1 diff -Nur coreutils-6.4/README coreutils-6.4.selinux/README
2 --- coreutils-6.4/README 2006-10-22 16:54:15.000000000 +0000
3 +++ coreutils-6.4.selinux/README 2006-10-31 23:39:34.000000000 +0000
6 The programs that can be built with this package are:
8 - [ base64 basename cat chgrp chmod chown chroot cksum comm cp csplit cut date
9 + [ base64 basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date
10 dd df dir dircolors dirname du echo env expand expr factor false fmt fold
11 ginstall groups head hostid hostname id join kill link ln logname ls
12 md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
13 - printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum sha256sum
14 + printenv printf ptx pwd readlink rm rmdir runuser runcon seq sha1sum sha224sum sha256sum
15 sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac
16 tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime
17 users vdir wc who whoami yes
18 diff -Nur coreutils-6.4/configure.ac coreutils-6.4.selinux/configure.ac
19 --- coreutils-6.4/configure.ac 2006-10-31 23:38:15.000000000 +0000
20 +++ coreutils-6.4.selinux/configure.ac 2006-10-31 23:39:34.000000000 +0000
25 +dnl Give the chance to enable SELINUX
26 +AC_ARG_ENABLE(selinux, dnl
27 +[ --enable-selinux Enable use of the SELinux libraries],
28 +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELinux])
29 +LIB_SELINUX="-lselinux"
30 +AC_SUBST(LIB_SELINUX)])
35 diff -Nur coreutils-6.4/lib/config.hin coreutils-6.4.selinux/lib/config.hin
36 --- coreutils-6.4/lib/config.hin 2006-10-22 20:36:23.000000000 +0000
37 +++ coreutils-6.4.selinux/lib/config.hin 2006-10-31 23:39:34.000000000 +0000
42 +/* Define if you want to use SELINUX */
45 /* Define to 1 if your processor stores words with the most significant byte
46 first (like Motorola and SPARC, unlike Intel and VAX). */
47 #undef WORDS_BIGENDIAN
48 --- coreutils-6.5/man/Makefile.am.orig 2006-11-22 10:47:32.569505000 +0100
49 +++ coreutils-6.5/man/Makefile.am 2006-11-22 10:48:11.669505000 +0100
51 shred.1 shuf.1 sleep.1 sort.1 split.1 stat.1 \
52 su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
53 tty.1 unexpand.1 uniq.1 unlink.1 vdir.1 wc.1 \
54 - whoami.1 yes.1 $(MAN)
55 + whoami.1 yes.1 chcon.1 runcon.1 $(MAN)
57 chroot.1 hostid.1 nice.1 pinky.1 stty.1 uname.1 uptime.1 users.1 who.1
60 who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
61 whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
62 yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
63 +chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
64 +runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
68 diff -Nur coreutils-6.4/man/chcon.1 coreutils-6.4.selinux/man/chcon.1
69 --- coreutils-6.4/man/chcon.1 1970-01-01 00:00:00.000000000 +0000
70 +++ coreutils-6.4.selinux/man/chcon.1 2006-10-31 23:39:34.000000000 +0000
72 +.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
74 +chcon \- change security context
77 +[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
80 +[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
83 +." Add any additional description here
85 +Change the security context of each FILE to CONTEXT.
87 +\fB\-c\fR, \fB\-\-changes\fR
88 +like verbose but report only when a change is made
90 +\fB\-h\fR, \fB\-\-no\-dereference\fR
91 +affect symbolic links instead of any referenced file (available only on systems with lchown system call)
93 +\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
94 +suppress most error messages
96 +\fB\-l\fR, \fB\-\-range\fR
97 +set range RANGE in the target security context
99 +\fB\-\-reference\fR=\fIRFILE\fR
100 +use RFILE's context instead of using a CONTEXT value
102 +\fB\-R\fR, \fB\-\-recursive\fR
103 +change files and directories recursively
105 +\fB\-r\fR, \fB\-\-role\fR
106 +set role ROLE in the target security context
108 +\fB\-t\fR, \fB\-\-type\fR
109 +set type TYPE in the target security context
111 +\fB\-u\fR, \fB\-\-user\fR
112 +set user USER in the target security context
114 +\fB\-v\fR, \fB\-\-verbose\fR
115 +output a diagnostic for every file processed
118 +display this help and exit
121 +output version information and exit
122 +.SH "REPORTING BUGS"
123 +Report bugs to <email@host.com>.
125 +The full documentation for
127 +is maintained as a Texinfo manual. If the
131 +programs are properly installed at your site, the command
135 +should give you access to the complete manual.
136 diff -Nur coreutils-6.4/man/chcon.x coreutils-6.4.selinux/man/chcon.x
137 --- coreutils-6.4/man/chcon.x 1970-01-01 00:00:00.000000000 +0000
138 +++ coreutils-6.4.selinux/man/chcon.x 2006-10-31 23:39:34.000000000 +0000
141 +chcon \- change file security context
143 +.\" Add any additional description here
144 diff -Nur coreutils-6.4/man/cp.1 coreutils-6.4.selinux/man/cp.1
145 --- coreutils-6.4/man/cp.1 2006-10-22 19:56:33.000000000 +0000
146 +++ coreutils-6.4.selinux/man/cp.1 2006-10-31 23:39:34.000000000 +0000
149 \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
150 preserve the specified attributes (default:
151 -mode,ownership,timestamps), if possible
152 +mode,ownership,timestamps) and security contexts, if possible
153 additional attributes: links, all
155 \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
158 display this help and exit
160 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
161 +set security context of copy to CONTEXT
164 output version information and exit
166 diff -Nur coreutils-6.4/man/dir.1 coreutils-6.4.selinux/man/dir.1
167 --- coreutils-6.4/man/dir.1 2006-10-22 19:56:34.000000000 +0000
168 +++ coreutils-6.4.selinux/man/dir.1 2006-10-31 23:39:34.000000000 +0000
172 list one file per line
177 +Display security context. Enable \fB\-l\fR. Lines
178 +will probably be too wide for most displays.
181 +Display security context so it fits on most
182 +displays. Displays only mode, user, group,
183 +security context and file name.
186 +Display only security context and file name.
189 display this help and exit
190 diff -Nur coreutils-6.4/man/id.1 coreutils-6.4.selinux/man/id.1
191 --- coreutils-6.4/man/id.1 2006-10-22 19:56:35.000000000 +0000
192 +++ coreutils-6.4.selinux/man/id.1 2006-10-31 23:39:34.000000000 +0000
195 ignore, for compatibility with other versions
197 +\fB\-Z\fR, \fB\-\-context\fR
198 +print only the security context
200 \fB\-g\fR, \fB\-\-group\fR
201 print only the effective group ID
203 diff -Nur coreutils-6.4/man/install.1 coreutils-6.4.selinux/man/install.1
204 --- coreutils-6.4/man/install.1 2006-10-22 19:56:35.000000000 +0000
205 +++ coreutils-6.4.selinux/man/install.1 2006-10-31 23:39:34.000000000 +0000
208 \fB\-v\fR, \fB\-\-verbose\fR
209 print the name of each directory as it is created
211 +\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
213 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
214 +(SELinux) Set security context of files and directories
217 display this help and exit
218 diff -Nur coreutils-6.4/man/ls.1 coreutils-6.4.selinux/man/ls.1
219 --- coreutils-6.4/man/ls.1 2006-10-22 19:56:35.000000000 +0000
220 +++ coreutils-6.4.selinux/man/ls.1 2006-10-31 23:39:34.000000000 +0000
224 list one file per line
229 +Display security context. Enable \fB\-l\fR. Lines
230 +will probably be too wide for most displays.
232 +\fB\-Z\fR, \fB\-\-context\fR
233 +Display security context so it fits on most
234 +displays. Displays only mode, user, group,
235 +security context and file name.
238 +Display only security context and file name.
241 display this help and exit
242 diff -Nur coreutils-6.4/man/mkdir.1 coreutils-6.4.selinux/man/mkdir.1
243 --- coreutils-6.4/man/mkdir.1 2006-10-22 19:56:35.000000000 +0000
244 +++ coreutils-6.4.selinux/man/mkdir.1 2006-10-31 23:39:34.000000000 +0000
247 Mandatory arguments to long options are mandatory for short options too.
249 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
251 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
252 set file mode (as in chmod), not a=rwx \- umask
254 diff -Nur coreutils-6.4/man/mkfifo.1 coreutils-6.4.selinux/man/mkfifo.1
255 --- coreutils-6.4/man/mkfifo.1 2006-10-22 19:56:35.000000000 +0000
256 +++ coreutils-6.4.selinux/man/mkfifo.1 2006-10-31 23:39:34.000000000 +0000
259 Mandatory arguments to long options are mandatory for short options too.
261 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
262 +set security context (quoted string)
264 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
265 set file permission bits to MODE, not a=rw \- umask
267 diff -Nur coreutils-6.4/man/mknod.1 coreutils-6.4.selinux/man/mknod.1
268 --- coreutils-6.4/man/mknod.1 2006-10-22 19:56:35.000000000 +0000
269 +++ coreutils-6.4.selinux/man/mknod.1 2006-10-31 23:39:34.000000000 +0000
272 Mandatory arguments to long options are mandatory for short options too.
274 +\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
275 +set security context (quoted string)
277 \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
278 set file permission bits to MODE, not a=rw \- umask
280 diff -Nur coreutils-6.4/man/runcon.1 coreutils-6.4.selinux/man/runcon.1
281 --- coreutils-6.4/man/runcon.1 1970-01-01 00:00:00.000000000 +0000
282 +++ coreutils-6.4.selinux/man/runcon.1 2006-10-31 23:39:34.000000000 +0000
284 +.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux"
286 +runcon \- run command with specified security context
289 +[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
294 +\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
299 +.\" Add any additional description here
301 +Run COMMAND with current security context modified by one or more of LEVEL,
302 +ROLE, TYPE, and USER, or with completely-specified CONTEXT.
305 +change current type to the specified type
308 +change current level range to the specified range
311 +change current role to the specified role
314 +change current user to the specified user
316 +If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
317 +the first argument is used as the complete context. Any additional
318 +arguments after \fICOMMAND\fR are interpreted as arguments to the
321 +Note that only carefully-chosen contexts are likely to successfully
323 diff -Nur coreutils-6.4/man/runcon.x coreutils-6.4.selinux/man/runcon.x
324 --- coreutils-6.4/man/runcon.x 1970-01-01 00:00:00.000000000 +0000
325 +++ coreutils-6.4.selinux/man/runcon.x 2006-10-31 23:39:34.000000000 +0000
328 +.\" Add any additional description here
329 diff -Nur coreutils-6.4/man/stat.1 coreutils-6.4.selinux/man/stat.1
330 --- coreutils-6.4/man/stat.1 2006-10-22 19:56:37.000000000 +0000
331 +++ coreutils-6.4.selinux/man/stat.1 2006-10-31 23:39:34.000000000 +0000
333 \fB\-t\fR, \fB\-\-terse\fR
334 print the information in terse form
336 +\fB\-Z\fR, \fB\-\-context\fR
337 +print security context information for SELinux if available.
340 display this help and exit
344 Device number in decimal
347 +SELinux security context
352 diff -Nur coreutils-6.4/man/vdir.1 coreutils-6.4.selinux/man/vdir.1
353 --- coreutils-6.4/man/vdir.1 2006-10-22 19:56:39.000000000 +0000
354 +++ coreutils-6.4.selinux/man/vdir.1 2006-10-31 23:39:34.000000000 +0000
358 list one file per line
363 +Display security context. Enable \fB\-l\fR. Lines
364 +will probably be too wide for most displays.
367 +Display security context so it fits on most
368 +displays. Displays only mode, user, group,
369 +security context and file name.
372 +Display only security context and file name.
375 display this help and exit
376 diff -Nur coreutils-6.4/po/POTFILES.in coreutils-6.4.selinux/po/POTFILES.in
377 --- coreutils-6.4/po/POTFILES.in 2006-10-31 23:38:15.000000000 +0000
378 +++ coreutils-6.4.selinux/po/POTFILES.in 2006-10-31 23:39:34.000000000 +0000
395 --- coreutils-6.7/po/pl.po.orig 2006-12-09 20:03:10.686071942 +0100
396 +++ coreutils-6.7/po/pl.po 2006-12-09 20:06:54.942851606 +0100
398 msgid "%s: input file is output file"
399 msgstr "%s: plik wej¶ciowy jest plikiem wyj¶ciowym"
403 +msgid "context of %s changed to %s\n"
404 +msgstr "kontekst %s zmieniony na %s\n"
408 +msgid "failed to change context of %s to %s\n"
409 +msgstr "nie mo¿na zmieniæ kontekstu %s na %s\n"
413 +msgid "context of %s retained as %s\n"
414 +msgstr "kontekst %s zachowany jako %s\n"
418 +msgid "can't apply partial context to unlabeled file %s"
419 +msgstr "nie mo¿na zastosowaæ czê¶ciowego kontekstu na nieoznakowanym pliku %s"
423 +msgid "couldn't compute security context from %s"
424 +msgstr "nie mo¿na obliczyæ kontekstu bezpieczeñstwa z %s"
428 +msgid "invalid context: %s"
429 +msgstr "b³êdny kontekst: %s"
433 +msgid "failed to change context of %s to %s"
434 +msgstr "nie mo¿na zmieniæ kontekstu %s na %s"
437 +msgid "virtual memory exhausted"
438 +msgstr "pamiêæ wirtualna wyczerpana"
443 +"Usage: %s [OPTION]... CONTEXT FILE...\n"
444 +" or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n"
445 +" or: %s [OPTION]... --reference=RFILE FILE...\n"
447 +"Sk³adnia: %s [OPCJA]... KONTEKST PLIK...\n"
448 +" albo: %s [OPCJA]... [-u U¯YTKOWNIK] [-r ROLA] [-l ZAKRES] [-t TYP] PLIK...\n"
449 +" albo: %s [OPCJA]... --reference=PLIK_WZ PLIK...\n"
454 +"Change the security context of each FILE to CONTEXT.\n"
456 +" -c, --changes like verbose but report only when a change is made\n"
457 +" -h, --no-dereference affect symbolic links instead of any referenced file\n"
458 +" (available only on systems with lchown system call)\n"
459 +" -f, --silent, --quiet suppress most error messages\n"
460 +" --reference=RFILE use RFILE's group instead of using a CONTEXT value\n"
461 +" -u, --user=USER set user USER in the target security context\n"
462 +" -r, --role=ROLE set role ROLE in the target security context\n"
463 +" -t, --type=TYPE set type TYPE in the target security context\n"
464 +" -l, --range=RANGE set range RANGE in the target security context\n"
465 +" -R, --recursive change files and directories recursively\n"
466 +" -v, --verbose output a diagnostic for every file processed\n"
467 +" --help display this help and exit\n"
468 +" --version output version information and exit\n"
470 +"Zmiana kontekstu bezpieczeñstwa ka¿dego PLIKU na KONTEKST.\n"
472 +" -c, --changes jak verbose, ale raportowanie tylko wykonanych zmian\n"
473 +" -h, --no-dereference zmiana dowi±zañ symbolicznych zamiast wskazywanych\n"
474 +" plików (dostêpne tylko na systemach z lchown)\n"
475 +" -f, --silent, --quiet pominiêcie wiêkszo¶ci komunikatów o b³êdach\n"
476 +" --reference=PLIK u¿ycie grupy PLIKU zamiast warto¶ci KONTEKSTU\n"
477 +" -u, --user=U¯YTKOWNIK ustawienie U¯YTKOWNIK w kontek¶cie bezpieczeñstwa\n"
478 +" -r, --role=ROLA ustawienie ROLI w kontek¶cie bezpieczeñstwa\n"
479 +" -t, --type=TYP ustawienie TYPU w kontek¶cie bezpieczeñstwa\n"
480 +" -l, --range=ZAKRES ustawienie ZAKRESU w kontek¶cie bezpieczeñstwa\n"
481 +" -R, --recursive zmiana plików i katalogów rekursywnie\n"
482 +" -v, --verbose wypisywanie diagnostyki dla ka¿dego pliku\n"
483 +" --help wy¶wietlenie tego opisu i zakoñczenie\n"
484 +" --version wy¶wietlenie informacji o wersji i zakoñczenie\n"
487 +msgid "conflicting security context specifiers given"
488 +msgstr "konflikt miêdzy podanymi okre¶leniami kontekstu bezpieczeñstwa"
490 #: src/chgrp.c:95 src/install.c:611
492 msgid "invalid group %s"
493 @@ -1540,6 +1629,21 @@
494 "nie uda³o siê przeniesienie miêdzy urz±dzeniami: %s do %s; nie uda³o siê "
495 "usunaæ pliku docelowego"
499 +msgid "cannot set setfscreatecon %s"
500 +msgstr "nie mo¿na ustawiæ setfscreatecon %s"
504 +msgid "warning: security context not preserved %s"
505 +msgstr "uwaga: nie zachowano kontekstu bezpieczeñstwa %s"
509 +msgid "cannot lgetfilecon %s"
510 +msgstr "nie mo¿na wykonaæ lgetfilecon %s"
514 msgid "cannot copy cyclic symbolic link %s"
515 @@ -1688,6 +1792,10 @@
516 " atrybutów: links (dowi±zania), all "
520 +msgid " -c same as --preserve=context\n"
521 +msgstr " -c to samo co --preserve=context\n"
525 " --no-preserve=ATTR_LIST don't preserve the specified attributes\n"
526 @@ -1740,12 +1848,13 @@
527 " destination file is missing\n"
528 " -v, --verbose explain what is being done\n"
529 " -x, --one-file-system stay on this file system\n"
530 +" -Z, --context=CONTEXT set security context of copy to CONTEXT\n"
532 " -u, --update kopiowanie tylko plików, dla których ¬RÓD£O\n"
533 " jest nowsze ni¿ CEL albo brakuje CELU\n"
534 " -v, --verbose wyja¶nianie co siê dzieje\n"
535 " -x, --one-file-system pozostanie w jednym systemie plików\n"
537 +" -Z, --context=KONTEKST ustawienie KONTEKSTU bezpieczeñstwa kopii\n"
541 @@ -1874,6 +1983,26 @@
542 msgid "multiple target directories specified"
543 msgstr "podano wiele katalogów docelowych"
547 +msgid "%s: cannot force target context <-- %s and preserve it\n"
548 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu <-- %s i zachowaæ go\n"
552 +msgid "Warning: ignoring --context (-Z). It requires a SELinux enabled kernel.\n"
553 +msgstr "Uwaga: zignorowano --context (-Z). Ta opcja wymaga j±dra z obs³ug± SELinuksa.\n"
555 +#: src/cp.c:1031 src/install.c:369
557 +msgid "%s: cannot force target context to '%s' and preserve it\n"
558 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu na '%s' i zachowaæ go\n"
562 +msgid "cannot set default security context %s"
563 +msgstr "nie mo¿na ustawiæ domy¶lnego kontekstu bezpieczeñstwa %s"
567 msgid "cannot make both hard and symbolic links"
568 @@ -3880,6 +4009,7 @@
569 "Print information for USERNAME, or the current user.\n"
571 " -a ignore, for compatibility with other versions\n"
572 +" -Z, --context print only the context\n"
573 " -g, --group print only the effective group ID\n"
574 " -G, --groups print all group IDs\n"
575 " -n, --name print a name instead of a number, for -ugG\n"
576 @@ -3890,6 +4020,7 @@
578 " -a ignorowane, dla zachowania kompatybilno¶ci z innymi "
580 +" -Z, --context wy¶wietlenie tylko kontekstu\n"
581 " -g, --group wy¶wietlenie tylko efektywnego identyfikatora grupy\n"
582 " -G, --groups wy¶wietlenie pe³nej listy grup\n"
583 " -n, --name wy¶wietlenie nazw zamiast numerów, dla -ugG\n"
584 @@ -3906,10 +4037,26 @@
585 "Bez ¿adnych OPCJI wy¶wietla zestaw u¿ytecznych informacji, które uda³o siê\n"
589 +#: src/id.c:165 src/mkdir.c:136 src/mkfifo.c:124 src/mknod.c:135
591 -msgid "cannot print only user and only group"
592 -msgstr "nie mo¿na wypisaæ tylko u¿ytkownika i tylko grupê równocze¶nie"
593 +msgid "Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n"
594 +msgstr "Niestety --context (-Z) mo¿na u¿ywaæ tylko na j±drze z obs³ug± SELinuksa.\n"
598 +"cannot display context when SELinux not enabled or when displaying the id\n"
599 +"of a different user"
601 +"nie mo¿na wy¶wietliæ kontekstu kiedy SELinux nie jest w³±czony lub przy\n"
602 +"wy¶wietlaniu identyfikatora innego u¿ytkownika"
605 +msgid "can't get process context"
606 +msgstr "nie mo¿na uzyskaæ kontekstu procesu"
609 +msgid "cannot print \"only\" of more than one choice"
610 +msgstr "nie mo¿na wypisaæ \"tylko czego¶\" dla wiêcej ni¿ jednej rzeczy"
614 @@ -3941,6 +4088,31 @@
621 +msgstr " kontekst=%s"
623 +#: src/install.c:365
625 +msgid "Warning: ignoring --preserve_context (-P) because the kernel is not SELinux-enabled.\n"
626 +msgstr "Uwaga: zignorowano --preserve_context (-P), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
628 +#: src/install.c:377
630 +msgid "Warning: ignoring --context (-Z) because the kernel is not SELinux-enabled.\n"
631 +msgstr "Uwaga: zignorowano --context (-Z), poniewa¿ j±dro nie ma obs³ugi SELinuksa.\n"
633 +#: src/install.c:382
635 +msgid "%s: cannot force target context == '%s' and preserve it\n"
636 +msgstr "%s: nie mo¿na wymusiæ docelowego kontekstu '%s' i zachowaæ go\n"
638 +#: src/install.c:387
640 +msgid "%s: cannot setup default context == '%s'\n"
641 +msgstr "%s: nie mo¿na ustawiæ domy¶lnego kontekstu '%s'\n"
645 msgid "the strip option may not be used when installing a directory"
646 @@ -4079,6 +4251,14 @@
647 " -T, --no-target-directory traktowanie CELU jak zwyk³ego pliku\n"
648 " -v, --verbose wypisanie nazwy ka¿dego tworzonego katalogu\n"
650 +#: src/install.c:773
652 +" -P, --preserve_context (SELinux) Preserve security context\n"
653 +" -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n"
655 +" -P, --preserve_context (SELinux) zachowanie kontekstu bezpieczeñstwa\n"
656 +" -Z, --context=KONTEKST (SELinux) ustawienie kontekstu plików i katalogów\n"
658 #: src/install.c:692 src/ln.c:365 src/mv.c:318
661 @@ -4468,6 +4648,11 @@
662 msgid "no login name"
663 msgstr "brak nazwy u¿ytkownika"
667 +msgid "Sorry, this option can only be used on a SELinux-enabled kernel.\n"
668 +msgstr "Niestety tej opcji mo¿na u¿yæ tylko na j±drze z obs³ug± SELinuksa.\n"
673 @@ -4841,6 +5026,34 @@
674 " -X sortowanie alfabetyczne wg rozszerzeñ\n"
675 " -1 listowanie po jednym pliku w linii\n"
681 +"SELinux options:\n"
683 +" --lcontext Display security context. Enable -l. Lines\n"
684 +" will probably be too wide for most displays.\n"
685 +" -Z, --context Display security context so it fits on most\n"
686 +" displays. Displays only mode, user, group,\n"
687 +" security context and file name.\n"
688 +" --scontext Display only security context and file name.\n"
693 +"Opcje dla SELinuksa:\n"
695 +" --lcontext wy¶wietlanie kontekstu bezpieczeñstwa; w³±cza -l,\n"
696 +" linie mog± byæ zbyt d³ugie dla wielu terminali\n"
697 +" --context wy¶wietlanie kontekstu tak, ¿eby zmie¶ci³ siê na\n"
698 +" wiêkszo¶ci terminali; wy¶wietlane s± tylko\n"
699 +" uprawnienia, w³a¶ciciel, grupa, kontekst\n"
700 +" bezpieczeñstwa i nazwa pliku\n"
701 +" --scontext wy¶wietlanie tylko kontekstu i nazwy pliku\n"
708 @@ -5043,6 +5256,11 @@
709 "Utworzenie KATALOGU/ÓW, je¿eli jeszcze nie istniej±.\n"
714 +msgid " -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n"
715 +msgstr " -Z, --context=KONTEKST (SELinux) ustawienie KONTEKSTU bezpieczeñstwa\n"
719 " -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask\n"
720 @@ -5059,6 +5277,11 @@
721 msgid "created directory %s"
722 msgstr "utworzony katalog %s"
724 +#: src/mkdir.c:170 src/mkfifo.c:128 src/mknod.c:139
726 +msgid "Sorry, cannot set default context to %s.\n"
727 +msgstr "Niestety nie mo¿na ustawiæ domy¶lnego kontekstu na %s.\n"
731 msgid "Usage: %s [OPTION] NAME...\n"
732 @@ -5072,6 +5295,11 @@
733 "Tworzenie nazwanych potoków (pipes, FIFOs) o podanych NAZWACH.\n"
736 +#: src/mkfifo.c:68 src/mknod.c:69
738 +msgid " -Z, --context=CONTEXT set security context (quoted string)\n"
739 +msgstr " -Z, --context=KONTEKST ustawienie kontekstu bezpieczeñstwa (³añcuch cytowany)\n"
741 #: src/mkfifo.c:62 src/mknod.c:64
743 " -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n"
744 @@ -6808,6 +7036,72 @@
745 " -v, --verbose informacja diagnostyczna o ka¿dym przetworzonym\n"
751 +"Usage: %s [OPTION]... command [args]\n"
752 +"Run a program in a different security context.\n"
754 +" context Complete security context\n"
755 +" -t type (for same role as parent)\n"
756 +" -u user identity\n"
759 +" --help display this help and exit\n"
761 +"Sk³adnia: %s [OPCJA]... polecenie [argumenty]\n"
762 +"Uruchomienie programu w innym kontek¶cie bezpieczeñstwa.\n"
764 +" kontekst pe³ny kontekst bezpieczeñstwa\n"
765 +" -t typ (dla tej samej roli jako rodzica)\n"
766 +" -u identyfikator u¿ytkownika\n"
768 +" -l zakres poziomów\n"
769 +" --help wy¶wietlenie tego opisu i zakoñczenie\n"
773 +msgid "multiple roles\n"
774 +msgstr "wiele ról\n"
778 +msgid "multiple types\n"
779 +msgstr "wiele typów\n"
783 +msgid "multiple users\n"
784 +msgstr "wielu u¿ytkowników\n"
788 +msgid "multiple levelranges\n"
789 +msgstr "wiele zakresów poziomów\n"
793 +msgid "unrecognised option %c\n"
794 +msgstr "nierozpoznana opcja %c\n"
797 +msgid "must specify -t, -u, -l, -r, or context"
798 +msgstr "trzeba podaæ -t, -u, -l, -r albo kontekst"
801 +msgid "no command found"
802 +msgstr "nie znaleziono polecenia"
804 +#: src/runcon.c:137 src/runcon.c:145
806 +msgid "%s is not a valid context\n"
807 +msgstr "%s nie jest poprawnym kontekstem\n"
811 +msgid "unable to setup security context %s\n"
812 +msgstr "nie mo¿na ustawiæ kontekstu bezpieczeñstwa %s\n"
817 @@ -7689,6 +7983,7 @@
818 " --printf=FORMAT like --format, but interpret backslash escapes,\n"
819 " and do not output a mandatory trailing newline.\n"
820 " If you want a newline, include \\n in FORMAT.\n"
821 +" -Z, --context print the security context\n"
822 " -t, --terse print the information in terse form\n"
824 " -c --format=FORMAT u¿ycie podanego FORMATU zamiast domy¶lnego; po\n"
825 @@ -7699,6 +7994,7 @@
826 " uko¶nikiem odwrotnym i bez wypisywania znaku "
828 " linii. ¯eby go wypisaæ u¿yj \\n w FORMACIE.\n"
829 +" -Z, --context wypisywanie kontekstu bezpieczeñstwa\n"
830 " -t, --terse wypisywanie informacji w skróconej formie\n"
833 @@ -7786,6 +8082,7 @@
834 " %c Total file nodes in file system\n"
835 " %d Free file nodes in file system\n"
836 " %f Free blocks in file system\n"
837 +" %C Security context in SELinux\n"
839 "Prawid³owe specyfikacje formatu dla systemów plików:\n"
841 @@ -7794,6 +8091,7 @@
842 " %c ca³kowita liczba i-wêz³ów w systemie plików\n"
843 " %d liczba wolnych i-wêz³ów w systemie plików\n"
844 " %f liczba wolnych bloków w systemie plików\n"
845 +" %C kontekst bezpieczeñstwa w SELinuksie\n"
849 @@ -7813,6 +8111,10 @@
850 " %t typ szesnastkowo\n"
851 " %T typ w formie czytelnej dla cz³owieka\n"
854 +msgid "Kernel is not SELinux enabled"
855 +msgstr "J±dro nie ma obs³ugi SELinuksa"
860 diff -Nur coreutils-6.4/src/Makefile.am coreutils-6.4.selinux/src/Makefile.am
861 --- coreutils-6.4/src/Makefile.am 2006-10-31 23:38:15.000000000 +0000
862 +++ coreutils-6.4.selinux/src/Makefile.am 2006-10-31 23:39:34.000000000 +0000
864 EXTRA_PROGRAMS = chroot df hostid nice pinky stty su uname uptime users who
867 -bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
868 +bin_PROGRAMS = [ chgrp chown chmod chcon cp dd dircolors du \
869 ginstall link ln dir vdir ls mkdir \
870 mkfifo mknod mv nohup readlink rm rmdir shred stat sync touch unlink \
871 cat cksum comm csplit cut expand fmt fold head join md5sum \
872 nl od paste pr ptx sha1sum sha224sum sha256sum sha384sum sha512sum \
873 shuf sort split sum tac tail tr tsort unexpand uniq wc \
874 basename date dirname echo env expr factor false getgid \
875 - hostname id kill logname pathchk printenv printf pwd seq sleep tee \
876 + hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
877 test true tty whoami yes \
879 $(OPTIONAL_BIN_PROGS) $(DF_PROG)
881 mv_LDADD += $(LIB_ACL)
882 ginstall_LDADD += $(LIB_ACL)
884 +dir_LDADD += @LIB_SELINUX@
885 +ls_LDADD += @LIB_SELINUX@
886 +vdir_LDADD += @LIB_SELINUX@
887 +cp_LDADD += @LIB_SELINUX@
888 +ginstall_LDADD += @LIB_SELINUX@
889 +mv_LDADD += @LIB_SELINUX@
890 +chcon_LDADD = $(LDADD) @LIB_SELINUX@
891 +id_LDADD = $(LDADD) @LIB_SELINUX@
892 +mkdir_LDADD = $(LDADD) @LIB_SELINUX@
893 +mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
894 +mknod_LDADD = $(LDADD) @LIB_SELINUX@
895 +stat_LDADD = $(LDADD) @LIB_SELINUX@
896 +runcon_LDADD = $(LDADD) @LIB_SELINUX@
898 $(PROGRAMS): ../lib/libcoreutils.a
901 diff -Nur coreutils-6.4/src/chcon.c coreutils-6.4.selinux/src/chcon.c
902 --- coreutils-6.4/src/chcon.c 1970-01-01 00:00:00.000000000 +0000
903 +++ coreutils-6.4.selinux/src/chcon.c 2006-10-31 23:39:34.000000000 +0000
905 +/* chcontext -- change security context of a pathname */
909 +#include <sys/types.h>
912 +#include <selinux/selinux.h>
913 +#include <selinux/context.h>
917 +#include "savedir.h"
918 +#include "group-member.h"
924 + CH_NO_CHANGE_REQUESTED
929 + /* Print a message for each file that is processed. */
932 + /* Print a message for each file whose attributes we change. */
935 + /* Do not be verbose. This is the default. */
939 +static int change_dir_context (const char *dir, const struct stat *statp);
941 +/* The name the program was run with. */
944 +/* If nonzero, and the systems has support for it, change the context
945 + of symbolic links rather than any files they point to. */
946 +static int change_symlinks;
948 +/* If nonzero, change the context of directories recursively. */
951 +/* If nonzero, force silence (no error messages). */
952 +static int force_silent;
954 +/* Level of verbosity. */
955 +static enum Verbosity verbosity = V_off;
957 +/* The name of the context file is being given. */
958 +static const char *specified_context;
960 +/* Specific components of the context */
961 +static const char *specified_user;
962 +static const char *specified_role;
963 +static const char *specified_range;
964 +static const char *specified_type;
966 +/* The argument to the --reference option. Use the context of this file.
967 + This file must exist. */
968 +static char *reference_file;
970 +/* If nonzero, display usage information and exit. */
971 +static int show_help;
973 +/* If nonzero, print the version on standard output and exit. */
974 +static int show_version;
976 +static struct option const long_options[] =
978 + {"recursive", no_argument, 0, 'R'},
979 + {"changes", no_argument, 0, 'c'},
980 + {"no-dereference", no_argument, 0, 'h'},
981 + {"silent", no_argument, 0, 'f'},
982 + {"quiet", no_argument, 0, 'f'},
983 + {"reference", required_argument, 0, CHAR_MAX + 1},
984 + {"context", required_argument, 0, CHAR_MAX + 2},
985 + {"user", required_argument, 0, 'u'},
986 + {"role", required_argument, 0, 'r'},
987 + {"type", required_argument, 0, 't'},
988 + {"range", required_argument, 0, 'l'},
989 + {"verbose", no_argument, 0, 'v'},
990 + {"help", no_argument, &show_help, 1},
991 + {"version", no_argument, &show_version, 1},
995 +/* Tell the user how/if the context of FILE has been changed.
996 + CHANGED describes what (if anything) has happened. */
999 +describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
1004 + case CH_SUCCEEDED:
1005 + fmt = _("context of %s changed to %s\n");
1008 + fmt = _("failed to change context of %s to %s\n");
1010 + case CH_NO_CHANGE_REQUESTED:
1011 + fmt = _("context of %s retained as %s\n");
1016 + printf (fmt, file, newcontext);
1020 +compute_context_from_mask (security_context_t context, context_t *ret)
1022 + context_t newcontext = context_new (context);
1025 +#define SETCOMPONENT(comp) \
1027 + if (specified_ ## comp) \
1028 + if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
1032 + SETCOMPONENT(user);
1033 + SETCOMPONENT(range);
1034 + SETCOMPONENT(role);
1035 + SETCOMPONENT(type);
1036 +#undef SETCOMPONENT
1038 + *ret = newcontext;
1041 + context_free (newcontext);
1045 +/* Change the context of FILE, using specified components.
1046 + If it is a directory and -R is given, recurse.
1047 + Return 0 if successful, 1 if errors occurred. */
1050 +change_file_context (const char *file)
1052 + struct stat file_stats;
1053 + security_context_t file_context=NULL;
1054 + context_t context;
1055 + security_context_t context_string;
1059 + if (change_symlinks)
1060 + status = lgetfilecon(file, &file_context);
1062 + status = getfilecon(file, &file_context);
1064 + if ((status < 0) && (errno != ENODATA))
1066 + if (force_silent == 0)
1067 + error (0, errno, "%s", file);
1071 + /* If the file doesn't have a context, and we're not setting all of
1072 + the context components, there isn't really an obvious default.
1073 + Thus, we just give up. */
1074 + if (file_context == NULL && specified_context == NULL)
1076 + error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
1080 + if (specified_context == NULL)
1082 + if (compute_context_from_mask (file_context, &context))
1084 + error (0, 0, _("couldn't compute security context from %s"), file_context);
1090 + context = context_new (specified_context);
1092 + error (1, 0,_("invalid context: %s"),specified_context);
1095 + context_string = context_str (context);
1097 + if (file_context == NULL || strcmp(context_string,file_context)!=0)
1101 + if (change_symlinks)
1102 + fail = lsetfilecon (file, context_string);
1104 + fail = setfilecon (file, context_string);
1106 + if (verbosity == V_high || (verbosity == V_changes_only && !fail))
1107 + describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
1112 + if (force_silent == 0)
1114 + error (0, errno, _("failed to change context of %s to %s"), file, context_string);
1118 + else if (verbosity == V_high)
1120 + describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
1123 + context_free(context);
1124 + freecon(file_context);
1127 + if (lstat(file, &file_stats)==0)
1128 + if (S_ISDIR (file_stats.st_mode) &&
1129 + (strcmp(file,"..") !=0) &&
1130 + (strcmp(file,".") !=0))
1131 + errors |= change_dir_context (file, &file_stats);
1136 +/* Recursively change context of the files in directory DIR
1137 + using specified context components.
1138 + STATP points to the results of lstat on DIR.
1139 + Return 0 if successful, 1 if errors occurred. */
1142 +change_dir_context (const char *dir, const struct stat *statp)
1144 + char *name_space, *namep;
1145 + char *path; /* Full path of each entry to process. */
1146 + unsigned dirlength; /* Length of `dir' and '\0'. */
1147 + unsigned filelength; /* Length of each pathname to process. */
1148 + unsigned pathlength; /* Bytes allocated for `path'. */
1152 + name_space = savedir (dir);
1153 + if (name_space == NULL)
1157 + if (force_silent == 0)
1158 + error (0, errno, "%s", dir);
1162 + error (1, 0, _("virtual memory exhausted"));
1165 + dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
1166 + pathlength = dirlength + 1;
1167 + /* Give `path' a dummy value; it will be reallocated before first use. */
1168 + path = xmalloc (pathlength);
1169 + strcpy (path, dir);
1170 + path[dirlength - 1] = '/';
1172 + for (namep = name_space; *namep; namep += filelength - dirlength)
1174 + filelength = dirlength + strlen (namep) + 1;
1175 + if (filelength > pathlength)
1177 + pathlength = filelength * 2;
1178 + path = xrealloc (path, pathlength);
1180 + strcpy (path + dirlength, namep);
1181 + errors |= change_file_context (path);
1184 + free (name_space);
1192 + fprintf (stderr, _("Try `%s --help' for more information.\n"),
1197 +Usage: %s [OPTION]... CONTEXT FILE...\n\
1198 + or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
1199 + or: %s [OPTION]... --reference=RFILE FILE...\n\
1201 + program_name, program_name, program_name);
1203 +Change the security context of each FILE to CONTEXT.\n\
1205 + -c, --changes like verbose but report only when a change is made\n\
1206 + -h, --no-dereference affect symbolic links instead of any referenced file\n\
1207 + (available only on systems with lchown system call)\n\
1208 + -f, --silent, --quiet suppress most error messages\n\
1209 + --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
1210 + -u, --user=USER set user USER in the target security context\n\
1211 + -r, --role=ROLE set role ROLE in the target security context\n\
1212 + -t, --type=TYPE set type TYPE in the target security context\n\
1213 + -l, --range=RANGE set range RANGE in the target security context\n\
1214 + -R, --recursive change files and directories recursively\n\
1215 + -v, --verbose output a diagnostic for every file processed\n\
1216 + --help display this help and exit\n\
1217 + --version output version information and exit\n\
1225 +main (int argc, char **argv)
1227 + security_context_t ref_context = NULL;
1230 + int component_specified = 0;
1232 + program_name = argv[0];
1233 + setlocale (LC_ALL, "");
1234 + bindtextdomain (PACKAGE, LOCALEDIR);
1235 + textdomain (PACKAGE);
1237 + recurse = force_silent = 0;
1239 + while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
1246 + specified_user = optarg;
1247 + component_specified = 1;
1250 + specified_role = optarg;
1251 + component_specified = 1;
1254 + specified_type = optarg;
1255 + component_specified = 1;
1258 + specified_range = optarg;
1259 + component_specified = 1;
1261 + case CHAR_MAX + 1:
1262 + reference_file = optarg;
1268 + verbosity = V_changes_only;
1274 + change_symlinks = 1;
1277 + verbosity = V_high;
1286 + printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
1295 + if (reference_file && component_specified)
1297 + error (0, 0, _("conflicting security context specifiers given"));
1301 + if (!(((reference_file || component_specified)
1302 + && (argc - optind > 0))
1303 + || (argc - optind > 1)))
1305 + error (0, 0, _("too few arguments"));
1309 + if (reference_file)
1311 + if (getfilecon (reference_file, &ref_context)<0)
1312 + error (1, errno, "%s", reference_file);
1314 + specified_context = ref_context;
1316 + else if (!component_specified) {
1317 + specified_context = argv[optind++];
1319 + for (; optind < argc; ++optind)
1320 + errors |= change_file_context (argv[optind]);
1322 + if (verbosity != V_off)
1324 + if (ref_context != NULL)
1325 + freecon(ref_context);
1328 diff -Nur coreutils-6.4/src/copy.c coreutils-6.4.selinux/src/copy.c
1329 --- coreutils-6.4/src/copy.c 2006-10-22 16:54:15.000000000 +0000
1330 +++ coreutils-6.4.selinux/src/copy.c 2006-10-31 23:39:34.000000000 +0000
1332 #include "xreadlink.h"
1335 +#ifdef WITH_SELINUX
1336 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1337 +extern int selinux_enabled;
1341 # define HAVE_FCHOWN false
1342 # define fchown(fd, uid, gid) (-1)
1343 @@ -1473,6 +1478,34 @@
1344 In such cases, set this variable to zero. */
1345 preserve_metadata = true;
1347 +#ifdef WITH_SELINUX
1348 + if (x->preserve_security_context && selinux_enabled)
1350 + security_context_t con;
1352 + if (lgetfilecon (src_name, &con) >= 0)
1354 + if (setfscreatecon(con) < 0)
1356 + error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
1357 + if (x->require_preserve) {
1365 + if ( errno == ENOTSUP ) {
1366 + error (0, errno, _("warning: security context not preserved %s"), quote (src_name));
1368 + error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
1375 if (S_ISDIR (src_mode))
1377 struct dir_list *dir;
1378 @@ -1544,6 +1577,10 @@
1380 /* Here, we are crossing a file system boundary and cp's -x option
1381 is in effect: so don't copy the contents of this directory. */
1382 +#ifdef WITH_SELINUX
1383 + if (x->preserve_security_context && selinux_enabled)
1384 + setfscreatecon(NULL);
1389 @@ -1689,6 +1728,11 @@
1393 +#ifdef WITH_SELINUX
1394 + if (x->preserve_security_context && selinux_enabled)
1395 + setfscreatecon(NULL);
1398 /* There's no need to preserve timestamps or permissions. */
1399 preserve_metadata = false;
1401 @@ -1789,6 +1833,11 @@
1405 +#ifdef WITH_SELINUX
1406 + if (x->preserve_security_context && selinux_enabled)
1407 + setfscreatecon(NULL);
1410 /* We have failed to create the destination file.
1411 If we've just added a dev/ino entry via the remember_copied
1412 call above (i.e., unless we've just failed to create a hard link),
1413 diff -Nur coreutils-6.4/src/copy.h coreutils-6.4.selinux/src/copy.h
1414 --- coreutils-6.4/src/copy.h 2006-10-22 16:54:15.000000000 +0000
1415 +++ coreutils-6.4.selinux/src/copy.h 2006-10-31 23:39:34.000000000 +0000
1418 bool preserve_timestamps;
1420 +#ifdef WITH_SELINUX
1421 + bool preserve_security_context;
1423 /* Enabled for mv, and for cp by the --preserve=links option.
1424 If true, attempt to preserve in the destination files any
1425 logical hard links between the source files. If used with cp's
1426 diff -Nur coreutils-6.4/src/cp.c coreutils-6.4.selinux/src/cp.c
1427 --- coreutils-6.4/src/cp.c 2006-10-22 16:54:15.000000000 +0000
1428 +++ coreutils-6.4.selinux/src/cp.c 2006-10-31 23:39:34.000000000 +0000
1431 #define AUTHORS "Torbjorn Granlund", "David MacKenzie", "Jim Meyering"
1433 +#ifdef WITH_SELINUX
1434 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1435 +int selinux_enabled=0;
1438 /* Used by do_copy, make_dir_parents_private, and re_protect
1439 to keep a list of leading directories whose protections
1440 need to be fixed after copying. */
1442 {"target-directory", required_argument, NULL, 't'},
1443 {"update", no_argument, NULL, 'u'},
1444 {"verbose", no_argument, NULL, 'v'},
1445 +#ifdef WITH_SELINUX
1446 + {"context", required_argument, NULL, 'Z'},
1448 {GETOPT_HELP_OPTION_DECL},
1449 {GETOPT_VERSION_OPTION_DECL},
1452 additional attributes: links, all\n\
1455 + -c same as --preserve=context\n\
1458 --no-preserve=ATTR_LIST don't preserve the specified attributes\n\
1459 --parents use full source file name under DIRECTORY\n\
1462 destination file is missing\n\
1463 -v, --verbose explain what is being done\n\
1464 -x, --one-file-system stay on this file system\n\
1465 + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
1467 fputs (HELP_OPTION_DESCRIPTION, stdout);
1468 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1469 @@ -729,6 +741,10 @@
1470 x->preserve_mode = false;
1471 x->preserve_timestamps = false;
1473 +#ifdef WITH_SELINUX
1474 + x->preserve_security_context = false;
1477 x->require_preserve = false;
1478 x->recursive = false;
1479 x->sparse_mode = SPARSE_AUTO;
1480 @@ -756,18 +772,19 @@
1481 PRESERVE_TIMESTAMPS,
1487 static enum File_attribute const preserve_vals[] =
1489 PRESERVE_MODE, PRESERVE_TIMESTAMPS,
1490 - PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
1491 + PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
1493 /* Valid arguments to the `--preserve' option. */
1494 static char const* const preserve_args[] =
1496 "mode", "timestamps",
1497 - "ownership", "links", "all", NULL
1498 + "ownership", "links", "context", "all", NULL
1500 ARGMATCH_VERIFY (preserve_args, preserve_vals);
1502 @@ -803,11 +820,16 @@
1503 x->preserve_links = on_off;
1506 + case PRESERVE_CONTEXT:
1507 + x->preserve_security_context = on_off;
1511 x->preserve_mode = on_off;
1512 x->preserve_timestamps = on_off;
1513 x->preserve_ownership = on_off;
1514 x->preserve_links = on_off;
1515 + x->preserve_security_context = on_off;
1519 @@ -832,6 +854,10 @@
1520 bool copy_contents = false;
1521 char *target_directory = NULL;
1522 bool no_target_directory = false;
1523 +#ifdef WITH_SELINUX
1524 + security_context_t scontext = NULL;
1525 + selinux_enabled= (is_selinux_enabled()>0);
1528 initialize_main (&argc, &argv);
1529 program_name = argv[0];
1530 @@ -847,7 +873,13 @@
1531 we'll actually use backup_suffix_string. */
1532 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1534 - while ((c = getopt_long (argc, argv, "abdfHilLprst:uvxPRS:T",
1536 + while ((c = getopt_long (argc, argv,
1537 +#ifdef WITH_SELINUX
1538 + "abcdfHilLprst:uvxPRS:TZ:",
1540 + "abdfHilLprst:uvxPRS:T",
1545 @@ -938,6 +970,35 @@
1549 +#ifdef WITH_SELINUX
1551 + if ( scontext != NULL ) {
1552 + (void) fprintf(stderr, _("%s: cannot force target context <-- %s and preserve it\n"), argv[0], scontext);
1555 + else if (selinux_enabled)
1556 + x.preserve_security_context = true;
1560 + /* politely decline if we're not on a selinux-enabled kernel. */
1561 + if( !selinux_enabled ) {
1562 + fprintf( stderr, _("Warning: ignoring --context (-Z). It requires a SELinux enabled kernel.\n") );
1565 + if ( x.preserve_security_context ) {
1566 + (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], optarg);
1569 + scontext = optarg;
1570 + /* if there's a security_context given set new path
1571 + components to that context, too */
1572 + if ( setfscreatecon(scontext) < 0 ) {
1573 + (void) fprintf(stderr, _("cannot set default security context %s"), scontext);
1579 case REPLY_OPTION: /* Deprecated */
1580 x.interactive = XARGMATCH ("--reply", optarg,
1581 diff -Nur coreutils-6.4/src/id.c coreutils-6.4.selinux/src/id.c
1582 --- coreutils-6.4/src/id.c 2006-10-22 16:54:15.000000000 +0000
1583 +++ coreutils-6.4.selinux/src/id.c 2006-10-31 23:39:34.000000000 +0000
1588 +#ifdef WITH_SELINUX
1589 +#include <selinux/selinux.h>
1590 +static void print_context (char* context);
1591 +/* Print the SELinux context */
1593 +print_context(char *context)
1595 + printf ("%s", context);
1598 +/* If nonzero, output only the SELinux context. -Z */
1599 +static int just_context = 0;
1602 static void print_user (uid_t uid);
1603 static void print_group (gid_t gid);
1604 static void print_group_list (const char *username);
1606 /* True unless errors have been encountered. */
1607 static bool ok = true;
1609 +/* The SELinux context */
1610 +/* Set `context' to a known invalid value so print_full_info() will *
1611 + * know when `context' has not been set to a meaningful value. */
1612 +static security_context_t context=NULL;
1614 static struct option const longopts[] =
1616 + {"context", no_argument, NULL, 'Z'},
1617 {"group", no_argument, NULL, 'g'},
1618 {"groups", no_argument, NULL, 'G'},
1619 {"name", no_argument, NULL, 'n'},
1621 Print information for USERNAME, or the current user.\n\
1623 -a ignore, for compatibility with other versions\n\
1624 + -Z, --context print only the context\n\
1625 -g, --group print only the effective group ID\n\
1626 -G, --groups print all group IDs\n\
1627 -n, --name print a name instead of a number, for -ugG\n\
1629 main (int argc, char **argv)
1632 + int selinux_enabled=(is_selinux_enabled()>0);
1634 /* If true, output the list of all group IDs. -G */
1635 bool just_group_list = false;
1636 @@ -119,13 +141,23 @@
1638 atexit (close_stdout);
1640 - while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
1641 + while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
1646 /* Ignore -a, for compatibility with SVR4. */
1648 +#ifdef WITH_SELINUX
1650 + /* politely decline if we're not on a selinux-enabled kernel. */
1651 + if( !selinux_enabled ) {
1652 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
1661 @@ -148,8 +180,28 @@
1665 - if (just_user + just_group + just_group_list > 1)
1666 - error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
1667 +#ifdef WITH_SELINUX
1668 + if (argc - optind == 1)
1669 + selinux_enabled = 0;
1671 + if( just_context && !selinux_enabled)
1673 +cannot display context when SELinux not enabled or when displaying the id\n\
1674 +of a different user"));
1676 + /* If we are on a selinux-enabled kernel, get our context. *
1677 + * Otherwise, leave the context variable alone - it has *
1678 + * been initialized known invalid value; if we see this invalid *
1679 + * value later, we will know we are on a non-selinux kernel. */
1680 + if( selinux_enabled )
1682 + if (getcon(&context))
1683 + error (1, 0, _("can't get process context"));
1687 + if (just_user + just_group + just_group_list + just_context > 1)
1688 + error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
1690 if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
1691 error (EXIT_FAILURE, 0,
1692 @@ -183,6 +235,10 @@
1693 print_group (use_real ? rgid : egid);
1694 else if (just_group_list)
1695 print_group_list (argv[optind]);
1696 +#ifdef WITH_SELINUX
1697 + else if (just_context)
1698 + print_context (context);
1701 print_full_info (argv[optind]);
1706 #endif /* HAVE_GETGROUPS */
1707 +#ifdef WITH_SELINUX
1708 + if ( context != NULL ) {
1709 + printf(_(" context=%s"),context);
1713 diff -Nur coreutils-6.4/src/install.c coreutils-6.4.selinux/src/install.c
1714 --- coreutils-6.4/src/install.c 2006-10-31 23:38:15.000000000 +0000
1715 +++ coreutils-6.4.selinux/src/install.c 2006-10-31 23:39:34.000000000 +0000
1717 # include <sys/wait.h>
1720 +#ifdef WITH_SELINUX
1721 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
1722 +int selinux_enabled=0;
1726 # define endgrent() ((void) 0)
1728 @@ -128,12 +133,18 @@
1729 static struct option const long_options[] =
1731 {"backup", optional_argument, NULL, 'b'},
1732 +#ifdef WITH_SELINUX
1733 + {"context", required_argument, NULL, 'Z'},
1735 {"directory", no_argument, NULL, 'd'},
1736 {"group", required_argument, NULL, 'g'},
1737 {"mode", required_argument, NULL, 'm'},
1738 {"no-target-directory", no_argument, NULL, 'T'},
1739 {"owner", required_argument, NULL, 'o'},
1740 {"preserve-timestamps", no_argument, NULL, 'p'},
1741 +#ifdef WITH_SELINUX
1742 + {"preserve_context", no_argument, NULL, 'P'},
1744 {"strip", no_argument, NULL, 's'},
1745 {"suffix", required_argument, NULL, 'S'},
1746 {"target-directory", required_argument, NULL, 't'},
1751 +#ifdef WITH_SELINUX
1752 + x->preserve_security_context = false;
1754 x->dest_info = NULL;
1757 @@ -302,6 +316,11 @@
1758 bool no_target_directory = false;
1761 +#ifdef WITH_SELINUX
1762 + security_context_t scontext = NULL;
1763 + /* set iff kernel has extra selinux system calls */
1764 + selinux_enabled = (is_selinux_enabled()>0);
1767 initialize_main (&argc, &argv);
1768 program_name = argv[0];
1769 @@ -323,8 +342,13 @@
1770 we'll actually use backup_suffix_string. */
1771 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
1773 - while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:", long_options,
1775 + while ((optc = getopt_long (argc, argv,
1776 +#ifdef WITH_SELINUX
1777 + "bcCsDdg:m:o:pPt:TvS:Z:",
1779 + "bcCsDdg:m:o:pt:TvS:",
1781 + long_options, NULL)) != -1)
1785 @@ -388,6 +412,37 @@
1787 no_target_directory = true;
1789 +#ifdef WITH_SELINUX
1791 + /* politely decline if we're not on a selinux-enabled kernel. */
1792 + if( !selinux_enabled ) {
1793 + fprintf( stderr, _("Warning: ignoring --preserve_context (-P) because the kernel is not SELinux-enabled.\n") );
1796 + if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
1797 + (void) fprintf(stderr, _("%s: cannot force target context to '%s' and preserve it\n"), argv[0], scontext);
1800 + x.preserve_security_context = true;
1803 + /* politely decline if we're not on a selinux-enabled kernel. */
1804 + if( !selinux_enabled) {
1805 + fprintf( stderr, _("Warning: ignoring --context (-Z) because the kernel is not SELinux-enabled.\n") );
1808 + if ( x.preserve_security_context ) {
1810 + (void) fprintf(stderr, _("%s: cannot force target context == '%s' and preserve it\n"), argv[0], optarg);
1813 + scontext = optarg;
1814 + if (setfscreatecon(scontext)) {
1815 + (void) fprintf(stderr, _("%s: cannot setup default context == '%s'\n"), argv[0], scontext);
1820 case_GETOPT_HELP_CHAR;
1821 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1823 @@ -781,6 +836,11 @@
1824 -T, --no-target-directory treat DEST as a normal file\n\
1825 -v, --verbose print the name of each directory as it is created\n\
1828 + -P, --preserve_context (SELinux) Preserve security context\n\
1829 + -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
1832 fputs (HELP_OPTION_DESCRIPTION, stdout);
1833 fputs (VERSION_OPTION_DESCRIPTION, stdout);
1835 diff -Nur coreutils-6.4/src/ls.c coreutils-6.4.selinux/src/ls.c
1836 --- coreutils-6.4/src/ls.c 2006-10-22 16:54:15.000000000 +0000
1837 +++ coreutils-6.4.selinux/src/ls.c 2006-10-31 23:39:34.000000000 +0000
1838 @@ -110,6 +110,17 @@
1840 #define AUTHORS "Richard Stallman", "David MacKenzie"
1842 +#ifdef WITH_SELINUX
1843 +#include <selinux/selinux.h>
1844 +int selinux_enabled= 0;
1845 +static int print_scontext = 0;
1846 +#define check_selinux() if (!selinux_enabled) { \
1847 + fprintf( stderr, _("Sorry, this option can only be used on a SELinux-enabled kernel.\n") ); \
1848 + exit( EXIT_FAILURE ); \
1853 #define obstack_chunk_alloc malloc
1854 #define obstack_chunk_free free
1856 @@ -175,6 +186,10 @@
1857 /* For long listings, true if the file has an access control list. */
1861 +#ifdef WITH_SELINUX
1862 + security_context_t scontext;
1868 static void sort_files (void);
1869 static void parse_ls_color (void);
1870 void usage (int status);
1871 +#ifdef WITH_SELINUX
1872 +static void print_scontext_format (const struct fileinfo *f);
1875 /* The name this program was run with. */
1877 @@ -353,7 +371,10 @@
1878 one_per_line, /* -1 */
1879 many_per_line, /* -C */
1880 horizontal, /* -x */
1881 - with_commas /* -m */
1882 +#ifdef WITH_SELINUX
1883 + security_format, /* -Z */
1885 + with_commas /* -m */
1888 static enum format format;
1889 @@ -734,6 +755,11 @@
1890 SHOW_CONTROL_CHARS_OPTION,
1893 +#ifdef WITH_SELINUX
1901 @@ -780,6 +806,11 @@
1902 {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
1903 {"color", optional_argument, NULL, COLOR_OPTION},
1904 {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
1905 +#ifdef WITH_SELINUX
1906 + {"context", no_argument, 0, CONTEXT_OPTION},
1907 + {"lcontext", no_argument, 0, LCONTEXT_OPTION},
1908 + {"scontext", no_argument, 0, SCONTEXT_OPTION},
1910 {"author", no_argument, NULL, AUTHOR_OPTION},
1911 {GETOPT_HELP_OPTION_DECL},
1912 {GETOPT_VERSION_OPTION_DECL},
1913 @@ -789,11 +820,18 @@
1914 static char const *const format_args[] =
1916 "verbose", "long", "commas", "horizontal", "across",
1917 - "vertical", "single-column", NULL
1918 + "vertical", "single-column",
1919 +#ifdef WITH_SELINUX
1924 static enum format const format_types[] =
1926 long_format, long_format, with_commas, horizontal, horizontal,
1927 +#ifdef WITH_SELINUX
1930 many_per_line, one_per_line
1932 ARGMATCH_VERIFY (format_args, format_types);
1933 @@ -1218,6 +1256,9 @@
1935 format_needs_stat = sort_type == sort_time || sort_type == sort_size
1936 || format == long_format
1937 +#ifdef WITH_SELINUX
1938 + || format == security_format || print_scontext
1940 || print_block_size;
1941 format_needs_type = (! format_needs_stat
1943 @@ -1361,6 +1402,11 @@
1944 /* Record whether there is an option specifying sort type. */
1945 bool sort_type_specified = false;
1947 +#ifdef WITH_SELINUX
1948 + /* 1 iff kernel has new selinux system calls */
1949 + selinux_enabled= (is_selinux_enabled()>0);
1952 qmark_funny_chars = false;
1954 /* initialize all switches to default settings */
1955 @@ -1411,6 +1457,9 @@
1956 ignore_mode = IGNORE_DEFAULT;
1957 ignore_patterns = NULL;
1958 hide_patterns = NULL;
1959 +#ifdef WITH_SELINUX
1960 + print_scontext = 0;
1963 /* FIXME: put this in a function. */
1965 @@ -1486,7 +1535,7 @@
1968 while ((c = getopt_long (argc, argv,
1969 - "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
1970 + "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
1971 long_options, NULL)) != -1)
1974 @@ -1609,6 +1658,13 @@
1975 format = horizontal;
1978 +#ifdef WITH_SELINUX
1981 + print_scontext = 1;
1982 + format = security_format;
1986 if (ignore_mode == IGNORE_DEFAULT)
1987 ignore_mode = IGNORE_DOT_AND_DOTDOT;
1988 @@ -1789,6 +1845,25 @@
1990 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
1992 +#ifdef WITH_SELINUX
1994 + case CONTEXT_OPTION: /* new security format */
1996 + print_scontext = 1;
1997 + format = security_format;
1999 + case LCONTEXT_OPTION: /* long format plus security context */
2001 + print_scontext = 1;
2002 + format = long_format;
2004 + case SCONTEXT_OPTION: /* short form of new security format */
2006 + print_scontext = 0;
2007 + format = security_format;
2014 @@ -2485,6 +2558,12 @@
2015 struct fileinfo *f = sorted_file[i];
2018 +#ifdef WITH_SELINUX
2019 + if (f->scontext) {
2020 + freecon (f->scontext);
2027 @@ -2527,6 +2608,9 @@
2028 memset (f, '\0', sizeof *f);
2029 f->stat.st_ino = inode;
2031 +#ifdef WITH_SELINUX
2032 + f->scontext = NULL;
2035 if (command_line_arg
2036 || format_needs_stat
2037 @@ -2582,7 +2666,12 @@
2040 err = stat (absolute_name, &f->stat);
2042 +#ifdef WITH_SELINUX
2044 + if (selinux_enabled && (format == security_format || print_scontext))
2045 + getfilecon(absolute_name, &f->scontext);
2048 if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
2051 @@ -2600,6 +2689,11 @@
2053 default: /* DEREF_NEVER */
2054 err = lstat (absolute_name, &f->stat);
2055 +#ifdef WITH_SELINUX
2057 + if (selinux_enabled && (format == security_format || print_scontext))
2058 + lgetfilecon(absolute_name, &f->scontext);
2063 @@ -3158,6 +3252,16 @@
2064 DIRED_PUTCHAR ('\n');
2068 +#ifdef WITH_SELINUX
2069 + case security_format:
2070 + for (i = 0; i < cwd_n_used; i++)
2072 + print_scontext_format (sorted_file[i]);
2073 + DIRED_PUTCHAR ('\n');
2080 @@ -3412,6 +3516,14 @@
2081 The latter is wrong when nlink_width is zero. */
2084 +#ifdef WITH_SELINUX
2086 + if ( print_scontext ) {
2087 + sprintf (p, "%-32s ", f->scontext);
2094 if (print_owner | print_group | print_author)
2095 @@ -4347,6 +4459,16 @@
2096 -X sort alphabetically by entry extension\n\
2097 -1 list one file per line\n\
2099 +#ifdef WITH_SELINUX
2100 +printf(_("\nSELinux options:\n\n\
2101 + --lcontext Display security context. Enable -l. Lines\n\
2102 + will probably be too wide for most displays.\n\
2103 + -Z, --context Display security context so it fits on most\n\
2104 + displays. Displays only mode, user, group,\n\
2105 + security context and file name.\n\
2106 + --scontext Display only security context and file name.\n\
2109 fputs (HELP_OPTION_DESCRIPTION, stdout);
2110 fputs (VERSION_OPTION_DESCRIPTION, stdout);
2112 @@ -4370,3 +4492,79 @@
2117 +#ifdef WITH_SELINUX
2120 +print_scontext_format (const struct fileinfo *f)
2124 + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
2125 + 1 10-byte mode string,
2126 + 9 spaces, one following each of these fields, and
2127 + 1 trailing NUL byte. */
2129 + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
2130 + char *buf = init_bigbuf;
2131 + size_t bufsize = sizeof (init_bigbuf);
2142 + if ( print_scontext ) { /* zero means terse listing */
2143 + filemodestring (&f->stat, modebuf);
2144 + modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
2145 + modebuf[11] = '\0';
2149 + (void) sprintf (p, "%s ", modebuf);
2152 + /* print standard user and group */
2154 + user_name = (numeric_ids ? NULL : getuser (f->stat.st_uid));
2156 + (void) sprintf (p, "%-8.8s ", user_name);
2158 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid);
2161 + if ( print_group ) {
2162 + group_name = (numeric_ids ? NULL : getgroup (f->stat.st_gid));
2164 + (void) sprintf (p, "%-8.8s ", group_name);
2166 + (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid);
2171 + (void) sprintf (p, "%-32s ", f->scontext);
2175 + DIRED_FPUTS (buf, stdout, p - buf);
2176 + print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, f->stat_ok, f->filetype, &dired_obstack);
2178 + if (f->filetype == symbolic_link) {
2179 + if (f->linkname) {
2180 + DIRED_FPUTS_LITERAL (" -> ", stdout);
2181 + print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, f->stat_ok, f->filetype, NULL);
2182 + if (indicator_style != none)
2183 + print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
2187 + if (indicator_style != none)
2188 + print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
2192 diff -Nur coreutils-6.4/src/mkdir.c coreutils-6.4.selinux/src/mkdir.c
2193 --- coreutils-6.4/src/mkdir.c 2006-10-22 16:54:15.000000000 +0000
2194 +++ coreutils-6.4.selinux/src/mkdir.c 2006-10-31 23:39:34.000000000 +0000
2197 #define AUTHORS "David MacKenzie"
2199 +#ifdef WITH_SELINUX
2200 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
2203 /* The name this program was run with. */
2206 static struct option const longopts[] =
2208 +#ifdef WITH_SELINUX
2209 + {"context", required_argument, NULL, 'Z'},
2211 {"mode", required_argument, NULL, 'm'},
2212 {"parents", no_argument, NULL, 'p'},
2213 {"verbose", no_argument, NULL, 'v'},
2215 Create the DIRECTORY(ies), if they do not already exist.\n\
2218 +#ifdef WITH_SELINUX
2220 + -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
2224 Mandatory arguments to long options are mandatory for short options too.\n\
2226 @@ -154,7 +166,11 @@
2228 atexit (close_stdout);
2230 +#ifdef WITH_SELINUX
2231 + while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
2233 while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
2238 @@ -167,6 +183,19 @@
2239 case 'v': /* --verbose */
2240 options.created_directory_format = _("created directory %s");
2242 +#ifdef WITH_SELINUX
2244 + /* politely decline if we're not on a selinux-enabled kernel. */
2245 + if( !(is_selinux_enabled()>0)) {
2246 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
2249 + if (setfscreatecon(optarg)) {
2250 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
2255 case_GETOPT_HELP_CHAR;
2256 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
2258 diff -Nur coreutils-6.4/src/mkfifo.c coreutils-6.4.selinux/src/mkfifo.c
2259 --- coreutils-6.4/src/mkfifo.c 2006-10-22 16:54:15.000000000 +0000
2260 +++ coreutils-6.4.selinux/src/mkfifo.c 2006-10-31 23:39:34.000000000 +0000
2263 #define AUTHORS "David MacKenzie"
2265 +#ifdef WITH_SELINUX
2266 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
2269 /* The name this program was run with. */
2272 static struct option const longopts[] =
2274 +#ifdef WITH_SELINUX
2275 + {"context", required_argument, NULL, 'Z'},
2277 {"mode", required_argument, NULL, 'm'},
2278 {GETOPT_HELP_OPTION_DECL},
2279 {GETOPT_VERSION_OPTION_DECL},
2281 Create named pipes (FIFOs) with the given NAMEs.\n\
2284 +#ifdef WITH_SELINUX
2286 + -Z, --context=CONTEXT set security context (quoted string)\n\
2290 Mandatory arguments to long options are mandatory for short options too.\n\
2294 atexit (close_stdout);
2296 - while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
2297 + while ((optc = getopt_long (argc, argv,
2298 +#ifdef WITH_SELINUX
2303 + longopts, NULL)) != -1)
2308 specified_mode = optarg;
2310 +#ifdef WITH_SELINUX
2312 + if( !(is_selinux_enabled()>0)) {
2313 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
2316 + if (setfscreatecon(optarg)) {
2317 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
2322 case_GETOPT_HELP_CHAR;
2323 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
2325 diff -Nur coreutils-6.4/src/mknod.c coreutils-6.4.selinux/src/mknod.c
2326 --- coreutils-6.4/src/mknod.c 2006-10-22 16:54:15.000000000 +0000
2327 +++ coreutils-6.4.selinux/src/mknod.c 2006-10-31 23:39:34.000000000 +0000
2329 /* The name this program was run with. */
2332 +#ifdef WITH_SELINUX
2333 +#include <selinux/selinux.h>
2336 static struct option const longopts[] =
2338 +#ifdef WITH_SELINUX
2339 + {"context", required_argument, NULL, 'Z'},
2341 {"mode", required_argument, NULL, 'm'},
2342 {GETOPT_HELP_OPTION_DECL},
2343 {GETOPT_VERSION_OPTION_DECL},
2345 Create the special file NAME of the given TYPE.\n\
2348 +#ifdef WITH_SELINUX
2350 + -Z, --context=CONTEXT set security context (quoted string)\n\
2354 Mandatory arguments to long options are mandatory for short options too.\n\
2356 @@ -101,13 +113,30 @@
2358 atexit (close_stdout);
2360 +#ifdef WITH_SELINUX
2361 + while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
2363 while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
2369 specified_mode = optarg;
2371 +#ifdef WITH_SELINUX
2373 + /* politely decline if we're not on a selinux-enabled kernel. */
2374 + if( !(is_selinux_enabled()>0)) {
2375 + fprintf( stderr, _("Sorry, --context (-Z) can be used only on a SELinux-enabled kernel.\n") );
2378 + if (setfscreatecon(optarg)) {
2379 + fprintf( stderr, _("Sorry, cannot set default context to %s.\n"), optarg);
2384 case_GETOPT_HELP_CHAR;
2385 case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
2387 diff -Nur coreutils-6.4/src/mv.c coreutils-6.4.selinux/src/mv.c
2388 --- coreutils-6.4/src/mv.c 2006-10-22 16:54:15.000000000 +0000
2389 +++ coreutils-6.4.selinux/src/mv.c 2006-10-31 23:39:34.000000000 +0000
2394 +#ifdef WITH_SELINUX
2395 +#include <selinux/selinux.h> /* for is_selinux_enabled() */
2396 +int selinux_enabled=0;
2399 /* The official name of this program (e.g., no `g' prefix). */
2400 #define PROGRAM_NAME "mv"
2403 x->preserve_links = true;
2404 x->preserve_mode = true;
2405 x->preserve_timestamps = true;
2406 +#ifdef WITH_SELINUX
2407 + x->preserve_security_context = true;
2409 x->require_preserve = false; /* FIXME: maybe make this an option */
2410 x->recursive = true;
2411 x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
2412 @@ -356,6 +364,10 @@
2414 cp_option_init (&x);
2416 +#ifdef WITH_SELINUX
2417 + selinux_enabled= (is_selinux_enabled()>0);
2420 /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
2421 we'll actually use backup_suffix_string. */
2422 backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
2423 diff -Nur coreutils-6.4/src/runcon.c coreutils-6.4.selinux/src/runcon.c
2424 --- coreutils-6.4/src/runcon.c 1970-01-01 00:00:00.000000000 +0000
2425 +++ coreutils-6.4.selinux/src/runcon.c 2006-10-31 23:39:34.000000000 +0000
2428 + * runcon [ context |
2429 + * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
2430 + * command [arg1 [arg2 ...] ]
2432 + * attempt to run the specified command with the specified context.
2434 + * -r role : use the current context with the specified role
2435 + * -t type : use the current context with the specified type
2436 + * -u user : use the current context with the specified user
2437 + * -l level : use the current context with the specified level range
2439 + * Contexts are interpreted as follows:
2442 + * components system?
2446 + * 3 Y role:type:range
2447 + * 3 N user:role:type
2448 + * 4 Y user:role:type:range
2452 +#include <config.h>
2453 +#include <unistd.h>
2455 +#include <getopt.h>
2456 +#include <selinux/context.h>
2457 +#include <selinux/selinux.h>
2459 +#include "system.h"
2462 +/* The name the program was run with. */
2463 +char *program_name;
2468 + printf(_("Usage: %s [OPTION]... command [args]\n"
2469 + "Run a program in a different security context.\n\n"
2470 + " context Complete security context\n"
2471 + " -t type (for same role as parent)\n"
2472 + " -u user identity\n"
2474 + " -l levelrange\n"
2475 + " --help display this help and exit\n"),
2481 +main(int argc,char **argv,char **envp )
2487 + char *context = NULL;
2488 + security_context_t cur_context = NULL;
2492 + program_name = argv[0];
2493 + setlocale (LC_ALL, "");
2494 + bindtextdomain (PACKAGE, LOCALEDIR);
2495 + textdomain (PACKAGE);
2499 + int this_option_optind = optind ? optind : 1;
2500 + int option_index = 0;
2501 + static struct option long_options[] = {
2502 + { "role", 1, 0, 'r' },
2503 + { "type", 1, 0, 't' },
2504 + { "user", 1, 0, 'u' },
2505 + { "range", 1, 0, 'l' },
2506 + { "help", 0, 0, '?' },
2509 + c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index);
2516 + fprintf(stderr,_("multiple roles\n"));
2523 + fprintf(stderr,_("multiple types\n"));
2530 + fprintf(stderr,_("multiple users\n"));
2537 + fprintf(stderr,_("multiple levelranges\n"));
2543 + fprintf(stderr,_("unrecognised option %c\n"),c);
2549 + if ( !(user || role || type || range)) {
2550 + if ( optind >= argc ) {
2551 + usage(_("must specify -t, -u, -l, -r, or context"));
2553 + context = argv[optind++];
2556 + if ( optind >= argc ) {
2557 + usage(_("no command found"));
2561 + con = context_new(context);
2563 + fprintf(stderr,_("%s is not a valid context\n"), context);
2568 + getcon(&cur_context);
2569 + con = context_new(cur_context);
2571 + fprintf(stderr,_("%s is not a valid context\n"), context);
2575 + context_user_set(con,user);
2578 + context_type_set(con,type);
2581 + context_range_set(con,range);
2584 + context_role_set(con,role);
2588 + if (setexeccon(context_str(con))!=0) {
2589 + fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
2592 + if (cur_context!=NULL)
2593 + freecon(cur_context);
2595 + if ( execvp(argv[optind],argv+optind) ) {
2599 + return 1; /* can't reach this statement.... */
2601 diff -Nur coreutils-6.4/src/stat.c coreutils-6.4.selinux/src/stat.c
2602 --- coreutils-6.4/src/stat.c 2006-10-22 16:54:15.000000000 +0000
2603 +++ coreutils-6.4.selinux/src/stat.c 2006-10-31 23:39:48.000000000 +0000
2605 # include <fs_info.h>
2608 +#ifdef WITH_SELINUX
2609 +#include <selinux/selinux.h>
2610 +#define SECURITY_ID_T security_context_t
2612 +#define SECURITY_ID_T char *
2619 {"dereference", no_argument, NULL, 'L'},
2620 {"file-system", no_argument, NULL, 'f'},
2621 {"filesystem", no_argument, NULL, 'f'}, /* obsolete and undocumented alias */
2622 + {"context", no_argument, 0, 'Z'},
2623 {"format", required_argument, NULL, 'c'},
2624 {"printf", required_argument, NULL, PRINTF_OPTION},
2625 {"terse", no_argument, NULL, 't'},
2627 /* print statfs info */
2629 print_statfs (char *pformat, size_t prefix_len, char m, char const *filename,
2631 + void const *data, SECURITY_ID_T scontext)
2633 STRUCT_STATVFS const *statfsbuf = data;
2637 out_int (pformat, prefix_len, statfsbuf->f_ffree);
2641 + out_string (pformat, prefix_len, scontext);
2644 fputc ('?', stdout);
2647 /* print stat info */
2649 print_stat (char *pformat, size_t prefix_len, char m,
2650 - char const *filename, void const *data)
2651 + char const *filename, void const *data, SECURITY_ID_T scontext)
2653 struct stat *statbuf = (struct stat *) data;
2654 struct passwd *pw_ent;
2657 out_uint (pformat, prefix_len, statbuf->st_ctime);
2660 + out_string (pformat, prefix_len, scontext);
2663 fputc ('?', stdout);
2668 print_it (char const *format, char const *filename,
2669 - void (*print_func) (char *, size_t, char, char const *, void const *),
2671 + void (*print_func) (char *, size_t, char, char const *, void const *, SECURITY_ID_T),
2672 + void const *data, SECURITY_ID_T scontext)
2674 /* Add 2 to accommodate our conversion of the stat `%s' format string
2675 to the longer printf `%llu' one. */
2680 - print_func (dest, len + 1, *fmt_char, filename, data);
2681 + print_func (dest, len + 1, *fmt_char, filename, data, scontext);
2685 @@ -746,9 +759,17 @@
2687 /* Stat the file system and print what we find. */
2689 -do_statfs (char const *filename, bool terse, char const *format)
2690 +do_statfs (char const *filename, bool terse, bool secure, char const *format)
2692 STRUCT_STATVFS statfsbuf;
2693 + SECURITY_ID_T scontext = NULL;
2694 +#ifdef WITH_SELINUX
2696 + if (getfilecon(filename,&scontext)<0) {
2697 + perror (filename);
2702 if (STATFS (filename, &statfsbuf) != 0)
2704 @@ -759,25 +780,45 @@
2709 - ? "%n %i %l %t %s %S %b %f %a %c %d\n"
2710 - : " File: \"%n\"\n"
2711 - " ID: %-8i Namelen: %-7l Type: %T\n"
2712 - "Block size: %-10s Fundamental block size: %S\n"
2713 - "Blocks: Total: %-10b Free: %-10f Available: %a\n"
2714 - "Inodes: Total: %-10c Free: %d\n");
2718 + format = "%n %i %l %t %s %S %b %f %a %c %d %C\n";
2720 + format = "%n %i %l %t %s %S %b %f %a %c %d\n";
2725 + format = " File: \"%n\"\n"
2726 + " ID: %-8i Namelen: %-7l Type: %T\n"
2727 + "Block size: %-10s Fundamental block size: %S\n"
2728 + "Blocks: Total: %-10b Free: %-10f Available: %a\n"
2729 + "Inodes: Total: %-10c Free: %d\n"
2730 + " S_Context: %C\n";
2732 + format = " File: \"%n\"\n"
2733 + " ID: %-8i Namelen: %-7l Type: %T\n"
2734 + "Block size: %-10s Fundamental block size: %S\n"
2735 + "Blocks: Total: %-10b Free: %-10f Available: %a\n"
2736 + "Inodes: Total: %-10c Free: %d\n";
2739 + print_it (format, filename, print_statfs, &statfsbuf, scontext);
2740 +#ifdef WITH_SELINUX
2741 + if (scontext != NULL)
2742 + freecon(scontext);
2745 - print_it (format, filename, print_statfs, &statfsbuf);
2749 /* stat the file and print what we find */
2751 -do_stat (char const *filename, bool follow_links, bool terse,
2752 +do_stat (char const *filename, bool follow_links, bool terse, bool secure,
2755 struct stat statbuf;
2756 + SECURITY_ID_T scontext = NULL;
2758 if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
2760 @@ -785,11 +826,29 @@
2764 +#ifdef WITH_SELINUX
2768 + i=lgetfilecon(filename, &scontext);
2770 + i=getfilecon(filename, &scontext);
2773 + perror (filename);
2783 - format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
2785 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n";
2787 + format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
2791 @@ -797,7 +856,17 @@
2793 if (S_ISBLK (statbuf.st_mode) || S_ISCHR (statbuf.st_mode))
2799 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2800 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2801 + " Device type: %t,%T\n"
2802 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2803 + " S_Context: %C\n"
2804 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2808 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2809 "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
2810 @@ -807,6 +876,15 @@
2817 + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2818 + "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n"
2819 + "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
2821 + "Access: %x\n" "Modify: %y\n" "Change: %z\n";
2825 " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
2826 @@ -816,7 +894,11 @@
2830 - print_it (format, filename, print_stat, &statbuf);
2831 + print_it (format, filename, print_stat, &statbuf, scontext);
2832 +#ifdef WITH_SELINUX
2834 + freecon(scontext);
2840 --printf=FORMAT like --format, but interpret backslash escapes,\n\
2841 and do not output a mandatory trailing newline.\n\
2842 If you want a newline, include \\n in FORMAT.\n\
2843 + -Z, --context print the security context\n\
2844 -t, --terse print the information in terse form\n\
2846 fputs (HELP_OPTION_DESCRIPTION, stdout);
2848 %c Total file nodes in file system\n\
2849 %d Free file nodes in file system\n\
2850 %f Free blocks in file system\n\
2851 + %C Security context in SELinux\n\
2854 %i File System ID in hex\n\
2857 bool follow_links = false;
2859 + bool secure = false;
2861 char *format = NULL;
2863 @@ -927,7 +1012,7 @@
2865 atexit (close_stdout);
2867 - while ((c = getopt_long (argc, argv, "c:fLt", long_options, NULL)) != -1)
2868 + while ((c = getopt_long (argc, argv, "c:fLtZ", long_options, NULL)) != -1)
2872 @@ -946,6 +1031,14 @@
2874 follow_links = true;
2877 + if((is_selinux_enabled()>0))
2880 + error (0, 0, _("Kernel is not SELinux enabled"));
2881 + usage (EXIT_FAILURE);
2887 @@ -972,8 +1065,8 @@
2889 for (i = optind; i < argc; i++)
2891 - ? do_statfs (argv[i], terse, format)
2892 - : do_stat (argv[i], follow_links, terse, format));
2893 + ? do_statfs (argv[i], terse, secure, format)
2894 + : do_stat (argv[i], follow_links, terse, secure, format));
2896 exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
2898 diff -Nur coreutils-6.4/tests/help-version coreutils-6.4.selinux/tests/help-version
2899 --- coreutils-6.4/tests/help-version 2006-10-22 16:54:15.000000000 +0000
2900 +++ coreutils-6.4.selinux/tests/help-version 2006-10-31 23:39:34.000000000 +0000
2903 # Skip `test'; it doesn't accept --help or --version.
2904 test $i = test && continue;
2905 + test $i = chcon && continue;
2906 + test $i = runcon && continue;
2908 # false fails even when invoked with --help or --version.
2909 if test $i = false; then
2912 for i in $all_programs; do
2914 - case $i in chroot|stty|tty|false) continue;; esac
2915 + case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
2917 rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out