1 diff -Nur coreutils-6.4/README coreutils-6.4.selinux/README
2 --- coreutils-6.4/README 2006-10-22 16:54:15.000000000 +0000
3 +++ coreutils-6.4.selinux/README 2006-10-31 23:39:34.000000000 +0000
6 The programs that can be built with this package are:
8 - [ base64 basename cat chgrp chmod chown chroot cksum comm cp csplit cut date
9 + [ base64 basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date
10 dd df dir dircolors dirname du echo env expand expr factor false fmt fold
11 ginstall groups head hostid hostname id join kill link ln logname ls
12 md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
13 - printenv printf ptx pwd readlink rm rmdir seq sha1sum sha224sum sha256sum
14 + printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum sha224sum sha256sum
15 sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac
16 tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime
17 users vdir wc who whoami yes
18 diff -Nur coreutils-6.4/configure.ac coreutils-6.4.selinux/configure.ac
19 --- coreutils-6.4/configure.ac 2006-10-31 23:38:15.000000000 +0000
20 +++ coreutils-6.4.selinux/configure.ac 2006-10-31 23:39:34.000000000 +0000
25 +dnl Give the chance to enable SELINUX
26 +AC_ARG_ENABLE(selinux, dnl
27 +[ --enable-selinux Enable use of the SELinux libraries],
28 +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELinux])
29 +LIB_SELINUX="-lselinux"
30 +AC_SUBST(LIB_SELINUX)])
35 diff -Nur coreutils-6.4/lib/config.hin coreutils-6.4.selinux/lib/config.hin
36 --- coreutils-6.4/lib/config.hin 2006-10-22 20:36:23.000000000 +0000
37 +++ coreutils-6.4.selinux/lib/config.hin 2006-10-31 23:39:34.000000000 +0000
42 +/* Define if you want to use SELINUX */
45 /* Define to 1 if your processor stores words with the most significant byte
46 first (like Motorola and SPARC, unlike Intel and VAX). */
47 #undef WORDS_BIGENDIAN
48 --- coreutils-6.5/man/Makefile.am.orig 2006-11-22 10:47:32.569505000 +0100
49 +++ coreutils-6.5/man/Makefile.am 2006-11-22 10:48:11.669505000 +0100
51 shred.1 shuf.1 sleep.1 sort.1 split.1 stat.1 \
52 su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
53 tty.1 unexpand.1 uniq.1 unlink.1 vdir.1 wc.1 \
54 - whoami.1 yes.1 $(MAN)
55 + whoami.1 yes.1 chcon.1 runcon.1 $(MAN)
57 chroot.1 hostid.1 nice.1 pinky.1 stty.1 uname.1 uptime.1 users.1 who.1
60 who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
61 whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
62 yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
63 +chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
64 +runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
68 diff -Nur coreutils-6.4/man/chcon.1 coreutils-6.4.selinux/man/chcon.1
69 --- coreutils-6.4/man/chcon.1 1970-01-01 00:00:00.000000000 +0000
70 +++ coreutils-6.4.selinux/man/chcon.1 2006-10-31 23:39:34.000000000 +0000
72 +.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
74 +chcon \- change security context
77 +[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
80 +[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
83 +." Add any additional description here
85 +Change the security context of each FILE to CONTEXT.
87 +\fB\-c\fR, \fB\-\-changes\fR
88 +like verbose but report only when a change is made
90 +\fB\-h\fR, \fB\-\-no\-dereference\fR
91 +affect symbolic links instead of any referenced file (available only on systems with lchown system call)
93 +\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
94 +suppress most error messages
96 +\fB\-l\fR, \fB\-\-range\fR
97 +set range RANGE in the target security context
99 +\fB\-\-reference\fR=\fIRFILE\fR
100 +use RFILE's context instead of using a CONTEXT value
102 +\fB\-R\fR, \fB\-\-recursive\fR
103 +change files and directories recursively
105 +\fB\-r\fR, \fB\-\-role\fR
106 +set role ROLE in the target security context
108 +\fB\-t\fR, \fB\-\-type\fR
109 +set type TYPE in the target security context
111 +\fB\-u\fR, \fB\-\-user\fR
112 +set user USER in the target security context
114 +\fB\-v\fR, \fB\-\-verbose\fR
115 +output a diagnostic for every file processed
118 +display this help and exit
121 +output version information and exit
122 +.SH "REPORTING BUGS"
123 +Report bugs to <email@host.com>.
125 +The full documentation for
127 +is maintained as a Texinfo manual. If the
131 +programs are properly installed at your site, the command
135 +should give you access to the complete manual.
136 diff -Nur coreutils-6.4/man/chcon.x coreutils-6.4.selinux/man/chcon.x
137 --- coreutils-6.4/man/chcon.x 1970-01-01 00:00:00.000000000 +0000
138 +++ coreutils-6.4.selinux/man/chcon.x 2006-10-31 23:39:34.000000000 +0000
141 +chcon \- change file security context
143 +.\" Add any additional description here
144 diff -Nur coreutils-6.4/man/cp.1 coreutils-6.4.selinux/man/cp.1
145 --- coreutils-6.4/man/cp.1 2006-10-22 19:56:33.000000000 +0000
146 +++ coreutils-6.4.selinux/man/cp.1 2006-10-31 23:39:34.000000000 +0000
149 \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
150 preserve the specified attributes (default:
151 -mode,ownership,timestamps), if possible
152 +mode,ownership,timestamps) and security contexts, if possible
153 additional attributes: links, all
155 \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
158 display this help and exit
160 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
161 +set security context of copy to CONTEXT
164 output version information and exit
166 diff -Nur coreutils-6.4/man/dir.1 coreutils-6.4.selinux/man/dir.1
167 --- coreutils-6.4/man/dir.1 2006-10-22 19:56:34.000000000 +0000
168 +++ coreutils-6.4.selinux/man/dir.1 2006-10-31 23:39:34.000000000 +0000
172 list one file per line
177 +Display security context. Enable \fB\-l\fR. Lines
178 +will probably be too wide for most displays.
181 +Display security context so it fits on most
182 +displays. Displays only mode, user, group,
183 +security context and file name.
186 +Display only security context and file name.
189 display this help and exit
190 diff -Nur coreutils-6.4/man/id.1 coreutils-6.4.selinux/man/id.1
191 --- coreutils-6.4/man/id.1 2006-10-22 19:56:35.000000000 +0000
192 +++ coreutils-6.4.selinux/man/id.1 2006-10-31 23:39:34.000000000 +0000
195 ignore, for compatibility with other versions
197 +\fB\-Z\fR, \fB\-\-context\fR
198 +print only the security context
200 \fB\-g\fR, \fB\-\-group\fR
201 print only the effective group ID
203 diff -Nur coreutils-6.4/man/install.1 coreutils-6.4.selinux/man/install.1
204 --- coreutils-6.4/man/install.1 2006-10-22 19:56:35.000000000 +0000
205 +++ coreutils-6.4.selinux/man/install.1 2006-10-31 23:39:34.000000000 +0000
208 \fB\-v\fR, \fB\-\-verbose\fR
209 print the name of each directory as it is created
211 +\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
213 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
214 +(SELinux) Set security context of files and directories
217 display this help and exit
218 diff -Nur coreutils-6.4/man/ls.1 coreutils-6.4.selinux/man/ls.1
219 --- coreutils-6.4/man/ls.1 2006-10-22 19:56:35.000000000 +0000
220 +++ coreutils-6.4.selinux/man/ls.1 2006-10-31 23:39:34.000000000 +0000
224 list one file per line
229 +Display security context. Enable \fB\-l\fR. Lines
230 +will probably be too wide for most displays.
232 +\fB\-Z\fR, \fB\-\-context\fR
233 +Display security context so it fits on most
234 +displays. Displays only mode, user, group,
235 +security context and file name.
238 +Display only security context and file name.
241 display this help and exit
242 diff -Nur coreutils-6.4/man/mkdir.1 coreutils-6.4.selinux/man/mkdir.1
243 --- coreutils-6.4/man/mkdir.1 2006-10-22 19:56:35.000000000 +0000
244 +++ coreutils-6.4.selinux/man/mkdir.1 2006-10-31 23:39:34.000000000 +0000
247 Mandatory arguments to long options are mandatory for short options too.
249 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
251 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
252 set file mode (as in chmod), not a=rwx \- umask
254 diff -Nur coreutils-6.4/man/mkfifo.1 coreutils-6.4.selinux/man/mkfifo.1
255 --- coreutils-6.4/man/mkfifo.1 2006-10-22 19:56:35.000000000 +0000
256 +++ coreutils-6.4.selinux/man/mkfifo.1 2006-10-31 23:39:34.000000000 +0000
259 Mandatory arguments to long options are mandatory for short options too.
261 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
262 +set security context (quoted string)
264 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
265 set file permission bits to MODE, not a=rw \- umask
267 diff -Nur coreutils-6.4/man/mknod.1 coreutils-6.4.selinux/man/mknod.1
268 --- coreutils-6.4/man/mknod.1 2006-10-22 19:56:35.000000000 +0000
269 +++ coreutils-6.4.selinux/man/mknod.1 2006-10-31 23:39:34.000000000 +0000
272 Mandatory arguments to long options are mandatory for short options too.
274 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
275 +set security context (quoted string)
277 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
278 set file permission bits to MODE, not a=rw \- umask
280 diff -Nur coreutils-6.4/man/runcon.1 coreutils-6.4.selinux/man/runcon.1
281 --- coreutils-6.4/man/runcon.1 1970-01-01 00:00:00.000000000 +0000
282 +++ coreutils-6.4.selinux/man/runcon.1 2006-10-31 23:39:34.000000000 +0000
284 +.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux"
286 +runcon \- run command with specified security context
289 +[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
294 +\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
299 +.\" Add any additional description here
301 +Run COMMAND with current security context modified by one or more of LEVEL,
302 +ROLE, TYPE, and USER, or with completely-specified CONTEXT.
305 +change current type to the specified type
308 +change current level range to the specified range
311 +change current role to the specified role
314 +change current user to the specified user
316 +If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
317 +the first argument is used as the complete context. Any additional
318 +arguments after \fICOMMAND\fR are interpreted as arguments to the
321 +Note that only carefully-chosen contexts are likely to successfully
323 diff -Nur coreutils-6.4/man/runcon.x coreutils-6.4.selinux/man/runcon.x
324 --- coreutils-6.4/man/runcon.x 1970-01-01 00:00:00.000000000 +0000
325 +++ coreutils-6.4.selinux/man/runcon.x 2006-10-31 23:39:34.000000000 +0000
328 +.\" Add any additional description here
329 diff -Nur coreutils-6.4/man/stat.1 coreutils-6.4.selinux/man/stat.1
330 --- coreutils-6.4/man/stat.1 2006-10-22 19:56:37.000000000 +0000
331 +++ coreutils-6.4.selinux/man/stat.1 2006-10-31 23:39:34.000000000 +0000
333 \fB\-t\fR, \fB\-\-terse\fR
334 print the information in terse form
336 +\fB\-Z\fR, \fB\-\-context\fR
337 +print security context information for SELinux if available.
340 display this help and exit
344 Device number in decimal
347 +SELinux security context
352 diff -Nur coreutils-6.4/man/vdir.1 coreutils-6.4.selinux/man/vdir.1
353 --- coreutils-6.4/man/vdir.1 2006-10-22 19:56:39.000000000 +0000
354 +++ coreutils-6.4.selinux/man/vdir.1 2006-10-31 23:39:34.000000000 +0000
358 list one file per line
363 +Display security context. Enable \fB\-l\fR. Lines
364 +will probably be too wide for most displays.
367 +Display security context so it fits on most
368 +displays. Displays only mode, user, group,
369 +security context and file name.
372 +Display only security context and file name.
375 display this help and exit
376 diff -Nur coreutils-6.4/po/POTFILES.in coreutils-6.4.selinux/po/POTFILES.in
377 --- coreutils-6.4/po/POTFILES.in 2006-10-31 23:38:15.000000000 +0000
378 +++ coreutils-6.4.selinux/po/POTFILES.in 2006-10-31 23:39:34.000000000 +0000
395 --- coreutils-6.7/po/pl.po.orig 2006-12-09 20:03:10.686071942 +0100
396 +++ coreutils-6.7/po/pl.po 2006-12-09 20:06:54.942851606 +0100
398 msgid "%s: input file is output file"
399 msgstr "%s: plik wej¶ciowy jest plikiem wyj¶ciowym"
403 +msgid "context of %s changed to %s\n"
404 +msgstr "kontekst %s zmieniony na %s\n"
408 +msgid "failed to change context of %s to %s\n"
409 +msgstr "nie mo¿na zmieniæ kontekstu %s na %s\n"
413 +msgid "context of %s retained as %s\n"
414 +msgstr "kontekst %s zachowany jako %s\n"
418 +msgid "can't apply partial context to unlabeled file %s"
419 +msgstr "nie mo¿na zastosowaæ czê¶ciowego kontekstu na nieoznakowanym pliku %s"
423 +msgid "couldn't compute security context from %s"
424 +msgstr "nie mo¿na obliczyæ kontekstu bezpieczeñstwa z %s"
428 +msgid "invalid context: %s"
429 +msgstr "b³êdny kontekst: %s"
433 +msgid "failed to change context of %s to %s"
434 +msgstr "nie mo¿na zmieniæ kontekstu %s na %s"
437 +msgid "virtual memory exhausted"
438 +msgstr "pamiêæ wirtualna wyczerpana"
443 +"Usage: %s [OPTION]... CONTEXT FILE...\n"
444 +" or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n"
445 +" or: %s [OPTION]... --reference=RFILE FILE...\n"
447 +"Sk³adnia: %s [OPCJA]... KONTEKST PLIK...\n"
448 +" albo: %s [OPCJA]... [-u U¯YTKOWNIK] [-r ROLA] [-l ZAKRES] [-t TYP] PLIK...\n"
449 +" albo: %s [OPCJA]... --reference=PLIK_WZ PLIK...\n"
454 +"Change the security context of each FILE to CONTEXT.\n"
456 +" -c, --changes like verbose but report only when a change is made\n"
457 +" -h, --no-dereference affect symbolic links instead of any referenced file\n"
458 +" (available only on systems with lchown system call)\n"
459 +" -f, --silent, --quiet suppress most error messages\n"
460 +" --reference=RFILE use RFILE's group instead of using a CONTEXT value\n"
461 +" -u, --user=USER set user USER in the target security context\n"
462 +" -r, --role=ROLE set role ROLE in the target security context\n"
463 +" -t, --type=TYPE set type TYPE in the target security context\n"
464 +" -l, --range=RANGE set range RANGE in the target security context\n"
465 +" -R, --recursive change files and directories recursively\n"
466 +" -v, --verbose output a diagnostic for every file processed\n"
467 +" --help display this help and exit\n"
468 +" --version output version information and exit\n"
470 +"Zmiana kontekstu bezpieczeñstwa ka¿dego PLIKU na KONTEKST.\n"
472 +" -c, --changes jak verbose, ale raportowanie tylko wykonanych zmian\n"
473 +" -h, --no-dereference zmiana dowi±zañ symbolicznych zamiast wskazywanych\n"
474 +" plików (dostêpne tylko na systemach z lchown)\n"
475 +" -f, --silent, --quiet pominiêcie wiêkszo¶ci komunikatów o b³êdach\n"
476 +" --reference=PLIK u¿ycie grupy PLIKU zamiast warto¶ci KONTEKSTU\n"
477 +" -u, --user=U¯YTKOWNIK ustawienie U¯YTKOWNIK w kontek¶cie bezpieczeñstwa\n"
478 +" -r, --role=ROLA ustawienie ROLI w kontek¶cie bezpieczeñstwa\n"
479 +" -t, --type=TYP ustawienie TYPU w kontek¶cie bezpieczeñstwa\n"
480 +" -l, --range=ZAKRES ustawienie ZAKRESU w kontek¶cie bezpieczeñstwa\n"
481 +" -R, --recursive zmiana plików i katalogów rekursywnie\n"
482 +" -v, --verbose wypisywanie diagnostyki dla ka¿dego pliku\n"
483 +" --help wy¶wietlenie tego opisu i zakoñczenie\n"
484 +" --version wy¶wietlenie informacji o wersji i zakoñczenie\n"
487 +msgid "conflicting security context specifiers given"
488 +msgstr "konflikt miêdzy podanymi okre¶leniami kontekstu bezpieczeñstwa"
490 #: src/chgrp.c:95 src/install.c:612
492 msgid "invalid group %s"
493 @@ -1540,6 +1629,21 @@
494 "nie uda³o siê przeniesienie miêdzy urz±dzeniami: %s do %s; nie uda³o siê "
495 "usunaæ pliku docelowego"
499 +msgid "cannot set setfscreatecon %s"
500 +msgstr "nie mo¿na ustawiæ setfscreatecon %s"
504 +msgid "warning: security context not preserved %s"
505 +msgstr "uwaga: nie zachowano kontekstu bezpieczeñstwa %s"
509 +msgid "cannot lgetfilecon %s"
510 +msgstr "nie mo¿na wykonaæ lgetfilecon %s"
514 msgid "cannot copy cyclic symbolic link %s"
515 @@ -1688,6 +1792,10 @@
516 " atrybutów: links (dowi±zania), all "
520 +msgid " -c same as --preserve=context\n"
521 +msgstr " -c to samo co --preserve=context\n"
525 " --no-preserve=ATTR_LIST don't preserve the specified attributes\n"
526 @@ -1740,12 +1848,13 @@
527 " destination file is missing\n"
528 " -v, --verbose explain what is being done\n"
529 " -x, --one-file-system stay on this file system\n"
530 +" -Z, --context=CONTEXT set security context of copy to CONTEXT\n"
532 " -u, --update kopiowanie tylko plików, dla których ¬RÓD£O\n"
533 " jest nowsze ni¿ CEL albo brakuje CELU\n"
534 " -v, --verbose wyja¶nianie co siê dzieje\n"
535 " -x, --one-file-system pozostanie w jednym systemie plików\n"
537 +" -Z, --context=KONTEKST ustawienie KONTEKSTU bezpieczeñstwa kopii\n"
541 @@ -1874,6 +1983,26 @@
542 msgid "multiple target directories specified"
543 msgstr "podano wiele katalogów docelowych"
547 +msgid "%s: cannot force target context <-- %s and preserve it\n"
548 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu <-- %s i zachowaæ go\n"
552 +msgid "Warning: ignoring --context (-Z). It requires a SELinux enabled kernel.\n"
553 +msgstr "Uwaga: zignorowano --context (-Z). Ta opcja wymaga j±dra z obs³ug± SELinuksa.\n"
555 +#: src/cp.c:1031 src/install.c:369
557 +msgid "%s: cannot force target context to '%s' and preserve it\n"
558 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu na '%s' i zachowaæ go\n"
562 +msgid "cannot set default security context %s"
563 +msgstr "nie mo¿na ustawiæ domy¶lnego kontekstu bezpieczeñstwa %s"
567 msgid "cannot make both hard and symbolic links"
568 @@ -3880,6 +4009,7 @@
569 "Print information for USERNAME, or the current user.\n"
571 " -a ignore, for compatibility with other versions\n"
572 +" -Z, --context print only the context\n"
573 " -g, --group print only the effective group ID\n"
574 " -G, --groups print all group IDs\n"
575 " -n, --name print a name instead of a number, for -ugG\n"
576 @@ -3890,6 +4020,7 @@
578 " -a ignorowane, dla zachowania kompatybilno¶ci z innymi "
580 +" -Z, --context wy¶wietlenie tylko kontekstu\n"
581 " -g, --group wy¶wietlenie tylko efektywnego identyfikatora grupy\n"
582 " -G, --groups wy¶wietlenie pe³nej listy grup\n"
583 " -n, --name wy¶wietlenie nazw zamiast numerów, dla -ugG\n"
584 @@ -3906,10 +4037,26 @@
585 "Bez ¿adnych OPCJI wy¶wietla zestaw u¿ytecznych informacji, które uda³o siê\n"
589 +#: src/id.c:165 src/mkdir.c:136 src/mkfifo.c:124 src/mknod.c:135
591 -msgid "cannot print only user and only group"
592 -msgstr "nie mo¿na wypisaæ tylko u¿ytkownika i tylko grupê równocze¶nie"
593 +msgid "Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n"
594 +msgstr "Niestety --context (-Z) mo¿na u¿ywaæ tylko na j±drze z obs³ug± SELinuksa.\n"
598 +"cannot display context when SELinux not enabled or when displaying the id\n"
599 +"of a different user"
601 +"nie mo¿na wy¶wietliæ kontekstu kiedy SELinux nie jest w³±czony lub przy\n"
602 +"wy¶wietlaniu identyfikatora innego u¿ytkownika"
605 +msgid "can't get process context"
606 +msgstr "nie mo¿na uzyskaæ kontekstu procesu"
609 +msgid "cannot print \"only\" of more than one choice"
610 +msgstr "nie mo¿na wypisaæ \"tylko czego¶\" dla wiêcej ni¿ jednej rzeczy"
614 @@ -3941,6 +4088,31 @@
621 +msgstr " kontekst=%s"
623 +#: src/install.c:365
625 +msgid "Warning: ignoring --preserve_context (-P) because the kernel is not SELinux-enabled.\n"
626 +msgstr "Uwaga: zignorowano --preserve_context (-P), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
628 +#: src/install.c:377
630 +msgid "Warning: ignoring --context (-Z) because the kernel is not SELinux-enabled.\n"
631 +msgstr "Uwaga: zignorowano --context (-Z), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
633 +#: src/install.c:382
635 +msgid "%s: cannot force target context == '%s' and preserve it\n"
636 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu '%s' i zachowaæ go\n"
638 +#: src/install.c:387
640 +msgid "%s: cannot setup default context == '%s'\n"
641 +msgstr "%s: nie mo¿na ustawiæ domy¶lnego kontekstu '%s'\n"
645 msgid "the strip option may not be used when installing a directory"
646 @@ -4079,6 +4251,14 @@
647 " -T, --no-target-directory traktowanie CELU jak zwyk³ego pliku\n"
648 " -v, --verbose wypisanie nazwy ka¿dego tworzonego katalogu\n"
650 +#: src/install.c:773
652 +" -P, --preserve_context (SELinux) Preserve security context\n"
653 +" -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n"
655 +" -P, --preserve_context (SELinux) zachowanie kontekstu bezpieczeñstwa\n"
656 +" -Z, --context=KONTEKST (SELinux) ustawienie kontekstu plików i katalogów\n"
658 #: src/install.c:693 src/ln.c:365 src/mv.c:318
661 @@ -4468,6 +4648,11 @@
662 msgid "no login name"
663 msgstr "brak nazwy u¿ytkownika"
667 +msgid "Sorry, this option can only be used on a SELinux-enabled kernel.\n"
668 +msgstr "Niestety tej opcji mo¿na u¿yæ tylko na j±drze z obs³ug± SELinuksa.\n"
673 @@ -4841,6 +5026,34 @@
674 " -X sortowanie alfabetyczne wg rozszerzeñ\n"
675 " -1 listowanie po jednym pliku w linii\n"
681 +"SELinux options:\n"
683 +" --lcontext Display security context. Enable -l. Lines\n"
684 +" will probably be too wide for most displays.\n"
685 +" -Z, --context Display security context so it fits on most\n"
686 +" displays. Displays only mode, user, group,\n"
687 +" security context and file name.\n"
688 +" --scontext Display only security context and file name.\n"
693 +"Opcje dla SELinuksa:\n"
695 +" --lcontext wy¶wietlanie kontekstu bezpieczeñstwa; w³±cza -l,\n"
696 +" linie mog± byæ zbyt d³ugie dla wielu terminali\n"
697 +" --context wy¶wietlanie kontekstu tak, ¿eby zmie¶ci³ siê na\n"
698 +" wiêkszo¶ci terminali; wy¶wietlane s± tylko\n"
699 +" uprawnienia, w³a¶ciciel, grupa, kontekst\n"
700 +" bezpieczeñstwa i nazwa pliku\n"
701 +" --scontext wy¶wietlanie tylko kontekstu i nazwy pliku\n"
708 @@ -5043,6 +5256,11 @@
709 "Utworzenie KATALOGU/ÓW, je¿eli jeszcze nie istniej±.\n"
714 +msgid " -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n"
715 +msgstr " -Z, --context=KONTEKST (SELinux) ustawienie KONTEKSTU bezpieczeñstwa\n"
719 " -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask\n"
720 @@ -5059,6 +5277,11 @@
721 msgid "created directory %s"
722 msgstr "utworzony katalog %s"
724 +#: src/mkdir.c:170 src/mkfifo.c:128 src/mknod.c:139
726 +msgid "Sorry, cannot set default context to %s.\n"
727 +msgstr "Niestety nie mo¿na ustawiæ domy¶lnego kontekstu na %s.\n"
731 msgid "Usage: %s [OPTION] NAME...\n"
732 @@ -5072,6 +5295,11 @@
733 "Tworzenie nazwanych potoków (pipes, FIFOs) o podanych NAZWACH.\n"
736 +#: src/mkfifo.c:68 src/mknod.c:69
738 +msgid " -Z, --context=CONTEXT set security context (quoted string)\n"
739 +msgstr " -Z, --context=KONTEKST ustawienie kontekstu bezpieczeñstwa (³añcuch cytowany)\n"
741 #: src/mkfifo.c:62 src/mknod.c:64
743 " -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n"
744 @@ -6808,6 +7036,72 @@
745 " -v, --verbose informacja diagnostyczna o ka¿dym przetworzonym\n"
751 +"Usage: %s [OPTION]... command [args]\n"
752 +"Run a program in a different security context.\n"
754 +" context Complete security context\n"
755 +" -t type (for same role as parent)\n"
756 +" -u user identity\n"
759 +" --help display this help and exit\n"
761 +"Sk³adnia: %s [OPCJA]... polecenie [argumenty]\n"
762 +"Uruchomienie programu w innym kontek¶cie bezpieczeñstwa.\n"
764 +" kontekst pe³ny kontekst bezpieczeñstwa\n"
765 +" -t typ (dla tej samej roli jako rodzica)\n"
766 +" -u identyfikator u¿ytkownika\n"
768 +" -l zakres poziomów\n"
769 +" --help wy¶wietlenie tego opisu i zakoñczenie\n"
773 +msgid "multiple roles\n"
774 +msgstr "wiele ról\n"
778 +msgid "multiple types\n"
779 +msgstr "wiele typów\n"
783 +msgid "multiple users\n"
784 +msgstr "wielu u¿ytkowników\n"
788 +msgid "multiple levelranges\n"
789 +msgstr "wiele zakresów poziomów\n"
793 +msgid "unrecognised option %c\n"
794 +msgstr "nierozpoznana opcja %c\n"
797 +msgid "must specify -t, -u, -l, -r, or context"
798 +msgstr "trzeba podaæ -t, -u, -l, -r albo kontekst"
801 +msgid "no command found"
802 +msgstr "nie znaleziono polecenia"
804 +#: src/runcon.c:137 src/runcon.c:145
806 +msgid "%s is not a valid context\n"
807 +msgstr "%s nie jest poprawnym kontekstem\n"
811 +msgid "unable to setup security context %s\n"
812 +msgstr "nie mo¿na ustawiæ kontekstu bezpieczeñstwa %s\n"
817 @@ -7689,6 +7983,7 @@
818 " --printf=FORMAT like --format, but interpret backslash escapes,\n"
819 " and do not output a mandatory trailing newline.\n"
820 " If you want a newline, include \\n in FORMAT.\n"
821 +" -Z, --context print the security context\n"
822 " -t, --terse print the information in terse form\n"
824 " -c --format=FORMAT u¿ycie podanego FORMATU zamiast domy¶lnego; po\n"
825 @@ -7699,6 +7994,7 @@
826 " uko¶nikiem odwrotnym i bez wypisywania znaku "
828 " linii. ¯eby go wypisaæ u¿yj \\n w FORMACIE.\n"
829 +" -Z, --context wypisywanie kontekstu bezpieczeñstwa\n"
830 " -t, --terse wypisywanie informacji w skróconej formie\n"
833 @@ -7786,6 +8082,7 @@
834 " %c Total file nodes in file system\n"
835 " %d Free file nodes in file system\n"
836 " %f Free blocks in file system\n"
837 +" %C Security context in SELinux\n"
839 "Prawid³owe specyfikacje formatu dla systemów plików:\n"
841 @@ -7794,6 +8091,7 @@
842 " %c ca³kowita liczba i-wêz³ów w systemie plików\n"
843 " %d liczba wolnych i-wêz³ów w systemie plików\n"
844 " %f liczba wolnych bloków w systemie plików\n"
845 +" %C kontekst bezpieczeñstwa w SELinuksie\n"
849 @@ -7813,6 +8111,10 @@
850 " %t typ szesnastkowo\n"
851 " %T typ w formie czytelnej dla cz³owieka\n"
854 +msgid "Kernel is not SELinux enabled"
855 +msgstr "J±dro nie ma obs³ugi SELinuksa"
860 diff -Nur coreutils-6.4/src/Makefile.am coreutils-6.4.selinux/src/Makefile.am
861 --- coreutils-6.4/src/Makefile.am 2006-10-31 23:38:15.000000000 +0000
862 +++ coreutils-6.4.selinux/src/Makefile.am 2006-10-31 23:39:34.000000000 +0000
864 EXTRA_PROGRAMS = chroot df hostid nice pinky stty su uname uptime users who
867 -bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
868 +bin_PROGRAMS = [ chgrp chown chmod chcon cp dd dircolors du \
869 ginstall link ln dir vdir ls mkdir \
870 mkfifo mknod mv nohup readlink rm rmdir shred stat sync touch unlink \
871 cat cksum comm csplit cut expand fmt fold head join md5sum \
872 nl od paste pr ptx sha1sum sha224sum sha256sum sha384sum sha512sum \
873 shuf sort split sum tac tail tr tsort unexpand uniq wc \
874 basename date dirname echo env expr factor false getgid \
875 - hostname id kill logname pathchk printenv printf pwd seq sleep tee \
876 + hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
877 test true tty whoami yes \
879 $(OPTIONAL_BIN_PROGS) $(DF_PROG)
881 mv_LDADD += $(LIB_ACL)
882 ginstall_LDADD += $(LIB_ACL)
884 +dir_LDADD += @LIB_SELINUX@
885 +ls_LDADD += @LIB_SELINUX@
886 +vdir_LDADD += @LIB_SELINUX@
887 +cp_LDADD += @LIB_SELINUX@
888 +ginstall_LDADD += @LIB_SELINUX@
889 +mv_LDADD += @LIB_SELINUX@
890 +chcon_LDADD = $(LDADD) @LIB_SELINUX@
891 +id_LDADD = $(LDADD) @LIB_SELINUX@
892 +mkdir_LDADD = $(LDADD) @LIB_SELINUX@
893 +mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
894 +mknod_LDADD = $(LDADD) @LIB_SELINUX@
895 +stat_LDADD = $(LDADD) @LIB_SELINUX@
896 +runcon_LDADD = $(LDADD) @LIB_SELINUX@
898 $(PROGRAMS): ../lib/libcoreutils.a
901 diff -Nur coreutils-6.4/src/chcon.c coreutils-6.4.selinux/src/chcon.c
902 --- coreutils-6.4/src/chcon.c 1970-01-01 00:00:00.000000000 +0000
903 +++ coreutils-6.4.selinux/src/chcon.c 2006-10-31 23:39:34.000000000 +0000
905 +/* chcontext -- change security context of a pathname */
909 +#include <sys/types.h>
912 +#include <selinux/selinux.h>
913 +#include <selinux/context.h>
917 +#include "savedir.h"
918 +#include "group-member.h"
924 + CH_NO_CHANGE_REQUESTED
929 + /* Print a message for each file that is processed. */
932 + /* Print a message for each file whose attributes we change. */
935 + /* Do not be verbose. This is the default. */
939 +static int change_dir_context (const char *dir, const struct stat *statp);
941 +/* The name the program was run with. */
944 +/* If nonzero, and the systems has support for it, change the context
945 + of symbolic links rather than any files they point to. */
946 +static int change_symlinks;
948 +/* If nonzero, change the context of directories recursively. */
951 +/* If nonzero, force silence (no error messages). */
952 +static int force_silent;
954 +/* Level of verbosity. */
955 +static enum Verbosity verbosity = V_off;
957 +/* The name of the context file is being given. */
958 +static const char *specified_context;
960 +/* Specific components of the context */
961 +static const char *specified_user;
962 +static const char *specified_role;
963 +static const char *specified_range;
964 +static const char *specified_type;
966 +/* The argument to the --reference option. Use the context of this file.
967 + This file must exist. */
968 +static char *reference_file;
970 +/* If nonzero, display usage information and exit. */
971 +static int show_help;
973 +/* If nonzero, print the version on standard output and exit. */
974 +static int show_version;
976 +static struct option const long_options[] =
978 + {"recursive", no_argument, 0, 'R'},
979 + {"changes", no_argument, 0, 'c'},
980 + {"no-dereference", no_argument, 0, 'h'},
981 + {"silent", no_argument, 0, 'f'},
982 + {"quiet", no_argument, 0, 'f'},
983 + {"reference", required_argument, 0, CHAR_MAX + 1},
984 + {"context", required_argument, 0, CHAR_MAX + 2},
985 + {"user", required_argument, 0, 'u'},
986 + {"role", required_argument, 0, 'r'},
987 + {"type", required_argument, 0, 't'},
988 + {"range", required_argument, 0, 'l'},
989 + {"verbose", no_argument, 0, 'v'},
990 + {"help", no_argument, &show_help, 1},
991 + {"version", no_argument, &show_version, 1},
995 +/* Tell the user how/if the context of FILE has been changed.
996 + CHANGED describes what (if anything) has happened. */
999 +describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
1004 + case CH_SUCCEEDED:
1005 + fmt = _("context of %s changed to %s\n");
1008 + fmt = _("failed to change context of %s to %s\n");
1010 + case CH_NO_CHANGE_REQUESTED:
1011 + fmt = _("context of %s retained as %s\n");
1016 + printf (fmt, file, newcontext);
1020 +compute_context_from_mask (security_context_t context, context_t *ret)
1022 + context_t newcontext = context_new (context);
1025 +#define SETCOMPONENT(comp) \
1027 + if (specified_ ## comp) \
1028 + if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
1032 + SETCOMPONENT(user);
1033 + SETCOMPONENT(range);
1034 + SETCOMPONENT(role);
1035 + SETCOMPONENT(type);
1036 +#undef SETCOMPONENT
1038 + *ret = newcontext;
1041 + context_free (newcontext);
1045 +/* Change the context of FILE, using specified components.
1046 + If it is a directory and -R is given, recurse.
1047 + Return 0 if successful, 1 if errors occurred. */
1050 +change_file_context (const char *file)
1052 + struct stat file_stats;
1053 + security_context_t file_context=NULL;
1054 + context_t context;
1055 + security_context_t context_string;
1059 + if (change_symlinks)
1060 + status = lgetfilecon(file, &file_context);
1062 + status = getfilecon(file, &file_context);
1064 + if ((status < 0) && (errno != ENODATA))
1066 + if (force_silent == 0)
1067 + error (0, errno, "%s", file);
1071 + /* If the file doesn't have a context, and we're not setting all of
1072 + the context components, there isn't really an obvious default.
1073 + Thus, we just give up. */
1074 + if (file_context == NULL && specified_context == NULL)
1076 + error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
1080 + if (specified_context == NULL)
1082 + if (compute_context_from_mask (file_context, &context))
1084 + error (0, 0, _("couldn't compute security context from %s"), file_context);
1090 + context = context_new (specified_context);
1092 + error (1, 0,_("invalid context: %s"),specified_context);
1095 + context_string = context_str (context);
1097 + if (file_context == NULL || strcmp(context_string,file_context)!=0)
1101 + if (change_symlinks)
1102 + fail = lsetfilecon (file, context_string);
1104 + fail = setfilecon (file, context_string);
1106 + if (verbosity == V_high || (verbosity == V_changes_only && !fail))
1107 + describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
1112 + if (force_silent == 0)
1114 + error (0, errno, _("failed to change context of %s to %s"), file, context_string);
1118 + else if (verbosity == V_high)
1120 + describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
1123 + context_free(context);
1124 + freecon(file_context);
1127 + if (lstat(file, &file_stats)==0)
1128 + if (S_ISDIR (file_stats.st_mode) &&
1129 + (strcmp(file,"..") !=0) &&
1130 + (strcmp(file,".") !=0))
1131 + errors |= change_dir_context (file, &file_stats);
1136 +/* Recursively change context of the files in directory DIR
1137 + using specified context components.
1138 + STATP points to the results of lstat on DIR.
1139 + Return 0 if successful, 1 if errors occurred. */
1142 +change_dir_context (const char *dir, const struct stat *statp)
1144 + char *name_space, *namep;
1145 + char *path; /* Full path of each entry to process. */
1146 + unsigned dirlength; /* Length of `dir' and '\0'. */
1147 + unsigned filelength; /* Length of each pathname to process. */
1148 + unsigned pathlength; /* Bytes allocated for `path'. */
1152 + name_space = savedir (dir);
1153 + if (name_space == NULL)
1157 + if (force_silent == 0)
1158 + error (0, errno, "%s", dir);
1162 + error (1, 0, _("virtual memory exhausted"));
1165 + dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
1166 + pathlength = dirlength + 1;
1167 + /* Give `path' a dummy value; it will be reallocated before first use. */
1168 + path = xmalloc (pathlength);
1169 + strcpy (path, dir);
1170 + path[dirlength - 1] = '/';
1172 + for (namep = name_space; *namep; namep += filelength - dirlength)
1174 + filelength = dirlength + strlen (namep) + 1;
1175 + if (filelength > pathlength)
1177 + pathlength = filelength * 2;
1178 + path = xrealloc (path, pathlength);
1180 + strcpy (path + dirlength, namep);
1181 + errors |= change_file_context (path);
1184 + free (name_space);
1192 + fprintf (stderr, _("Try `%s --help' for more information.\n"),
1197 +Usage: %s [OPTION]... CONTEXT FILE...\n\
1198 + or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
1199 + or: %s [OPTION]... --reference=RFILE FILE...\n\
1201 + program_name, program_name, program_name);
1203 +Change the security context of each FILE to CONTEXT.\n\
1205 + -c, --changes like verbose but report only when a change is made\n\
1206 + -h, --no-dereference affect symbolic links instead of any referenced file\n\
1207 + (available only on systems with lchown system call)\n\
1208 + -f, --silent, --quiet suppress most error messages\n\
1209 + --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
1210 + -u, --user=USER set user USER in the target security context\n\
1211 + -r, --role=ROLE set role ROLE in the target security context\n\
1212 + -t, --type=TYPE set type TYPE in the target security context\n\
1213 + -l, --range=RANGE set range RANGE in the target security context\n\
1214 + -R, --recursive change files and directories recursively\n\
1215 + -v, --verbose output a diagnostic for every file processed\n\
1216 + --help display this help and exit\n\
1217 + --version output version information and exit\n\
1225 +main (int argc, char **argv)
1227 + security_context_t ref_context = NULL;
1230 + int component_specified = 0;
1232 + program_name = argv[0];
1233 + setlocale (LC_ALL, "");
1234 + bindtextdomain (PACKAGE, LOCALEDIR);
1235 + textdomain (PACKAGE);
1237 + recurse = force_silent = 0;
1239 + while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
1246 + specified_user = optarg;
1247 + component_specified = 1;
1250 + specified_role = optarg;
1251 + component_specified = 1;
1254 + specified_type = optarg;
1255 + component_specified = 1;
1258 + specified_range = optarg;
1259 + component_specified = 1;
1261 + case CHAR_MAX + 1:
1262 + reference_file = optarg;
1268 + verbosity = V_changes_only;
1274 + change_symlinks = 1;
1277 + verbosity = V_high;
1286 + printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
1295 + if (reference_file && component_specified)
1297 + error (0, 0, _("conflicting security context specifiers given"));
1301 + if (!(((reference_file || component_specified)
1302 + && (argc - optind > 0))
1303 + || (argc - optind > 1)))
1305 + error (0, 0, _("too few arguments"));
1309 + if (reference_file)
1311 + if (getfilecon (reference_file, &ref_context)<0)
1312 + error (1, errno, "%s", reference_file);
1314 + specified_context = ref_context;
1316 + else if (!component_specified) {
1317 + specified_context = argv[optind++];
1319 + for (; optind < argc; ++optind)
1320 + errors |= change_file_context (argv[optind]);
1322 + if (verbosity != V_off)
1324 + if (ref_context != NULL)
1325 + freecon(ref_context);
1328 diff -Nur coreutils-6.4/src/copy.c coreutils-6.4.selinux/src/copy.c
1329 --- coreutils-6.4/src/copy.c 2006-10-22 16:54:15.000000000 +0000
1330 +++ coreutils-6.4.selinux/src/copy.c 2006-10-31 23:39:34.000000000 +0000
1332 #include "xreadlink.h"
1335 +#ifdef WITH_SELINUX
1336 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1337 +extern int selinux_enabled;
1341 # define HAVE_FCHOWN false
1342 # define fchown(fd, uid, gid) (-1)
1343 @@ -1473,6 +1478,34 @@
1344 In such cases, set this variable to zero. */
1345 preserve_metadata = true;
1347 +#ifdef WITH_SELINUX
1348 + if (x->preserve_security_context && selinux_enabled)
1350 + security_context_t con;
1352 + if (lgetfilecon (src_name, &con) >= 0)
1354 + if (setfscreatecon(con) < 0)
1356 + error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
1357 + if (x->require_preserve) {
1365 + if ( errno == ENOTSUP ) {
1366 + error (0, errno, _("warning: security context not preserved %s"), quote (src_name));
1368 + error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
1375 if (S_ISDIR (src_mode))
1377 struct dir_list *dir;
1378 @@ -1544,8 +1577,14 @@
1381 /* Are we crossing a file system boundary? */
1382 - if (x->one_file_system && device != 0 && device != src_sb.st_dev)
1385 + if (x->one_file_system && device != 0 && device != src_sb.st_dev) {
1386 +#ifdef WITH_SELINUX
1387 + if (x->preserve_security_context && selinux_enabled)
1388 + setfscreatecon(NULL);
1393 /* Copy the contents of the directory. */
1395 @@ -1689,6 +1728,11 @@
1399 +#ifdef WITH_SELINUX
1400 + if (x->preserve_security_context && selinux_enabled)
1401 + setfscreatecon(NULL);
1404 /* There's no need to preserve timestamps or permissions. */
1405 preserve_metadata = false;
1407 @@ -1789,6 +1833,11 @@
1411 +#ifdef WITH_SELINUX
1412 + if (x->preserve_security_context && selinux_enabled)
1413 + setfscreatecon(NULL);
1416 /* We have failed to create the destination file.
1417 If we've just added a dev/ino entry via the remember_copied
1418 call above (i.e., unless we've just failed to create a hard link),
1419 diff -Nur coreutils-6.4/src/copy.h coreutils-6.4.selinux/src/copy.h
1420 --- coreutils-6.4/src/copy.h 2006-10-22 16:54:15.000000000 +0000
1421 +++ coreutils-6.4.selinux/src/copy.h 2006-10-31 23:39:34.000000000 +0000
1424 bool preserve_timestamps;
1426 +#ifdef WITH_SELINUX
1427 + bool preserve_security_context;
1429 /* Enabled for mv, and for cp by the --preserve=links option.
1430 If true, attempt to preserve in the destination files any
1431 logical hard links between the source files. If used with cp's
1432 diff -Nur coreutils-6.4/src/cp.c coreutils-6.4.selinux/src/cp.c
1433 --- coreutils-6.4/src/cp.c 2006-10-22 16:54:15.000000000 +0000
1434 +++ coreutils-6.4.selinux/src/cp.c 2006-10-31 23:39:34.000000000 +0000
1437 #define AUTHORS "Torbjorn Granlund", "David MacKenzie", "Jim Meyering"
1439 +#ifdef WITH_SELINUX
1440 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1441 +int selinux_enabled=0;
1444 /* Used by do_copy, make_dir_parents_private, and re_protect
1445 to keep a list of leading directories whose protections
1446 need to be fixed after copying. */
1448 {"target-directory", required_argument, NULL, 't'},
1449 {"update", no_argument, NULL, 'u'},
1450 {"verbose", no_argument, NULL, 'v'},
1451 +#ifdef WITH_SELINUX
1452 + {"context", required_argument, NULL, 'Z'},
1454 {GETOPT_HELP_OPTION_DECL},
1455 {GETOPT_VERSION_OPTION_DECL},
1458 additional attributes: links, all\n\
1461 + -c same as --preserve=context\n\
1464 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
1465 --parents use full source file name under DIRECTORY\n\
1468 destination file is missing\n\
1469 -v, --verbose explain what is being done\n\
1470 -x, --one-file-system stay on this file system\n\
1471 + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
1473 fputs (HELP_OPTION_DESCRIPTION, stdout);
1474 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1475 @@ -729,6 +741,10 @@
1476 x->preserve_mode = false;
1477 x->preserve_timestamps = false;
1479 +#ifdef WITH_SELINUX
1480 + x->preserve_security_context = false;
1483 x->require_preserve = false;
1484 x->recursive = false;
1485 x->sparse_mode = SPARSE_AUTO;
1486 @@ -756,18 +772,19 @@
1487 PRESERVE_TIMESTAMPS,
1493 static enum File_attribute const preserve_vals[] =
1495 PRESERVE_MODE, PRESERVE_TIMESTAMPS,
1496 - PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
1497 + PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
1499 /* Valid arguments to the `--preserve' option. */
1500 static char const* const preserve_args[] =
1502 "mode", "timestamps",
1503 - "ownership", "links", "all", NULL
1504 + "ownership", "links", "context", "all", NULL
1506 ARGMATCH_VERIFY (preserve_args, preserve_vals);
1508 @@ -803,11 +820,16 @@
1509 x->preserve_links = on_off;
1512 + case PRESERVE_CONTEXT:
1513 + x->preserve_security_context = on_off;
1517 x->preserve_mode = on_off;
1518 x->preserve_timestamps = on_off;
1519 x->preserve_ownership = on_off;
1520 x->preserve_links = on_off;
1521 + x->preserve_security_context = on_off;
1525 @@ -832,6 +854,10 @@
1526 bool copy_contents = false;
1527 char *target_directory = NULL;
1528 bool no_target_directory = false;
1529 +#ifdef WITH_SELINUX
1530 + security_context_t scontext = NULL;
1531 + selinux_enabled= (is_selinux_enabled()>0);
1534 initialize_main (&argc, &argv);
1535 program_name = argv[0];
1536 @@ -847,7 +873,13 @@
1537 we'll actually use backup_suffix_string. */
1538 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1540 - while ((c = getopt_long (argc, argv, "abdfHilLprst:uvxPRS:T",
1542 + while ((c = getopt_long (argc, argv,
1543 +#ifdef WITH_SELINUX
1544 + "abcdfHilLprst:uvxPRS:TZ:",
1546 + "abdfHilLprst:uvxPRS:T",
1551 @@ -938,6 +970,35 @@
1555 +#ifdef WITH_SELINUX
1557 + if ( scontext != NULL ) {
1558 + (void) fprintf(stderr, _("%s: cannot force target context <-- %s and preserve it\n"), argv[0], scontext);
1561 + else if (selinux_enabled)
1562 + x.preserve_security_context = true;
1566 + /* politely decline if we're not on a selinux-enabled kernel. */
1567 + if( !selinux_enabled ) {
1568 + fprintf( stderr, _("Warning: ignoring --context (-Z). It requires a SELinux enabled kernel.\n") );
1571 + if ( x.preserve_security_context ) {
1572 + (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], optarg);
1575 + scontext = optarg;
1576 + /* if there's a security_context given set new path
1577 + components to that context, too */
1578 + if ( setfscreatecon(scontext) < 0 ) {
1579 + (void) fprintf(stderr, _("cannot set default security context %s"), scontext);
1585 case REPLY_OPTION: /* Deprecated */
1586 x.interactive = XARGMATCH ("--reply", optarg,
1587 diff -Nur coreutils-6.4/src/id.c coreutils-6.4.selinux/src/id.c
1588 --- coreutils-6.4/src/id.c 2006-10-22 16:54:15.000000000 +0000
1589 +++ coreutils-6.4.selinux/src/id.c 2006-10-31 23:39:34.000000000 +0000
1594 +#ifdef WITH_SELINUX
1595 +#include <selinux/selinux.h>
1596 +static void print_context (char* context);
1597 +/* Print the SELinux context */
1599 +print_context(char *context)
1601 + printf ("%s", context);
1604 +/* If nonzero, output only the SELinux context. -Z */
1605 +static int just_context = 0;
1608 static void print_user (uid_t uid);
1609 static void print_group (gid_t gid);
1610 static void print_group_list (const char *username);
1612 /* True unless errors have been encountered. */
1613 static bool ok = true;
1615 +/* The SELinux context */
1616 +/* Set `context' to a known invalid value so print_full_info() will *
1617 + * know when `context' has not been set to a meaningful value. */
1618 +static security_context_t context=NULL;
1620 static struct option const longopts[] =
1622 + {"context", no_argument, NULL, 'Z'},
1623 {"group", no_argument, NULL, 'g'},
1624 {"groups", no_argument, NULL, 'G'},
1625 {"name", no_argument, NULL, 'n'},
1627 Print information for USERNAME, or the current user.\n\
1629 -a ignore, for compatibility with other versions\n\
1630 + -Z, --context print only the context\n\
1631 -g, --group print only the effective group ID\n\
1632 -G, --groups print all group IDs\n\
1633 -n, --name print a name instead of a number, for -ugG\n\
1635 main (int argc, char **argv)
1638 + int selinux_enabled=(is_selinux_enabled()>0);
1640 /* If true, output the list of all group IDs. -G */
1641 bool just_group_list = false;
1642 @@ -119,13 +141,23 @@
1644 atexit (close_stdout);
1646 - while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
1647 + while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
1652 /* Ignore -a, for compatibility with SVR4. */
1654 +#ifdef WITH_SELINUX
1656 + /* politely decline if we're not on a selinux-enabled kernel. */
1657 + if( !selinux_enabled ) {
1658 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
1667 @@ -148,8 +180,28 @@
1671 - if (just_user + just_group + just_group_list > 1)
1672 - error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
1673 +#ifdef WITH_SELINUX
1674 + if (argc - optind == 1)
1675 + selinux_enabled = 0;
1677 + if( just_context && !selinux_enabled)
1679 +cannot display context when SELinux not enabled or when displaying the id\n\
1680 +of a different user"));
1682 + /* If we are on a selinux-enabled kernel, get our context. *
1683 + * Otherwise, leave the context variable alone - it has *
1684 + * been initialized known invalid value; if we see this invalid *
1685 + * value later, we will know we are on a non-selinux kernel. */
1686 + if( selinux_enabled )
1688 + if (getcon(&context))
1689 + error (1, 0, _("can't get process context"));
1693 + if (just_user + just_group + just_group_list + just_context > 1)
1694 + error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
1696 if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
1697 error (EXIT_FAILURE, 0,
1698 @@ -183,6 +235,10 @@
1699 print_group (use_real ? rgid : egid);
1700 else if (just_group_list)
1701 print_group_list (argv[optind]);
1702 +#ifdef WITH_SELINUX
1703 + else if (just_context)
1704 + print_context (context);
1707 print_full_info (argv[optind]);
1712 #endif /* HAVE_GETGROUPS */
1713 +#ifdef WITH_SELINUX
1714 + if ( context != NULL ) {
1715 + printf(_(" context=%s"),context);
1719 diff -Nur coreutils-6.4/src/install.c coreutils-6.4.selinux/src/install.c
1720 --- coreutils-6.4/src/install.c 2006-10-31 23:38:15.000000000 +0000
1721 +++ coreutils-6.4.selinux/src/install.c 2006-10-31 23:39:34.000000000 +0000
1723 # include <sys/wait.h>
1726 +#ifdef WITH_SELINUX
1727 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1728 +int selinux_enabled=0;
1732 # define endgrent() ((void) 0)
1734 @@ -128,12 +133,18 @@
1735 static struct option const long_options[] =
1737 {"backup", optional_argument, NULL, 'b'},
1738 +#ifdef WITH_SELINUX
1739 + {"context", required_argument, NULL, 'Z'},
1741 {"directory", no_argument, NULL, 'd'},
1742 {"group", required_argument, NULL, 'g'},
1743 {"mode", required_argument, NULL, 'm'},
1744 {"no-target-directory", no_argument, NULL, 'T'},
1745 {"owner", required_argument, NULL, 'o'},
1746 {"preserve-timestamps", no_argument, NULL, 'p'},
1747 +#ifdef WITH_SELINUX
1748 + {"preserve_context", no_argument, NULL, 'P'},
1750 {"strip", no_argument, NULL, 's'},
1751 {"suffix", required_argument, NULL, 'S'},
1752 {"target-directory", required_argument, NULL, 't'},
1757 +#ifdef WITH_SELINUX
1758 + x->preserve_security_context = false;
1760 x->dest_info = NULL;
1763 @@ -302,6 +316,11 @@
1764 bool no_target_directory = false;
1767 +#ifdef WITH_SELINUX
1768 + security_context_t scontext = NULL;
1769 + /* set iff kernel has extra selinux system calls */
1770 + selinux_enabled = (is_selinux_enabled()>0);
1773 initialize_main (&argc, &argv);
1774 program_name = argv[0];
1775 @@ -323,8 +342,13 @@
1776 we'll actually use backup_suffix_string. */
1777 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1779 - while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:", long_options,
1781 + while ((optc = getopt_long (argc, argv,
1782 +#ifdef WITH_SELINUX
1783 + "bcCsDdg:m:o:pPt:TvS:Z:",
1785 + "bcCsDdg:m:o:pt:TvS:",
1787 + long_options, NULL)) != -1)
1791 @@ -388,6 +412,37 @@
1793 no_target_directory = true;
1795 +#ifdef WITH_SELINUX
1797 + /* politely decline if we're not on a selinux-enabled kernel. */
1798 + if( !selinux_enabled ) {
1799 + fprintf( stderr, _("Warning: ignoring --preserve_context (-P) because the kernel is not SELinux-enabled.\n") );
1802 + if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
1803 + (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], scontext);
1806 + x.preserve_security_context = true;
1809 + /* politely decline if we're not on a selinux-enabled kernel. */
1810 + if( !selinux_enabled) {
1811 + fprintf( stderr, _("Warning: ignoring --context (-Z) because the kernel is not SELinux-enabled.\n") );
1814 + if ( x.preserve_security_context ) {
1816 + (void) fprintf(stderr, _("%s: cannot force target context == '%s' and preserve it\n"), argv[0], optarg);
1819 + scontext = optarg;
1820 + if (setfscreatecon(scontext)) {
1821 + (void) fprintf(stderr, _("%s: cannot setup default context == '%s'\n"), argv[0], scontext);
1826 case_GETOPT_HELP_CHAR;
1827 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1829 @@ -781,6 +836,11 @@
1830 -T, --no-target-directory treat DEST as a normal file\n\
1831 -v, --verbose print the name of each directory as it is created\n\
1834 + -P, --preserve_context (SELinux) Preserve security context\n\
1835 + -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
1838 fputs (HELP_OPTION_DESCRIPTION, stdout);
1839 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1841 diff -Nur coreutils-6.4/src/ls.c coreutils-6.4.selinux/src/ls.c
1842 --- coreutils-6.4/src/ls.c 2006-10-22 16:54:15.000000000 +0000
1843 +++ coreutils-6.4.selinux/src/ls.c 2006-10-31 23:39:34.000000000 +0000
1844 @@ -110,6 +110,17 @@
1846 #define AUTHORS "Richard Stallman", "David MacKenzie"
1848 +#ifdef WITH_SELINUX
1849 +#include <selinux/selinux.h>
1850 +int selinux_enabled= 0;
1851 +static int print_scontext = 0;
1852 +#define check_selinux() if (!selinux_enabled) { \
1853 + fprintf( stderr, _("Sorry, this option can only be used on a SELinux-enabled kernel.\n") ); \
1854 + exit( EXIT_FAILURE ); \
1859 #define obstack_chunk_alloc malloc
1860 #define obstack_chunk_free free
1862 @@ -175,6 +186,10 @@
1863 /* For long listings, true if the file has an access control list. */
1867 +#ifdef WITH_SELINUX
1868 + security_context_t scontext;
1874 static void sort_files (void);
1875 static void parse_ls_color (void);
1876 void usage (int status);
1877 +#ifdef WITH_SELINUX
1878 +static void print_scontext_format (const struct fileinfo *f);
1881 /* The name this program was run with. */
1883 @@ -353,7 +371,10 @@
1884 one_per_line, /* -1 */
1885 many_per_line, /* -C */
1886 horizontal, /* -x */
1887 - with_commas /* -m */
1888 +#ifdef WITH_SELINUX
1889 + security_format, /* -Z */
1891 + with_commas /* -m */
1894 static enum format format;
1895 @@ -734,6 +755,11 @@
1896 SHOW_CONTROL_CHARS_OPTION,
1899 +#ifdef WITH_SELINUX
1907 @@ -780,6 +806,11 @@
1908 {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
1909 {"color", optional_argument, NULL, COLOR_OPTION},
1910 {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
1911 +#ifdef WITH_SELINUX
1912 + {"context", no_argument, 0, CONTEXT_OPTION},
1913 + {"lcontext", no_argument, 0, LCONTEXT_OPTION},
1914 + {"scontext", no_argument, 0, SCONTEXT_OPTION},
1916 {"author", no_argument, NULL, AUTHOR_OPTION},
1917 {GETOPT_HELP_OPTION_DECL},
1918 {GETOPT_VERSION_OPTION_DECL},
1919 @@ -789,11 +820,18 @@
1920 static char const *const format_args[] =
1922 "verbose", "long", "commas", "horizontal", "across",
1923 - "vertical", "single-column", NULL
1924 + "vertical", "single-column",
1925 +#ifdef WITH_SELINUX
1930 static enum format const format_types[] =
1932 long_format, long_format, with_commas, horizontal, horizontal,
1933 +#ifdef WITH_SELINUX
1936 many_per_line, one_per_line
1938 ARGMATCH_VERIFY (format_args, format_types);
1939 @@ -1218,6 +1256,9 @@
1941 format_needs_stat = sort_type == sort_time || sort_type == sort_size
1942 || format == long_format
1943 +#ifdef WITH_SELINUX
1944 + || format == security_format || print_scontext
1946 || print_block_size;
1947 format_needs_type = (! format_needs_stat
1949 @@ -1361,6 +1402,11 @@
1950 /* Record whether there is an option specifying sort type. */
1951 bool sort_type_specified = false;
1953 +#ifdef WITH_SELINUX
1954 + /* 1 iff kernel has new selinux system calls */
1955 + selinux_enabled= (is_selinux_enabled()>0);
1958 qmark_funny_chars = false;
1960 /* initialize all switches to default settings */
1961 @@ -1411,6 +1457,9 @@
1962 ignore_mode = IGNORE_DEFAULT;
1963 ignore_patterns = NULL;
1964 hide_patterns = NULL;
1965 +#ifdef WITH_SELINUX
1966 + print_scontext = 0;
1969 /* FIXME: put this in a function. */
1971 @@ -1486,7 +1535,7 @@
1974 while ((c = getopt_long (argc, argv,
1975 - "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
1976 + "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
1977 long_options, NULL)) != -1)
1980 @@ -1609,6 +1658,13 @@
1981 format = horizontal;
1984 +#ifdef WITH_SELINUX
1987 + print_scontext = 1;
1988 + format = security_format;
1992 if (ignore_mode == IGNORE_DEFAULT)
1993 ignore_mode = IGNORE_DOT_AND_DOTDOT;
1994 @@ -1789,6 +1845,25 @@
1996 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1998 +#ifdef WITH_SELINUX
2000 + case CONTEXT_OPTION: /* new security format */
2002 + print_scontext = 1;
2003 + format = security_format;
2005 + case LCONTEXT_OPTION: /* long format plus security context */
2007 + print_scontext = 1;
2008 + format = long_format;
2010 + case SCONTEXT_OPTION: /* short form of new security format */
2012 + print_scontext = 0;
2013 + format = security_format;
2020 @@ -2485,6 +2560,12 @@
2022 free (files[i].name);
2023 free (files[i].linkname);
2024 +#ifdef WITH_SELINUX
2025 + if (files[i].scontext) {
2026 + freecon (files[i].scontext);
2027 + files[i].scontext=NULL;
2033 @@ -2527,6 +2608,9 @@
2034 memset (f, '\0', sizeof *f);
2035 f->stat.st_ino = inode;
2037 +#ifdef WITH_SELINUX
2038 + f->scontext = NULL;
2041 if (command_line_arg
2042 || format_needs_stat
2043 @@ -2582,7 +2666,12 @@
2046 err = stat (absolute_name, &f->stat);
2048 +#ifdef WITH_SELINUX
2050 + if (selinux_enabled && (format == security_format || print_scontext))
2051 + getfilecon(absolute_name, &f->scontext);
2054 if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
2057 @@ -2600,6 +2689,11 @@
2059 default: /* DEREF_NEVER */
2060 err = lstat (absolute_name, &f->stat);
2061 +#ifdef WITH_SELINUX
2063 + if (selinux_enabled && (format == security_format || print_scontext))
2064 + lgetfilecon(absolute_name, &f->scontext);
2069 @@ -3158,6 +3252,16 @@
2070 DIRED_PUTCHAR ('\n');
2074 +#ifdef WITH_SELINUX
2075 + case security_format:
2076 + for (i = 0; i < files_index; i++)
2078 + print_scontext_format (files + i);
2079 + DIRED_PUTCHAR ('\n');
2086 @@ -3412,6 +3516,14 @@
2087 The latter is wrong when nlink_width is zero. */
2090 +#ifdef WITH_SELINUX
2092 + if ( print_scontext ) {
2093 + sprintf (p, "%-32s ", f->scontext);
2100 if (print_owner | print_group | print_author)
2101 @@ -4347,6 +4459,16 @@
2102 -X sort alphabetically by entry extension\n\
2103 -1 list one file per line\n\
2105 +#ifdef WITH_SELINUX
2106 +printf(_("\nSELinux options:\n\n\
2107 + --lcontext Display security context. Enable -l. Lines\n\
2108 + will probably be too wide for most displays.\n\
2109 + -Z, --context Display security context so it fits on most\n\
2110 + displays. Displays only mode, user, group,\n\
2111 + security context and file name.\n\
2112 + --scontext Display only security context and file name.\n\
2115 fputs (HELP_OPTION_DESCRIPTION, stdout);
2116 fputs (VERSION_OPTION_DESCRIPTION, stdout);
2118 @@ -4370,3 +4492,79 @@
2123 +#ifdef WITH_SELINUX
2126 +print_scontext_format (const struct fileinfo *f)
2130 + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
2131 + 1 10-byte mode string,
2132 + 9 spaces, one following each of these fields, and
2133 + 1 trailing NUL byte. */
2135 + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
2136 + char *buf = init_bigbuf;
2137 + size_t bufsize = sizeof (init_bigbuf);
2148 + if ( print_scontext ) { /* zero means terse listing */
2149 + filemodestring (&f->stat, modebuf);
2150 + modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
2151 + modebuf[11] = '\0';
2155 + (void) sprintf (p, "%s ", modebuf);
2158 + /* print standard user and group */
2160 + user_name = (numeric_ids ? NULL : getuser (f->stat.st_uid));
2162 + (void) sprintf (p, "%-8.8s ", user_name);
2164 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid);
2167 + if ( print_group ) {
2168 + group_name = (numeric_ids ? NULL : getgroup (f->stat.st_gid));
2170 + (void) sprintf (p, "%-8.8s ", group_name);
2172 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid);
2177 + (void) sprintf (p, "%-32s ", f->scontext);
2181 + DIRED_FPUTS (buf, stdout, p - buf);
2182 + print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, f->stat_ok, f->filetype, &dired_obstack);
2184 + if (f->filetype == symbolic_link) {
2185 + if (f->linkname) {
2186 + DIRED_FPUTS_LITERAL (" -> ", stdout);
2187 + print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, f->stat_ok, f->filetype, NULL);
2188 + if (indicator_style != none)
2189 + print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
2193 + if (indicator_style != none)
2194 + print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
2198 diff -Nur coreutils-6.4/src/mkdir.c coreutils-6.4.selinux/src/mkdir.c
2199 --- coreutils-6.4/src/mkdir.c 2006-10-22 16:54:15.000000000 +0000
2200 +++ coreutils-6.4.selinux/src/mkdir.c 2006-10-31 23:39:34.000000000 +0000
2203 #define AUTHORS "David MacKenzie"
2205 +#ifdef WITH_SELINUX
2206 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
2209 /* The name this program was run with. */
2212 static struct option const longopts[] =
2214 +#ifdef WITH_SELINUX
2215 + {"context", required_argument, NULL, 'Z'},
2217 {"mode", required_argument, NULL, 'm'},
2218 {"parents", no_argument, NULL, 'p'},
2219 {"verbose", no_argument, NULL, 'v'},
2221 Create the DIRECTORY(ies), if they do not already exist.\n\
2224 +#ifdef WITH_SELINUX
2226 + -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
2230 Mandatory arguments to long options are mandatory for short options too.\n\
2232 @@ -154,7 +166,11 @@
2234 atexit (close_stdout);
2236 +#ifdef WITH_SELINUX
2237 + while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
2239 while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
2244 @@ -167,6 +183,19 @@
2245 case 'v': /* --verbose */
2246 options.created_directory_format = _("created directory %s");
2248 +#ifdef WITH_SELINUX
2250 + /* politely decline if we're not on a selinux-enabled kernel. */
2251 + if( !(is_selinux_enabled()>0)) {
2252 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
2255 + if (setfscreatecon(optarg)) {
2256 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
2261 case_GETOPT_HELP_CHAR;
2262 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
2264 diff -Nur coreutils-6.4/src/mkfifo.c coreutils-6.4.selinux/src/mkfifo.c
2265 --- coreutils-6.4/src/mkfifo.c 2006-10-22 16:54:15.000000000 +0000
2266 +++ coreutils-6.4.selinux/src/mkfifo.c 2006-10-31 23:39:34.000000000 +0000
2269 #define AUTHORS "David MacKenzie"
2271 +#ifdef WITH_SELINUX
2272 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
2275 /* The name this program was run with. */
2278 static struct option const longopts[] =
2280 +#ifdef WITH_SELINUX
2281 + {"context", required_argument, NULL, 'Z'},
2283 {"mode", required_argument, NULL, 'm'},
2284 {GETOPT_HELP_OPTION_DECL},
2285 {GETOPT_VERSION_OPTION_DECL},
2287 Create named pipes (FIFOs) with the given NAMEs.\n\
2290 +#ifdef WITH_SELINUX
2292 + -Z, --context=CONTEXT set security context (quoted string)\n\
2296 Mandatory arguments to long options are mandatory for short options too.\n\
2300 atexit (close_stdout);
2302 - while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
2303 + while ((optc = getopt_long (argc, argv,
2304 +#ifdef WITH_SELINUX
2309 + longopts, NULL)) != -1)
2314 specified_mode = optarg;
2316 +#ifdef WITH_SELINUX
2318 + if( !(is_selinux_enabled()>0)) {
2319 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
2322 + if (setfscreatecon(optarg)) {
2323 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
2328 case_GETOPT_HELP_CHAR;
2329 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
2331 diff -Nur coreutils-6.4/src/mknod.c coreutils-6.4.selinux/src/mknod.c
2332 --- coreutils-6.4/src/mknod.c 2006-10-22 16:54:15.000000000 +0000
2333 +++ coreutils-6.4.selinux/src/mknod.c 2006-10-31 23:39:34.000000000 +0000
2335 /* The name this program was run with. */
2338 +#ifdef WITH_SELINUX
2339 +#include <selinux/selinux.h>
2342 static struct option const longopts[] =
2344 +#ifdef WITH_SELINUX
2345 + {"context", required_argument, NULL, 'Z'},
2347 {"mode", required_argument, NULL, 'm'},
2348 {GETOPT_HELP_OPTION_DECL},
2349 {GETOPT_VERSION_OPTION_DECL},
2351 Create the special file NAME of the given TYPE.\n\
2354 +#ifdef WITH_SELINUX
2356 + -Z, --context=CONTEXT set security context (quoted string)\n\
2360 Mandatory arguments to long options are mandatory for short options too.\n\
2362 @@ -101,13 +113,30 @@
2364 atexit (close_stdout);
2366 +#ifdef WITH_SELINUX
2367 + while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
2369 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
2375 specified_mode = optarg;
2377 +#ifdef WITH_SELINUX
2379 + /* politely decline if we're not on a selinux-enabled kernel. */
2380 + if( !(is_selinux_enabled()>0)) {
2381 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
2384 + if (setfscreatecon(optarg)) {
2385 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
2390 case_GETOPT_HELP_CHAR;
2391 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
2393 diff -Nur coreutils-6.4/src/mv.c coreutils-6.4.selinux/src/mv.c
2394 --- coreutils-6.4/src/mv.c 2006-10-22 16:54:15.000000000 +0000
2395 +++ coreutils-6.4.selinux/src/mv.c 2006-10-31 23:39:34.000000000 +0000
2400 +#ifdef WITH_SELINUX
2401 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
2402 +int selinux_enabled=0;
2405 /* The official name of this program (e.g., no `g' prefix). */
2406 #define PROGRAM_NAME "mv"
2409 x->preserve_links = true;
2410 x->preserve_mode = true;
2411 x->preserve_timestamps = true;
2412 +#ifdef WITH_SELINUX
2413 + x->preserve_security_context = true;
2415 x->require_preserve = false; /* FIXME: maybe make this an option */
2416 x->recursive = true;
2417 x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
2418 @@ -356,6 +364,10 @@
2420 cp_option_init (&x);
2422 +#ifdef WITH_SELINUX
2423 + selinux_enabled= (is_selinux_enabled()>0);
2426 /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
2427 we'll actually use backup_suffix_string. */
2428 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
2429 diff -Nur coreutils-6.4/src/runcon.c coreutils-6.4.selinux/src/runcon.c
2430 --- coreutils-6.4/src/runcon.c 1970-01-01 00:00:00.000000000 +0000
2431 +++ coreutils-6.4.selinux/src/runcon.c 2006-10-31 23:39:34.000000000 +0000
2434 + * runcon [ context |
2435 + * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
2436 + * command [arg1 [arg2 ...] ]
2438 + * attempt to run the specified command with the specified context.
2440 + * -r role : use the current context with the specified role
2441 + * -t type : use the current context with the specified type
2442 + * -u user : use the current context with the specified user
2443 + * -l level : use the current context with the specified level range
2445 + * Contexts are interpreted as follows:
2448 + * components system?
2452 + * 3 Y role:type:range
2453 + * 3 N user:role:type
2454 + * 4 Y user:role:type:range
2458 +#include <config.h>
2459 +#include <unistd.h>
2461 +#include <getopt.h>
2462 +#include <selinux/context.h>
2463 +#include <selinux/selinux.h>
2465 +#include "system.h"
2468 +/* The name the program was run with. */
2469 +char *program_name;
2474 + printf(_("Usage: %s [OPTION]... command [args]\n"
2475 + "Run a program in a different security context.\n\n"
2476 + " context Complete security context\n"
2477 + " -t type (for same role as parent)\n"
2478 + " -u user identity\n"
2480 + " -l levelrange\n"
2481 + " --help display this help and exit\n"),
2487 +main(int argc,char **argv,char **envp )
2493 + char *context = NULL;
2494 + security_context_t cur_context = NULL;
2498 + program_name = argv[0];
2499 + setlocale (LC_ALL, "");
2500 + bindtextdomain (PACKAGE, LOCALEDIR);
2501 + textdomain (PACKAGE);
2505 + int this_option_optind = optind ? optind : 1;
2506 + int option_index = 0;
2507 + static struct option long_options[] = {
2508 + { "role", 1, 0, 'r' },
2509 + { "type", 1, 0, 't' },
2510 + { "user", 1, 0, 'u' },
2511 + { "range", 1, 0, 'l' },
2512 + { "help", 0, 0, '?' },
2515 + c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index);
2522 + fprintf(stderr,_("multiple roles\n"));
2529 + fprintf(stderr,_("multiple types\n"));
2536 + fprintf(stderr,_("multiple users\n"));
2543 + fprintf(stderr,_("multiple levelranges\n"));
2549 + fprintf(stderr,_("unrecognised option %c\n"),c);
2555 + if ( !(user || role || type || range)) {
2556 + if ( optind >= argc ) {
2557 + usage(_("must specify -t, -u, -l, -r, or context"));
2559 + context = argv[optind++];
2562 + if ( optind >= argc ) {
2563 + usage(_("no command found"));
2567 + con = context_new(context);
2569 + fprintf(stderr,_("%s is not a valid context\n"), context);
2574 + getcon(&cur_context);
2575 + con = context_new(cur_context);
2577 + fprintf(stderr,_("%s is not a valid context\n"), context);
2581 + context_user_set(con,user);
2584 + context_type_set(con,type);
2587 + context_range_set(con,range);
2590 + context_role_set(con,role);
2594 + if (setexeccon(context_str(con))!=0) {
2595 + fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
2598 + if (cur_context!=NULL)
2599 + freecon(cur_context);
2601 + if ( execvp(argv[optind],argv+optind) ) {
2605 + return 1; /* can't reach this statement.... */
2607 diff -Nur coreutils-6.4/src/stat.c coreutils-6.4.selinux/src/stat.c
2608 --- coreutils-6.4/src/stat.c 2006-10-22 16:54:15.000000000 +0000
2609 +++ coreutils-6.4.selinux/src/stat.c 2006-10-31 23:39:48.000000000 +0000
2611 # include <fs_info.h>
2614 +#ifdef WITH_SELINUX
2615 +#include <selinux/selinux.h>
2616 +#define SECURITY_ID_T security_context_t
2618 +#define SECURITY_ID_T char *
2625 {"dereference", no_argument, NULL, 'L'},
2626 {"file-system", no_argument, NULL, 'f'},
2627 {"filesystem", no_argument, NULL, 'f'}, /* obsolete and undocumented alias */
2628 + {"context", no_argument, 0, 'Z'},
2629 {"format", required_argument, NULL, 'c'},
2630 {"printf", required_argument, NULL, PRINTF_OPTION},
2631 {"terse", no_argument, NULL, 't'},
2633 /* print statfs info */
2635 print_statfs (char *pformat, size_t prefix_len, char m, char const *filename,
2637 + void const *data, SECURITY_ID_T scontext)
2639 STRUCT_STATVFS const *statfsbuf = data;
2643 out_int (pformat, prefix_len, statfsbuf->f_ffree);
2647 + out_string (pformat, prefix_len, scontext);
2650 fputc ('?', stdout);
2653 /* print stat info */
2655 print_stat (char *pformat, size_t prefix_len, char m,
2656 - char const *filename, void const *data)
2657 + char const *filename, void const *data, SECURITY_ID_T scontext)
2659 struct stat *statbuf = (struct stat *) data;
2660 struct passwd *pw_ent;
2663 out_uint (pformat, prefix_len, statbuf->st_ctime);
2666 + out_string (pformat, prefix_len, scontext);
2669 fputc ('?', stdout);
2674 print_it (char const *format, char const *filename,
2675 - void (*print_func) (char *, size_t, char, char const *, void const *),
2677 + void (*print_func) (char *, size_t, char, char const *, void const *, SECURITY_ID_T),
2678 + void const *data, SECURITY_ID_T scontext)
2680 /* Add 2 to accommodate our conversion of the stat `%s' format string
2681 to the longer printf `%llu' one. */
2686 - print_func (dest, len + 1, *fmt_char, filename, data);
2687 + print_func (dest, len + 1, *fmt_char, filename, data, scontext);
2691 @@ -746,9 +759,17 @@
2693 /* Stat the file system and print what we find. */
2695 -do_statfs (char const *filename, bool terse, char const *format)
2696 +do_statfs (char const *filename, bool terse, bool secure, char const *format)
2698 STRUCT_STATVFS statfsbuf;
2699 + SECURITY_ID_T scontext = NULL;
2700 +#ifdef WITH_SELINUX
2702 + if (getfilecon(filename,&scontext)<0) {
2703 + perror (filename);
2708 if (STATFS (filename, &statfsbuf) != 0)
2710 @@ -759,25 +780,45 @@
2715 - ? "%n %i %l %t %s %S %b %f %a %c %d\n"
2716 - : " File: \"%n\"\n"
2717 - " ID: %-8i Namelen: %-7l Type: %T\n"
2718 - "Block size: %-10s Fundamental block size: %S\n"
2719 - "Blocks: Total: %-10b Free: %-10f Available: %a\n"
2720 - "Inodes: Total: %-10c Free: %d\n");
2724 + format = "%n %i %l %t %s %S %b %f %a %c %d %C\n";
2726 + format = "%n %i %l %t %s %S %b %f %a %c %d\n";
2731 + format = " File: \"%n\"\n"
2732 + " ID: %-8i Namelen: %-7l Type: %T\n"
2733 + "Block size: %-10s Fundamental block size: %S\n"
2734 + "Blocks: Total: %-10b Free: %-10f Available: %a\n"
2735 + "Inodes: Total: %-10c Free: %d\n"
2736 + " S_Context: %C\n";
2738 + format = " File: \"%n\"\n"
2739 + " ID: %-8i Namelen: %-7l Type: %T\n"
2740 + "Block size: %-10s Fundamental block size: %S\n"
2741 + "Blocks: Total: %-10b Free: %-10f Available: %a\n"
2742 + "Inodes: Total: %-10c Free: %d\n";
2745 + print_it (format, filename, print_statfs, &statfsbuf, scontext);
2746 +#ifdef WITH_SELINUX
2747 + if (scontext != NULL)
2748 + freecon(scontext);
2751 - print_it (format, filename, print_statfs, &statfsbuf);
2755 /* stat the file and print what we find */
2757 -do_stat (char const *filename, bool follow_links, bool terse,
2758 +do_stat (char const *filename, bool follow_links, bool terse, bool secure,
2761 struct stat statbuf;
2762 + SECURITY_ID_T scontext = NULL;
2764 if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
2766 @@ -785,11 +826,29 @@
2770 +#ifdef WITH_SELINUX
2774 + i=lgetfilecon(filename, &scontext);
2776 + i=getfilecon(filename, &scontext);
2779 + perror (filename);
2789 - format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
2791 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n";
2793 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
2797 @@ -797,7 +856,17 @@
2799 if (S_ISBLK (statbuf.st_mode) || S_ISCHR (statbuf.st_mode))
2805 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2806 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2807 + " Device type: %t,%T\n"
2808 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2809 + " S_Context: %C\n"
2810 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2814 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2815 "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2816 @@ -807,6 +876,15 @@
2823 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2824 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n"
2825 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2827 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2831 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2832 @@ -816,7 +894,11 @@
2836 - print_it (format, filename, print_stat, &statbuf);
2837 + print_it (format, filename, print_stat, &statbuf, scontext);
2838 +#ifdef WITH_SELINUX
2840 + freecon(scontext);
2846 --printf=FORMAT like --format, but interpret backslash escapes,\n\
2847 and do not output a mandatory trailing newline.\n\
2848 If you want a newline, include \\n in FORMAT.\n\
2849 + -Z, --context print the security context\n\
2850 -t, --terse print the information in terse form\n\
2852 fputs (HELP_OPTION_DESCRIPTION, stdout);
2854 %c Total file nodes in file system\n\
2855 %d Free file nodes in file system\n\
2856 %f Free blocks in file system\n\
2857 + %C Security context in SELinux\n\
2860 %i File System ID in hex\n\
2863 bool follow_links = false;
2865 + bool secure = false;
2867 char *format = NULL;
2869 @@ -927,7 +1012,7 @@
2871 atexit (close_stdout);
2873 - while ((c = getopt_long (argc, argv, "c:fLt", long_options, NULL)) != -1)
2874 + while ((c = getopt_long (argc, argv, "c:fLtZ", long_options, NULL)) != -1)
2878 @@ -946,6 +1031,14 @@
2880 follow_links = true;
2883 + if((is_selinux_enabled()>0))
2886 + error (0, 0, _("Kernel is not SELinux enabled"));
2887 + usage (EXIT_FAILURE);
2893 @@ -972,8 +1065,8 @@
2895 for (i = optind; i < argc; i++)
2897 - ? do_statfs (argv[i], terse, format)
2898 - : do_stat (argv[i], follow_links, terse, format));
2899 + ? do_statfs (argv[i], terse, secure, format)
2900 + : do_stat (argv[i], follow_links, terse, secure, format));
2902 exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
2904 diff -Nur coreutils-6.4/tests/help-version coreutils-6.4.selinux/tests/help-version
2905 --- coreutils-6.4/tests/help-version 2006-10-22 16:54:15.000000000 +0000
2906 +++ coreutils-6.4.selinux/tests/help-version 2006-10-31 23:39:34.000000000 +0000
2909 # Skip `test'; it doesn't accept --help or --version.
2910 test $i = test && continue;
2911 + test $i = chcon && continue;
2912 + test $i = runcon && continue;
2914 # false fails even when invoked with --help or --version.
2915 if test $i = false; then
2918 for i in $all_programs; do
2920 - case $i in chroot|stty|tty|false) continue;; esac
2921 + case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
2923 rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out