1 diff -urN coreutils-5.0.org/config.hin coreutils-5.0/config.hin
2 --- coreutils-5.0.org/config.hin 2003-12-27 12:26:28.926095552 +0100
3 +++ coreutils-5.0/config.hin 2003-12-27 12:28:20.345157280 +0100
5 /* Define to empty if the keyword `volatile' does not work. Warning: valid
6 code using `volatile' can become incorrect without. Disable with care. */
9 +/* Define if you want to use SELINUX */
12 diff -urN coreutils-5.0.org/configure.ac coreutils-5.0/configure.ac
13 --- coreutils-5.0.org/configure.ac 2003-12-27 12:26:28.584147536 +0100
14 +++ coreutils-5.0/configure.ac 2003-12-27 12:27:54.896026136 +0100
16 LIB_PAM="-ldl -lpam -lpam_misc"
19 +dnl Give the chance to enable PAM
20 +AC_ARG_ENABLE(selinux, dnl
21 +[ --enable-selinux Enable use of the SELINUX libraries],
22 +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
23 +LIB_SELINUX="-lselinux"
24 +AC_SUBST(LIB_SELINUX)])
29 diff -urN coreutils-5.0.org/man/chcon.1 coreutils-5.0/man/chcon.1
30 --- coreutils-5.0.org/man/chcon.1 1970-01-01 01:00:00.000000000 +0100
31 +++ coreutils-5.0/man/chcon.1 2003-12-27 12:26:52.965441016 +0100
33 +.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
35 +chcon \- change security context
38 +[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
41 +[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
44 +." Add any additional description here
46 +Change the security context of each FILE to CONTEXT.
48 +\fB\-c\fR, \fB\-\-changes\fR
49 +like verbose but report only when a change is made
51 +\fB\-h\fR, \fB\-\-no\-dereference\fR
52 +affect symbolic links instead of any referenced file (available only on systems with lchown system call)
54 +\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
55 +suppress most error messages
57 +\fB\-\-reference\fR=\fIRFILE\fR
58 +use RFILE's context instead of using a CONTEXT value
60 +\fB\-R\fR, \fB\-\-recursive\fR
61 +change files and directories recursively
63 +\fB\-v\fR, \fB\-\-verbose\fR
64 +output a diagnostic for every file processed
67 +display this help and exit
70 +output version information and exit
72 +Report bugs to <email@host.com>.
74 +The full documentation for
76 +is maintained as a Texinfo manual. If the
80 +programs are properly installed at your site, the command
84 +should give you access to the complete manual.
85 diff -urN coreutils-5.0.org/man/chcon.x coreutils-5.0/man/chcon.x
86 --- coreutils-5.0.org/man/chcon.x 1970-01-01 01:00:00.000000000 +0100
87 +++ coreutils-5.0/man/chcon.x 2003-12-27 12:26:52.962441472 +0100
90 +chcon \- change file security context
92 +.\" Add any additional description here
93 diff -urN coreutils-5.0.org/man/cp.1 coreutils-5.0/man/cp.1
94 --- coreutils-5.0.org/man/cp.1 2003-12-27 12:26:28.509158936 +0100
95 +++ coreutils-5.0/man/cp.1 2003-12-27 12:26:52.965441016 +0100
98 \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
99 preserve the specified attributes (default:
100 -mode,ownership,timestamps), if possible
101 +mode,ownership,timestamps) and security contexts, if possible
102 additional attributes: links, all
104 \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
107 display this help and exit
109 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
110 +set security context of copy to CONTEXT
113 output version information and exit
115 diff -urN coreutils-5.0.org/man/dir.1 coreutils-5.0/man/dir.1
116 --- coreutils-5.0.org/man/dir.1 2003-12-27 12:26:28.485162584 +0100
117 +++ coreutils-5.0/man/dir.1 2003-12-27 12:26:52.966440864 +0100
119 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
120 -.TH DIR "1" "March 2003" "dir (coreutils) 5.0" "User Commands"
121 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
122 +.TH DIR "1" "September 2003" "dir (coreutils) 5.0" FSF
124 dir \- list directory contents
129 list one file per line
134 +Display security context. Enable \fB\-l\fR. Lines
135 +will probably be too wide for most displays.
138 +Display security context so it fits on most
139 +displays. Displays only mode, user, group,
140 +security context and file name.
143 +Display only security context and file name.
146 display this help and exit
147 diff -urN coreutils-5.0.org/man/id.1 coreutils-5.0/man/id.1
148 --- coreutils-5.0.org/man/id.1 2003-12-27 12:26:28.509158936 +0100
149 +++ coreutils-5.0/man/id.1 2003-12-27 12:26:52.967440712 +0100
152 ignore, for compatibility with other versions
154 +\fB\-Z\fR, \fB\-\-context\fR
155 +print only the security context
157 \fB\-g\fR, \fB\-\-group\fR
158 print only the effective group ID
160 diff -urN coreutils-5.0.org/man/install.1 coreutils-5.0/man/install.1
161 --- coreutils-5.0.org/man/install.1 2003-12-27 12:26:28.509158936 +0100
162 +++ coreutils-5.0/man/install.1 2003-12-27 12:26:52.967440712 +0100
164 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
165 -.TH INSTALL "1" "March 2003" "install (coreutils) 5.0" "User Commands"
166 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
167 +.TH INSTALL "1" "September 2003" "install (coreutils) 5.0" FSF
169 ginstall \- copy files and set attributes
173 \fB\-v\fR, \fB\-\-verbose\fR
174 print the name of each directory as it is created
176 +\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
178 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
179 +(SELinux) Set security context of files and directories
182 display this help and exit
183 diff -urN coreutils-5.0.org/man/ls.1 coreutils-5.0/man/ls.1
184 --- coreutils-5.0.org/man/ls.1 2003-12-27 12:26:28.509158936 +0100
185 +++ coreutils-5.0/man/ls.1 2003-12-27 12:26:52.966440864 +0100
187 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
188 -.TH LS "1" "March 2003" "ls (coreutils) 5.0" "User Commands"
189 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
190 +.TH LS "1" "September 2003" "ls (coreutils) 5.0" FSF
192 ls \- list directory contents
197 list one file per line
202 +Display security context. Enable \fB\-l\fR. Lines
203 +will probably be too wide for most displays.
205 +\fB\-Z\fR, \fB\-\-context\fR
206 +Display security context so it fits on most
207 +displays. Displays only mode, user, group,
208 +security context and file name.
211 +Display only security context and file name.
214 display this help and exit
215 diff -urN coreutils-5.0.org/man/Makefile.am coreutils-5.0/man/Makefile.am
216 --- coreutils-5.0.org/man/Makefile.am 2003-12-27 12:26:28.345183864 +0100
217 +++ coreutils-5.0/man/Makefile.am 2003-12-27 12:33:28.969239288 +0100
219 rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
220 su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
221 tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
222 - who.1 whoami.1 yes.1
223 + who.1 whoami.1 yes.1 chcon.1 runcon.1
226 man_aux = $(dist_man_MANS:.1=.x)
228 who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
229 whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
230 yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
231 +chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
232 +runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
236 diff -urN coreutils-5.0.org/man/mkdir.1 coreutils-5.0/man/mkdir.1
237 --- coreutils-5.0.org/man/mkdir.1 2003-12-27 12:26:28.407174440 +0100
238 +++ coreutils-5.0/man/mkdir.1 2003-12-27 12:26:52.968440560 +0100
241 Mandatory arguments to long options are mandatory for short options too.
243 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
245 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
246 set permission mode (as in chmod), not rwxrwxrwx - umask
248 diff -urN coreutils-5.0.org/man/mkfifo.1 coreutils-5.0/man/mkfifo.1
249 --- coreutils-5.0.org/man/mkfifo.1 2003-12-27 12:26:28.459166536 +0100
250 +++ coreutils-5.0/man/mkfifo.1 2003-12-27 12:26:52.968440560 +0100
253 Mandatory arguments to long options are mandatory for short options too.
255 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
256 +set security context (quoted string)
258 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
259 set permission mode (as in chmod), not a=rw - umask
261 diff -urN coreutils-5.0.org/man/mknod.1 coreutils-5.0/man/mknod.1
262 --- coreutils-5.0.org/man/mknod.1 2003-12-27 12:26:28.406174592 +0100
263 +++ coreutils-5.0/man/mknod.1 2003-12-27 12:26:52.969440408 +0100
266 Mandatory arguments to long options are mandatory for short options too.
268 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
269 +set security context (quoted string)
271 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
272 set permission mode (as in chmod), not a=rw - umask
274 diff -urN coreutils-5.0.org/man/runcon.1 coreutils-5.0/man/runcon.1
275 --- coreutils-5.0.org/man/runcon.1 1970-01-01 01:00:00.000000000 +0100
276 +++ coreutils-5.0/man/runcon.1 2003-12-27 12:26:52.969440408 +0100
278 +.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux"
280 +runcon \- run command with specified security context
283 +[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
288 +\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
293 +.\" Add any additional description here
295 +Run COMMAND with current security context modified by one or more of LEVEL,
296 +ROLE, TYPE, and USER, or with completely-specified CONTEXT.
299 +change current type to the specified type
302 +change current level range to the specified range
305 +change current role to the specified role
308 +change current user to the specified user
310 +If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
311 +the first argument is used as the complete context. Any additional
312 +arguments after \fICOMMAND\fR are interpreted as arguments to the
315 +Note that only carefully-chosen contexts are likely to successfully
317 diff -urN coreutils-5.0.org/man/runcon.x coreutils-5.0/man/runcon.x
318 --- coreutils-5.0.org/man/runcon.x 1970-01-01 01:00:00.000000000 +0100
319 +++ coreutils-5.0/man/runcon.x 2003-12-27 12:26:52.964441168 +0100
322 +.\" Add any additional description here
323 diff -urN coreutils-5.0.org/man/stat.1 coreutils-5.0/man/stat.1
324 --- coreutils-5.0.org/man/stat.1 2003-12-27 12:26:28.458166688 +0100
325 +++ coreutils-5.0/man/stat.1 2003-12-27 12:26:52.965441016 +0100
327 \fB\-t\fR, \fB\-\-terse\fR
328 print the information in terse form
330 +\fB\-Z\fR, \fB\-\-context\fR
331 +print security context information for SELinux if available.
334 display this help and exit
338 Number of blocks allocated (see %B)
341 +SELinux security context
346 diff -urN coreutils-5.0.org/man/vdir.1 coreutils-5.0/man/vdir.1
347 --- coreutils-5.0.org/man/vdir.1 2003-12-27 12:26:28.510158784 +0100
348 +++ coreutils-5.0/man/vdir.1 2003-12-27 12:26:52.967440712 +0100
350 -.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
351 -.TH VDIR "1" "March 2003" "vdir (coreutils) 5.0" "User Commands"
352 +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
353 +.TH VDIR "1" "September 2003" "vdir (coreutils) 5.0" FSF
355 vdir \- list directory contents
360 list one file per line
365 +Display security context. Enable \fB\-l\fR. Lines
366 +will probably be too wide for most displays.
369 +Display security context so it fits on most
370 +displays. Displays only mode, user, group,
371 +security context and file name.
374 +Display only security context and file name.
377 display this help and exit
378 diff -urN coreutils-5.0.org/src/chcon.c coreutils-5.0/src/chcon.c
379 --- coreutils-5.0.org/src/chcon.c 1970-01-01 01:00:00.000000000 +0100
380 +++ coreutils-5.0/src/chcon.c 2003-12-27 12:26:52.934445728 +0100
382 +/* chcontext -- change security context of a pathname */
386 +#include <sys/types.h>
389 +#include <selinux/selinux.h>
390 +#include <selinux/context.h>
394 +#include "savedir.h"
395 +#include "group-member.h"
401 + CH_NO_CHANGE_REQUESTED
406 + /* Print a message for each file that is processed. */
409 + /* Print a message for each file whose attributes we change. */
412 + /* Do not be verbose. This is the default. */
416 +static int change_dir_context PARAMS ((const char *dir, const struct stat *statp));
418 +/* The name the program was run with. */
421 +/* If nonzero, and the systems has support for it, change the context
422 + of symbolic links rather than any files they point to. */
423 +static int change_symlinks;
425 +/* If nonzero, change the context of directories recursively. */
428 +/* If nonzero, force silence (no error messages). */
429 +static int force_silent;
431 +/* Level of verbosity. */
432 +static enum Verbosity verbosity = V_off;
434 +/* The name of the context file is being given. */
435 +static const char *specified_context;
437 +/* Specific components of the context */
438 +static const char *specified_user;
439 +static const char *specified_role;
440 +static const char *specified_range;
441 +static const char *specified_type;
443 +/* The argument to the --reference option. Use the context of this file.
444 + This file must exist. */
445 +static char *reference_file;
447 +/* If nonzero, display usage information and exit. */
448 +static int show_help;
450 +/* If nonzero, print the version on standard output and exit. */
451 +static int show_version;
453 +static struct option const long_options[] =
455 + {"recursive", no_argument, 0, 'R'},
456 + {"changes", no_argument, 0, 'c'},
457 + {"no-dereference", no_argument, 0, 'h'},
458 + {"silent", no_argument, 0, 'f'},
459 + {"quiet", no_argument, 0, 'f'},
460 + {"reference", required_argument, 0, CHAR_MAX + 1},
461 + {"context", required_argument, 0, CHAR_MAX + 2},
462 + {"user", required_argument, 0, 'u'},
463 + {"role", required_argument, 0, 'r'},
464 + {"type", required_argument, 0, 't'},
465 + {"range", required_argument, 0, 'l'},
466 + {"verbose", no_argument, 0, 'v'},
467 + {"help", no_argument, &show_help, 1},
468 + {"version", no_argument, &show_version, 1},
472 +/* Tell the user how/if the context of FILE has been changed.
473 + CHANGED describes what (if anything) has happened. */
476 +describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
482 + fmt = _("context of %s changed to %s\n");
485 + fmt = _("failed to change context of %s to %s\n");
487 + case CH_NO_CHANGE_REQUESTED:
488 + fmt = _("context of %s retained as %s\n");
493 + printf (fmt, file, newcontext);
497 +compute_context_from_mask (security_context_t context, context_t *ret)
499 + context_t newcontext = context_new (context);
502 +#define SETCOMPONENT(comp) \
504 + if (specified_ ## comp) \
505 + if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
509 + SETCOMPONENT(user);
510 + SETCOMPONENT(range);
511 + SETCOMPONENT(role);
512 + SETCOMPONENT(type);
518 + context_free (newcontext);
522 +/* Change the context of FILE, using specified components.
523 + If it is a directory and -R is given, recurse.
524 + Return 0 if successful, 1 if errors occurred. */
527 +change_file_context (const char *file)
529 + struct stat file_stats;
530 + security_context_t file_context=NULL;
532 + security_context_t context_string;
535 + if ((lgetfilecon(file, &file_context)<0) && (errno != ENODATA))
537 + if (force_silent == 0)
538 + error (0, errno, "%s", file);
542 + /* If the file doesn't have a context, and we're not setting all of
543 + the context components, there isn't really an obvious default.
544 + Thus, we just give up. */
545 + if (file_context == NULL && specified_context == NULL)
547 + error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
551 + if (specified_context == NULL)
553 + if (compute_context_from_mask (file_context, &context))
555 + error (0, 0, _("couldn't compute security context from %s"), file_context);
561 + context = context_new (specified_context);
563 + error (1, 0,_("invalid context: %s"),specified_context);
566 + context_string = context_str (context);
568 + if (strcmp(context_string,file_context)!=0)
572 + if (change_symlinks)
573 + fail = lsetfilecon (file, context_string);
575 + fail = setfilecon (file, context_string);
577 + if (verbosity == V_high || (verbosity == V_changes_only && !fail))
578 + describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
583 + if (force_silent == 0)
585 + error (0, errno, _("failed to change context of %s to %s"), file, context_string);
589 + else if (verbosity == V_high)
591 + describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
594 + context_free(context);
595 + freecon(file_context);
598 + if (lstat(file, &file_stats)==0)
599 + if (S_ISDIR (file_stats.st_mode))
600 + errors |= change_dir_context (file, &file_stats);
605 +/* Recursively change context of the files in directory DIR
606 + using specified context components.
607 + STATP points to the results of lstat on DIR.
608 + Return 0 if successful, 1 if errors occurred. */
611 +change_dir_context (const char *dir, const struct stat *statp)
613 + char *name_space, *namep;
614 + char *path; /* Full path of each entry to process. */
615 + unsigned dirlength; /* Length of `dir' and '\0'. */
616 + unsigned filelength; /* Length of each pathname to process. */
617 + unsigned pathlength; /* Bytes allocated for `path'. */
621 + name_space = savedir (dir);
622 + if (name_space == NULL)
626 + if (force_silent == 0)
627 + error (0, errno, "%s", dir);
631 + error (1, 0, _("virtual memory exhausted"));
634 + dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
635 + pathlength = dirlength + 1;
636 + /* Give `path' a dummy value; it will be reallocated before first use. */
637 + path = xmalloc (pathlength);
638 + strcpy (path, dir);
639 + path[dirlength - 1] = '/';
641 + for (namep = name_space; *namep; namep += filelength - dirlength)
643 + filelength = dirlength + strlen (namep) + 1;
644 + if (filelength > pathlength)
646 + pathlength = filelength * 2;
647 + path = xrealloc (path, pathlength);
649 + strcpy (path + dirlength, namep);
650 + errors |= change_file_context (path);
661 + fprintf (stderr, _("Try `%s --help' for more information.\n"),
666 +Usage: %s [OPTION]... CONTEXT FILE...\n\
667 + or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
668 + or: %s [OPTION]... --reference=RFILE FILE...\n\
670 + program_name, program_name, program_name);
672 +Change the security context of each FILE to CONTEXT.\n\
674 + -c, --changes like verbose but report only when a change is made\n\
675 + -h, --no-dereference affect symbolic links instead of any referenced file\n\
676 + (available only on systems with lchown system call)\n\
677 + -f, --silent, --quiet suppress most error messages\n\
678 + --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
679 + -u, --user=USER set user USER in the target security context\n\
680 + -r, --role=ROLE set role ROLE in the target security context\n\
681 + -t, --type=TYPE set type TYPE in the target security context\n\
682 + -l, --range=RANGE set range RANGE in the target security context\n\
683 + -R, --recursive change files and directories recursively\n\
684 + -v, --verbose output a diagnostic for every file processed\n\
685 + --help display this help and exit\n\
686 + --version output version information and exit\n\
694 +main (int argc, char **argv)
696 + security_context_t ref_context = NULL;
699 + int component_specified = 0;
701 + program_name = argv[0];
702 + setlocale (LC_ALL, "");
703 + bindtextdomain (PACKAGE, LOCALEDIR);
704 + textdomain (PACKAGE);
706 + recurse = force_silent = 0;
708 + while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
715 + specified_user = optarg;
716 + component_specified = 1;
719 + specified_role = optarg;
720 + component_specified = 1;
723 + specified_type = optarg;
724 + component_specified = 1;
727 + specified_range = optarg;
728 + component_specified = 1;
731 + reference_file = optarg;
737 + verbosity = V_changes_only;
743 + change_symlinks = 1;
746 + verbosity = V_high;
755 + printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
764 + if (reference_file && component_specified)
766 + error (0, 0, _("conflicting security context specifiers given"));
770 + if (!(((reference_file || component_specified)
771 + && (argc - optind > 0))
772 + || (argc - optind > 1)))
774 + error (0, 0, _("too few arguments"));
778 + if (reference_file)
780 + if (getfilecon (reference_file, &ref_context)<0)
781 + error (1, errno, "%s", reference_file);
783 + specified_context = ref_context;
785 + else if (!component_specified) {
786 + specified_context = argv[optind++];
788 + for (; optind < argc; ++optind)
789 + errors |= change_file_context (argv[optind]);
791 + if (verbosity != V_off)
793 + if (ref_context != NULL)
794 + freecon(ref_context);
797 diff -urN coreutils-5.0.org/src/copy.c coreutils-5.0/src/copy.c
798 --- coreutils-5.0.org/src/copy.c 2003-12-27 12:26:28.939093576 +0100
799 +++ coreutils-5.0/src/copy.c 2003-12-27 12:26:52.935445576 +0100
802 #include "xreadlink.h"
805 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
806 +extern int selinux_enabled;
809 #define DO_CHOWN(Chown, File, New_uid, New_gid) \
810 (Chown (File, New_uid, New_gid) \
811 /* If non-root uses -p, it's ok if we can't preserve ownership. \
812 @@ -1233,6 +1238,32 @@
813 In such cases, set this variable to zero. */
814 preserve_metadata = 1;
817 + if (x->preserve_security_context && selinux_enabled)
819 + security_context_t con;
821 + if (lgetfilecon (src_path, &con) >= 0)
823 + if (setfscreatecon(con) < 0)
826 + error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
832 + if ( errno == ENOTSUP ) {
833 + error (0, errno, _("warning: security context not preserved %s"), quote (src_path));
835 + error (0, errno, _("cannot lgetfilecon %s"), quote (src_path));
842 if (S_ISDIR (src_mode))
844 struct dir_list *dir;
845 @@ -1302,8 +1333,13 @@
848 /* Are we crossing a file system boundary? */
849 - if (x->one_file_system && device != 0 && device != src_sb.st_dev)
850 + if (x->one_file_system && device != 0 && device != src_sb.st_dev) {
852 + if (x->preserve_security_context && selinux_enabled)
853 + setfscreatecon(NULL);
858 /* Copy the contents of the directory. */
860 @@ -1442,6 +1478,11 @@
865 + if (x->preserve_security_context && selinux_enabled)
866 + setfscreatecon(NULL);
869 /* There's no need to preserve timestamps or permissions. */
870 preserve_metadata = 0;
872 @@ -1474,7 +1515,7 @@
873 if (command_line_arg)
874 record_file (x->dest_info, dst_path, NULL);
876 - if ( ! preserve_metadata)
877 + if ( ! preserve_metadata)
880 /* POSIX says that `cp -p' must restore the following:
881 @@ -1576,6 +1617,11 @@
886 + if (x->preserve_security_context && selinux_enabled)
887 + setfscreatecon(NULL);
890 /* We have failed to create the destination file.
891 If we've just added a dev/ino entry via the remember_copied
892 call above (i.e., unless we've just failed to create a hard link),
893 diff -urN coreutils-5.0.org/src/copy.h coreutils-5.0/src/copy.h
894 --- coreutils-5.0.org/src/copy.h 2003-12-27 12:26:28.948092208 +0100
895 +++ coreutils-5.0/src/copy.h 2003-12-27 12:26:52.937445272 +0100
897 int preserve_ownership;
899 int preserve_timestamps;
901 + int preserve_security_context;
904 /* Enabled for mv, and for cp by the --preserve=links option.
905 If nonzero, attempt to preserve in the destination files any
906 diff -urN coreutils-5.0.org/src/cp.c coreutils-5.0/src/cp.c
907 --- coreutils-5.0.org/src/cp.c 2003-12-27 12:26:28.939093576 +0100
908 +++ coreutils-5.0/src/cp.c 2003-12-27 12:26:52.938445120 +0100
911 #define AUTHORS N_ ("Torbjorn Granlund, David MacKenzie, and Jim Meyering")
914 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
915 +int selinux_enabled=0;
918 #ifndef _POSIX_VERSION
922 {"update", no_argument, NULL, 'u'},
923 {"verbose", no_argument, NULL, 'v'},
924 {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
926 + {"context", required_argument, NULL, 'Z'},
928 {GETOPT_HELP_OPTION_DECL},
929 {GETOPT_VERSION_OPTION_DECL},
932 additional attributes: links, all\n\
935 + -c same as --preserve=context\n\
938 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
939 --parents append source path to DIRECTORY\n\
940 -P same as `--no-dereference'\n\
942 destination file is missing\n\
943 -v, --verbose explain what is being done\n\
944 -x, --one-file-system stay on this file system\n\
945 + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
947 fputs (HELP_OPTION_DESCRIPTION, stdout);
948 fputs (VERSION_OPTION_DESCRIPTION, stdout);
951 new_dest = (char *) dest;
954 - return copy (source, new_dest, new_dst, x, &unused, NULL);
955 + ret=copy (source, new_dest, new_dst, x, &unused, NULL);
961 x->preserve_mode = 0;
962 x->preserve_timestamps = 0;
965 + x->preserve_security_context = 0;
968 x->require_preserve = 0;
970 x->sparse_mode = SPARSE_AUTO;
971 @@ -808,19 +824,20 @@
978 static enum File_attribute const preserve_vals[] =
980 PRESERVE_MODE, PRESERVE_TIMESTAMPS,
981 - PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
982 + PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
985 /* Valid arguments to the `--preserve' option. */
986 static char const* const preserve_args[] =
988 "mode", "timestamps",
989 - "ownership", "links", "all", 0
990 + "ownership", "links", "context", "all", 0
993 char *arg_writable = xstrdup (arg);
994 @@ -855,11 +872,16 @@
995 x->preserve_links = on_off;
998 + case PRESERVE_CONTEXT:
999 + x->preserve_security_context = on_off;
1003 x->preserve_mode = on_off;
1004 x->preserve_timestamps = on_off;
1005 x->preserve_ownership = on_off;
1006 x->preserve_links = on_off;
1007 + x->preserve_security_context = on_off;
1011 @@ -882,6 +904,10 @@
1012 struct cp_options x;
1013 int copy_contents = 0;
1014 char *target_directory = NULL;
1015 +#ifdef WITH_SELINUX
1016 + security_context_t scontext = NULL;
1017 + selinux_enabled= (is_selinux_enabled() > 0);
1020 program_name = argv[0];
1021 setlocale (LC_ALL, "");
1022 @@ -896,7 +922,11 @@
1023 we'll actually use backup_suffix_string. */
1024 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1026 +#ifdef WITH_SELINUX
1027 + while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:Z:", long_opts, NULL))
1029 while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL))
1034 @@ -987,6 +1017,36 @@
1035 x.preserve_timestamps = 1;
1036 x.require_preserve = 1;
1038 +#ifdef WITH_SELINUX
1040 + if ( scontext != NULL ) {
1041 + (void) fprintf(stderr, _("%s: cannot force target context <-- %s and preserve it\n"), argv[0], scontext);
1044 + else if (selinux_enabled)
1045 + x.preserve_security_context = 1;
1049 + /* politely decline if we're not on a selinux-enabled kernel. */
1050 + if( !selinux_enabled ) {
1051 + fprintf( stderr, _("Warning: ignoring --context (-Z). "
1052 + "It requires a SELinux-enabled kernel.\n") );
1055 + if ( x.preserve_security_context ) {
1056 + (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], optarg);
1059 + scontext = optarg;
1060 + /* if there's a security_context given set new path
1061 + components to that context, too */
1062 + if ( setfscreatecon(scontext) < 0 ) {
1063 + (void) fprintf(stderr, _("cannot set default security context %s"), scontext);
1069 case PARENTS_OPTION:
1071 diff -urN coreutils-5.0.org/src/id.c coreutils-5.0/src/id.c
1072 --- coreutils-5.0.org/src/id.c 2003-12-27 12:26:28.951091752 +0100
1073 +++ coreutils-5.0/src/id.c 2003-12-27 12:26:52.939444968 +0100
1078 +#ifdef WITH_SELINUX
1079 +#include <selinux/selinux.h>
1080 +static void print_context PARAMS ((char* context));
1081 +/* Print the SELinux context */
1083 +print_context(char *context)
1085 + printf ("%s", context);
1088 +/* If nonzero, output only the SELinux context. -Z */
1089 +static int just_context = 0;
1092 static void print_user (uid_t uid);
1093 static void print_group (gid_t gid);
1094 static void print_group_list (const char *username);
1096 /* The number of errors encountered so far. */
1097 static int problems = 0;
1099 +/* The SELinux context */
1100 +/* Set `context' to a known invalid value so print_full_info() will *
1101 + * know when `context' has not been set to a meaningful value. */
1102 +static security_context_t context=NULL;
1104 static struct option const longopts[] =
1106 + {"context", no_argument, NULL, 'Z'},
1107 {"group", no_argument, NULL, 'g'},
1108 {"groups", no_argument, NULL, 'G'},
1109 {"name", no_argument, NULL, 'n'},
1111 Print information for USERNAME, or the current user.\n\
1113 -a ignore, for compatibility with other versions\n\
1114 + -Z, --context print only the context\n\
1115 -g, --group print only the effective group ID\n\
1116 -G, --groups print all group IDs\n\
1117 -n, --name print a name instead of a number, for -ugG\n\
1119 main (int argc, char **argv)
1122 + int selinux_enabled=(is_selinux_enabled() > 0);
1124 /* If nonzero, output the list of all group IDs. -G */
1125 int just_group_list = 0;
1128 atexit (close_stdout);
1130 - while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
1131 + while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
1135 @@ -136,6 +158,17 @@
1137 /* Ignore -a, for compatibility with SVR4. */
1139 +#ifdef WITH_SELINUX
1141 + /* politely decline if we're not on a selinux-enabled kernel. */
1142 + if( !selinux_enabled ) {
1143 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on "
1144 + "a SELinux-enabled kernel.\n") );
1153 @@ -158,8 +191,28 @@
1157 - if (just_user + just_group + just_group_list > 1)
1158 - error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
1159 +#ifdef WITH_SELINUX
1160 + if (argc - optind == 1)
1161 + selinux_enabled = 0;
1163 + if( just_context && !selinux_enabled)
1165 +cannot display context when SELinux not enabled or when displaying the id\n\
1166 +of a different user"));
1168 + /* If we are on a selinux-enabled kernel, get our context. *
1169 + * Otherwise, leave the context variable alone - it has *
1170 + * been initialized known invalid value; if we see this invalid *
1171 + * value later, we will know we are on a non-selinux kernel. */
1172 + if( selinux_enabled )
1174 + if (getcon(&context))
1175 + error (1, 0, _("can't get process context"));
1179 + if (just_user + just_group + just_group_list + just_context > 1)
1180 + error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
1182 if (just_user + just_group + just_group_list == 0 && (use_real || use_name))
1183 error (EXIT_FAILURE, 0,
1184 @@ -190,6 +243,10 @@
1185 print_group (use_real ? rgid : egid);
1186 else if (just_group_list)
1187 print_group_list (argv[optind]);
1188 +#ifdef WITH_SELINUX
1189 + else if (just_context)
1190 + print_context (context);
1193 print_full_info (argv[optind]);
1198 #endif /* HAVE_GETGROUPS */
1199 +#ifdef WITH_SELINUX
1200 + if ( context != NULL ) {
1201 + printf(_(" context=%s"),context);
1205 diff -urN coreutils-5.0.org/src/install.c coreutils-5.0/src/install.c
1206 --- coreutils-5.0.org/src/install.c 2003-12-27 12:26:28.932094640 +0100
1207 +++ coreutils-5.0/src/install.c 2003-12-27 12:26:52.941444664 +0100
1209 # include <sys/wait.h>
1212 +#ifdef WITH_SELINUX
1213 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1214 +int selinux_enabled=0;
1217 struct passwd *getpwnam ();
1218 struct group *getgrnam ();
1220 @@ -126,11 +131,17 @@
1221 static struct option const long_options[] =
1223 {"backup", optional_argument, NULL, 'b'},
1224 +#ifdef WITH_SELINUX
1225 + {"context", required_argument, NULL, 'Z'},
1227 {"directory", no_argument, NULL, 'd'},
1228 {"group", required_argument, NULL, 'g'},
1229 {"mode", required_argument, NULL, 'm'},
1230 {"owner", required_argument, NULL, 'o'},
1231 {"preserve-timestamps", no_argument, NULL, 'p'},
1232 +#ifdef WITH_SELINUX
1233 + {"preserve_context", no_argument, NULL, 'P'},
1235 {"strip", no_argument, NULL, 's'},
1236 {"suffix", required_argument, NULL, 'S'},
1237 {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
1242 +#ifdef WITH_SELINUX
1243 + x->preserve_security_context = 0;
1246 x->dest_info = NULL;
1248 @@ -265,6 +279,11 @@
1249 struct cp_options x;
1252 +#ifdef WITH_SELINUX
1253 + security_context_t scontext = NULL;
1254 + /* set iff kernel has extra selinux system calls */
1255 + selinux_enabled = (is_selinux_enabled() > 0);
1258 program_name = argv[0];
1259 setlocale (LC_ALL, "");
1260 @@ -285,7 +304,11 @@
1261 we'll actually use backup_suffix_string. */
1262 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1264 +#ifdef WITH_SELINUX
1265 + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPvV:S:Z:", long_options,
1267 while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pvV:S:", long_options,
1272 @@ -338,6 +361,39 @@
1274 backup_suffix_string = optarg;
1276 +#ifdef WITH_SELINUX
1278 + /* politely decline if we're not on a selinux-enabled kernel. */
1279 + if( !selinux_enabled ) {
1280 + fprintf( stderr, _("Warning: ignoring --preserve_context (-P) "
1281 + "because the kernel is not SELinux-enabled.\n") );
1284 + if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
1285 + (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], scontext);
1288 + x.preserve_security_context = 1;
1291 + /* politely decline if we're not on a selinux-enabled kernel. */
1292 + if( !selinux_enabled) {
1293 + fprintf( stderr, _("Warning: ignoring --context (-Z) "
1294 + "because the kernel is not SELinux-enabled.\n") );
1297 + if ( x.preserve_security_context ) {
1299 + (void) fprintf(stderr, _("%s: cannot force target context == '%s' and preserve it\n"), argv[0], optarg);
1302 + scontext = optarg;
1303 + if (setfscreatecon(scontext)) {
1304 + (void) fprintf(stderr, _("%s: cannot setup default context == '%s'\n"), argv[0], scontext);
1309 case_GETOPT_HELP_CHAR;
1310 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1312 @@ -721,6 +777,11 @@
1313 -S, --suffix=SUFFIX override the usual backup suffix\n\
1314 -v, --verbose print the name of each directory as it is created\n\
1317 + -P, --preserve_context (SELinux) Preserve security context\n\
1318 + -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
1321 fputs (HELP_OPTION_DESCRIPTION, stdout);
1322 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1324 diff -urN coreutils-5.0.org/src/ls.c coreutils-5.0/src/ls.c
1325 --- coreutils-5.0.org/src/ls.c 2003-12-27 12:26:28.947092360 +0100
1326 +++ coreutils-5.0/src/ls.c 2003-12-27 12:42:14.887287592 +0100
1327 @@ -130,6 +130,18 @@
1329 #define AUTHORS N_ ("Richard Stallman and David MacKenzie")
1331 +#ifdef WITH_SELINUX
1332 +#include <selinux/selinux.h>
1333 +int selinux_enabled= 0;
1334 +static int print_scontext = 0;
1335 +#define check_selinux() if (!selinux_enabled) { \
1336 + fprintf( stderr, _("Sorry, this option can only be used " \
1337 + "on a SELinux-enabled kernel.\n" )); \
1338 + exit( EXIT_FAILURE ); \
1343 #define obstack_chunk_alloc malloc
1344 #define obstack_chunk_free free
1346 @@ -227,6 +239,10 @@
1347 /* For long listings, true if the file has an access control list. */
1351 +#ifdef WITH_SELINUX
1352 + security_context_t scontext;
1356 #if HAVE_ACL || USE_ACL
1358 static void sort_files (void);
1359 static void parse_ls_color (void);
1360 void usage (int status);
1361 +#ifdef WITH_SELINUX
1362 +static void print_scontext_format PARAMS ((const struct fileinfo *f));
1365 /* The name the program was run with, stripped of any leading path. */
1367 @@ -379,7 +398,10 @@
1368 one_per_line, /* -1 */
1369 many_per_line, /* -C */
1370 horizontal, /* -x */
1371 - with_commas /* -m */
1372 +#ifdef WITH_SELINUX
1373 + security_format, /* -Z */
1375 + with_commas /* -m */
1378 static enum format format;
1379 @@ -700,6 +722,11 @@
1380 SHOW_CONTROL_CHARS_OPTION,
1383 +#ifdef WITH_SELINUX
1391 @@ -743,6 +770,11 @@
1392 {"time-style", required_argument, 0, TIME_STYLE_OPTION},
1393 {"color", optional_argument, 0, COLOR_OPTION},
1394 {"block-size", required_argument, 0, BLOCK_SIZE_OPTION},
1395 +#ifdef WITH_SELINUX
1396 + {"context", no_argument, 0, CONTEXT_OPTION},
1397 + {"lcontext", no_argument, 0, LCONTEXT_OPTION},
1398 + {"scontext", no_argument, 0, SCONTEXT_OPTION},
1400 {"author", no_argument, 0, AUTHOR_OPTION},
1401 {GETOPT_HELP_OPTION_DECL},
1402 {GETOPT_VERSION_OPTION_DECL},
1403 @@ -752,12 +784,19 @@
1404 static char const *const format_args[] =
1406 "verbose", "long", "commas", "horizontal", "across",
1407 - "vertical", "single-column", 0
1408 + "vertical", "single-column",
1409 +#ifdef WITH_SELINUX
1415 static enum format const format_types[] =
1417 long_format, long_format, with_commas, horizontal, horizontal,
1418 +#ifdef WITH_SELINUX
1421 many_per_line, one_per_line
1424 @@ -1121,6 +1160,9 @@
1426 format_needs_stat = sort_type == sort_time || sort_type == sort_size
1427 || format == long_format
1428 +#ifdef WITH_SELINUX
1429 + || format == security_format || print_scontext
1431 || dereference == DEREF_ALWAYS
1432 || print_block_size || print_inode;
1433 format_needs_type = (format_needs_stat == 0
1434 @@ -1243,6 +1285,11 @@
1435 /* Record whether there is an option specifying sort type. */
1436 int sort_type_specified = 0;
1438 +#ifdef WITH_SELINUX
1439 + /* 1 iff kernel has new selinux system calls */
1440 + selinux_enabled= (is_selinux_enabled() > 0);
1443 qmark_funny_chars = 0;
1445 /* initialize all switches to default settings */
1446 @@ -1293,6 +1340,9 @@
1448 really_all_files = 0;
1449 ignore_patterns = 0;
1450 +#ifdef WITH_SELINUX
1451 + print_scontext = 0;
1454 /* FIXME: put this in a function. */
1456 @@ -1370,7 +1420,7 @@
1459 while ((c = getopt_long (argc, argv,
1460 - "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
1461 + "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
1462 long_options, NULL)) != -1)
1465 @@ -1490,6 +1540,13 @@
1466 format = horizontal;
1469 +#ifdef WITH_SELINUX
1472 + print_scontext = 1;
1473 + format = security_format;
1477 really_all_files = 0;
1479 @@ -1657,6 +1714,25 @@
1481 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1483 +#ifdef WITH_SELINUX
1485 + case CONTEXT_OPTION: /* new security format */
1487 + print_scontext = 1;
1488 + format = security_format;
1490 + case LCONTEXT_OPTION: /* long format plus security context */
1492 + print_scontext = 1;
1493 + format = long_format;
1495 + case SCONTEXT_OPTION: /* short form of new security format */
1497 + print_scontext = 0;
1498 + format = security_format;
1503 usage (EXIT_FAILURE);
1505 @@ -2308,6 +2384,12 @@
1506 free (files[i].name);
1507 if (files[i].linkname)
1508 free (files[i].linkname);
1509 +#ifdef WITH_SELINUX
1510 + if (files[i].scontext) {
1511 + freecon (files[i].scontext);
1512 + files[i].scontext=NULL;
1518 @@ -2334,6 +2416,9 @@
1519 files[files_index].linkname = 0;
1520 files[files_index].linkmode = 0;
1521 files[files_index].linkok = 0;
1522 +#ifdef WITH_SELINUX
1523 + files[files_index].scontext = NULL;
1527 || format_needs_stat
1528 @@ -2379,6 +2464,11 @@
1531 err = stat (path, &files[files_index].stat);
1532 +#ifdef WITH_SELINUX
1534 + if (selinux_enabled && (format == security_format || print_scontext))
1535 + getfilecon(path, &files[files_index].scontext);
1538 if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
1540 @@ -2397,6 +2487,11 @@
1542 default: /* DEREF_NEVER */
1543 err = lstat (path, &files[files_index].stat);
1544 +#ifdef WITH_SELINUX
1546 + if (selinux_enabled && (format == security_format || print_scontext))
1547 + lgetfilecon(path, &files[files_index].scontext);
1552 @@ -2825,6 +2920,16 @@
1553 DIRED_PUTCHAR ('\n');
1557 +#ifdef WITH_SELINUX
1558 + case security_format:
1559 + for (i = 0; i < files_index; i++)
1561 + print_scontext_format (files + i);
1562 + DIRED_PUTCHAR ('\n');
1569 @@ -3088,6 +3193,14 @@
1573 +#ifdef WITH_SELINUX
1575 + if ( print_scontext ) {
1576 + sprintf (p, "%-32s ", f->scontext);
1582 DIRED_FPUTS (buf, stdout, p - buf);
1583 print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
1584 @@ -3883,6 +3996,16 @@
1585 -X sort alphabetically by entry extension\n\
1586 -1 list one file per line\n\
1588 +#ifdef WITH_SELINUX
1589 +printf(_("SELinux options:\n\n\
1590 + --lcontext Display security context. Enable -l. Lines\n\
1591 + will probably be too wide for most displays.\n\
1592 + --context Display security context so it fits on most\n\
1593 + displays. Displays only mode, user, group,\n\
1594 + security context and file name.\n\
1595 + --scontext Display only security context and file name.\n\
1598 fputs (HELP_OPTION_DESCRIPTION, stdout);
1599 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1601 @@ -3901,3 +4024,79 @@
1606 +#ifdef WITH_SELINUX
1609 +print_scontext_format (const struct fileinfo *f)
1613 + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
1614 + 1 10-byte mode string,
1615 + 9 spaces, one following each of these fields, and
1616 + 1 trailing NUL byte. */
1618 + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
1619 + char *buf = init_bigbuf;
1620 + size_t bufsize = sizeof (init_bigbuf);
1631 + if ( print_scontext ) { /* zero means terse listing */
1632 + mode_string (f->stat.st_mode, modebuf);
1633 + modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
1634 + modebuf[11] = '\0';
1638 + (void) sprintf (p, "%s ", modebuf);
1641 + /* print standard user and group */
1643 + user_name = (numeric_ids ? NULL : getuser (f->stat.st_uid));
1645 + (void) sprintf (p, "%-8.8s ", user_name);
1647 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid);
1650 + if ( print_group ) {
1651 + group_name = (numeric_ids ? NULL : getgroup (f->stat.st_gid));
1653 + (void) sprintf (p, "%-8.8s ", group_name);
1655 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid);
1660 + (void) sprintf (p, "%-32s ", f->scontext);
1664 + DIRED_FPUTS (buf, stdout, p - buf);
1665 + print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, &dired_obstack);
1667 + if (f->filetype == symbolic_link) {
1668 + if (f->linkname) {
1669 + DIRED_FPUTS_LITERAL (" -> ", stdout);
1670 + print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, NULL);
1671 + if (indicator_style != none)
1672 + print_type_indicator (f->linkmode);
1676 + if (indicator_style != none)
1677 + print_type_indicator (f->stat.st_mode);
1681 diff -urN coreutils-5.0.org/src/Makefile.am coreutils-5.0/src/Makefile.am
1682 --- coreutils-5.0.org/src/Makefile.am 2003-12-27 12:26:28.928095248 +0100
1683 +++ coreutils-5.0/src/Makefile.am 2003-12-27 12:37:59.212156120 +0100
1685 EXTRA_SCRIPTS = nohup
1687 bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
1688 -bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
1689 +bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
1690 ginstall link ln dir vdir ls mkdir \
1691 mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
1692 cat cksum comm csplit cut expand fmt fold head join md5sum \
1693 nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
1694 basename date dirname echo env expr factor false getgid \
1695 - hostname id kill logname pathchk printenv printf pwd seq sleep tee \
1696 + hostname id kill logname pathchk printenv printf runcon pwd seq sleep tee \
1697 test true tty whoami yes \
1698 @OPTIONAL_BIN_PROGS@ @DF_PROG@
1701 # replacement functions defined in libfetish.a.
1702 LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
1704 -dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ $(LIBACL)
1705 -ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ $(LIBACL)
1706 +dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ $(LIBACL) @LIB_SELINUX@
1707 +ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ $(LIBACL) @LIB_SELINUX@
1708 shred_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
1709 -vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ $(LIBACL)
1710 -cp_LDADD = $(LDADD) $(LIBACL)
1711 -ginstall_LDADD = $(LDADD) $(LIBACL)
1712 -mv_LDADD = $(LDADD) $(LIBACL)
1713 +vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ $(LIBACL) @LIB_SELINUX@
1714 +cp_LDADD = $(LDADD) $(LIBACL) @LIB_SELINUX@
1715 +ginstall_LDADD = $(LDADD) $(LIBACL) @LIB_SELINUX@
1716 +mv_LDADD = $(LDADD) $(LIBACL) @LIB_SELINUX@
1717 +chcon_LDADD = $(LDADD) @LIB_SELINUX@
1718 +id_LDADD = $(LDADD) @LIB_SELINUX@
1719 +mkdir_LDADD = $(LDADD) @LIB_SELINUX@
1720 +mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
1721 +mknod_LDADD = $(LDADD) @LIB_SELINUX@
1722 +stat_LDADD = $(LDADD) @LIB_SELINUX@
1723 +runcon_LDADD = $(LDADD) @LIB_SELINUX@
1725 ## If necessary, add -lm to resolve use of pow in lib/strtod.c.
1726 sort_LDADD = $(LDADD) @POW_LIB@
1727 diff -urN coreutils-5.0.org/src/mkdir.c coreutils-5.0/src/mkdir.c
1728 --- coreutils-5.0.org/src/mkdir.c 2003-12-27 12:26:28.950091904 +0100
1729 +++ coreutils-5.0/src/mkdir.c 2003-12-27 12:26:52.958442080 +0100
1732 #define AUTHORS "David MacKenzie"
1734 +#ifdef WITH_SELINUX
1735 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1738 /* The name this program was run with. */
1743 static struct option const longopts[] =
1745 +#ifdef WITH_SELINUX
1746 + {"context", required_argument, NULL, 'Z'},
1748 {"mode", required_argument, NULL, 'm'},
1749 {"parents", no_argument, NULL, 'p'},
1750 {"verbose", no_argument, NULL, 'v'},
1752 Create the DIRECTORY(ies), if they do not already exist.\n\
1755 +#ifdef WITH_SELINUX
1757 + -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
1761 Mandatory arguments to long options are mandatory for short options too.\n\
1767 +#ifdef WITH_SELINUX
1768 + while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
1770 while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
1775 @@ -112,6 +128,20 @@
1776 case 'v': /* --verbose */
1777 verbose_fmt_string = _("created directory %s");
1779 +#ifdef WITH_SELINUX
1781 + /* politely decline if we're not on a selinux-enabled kernel. */
1782 + if( is_selinux_enabled() <= 0) {
1783 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on "
1784 + "a SELinux-enabled kernel.\n") );
1787 + if (setfscreatecon(optarg)) {
1788 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
1793 case_GETOPT_HELP_CHAR;
1794 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1796 diff -urN coreutils-5.0.org/src/mkfifo.c coreutils-5.0/src/mkfifo.c
1797 --- coreutils-5.0.org/src/mkfifo.c 2003-12-27 12:26:28.933094488 +0100
1798 +++ coreutils-5.0/src/mkfifo.c 2003-12-27 12:26:52.958442080 +0100
1801 #define AUTHORS "David MacKenzie"
1803 +#ifdef WITH_SELINUX
1804 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1807 /* The name this program was run with. */
1810 static struct option const longopts[] =
1812 +#ifdef WITH_SELINUX
1813 + {"context", required_argument, NULL, 'Z'},
1815 {"mode", required_argument, NULL, 'm'},
1816 {GETOPT_HELP_OPTION_DECL},
1817 {GETOPT_VERSION_OPTION_DECL},
1819 Create named pipes (FIFOs) with the given NAMEs.\n\
1822 +#ifdef WITH_SELINUX
1824 + -Z, --context=CONTEXT set security context (quoted string)\n\
1828 Mandatory arguments to long options are mandatory for short options too.\n\
1832 error (4, 0, _("fifo files not supported"));
1834 +#ifdef WITH_SELINUX
1835 + while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
1837 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
1842 @@ -101,6 +117,19 @@
1844 specified_mode = optarg;
1846 +#ifdef WITH_SELINUX
1848 + if( is_selinux_enabled() <= 0) {
1849 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on "
1850 + "a SELinux-enabled kernel.\n") );
1853 + if (setfscreatecon(optarg)) {
1854 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
1859 case_GETOPT_HELP_CHAR;
1860 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1862 diff -urN coreutils-5.0.org/src/mknod.c coreutils-5.0/src/mknod.c
1863 --- coreutils-5.0.org/src/mknod.c 2003-12-27 12:26:28.936094032 +0100
1864 +++ coreutils-5.0/src/mknod.c 2003-12-27 12:26:52.959441928 +0100
1866 /* The name this program was run with. */
1869 +#ifdef WITH_SELINUX
1870 +#include <selinux/selinux.h>
1873 static struct option const longopts[] =
1875 +#ifdef WITH_SELINUX
1876 + {"context", required_argument, NULL, 'Z'},
1878 {"mode", required_argument, NULL, 'm'},
1879 {GETOPT_HELP_OPTION_DECL},
1880 {GETOPT_VERSION_OPTION_DECL},
1882 Create the special file NAME of the given TYPE.\n\
1885 +#ifdef WITH_SELINUX
1887 + -Z, --context=CONTEXT set security context (quoted string)\n\
1891 Mandatory arguments to long options are mandatory for short options too.\n\
1893 @@ -102,7 +114,11 @@
1895 specified_mode = NULL;
1897 +#ifdef WITH_SELINUX
1898 + while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
1900 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
1905 @@ -111,6 +127,20 @@
1907 specified_mode = optarg;
1909 +#ifdef WITH_SELINUX
1911 + /* politely decline if we're not on a selinux-enabled kernel. */
1912 + if( is_selinux_enabled() <= 0) {
1913 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on "
1914 + "a SELinux-enabled kernel.\n") );
1917 + if (setfscreatecon(optarg)) {
1918 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
1923 case_GETOPT_HELP_CHAR;
1924 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1926 diff -urN coreutils-5.0.org/src/mv.c coreutils-5.0/src/mv.c
1927 --- coreutils-5.0.org/src/mv.c 2003-12-27 12:26:28.941093272 +0100
1928 +++ coreutils-5.0/src/mv.c 2003-12-27 12:26:52.962441472 +0100
1933 +#ifdef WITH_SELINUX
1934 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1935 +int selinux_enabled=0;
1938 /* The official name of this program (e.g., no `g' prefix). */
1939 #define PROGRAM_NAME "mv"
1941 @@ -381,6 +386,10 @@
1943 cp_option_init (&x);
1945 +#ifdef WITH_SELINUX
1946 + selinux_enabled= (is_selinux_enabled() > 0);
1949 /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
1950 we'll actually use backup_suffix_string. */
1951 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1952 diff -urN coreutils-5.0.org/src/runcon.c coreutils-5.0/src/runcon.c
1953 --- coreutils-5.0.org/src/runcon.c 1970-01-01 01:00:00.000000000 +0100
1954 +++ coreutils-5.0/src/runcon.c 2003-12-27 12:26:52.959441928 +0100
1957 + * runcon [ context |
1958 + * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
1959 + * command [arg1 [arg2 ...] ]
1961 + * attempt to run the specified command with the specified context.
1963 + * -r role : use the current context with the specified role
1964 + * -t type : use the current context with the specified type
1965 + * -u user : use the current context with the specified user
1966 + * -l level : use the current context with the specified level range
1968 + * Contexts are interpreted as follows:
1971 + * components system?
1975 + * 3 Y role:type:range
1976 + * 3 N user:role:type
1977 + * 4 Y user:role:type:range
1981 +#include <config.h>
1982 +#include <unistd.h>
1984 +#include <getopt.h>
1985 +#include <selinux/context.h>
1986 +#include <selinux/selinux.h>
1988 +#include "system.h"
1991 +/* The name the program was run with. */
1992 +char *program_name;
1997 + printf(_("Usage: %s [OPTION]... command [args]\n"
1998 + "Run a program in a different security context.\n\n"
1999 + " context Complete security context\n"
2000 + " -t type (for same role as parent)\n"
2001 + " -u user identity\n"
2003 + " -l levelrange\n"
2004 + " --help display this help and exit\n"),
2010 +main(int argc,char **argv,char **envp )
2016 + char *context = NULL;
2017 + security_context_t cur_context = NULL;
2021 + program_name = argv[0];
2022 + setlocale (LC_ALL, "");
2023 + bindtextdomain (PACKAGE, LOCALEDIR);
2024 + textdomain (PACKAGE);
2028 + int this_option_optind = optind ? optind : 1;
2029 + int option_index = 0;
2030 + static struct option long_options[] = {
2031 + { "role", 1, 0, 'r' },
2032 + { "type", 1, 0, 't' },
2033 + { "user", 1, 0, 'u' },
2034 + { "range", 1, 0, 'l' },
2035 + { "help", 0, 0, '?' },
2038 + c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index);
2045 + fprintf(stderr,_("multiple roles\n"));
2052 + fprintf(stderr,_("multiple types\n"));
2059 + fprintf(stderr,_("multiple users\n"));
2066 + fprintf(stderr,_("multiple levelranges\n"));
2072 + fprintf(stderr,_("unrecognised option %c\n"),c);
2078 + if ( !(user || role || type || range)) {
2079 + if ( optind >= argc ) {
2080 + usage(_("must specify -t, -u, -l, -r, or context"));
2082 + context = argv[optind++];
2085 + if ( optind >= argc ) {
2086 + usage(_("no command found"));
2090 + con = context_new(context);
2092 + fprintf(stderr,_("%s is not a valid context\n"), context);
2097 + getcon(&cur_context);
2098 + con = context_new(cur_context);
2100 + fprintf(stderr,_("%s is not a valid context\n"), context);
2104 + context_user_set(con,user);
2107 + context_type_set(con,type);
2110 + context_range_set(con,range);
2113 + context_role_set(con,role);
2117 + if (setexeccon(context_str(con))!=0) {
2118 + fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
2121 + if (cur_context!=NULL)
2122 + freecon(cur_context);
2124 + if ( execvp(argv[optind],argv+optind) ) {
2128 + return 1; /* can't reach this statement.... */
2130 diff -urN coreutils-5.0.org/src/stat.c coreutils-5.0/src/stat.c
2131 --- coreutils-5.0.org/src/stat.c 2003-12-27 12:26:28.951091752 +0100
2132 +++ coreutils-5.0/src/stat.c 2003-12-27 12:26:52.961441624 +0100
2134 # include <sys/vfs.h>
2137 +#ifdef WITH_SELINUX
2138 +#include <selinux/selinux.h>
2139 +#define SECURITY_ID_T security_context_t
2141 +#define SECURITY_ID_T char *
2144 /* NetBSD 1.5.2 needs these, for the declaration of struct statfs. */
2145 #if !HAVE_SYS_STATVFS_H && !HAVE_SYS_VFS_H
2146 # if HAVE_SYS_MOUNT_H && HAVE_SYS_PARAM_H
2148 {"dereference", no_argument, 0, 'L'},
2149 {"format", required_argument, 0, 'c'},
2150 {"filesystem", no_argument, 0, 'f'},
2151 + {"context", no_argument, 0, 'Z'},
2152 {"terse", no_argument, 0, 't'},
2153 {GETOPT_HELP_OPTION_DECL},
2154 {GETOPT_VERSION_OPTION_DECL},
2156 /* print statfs info */
2158 print_statfs (char *pformat, char m, char const *filename,
2160 + void const *data,SECURITY_ID_T scontext)
2162 STRUCT_STATVFS const *statfsbuf = data;
2164 @@ -394,7 +402,10 @@
2165 strcat (pformat, PRIdMAX);
2166 printf (pformat, (intmax_t) (statfsbuf->f_ffree));
2170 + strcat (pformat, "s");
2174 strcat (pformat, "c");
2175 printf (pformat, m);
2178 /* print stat info */
2180 -print_stat (char *pformat, char m, char const *filename, void const *data)
2181 +print_stat (char *pformat, char m, char const *filename, void const *data, SECURITY_ID_T scontext)
2183 struct stat *statbuf = (struct stat *) data;
2184 struct passwd *pw_ent;
2185 @@ -537,6 +548,10 @@
2186 strcat (pformat, "d");
2187 printf (pformat, (int) statbuf->st_ctime);
2190 + strcat (pformat, "s");
2191 + printf(pformat,scontext);
2194 strcat (pformat, "c");
2195 printf (pformat, m);
2199 print_it (char const *masterformat, char const *filename,
2200 - void (*print_func) (char *, char, char const *, void const *),
2202 + void (*print_func) (char *, char, char const *, void const *,SECURITY_ID_T ),
2203 + void const *data, SECURITY_ID_T scontext)
2211 - print_func (dest, *p, filename, data);
2212 + print_func (dest, *p, filename, data,scontext);
2216 @@ -598,9 +613,17 @@
2218 /* stat the filesystem and print what we find */
2220 -do_statfs (char const *filename, int terse, char const *format)
2221 +do_statfs (char const *filename, int terse, int secure, char const *format)
2223 STRUCT_STATVFS statfsbuf;
2224 + SECURITY_ID_T scontext = NULL;
2225 +#ifdef WITH_SELINUX
2227 + if (getfilecon(filename,&scontext)<0) {
2228 + perror (filename);
2232 int i = statfs (filename, &statfsbuf);
2235 @@ -612,23 +635,40 @@
2240 - ? "%n %i %l %t %b %f %a %s %c %d"
2241 - : " File: \"%n\"\n"
2242 - " ID: %-8i Namelen: %-7l Type: %T\n"
2243 - "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
2244 - "Inodes: Total: %-10c Free: %-10d");
2247 - print_it (format, filename, print_statfs, &statfsbuf);
2250 + format = "%n %i %l %t %b %f %a %s %c %d %C";
2252 + format = "%n %i %l %t %b %f %a %s %c %d";
2257 + format = " File: \"%n\"\n"
2258 + " ID: %-8i Namelen: %-7l Type: %T\n"
2259 + "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
2260 + "Inodes: Total: %-10c Free: %-10d\n"
2261 + " S_Context: %C\n";
2263 + format= " File: \"%n\"\n"
2264 + " ID: %-8i Namelen: %-7l Type: %T\n"
2265 + "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
2266 + "Inodes: Total: %-10c Free: %-10d";
2269 + print_it (format, filename, print_statfs, &statfsbuf,scontext);
2270 +#ifdef WITH_SELINUX
2271 + if (scontext != NULL)
2272 + freecon(scontext);
2276 /* stat the file and print what we find */
2278 -do_stat (char const *filename, int follow_links, int terse,
2279 + do_stat (char const *filename, int follow_links, int terse,int secure,
2282 struct stat statbuf;
2283 + SECURITY_ID_T scontext = NULL;
2284 int i = ((follow_links == 1)
2285 ? stat (filename, &statbuf)
2286 : lstat (filename, &statbuf));
2287 @@ -639,11 +679,28 @@
2291 +#ifdef WITH_SELINUX
2294 + i=lgetfilecon(filename, &scontext);
2296 + i=getfilecon(filename, &scontext);
2299 + perror (filename);
2309 - format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
2311 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C";
2313 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
2317 @@ -651,7 +708,17 @@
2318 i = statbuf.st_mode & S_IFMT;
2319 if (i == S_IFCHR || i == S_IFBLK)
2325 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2326 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2327 + " Device type: %t,%T\n"
2328 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2329 + " S_Context: %C\n"
2330 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2334 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2335 "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2336 @@ -661,6 +728,15 @@
2343 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2344 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n"
2345 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2347 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2351 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2352 @@ -670,7 +746,11 @@
2356 - print_it (format, filename, print_stat, &statbuf);
2357 + print_it (format, filename, print_stat, &statbuf,scontext);
2358 +#ifdef WITH_SELINUX
2360 + freecon(scontext);
2366 -f, --filesystem display filesystem status instead of file status\n\
2367 -c --format=FORMAT use the specified FORMAT instead of the default\n\
2368 -L, --dereference follow links\n\
2369 + -Z, --context print the security context\n\
2370 -t, --terse print the information in terse form\n\
2372 fputs (HELP_OPTION_DESCRIPTION, stdout);
2374 %c Total file nodes in file system\n\
2375 %d Free file nodes in file system\n\
2376 %f Free blocks in file system\n\
2377 + %C Security context in SELinux\n\
2380 %i File System id in hex\n\
2382 int follow_links = 0;
2386 char *format = NULL;
2388 program_name = argv[0];
2391 atexit (close_stdout);
2393 - while ((c = getopt_long (argc, argv, "c:fLlt", long_options, NULL)) != -1)
2394 + while ((c = getopt_long (argc, argv, "c:fLltZ", long_options, NULL)) != -1)
2398 @@ -787,6 +870,14 @@
2403 + if(is_selinux_enabled() > 0)
2406 + error (0, 0, _("Kernel is not SELinux-enabled"));
2407 + usage (EXIT_FAILURE);
2411 case_GETOPT_HELP_CHAR;
2414 for (i = optind; i < argc; i++)
2417 - do_stat (argv[i], follow_links, terse, format);
2418 + do_stat (argv[i], follow_links, terse, secure, format);
2420 - do_statfs (argv[i], terse, format);
2421 + do_statfs (argv[i], terse, secure, format);
2424 exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS);
2425 --- coreutils-5.0/po/POTFILES.in.orig 2003-12-29 00:25:44.000000000 +0100
2426 +++ coreutils-5.0/po/POTFILES.in 2003-12-29 00:27:23.176769816 +0100
2443 --- coreutils-5.0/po/pl.po.orig 2003-12-29 01:26:32.456197328 +0100
2444 +++ coreutils-5.0/po/pl.po 2003-12-29 01:27:15.382671512 +0100
2445 @@ -430,6 +430,95 @@
2446 msgid "closing standard output"
2447 msgstr "zamkniêcie standardowego wyj¶cia"
2451 +msgid "context of %s changed to %s\n"
2452 +msgstr "kontekst %s zmieniony na %s\n"
2456 +msgid "failed to change context of %s to %s\n"
2457 +msgstr "nie mo¿na zmieniæ kontekstu %s na %s\n"
2461 +msgid "context of %s retained as %s\n"
2462 +msgstr "kontekst %s zachowany jako %s\n"
2466 +msgid "can't apply partial context to unlabeled file %s"
2467 +msgstr "nie mo¿na zastosowaæ czê¶ciowego kontekstu na nieoznaczonym pliku %s"
2471 +msgid "couldn't compute security context from %s"
2472 +msgstr "nie mo¿na obliczyæ kontekstu bezpieczeñstwa z %s"
2476 +msgid "invalid context: %s"
2477 +msgstr "b³êdny kontekst: %s"
2481 +msgid "failed to change context of %s to %s"
2482 +msgstr "nie mo¿na zmieniæ kontekstu %s na %s"
2485 +msgid "virtual memory exhausted"
2486 +msgstr "pamiêæ wirtualna wyczerpana"
2491 +"Usage: %s [OPTION]... CONTEXT FILE...\n"
2492 +" or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n"
2493 +" or: %s [OPTION]... --reference=RFILE FILE...\n"
2495 +"Sk³adnia: %s [OPCJA]... KONTEKST PLIK...\n"
2496 +" albo: %s [OPCJA]... [-u U¯YTKOWNIK] [-r ROLA] [-l ZAKRES] [-t TYP] PLIK...\n"
2497 +" albo: %s [OPCJA]... --reference=PLIK_WZ PLIK...\n"
2502 +"Change the security context of each FILE to CONTEXT.\n"
2504 +" -c, --changes like verbose but report only when a change is made\n"
2505 +" -h, --no-dereference affect symbolic links instead of any referenced file\n"
2506 +" (available only on systems with lchown system call)\n"
2507 +" -f, --silent, --quiet suppress most error messages\n"
2508 +" --reference=RFILE use RFILE's group instead of using a CONTEXT value\n"
2509 +" -u, --user=USER set user USER in the target security context\n"
2510 +" -r, --role=ROLE set role ROLE in the target security context\n"
2511 +" -t, --type=TYPE set type TYPE in the target security context\n"
2512 +" -l, --range=RANGE set range RANGE in the target security context\n"
2513 +" -R, --recursive change files and directories recursively\n"
2514 +" -v, --verbose output a diagnostic for every file processed\n"
2515 +" --help display this help and exit\n"
2516 +" --version output version information and exit\n"
2518 +"Zmiana kontekstu bezpieczeñstwa ka¿dego PLIKU na KONTEKST.\n"
2520 +" -c, --changes jak verbose, ale raportowanie tylko wykonanych zmian\n"
2521 +" -h, --no-dereference zmiana dowi±zañ symbolicznych zamiast wskazywanych\n"
2522 +" plików (dostêpne tylko na systemach z lchown)\n"
2523 +" -f, --silent, --quiet pominiêcie wiêkszo¶ci komunikatów o b³êdach\n"
2524 +" --reference=PLIK u¿ycie grupy PLIKU zamiast warto¶ci KONTEKSTU\n"
2525 +" -u, --user=U¯YTKOWNIK ustawienie U¯YTKOWNIK w kontek¶cie bezpieczeñstwa\n"
2526 +" -r, --role=ROLA ustawienie ROLI w kontek¶cie bezpieczeñstwa\n"
2527 +" -t, --type=TYP ustawienie TYPU w kontek¶cie bezpieczeñstwa\n"
2528 +" -l, --range=ZAKRES ustawienie ZAKRESU w kontek¶cie bezpieczeñstwa\n"
2529 +" -R, --recursive zmiana plików i katalogów rekursywnie\n"
2530 +" -v, --verbose wypisywanie diagnostyki dla ka¿dego pliku\n"
2531 +" --help wy¶wietlenie tego opisu i zakoñczenie\n"
2532 +" --version wy¶wietlenie informacji o wersji i zakoñczenie\n"
2535 +msgid "conflicting security context specifiers given"
2536 +msgstr "konflikt miêdzy podanymi okre¶leniami kontekstu bezpieczeñstwa"
2539 msgid "cannot change to null group"
2540 msgstr "nie mo¿na zmieniæ grupy na pust±"
2541 @@ -945,6 +1034,21 @@
2542 "nie uda³o siê przeniesienie miêdzy urz±dzeniami: %s do %s; nie uda³o siê "
2543 "usunaæ pliku docelowego"
2547 +msgid "cannot set setfscreatecon %s"
2548 +msgstr "nie mo¿na ustawiæ setfscreatecon %s"
2552 +msgid "warning: security context not preserved %s"
2553 +msgstr "uwaga: nie zachowano kontekstu bezpieczeñstwa %s"
2557 +msgid "cannot lgetfilecon %s"
2558 +msgstr "nie mo¿na wykonaæ lgetfilecon %s"
2562 msgid "cannot copy cyclic symbolic link %s"
2563 @@ -1117,6 +1221,10 @@
2564 " atrybutów: links (dowi±zania), all "
2568 +msgid " -c same as --preserve=context\n"
2569 +msgstr " -c to samo co --preserve=context\n"
2573 " --no-preserve=ATTR_LIST don't preserve the specified attributes\n"
2574 @@ -1173,12 +1281,13 @@
2575 " destination file is missing\n"
2576 " -v, --verbose explain what is being done\n"
2577 " -x, --one-file-system stay on this file system\n"
2578 +" -Z, --context=CONTEXT set security context of copy to CONTEXT\n"
2580 " -u, --update kopiowanie tylko plików, dla których ¬RÓD£O\n"
2581 " jest nowsze ni¿ CEL albo brakuje CELU\n"
2582 " -v, --verbose wyja¶nianie co siê dzieje\n"
2583 " -x, --one-file-system pozostanie w jednym systemie plików\n"
2585 +" -Z, --context=KONTEKST ustawienie KONTEKSTU bezpieczeñstwa kopii\n"
2589 @@ -1293,6 +1402,26 @@
2590 "uwaga: opcja --version-control (-V) jest przestarza³a i zostanie usuniêta\n"
2591 "w jednej z nastêpnych wersji. U¿ywaj --backup=%s ."
2595 +msgid "%s: cannot force target context <-- %s and preserve it\n"
2596 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu <-- %s i zachowaæ go\n"
2600 +msgid "Warning: ignoring --context (-Z). It requires a SELinux-enabled kernel.\n"
2601 +msgstr "Uwaga: zignorowano --context (-Z). Ta opcja wymaga j±dra z obs³ug± SELinuksa.\n"
2603 +#: src/cp.c:1038 src/install.c:373
2605 +msgid "%s: cannot force target context to '%s' and preserve it\n"
2606 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu na '%s' i zachowaæ go\n"
2610 +msgid "cannot set default security context %s"
2611 +msgstr "nie mo¿na ustawiæ domy¶lnego kontekstu %s"
2613 #: src/cp.c:972 src/ln.c:464
2614 msgid "symbolic links are not supported on this system"
2615 msgstr "ten system nie ma dowi±zañ symbolicznych"
2616 @@ -2922,6 +3051,7 @@
2617 "Print information for USERNAME, or the current user.\n"
2619 " -a ignore, for compatibility with other versions\n"
2620 +" -Z, --context print only the context\n"
2621 " -g, --group print only the effective group ID\n"
2622 " -G, --groups print all group IDs\n"
2623 " -n, --name print a name instead of a number, for -ugG\n"
2624 @@ -2930,8 +3060,8 @@
2626 "Wy¶wietla informacjê o U¯YTKOWNIKU lub o aktualnym u¿ytkowniku.\n"
2628 -" -a ignorowane, dla zachowania kompatybilno¶ci z innymi "
2630 +" -a ignorowane, dla zachowania kompatybilno¶ci z innymi wersjami\n"
2631 +" -Z, --context wy¶wietlenie tylko kontekstu\n"
2632 " -g, --group wy¶wietlenie tylko efektywnego identyfikatora grupy\n"
2633 " -G, --groups wy¶wietlenie pe³nej listy grup\n"
2634 " -n, --name wy¶wietlenie nazw zamiast numerów, dla -ugG\n"
2635 @@ -2948,9 +3078,26 @@
2636 "Bez ¿adnych OPCJI wy¶wietla zestaw u¿ytecznych informacji, które uda³o siê\n"
2639 +#: src/id.c:165 src/mkdir.c:135 src/mkfifo.c:123 src/mknod.c:134
2641 +msgid "Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n"
2642 +msgstr "Niestety --context (-Z) mo¿na u¿ywaæ tylko na j±drze z obs³ug± SELinuksa.\n"
2646 +"cannot display context when SELinux not enabled or when displaying the id\n"
2647 +"of a different user"
2649 +"nie mo¿na wy¶wietliæ kontekstu kiedy SELinux nie jest w³±czony lub przy\n"
2650 +"wy¶wietlaniu identyfikatora innego u¿ytkownika"
2653 +msgid "can't get process context"
2654 +msgstr "nie mo¿na uzyskaæ kontekstu procesu"
2657 -msgid "cannot print only user and only group"
2658 -msgstr "nie mo¿na wypisaæ tylko u¿ytkownika i tylko grupê równocze¶nie"
2659 +msgid "cannot print \"only\" of more than one choice"
2660 +msgstr "nie mo¿na \"tylko czego¶\" dla wiêcej ni¿ jednej rzeczy"
2663 msgid "cannot print only names or real IDs in default format"
2664 @@ -2980,6 +3127,31 @@
2670 +msgid " context=%s"
2671 +msgstr " kontekst=%s"
2673 +#: src/install.c:368
2675 +msgid "Warning: ignoring --preserve_context (-P) because the kernel is not SELinux-enabled.\n"
2676 +msgstr "Uwaga: zignorowano --preserve_context (-P), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
2678 +#: src/install.c:381
2680 +msgid "Warning: ignoring --context (-Z) because the kernel is not SELinux-enabled.\n"
2681 +msgstr "Uwaga: zignorowano --context (-Z), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
2683 +#: src/install.c:387
2685 +msgid "%s: cannot force target context == '%s' and preserve it\n"
2686 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu '%s' i zachowaæ go\n"
2688 +#: src/install.c:392
2690 +msgid "%s: cannot setup default context == '%s'\n"
2691 +msgstr "%s: nie mo¿na ustawiæ domy¶lnego kontekstu '%s'\n"
2693 #: src/install.c:269
2694 msgid "the strip option may not be used when installing a directory"
2695 msgstr "opcja obcinania (strip) nie mo¿e byæ u¿yta przy instalowaniu katalogu"
2696 @@ -3117,6 +3289,14 @@
2697 " -S, --suffix=ROZSZERZ zmiana domy¶lnego ROZSZERZENIA kopii zapasowej\n"
2698 " -v, --verbose wypisanie nazwy ka¿dego tworzonego katalogu\n"
2700 +#: src/install.c:780
2702 +" -P, --preserve_context (SELinux) Preserve security context\n"
2703 +" -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n"
2705 +" -P, --preserve_context (SELinux) zachowanie kontekstu bezpieczeñstwa\n"
2706 +" -Z, --context=KONTEKST (SELinux) ustawienie kontekstu plików i katalogów\n"
2708 #: src/install.c:635 src/ln.c:377 src/mv.c:348
2711 @@ -3497,6 +3677,11 @@
2712 msgid "%s: no login name\n"
2713 msgstr "%s: brak nazwy u¿ytkownika\n"
2717 +msgid "Sorry, this option can only be used on a SELinux-enabled kernel.\n"
2718 +msgstr "Niestety tej opcji mo¿na u¿yæ tylko na j±drze z obs³ug± SELinuksa.\n"
2723 @@ -3831,6 +4016,28 @@
2724 " -X sortowanie alfabetyczne wg rozszerzeñ\n"
2725 " -1 listowanie po jednym pliku w linii\n"
2730 +"SELinux options:\n"
2732 +" --lcontext Display security context. Enable -l. Lines\n"
2733 +" will probably be too wide for most displays.\n"
2734 +" --context Display security context so it fits on most\n"
2735 +" displays. Displays only mode, user, group,\n"
2736 +" security context and file name.\n"
2737 +" --scontext Display only security context and file name.\n"
2739 +"Opcje dla SELinuksa:\n"
2741 +" --lcontext wy¶wietlanie kontekstu bezpieczeñstwa; w³±cza -l,\n"
2742 +" linie mog± byæ zbyt d³ugie dla wielu terminali\n"
2743 +" --context wy¶wietlanie kontekstu tak, ¿eby zmie¶ci³ siê na\n"
2744 +" wiêkszo¶ci terminali; wy¶wietlane s± tylko\n"
2745 +" uprawnienia, w³a¶ciciel, grupa, kontekst\n"
2746 +" bezpieczeñstwa i nazwa pliku\n"
2747 +" --scontext wy¶wietlanie tylko kontekstu i nazwy pliku\n"
2752 @@ -4022,6 +4229,11 @@
2753 "Utworzenie KATALOGU/ÓW, je¿eli jeszcze nie istniej±.\n"
2758 +msgid " -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n"
2759 +msgstr " -Z, --context=KONTEKST (SELinux) ustawienie KONTEKSTU bezpieczeñstwa\n"
2763 " -m, --mode=MODE set permission mode (as in chmod), not rwxrwxrwx - "
2764 @@ -4039,6 +4251,11 @@
2765 msgid "created directory %s"
2766 msgstr "utworzony katalog %s"
2768 +#: src/mkdir.c:140 src/mkfifo.c:128 src/mknod.c:139
2770 +msgid "Sorry, cannot set default context to %s.\n"
2771 +msgstr "Niestety nie mo¿na ustawiæ domy¶lnego kontekstu na %s.\n"
2775 msgid "cannot set permissions of directory %s"
2776 @@ -4057,6 +4274,11 @@
2777 "Tworzenie nazwanych potoków (pipes, FIFOs) o podanych NAZWACH.\n"
2780 +#: src/mkfifo.c:68 src/mknod.c:69
2782 +msgid " -Z, --context=CONTEXT set security context (quoted string)\n"
2783 +msgstr " -Z, --context=KONTEKST ustawienie kontekstu bezpieczeñstwa (³añcuch cytowany)\n"
2785 #: src/mkfifo.c:63 src/mknod.c:64
2787 " -m, --mode=MODE set permission mode (as in chmod), not a=rw - umask\n"
2788 @@ -5670,6 +5892,72 @@
2789 " -v, --verbose informacja diagnostyczna o ka¿dym przetworzonym\n"
2795 +"Usage: %s [OPTION]... command [args]\n"
2796 +"Run a program in a different security context.\n"
2798 +" context Complete security context\n"
2799 +" -t type (for same role as parent)\n"
2800 +" -u user identity\n"
2803 +" --help display this help and exit\n"
2805 +"Sk³adnia: %s [OPCJA]... polecenie [argumenty]\n"
2806 +"Uruchomienie programu w innym kontek¶cie bezpieczeñstwa.\n"
2808 +" kontekst pe³ny kontekst bezpieczeñstwa\n"
2809 +" -t typ (dla tej samej roli jako rodzica)\n"
2810 +" -u identyfikator u¿ytkownika\n"
2812 +" -l zakres poziomów\n"
2813 +" --help wy¶wietlenie tego opisu i zakoñczenie\n"
2817 +msgid "multiple roles\n"
2818 +msgstr "wiele ról\n"
2822 +msgid "multiple types\n"
2823 +msgstr "wiele typów\n"
2825 +#: src/runcon.c:104
2827 +msgid "multiple users\n"
2828 +msgstr "wielu u¿ytkowników\n"
2830 +#: src/runcon.c:111
2832 +msgid "multiple levelranges\n"
2833 +msgstr "wiele zakresów poziomów\n"
2835 +#: src/runcon.c:117
2837 +msgid "unrecognised option %c\n"
2838 +msgstr "nierozpoznana opcja %c\n"
2840 +#: src/runcon.c:125
2841 +msgid "must specify -t, -u, -l, -r, or context"
2842 +msgstr "trzeba podaæ -t, -u, -l, -r albo kontekst"
2844 +#: src/runcon.c:131
2845 +msgid "no command found"
2846 +msgstr "nie znaleziono polecenia"
2848 +#: src/runcon.c:137 src/runcon.c:145
2850 +msgid "%s is not a valid context\n"
2851 +msgstr "%s nie jest poprawnym kontekstem\n"
2853 +#: src/runcon.c:163
2855 +msgid "unable to setup security context %s\n"
2856 +msgstr "nie mo¿na ustawiæ kontekstu bezpieczeñstwa %s\n"
2861 @@ -6303,6 +6591,7 @@
2862 " -f, --filesystem display filesystem status instead of file status\n"
2863 " -c --format=FORMAT use the specified FORMAT instead of the default\n"
2864 " -L, --dereference follow links\n"
2865 +" -Z, --context print the security context\n"
2866 " -t, --terse print the information in terse form\n"
2868 "Pokazanie danych pliku albo systemu plików\n"
2869 @@ -6310,6 +6599,7 @@
2870 " -f, --filesystem pokazanie danych systemu plików, a nie pliku\n"
2871 " -c --format=FORMAT u¿ycie podanego FORMATU zamiast domy¶lnego\n"
2872 " -L, --dereference rozwi±zywanie dowi±zañ symbolicznych\n"
2873 +" -Z, --context wypisywanie kontekstu bezpieczeñstwa\n"
2874 " -t, --terse wypisywanie informacji w skróconej formie\n"
2877 @@ -6397,6 +6687,7 @@
2878 " %c Total file nodes in file system\n"
2879 " %d Free file nodes in file system\n"
2880 " %f Free blocks in file system\n"
2881 +" %C Security context in SELinux\n"
2883 "Prawid³owe specyfikacje formatu dla systemów plików:\n"
2885 @@ -6405,6 +6696,7 @@
2886 " %c ca³kowita liczba i-wêz³ów w systemie plików\n"
2887 " %d liczba wolnych i-wêz³ów w systemie plików\n"
2888 " %f liczba wolnych bloków w systemie plików\n"
2889 +" %C kontekst bezpieczeñstwa w SELinuksie\n"
2893 @@ -6422,6 +6714,10 @@
2894 " %T typ w formie czytelnej dla cz³owieka\n"
2895 " %t typ szesnastkowo\n"
2898 +msgid "Kernel is not SELinux-enabled"
2899 +msgstr "J±dro nie ma obs³ugi SELinuksa"