1 diff -urN coreutils-5.0.org/config.hin coreutils-5.0/config.hin
2 --- coreutils-5.0.org/config.hin 2003-12-27 12:26:28.926095552 +0100
3 +++ coreutils-5.0/config.hin 2003-12-27 12:28:20.345157280 +0100
5 /* Define to empty if the keyword `volatile' does not work. Warning: valid
6 code using `volatile' can become incorrect without. Disable with care. */
9 +/* Define if you want to use SELINUX */
12 diff -urN coreutils-5.0.org/configure.ac coreutils-5.0/configure.ac
13 --- coreutils-5.0.org/configure.ac 2003-12-27 12:26:28.584147536 +0100
14 +++ coreutils-5.0/configure.ac 2003-12-27 12:27:54.896026136 +0100
16 LIB_PAM="-ldl -lpam -lpam_misc"
19 +dnl Give the chance to enable PAM
20 +AC_ARG_ENABLE(selinux, dnl
21 +[ --enable-selinux Enable use of the SELINUX libraries],
22 +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
23 +LIB_SELINUX="-lselinux"
24 +AC_SUBST(LIB_SELINUX)])
29 diff -urN coreutils-5.0.org/man/chcon.1 coreutils-5.0/man/chcon.1
30 --- coreutils-5.0.org/man/chcon.1 1970-01-01 01:00:00.000000000 +0100
31 +++ coreutils-5.0/man/chcon.1 2003-12-27 12:26:52.965441016 +0100
33 +.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
35 +chcon \- change security context
38 +[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
41 +[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
44 +." Add any additional description here
46 +Change the security context of each FILE to CONTEXT.
48 +\fB\-c\fR, \fB\-\-changes\fR
49 +like verbose but report only when a change is made
51 +\fB\-h\fR, \fB\-\-no\-dereference\fR
52 +affect symbolic links instead of any referenced file (available only on systems with lchown system call)
54 +\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
55 +suppress most error messages
57 +\fB\-\-reference\fR=\fIRFILE\fR
58 +use RFILE's context instead of using a CONTEXT value
60 +\fB\-R\fR, \fB\-\-recursive\fR
61 +change files and directories recursively
63 +\fB\-v\fR, \fB\-\-verbose\fR
64 +output a diagnostic for every file processed
67 +display this help and exit
70 +output version information and exit
72 +Report bugs to <email@host.com>.
74 +The full documentation for
76 +is maintained as a Texinfo manual. If the
80 +programs are properly installed at your site, the command
84 +should give you access to the complete manual.
85 diff -urN coreutils-5.0.org/man/chcon.x coreutils-5.0/man/chcon.x
86 --- coreutils-5.0.org/man/chcon.x 1970-01-01 01:00:00.000000000 +0100
87 +++ coreutils-5.0/man/chcon.x 2003-12-27 12:26:52.962441472 +0100
90 +chcon \- change file security context
92 +.\" Add any additional description here
93 diff -urN coreutils-5.0.org/man/cp.1 coreutils-5.0/man/cp.1
94 --- coreutils-5.0.org/man/cp.1 2003-12-27 12:26:28.509158936 +0100
95 +++ coreutils-5.0/man/cp.1 2003-12-27 12:26:52.965441016 +0100
98 \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
99 preserve the specified attributes (default:
100 -mode,ownership,timestamps), if possible
101 +mode,ownership,timestamps) and security contexts, if possible
102 additional attributes: links, all
104 \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
107 display this help and exit
109 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
110 +set security context of copy to CONTEXT
113 output version information and exit
115 diff -urN coreutils-5.0.org/man/dir.1 coreutils-5.0/man/dir.1
116 --- coreutils-5.0.org/man/dir.1 2003-12-27 12:26:28.485162584 +0100
117 +++ coreutils-5.0/man/dir.1 2003-12-27 12:26:52.966440864 +0100
119 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
120 -.TH DIR "1" "March 2003" "dir (coreutils) 5.0" "User Commands"
121 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
122 +.TH DIR "1" "September 2003" "dir (coreutils) 5.0" FSF
124 dir \- list directory contents
129 list one file per line
134 +Display security context. Enable \fB\-l\fR. Lines
135 +will probably be too wide for most displays.
138 +Display security context so it fits on most
139 +displays. Displays only mode, user, group,
140 +security context and file name.
143 +Display only security context and file name.
146 display this help and exit
147 diff -urN coreutils-5.0.org/man/id.1 coreutils-5.0/man/id.1
148 --- coreutils-5.0.org/man/id.1 2003-12-27 12:26:28.509158936 +0100
149 +++ coreutils-5.0/man/id.1 2003-12-27 12:26:52.967440712 +0100
152 ignore, for compatibility with other versions
154 +\fB\-Z\fR, \fB\-\-context\fR
155 +print only the security context
157 \fB\-g\fR, \fB\-\-group\fR
158 print only the effective group ID
160 diff -urN coreutils-5.0.org/man/install.1 coreutils-5.0/man/install.1
161 --- coreutils-5.0.org/man/install.1 2003-12-27 12:26:28.509158936 +0100
162 +++ coreutils-5.0/man/install.1 2003-12-27 12:26:52.967440712 +0100
164 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
165 -.TH INSTALL "1" "March 2003" "install (coreutils) 5.0" "User Commands"
166 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
167 +.TH INSTALL "1" "September 2003" "install (coreutils) 5.0" FSF
169 ginstall \- copy files and set attributes
173 \fB\-v\fR, \fB\-\-verbose\fR
174 print the name of each directory as it is created
176 +\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
178 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
179 +(SELinux) Set security context of files and directories
182 display this help and exit
183 diff -urN coreutils-5.0.org/man/ls.1 coreutils-5.0/man/ls.1
184 --- coreutils-5.0.org/man/ls.1 2003-12-27 12:26:28.509158936 +0100
185 +++ coreutils-5.0/man/ls.1 2003-12-27 12:26:52.966440864 +0100
187 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
188 -.TH LS "1" "March 2003" "ls (coreutils) 5.0" "User Commands"
189 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
190 +.TH LS "1" "September 2003" "ls (coreutils) 5.0" FSF
192 ls \- list directory contents
197 list one file per line
202 +Display security context. Enable \fB\-l\fR. Lines
203 +will probably be too wide for most displays.
205 +\fB\-Z\fR, \fB\-\-context\fR
206 +Display security context so it fits on most
207 +displays. Displays only mode, user, group,
208 +security context and file name.
211 +Display only security context and file name.
214 display this help and exit
215 diff -urN coreutils-5.0.org/man/Makefile.am coreutils-5.0/man/Makefile.am
216 --- coreutils-5.0.org/man/Makefile.am 2003-12-27 12:26:28.345183864 +0100
217 +++ coreutils-5.0/man/Makefile.am 2003-12-27 12:33:28.969239288 +0100
219 rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
220 su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
221 tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
222 - who.1 whoami.1 yes.1
223 + who.1 whoami.1 yes.1 chcon.1 runcon.1
226 man_aux = $(dist_man_MANS:.1=.x)
228 who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
229 whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
230 yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
231 +chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
232 +runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
236 diff -urN coreutils-5.0.org/man/Makefile.in coreutils-5.0/man/Makefile.in
237 --- coreutils-5.0.org/man/Makefile.in 2003-12-27 12:26:28.434170336 +0100
238 +++ coreutils-5.0/man/Makefile.in 2003-12-27 12:26:52.964441168 +0100
240 -# Makefile.in generated by automake 1.7.3 from Makefile.am.
241 +# Makefile.in generated by automake 1.7.7 from Makefile.am.
244 # Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003
246 INTLLIBS = @INTLLIBS@
247 KMEM_GROUP = @KMEM_GROUP@
250 LIBICONV = @LIBICONV@
254 LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@
255 LIB_CRYPT = @LIB_CRYPT@
256 LIB_NANOSLEEP = @LIB_NANOSLEEP@
258 +LIB_SELINUX = @LIB_SELINUX@
260 LTLIBICONV = @LTLIBICONV@
261 LTLIBINTL = @LTLIBINTL@
262 @@ -152,13 +155,13 @@
263 basename.1 cat.1 chgrp.1 chmod.1 chown.1 chroot.1 cksum.1 comm.1 \
264 cp.1 csplit.1 cut.1 date.1 dd.1 df.1 dir.1 dircolors.1 dirname.1 du.1 \
265 echo.1 env.1 expand.1 expr.1 factor.1 false.1 fmt.1 fold.1 groups.1 \
266 - head.1 hostid.1 hostname.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \
267 + head.1 hostid.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \
268 ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nice.1 nl.1 nohup.1 od.1 \
269 paste.1 pathchk.1 pinky.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \
270 rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
271 su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
272 tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
273 - who.1 whoami.1 yes.1
274 + who.1 whoami.1 yes.1 chcon.1 runcon.1
277 man_aux = $(dist_man_MANS:.1=.x)
281 MANS = $(dist_man_MANS)
282 -DIST_COMMON = $(dist_man_MANS) Makefile.am Makefile.in
283 +DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in Makefile.am
290 $(mkinstalldirs) $(DESTDIR)$(man1dir)
293 install-exec: install-exec-am
294 install-data: install-data-am
299 - -rm -f Makefile $(CONFIG_CLEAN_FILES)
300 + -rm -f $(CONFIG_CLEAN_FILES)
302 maintainer-clean-generic:
303 @echo "This command is intended for maintainers to use"
305 clean-am: clean-generic mostlyclean-am
307 distclean: distclean-am
310 distclean-am: clean-am distclean-generic
315 maintainer-clean: maintainer-clean-am
318 maintainer-clean-am: distclean-am maintainer-clean-generic
321 groups.1: $(common_dep) $(srcdir)/groups.x ../src/groups.sh
322 head.1: $(common_dep) $(srcdir)/head.x ../src/head.c
323 hostid.1: $(common_dep) $(srcdir)/hostid.x ../src/hostid.c
324 -hostname.1: $(common_dep) $(srcdir)/hostname.x ../src/hostname.c
325 id.1: $(common_dep) $(srcdir)/id.x ../src/id.c
326 install.1: $(common_dep) $(srcdir)/install.x ../src/install.c
327 join.1: $(common_dep) $(srcdir)/join.x ../src/join.c
329 who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
330 whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
331 yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
332 +chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
333 +runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
335 # Note the use of $t/$*, rather than just `$*' as in other packages.
336 # That is necessary to avoid failures for programs that are also shell built-in
337 diff -urN coreutils-5.0.org/man/mkdir.1 coreutils-5.0/man/mkdir.1
338 --- coreutils-5.0.org/man/mkdir.1 2003-12-27 12:26:28.407174440 +0100
339 +++ coreutils-5.0/man/mkdir.1 2003-12-27 12:26:52.968440560 +0100
342 Mandatory arguments to long options are mandatory for short options too.
344 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
346 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
347 set permission mode (as in chmod), not rwxrwxrwx - umask
349 diff -urN coreutils-5.0.org/man/mkfifo.1 coreutils-5.0/man/mkfifo.1
350 --- coreutils-5.0.org/man/mkfifo.1 2003-12-27 12:26:28.459166536 +0100
351 +++ coreutils-5.0/man/mkfifo.1 2003-12-27 12:26:52.968440560 +0100
354 Mandatory arguments to long options are mandatory for short options too.
356 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
357 +set security context (quoted string)
359 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
360 set permission mode (as in chmod), not a=rw - umask
362 diff -urN coreutils-5.0.org/man/mknod.1 coreutils-5.0/man/mknod.1
363 --- coreutils-5.0.org/man/mknod.1 2003-12-27 12:26:28.406174592 +0100
364 +++ coreutils-5.0/man/mknod.1 2003-12-27 12:26:52.969440408 +0100
367 Mandatory arguments to long options are mandatory for short options too.
369 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
370 +set security context (quoted string)
372 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
373 set permission mode (as in chmod), not a=rw - umask
375 diff -urN coreutils-5.0.org/man/runcon.1 coreutils-5.0/man/runcon.1
376 --- coreutils-5.0.org/man/runcon.1 1970-01-01 01:00:00.000000000 +0100
377 +++ coreutils-5.0/man/runcon.1 2003-12-27 12:26:52.969440408 +0100
379 +.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux"
381 +runcon \- run command with specified security context
384 +[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
389 +\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
394 +.\" Add any additional description here
396 +Run COMMAND with current security context modified by one or more of LEVEL,
397 +ROLE, TYPE, and USER, or with completely-specified CONTEXT.
400 +change current type to the specified type
403 +change current level range to the specified range
406 +change current role to the specified role
409 +change current user to the specified user
411 +If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
412 +the first argument is used as the complete context. Any additional
413 +arguments after \fICOMMAND\fR are interpreted as arguments to the
416 +Note that only carefully-chosen contexts are likely to successfully
418 diff -urN coreutils-5.0.org/man/runcon.x coreutils-5.0/man/runcon.x
419 --- coreutils-5.0.org/man/runcon.x 1970-01-01 01:00:00.000000000 +0100
420 +++ coreutils-5.0/man/runcon.x 2003-12-27 12:26:52.964441168 +0100
423 +.\" Add any additional description here
424 diff -urN coreutils-5.0.org/man/stat.1 coreutils-5.0/man/stat.1
425 --- coreutils-5.0.org/man/stat.1 2003-12-27 12:26:28.458166688 +0100
426 +++ coreutils-5.0/man/stat.1 2003-12-27 12:26:52.965441016 +0100
428 \fB\-t\fR, \fB\-\-terse\fR
429 print the information in terse form
431 +\fB\-Z\fR, \fB\-\-context\fR
432 +print security context information for SELinux if available.
435 display this help and exit
439 Number of blocks allocated (see %B)
442 +SELinux security context
447 diff -urN coreutils-5.0.org/man/vdir.1 coreutils-5.0/man/vdir.1
448 --- coreutils-5.0.org/man/vdir.1 2003-12-27 12:26:28.510158784 +0100
449 +++ coreutils-5.0/man/vdir.1 2003-12-27 12:26:52.967440712 +0100
451 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
452 -.TH VDIR "1" "March 2003" "vdir (coreutils) 5.0" "User Commands"
453 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
454 +.TH VDIR "1" "September 2003" "vdir (coreutils) 5.0" FSF
456 vdir \- list directory contents
461 list one file per line
466 +Display security context. Enable \fB\-l\fR. Lines
467 +will probably be too wide for most displays.
470 +Display security context so it fits on most
471 +displays. Displays only mode, user, group,
472 +security context and file name.
475 +Display only security context and file name.
478 display this help and exit
479 diff -urN coreutils-5.0.org/src/chcon.c coreutils-5.0/src/chcon.c
480 --- coreutils-5.0.org/src/chcon.c 1970-01-01 01:00:00.000000000 +0100
481 +++ coreutils-5.0/src/chcon.c 2003-12-27 12:26:52.934445728 +0100
483 +/* chcontext -- change security context of a pathname */
487 +#include <sys/types.h>
490 +#include <selinux/selinux.h>
491 +#include <selinux/context.h>
495 +#include "savedir.h"
496 +#include "group-member.h"
502 + CH_NO_CHANGE_REQUESTED
507 + /* Print a message for each file that is processed. */
510 + /* Print a message for each file whose attributes we change. */
513 + /* Do not be verbose. This is the default. */
517 +static int change_dir_context PARAMS ((const char *dir, const struct stat *statp));
519 +/* The name the program was run with. */
522 +/* If nonzero, and the systems has support for it, change the context
523 + of symbolic links rather than any files they point to. */
524 +static int change_symlinks;
526 +/* If nonzero, change the context of directories recursively. */
529 +/* If nonzero, force silence (no error messages). */
530 +static int force_silent;
532 +/* Level of verbosity. */
533 +static enum Verbosity verbosity = V_off;
535 +/* The name of the context file is being given. */
536 +static const char *specified_context;
538 +/* Specific components of the context */
539 +static const char *specified_user;
540 +static const char *specified_role;
541 +static const char *specified_range;
542 +static const char *specified_type;
544 +/* The argument to the --reference option. Use the context of this file.
545 + This file must exist. */
546 +static char *reference_file;
548 +/* If nonzero, display usage information and exit. */
549 +static int show_help;
551 +/* If nonzero, print the version on standard output and exit. */
552 +static int show_version;
554 +static struct option const long_options[] =
556 + {"recursive", no_argument, 0, 'R'},
557 + {"changes", no_argument, 0, 'c'},
558 + {"no-dereference", no_argument, 0, 'h'},
559 + {"silent", no_argument, 0, 'f'},
560 + {"quiet", no_argument, 0, 'f'},
561 + {"reference", required_argument, 0, CHAR_MAX + 1},
562 + {"context", required_argument, 0, CHAR_MAX + 2},
563 + {"user", required_argument, 0, 'u'},
564 + {"role", required_argument, 0, 'r'},
565 + {"type", required_argument, 0, 't'},
566 + {"range", required_argument, 0, 'l'},
567 + {"verbose", no_argument, 0, 'v'},
568 + {"help", no_argument, &show_help, 1},
569 + {"version", no_argument, &show_version, 1},
573 +/* Tell the user how/if the context of FILE has been changed.
574 + CHANGED describes what (if anything) has happened. */
577 +describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
583 + fmt = _("context of %s changed to %s\n");
586 + fmt = _("failed to change context of %s to %s\n");
588 + case CH_NO_CHANGE_REQUESTED:
589 + fmt = _("context of %s retained as %s\n");
594 + printf (fmt, file, newcontext);
598 +compute_context_from_mask (security_context_t context, context_t *ret)
600 + context_t newcontext = context_new (context);
603 +#define SETCOMPONENT(comp) \
605 + if (specified_ ## comp) \
606 + if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
610 + SETCOMPONENT(user);
611 + SETCOMPONENT(range);
612 + SETCOMPONENT(role);
613 + SETCOMPONENT(type);
619 + context_free (newcontext);
623 +/* Change the context of FILE, using specified components.
624 + If it is a directory and -R is given, recurse.
625 + Return 0 if successful, 1 if errors occurred. */
628 +change_file_context (const char *file)
630 + struct stat file_stats;
631 + security_context_t file_context=NULL;
633 + security_context_t context_string;
636 + if ((lgetfilecon(file, &file_context)<0) && (errno != ENODATA))
638 + if (force_silent == 0)
639 + error (0, errno, "%s", file);
643 + /* If the file doesn't have a context, and we're not setting all of
644 + the context components, there isn't really an obvious default.
645 + Thus, we just give up. */
646 + if (file_context == NULL && specified_context == NULL)
648 + error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
652 + if (specified_context == NULL)
654 + if (compute_context_from_mask (file_context, &context))
656 + error (0, 0, _("couldn't compute security context from %s"), file_context);
662 + context = context_new (specified_context);
664 + error (1, 0,_("invalid context: %s"),specified_context);
667 + context_string = context_str (context);
669 + if (strcmp(context_string,file_context)!=0)
673 + if (change_symlinks)
674 + fail = lsetfilecon (file, context_string);
676 + fail = setfilecon (file, context_string);
678 + if (verbosity == V_high || (verbosity == V_changes_only && !fail))
679 + describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
684 + if (force_silent == 0)
686 + error (0, errno, _("failed to change context of %s to %s"), file, context_string);
690 + else if (verbosity == V_high)
692 + describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
695 + context_free(context);
696 + freecon(file_context);
699 + if (lstat(file, &file_stats)==0)
700 + if (S_ISDIR (file_stats.st_mode))
701 + errors |= change_dir_context (file, &file_stats);
706 +/* Recursively change context of the files in directory DIR
707 + using specified context components.
708 + STATP points to the results of lstat on DIR.
709 + Return 0 if successful, 1 if errors occurred. */
712 +change_dir_context (const char *dir, const struct stat *statp)
714 + char *name_space, *namep;
715 + char *path; /* Full path of each entry to process. */
716 + unsigned dirlength; /* Length of `dir' and '\0'. */
717 + unsigned filelength; /* Length of each pathname to process. */
718 + unsigned pathlength; /* Bytes allocated for `path'. */
722 + name_space = savedir (dir);
723 + if (name_space == NULL)
727 + if (force_silent == 0)
728 + error (0, errno, "%s", dir);
732 + error (1, 0, _("virtual memory exhausted"));
735 + dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
736 + pathlength = dirlength + 1;
737 + /* Give `path' a dummy value; it will be reallocated before first use. */
738 + path = xmalloc (pathlength);
739 + strcpy (path, dir);
740 + path[dirlength - 1] = '/';
742 + for (namep = name_space; *namep; namep += filelength - dirlength)
744 + filelength = dirlength + strlen (namep) + 1;
745 + if (filelength > pathlength)
747 + pathlength = filelength * 2;
748 + path = xrealloc (path, pathlength);
750 + strcpy (path + dirlength, namep);
751 + errors |= change_file_context (path);
762 + fprintf (stderr, _("Try `%s --help' for more information.\n"),
767 +Usage: %s [OPTION]... CONTEXT FILE...\n\
768 + or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
769 + or: %s [OPTION]... --reference=RFILE FILE...\n\
771 + program_name, program_name, program_name);
773 +Change the security context of each FILE to CONTEXT.\n\
775 + -c, --changes like verbose but report only when a change is made\n\
776 + -h, --no-dereference affect symbolic links instead of any referenced file\n\
777 + (available only on systems with lchown system call)\n\
778 + -f, --silent, --quiet suppress most error messages\n\
779 + --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
780 + -u, --user=USER set user USER in the target security context\n\
781 + -r, --role=ROLE set role ROLE in the target security context\n\
782 + -t, --type=TYPE set type TYPE in the target security context\n\
783 + -l, --range=RANGE set range RANGE in the target security context\n\
784 + -R, --recursive change files and directories recursively\n\
785 + -v, --verbose output a diagnostic for every file processed\n\
786 + --help display this help and exit\n\
787 + --version output version information and exit\n\
795 +main (int argc, char **argv)
797 + security_context_t ref_context = NULL;
800 + int component_specified = 0;
802 + program_name = argv[0];
803 + setlocale (LC_ALL, "");
804 + bindtextdomain (PACKAGE, LOCALEDIR);
805 + textdomain (PACKAGE);
807 + recurse = force_silent = 0;
809 + while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
816 + specified_user = optarg;
817 + component_specified = 1;
820 + specified_role = optarg;
821 + component_specified = 1;
824 + specified_type = optarg;
825 + component_specified = 1;
828 + specified_range = optarg;
829 + component_specified = 1;
832 + reference_file = optarg;
838 + verbosity = V_changes_only;
844 + change_symlinks = 1;
847 + verbosity = V_high;
856 + printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
865 + if (reference_file && component_specified)
867 + error (0, 0, _("conflicting security context specifiers given"));
871 + if (!(((reference_file || component_specified)
872 + && (argc - optind > 0))
873 + || (argc - optind > 1)))
875 + error (0, 0, _("too few arguments"));
879 + if (reference_file)
881 + if (getfilecon (reference_file, &ref_context)<0)
882 + error (1, errno, "%s", reference_file);
884 + specified_context = ref_context;
886 + else if (!component_specified) {
887 + specified_context = argv[optind++];
889 + for (; optind < argc; ++optind)
890 + errors |= change_file_context (argv[optind]);
892 + if (verbosity != V_off)
894 + if (ref_context != NULL)
895 + freecon(ref_context);
898 diff -urN coreutils-5.0.org/src/copy.c coreutils-5.0/src/copy.c
899 --- coreutils-5.0.org/src/copy.c 2003-12-27 12:26:28.939093576 +0100
900 +++ coreutils-5.0/src/copy.c 2003-12-27 12:26:52.935445576 +0100
903 #include "xreadlink.h"
906 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
907 +extern int selinux_enabled;
910 #define DO_CHOWN(Chown, File, New_uid, New_gid) \
911 (Chown (File, New_uid, New_gid) \
912 /* If non-root uses -p, it's ok if we can't preserve ownership. \
913 @@ -1233,6 +1238,32 @@
914 In such cases, set this variable to zero. */
915 preserve_metadata = 1;
918 + if (x->preserve_security_context && selinux_enabled)
920 + security_context_t con;
922 + if (lgetfilecon (src_path, &con) >= 0)
924 + if (setfscreatecon(con) < 0)
927 + error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
933 + if ( errno == ENOTSUP ) {
934 + error (0, errno, _("warning: security context not preserved %s"), quote (src_path));
936 + error (0, errno, _("cannot lgetfilecon %s"), quote (src_path));
943 if (S_ISDIR (src_mode))
945 struct dir_list *dir;
946 @@ -1302,8 +1333,13 @@
949 /* Are we crossing a file system boundary? */
950 - if (x->one_file_system && device != 0 && device != src_sb.st_dev)
951 + if (x->one_file_system && device != 0 && device != src_sb.st_dev) {
953 + if (x->preserve_security_context && selinux_enabled)
954 + setfscreatecon(NULL);
959 /* Copy the contents of the directory. */
961 @@ -1442,6 +1478,11 @@
966 + if (x->preserve_security_context && selinux_enabled)
967 + setfscreatecon(NULL);
970 /* There's no need to preserve timestamps or permissions. */
971 preserve_metadata = 0;
973 @@ -1474,7 +1515,7 @@
974 if (command_line_arg)
975 record_file (x->dest_info, dst_path, NULL);
977 - if ( ! preserve_metadata)
978 + if ( ! preserve_metadata)
981 /* POSIX says that `cp -p' must restore the following:
982 @@ -1576,6 +1617,11 @@
987 + if (x->preserve_security_context && selinux_enabled)
988 + setfscreatecon(NULL);
991 /* We have failed to create the destination file.
992 If we've just added a dev/ino entry via the remember_copied
993 call above (i.e., unless we've just failed to create a hard link),
994 diff -urN coreutils-5.0.org/src/copy.h coreutils-5.0/src/copy.h
995 --- coreutils-5.0.org/src/copy.h 2003-12-27 12:26:28.948092208 +0100
996 +++ coreutils-5.0/src/copy.h 2003-12-27 12:26:52.937445272 +0100
998 int preserve_ownership;
1000 int preserve_timestamps;
1001 +#ifdef WITH_SELINUX
1002 + int preserve_security_context;
1005 /* Enabled for mv, and for cp by the --preserve=links option.
1006 If nonzero, attempt to preserve in the destination files any
1007 diff -urN coreutils-5.0.org/src/cp.c coreutils-5.0/src/cp.c
1008 --- coreutils-5.0.org/src/cp.c 2003-12-27 12:26:28.939093576 +0100
1009 +++ coreutils-5.0/src/cp.c 2003-12-27 12:26:52.938445120 +0100
1012 #define AUTHORS N_ ("Torbjorn Granlund, David MacKenzie, and Jim Meyering")
1014 +#ifdef WITH_SELINUX
1015 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1016 +int selinux_enabled=0;
1019 #ifndef _POSIX_VERSION
1023 {"update", no_argument, NULL, 'u'},
1024 {"verbose", no_argument, NULL, 'v'},
1025 {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
1026 +#ifdef WITH_SELINUX
1027 + {"context", required_argument, NULL, 'Z'},
1029 {GETOPT_HELP_OPTION_DECL},
1030 {GETOPT_VERSION_OPTION_DECL},
1033 additional attributes: links, all\n\
1036 + -c same as --preserve=context\n\
1039 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
1040 --parents append source path to DIRECTORY\n\
1041 -P same as `--no-dereference'\n\
1043 destination file is missing\n\
1044 -v, --verbose explain what is being done\n\
1045 -x, --one-file-system stay on this file system\n\
1046 + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
1048 fputs (HELP_OPTION_DESCRIPTION, stdout);
1049 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1052 new_dest = (char *) dest;
1055 - return copy (source, new_dest, new_dst, x, &unused, NULL);
1056 + ret=copy (source, new_dest, new_dst, x, &unused, NULL);
1061 @@ -781,6 +793,10 @@
1062 x->preserve_mode = 0;
1063 x->preserve_timestamps = 0;
1065 +#ifdef WITH_SELINUX
1066 + x->preserve_security_context = 0;
1069 x->require_preserve = 0;
1071 x->sparse_mode = SPARSE_AUTO;
1072 @@ -808,19 +824,20 @@
1073 PRESERVE_TIMESTAMPS,
1079 static enum File_attribute const preserve_vals[] =
1081 PRESERVE_MODE, PRESERVE_TIMESTAMPS,
1082 - PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
1083 + PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
1086 /* Valid arguments to the `--preserve' option. */
1087 static char const* const preserve_args[] =
1089 "mode", "timestamps",
1090 - "ownership", "links", "all", 0
1091 + "ownership", "links", "context", "all", 0
1094 char *arg_writable = xstrdup (arg);
1095 @@ -855,11 +872,16 @@
1096 x->preserve_links = on_off;
1099 + case PRESERVE_CONTEXT:
1100 + x->preserve_security_context = on_off;
1104 x->preserve_mode = on_off;
1105 x->preserve_timestamps = on_off;
1106 x->preserve_ownership = on_off;
1107 x->preserve_links = on_off;
1108 + x->preserve_security_context = on_off;
1112 @@ -882,6 +904,10 @@
1113 struct cp_options x;
1114 int copy_contents = 0;
1115 char *target_directory = NULL;
1116 +#ifdef WITH_SELINUX
1117 + security_context_t scontext = NULL;
1118 + selinux_enabled= is_selinux_enabled();
1121 program_name = argv[0];
1122 setlocale (LC_ALL, "");
1123 @@ -896,7 +922,11 @@
1124 we'll actually use backup_suffix_string. */
1125 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1127 +#ifdef WITH_SELINUX
1128 + while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:Z:", long_opts, NULL))
1130 while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL))
1135 @@ -987,6 +1017,36 @@
1136 x.preserve_timestamps = 1;
1137 x.require_preserve = 1;
1139 +#ifdef WITH_SELINUX
1141 + if ( scontext != NULL ) {
1142 + (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext);
1145 + else if (selinux_enabled)
1146 + x.preserve_security_context = 1;
1150 + /* politely decline if we're not on a selinux-enabled kernel. */
1151 + if( !selinux_enabled ) {
1152 + fprintf( stderr, "Warning: ignoring --context (-Z). "
1153 + "It requires a SELinux enabled kernel.\n" );
1156 + if ( x.preserve_security_context ) {
1157 + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
1160 + scontext = optarg;
1161 + /* if there's a security_context given set new path
1162 + components to that context, too */
1163 + if ( setfscreatecon(scontext) < 0 ) {
1164 + (void) fprintf(stderr, _("cannot set default security context %s"), scontext);
1170 case PARENTS_OPTION:
1172 diff -urN coreutils-5.0.org/src/id.c coreutils-5.0/src/id.c
1173 --- coreutils-5.0.org/src/id.c 2003-12-27 12:26:28.951091752 +0100
1174 +++ coreutils-5.0/src/id.c 2003-12-27 12:26:52.939444968 +0100
1179 +#ifdef WITH_SELINUX
1180 +#include <selinux/selinux.h>
1181 +static void print_context PARAMS ((char* context));
1182 +/* Print the SELinux context */
1184 +print_context(char *context)
1186 + printf ("%s", context);
1189 +/* If nonzero, output only the SELinux context. -Z */
1190 +static int just_context = 0;
1193 static void print_user (uid_t uid);
1194 static void print_group (gid_t gid);
1195 static void print_group_list (const char *username);
1197 /* The number of errors encountered so far. */
1198 static int problems = 0;
1200 +/* The SELinux context */
1201 +/* Set `context' to a known invalid value so print_full_info() will *
1202 + * know when `context' has not been set to a meaningful value. */
1203 +static security_context_t context=NULL;
1205 static struct option const longopts[] =
1207 + {"context", no_argument, NULL, 'Z'},
1208 {"group", no_argument, NULL, 'g'},
1209 {"groups", no_argument, NULL, 'G'},
1210 {"name", no_argument, NULL, 'n'},
1212 Print information for USERNAME, or the current user.\n\
1214 -a ignore, for compatibility with other versions\n\
1215 + -Z, --context print only the context\n\
1216 -g, --group print only the effective group ID\n\
1217 -G, --groups print all group IDs\n\
1218 -n, --name print a name instead of a number, for -ugG\n\
1220 main (int argc, char **argv)
1223 + int selinux_enabled=is_selinux_enabled();
1225 /* If nonzero, output the list of all group IDs. -G */
1226 int just_group_list = 0;
1229 atexit (close_stdout);
1231 - while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
1232 + while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
1236 @@ -136,6 +158,17 @@
1238 /* Ignore -a, for compatibility with SVR4. */
1240 +#ifdef WITH_SELINUX
1242 + /* politely decline if we're not on a selinux-enabled kernel. */
1243 + if( !selinux_enabled ) {
1244 + fprintf( stderr, "Sorry, --context (-Z) can be used only on "
1245 + "a selinux-enabled kernel.\n" );
1254 @@ -158,8 +191,28 @@
1258 - if (just_user + just_group + just_group_list > 1)
1259 - error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
1260 +#ifdef WITH_SELINUX
1261 + if (argc - optind == 1)
1262 + selinux_enabled = 0;
1264 + if( just_context && !selinux_enabled)
1266 +cannot display context when selinux not enabled or when displaying the id\n\
1267 +of a different user"));
1269 + /* If we are on a selinux-enabled kernel, get our context. *
1270 + * Otherwise, leave the context variable alone - it has *
1271 + * been initialized known invalid value; if we see this invalid *
1272 + * value later, we will know we are on a non-selinux kernel. */
1273 + if( selinux_enabled )
1275 + if (getcon(&context))
1276 + error (1, 0, "can't get process context");
1280 + if (just_user + just_group + just_group_list + just_context > 1)
1281 + error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
1283 if (just_user + just_group + just_group_list == 0 && (use_real || use_name))
1284 error (EXIT_FAILURE, 0,
1285 @@ -190,6 +243,10 @@
1286 print_group (use_real ? rgid : egid);
1287 else if (just_group_list)
1288 print_group_list (argv[optind]);
1289 +#ifdef WITH_SELINUX
1290 + else if (just_context)
1291 + print_context (context);
1294 print_full_info (argv[optind]);
1299 #endif /* HAVE_GETGROUPS */
1300 +#ifdef WITH_SELINUX
1301 + if ( context != NULL ) {
1302 + printf(" context=%s",context);
1306 diff -urN coreutils-5.0.org/src/install.c coreutils-5.0/src/install.c
1307 --- coreutils-5.0.org/src/install.c 2003-12-27 12:26:28.932094640 +0100
1308 +++ coreutils-5.0/src/install.c 2003-12-27 12:26:52.941444664 +0100
1310 # include <sys/wait.h>
1313 +#ifdef WITH_SELINUX
1314 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1315 +int selinux_enabled=0;
1318 struct passwd *getpwnam ();
1319 struct group *getgrnam ();
1321 @@ -126,11 +131,17 @@
1322 static struct option const long_options[] =
1324 {"backup", optional_argument, NULL, 'b'},
1325 +#ifdef WITH_SELINUX
1326 + {"context", required_argument, NULL, 'Z'},
1328 {"directory", no_argument, NULL, 'd'},
1329 {"group", required_argument, NULL, 'g'},
1330 {"mode", required_argument, NULL, 'm'},
1331 {"owner", required_argument, NULL, 'o'},
1332 {"preserve-timestamps", no_argument, NULL, 'p'},
1333 +#ifdef WITH_SELINUX
1334 + {"preserve_context", no_argument, NULL, 'P'},
1336 {"strip", no_argument, NULL, 's'},
1337 {"suffix", required_argument, NULL, 'S'},
1338 {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
1343 +#ifdef WITH_SELINUX
1344 + x->preserve_security_context = 0;
1347 x->dest_info = NULL;
1349 @@ -265,6 +279,11 @@
1350 struct cp_options x;
1353 +#ifdef WITH_SELINUX
1354 + security_context_t scontext = NULL;
1355 + /* set iff kernel has extra selinux system calls */
1356 + selinux_enabled = is_selinux_enabled();
1359 program_name = argv[0];
1360 setlocale (LC_ALL, "");
1361 @@ -285,7 +304,11 @@
1362 we'll actually use backup_suffix_string. */
1363 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1365 +#ifdef WITH_SELINUX
1366 + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPvV:S:Z:", long_options,
1368 while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pvV:S:", long_options,
1373 @@ -338,6 +361,39 @@
1375 backup_suffix_string = optarg;
1377 +#ifdef WITH_SELINUX
1379 + /* politely decline if we're not on a selinux-enabled kernel. */
1380 + if( !selinux_enabled ) {
1381 + fprintf( stderr, "Warning: ignoring --preserve_context (-P) "
1382 + "because the kernel is not selinux-enabled.\n" );
1385 + if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
1386 + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], scontext);
1389 + x.preserve_security_context = 1;
1392 + /* politely decline if we're not on a selinux-enabled kernel. */
1393 + if( !selinux_enabled) {
1394 + fprintf( stderr, "Warning: ignoring --context (-Z) "
1395 + "because the kernel is not selinux-enabled.\n" );
1398 + if ( x.preserve_security_context ) {
1400 + (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg);
1403 + scontext = optarg;
1404 + if (setfscreatecon(scontext)) {
1405 + (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], scontext);
1410 case_GETOPT_HELP_CHAR;
1411 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1413 @@ -721,6 +777,11 @@
1414 -S, --suffix=SUFFIX override the usual backup suffix\n\
1415 -v, --verbose print the name of each directory as it is created\n\
1418 + -P, --preserve_context (SELinux) Preserve security context\n\
1419 + -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
1422 fputs (HELP_OPTION_DESCRIPTION, stdout);
1423 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1425 diff -urN coreutils-5.0.org/src/ls.c coreutils-5.0/src/ls.c
1426 --- coreutils-5.0.org/src/ls.c 2003-12-27 12:26:28.947092360 +0100
1427 +++ coreutils-5.0/src/ls.c 2003-12-27 12:42:14.887287592 +0100
1428 @@ -130,6 +130,18 @@
1430 #define AUTHORS N_ ("Richard Stallman and David MacKenzie")
1432 +#ifdef WITH_SELINUX
1433 +#include <selinux/selinux.h>
1434 +int selinux_enabled= 0;
1435 +static int print_scontext = 0;
1436 +#define check_selinux() if (!selinux_enabled) { \
1437 + fprintf( stderr, "Sorry, this option can only be used " \
1438 + "on a SELinux kernel.\n" ); \
1439 + exit( EXIT_FAILURE ); \
1444 #define obstack_chunk_alloc malloc
1445 #define obstack_chunk_free free
1447 @@ -227,6 +239,10 @@
1448 /* For long listings, true if the file has an access control list. */
1452 +#ifdef WITH_SELINUX
1453 + security_context_t scontext;
1457 #if HAVE_ACL || USE_ACL
1459 static void sort_files (void);
1460 static void parse_ls_color (void);
1461 void usage (int status);
1462 +#ifdef WITH_SELINUX
1463 +static void print_scontext_format PARAMS ((const struct fileinfo *f));
1466 /* The name the program was run with, stripped of any leading path. */
1468 @@ -379,7 +398,10 @@
1469 one_per_line, /* -1 */
1470 many_per_line, /* -C */
1471 horizontal, /* -x */
1472 - with_commas /* -m */
1473 +#ifdef WITH_SELINUX
1474 + security_format, /* -Z */
1476 + with_commas /* -m */
1479 static enum format format;
1480 @@ -700,6 +722,11 @@
1481 SHOW_CONTROL_CHARS_OPTION,
1484 +#ifdef WITH_SELINUX
1492 @@ -743,6 +770,11 @@
1493 {"time-style", required_argument, 0, TIME_STYLE_OPTION},
1494 {"color", optional_argument, 0, COLOR_OPTION},
1495 {"block-size", required_argument, 0, BLOCK_SIZE_OPTION},
1496 +#ifdef WITH_SELINUX
1497 + {"context", no_argument, 0, CONTEXT_OPTION},
1498 + {"lcontext", no_argument, 0, LCONTEXT_OPTION},
1499 + {"scontext", no_argument, 0, SCONTEXT_OPTION},
1501 {"author", no_argument, 0, AUTHOR_OPTION},
1502 {GETOPT_HELP_OPTION_DECL},
1503 {GETOPT_VERSION_OPTION_DECL},
1504 @@ -752,12 +784,19 @@
1505 static char const *const format_args[] =
1507 "verbose", "long", "commas", "horizontal", "across",
1508 - "vertical", "single-column", 0
1509 + "vertical", "single-column",
1510 +#ifdef WITH_SELINUX
1516 static enum format const format_types[] =
1518 long_format, long_format, with_commas, horizontal, horizontal,
1519 +#ifdef WITH_SELINUX
1522 many_per_line, one_per_line
1525 @@ -1121,6 +1160,9 @@
1527 format_needs_stat = sort_type == sort_time || sort_type == sort_size
1528 || format == long_format
1529 +#ifdef WITH_SELINUX
1530 + || format == security_format || print_scontext
1532 || dereference == DEREF_ALWAYS
1533 || print_block_size || print_inode;
1534 format_needs_type = (format_needs_stat == 0
1535 @@ -1243,6 +1285,11 @@
1536 /* Record whether there is an option specifying sort type. */
1537 int sort_type_specified = 0;
1539 +#ifdef WITH_SELINUX
1540 + /* 1 iff kernel has new selinux system calls */
1541 + selinux_enabled= is_selinux_enabled();
1544 qmark_funny_chars = 0;
1546 /* initialize all switches to default settings */
1547 @@ -1293,6 +1340,9 @@
1549 really_all_files = 0;
1550 ignore_patterns = 0;
1551 +#ifdef WITH_SELINUX
1552 + print_scontext = 0;
1555 /* FIXME: put this in a function. */
1557 @@ -1370,7 +1420,7 @@
1560 while ((c = getopt_long (argc, argv,
1561 - "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
1562 + "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
1563 long_options, NULL)) != -1)
1566 @@ -1490,6 +1540,13 @@
1567 format = horizontal;
1570 +#ifdef WITH_SELINUX
1573 + print_scontext = 1;
1574 + format = security_format;
1578 really_all_files = 0;
1580 @@ -1657,6 +1714,25 @@
1582 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1584 +#ifdef WITH_SELINUX
1586 + case CONTEXT_OPTION: /* new security format */
1588 + print_scontext = 1;
1589 + format = security_format;
1591 + case LCONTEXT_OPTION: /* long format plus security context */
1593 + print_scontext = 1;
1594 + format = long_format;
1596 + case SCONTEXT_OPTION: /* short form of new security format */
1598 + print_scontext = 0;
1599 + format = security_format;
1604 usage (EXIT_FAILURE);
1606 @@ -2308,6 +2384,12 @@
1607 free (files[i].name);
1608 if (files[i].linkname)
1609 free (files[i].linkname);
1610 +#ifdef WITH_SELINUX
1611 + if (files[i].scontext) {
1612 + freecon (files[i].scontext);
1613 + files[i].scontext=NULL;
1619 @@ -2334,6 +2416,9 @@
1620 files[files_index].linkname = 0;
1621 files[files_index].linkmode = 0;
1622 files[files_index].linkok = 0;
1623 +#ifdef WITH_SELINUX
1624 + files[files_index].scontext = NULL;
1628 || format_needs_stat
1629 @@ -2379,6 +2464,11 @@
1632 err = stat (path, &files[files_index].stat);
1633 +#ifdef WITH_SELINUX
1635 + if (selinux_enabled && (format == security_format || print_scontext))
1636 + getfilecon(path, &files[files_index].scontext);
1639 if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
1641 @@ -2397,6 +2487,11 @@
1643 default: /* DEREF_NEVER */
1644 err = lstat (path, &files[files_index].stat);
1645 +#ifdef WITH_SELINUX
1647 + if (selinux_enabled && (format == security_format || print_scontext))
1648 + lgetfilecon(path, &files[files_index].scontext);
1653 @@ -2825,6 +2920,16 @@
1654 DIRED_PUTCHAR ('\n');
1658 +#ifdef WITH_SELINUX
1659 + case security_format:
1660 + for (i = 0; i < files_index; i++)
1662 + print_scontext_format (files + i);
1663 + DIRED_PUTCHAR ('\n');
1670 @@ -3088,6 +3193,14 @@
1674 +#ifdef WITH_SELINUX
1676 + if ( print_scontext ) {
1677 + sprintf (p, "%-32s ", f->scontext);
1683 DIRED_FPUTS (buf, stdout, p - buf);
1684 print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
1685 @@ -3883,6 +3996,16 @@
1686 -X sort alphabetically by entry extension\n\
1687 -1 list one file per line\n\
1689 +#ifdef WITH_SELINUX
1690 +printf(_("SELINUX options:\n\n\
1691 + --lcontext Display security context. Enable -l. Lines\n\
1692 + will probably be too wide for most displays.\n\
1693 + --context Display security context so it fits on most\n\
1694 + displays. Displays only mode, user, group,\n\
1695 + security context and file name.\n\
1696 + --scontext Display only security context and file name.\n\
1699 fputs (HELP_OPTION_DESCRIPTION, stdout);
1700 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1702 @@ -3901,3 +4024,79 @@
1707 +#ifdef WITH_SELINUX
1710 +print_scontext_format (const struct fileinfo *f)
1714 + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
1715 + 1 10-byte mode string,
1716 + 9 spaces, one following each of these fields, and
1717 + 1 trailing NUL byte. */
1719 + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
1720 + char *buf = init_bigbuf;
1721 + size_t bufsize = sizeof (init_bigbuf);
1732 + if ( print_scontext ) { /* zero means terse listing */
1733 + mode_string (f->stat.st_mode, modebuf);
1734 + modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
1735 + modebuf[11] = '\0';
1739 + (void) sprintf (p, "%s ", modebuf);
1742 + /* print standard user and group */
1744 + user_name = (numeric_ids ? NULL : getuser (f->stat.st_uid));
1746 + (void) sprintf (p, "%-8.8s ", user_name);
1748 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid);
1751 + if ( print_group ) {
1752 + group_name = (numeric_ids ? NULL : getgroup (f->stat.st_gid));
1754 + (void) sprintf (p, "%-8.8s ", group_name);
1756 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid);
1761 + (void) sprintf (p, "%-32s ", f->scontext);
1765 + DIRED_FPUTS (buf, stdout, p - buf);
1766 + print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, &dired_obstack);
1768 + if (f->filetype == symbolic_link) {
1769 + if (f->linkname) {
1770 + DIRED_FPUTS_LITERAL (" -> ", stdout);
1771 + print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, NULL);
1772 + if (indicator_style != none)
1773 + print_type_indicator (f->linkmode);
1777 + if (indicator_style != none)
1778 + print_type_indicator (f->stat.st_mode);
1782 diff -urN coreutils-5.0.org/src/Makefile.am coreutils-5.0/src/Makefile.am
1783 --- coreutils-5.0.org/src/Makefile.am 2003-12-27 12:26:28.928095248 +0100
1784 +++ coreutils-5.0/src/Makefile.am 2003-12-27 12:37:59.212156120 +0100
1786 EXTRA_SCRIPTS = nohup
1788 bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
1789 -bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
1790 +bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
1791 ginstall link ln dir vdir ls mkdir \
1792 mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
1793 cat cksum comm csplit cut expand fmt fold head join md5sum \
1794 nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
1795 basename date dirname echo env expr factor false getgid \
1796 - hostname id kill logname pathchk printenv printf pwd seq sleep tee \
1797 + hostname id kill logname pathchk printenv printf runcon pwd seq sleep tee \
1798 test true tty whoami yes \
1799 @OPTIONAL_BIN_PROGS@ @DF_PROG@
1802 # replacement functions defined in libfetish.a.
1803 LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
1805 -dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
1806 -ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
1807 +dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@
1808 +ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@
1809 shred_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
1810 -vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
1811 +vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@
1812 +cp_LDADD = $(LDADD) @LIB_SELINUX@
1813 +ginstall_LDADD = $(LDADD) @LIB_SELINUX@
1814 +mv_LDADD = $(LDADD) @LIB_SELINUX@
1815 +chcon_LDADD = $(LDADD) @LIB_SELINUX@
1816 +id_LDADD = $(LDADD) @LIB_SELINUX@
1817 +mkdir_LDADD = $(LDADD) @LIB_SELINUX@
1818 +mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
1819 +mknod_LDADD = $(LDADD) @LIB_SELINUX@
1820 +stat_LDADD = $(LDADD) @LIB_SELINUX@
1821 +runcon_LDADD = $(LDADD) @LIB_SELINUX@
1823 ## If necessary, add -lm to resolve use of pow in lib/strtod.c.
1824 sort_LDADD = $(LDADD) @POW_LIB@
1825 diff -urN coreutils-5.0.org/src/mkdir.c coreutils-5.0/src/mkdir.c
1826 --- coreutils-5.0.org/src/mkdir.c 2003-12-27 12:26:28.950091904 +0100
1827 +++ coreutils-5.0/src/mkdir.c 2003-12-27 12:26:52.958442080 +0100
1830 #define AUTHORS "David MacKenzie"
1832 +#ifdef WITH_SELINUX
1833 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1836 /* The name this program was run with. */
1841 static struct option const longopts[] =
1843 +#ifdef WITH_SELINUX
1844 + {"context", required_argument, NULL, 'Z'},
1846 {"mode", required_argument, NULL, 'm'},
1847 {"parents", no_argument, NULL, 'p'},
1848 {"verbose", no_argument, NULL, 'v'},
1850 Create the DIRECTORY(ies), if they do not already exist.\n\
1853 +#ifdef WITH_SELINUX
1855 + -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
1859 Mandatory arguments to long options are mandatory for short options too.\n\
1865 +#ifdef WITH_SELINUX
1866 + while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
1868 while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
1873 @@ -112,6 +128,20 @@
1874 case 'v': /* --verbose */
1875 verbose_fmt_string = _("created directory %s");
1877 +#ifdef WITH_SELINUX
1879 + /* politely decline if we're not on a selinux-enabled kernel. */
1880 + if( !is_selinux_enabled()) {
1881 + fprintf( stderr, "Sorry, --context (-Z) can be used only on "
1882 + "a selinux-enabled kernel.\n" );
1885 + if (setfscreatecon(optarg)) {
1886 + fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
1891 case_GETOPT_HELP_CHAR;
1892 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1894 diff -urN coreutils-5.0.org/src/mkfifo.c coreutils-5.0/src/mkfifo.c
1895 --- coreutils-5.0.org/src/mkfifo.c 2003-12-27 12:26:28.933094488 +0100
1896 +++ coreutils-5.0/src/mkfifo.c 2003-12-27 12:26:52.958442080 +0100
1899 #define AUTHORS "David MacKenzie"
1901 +#ifdef WITH_SELINUX
1902 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1905 /* The name this program was run with. */
1908 static struct option const longopts[] =
1910 +#ifdef WITH_SELINUX
1911 + {"context", required_argument, NULL, 'Z'},
1913 {"mode", required_argument, NULL, 'm'},
1914 {GETOPT_HELP_OPTION_DECL},
1915 {GETOPT_VERSION_OPTION_DECL},
1917 Create named pipes (FIFOs) with the given NAMEs.\n\
1920 +#ifdef WITH_SELINUX
1922 + -Z, --context=CONTEXT set security context (quoted string)\n\
1926 Mandatory arguments to long options are mandatory for short options too.\n\
1930 error (4, 0, _("fifo files not supported"));
1932 +#ifdef WITH_SELINUX
1933 + while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
1935 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
1940 @@ -101,6 +117,19 @@
1942 specified_mode = optarg;
1944 +#ifdef WITH_SELINUX
1946 + if( !is_selinux_enabled()) {
1947 + fprintf( stderr, "Sorry, --context (-Z) can be used only on "
1948 + "a selinux-enabled kernel.\n" );
1951 + if (setfscreatecon(optarg)) {
1952 + fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
1957 case_GETOPT_HELP_CHAR;
1958 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1960 diff -urN coreutils-5.0.org/src/mknod.c coreutils-5.0/src/mknod.c
1961 --- coreutils-5.0.org/src/mknod.c 2003-12-27 12:26:28.936094032 +0100
1962 +++ coreutils-5.0/src/mknod.c 2003-12-27 12:26:52.959441928 +0100
1964 /* The name this program was run with. */
1967 +#ifdef WITH_SELINUX
1968 +#include <selinux/selinux.h>
1971 static struct option const longopts[] =
1973 +#ifdef WITH_SELINUX
1974 + {"context", required_argument, NULL, 'Z'},
1976 {"mode", required_argument, NULL, 'm'},
1977 {GETOPT_HELP_OPTION_DECL},
1978 {GETOPT_VERSION_OPTION_DECL},
1980 Create the special file NAME of the given TYPE.\n\
1983 +#ifdef WITH_SELINUX
1985 + -Z, --context=CONTEXT set security context (quoted string)\n\
1989 Mandatory arguments to long options are mandatory for short options too.\n\
1991 @@ -102,7 +114,11 @@
1993 specified_mode = NULL;
1995 +#ifdef WITH_SELINUX
1996 + while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
1998 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
2003 @@ -111,6 +127,20 @@
2005 specified_mode = optarg;
2007 +#ifdef WITH_SELINUX
2009 + /* politely decline if we're not on a selinux-enabled kernel. */
2010 + if( !is_selinux_enabled()) {
2011 + fprintf( stderr, "Sorry, --context (-Z) can be used only on "
2012 + "a selinux-enabled kernel.\n" );
2015 + if (setfscreatecon(optarg)) {
2016 + fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
2021 case_GETOPT_HELP_CHAR;
2022 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
2024 diff -urN coreutils-5.0.org/src/mv.c coreutils-5.0/src/mv.c
2025 --- coreutils-5.0.org/src/mv.c 2003-12-27 12:26:28.941093272 +0100
2026 +++ coreutils-5.0/src/mv.c 2003-12-27 12:26:52.962441472 +0100
2031 +#ifdef WITH_SELINUX
2032 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
2033 +int selinux_enabled=0;
2036 /* The official name of this program (e.g., no `g' prefix). */
2037 #define PROGRAM_NAME "mv"
2039 @@ -381,6 +386,10 @@
2041 cp_option_init (&x);
2043 +#ifdef WITH_SELINUX
2044 + selinux_enabled= is_selinux_enabled();
2047 /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
2048 we'll actually use backup_suffix_string. */
2049 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
2050 diff -urN coreutils-5.0.org/src/runcon.c coreutils-5.0/src/runcon.c
2051 --- coreutils-5.0.org/src/runcon.c 1970-01-01 01:00:00.000000000 +0100
2052 +++ coreutils-5.0/src/runcon.c 2003-12-27 12:26:52.959441928 +0100
2055 + * runcon [ context |
2056 + * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
2057 + * command [arg1 [arg2 ...] ]
2059 + * attempt to run the specified command with the specified context.
2061 + * -r role : use the current context with the specified role
2062 + * -t type : use the current context with the specified type
2063 + * -u user : use the current context with the specified user
2064 + * -l level : use the current context with the specified level range
2066 + * Contexts are interpreted as follows:
2069 + * components system?
2073 + * 3 Y role:type:range
2074 + * 3 N user:role:type
2075 + * 4 Y user:role:type:range
2079 +#include <config.h>
2080 +#include <unistd.h>
2082 +#include <getopt.h>
2083 +#include <selinux/context.h>
2084 +#include <selinux/selinux.h>
2086 +#include "system.h"
2089 +/* The name the program was run with. */
2090 +char *program_name;
2095 + printf(_("Usage: %s [OPTION]... command [args]\n"
2096 + "Run a program in a different security context.\n\n"
2097 + " context Complete security context\n"
2098 + " -t type (for same role as parent)\n"
2099 + " -u user identity\n"
2101 + " -l levelrange\n"
2102 + " --help display this help and exit\n"),
2108 +main(int argc,char **argv,char **envp )
2114 + char *context = NULL;
2115 + security_context_t cur_context = NULL;
2119 + program_name = argv[0];
2120 + setlocale (LC_ALL, "");
2121 + bindtextdomain (PACKAGE, LOCALEDIR);
2122 + textdomain (PACKAGE);
2126 + int this_option_optind = optind ? optind : 1;
2127 + int option_index = 0;
2128 + static struct option long_options[] = {
2129 + { "role", 1, 0, 'r' },
2130 + { "type", 1, 0, 't' },
2131 + { "user", 1, 0, 'u' },
2132 + { "range", 1, 0, 'l' },
2133 + { "help", 0, 0, '?' },
2136 + c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index);
2143 + fprintf(stderr,_("multiple roles\n"));
2150 + fprintf(stderr,_("multiple types\n"));
2157 + fprintf(stderr,_("multiple users\n"));
2164 + fprintf(stderr,_("multiple levelranges\n"));
2170 + fprintf(stderr,_("unrecognised option %c\n"),c);
2176 + if ( !(user || role || type || range)) {
2177 + if ( optind >= argc ) {
2178 + usage(_("must specify -t, -u, -l, -r, or context"));
2180 + context = argv[optind++];
2183 + if ( optind >= argc ) {
2184 + usage(_("no command found"));
2188 + con = context_new(context);
2190 + fprintf(stderr,_("%s is not a valid context\n"), context);
2195 + getcon(&cur_context);
2196 + con = context_new(cur_context);
2198 + fprintf(stderr,_("%s is not a valid context\n"), context);
2202 + context_user_set(con,user);
2205 + context_type_set(con,type);
2208 + context_range_set(con,range);
2211 + context_role_set(con,role);
2215 + if (setexeccon(context_str(con))!=0) {
2216 + fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
2219 + if (cur_context!=NULL)
2220 + freecon(cur_context);
2222 + if ( execvp(argv[optind],argv+optind) ) {
2226 + return 1; /* can't reach this statement.... */
2228 diff -urN coreutils-5.0.org/src/stat.c coreutils-5.0/src/stat.c
2229 --- coreutils-5.0.org/src/stat.c 2003-12-27 12:26:28.951091752 +0100
2230 +++ coreutils-5.0/src/stat.c 2003-12-27 12:26:52.961441624 +0100
2232 # include <sys/vfs.h>
2235 +#ifdef WITH_SELINUX
2236 +#include <selinux/selinux.h>
2237 +#define SECURITY_ID_T security_context_t
2239 +#define SECURITY_ID_T char *
2242 /* NetBSD 1.5.2 needs these, for the declaration of struct statfs. */
2243 #if !HAVE_SYS_STATVFS_H && !HAVE_SYS_VFS_H
2244 # if HAVE_SYS_MOUNT_H && HAVE_SYS_PARAM_H
2246 {"dereference", no_argument, 0, 'L'},
2247 {"format", required_argument, 0, 'c'},
2248 {"filesystem", no_argument, 0, 'f'},
2249 + {"context", no_argument, 0, 'Z'},
2250 {"terse", no_argument, 0, 't'},
2251 {GETOPT_HELP_OPTION_DECL},
2252 {GETOPT_VERSION_OPTION_DECL},
2254 /* print statfs info */
2256 print_statfs (char *pformat, char m, char const *filename,
2258 + void const *data,SECURITY_ID_T scontext)
2260 STRUCT_STATVFS const *statfsbuf = data;
2262 @@ -394,7 +402,10 @@
2263 strcat (pformat, PRIdMAX);
2264 printf (pformat, (intmax_t) (statfsbuf->f_ffree));
2268 + strcat (pformat, "s");
2272 strcat (pformat, "c");
2273 printf (pformat, m);
2276 /* print stat info */
2278 -print_stat (char *pformat, char m, char const *filename, void const *data)
2279 +print_stat (char *pformat, char m, char const *filename, void const *data, SECURITY_ID_T scontext)
2281 struct stat *statbuf = (struct stat *) data;
2282 struct passwd *pw_ent;
2283 @@ -537,6 +548,10 @@
2284 strcat (pformat, "d");
2285 printf (pformat, (int) statbuf->st_ctime);
2288 + strcat (pformat, "s");
2289 + printf(pformat,scontext);
2292 strcat (pformat, "c");
2293 printf (pformat, m);
2297 print_it (char const *masterformat, char const *filename,
2298 - void (*print_func) (char *, char, char const *, void const *),
2300 + void (*print_func) (char *, char, char const *, void const *,SECURITY_ID_T ),
2301 + void const *data, SECURITY_ID_T scontext)
2309 - print_func (dest, *p, filename, data);
2310 + print_func (dest, *p, filename, data,scontext);
2314 @@ -598,9 +613,17 @@
2316 /* stat the filesystem and print what we find */
2318 -do_statfs (char const *filename, int terse, char const *format)
2319 +do_statfs (char const *filename, int terse, int secure, char const *format)
2321 STRUCT_STATVFS statfsbuf;
2322 + SECURITY_ID_T scontext = NULL;
2323 +#ifdef WITH_SELINUX
2325 + if (getfilecon(filename,&scontext)<0) {
2326 + perror (filename);
2330 int i = statfs (filename, &statfsbuf);
2333 @@ -612,23 +635,40 @@
2338 - ? "%n %i %l %t %b %f %a %s %c %d"
2339 - : " File: \"%n\"\n"
2340 - " ID: %-8i Namelen: %-7l Type: %T\n"
2341 - "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
2342 - "Inodes: Total: %-10c Free: %-10d");
2345 - print_it (format, filename, print_statfs, &statfsbuf);
2348 + format = "%n %i %l %t %b %f %a %s %c %d %C";
2350 + format = "%n %i %l %t %b %f %a %s %c %d";
2355 + format = " File: \"%n\"\n"
2356 + " ID: %-8i Namelen: %-7l Type: %T\n"
2357 + "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
2358 + "Inodes: Total: %-10c Free: %-10d\n"
2359 + " S_Context: %C\n";
2361 + format= " File: \"%n\"\n"
2362 + " ID: %-8i Namelen: %-7l Type: %T\n"
2363 + "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
2364 + "Inodes: Total: %-10c Free: %-10d";
2367 + print_it (format, filename, print_statfs, &statfsbuf,scontext);
2368 +#ifdef WITH_SELINUX
2369 + if (scontext != NULL)
2370 + freecon(scontext);
2374 /* stat the file and print what we find */
2376 -do_stat (char const *filename, int follow_links, int terse,
2377 + do_stat (char const *filename, int follow_links, int terse,int secure,
2380 struct stat statbuf;
2381 + SECURITY_ID_T scontext = NULL;
2382 int i = ((follow_links == 1)
2383 ? stat (filename, &statbuf)
2384 : lstat (filename, &statbuf));
2385 @@ -639,11 +679,28 @@
2389 +#ifdef WITH_SELINUX
2392 + i=lgetfilecon(filename, &scontext);
2394 + i=getfilecon(filename, &scontext);
2397 + perror (filename);
2407 - format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
2409 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C";
2411 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
2415 @@ -651,7 +708,17 @@
2416 i = statbuf.st_mode & S_IFMT;
2417 if (i == S_IFCHR || i == S_IFBLK)
2423 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2424 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2425 + " Device type: %t,%T\n"
2426 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2427 + " S_Context: %C\n"
2428 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2432 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2433 "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2434 @@ -661,6 +728,15 @@
2441 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2442 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n"
2443 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2445 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2449 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2450 @@ -670,7 +746,11 @@
2454 - print_it (format, filename, print_stat, &statbuf);
2455 + print_it (format, filename, print_stat, &statbuf,scontext);
2456 +#ifdef WITH_SELINUX
2458 + freecon(scontext);
2464 -f, --filesystem display filesystem status instead of file status\n\
2465 -c --format=FORMAT use the specified FORMAT instead of the default\n\
2466 -L, --dereference follow links\n\
2467 + -Z, --context print the security context \n\
2468 -t, --terse print the information in terse form\n\
2470 fputs (HELP_OPTION_DESCRIPTION, stdout);
2472 %c Total file nodes in file system\n\
2473 %d Free file nodes in file system\n\
2474 %f Free blocks in file system\n\
2475 + %C - Security context in SELinux\n\
2478 %i File System id in hex\n\
2480 int follow_links = 0;
2484 char *format = NULL;
2486 program_name = argv[0];
2489 atexit (close_stdout);
2491 - while ((c = getopt_long (argc, argv, "c:fLlt", long_options, NULL)) != -1)
2492 + while ((c = getopt_long (argc, argv, "c:fLltZ", long_options, NULL)) != -1)
2496 @@ -787,6 +870,14 @@
2501 + if(is_selinux_enabled())
2504 + error (0, 0, _("Kernel is not SELinux enabled"));
2505 + usage (EXIT_FAILURE);
2509 case_GETOPT_HELP_CHAR;
2512 for (i = optind; i < argc; i++)
2515 - do_stat (argv[i], follow_links, terse, format);
2516 + do_stat (argv[i], follow_links, terse, secure, format);
2518 - do_statfs (argv[i], terse, format);
2519 + do_statfs (argv[i], terse, secure, format);
2522 exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS);