok);
493+ p = buf;
494+ }
495+
496+ (void) sprintf (p, "%-32s ", f->scontext ?: "");
497+ p += strlen (p);
498+
499+ DIRED_INDENT ();
500+ DIRED_FPUTS (buf, stdout, p - buf);
501+ size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf);
502+
503+ if (f->filetype == symbolic_link) {
504+ if (f->linkname) {
505+ DIRED_FPUTS_LITERAL (" -> ", stdout);
506+ print_name_with_quoting (f, true, NULL, (p - buf) + w + 4);
507+ if (indicator_style != none)
508+ print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
509+ }
510+ }
511+ else {
512+ if (indicator_style != none)
513+ print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
514+ }
515+}
516+
517 /* Print information about F in long format. */
518 static void
519 print_long_format (const struct fileinfo *f)
e7f6ab54 520@@ -3724,9 +3821,15 @@ print_long_format (const struct fileinfo
1d1a6603
SS		 521 The latter is wrong when nlink_width is zero. */
522 p += strlen (p);
523
524+ if (print_scontext)
525+ {
526+ sprintf (p, "%-32s ", f->scontext ? f->scontext : "");
527+ p += strlen (p);
528+ }
529+
530 DIRED_INDENT ();
531
532- if (print_owner || print_group || print_author || print_scontext)
533+ if (print_owner || print_group || print_author)
534 {
535 DIRED_FPUTS (buf, stdout, p - buf);
536
e7f6ab54 537@@ -3739,9 +3842,6 @@ print_long_format (const struct fileinfo
1d1a6603
SS		 538 if (print_author)
539 format_user (f->stat.st_author, author_width, f->stat_ok);
540
541- if (print_scontext)
542- format_user_or_group (f->scontext, 0, scontext_width);
543-
544 p = buf;
545 }
546
e7f6ab54 547@@ -4086,9 +4186,6 @@ print_file_name_and_frills (const struct
1d1a6603
SS		 548 : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
549 ST_NBLOCKSIZE, output_block_size));
550
551- if (print_scontext)
552- printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext);
553-
554 size_t width = print_name_with_quoting (f, false, NULL, start_col);
555
556 if (indicator_style != none)
e7f6ab54 557@@ -4292,9 +4389,6 @@ length_of_file_name_and_frills (const st
1d1a6603
SS		 558 output_block_size))
559 : block_size_width);
560
561- if (print_scontext)
562- len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width);
563-
564 quote_name (NULL, f->name, filename_quoting_options, &name_width);
565 len += name_width;
566
e7f6ab54 567@@ -4733,9 +4827,16 @@ Mandatory arguments to long options are
1d1a6603
SS		 568 -w, --width=COLS assume screen width instead of current value\n\
569 -x list entries by lines instead of by columns\n\
570 -X sort alphabetically by entry extension\n\
571- -Z, --context print any SELinux security context of each file\n\
572 -1 list one file per line\n\
573 "), stdout);
574+ fputs(_("\nSELinux options:\n\n\
575+ --lcontext Display security context. Enable -l. Lines\n\
576+ will probably be too wide for most displays.\n\
577+ -Z, --context Display security context so it fits on most\n\
578+ displays. Displays only mode, user, group,\n\
579+ security context and file name.\n\
580+ --scontext Display only security context and file name.\n\
581+"), stdout);
582 fputs (HELP_OPTION_DESCRIPTION, stdout);
583 fputs (VERSION_OPTION_DESCRIPTION, stdout);
584 emit_size_note ();
e7f6ab54
SS		 585diff -urNp coreutils-8.13-orig/src/mkdir.c coreutils-8.13/src/mkdir.c
586--- coreutils-8.13-orig/src/mkdir.c 2011-07-28 12:38:27.000000000 +0200
587+++ coreutils-8.13/src/mkdir.c 2011-09-09 10:30:39.576564256 +0200
1d1a6603
SS		 588@@ -38,6 +38,7 @@
589 static struct option const longopts[] =
590 {
591 {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
592+ {"context", required_argument, NULL, 'Z'},
593 {"mode", required_argument, NULL, 'm'},
594 {"parents", no_argument, NULL, 'p'},
595 {"verbose", no_argument, NULL, 'v'},
e7f6ab54
SS		 596diff -urNp coreutils-8.13-orig/src/mknod.c coreutils-8.13/src/mknod.c
597--- coreutils-8.13-orig/src/mknod.c 2011-07-28 12:38:27.000000000 +0200
598+++ coreutils-8.13/src/mknod.c 2011-09-09 10:30:39.577563177 +0200
1d1a6603
SS		 599@@ -35,7 +35,7 @@
600
601 static struct option const longopts[] =
602 {
603- {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
604+ {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
605 {"mode", required_argument, NULL, 'm'},
606 {GETOPT_HELP_OPTION_DECL},
607 {GETOPT_VERSION_OPTION_DECL},
e7f6ab54
SS		 608diff -urNp coreutils-8.13-orig/src/mv.c coreutils-8.13/src/mv.c
609--- coreutils-8.13-orig/src/mv.c 2011-07-28 12:38:27.000000000 +0200
610+++ coreutils-8.13/src/mv.c 2011-09-09 10:30:39.578562234 +0200
1d1a6603
SS		 611@@ -118,6 +118,7 @@ cp_option_init (struct cp_options *x)
612 x->preserve_mode = true;
613 x->preserve_timestamps = true;
614 x->preserve_security_context = selinux_enabled;
615+ x->set_security_context = false;
616 x->reduce_diagnostics = false;
617 x->data_copy_required = true;
618 x->require_preserve = false; /* FIXME: maybe make this an option */
e7f6ab54
SS		 619diff -urNp coreutils-8.13-orig/src/runcon.c coreutils-8.13/src/runcon.c
620--- coreutils-8.13-orig/src/runcon.c 2011-07-28 12:38:27.000000000 +0200
621+++ coreutils-8.13/src/runcon.c 2011-09-09 10:30:39.579564283 +0200
1d1a6603
SS		 622@@ -86,7 +86,7 @@ Usage: %s CONTEXT COMMAND [args]\n\
623 or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\
624 "), program_name, program_name);
625 fputs (_("\
626-Run a program in a different security context.\n\
627+Run a program in a different SELinux security context.\n\
628 With neither CONTEXT nor COMMAND, print the current security context.\n\
629 \n\
630 CONTEXT Complete security context\n\
e7f6ab54
SS		 631diff -urNp coreutils-8.13-orig/tests/init.cfg coreutils-8.13/tests/init.cfg
632--- coreutils-8.13-orig/tests/init.cfg 2011-09-07 18:00:55.000000000 +0200
633+++ coreutils-8.13/tests/init.cfg 2011-09-09 10:32:17.031688699 +0200
634@@ -253,8 +253,8 @@ require_selinux_()
1d1a6603 635
3badd2da
SS		 636 # Independent of whether SELinux is enabled system-wide,
637 # the current file system may lack SELinux support.
1d1a6603
SS		 638- case `ls -Zd .` in
639- '? .'|'unlabeled .')
640+ case `ls -Zd . | cut -f4 -d" "` in
641+ '?'|'unlabeled')
e7f6ab54 642 skip_ "this system (or maybe just" \
1d1a6603
SS		 643 "the current file system) lacks SELinux support"
644 ;;
e7f6ab54
SS		 645diff -urNp coreutils-8.13-orig/tests/misc/selinux coreutils-8.13/tests/misc/selinux
646--- coreutils-8.13-orig/tests/misc/selinux 2011-08-08 09:42:16.000000000 +0200
647+++ coreutils-8.13/tests/misc/selinux 2011-09-09 10:30:39.586563144 +0200
407c5be3 648@@ -37,7 +37,7 @@ chcon $ctx f d p ||
1d1a6603
SS		 649
650 # inspect that context with both ls -Z and stat.
651 for i in d f p; do
652- c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1
653+ c=`ls -dogZ $i|cut -d' ' -f4`; test x$c = x$ctx || fail=1
654 c=`stat --printf %C $i`; test x$c = x$ctx || fail=1
655 done
656
Arne's tree of IPFire 3.x.