1 --- coreutils-5.0/src/Makefile.am.selinux 2003-05-21 11:20:27.000000000 -0400
2 +++ coreutils-5.0/src/Makefile.am 2003-05-21 11:20:28.000000000 -0400
6 bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
7 -bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
8 +bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
9 ginstall link ln dir vdir ls mkdir \
10 mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
11 cat cksum comm csplit cut expand fmt fold head join md5sum \
12 nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
13 basename date dirname echo env expr factor false getgid \
14 - hostname id kill logname pathchk printenv printf pwd seq sleep tee \
15 + hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
16 test true tty whoami yes \
17 @OPTIONAL_BIN_PROGS@ @DF_PROG@
19 @@ -24,15 +24,15 @@ EXTRA_DIST = dcgen dircolors.hin tac-pip
20 groups.sh nohup.sh wheel-gen.pl
21 CLEANFILES = $(SCRIPTS) su
23 -INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib
24 -DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" @DEFS@
25 +INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib
26 +DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" -DWITH_SELINUX @DEFS@
28 # Sometimes, the expansion of @LIBINTL@ includes -lc which may
29 # include modules defining variables like `optind', so libfetish.a
30 # must precede @LIBINTL@ in order to ensure we use GNU getopt.
31 # But libfetish.a must also follow @LIBINTL@, since libintl uses
32 # replacement functions defined in libfetish.a.
33 -LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
34 +LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a -lselinux -lattr
36 dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
37 ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
38 --- coreutils-5.0/src/Makefile.in.selinux 2003-05-21 11:20:26.000000000 -0400
39 +++ coreutils-5.0/src/Makefile.in 2003-05-21 11:23:03.000000000 -0400
40 @@ -56,7 +56,7 @@ CFLAGS = @CFLAGS@
43 CYGPATH_W = @CYGPATH_W@
44 -DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" @DEFS@
45 +DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" -DWITH_SELINUX @DEFS@
49 @@ -159,13 +159,13 @@ EXTRA_PROGRAMS = chroot df hostid nice p
52 bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
53 -bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
54 +bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
55 ginstall link ln dir vdir ls mkdir \
56 mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
57 cat cksum comm csplit cut expand fmt fold head join md5sum \
58 nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
59 basename date dirname echo env expr factor false \
60 - hostname id kill logname pathchk printenv printf pwd seq sleep tee \
61 + hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
62 test true tty whoami yes \
63 @OPTIONAL_BIN_PROGS@ @DF_PROG@
65 @@ -189,7 +189,7 @@ INCLUDES = -I.. -I$(srcdir) -I$(top_srcd
66 # must precede @LIBINTL@ in order to ensure we use GNU getopt.
67 # But libfetish.a must also follow @LIBINTL@, since libintl uses
68 # replacement functions defined in libfetish.a.
69 -LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
70 +LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a -lselinux -lattr
72 dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap
73 ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap
74 @@ -291,7 +291,7 @@ CONFIG_CLEAN_FILES =
75 EXTRA_PROGRAMS = chroot$(EXEEXT) df$(EXEEXT) hostid$(EXEEXT) \
76 nice$(EXEEXT) pinky$(EXEEXT) stty$(EXEEXT) su$(EXEEXT) \
77 uname$(EXEEXT) uptime$(EXEEXT) users$(EXEEXT) who$(EXEEXT)
78 -bin_PROGRAMS = chgrp$(EXEEXT) chown$(EXEEXT) chmod$(EXEEXT) cp$(EXEEXT) \
79 +bin_PROGRAMS = chgrp$(EXEEXT) chown$(EXEEXT) chmod$(EXEEXT) chcon$(EXEEXT) cp$(EXEEXT) \
80 dd$(EXEEXT) dircolors$(EXEEXT) du$(EXEEXT) ginstall$(EXEEXT) \
81 link$(EXEEXT) ln$(EXEEXT) dir$(EXEEXT) vdir$(EXEEXT) \
82 ls$(EXEEXT) mkdir$(EXEEXT) mkfifo$(EXEEXT) mknod$(EXEEXT) \
83 @@ -307,7 +307,7 @@ bin_PROGRAMS = chgrp$(EXEEXT) chown$(EXE
84 date$(EXEEXT) dirname$(EXEEXT) echo$(EXEEXT) env$(EXEEXT) \
85 expr$(EXEEXT) factor$(EXEEXT) false$(EXEEXT) hostname$(EXEEXT) \
86 id$(EXEEXT) kill$(EXEEXT) logname$(EXEEXT) pathchk$(EXEEXT) \
87 - printenv$(EXEEXT) printf$(EXEEXT) pwd$(EXEEXT) seq$(EXEEXT) \
88 + printenv$(EXEEXT) printf$(EXEEXT) pwd$(EXEEXT) runcon$(EXEEXT) seq$(EXEEXT) \
89 sleep$(EXEEXT) tee$(EXEEXT) test$(EXEEXT) true$(EXEEXT) \
90 tty$(EXEEXT) whoami$(EXEEXT) yes$(EXEEXT) @OPTIONAL_BIN_PROGS@ \
92 @@ -338,6 +338,11 @@ chown_OBJECTS = $(am_chown_OBJECTS)
93 chown_LDADD = $(LDADD)
94 chown_DEPENDENCIES = ../lib/libfetish.a ../lib/libfetish.a
96 +chcon_SOURCES = chcon.c
97 +chcon_OBJECTS = chcon.$(OBJEXT)
98 +chcon_LDADD = $(LDADD)
99 +chcon_DEPENDENCIES = ../lib/libfetish.a
101 chroot_SOURCES = chroot.c
102 chroot_OBJECTS = chroot.$(OBJEXT)
103 chroot_LDADD = $(LDADD)
104 @@ -589,6 +594,11 @@ rmdir_OBJECTS = rmdir.$(OBJEXT)
105 rmdir_LDADD = $(LDADD)
106 rmdir_DEPENDENCIES = ../lib/libfetish.a ../lib/libfetish.a
108 +runcon_SOURCES = runcon.c
109 +runcon_OBJECTS = runcon$U.$(OBJEXT)
110 +runcon_LDADD = $(LDADD)
111 +runcon_DEPENDENCIES = ../lib/libfetish.a
114 seq_OBJECTS = seq.$(OBJEXT)
115 seq_DEPENDENCIES = ../lib/libfetish.a ../lib/libfetish.a
116 @@ -793,7 +803,7 @@ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUD
117 $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
119 LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
120 -DIST_SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c \
121 +DIST_SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c chcon.c \
122 $(chown_SOURCES) chroot.c cksum.c comm.c $(cp_SOURCES) csplit.c \
123 cut.c date.c dd.c df.c $(dir_SOURCES) dircolors.c dirname.c \
124 du.c echo.c env.c expand.c expr.c factor.c false.c fmt.c fold.c \
125 @@ -801,7 +811,7 @@ DIST_SOURCES = basename.c cat.c $(chgrp_
126 kill.c link.c ln.c logname.c $(ls_SOURCES) $(md5sum_SOURCES) \
127 mkdir.c mkfifo.c mknod.c $(mv_SOURCES) nice.c nl.c od.c paste.c \
128 pathchk.c pinky.c pr.c printenv.c printf.c ptx.c pwd.c \
129 - readlink.c $(rm_SOURCES) rmdir.c seq.c $(sha1sum_SOURCES) \
130 + readlink.c $(rm_SOURCES) rmdir.c runcon.c seq.c $(sha1sum_SOURCES) \
131 shred.c sleep.c sort.c split.c stat.c stty.c su.c sum.c sync.c \
132 tac.c tail.c tee.c test.c touch.c tr.c true.c tsort.c tty.c \
133 uname.c unexpand.c uniq.c unlink.c uptime.c users.c \
134 @@ -809,7 +819,7 @@ DIST_SOURCES = basename.c cat.c $(chgrp_
135 HEADERS = $(noinst_HEADERS)
137 DIST_COMMON = $(noinst_HEADERS) Makefile.am Makefile.in
138 -SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c $(chown_SOURCES) chroot.c cksum.c comm.c $(cp_SOURCES) csplit.c cut.c date.c dd.c df.c $(dir_SOURCES) dircolors.c dirname.c du.c echo.c env.c expand.c expr.c factor.c false.c fmt.c fold.c $(ginstall_SOURCES) head.c hostid.c hostname.c id.c join.c kill.c link.c ln.c logname.c $(ls_SOURCES) $(md5sum_SOURCES) mkdir.c mkfifo.c mknod.c $(mv_SOURCES) nice.c nl.c od.c paste.c pathchk.c pinky.c pr.c printenv.c printf.c ptx.c pwd.c readlink.c $(rm_SOURCES) rmdir.c seq.c $(sha1sum_SOURCES) shred.c sleep.c sort.c split.c stat.c stty.c su.c sum.c sync.c tac.c tail.c tee.c test.c touch.c tr.c true.c tsort.c tty.c uname.c unexpand.c uniq.c unlink.c uptime.c users.c $(vdir_SOURCES) wc.c who.c whoami.c yes.c
139 +SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c chcon.c $(chown_SOURCES) chroot.c cksum.c comm.c $(cp_SOURCES) csplit.c cut.c date.c dd.c df.c $(dir_SOURCES) dircolors.c dirname.c du.c echo.c env.c expand.c expr.c factor.c false.c fmt.c fold.c $(ginstall_SOURCES) head.c hostid.c hostname.c id.c join.c kill.c link.c ln.c logname.c $(ls_SOURCES) $(md5sum_SOURCES) mkdir.c mkfifo.c mknod.c $(mv_SOURCES) nice.c nl.c od.c paste.c pathchk.c pinky.c pr.c printenv.c printf.c ptx.c pwd.c readlink.c $(rm_SOURCES) rmdir.c runcon.c seq.c $(sha1sum_SOURCES) shred.c sleep.c sort.c split.c stat.c stty.c su.c sum.c sync.c tac.c tail.c tee.c test.c touch.c tr.c true.c tsort.c tty.c uname.c unexpand.c uniq.c unlink.c uptime.c users.c $(vdir_SOURCES) wc.c who.c whoami.c yes.c
141 all: $(BUILT_SOURCES)
142 $(MAKE) $(AM_MAKEFLAGS) all-am
143 @@ -872,6 +882,9 @@ chgrp$(EXEEXT): $(chgrp_OBJECTS) $(chgrp
144 chmod$(EXEEXT): $(chmod_OBJECTS) $(chmod_DEPENDENCIES)
145 @rm -f chmod$(EXEEXT)
146 $(LINK) $(chmod_LDFLAGS) $(chmod_OBJECTS) $(chmod_LDADD) $(LIBS)
147 +chcon$(EXEEXT): $(chcon_OBJECTS) $(chcon_DEPENDENCIES)
148 + @rm -f chcon$(EXEEXT)
149 + $(LINK) $(chcon_LDFLAGS) $(chcon_OBJECTS) $(chcon_LDADD) $(LIBS)
150 chown$(EXEEXT): $(chown_OBJECTS) $(chown_DEPENDENCIES)
151 @rm -f chown$(EXEEXT)
152 $(LINK) $(chown_LDFLAGS) $(chown_OBJECTS) $(chown_LDADD) $(LIBS)
153 @@ -1028,6 +1041,9 @@ rm$(EXEEXT): $(rm_OBJECTS) $(rm_DEPENDEN
154 rmdir$(EXEEXT): $(rmdir_OBJECTS) $(rmdir_DEPENDENCIES)
155 @rm -f rmdir$(EXEEXT)
156 $(LINK) $(rmdir_LDFLAGS) $(rmdir_OBJECTS) $(rmdir_LDADD) $(LIBS)
157 +runcon$(EXEEXT): $(runcon_OBJECTS) $(runcon_DEPENDENCIES)
158 + @rm -f runcon$(EXEEXT)
159 + $(LINK) $(runcon_LDFLAGS) $(runcon_OBJECTS) $(runcon_LDADD) $(LIBS)
160 seq$(EXEEXT): $(seq_OBJECTS) $(seq_DEPENDENCIES)
162 $(LINK) $(seq_LDFLAGS) $(seq_OBJECTS) $(seq_LDADD) $(LIBS)
163 --- /dev/null 2003-01-30 05:24:37.000000000 -0500
164 +++ coreutils-5.0/src/chcon.c 2003-05-21 11:20:28.000000000 -0400
166 +/* chcontext -- change security context of a pathname */
170 +#include <sys/types.h>
173 +#include <selinux/selinux.h>
177 +#include "savedir.h"
178 +#include "group-member.h"
184 + CH_NO_CHANGE_REQUESTED
189 + /* Print a message for each file that is processed. */
192 + /* Print a message for each file whose attributes we change. */
195 + /* Do not be verbose. This is the default. */
199 +static int change_dir_context PARAMS ((const char *dir, security_context_t context,
200 + const struct stat *statp));
202 +/* The name the program was run with. */
205 +/* If nonzero, and the systems has support for it, change the context
206 + of symbolic links rather than any files they point to. */
207 +static int change_symlinks;
209 +/* If nonzero, change the context of directories recursively. */
212 +/* If nonzero, force silence (no error messages). */
213 +static int force_silent;
215 +/* Level of verbosity. */
216 +static enum Verbosity verbosity = V_off;
218 +/* The name of the context file is being given. */
219 +static const char *contextname;
221 +/* The argument to the --reference option. Use the context of this file.
222 + This file must exist. */
223 +static char *reference_file;
225 +/* If nonzero, display usage information and exit. */
226 +static int show_help;
228 +/* If nonzero, print the version on standard output and exit. */
229 +static int show_version;
231 +static struct option const long_options[] =
233 + {"recursive", no_argument, 0, 'R'},
234 + {"changes", no_argument, 0, 'c'},
235 + {"no-dereference", no_argument, 0, 'h'},
236 + {"silent", no_argument, 0, 'f'},
237 + {"quiet", no_argument, 0, 'f'},
238 + {"reference", required_argument, 0, CHAR_MAX + 1},
239 + {"context", required_argument, 0, CHAR_MAX + 2},
240 + {"verbose", no_argument, 0, 'v'},
241 + {"help", no_argument, &show_help, 1},
242 + {"version", no_argument, &show_version, 1},
246 +/* Tell the user how/if the context of FILE has been changed.
247 + CHANGED describes what (if anything) has happened. */
250 +describe_change (const char *file, enum Change_status changed)
256 + fmt = _("context of %s changed to %s\n");
259 + fmt = _("failed to change context of %s to %s\n");
261 + case CH_NO_CHANGE_REQUESTED:
262 + fmt = _("context of %s retained as %s\n");
267 + printf (fmt, file, contextname);
270 +/* Change the context of FILE to CONTEXT.
271 + If it is a directory and -R is given, recurse.
272 + Return 0 if successful, 1 if errors occurred. */
275 +change_file_context (const char *file, security_context_t context)
277 + struct stat file_stats;
278 + security_context_t file_context=NULL;
281 + if (lgetfilecon(file, &file_context)<0)
283 + if (force_silent == 0)
284 + error (0, errno, "%s", file);
288 + if (strcmp(context,file_context)!=0)
292 + if (change_symlinks)
293 + fail = lsetfilecon (file, context);
295 + fail = setfilecon (file, context);
297 + if (verbosity == V_high || (verbosity == V_changes_only && !fail))
298 + describe_change (file, (fail ? CH_FAILED : CH_SUCCEEDED));
303 + if (force_silent == 0)
305 + error (0, errno, "%s", file);
309 + else if (verbosity == V_high)
311 + describe_change (file, CH_NO_CHANGE_REQUESTED);
314 + freecon(file_context);
317 + if (lstat(file, &file_stats)==0)
318 + if (S_ISDIR (file_stats.st_mode))
319 + errors |= change_dir_context (file, context, &file_stats);
324 +/* Recursively change context of the files in directory DIR
325 + to CONTEXT CONTEXT.
326 + STATP points to the results of lstat on DIR.
327 + Return 0 if successful, 1 if errors occurred. */
330 +change_dir_context (const char *dir, security_context_t context, const struct stat *statp)
332 + char *name_space, *namep;
333 + char *path; /* Full path of each entry to process. */
334 + unsigned dirlength; /* Length of `dir' and '\0'. */
335 + unsigned filelength; /* Length of each pathname to process. */
336 + unsigned pathlength; /* Bytes allocated for `path'. */
340 + name_space = savedir (dir);
341 + if (name_space == NULL)
345 + if (force_silent == 0)
346 + error (0, errno, "%s", dir);
350 + error (1, 0, _("virtual memory exhausted"));
353 + dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
354 + pathlength = dirlength + 1;
355 + /* Give `path' a dummy value; it will be reallocated before first use. */
356 + path = xmalloc (pathlength);
357 + strcpy (path, dir);
358 + path[dirlength - 1] = '/';
360 + for (namep = name_space; *namep; namep += filelength - dirlength)
362 + filelength = dirlength + strlen (namep) + 1;
363 + if (filelength > pathlength)
365 + pathlength = filelength * 2;
366 + path = xrealloc (path, pathlength);
368 + strcpy (path + dirlength, namep);
369 + errors |= change_file_context (path, context);
380 + fprintf (stderr, _("Try `%s --help' for more information.\n"),
385 +Usage: %s [OPTION]... CONTEXT FILE...\n\
386 + or: %s [OPTION]... --reference=RFILE FILE...\n\
387 + or: %s [OPTION]... --context=CONTEXT FILE...\n\
389 + program_name, program_name, program_name);
391 +Change the security context of each FILE to CONTEXT.\n\
393 + -c, --changes like verbose but report only when a change is made\n\
394 + -h, --no-dereference affect symbolic links instead of any referenced file\n\
395 + (available only on systems with lchown system call)\n\
396 + -f, --silent, --quiet suppress most error messages\n\
397 + --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
398 + --context=CONTEXT use context corresponding to CONTEXT for CONTEXT value\n\
399 + -R, --recursive change files and directories recursively\n\
400 + -v, --verbose output a diagnostic for every file processed\n\
401 + --help display this help and exit\n\
402 + --version output version information and exit\n\
410 +main (int argc, char **argv)
412 + security_context_t context = NULL;
413 + security_context_t ref_context = NULL;
417 + program_name = argv[0];
418 + setlocale (LC_ALL, "");
419 + bindtextdomain (PACKAGE, LOCALEDIR);
420 + textdomain (PACKAGE);
422 + recurse = force_silent = 0;
424 + while ((optc = getopt_long (argc, argv, "Rcfhv", long_options, NULL)) != -1)
431 + reference_file = optarg;
440 + verbosity = V_changes_only;
446 + change_symlinks = 1;
449 + verbosity = V_high;
458 + printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
466 + if (argc - optind + ( (reference_file || ( context > 0 ) ) ? 1 : 0) <= 1)
468 + error (0, 0, _("too few arguments"));
472 + if (reference_file)
474 + if (getfilecon (reference_file, &ref_context)<0)
475 + error (1, errno, "%s", reference_file);
477 + context = ref_context;
480 + context = argv[optind++];
481 + for (; optind < argc; ++optind)
482 + errors |= change_file_context (argv[optind], context);
484 + if (verbosity != V_off)
486 + if (ref_context != NULL)
487 + freecon(ref_context);
490 --- coreutils-5.0/src/copy.c.selinux 2003-05-21 11:20:27.000000000 -0400
491 +++ coreutils-5.0/src/copy.c 2003-05-21 11:20:28.000000000 -0400
494 #include "xreadlink.h"
497 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
500 #define DO_CHOWN(Chown, File, New_uid, New_gid) \
501 (Chown (File, New_uid, New_gid) \
502 /* If non-root uses -p, it's ok if we can't preserve ownership. \
503 @@ -1463,6 +1467,24 @@ copy_internal (const char *src_path, con
504 preserving owner/group is a potential security problem. */
508 + /* Trying to preserve a security context can fail for any UID, and user
509 + * should probably always know about it.
511 + if ( x->preserve_security_context ) {
512 + security_context_t lcontext;
513 + if ( lgetfilecon(src_path, &lcontext) < 0 ) {
514 + error (0, errno, _("getting security context for %s"), src_path);
517 + if ( lsetfilecon(dst_path, lcontext) < 0 ) {
518 + error (0, errno, _("preserving security context for %s (context==%s)"), dst_path, lcontext);
528 @@ -1551,6 +1573,27 @@ copy_internal (const char *src_path, con
533 + /* Trying to preserve a security context can fail for any UID, and user
534 + * should probably always know about it.
537 + if ( x->preserve_security_context ) {
538 + security_context_t lcontext;
539 + if ( getfilecon(src_path, &lcontext) < 0 ) {
540 + error (0, errno, _("getting security context for %s"), src_path);
543 + if ( setfilecon(dst_path, lcontext) < 0 ) {
544 + error (0, errno, _("preserving security context for %s (context==%s)"), dst_path, lcontext);
553 if (x->preserve_mode || x->move_mode)
555 if (copy_acl (src_path, dst_path, src_mode) && x->require_preserve)
556 --- coreutils-5.0/src/copy.h.selinux 2003-05-21 11:20:27.000000000 -0400
557 +++ coreutils-5.0/src/copy.h 2003-05-21 11:20:28.000000000 -0400
558 @@ -105,6 +105,9 @@ struct cp_options
559 int preserve_ownership;
561 int preserve_timestamps;
563 + int preserve_security_context;
566 /* Enabled for mv, and for cp by the --preserve=links option.
567 If nonzero, attempt to preserve in the destination files any
568 --- coreutils-5.0/src/cp.c.selinux 2003-05-21 11:20:27.000000000 -0400
569 +++ coreutils-5.0/src/cp.c 2003-05-21 11:31:26.000000000 -0400
572 #define AUTHORS N_ ("Torbjorn Granlund, David MacKenzie, and Jim Meyering")
575 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
578 #ifndef _POSIX_VERSION
581 @@ -149,6 +153,9 @@ static struct option const long_opts[] =
582 {"update", no_argument, NULL, 'u'},
583 {"verbose", no_argument, NULL, 'v'},
584 {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
586 + {"context", required_argument, NULL, 'X'},
588 {GETOPT_HELP_OPTION_DECL},
589 {GETOPT_VERSION_OPTION_DECL},
591 @@ -198,6 +205,9 @@ Mandatory arguments to long options are
592 additional attributes: links, all\n\
595 + -c same as --preserve=context\n\
598 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
599 --parents append source path to DIRECTORY\n\
600 -P same as `--no-dereference'\n\
601 @@ -225,6 +235,7 @@ Mandatory arguments to long options are
602 destination file is missing\n\
603 -v, --verbose explain what is being done\n\
604 -x, --one-file-system stay on this file system\n\
605 + -X, --context=CONTEXT set security context of copy to CONTEXT\n\
607 fputs (HELP_OPTION_DESCRIPTION, stdout);
608 fputs (VERSION_OPTION_DESCRIPTION, stdout);
609 @@ -358,6 +369,28 @@ re_protect (const char *const_dst_path,
614 + /* Trying to preserve a security context can fail for any UID, and user
615 + * should probably always know about it.
618 + if ( x->preserve_security_context ) {
620 + security_context_t context;
622 + if ( (rv = getfilecon(src_path, &context)) < 0 ) {
623 + error (0, errno, _("getting security context for %s"), src_path);
627 + if ( (rv = setfilecon(dst_path, context)) < 0 ) {
628 + error (0, errno, _("preserving security context for %s (context==%s)"), dst_path, context);
635 dst_path[p->slash_offset] = '/';
638 @@ -756,8 +789,8 @@ do_copy (int n_files, char **file, const
640 new_dest = (char *) dest;
643 - return copy (source, new_dest, new_dst, x, &unused, NULL);
644 + ret=copy (source, new_dest, new_dst, x, &unused, NULL);
649 @@ -781,6 +814,10 @@ cp_option_init (struct cp_options *x)
650 x->preserve_mode = 0;
651 x->preserve_timestamps = 0;
654 + x->preserve_security_context = 0;
657 x->require_preserve = 0;
659 x->sparse_mode = SPARSE_AUTO;
660 @@ -808,19 +845,20 @@ decode_preserve_arg (char const *arg, st
667 static enum File_attribute const preserve_vals[] =
669 PRESERVE_MODE, PRESERVE_TIMESTAMPS,
670 - PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
671 + PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
674 /* Valid arguments to the `--preserve' option. */
675 static char const* const preserve_args[] =
677 "mode", "timestamps",
678 - "ownership", "links", "all", 0
679 + "ownership", "links", "context", "all", 0
682 char *arg_writable = xstrdup (arg);
683 @@ -855,11 +893,16 @@ decode_preserve_arg (char const *arg, st
684 x->preserve_links = on_off;
687 + case PRESERVE_CONTEXT:
688 + x->preserve_security_context = on_off;
692 x->preserve_mode = on_off;
693 x->preserve_timestamps = on_off;
694 x->preserve_ownership = on_off;
695 x->preserve_links = on_off;
696 + x->preserve_security_context = on_off;
700 @@ -882,6 +925,10 @@ main (int argc, char **argv)
702 int copy_contents = 0;
703 char *target_directory = NULL;
705 + security_context_t scontext = NULL;
706 + int is_selinux_enabled_flag= is_selinux_enabled();
709 program_name = argv[0];
710 setlocale (LC_ALL, "");
711 @@ -896,7 +943,11 @@ main (int argc, char **argv)
712 we'll actually use backup_suffix_string. */
713 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
716 + while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:X:Z:", long_opts, NULL))
718 while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL))
723 @@ -988,6 +1039,36 @@ main (int argc, char **argv)
724 x.preserve_timestamps = 1;
725 x.require_preserve = 1;
729 + if ( scontext != NULL ) {
730 + (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext);
733 + else if (is_selinux_enabled_flag)
734 + x.preserve_security_context = 1;
738 + /* politely decline if we're not on a selinux-enabled kernel. */
739 + if( !is_selinux_enabled_flag ) {
740 + fprintf( stderr, "Warning: ignoring --context (-X). "
741 + "It requires a SELinux enabled kernel.\n" );
744 + if ( x.preserve_security_context ) {
745 + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
749 + /* if there's a security_context given set new path
750 + components to that context, too */
751 + if ( setfscreatecon(scontext) < 0 ) {
752 + (void) fprintf(stderr, _("cannot set default security context %s"), scontext);
760 --- coreutils-5.0/src/id.c.selinux 2003-03-27 17:39:46.000000000 -0500
761 +++ coreutils-5.0/src/id.c 2003-05-21 11:20:28.000000000 -0400
762 @@ -46,6 +46,20 @@ gid_t getegid ();
767 +#include <selinux/selinux.h>
768 +static void print_context PARAMS ((char* context));
769 +/* Print the SELinux context */
771 +print_context(char *context)
773 + printf ("%s", context);
776 +/* If nonzero, output only the SELinux context. -c */
777 +static int just_context = 0;
780 static void print_user (uid_t uid);
781 static void print_group (gid_t gid);
782 static void print_group_list (const char *username);
783 @@ -64,8 +78,14 @@ static gid_t rgid, egid;
784 /* The number of errors encountered so far. */
785 static int problems = 0;
787 +/* The SELinux context */
788 +/* Set `context' to a known invalid value so print_full_info() will *
789 + * know when `context' has not been set to a meaningful value. */
790 +static security_context_t context=NULL;
792 static struct option const longopts[] =
794 + {"context", no_argument, NULL, 'c'},
795 {"group", no_argument, NULL, 'g'},
796 {"groups", no_argument, NULL, 'G'},
797 {"name", no_argument, NULL, 'n'},
798 @@ -89,6 +109,7 @@ usage (int status)
799 Print information for USERNAME, or the current user.\n\
801 -a ignore, for compatibility with other versions\n\
802 + -c, --context print only the context\n\
803 -g, --group print only the effective group ID\n\
804 -G, --groups print all group IDs\n\
805 -n, --name print a name instead of a number, for -ugG\n\
806 @@ -110,6 +131,7 @@ int
807 main (int argc, char **argv)
810 + int is_selinux_enabled_flag=is_selinux_enabled();
812 /* If nonzero, output the list of all group IDs. -G */
813 int just_group_list = 0;
814 @@ -127,7 +149,7 @@ main (int argc, char **argv)
816 atexit (close_stdout);
818 - while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
819 + while ((optc = getopt_long (argc, argv, "acgnrsuG", longopts, NULL)) != -1)
823 @@ -136,6 +158,17 @@ main (int argc, char **argv)
825 /* Ignore -a, for compatibility with SVR4. */
829 + /* politely decline if we're not on a selinux-enabled kernel. */
830 + if( !is_selinux_enabled_flag ) {
831 + fprintf( stderr, "Sorry, --context (-c) can be used only on "
832 + "a selinux-enabled kernel.\n" );
841 @@ -158,8 +191,28 @@ main (int argc, char **argv)
845 - if (just_user + just_group + just_group_list > 1)
846 - error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
848 + if (argc - optind == 1)
849 + is_selinux_enabled_flag = 0;
851 + if( just_context && !is_selinux_enabled_flag)
853 +cannot display context when selinux not enabled or when displaying the id\n\
854 +of a different user"));
856 + /* If we are on a selinux-enabled kernel, get our context. *
857 + * Otherwise, leave the context variable alone - it has *
858 + * been initialized known invalid value; if we see this invalid *
859 + * value later, we will know we are on a non-selinux kernel. */
860 + if( is_selinux_enabled_flag )
862 + if (getcon(&context))
863 + error (1, 0, "can't get process context");
867 + if (just_user + just_group + just_group_list + just_context > 1)
868 + error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
870 if (just_user + just_group + just_group_list == 0 && (use_real || use_name))
871 error (EXIT_FAILURE, 0,
872 @@ -190,6 +243,10 @@ main (int argc, char **argv)
873 print_group (use_real ? rgid : egid);
874 else if (just_group_list)
875 print_group_list (argv[optind]);
877 + else if (just_context)
878 + print_context (context);
881 print_full_info (argv[optind]);
883 @@ -397,4 +454,9 @@ print_full_info (const char *username)
886 #endif /* HAVE_GETGROUPS */
888 + if ( context != NULL ) {
889 + printf(" context=%s",context);
893 --- coreutils-5.0/src/install.c.selinux 2003-05-21 11:20:27.000000000 -0400
894 +++ coreutils-5.0/src/install.c 2003-05-21 11:20:28.000000000 -0400
896 # include <sys/wait.h>
900 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
903 struct passwd *getpwnam ();
904 struct group *getgrnam ();
906 @@ -126,11 +130,17 @@ static int dir_arg;
907 static struct option const long_options[] =
909 {"backup", optional_argument, NULL, 'b'},
911 + {"context", required_argument, NULL, 'X'},
913 {"directory", no_argument, NULL, 'd'},
914 {"group", required_argument, NULL, 'g'},
915 {"mode", required_argument, NULL, 'm'},
916 {"owner", required_argument, NULL, 'o'},
917 {"preserve-timestamps", no_argument, NULL, 'p'},
919 + {"preserve_context", no_argument, NULL, 'P'},
921 {"strip", no_argument, NULL, 's'},
922 {"suffix", required_argument, NULL, 'S'},
923 {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
924 @@ -247,6 +257,9 @@ cp_option_init (struct cp_options *x)
929 + x->preserve_security_context = 0;
934 @@ -265,6 +278,11 @@ main (int argc, char **argv)
939 + security_context_t scontext = NULL;
940 + /* set iff kernel has extra selinux system calls */
941 + int is_selinux_enabled_flag = is_selinux_enabled();
944 program_name = argv[0];
945 setlocale (LC_ALL, "");
946 @@ -285,7 +303,11 @@ main (int argc, char **argv)
947 we'll actually use backup_suffix_string. */
948 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
951 + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPX:vV:S:Z:", long_options,
953 while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pvV:S:", long_options,
958 @@ -338,6 +360,39 @@ main (int argc, char **argv)
960 backup_suffix_string = optarg;
964 + /* politely decline if we're not on a selinux-enabled kernel. */
965 + if( !is_selinux_enabled_flag ) {
966 + fprintf( stderr, "Warning: ignoring --preserve_context (-P) "
967 + "because the kernel is not selinux-enabled.\n" );
970 + if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
971 + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], scontext);
974 + x.preserve_security_context = 1;
977 + /* politely decline if we're not on a selinux-enabled kernel. */
978 + if( !is_selinux_enabled_flag ) {
979 + fprintf( stderr, "Warning: ignoring --context (-X) "
980 + "because the kernel is not selinux-enabled.\n" );
983 + if ( x.preserve_security_context ) {
985 + (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg);
989 + if (setfscreatecon(scontext)) {
990 + (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], scontext);
995 case_GETOPT_HELP_CHAR;
996 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
998 @@ -721,6 +776,11 @@ Mandatory arguments to long options are
999 -S, --suffix=SUFFIX override the usual backup suffix\n\
1000 -v, --verbose print the name of each directory as it is created\n\
1003 + -P, --preserve_context (Selinux) Preserve security context\n\
1004 + -X, --context=CONTEXT (Selinux) Set security context of files and directories\n\
1007 fputs (HELP_OPTION_DESCRIPTION, stdout);
1008 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1010 --- coreutils-5.0/src/ls.c.selinux 2003-05-21 11:20:27.000000000 -0400
1011 +++ coreutils-5.0/src/ls.c 2003-05-21 11:20:28.000000000 -0400
1012 @@ -132,6 +132,12 @@ int wcwidth ();
1014 #define AUTHORS N_ ("Richard Stallman and David MacKenzie")
1016 +#ifdef WITH_SELINUX
1017 +#include <selinux/selinux.h>
1018 +int is_selinux_enabled_flag= 0;
1019 +static int print_scontext = 0;
1022 #define obstack_chunk_alloc malloc
1023 #define obstack_chunk_free free
1025 @@ -229,6 +235,10 @@ struct fileinfo
1026 /* For long listings, true if the file has an access control list. */
1030 +#ifdef WITH_SELINUX
1031 + security_context_t scontext;
1035 #if HAVE_ACL || USE_ACL
1036 @@ -292,6 +302,9 @@ static void queue_directory (const char
1037 static void sort_files (void);
1038 static void parse_ls_color (void);
1039 void usage (int status);
1040 +#ifdef WITH_SELINUX
1041 +static void print_scontext_format PARAMS ((const struct fileinfo *f));
1044 /* The name the program was run with, stripped of any leading path. */
1046 @@ -381,7 +394,12 @@ enum format
1047 one_per_line, /* -1 */
1048 many_per_line, /* -C */
1049 horizontal, /* -x */
1050 - with_commas /* -m */
1051 +#ifdef WITH_SELINUX
1052 + with_commas, /* -m */
1055 + with_commas /* -m */
1059 static enum format format;
1060 @@ -706,6 +724,11 @@ enum
1061 SHOW_CONTROL_CHARS_OPTION,
1064 +#ifdef WITH_SELINUX
1072 @@ -749,6 +772,11 @@ static struct option const long_options[
1073 {"time-style", required_argument, 0, TIME_STYLE_OPTION},
1074 {"color", optional_argument, 0, COLOR_OPTION},
1075 {"block-size", required_argument, 0, BLOCK_SIZE_OPTION},
1076 +#ifdef WITH_SELINUX
1077 + {"context", no_argument, 0, CONTEXT_OPTION},
1078 + {"lcontext", no_argument, 0, LCONTEXT_OPTION},
1079 + {"scontext", no_argument, 0, SCONTEXT_OPTION},
1081 {"author", no_argument, 0, AUTHOR_OPTION},
1082 {GETOPT_HELP_OPTION_DECL},
1083 {GETOPT_VERSION_OPTION_DECL},
1084 @@ -758,12 +786,19 @@ static struct option const long_options[
1085 static char const *const format_args[] =
1087 "verbose", "long", "commas", "horizontal", "across",
1088 - "vertical", "single-column", 0
1089 + "vertical", "single-column",
1090 +#ifdef WITH_SELINUX
1096 static enum format const format_types[] =
1098 long_format, long_format, with_commas, horizontal, horizontal,
1099 +#ifdef WITH_SELINUX
1102 many_per_line, one_per_line
1105 @@ -1147,6 +1182,9 @@ main (int argc, char **argv)
1107 format_needs_stat = sort_type == sort_time || sort_type == sort_size
1108 || format == long_format
1109 +#ifdef WITH_SELINUX
1110 + || format == security_format || print_scontext
1112 || dereference == DEREF_ALWAYS
1113 || print_block_size || print_inode;
1114 format_needs_type = (format_needs_stat == 0
1115 @@ -1269,6 +1307,11 @@ decode_switches (int argc, char **argv)
1116 /* Record whether there is an option specifying sort type. */
1117 int sort_type_specified = 0;
1119 +#ifdef WITH_SELINUX
1120 + /* 1 iff kernel has new selinux system calls */
1121 + is_selinux_enabled_flag= is_selinux_enabled();
1124 qmark_funny_chars = 0;
1126 /* initialize all switches to default settings */
1127 @@ -1319,6 +1362,9 @@ decode_switches (int argc, char **argv)
1129 really_all_files = 0;
1130 ignore_patterns = 0;
1131 +#ifdef WITH_SELINUX
1132 + print_scontext = 0;
1135 /* FIXME: put this in a function. */
1137 @@ -1684,6 +1730,31 @@ decode_switches (int argc, char **argv)
1139 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1141 +#ifdef WITH_SELINUX
1143 +#define check_selinux() if (!is_selinux_enabled_flag) { \
1144 + fprintf( stderr, "Sorry, this option can only be used " \
1145 + "on a SELinux kernel.\n" ); \
1146 + exit( EXIT_FAILURE ); \
1149 + case CONTEXT_OPTION: /* new security format */
1151 + print_scontext = 1;
1152 + format = security_format;
1154 + case LCONTEXT_OPTION: /* long format plus security context */
1156 + print_scontext = 1;
1157 + format = long_format;
1159 + case SCONTEXT_OPTION: /* short form of new security format */
1161 + print_scontext = 0;
1162 + format = security_format;
1167 usage (EXIT_FAILURE);
1169 @@ -2331,6 +2402,10 @@ clear_files (void)
1170 free (files[i].name);
1171 if (files[i].linkname)
1172 free (files[i].linkname);
1173 +#ifdef WITH_SELINUX
1174 + if (files[i].scontext)
1175 + freecon (files[i].scontext);
1180 @@ -2402,6 +2477,11 @@ gobble_file (const char *name, enum file
1183 err = stat (path, &files[files_index].stat);
1184 +#ifdef WITH_SELINUX
1186 + if (is_selinux_enabled_flag)
1187 + err=getfilecon(path, &files[files_index].scontext);
1190 if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
1192 @@ -2420,6 +2500,12 @@ gobble_file (const char *name, enum file
1194 default: /* DEREF_NEVER */
1195 err = lstat (path, &files[files_index].stat);
1196 +#ifdef WITH_SELINUX
1198 + if (is_selinux_enabled_flag)
1199 + err=lgetfilecon(path, &files[files_index].scontext);
1205 @@ -2849,6 +2935,16 @@ print_current_files (void)
1206 DIRED_PUTCHAR ('\n');
1210 +#ifdef WITH_SELINUX
1211 + case security_format:
1212 + for (i = 0; i < files_index; i++)
1214 + print_scontext_format (files + i);
1215 + DIRED_PUTCHAR ('\n');
1222 @@ -3112,6 +3208,14 @@ print_long_format (const struct fileinfo
1226 +#ifdef WITH_SELINUX
1228 + if ( print_scontext ) {
1229 + sprintf (p, "%-32s ", f->scontext);
1235 DIRED_FPUTS (buf, stdout, p - buf);
1236 print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
1237 @@ -3917,6 +4021,16 @@ Mandatory arguments to long options are
1238 -X sort alphabetically by entry extension\n\
1239 -1 list one file per line\n\
1241 +#ifdef WITH_SELINUX
1242 +printf(_("SELINUX options:\n\n\
1243 + --lcontext Display security context. Enable -l. Lines\n\
1244 + will probably be too wide for most displays.\n\
1245 + --context Display security context so it fits on most\n\
1246 + displays. Displays only mode, user, group,\n\
1247 + security context and file name.\n\
1248 + --scontext Display only security context and file name.\n\
1251 fputs (HELP_OPTION_DESCRIPTION, stdout);
1252 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1254 @@ -3935,3 +4049,79 @@ to a terminal (tty).\n\
1259 +#ifdef WITH_SELINUX
1262 +print_scontext_format (const struct fileinfo *f)
1266 + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
1267 + 1 10-byte mode string,
1268 + 9 spaces, one following each of these fields, and
1269 + 1 trailing NUL byte. */
1271 + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
1272 + char *buf = init_bigbuf;
1273 + size_t bufsize = sizeof (init_bigbuf);
1284 + if ( print_scontext ) { /* zero means terse listing */
1285 + mode_string (f->stat.st_mode, modebuf);
1286 + modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
1287 + modebuf[11] = '\0';
1291 + (void) sprintf (p, "%s ", modebuf);
1294 + /* print standard user and group */
1296 + user_name = (numeric_ids ? NULL : getuser (f->stat.st_uid));
1298 + (void) sprintf (p, "%-8.8s ", user_name);
1300 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid);
1303 + if ( print_group ) {
1304 + group_name = (numeric_ids ? NULL : getgroup (f->stat.st_gid));
1306 + (void) sprintf (p, "%-8.8s ", group_name);
1308 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid);
1313 + (void) sprintf (p, "%-32s ", f->scontext);
1317 + DIRED_FPUTS (buf, stdout, p - buf);
1318 + print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, &dired_obstack);
1320 + if (f->filetype == symbolic_link) {
1321 + if (f->linkname) {
1322 + DIRED_FPUTS_LITERAL (" -> ", stdout);
1323 + print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, NULL);
1324 + if (indicator_style != none)
1325 + print_type_indicator (f->linkmode);
1329 + if (indicator_style != none)
1330 + print_type_indicator (f->stat.st_mode);
1334 --- coreutils-5.0/src/mkdir.c.selinux 2002-09-23 03:35:27.000000000 -0400
1335 +++ coreutils-5.0/src/mkdir.c 2003-05-21 11:20:28.000000000 -0400
1338 #define AUTHORS "David MacKenzie"
1340 +#ifdef WITH_SELINUX
1341 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1344 /* The name this program was run with. */
1347 @@ -42,6 +46,9 @@ static int create_parents;
1349 static struct option const longopts[] =
1351 +#ifdef WITH_SELINUX
1352 + {"context", required_argument, NULL, 'c'},
1354 {"mode", required_argument, NULL, 'm'},
1355 {"parents", no_argument, NULL, 'p'},
1356 {"verbose", no_argument, NULL, 'v'},
1357 @@ -63,6 +70,11 @@ usage (int status)
1358 Create the DIRECTORY(ies), if they do not already exist.\n\
1361 +#ifdef WITH_SELINUX
1363 + -c, --context=CONTEXT (Selinux) set security context to CONTEXT\n\
1367 Mandatory arguments to long options are mandatory for short options too.\n\
1369 @@ -97,7 +109,11 @@ main (int argc, char **argv)
1373 +#ifdef WITH_SELINUX
1374 + while ((optc = getopt_long (argc, argv, "pm:s:c:v", longopts, NULL)) != -1)
1376 while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
1381 @@ -112,6 +128,20 @@ main (int argc, char **argv)
1382 case 'v': /* --verbose */
1383 verbose_fmt_string = _("created directory %s");
1385 +#ifdef WITH_SELINUX
1387 + /* politely decline if we're not on a selinux-enabled kernel. */
1388 + if( !is_selinux_enabled()) {
1389 + fprintf( stderr, "Sorry, --context (-c) can be used only on "
1390 + "a selinux-enabled kernel.\n" );
1393 + if (setfscreatecon(optarg)) {
1394 + fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
1399 case_GETOPT_HELP_CHAR;
1400 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1402 --- coreutils-5.0/src/mkfifo.c.selinux 2002-08-31 03:29:21.000000000 -0400
1403 +++ coreutils-5.0/src/mkfifo.c 2003-05-21 11:20:28.000000000 -0400
1406 #define AUTHORS "David MacKenzie"
1408 +#ifdef WITH_SELINUX
1409 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1412 /* The name this program was run with. */
1415 static struct option const longopts[] =
1417 +#ifdef WITH_SELINUX
1418 + {"context", required_argument, NULL, 'c'},
1420 {"mode", required_argument, NULL, 'm'},
1421 {GETOPT_HELP_OPTION_DECL},
1422 {GETOPT_VERSION_OPTION_DECL},
1423 @@ -57,6 +64,11 @@ usage (int status)
1424 Create named pipes (FIFOs) with the given NAMEs.\n\
1427 +#ifdef WITH_SELINUX
1429 + -c, --context=CONTEXT set security context (quoted string)\n\
1433 Mandatory arguments to long options are mandatory for short options too.\n\
1435 @@ -92,7 +104,11 @@ main (int argc, char **argv)
1437 error (4, 0, _("fifo files not supported"));
1439 +#ifdef WITH_SELINUX
1440 + while ((optc = getopt_long (argc, argv, "m:c:", longopts, NULL)) != -1)
1442 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
1447 @@ -101,6 +117,19 @@ main (int argc, char **argv)
1449 specified_mode = optarg;
1451 +#ifdef WITH_SELINUX
1453 + if( !is_selinux_enabled()) {
1454 + fprintf( stderr, "Sorry, --context (-c) can be used only on "
1455 + "a selinux-enabled kernel.\n" );
1458 + if (setfscreatecon(optarg)) {
1459 + fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
1464 case_GETOPT_HELP_CHAR;
1465 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1467 --- coreutils-5.0/src/mknod.c.selinux 2002-12-14 09:14:59.000000000 -0500
1468 +++ coreutils-5.0/src/mknod.c 2003-05-21 11:20:28.000000000 -0400
1470 /* The name this program was run with. */
1473 +#ifdef WITH_SELINUX
1474 +#include <selinux/selinux.h>
1477 static struct option const longopts[] =
1479 +#ifdef WITH_SELINUX
1480 + {"context", required_argument, NULL, 'c'},
1482 {"mode", required_argument, NULL, 'm'},
1483 {GETOPT_HELP_OPTION_DECL},
1484 {GETOPT_VERSION_OPTION_DECL},
1485 @@ -58,6 +65,11 @@ usage (int status)
1486 Create the special file NAME of the given TYPE.\n\
1489 +#ifdef WITH_SELINUX
1491 + -c, --context=CONTEXT set security context (quoted string)\n\
1495 Mandatory arguments to long options are mandatory for short options too.\n\
1497 @@ -102,7 +114,11 @@ main (int argc, char **argv)
1499 specified_mode = NULL;
1501 +#ifdef WITH_SELINUX
1502 + while ((optc = getopt_long (argc, argv, "m:s:c:", longopts, NULL)) != -1)
1504 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
1509 @@ -111,6 +127,20 @@ main (int argc, char **argv)
1511 specified_mode = optarg;
1513 +#ifdef WITH_SELINUX
1515 + /* politely decline if we're not on a selinux-enabled kernel. */
1516 + if( !is_selinux_enabled()) {
1517 + fprintf( stderr, "Sorry, --context (-c) can be used only on "
1518 + "a selinux-enabled kernel.\n" );
1521 + if (setfscreatecon(optarg)) {
1522 + fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
1527 case_GETOPT_HELP_CHAR;
1528 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1530 --- coreutils-5.0/src/mv.c.selinux 2003-05-21 11:20:27.000000000 -0400
1531 +++ coreutils-5.0/src/mv.c 2003-05-21 11:31:45.000000000 -0400
1533 #include "path-concat.h"
1536 +#ifdef WITH_SELINUX
1537 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1540 /* The official name of this program (e.g., no `g' prefix). */
1541 #define PROGRAM_NAME "mv"
1542 @@ -139,6 +142,9 @@ cp_option_init (struct cp_options *x)
1546 +#ifdef WITH_SELINUX
1547 + x->preserve_security_context = 0;
1550 x->dest_info = NULL;
1552 @@ -358,6 +364,10 @@ Mandatory arguments to long options are
1553 equivalent to --reply=query\n\
1556 + -c preserve security context when source and\n\
1557 + destination are on different file systems\n\
1560 --reply={yes,no,query} specify how to handle the prompt about an\n\
1561 existing destination file\n\
1562 --strip-trailing-slashes remove any trailing slashes from each SOURCE\n\
1563 @@ -421,7 +431,11 @@ main (int argc, char **argv)
1567 +#ifdef WITH_SELINUX
1568 + while ((c = getopt_long (argc, argv, "bcfiuvS:V:", long_options, NULL)) != -1)
1570 while ((c = getopt_long (argc, argv, "bfiuvS:V:", long_options, NULL)) != -1)
1575 @@ -440,6 +454,15 @@ main (int argc, char **argv)
1577 version_control_string = optarg;
1579 +#ifdef WITH_SELINUX
1581 + if (is_selinux_enabled())
1582 + x.preserve_security_context = 1;
1584 + fprintf( stderr, "Warning: ignoring -c. "
1585 + "It requires a SELinux enabled kernel.\n" );
1589 x.interactive = I_ALWAYS_YES;
1591 --- /dev/null 2003-01-30 05:24:37.000000000 -0500
1592 +++ coreutils-5.0/src/runcon.c 2003-05-21 11:20:28.000000000 -0400
1595 + * runcon [ context |
1596 + * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
1597 + * command [arg1 [arg2 ...] ]
1599 + * attempt to run the specified command with the specified context.
1601 + * -r role : use the current context with the specified role
1602 + * -t type : use the current context with the specified type
1603 + * -u user : use the current context with the specified user
1604 + * -l level : use the current context with the specified level range
1606 + * Contexts are interpreted as follows:
1609 + * components system?
1613 + * 3 Y role:type:range
1614 + * 3 N user:role:type
1615 + * 4 Y user:role:type:range
1619 +#include <unistd.h>
1621 +#include <getopt.h>
1622 +#include <selinux/context.h>
1623 +#include <selinux/selinux.h>
1627 +/* The name the program was run with. */
1628 +char *program_name;
1633 + printf("Usage: %s [OPTION]... command [args]\n"
1634 + "Run a program in a different security context.\n\n"
1635 + " context Complete security context\n"
1636 + " -t type (for same role as parent)\n"
1637 + " -u user identity\n"
1639 + " -l levelrange\n"
1640 + " --help display this help and exit\n",
1646 +main(int argc,char **argv,char **envp )
1652 + char *context = NULL;
1653 + security_context_t cur_context = NULL;
1657 + program_name = argv[0];
1661 + int this_option_optind = optind ? optind : 1;
1662 + int option_index = 0;
1663 + static struct option long_options[] = {
1664 + { "role", 1, 0, 'r' },
1665 + { "type", 1, 0, 't' },
1666 + { "user", 1, 0, 'u' },
1667 + { "range", 1, 0, 'l' },
1668 + { "help", 0, 0, '?' },
1671 + c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index);
1678 + fprintf(stderr,"multiple roles\n");
1685 + fprintf(stderr,"multiple types\n");
1692 + fprintf(stderr,"multiple users\n");
1699 + fprintf(stderr,"multiple levelranges\n");
1705 + fprintf(stderr,"unrecognised option %c\n",c);
1711 + if ( !(user || role || type || range)) {
1712 + if ( optind >= argc ) {
1713 + usage("must specify -t, -u, -l, -r, or context");
1715 + context = argv[optind++];
1718 + if ( optind >= argc ) {
1719 + usage("no command found");
1723 + con = context_new(context);
1725 + fprintf(stderr,"%s is not a valid context\n", context);
1730 + getcon(&cur_context);
1731 + con = context_new(cur_context);
1733 + fprintf(stderr,"%s is not a valid context\n", context);
1737 + context_user_set(con,user);
1740 + context_type_set(con,type);
1743 + context_range_set(con,range);
1746 + context_role_set(con,role);
1750 + if (setexeccon(context_str(con))!=0) {
1751 + fprintf(stderr,"unable to setup security context %s\n", context_str(con));
1754 + if (cur_context!=NULL)
1755 + freecon(cur_context);
1757 + if ( execvp(argv[optind],argv+optind) ) {
1761 + return 1; /* can't reach this statement.... */
1763 --- /dev/null 2003-01-30 05:24:37.000000000 -0500
1764 +++ coreutils-5.0/man/chcon.x 2003-05-21 11:20:28.000000000 -0400
1767 +chcon \- change file security context
1769 +.\" Add any additional description here
1770 --- /dev/null 2003-01-30 05:24:37.000000000 -0500
1771 +++ coreutils-5.0/man/runcon.x 2003-05-21 11:20:28.000000000 -0400
1774 +.\" Add any additional description here
1775 --- coreutils-5.0/tests/cp/Makefile.am.selinux 2003-02-02 15:08:59.000000000 -0500
1776 +++ coreutils-5.0/tests/cp/Makefile.am 2003-05-21 11:20:28.000000000 -0400
1777 @@ -3,8 +3,8 @@ AUTOMAKE_OPTIONS = 1.1 gnits
1780 preserve-2 r-vs-symlink link-preserve \
1781 - backup-1 no-deref-link1 no-deref-link2 no-deref-link3 backup-is-src \
1782 - same-file cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
1783 + backup-1 backup-is-src \
1784 + cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
1785 perm cp-HL special-bits link dir-rm-dest cp-parents deref-slink \
1786 dir-vs-file into-self
1787 EXTRA_DIST = $(TESTS)
1788 --- coreutils-5.0/tests/cp/Makefile.in.selinux 2003-04-02 09:28:43.000000000 -0500
1789 +++ coreutils-5.0/tests/cp/Makefile.in 2003-05-21 11:23:03.000000000 -0400
1790 @@ -152,8 +152,8 @@ AUTOMAKE_OPTIONS = 1.1 gnits
1793 preserve-2 r-vs-symlink link-preserve \
1794 - backup-1 no-deref-link1 no-deref-link2 no-deref-link3 backup-is-src \
1795 - same-file cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
1796 + backup-1 backup-is-src \
1797 + cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
1798 perm cp-HL special-bits link dir-rm-dest cp-parents deref-slink \
1799 dir-vs-file into-self
1801 --- coreutils-5.0/README.selinux 2003-03-29 09:24:00.000000000 -0500
1802 +++ coreutils-5.0/README 2003-05-21 11:20:28.000000000 -0400
1803 @@ -7,11 +7,11 @@ arbitrary limits.
1805 The programs that can be built with this package are:
1807 - basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd
1808 + basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd
1809 df dir dircolors dirname du echo env expand expr factor false fmt fold
1810 ginstall groups head hostid hostname id join kill link ln logname ls
1811 md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
1812 - printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort
1813 + printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum shred sleep sort
1814 split stat stty su sum sync tac tail tee test touch tr true tsort tty
1815 uname unexpand uniq unlink uptime users vdir wc who whoami yes