---- coreutils-5.0/src/Makefile.am.selinux 2003-05-21 11:20:27.000000000 -0400
-+++ coreutils-5.0/src/Makefile.am 2003-05-21 11:20:28.000000000 -0400
-@@ -4,13 +4,13 @@
- EXTRA_SCRIPTS = nohup
-
- bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
--bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
-+bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
+diff -Nur coreutils-6.4/README coreutils-6.4.selinux/README
+--- coreutils-6.4/README 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/README 2006-10-31 23:39:34.000000000 +0000
+@@ -7,11 +7,11 @@
+
+ The programs that can be built with this package are:
+
+- [ base64 basename cat chgrp chmod chown chroot cksum comm cp csplit cut date
++ [ base64 basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date
+ dd df dir dircolors dirname du echo env expand expr factor false fmt fold
+ ginstall groups head hostid hostname id join kill link ln logname ls
+ md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
+- printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum sha256sum
++ printenv printf ptx pwd readlink rm rmdir runuser runcon seq sha1sum sha224sum sha256sum
+ sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac
+ tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime
+ users vdir wc who whoami yes
+diff -Nur coreutils-6.4/configure.ac coreutils-6.4.selinux/configure.ac
+--- coreutils-6.4/configure.ac 2006-10-31 23:38:15.000000000 +0000
++++ coreutils-6.4.selinux/configure.ac 2006-10-31 23:39:34.000000000 +0000
+@@ -264,6 +264,13 @@
+ LIB_CRYPT=
+ fi
+
++dnl Give the chance to enable SELINUX
++AC_ARG_ENABLE(selinux, dnl
++[ --enable-selinux Enable use of the SELinux libraries],
++[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELinux])
++LIB_SELINUX="-lselinux"
++AC_SUBST(LIB_SELINUX)])
++
+ AC_CONFIG_FILES(
+ Makefile
+ doc/Makefile
+diff -Nur coreutils-6.4/lib/config.hin coreutils-6.4.selinux/lib/config.hin
+--- coreutils-6.4/lib/config.hin 2006-10-22 20:36:23.000000000 +0000
++++ coreutils-6.4.selinux/lib/config.hin 2006-10-31 23:39:34.000000000 +0000
+@@ -1645,6 +1645,9 @@
+ 'wint_t'. */
+ #undef WINT_T_SUFFIX
+
++/* Define if you want to use SELINUX */
++#undef WITH_SELINUX
++
+ /* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+ #undef WORDS_BIGENDIAN
+--- coreutils-6.5/man/Makefile.am.orig 2006-11-22 10:47:32.569505000 +0100
++++ coreutils-6.5/man/Makefile.am 2006-11-22 10:48:11.669505000 +0100
+@@ -30,7 +30,7 @@
+ shred.1 shuf.1 sleep.1 sort.1 split.1 stat.1 \
+ su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
+ tty.1 unexpand.1 uniq.1 unlink.1 vdir.1 wc.1 \
+- whoami.1 yes.1 $(MAN)
++ whoami.1 yes.1 chcon.1 runcon.1 $(MAN)
+ optional_mans = \
+ chroot.1 hostid.1 nice.1 pinky.1 stty.1 uname.1 uptime.1 users.1 who.1
+ man_MANS = getgid.1
+@@ -142,6 +142,8 @@
+ who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
+ whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
+ yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
++chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
++runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
+
+ SUFFIXES = .x .1
+
+diff -Nur coreutils-6.4/man/chcon.1 coreutils-6.4.selinux/man/chcon.1
+--- coreutils-6.4/man/chcon.1 1970-01-01 00:00:00.000000000 +0000
++++ coreutils-6.4.selinux/man/chcon.1 2006-10-31 23:39:34.000000000 +0000
+@@ -0,0 +1,64 @@
++.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
++.SH NAME
++chcon \- change security context
++.SH SYNOPSIS
++.B chcon
++[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
++.br
++.B chcon
++[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
++.SH DESCRIPTION
++.PP
++." Add any additional description here
++.PP
++Change the security context of each FILE to CONTEXT.
++.TP
++\fB\-c\fR, \fB\-\-changes\fR
++like verbose but report only when a change is made
++.TP
++\fB\-h\fR, \fB\-\-no\-dereference\fR
++affect symbolic links instead of any referenced file (available only on systems with lchown system call)
++.TP
++\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
++suppress most error messages
++.TP
++\fB\-l\fR, \fB\-\-range\fR
++set range RANGE in the target security context
++.TP
++\fB\-\-reference\fR=\fIRFILE\fR
++use RFILE's context instead of using a CONTEXT value
++.TP
++\fB\-R\fR, \fB\-\-recursive\fR
++change files and directories recursively
++.TP
++\fB\-r\fR, \fB\-\-role\fR
++set role ROLE in the target security context
++.TP
++\fB\-t\fR, \fB\-\-type\fR
++set type TYPE in the target security context
++.TP
++\fB\-u\fR, \fB\-\-user\fR
++set user USER in the target security context
++.TP
++\fB\-v\fR, \fB\-\-verbose\fR
++output a diagnostic for every file processed
++.TP
++\fB\-\-help\fR
++display this help and exit
++.TP
++\fB\-\-version\fR
++output version information and exit
++.SH "REPORTING BUGS"
++Report bugs to <email@host.com>.
++.SH "SEE ALSO"
++The full documentation for
++.B chcon
++is maintained as a Texinfo manual. If the
++.B info
++and
++.B chcon
++programs are properly installed at your site, the command
++.IP
++.B info chcon
++.PP
++should give you access to the complete manual.
+diff -Nur coreutils-6.4/man/chcon.x coreutils-6.4.selinux/man/chcon.x
+--- coreutils-6.4/man/chcon.x 1970-01-01 00:00:00.000000000 +0000
++++ coreutils-6.4.selinux/man/chcon.x 2006-10-31 23:39:34.000000000 +0000
+@@ -0,0 +1,4 @@
++[NAME]
++chcon \- change file security context
++[DESCRIPTION]
++.\" Add any additional description here
+diff -Nur coreutils-6.4/man/cp.1 coreutils-6.4.selinux/man/cp.1
+--- coreutils-6.4/man/cp.1 2006-10-22 19:56:33.000000000 +0000
++++ coreutils-6.4.selinux/man/cp.1 2006-10-31 23:39:34.000000000 +0000
+@@ -57,7 +57,7 @@
+ .TP
+ \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
+ preserve the specified attributes (default:
+-mode,ownership,timestamps), if possible
++mode,ownership,timestamps) and security contexts, if possible
+ additional attributes: links, all
+ .TP
+ \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
+@@ -106,6 +106,9 @@
+ \fB\-\-help\fR
+ display this help and exit
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context of copy to CONTEXT
++.TP
+ \fB\-\-version\fR
+ output version information and exit
+ .PP
+diff -Nur coreutils-6.4/man/dir.1 coreutils-6.4.selinux/man/dir.1
+--- coreutils-6.4/man/dir.1 2006-10-22 19:56:34.000000000 +0000
++++ coreutils-6.4.selinux/man/dir.1 2006-10-31 23:39:34.000000000 +0000
+@@ -204,6 +204,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELinux options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -Nur coreutils-6.4/man/id.1 coreutils-6.4.selinux/man/id.1
+--- coreutils-6.4/man/id.1 2006-10-22 19:56:35.000000000 +0000
++++ coreutils-6.4.selinux/man/id.1 2006-10-31 23:39:34.000000000 +0000
+@@ -13,6 +13,9 @@
+ \fB\-a\fR
+ ignore, for compatibility with other versions
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR
++print only the security context
++.TP
+ \fB\-g\fR, \fB\-\-group\fR
+ print only the effective group ID
+ .TP
+diff -Nur coreutils-6.4/man/install.1 coreutils-6.4.selinux/man/install.1
+--- coreutils-6.4/man/install.1 2006-10-22 19:56:35.000000000 +0000
++++ coreutils-6.4.selinux/man/install.1 2006-10-31 23:39:34.000000000 +0000
+@@ -66,6 +66,11 @@
+ .TP
+ \fB\-v\fR, \fB\-\-verbose\fR
+ print the name of each directory as it is created
++.HP
++\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
++.TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++(SELinux) Set security context of files and directories
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -Nur coreutils-6.4/man/ls.1 coreutils-6.4.selinux/man/ls.1
+--- coreutils-6.4/man/ls.1 2006-10-22 19:56:35.000000000 +0000
++++ coreutils-6.4.selinux/man/ls.1 2006-10-31 23:39:34.000000000 +0000
+@@ -204,6 +204,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELinux options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-Z\fR, \fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -Nur coreutils-6.4/man/mkdir.1 coreutils-6.4.selinux/man/mkdir.1
+--- coreutils-6.4/man/mkdir.1 2006-10-22 19:56:35.000000000 +0000
++++ coreutils-6.4.selinux/man/mkdir.1 2006-10-31 23:39:34.000000000 +0000
+@@ -12,6 +12,8 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set file mode (as in chmod), not a=rwx \- umask
+ .TP
+diff -Nur coreutils-6.4/man/mkfifo.1 coreutils-6.4.selinux/man/mkfifo.1
+--- coreutils-6.4/man/mkfifo.1 2006-10-22 19:56:35.000000000 +0000
++++ coreutils-6.4.selinux/man/mkfifo.1 2006-10-31 23:39:34.000000000 +0000
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set file permission bits to MODE, not a=rw \- umask
+ .TP
+diff -Nur coreutils-6.4/man/mknod.1 coreutils-6.4.selinux/man/mknod.1
+--- coreutils-6.4/man/mknod.1 2006-10-22 19:56:35.000000000 +0000
++++ coreutils-6.4.selinux/man/mknod.1 2006-10-31 23:39:34.000000000 +0000
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set file permission bits to MODE, not a=rw \- umask
+ .TP
+diff -Nur coreutils-6.4/man/runcon.1 coreutils-6.4.selinux/man/runcon.1
+--- coreutils-6.4/man/runcon.1 1970-01-01 00:00:00.000000000 +0000
++++ coreutils-6.4.selinux/man/runcon.1 2006-10-31 23:39:34.000000000 +0000
+@@ -0,0 +1,39 @@
++.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux"
++.SH NAME
++runcon \- run command with specified security context
++.SH SYNOPSIS
++.B runcon
++[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
++.PP
++or
++.PP
++.B runcon
++\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
++.PP
++.br
++.SH DESCRIPTION
++.PP
++.\" Add any additional description here
++.PP
++Run COMMAND with current security context modified by one or more of LEVEL,
++ROLE, TYPE, and USER, or with completely-specified CONTEXT.
++.TP
++\fB\-t\fR
++change current type to the specified type
++.TP
++\fB\-l\fR
++change current level range to the specified range
++.TP
++\fB\-r\fR
++change current role to the specified role
++.TP
++\fB\-u\fR
++change current user to the specified user
++.PP
++If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
++the first argument is used as the complete context. Any additional
++arguments after \fICOMMAND\fR are interpreted as arguments to the
++command.
++.PP
++Note that only carefully-chosen contexts are likely to successfully
++run.
+diff -Nur coreutils-6.4/man/runcon.x coreutils-6.4.selinux/man/runcon.x
+--- coreutils-6.4/man/runcon.x 1970-01-01 00:00:00.000000000 +0000
++++ coreutils-6.4.selinux/man/runcon.x 2006-10-31 23:39:34.000000000 +0000
+@@ -0,0 +1,2 @@
++[DESCRIPTION]
++.\" Add any additional description here
+diff -Nur coreutils-6.4/man/stat.1 coreutils-6.4.selinux/man/stat.1
+--- coreutils-6.4/man/stat.1 2006-10-22 19:56:37.000000000 +0000
++++ coreutils-6.4.selinux/man/stat.1 2006-10-31 23:39:34.000000000 +0000
+@@ -28,6 +28,9 @@
+ \fB\-t\fR, \fB\-\-terse\fR
+ print the information in terse form
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR
++print security context information for SELinux if available.
++.TP
+ \fB\-\-help\fR
+ display this help and exit
+ .TP
+@@ -51,6 +54,9 @@
+ %d
+ Device number in decimal
+ .TP
++%C
++SELinux security context
++.TP
+ %D
+ Device number in hex
+ .TP
+diff -Nur coreutils-6.4/man/vdir.1 coreutils-6.4.selinux/man/vdir.1
+--- coreutils-6.4/man/vdir.1 2006-10-22 19:56:39.000000000 +0000
++++ coreutils-6.4.selinux/man/vdir.1 2006-10-31 23:39:34.000000000 +0000
+@@ -204,6 +204,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELinux options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -Nur coreutils-6.4/po/POTFILES.in coreutils-6.4.selinux/po/POTFILES.in
+--- coreutils-6.4/po/POTFILES.in 2006-10-31 23:38:15.000000000 +0000
++++ coreutils-6.4.selinux/po/POTFILES.in 2006-10-31 23:39:34.000000000 +0000
+@@ -33,6 +33,7 @@
+ src/base64.c
+ src/basename.c
+ src/cat.c
++src/chcon.c
+ src/chgrp.c
+ src/chmod.c
+ src/chown-core.c
+@@ -91,6 +92,7 @@
+ src/remove.c
+ src/rm.c
+ src/rmdir.c
++src/runcon.c
+ src/seq.c
+ src/setuidgid.c
+ src/shred.c
+--- coreutils-6.7/po/pl.po.orig 2006-12-09 20:03:10.686071942 +0100
++++ coreutils-6.7/po/pl.po 2006-12-09 20:06:54.942851606 +0100
+@@ -867,6 +867,95 @@
+ msgid "%s: input file is output file"
+ msgstr "%s: plik wej¶ciowy jest plikiem wyj¶ciowym"
+
++#: src/chcon.c:101
++#, c-format
++msgid "context of %s changed to %s\n"
++msgstr "kontekst %s zmieniony na %s\n"
++
++#: src/chcon.c:104
++#, c-format
++msgid "failed to change context of %s to %s\n"
++msgstr "nie mo¿na zmieniæ kontekstu %s na %s\n"
++
++#: src/chcon.c:107
++#, c-format
++msgid "context of %s retained as %s\n"
++msgstr "kontekst %s zachowany jako %s\n"
++
++#: src/chcon.c:172
++#, c-format
++msgid "can't apply partial context to unlabeled file %s"
++msgstr "nie mo¿na zastosowaæ czê¶ciowego kontekstu na nieoznakowanym pliku %s"
++
++#: src/chcon.c:180
++#, c-format
++msgid "couldn't compute security context from %s"
++msgstr "nie mo¿na obliczyæ kontekstu bezpieczeñstwa z %s"
++
++#: src/chcon.c:188
++#, c-format
++msgid "invalid context: %s"
++msgstr "b³êdny kontekst: %s"
++
++#: src/chcon.c:210
++#, c-format
++msgid "failed to change context of %s to %s"
++msgstr "nie mo¿na zmieniæ kontekstu %s na %s"
++
++#: src/chcon.c:258
++msgid "virtual memory exhausted"
++msgstr "pamiêæ wirtualna wyczerpana"
++
++#: src/chcon.c:292
++#, c-format
++msgid ""
++"Usage: %s [OPTION]... CONTEXT FILE...\n"
++" or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n"
++" or: %s [OPTION]... --reference=RFILE FILE...\n"
++msgstr ""
++"Sk³adnia: %s [OPCJA]... KONTEKST PLIK...\n"
++" albo: %s [OPCJA]... [-u U¯YTKOWNIK] [-r ROLA] [-l ZAKRES] [-t TYP] PLIK...\n"
++" albo: %s [OPCJA]... --reference=PLIK_WZ PLIK...\n"
++
++#: src/chcon.c:298
++#, c-format
++msgid ""
++"Change the security context of each FILE to CONTEXT.\n"
++"\n"
++" -c, --changes like verbose but report only when a change is made\n"
++" -h, --no-dereference affect symbolic links instead of any referenced file\n"
++" (available only on systems with lchown system call)\n"
++" -f, --silent, --quiet suppress most error messages\n"
++" --reference=RFILE use RFILE's group instead of using a CONTEXT value\n"
++" -u, --user=USER set user USER in the target security context\n"
++" -r, --role=ROLE set role ROLE in the target security context\n"
++" -t, --type=TYPE set type TYPE in the target security context\n"
++" -l, --range=RANGE set range RANGE in the target security context\n"
++" -R, --recursive change files and directories recursively\n"
++" -v, --verbose output a diagnostic for every file processed\n"
++" --help display this help and exit\n"
++" --version output version information and exit\n"
++msgstr ""
++"Zmiana kontekstu bezpieczeñstwa ka¿dego PLIKU na KONTEKST.\n"
++"\n"
++" -c, --changes jak verbose, ale raportowanie tylko wykonanych zmian\n"
++" -h, --no-dereference zmiana dowi±zañ symbolicznych zamiast wskazywanych\n"
++" plików (dostêpne tylko na systemach z lchown)\n"
++" -f, --silent, --quiet pominiêcie wiêkszo¶ci komunikatów o b³êdach\n"
++" --reference=PLIK u¿ycie grupy PLIKU zamiast warto¶ci KONTEKSTU\n"
++" -u, --user=U¯YTKOWNIK ustawienie U¯YTKOWNIK w kontek¶cie bezpieczeñstwa\n"
++" -r, --role=ROLA ustawienie ROLI w kontek¶cie bezpieczeñstwa\n"
++" -t, --type=TYP ustawienie TYPU w kontek¶cie bezpieczeñstwa\n"
++" -l, --range=ZAKRES ustawienie ZAKRESU w kontek¶cie bezpieczeñstwa\n"
++" -R, --recursive zmiana plików i katalogów rekursywnie\n"
++" -v, --verbose wypisywanie diagnostyki dla ka¿dego pliku\n"
++" --help wy¶wietlenie tego opisu i zakoñczenie\n"
++" --version wy¶wietlenie informacji o wersji i zakoñczenie\n"
++
++#: src/chcon.c:393
++msgid "conflicting security context specifiers given"
++msgstr "konflikt miêdzy podanymi okre¶leniami kontekstu bezpieczeñstwa"
++
+ #: src/chgrp.c:95 src/install.c:611
+ #, c-format
+ msgid "invalid group %s"
+@@ -1540,6 +1629,21 @@
+ "nie uda³o siê przeniesienie miêdzy urz±dzeniami: %s do %s; nie uda³o siê "
+ "usunaæ pliku docelowego"
+
++#: src/copy.c:1305
++#, c-format
++msgid "cannot set setfscreatecon %s"
++msgstr "nie mo¿na ustawiæ setfscreatecon %s"
++
++#: src/copy.c:1315
++#, c-format
++msgid "warning: security context not preserved %s"
++msgstr "uwaga: nie zachowano kontekstu bezpieczeñstwa %s"
++
++#: src/copy.c:1317
++#, c-format
++msgid "cannot lgetfilecon %s"
++msgstr "nie mo¿na wykonaæ lgetfilecon %s"
++
+ #: src/copy.c:1553
+ #, c-format
+ msgid "cannot copy cyclic symbolic link %s"
+@@ -1688,6 +1792,10 @@
+ " atrybutów: links (dowi±zania), all "
+ "(wszystkie))\n"
+
++#: src/cp.c:202
++msgid " -c same as --preserve=context\n"
++msgstr " -c to samo co --preserve=context\n"
++
+ #: src/cp.c:196
+ msgid ""
+ " --no-preserve=ATTR_LIST don't preserve the specified attributes\n"
+@@ -1740,12 +1848,13 @@
+ " destination file is missing\n"
+ " -v, --verbose explain what is being done\n"
+ " -x, --one-file-system stay on this file system\n"
++" -Z, --context=CONTEXT set security context of copy to CONTEXT\n"
+ msgstr ""
+ " -u, --update kopiowanie tylko plików, dla których ¬RÓD£O\n"
+ " jest nowsze ni¿ CEL albo brakuje CELU\n"
+ " -v, --verbose wyja¶nianie co siê dzieje\n"
+ " -x, --one-file-system pozostanie w jednym systemie plików\n"
+-"\n"
++" -Z, --context=KONTEKST ustawienie KONTEKSTU bezpieczeñstwa kopii\n"
+
+ #: src/cp.c:225
+ msgid ""
+@@ -1874,6 +1983,26 @@
+ msgid "multiple target directories specified"
+ msgstr "podano wiele katalogów docelowych"
+
++#: src/cp.c:1017
++#, c-format
++msgid "%s: cannot force target context <-- %s and preserve it\n"
++msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu <-- %s i zachowaæ go\n"
++
++#: src/cp.c:1027
++#, c-format
++msgid "Warning: ignoring --context (-Z). It requires a SELinux enabled kernel.\n"
++msgstr "Uwaga: zignorowano --context (-Z). Ta opcja wymaga j±dra z obs³ug± SELinuksa.\n"
++
++#: src/cp.c:1031 src/install.c:369
++#, c-format
++msgid "%s: cannot force target context to '%s' and preserve it\n"
++msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu na '%s' i zachowaæ go\n"
++
++#: src/cp.c:1038
++#, c-format
++msgid "cannot set default security context %s"
++msgstr "nie mo¿na ustawiæ domy¶lnego kontekstu bezpieczeñstwa %s"
++
+ #: src/cp.c:1030
+ #, c-format
+ msgid "cannot make both hard and symbolic links"
+@@ -3880,6 +4009,7 @@
+ "Print information for USERNAME, or the current user.\n"
+ "\n"
+ " -a ignore, for compatibility with other versions\n"
++" -Z, --context print only the context\n"
+ " -g, --group print only the effective group ID\n"
+ " -G, --groups print all group IDs\n"
+ " -n, --name print a name instead of a number, for -ugG\n"
+@@ -3890,6 +4020,7 @@
+ "\n"
+ " -a ignorowane, dla zachowania kompatybilno¶ci z innymi "
+ "wersjami\n"
++" -Z, --context wy¶wietlenie tylko kontekstu\n"
+ " -g, --group wy¶wietlenie tylko efektywnego identyfikatora grupy\n"
+ " -G, --groups wy¶wietlenie pe³nej listy grup\n"
+ " -n, --name wy¶wietlenie nazw zamiast numerów, dla -ugG\n"
+@@ -3906,10 +4037,26 @@
+ "Bez ¿adnych OPCJI wy¶wietla zestaw u¿ytecznych informacji, które uda³o siê\n"
+ "zidentyfikowaæ.\n"
+
+-#: src/id.c:152
++#: src/id.c:165 src/mkdir.c:136 src/mkfifo.c:124 src/mknod.c:135
+ #, c-format
+-msgid "cannot print only user and only group"
+-msgstr "nie mo¿na wypisaæ tylko u¿ytkownika i tylko grupê równocze¶nie"
++msgid "Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n"
++msgstr "Niestety --context (-Z) mo¿na u¿ywaæ tylko na j±drze z obs³ug± SELinuksa.\n"
++
++#: src/id.c:198
++msgid ""
++"cannot display context when SELinux not enabled or when displaying the id\n"
++"of a different user"
++msgstr ""
++"nie mo¿na wy¶wietliæ kontekstu kiedy SELinux nie jest w³±czony lub przy\n"
++"wy¶wietlaniu identyfikatora innego u¿ytkownika"
++
++#: src/id.c:209
++msgid "can't get process context"
++msgstr "nie mo¿na uzyskaæ kontekstu procesu"
++
++#: src/id.c:214
++msgid "cannot print \"only\" of more than one choice"
++msgstr "nie mo¿na wypisaæ \"tylko czego¶\" dla wiêcej ni¿ jednej rzeczy"
+
+ #: src/id.c:156
+ #, c-format
+@@ -3941,6 +4088,31 @@
+ msgid " groups="
+ msgstr " grupy="
+
++#: src/id.c:458
++#, c-format
++msgid " context=%s"
++msgstr " kontekst=%s"
++
++#: src/install.c:365
++#, c-format
++msgid "Warning: ignoring --preserve_context (-P) because the kernel is not SELinux-enabled.\n"
++msgstr "Uwaga: zignorowano --preserve_context (-P), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
++
++#: src/install.c:377
++#, c-format
++msgid "Warning: ignoring --context (-Z) because the kernel is not SELinux-enabled.\n"
++msgstr "Uwaga: zignorowano --context (-Z), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
++
++#: src/install.c:382
++#, c-format
++msgid "%s: cannot force target context == '%s' and preserve it\n"
++msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu '%s' i zachowaæ go\n"
++
++#: src/install.c:387
++#, c-format
++msgid "%s: cannot setup default context == '%s'\n"
++msgstr "%s: nie mo¿na ustawiæ domy¶lnego kontekstu '%s'\n"
++
+ #: src/install.c:318
+ #, c-format
+ msgid "the strip option may not be used when installing a directory"
+@@ -4079,6 +4251,14 @@
+ " -T, --no-target-directory traktowanie CELU jak zwyk³ego pliku\n"
+ " -v, --verbose wypisanie nazwy ka¿dego tworzonego katalogu\n"
+
++#: src/install.c:773
++msgid ""
++" -P, --preserve_context (SELinux) Preserve security context\n"
++" -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n"
++msgstr ""
++" -P, --preserve_context (SELinux) zachowanie kontekstu bezpieczeñstwa\n"
++" -Z, --context=KONTEKST (SELinux) ustawienie kontekstu plików i katalogów\n"
++
+ #: src/install.c:692 src/ln.c:365 src/mv.c:318
+ msgid ""
+ "\n"
+@@ -4468,6 +4648,11 @@
+ msgid "no login name"
+ msgstr "brak nazwy u¿ytkownika"
+
++#: src/ls.c:129
++#, c-format
++msgid "Sorry, this option can only be used on a SELinux-enabled kernel.\n"
++msgstr "Niestety tej opcji mo¿na u¿yæ tylko na j±drze z obs³ug± SELinuksa.\n"
++
+ #: src/ls.c:684
+ msgid "%b %e %Y"
+ msgstr "%b %e %Y"
+@@ -4841,6 +5026,34 @@
+ " -X sortowanie alfabetyczne wg rozszerzeñ\n"
+ " -1 listowanie po jednym pliku w linii\n"
+
++#: src/ls.c:4134
++#, c-format
++msgid ""
++"\n"
++"SELinux options:\n"
++"\n"
++" --lcontext Display security context. Enable -l. Lines\n"
++" will probably be too wide for most displays.\n"
++" -Z, --context Display security context so it fits on most\n"
++" displays. Displays only mode, user, group,\n"
++" security context and file name.\n"
++" --scontext Display only security context and file name.\n"
++"\n"
++"\n"
++msgstr ""
++"\n"
++"Opcje dla SELinuksa:\n"
++"\n"
++" --lcontext wy¶wietlanie kontekstu bezpieczeñstwa; w³±cza -l,\n"
++" linie mog± byæ zbyt d³ugie dla wielu terminali\n"
++" --context wy¶wietlanie kontekstu tak, ¿eby zmie¶ci³ siê na\n"
++" wiêkszo¶ci terminali; wy¶wietlane s± tylko\n"
++" uprawnienia, w³a¶ciciel, grupa, kontekst\n"
++" bezpieczeñstwa i nazwa pliku\n"
++" --scontext wy¶wietlanie tylko kontekstu i nazwy pliku\n"
++"\n"
++"\n"
++
+ #: src/ls.c:4360
+ msgid ""
+ "\n"
+@@ -5043,6 +5256,11 @@
+ "Utworzenie KATALOGU/ÓW, je¿eli jeszcze nie istniej±.\n"
+ "\n"
+
++#: src/mkdir.c:74
++#, c-format
++msgid " -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n"
++msgstr " -Z, --context=KONTEKST (SELinux) ustawienie KONTEKSTU bezpieczeñstwa\n"
++
+ #: src/mkdir.c:67
+ msgid ""
+ " -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask\n"
+@@ -5059,6 +5277,11 @@
+ msgid "created directory %s"
+ msgstr "utworzony katalog %s"
+
++#: src/mkdir.c:170 src/mkfifo.c:128 src/mknod.c:139
++#, c-format
++msgid "Sorry, cannot set default context to %s.\n"
++msgstr "Niestety nie mo¿na ustawiæ domy¶lnego kontekstu na %s.\n"
++
+ #: src/mkfifo.c:54
+ #, c-format
+ msgid "Usage: %s [OPTION] NAME...\n"
+@@ -5072,6 +5295,11 @@
+ "Tworzenie nazwanych potoków (pipes, FIFOs) o podanych NAZWACH.\n"
+ "\n"
+
++#: src/mkfifo.c:68 src/mknod.c:69
++#, c-format
++msgid " -Z, --context=CONTEXT set security context (quoted string)\n"
++msgstr " -Z, --context=KONTEKST ustawienie kontekstu bezpieczeñstwa (³añcuch cytowany)\n"
++
+ #: src/mkfifo.c:62 src/mknod.c:64
+ msgid ""
+ " -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n"
+@@ -6808,6 +7036,72 @@
+ " -v, --verbose informacja diagnostyczna o ka¿dym przetworzonym\n"
+ " katalogu\n"
+
++#: src/runcon.c:42
++#, c-format
++msgid ""
++"Usage: %s [OPTION]... command [args]\n"
++"Run a program in a different security context.\n"
++"\n"
++" context Complete security context\n"
++" -t type (for same role as parent)\n"
++" -u user identity\n"
++" -r role\n"
++" -l levelrange\n"
++" --help display this help and exit\n"
++msgstr ""
++"Sk³adnia: %s [OPCJA]... polecenie [argumenty]\n"
++"Uruchomienie programu w innym kontek¶cie bezpieczeñstwa.\n"
++"\n"
++" kontekst pe³ny kontekst bezpieczeñstwa\n"
++" -t typ (dla tej samej roli jako rodzica)\n"
++" -u identyfikator u¿ytkownika\n"
++" -r rola\n"
++" -l zakres poziomów\n"
++" --help wy¶wietlenie tego opisu i zakoñczenie\n"
++
++#: src/runcon.c:90
++#, c-format
++msgid "multiple roles\n"
++msgstr "wiele ról\n"
++
++#: src/runcon.c:97
++#, c-format
++msgid "multiple types\n"
++msgstr "wiele typów\n"
++
++#: src/runcon.c:104
++#, c-format
++msgid "multiple users\n"
++msgstr "wielu u¿ytkowników\n"
++
++#: src/runcon.c:111
++#, c-format
++msgid "multiple levelranges\n"
++msgstr "wiele zakresów poziomów\n"
++
++#: src/runcon.c:117
++#, c-format
++msgid "unrecognised option %c\n"
++msgstr "nierozpoznana opcja %c\n"
++
++#: src/runcon.c:125
++msgid "must specify -t, -u, -l, -r, or context"
++msgstr "trzeba podaæ -t, -u, -l, -r albo kontekst"
++
++#: src/runcon.c:131
++msgid "no command found"
++msgstr "nie znaleziono polecenia"
++
++#: src/runcon.c:137 src/runcon.c:145
++#, c-format
++msgid "%s is not a valid context\n"
++msgstr "%s nie jest poprawnym kontekstem\n"
++
++#: src/runcon.c:163
++#, c-format
++msgid "unable to setup security context %s\n"
++msgstr "nie mo¿na ustawiæ kontekstu bezpieczeñstwa %s\n"
++
+ #: src/seq.c:74
+ #, c-format
+ msgid ""
+@@ -7689,6 +7983,7 @@
+ " --printf=FORMAT like --format, but interpret backslash escapes,\n"
+ " and do not output a mandatory trailing newline.\n"
+ " If you want a newline, include \\n in FORMAT.\n"
++" -Z, --context print the security context\n"
+ " -t, --terse print the information in terse form\n"
+ msgstr ""
+ " -c --format=FORMAT u¿ycie podanego FORMATU zamiast domy¶lnego; po\n"
+@@ -7699,6 +7994,7 @@
+ " uko¶nikiem odwrotnym i bez wypisywania znaku "
+ "nowej\n"
+ " linii. ¯eby go wypisaæ u¿yj \\n w FORMACIE.\n"
++" -Z, --context wypisywanie kontekstu bezpieczeñstwa\n"
+ " -t, --terse wypisywanie informacji w skróconej formie\n"
+
+ #: src/stat.c:849
+@@ -7786,6 +8082,7 @@
+ " %c Total file nodes in file system\n"
+ " %d Free file nodes in file system\n"
+ " %f Free blocks in file system\n"
++" %C Security context in SELinux\n"
+ msgstr ""
+ "Prawid³owe specyfikacje formatu dla systemów plików:\n"
+ "\n"
+@@ -7794,6 +8091,7 @@
+ " %c ca³kowita liczba i-wêz³ów w systemie plików\n"
+ " %d liczba wolnych i-wêz³ów w systemie plików\n"
+ " %f liczba wolnych bloków w systemie plików\n"
++" %C kontekst bezpieczeñstwa w SELinuksie\n"
+
+ #: src/stat.c:896
+ msgid ""
+@@ -7813,6 +8111,10 @@
+ " %t typ szesnastkowo\n"
+ " %T typ w formie czytelnej dla cz³owieka\n"
+
++#: src/stat.c:900
++msgid "Kernel is not SELinux enabled"
++msgstr "J±dro nie ma obs³ugi SELinuksa"
++
+ #: src/stty.c:511
+ #, c-format
+ msgid ""
+diff -Nur coreutils-6.4/src/Makefile.am coreutils-6.4.selinux/src/Makefile.am
+--- coreutils-6.4/src/Makefile.am 2006-10-31 23:38:15.000000000 +0000
++++ coreutils-6.4.selinux/src/Makefile.am 2006-10-31 23:39:34.000000000 +0000
+@@ -20,14 +20,14 @@
+ EXTRA_PROGRAMS = chroot df hostid nice pinky stty su uname uptime users who
+
+ bin_SCRIPTS = groups
+-bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
++bin_PROGRAMS = [ chgrp chown chmod chcon cp dd dircolors du \
ginstall link ln dir vdir ls mkdir \
- mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
+ mkfifo mknod mv nohup readlink rm rmdir shred stat sync touch unlink \
cat cksum comm csplit cut expand fmt fold head join md5sum \
- nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
+ nl od paste pr ptx sha1sum sha224sum sha256sum sha384sum sha512sum \
+ shuf sort split sum tac tail tr tsort unexpand uniq wc \
basename date dirname echo env expr factor false getgid \
- hostname id kill logname pathchk printenv printf pwd seq sleep tee \
+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
test true tty whoami yes \
- @OPTIONAL_BIN_PROGS@ @DF_PROG@
-
-@@ -24,15 +24,15 @@ EXTRA_DIST = dcgen dircolors.hin tac-pip
- groups.sh nohup.sh wheel-gen.pl
- CLEANFILES = $(SCRIPTS) su
-
--INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib
--DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" @DEFS@
-+INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib
-+DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" -DWITH_SELINUX @DEFS@
-
- # Sometimes, the expansion of @LIBINTL@ includes -lc which may
- # include modules defining variables like `optind', so libfetish.a
- # must precede @LIBINTL@ in order to ensure we use GNU getopt.
- # But libfetish.a must also follow @LIBINTL@, since libintl uses
- # replacement functions defined in libfetish.a.
--LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
-+LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a -lselinux -lattr
-
- dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
- ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
---- coreutils-5.0/src/Makefile.in.selinux 2003-05-21 11:20:26.000000000 -0400
-+++ coreutils-5.0/src/Makefile.in 2003-05-21 11:23:03.000000000 -0400
-@@ -56,7 +56,7 @@ CFLAGS = @CFLAGS@
- CPP = @CPP@
- CPPFLAGS = @CPPFLAGS@
- CYGPATH_W = @CYGPATH_W@
--DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" @DEFS@
-+DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" -DWITH_SELINUX @DEFS@
- DEPDIR = @DEPDIR@
- DF_PROG = @DF_PROG@
- ECHO_C = @ECHO_C@
-@@ -159,13 +159,13 @@ EXTRA_PROGRAMS = chroot df hostid nice p
- EXTRA_SCRIPTS = nohup
-
- bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
--bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
-+bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
- ginstall link ln dir vdir ls mkdir \
- mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
- cat cksum comm csplit cut expand fmt fold head join md5sum \
- nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
- basename date dirname echo env expr factor false \
-- hostname id kill logname pathchk printenv printf pwd seq sleep tee \
-+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
- test true tty whoami yes \
- @OPTIONAL_BIN_PROGS@ @DF_PROG@
-
-@@ -189,7 +189,7 @@ INCLUDES = -I.. -I$(srcdir) -I$(top_srcd
- # must precede @LIBINTL@ in order to ensure we use GNU getopt.
- # But libfetish.a must also follow @LIBINTL@, since libintl uses
- # replacement functions defined in libfetish.a.
--LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
-+LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a -lselinux -lattr
-
- dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap
- ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap
-@@ -291,7 +291,7 @@ CONFIG_CLEAN_FILES =
- EXTRA_PROGRAMS = chroot$(EXEEXT) df$(EXEEXT) hostid$(EXEEXT) \
- nice$(EXEEXT) pinky$(EXEEXT) stty$(EXEEXT) su$(EXEEXT) \
- uname$(EXEEXT) uptime$(EXEEXT) users$(EXEEXT) who$(EXEEXT)
--bin_PROGRAMS = chgrp$(EXEEXT) chown$(EXEEXT) chmod$(EXEEXT) cp$(EXEEXT) \
-+bin_PROGRAMS = chgrp$(EXEEXT) chown$(EXEEXT) chmod$(EXEEXT) chcon$(EXEEXT) cp$(EXEEXT) \
- dd$(EXEEXT) dircolors$(EXEEXT) du$(EXEEXT) ginstall$(EXEEXT) \
- link$(EXEEXT) ln$(EXEEXT) dir$(EXEEXT) vdir$(EXEEXT) \
- ls$(EXEEXT) mkdir$(EXEEXT) mkfifo$(EXEEXT) mknod$(EXEEXT) \
-@@ -307,7 +307,7 @@ bin_PROGRAMS = chgrp$(EXEEXT) chown$(EXE
- date$(EXEEXT) dirname$(EXEEXT) echo$(EXEEXT) env$(EXEEXT) \
- expr$(EXEEXT) factor$(EXEEXT) false$(EXEEXT) hostname$(EXEEXT) \
- id$(EXEEXT) kill$(EXEEXT) logname$(EXEEXT) pathchk$(EXEEXT) \
-- printenv$(EXEEXT) printf$(EXEEXT) pwd$(EXEEXT) seq$(EXEEXT) \
-+ printenv$(EXEEXT) printf$(EXEEXT) pwd$(EXEEXT) runcon$(EXEEXT) seq$(EXEEXT) \
- sleep$(EXEEXT) tee$(EXEEXT) test$(EXEEXT) true$(EXEEXT) \
- tty$(EXEEXT) whoami$(EXEEXT) yes$(EXEEXT) @OPTIONAL_BIN_PROGS@ \
- @DF_PROG@
-@@ -338,6 +338,11 @@ chown_OBJECTS = $(am_chown_OBJECTS)
- chown_LDADD = $(LDADD)
- chown_DEPENDENCIES = ../lib/libfetish.a ../lib/libfetish.a
- chown_LDFLAGS =
-+chcon_SOURCES = chcon.c
-+chcon_OBJECTS = chcon.$(OBJEXT)
-+chcon_LDADD = $(LDADD)
-+chcon_DEPENDENCIES = ../lib/libfetish.a
-+chcon_LDFLAGS =
- chroot_SOURCES = chroot.c
- chroot_OBJECTS = chroot.$(OBJEXT)
- chroot_LDADD = $(LDADD)
-@@ -589,6 +594,11 @@ rmdir_OBJECTS = rmdir.$(OBJEXT)
- rmdir_LDADD = $(LDADD)
- rmdir_DEPENDENCIES = ../lib/libfetish.a ../lib/libfetish.a
- rmdir_LDFLAGS =
-+runcon_SOURCES = runcon.c
-+runcon_OBJECTS = runcon$U.$(OBJEXT)
-+runcon_LDADD = $(LDADD)
-+runcon_DEPENDENCIES = ../lib/libfetish.a
-+runcon_LDFLAGS =
- seq_SOURCES = seq.c
- seq_OBJECTS = seq.$(OBJEXT)
- seq_DEPENDENCIES = ../lib/libfetish.a ../lib/libfetish.a
-@@ -793,7 +803,7 @@ COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUD
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
- CCLD = $(CC)
- LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
--DIST_SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c \
-+DIST_SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c chcon.c \
- $(chown_SOURCES) chroot.c cksum.c comm.c $(cp_SOURCES) csplit.c \
- cut.c date.c dd.c df.c $(dir_SOURCES) dircolors.c dirname.c \
- du.c echo.c env.c expand.c expr.c factor.c false.c fmt.c fold.c \
-@@ -801,7 +811,7 @@ DIST_SOURCES = basename.c cat.c $(chgrp_
- kill.c link.c ln.c logname.c $(ls_SOURCES) $(md5sum_SOURCES) \
- mkdir.c mkfifo.c mknod.c $(mv_SOURCES) nice.c nl.c od.c paste.c \
- pathchk.c pinky.c pr.c printenv.c printf.c ptx.c pwd.c \
-- readlink.c $(rm_SOURCES) rmdir.c seq.c $(sha1sum_SOURCES) \
-+ readlink.c $(rm_SOURCES) rmdir.c runcon.c seq.c $(sha1sum_SOURCES) \
- shred.c sleep.c sort.c split.c stat.c stty.c su.c sum.c sync.c \
- tac.c tail.c tee.c test.c touch.c tr.c true.c tsort.c tty.c \
- uname.c unexpand.c uniq.c unlink.c uptime.c users.c \
-@@ -809,7 +819,7 @@ DIST_SOURCES = basename.c cat.c $(chgrp_
- HEADERS = $(noinst_HEADERS)
-
- DIST_COMMON = $(noinst_HEADERS) Makefile.am Makefile.in
--SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c $(chown_SOURCES) chroot.c cksum.c comm.c $(cp_SOURCES) csplit.c cut.c date.c dd.c df.c $(dir_SOURCES) dircolors.c dirname.c du.c echo.c env.c expand.c expr.c factor.c false.c fmt.c fold.c $(ginstall_SOURCES) head.c hostid.c hostname.c id.c join.c kill.c link.c ln.c logname.c $(ls_SOURCES) $(md5sum_SOURCES) mkdir.c mkfifo.c mknod.c $(mv_SOURCES) nice.c nl.c od.c paste.c pathchk.c pinky.c pr.c printenv.c printf.c ptx.c pwd.c readlink.c $(rm_SOURCES) rmdir.c seq.c $(sha1sum_SOURCES) shred.c sleep.c sort.c split.c stat.c stty.c su.c sum.c sync.c tac.c tail.c tee.c test.c touch.c tr.c true.c tsort.c tty.c uname.c unexpand.c uniq.c unlink.c uptime.c users.c $(vdir_SOURCES) wc.c who.c whoami.c yes.c
-+SOURCES = basename.c cat.c $(chgrp_SOURCES) chmod.c chcon.c $(chown_SOURCES) chroot.c cksum.c comm.c $(cp_SOURCES) csplit.c cut.c date.c dd.c df.c $(dir_SOURCES) dircolors.c dirname.c du.c echo.c env.c expand.c expr.c factor.c false.c fmt.c fold.c $(ginstall_SOURCES) head.c hostid.c hostname.c id.c join.c kill.c link.c ln.c logname.c $(ls_SOURCES) $(md5sum_SOURCES) mkdir.c mkfifo.c mknod.c $(mv_SOURCES) nice.c nl.c od.c paste.c pathchk.c pinky.c pr.c printenv.c printf.c ptx.c pwd.c readlink.c $(rm_SOURCES) rmdir.c runcon.c seq.c $(sha1sum_SOURCES) shred.c sleep.c sort.c split.c stat.c stty.c su.c sum.c sync.c tac.c tail.c tee.c test.c touch.c tr.c true.c tsort.c tty.c uname.c unexpand.c uniq.c unlink.c uptime.c users.c $(vdir_SOURCES) wc.c who.c whoami.c yes.c
-
- all: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) all-am
-@@ -872,6 +882,9 @@ chgrp$(EXEEXT): $(chgrp_OBJECTS) $(chgrp
- chmod$(EXEEXT): $(chmod_OBJECTS) $(chmod_DEPENDENCIES)
- @rm -f chmod$(EXEEXT)
- $(LINK) $(chmod_LDFLAGS) $(chmod_OBJECTS) $(chmod_LDADD) $(LIBS)
-+chcon$(EXEEXT): $(chcon_OBJECTS) $(chcon_DEPENDENCIES)
-+ @rm -f chcon$(EXEEXT)
-+ $(LINK) $(chcon_LDFLAGS) $(chcon_OBJECTS) $(chcon_LDADD) $(LIBS)
- chown$(EXEEXT): $(chown_OBJECTS) $(chown_DEPENDENCIES)
- @rm -f chown$(EXEEXT)
- $(LINK) $(chown_LDFLAGS) $(chown_OBJECTS) $(chown_LDADD) $(LIBS)
-@@ -1028,6 +1041,9 @@ rm$(EXEEXT): $(rm_OBJECTS) $(rm_DEPENDEN
- rmdir$(EXEEXT): $(rmdir_OBJECTS) $(rmdir_DEPENDENCIES)
- @rm -f rmdir$(EXEEXT)
- $(LINK) $(rmdir_LDFLAGS) $(rmdir_OBJECTS) $(rmdir_LDADD) $(LIBS)
-+runcon$(EXEEXT): $(runcon_OBJECTS) $(runcon_DEPENDENCIES)
-+ @rm -f runcon$(EXEEXT)
-+ $(LINK) $(runcon_LDFLAGS) $(runcon_OBJECTS) $(runcon_LDADD) $(LIBS)
- seq$(EXEEXT): $(seq_OBJECTS) $(seq_DEPENDENCIES)
- @rm -f seq$(EXEEXT)
- $(LINK) $(seq_LDFLAGS) $(seq_OBJECTS) $(seq_LDADD) $(LIBS)
---- /dev/null 2003-01-30 05:24:37.000000000 -0500
-+++ coreutils-5.0/src/chcon.c 2003-05-21 11:20:28.000000000 -0400
-@@ -0,0 +1,324 @@
+ base64 \
+ $(OPTIONAL_BIN_PROGS) $(DF_PROG)
+@@ -112,6 +112,20 @@
+ mv_LDADD += $(LIB_ACL)
+ ginstall_LDADD += $(LIB_ACL)
+
++dir_LDADD += @LIB_SELINUX@
++ls_LDADD += @LIB_SELINUX@
++vdir_LDADD += @LIB_SELINUX@
++cp_LDADD += @LIB_SELINUX@
++ginstall_LDADD += @LIB_SELINUX@
++mv_LDADD += @LIB_SELINUX@
++chcon_LDADD = $(LDADD) @LIB_SELINUX@
++id_LDADD = $(LDADD) @LIB_SELINUX@
++mkdir_LDADD = $(LDADD) @LIB_SELINUX@
++mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
++mknod_LDADD = $(LDADD) @LIB_SELINUX@
++stat_LDADD = $(LDADD) @LIB_SELINUX@
++runcon_LDADD = $(LDADD) @LIB_SELINUX@
++
+ $(PROGRAMS): ../lib/libcoreutils.a
+
+ SUFFIXES = .sh
+diff -Nur coreutils-6.4/src/chcon.c coreutils-6.4.selinux/src/chcon.c
+--- coreutils-6.4/src/chcon.c 1970-01-01 00:00:00.000000000 +0000
++++ coreutils-6.4.selinux/src/chcon.c 2006-10-31 23:39:34.000000000 +0000
+@@ -0,0 +1,423 @@
+/* chcontext -- change security context of a pathname */
+
+#include <config.h>
+#include <grp.h>
+#include <getopt.h>
+#include <selinux/selinux.h>
++#include <selinux/context.h>
+
+#include "system.h"
+#include "error.h"
+ V_off
+};
+
-+static int change_dir_context PARAMS ((const char *dir, security_context_t context,
-+ const struct stat *statp));
++static int change_dir_context (const char *dir, const struct stat *statp);
+
+/* The name the program was run with. */
+char *program_name;
+static enum Verbosity verbosity = V_off;
+
+/* The name of the context file is being given. */
-+static const char *contextname;
++static const char *specified_context;
++
++/* Specific components of the context */
++static const char *specified_user;
++static const char *specified_role;
++static const char *specified_range;
++static const char *specified_type;
+
+/* The argument to the --reference option. Use the context of this file.
+ This file must exist. */
+ {"quiet", no_argument, 0, 'f'},
+ {"reference", required_argument, 0, CHAR_MAX + 1},
+ {"context", required_argument, 0, CHAR_MAX + 2},
++ {"user", required_argument, 0, 'u'},
++ {"role", required_argument, 0, 'r'},
++ {"type", required_argument, 0, 't'},
++ {"range", required_argument, 0, 'l'},
+ {"verbose", no_argument, 0, 'v'},
+ {"help", no_argument, &show_help, 1},
+ {"version", no_argument, &show_version, 1},
+ CHANGED describes what (if anything) has happened. */
+
+static void
-+describe_change (const char *file, enum Change_status changed)
++describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
+{
+ const char *fmt;
+ switch (changed)
+ default:
+ abort ();
+ }
-+ printf (fmt, file, contextname);
++ printf (fmt, file, newcontext);
+}
+
-+/* Change the context of FILE to CONTEXT.
++static int
++compute_context_from_mask (security_context_t context, context_t *ret)
++{
++ context_t newcontext = context_new (context);
++ if (!newcontext)
++ return 1;
++#define SETCOMPONENT(comp) \
++ do { \
++ if (specified_ ## comp) \
++ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
++ goto lose; \
++ } while (0)
++
++ SETCOMPONENT(user);
++ SETCOMPONENT(range);
++ SETCOMPONENT(role);
++ SETCOMPONENT(type);
++#undef SETCOMPONENT
++
++ *ret = newcontext;
++ return 0;
++ lose:
++ context_free (newcontext);
++ return 1;
++}
++
++/* Change the context of FILE, using specified components.
+ If it is a directory and -R is given, recurse.
+ Return 0 if successful, 1 if errors occurred. */
+
+static int
-+change_file_context (const char *file, security_context_t context)
++change_file_context (const char *file)
+{
+ struct stat file_stats;
+ security_context_t file_context=NULL;
++ context_t context;
++ security_context_t context_string;
+ int errors = 0;
++ int status = 0;
++
++ if (change_symlinks)
++ status = lgetfilecon(file, &file_context);
++ else
++ status = getfilecon(file, &file_context);
+
-+ if (lgetfilecon(file, &file_context)<0)
++ if ((status < 0) && (errno != ENODATA))
+ {
+ if (force_silent == 0)
+ error (0, errno, "%s", file);
+ return 1;
+ }
+
-+ if (strcmp(context,file_context)!=0)
++ /* If the file doesn't have a context, and we're not setting all of
++ the context components, there isn't really an obvious default.
++ Thus, we just give up. */
++ if (file_context == NULL && specified_context == NULL)
++ {
++ error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
++ return 1;
++ }
++
++ if (specified_context == NULL)
++ {
++ if (compute_context_from_mask (file_context, &context))
++ {
++ error (0, 0, _("couldn't compute security context from %s"), file_context);
++ return 1;
++ }
++ }
++ else
++ {
++ context = context_new (specified_context);
++ if (!context)
++ error (1, 0,_("invalid context: %s"),specified_context);
++ }
++
++ context_string = context_str (context);
++
++ if (file_context == NULL || strcmp(context_string,file_context)!=0)
+ {
+ int fail;
+
+ if (change_symlinks)
-+ fail = lsetfilecon (file, context);
++ fail = lsetfilecon (file, context_string);
+ else
-+ fail = setfilecon (file, context);
++ fail = setfilecon (file, context_string);
+
+ if (verbosity == V_high || (verbosity == V_changes_only && !fail))
-+ describe_change (file, (fail ? CH_FAILED : CH_SUCCEEDED));
++ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
+
+ if (fail)
+ {
+ errors = 1;
+ if (force_silent == 0)
+ {
-+ error (0, errno, "%s", file);
++ error (0, errno, _("failed to change context of %s to %s"), file, context_string);
+ }
+ }
+ }
+ else if (verbosity == V_high)
+ {
-+ describe_change (file, CH_NO_CHANGE_REQUESTED);
++ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
+ }
+
++ context_free(context);
+ freecon(file_context);
+
+ if (recurse) {
+ if (lstat(file, &file_stats)==0)
-+ if (S_ISDIR (file_stats.st_mode))
-+ errors |= change_dir_context (file, context, &file_stats);
++ if (S_ISDIR (file_stats.st_mode) &&
++ (strcmp(file,"..") !=0) &&
++ (strcmp(file,".") !=0))
++ errors |= change_dir_context (file, &file_stats);
+ }
+ return errors;
+}
+
+/* Recursively change context of the files in directory DIR
-+ to CONTEXT CONTEXT.
++ using specified context components.
+ STATP points to the results of lstat on DIR.
+ Return 0 if successful, 1 if errors occurred. */
+
+static int
-+change_dir_context (const char *dir, security_context_t context, const struct stat *statp)
++change_dir_context (const char *dir, const struct stat *statp)
+{
+ char *name_space, *namep;
+ char *path; /* Full path of each entry to process. */
+ path = xrealloc (path, pathlength);
+ }
+ strcpy (path + dirlength, namep);
-+ errors |= change_file_context (path, context);
++ errors |= change_file_context (path);
+ }
+ free (path);
+ free (name_space);
+ {
+ printf (_("\
+Usage: %s [OPTION]... CONTEXT FILE...\n\
++ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
+ or: %s [OPTION]... --reference=RFILE FILE...\n\
-+ or: %s [OPTION]... --context=CONTEXT FILE...\n\
+"),
+ program_name, program_name, program_name);
+ printf (_("\
+ (available only on systems with lchown system call)\n\
+ -f, --silent, --quiet suppress most error messages\n\
+ --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
-+ --context=CONTEXT use context corresponding to CONTEXT for CONTEXT value\n\
++ -u, --user=USER set user USER in the target security context\n\
++ -r, --role=ROLE set role ROLE in the target security context\n\
++ -t, --type=TYPE set type TYPE in the target security context\n\
++ -l, --range=RANGE set range RANGE in the target security context\n\
+ -R, --recursive change files and directories recursively\n\
+ -v, --verbose output a diagnostic for every file processed\n\
+ --help display this help and exit\n\
+int
+main (int argc, char **argv)
+{
-+ security_context_t context = NULL;
+ security_context_t ref_context = NULL;
+ int errors = 0;
+ int optc;
++ int component_specified = 0;
+
+ program_name = argv[0];
+ setlocale (LC_ALL, "");
+
+ recurse = force_silent = 0;
+
-+ while ((optc = getopt_long (argc, argv, "Rcfhv", long_options, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
+ {
+ switch (optc)
+ {
+ case 0:
-+ break;
++ break;
++ case 'u':
++ specified_user = optarg;
++ component_specified = 1;
++ break;
++ case 'r':
++ specified_role = optarg;
++ component_specified = 1;
++ break;
++ case 't':
++ specified_type = optarg;
++ component_specified = 1;
++ break;
++ case 'l':
++ specified_range = optarg;
++ component_specified = 1;
++ break;
+ case CHAR_MAX + 1:
+ reference_file = optarg;
+ break;
-+ case CHAR_MAX +2:
-+ context = optarg;
-+ break;
+ case 'R':
+ recurse = 1;
+ break;
+ if (show_help)
+ usage (0);
+
-+ if (argc - optind + ( (reference_file || ( context > 0 ) ) ? 1 : 0) <= 1)
-+ {
-+ error (0, 0, _("too few arguments"));
-+ usage (1);
-+ }
++
++ if (reference_file && component_specified)
++ {
++ error (0, 0, _("conflicting security context specifiers given"));
++ usage (1);
++ }
++
++ if (!(((reference_file || component_specified)
++ && (argc - optind > 0))
++ || (argc - optind > 1)))
++ {
++ error (0, 0, _("too few arguments"));
++ usage (1);
++ }
+
+ if (reference_file)
+ {
+ if (getfilecon (reference_file, &ref_context)<0)
+ error (1, errno, "%s", reference_file);
-+
-+ context = ref_context;
++
++ specified_context = ref_context;
+ }
-+
-+ context = argv[optind++];
++ else if (!component_specified) {
++ specified_context = argv[optind++];
++ }
+ for (; optind < argc; ++optind)
-+ errors |= change_file_context (argv[optind], context);
++ errors |= change_file_context (argv[optind]);
+
+ if (verbosity != V_off)
+ close_stdout ();
+ freecon(ref_context);
+ exit (errors);
+}
---- coreutils-5.0/src/copy.c.selinux 2003-05-21 11:20:27.000000000 -0400
-+++ coreutils-5.0/src/copy.c 2003-05-21 11:20:28.000000000 -0400
-@@ -46,6 +46,10 @@
- #include "same.h"
+diff -Nur coreutils-6.4/src/copy.c coreutils-6.4.selinux/src/copy.c
+--- coreutils-6.4/src/copy.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/copy.c 2006-10-31 23:39:34.000000000 +0000
+@@ -53,6 +53,11 @@
#include "xreadlink.h"
+ #include "yesno.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++extern int selinux_enabled;
+#endif
+
- #define DO_CHOWN(Chown, File, New_uid, New_gid) \
- (Chown (File, New_uid, New_gid) \
- /* If non-root uses -p, it's ok if we can't preserve ownership. \
-@@ -1463,6 +1467,24 @@ copy_internal (const char *src_path, con
- preserving owner/group is a potential security problem. */
- # endif
- }
+ #ifndef HAVE_FCHOWN
+ # define HAVE_FCHOWN false
+ # define fchown(fd, uid, gid) (-1)
+@@ -1473,6 +1478,34 @@
+ In such cases, set this variable to zero. */
+ preserve_metadata = true;
+
+#ifdef WITH_SELINUX
-+ /* Trying to preserve a security context can fail for any UID, and user
-+ * should probably always know about it.
-+ */
-+ if ( x->preserve_security_context ) {
-+ security_context_t lcontext;
-+ if ( lgetfilecon(src_path, &lcontext) < 0 ) {
-+ error (0, errno, _("getting security context for %s"), src_path);
-+ return 1;
-+ }
-+ if ( lsetfilecon(dst_path, lcontext) < 0 ) {
-+ error (0, errno, _("preserving security context for %s (context==%s)"), dst_path, lcontext);
-+ freecon(lcontext);
-+ return 1;
-+ }
-+ freecon(lcontext);
++ if (x->preserve_security_context && selinux_enabled)
++ {
++ security_context_t con;
++
++ if (lgetfilecon (src_name, &con) >= 0)
++ {
++ if (setfscreatecon(con) < 0)
++ {
++ error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
++ if (x->require_preserve) {
++ freecon(con);
++ return 1;
++ }
++ }
++ freecon(con);
++ }
++ else {
++ if ( errno == ENOTSUP ) {
++ error (0, errno, _("warning: security context not preserved %s"), quote (src_name));
++ } else {
++ error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
++ return 1;
++ }
+ }
++ }
+#endif
- }
- else
- #endif
-@@ -1551,6 +1573,27 @@ copy_internal (const char *src_path, con
- }
- #endif
++
+ if (S_ISDIR (src_mode))
+ {
+ struct dir_list *dir;
+@@ -1544,6 +1577,10 @@
+ {
+ /* Here, we are crossing a file system boundary and cp's -x option
+ is in effect: so don't copy the contents of this directory. */
++#ifdef WITH_SELINUX
++ if (x->preserve_security_context && selinux_enabled)
++ setfscreatecon(NULL);
++#endif
+ }
+ else
+ {
+@@ -1689,6 +1728,11 @@
+ }
+ }
+#ifdef WITH_SELINUX
-+ /* Trying to preserve a security context can fail for any UID, and user
-+ * should probably always know about it.
-+ */
-+
-+ if ( x->preserve_security_context ) {
-+ security_context_t lcontext;
-+ if ( getfilecon(src_path, &lcontext) < 0 ) {
-+ error (0, errno, _("getting security context for %s"), src_path);
-+ return 1;
-+ }
-+ if ( setfilecon(dst_path, lcontext) < 0 ) {
-+ error (0, errno, _("preserving security context for %s (context==%s)"), dst_path, lcontext);
-+ freecon(lcontext);
-+ return 1;
-+ }
-+ freecon(lcontext);
-+ }
-+
-+#endif
-+
- if (x->preserve_mode || x->move_mode)
- {
- if (copy_acl (src_path, dst_path, src_mode) && x->require_preserve)
---- coreutils-5.0/src/copy.h.selinux 2003-05-21 11:20:27.000000000 -0400
-+++ coreutils-5.0/src/copy.h 2003-05-21 11:20:28.000000000 -0400
-@@ -105,6 +105,9 @@ struct cp_options
- int preserve_ownership;
- int preserve_mode;
- int preserve_timestamps;
++ if (x->preserve_security_context && selinux_enabled)
++ setfscreatecon(NULL);
++#endif
++
+ /* There's no need to preserve timestamps or permissions. */
+ preserve_metadata = false;
+
+@@ -1789,6 +1833,11 @@
+
+ un_backup:
+
+#ifdef WITH_SELINUX
-+ int preserve_security_context;
++ if (x->preserve_security_context && selinux_enabled)
++ setfscreatecon(NULL);
+#endif
++
+ /* We have failed to create the destination file.
+ If we've just added a dev/ino entry via the remember_copied
+ call above (i.e., unless we've just failed to create a hard link),
+diff -Nur coreutils-6.4/src/copy.h coreutils-6.4.selinux/src/copy.h
+--- coreutils-6.4/src/copy.h 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/copy.h 2006-10-31 23:39:34.000000000 +0000
+@@ -128,6 +128,9 @@
+ bool preserve_mode;
+ bool preserve_timestamps;
++#ifdef WITH_SELINUX
++ bool preserve_security_context;
++#endif
/* Enabled for mv, and for cp by the --preserve=links option.
- If nonzero, attempt to preserve in the destination files any
---- coreutils-5.0/src/cp.c.selinux 2003-05-21 11:20:27.000000000 -0400
-+++ coreutils-5.0/src/cp.c 2003-05-21 11:31:26.000000000 -0400
-@@ -52,6 +52,10 @@
+ If true, attempt to preserve in the destination files any
+ logical hard links between the source files. If used with cp's
+diff -Nur coreutils-6.4/src/cp.c coreutils-6.4.selinux/src/cp.c
+--- coreutils-6.4/src/cp.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/cp.c 2006-10-31 23:39:34.000000000 +0000
+@@ -51,6 +51,11 @@
- #define AUTHORS N_ ("Torbjorn Granlund, David MacKenzie, and Jim Meyering")
+ #define AUTHORS "Torbjorn Granlund", "David MacKenzie", "Jim Meyering"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++int selinux_enabled=0;
+#endif
+
- #ifndef _POSIX_VERSION
- uid_t geteuid ();
- #endif
-@@ -149,6 +153,9 @@ static struct option const long_opts[] =
+ /* Used by do_copy, make_dir_parents_private, and re_protect
+ to keep a list of leading directories whose protections
+ need to be fixed after copying. */
+@@ -141,6 +146,9 @@
+ {"target-directory", required_argument, NULL, 't'},
{"update", no_argument, NULL, 'u'},
{"verbose", no_argument, NULL, 'v'},
- {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'X'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{GETOPT_HELP_OPTION_DECL},
{GETOPT_VERSION_OPTION_DECL},
{NULL, 0, NULL, 0}
-@@ -198,6 +205,9 @@ Mandatory arguments to long options are
+@@ -194,6 +202,9 @@
additional attributes: links, all\n\
"), stdout);
fputs (_("\
+"), stdout);
+ fputs (_("\
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\
- --parents append source path to DIRECTORY\n\
- -P same as `--no-dereference'\n\
-@@ -225,6 +235,7 @@ Mandatory arguments to long options are
+ --parents use full source file name under DIRECTORY\n\
+ "), stdout);
+@@ -219,6 +230,7 @@
destination file is missing\n\
-v, --verbose explain what is being done\n\
-x, --one-file-system stay on this file system\n\
-+ -X, --context=CONTEXT set security context of copy to CONTEXT\n\
++ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
"), stdout);
fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout);
-@@ -358,6 +369,28 @@ re_protect (const char *const_dst_path,
- }
- }
-
-+#ifdef WITH_SELINUX
-+ /* Trying to preserve a security context can fail for any UID, and user
-+ * should probably always know about it.
-+ */
-+
-+ if ( x->preserve_security_context ) {
-+ int rv;
-+ security_context_t context;
-+
-+ if ( (rv = getfilecon(src_path, &context)) < 0 ) {
-+ error (0, errno, _("getting security context for %s"), src_path);
-+ return 1;
-+ }
-+
-+ if ( (rv = setfilecon(dst_path, context)) < 0 ) {
-+ error (0, errno, _("preserving security context for %s (context==%s)"), dst_path, context);
-+ return 1;
-+ }
-+ freecon(context);
-+ }
-+#endif
-+
- dst_path[p->slash_offset] = '/';
- }
- return 0;
-@@ -756,8 +789,8 @@ do_copy (int n_files, char **file, const
- {
- new_dest = (char *) dest;
- }
--
-- return copy (source, new_dest, new_dst, x, &unused, NULL);
-+ ret=copy (source, new_dest, new_dst, x, &unused, NULL);
-+ return ret;
- }
-
- /* unreachable */
-@@ -781,6 +814,10 @@ cp_option_init (struct cp_options *x)
- x->preserve_mode = 0;
- x->preserve_timestamps = 0;
+@@ -729,6 +741,10 @@
+ x->preserve_mode = false;
+ x->preserve_timestamps = false;
+#ifdef WITH_SELINUX
-+ x->preserve_security_context = 0;
++ x->preserve_security_context = false;
+#endif
+
- x->require_preserve = 0;
- x->recursive = 0;
+ x->require_preserve = false;
+ x->recursive = false;
x->sparse_mode = SPARSE_AUTO;
-@@ -808,19 +845,20 @@ decode_preserve_arg (char const *arg, st
+@@ -756,18 +772,19 @@
PRESERVE_TIMESTAMPS,
PRESERVE_OWNERSHIP,
PRESERVE_LINK,
- PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
+ PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
};
-
/* Valid arguments to the `--preserve' option. */
static char const* const preserve_args[] =
{
"mode", "timestamps",
-- "ownership", "links", "all", 0
-+ "ownership", "links", "context", "all", 0
+- "ownership", "links", "all", NULL
++ "ownership", "links", "context", "all", NULL
};
+ ARGMATCH_VERIFY (preserve_args, preserve_vals);
- char *arg_writable = xstrdup (arg);
-@@ -855,11 +893,16 @@ decode_preserve_arg (char const *arg, st
+@@ -803,11 +820,16 @@
x->preserve_links = on_off;
break;
break;
default:
-@@ -882,6 +925,10 @@ main (int argc, char **argv)
- struct cp_options x;
- int copy_contents = 0;
+@@ -832,6 +854,10 @@
+ bool copy_contents = false;
char *target_directory = NULL;
+ bool no_target_directory = false;
+#ifdef WITH_SELINUX
+ security_context_t scontext = NULL;
-+ int is_selinux_enabled_flag= is_selinux_enabled();
++ selinux_enabled= (is_selinux_enabled()>0);
+#endif
+ initialize_main (&argc, &argv);
program_name = argv[0];
- setlocale (LC_ALL, "");
-@@ -896,7 +943,11 @@ main (int argc, char **argv)
+@@ -847,7 +873,13 @@
we'll actually use backup_suffix_string. */
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
+- while ((c = getopt_long (argc, argv, "abdfHilLprst:uvxPRS:T",
++
++ while ((c = getopt_long (argc, argv,
+#ifdef WITH_SELINUX
-+ while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:X:Z:", long_opts, NULL))
++ "abcdfHilLprst:uvxPRS:TZ:",
+#else
- while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL))
++ "abdfHilLprst:uvxPRS:T",
+#endif
+ long_opts, NULL))
!= -1)
{
- switch (c)
-@@ -988,6 +1039,36 @@ main (int argc, char **argv)
- x.preserve_timestamps = 1;
- x.require_preserve = 1;
+@@ -938,6 +970,35 @@
+ case 'R':
+ x.recursive = true;
break;
+#ifdef WITH_SELINUX
+ case 'c':
+ if ( scontext != NULL ) {
-+ (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext);
++ (void) fprintf(stderr, _("%s: cannot force target context <-- %s and preserve it\n"), argv[0], scontext);
+ exit( 1 );
+ }
-+ else if (is_selinux_enabled_flag)
-+ x.preserve_security_context = 1;
++ else if (selinux_enabled)
++ x.preserve_security_context = true;
+ break;
+
-+ case 'X':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
-+ fprintf( stderr, "Warning: ignoring --context (-X). "
-+ "It requires a SELinux enabled kernel.\n" );
++ if( !selinux_enabled ) {
++ fprintf( stderr, _("Warning: ignoring --context (-Z). It requires a SELinux enabled kernel.\n") );
+ break;
+ }
+ if ( x.preserve_security_context ) {
-+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
++ (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], optarg);
+ exit( 1 );
+ }
+ scontext = optarg;
+ break;
+#endif
- case PARENTS_OPTION:
- flag_path = 1;
---- coreutils-5.0/src/id.c.selinux 2003-03-27 17:39:46.000000000 -0500
-+++ coreutils-5.0/src/id.c 2003-05-21 11:20:28.000000000 -0400
-@@ -46,6 +46,20 @@ gid_t getegid ();
+ case REPLY_OPTION: /* Deprecated */
+ x.interactive = XARGMATCH ("--reply", optarg,
+diff -Nur coreutils-6.4/src/id.c coreutils-6.4.selinux/src/id.c
+--- coreutils-6.4/src/id.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/id.c 2006-10-31 23:39:34.000000000 +0000
+@@ -37,6 +37,20 @@
int getugroups ();
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
-+static void print_context PARAMS ((char* context));
++static void print_context (char* context);
+/* Print the SELinux context */
+static void
+print_context(char *context)
+ printf ("%s", context);
+}
+
-+/* If nonzero, output only the SELinux context. -c */
++/* If nonzero, output only the SELinux context. -Z */
+static int just_context = 0;
+
+#endif
static void print_user (uid_t uid);
static void print_group (gid_t gid);
static void print_group_list (const char *username);
-@@ -64,8 +78,14 @@ static gid_t rgid, egid;
- /* The number of errors encountered so far. */
- static int problems = 0;
+@@ -55,8 +69,14 @@
+ /* True unless errors have been encountered. */
+ static bool ok = true;
+/* The SELinux context */
+/* Set `context' to a known invalid value so print_full_info() will *
+
static struct option const longopts[] =
{
-+ {"context", no_argument, NULL, 'c'},
++ {"context", no_argument, NULL, 'Z'},
{"group", no_argument, NULL, 'g'},
{"groups", no_argument, NULL, 'G'},
{"name", no_argument, NULL, 'n'},
-@@ -89,6 +109,7 @@ usage (int status)
+@@ -80,6 +100,7 @@
Print information for USERNAME, or the current user.\n\
\n\
-a ignore, for compatibility with other versions\n\
-+ -c, --context print only the context\n\
++ -Z, --context print only the context\n\
-g, --group print only the effective group ID\n\
-G, --groups print all group IDs\n\
-n, --name print a name instead of a number, for -ugG\n\
-@@ -110,6 +131,7 @@ int
+@@ -101,6 +122,7 @@
main (int argc, char **argv)
{
int optc;
-+ int is_selinux_enabled_flag=is_selinux_enabled();
++ int selinux_enabled=(is_selinux_enabled()>0);
- /* If nonzero, output the list of all group IDs. -G */
- int just_group_list = 0;
-@@ -127,7 +149,7 @@ main (int argc, char **argv)
+ /* If true, output the list of all group IDs. -G */
+ bool just_group_list = false;
+@@ -119,13 +141,23 @@
atexit (close_stdout);
- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
-+ while ((optc = getopt_long (argc, argv, "acgnrsuG", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
{
switch (optc)
{
-@@ -136,6 +158,17 @@ main (int argc, char **argv)
case 'a':
/* Ignore -a, for compatibility with SVR4. */
break;
+#ifdef WITH_SELINUX
-+ case 'c':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
-+ "a selinux-enabled kernel.\n" );
++ if( !selinux_enabled ) {
++ fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
+ exit( 1 );
+ }
+ just_context = 1;
+ break;
+#endif
case 'g':
- just_group = 1;
+ just_group = true;
break;
-@@ -158,8 +191,28 @@ main (int argc, char **argv)
+@@ -148,8 +180,28 @@
}
}
- error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
+#ifdef WITH_SELINUX
+ if (argc - optind == 1)
-+ is_selinux_enabled_flag = 0;
++ selinux_enabled = 0;
+
-+ if( just_context && !is_selinux_enabled_flag)
++ if( just_context && !selinux_enabled)
+ error (1, 0, _("\
-+cannot display context when selinux not enabled or when displaying the id\n\
++cannot display context when SELinux not enabled or when displaying the id\n\
+of a different user"));
+
+ /* If we are on a selinux-enabled kernel, get our context. *
+ * Otherwise, leave the context variable alone - it has *
+ * been initialized known invalid value; if we see this invalid *
+ * value later, we will know we are on a non-selinux kernel. */
-+ if( is_selinux_enabled_flag )
++ if( selinux_enabled )
+ {
+ if (getcon(&context))
-+ error (1, 0, "can't get process context");
++ error (1, 0, _("can't get process context"));
+ }
+#endif
+
+ if (just_user + just_group + just_group_list + just_context > 1)
+ error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
- if (just_user + just_group + just_group_list == 0 && (use_real || use_name))
+ if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
error (EXIT_FAILURE, 0,
-@@ -190,6 +243,10 @@ main (int argc, char **argv)
+@@ -183,6 +235,10 @@
print_group (use_real ? rgid : egid);
else if (just_group_list)
print_group_list (argv[optind]);
else
print_full_info (argv[optind]);
putchar ('\n');
-@@ -397,4 +454,9 @@ print_full_info (const char *username)
+@@ -385,4 +441,9 @@
free (groups);
}
#endif /* HAVE_GETGROUPS */
+#ifdef WITH_SELINUX
+ if ( context != NULL ) {
-+ printf(" context=%s",context);
++ printf(_(" context=%s"),context);
+ }
+#endif
}
---- coreutils-5.0/src/install.c.selinux 2003-05-21 11:20:27.000000000 -0400
-+++ coreutils-5.0/src/install.c 2003-05-21 11:20:28.000000000 -0400
-@@ -50,6 +50,10 @@
+diff -Nur coreutils-6.4/src/install.c coreutils-6.4.selinux/src/install.c
+--- coreutils-6.4/src/install.c 2006-10-31 23:38:15.000000000 +0000
++++ coreutils-6.4.selinux/src/install.c 2006-10-31 23:39:34.000000000 +0000
+@@ -50,6 +50,11 @@
# include <sys/wait.h>
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++int selinux_enabled=0;
+#endif
+
- struct passwd *getpwnam ();
- struct group *getgrnam ();
-
-@@ -126,11 +130,17 @@ static int dir_arg;
+ #if ! HAVE_ENDGRENT
+ # define endgrent() ((void) 0)
+ #endif
+@@ -128,12 +133,18 @@
static struct option const long_options[] =
{
{"backup", optional_argument, NULL, 'b'},
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'X'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"directory", no_argument, NULL, 'd'},
{"group", required_argument, NULL, 'g'},
{"mode", required_argument, NULL, 'm'},
+ {"no-target-directory", no_argument, NULL, 'T'},
{"owner", required_argument, NULL, 'o'},
{"preserve-timestamps", no_argument, NULL, 'p'},
+#ifdef WITH_SELINUX
+#endif
{"strip", no_argument, NULL, 's'},
{"suffix", required_argument, NULL, 'S'},
- {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
-@@ -247,6 +257,9 @@ cp_option_init (struct cp_options *x)
+ {"target-directory", required_argument, NULL, 't'},
+@@ -250,6 +261,9 @@
- x->update = 0;
- x->verbose = 0;
+ x->update = false;
+ x->verbose = false;
+#ifdef WITH_SELINUX
-+ x->preserve_security_context = 0;
++ x->preserve_security_context = false;
+#endif
- x->xstat = stat;
x->dest_info = NULL;
x->src_info = NULL;
-@@ -265,6 +278,11 @@ main (int argc, char **argv)
- struct cp_options x;
+ }
+@@ -302,6 +316,11 @@
+ bool no_target_directory = false;
int n_files;
char **file;
+#ifdef WITH_SELINUX
+ security_context_t scontext = NULL;
+ /* set iff kernel has extra selinux system calls */
-+ int is_selinux_enabled_flag = is_selinux_enabled();
++ selinux_enabled = (is_selinux_enabled()>0);
+#endif
+ initialize_main (&argc, &argv);
program_name = argv[0];
- setlocale (LC_ALL, "");
-@@ -285,7 +303,11 @@ main (int argc, char **argv)
+@@ -323,8 +342,13 @@
we'll actually use backup_suffix_string. */
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
+- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:", long_options,
+- NULL)) != -1)
++ while ((optc = getopt_long (argc, argv,
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPX:vV:S:Z:", long_options,
++ "bcCsDdg:m:o:pPt:TvS:Z:",
+#else
- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pvV:S:", long_options,
++ "bcCsDdg:m:o:pt:TvS:",
+#endif
- NULL)) != -1)
++ long_options, NULL)) != -1)
{
switch (optc)
-@@ -338,6 +360,39 @@ main (int argc, char **argv)
- make_backups = 1;
- backup_suffix_string = optarg;
+ {
+@@ -388,6 +412,37 @@
+ case 'T':
+ no_target_directory = true;
break;
+#ifdef WITH_SELINUX
+ case 'P':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
-+ fprintf( stderr, "Warning: ignoring --preserve_context (-P) "
-+ "because the kernel is not selinux-enabled.\n" );
++ if( !selinux_enabled ) {
++ fprintf( stderr, _("Warning: ignoring --preserve_context (-P) because the kernel is not SELinux-enabled.\n") );
+ break;
+ }
+ if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
-+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], scontext);
++ (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], scontext);
+ exit( 1 );
+ }
-+ x.preserve_security_context = 1;
++ x.preserve_security_context = true;
+ break ;
-+ case 'X':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
-+ fprintf( stderr, "Warning: ignoring --context (-X) "
-+ "because the kernel is not selinux-enabled.\n" );
++ if( !selinux_enabled) {
++ fprintf( stderr, _("Warning: ignoring --context (-Z) because the kernel is not SELinux-enabled.\n") );
+ break;
+ }
+ if ( x.preserve_security_context ) {
+
-+ (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg);
++ (void) fprintf(stderr, _("%s: cannot force target context == '%s' and preserve it\n"), argv[0], optarg);
+ exit( 1 );
+ }
+ scontext = optarg;
+ if (setfscreatecon(scontext)) {
-+ (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], scontext);
++ (void) fprintf(stderr, _("%s: cannot setup default context == '%s'\n"), argv[0], scontext);
+ exit(1);
+ }
+ break;
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
-@@ -721,6 +776,11 @@ Mandatory arguments to long options are
- -S, --suffix=SUFFIX override the usual backup suffix\n\
+@@ -781,6 +836,11 @@
+ -T, --no-target-directory treat DEST as a normal file\n\
-v, --verbose print the name of each directory as it is created\n\
"), stdout);
+ fputs (_("\
-+ -P, --preserve_context (Selinux) Preserve security context\n\
-+ -X, --context=CONTEXT (Selinux) Set security context of files and directories\n\
++ -P, --preserve_context (SELinux) Preserve security context\n\
++ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
+"), stdout);
+
fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout);
fputs (_("\
---- coreutils-5.0/src/ls.c.selinux 2003-05-21 11:20:27.000000000 -0400
-+++ coreutils-5.0/src/ls.c 2003-05-21 11:20:28.000000000 -0400
-@@ -132,6 +132,12 @@ int wcwidth ();
+diff -Nur coreutils-6.4/src/ls.c coreutils-6.4.selinux/src/ls.c
+--- coreutils-6.4/src/ls.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/ls.c 2006-10-31 23:39:34.000000000 +0000
+@@ -110,6 +110,17 @@
- #define AUTHORS N_ ("Richard Stallman and David MacKenzie")
+ #define AUTHORS "Richard Stallman", "David MacKenzie"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
-+int is_selinux_enabled_flag= 0;
++int selinux_enabled= 0;
+static int print_scontext = 0;
++#define check_selinux() if (!selinux_enabled) { \
++ fprintf( stderr, _("Sorry, this option can only be used on a SELinux-enabled kernel.\n") ); \
++ exit( EXIT_FAILURE ); \
++}
++
+#endif
+
#define obstack_chunk_alloc malloc
#define obstack_chunk_free free
-@@ -229,6 +235,10 @@ struct fileinfo
+@@ -175,6 +186,10 @@
/* For long listings, true if the file has an access control list. */
bool have_acl;
#endif
+#endif
};
- #if HAVE_ACL || USE_ACL
-@@ -292,6 +302,9 @@ static void queue_directory (const char
+ #if USE_ACL
+@@ -245,6 +260,9 @@
static void sort_files (void);
static void parse_ls_color (void);
void usage (int status);
+#ifdef WITH_SELINUX
-+static void print_scontext_format PARAMS ((const struct fileinfo *f));
++static void print_scontext_format (const struct fileinfo *f);
+#endif
- /* The name the program was run with, stripped of any leading path. */
+ /* The name this program was run with. */
char *program_name;
-@@ -381,7 +394,12 @@ enum format
+@@ -353,7 +371,10 @@
one_per_line, /* -1 */
many_per_line, /* -C */
horizontal, /* -x */
- with_commas /* -m */
+#ifdef WITH_SELINUX
-+ with_commas, /* -m */
-+ security_format
-+#else
-+ with_commas /* -m */
++ security_format, /* -Z */
+#endif
++ with_commas /* -m */
};
static enum format format;
-@@ -706,6 +724,11 @@ enum
+@@ -734,6 +755,11 @@
SHOW_CONTROL_CHARS_OPTION,
SI_OPTION,
SORT_OPTION,
TIME_OPTION,
TIME_STYLE_OPTION
};
-@@ -749,6 +772,11 @@ static struct option const long_options[
- {"time-style", required_argument, 0, TIME_STYLE_OPTION},
- {"color", optional_argument, 0, COLOR_OPTION},
- {"block-size", required_argument, 0, BLOCK_SIZE_OPTION},
+@@ -780,6 +806,11 @@
+ {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
+ {"color", optional_argument, NULL, COLOR_OPTION},
+ {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
+#ifdef WITH_SELINUX
+ {"context", no_argument, 0, CONTEXT_OPTION},
+ {"lcontext", no_argument, 0, LCONTEXT_OPTION},
+ {"scontext", no_argument, 0, SCONTEXT_OPTION},
+#endif
- {"author", no_argument, 0, AUTHOR_OPTION},
+ {"author", no_argument, NULL, AUTHOR_OPTION},
{GETOPT_HELP_OPTION_DECL},
{GETOPT_VERSION_OPTION_DECL},
-@@ -758,12 +786,19 @@ static struct option const long_options[
+@@ -789,11 +820,18 @@
static char const *const format_args[] =
{
"verbose", "long", "commas", "horizontal", "across",
-- "vertical", "single-column", 0
+- "vertical", "single-column", NULL
+ "vertical", "single-column",
+#ifdef WITH_SELINUX
+ "context",
+#endif
-+ 0
++ NULL
};
-
static enum format const format_types[] =
{
long_format, long_format, with_commas, horizontal, horizontal,
+#endif
many_per_line, one_per_line
};
-
-@@ -1147,6 +1182,9 @@ main (int argc, char **argv)
+ ARGMATCH_VERIFY (format_args, format_types);
+@@ -1218,6 +1256,9 @@
format_needs_stat = sort_type == sort_time || sort_type == sort_size
|| format == long_format
+#ifdef WITH_SELINUX
+ || format == security_format || print_scontext
+#endif
- || dereference == DEREF_ALWAYS
- || print_block_size || print_inode;
- format_needs_type = (format_needs_stat == 0
-@@ -1269,6 +1307,11 @@ decode_switches (int argc, char **argv)
+ || print_block_size;
+ format_needs_type = (! format_needs_stat
+ && (recursive
+@@ -1361,6 +1402,11 @@
/* Record whether there is an option specifying sort type. */
- int sort_type_specified = 0;
+ bool sort_type_specified = false;
+#ifdef WITH_SELINUX
+ /* 1 iff kernel has new selinux system calls */
-+ is_selinux_enabled_flag= is_selinux_enabled();
++ selinux_enabled= (is_selinux_enabled()>0);
+#endif
+
- qmark_funny_chars = 0;
+ qmark_funny_chars = false;
/* initialize all switches to default settings */
-@@ -1319,6 +1362,9 @@ decode_switches (int argc, char **argv)
- all_files = 0;
- really_all_files = 0;
- ignore_patterns = 0;
+@@ -1411,6 +1457,9 @@
+ ignore_mode = IGNORE_DEFAULT;
+ ignore_patterns = NULL;
+ hide_patterns = NULL;
+#ifdef WITH_SELINUX
+ print_scontext = 0;
+#endif
/* FIXME: put this in a function. */
{
-@@ -1684,6 +1730,31 @@ decode_switches (int argc, char **argv)
+@@ -1486,7 +1535,7 @@
+ }
+
+ while ((c = getopt_long (argc, argv,
+- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
++ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
+ long_options, NULL)) != -1)
+ {
+ switch (c)
+@@ -1609,6 +1658,13 @@
+ format = horizontal;
+ break;
+
++#ifdef WITH_SELINUX
++ case 'Z':
++ check_selinux();
++ print_scontext = 1;
++ format = security_format;
++ break;
++#endif
+ case 'A':
+ if (ignore_mode == IGNORE_DEFAULT)
+ ignore_mode = IGNORE_DOT_AND_DOTDOT;
+@@ -1789,6 +1845,25 @@
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
+#ifdef WITH_SELINUX
+
-+#define check_selinux() if (!is_selinux_enabled_flag) { \
-+ fprintf( stderr, "Sorry, this option can only be used " \
-+ "on a SELinux kernel.\n" ); \
-+ exit( EXIT_FAILURE ); \
-+}
-+
+ case CONTEXT_OPTION: /* new security format */
+ check_selinux();
+ print_scontext = 1;
+#endif
+
default:
- usage (EXIT_FAILURE);
+ usage (LS_FAILURE);
}
-@@ -2331,6 +2402,10 @@ clear_files (void)
- free (files[i].name);
- if (files[i].linkname)
- free (files[i].linkname);
+@@ -2485,6 +2558,12 @@
+ struct fileinfo *f = sorted_file[i];
+ free (f->name);
+ free (f->linkname);
+#ifdef WITH_SELINUX
-+ if (files[i].scontext)
-+ freecon (files[i].scontext);
++ if (f->scontext) {
++ freecon (f->scontext);
++ f->scontext=NULL;
++ }
+#endif
}
- files_index = 0;
-@@ -2402,6 +2477,11 @@ gobble_file (const char *name, enum file
+ cwd_n_used = 0;
+@@ -2527,6 +2608,9 @@
+ memset (f, '\0', sizeof *f);
+ f->stat.st_ino = inode;
+ f->filetype = type;
++#ifdef WITH_SELINUX
++ f->scontext = NULL;
++#endif
+
+ if (command_line_arg
+ || format_needs_stat
+@@ -2582,7 +2666,12 @@
{
- int need_lstat;
- err = stat (path, &files[files_index].stat);
+ bool need_lstat;
+ err = stat (absolute_name, &f->stat);
+-
+#ifdef WITH_SELINUX
+ if (err>=0)
-+ if (is_selinux_enabled_flag)
-+ err=getfilecon(path, &files[files_index].scontext);
++ if (selinux_enabled && (format == security_format || print_scontext))
++ getfilecon(absolute_name, &f->scontext);
+#endif
-
++
if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
break;
-@@ -2420,6 +2500,12 @@ gobble_file (const char *name, enum file
+
+@@ -2600,6 +2689,11 @@
default: /* DEREF_NEVER */
- err = lstat (path, &files[files_index].stat);
+ err = lstat (absolute_name, &f->stat);
+#ifdef WITH_SELINUX
+ if (err>=0)
-+ if (is_selinux_enabled_flag)
-+ err=lgetfilecon(path, &files[files_index].scontext);
++ if (selinux_enabled && (format == security_format || print_scontext))
++ lgetfilecon(absolute_name, &f->scontext);
+#endif
-+
break;
}
-@@ -2849,6 +2935,16 @@ print_current_files (void)
+@@ -3158,6 +3252,16 @@
DIRED_PUTCHAR ('\n');
}
break;
}
}
-@@ -3112,6 +3208,14 @@ print_long_format (const struct fileinfo
- p += strlen (p);
- }
+@@ -3412,6 +3516,14 @@
+ The latter is wrong when nlink_width is zero. */
+ p += strlen (p);
+#ifdef WITH_SELINUX
+
+#endif
+
DIRED_INDENT ();
- DIRED_FPUTS (buf, stdout, p - buf);
- print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
-@@ -3917,6 +4021,16 @@ Mandatory arguments to long options are
+
+ if (print_owner | print_group | print_author)
+@@ -4347,6 +4459,16 @@
-X sort alphabetically by entry extension\n\
-1 list one file per line\n\
"), stdout);
+#ifdef WITH_SELINUX
-+printf(_("SELINUX options:\n\n\
++printf(_("\nSELinux options:\n\n\
+ --lcontext Display security context. Enable -l. Lines\n\
+ will probably be too wide for most displays.\n\
-+ --context Display security context so it fits on most\n\
++ -Z, --context Display security context so it fits on most\n\
+ displays. Displays only mode, user, group,\n\
+ security context and file name.\n\
+ --scontext Display only security context and file name.\n\
-+"));
++\n\n"));
+#endif
fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout);
fputs (_("\n\
-@@ -3935,3 +4049,79 @@ to a terminal (tty).\n\
+@@ -4370,3 +4492,79 @@
}
exit (status);
}
+ p = buf;
+
+ if ( print_scontext ) { /* zero means terse listing */
-+ mode_string (f->stat.st_mode, modebuf);
++ filemodestring (&f->stat, modebuf);
+ modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
+ modebuf[11] = '\0';
+
+
+ DIRED_INDENT ();
+ DIRED_FPUTS (buf, stdout, p - buf);
-+ print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, &dired_obstack);
++ print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, f->stat_ok, f->filetype, &dired_obstack);
+
+ if (f->filetype == symbolic_link) {
+ if (f->linkname) {
+ DIRED_FPUTS_LITERAL (" -> ", stdout);
-+ print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, NULL);
++ print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, f->stat_ok, f->filetype, NULL);
+ if (indicator_style != none)
-+ print_type_indicator (f->linkmode);
++ print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
+ }
+ }
+ else {
+ if (indicator_style != none)
-+ print_type_indicator (f->stat.st_mode);
++ print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
+ }
+}
+#endif
---- coreutils-5.0/src/mkdir.c.selinux 2002-09-23 03:35:27.000000000 -0400
-+++ coreutils-5.0/src/mkdir.c 2003-05-21 11:20:28.000000000 -0400
-@@ -34,6 +34,10 @@
+diff -Nur coreutils-6.4/src/mkdir.c coreutils-6.4.selinux/src/mkdir.c
+--- coreutils-6.4/src/mkdir.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/mkdir.c 2006-10-31 23:39:34.000000000 +0000
+@@ -35,11 +35,18 @@
#define AUTHORS "David MacKenzie"
/* The name this program was run with. */
char *program_name;
-@@ -42,6 +46,9 @@ static int create_parents;
-
static struct option const longopts[] =
{
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'c'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"mode", required_argument, NULL, 'm'},
{"parents", no_argument, NULL, 'p'},
{"verbose", no_argument, NULL, 'v'},
-@@ -63,6 +70,11 @@ usage (int status)
+@@ -61,6 +68,11 @@
Create the DIRECTORY(ies), if they do not already exist.\n\
\n\
"), stdout);
+#ifdef WITH_SELINUX
+ printf (_("\
-+ -c, --context=CONTEXT (Selinux) set security context to CONTEXT\n\
++ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
+"));
+#endif
fputs (_("\
Mandatory arguments to long options are mandatory for short options too.\n\
"), stdout);
-@@ -97,7 +109,11 @@ main (int argc, char **argv)
+@@ -154,7 +166,11 @@
- create_parents = 0;
+ atexit (close_stdout);
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "pm:s:c:v", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
+#else
while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
+#endif
{
switch (optc)
{
-@@ -112,6 +128,20 @@ main (int argc, char **argv)
+@@ -167,6 +183,19 @@
case 'v': /* --verbose */
- verbose_fmt_string = _("created directory %s");
+ options.created_directory_format = _("created directory %s");
break;
+#ifdef WITH_SELINUX
-+ case 'c':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled()) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
-+ "a selinux-enabled kernel.\n" );
++ if( !(is_selinux_enabled()>0)) {
++ fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
+ exit( 1 );
+ }
+ if (setfscreatecon(optarg)) {
-+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
++ fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
+ exit( 1 );
+ }
+ break;
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
---- coreutils-5.0/src/mkfifo.c.selinux 2002-08-31 03:29:21.000000000 -0400
-+++ coreutils-5.0/src/mkfifo.c 2003-05-21 11:20:28.000000000 -0400
+diff -Nur coreutils-6.4/src/mkfifo.c coreutils-6.4.selinux/src/mkfifo.c
+--- coreutils-6.4/src/mkfifo.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/mkfifo.c 2006-10-31 23:39:34.000000000 +0000
@@ -32,11 +32,18 @@
#define AUTHORS "David MacKenzie"
static struct option const longopts[] =
{
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'c'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"mode", required_argument, NULL, 'm'},
{GETOPT_HELP_OPTION_DECL},
{GETOPT_VERSION_OPTION_DECL},
-@@ -57,6 +64,11 @@ usage (int status)
+@@ -56,6 +63,11 @@
Create named pipes (FIFOs) with the given NAMEs.\n\
\n\
"), stdout);
+#ifdef WITH_SELINUX
+ printf (_("\
-+ -c, --context=CONTEXT set security context (quoted string)\n\
++ -Z, --context=CONTEXT set security context (quoted string)\n\
+"), stdout);
+#endif
fputs (_("\
Mandatory arguments to long options are mandatory for short options too.\n\
"), stdout);
-@@ -92,7 +104,11 @@ main (int argc, char **argv)
- #ifndef S_ISFIFO
- error (4, 0, _("fifo files not supported"));
- #else
+@@ -85,13 +97,31 @@
+
+ atexit (close_stdout);
+
+- while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv,
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "m:c:", longopts, NULL)) != -1)
++ "m:Z:",
+#else
- while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
-+#endif
++ "m:",
++#endif
++ longopts, NULL)) != -1)
{
switch (optc)
{
-@@ -101,6 +117,19 @@ main (int argc, char **argv)
case 'm':
specified_mode = optarg;
break;
+#ifdef WITH_SELINUX
-+ case 'c':
-+ if( !is_selinux_enabled()) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
-+ "a selinux-enabled kernel.\n" );
++ case 'Z':
++ if( !(is_selinux_enabled()>0)) {
++ fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
+ exit( 1 );
+ }
+ if (setfscreatecon(optarg)) {
-+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
++ fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
+ exit( 1 );
+ }
+ break;
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
---- coreutils-5.0/src/mknod.c.selinux 2002-12-14 09:14:59.000000000 -0500
-+++ coreutils-5.0/src/mknod.c 2003-05-21 11:20:28.000000000 -0400
+diff -Nur coreutils-6.4/src/mknod.c coreutils-6.4.selinux/src/mknod.c
+--- coreutils-6.4/src/mknod.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/mknod.c 2006-10-31 23:39:34.000000000 +0000
@@ -36,8 +36,15 @@
/* The name this program was run with. */
char *program_name;
static struct option const longopts[] =
{
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'c'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"mode", required_argument, NULL, 'm'},
{GETOPT_HELP_OPTION_DECL},
{GETOPT_VERSION_OPTION_DECL},
-@@ -58,6 +65,11 @@ usage (int status)
+@@ -58,6 +65,11 @@
Create the special file NAME of the given TYPE.\n\
\n\
"), stdout);
+#ifdef WITH_SELINUX
+ fputs(_("\
-+ -c, --context=CONTEXT set security context (quoted string)\n\
++ -Z, --context=CONTEXT set security context (quoted string)\n\
+"), stdout);
+#endif
fputs (_("\
Mandatory arguments to long options are mandatory for short options too.\n\
"), stdout);
-@@ -102,7 +114,11 @@ main (int argc, char **argv)
+@@ -101,13 +113,30 @@
- specified_mode = NULL;
+ atexit (close_stdout);
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "m:s:c:", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
+#else
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
+#endif
{
switch (optc)
{
-@@ -111,6 +127,20 @@ main (int argc, char **argv)
case 'm':
specified_mode = optarg;
break;
+#ifdef WITH_SELINUX
-+ case 'c':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled()) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
-+ "a selinux-enabled kernel.\n" );
++ if( !(is_selinux_enabled()>0)) {
++ fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
+ exit( 1 );
+ }
+ if (setfscreatecon(optarg)) {
-+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
++ fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
+ exit( 1 );
+ }
+ break;
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
---- coreutils-5.0/src/mv.c.selinux 2003-05-21 11:20:27.000000000 -0400
-+++ coreutils-5.0/src/mv.c 2003-05-21 11:31:45.000000000 -0400
-@@ -37,6 +37,9 @@
- #include "path-concat.h"
+diff -Nur coreutils-6.4/src/mv.c coreutils-6.4.selinux/src/mv.c
+--- coreutils-6.4/src/mv.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/mv.c 2006-10-31 23:39:34.000000000 +0000
+@@ -33,6 +33,11 @@
#include "quote.h"
#include "remove.h"
+
+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++#include <selinux/selinux.h> /* for is_selinux_enabled() */
++int selinux_enabled=0;
+#endif
-
++
/* The official name of this program (e.g., no `g' prefix). */
#define PROGRAM_NAME "mv"
-@@ -139,6 +142,9 @@ cp_option_init (struct cp_options *x)
- x->update = 0;
- x->verbose = 0;
+@@ -125,6 +130,9 @@
+ x->preserve_links = true;
+ x->preserve_mode = true;
+ x->preserve_timestamps = true;
+#ifdef WITH_SELINUX
-+ x->preserve_security_context = 0;
++ x->preserve_security_context = true;
+#endif
- x->xstat = lstat;
- x->dest_info = NULL;
- x->src_info = NULL;
-@@ -358,6 +364,10 @@ Mandatory arguments to long options are
- equivalent to --reply=query\n\
- "), stdout);
- fputs (_("\
-+ -c preserve security context when source and\n\
-+ destination are on different file systems\n\
-+"), stdout);
-+ fputs (_("\
- --reply={yes,no,query} specify how to handle the prompt about an\n\
- existing destination file\n\
- --strip-trailing-slashes remove any trailing slashes from each SOURCE\n\
-@@ -421,7 +431,11 @@ main (int argc, char **argv)
+ x->require_preserve = false; /* FIXME: maybe make this an option */
+ x->recursive = true;
+ x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
+@@ -356,6 +364,10 @@
- errors = 0;
+ cp_option_init (&x);
+#ifdef WITH_SELINUX
-+ while ((c = getopt_long (argc, argv, "bcfiuvS:V:", long_options, NULL)) != -1)
-+#else
- while ((c = getopt_long (argc, argv, "bfiuvS:V:", long_options, NULL)) != -1)
-+#endif
- {
- switch (c)
- {
-@@ -440,6 +454,15 @@ main (int argc, char **argv)
- if (optarg)
- version_control_string = optarg;
- break;
-+#ifdef WITH_SELINUX
-+ case 'c':
-+ if (is_selinux_enabled())
-+ x.preserve_security_context = 1;
-+ else
-+ fprintf( stderr, "Warning: ignoring -c. "
-+ "It requires a SELinux enabled kernel.\n" );
-+ break;
++ selinux_enabled= (is_selinux_enabled()>0);
+#endif
- case 'f':
- x.interactive = I_ALWAYS_YES;
- break;
---- /dev/null 2003-01-30 05:24:37.000000000 -0500
-+++ coreutils-5.0/src/runcon.c 2003-05-21 11:20:28.000000000 -0400
-@@ -0,0 +1,169 @@
++
+ /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
+ we'll actually use backup_suffix_string. */
+ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
+diff -Nur coreutils-6.4/src/runcon.c coreutils-6.4.selinux/src/runcon.c
+--- coreutils-6.4/src/runcon.c 1970-01-01 00:00:00.000000000 +0000
++++ coreutils-6.4.selinux/src/runcon.c 2006-10-31 23:39:34.000000000 +0000
+@@ -0,0 +1,174 @@
+/*
+ * runcon [ context |
+ * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
+ * 4 N error
+ */
+
++#include <config.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <selinux/context.h>
+#include <selinux/selinux.h>
+#include <errno.h>
++#include "system.h"
+extern int errno;
+
+/* The name the program was run with. */
+void
+usage(char *str)
+{
-+ printf("Usage: %s [OPTION]... command [args]\n"
++ printf(_("Usage: %s [OPTION]... command [args]\n"
+ "Run a program in a different security context.\n\n"
+ " context Complete security context\n"
+ " -t type (for same role as parent)\n"
+ " -u user identity\n"
+ " -r role\n"
+ " -l levelrange\n"
-+ " --help display this help and exit\n",
++ " --help display this help and exit\n"),
+ program_name);
+ exit(1);
+}
+ context_t con;
+
+ program_name = argv[0];
++ setlocale (LC_ALL, "");
++ bindtextdomain (PACKAGE, LOCALEDIR);
++ textdomain (PACKAGE);
+
+ while (1) {
+ int c;
+ switch ( c ) {
+ case 'r':
+ if ( role ) {
-+ fprintf(stderr,"multiple roles\n");
++ fprintf(stderr,_("multiple roles\n"));
+ exit(1);
+ }
+ role = optarg;
+ break;
+ case 't':
+ if ( type ) {
-+ fprintf(stderr,"multiple types\n");
++ fprintf(stderr,_("multiple types\n"));
+ exit(1);
+ }
+ type = optarg;
+ break;
+ case 'u':
+ if ( user ) {
-+ fprintf(stderr,"multiple users\n");
++ fprintf(stderr,_("multiple users\n"));
+ exit(1);
+ }
+ user = optarg;
+ break;
+ case 'l':
+ if ( range ) {
-+ fprintf(stderr,"multiple levelranges\n");
++ fprintf(stderr,_("multiple levelranges\n"));
+ exit(1);
+ }
+ range = optarg;
+ break;
+ default:
-+ fprintf(stderr,"unrecognised option %c\n",c);
++ fprintf(stderr,_("unrecognised option %c\n"),c);
+ case '?':
+ usage(0);
+ break;
+ }
+ if ( !(user || role || type || range)) {
+ if ( optind >= argc ) {
-+ usage("must specify -t, -u, -l, -r, or context");
++ usage(_("must specify -t, -u, -l, -r, or context"));
+ }
+ context = argv[optind++];
+ }
+
+ if ( optind >= argc ) {
-+ usage("no command found");
++ usage(_("no command found"));
+ }
+
+ if ( context ) {
+ con = context_new(context);
+ if (!con) {
-+ fprintf(stderr,"%s is not a valid context\n", context);
++ fprintf(stderr,_("%s is not a valid context\n"), context);
+ exit(1);
+ }
+ }
+ getcon(&cur_context);
+ con = context_new(cur_context);
+ if (!con) {
-+ fprintf(stderr,"%s is not a valid context\n", context);
++ fprintf(stderr,_("%s is not a valid context\n"), context);
+ exit(1);
+ }
+ if ( user ) {
+ }
+
+ if (setexeccon(context_str(con))!=0) {
-+ fprintf(stderr,"unable to setup security context %s\n", context_str(con));
++ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
+ exit(1);
+ }
+ if (cur_context!=NULL)
+ }
+ return 1; /* can't reach this statement.... */
+}
---- /dev/null 2003-01-30 05:24:37.000000000 -0500
-+++ coreutils-5.0/man/chcon.x 2003-05-21 11:20:28.000000000 -0400
-@@ -0,0 +1,4 @@
-+[NAME]
-+chcon \- change file security context
-+[DESCRIPTION]
-+.\" Add any additional description here
---- /dev/null 2003-01-30 05:24:37.000000000 -0500
-+++ coreutils-5.0/man/runcon.x 2003-05-21 11:20:28.000000000 -0400
-@@ -0,0 +1,2 @@
-+[DESCRIPTION]
-+.\" Add any additional description here
---- coreutils-5.0/tests/cp/Makefile.am.selinux 2003-02-02 15:08:59.000000000 -0500
-+++ coreutils-5.0/tests/cp/Makefile.am 2003-05-21 11:20:28.000000000 -0400
-@@ -3,8 +3,8 @@ AUTOMAKE_OPTIONS = 1.1 gnits
-
- TESTS = \
- preserve-2 r-vs-symlink link-preserve \
-- backup-1 no-deref-link1 no-deref-link2 no-deref-link3 backup-is-src \
-- same-file cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
-+ backup-1 backup-is-src \
-+ cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
- perm cp-HL special-bits link dir-rm-dest cp-parents deref-slink \
- dir-vs-file into-self
- EXTRA_DIST = $(TESTS)
---- coreutils-5.0/tests/cp/Makefile.in.selinux 2003-04-02 09:28:43.000000000 -0500
-+++ coreutils-5.0/tests/cp/Makefile.in 2003-05-21 11:23:03.000000000 -0400
-@@ -152,8 +152,8 @@ AUTOMAKE_OPTIONS = 1.1 gnits
-
- TESTS = \
- preserve-2 r-vs-symlink link-preserve \
-- backup-1 no-deref-link1 no-deref-link2 no-deref-link3 backup-is-src \
-- same-file cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
-+ backup-1 backup-is-src \
-+ cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
- perm cp-HL special-bits link dir-rm-dest cp-parents deref-slink \
- dir-vs-file into-self
-
---- coreutils-5.0/README.selinux 2003-03-29 09:24:00.000000000 -0500
-+++ coreutils-5.0/README 2003-05-21 11:20:28.000000000 -0400
-@@ -7,11 +7,11 @@ arbitrary limits.
+diff -Nur coreutils-6.4/src/stat.c coreutils-6.4.selinux/src/stat.c
+--- coreutils-6.4/src/stat.c 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/src/stat.c 2006-10-31 23:39:48.000000000 +0000
+@@ -55,6 +55,13 @@
+ # include <fs_info.h>
+ #endif
- The programs that can be built with this package are:
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#define SECURITY_ID_T security_context_t
++#else
++#define SECURITY_ID_T char *
++#endif
++
+ #include "system.h"
+
+ #include "error.h"
+@@ -161,6 +168,7 @@
+ {"dereference", no_argument, NULL, 'L'},
+ {"file-system", no_argument, NULL, 'f'},
+ {"filesystem", no_argument, NULL, 'f'}, /* obsolete and undocumented alias */
++ {"context", no_argument, 0, 'Z'},
+ {"format", required_argument, NULL, 'c'},
+ {"printf", required_argument, NULL, PRINTF_OPTION},
+ {"terse", no_argument, NULL, 't'},
+@@ -397,7 +405,7 @@
+ /* print statfs info */
+ static void
+ print_statfs (char *pformat, size_t prefix_len, char m, char const *filename,
+- void const *data)
++ void const *data, SECURITY_ID_T scontext)
+ {
+ STRUCT_STATVFS const *statfsbuf = data;
-- basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd
-+ basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd
- df dir dircolors dirname du echo env expand expr factor false fmt fold
- ginstall groups head hostid hostname id join kill link ln logname ls
- md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
-- printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort
-+ printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum shred sleep sort
- split stat stty su sum sync tac tail tee test touch tr true tsort tty
- uname unexpand uniq unlink uptime users vdir wc who whoami yes
+@@ -472,7 +480,9 @@
+ case 'd':
+ out_int (pformat, prefix_len, statfsbuf->f_ffree);
+ break;
+-
++ case 'C':
++ out_string (pformat, prefix_len, scontext);
++ break;
+ default:
+ fputc ('?', stdout);
+ break;
+@@ -482,7 +492,7 @@
+ /* print stat info */
+ static void
+ print_stat (char *pformat, size_t prefix_len, char m,
+- char const *filename, void const *data)
++ char const *filename, void const *data, SECURITY_ID_T scontext)
+ {
+ struct stat *statbuf = (struct stat *) data;
+ struct passwd *pw_ent;
+@@ -595,6 +605,9 @@
+ else
+ out_uint (pformat, prefix_len, statbuf->st_ctime);
+ break;
++ case 'C':
++ out_string (pformat, prefix_len, scontext);
++ break;
+ default:
+ fputc ('?', stdout);
+ break;
+@@ -641,8 +654,8 @@
+
+ static void
+ print_it (char const *format, char const *filename,
+- void (*print_func) (char *, size_t, char, char const *, void const *),
+- void const *data)
++ void (*print_func) (char *, size_t, char, char const *, void const *, SECURITY_ID_T),
++ void const *data, SECURITY_ID_T scontext)
+ {
+ /* Add 2 to accommodate our conversion of the stat `%s' format string
+ to the longer printf `%llu' one. */
+@@ -683,7 +696,7 @@
+ putchar ('%');
+ break;
+ default:
+- print_func (dest, len + 1, *fmt_char, filename, data);
++ print_func (dest, len + 1, *fmt_char, filename, data, scontext);
+ break;
+ }
+ break;
+@@ -746,9 +759,17 @@
+
+ /* Stat the file system and print what we find. */
+ static bool
+-do_statfs (char const *filename, bool terse, char const *format)
++do_statfs (char const *filename, bool terse, bool secure, char const *format)
+ {
+ STRUCT_STATVFS statfsbuf;
++ SECURITY_ID_T scontext = NULL;
++#ifdef WITH_SELINUX
++ if(secure)
++ if (getfilecon(filename,&scontext)<0) {
++ perror (filename);
++ return false;
++ }
++#endif
+
+ if (STATFS (filename, &statfsbuf) != 0)
+ {
+@@ -759,25 +780,45 @@
+
+ if (format == NULL)
+ {
+- format = (terse
+- ? "%n %i %l %t %s %S %b %f %a %c %d\n"
+- : " File: \"%n\"\n"
+- " ID: %-8i Namelen: %-7l Type: %T\n"
+- "Block size: %-10s Fundamental block size: %S\n"
+- "Blocks: Total: %-10b Free: %-10f Available: %a\n"
+- "Inodes: Total: %-10c Free: %d\n");
+- }
++ if (terse) {
++ if(secure)
++ format = "%n %i %l %t %s %S %b %f %a %c %d %C\n";
++ else
++ format = "%n %i %l %t %s %S %b %f %a %c %d\n";
++ }
++ else
++ {
++ if(secure)
++ format = " File: \"%n\"\n"
++ " ID: %-8i Namelen: %-7l Type: %T\n"
++ "Block size: %-10s Fundamental block size: %S\n"
++ "Blocks: Total: %-10b Free: %-10f Available: %a\n"
++ "Inodes: Total: %-10c Free: %d\n"
++ " S_Context: %C\n";
++ else
++ format = " File: \"%n\"\n"
++ " ID: %-8i Namelen: %-7l Type: %T\n"
++ "Block size: %-10s Fundamental block size: %S\n"
++ "Blocks: Total: %-10b Free: %-10f Available: %a\n"
++ "Inodes: Total: %-10c Free: %d\n";
++ }
++ }
++ print_it (format, filename, print_statfs, &statfsbuf, scontext);
++#ifdef WITH_SELINUX
++ if (scontext != NULL)
++ freecon(scontext);
++#endif
+
+- print_it (format, filename, print_statfs, &statfsbuf);
+ return true;
+ }
+
+ /* stat the file and print what we find */
+ static bool
+-do_stat (char const *filename, bool follow_links, bool terse,
++do_stat (char const *filename, bool follow_links, bool terse, bool secure,
+ char const *format)
+ {
+ struct stat statbuf;
++ SECURITY_ID_T scontext = NULL;
+
+ if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
+ {
+@@ -785,11 +826,29 @@
+ return false;
+ }
+
++#ifdef WITH_SELINUX
++ if(secure) {
++ int i;
++ if (follow_links)
++ i=lgetfilecon(filename, &scontext);
++ else
++ i=getfilecon(filename, &scontext);
++ if (i == -1)
++ {
++ perror (filename);
++ return false;
++ }
++ }
++#endif
++
+ if (format == NULL)
+ {
+ if (terse)
+ {
+- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
++ if (secure)
++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n";
++ else
++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
+ }
+ else
+ {
+@@ -797,7 +856,17 @@
+ implemented. */
+ if (S_ISBLK (statbuf.st_mode) || S_ISCHR (statbuf.st_mode))
+ {
+- format =
++ if (secure)
++ format =
++ " File: %N\n"
++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
++ " Device type: %t,%T\n"
++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
++ " S_Context: %C\n"
++ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
++ else
++ format =
+ " File: %N\n"
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
+ "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
+@@ -807,6 +876,15 @@
+ }
+ else
+ {
++ if (secure)
++ format =
++ " File: %N\n"
++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n"
++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
++ "S_Context: %C\n"
++ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
++ else
+ format =
+ " File: %N\n"
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
+@@ -816,7 +894,11 @@
+ }
+ }
+ }
+- print_it (format, filename, print_stat, &statbuf);
++ print_it (format, filename, print_stat, &statbuf, scontext);
++#ifdef WITH_SELINUX
++ if (scontext)
++ freecon(scontext);
++#endif
+ return true;
+ }
+
+@@ -841,6 +923,7 @@
+ --printf=FORMAT like --format, but interpret backslash escapes,\n\
+ and do not output a mandatory trailing newline.\n\
+ If you want a newline, include \\n in FORMAT.\n\
++ -Z, --context print the security context\n\
+ -t, --terse print the information in terse form\n\
+ "), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+@@ -892,6 +975,7 @@
+ %c Total file nodes in file system\n\
+ %d Free file nodes in file system\n\
+ %f Free blocks in file system\n\
++ %C Security context in SELinux\n\
+ "), stdout);
+ fputs (_("\
+ %i File System ID in hex\n\
+@@ -915,6 +999,7 @@
+ int i;
+ bool follow_links = false;
+ bool fs = false;
++ bool secure = false;
+ bool terse = false;
+ char *format = NULL;
+ bool ok = true;
+@@ -927,7 +1012,7 @@
+ atexit (close_stdout);
+
+- while ((c = getopt_long (argc, argv, "c:fLt", long_options, NULL)) != -1)
++ while ((c = getopt_long (argc, argv, "c:fLtZ", long_options, NULL)) != -1)
+ {
+ switch (c)
+ {
+@@ -946,6 +1031,14 @@
+ case 'L':
+ follow_links = true;
+ break;
++ case 'Z':
++ if((is_selinux_enabled()>0))
++ secure = true;
++ else {
++ error (0, 0, _("Kernel is not SELinux enabled"));
++ usage (EXIT_FAILURE);
++ }
++ break;
+
+ case 'f':
+ fs = true;
+@@ -972,8 +1065,8 @@
+
+ for (i = optind; i < argc; i++)
+ ok &= (fs
+- ? do_statfs (argv[i], terse, format)
+- : do_stat (argv[i], follow_links, terse, format));
++ ? do_statfs (argv[i], terse, secure, format)
++ : do_stat (argv[i], follow_links, terse, secure, format));
+
+ exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
+ }
+diff -Nur coreutils-6.4/tests/help-version coreutils-6.4.selinux/tests/help-version
+--- coreutils-6.4/tests/help-version 2006-10-22 16:54:15.000000000 +0000
++++ coreutils-6.4.selinux/tests/help-version 2006-10-31 23:39:34.000000000 +0000
+@@ -70,6 +70,8 @@
+
+ # Skip `test'; it doesn't accept --help or --version.
+ test $i = test && continue;
++ test $i = chcon && continue;
++ test $i = runcon && continue;
+
+ # false fails even when invoked with --help or --version.
+ if test $i = false; then
+@@ -190,7 +192,7 @@
+
+ for i in $all_programs; do
+ # Skip these.
+- case $i in chroot|stty|tty|false) continue;; esac
++ case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
+
+ rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out
+ echo > $tmp_in