[packages/findutils.git] / findutils-selinux.patch

--- findutils-4.1.20/find/Makefile.am.orig	Mon May 26 20:02:34 2003
+++ findutils-4.1.20/find/Makefile.am	Wed Jan 28 15:15:13 2004
@@ -3,8 +3,9 @@
 bin_PROGRAMS = find
 find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
 EXTRA_DIST = defs.h $(man_MANS)
+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
 INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = testsuite
 
--- findutils-4.1.7/find/defs.h.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/defs.h	2003-10-10 13:06:11.451070520 -0400
@@ -118,6 +118,10 @@
 #define MODE_RWX	(S_IXUSR | S_IXGRP | S_IXOTH | MODE_RW)
 #define MODE_ALL	(S_ISUID | S_ISGID | S_ISVTX | MODE_RWX)
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 /* Not char because of type promotion; NeXT gcc can't handle it.  */
 typedef int boolean;
 #define		true    1
@@ -265,6 +269,9 @@
     struct perm_val perm;	/* perm */
     mode_t type;		/* type */
     FILE *stream;		/* fprint fprint0 */
+#ifdef WITH_SELINUX
+    security_context_t scontext; /* scontext */
+#endif /*WITH_SELINUX*/
     struct format_val printf_vec; /* printf fprintf */
   } args;
 
@@ -310,6 +317,11 @@
 VOID *xmalloc PARAMS((size_t n));
 VOID *xrealloc PARAMS((VOID *p, size_t n));
 
+#ifdef WITH_SELINUX
+boolean pred_scontext PARAMS((char *pathname, struct stat *stat_buf, struct predicate *pred_ptr));
+extern int (*x_getfilecon) ();
+#endif /*WITH_SELINUX*/
+
 /* xstrdup.c */
 char *xstrdup PARAMS((char *string));
 
--- findutils-4.1.7/find/find.1.selinux	2003-10-10 13:06:11.334084221 -0400
+++ findutils-4.1.7/find/find.1	2003-10-10 13:06:11.555058342 -0400
@@ -230,6 +230,9 @@
 file of type \fIc\fR; if \-follow has been given, true if \fIc\fR is
 `l'.  In other words, for symbolic links, \-xtype checks the type of
 the file that \-type does not check.
+.IP "\-context \fIscontext\fR"
+.IP "\--context \fIscontext\fR"
+(SELinux only) File has the security context \fIscontext\fR.
 .SS ACTIONS
 .IP "\-exec \fIcommand\fR ;"
 Execute \fIcommand\fR; true if 0 status is returned.  All following
@@ -419,6 +422,8 @@
 File's user name, or numeric user ID if the user has no name.
 .IP %U
 File's numeric user ID.
+.IP %Z
+(SELinux only) file's security context.
 .PP
 A `%' character followed by any other character is discarded (but the
 other character is printed).
--- findutils-4.1.7/find/find.c.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/find.c	2003-10-10 13:06:11.556058225 -0400
@@ -135,6 +135,9 @@
 
 /* Pointer to the function used to stat files. */
 int (*xstat) ();
+#ifdef WITH_SELINUX
+int (*x_getfilecon) ();
+#endif /* WITH_SELINUX */
 
 /* Status value to return to system. */
 int exit_status;
@@ -181,6 +184,10 @@
   xstat = debug_stat;
 #else /* !DEBUG_STAT */
   xstat = lstat;
+#ifdef WITH_SELINUX
+  int is_selinux_enabled_flag = (is_selinux_enabled() > 0);
+  x_getfilecon = lgetfilecon;
+#endif /* WITH_SELINUX */
 #endif /* !DEBUG_STAT */
 
   human_block_size (getenv ("FIND_BLOCK_SIZE"), 0, &output_block_size);
@@ -202,6 +209,14 @@
       if (strchr ("-!(),", argv[i][0]) == NULL)
 	usage (_("paths must precede expression"));
       predicate_name = argv[i];
+#ifdef WITH_SELINUX
+      if (! is_selinux_enabled_flag) {
+	if ((strncmp(predicate_name,"-context",strlen("-context"))==0) ||
+	    (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
+	  error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
+	}
+      }
+#endif
       parse_function = find_parser (predicate_name);
       if (parse_function == NULL)
 	/* Command line option not recognized */
--- findutils-4.1.7/find/parser.c.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/parser.c	2003-10-10 13:06:11.558057991 -0400
@@ -23,6 +23,10 @@
 #include "modetype.h"
 #include "xstrtol.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -113,6 +117,9 @@
 static boolean parse_version PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_xdev PARAMS((char *argv[], int *arg_ptr));
 static boolean parse_xtype PARAMS((char *argv[], int *arg_ptr));
+#ifdef WITH_SELINUX
+static boolean parse_scontext PARAMS((char *argv[], int *arg_ptr));
+#endif /*WITH_SELINUX*/
 
 static boolean insert_regex PARAMS((char *argv[], int *arg_ptr, boolean ignore_case));
 static boolean insert_type PARAMS((char *argv[], int *arg_ptr, boolean (*which_pred )()));
@@ -215,7 +222,11 @@
   {"-version", parse_version},	/* GNU */
   {"xdev", parse_xdev},
   {"xtype", parse_xtype},	/* GNU */
-  {0, 0}
+#ifdef WITH_SELINUX
+  {"context", parse_scontext},       /* SELINUX */
+  {"-context", parse_scontext},       /* SELINUX */
+#endif /*WITH_SELINUX*/
+   {0, 0}
 };
 \f
 /* Return a pointer to the parser function to invoke for predicate
@@ -465,7 +476,10 @@
 {
   dereference = true;
   xstat = stat;
-  no_leaf_check = true;
+#ifdef WITH_SELINUX
+  x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
+   no_leaf_check = true;
   return (true);
 }
 
@@ -570,6 +584,10 @@
       -nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
       -size N[bckw] -true -type [bcdpfls] -uid N -used N -user NAME\n\
       -xtype [bcdpfls]\n"));
+#ifdef WITH_SELINUX
+  puts (_("\
+      -context CONTEXT\n"));
+#endif /*WITH_SELINUX*/
   puts (_("\
 actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\
       -ok COMMAND ; -print -print0 -printf FORMAT -prune -ls\n"));
@@ -1200,6 +1218,32 @@
   return true;
 }
 
+#ifdef WITH_SELINUX
+
+static boolean
+parse_scontext ( argv, arg_ptr )
+     char *argv[];
+     int *arg_ptr;
+{
+  struct predicate *our_pred;
+
+  if ( (argv == NULL) || (argv[*arg_ptr] == NULL) )
+    return( false );
+
+  our_pred = insert_primary(pred_scontext);
+  our_pred->need_stat = false;
+#ifdef DEBUG
+  our_pred->p_name = find_pred_name (pred_scontext);
+#endif /*DEBUG*/
+
+  our_pred->args.scontext = argv[*arg_ptr];;
+
+  (*arg_ptr)++;
+  return( true );
+}
+
+#endif /*WITH_SELINUX*/
+
 static boolean
 parse_xtype (char **argv, int *arg_ptr)
 {
@@ -1358,7 +1402,11 @@
 	  if (*scan2 == '.')
 	    for (scan2++; ISDIGIT (*scan2); scan2++)
 	      /* Do nothing. */ ;
-	  if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2))
+#ifdef WITH_SELINUX
+        if (strchr ("abcdfFgGhHiklmnpPstuUZ", *scan2))
+#else  /* WITH_SELINUX */
+        if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2))
+#endif /* WITH_SELINUX */
 	    {
 	      segmentp = make_segment (segmentp, format, scan2 - format,
 				       (int) *scan2);
--- findutils-4.1.7/find/pred.c.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/pred.c	2003-10-10 13:15:13.752422594 -0400
@@ -27,6 +27,14 @@
 #include "modetype.h"
 #include "wait.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
+#ifndef FNM_CASEFOLD
+#define FNM_CASEFOLD (1<<4)
+#endif  /*FNM_CASEFOLD*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -69,7 +77,6 @@
 
 extern int yesno ();
 
-
 /* Get or fake the disk device blocksize.
    Usually defined by sys/param.h (if at all).  */
 #ifndef DEV_BSIZE
@@ -196,6 +203,9 @@
   {pred_used, "used    "},
   {pred_user, "user    "},
   {pred_xtype, "xtype   "},
+#ifdef WITH_SELINUX
+  {pred_scontext, "context"},
+#endif /*WITH_SELINUX*/
   {0, "none    "}
 };
 
@@ -719,6 +729,26 @@
 	  fprintf (fp, segment->text,
 		   human_readable ((uintmax_t) stat_buf->st_uid, hbuf, 1, 1));
 	  break;
+#ifdef WITH_SELINUX
+      case 'Z':               /* SELinux security context */
+        {
+          security_context_t scontext;
+          int rv;
+          rv = (*x_getfilecon)(rel_pathname, &scontext);
+
+          if ( rv < 0 ) {
+            (void) fprintf(stderr, "getfileconf(%s): %s",
+                           pathname, strerror(errno));
+            (void) fflush(stderr);
+          }
+          else {
+	      segment->text[segment->text_len] = 's';
+	      (void) fprintf (fp, segment->text, scontext);
+	      freecon(scontext);
+          }
+        }
+        break ;
+#endif /* WITH_SELINUX */
 	}
     }
   return (true);
@@ -1220,6 +1250,34 @@
     }
   return (pred_type (pathname, &sbuf, pred_ptr));
 }
+  
+
+#ifdef WITH_SELINUX
+
+boolean
+pred_scontext ( pathname, stat_buf, pred_ptr )
+     char *pathname;
+     struct stat *stat_buf;
+     struct predicate *pred_ptr;
+{
+  int rv;
+  security_context_t scontext;
+
+  rv = (* x_getfilecon)(rel_pathname, &scontext);
+
+  if ( rv < 0 ) {
+    (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
+    (void) fflush(stderr);
+    return ( false );
+  }
+
+  rv= (strcmp( scontext,pred_ptr->args.scontext) == 0 );
+  freecon(scontext);
+  return rv;
+}
+
+#endif /*WITH_SELINUX*/
+
 \f
 /*  1) fork to get a child; parent remembers the child pid
     2) child execs the command requested
--- findutils-4.1.7/find/util.c.selinux	2001-05-20 16:39:37.000000000 -0400
+++ findutils-4.1.7/find/util.c	2003-10-10 13:19:10.869534272 -0400
@@ -65,6 +65,9 @@
   last_pred->no_default_print = false;
   last_pred->need_stat = true;
   last_pred->args.str = NULL;
+#ifdef WITH_SELINUX
+  last_pred->args.scontext = NULL;
+#endif
   last_pred->pred_next = NULL;
   last_pred->pred_left = NULL;
   last_pred->pred_right = NULL;
--- findutils-4.1.20/po/pl.po.orig	Wed Jan 28 15:12:55 2004
+++ findutils-4.1.20/po/pl.po	Wed Jan 28 15:37:07 2004
@@ -216,6 +216,11 @@
 msgid "paths must precede expression"
Commit	Line	Data
32939b0c JB	1	--- findutils-4.1.20/find/Makefile.am.orig Mon May 26 20:02:34 2003
	2	+++ findutils-4.1.20/find/Makefile.am Wed Jan 28 15:15:13 2004
	3	@@ -3,8 +3,9 @@
	4	bin_PROGRAMS = find
	5	find_SOURCES = find.c fstype.c parser.c pred.c tree.c util.c version.c
	6	EXTRA_DIST = defs.h $(man_MANS)
	7	+DEFS = @DEFS@ -I. -I$(srcdir) -I.. -DWITH_SELINUX
	8	INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
	9	-LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@
	10	+LDADD = ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ -lselinux
	11	man_MANS = find.1
	12	SUBDIRS = testsuite
	13
	14	--- findutils-4.1.7/find/defs.h.selinux 2001-05-20 16:39:37.000000000 -0400
	15	+++ findutils-4.1.7/find/defs.h 2003-10-10 13:06:11.451070520 -0400
	16	@@ -118,6 +118,10 @@
	17	#define MODE_RWX (S_IXUSR \| S_IXGRP \| S_IXOTH \| MODE_RW)
	18	#define MODE_ALL (S_ISUID \| S_ISGID \| S_ISVTX \| MODE_RWX)
	19
	20	+#ifdef WITH_SELINUX
	21	+#include <selinux/selinux.h>
	22	+#endif /WITH_SELINUX/
	23	+
	24	/* Not char because of type promotion; NeXT gcc can't handle it. */
	25	typedef int boolean;
	26	#define true 1
	27	@@ -265,6 +269,9 @@
	28	struct perm_val perm; /* perm */
	29	mode_t type; /* type */
	30	FILE stream; / fprint fprint0 */
	31	+#ifdef WITH_SELINUX
	32	+ security_context_t scontext; /* scontext */
	33	+#endif /WITH_SELINUX/
	34	struct format_val printf_vec; /* printf fprintf */
	35	} args;
	36
	37	@@ -310,6 +317,11 @@
	38	VOID *xmalloc PARAMS((size_t n));
	39	VOID xrealloc PARAMS((VOID p, size_t n));
	40
	41	+#ifdef WITH_SELINUX
	42	+boolean pred_scontext PARAMS((char pathname, struct stat stat_buf, struct predicate *pred_ptr));
	43	+extern int (*x_getfilecon) ();
	44	+#endif /WITH_SELINUX/
	45	+
	46	/* xstrdup.c */
	47	char xstrdup PARAMS((char string));
	48
	49	--- findutils-4.1.7/find/find.1.selinux 2003-10-10 13:06:11.334084221 -0400
	50	+++ findutils-4.1.7/find/find.1 2003-10-10 13:06:11.555058342 -0400
	51	@@ -230,6 +230,9 @@
	52	file of type \fIc\fR; if \-follow has been given, true if \fIc\fR is
	53	`l'. In other words, for symbolic links, \-xtype checks the type of
	54	the file that \-type does not check.
	55	+.IP "\-context \fIscontext\fR"
	56	+.IP "\--context \fIscontext\fR"
	57	+(SELinux only) File has the security context \fIscontext\fR.
	58	.SS ACTIONS
	59	.IP "\-exec \fIcommand\fR ;"
	60	Execute \fIcommand\fR; true if 0 status is returned. All following
	61	@@ -419,6 +422,8 @@
	62	File's user name, or numeric user ID if the user has no name.
	63	.IP %U
	64	File's numeric user ID.
65	+.IP %Z
66	+(SELinux only) file's security context.
67	.PP
68	A `%' character followed by any other character is discarded (but the
69	other character is printed).
70	--- findutils-4.1.7/find/find.c.selinux 2001-05-20 16:39:37.000000000 -0400
71	+++ findutils-4.1.7/find/find.c 2003-10-10 13:06:11.556058225 -0400
72	@@ -135,6 +135,9 @@
73
74	/* Pointer to the function used to stat files. */
75	int (*xstat) ();
76	+#ifdef WITH_SELINUX
77	+int (*x_getfilecon) ();
78	+#endif /* WITH_SELINUX */
79
80	/* Status value to return to system. */
81	int exit_status;
82	@@ -181,6 +184,10 @@
83	xstat = debug_stat;
84	#else /* !DEBUG_STAT */
85	xstat = lstat;
86	+#ifdef WITH_SELINUX
5b673d38	87	+ int is_selinux_enabled_flag = (is_selinux_enabled() > 0);
32939b0c JB	88	+ x_getfilecon = lgetfilecon;
	89	+#endif /* WITH_SELINUX */
	90	#endif /* !DEBUG_STAT */
	91
	92	human_block_size (getenv ("FIND_BLOCK_SIZE"), 0, &output_block_size);
	93	@@ -202,6 +209,14 @@
	94	if (strchr ("-!(),", argv[i][0]) == NULL)
	95	usage (_("paths must precede expression"));
	96	predicate_name = argv[i];
	97	+#ifdef WITH_SELINUX
	98	+ if (! is_selinux_enabled_flag) {
	99	+ if ((strncmp(predicate_name,"-context",strlen("-context"))==0) \|\|
	100	+ (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
	101	+ error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
	102	+ }
	103	+ }
	104	+#endif
	105	parse_function = find_parser (predicate_name);
	106	if (parse_function == NULL)
	107	/* Command line option not recognized */
	108	--- findutils-4.1.7/find/parser.c.selinux 2001-05-20 16:39:37.000000000 -0400
	109	+++ findutils-4.1.7/find/parser.c 2003-10-10 13:06:11.558057991 -0400
	110	@@ -23,6 +23,10 @@
	111	#include "modetype.h"
	112	#include "xstrtol.h"
	113
	114	+#ifdef WITH_SELINUX
	115	+#include <selinux/selinux.h>
	116	+#endif /WITH_SELINUX/
	117	+
	118	#if ENABLE_NLS
	119	# include <libintl.h>
	120	# define _(Text) gettext (Text)
	121	@@ -113,6 +117,9 @@
	122	static boolean parse_version PARAMS((char argv[], int arg_ptr));
	123	static boolean parse_xdev PARAMS((char argv[], int arg_ptr));
	124	static boolean parse_xtype PARAMS((char argv[], int arg_ptr));
	125	+#ifdef WITH_SELINUX
	126	+static boolean parse_scontext PARAMS((char argv[], int arg_ptr));
	127	+#endif /WITH_SELINUX/
	128
	129	static boolean insert_regex PARAMS((char argv[], int arg_ptr, boolean ignore_case));
	130	static boolean insert_type PARAMS((char argv[], int arg_ptr, boolean (*which_pred )()));
	131	@@ -215,7 +222,11 @@
	132	{"-version", parse_version}, /* GNU */
	133	{"xdev", parse_xdev},
	134	{"xtype", parse_xtype}, /* GNU */
	135	- {0, 0}
	136	+#ifdef WITH_SELINUX
	137	+ {"context", parse_scontext}, /* SELINUX */
	138	+ {"-context", parse_scontext}, /* SELINUX */
	139	+#endif /WITH_SELINUX/
	140	+ {0, 0}
	141	};
	142	\f
	143	/* Return a pointer to the parser function to invoke for predicate
	144	@@ -465,7 +476,10 @@
	145	{
	146	dereference = true;
	147	xstat = stat;
	148	- no_leaf_check = true;
	149	+#ifdef WITH_SELINUX
	150	+ x_getfilecon = getfilecon;
	151	+#endif /* WITH_SELINUX */
152	+ no_leaf_check = true;
153	return (true);
154	}
155
156	@@ -570,6 +584,10 @@
157	-nouser -nogroup -path PATTERN -perm [+-]MODE -regex PATTERN\n\
158	-size N[bckw] -true -type [bcdpfls] -uid N -used N -user NAME\n\
159	-xtype [bcdpfls]\n"));
160	+#ifdef WITH_SELINUX
161	+ puts (_("\
162	+ -context CONTEXT\n"));
163	+#endif /WITH_SELINUX/
164	puts (_("\
165	actions: -exec COMMAND ; -fprint FILE -fprint0 FILE -fprintf FILE FORMAT\n\
166	-ok COMMAND ; -print -print0 -printf FORMAT -prune -ls\n"));
167	@@ -1200,6 +1218,32 @@
168	return true;
169	}
170
171	+#ifdef WITH_SELINUX
172	+
173	+static boolean
174	+parse_scontext ( argv, arg_ptr )
175	+ char *argv[];
176	+ int *arg_ptr;
177	+{
178	+ struct predicate *our_pred;
179	+
180	+ if ( (argv == NULL) \|\| (argv[*arg_ptr] == NULL) )
181	+ return( false );
182	+
183	+ our_pred = insert_primary(pred_scontext);
184	+ our_pred->need_stat = false;
185	+#ifdef DEBUG
186	+ our_pred->p_name = find_pred_name (pred_scontext);
187	+#endif /DEBUG/
188	+
189	+ our_pred->args.scontext = argv[*arg_ptr];;
190	+
191	+ (*arg_ptr)++;
192	+ return( true );
193	+}
194	+
195	+#endif /WITH_SELINUX/
196	+
197	static boolean
198	parse_xtype (char *argv, int arg_ptr)
199	{
200	@@ -1358,7 +1402,11 @@
201	if (*scan2 == '.')
202	for (scan2++; ISDIGIT (*scan2); scan2++)
203	/* Do nothing. */ ;
204	- if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2))
205	+#ifdef WITH_SELINUX
206	+ if (strchr ("abcdfFgGhHiklmnpPstuUZ", *scan2))
207	+#else /* WITH_SELINUX */
208	+ if (strchr ("abcdfFgGhHiklmnpPstuU", *scan2))
209	+#endif /* WITH_SELINUX */
210	{
211	segmentp = make_segment (segmentp, format, scan2 - format,
212	(int) *scan2);
213	--- findutils-4.1.7/find/pred.c.selinux 2001-05-20 16:39:37.000000000 -0400
214	+++ findutils-4.1.7/find/pred.c 2003-10-10 13:15:13.752422594 -0400
215	@@ -27,6 +27,14 @@
216	#include "modetype.h"
217	#include "wait.h"
218
219	+#ifdef WITH_SELINUX
220	+#include <selinux/selinux.h>
221	+#endif /WITH_SELINUX/
222	+
223	+#ifndef FNM_CASEFOLD
224	+#define FNM_CASEFOLD (1<<4)
225	+#endif /FNM_CASEFOLD/
226	+
227	#if ENABLE_NLS
228	# include <libintl.h>
229	# define _(Text) gettext (Text)
230	@@ -69,7 +77,6 @@
231
232	extern int yesno ();
233
234	-
235	/* Get or fake the disk device blocksize.
236	Usually defined by sys/param.h (if at all). */
237	#ifndef DEV_BSIZE
238	@@ -196,6 +203,9 @@
239	{pred_used, "used "},
240	{pred_user, "user "},
241	{pred_xtype, "xtype "},
242	+#ifdef WITH_SELINUX
243	+ {pred_scontext, "context"},
244	+#endif /WITH_SELINUX/
245	{0, "none "}
246	};
247
248	@@ -719,6 +729,26 @@
249	fprintf (fp, segment->text,
250	human_readable ((uintmax_t) stat_buf->st_uid, hbuf, 1, 1));
251	break;
252	+#ifdef WITH_SELINUX
253	+ case 'Z': /* SELinux security context */
254	+ {
255	+ security_context_t scontext;
256	+ int rv;
257	+ rv = (*x_getfilecon)(rel_pathname, &scontext);
258	+
259	+ if ( rv < 0 ) {
260	+ (void) fprintf(stderr, "getfileconf(%s): %s",
261	+ pathname, strerror(errno));
262	+ (void) fflush(stderr);
263	+ }
264	+ else {
265	+ segment->text[segment->text_len] = 's';
266	+ (void) fprintf (fp, segment->text, scontext);
267	+ freecon(scontext);
268	+ }
269	+ }
270	+ break ;
271	+#endif /* WITH_SELINUX */
272	}
273	}
274	return (true);
275	@@ -1220,6 +1250,34 @@
276	}
277	return (pred_type (pathname, &sbuf, pred_ptr));
278	}
279	+
280	+
281	+#ifdef WITH_SELINUX
282	+
283	+boolean
284	+pred_scontext ( pathname, stat_buf, pred_ptr )
285	+ char *pathname;
286	+ struct stat *stat_buf;
287	+ struct predicate *pred_ptr;
288	+{
289	+ int rv;
290	+ security_context_t scontext;
291	+
292	+ rv = (* x_getfilecon)(rel_pathname, &scontext);
293	+
294	+ if ( rv < 0 ) {
295	+ (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
296	+ (void) fflush(stderr);
297	+ return ( false );
298	+ }
299	+
300	+ rv= (strcmp( scontext,pred_ptr->args.scontext) == 0 );
301	+ freecon(scontext);
302	+ return rv;
303	+}
304	+
305	+#endif /WITH_SELINUX/
306	+
307	\f
308	/* 1) fork to get a child; parent remembers the child pid
309	2) child execs the command requested
310	--- findutils-4.1.7/find/util.c.selinux 2001-05-20 16:39:37.000000000 -0400
311	+++ findutils-4.1.7/find/util.c 2003-10-10 13:19:10.869534272 -0400
312	@@ -65,6 +65,9 @@
313	last_pred->no_default_print = false;
314	last_pred->need_stat = true;
315	last_pred->args.str = NULL;
316	+#ifdef WITH_SELINUX
317	+ last_pred->args.scontext = NULL;
318	+#endif
319	last_pred->pred_next = NULL;
320	last_pred->pred_left = NULL;
321	last_pred->pred_right = NULL;
322	--- findutils-4.1.20/po/pl.po.orig Wed Jan 28 15:12:55 2004
323	+++ findutils-4.1.20/po/pl.po Wed Jan 28 15:37:07 2004
324	@@ -216,6 +216,11 @@
325	msgid "paths must precede expression"
326