From: Stefan Schantl Date: Thu, 30 Dec 2010 11:27:36 +0000 (+0100) Subject: coreutils: Enable support for selinux. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d1a660359caea0edb6e6987178685cd92e8e2ed;p=ipfire-3.x.git coreutils: Enable support for selinux. --- diff --git a/pkgs/core/coreutils/coreutils.nm b/pkgs/core/coreutils/coreutils.nm index 748d14225..99b9d3fe6 100644 --- a/pkgs/core/coreutils/coreutils.nm +++ b/pkgs/core/coreutils/coreutils.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include PKG_NAME = coreutils PKG_VER = 8.7 -PKG_REL = 0 +PKG_REL = 1 PKG_MAINTAINER = PKG_GROUP = System/Base @@ -40,7 +40,7 @@ define PKG_DESCRIPTION endef PKG_BUILD_DEPS+= autoconf automake libacl-devel libattr-devel libcap \ - ncurses-devel e2fsprogs pam-devel libselinux-devel + libselinux-devel ncurses-devel e2fsprogs pam-devel PKG_TARBALL = $(THISAPP).tar.gz @@ -48,6 +48,7 @@ CFLAGS += -D_GNU_SOURCE=1 -fno-strict-aliasing CONFIGURE_OPTIONS += \ --enable-pam \ + --enable-selinux \ --enable-largefile \ --enable-install-program=arch,hostname,su \ --enable-no-install-program=kill,uptime diff --git a/pkgs/core/coreutils/patches/coreutils-selinux.patch b/pkgs/core/coreutils/patches/coreutils-selinux.patch new file mode 100644 index 000000000..4ad7e6b22 --- /dev/null +++ b/pkgs/core/coreutils/patches/coreutils-selinux.patch @@ -0,0 +1,671 @@ +diff -urNp coreutils-8.7-orig/configure.ac coreutils-8.7/configure.ac +--- coreutils-8.7-orig/configure.ac 2010-11-15 10:03:39.636171519 +0100 ++++ coreutils-8.7/configure.ac 2010-11-15 10:04:08.161930423 +0100 +@@ -133,6 +133,13 @@ if test "$gl_gcc_warnings" = yes; then + AC_SUBST([GNULIB_TEST_WARN_CFLAGS]) + fi + ++dnl Give the chance to enable SELINUX ++AC_ARG_ENABLE(selinux, dnl ++[ --enable-selinux Enable use of the SELINUX libraries], ++[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) ++LIB_SELINUX="-lselinux" ++AC_SUBST(LIB_SELINUX)]) ++ + AC_FUNC_FORK + + AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam], +diff -urNp coreutils-8.7-orig/man/chcon.x coreutils-8.7/man/chcon.x +--- coreutils-8.7-orig/man/chcon.x 2009-09-01 13:01:16.000000000 +0200 ++++ coreutils-8.7/man/chcon.x 2010-11-15 10:04:08.161930423 +0100 +@@ -1,4 +1,4 @@ + [NAME] +-chcon \- change file security context ++chcon \- change file SELinux security context + [DESCRIPTION] + .\" Add any additional description here +diff -urNp coreutils-8.7-orig/man/runcon.x coreutils-8.7/man/runcon.x +--- coreutils-8.7-orig/man/runcon.x 2009-09-01 13:01:16.000000000 +0200 ++++ coreutils-8.7/man/runcon.x 2010-11-15 10:04:08.162922322 +0100 +@@ -1,5 +1,5 @@ + [NAME] +-runcon \- run command with specified security context ++runcon \- run command with specified SELinux security context + [DESCRIPTION] + Run COMMAND with completely-specified CONTEXT, or with current or + transitioned security context modified by one or more of LEVEL, +diff -urNp coreutils-8.7-orig/src/copy.c coreutils-8.7/src/copy.c +--- coreutils-8.7-orig/src/copy.c 2010-10-28 12:31:17.000000000 +0200 ++++ coreutils-8.7/src/copy.c 2010-11-15 10:04:08.165921553 +0100 +@@ -1924,6 +1924,8 @@ copy_internal (char const *src_name, cha + { + /* Here, we are crossing a file system boundary and cp's -x option + is in effect: so don't copy the contents of this directory. */ ++ if (x->preserve_security_context) ++ restore_default_fscreatecon_or_die (); + } + else + { +diff -urNp coreutils-8.7-orig/src/copy.h coreutils-8.7/src/copy.h +--- coreutils-8.7-orig/src/copy.h 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/copy.h 2010-11-15 10:04:08.166925814 +0100 +@@ -158,6 +158,9 @@ struct cp_options + bool preserve_mode; + bool preserve_timestamps; + ++ /* If true, attempt to set specified security context */ ++ bool set_security_context; ++ + /* Enabled for mv, and for cp by the --preserve=links option. + If true, attempt to preserve in the destination files any + logical hard links between the source files. If used with cp's +diff -urNp coreutils-8.7-orig/src/cp.c coreutils-8.7/src/cp.c +--- coreutils-8.7-orig/src/cp.c 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/cp.c 2010-11-15 10:04:08.168931890 +0100 +@@ -141,6 +141,7 @@ static struct option const long_opts[] = + {"target-directory", required_argument, NULL, 't'}, + {"update", no_argument, NULL, 'u'}, + {"verbose", no_argument, NULL, 'v'}, ++ {"context", required_argument, NULL, 'Z'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, + {NULL, 0, NULL, 0} +@@ -200,6 +201,9 @@ Mandatory arguments to long options are + all\n\ + "), stdout); + fputs (_("\ ++ -c same as --preserve=context\n\ ++"), stdout); ++ fputs (_("\ + --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ + --parents use full source file name under DIRECTORY\n\ + "), stdout); +@@ -226,6 +230,7 @@ Mandatory arguments to long options are + destination file is missing\n\ + -v, --verbose explain what is being done\n\ + -x, --one-file-system stay on this file system\n\ ++ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\ + "), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); + fputs (VERSION_OPTION_DESCRIPTION, stdout); +@@ -780,6 +785,7 @@ cp_option_init (struct cp_options *x) + x->preserve_timestamps = false; + x->preserve_security_context = false; + x->require_preserve_context = false; ++ x->set_security_context = false; + x->preserve_xattr = false; + x->reduce_diagnostics = false; + x->require_preserve_xattr = false; +@@ -927,7 +933,7 @@ main (int argc, char **argv) + we'll actually use backup_suffix_string. */ + backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); + +- while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T", ++ while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:", + long_opts, NULL)) + != -1) + { +@@ -974,6 +980,16 @@ main (int argc, char **argv) + copy_contents = true; + break; + ++ case 'c': ++ if ( x.set_security_context ) { ++ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); ++ exit( 1 ); ++ } ++ else if (selinux_enabled) { ++ x.preserve_security_context = true; ++ x.require_preserve_context = true; ++ } ++ break; + case 'd': + x.preserve_links = true; + x.dereference = DEREF_NEVER; +@@ -1083,6 +1099,27 @@ main (int argc, char **argv) + x.one_file_system = true; + break; + ++ ++ case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !selinux_enabled ) { ++ fprintf( stderr, "Warning: ignoring --context (-Z). " ++ "It requires a SELinux enabled kernel.\n" ); ++ break; ++ } ++ if ( x.preserve_security_context ) { ++ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg); ++ exit( 1 ); ++ } ++ x.set_security_context = true; ++ /* if there's a security_context given set new path ++ components to that context, too */ ++ if ( setfscreatecon(optarg) < 0 ) { ++ (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg); ++ exit( 1 ); ++ } ++ break; ++ + case 'S': + make_backups = true; + backup_suffix_string = optarg; +diff -urNp coreutils-8.7-orig/src/chcon.c coreutils-8.7/src/chcon.c +--- coreutils-8.7-orig/src/chcon.c 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/chcon.c 2010-11-15 10:04:08.169922391 +0100 +@@ -356,7 +356,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\ + "), + program_name, program_name, program_name); + fputs (_("\ +-Change the security context of each FILE to CONTEXT.\n\ ++Change the SELinux security context of each FILE to CONTEXT.\n\ + With --reference, change the security context of each FILE to that of RFILE.\n\ + \n\ + -h, --no-dereference affect symbolic links instead of any referenced file\n\ +diff -urNp coreutils-8.7-orig/src/id.c coreutils-8.7/src/id.c +--- coreutils-8.7-orig/src/id.c 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/id.c 2010-11-15 10:04:08.170933217 +0100 +@@ -107,7 +107,7 @@ int + main (int argc, char **argv) + { + int optc; +- int selinux_enabled = (is_selinux_enabled () > 0); ++ bool selinux_enabled = (is_selinux_enabled () > 0); + + /* If true, output the list of all group IDs. -G */ + bool just_group_list = false; +diff -urNp coreutils-8.7-orig/src/install.c coreutils-8.7/src/install.c +--- coreutils-8.7-orig/src/install.c 2010-10-15 21:56:29.000000000 +0200 ++++ coreutils-8.7/src/install.c 2010-11-15 10:04:08.171921693 +0100 +@@ -283,6 +283,7 @@ cp_option_init (struct cp_options *x) + x->data_copy_required = true; + x->require_preserve = false; + x->require_preserve_context = false; ++ x->set_security_context = false; + x->require_preserve_xattr = false; + x->recursive = false; + x->sparse_mode = SPARSE_AUTO; +@@ -460,7 +461,7 @@ main (int argc, char **argv) + we'll actually use backup_suffix_string. */ + backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); + +- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options, ++ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options, + NULL)) != -1) + { + switch (optc) +@@ -534,6 +535,7 @@ main (int argc, char **argv) + error (0, 0, _("WARNING: --preserve_context is deprecated; " + "use --preserve-context instead")); + /* fall through */ ++ case 'P': + case PRESERVE_CONTEXT_OPTION: + if ( ! selinux_enabled) + { +@@ -541,6 +543,10 @@ main (int argc, char **argv) + "this kernel is not SELinux-enabled")); + break; + } ++ if ( x.set_security_context ) { ++ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); ++ exit( 1 ); ++ } + x.preserve_security_context = true; + use_default_selinux_context = false; + break; +@@ -552,6 +558,7 @@ main (int argc, char **argv) + break; + } + scontext = optarg; ++ x.set_security_context = true; + use_default_selinux_context = false; + break; + case_GETOPT_HELP_CHAR; +@@ -985,8 +992,8 @@ Mandatory arguments to long options are + -v, --verbose print the name of each directory as it is created\n\ + "), stdout); + fputs (_("\ +- --preserve-context preserve SELinux security context\n\ +- -Z, --context=CONTEXT set SELinux security context of files and directories\n\ ++ -P, --preserve-context (SELinux) preserve security context\n\ ++ -Z, --context=CONTEXT (SELinux) set security context of files and directories\n\ + "), stdout); + + fputs (HELP_OPTION_DESCRIPTION, stdout); +diff -urNp coreutils-8.7-orig/src/ls.c coreutils-8.7/src/ls.c +--- coreutils-8.7-orig/src/ls.c 2010-10-25 12:07:57.000000000 +0200 ++++ coreutils-8.7/src/ls.c 2010-11-15 10:04:08.175921763 +0100 +@@ -159,7 +159,8 @@ enum filetype + symbolic_link, + sock, + whiteout, +- arg_directory ++ arg_directory, ++ command_line + }; + + /* Display letters and indicators for each filetype. +@@ -276,6 +277,7 @@ static void queue_directory (char const + static void sort_files (void); + static void parse_ls_color (void); + void usage (int status); ++static void print_scontext_format (const struct fileinfo *f); + + /* Initial size of hash table. + Most hierarchies are likely to be shallower than this. */ +@@ -345,7 +347,7 @@ static struct pending *pending_dirs; + + static struct timespec current_time; + +-static bool print_scontext; ++static int print_scontext = 0; + static char UNKNOWN_SECURITY_CONTEXT[] = "?"; + + /* Whether any of the files has an ACL. This affects the width of the +@@ -385,7 +387,9 @@ enum format + one_per_line, /* -1 */ + many_per_line, /* -C */ + horizontal, /* -x */ +- with_commas /* -m */ ++ with_commas, /* -m */ ++ security_format, /* -Z */ ++ invalid_format + }; + + static enum format format; +@@ -787,6 +791,9 @@ enum + SHOW_CONTROL_CHARS_OPTION, + SI_OPTION, + SORT_OPTION, ++ CONTEXT_OPTION, ++ LCONTEXT_OPTION, ++ SCONTEXT_OPTION, + TIME_OPTION, + TIME_STYLE_OPTION + }; +@@ -832,7 +839,9 @@ static struct option const long_options[ + {"time-style", required_argument, NULL, TIME_STYLE_OPTION}, + {"color", optional_argument, NULL, COLOR_OPTION}, + {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION}, +- {"context", no_argument, 0, 'Z'}, ++ {"context", no_argument, 0, CONTEXT_OPTION}, ++ {"lcontext", no_argument, 0, LCONTEXT_OPTION}, ++ {"scontext", no_argument, 0, SCONTEXT_OPTION}, + {"author", no_argument, NULL, AUTHOR_OPTION}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +@@ -842,12 +851,12 @@ static struct option const long_options[ + static char const *const format_args[] = + { + "verbose", "long", "commas", "horizontal", "across", +- "vertical", "single-column", NULL ++ "vertical", "single-column", "context", NULL + }; + static enum format const format_types[] = + { + long_format, long_format, with_commas, horizontal, horizontal, +- many_per_line, one_per_line ++ many_per_line, one_per_line, security_format + }; + ARGMATCH_VERIFY (format_args, format_types); + +@@ -1289,7 +1298,8 @@ main (int argc, char **argv) + /* Avoid following symbolic links when possible. */ + if (is_colored (C_ORPHAN) + || (is_colored (C_EXEC) && color_symlink_as_referent) +- || (is_colored (C_MISSING) && format == long_format)) ++ || (is_colored (C_MISSING) && (format == long_format ++ || format == security_format))) + check_symlink_color = true; + + /* If the standard output is a controlling terminal, watch out +@@ -1336,7 +1346,7 @@ main (int argc, char **argv) + if (dereference == DEREF_UNDEFINED) + dereference = ((immediate_dirs + || indicator_style == classify +- || format == long_format) ++ || format == long_format || format == security_format) + ? DEREF_NEVER + : DEREF_COMMAND_LINE_SYMLINK_TO_DIR); + +@@ -1356,7 +1366,7 @@ main (int argc, char **argv) + + format_needs_stat = sort_type == sort_time || sort_type == sort_size + || format == long_format +- || print_scontext ++ || format == security_format || print_scontext + || print_block_size; + format_needs_type = (! format_needs_stat + && (recursive +@@ -1387,7 +1397,7 @@ main (int argc, char **argv) + } + else + do +- gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, ""); ++ gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, ""); + while (i < argc); + + if (cwd_n_used) +@@ -1558,7 +1568,7 @@ decode_switches (int argc, char **argv) + ignore_mode = IGNORE_DEFAULT; + ignore_patterns = NULL; + hide_patterns = NULL; +- print_scontext = false; ++ print_scontext = 0; + + /* FIXME: put this in a function. */ + { +@@ -1940,13 +1950,27 @@ decode_switches (int argc, char **argv) + break; + + case 'Z': +- print_scontext = true; ++ print_scontext = 1; ++ format = security_format; + break; + + case_GETOPT_HELP_CHAR; + + case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + ++ case CONTEXT_OPTION: /* default security context format */ ++ print_scontext = 1; ++ format = security_format; ++ break; ++ case LCONTEXT_OPTION: /* long format plus security context */ ++ print_scontext = 1; ++ format = long_format; ++ break; ++ case SCONTEXT_OPTION: /* short form of new security format */ ++ print_scontext = 0; ++ format = security_format; ++ break; ++ + default: + usage (LS_FAILURE); + } +@@ -2690,8 +2714,10 @@ clear_files (void) + struct fileinfo *f = sorted_file[i]; + free (f->name); + free (f->linkname); +- if (f->scontext != UNKNOWN_SECURITY_CONTEXT) +- freecon (f->scontext); ++ if (f->scontext != UNKNOWN_SECURITY_CONTEXT) { ++ freecon (f->scontext); ++ f->scontext = NULL; ++ } + } + + cwd_n_used = 0; +@@ -2733,6 +2759,7 @@ gobble_file (char const *name, enum file + memset (f, '\0', sizeof *f); + f->stat.st_ino = inode; + f->filetype = type; ++ f->scontext = NULL; + + if (command_line_arg + || format_needs_stat +@@ -2842,7 +2869,7 @@ gobble_file (char const *name, enum file + && print_with_color && is_colored (C_CAP)) + f->has_capability = has_capability (absolute_name); + +- if (format == long_format || print_scontext) ++ if (format == long_format || format == security_format || print_scontext) + { + bool have_selinux = false; + bool have_acl = false; +@@ -2865,7 +2892,7 @@ gobble_file (char const *name, enum file + err = 0; + } + +- if (err == 0 && format == long_format) ++ if (err == 0 && (format == long_format || format == security_format)) + { + int n = file_has_acl (absolute_name, &f->stat); + err = (n < 0); +@@ -2884,7 +2911,8 @@ gobble_file (char const *name, enum file + } + + if (S_ISLNK (f->stat.st_mode) +- && (format == long_format || check_symlink_color)) ++ && (format == long_format || format == security_format ++ || check_symlink_color)) + { + char *linkname; + struct stat linkstats; +@@ -2904,6 +2932,7 @@ gobble_file (char const *name, enum file + command line are automatically traced if not being + listed as files. */ + if (!command_line_arg || format == long_format ++ || format == security_format + || !S_ISDIR (linkstats.st_mode)) + { + /* Get the linked-to file's mode for the filetype indicator +@@ -2943,7 +2972,7 @@ gobble_file (char const *name, enum file + block_size_width = len; + } + +- if (format == long_format) ++ if (format == long_format || format == security_format) + { + if (print_owner) + { +@@ -3444,6 +3473,13 @@ print_current_files (void) + print_long_format (sorted_file[i]); + DIRED_PUTCHAR ('\n'); + } ++ break; ++ case security_format: ++ for (i = 0; i < cwd_n_used; i++) ++ { ++ print_scontext_format (sorted_file[i]); ++ DIRED_PUTCHAR ('\n'); ++ } + break; + } + } +@@ -3606,6 +3642,67 @@ format_inode (char *buf, size_t buflen, + : (char *) "?"); + } + ++/* Print info about f in scontext format */ ++static void ++print_scontext_format (const struct fileinfo *f) ++{ ++ char modebuf[12]; ++ ++ /* 7 fields that may require LONGEST_HUMAN_READABLE bytes, ++ 1 10-byte mode string, ++ 9 spaces, one following each of these fields, and ++ 1 trailing NUL byte. */ ++ ++ char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1]; ++ char *buf = init_bigbuf; ++ char *p; ++ ++ p = buf; ++ ++ if ( print_scontext ) { /* zero means terse listing */ ++ filemodestring (&f->stat, modebuf); ++ if (! any_has_acl) ++ modebuf[10] = '\0'; ++ else if (f->acl_type == ACL_T_SELINUX_ONLY) ++ modebuf[10] = '.'; ++ else if (f->acl_type == ACL_T_YES) ++ modebuf[10] = '+'; ++ modebuf[11] = '\0'; ++ ++ /* print mode */ ++ ++ (void) sprintf (p, "%s ", modebuf); ++ p += strlen (p); ++ ++ /* print standard user and group */ ++ ++ DIRED_FPUTS (buf, stdout, p - buf); ++ format_user (f->stat.st_uid, owner_width, f->stat_ok); ++ format_group (f->stat.st_gid, group_width, f->stat_ok); ++ p = buf; ++ } ++ ++ (void) sprintf (p, "%-32s ", f->scontext ?: ""); ++ p += strlen (p); ++ ++ DIRED_INDENT (); ++ DIRED_FPUTS (buf, stdout, p - buf); ++ size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf); ++ ++ if (f->filetype == symbolic_link) { ++ if (f->linkname) { ++ DIRED_FPUTS_LITERAL (" -> ", stdout); ++ print_name_with_quoting (f, true, NULL, (p - buf) + w + 4); ++ if (indicator_style != none) ++ print_type_indicator (f->stat_ok, f->linkmode, f->filetype); ++ } ++ } ++ else { ++ if (indicator_style != none) ++ print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype); ++ } ++} ++ + /* Print information about F in long format. */ + static void + print_long_format (const struct fileinfo *f) +@@ -3697,9 +3794,15 @@ print_long_format (const struct fileinfo + The latter is wrong when nlink_width is zero. */ + p += strlen (p); + ++ if (print_scontext) ++ { ++ sprintf (p, "%-32s ", f->scontext ? f->scontext : ""); ++ p += strlen (p); ++ } ++ + DIRED_INDENT (); + +- if (print_owner || print_group || print_author || print_scontext) ++ if (print_owner || print_group || print_author) + { + DIRED_FPUTS (buf, stdout, p - buf); + +@@ -3712,9 +3815,6 @@ print_long_format (const struct fileinfo + if (print_author) + format_user (f->stat.st_author, author_width, f->stat_ok); + +- if (print_scontext) +- format_user_or_group (f->scontext, 0, scontext_width); +- + p = buf; + } + +@@ -4059,9 +4159,6 @@ print_file_name_and_frills (const struct + : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts, + ST_NBLOCKSIZE, output_block_size)); + +- if (print_scontext) +- printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext); +- + size_t width = print_name_with_quoting (f, false, NULL, start_col); + + if (indicator_style != none) +@@ -4265,9 +4362,6 @@ length_of_file_name_and_frills (const st + output_block_size)) + : block_size_width); + +- if (print_scontext) +- len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width); +- + quote_name (NULL, f->name, filename_quoting_options, &name_width); + len += name_width; + +@@ -4700,9 +4794,16 @@ Mandatory arguments to long options are + -w, --width=COLS assume screen width instead of current value\n\ + -x list entries by lines instead of by columns\n\ + -X sort alphabetically by entry extension\n\ +- -Z, --context print any SELinux security context of each file\n\ + -1 list one file per line\n\ + "), stdout); ++ fputs(_("\nSELinux options:\n\n\ ++ --lcontext Display security context. Enable -l. Lines\n\ ++ will probably be too wide for most displays.\n\ ++ -Z, --context Display security context so it fits on most\n\ ++ displays. Displays only mode, user, group,\n\ ++ security context and file name.\n\ ++ --scontext Display only security context and file name.\n\ ++"), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); + fputs (VERSION_OPTION_DESCRIPTION, stdout); + emit_size_note (); +diff -urNp coreutils-8.7-orig/src/mkdir.c coreutils-8.7/src/mkdir.c +--- coreutils-8.7-orig/src/mkdir.c 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/mkdir.c 2010-11-15 10:04:08.177942716 +0100 +@@ -38,6 +38,7 @@ + static struct option const longopts[] = + { + {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, ++ {"context", required_argument, NULL, 'Z'}, + {"mode", required_argument, NULL, 'm'}, + {"parents", no_argument, NULL, 'p'}, + {"verbose", no_argument, NULL, 'v'}, +diff -urNp coreutils-8.7-orig/src/mknod.c coreutils-8.7/src/mknod.c +--- coreutils-8.7-orig/src/mknod.c 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/mknod.c 2010-11-15 10:04:08.177942716 +0100 +@@ -35,7 +35,7 @@ + + static struct option const longopts[] = + { +- {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, ++ {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, + {"mode", required_argument, NULL, 'm'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +diff -urNp coreutils-8.7-orig/src/mv.c coreutils-8.7/src/mv.c +--- coreutils-8.7-orig/src/mv.c 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/mv.c 2010-11-15 10:04:08.179924138 +0100 +@@ -118,6 +118,7 @@ cp_option_init (struct cp_options *x) + x->preserve_mode = true; + x->preserve_timestamps = true; + x->preserve_security_context = selinux_enabled; ++ x->set_security_context = false; + x->reduce_diagnostics = false; + x->data_copy_required = true; + x->require_preserve = false; /* FIXME: maybe make this an option */ +diff -urNp coreutils-8.7-orig/src/runcon.c coreutils-8.7/src/runcon.c +--- coreutils-8.7-orig/src/runcon.c 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/src/runcon.c 2010-11-15 10:04:08.180922252 +0100 +@@ -86,7 +86,7 @@ Usage: %s CONTEXT COMMAND [args]\n\ + or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\ + "), program_name, program_name); + fputs (_("\ +-Run a program in a different security context.\n\ ++Run a program in a different SELinux security context.\n\ + With neither CONTEXT nor COMMAND, print the current security context.\n\ + \n\ + CONTEXT Complete security context\n\ +diff -urNp coreutils-8.7-orig/tests/init.cfg coreutils-8.7/tests/init.cfg +--- coreutils-8.7-orig/tests/init.cfg 2010-11-08 14:10:20.000000000 +0100 ++++ coreutils-8.7/tests/init.cfg 2010-11-15 10:04:08.181922042 +0100 +@@ -216,8 +216,8 @@ skip_if_() + + require_selinux_() + { +- case `ls -Zd .` in +- '? .'|'unlabeled .') ++ case `ls -Zd . | cut -f4 -d" "` in ++ '?'|'unlabeled') + skip_test_ "this system (or maybe just" \ + "the current file system) lacks SELinux support" + ;; +diff -urNp coreutils-8.7-orig/tests/misc/selinux coreutils-8.7/tests/misc/selinux +--- coreutils-8.7-orig/tests/misc/selinux 2010-10-11 19:35:11.000000000 +0200 ++++ coreutils-8.7/tests/misc/selinux 2010-11-15 10:04:08.181922042 +0100 +@@ -44,7 +44,7 @@ chcon $ctx f d p || + + # inspect that context with both ls -Z and stat. + for i in d f p; do +- c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1 ++ c=`ls -dogZ $i|cut -d' ' -f4`; test x$c = x$ctx || fail=1 + c=`stat --printf %C $i`; test x$c = x$ctx || fail=1 + done + diff --git a/pkgs/core/coreutils/patches/coreutils-selinuxmanpages.patch b/pkgs/core/coreutils/patches/coreutils-selinuxmanpages.patch new file mode 100644 index 000000000..9cbc16629 --- /dev/null +++ b/pkgs/core/coreutils/patches/coreutils-selinuxmanpages.patch @@ -0,0 +1,15 @@ +diff -urNp coreutils-6.10-orig/doc/coreutils.texi coreutils-6.10/doc/coreutils.texi +--- coreutils-6.10-orig/doc/coreutils.texi 2008-04-07 17:52:11.000000000 +0200 ++++ coreutils-6.10/doc/coreutils.texi 2008-04-07 18:01:43.000000000 +0200 +@@ -6981,6 +6981,11 @@ for i; do + done + @end example + ++@item -c ++@cindex SELinux security context information, preserving ++Preserve SELinux security context of the original files if possible. ++Some file systems don't support storing of SELinux security context. ++ + @item --copy-contents + @cindex directories, copying recursively + @cindex copying directories recursively