doc: clarify SMACK related --help and documentation

* src/ls.c: Remove all mention of SELinux since ls
should treat all security context labels equally.
* doc/coreutils.texi (ls invocation): Likewise.
(id invocation): Clarify that -Z outputs the context
inherited by the process, rather than one specific to a user.
Note for SMACK this can be set instead by the SMACK64EXEC label,
in the unusual case where this is set on the id executable.
* src/id.c (usage): Likewise.
* src/mkdir.c (usage): Clarify that -Z is specific to SELinux,
while --context=CTX is also supported for SMACK.
* src/mkfifo.c (usage): Likewise.
* src/mknod.c (usage): Likewise.

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 9a19cfa623f4f10bdfeaae344ec441691511d161..35e7bd9fdd4942ff46ff4e61c1f28a776159e2e6 100644 (file)
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -7268,7 +7268,7 @@ space, there is no alternate access method.  When it is a printing
 character, then there is such a method.
 
 GNU @command{ls} uses a @samp{.} character to indicate a file
-with an SELinux security context, but no other alternate access method.
+with a security context, but no other alternate access method.
 
 A file with any other combination of alternate access methods
 is marked with a @samp{+} character.
@@ -8466,7 +8466,8 @@ to the system default type for destination files, similarly to the
 @command{restorecon} command.
 The long form of this option with a specific context specified,
 will set the context for newly created files only.
-With a specified context, if SELinux is disabled, a warning is issued.
+With a specified context, if both SELinux and SMACK are disabled, a warning is
+issued.
 @end macro
 @optContext
 This option is mutually exclusive with the @option{--preserve=context}
@@ -14563,8 +14564,9 @@ Print only the user ID.
 @opindex --context
 @cindex SELinux
 @cindex security context
-Print only the security context of the current user.
-If SELinux is disabled then print a warning and
+Print only the security context of the process, which is generally
+the user's security context inherited from the parent process.
+If neither SELinux or SMACK is enabled then print a warning and
 set the exit status to 1.
 
 @item -z

diff --git a/src/id.c b/src/id.c
index 803c360c4ed9378afefa67d57a13793967d51420..3348f8013edb144b9e1c3838b2ce5895eed7f578 100644 (file)
--- a/src/id.c
+++ b/src/id.c
@@ -89,7 +89,7 @@ or (when USER omitted) for the current user.\n\
              stdout);
       fputs (_("\
   -a             ignore, for compatibility with other versions\n\
-  -Z, --context  print only the security context of the current user\n\
+  -Z, --context  print only the security context of the process\n\
   -g, --group    print only the effective group ID\n\
   -G, --groups   print all group IDs\n\
   -n, --name     print a name instead of a number, for -ugG\n\

diff --git a/src/ls.c b/src/ls.c
index 30356aca4f6e45515ea9ab5dbf9680b353f038cb..5d87dd332f43ab708a8825aa3797eb257b8924fc 100644 (file)
--- a/src/ls.c
+++ b/src/ls.c
@@ -186,7 +186,7 @@ verify (sizeof filetype_letter - 1 == arg_directory + 1);
 enum acl_type
   {
     ACL_T_NONE,
-    ACL_T_SELINUX_ONLY,
+    ACL_T_LSM_CONTEXT_ONLY,
     ACL_T_YES
   };
 
@@ -206,7 +206,7 @@ struct fileinfo
        zero.  */
     mode_t linkmode;
 
-    /* SELinux security context.  */
+    /* security context.  */
     security_context_t scontext;
 
     bool stat_ok;
@@ -216,7 +216,7 @@ struct fileinfo
     bool linkok;
 
     /* For long listings, true if the file has an access control list,
-       or an SELinux security context.  */
+       or a security context.  */
     enum acl_type acl_type;
 
     /* For color listings, true if a regular file has capability info.  */
@@ -2804,8 +2804,8 @@ errno_unsupported (int err)
 }
 
 /* Cache *getfilecon failure, when it's trivial to do so.
-   Like getfilecon/lgetfilecon, but when F's st_dev says it's on a known-
-   SELinux-challenged file system, fail with ENOTSUP immediately.  */
+   Like getfilecon/lgetfilecon, but when F's st_dev says it's doesn't
+   support getting the security context, fail with ENOTSUP immediately.  */
 static int
 getfilecon_cache (char const *file, struct fileinfo *f, bool deref)
 {
@@ -3052,7 +3052,7 @@ gobble_file (char const *name, enum filetype type, ino_t inode,
           f->acl_type = (!have_scontext && !have_acl
                          ? ACL_T_NONE
                          : (have_scontext && !have_acl
-                            ? ACL_T_SELINUX_ONLY
+                            ? ACL_T_LSM_CONTEXT_ONLY
                             : ACL_T_YES));
           any_has_acl |= f->acl_type != ACL_T_NONE;
 
@@ -3799,7 +3799,7 @@ print_long_format (const struct fileinfo *f)
   struct tm *when_local;
 
   /* Compute the mode string, except remove the trailing space if no
-     file in this directory has an ACL or SELinux security context.  */
+     file in this directory has an ACL or security context.  */
   if (f->stat_ok)
     filemodestring (&f->stat, modebuf);
   else
@@ -3810,7 +3810,7 @@ print_long_format (const struct fileinfo *f)
     }
   if (! any_has_acl)
     modebuf[10] = '\0';
-  else if (f->acl_type == ACL_T_SELINUX_ONLY)
+  else if (f->acl_type == ACL_T_LSM_CONTEXT_ONLY)
     modebuf[10] = '.';
   else if (f->acl_type == ACL_T_YES)
     modebuf[10] = '+';
@@ -4886,7 +4886,7 @@ Sort entries alphabetically if none of -cftuvSUX nor --sort is specified.\n\
   -w, --width=COLS           assume screen width instead of current value\n\
   -x                         list entries by lines instead of by columns\n\
   -X                         sort alphabetically by entry extension\n\
-  -Z, --context              print any SELinux security context of each file\n\
+  -Z, --context              print any security context of each file\n\
   -1                         list one file per line\n\
 "), stdout);
       fputs (HELP_OPTION_DESCRIPTION, stdout);

diff --git a/src/mkdir.c b/src/mkdir.c
index c904d4f27e8a0e73338544bc0e76bd43911cae21..a6f6c24a69e72410381b7f70d8e647fad5421171 100644 (file)
--- a/src/mkdir.c
+++ b/src/mkdir.c
@@ -67,7 +67,8 @@ Create the DIRECTORY(ies), if they do not already exist.\n\
   -p, --parents     no error if existing, make parent directories as needed\n\
   -v, --verbose     print a message for each created directory\n\
   -Z, --context[=CTX]  set the SELinux security context of each created\n\
-                         directory to default type or to CTX if specified\n\
+                         directory to default type or set the SELinux or\n\
+                         SMACK security context to CTX if specified\n\
 "), stdout);
       fputs (HELP_OPTION_DESCRIPTION, stdout);
       fputs (VERSION_OPTION_DESCRIPTION, stdout);

diff --git a/src/mkfifo.c b/src/mkfifo.c
index f9c6af6112402e38d886a23639e891114655a358..cf970593b33ff04b880bc9e72bde904b79c4d0a8 100644 (file)
--- a/src/mkfifo.c
+++ b/src/mkfifo.c
@@ -62,7 +62,8 @@ Create named pipes (FIFOs) with the given NAMEs.\n\
 "), stdout);
       fputs (_("\
   -Z, --context[=CTX]  set the SELinux security context of each NAME to\n\
-                         default type, or CTX if specified\n\
+                         default type, or set the SELinux or SMACK\n\
+                         security context to CTX if specified\n\
 "), stdout);
       fputs (HELP_OPTION_DESCRIPTION, stdout);
       fputs (VERSION_OPTION_DESCRIPTION, stdout);

diff --git a/src/mknod.c b/src/mknod.c
index c6ea1ea1965626a1c5a1e8e6ce884b237cff3dfd..dfb9ef4fca865c9c5836058531ef8d895e18b0cd 100644 (file)
--- a/src/mknod.c
+++ b/src/mknod.c
@@ -64,7 +64,8 @@ Create the special file NAME of the given TYPE.\n\
 "), stdout);
       fputs (_("\
   -Z, --context[=CTX]  set the SELinux security context of NAME to\n\
-                         default type, or to CTX if specified\n\
+                         default type, or set the SELinux or SMACK\n\
+                         security context to CTX if specified\n\
 "), stdout);
       fputs (HELP_OPTION_DESCRIPTION, stdout);
       fputs (VERSION_OPTION_DESCRIPTION, stdout);