]> git.ipfire.org Git - people/arne_f/ipfire-3.x.git/blob - coreutils/patches/coreutils-selinux.patch
projects / people / arne_f / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
coreutils: Update to 8.16.
[people/arne_f/ipfire-3.x.git] / coreutils / patches / coreutils-selinux.patch
1 diff -urNp coreutils-8.13-orig/configure.ac coreutils-8.13/configure.ac
2 --- coreutils-8.13-orig/configure.ac 2011-09-09 10:29:52.584690353 +0200
3 +++ coreutils-8.13/configure.ac 2011-09-09 10:30:39.524564991 +0200
4 @@ -141,6 +141,13 @@ if test "$gl_gcc_warnings" = yes; then
5 AC_SUBST([GNULIB_TEST_WARN_CFLAGS])
6 fi
7
8 +dnl Give the chance to enable SELINUX
9 +AC_ARG_ENABLE(selinux, dnl
10 +[ --enable-selinux Enable use of the SELINUX libraries],
11 +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
12 +LIB_SELINUX="-lselinux"
13 +AC_SUBST(LIB_SELINUX)])
14 +
15 AC_FUNC_FORK
16
17 AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
18 diff -urNp coreutils-8.13-orig/man/chcon.x coreutils-8.13/man/chcon.x
19 --- coreutils-8.13-orig/man/chcon.x 2009-09-01 13:01:16.000000000 +0200
20 +++ coreutils-8.13/man/chcon.x 2011-09-09 10:30:39.524564991 +0200
21 @@ -1,4 +1,4 @@
22 [NAME]
23 -chcon \- change file security context
24 +chcon \- change file SELinux security context
25 [DESCRIPTION]
26 .\" Add any additional description here
27 diff -urNp coreutils-8.13-orig/man/runcon.x coreutils-8.13/man/runcon.x
28 --- coreutils-8.13-orig/man/runcon.x 2009-09-01 13:01:16.000000000 +0200
29 +++ coreutils-8.13/man/runcon.x 2011-09-09 10:30:39.544686472 +0200
30 @@ -1,5 +1,5 @@
31 [NAME]
32 -runcon \- run command with specified security context
33 +runcon \- run command with specified SELinux security context
34 [DESCRIPTION]
35 Run COMMAND with completely-specified CONTEXT, or with current or
36 transitioned security context modified by one or more of LEVEL,
37 diff -urNp coreutils-8.13-orig/src/chcon.c coreutils-8.13/src/chcon.c
38 --- coreutils-8.13-orig/src/chcon.c 2011-07-28 12:38:27.000000000 +0200
39 +++ coreutils-8.13/src/chcon.c 2011-09-09 10:30:39.562561252 +0200
40 @@ -356,7 +356,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\
41 "),
42 program_name, program_name, program_name);
43 fputs (_("\
44 -Change the security context of each FILE to CONTEXT.\n\
45 +Change the SELinux security context of each FILE to CONTEXT.\n\
46 With --reference, change the security context of each FILE to that of RFILE.\n\
47 \n\
48 "), stdout);
49 diff -urNp coreutils-8.13-orig/src/copy.c coreutils-8.13/src/copy.c
50 --- coreutils-8.13-orig/src/copy.c 2011-07-28 12:38:27.000000000 +0200
51 +++ coreutils-8.13/src/copy.c 2011-09-09 10:30:39.564562214 +0200
52 @@ -2244,6 +2244,8 @@ copy_internal (char const *src_name, cha
53 {
54 /* Here, we are crossing a file system boundary and cp's -x option
55 is in effect: so don't copy the contents of this directory. */
56 + if (x->preserve_security_context)
57 + restore_default_fscreatecon_or_die ();
58 }
59 else
60 {
61 diff -urNp coreutils-8.13-orig/src/copy.h coreutils-8.13/src/copy.h
62 --- coreutils-8.13-orig/src/copy.h 2011-07-28 12:38:27.000000000 +0200
63 +++ coreutils-8.13/src/copy.h 2011-09-09 10:30:39.565563712 +0200
64 @@ -158,6 +158,9 @@ struct cp_options
65 bool preserve_mode;
66 bool preserve_timestamps;
67
68 + /* If true, attempt to set specified security context */
69 + bool set_security_context;
70 +
71 /* Enabled for mv, and for cp by the --preserve=links option.
72 If true, attempt to preserve in the destination files any
73 logical hard links between the source files. If used with cp's
74 diff -urNp coreutils-8.13-orig/src/cp.c coreutils-8.13/src/cp.c
75 --- coreutils-8.13-orig/src/cp.c 2011-07-28 12:38:27.000000000 +0200
76 +++ coreutils-8.13/src/cp.c 2011-09-09 10:30:39.566562062 +0200
77 @@ -141,6 +141,7 @@ static struct option const long_opts[] =
78 {"target-directory", required_argument, NULL, 't'},
79 {"update", no_argument, NULL, 'u'},
80 {"verbose", no_argument, NULL, 'v'},
81 + {"context", required_argument, NULL, 'Z'},
82 {GETOPT_HELP_OPTION_DECL},
83 {GETOPT_VERSION_OPTION_DECL},
84 {NULL, 0, NULL, 0}
85 @@ -204,6 +205,9 @@ Mandatory arguments to long options are
86 all\n\
87 "), stdout);
88 fputs (_("\
89 + -c same as --preserve=context\n\
90 +"), stdout);
91 + fputs (_("\
92 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
93 --parents use full source file name under DIRECTORY\n\
94 "), stdout);
95 @@ -230,6 +234,7 @@ Mandatory arguments to long options are
96 destination file is missing\n\
97 -v, --verbose explain what is being done\n\
98 -x, --one-file-system stay on this file system\n\
99 + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
100 "), stdout);
101 fputs (HELP_OPTION_DESCRIPTION, stdout);
102 fputs (VERSION_OPTION_DESCRIPTION, stdout);
103 @@ -786,6 +791,7 @@ cp_option_init (struct cp_options *x)
104 x->preserve_timestamps = false;
105 x->preserve_security_context = false;
106 x->require_preserve_context = false;
107 + x->set_security_context = false;
108 x->preserve_xattr = false;
109 x->reduce_diagnostics = false;
110 x->require_preserve_xattr = false;
111 @@ -933,7 +939,7 @@ main (int argc, char **argv)
112 we'll actually use backup_suffix_string. */
113 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
114
115 - while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T",
116 + while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:",
117 long_opts, NULL))
118 != -1)
119 {
120 @@ -981,6 +987,16 @@ main (int argc, char **argv)
121 copy_contents = true;
122 break;
123
124 + case 'c':
125 + if ( x.set_security_context ) {
126 + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
127 + exit( 1 );
128 + }
129 + else if (selinux_enabled) {
130 + x.preserve_security_context = true;
131 + x.require_preserve_context = true;
132 + }
133 + break;
134 case 'd':
135 x.preserve_links = true;
136 x.dereference = DEREF_NEVER;
137 @@ -1090,6 +1106,27 @@ main (int argc, char **argv)
138 x.one_file_system = true;
139 break;
140
141 +
142 + case 'Z':
143 + /* politely decline if we're not on a selinux-enabled kernel. */
144 + if( !selinux_enabled ) {
145 + fprintf( stderr, "Warning: ignoring --context (-Z). "
146 + "It requires a SELinux enabled kernel.\n" );
147 + break;
148 + }
149 + if ( x.preserve_security_context ) {
150 + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
151 + exit( 1 );
152 + }
153 + x.set_security_context = true;
154 + /* if there's a security_context given set new path
155 + components to that context, too */
156 + if ( setfscreatecon(optarg) < 0 ) {
157 + (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg);
158 + exit( 1 );
159 + }
160 + break;
161 +
162 case 'S':
163 make_backups = true;
164 backup_suffix_string = optarg;
165 diff -urNp coreutils-8.13-orig/src/id.c coreutils-8.13/src/id.c
166 --- coreutils-8.13-orig/src/id.c 2011-07-28 12:38:27.000000000 +0200
167 +++ coreutils-8.13/src/id.c 2011-09-09 10:30:39.567562153 +0200
168 @@ -107,7 +107,7 @@ int
169 main (int argc, char **argv)
170 {
171 int optc;
172 - int selinux_enabled = (is_selinux_enabled () > 0);
173 + bool selinux_enabled = (is_selinux_enabled () > 0);
174
175 /* If true, output the list of all group IDs. -G */
176 bool just_group_list = false;
177 diff -urNp coreutils-8.13-orig/src/install.c coreutils-8.13/src/install.c
178 --- coreutils-8.13-orig/src/install.c 2011-07-28 12:38:27.000000000 +0200
179 +++ coreutils-8.13/src/install.c 2011-09-09 10:30:39.569562422 +0200
180 @@ -261,6 +261,7 @@ cp_option_init (struct cp_options *x)
181 x->data_copy_required = true;
182 x->require_preserve = false;
183 x->require_preserve_context = false;
184 + x->set_security_context = false;
185 x->require_preserve_xattr = false;
186 x->recursive = false;
187 x->sparse_mode = SPARSE_AUTO;
188 @@ -622,7 +623,7 @@ Mandatory arguments to long options are
189 -v, --verbose print the name of each directory as it is created\n\
190 "), stdout);
191 fputs (_("\
192 - --preserve-context preserve SELinux security context\n\
193 + -P, --preserve-context preserve SELinux security context\n\
194 -Z, --context=CONTEXT set SELinux security context of files and directories\
195 \n\
196 "), stdout);
197 @@ -765,7 +766,7 @@ main (int argc, char **argv)
198 we'll actually use backup_suffix_string. */
199 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
200
201 - while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options,
202 + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options,
203 NULL)) != -1)
204 {
205 switch (optc)
206 @@ -835,6 +836,7 @@ main (int argc, char **argv)
207 no_target_directory = true;
208 break;
209
210 + case 'P':
211 case PRESERVE_CONTEXT_OPTION:
212 if ( ! selinux_enabled)
213 {
214 @@ -842,6 +844,10 @@ main (int argc, char **argv)
215 "this kernel is not SELinux-enabled"));
216 break;
217 }
218 + if ( x.set_security_context ) {
219 + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
220 + exit( 1 );
221 + }
222 x.preserve_security_context = true;
223 use_default_selinux_context = false;
224 break;
225 @@ -853,6 +859,7 @@ main (int argc, char **argv)
226 break;
227 }
228 scontext = optarg;
229 + x.set_security_context = true;
230 use_default_selinux_context = false;
231 break;
232 case_GETOPT_HELP_CHAR;
233 diff -urNp coreutils-8.13-orig/src/ls.c coreutils-8.13/src/ls.c
234 --- coreutils-8.13-orig/src/ls.c 2011-07-28 12:38:27.000000000 +0200
235 +++ coreutils-8.13/src/ls.c 2011-09-09 10:30:39.575562845 +0200
236 @@ -166,7 +166,8 @@ enum filetype
237 symbolic_link,
238 sock,
239 whiteout,
240 - arg_directory
241 + arg_directory,
242 + command_line
243 };
244
245 /* Display letters and indicators for each filetype.
246 @@ -282,6 +283,7 @@
247 bool command_line_arg);
248 static void sort_files (void);
249 static void parse_ls_color (void);
250 +static void print_scontext_format (const struct fileinfo *f);
251
252 /* Initial size of hash table.
253 Most hierarchies are likely to be shallower than this. */
254 @@ -352,7 +354,7 @@ static struct pending *pending_dirs;
255
256 static struct timespec current_time;
257
258 -static bool print_scontext;
259 +static int print_scontext = 0;
260 static char UNKNOWN_SECURITY_CONTEXT[] = "?";
261
262 /* Whether any of the files has an ACL. This affects the width of the
263 @@ -392,7 +394,9 @@ enum format
264 one_per_line, /* -1 */
265 many_per_line, /* -C */
266 horizontal, /* -x */
267 - with_commas /* -m */
268 + with_commas, /* -m */
269 + security_format, /* -Z */
270 + invalid_format
271 };
272
273 static enum format format;
274 @@ -794,6 +798,9 @@ enum
275 SHOW_CONTROL_CHARS_OPTION,
276 SI_OPTION,
277 SORT_OPTION,
278 + CONTEXT_OPTION,
279 + LCONTEXT_OPTION,
280 + SCONTEXT_OPTION,
281 TIME_OPTION,
282 TIME_STYLE_OPTION
283 };
284 @@ -839,7 +846,9 @@ static struct option const long_options[
285 {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
286 {"color", optional_argument, NULL, COLOR_OPTION},
287 {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
288 - {"context", no_argument, 0, 'Z'},
289 + {"context", no_argument, 0, CONTEXT_OPTION},
290 + {"lcontext", no_argument, 0, LCONTEXT_OPTION},
291 + {"scontext", no_argument, 0, SCONTEXT_OPTION},
292 {"author", no_argument, NULL, AUTHOR_OPTION},
293 {GETOPT_HELP_OPTION_DECL},
294 {GETOPT_VERSION_OPTION_DECL},
295 @@ -849,12 +858,12 @@ static struct option const long_options[
296 static char const *const format_args[] =
297 {
298 "verbose", "long", "commas", "horizontal", "across",
299 - "vertical", "single-column", NULL
300 + "vertical", "single-column", "context", NULL
301 };
302 static enum format const format_types[] =
303 {
304 long_format, long_format, with_commas, horizontal, horizontal,
305 - many_per_line, one_per_line
306 + many_per_line, one_per_line, security_format
307 };
308 ARGMATCH_VERIFY (format_args, format_types);
309
310 @@ -1296,7 +1305,8 @@ main (int argc, char **argv)
311 /* Avoid following symbolic links when possible. */
312 if (is_colored (C_ORPHAN)
313 || (is_colored (C_EXEC) && color_symlink_as_referent)
314 - || (is_colored (C_MISSING) && format == long_format))
315 + || (is_colored (C_MISSING) && (format == long_format
316 + || format == security_format)))
317 check_symlink_color = true;
318
319 /* If the standard output is a controlling terminal, watch out
320 @@ -1343,7 +1353,7 @@ main (int argc, char **argv)
321 if (dereference == DEREF_UNDEFINED)
322 dereference = ((immediate_dirs
323 || indicator_style == classify
324 - || format == long_format)
325 + || format == long_format || format == security_format)
326 ? DEREF_NEVER
327 : DEREF_COMMAND_LINE_SYMLINK_TO_DIR);
328
329 @@ -1363,7 +1373,7 @@ main (int argc, char **argv)
330
331 format_needs_stat = sort_type == sort_time || sort_type == sort_size
332 || format == long_format
333 - || print_scontext
334 + || format == security_format || print_scontext
335 || print_block_size;
336 format_needs_type = (! format_needs_stat
337 && (recursive
338 @@ -1394,7 +1404,7 @@ main (int argc, char **argv)
339 }
340 else
341 do
342 - gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, "");
343 + gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, "");
344 while (i < argc);
345
346 if (cwd_n_used)
347 @@ -1565,7 +1575,7 @@ decode_switches (int argc, char **argv)
348 ignore_mode = IGNORE_DEFAULT;
349 ignore_patterns = NULL;
350 hide_patterns = NULL;
351 - print_scontext = false;
352 + print_scontext = 0;
353
354 /* FIXME: put this in a function. */
355 {
356 @@ -1947,13 +1957,27 @@ decode_switches (int argc, char **argv)
357 break;
358
359 case 'Z':
360 - print_scontext = true;
361 + print_scontext = 1;
362 + format = security_format;
363 break;
364
365 case_GETOPT_HELP_CHAR;
366
367 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
368
369 + case CONTEXT_OPTION: /* default security context format */
370 + print_scontext = 1;
371 + format = security_format;
372 + break;
373 + case LCONTEXT_OPTION: /* long format plus security context */
374 + print_scontext = 1;
375 + format = long_format;
376 + break;
377 + case SCONTEXT_OPTION: /* short form of new security format */
378 + print_scontext = 0;
379 + format = security_format;
380 + break;
381 +
382 default:
383 usage (LS_FAILURE);
384 }
385 @@ -2757,6 +2783,7 @@ gobble_file (char const *name, enum file
386 memset (f, '\0', sizeof *f);
387 f->stat.st_ino = inode;
388 f->filetype = type;
389 + f->scontext = NULL;
390
391 if (command_line_arg
392 || format_needs_stat
393 @@ -2869,7 +2896,7 @@ gobble_file (char const *name, enum file
394 && print_with_color && is_colored (C_CAP))
395 f->has_capability = has_capability_cache (absolute_name, f);
396
397 - if (format == long_format || print_scontext)
398 + if (format == long_format || format == security_format || print_scontext)
399 {
400 bool have_selinux = false;
401 bool have_acl = false;
402 @@ -2892,7 +2919,7 @@ gobble_file (char const *name, enum file
403 err = 0;
404 }
405
406 - if (err == 0 && format == long_format)
407 + if (err == 0 && (format == long_format || format == security_format))
408 {
409 int n = file_has_acl_cache (absolute_name, f);
410 err = (n < 0);
411 @@ -2911,7 +2938,8 @@ gobble_file (char const *name, enum file
412 }
413
414 if (S_ISLNK (f->stat.st_mode)
415 - && (format == long_format || check_symlink_color))
416 + && (format == long_format || format == security_format
417 + || check_symlink_color))
418 {
419 char *linkname;
420 struct stat linkstats;
421 @@ -2931,6 +2959,7 @@ gobble_file (char const *name, enum file
422 command line are automatically traced if not being
423 listed as files. */
424 if (!command_line_arg || format == long_format
425 + || format == security_format
426 || !S_ISDIR (linkstats.st_mode))
427 {
428 /* Get the linked-to file's mode for the filetype indicator
429 @@ -2970,7 +2999,7 @@ gobble_file (char const *name, enum file
430 block_size_width = len;
431 }
432
433 - if (format == long_format)
434 + if (format == long_format || format == security_format)
435 {
436 if (print_owner)
437 {
438 @@ -3471,6 +3500,13 @@ print_current_files (void)
439 print_long_format (sorted_file[i]);
440 DIRED_PUTCHAR ('\n');
441 }
442 + break;
443 + case security_format:
444 + for (i = 0; i < cwd_n_used; i++)
445 + {
446 + print_scontext_format (sorted_file[i]);
447 + DIRED_PUTCHAR ('\n');
448 + }
449 break;
450 }
451 }
452 @@ -3633,6 +3669,67 @@ format_inode (char *buf, size_t buflen,
453 : (char *) "?");
454 }
455
456 +/* Print info about f in scontext format */
457 +static void
458 +print_scontext_format (const struct fileinfo *f)
459 +{
460 + char modebuf[12];
461 +
462 + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
463 + 1 10-byte mode string,
464 + 9 spaces, one following each of these fields, and
465 + 1 trailing NUL byte. */
466 +
467 + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
468 + char *buf = init_bigbuf;
469 + char *p;
470 +
471 + p = buf;
472 +
473 + if ( print_scontext ) { /* zero means terse listing */
474 + filemodestring (&f->stat, modebuf);
475 + if (! any_has_acl)
476 + modebuf[10] = '\0';
477 + else if (f->acl_type == ACL_T_SELINUX_ONLY)
478 + modebuf[10] = '.';
479 + else if (f->acl_type == ACL_T_YES)
480 + modebuf[10] = '+';
481 + modebuf[11] = '\0';
482 +
483 + /* print mode */
484 +
485 + (void) sprintf (p, "%s ", modebuf);
486 + p += strlen (p);
487 +
488 + /* print standard user and group */
489 +
490 + DIRED_FPUTS (buf, stdout, p - buf);
491 + format_user (f->stat.st_uid, owner_width, f->stat_ok);
492 + format_group (f->stat.st_gid, group_width, f->stat_ok);
493 + p = buf;
494 + }
495 +
496 + (void) sprintf (p, "%-32s ", f->scontext ?: "");
497 + p += strlen (p);
498 +
499 + DIRED_INDENT ();
500 + DIRED_FPUTS (buf, stdout, p - buf);
501 + size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf);
502 +
503 + if (f->filetype == symbolic_link) {
504 + if (f->linkname) {
505 + DIRED_FPUTS_LITERAL (" -> ", stdout);
506 + print_name_with_quoting (f, true, NULL, (p - buf) + w + 4);
507 + if (indicator_style != none)
508 + print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
509 + }
510 + }
511 + else {
512 + if (indicator_style != none)
513 + print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
514 + }
515 +}
516 +
517 /* Print information about F in long format. */
518 static void
519 print_long_format (const struct fileinfo *f)
520 @@ -3724,9 +3821,15 @@ print_long_format (const struct fileinfo
521 The latter is wrong when nlink_width is zero. */
522 p += strlen (p);
523
524 + if (print_scontext)
525 + {
526 + sprintf (p, "%-32s ", f->scontext ? f->scontext : "");
527 + p += strlen (p);
528 + }
529 +
530 DIRED_INDENT ();
531
532 - if (print_owner || print_group || print_author || print_scontext)
533 + if (print_owner || print_group || print_author)
534 {
535 DIRED_FPUTS (buf, stdout, p - buf);
536
537 @@ -3739,9 +3842,6 @@ print_long_format (const struct fileinfo
538 if (print_author)
539 format_user (f->stat.st_author, author_width, f->stat_ok);
540
541 - if (print_scontext)
542 - format_user_or_group (f->scontext, 0, scontext_width);
543 -
544 p = buf;
545 }
546
547 @@ -4086,9 +4186,6 @@ print_file_name_and_frills (const struct
548 : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
549 ST_NBLOCKSIZE, output_block_size));
550
551 - if (print_scontext)
552 - printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext);
553 -
554 size_t width = print_name_with_quoting (f, false, NULL, start_col);
555
556 if (indicator_style != none)
557 @@ -4292,9 +4389,6 @@ length_of_file_name_and_frills (const st
558 output_block_size))
559 : block_size_width);
560
561 - if (print_scontext)
562 - len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width);
563 -
564 quote_name (NULL, f->name, filename_quoting_options, &name_width);
565 len += name_width;
566
567 @@ -4733,9 +4827,16 @@ Mandatory arguments to long options are
568 -w, --width=COLS assume screen width instead of current value\n\
569 -x list entries by lines instead of by columns\n\
570 -X sort alphabetically by entry extension\n\
571 - -Z, --context print any SELinux security context of each file\n\
572 -1 list one file per line\n\
573 "), stdout);
574 + fputs(_("\nSELinux options:\n\n\
575 + --lcontext Display security context. Enable -l. Lines\n\
576 + will probably be too wide for most displays.\n\
577 + -Z, --context Display security context so it fits on most\n\
578 + displays. Displays only mode, user, group,\n\
579 + security context and file name.\n\
580 + --scontext Display only security context and file name.\n\
581 +"), stdout);
582 fputs (HELP_OPTION_DESCRIPTION, stdout);
583 fputs (VERSION_OPTION_DESCRIPTION, stdout);
584 emit_size_note ();
585 diff -urNp coreutils-8.13-orig/src/mkdir.c coreutils-8.13/src/mkdir.c
586 --- coreutils-8.13-orig/src/mkdir.c 2011-07-28 12:38:27.000000000 +0200
587 +++ coreutils-8.13/src/mkdir.c 2011-09-09 10:30:39.576564256 +0200
588 @@ -38,6 +38,7 @@
589 static struct option const longopts[] =
590 {
591 {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
592 + {"context", required_argument, NULL, 'Z'},
593 {"mode", required_argument, NULL, 'm'},
594 {"parents", no_argument, NULL, 'p'},
595 {"verbose", no_argument, NULL, 'v'},
596 diff -urNp coreutils-8.13-orig/src/mknod.c coreutils-8.13/src/mknod.c
597 --- coreutils-8.13-orig/src/mknod.c 2011-07-28 12:38:27.000000000 +0200
598 +++ coreutils-8.13/src/mknod.c 2011-09-09 10:30:39.577563177 +0200
599 @@ -35,7 +35,7 @@
600
601 static struct option const longopts[] =
602 {
603 - {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
604 + {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
605 {"mode", required_argument, NULL, 'm'},
606 {GETOPT_HELP_OPTION_DECL},
607 {GETOPT_VERSION_OPTION_DECL},
608 diff -urNp coreutils-8.13-orig/src/mv.c coreutils-8.13/src/mv.c
609 --- coreutils-8.13-orig/src/mv.c 2011-07-28 12:38:27.000000000 +0200
610 +++ coreutils-8.13/src/mv.c 2011-09-09 10:30:39.578562234 +0200
611 @@ -118,6 +118,7 @@ cp_option_init (struct cp_options *x)
612 x->preserve_mode = true;
613 x->preserve_timestamps = true;
614 x->preserve_security_context = selinux_enabled;
615 + x->set_security_context = false;
616 x->reduce_diagnostics = false;
617 x->data_copy_required = true;
618 x->require_preserve = false; /* FIXME: maybe make this an option */
619 diff -urNp coreutils-8.13-orig/src/runcon.c coreutils-8.13/src/runcon.c
620 --- coreutils-8.13-orig/src/runcon.c 2011-07-28 12:38:27.000000000 +0200
621 +++ coreutils-8.13/src/runcon.c 2011-09-09 10:30:39.579564283 +0200
622 @@ -86,7 +86,7 @@ Usage: %s CONTEXT COMMAND [args]\n\
623 or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\
624 "), program_name, program_name);
625 fputs (_("\
626 -Run a program in a different security context.\n\
627 +Run a program in a different SELinux security context.\n\
628 With neither CONTEXT nor COMMAND, print the current security context.\n\
629 \n\
630 CONTEXT Complete security context\n\
631 diff -urNp coreutils-8.13-orig/tests/init.cfg coreutils-8.13/tests/init.cfg
632 --- coreutils-8.13-orig/tests/init.cfg 2011-09-07 18:00:55.000000000 +0200
633 +++ coreutils-8.13/tests/init.cfg 2011-09-09 10:32:17.031688699 +0200
634 @@ -253,8 +253,8 @@ require_selinux_()
635
636 # Independent of whether SELinux is enabled system-wide,
637 # the current file system may lack SELinux support.
638 - case `ls -Zd .` in
639 - '? .'|'unlabeled .')
640 + case `ls -Zd . | cut -f4 -d" "` in
641 + '?'|'unlabeled')
642 skip_ "this system (or maybe just" \
643 "the current file system) lacks SELinux support"
644 ;;
645 diff -urNp coreutils-8.13-orig/tests/misc/selinux coreutils-8.13/tests/misc/selinux
646 --- coreutils-8.13-orig/tests/misc/selinux 2011-08-08 09:42:16.000000000 +0200
647 +++ coreutils-8.13/tests/misc/selinux 2011-09-09 10:30:39.586563144 +0200
648 @@ -37,7 +37,7 @@ chcon $ctx f d p ||
649
650 # inspect that context with both ls -Z and stat.
651 for i in d f p; do
652 - c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1
653 + c=`ls -dogZ $i|cut -d' ' -f4`; test x$c = x$ctx || fail=1
654 c=`stat --printf %C $i`; test x$c = x$ctx || fail=1
655 done
656
Arne's tree of IPFire 3.x.