From: Arkadiusz Miƛkiewicz Date: Sat, 27 Dec 2003 11:48:57 +0000 (+0000) Subject: fresh version of patch X-Git-Tag: auto/ac/coreutils-5_0-5~1 X-Git-Url: http://git.pld-linux.org/?a=commitdiff_plain;h=0107077f9ddc29ca8e011badff08023c54738afd;p=packages%2Fcoreutils.git fresh version of patch Changed files: coreutils-selinux.patch -> 1.4 --- diff --git a/coreutils-selinux.patch b/coreutils-selinux.patch index 1a90b34..d0568e8 100644 --- a/coreutils-selinux.patch +++ b/coreutils-selinux.patch @@ -1,23 +1,220 @@ -diff -Nur coreutils-5.0/README coreutils-5.0.new/README ---- coreutils-5.0/README 2003-03-29 15:24:00.000000000 +0100 -+++ coreutils-5.0.new/README 2003-06-20 12:10:09.000000000 +0200 -@@ -7,11 +7,11 @@ - - The programs that can be built with this package are: - -- basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd -+ basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd - df dir dircolors dirname du echo env expand expr factor false fmt fold - ginstall groups head hostid hostname id join kill link ln logname ls - md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr -- printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort -+ printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum shred sleep sort - split stat stty su sum sync tac tail tee test touch tr true tsort tty - uname unexpand uniq unlink uptime users vdir wc who whoami yes - -diff -Nur coreutils-5.0/man/Makefile.am coreutils-5.0.new/man/Makefile.am ---- coreutils-5.0/man/Makefile.am 2003-06-20 12:00:57.000000000 +0200 -+++ coreutils-5.0.new/man/Makefile.am 2003-06-20 12:12:08.000000000 +0200 +diff -urN coreutils-5.0.org/config.hin coreutils-5.0/config.hin +--- coreutils-5.0.org/config.hin 2003-12-27 12:26:28.926095552 +0100 ++++ coreutils-5.0/config.hin 2003-12-27 12:28:20.345157280 +0100 +@@ -1427,3 +1427,7 @@ + /* Define to empty if the keyword `volatile' does not work. Warning: valid + code using `volatile' can become incorrect without. Disable with care. */ + #undef volatile ++ ++/* Define if you want to use SELINUX */ ++#undef WITH_SELINUX ++ +diff -urN coreutils-5.0.org/configure.ac coreutils-5.0/configure.ac +--- coreutils-5.0.org/configure.ac 2003-12-27 12:26:28.584147536 +0100 ++++ coreutils-5.0/configure.ac 2003-12-27 12:27:54.896026136 +0100 +@@ -15,6 +15,13 @@ + LIB_PAM="-ldl -lpam -lpam_misc" + ) + ++dnl Give the chance to enable PAM ++AC_ARG_ENABLE(selinux, dnl ++[ --enable-selinux Enable use of the SELINUX libraries], ++[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) ++LIB_SELINUX="-lselinux" ++AC_SUBST(LIB_SELINUX)]) ++ + AC_GNU_SOURCE + jm_PERL + AC_PROG_CC +diff -urN coreutils-5.0.org/man/chcon.1 coreutils-5.0/man/chcon.1 +--- coreutils-5.0.org/man/chcon.1 1970-01-01 01:00:00.000000000 +0100 ++++ coreutils-5.0/man/chcon.1 2003-12-27 12:26:52.965441016 +0100 +@@ -0,0 +1,52 @@ ++.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands" ++.SH NAME ++chcon \- change security context ++.SH SYNOPSIS ++.B chcon ++[\fIOPTION\fR]...\fI CONTEXT FILE\fR... ++.br ++.B chcon ++[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR... ++.SH DESCRIPTION ++.PP ++." Add any additional description here ++.PP ++Change the security context of each FILE to CONTEXT. ++.TP ++\fB\-c\fR, \fB\-\-changes\fR ++like verbose but report only when a change is made ++.TP ++\fB\-h\fR, \fB\-\-no\-dereference\fR ++affect symbolic links instead of any referenced file (available only on systems with lchown system call) ++.TP ++\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR ++suppress most error messages ++.TP ++\fB\-\-reference\fR=\fIRFILE\fR ++use RFILE's context instead of using a CONTEXT value ++.TP ++\fB\-R\fR, \fB\-\-recursive\fR ++change files and directories recursively ++.TP ++\fB\-v\fR, \fB\-\-verbose\fR ++output a diagnostic for every file processed ++.TP ++\fB\-\-help\fR ++display this help and exit ++.TP ++\fB\-\-version\fR ++output version information and exit ++.SH "REPORTING BUGS" ++Report bugs to . ++.SH "SEE ALSO" ++The full documentation for ++.B chcon ++is maintained as a Texinfo manual. If the ++.B info ++and ++.B chcon ++programs are properly installed at your site, the command ++.IP ++.B info chcon ++.PP ++should give you access to the complete manual. +diff -urN coreutils-5.0.org/man/chcon.x coreutils-5.0/man/chcon.x +--- coreutils-5.0.org/man/chcon.x 1970-01-01 01:00:00.000000000 +0100 ++++ coreutils-5.0/man/chcon.x 2003-12-27 12:26:52.962441472 +0100 +@@ -0,0 +1,4 @@ ++[NAME] ++chcon \- change file security context ++[DESCRIPTION] ++.\" Add any additional description here +diff -urN coreutils-5.0.org/man/cp.1 coreutils-5.0/man/cp.1 +--- coreutils-5.0.org/man/cp.1 2003-12-27 12:26:28.509158936 +0100 ++++ coreutils-5.0/man/cp.1 2003-12-27 12:26:52.965441016 +0100 +@@ -57,7 +57,7 @@ + .TP + \fB\-\-preserve\fR[=\fIATTR_LIST\fR] + preserve the specified attributes (default: +-mode,ownership,timestamps), if possible ++mode,ownership,timestamps) and security contexts, if possible + additional attributes: links, all + .TP + \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR +@@ -109,6 +109,9 @@ + \fB\-\-help\fR + display this help and exit + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set security context of copy to CONTEXT ++.TP + \fB\-\-version\fR + output version information and exit + .PP +diff -urN coreutils-5.0.org/man/dir.1 coreutils-5.0/man/dir.1 +--- coreutils-5.0.org/man/dir.1 2003-12-27 12:26:28.485162584 +0100 ++++ coreutils-5.0/man/dir.1 2003-12-27 12:26:52.966440864 +0100 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH DIR "1" "March 2003" "dir (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH DIR "1" "September 2003" "dir (coreutils) 5.0" FSF + .SH NAME + dir \- list directory contents + .SH SYNOPSIS +@@ -195,6 +195,20 @@ + .TP + \fB\-1\fR + list one file per line ++.PP ++SELINUX options: ++.TP ++\fB\-\-lcontext\fR ++Display security context. Enable \fB\-l\fR. Lines ++will probably be too wide for most displays. ++.TP ++\fB\-\-context\fR ++Display security context so it fits on most ++displays. Displays only mode, user, group, ++security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only security context and file name. + .TP + \fB\-\-help\fR + display this help and exit +diff -urN coreutils-5.0.org/man/id.1 coreutils-5.0/man/id.1 +--- coreutils-5.0.org/man/id.1 2003-12-27 12:26:28.509158936 +0100 ++++ coreutils-5.0/man/id.1 2003-12-27 12:26:52.967440712 +0100 +@@ -13,6 +13,9 @@ + \fB\-a\fR + ignore, for compatibility with other versions + .TP ++\fB\-Z\fR, \fB\-\-context\fR ++print only the security context ++.TP + \fB\-g\fR, \fB\-\-group\fR + print only the effective group ID + .TP +diff -urN coreutils-5.0.org/man/install.1 coreutils-5.0/man/install.1 +--- coreutils-5.0.org/man/install.1 2003-12-27 12:26:28.509158936 +0100 ++++ coreutils-5.0/man/install.1 2003-12-27 12:26:52.967440712 +0100 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH INSTALL "1" "March 2003" "install (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH INSTALL "1" "September 2003" "install (coreutils) 5.0" FSF + .SH NAME + ginstall \- copy files and set attributes + .SH SYNOPSIS +@@ -56,6 +56,11 @@ + .TP + \fB\-v\fR, \fB\-\-verbose\fR + print the name of each directory as it is created ++.HP ++\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context ++.TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++(SELinux) Set security context of files and directories + .TP + \fB\-\-help\fR + display this help and exit +diff -urN coreutils-5.0.org/man/ls.1 coreutils-5.0/man/ls.1 +--- coreutils-5.0.org/man/ls.1 2003-12-27 12:26:28.509158936 +0100 ++++ coreutils-5.0/man/ls.1 2003-12-27 12:26:52.966440864 +0100 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH LS "1" "March 2003" "ls (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH LS "1" "September 2003" "ls (coreutils) 5.0" FSF + .SH NAME + ls \- list directory contents + .SH SYNOPSIS +@@ -195,6 +195,20 @@ + .TP + \fB\-1\fR + list one file per line ++.PP ++SELinux options: ++.TP ++\fB\-\-lcontext\fR ++Display security context. Enable \fB\-l\fR. Lines ++will probably be too wide for most displays. ++.TP ++\fB\-Z\fR, \fB\-\-context\fR ++Display security context so it fits on most ++displays. Displays only mode, user, group, ++security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only security context and file name. + .TP + \fB\-\-help\fR + display this help and exit +diff -urN coreutils-5.0.org/man/Makefile.am coreutils-5.0/man/Makefile.am +--- coreutils-5.0.org/man/Makefile.am 2003-12-27 12:26:28.345183864 +0100 ++++ coreutils-5.0/man/Makefile.am 2003-12-27 12:33:28.969239288 +0100 @@ -9,7 +9,7 @@ rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \ su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \ @@ -36,62 +233,253 @@ diff -Nur coreutils-5.0/man/Makefile.am coreutils-5.0.new/man/Makefile.am SUFFIXES = .x .1 -diff -Nur coreutils-5.0/man/chcon.x coreutils-5.0.new/man/chcon.x ---- coreutils-5.0/man/chcon.x 1970-01-01 01:00:00.000000000 +0100 -+++ coreutils-5.0.new/man/chcon.x 2003-06-20 12:10:08.000000000 +0200 -@@ -0,0 +1,4 @@ -+[NAME] -+chcon \- change file security context -+[DESCRIPTION] -+.\" Add any additional description here -diff -Nur coreutils-5.0/man/runcon.x coreutils-5.0.new/man/runcon.x ---- coreutils-5.0/man/runcon.x 1970-01-01 01:00:00.000000000 +0100 -+++ coreutils-5.0.new/man/runcon.x 2003-06-20 12:10:08.000000000 +0200 -@@ -0,0 +1,2 @@ -+[DESCRIPTION] -+.\" Add any additional description here -diff -Nur coreutils-5.0/src/Makefile.am coreutils-5.0.new/src/Makefile.am ---- coreutils-5.0/src/Makefile.am 2003-06-20 12:00:57.000000000 +0200 -+++ coreutils-5.0.new/src/Makefile.am 2003-06-20 12:11:21.000000000 +0200 -@@ -4,13 +4,13 @@ - EXTRA_SCRIPTS = nohup +diff -urN coreutils-5.0.org/man/Makefile.in coreutils-5.0/man/Makefile.in +--- coreutils-5.0.org/man/Makefile.in 2003-12-27 12:26:28.434170336 +0100 ++++ coreutils-5.0/man/Makefile.in 2003-12-27 12:26:52.964441168 +0100 +@@ -1,4 +1,4 @@ +-# Makefile.in generated by automake 1.7.3 from Makefile.am. ++# Makefile.in generated by automake 1.7.7 from Makefile.am. + # @configure_input@ + + # Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +@@ -72,6 +72,7 @@ + INTLLIBS = @INTLLIBS@ + KMEM_GROUP = @KMEM_GROUP@ + LDFLAGS = @LDFLAGS@ ++LIBACL = @LIBACL@ + LIBICONV = @LIBICONV@ + LIBINTL = @LIBINTL@ + LIBOBJS = @LIBOBJS@ +@@ -79,6 +80,8 @@ + LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ + LIB_CRYPT = @LIB_CRYPT@ + LIB_NANOSLEEP = @LIB_NANOSLEEP@ ++LIB_PAM = @LIB_PAM@ ++LIB_SELINUX = @LIB_SELINUX@ + LN_S = @LN_S@ + LTLIBICONV = @LTLIBICONV@ + LTLIBINTL = @LTLIBINTL@ +@@ -152,13 +155,13 @@ + basename.1 cat.1 chgrp.1 chmod.1 chown.1 chroot.1 cksum.1 comm.1 \ + cp.1 csplit.1 cut.1 date.1 dd.1 df.1 dir.1 dircolors.1 dirname.1 du.1 \ + echo.1 env.1 expand.1 expr.1 factor.1 false.1 fmt.1 fold.1 groups.1 \ +- head.1 hostid.1 hostname.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \ ++ head.1 hostid.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \ + ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nice.1 nl.1 nohup.1 od.1 \ + paste.1 pathchk.1 pinky.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \ + rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \ + su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \ + tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \ +- who.1 whoami.1 yes.1 ++ who.1 whoami.1 yes.1 chcon.1 runcon.1 - bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@ --bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \ -+bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \ - ginstall link ln dir vdir ls mkdir \ - mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \ - cat cksum comm csplit cut expand fmt fold head join md5sum \ - nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \ - basename date dirname echo env expr factor false getgid \ -- hostname id kill logname pathchk printenv printf pwd seq sleep tee \ -+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \ - test true tty whoami yes \ - @OPTIONAL_BIN_PROGS@ @DF_PROG@ -@@ -24,15 +24,15 @@ - groups.sh nohup.sh wheel-gen.pl - CLEANFILES = $(SCRIPTS) su + man_aux = $(dist_man_MANS:.1=.x) +@@ -184,7 +187,7 @@ --INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib --DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" @DEFS@ -+INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib -+DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" -DWITH_SELINUX @DEFS@ + NROFF = nroff + MANS = $(dist_man_MANS) +-DIST_COMMON = $(dist_man_MANS) Makefile.am Makefile.in ++DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in Makefile.am + all: all-am - # Sometimes, the expansion of @LIBINTL@ includes -lc which may - # include modules defining variables like `optind', so libfetish.a - # must precede @LIBINTL@ in order to ensure we use GNU getopt. - # But libfetish.a must also follow @LIBINTL@, since libintl uses - # replacement functions defined in libfetish.a. --LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a -+LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a -lselinux -lattr - - dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ - ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c ---- coreutils-5.0/src/chcon.c 1970-01-01 01:00:00.000000000 +0100 -+++ coreutils-5.0.new/src/chcon.c 2003-06-20 12:10:08.000000000 +0200 -@@ -0,0 +1,321 @@ + .SUFFIXES: +@@ -287,7 +290,6 @@ + + installdirs: + $(mkinstalldirs) $(DESTDIR)$(man1dir) +- + install: install-am + install-exec: install-exec-am + install-data: install-data-am +@@ -307,7 +309,7 @@ + clean-generic: + + distclean-generic: +- -rm -f Makefile $(CONFIG_CLEAN_FILES) ++ -rm -f $(CONFIG_CLEAN_FILES) + + maintainer-clean-generic: + @echo "This command is intended for maintainers to use" +@@ -318,6 +320,7 @@ + clean-am: clean-generic mostlyclean-am + + distclean: distclean-am ++ -rm -f Makefile + + distclean-am: clean-am distclean-generic + +@@ -340,6 +343,7 @@ + installcheck-am: + + maintainer-clean: maintainer-clean-am ++ -rm -f Makefile + + maintainer-clean-am: distclean-am maintainer-clean-generic + +@@ -401,7 +405,6 @@ + groups.1: $(common_dep) $(srcdir)/groups.x ../src/groups.sh + head.1: $(common_dep) $(srcdir)/head.x ../src/head.c + hostid.1: $(common_dep) $(srcdir)/hostid.x ../src/hostid.c +-hostname.1: $(common_dep) $(srcdir)/hostname.x ../src/hostname.c + id.1: $(common_dep) $(srcdir)/id.x ../src/id.c + install.1: $(common_dep) $(srcdir)/install.x ../src/install.c + join.1: $(common_dep) $(srcdir)/join.x ../src/join.c +@@ -460,6 +463,8 @@ + who.1: $(common_dep) $(srcdir)/who.x ../src/who.c + whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c + yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c ++chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c ++runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c + + # Note the use of $t/$*, rather than just `$*' as in other packages. + # That is necessary to avoid failures for programs that are also shell built-in +diff -urN coreutils-5.0.org/man/mkdir.1 coreutils-5.0/man/mkdir.1 +--- coreutils-5.0.org/man/mkdir.1 2003-12-27 12:26:28.407174440 +0100 ++++ coreutils-5.0/man/mkdir.1 2003-12-27 12:26:52.968440560 +0100 +@@ -12,6 +12,8 @@ + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT ++.TP + \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR + set permission mode (as in chmod), not rwxrwxrwx - umask + .TP +diff -urN coreutils-5.0.org/man/mkfifo.1 coreutils-5.0/man/mkfifo.1 +--- coreutils-5.0.org/man/mkfifo.1 2003-12-27 12:26:28.459166536 +0100 ++++ coreutils-5.0/man/mkfifo.1 2003-12-27 12:26:52.968440560 +0100 +@@ -12,6 +12,9 @@ + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set security context (quoted string) ++.TP + \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR + set permission mode (as in chmod), not a=rw - umask + .TP +diff -urN coreutils-5.0.org/man/mknod.1 coreutils-5.0/man/mknod.1 +--- coreutils-5.0.org/man/mknod.1 2003-12-27 12:26:28.406174592 +0100 ++++ coreutils-5.0/man/mknod.1 2003-12-27 12:26:52.969440408 +0100 +@@ -12,6 +12,9 @@ + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set security context (quoted string) ++.TP + \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR + set permission mode (as in chmod), not a=rw - umask + .TP +diff -urN coreutils-5.0.org/man/runcon.1 coreutils-5.0/man/runcon.1 +--- coreutils-5.0.org/man/runcon.1 1970-01-01 01:00:00.000000000 +0100 ++++ coreutils-5.0/man/runcon.1 2003-12-27 12:26:52.969440408 +0100 +@@ -0,0 +1,39 @@ ++.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux" ++.SH NAME ++runcon \- run command with specified security context ++.SH SYNOPSIS ++.B runcon ++[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR] ++.PP ++or ++.PP ++.B runcon ++\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR] ++.PP ++.br ++.SH DESCRIPTION ++.PP ++.\" Add any additional description here ++.PP ++Run COMMAND with current security context modified by one or more of LEVEL, ++ROLE, TYPE, and USER, or with completely-specified CONTEXT. ++.TP ++\fB\-t\fR ++change current type to the specified type ++.TP ++\fB\-l\fR ++change current level range to the specified range ++.TP ++\fB\-r\fR ++change current role to the specified role ++.TP ++\fB\-u\fR ++change current user to the specified user ++.PP ++If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified, ++the first argument is used as the complete context. Any additional ++arguments after \fICOMMAND\fR are interpreted as arguments to the ++command. ++.PP ++Note that only carefully-chosen contexts are likely to successfully ++run. +diff -urN coreutils-5.0.org/man/runcon.x coreutils-5.0/man/runcon.x +--- coreutils-5.0.org/man/runcon.x 1970-01-01 01:00:00.000000000 +0100 ++++ coreutils-5.0/man/runcon.x 2003-12-27 12:26:52.964441168 +0100 +@@ -0,0 +1,2 @@ ++[DESCRIPTION] ++.\" Add any additional description here +diff -urN coreutils-5.0.org/man/stat.1 coreutils-5.0/man/stat.1 +--- coreutils-5.0.org/man/stat.1 2003-12-27 12:26:28.458166688 +0100 ++++ coreutils-5.0/man/stat.1 2003-12-27 12:26:52.965441016 +0100 +@@ -22,6 +22,9 @@ + \fB\-t\fR, \fB\-\-terse\fR + print the information in terse form + .TP ++\fB\-Z\fR, \fB\-\-context\fR ++print security context information for SELinux if available. ++.TP + \fB\-\-help\fR + display this help and exit + .TP +@@ -42,6 +45,9 @@ + %b + Number of blocks allocated (see %B) + .TP ++%C ++SELinux security context ++.TP + %D + Device number in hex + .TP +diff -urN coreutils-5.0.org/man/vdir.1 coreutils-5.0/man/vdir.1 +--- coreutils-5.0.org/man/vdir.1 2003-12-27 12:26:28.510158784 +0100 ++++ coreutils-5.0/man/vdir.1 2003-12-27 12:26:52.967440712 +0100 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH VDIR "1" "March 2003" "vdir (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH VDIR "1" "September 2003" "vdir (coreutils) 5.0" FSF + .SH NAME + vdir \- list directory contents + .SH SYNOPSIS +@@ -195,6 +195,20 @@ + .TP + \fB\-1\fR + list one file per line ++.PP ++SELINUX options: ++.TP ++\fB\-\-lcontext\fR ++Display security context. Enable \fB\-l\fR. Lines ++will probably be too wide for most displays. ++.TP ++\fB\-\-context\fR ++Display security context so it fits on most ++displays. Displays only mode, user, group, ++security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only security context and file name. + .TP + \fB\-\-help\fR + display this help and exit +diff -urN coreutils-5.0.org/src/chcon.c coreutils-5.0/src/chcon.c +--- coreutils-5.0.org/src/chcon.c 1970-01-01 01:00:00.000000000 +0100 ++++ coreutils-5.0/src/chcon.c 2003-12-27 12:26:52.934445728 +0100 +@@ -0,0 +1,415 @@ +/* chcontext -- change security context of a pathname */ + +#include @@ -100,6 +488,7 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c +#include +#include +#include ++#include + +#include "system.h" +#include "error.h" @@ -125,8 +514,7 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + V_off +}; + -+static int change_dir_context PARAMS ((const char *dir, security_context_t context, -+ const struct stat *statp)); ++static int change_dir_context PARAMS ((const char *dir, const struct stat *statp)); + +/* The name the program was run with. */ +char *program_name; @@ -145,7 +533,13 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c +static enum Verbosity verbosity = V_off; + +/* The name of the context file is being given. */ -+static const char *contextname; ++static const char *specified_context; ++ ++/* Specific components of the context */ ++static const char *specified_user; ++static const char *specified_role; ++static const char *specified_range; ++static const char *specified_type; + +/* The argument to the --reference option. Use the context of this file. + This file must exist. */ @@ -166,6 +560,10 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + {"quiet", no_argument, 0, 'f'}, + {"reference", required_argument, 0, CHAR_MAX + 1}, + {"context", required_argument, 0, CHAR_MAX + 2}, ++ {"user", required_argument, 0, 'u'}, ++ {"role", required_argument, 0, 'r'}, ++ {"type", required_argument, 0, 't'}, ++ {"range", required_argument, 0, 'l'}, + {"verbose", no_argument, 0, 'v'}, + {"help", no_argument, &show_help, 1}, + {"version", no_argument, &show_version, 1}, @@ -176,7 +574,7 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + CHANGED describes what (if anything) has happened. */ + +static void -+describe_change (const char *file, enum Change_status changed) ++describe_change (const char *file, security_context_t newcontext, enum Change_status changed) +{ + const char *fmt; + switch (changed) @@ -193,71 +591,125 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + default: + abort (); + } -+ printf (fmt, file, contextname); ++ printf (fmt, file, newcontext); ++} ++ ++static int ++compute_context_from_mask (security_context_t context, context_t *ret) ++{ ++ context_t newcontext = context_new (context); ++ if (!newcontext) ++ return 1; ++#define SETCOMPONENT(comp) \ ++ do { \ ++ if (specified_ ## comp) \ ++ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \ ++ goto lose; \ ++ } while (0) ++ ++ SETCOMPONENT(user); ++ SETCOMPONENT(range); ++ SETCOMPONENT(role); ++ SETCOMPONENT(type); ++#undef SETCOMPONENT ++ ++ *ret = newcontext; ++ return 0; ++ lose: ++ context_free (newcontext); ++ return 1; +} + -+/* Change the context of FILE to CONTEXT. ++/* Change the context of FILE, using specified components. + If it is a directory and -R is given, recurse. + Return 0 if successful, 1 if errors occurred. */ + +static int -+change_file_context (const char *file, security_context_t context) ++change_file_context (const char *file) +{ + struct stat file_stats; + security_context_t file_context=NULL; ++ context_t context; ++ security_context_t context_string; + int errors = 0; + + if ((lgetfilecon(file, &file_context)<0) && (errno != ENODATA)) -+ + { + if (force_silent == 0) + error (0, errno, "%s", file); + return 1; + } + -+ if ((file_context==NULL) || strcmp(context,file_context)!=0) ++ /* If the file doesn't have a context, and we're not setting all of ++ the context components, there isn't really an obvious default. ++ Thus, we just give up. */ ++ if (file_context == NULL && specified_context == NULL) ++ { ++ error (0, 0, _("can't apply partial context to unlabeled file %s"), file); ++ return 1; ++ } ++ ++ if (specified_context == NULL) ++ { ++ if (compute_context_from_mask (file_context, &context)) ++ { ++ error (0, 0, _("couldn't compute security context from %s"), file_context); ++ return 1; ++ } ++ } ++ else ++ { ++ context = context_new (specified_context); ++ if (!context) ++ error (1, 0,_("invalid context: %s"),specified_context); ++ } ++ ++ context_string = context_str (context); ++ ++ if (strcmp(context_string,file_context)!=0) + { + int fail; + + if (change_symlinks) -+ fail = lsetfilecon (file, context); ++ fail = lsetfilecon (file, context_string); + else -+ fail = setfilecon (file, context); ++ fail = setfilecon (file, context_string); + + if (verbosity == V_high || (verbosity == V_changes_only && !fail)) -+ describe_change (file, (fail ? CH_FAILED : CH_SUCCEEDED)); ++ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED)); + + if (fail) + { + errors = 1; + if (force_silent == 0) + { -+ error (0, errno, "%s", file); ++ error (0, errno, _("failed to change context of %s to %s"), file, context_string); + } + } + } + else if (verbosity == V_high) + { -+ describe_change (file, CH_NO_CHANGE_REQUESTED); ++ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED); + } + ++ context_free(context); + freecon(file_context); + + if (recurse) { + if (lstat(file, &file_stats)==0) + if (S_ISDIR (file_stats.st_mode)) -+ errors |= change_dir_context (file, context, &file_stats); ++ errors |= change_dir_context (file, &file_stats); + } + return errors; +} + +/* Recursively change context of the files in directory DIR -+ to CONTEXT CONTEXT. ++ using specified context components. + STATP points to the results of lstat on DIR. + Return 0 if successful, 1 if errors occurred. */ + +static int -+change_dir_context (const char *dir, security_context_t context, const struct stat *statp) ++change_dir_context (const char *dir, const struct stat *statp) +{ + char *name_space, *namep; + char *path; /* Full path of each entry to process. */ @@ -296,7 +748,7 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + path = xrealloc (path, pathlength); + } + strcpy (path + dirlength, namep); -+ errors |= change_file_context (path, context); ++ errors |= change_file_context (path); + } + free (path); + free (name_space); @@ -313,6 +765,7 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + { + printf (_("\ +Usage: %s [OPTION]... CONTEXT FILE...\n\ ++ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\ + or: %s [OPTION]... --reference=RFILE FILE...\n\ +"), + program_name, program_name, program_name); @@ -324,6 +777,10 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + (available only on systems with lchown system call)\n\ + -f, --silent, --quiet suppress most error messages\n\ + --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\ ++ -u, --user=USER set user USER in the target security context\n\ ++ -r, --role=ROLE set role ROLE in the target security context\n\ ++ -t, --type=TYPE set type TYPE in the target security context\n\ ++ -l, --range=RANGE set range RANGE in the target security context\n\ + -R, --recursive change files and directories recursively\n\ + -v, --verbose output a diagnostic for every file processed\n\ + --help display this help and exit\n\ @@ -337,10 +794,10 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c +int +main (int argc, char **argv) +{ -+ security_context_t context = NULL; + security_context_t ref_context = NULL; + int errors = 0; + int optc; ++ int component_specified = 0; + + program_name = argv[0]; + setlocale (LC_ALL, ""); @@ -349,12 +806,28 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + + recurse = force_silent = 0; + -+ while ((optc = getopt_long (argc, argv, "Rcfhv", long_options, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1) + { + switch (optc) + { + case 0: -+ break; ++ break; ++ case 'u': ++ specified_user = optarg; ++ component_specified = 1; ++ break; ++ case 'r': ++ specified_role = optarg; ++ component_specified = 1; ++ break; ++ case 't': ++ specified_type = optarg; ++ component_specified = 1; ++ break; ++ case 'l': ++ specified_range = optarg; ++ component_specified = 1; ++ break; + case CHAR_MAX + 1: + reference_file = optarg; + break; @@ -388,24 +861,33 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + if (show_help) + usage (0); + -+ if (argc - optind + ( (reference_file || ( context > 0 ) ) ? 1 : 0) <= 1) -+ { -+ error (0, 0, _("too few arguments")); -+ usage (1); -+ } ++ ++ if (reference_file && component_specified) ++ { ++ error (0, 0, _("conflicting security context specifiers given")); ++ usage (1); ++ } ++ ++ if (!(((reference_file || component_specified) ++ && (argc - optind > 0)) ++ || (argc - optind > 1))) ++ { ++ error (0, 0, _("too few arguments")); ++ usage (1); ++ } + + if (reference_file) + { + if (getfilecon (reference_file, &ref_context)<0) + error (1, errno, "%s", reference_file); -+ -+ context = ref_context; ++ ++ specified_context = ref_context; + } -+ else { -+ context = argv[optind++]; ++ else if (!component_specified) { ++ specified_context = argv[optind++]; + } + for (; optind < argc; ++optind) -+ errors |= change_file_context (argv[optind], context); ++ errors |= change_file_context (argv[optind]); + + if (verbosity != V_off) + close_stdout (); @@ -413,55 +895,62 @@ diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c + freecon(ref_context); + exit (errors); +} -diff -Nur coreutils-5.0/src/copy.c coreutils-5.0.new/src/copy.c ---- coreutils-5.0/src/copy.c 2003-06-20 12:01:02.000000000 +0200 -+++ coreutils-5.0.new/src/copy.c 2003-06-20 12:10:08.000000000 +0200 -@@ -46,6 +46,10 @@ +diff -urN coreutils-5.0.org/src/copy.c coreutils-5.0/src/copy.c +--- coreutils-5.0.org/src/copy.c 2003-12-27 12:26:28.939093576 +0100 ++++ coreutils-5.0/src/copy.c 2003-12-27 12:26:52.935445576 +0100 +@@ -46,6 +46,11 @@ #include "same.h" #include "xreadlink.h" +#ifdef WITH_SELINUX +#include /* for is_selinux_enabled() */ ++extern int selinux_enabled; +#endif + #define DO_CHOWN(Chown, File, New_uid, New_gid) \ (Chown (File, New_uid, New_gid) \ /* If non-root uses -p, it's ok if we can't preserve ownership. \ -@@ -1233,6 +1237,26 @@ +@@ -1233,6 +1238,32 @@ In such cases, set this variable to zero. */ preserve_metadata = 1; +#ifdef WITH_SELINUX -+ if (x->preserve_security_context) ++ if (x->preserve_security_context && selinux_enabled) + { + security_context_t con; + -+ if (lgetfilecon (src_path, &con) < 0) ++ if (lgetfilecon (src_path, &con) >= 0) + { ++ if (setfscreatecon(con) < 0) ++ { ++ freecon(con); ++ error (0, errno, _("cannot set setfscreatecon %s"), quote (con)); ++ return 1; ++ } ++ freecon(con); ++ } ++ else { ++ if ( errno == ENOTSUP ) { ++ error (0, errno, _("warning: security context not preserved %s"), quote (src_path)); ++ } else { + error (0, errno, _("cannot lgetfilecon %s"), quote (src_path)); + return 1; + } -+ if (setfscreatecon(con) < 0) -+ { -+ freecon(con); -+ error (0, errno, _("cannot set setfscreatecon %s"), quote (con)); -+ return 1; + } -+ freecon(con); + } +#endif + if (S_ISDIR (src_mode)) { struct dir_list *dir; -@@ -1302,8 +1326,13 @@ +@@ -1302,8 +1333,13 @@ } /* Are we crossing a file system boundary? */ - if (x->one_file_system && device != 0 && device != src_sb.st_dev) + if (x->one_file_system && device != 0 && device != src_sb.st_dev) { +#ifdef WITH_SELINUX -+ if (x->preserve_security_context) ++ if (x->preserve_security_context && selinux_enabled) + setfscreatecon(NULL); +#endif return 0; @@ -469,19 +958,19 @@ diff -Nur coreutils-5.0/src/copy.c coreutils-5.0.new/src/copy.c /* Copy the contents of the directory. */ -@@ -1442,6 +1471,11 @@ +@@ -1442,6 +1478,11 @@ } } +#ifdef WITH_SELINUX -+ if (x->preserve_security_context) ++ if (x->preserve_security_context && selinux_enabled) + setfscreatecon(NULL); +#endif + /* There's no need to preserve timestamps or permissions. */ preserve_metadata = 0; -@@ -1474,7 +1508,7 @@ +@@ -1474,7 +1515,7 @@ if (command_line_arg) record_file (x->dest_info, dst_path, NULL); @@ -490,21 +979,21 @@ diff -Nur coreutils-5.0/src/copy.c coreutils-5.0.new/src/copy.c return 0; /* POSIX says that `cp -p' must restore the following: -@@ -1576,6 +1610,11 @@ +@@ -1576,6 +1617,11 @@ un_backup: +#ifdef WITH_SELINUX -+ if (x->preserve_security_context) ++ if (x->preserve_security_context && selinux_enabled) + setfscreatecon(NULL); +#endif + /* We have failed to create the destination file. If we've just added a dev/ino entry via the remember_copied call above (i.e., unless we've just failed to create a hard link), -diff -Nur coreutils-5.0/src/copy.h coreutils-5.0.new/src/copy.h ---- coreutils-5.0/src/copy.h 2003-06-20 12:01:02.000000000 +0200 -+++ coreutils-5.0.new/src/copy.h 2003-06-20 12:10:08.000000000 +0200 +diff -urN coreutils-5.0.org/src/copy.h coreutils-5.0/src/copy.h +--- coreutils-5.0.org/src/copy.h 2003-12-27 12:26:28.948092208 +0100 ++++ coreutils-5.0/src/copy.h 2003-12-27 12:26:52.937445272 +0100 @@ -105,6 +105,9 @@ int preserve_ownership; int preserve_mode; @@ -515,31 +1004,32 @@ diff -Nur coreutils-5.0/src/copy.h coreutils-5.0.new/src/copy.h /* Enabled for mv, and for cp by the --preserve=links option. If nonzero, attempt to preserve in the destination files any -diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c ---- coreutils-5.0/src/cp.c 2003-06-20 12:01:02.000000000 +0200 -+++ coreutils-5.0.new/src/cp.c 2003-06-20 12:10:08.000000000 +0200 -@@ -52,6 +52,10 @@ +diff -urN coreutils-5.0.org/src/cp.c coreutils-5.0/src/cp.c +--- coreutils-5.0.org/src/cp.c 2003-12-27 12:26:28.939093576 +0100 ++++ coreutils-5.0/src/cp.c 2003-12-27 12:26:52.938445120 +0100 +@@ -52,6 +52,11 @@ #define AUTHORS N_ ("Torbjorn Granlund, David MacKenzie, and Jim Meyering") +#ifdef WITH_SELINUX +#include /* for is_selinux_enabled() */ ++int selinux_enabled=0; +#endif + #ifndef _POSIX_VERSION uid_t geteuid (); #endif -@@ -149,6 +153,9 @@ +@@ -149,6 +154,9 @@ {"update", no_argument, NULL, 'u'}, {"verbose", no_argument, NULL, 'v'}, {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */ +#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'X'}, ++ {"context", required_argument, NULL, 'Z'}, +#endif {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, {NULL, 0, NULL, 0} -@@ -198,6 +205,9 @@ +@@ -198,6 +206,9 @@ additional attributes: links, all\n\ "), stdout); fputs (_("\ @@ -549,15 +1039,15 @@ diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ --parents append source path to DIRECTORY\n\ -P same as `--no-dereference'\n\ -@@ -225,6 +235,7 @@ +@@ -225,6 +236,7 @@ destination file is missing\n\ -v, --verbose explain what is being done\n\ -x, --one-file-system stay on this file system\n\ -+ -X, --context=CONTEXT set security context of copy to CONTEXT\n\ ++ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); -@@ -756,8 +767,8 @@ +@@ -756,8 +768,8 @@ { new_dest = (char *) dest; } @@ -568,7 +1058,7 @@ diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c } /* unreachable */ -@@ -781,6 +792,10 @@ +@@ -781,6 +793,10 @@ x->preserve_mode = 0; x->preserve_timestamps = 0; @@ -579,7 +1069,7 @@ diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c x->require_preserve = 0; x->recursive = 0; x->sparse_mode = SPARSE_AUTO; -@@ -808,19 +823,20 @@ +@@ -808,19 +824,20 @@ PRESERVE_TIMESTAMPS, PRESERVE_OWNERSHIP, PRESERVE_LINK, @@ -602,7 +1092,7 @@ diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c }; char *arg_writable = xstrdup (arg); -@@ -855,11 +871,16 @@ +@@ -855,11 +872,16 @@ x->preserve_links = on_off; break; @@ -619,30 +1109,30 @@ diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c break; default: -@@ -882,6 +903,10 @@ +@@ -882,6 +904,10 @@ struct cp_options x; int copy_contents = 0; char *target_directory = NULL; +#ifdef WITH_SELINUX + security_context_t scontext = NULL; -+ int is_selinux_enabled_flag= is_selinux_enabled(); ++ selinux_enabled= is_selinux_enabled(); +#endif program_name = argv[0]; setlocale (LC_ALL, ""); -@@ -896,7 +921,11 @@ +@@ -896,7 +922,11 @@ we'll actually use backup_suffix_string. */ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); +#ifdef WITH_SELINUX -+ while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:X:Z:", long_opts, NULL)) ++ while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:Z:", long_opts, NULL)) +#else while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL)) +#endif != -1) { switch (c) -@@ -987,6 +1016,36 @@ +@@ -987,6 +1017,36 @@ x.preserve_timestamps = 1; x.require_preserve = 1; break; @@ -652,14 +1142,14 @@ diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c + (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext); + exit( 1 ); + } -+ else if (is_selinux_enabled_flag) ++ else if (selinux_enabled) + x.preserve_security_context = 1; + break; + -+ case 'X': ++ case 'Z': + /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !is_selinux_enabled_flag ) { -+ fprintf( stderr, "Warning: ignoring --context (-X). " ++ if( !selinux_enabled ) { ++ fprintf( stderr, "Warning: ignoring --context (-Z). " + "It requires a SELinux enabled kernel.\n" ); + break; + } @@ -679,9 +1169,9 @@ diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c case PARENTS_OPTION: flag_path = 1; -diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c ---- coreutils-5.0/src/id.c 2003-03-27 23:39:46.000000000 +0100 -+++ coreutils-5.0.new/src/id.c 2003-06-20 12:10:08.000000000 +0200 +diff -urN coreutils-5.0.org/src/id.c coreutils-5.0/src/id.c +--- coreutils-5.0.org/src/id.c 2003-12-27 12:26:28.951091752 +0100 ++++ coreutils-5.0/src/id.c 2003-12-27 12:26:52.939444968 +0100 @@ -46,6 +46,20 @@ int getugroups (); @@ -696,7 +1186,7 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c + printf ("%s", context); +} + -+/* If nonzero, output only the SELinux context. -c */ ++/* If nonzero, output only the SELinux context. -Z */ +static int just_context = 0; + +#endif @@ -714,7 +1204,7 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c + static struct option const longopts[] = { -+ {"context", no_argument, NULL, 'c'}, ++ {"context", no_argument, NULL, 'Z'}, {"group", no_argument, NULL, 'g'}, {"groups", no_argument, NULL, 'G'}, {"name", no_argument, NULL, 'n'}, @@ -722,7 +1212,7 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c Print information for USERNAME, or the current user.\n\ \n\ -a ignore, for compatibility with other versions\n\ -+ -c, --context print only the context\n\ ++ -Z, --context print only the context\n\ -g, --group print only the effective group ID\n\ -G, --groups print all group IDs\n\ -n, --name print a name instead of a number, for -ugG\n\ @@ -730,7 +1220,7 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c main (int argc, char **argv) { int optc; -+ int is_selinux_enabled_flag=is_selinux_enabled(); ++ int selinux_enabled=is_selinux_enabled(); /* If nonzero, output the list of all group IDs. -G */ int just_group_list = 0; @@ -739,7 +1229,7 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c atexit (close_stdout); - while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1) -+ while ((optc = getopt_long (argc, argv, "acgnrsuG", longopts, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1) { switch (optc) { @@ -748,10 +1238,10 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c /* Ignore -a, for compatibility with SVR4. */ break; +#ifdef WITH_SELINUX -+ case 'c': ++ case 'Z': + /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !is_selinux_enabled_flag ) { -+ fprintf( stderr, "Sorry, --context (-c) can be used only on " ++ if( !selinux_enabled ) { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " + "a selinux-enabled kernel.\n" ); + exit( 1 ); + } @@ -769,9 +1259,9 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c - error (EXIT_FAILURE, 0, _("cannot print only user and only group")); +#ifdef WITH_SELINUX + if (argc - optind == 1) -+ is_selinux_enabled_flag = 0; ++ selinux_enabled = 0; + -+ if( just_context && !is_selinux_enabled_flag) ++ if( just_context && !selinux_enabled) + error (1, 0, _("\ +cannot display context when selinux not enabled or when displaying the id\n\ +of a different user")); @@ -780,7 +1270,7 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c + * Otherwise, leave the context variable alone - it has * + * been initialized known invalid value; if we see this invalid * + * value later, we will know we are on a non-selinux kernel. */ -+ if( is_selinux_enabled_flag ) ++ if( selinux_enabled ) + { + if (getcon(&context)) + error (1, 0, "can't get process context"); @@ -813,26 +1303,27 @@ diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c + } +#endif } -diff -Nur coreutils-5.0/src/install.c coreutils-5.0.new/src/install.c ---- coreutils-5.0/src/install.c 2003-06-20 12:01:02.000000000 +0200 -+++ coreutils-5.0.new/src/install.c 2003-06-20 12:10:08.000000000 +0200 -@@ -50,6 +50,10 @@ +diff -urN coreutils-5.0.org/src/install.c coreutils-5.0/src/install.c +--- coreutils-5.0.org/src/install.c 2003-12-27 12:26:28.932094640 +0100 ++++ coreutils-5.0/src/install.c 2003-12-27 12:26:52.941444664 +0100 +@@ -50,6 +50,11 @@ # include #endif +#ifdef WITH_SELINUX +#include /* for is_selinux_enabled() */ ++int selinux_enabled=0; +#endif + struct passwd *getpwnam (); struct group *getgrnam (); -@@ -126,11 +130,17 @@ +@@ -126,11 +131,17 @@ static struct option const long_options[] = { {"backup", optional_argument, NULL, 'b'}, +#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'X'}, ++ {"context", required_argument, NULL, 'Z'}, +#endif {"directory", no_argument, NULL, 'd'}, {"group", required_argument, NULL, 'g'}, @@ -845,7 +1336,7 @@ diff -Nur coreutils-5.0/src/install.c coreutils-5.0.new/src/install.c {"strip", no_argument, NULL, 's'}, {"suffix", required_argument, NULL, 'S'}, {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */ -@@ -247,6 +257,9 @@ +@@ -247,6 +258,9 @@ x->update = 0; x->verbose = 0; @@ -855,38 +1346,38 @@ diff -Nur coreutils-5.0/src/install.c coreutils-5.0.new/src/install.c x->xstat = stat; x->dest_info = NULL; x->src_info = NULL; -@@ -265,6 +278,11 @@ +@@ -265,6 +279,11 @@ struct cp_options x; int n_files; char **file; +#ifdef WITH_SELINUX + security_context_t scontext = NULL; + /* set iff kernel has extra selinux system calls */ -+ int is_selinux_enabled_flag = is_selinux_enabled(); ++ selinux_enabled = is_selinux_enabled(); +#endif program_name = argv[0]; setlocale (LC_ALL, ""); -@@ -285,7 +303,11 @@ +@@ -285,7 +304,11 @@ we'll actually use backup_suffix_string. */ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); +#ifdef WITH_SELINUX -+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPX:vV:S:Z:", long_options, ++ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPvV:S:Z:", long_options, +#else while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pvV:S:", long_options, +#endif NULL)) != -1) { switch (optc) -@@ -338,6 +360,39 @@ +@@ -338,6 +361,39 @@ make_backups = 1; backup_suffix_string = optarg; break; +#ifdef WITH_SELINUX + case 'P': + /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !is_selinux_enabled_flag ) { ++ if( !selinux_enabled ) { + fprintf( stderr, "Warning: ignoring --preserve_context (-P) " + "because the kernel is not selinux-enabled.\n" ); + break; @@ -897,10 +1388,10 @@ diff -Nur coreutils-5.0/src/install.c coreutils-5.0.new/src/install.c + } + x.preserve_security_context = 1; + break ; -+ case 'X': ++ case 'Z': + /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !is_selinux_enabled_flag ) { -+ fprintf( stderr, "Warning: ignoring --context (-X) " ++ if( !selinux_enabled) { ++ fprintf( stderr, "Warning: ignoring --context (-Z) " + "because the kernel is not selinux-enabled.\n" ); + break; + } @@ -919,35 +1410,41 @@ diff -Nur coreutils-5.0/src/install.c coreutils-5.0.new/src/install.c case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); default: -@@ -721,6 +776,11 @@ +@@ -721,6 +777,11 @@ -S, --suffix=SUFFIX override the usual backup suffix\n\ -v, --verbose print the name of each directory as it is created\n\ "), stdout); + fputs (_("\ -+ -P, --preserve_context (Selinux) Preserve security context\n\ -+ -X, --context=CONTEXT (Selinux) Set security context of files and directories\n\ ++ -P, --preserve_context (SELinux) Preserve security context\n\ ++ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\ +"), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); fputs (_("\ -diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c ---- coreutils-5.0/src/ls.c 2003-06-20 12:01:02.000000000 +0200 -+++ coreutils-5.0.new/src/ls.c 2003-06-20 12:10:08.000000000 +0200 -@@ -130,6 +130,12 @@ +diff -urN coreutils-5.0.org/src/ls.c coreutils-5.0/src/ls.c +--- coreutils-5.0.org/src/ls.c 2003-12-27 12:26:28.947092360 +0100 ++++ coreutils-5.0/src/ls.c 2003-12-27 12:42:14.887287592 +0100 +@@ -130,6 +130,18 @@ #define AUTHORS N_ ("Richard Stallman and David MacKenzie") +#ifdef WITH_SELINUX +#include -+int is_selinux_enabled_flag= 0; ++int selinux_enabled= 0; +static int print_scontext = 0; ++#define check_selinux() if (!selinux_enabled) { \ ++ fprintf( stderr, "Sorry, this option can only be used " \ ++ "on a SELinux kernel.\n" ); \ ++ exit( EXIT_FAILURE ); \ ++} ++ +#endif + #define obstack_chunk_alloc malloc #define obstack_chunk_free free -@@ -227,6 +233,10 @@ +@@ -227,6 +239,10 @@ /* For long listings, true if the file has an access control list. */ bool have_acl; #endif @@ -958,7 +1455,7 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c }; #if HAVE_ACL || USE_ACL -@@ -290,6 +300,9 @@ +@@ -290,6 +306,9 @@ static void sort_files (void); static void parse_ls_color (void); void usage (int status); @@ -968,21 +1465,19 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c /* The name the program was run with, stripped of any leading path. */ char *program_name; -@@ -379,7 +392,12 @@ +@@ -379,7 +398,10 @@ one_per_line, /* -1 */ many_per_line, /* -C */ horizontal, /* -x */ - with_commas /* -m */ +#ifdef WITH_SELINUX -+ with_commas, /* -m */ -+ security_format -+#else -+ with_commas /* -m */ ++ security_format, /* -Z */ +#endif ++ with_commas /* -m */ }; static enum format format; -@@ -700,6 +718,11 @@ +@@ -700,6 +722,11 @@ SHOW_CONTROL_CHARS_OPTION, SI_OPTION, SORT_OPTION, @@ -994,7 +1489,7 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c TIME_OPTION, TIME_STYLE_OPTION }; -@@ -743,6 +766,11 @@ +@@ -743,6 +770,11 @@ {"time-style", required_argument, 0, TIME_STYLE_OPTION}, {"color", optional_argument, 0, COLOR_OPTION}, {"block-size", required_argument, 0, BLOCK_SIZE_OPTION}, @@ -1006,7 +1501,7 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c {"author", no_argument, 0, AUTHOR_OPTION}, {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, -@@ -752,12 +780,19 @@ +@@ -752,12 +784,19 @@ static char const *const format_args[] = { "verbose", "long", "commas", "horizontal", "across", @@ -1027,7 +1522,7 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c many_per_line, one_per_line }; -@@ -1121,6 +1156,9 @@ +@@ -1121,6 +1160,9 @@ format_needs_stat = sort_type == sort_time || sort_type == sort_size || format == long_format @@ -1037,19 +1532,19 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c || dereference == DEREF_ALWAYS || print_block_size || print_inode; format_needs_type = (format_needs_stat == 0 -@@ -1243,6 +1281,11 @@ +@@ -1243,6 +1285,11 @@ /* Record whether there is an option specifying sort type. */ int sort_type_specified = 0; +#ifdef WITH_SELINUX + /* 1 iff kernel has new selinux system calls */ -+ is_selinux_enabled_flag= is_selinux_enabled(); ++ selinux_enabled= is_selinux_enabled(); +#endif + qmark_funny_chars = 0; /* initialize all switches to default settings */ -@@ -1293,6 +1336,9 @@ +@@ -1293,6 +1340,9 @@ all_files = 0; really_all_files = 0; ignore_patterns = 0; @@ -1059,18 +1554,35 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c /* FIXME: put this in a function. */ { -@@ -1656,6 +1702,31 @@ +@@ -1370,7 +1420,7 @@ + } + + while ((c = getopt_long (argc, argv, +- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1", ++ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z", + long_options, NULL)) != -1) + { + switch (c) +@@ -1490,6 +1540,13 @@ + format = horizontal; + break; + ++#ifdef WITH_SELINUX ++ case 'Z': ++ check_selinux(); ++ print_scontext = 1; ++ format = security_format; ++ break; ++#endif + case 'A': + really_all_files = 0; + all_files = 1; +@@ -1657,6 +1714,25 @@ case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); +#ifdef WITH_SELINUX + -+#define check_selinux() if (!is_selinux_enabled_flag) { \ -+ fprintf( stderr, "Sorry, this option can only be used " \ -+ "on a SELinux kernel.\n" ); \ -+ exit( EXIT_FAILURE ); \ -+} -+ + case CONTEXT_OPTION: /* new security format */ + check_selinux(); + print_scontext = 1; @@ -1091,43 +1603,54 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c default: usage (EXIT_FAILURE); } -@@ -2301,6 +2372,10 @@ +@@ -2308,6 +2384,12 @@ free (files[i].name); if (files[i].linkname) free (files[i].linkname); +#ifdef WITH_SELINUX -+ if (files[i].scontext) ++ if (files[i].scontext) { + freecon (files[i].scontext); ++ files[i].scontext=NULL; ++ } +#endif } files_index = 0; -@@ -2372,6 +2447,11 @@ +@@ -2334,6 +2416,9 @@ + files[files_index].linkname = 0; + files[files_index].linkmode = 0; + files[files_index].linkok = 0; ++#ifdef WITH_SELINUX ++ files[files_index].scontext = NULL; ++#endif + + if (explicit_arg + || format_needs_stat +@@ -2379,6 +2464,11 @@ { int need_lstat; err = stat (path, &files[files_index].stat); +#ifdef WITH_SELINUX -+ if (err>=0) -+ if (is_selinux_enabled_flag) -+ getfilecon(path, &files[files_index].scontext); ++ if (err>=0) ++ if (selinux_enabled && (format == security_format || print_scontext)) ++ getfilecon(path, &files[files_index].scontext); +#endif if (dereference == DEREF_COMMAND_LINE_ARGUMENTS) break; -@@ -2390,6 +2470,12 @@ +@@ -2397,6 +2487,11 @@ default: /* DEREF_NEVER */ err = lstat (path, &files[files_index].stat); +#ifdef WITH_SELINUX -+ if (err>=0) -+ if (is_selinux_enabled_flag) -+ lgetfilecon(path, &files[files_index].scontext); ++ if (err>=0) ++ if (selinux_enabled && (format == security_format || print_scontext)) ++ lgetfilecon(path, &files[files_index].scontext); +#endif -+ break; } -@@ -2819,6 +2905,16 @@ +@@ -2825,6 +2920,16 @@ DIRED_PUTCHAR ('\n'); } break; @@ -1144,7 +1667,7 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c } } -@@ -3082,6 +3178,14 @@ +@@ -3088,6 +3193,14 @@ p += strlen (p); } @@ -1159,7 +1682,7 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c DIRED_INDENT (); DIRED_FPUTS (buf, stdout, p - buf); print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok, -@@ -3874,6 +3978,16 @@ +@@ -3883,6 +3996,16 @@ -X sort alphabetically by entry extension\n\ -1 list one file per line\n\ "), stdout); @@ -1176,7 +1699,7 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); fputs (_("\n\ -@@ -3892,3 +4006,79 @@ +@@ -3901,3 +4024,79 @@ } exit (status); } @@ -1256,9 +1779,52 @@ diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c + } +} +#endif -diff -Nur coreutils-5.0/src/mkdir.c coreutils-5.0.new/src/mkdir.c ---- coreutils-5.0/src/mkdir.c 2002-09-23 09:35:27.000000000 +0200 -+++ coreutils-5.0.new/src/mkdir.c 2003-06-20 12:10:08.000000000 +0200 +diff -urN coreutils-5.0.org/src/Makefile.am coreutils-5.0/src/Makefile.am +--- coreutils-5.0.org/src/Makefile.am 2003-12-27 12:26:28.928095248 +0100 ++++ coreutils-5.0/src/Makefile.am 2003-12-27 12:37:59.212156120 +0100 +@@ -4,13 +4,13 @@ + EXTRA_SCRIPTS = nohup + + bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@ +-bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \ ++bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \ + ginstall link ln dir vdir ls mkdir \ + mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \ + cat cksum comm csplit cut expand fmt fold head join md5sum \ + nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \ + basename date dirname echo env expr factor false getgid \ +- hostname id kill logname pathchk printenv printf pwd seq sleep tee \ ++ hostname id kill logname pathchk printenv printf runcon pwd seq sleep tee \ + test true tty whoami yes \ + @OPTIONAL_BIN_PROGS@ @DF_PROG@ + +@@ -34,10 +34,20 @@ + # replacement functions defined in libfetish.a. + LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a + +-dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ +-ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ ++dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@ ++ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@ + shred_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ +-vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ ++vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@ ++cp_LDADD = $(LDADD) @LIB_SELINUX@ ++ginstall_LDADD = $(LDADD) @LIB_SELINUX@ ++mv_LDADD = $(LDADD) @LIB_SELINUX@ ++chcon_LDADD = $(LDADD) @LIB_SELINUX@ ++id_LDADD = $(LDADD) @LIB_SELINUX@ ++mkdir_LDADD = $(LDADD) @LIB_SELINUX@ ++mkfifo_LDADD = $(LDADD) @LIB_SELINUX@ ++mknod_LDADD = $(LDADD) @LIB_SELINUX@ ++stat_LDADD = $(LDADD) @LIB_SELINUX@ ++runcon_LDADD = $(LDADD) @LIB_SELINUX@ + + ## If necessary, add -lm to resolve use of pow in lib/strtod.c. + sort_LDADD = $(LDADD) @POW_LIB@ +diff -urN coreutils-5.0.org/src/mkdir.c coreutils-5.0/src/mkdir.c +--- coreutils-5.0.org/src/mkdir.c 2003-12-27 12:26:28.950091904 +0100 ++++ coreutils-5.0/src/mkdir.c 2003-12-27 12:26:52.958442080 +0100 @@ -34,6 +34,10 @@ #define AUTHORS "David MacKenzie" @@ -1275,7 +1841,7 @@ diff -Nur coreutils-5.0/src/mkdir.c coreutils-5.0.new/src/mkdir.c static struct option const longopts[] = { +#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'c'}, ++ {"context", required_argument, NULL, 'Z'}, +#endif {"mode", required_argument, NULL, 'm'}, {"parents", no_argument, NULL, 'p'}, @@ -1286,7 +1852,7 @@ diff -Nur coreutils-5.0/src/mkdir.c coreutils-5.0.new/src/mkdir.c "), stdout); +#ifdef WITH_SELINUX + printf (_("\ -+ -c, --context=CONTEXT (Selinux) set security context to CONTEXT\n\ ++ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\ +")); +#endif fputs (_("\ @@ -1297,7 +1863,7 @@ diff -Nur coreutils-5.0/src/mkdir.c coreutils-5.0.new/src/mkdir.c create_parents = 0; +#ifdef WITH_SELINUX -+ while ((optc = getopt_long (argc, argv, "pm:s:c:v", longopts, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1) +#else while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1) +#endif @@ -1309,10 +1875,10 @@ diff -Nur coreutils-5.0/src/mkdir.c coreutils-5.0.new/src/mkdir.c verbose_fmt_string = _("created directory %s"); break; +#ifdef WITH_SELINUX -+ case 'c': ++ case 'Z': + /* politely decline if we're not on a selinux-enabled kernel. */ + if( !is_selinux_enabled()) { -+ fprintf( stderr, "Sorry, --context (-c) can be used only on " ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " + "a selinux-enabled kernel.\n" ); + exit( 1 ); + } @@ -1325,9 +1891,9 @@ diff -Nur coreutils-5.0/src/mkdir.c coreutils-5.0.new/src/mkdir.c case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); default: -diff -Nur coreutils-5.0/src/mkfifo.c coreutils-5.0.new/src/mkfifo.c ---- coreutils-5.0/src/mkfifo.c 2002-08-31 09:29:21.000000000 +0200 -+++ coreutils-5.0.new/src/mkfifo.c 2003-06-20 12:10:08.000000000 +0200 +diff -urN coreutils-5.0.org/src/mkfifo.c coreutils-5.0/src/mkfifo.c +--- coreutils-5.0.org/src/mkfifo.c 2003-12-27 12:26:28.933094488 +0100 ++++ coreutils-5.0/src/mkfifo.c 2003-12-27 12:26:52.958442080 +0100 @@ -32,11 +32,18 @@ #define AUTHORS "David MacKenzie" @@ -1342,7 +1908,7 @@ diff -Nur coreutils-5.0/src/mkfifo.c coreutils-5.0.new/src/mkfifo.c static struct option const longopts[] = { +#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'c'}, ++ {"context", required_argument, NULL, 'Z'}, +#endif {"mode", required_argument, NULL, 'm'}, {GETOPT_HELP_OPTION_DECL}, @@ -1353,7 +1919,7 @@ diff -Nur coreutils-5.0/src/mkfifo.c coreutils-5.0.new/src/mkfifo.c "), stdout); +#ifdef WITH_SELINUX + printf (_("\ -+ -c, --context=CONTEXT set security context (quoted string)\n\ ++ -Z, --context=CONTEXT set security context (quoted string)\n\ +"), stdout); +#endif fputs (_("\ @@ -1364,7 +1930,7 @@ diff -Nur coreutils-5.0/src/mkfifo.c coreutils-5.0.new/src/mkfifo.c error (4, 0, _("fifo files not supported")); #else +#ifdef WITH_SELINUX -+ while ((optc = getopt_long (argc, argv, "m:c:", longopts, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1) +#else while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1) +#endif @@ -1376,9 +1942,9 @@ diff -Nur coreutils-5.0/src/mkfifo.c coreutils-5.0.new/src/mkfifo.c specified_mode = optarg; break; +#ifdef WITH_SELINUX -+ case 'c': ++ case 'Z': + if( !is_selinux_enabled()) { -+ fprintf( stderr, "Sorry, --context (-c) can be used only on " ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " + "a selinux-enabled kernel.\n" ); + exit( 1 ); + } @@ -1391,9 +1957,9 @@ diff -Nur coreutils-5.0/src/mkfifo.c coreutils-5.0.new/src/mkfifo.c case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); default: -diff -Nur coreutils-5.0/src/mknod.c coreutils-5.0.new/src/mknod.c ---- coreutils-5.0/src/mknod.c 2002-12-14 15:14:59.000000000 +0100 -+++ coreutils-5.0.new/src/mknod.c 2003-06-20 12:10:08.000000000 +0200 +diff -urN coreutils-5.0.org/src/mknod.c coreutils-5.0/src/mknod.c +--- coreutils-5.0.org/src/mknod.c 2003-12-27 12:26:28.936094032 +0100 ++++ coreutils-5.0/src/mknod.c 2003-12-27 12:26:52.959441928 +0100 @@ -36,8 +36,15 @@ /* The name this program was run with. */ char *program_name; @@ -1405,7 +1971,7 @@ diff -Nur coreutils-5.0/src/mknod.c coreutils-5.0.new/src/mknod.c static struct option const longopts[] = { +#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'c'}, ++ {"context", required_argument, NULL, 'Z'}, +#endif {"mode", required_argument, NULL, 'm'}, {GETOPT_HELP_OPTION_DECL}, @@ -1416,7 +1982,7 @@ diff -Nur coreutils-5.0/src/mknod.c coreutils-5.0.new/src/mknod.c "), stdout); +#ifdef WITH_SELINUX + fputs(_("\ -+ -c, --context=CONTEXT set security context (quoted string)\n\ ++ -Z, --context=CONTEXT set security context (quoted string)\n\ +"), stdout); +#endif fputs (_("\ @@ -1427,7 +1993,7 @@ diff -Nur coreutils-5.0/src/mknod.c coreutils-5.0.new/src/mknod.c specified_mode = NULL; +#ifdef WITH_SELINUX -+ while ((optc = getopt_long (argc, argv, "m:s:c:", longopts, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1) +#else while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1) +#endif @@ -1439,10 +2005,10 @@ diff -Nur coreutils-5.0/src/mknod.c coreutils-5.0.new/src/mknod.c specified_mode = optarg; break; +#ifdef WITH_SELINUX -+ case 'c': ++ case 'Z': + /* politely decline if we're not on a selinux-enabled kernel. */ + if( !is_selinux_enabled()) { -+ fprintf( stderr, "Sorry, --context (-c) can be used only on " ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " + "a selinux-enabled kernel.\n" ); + exit( 1 ); + } @@ -1455,72 +2021,36 @@ diff -Nur coreutils-5.0/src/mknod.c coreutils-5.0.new/src/mknod.c case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); default: -diff -Nur coreutils-5.0/src/mv.c coreutils-5.0.new/src/mv.c ---- coreutils-5.0/src/mv.c 2003-06-20 12:01:02.000000000 +0200 -+++ coreutils-5.0.new/src/mv.c 2003-06-20 12:10:08.000000000 +0200 -@@ -37,6 +37,9 @@ - #include "path-concat.h" +diff -urN coreutils-5.0.org/src/mv.c coreutils-5.0/src/mv.c +--- coreutils-5.0.org/src/mv.c 2003-12-27 12:26:28.941093272 +0100 ++++ coreutils-5.0/src/mv.c 2003-12-27 12:26:52.962441472 +0100 +@@ -38,6 +38,11 @@ #include "quote.h" #include "remove.h" + +#ifdef WITH_SELINUX -+#include /* for is_selinux_enabled() */ ++#include /* for is_selinux_enabled() */ ++int selinux_enabled=0; +#endif - ++ /* The official name of this program (e.g., no `g' prefix). */ #define PROGRAM_NAME "mv" -@@ -139,6 +142,9 @@ - x->update = 0; - x->verbose = 0; -+#ifdef WITH_SELINUX -+ x->preserve_security_context = 0; -+#endif - x->xstat = lstat; - x->dest_info = NULL; - x->src_info = NULL; -@@ -324,6 +330,10 @@ - equivalent to --reply=query\n\ - "), stdout); - fputs (_("\ -+ -c preserve security context when source and\n\ -+ destination are on different file systems\n\ -+"), stdout); -+ fputs (_("\ - --reply={yes,no,query} specify how to handle the prompt about an\n\ - existing destination file\n\ - --strip-trailing-slashes remove any trailing slashes from each SOURCE\n\ -@@ -387,7 +397,11 @@ +@@ -381,6 +386,10 @@ - errors = 0; + cp_option_init (&x); +#ifdef WITH_SELINUX -+ while ((c = getopt_long (argc, argv, "bcfiuvS:V:", long_options, NULL)) != -1) -+#else - while ((c = getopt_long (argc, argv, "bfiuvS:V:", long_options, NULL)) != -1) ++ selinux_enabled= is_selinux_enabled(); +#endif - { - switch (c) - { -@@ -406,6 +420,15 @@ - if (optarg) - version_control_string = optarg; - break; -+#ifdef WITH_SELINUX -+ case 'c': -+ if (is_selinux_enabled()) -+ x.preserve_security_context = 1; -+ else -+ fprintf( stderr, "Warning: ignoring -c. " -+ "It requires a SELinux enabled kernel.\n" ); -+ break; -+#endif - case 'f': - x.interactive = I_ALWAYS_YES; - break; -diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c ---- coreutils-5.0/src/runcon.c 1970-01-01 01:00:00.000000000 +0100 -+++ coreutils-5.0.new/src/runcon.c 2003-06-20 12:10:08.000000000 +0200 -@@ -0,0 +1,169 @@ ++ + /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless + we'll actually use backup_suffix_string. */ + backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); +diff -urN coreutils-5.0.org/src/runcon.c coreutils-5.0/src/runcon.c +--- coreutils-5.0.org/src/runcon.c 1970-01-01 01:00:00.000000000 +0100 ++++ coreutils-5.0/src/runcon.c 2003-12-27 12:26:52.959441928 +0100 +@@ -0,0 +1,174 @@ +/* + * runcon [ context | + * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] ) @@ -1546,12 +2076,14 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c + * 4 N error + */ + ++#include +#include +#include +#include +#include +#include +#include ++#include "system.h" +extern int errno; + +/* The name the program was run with. */ @@ -1560,14 +2092,14 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c +void +usage(char *str) +{ -+ printf("Usage: %s [OPTION]... command [args]\n" ++ printf(_("Usage: %s [OPTION]... command [args]\n" + "Run a program in a different security context.\n\n" + " context Complete security context\n" + " -t type (for same role as parent)\n" + " -u user identity\n" + " -r role\n" + " -l levelrange\n" -+ " --help display this help and exit\n", ++ " --help display this help and exit\n"), + program_name); + exit(1); +} @@ -1585,6 +2117,9 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c + context_t con; + + program_name = argv[0]; ++ setlocale (LC_ALL, ""); ++ bindtextdomain (PACKAGE, LOCALEDIR); ++ textdomain (PACKAGE); + + while (1) { + int c; @@ -1605,34 +2140,34 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c + switch ( c ) { + case 'r': + if ( role ) { -+ fprintf(stderr,"multiple roles\n"); ++ fprintf(stderr,_("multiple roles\n")); + exit(1); + } + role = optarg; + break; + case 't': + if ( type ) { -+ fprintf(stderr,"multiple types\n"); ++ fprintf(stderr,_("multiple types\n")); + exit(1); + } + type = optarg; + break; + case 'u': + if ( user ) { -+ fprintf(stderr,"multiple users\n"); ++ fprintf(stderr,_("multiple users\n")); + exit(1); + } + user = optarg; + break; + case 'l': + if ( range ) { -+ fprintf(stderr,"multiple levelranges\n"); ++ fprintf(stderr,_("multiple levelranges\n")); + exit(1); + } + range = optarg; + break; + default: -+ fprintf(stderr,"unrecognised option %c\n",c); ++ fprintf(stderr,_("unrecognised option %c\n"),c); + case '?': + usage(0); + break; @@ -1640,19 +2175,19 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c + } + if ( !(user || role || type || range)) { + if ( optind >= argc ) { -+ usage("must specify -t, -u, -l, -r, or context"); ++ usage(_("must specify -t, -u, -l, -r, or context")); + } + context = argv[optind++]; + } + + if ( optind >= argc ) { -+ usage("no command found"); ++ usage(_("no command found")); + } + + if ( context ) { + con = context_new(context); + if (!con) { -+ fprintf(stderr,"%s is not a valid context\n", context); ++ fprintf(stderr,_("%s is not a valid context\n"), context); + exit(1); + } + } @@ -1660,7 +2195,7 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c + getcon(&cur_context); + con = context_new(cur_context); + if (!con) { -+ fprintf(stderr,"%s is not a valid context\n", context); ++ fprintf(stderr,_("%s is not a valid context\n"), context); + exit(1); + } + if ( user ) { @@ -1678,7 +2213,7 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c + } + + if (setexeccon(context_str(con))!=0) { -+ fprintf(stderr,"unable to setup security context %s\n", context_str(con)); ++ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con)); + exit(1); + } + if (cur_context!=NULL) @@ -1690,17 +2225,298 @@ diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c + } + return 1; /* can't reach this statement.... */ +} -diff -Nur coreutils-5.0/tests/cp/Makefile.am coreutils-5.0.new/tests/cp/Makefile.am ---- coreutils-5.0/tests/cp/Makefile.am 2003-02-02 21:08:59.000000000 +0100 -+++ coreutils-5.0.new/tests/cp/Makefile.am 2003-06-20 12:10:09.000000000 +0200 -@@ -3,8 +3,8 @@ - - TESTS = \ - preserve-2 r-vs-symlink link-preserve \ -- backup-1 no-deref-link1 no-deref-link2 no-deref-link3 backup-is-src \ -- same-file cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \ -+ backup-1 backup-is-src \ -+ cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \ - perm cp-HL special-bits link dir-rm-dest cp-parents deref-slink \ - dir-vs-file into-self - EXTRA_DIST = $(TESTS) +diff -urN coreutils-5.0.org/src/stat.c coreutils-5.0/src/stat.c +--- coreutils-5.0.org/src/stat.c 2003-12-27 12:26:28.951091752 +0100 ++++ coreutils-5.0/src/stat.c 2003-12-27 12:26:52.961441624 +0100 +@@ -32,6 +32,13 @@ + # include + #endif + ++#ifdef WITH_SELINUX ++#include ++#define SECURITY_ID_T security_context_t ++#else ++#define SECURITY_ID_T char * ++#endif ++ + /* NetBSD 1.5.2 needs these, for the declaration of struct statfs. */ + #if !HAVE_SYS_STATVFS_H && !HAVE_SYS_VFS_H + # if HAVE_SYS_MOUNT_H && HAVE_SYS_PARAM_H +@@ -93,6 +100,7 @@ + {"dereference", no_argument, 0, 'L'}, + {"format", required_argument, 0, 'c'}, + {"filesystem", no_argument, 0, 'f'}, ++ {"context", no_argument, 0, 'Z'}, + {"terse", no_argument, 0, 't'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +@@ -332,7 +340,7 @@ + /* print statfs info */ + static void + print_statfs (char *pformat, char m, char const *filename, +- void const *data) ++ void const *data,SECURITY_ID_T scontext) + { + STRUCT_STATVFS const *statfsbuf = data; + +@@ -394,7 +402,10 @@ + strcat (pformat, PRIdMAX); + printf (pformat, (intmax_t) (statfsbuf->f_ffree)); + break; +- ++ case 'C': ++ strcat (pformat, "s"); ++ printf(scontext); ++ break; + default: + strcat (pformat, "c"); + printf (pformat, m); +@@ -404,7 +415,7 @@ + + /* print stat info */ + static void +-print_stat (char *pformat, char m, char const *filename, void const *data) ++print_stat (char *pformat, char m, char const *filename, void const *data, SECURITY_ID_T scontext) + { + struct stat *statbuf = (struct stat *) data; + struct passwd *pw_ent; +@@ -537,6 +548,10 @@ + strcat (pformat, "d"); + printf (pformat, (int) statbuf->st_ctime); + break; ++ case 'C': ++ strcat (pformat, "s"); ++ printf(pformat,scontext); ++ break; + default: + strcat (pformat, "c"); + printf (pformat, m); +@@ -546,8 +561,8 @@ + + static void + print_it (char const *masterformat, char const *filename, +- void (*print_func) (char *, char, char const *, void const *), +- void const *data) ++ void (*print_func) (char *, char, char const *, void const *,SECURITY_ID_T ), ++ void const *data, SECURITY_ID_T scontext) + { + char *b; + +@@ -580,7 +595,7 @@ + putchar ('%'); + break; + default: +- print_func (dest, *p, filename, data); ++ print_func (dest, *p, filename, data,scontext); + break; + } + b = p + 1; +@@ -598,9 +613,17 @@ + + /* stat the filesystem and print what we find */ + static void +-do_statfs (char const *filename, int terse, char const *format) ++do_statfs (char const *filename, int terse, int secure, char const *format) + { + STRUCT_STATVFS statfsbuf; ++ SECURITY_ID_T scontext = NULL; ++#ifdef WITH_SELINUX ++ if(secure) ++ if (getfilecon(filename,&scontext)<0) { ++ perror (filename); ++ return; ++ } ++#endif + int i = statfs (filename, &statfsbuf); + + if (i == -1) +@@ -612,23 +635,40 @@ + + if (format == NULL) + { +- format = (terse +- ? "%n %i %l %t %b %f %a %s %c %d" +- : " File: \"%n\"\n" +- " ID: %-8i Namelen: %-7l Type: %T\n" +- "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n" +- "Inodes: Total: %-10c Free: %-10d"); +- } +- +- print_it (format, filename, print_statfs, &statfsbuf); ++ if (terse) { ++ if(secure) ++ format = "%n %i %l %t %b %f %a %s %c %d %C"; ++ else ++ format = "%n %i %l %t %b %f %a %s %c %d"; ++ } ++ else ++ { ++ if(secure) ++ format = " File: \"%n\"\n" ++ " ID: %-8i Namelen: %-7l Type: %T\n" ++ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n" ++ "Inodes: Total: %-10c Free: %-10d\n" ++ " S_Context: %C\n"; ++ else ++ format= " File: \"%n\"\n" ++ " ID: %-8i Namelen: %-7l Type: %T\n" ++ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n" ++ "Inodes: Total: %-10c Free: %-10d"; ++ } ++ } ++ print_it (format, filename, print_statfs, &statfsbuf,scontext); ++#ifdef WITH_SELINUX ++ if (scontext != NULL) ++ freecon(scontext); ++#endif + } +- + /* stat the file and print what we find */ + static void +-do_stat (char const *filename, int follow_links, int terse, ++ do_stat (char const *filename, int follow_links, int terse,int secure, + char const *format) + { + struct stat statbuf; ++ SECURITY_ID_T scontext = NULL; + int i = ((follow_links == 1) + ? stat (filename, &statbuf) + : lstat (filename, &statbuf)); +@@ -639,11 +679,28 @@ + return; + } + ++#ifdef WITH_SELINUX ++ if(secure) { ++ if (link) ++ i=lgetfilecon(filename, &scontext); ++ else ++ i=getfilecon(filename, &scontext); ++ if (i == -1) ++ { ++ perror (filename); ++ return; ++ } ++ } ++#endif ++ + if (format == NULL) + { + if (terse != 0) + { +- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o"; ++ if (secure) ++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C"; ++ else ++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o"; + } + else + { +@@ -651,7 +708,17 @@ + i = statbuf.st_mode & S_IFMT; + if (i == S_IFCHR || i == S_IFBLK) + { +- format = ++ if (secure) ++ format = ++ " File: %N\n" ++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" ++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h" ++ " Device type: %t,%T\n" ++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" ++ " S_Context: %C\n" ++ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; ++ else ++ format = + " File: %N\n" + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" + "Device: %Dh/%dd\tInode: %-10i Links: %-5h" +@@ -661,6 +728,15 @@ + } + else + { ++ if (secure) ++ format = ++ " File: %N\n" ++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" ++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n" ++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" ++ "S_Context: %C\n" ++ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; ++ else + format = + " File: %N\n" + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" +@@ -670,7 +746,11 @@ + } + } + } +- print_it (format, filename, print_stat, &statbuf); ++ print_it (format, filename, print_stat, &statbuf,scontext); ++#ifdef WITH_SELINUX ++ if (scontext) ++ freecon(scontext); ++#endif + } + + void +@@ -688,6 +768,7 @@ + -f, --filesystem display filesystem status instead of file status\n\ + -c --format=FORMAT use the specified FORMAT instead of the default\n\ + -L, --dereference follow links\n\ ++ -Z, --context print the security context \n\ + -t, --terse print the information in terse form\n\ + "), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); +@@ -739,6 +820,7 @@ + %c Total file nodes in file system\n\ + %d Free file nodes in file system\n\ + %f Free blocks in file system\n\ ++ %C - Security context in SELinux\n\ + "), stdout); + fputs (_("\ + %i File System id in hex\n\ +@@ -761,6 +843,7 @@ + int follow_links = 0; + int fs = 0; + int terse = 0; ++ int secure = 0; + char *format = NULL; + + program_name = argv[0]; +@@ -770,7 +853,7 @@ + + atexit (close_stdout); + +- while ((c = getopt_long (argc, argv, "c:fLlt", long_options, NULL)) != -1) ++ while ((c = getopt_long (argc, argv, "c:fLltZ", long_options, NULL)) != -1) + { + switch (c) + { +@@ -787,6 +870,14 @@ + case 't': + terse = 1; + break; ++ case 'Z': ++ if(is_selinux_enabled()) ++ secure = 1; ++ else { ++ error (0, 0, _("Kernel is not SELinux enabled")); ++ usage (EXIT_FAILURE); ++ } ++ break; + + case_GETOPT_HELP_CHAR; + +@@ -806,9 +897,9 @@ + for (i = optind; i < argc; i++) + { + if (fs == 0) +- do_stat (argv[i], follow_links, terse, format); ++ do_stat (argv[i], follow_links, terse, secure, format); + else +- do_statfs (argv[i], terse, format); ++ do_statfs (argv[i], terse, secure, format); + } + + exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS);