-diff -Nur coreutils-5.0/README coreutils-5.0.new/README
---- coreutils-5.0/README 2003-03-29 15:24:00.000000000 +0100
-+++ coreutils-5.0.new/README 2003-06-20 12:10:09.000000000 +0200
-@@ -7,11 +7,11 @@
-
- The programs that can be built with this package are:
-
-- basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd
-+ basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd
- df dir dircolors dirname du echo env expand expr factor false fmt fold
- ginstall groups head hostid hostname id join kill link ln logname ls
- md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
-- printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort
-+ printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum shred sleep sort
- split stat stty su sum sync tac tail tee test touch tr true tsort tty
- uname unexpand uniq unlink uptime users vdir wc who whoami yes
-
-diff -Nur coreutils-5.0/man/Makefile.am coreutils-5.0.new/man/Makefile.am
---- coreutils-5.0/man/Makefile.am 2003-06-20 12:00:57.000000000 +0200
-+++ coreutils-5.0.new/man/Makefile.am 2003-06-20 12:12:08.000000000 +0200
+diff -urN coreutils-5.0.org/config.hin coreutils-5.0/config.hin
+--- coreutils-5.0.org/config.hin 2003-12-27 12:26:28.926095552 +0100
++++ coreutils-5.0/config.hin 2003-12-27 12:28:20.345157280 +0100
+@@ -1427,3 +1427,7 @@
+ /* Define to empty if the keyword `volatile' does not work. Warning: valid
+ code using `volatile' can become incorrect without. Disable with care. */
+ #undef volatile
++
++/* Define if you want to use SELINUX */
++#undef WITH_SELINUX
++
+diff -urN coreutils-5.0.org/configure.ac coreutils-5.0/configure.ac
+--- coreutils-5.0.org/configure.ac 2003-12-27 12:26:28.584147536 +0100
++++ coreutils-5.0/configure.ac 2003-12-27 12:27:54.896026136 +0100
+@@ -15,6 +15,13 @@
+ LIB_PAM="-ldl -lpam -lpam_misc"
+ )
+
++dnl Give the chance to enable PAM
++AC_ARG_ENABLE(selinux, dnl
++[ --enable-selinux Enable use of the SELINUX libraries],
++[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
++LIB_SELINUX="-lselinux"
++AC_SUBST(LIB_SELINUX)])
++
+ AC_GNU_SOURCE
+ jm_PERL
+ AC_PROG_CC
+diff -urN coreutils-5.0.org/man/chcon.1 coreutils-5.0/man/chcon.1
+--- coreutils-5.0.org/man/chcon.1 1970-01-01 01:00:00.000000000 +0100
++++ coreutils-5.0/man/chcon.1 2003-12-27 12:26:52.965441016 +0100
+@@ -0,0 +1,52 @@
++.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
++.SH NAME
++chcon \- change security context
++.SH SYNOPSIS
++.B chcon
++[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
++.br
++.B chcon
++[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
++.SH DESCRIPTION
++.PP
++." Add any additional description here
++.PP
++Change the security context of each FILE to CONTEXT.
++.TP
++\fB\-c\fR, \fB\-\-changes\fR
++like verbose but report only when a change is made
++.TP
++\fB\-h\fR, \fB\-\-no\-dereference\fR
++affect symbolic links instead of any referenced file (available only on systems with lchown system call)
++.TP
++\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
++suppress most error messages
++.TP
++\fB\-\-reference\fR=\fIRFILE\fR
++use RFILE's context instead of using a CONTEXT value
++.TP
++\fB\-R\fR, \fB\-\-recursive\fR
++change files and directories recursively
++.TP
++\fB\-v\fR, \fB\-\-verbose\fR
++output a diagnostic for every file processed
++.TP
++\fB\-\-help\fR
++display this help and exit
++.TP
++\fB\-\-version\fR
++output version information and exit
++.SH "REPORTING BUGS"
++Report bugs to <email@host.com>.
++.SH "SEE ALSO"
++The full documentation for
++.B chcon
++is maintained as a Texinfo manual. If the
++.B info
++and
++.B chcon
++programs are properly installed at your site, the command
++.IP
++.B info chcon
++.PP
++should give you access to the complete manual.
+diff -urN coreutils-5.0.org/man/chcon.x coreutils-5.0/man/chcon.x
+--- coreutils-5.0.org/man/chcon.x 1970-01-01 01:00:00.000000000 +0100
++++ coreutils-5.0/man/chcon.x 2003-12-27 12:26:52.962441472 +0100
+@@ -0,0 +1,4 @@
++[NAME]
++chcon \- change file security context
++[DESCRIPTION]
++.\" Add any additional description here
+diff -urN coreutils-5.0.org/man/cp.1 coreutils-5.0/man/cp.1
+--- coreutils-5.0.org/man/cp.1 2003-12-27 12:26:28.509158936 +0100
++++ coreutils-5.0/man/cp.1 2003-12-27 12:26:52.965441016 +0100
+@@ -57,7 +57,7 @@
+ .TP
+ \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
+ preserve the specified attributes (default:
+-mode,ownership,timestamps), if possible
++mode,ownership,timestamps) and security contexts, if possible
+ additional attributes: links, all
+ .TP
+ \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
+@@ -109,6 +109,9 @@
+ \fB\-\-help\fR
+ display this help and exit
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context of copy to CONTEXT
++.TP
+ \fB\-\-version\fR
+ output version information and exit
+ .PP
+diff -urN coreutils-5.0.org/man/dir.1 coreutils-5.0/man/dir.1
+--- coreutils-5.0.org/man/dir.1 2003-12-27 12:26:28.485162584 +0100
++++ coreutils-5.0/man/dir.1 2003-12-27 12:26:52.966440864 +0100
+@@ -1,5 +1,5 @@
+-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
+-.TH DIR "1" "March 2003" "dir (coreutils) 5.0" "User Commands"
++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
++.TH DIR "1" "September 2003" "dir (coreutils) 5.0" FSF
+ .SH NAME
+ dir \- list directory contents
+ .SH SYNOPSIS
+@@ -195,6 +195,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELINUX options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -urN coreutils-5.0.org/man/id.1 coreutils-5.0/man/id.1
+--- coreutils-5.0.org/man/id.1 2003-12-27 12:26:28.509158936 +0100
++++ coreutils-5.0/man/id.1 2003-12-27 12:26:52.967440712 +0100
+@@ -13,6 +13,9 @@
+ \fB\-a\fR
+ ignore, for compatibility with other versions
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR
++print only the security context
++.TP
+ \fB\-g\fR, \fB\-\-group\fR
+ print only the effective group ID
+ .TP
+diff -urN coreutils-5.0.org/man/install.1 coreutils-5.0/man/install.1
+--- coreutils-5.0.org/man/install.1 2003-12-27 12:26:28.509158936 +0100
++++ coreutils-5.0/man/install.1 2003-12-27 12:26:52.967440712 +0100
+@@ -1,5 +1,5 @@
+-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
+-.TH INSTALL "1" "March 2003" "install (coreutils) 5.0" "User Commands"
++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
++.TH INSTALL "1" "September 2003" "install (coreutils) 5.0" FSF
+ .SH NAME
+ ginstall \- copy files and set attributes
+ .SH SYNOPSIS
+@@ -56,6 +56,11 @@
+ .TP
+ \fB\-v\fR, \fB\-\-verbose\fR
+ print the name of each directory as it is created
++.HP
++\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
++.TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++(SELinux) Set security context of files and directories
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -urN coreutils-5.0.org/man/ls.1 coreutils-5.0/man/ls.1
+--- coreutils-5.0.org/man/ls.1 2003-12-27 12:26:28.509158936 +0100
++++ coreutils-5.0/man/ls.1 2003-12-27 12:26:52.966440864 +0100
+@@ -1,5 +1,5 @@
+-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
+-.TH LS "1" "March 2003" "ls (coreutils) 5.0" "User Commands"
++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
++.TH LS "1" "September 2003" "ls (coreutils) 5.0" FSF
+ .SH NAME
+ ls \- list directory contents
+ .SH SYNOPSIS
+@@ -195,6 +195,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELinux options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-Z\fR, \fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -urN coreutils-5.0.org/man/Makefile.am coreutils-5.0/man/Makefile.am
+--- coreutils-5.0.org/man/Makefile.am 2003-12-27 12:26:28.345183864 +0100
++++ coreutils-5.0/man/Makefile.am 2003-12-27 12:33:28.969239288 +0100
@@ -9,7 +9,7 @@
rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
SUFFIXES = .x .1
-diff -Nur coreutils-5.0/man/chcon.x coreutils-5.0.new/man/chcon.x
---- coreutils-5.0/man/chcon.x 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-5.0.new/man/chcon.x 2003-06-20 12:10:08.000000000 +0200
-@@ -0,0 +1,4 @@
-+[NAME]
-+chcon \- change file security context
-+[DESCRIPTION]
-+.\" Add any additional description here
-diff -Nur coreutils-5.0/man/runcon.x coreutils-5.0.new/man/runcon.x
---- coreutils-5.0/man/runcon.x 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-5.0.new/man/runcon.x 2003-06-20 12:10:08.000000000 +0200
-@@ -0,0 +1,2 @@
-+[DESCRIPTION]
-+.\" Add any additional description here
-diff -Nur coreutils-5.0/src/Makefile.am coreutils-5.0.new/src/Makefile.am
---- coreutils-5.0/src/Makefile.am 2003-06-20 12:00:57.000000000 +0200
-+++ coreutils-5.0.new/src/Makefile.am 2003-06-20 12:11:21.000000000 +0200
-@@ -4,13 +4,13 @@
- EXTRA_SCRIPTS = nohup
+diff -urN coreutils-5.0.org/man/Makefile.in coreutils-5.0/man/Makefile.in
+--- coreutils-5.0.org/man/Makefile.in 2003-12-27 12:26:28.434170336 +0100
++++ coreutils-5.0/man/Makefile.in 2003-12-27 12:26:52.964441168 +0100
+@@ -1,4 +1,4 @@
+-# Makefile.in generated by automake 1.7.3 from Makefile.am.
++# Makefile.in generated by automake 1.7.7 from Makefile.am.
+ # @configure_input@
+
+ # Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003
+@@ -72,6 +72,7 @@
+ INTLLIBS = @INTLLIBS@
+ KMEM_GROUP = @KMEM_GROUP@
+ LDFLAGS = @LDFLAGS@
++LIBACL = @LIBACL@
+ LIBICONV = @LIBICONV@
+ LIBINTL = @LIBINTL@
+ LIBOBJS = @LIBOBJS@
+@@ -79,6 +80,8 @@
+ LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_NANOSLEEP = @LIB_NANOSLEEP@
++LIB_PAM = @LIB_PAM@
++LIB_SELINUX = @LIB_SELINUX@
+ LN_S = @LN_S@
+ LTLIBICONV = @LTLIBICONV@
+ LTLIBINTL = @LTLIBINTL@
+@@ -152,13 +155,13 @@
+ basename.1 cat.1 chgrp.1 chmod.1 chown.1 chroot.1 cksum.1 comm.1 \
+ cp.1 csplit.1 cut.1 date.1 dd.1 df.1 dir.1 dircolors.1 dirname.1 du.1 \
+ echo.1 env.1 expand.1 expr.1 factor.1 false.1 fmt.1 fold.1 groups.1 \
+- head.1 hostid.1 hostname.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \
++ head.1 hostid.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \
+ ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nice.1 nl.1 nohup.1 od.1 \
+ paste.1 pathchk.1 pinky.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \
+ rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
+ su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
+ tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
+- who.1 whoami.1 yes.1
++ who.1 whoami.1 yes.1 chcon.1 runcon.1
- bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
--bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
-+bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
- ginstall link ln dir vdir ls mkdir \
- mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
- cat cksum comm csplit cut expand fmt fold head join md5sum \
- nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
- basename date dirname echo env expr factor false getgid \
-- hostname id kill logname pathchk printenv printf pwd seq sleep tee \
-+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
- test true tty whoami yes \
- @OPTIONAL_BIN_PROGS@ @DF_PROG@
-@@ -24,15 +24,15 @@
- groups.sh nohup.sh wheel-gen.pl
- CLEANFILES = $(SCRIPTS) su
+ man_aux = $(dist_man_MANS:.1=.x)
+@@ -184,7 +187,7 @@
--INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib
--DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" @DEFS@
-+INCLUDES = -I.. -I$(srcdir) -I$(top_srcdir)/lib -I../lib
-+DEFS = -DLOCALEDIR=\"$(localedir)\" -DSHAREDIR=\"$(datadir)\" -DWITH_SELINUX @DEFS@
+ NROFF = nroff
+ MANS = $(dist_man_MANS)
+-DIST_COMMON = $(dist_man_MANS) Makefile.am Makefile.in
++DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in Makefile.am
+ all: all-am
- # Sometimes, the expansion of @LIBINTL@ includes -lc which may
- # include modules defining variables like `optind', so libfetish.a
- # must precede @LIBINTL@ in order to ensure we use GNU getopt.
- # But libfetish.a must also follow @LIBINTL@, since libintl uses
- # replacement functions defined in libfetish.a.
--LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
-+LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a -lselinux -lattr
-
- dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
- ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
-diff -Nur coreutils-5.0/src/chcon.c coreutils-5.0.new/src/chcon.c
---- coreutils-5.0/src/chcon.c 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-5.0.new/src/chcon.c 2003-06-20 12:10:08.000000000 +0200
-@@ -0,0 +1,321 @@
+ .SUFFIXES:
+@@ -287,7 +290,6 @@
+
+ installdirs:
+ $(mkinstalldirs) $(DESTDIR)$(man1dir)
+-
+ install: install-am
+ install-exec: install-exec-am
+ install-data: install-data-am
+@@ -307,7 +309,7 @@
+ clean-generic:
+
+ distclean-generic:
+- -rm -f Makefile $(CONFIG_CLEAN_FILES)
++ -rm -f $(CONFIG_CLEAN_FILES)
+
+ maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+@@ -318,6 +320,7 @@
+ clean-am: clean-generic mostlyclean-am
+
+ distclean: distclean-am
++ -rm -f Makefile
+
+ distclean-am: clean-am distclean-generic
+
+@@ -340,6 +343,7 @@
+ installcheck-am:
+
+ maintainer-clean: maintainer-clean-am
++ -rm -f Makefile
+
+ maintainer-clean-am: distclean-am maintainer-clean-generic
+
+@@ -401,7 +405,6 @@
+ groups.1: $(common_dep) $(srcdir)/groups.x ../src/groups.sh
+ head.1: $(common_dep) $(srcdir)/head.x ../src/head.c
+ hostid.1: $(common_dep) $(srcdir)/hostid.x ../src/hostid.c
+-hostname.1: $(common_dep) $(srcdir)/hostname.x ../src/hostname.c
+ id.1: $(common_dep) $(srcdir)/id.x ../src/id.c
+ install.1: $(common_dep) $(srcdir)/install.x ../src/install.c
+ join.1: $(common_dep) $(srcdir)/join.x ../src/join.c
+@@ -460,6 +463,8 @@
+ who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
+ whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
+ yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
++chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
++runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
+
+ # Note the use of $t/$*, rather than just `$*' as in other packages.
+ # That is necessary to avoid failures for programs that are also shell built-in
+diff -urN coreutils-5.0.org/man/mkdir.1 coreutils-5.0/man/mkdir.1
+--- coreutils-5.0.org/man/mkdir.1 2003-12-27 12:26:28.407174440 +0100
++++ coreutils-5.0/man/mkdir.1 2003-12-27 12:26:52.968440560 +0100
+@@ -12,6 +12,8 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not rwxrwxrwx - umask
+ .TP
+diff -urN coreutils-5.0.org/man/mkfifo.1 coreutils-5.0/man/mkfifo.1
+--- coreutils-5.0.org/man/mkfifo.1 2003-12-27 12:26:28.459166536 +0100
++++ coreutils-5.0/man/mkfifo.1 2003-12-27 12:26:52.968440560 +0100
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not a=rw - umask
+ .TP
+diff -urN coreutils-5.0.org/man/mknod.1 coreutils-5.0/man/mknod.1
+--- coreutils-5.0.org/man/mknod.1 2003-12-27 12:26:28.406174592 +0100
++++ coreutils-5.0/man/mknod.1 2003-12-27 12:26:52.969440408 +0100
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not a=rw - umask
+ .TP
+diff -urN coreutils-5.0.org/man/runcon.1 coreutils-5.0/man/runcon.1
+--- coreutils-5.0.org/man/runcon.1 1970-01-01 01:00:00.000000000 +0100
++++ coreutils-5.0/man/runcon.1 2003-12-27 12:26:52.969440408 +0100
+@@ -0,0 +1,39 @@
++.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux"
++.SH NAME
++runcon \- run command with specified security context
++.SH SYNOPSIS
++.B runcon
++[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
++.PP
++or
++.PP
++.B runcon
++\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
++.PP
++.br
++.SH DESCRIPTION
++.PP
++.\" Add any additional description here
++.PP
++Run COMMAND with current security context modified by one or more of LEVEL,
++ROLE, TYPE, and USER, or with completely-specified CONTEXT.
++.TP
++\fB\-t\fR
++change current type to the specified type
++.TP
++\fB\-l\fR
++change current level range to the specified range
++.TP
++\fB\-r\fR
++change current role to the specified role
++.TP
++\fB\-u\fR
++change current user to the specified user
++.PP
++If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
++the first argument is used as the complete context. Any additional
++arguments after \fICOMMAND\fR are interpreted as arguments to the
++command.
++.PP
++Note that only carefully-chosen contexts are likely to successfully
++run.
+diff -urN coreutils-5.0.org/man/runcon.x coreutils-5.0/man/runcon.x
+--- coreutils-5.0.org/man/runcon.x 1970-01-01 01:00:00.000000000 +0100
++++ coreutils-5.0/man/runcon.x 2003-12-27 12:26:52.964441168 +0100
+@@ -0,0 +1,2 @@
++[DESCRIPTION]
++.\" Add any additional description here
+diff -urN coreutils-5.0.org/man/stat.1 coreutils-5.0/man/stat.1
+--- coreutils-5.0.org/man/stat.1 2003-12-27 12:26:28.458166688 +0100
++++ coreutils-5.0/man/stat.1 2003-12-27 12:26:52.965441016 +0100
+@@ -22,6 +22,9 @@
+ \fB\-t\fR, \fB\-\-terse\fR
+ print the information in terse form
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR
++print security context information for SELinux if available.
++.TP
+ \fB\-\-help\fR
+ display this help and exit
+ .TP
+@@ -42,6 +45,9 @@
+ %b
+ Number of blocks allocated (see %B)
+ .TP
++%C
++SELinux security context
++.TP
+ %D
+ Device number in hex
+ .TP
+diff -urN coreutils-5.0.org/man/vdir.1 coreutils-5.0/man/vdir.1
+--- coreutils-5.0.org/man/vdir.1 2003-12-27 12:26:28.510158784 +0100
++++ coreutils-5.0/man/vdir.1 2003-12-27 12:26:52.967440712 +0100
+@@ -1,5 +1,5 @@
+-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29.
+-.TH VDIR "1" "March 2003" "vdir (coreutils) 5.0" "User Commands"
++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022.
++.TH VDIR "1" "September 2003" "vdir (coreutils) 5.0" FSF
+ .SH NAME
+ vdir \- list directory contents
+ .SH SYNOPSIS
+@@ -195,6 +195,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELINUX options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+diff -urN coreutils-5.0.org/src/chcon.c coreutils-5.0/src/chcon.c
+--- coreutils-5.0.org/src/chcon.c 1970-01-01 01:00:00.000000000 +0100
++++ coreutils-5.0/src/chcon.c 2003-12-27 12:26:52.934445728 +0100
+@@ -0,0 +1,415 @@
+/* chcontext -- change security context of a pathname */
+
+#include <config.h>
+#include <grp.h>
+#include <getopt.h>
+#include <selinux/selinux.h>
++#include <selinux/context.h>
+
+#include "system.h"
+#include "error.h"
+ V_off
+};
+
-+static int change_dir_context PARAMS ((const char *dir, security_context_t context,
-+ const struct stat *statp));
++static int change_dir_context PARAMS ((const char *dir, const struct stat *statp));
+
+/* The name the program was run with. */
+char *program_name;
+static enum Verbosity verbosity = V_off;
+
+/* The name of the context file is being given. */
-+static const char *contextname;
++static const char *specified_context;
++
++/* Specific components of the context */
++static const char *specified_user;
++static const char *specified_role;
++static const char *specified_range;
++static const char *specified_type;
+
+/* The argument to the --reference option. Use the context of this file.
+ This file must exist. */
+ {"quiet", no_argument, 0, 'f'},
+ {"reference", required_argument, 0, CHAR_MAX + 1},
+ {"context", required_argument, 0, CHAR_MAX + 2},
++ {"user", required_argument, 0, 'u'},
++ {"role", required_argument, 0, 'r'},
++ {"type", required_argument, 0, 't'},
++ {"range", required_argument, 0, 'l'},
+ {"verbose", no_argument, 0, 'v'},
+ {"help", no_argument, &show_help, 1},
+ {"version", no_argument, &show_version, 1},
+ CHANGED describes what (if anything) has happened. */
+
+static void
-+describe_change (const char *file, enum Change_status changed)
++describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
+{
+ const char *fmt;
+ switch (changed)
+ default:
+ abort ();
+ }
-+ printf (fmt, file, contextname);
++ printf (fmt, file, newcontext);
++}
++
++static int
++compute_context_from_mask (security_context_t context, context_t *ret)
++{
++ context_t newcontext = context_new (context);
++ if (!newcontext)
++ return 1;
++#define SETCOMPONENT(comp) \
++ do { \
++ if (specified_ ## comp) \
++ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
++ goto lose; \
++ } while (0)
++
++ SETCOMPONENT(user);
++ SETCOMPONENT(range);
++ SETCOMPONENT(role);
++ SETCOMPONENT(type);
++#undef SETCOMPONENT
++
++ *ret = newcontext;
++ return 0;
++ lose:
++ context_free (newcontext);
++ return 1;
+}
+
-+/* Change the context of FILE to CONTEXT.
++/* Change the context of FILE, using specified components.
+ If it is a directory and -R is given, recurse.
+ Return 0 if successful, 1 if errors occurred. */
+
+static int
-+change_file_context (const char *file, security_context_t context)
++change_file_context (const char *file)
+{
+ struct stat file_stats;
+ security_context_t file_context=NULL;
++ context_t context;
++ security_context_t context_string;
+ int errors = 0;
+
+ if ((lgetfilecon(file, &file_context)<0) && (errno != ENODATA))
-+
+ {
+ if (force_silent == 0)
+ error (0, errno, "%s", file);
+ return 1;
+ }
+
-+ if ((file_context==NULL) || strcmp(context,file_context)!=0)
++ /* If the file doesn't have a context, and we're not setting all of
++ the context components, there isn't really an obvious default.
++ Thus, we just give up. */
++ if (file_context == NULL && specified_context == NULL)
++ {
++ error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
++ return 1;
++ }
++
++ if (specified_context == NULL)
++ {
++ if (compute_context_from_mask (file_context, &context))
++ {
++ error (0, 0, _("couldn't compute security context from %s"), file_context);
++ return 1;
++ }
++ }
++ else
++ {
++ context = context_new (specified_context);
++ if (!context)
++ error (1, 0,_("invalid context: %s"),specified_context);
++ }
++
++ context_string = context_str (context);
++
++ if (strcmp(context_string,file_context)!=0)
+ {
+ int fail;
+
+ if (change_symlinks)
-+ fail = lsetfilecon (file, context);
++ fail = lsetfilecon (file, context_string);
+ else
-+ fail = setfilecon (file, context);
++ fail = setfilecon (file, context_string);
+
+ if (verbosity == V_high || (verbosity == V_changes_only && !fail))
-+ describe_change (file, (fail ? CH_FAILED : CH_SUCCEEDED));
++ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
+
+ if (fail)
+ {
+ errors = 1;
+ if (force_silent == 0)
+ {
-+ error (0, errno, "%s", file);
++ error (0, errno, _("failed to change context of %s to %s"), file, context_string);
+ }
+ }
+ }
+ else if (verbosity == V_high)
+ {
-+ describe_change (file, CH_NO_CHANGE_REQUESTED);
++ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
+ }
+
++ context_free(context);
+ freecon(file_context);
+
+ if (recurse) {
+ if (lstat(file, &file_stats)==0)
+ if (S_ISDIR (file_stats.st_mode))
-+ errors |= change_dir_context (file, context, &file_stats);
++ errors |= change_dir_context (file, &file_stats);
+ }
+ return errors;
+}
+
+/* Recursively change context of the files in directory DIR
-+ to CONTEXT CONTEXT.
++ using specified context components.
+ STATP points to the results of lstat on DIR.
+ Return 0 if successful, 1 if errors occurred. */
+
+static int
-+change_dir_context (const char *dir, security_context_t context, const struct stat *statp)
++change_dir_context (const char *dir, const struct stat *statp)
+{
+ char *name_space, *namep;
+ char *path; /* Full path of each entry to process. */
+ path = xrealloc (path, pathlength);
+ }
+ strcpy (path + dirlength, namep);
-+ errors |= change_file_context (path, context);
++ errors |= change_file_context (path);
+ }
+ free (path);
+ free (name_space);
+ {
+ printf (_("\
+Usage: %s [OPTION]... CONTEXT FILE...\n\
++ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
+ or: %s [OPTION]... --reference=RFILE FILE...\n\
+"),
+ program_name, program_name, program_name);
+ (available only on systems with lchown system call)\n\
+ -f, --silent, --quiet suppress most error messages\n\
+ --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
++ -u, --user=USER set user USER in the target security context\n\
++ -r, --role=ROLE set role ROLE in the target security context\n\
++ -t, --type=TYPE set type TYPE in the target security context\n\
++ -l, --range=RANGE set range RANGE in the target security context\n\
+ -R, --recursive change files and directories recursively\n\
+ -v, --verbose output a diagnostic for every file processed\n\
+ --help display this help and exit\n\
+int
+main (int argc, char **argv)
+{
-+ security_context_t context = NULL;
+ security_context_t ref_context = NULL;
+ int errors = 0;
+ int optc;
++ int component_specified = 0;
+
+ program_name = argv[0];
+ setlocale (LC_ALL, "");
+
+ recurse = force_silent = 0;
+
-+ while ((optc = getopt_long (argc, argv, "Rcfhv", long_options, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
+ {
+ switch (optc)
+ {
+ case 0:
-+ break;
++ break;
++ case 'u':
++ specified_user = optarg;
++ component_specified = 1;
++ break;
++ case 'r':
++ specified_role = optarg;
++ component_specified = 1;
++ break;
++ case 't':
++ specified_type = optarg;
++ component_specified = 1;
++ break;
++ case 'l':
++ specified_range = optarg;
++ component_specified = 1;
++ break;
+ case CHAR_MAX + 1:
+ reference_file = optarg;
+ break;
+ if (show_help)
+ usage (0);
+
-+ if (argc - optind + ( (reference_file || ( context > 0 ) ) ? 1 : 0) <= 1)
-+ {
-+ error (0, 0, _("too few arguments"));
-+ usage (1);
-+ }
++
++ if (reference_file && component_specified)
++ {
++ error (0, 0, _("conflicting security context specifiers given"));
++ usage (1);
++ }
++
++ if (!(((reference_file || component_specified)
++ && (argc - optind > 0))
++ || (argc - optind > 1)))
++ {
++ error (0, 0, _("too few arguments"));
++ usage (1);
++ }
+
+ if (reference_file)
+ {
+ if (getfilecon (reference_file, &ref_context)<0)
+ error (1, errno, "%s", reference_file);
-+
-+ context = ref_context;
++
++ specified_context = ref_context;
+ }
-+ else {
-+ context = argv[optind++];
++ else if (!component_specified) {
++ specified_context = argv[optind++];
+ }
+ for (; optind < argc; ++optind)
-+ errors |= change_file_context (argv[optind], context);
++ errors |= change_file_context (argv[optind]);
+
+ if (verbosity != V_off)
+ close_stdout ();
+ freecon(ref_context);
+ exit (errors);
+}
-diff -Nur coreutils-5.0/src/copy.c coreutils-5.0.new/src/copy.c
---- coreutils-5.0/src/copy.c 2003-06-20 12:01:02.000000000 +0200
-+++ coreutils-5.0.new/src/copy.c 2003-06-20 12:10:08.000000000 +0200
-@@ -46,6 +46,10 @@
+diff -urN coreutils-5.0.org/src/copy.c coreutils-5.0/src/copy.c
+--- coreutils-5.0.org/src/copy.c 2003-12-27 12:26:28.939093576 +0100
++++ coreutils-5.0/src/copy.c 2003-12-27 12:26:52.935445576 +0100
+@@ -46,6 +46,11 @@
#include "same.h"
#include "xreadlink.h"
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++extern int selinux_enabled;
+#endif
+
#define DO_CHOWN(Chown, File, New_uid, New_gid) \
(Chown (File, New_uid, New_gid) \
/* If non-root uses -p, it's ok if we can't preserve ownership. \
-@@ -1233,6 +1237,26 @@
+@@ -1233,6 +1238,32 @@
In such cases, set this variable to zero. */
preserve_metadata = 1;
+#ifdef WITH_SELINUX
-+ if (x->preserve_security_context)
++ if (x->preserve_security_context && selinux_enabled)
+ {
+ security_context_t con;
+
-+ if (lgetfilecon (src_path, &con) < 0)
++ if (lgetfilecon (src_path, &con) >= 0)
+ {
++ if (setfscreatecon(con) < 0)
++ {
++ freecon(con);
++ error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
++ return 1;
++ }
++ freecon(con);
++ }
++ else {
++ if ( errno == ENOTSUP ) {
++ error (0, errno, _("warning: security context not preserved %s"), quote (src_path));
++ } else {
+ error (0, errno, _("cannot lgetfilecon %s"), quote (src_path));
+ return 1;
+ }
-+ if (setfscreatecon(con) < 0)
-+ {
-+ freecon(con);
-+ error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
-+ return 1;
+ }
-+ freecon(con);
+ }
+#endif
+
if (S_ISDIR (src_mode))
{
struct dir_list *dir;
-@@ -1302,8 +1326,13 @@
+@@ -1302,8 +1333,13 @@
}
/* Are we crossing a file system boundary? */
- if (x->one_file_system && device != 0 && device != src_sb.st_dev)
+ if (x->one_file_system && device != 0 && device != src_sb.st_dev) {
+#ifdef WITH_SELINUX
-+ if (x->preserve_security_context)
++ if (x->preserve_security_context && selinux_enabled)
+ setfscreatecon(NULL);
+#endif
return 0;
/* Copy the contents of the directory. */
-@@ -1442,6 +1471,11 @@
+@@ -1442,6 +1478,11 @@
}
}
+#ifdef WITH_SELINUX
-+ if (x->preserve_security_context)
++ if (x->preserve_security_context && selinux_enabled)
+ setfscreatecon(NULL);
+#endif
+
/* There's no need to preserve timestamps or permissions. */
preserve_metadata = 0;
-@@ -1474,7 +1508,7 @@
+@@ -1474,7 +1515,7 @@
if (command_line_arg)
record_file (x->dest_info, dst_path, NULL);
return 0;
/* POSIX says that `cp -p' must restore the following:
-@@ -1576,6 +1610,11 @@
+@@ -1576,6 +1617,11 @@
un_backup:
+#ifdef WITH_SELINUX
-+ if (x->preserve_security_context)
++ if (x->preserve_security_context && selinux_enabled)
+ setfscreatecon(NULL);
+#endif
+
/* We have failed to create the destination file.
If we've just added a dev/ino entry via the remember_copied
call above (i.e., unless we've just failed to create a hard link),
-diff -Nur coreutils-5.0/src/copy.h coreutils-5.0.new/src/copy.h
---- coreutils-5.0/src/copy.h 2003-06-20 12:01:02.000000000 +0200
-+++ coreutils-5.0.new/src/copy.h 2003-06-20 12:10:08.000000000 +0200
+diff -urN coreutils-5.0.org/src/copy.h coreutils-5.0/src/copy.h
+--- coreutils-5.0.org/src/copy.h 2003-12-27 12:26:28.948092208 +0100
++++ coreutils-5.0/src/copy.h 2003-12-27 12:26:52.937445272 +0100
@@ -105,6 +105,9 @@
int preserve_ownership;
int preserve_mode;
/* Enabled for mv, and for cp by the --preserve=links option.
If nonzero, attempt to preserve in the destination files any
-diff -Nur coreutils-5.0/src/cp.c coreutils-5.0.new/src/cp.c
---- coreutils-5.0/src/cp.c 2003-06-20 12:01:02.000000000 +0200
-+++ coreutils-5.0.new/src/cp.c 2003-06-20 12:10:08.000000000 +0200
-@@ -52,6 +52,10 @@
+diff -urN coreutils-5.0.org/src/cp.c coreutils-5.0/src/cp.c
+--- coreutils-5.0.org/src/cp.c 2003-12-27 12:26:28.939093576 +0100
++++ coreutils-5.0/src/cp.c 2003-12-27 12:26:52.938445120 +0100
+@@ -52,6 +52,11 @@
#define AUTHORS N_ ("Torbjorn Granlund, David MacKenzie, and Jim Meyering")
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++int selinux_enabled=0;
+#endif
+
#ifndef _POSIX_VERSION
uid_t geteuid ();
#endif
-@@ -149,6 +153,9 @@
+@@ -149,6 +154,9 @@
{"update", no_argument, NULL, 'u'},
{"verbose", no_argument, NULL, 'v'},
{"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'X'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{GETOPT_HELP_OPTION_DECL},
{GETOPT_VERSION_OPTION_DECL},
{NULL, 0, NULL, 0}
-@@ -198,6 +205,9 @@
+@@ -198,6 +206,9 @@
additional attributes: links, all\n\
"), stdout);
fputs (_("\
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\
--parents append source path to DIRECTORY\n\
-P same as `--no-dereference'\n\
-@@ -225,6 +235,7 @@
+@@ -225,6 +236,7 @@
destination file is missing\n\
-v, --verbose explain what is being done\n\
-x, --one-file-system stay on this file system\n\
-+ -X, --context=CONTEXT set security context of copy to CONTEXT\n\
++ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
"), stdout);
fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout);
-@@ -756,8 +767,8 @@
+@@ -756,8 +768,8 @@
{
new_dest = (char *) dest;
}
}
/* unreachable */
-@@ -781,6 +792,10 @@
+@@ -781,6 +793,10 @@
x->preserve_mode = 0;
x->preserve_timestamps = 0;
x->require_preserve = 0;
x->recursive = 0;
x->sparse_mode = SPARSE_AUTO;
-@@ -808,19 +823,20 @@
+@@ -808,19 +824,20 @@
PRESERVE_TIMESTAMPS,
PRESERVE_OWNERSHIP,
PRESERVE_LINK,
};
char *arg_writable = xstrdup (arg);
-@@ -855,11 +871,16 @@
+@@ -855,11 +872,16 @@
x->preserve_links = on_off;
break;
break;
default:
-@@ -882,6 +903,10 @@
+@@ -882,6 +904,10 @@
struct cp_options x;
int copy_contents = 0;
char *target_directory = NULL;
+#ifdef WITH_SELINUX
+ security_context_t scontext = NULL;
-+ int is_selinux_enabled_flag= is_selinux_enabled();
++ selinux_enabled= is_selinux_enabled();
+#endif
program_name = argv[0];
setlocale (LC_ALL, "");
-@@ -896,7 +921,11 @@
+@@ -896,7 +922,11 @@
we'll actually use backup_suffix_string. */
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
+#ifdef WITH_SELINUX
-+ while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:X:Z:", long_opts, NULL))
++ while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:Z:", long_opts, NULL))
+#else
while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL))
+#endif
!= -1)
{
switch (c)
-@@ -987,6 +1016,36 @@
+@@ -987,6 +1017,36 @@
x.preserve_timestamps = 1;
x.require_preserve = 1;
break;
+ (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext);
+ exit( 1 );
+ }
-+ else if (is_selinux_enabled_flag)
++ else if (selinux_enabled)
+ x.preserve_security_context = 1;
+ break;
+
-+ case 'X':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
-+ fprintf( stderr, "Warning: ignoring --context (-X). "
++ if( !selinux_enabled ) {
++ fprintf( stderr, "Warning: ignoring --context (-Z). "
+ "It requires a SELinux enabled kernel.\n" );
+ break;
+ }
case PARENTS_OPTION:
flag_path = 1;
-diff -Nur coreutils-5.0/src/id.c coreutils-5.0.new/src/id.c
---- coreutils-5.0/src/id.c 2003-03-27 23:39:46.000000000 +0100
-+++ coreutils-5.0.new/src/id.c 2003-06-20 12:10:08.000000000 +0200
+diff -urN coreutils-5.0.org/src/id.c coreutils-5.0/src/id.c
+--- coreutils-5.0.org/src/id.c 2003-12-27 12:26:28.951091752 +0100
++++ coreutils-5.0/src/id.c 2003-12-27 12:26:52.939444968 +0100
@@ -46,6 +46,20 @@
int getugroups ();
+ printf ("%s", context);
+}
+
-+/* If nonzero, output only the SELinux context. -c */
++/* If nonzero, output only the SELinux context. -Z */
+static int just_context = 0;
+
+#endif
+
static struct option const longopts[] =
{
-+ {"context", no_argument, NULL, 'c'},
++ {"context", no_argument, NULL, 'Z'},
{"group", no_argument, NULL, 'g'},
{"groups", no_argument, NULL, 'G'},
{"name", no_argument, NULL, 'n'},
Print information for USERNAME, or the current user.\n\
\n\
-a ignore, for compatibility with other versions\n\
-+ -c, --context print only the context\n\
++ -Z, --context print only the context\n\
-g, --group print only the effective group ID\n\
-G, --groups print all group IDs\n\
-n, --name print a name instead of a number, for -ugG\n\
main (int argc, char **argv)
{
int optc;
-+ int is_selinux_enabled_flag=is_selinux_enabled();
++ int selinux_enabled=is_selinux_enabled();
/* If nonzero, output the list of all group IDs. -G */
int just_group_list = 0;
atexit (close_stdout);
- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
-+ while ((optc = getopt_long (argc, argv, "acgnrsuG", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
{
switch (optc)
{
/* Ignore -a, for compatibility with SVR4. */
break;
+#ifdef WITH_SELINUX
-+ case 'c':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
++ if( !selinux_enabled ) {
++ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
+ "a selinux-enabled kernel.\n" );
+ exit( 1 );
+ }
- error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
+#ifdef WITH_SELINUX
+ if (argc - optind == 1)
-+ is_selinux_enabled_flag = 0;
++ selinux_enabled = 0;
+
-+ if( just_context && !is_selinux_enabled_flag)
++ if( just_context && !selinux_enabled)
+ error (1, 0, _("\
+cannot display context when selinux not enabled or when displaying the id\n\
+of a different user"));
+ * Otherwise, leave the context variable alone - it has *
+ * been initialized known invalid value; if we see this invalid *
+ * value later, we will know we are on a non-selinux kernel. */
-+ if( is_selinux_enabled_flag )
++ if( selinux_enabled )
+ {
+ if (getcon(&context))
+ error (1, 0, "can't get process context");
+ }
+#endif
}
-diff -Nur coreutils-5.0/src/install.c coreutils-5.0.new/src/install.c
---- coreutils-5.0/src/install.c 2003-06-20 12:01:02.000000000 +0200
-+++ coreutils-5.0.new/src/install.c 2003-06-20 12:10:08.000000000 +0200
-@@ -50,6 +50,10 @@
+diff -urN coreutils-5.0.org/src/install.c coreutils-5.0/src/install.c
+--- coreutils-5.0.org/src/install.c 2003-12-27 12:26:28.932094640 +0100
++++ coreutils-5.0/src/install.c 2003-12-27 12:26:52.941444664 +0100
+@@ -50,6 +50,11 @@
# include <sys/wait.h>
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++int selinux_enabled=0;
+#endif
+
struct passwd *getpwnam ();
struct group *getgrnam ();
-@@ -126,11 +130,17 @@
+@@ -126,11 +131,17 @@
static struct option const long_options[] =
{
{"backup", optional_argument, NULL, 'b'},
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'X'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"directory", no_argument, NULL, 'd'},
{"group", required_argument, NULL, 'g'},
{"strip", no_argument, NULL, 's'},
{"suffix", required_argument, NULL, 'S'},
{"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
-@@ -247,6 +257,9 @@
+@@ -247,6 +258,9 @@
x->update = 0;
x->verbose = 0;
x->xstat = stat;
x->dest_info = NULL;
x->src_info = NULL;
-@@ -265,6 +278,11 @@
+@@ -265,6 +279,11 @@
struct cp_options x;
int n_files;
char **file;
+#ifdef WITH_SELINUX
+ security_context_t scontext = NULL;
+ /* set iff kernel has extra selinux system calls */
-+ int is_selinux_enabled_flag = is_selinux_enabled();
++ selinux_enabled = is_selinux_enabled();
+#endif
program_name = argv[0];
setlocale (LC_ALL, "");
-@@ -285,7 +303,11 @@
+@@ -285,7 +304,11 @@
we'll actually use backup_suffix_string. */
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPX:vV:S:Z:", long_options,
++ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPvV:S:Z:", long_options,
+#else
while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pvV:S:", long_options,
+#endif
NULL)) != -1)
{
switch (optc)
-@@ -338,6 +360,39 @@
+@@ -338,6 +361,39 @@
make_backups = 1;
backup_suffix_string = optarg;
break;
+#ifdef WITH_SELINUX
+ case 'P':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
++ if( !selinux_enabled ) {
+ fprintf( stderr, "Warning: ignoring --preserve_context (-P) "
+ "because the kernel is not selinux-enabled.\n" );
+ break;
+ }
+ x.preserve_security_context = 1;
+ break ;
-+ case 'X':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
-+ if( !is_selinux_enabled_flag ) {
-+ fprintf( stderr, "Warning: ignoring --context (-X) "
++ if( !selinux_enabled) {
++ fprintf( stderr, "Warning: ignoring --context (-Z) "
+ "because the kernel is not selinux-enabled.\n" );
+ break;
+ }
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
-@@ -721,6 +776,11 @@
+@@ -721,6 +777,11 @@
-S, --suffix=SUFFIX override the usual backup suffix\n\
-v, --verbose print the name of each directory as it is created\n\
"), stdout);
+ fputs (_("\
-+ -P, --preserve_context (Selinux) Preserve security context\n\
-+ -X, --context=CONTEXT (Selinux) Set security context of files and directories\n\
++ -P, --preserve_context (SELinux) Preserve security context\n\
++ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
+"), stdout);
+
fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout);
fputs (_("\
-diff -Nur coreutils-5.0/src/ls.c coreutils-5.0.new/src/ls.c
---- coreutils-5.0/src/ls.c 2003-06-20 12:01:02.000000000 +0200
-+++ coreutils-5.0.new/src/ls.c 2003-06-20 12:10:08.000000000 +0200
-@@ -130,6 +130,12 @@
+diff -urN coreutils-5.0.org/src/ls.c coreutils-5.0/src/ls.c
+--- coreutils-5.0.org/src/ls.c 2003-12-27 12:26:28.947092360 +0100
++++ coreutils-5.0/src/ls.c 2003-12-27 12:42:14.887287592 +0100
+@@ -130,6 +130,18 @@
#define AUTHORS N_ ("Richard Stallman and David MacKenzie")
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
-+int is_selinux_enabled_flag= 0;
++int selinux_enabled= 0;
+static int print_scontext = 0;
++#define check_selinux() if (!selinux_enabled) { \
++ fprintf( stderr, "Sorry, this option can only be used " \
++ "on a SELinux kernel.\n" ); \
++ exit( EXIT_FAILURE ); \
++}
++
+#endif
+
#define obstack_chunk_alloc malloc
#define obstack_chunk_free free
-@@ -227,6 +233,10 @@
+@@ -227,6 +239,10 @@
/* For long listings, true if the file has an access control list. */
bool have_acl;
#endif
};
#if HAVE_ACL || USE_ACL
-@@ -290,6 +300,9 @@
+@@ -290,6 +306,9 @@
static void sort_files (void);
static void parse_ls_color (void);
void usage (int status);
/* The name the program was run with, stripped of any leading path. */
char *program_name;
-@@ -379,7 +392,12 @@
+@@ -379,7 +398,10 @@
one_per_line, /* -1 */
many_per_line, /* -C */
horizontal, /* -x */
- with_commas /* -m */
+#ifdef WITH_SELINUX
-+ with_commas, /* -m */
-+ security_format
-+#else
-+ with_commas /* -m */
++ security_format, /* -Z */
+#endif
++ with_commas /* -m */
};
static enum format format;
-@@ -700,6 +718,11 @@
+@@ -700,6 +722,11 @@
SHOW_CONTROL_CHARS_OPTION,
SI_OPTION,
SORT_OPTION,
TIME_OPTION,
TIME_STYLE_OPTION
};
-@@ -743,6 +766,11 @@
+@@ -743,6 +770,11 @@
{"time-style", required_argument, 0, TIME_STYLE_OPTION},
{"color", optional_argument, 0, COLOR_OPTION},
{"block-size", required_argument, 0, BLOCK_SIZE_OPTION},
{"author", no_argument, 0, AUTHOR_OPTION},
{GETOPT_HELP_OPTION_DECL},
{GETOPT_VERSION_OPTION_DECL},
-@@ -752,12 +780,19 @@
+@@ -752,12 +784,19 @@
static char const *const format_args[] =
{
"verbose", "long", "commas", "horizontal", "across",
many_per_line, one_per_line
};
-@@ -1121,6 +1156,9 @@
+@@ -1121,6 +1160,9 @@
format_needs_stat = sort_type == sort_time || sort_type == sort_size
|| format == long_format
|| dereference == DEREF_ALWAYS
|| print_block_size || print_inode;
format_needs_type = (format_needs_stat == 0
-@@ -1243,6 +1281,11 @@
+@@ -1243,6 +1285,11 @@
/* Record whether there is an option specifying sort type. */
int sort_type_specified = 0;
+#ifdef WITH_SELINUX
+ /* 1 iff kernel has new selinux system calls */
-+ is_selinux_enabled_flag= is_selinux_enabled();
++ selinux_enabled= is_selinux_enabled();
+#endif
+
qmark_funny_chars = 0;
/* initialize all switches to default settings */
-@@ -1293,6 +1336,9 @@
+@@ -1293,6 +1340,9 @@
all_files = 0;
really_all_files = 0;
ignore_patterns = 0;
/* FIXME: put this in a function. */
{
-@@ -1656,6 +1702,31 @@
+@@ -1370,7 +1420,7 @@
+ }
+
+ while ((c = getopt_long (argc, argv,
+- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
++ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
+ long_options, NULL)) != -1)
+ {
+ switch (c)
+@@ -1490,6 +1540,13 @@
+ format = horizontal;
+ break;
+
++#ifdef WITH_SELINUX
++ case 'Z':
++ check_selinux();
++ print_scontext = 1;
++ format = security_format;
++ break;
++#endif
+ case 'A':
+ really_all_files = 0;
+ all_files = 1;
+@@ -1657,6 +1714,25 @@
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
+#ifdef WITH_SELINUX
+
-+#define check_selinux() if (!is_selinux_enabled_flag) { \
-+ fprintf( stderr, "Sorry, this option can only be used " \
-+ "on a SELinux kernel.\n" ); \
-+ exit( EXIT_FAILURE ); \
-+}
-+
+ case CONTEXT_OPTION: /* new security format */
+ check_selinux();
+ print_scontext = 1;
default:
usage (EXIT_FAILURE);
}
-@@ -2301,6 +2372,10 @@
+@@ -2308,6 +2384,12 @@
free (files[i].name);
if (files[i].linkname)
free (files[i].linkname);
+#ifdef WITH_SELINUX
-+ if (files[i].scontext)
++ if (files[i].scontext) {
+ freecon (files[i].scontext);
++ files[i].scontext=NULL;
++ }
+#endif
}
files_index = 0;
-@@ -2372,6 +2447,11 @@
+@@ -2334,6 +2416,9 @@
+ files[files_index].linkname = 0;
+ files[files_index].linkmode = 0;
+ files[files_index].linkok = 0;
++#ifdef WITH_SELINUX
++ files[files_index].scontext = NULL;
++#endif
+
+ if (explicit_arg
+ || format_needs_stat
+@@ -2379,6 +2464,11 @@
{
int need_lstat;
err = stat (path, &files[files_index].stat);
+#ifdef WITH_SELINUX
-+ if (err>=0)
-+ if (is_selinux_enabled_flag)
-+ getfilecon(path, &files[files_index].scontext);
++ if (err>=0)
++ if (selinux_enabled && (format == security_format || print_scontext))
++ getfilecon(path, &files[files_index].scontext);
+#endif
if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
break;
-@@ -2390,6 +2470,12 @@
+@@ -2397,6 +2487,11 @@
default: /* DEREF_NEVER */
err = lstat (path, &files[files_index].stat);
+#ifdef WITH_SELINUX
-+ if (err>=0)
-+ if (is_selinux_enabled_flag)
-+ lgetfilecon(path, &files[files_index].scontext);
++ if (err>=0)
++ if (selinux_enabled && (format == security_format || print_scontext))
++ lgetfilecon(path, &files[files_index].scontext);
+#endif
-+
break;
}
-@@ -2819,6 +2905,16 @@
+@@ -2825,6 +2920,16 @@
DIRED_PUTCHAR ('\n');
}
break;
}
}
-@@ -3082,6 +3178,14 @@
+@@ -3088,6 +3193,14 @@
p += strlen (p);
}
DIRED_INDENT ();
DIRED_FPUTS (buf, stdout, p - buf);
print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
-@@ -3874,6 +3978,16 @@
+@@ -3883,6 +3996,16 @@
-X sort alphabetically by entry extension\n\
-1 list one file per line\n\
"), stdout);
fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout);
fputs (_("\n\
-@@ -3892,3 +4006,79 @@
+@@ -3901,3 +4024,79 @@
}
exit (status);
}
+ }
+}
+#endif
-diff -Nur coreutils-5.0/src/mkdir.c coreutils-5.0.new/src/mkdir.c
---- coreutils-5.0/src/mkdir.c 2002-09-23 09:35:27.000000000 +0200
-+++ coreutils-5.0.new/src/mkdir.c 2003-06-20 12:10:08.000000000 +0200
+diff -urN coreutils-5.0.org/src/Makefile.am coreutils-5.0/src/Makefile.am
+--- coreutils-5.0.org/src/Makefile.am 2003-12-27 12:26:28.928095248 +0100
++++ coreutils-5.0/src/Makefile.am 2003-12-27 12:37:59.212156120 +0100
+@@ -4,13 +4,13 @@
+ EXTRA_SCRIPTS = nohup
+
+ bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@
+-bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \
++bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \
+ ginstall link ln dir vdir ls mkdir \
+ mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \
+ cat cksum comm csplit cut expand fmt fold head join md5sum \
+ nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
+ basename date dirname echo env expr factor false getgid \
+- hostname id kill logname pathchk printenv printf pwd seq sleep tee \
++ hostname id kill logname pathchk printenv printf runcon pwd seq sleep tee \
+ test true tty whoami yes \
+ @OPTIONAL_BIN_PROGS@ @DF_PROG@
+
+@@ -34,10 +34,20 @@
+ # replacement functions defined in libfetish.a.
+ LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a
+
+-dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
+-ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
++dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@
++ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@
+ shred_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
+-vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@
++vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ @LIB_SELINUX@
++cp_LDADD = $(LDADD) @LIB_SELINUX@
++ginstall_LDADD = $(LDADD) @LIB_SELINUX@
++mv_LDADD = $(LDADD) @LIB_SELINUX@
++chcon_LDADD = $(LDADD) @LIB_SELINUX@
++id_LDADD = $(LDADD) @LIB_SELINUX@
++mkdir_LDADD = $(LDADD) @LIB_SELINUX@
++mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
++mknod_LDADD = $(LDADD) @LIB_SELINUX@
++stat_LDADD = $(LDADD) @LIB_SELINUX@
++runcon_LDADD = $(LDADD) @LIB_SELINUX@
+
+ ## If necessary, add -lm to resolve use of pow in lib/strtod.c.
+ sort_LDADD = $(LDADD) @POW_LIB@
+diff -urN coreutils-5.0.org/src/mkdir.c coreutils-5.0/src/mkdir.c
+--- coreutils-5.0.org/src/mkdir.c 2003-12-27 12:26:28.950091904 +0100
++++ coreutils-5.0/src/mkdir.c 2003-12-27 12:26:52.958442080 +0100
@@ -34,6 +34,10 @@
#define AUTHORS "David MacKenzie"
static struct option const longopts[] =
{
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'c'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"mode", required_argument, NULL, 'm'},
{"parents", no_argument, NULL, 'p'},
"), stdout);
+#ifdef WITH_SELINUX
+ printf (_("\
-+ -c, --context=CONTEXT (Selinux) set security context to CONTEXT\n\
++ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
+"));
+#endif
fputs (_("\
create_parents = 0;
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "pm:s:c:v", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
+#else
while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
+#endif
verbose_fmt_string = _("created directory %s");
break;
+#ifdef WITH_SELINUX
-+ case 'c':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
+ if( !is_selinux_enabled()) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
++ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
+ "a selinux-enabled kernel.\n" );
+ exit( 1 );
+ }
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
-diff -Nur coreutils-5.0/src/mkfifo.c coreutils-5.0.new/src/mkfifo.c
---- coreutils-5.0/src/mkfifo.c 2002-08-31 09:29:21.000000000 +0200
-+++ coreutils-5.0.new/src/mkfifo.c 2003-06-20 12:10:08.000000000 +0200
+diff -urN coreutils-5.0.org/src/mkfifo.c coreutils-5.0/src/mkfifo.c
+--- coreutils-5.0.org/src/mkfifo.c 2003-12-27 12:26:28.933094488 +0100
++++ coreutils-5.0/src/mkfifo.c 2003-12-27 12:26:52.958442080 +0100
@@ -32,11 +32,18 @@
#define AUTHORS "David MacKenzie"
static struct option const longopts[] =
{
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'c'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"mode", required_argument, NULL, 'm'},
{GETOPT_HELP_OPTION_DECL},
"), stdout);
+#ifdef WITH_SELINUX
+ printf (_("\
-+ -c, --context=CONTEXT set security context (quoted string)\n\
++ -Z, --context=CONTEXT set security context (quoted string)\n\
+"), stdout);
+#endif
fputs (_("\
error (4, 0, _("fifo files not supported"));
#else
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "m:c:", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
+#else
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
+#endif
specified_mode = optarg;
break;
+#ifdef WITH_SELINUX
-+ case 'c':
++ case 'Z':
+ if( !is_selinux_enabled()) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
++ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
+ "a selinux-enabled kernel.\n" );
+ exit( 1 );
+ }
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
-diff -Nur coreutils-5.0/src/mknod.c coreutils-5.0.new/src/mknod.c
---- coreutils-5.0/src/mknod.c 2002-12-14 15:14:59.000000000 +0100
-+++ coreutils-5.0.new/src/mknod.c 2003-06-20 12:10:08.000000000 +0200
+diff -urN coreutils-5.0.org/src/mknod.c coreutils-5.0/src/mknod.c
+--- coreutils-5.0.org/src/mknod.c 2003-12-27 12:26:28.936094032 +0100
++++ coreutils-5.0/src/mknod.c 2003-12-27 12:26:52.959441928 +0100
@@ -36,8 +36,15 @@
/* The name this program was run with. */
char *program_name;
static struct option const longopts[] =
{
+#ifdef WITH_SELINUX
-+ {"context", required_argument, NULL, 'c'},
++ {"context", required_argument, NULL, 'Z'},
+#endif
{"mode", required_argument, NULL, 'm'},
{GETOPT_HELP_OPTION_DECL},
"), stdout);
+#ifdef WITH_SELINUX
+ fputs(_("\
-+ -c, --context=CONTEXT set security context (quoted string)\n\
++ -Z, --context=CONTEXT set security context (quoted string)\n\
+"), stdout);
+#endif
fputs (_("\
specified_mode = NULL;
+#ifdef WITH_SELINUX
-+ while ((optc = getopt_long (argc, argv, "m:s:c:", longopts, NULL)) != -1)
++ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
+#else
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
+#endif
specified_mode = optarg;
break;
+#ifdef WITH_SELINUX
-+ case 'c':
++ case 'Z':
+ /* politely decline if we're not on a selinux-enabled kernel. */
+ if( !is_selinux_enabled()) {
-+ fprintf( stderr, "Sorry, --context (-c) can be used only on "
++ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
+ "a selinux-enabled kernel.\n" );
+ exit( 1 );
+ }
case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default:
-diff -Nur coreutils-5.0/src/mv.c coreutils-5.0.new/src/mv.c
---- coreutils-5.0/src/mv.c 2003-06-20 12:01:02.000000000 +0200
-+++ coreutils-5.0.new/src/mv.c 2003-06-20 12:10:08.000000000 +0200
-@@ -37,6 +37,9 @@
- #include "path-concat.h"
+diff -urN coreutils-5.0.org/src/mv.c coreutils-5.0/src/mv.c
+--- coreutils-5.0.org/src/mv.c 2003-12-27 12:26:28.941093272 +0100
++++ coreutils-5.0/src/mv.c 2003-12-27 12:26:52.962441472 +0100
+@@ -38,6 +38,11 @@
#include "quote.h"
#include "remove.h"
+
+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h> /* for is_selinux_enabled() */
++#include <selinux/selinux.h> /* for is_selinux_enabled() */
++int selinux_enabled=0;
+#endif
-
++
/* The official name of this program (e.g., no `g' prefix). */
#define PROGRAM_NAME "mv"
-@@ -139,6 +142,9 @@
- x->update = 0;
- x->verbose = 0;
-+#ifdef WITH_SELINUX
-+ x->preserve_security_context = 0;
-+#endif
- x->xstat = lstat;
- x->dest_info = NULL;
- x->src_info = NULL;
-@@ -324,6 +330,10 @@
- equivalent to --reply=query\n\
- "), stdout);
- fputs (_("\
-+ -c preserve security context when source and\n\
-+ destination are on different file systems\n\
-+"), stdout);
-+ fputs (_("\
- --reply={yes,no,query} specify how to handle the prompt about an\n\
- existing destination file\n\
- --strip-trailing-slashes remove any trailing slashes from each SOURCE\n\
-@@ -387,7 +397,11 @@
+@@ -381,6 +386,10 @@
- errors = 0;
+ cp_option_init (&x);
+#ifdef WITH_SELINUX
-+ while ((c = getopt_long (argc, argv, "bcfiuvS:V:", long_options, NULL)) != -1)
-+#else
- while ((c = getopt_long (argc, argv, "bfiuvS:V:", long_options, NULL)) != -1)
++ selinux_enabled= is_selinux_enabled();
+#endif
- {
- switch (c)
- {
-@@ -406,6 +420,15 @@
- if (optarg)
- version_control_string = optarg;
- break;
-+#ifdef WITH_SELINUX
-+ case 'c':
-+ if (is_selinux_enabled())
-+ x.preserve_security_context = 1;
-+ else
-+ fprintf( stderr, "Warning: ignoring -c. "
-+ "It requires a SELinux enabled kernel.\n" );
-+ break;
-+#endif
- case 'f':
- x.interactive = I_ALWAYS_YES;
- break;
-diff -Nur coreutils-5.0/src/runcon.c coreutils-5.0.new/src/runcon.c
---- coreutils-5.0/src/runcon.c 1970-01-01 01:00:00.000000000 +0100
-+++ coreutils-5.0.new/src/runcon.c 2003-06-20 12:10:08.000000000 +0200
-@@ -0,0 +1,169 @@
++
+ /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
+ we'll actually use backup_suffix_string. */
+ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
+diff -urN coreutils-5.0.org/src/runcon.c coreutils-5.0/src/runcon.c
+--- coreutils-5.0.org/src/runcon.c 1970-01-01 01:00:00.000000000 +0100
++++ coreutils-5.0/src/runcon.c 2003-12-27 12:26:52.959441928 +0100
+@@ -0,0 +1,174 @@
+/*
+ * runcon [ context |
+ * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
+ * 4 N error
+ */
+
++#include <config.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <selinux/context.h>
+#include <selinux/selinux.h>
+#include <errno.h>
++#include "system.h"
+extern int errno;
+
+/* The name the program was run with. */
+void
+usage(char *str)
+{
-+ printf("Usage: %s [OPTION]... command [args]\n"
++ printf(_("Usage: %s [OPTION]... command [args]\n"
+ "Run a program in a different security context.\n\n"
+ " context Complete security context\n"
+ " -t type (for same role as parent)\n"
+ " -u user identity\n"
+ " -r role\n"
+ " -l levelrange\n"
-+ " --help display this help and exit\n",
++ " --help display this help and exit\n"),
+ program_name);
+ exit(1);
+}
+ context_t con;
+
+ program_name = argv[0];
++ setlocale (LC_ALL, "");
++ bindtextdomain (PACKAGE, LOCALEDIR);
++ textdomain (PACKAGE);
+
+ while (1) {
+ int c;
+ switch ( c ) {
+ case 'r':
+ if ( role ) {
-+ fprintf(stderr,"multiple roles\n");
++ fprintf(stderr,_("multiple roles\n"));
+ exit(1);
+ }
+ role = optarg;
+ break;
+ case 't':
+ if ( type ) {
-+ fprintf(stderr,"multiple types\n");
++ fprintf(stderr,_("multiple types\n"));
+ exit(1);
+ }
+ type = optarg;
+ break;
+ case 'u':
+ if ( user ) {
-+ fprintf(stderr,"multiple users\n");
++ fprintf(stderr,_("multiple users\n"));
+ exit(1);
+ }
+ user = optarg;
+ break;
+ case 'l':
+ if ( range ) {
-+ fprintf(stderr,"multiple levelranges\n");
++ fprintf(stderr,_("multiple levelranges\n"));
+ exit(1);
+ }
+ range = optarg;
+ break;
+ default:
-+ fprintf(stderr,"unrecognised option %c\n",c);
++ fprintf(stderr,_("unrecognised option %c\n"),c);
+ case '?':
+ usage(0);
+ break;
+ }
+ if ( !(user || role || type || range)) {
+ if ( optind >= argc ) {
-+ usage("must specify -t, -u, -l, -r, or context");
++ usage(_("must specify -t, -u, -l, -r, or context"));
+ }
+ context = argv[optind++];
+ }
+
+ if ( optind >= argc ) {
-+ usage("no command found");
++ usage(_("no command found"));
+ }
+
+ if ( context ) {
+ con = context_new(context);
+ if (!con) {
-+ fprintf(stderr,"%s is not a valid context\n", context);
++ fprintf(stderr,_("%s is not a valid context\n"), context);
+ exit(1);
+ }
+ }
+ getcon(&cur_context);
+ con = context_new(cur_context);
+ if (!con) {
-+ fprintf(stderr,"%s is not a valid context\n", context);
++ fprintf(stderr,_("%s is not a valid context\n"), context);
+ exit(1);
+ }
+ if ( user ) {
+ }
+
+ if (setexeccon(context_str(con))!=0) {
-+ fprintf(stderr,"unable to setup security context %s\n", context_str(con));
++ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
+ exit(1);
+ }
+ if (cur_context!=NULL)
+ }
+ return 1; /* can't reach this statement.... */
+}
-diff -Nur coreutils-5.0/tests/cp/Makefile.am coreutils-5.0.new/tests/cp/Makefile.am
---- coreutils-5.0/tests/cp/Makefile.am 2003-02-02 21:08:59.000000000 +0100
-+++ coreutils-5.0.new/tests/cp/Makefile.am 2003-06-20 12:10:09.000000000 +0200
-@@ -3,8 +3,8 @@
-
- TESTS = \
- preserve-2 r-vs-symlink link-preserve \
-- backup-1 no-deref-link1 no-deref-link2 no-deref-link3 backup-is-src \
-- same-file cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
-+ backup-1 backup-is-src \
-+ cp-mv-backup symlink-slash slink-2-slink fail-perm dir-slash \
- perm cp-HL special-bits link dir-rm-dest cp-parents deref-slink \
- dir-vs-file into-self
- EXTRA_DIST = $(TESTS)
+diff -urN coreutils-5.0.org/src/stat.c coreutils-5.0/src/stat.c
+--- coreutils-5.0.org/src/stat.c 2003-12-27 12:26:28.951091752 +0100
++++ coreutils-5.0/src/stat.c 2003-12-27 12:26:52.961441624 +0100
+@@ -32,6 +32,13 @@
+ # include <sys/vfs.h>
+ #endif
+
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#define SECURITY_ID_T security_context_t
++#else
++#define SECURITY_ID_T char *
++#endif
++
+ /* NetBSD 1.5.2 needs these, for the declaration of struct statfs. */
+ #if !HAVE_SYS_STATVFS_H && !HAVE_SYS_VFS_H
+ # if HAVE_SYS_MOUNT_H && HAVE_SYS_PARAM_H
+@@ -93,6 +100,7 @@
+ {"dereference", no_argument, 0, 'L'},
+ {"format", required_argument, 0, 'c'},
+ {"filesystem", no_argument, 0, 'f'},
++ {"context", no_argument, 0, 'Z'},
+ {"terse", no_argument, 0, 't'},
+ {GETOPT_HELP_OPTION_DECL},
+ {GETOPT_VERSION_OPTION_DECL},
+@@ -332,7 +340,7 @@
+ /* print statfs info */
+ static void
+ print_statfs (char *pformat, char m, char const *filename,
+- void const *data)
++ void const *data,SECURITY_ID_T scontext)
+ {
+ STRUCT_STATVFS const *statfsbuf = data;
+
+@@ -394,7 +402,10 @@
+ strcat (pformat, PRIdMAX);
+ printf (pformat, (intmax_t) (statfsbuf->f_ffree));
+ break;
+-
++ case 'C':
++ strcat (pformat, "s");
++ printf(scontext);
++ break;
+ default:
+ strcat (pformat, "c");
+ printf (pformat, m);
+@@ -404,7 +415,7 @@
+
+ /* print stat info */
+ static void
+-print_stat (char *pformat, char m, char const *filename, void const *data)
++print_stat (char *pformat, char m, char const *filename, void const *data, SECURITY_ID_T scontext)
+ {
+ struct stat *statbuf = (struct stat *) data;
+ struct passwd *pw_ent;
+@@ -537,6 +548,10 @@
+ strcat (pformat, "d");
+ printf (pformat, (int) statbuf->st_ctime);
+ break;
++ case 'C':
++ strcat (pformat, "s");
++ printf(pformat,scontext);
++ break;
+ default:
+ strcat (pformat, "c");
+ printf (pformat, m);
+@@ -546,8 +561,8 @@
+
+ static void
+ print_it (char const *masterformat, char const *filename,
+- void (*print_func) (char *, char, char const *, void const *),
+- void const *data)
++ void (*print_func) (char *, char, char const *, void const *,SECURITY_ID_T ),
++ void const *data, SECURITY_ID_T scontext)
+ {
+ char *b;
+
+@@ -580,7 +595,7 @@
+ putchar ('%');
+ break;
+ default:
+- print_func (dest, *p, filename, data);
++ print_func (dest, *p, filename, data,scontext);
+ break;
+ }
+ b = p + 1;
+@@ -598,9 +613,17 @@
+
+ /* stat the filesystem and print what we find */
+ static void
+-do_statfs (char const *filename, int terse, char const *format)
++do_statfs (char const *filename, int terse, int secure, char const *format)
+ {
+ STRUCT_STATVFS statfsbuf;
++ SECURITY_ID_T scontext = NULL;
++#ifdef WITH_SELINUX
++ if(secure)
++ if (getfilecon(filename,&scontext)<0) {
++ perror (filename);
++ return;
++ }
++#endif
+ int i = statfs (filename, &statfsbuf);
+
+ if (i == -1)
+@@ -612,23 +635,40 @@
+
+ if (format == NULL)
+ {
+- format = (terse
+- ? "%n %i %l %t %b %f %a %s %c %d"
+- : " File: \"%n\"\n"
+- " ID: %-8i Namelen: %-7l Type: %T\n"
+- "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
+- "Inodes: Total: %-10c Free: %-10d");
+- }
+-
+- print_it (format, filename, print_statfs, &statfsbuf);
++ if (terse) {
++ if(secure)
++ format = "%n %i %l %t %b %f %a %s %c %d %C";
++ else
++ format = "%n %i %l %t %b %f %a %s %c %d";
++ }
++ else
++ {
++ if(secure)
++ format = " File: \"%n\"\n"
++ " ID: %-8i Namelen: %-7l Type: %T\n"
++ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
++ "Inodes: Total: %-10c Free: %-10d\n"
++ " S_Context: %C\n";
++ else
++ format= " File: \"%n\"\n"
++ " ID: %-8i Namelen: %-7l Type: %T\n"
++ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
++ "Inodes: Total: %-10c Free: %-10d";
++ }
++ }
++ print_it (format, filename, print_statfs, &statfsbuf,scontext);
++#ifdef WITH_SELINUX
++ if (scontext != NULL)
++ freecon(scontext);
++#endif
+ }
+-
+ /* stat the file and print what we find */
+ static void
+-do_stat (char const *filename, int follow_links, int terse,
++ do_stat (char const *filename, int follow_links, int terse,int secure,
+ char const *format)
+ {
+ struct stat statbuf;
++ SECURITY_ID_T scontext = NULL;
+ int i = ((follow_links == 1)
+ ? stat (filename, &statbuf)
+ : lstat (filename, &statbuf));
+@@ -639,11 +679,28 @@
+ return;
+ }
+
++#ifdef WITH_SELINUX
++ if(secure) {
++ if (link)
++ i=lgetfilecon(filename, &scontext);
++ else
++ i=getfilecon(filename, &scontext);
++ if (i == -1)
++ {
++ perror (filename);
++ return;
++ }
++ }
++#endif
++
+ if (format == NULL)
+ {
+ if (terse != 0)
+ {
+- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
++ if (secure)
++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C";
++ else
++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
+ }
+ else
+ {
+@@ -651,7 +708,17 @@
+ i = statbuf.st_mode & S_IFMT;
+ if (i == S_IFCHR || i == S_IFBLK)
+ {
+- format =
++ if (secure)
++ format =
++ " File: %N\n"
++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
++ " Device type: %t,%T\n"
++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
++ " S_Context: %C\n"
++ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
++ else
++ format =
+ " File: %N\n"
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
+ "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
+@@ -661,6 +728,15 @@
+ }
+ else
+ {
++ if (secure)
++ format =
++ " File: %N\n"
++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n"
++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
++ "S_Context: %C\n"
++ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
++ else
+ format =
+ " File: %N\n"
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
+@@ -670,7 +746,11 @@
+ }
+ }
+ }
+- print_it (format, filename, print_stat, &statbuf);
++ print_it (format, filename, print_stat, &statbuf,scontext);
++#ifdef WITH_SELINUX
++ if (scontext)
++ freecon(scontext);
++#endif
+ }
+
+ void
+@@ -688,6 +768,7 @@
+ -f, --filesystem display filesystem status instead of file status\n\
+ -c --format=FORMAT use the specified FORMAT instead of the default\n\
+ -L, --dereference follow links\n\
++ -Z, --context print the security context \n\
+ -t, --terse print the information in terse form\n\
+ "), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+@@ -739,6 +820,7 @@
+ %c Total file nodes in file system\n\
+ %d Free file nodes in file system\n\
+ %f Free blocks in file system\n\
++ %C - Security context in SELinux\n\
+ "), stdout);
+ fputs (_("\
+ %i File System id in hex\n\
+@@ -761,6 +843,7 @@
+ int follow_links = 0;
+ int fs = 0;
+ int terse = 0;
++ int secure = 0;
+ char *format = NULL;
+
+ program_name = argv[0];
+@@ -770,7 +853,7 @@
+
+ atexit (close_stdout);
+
+- while ((c = getopt_long (argc, argv, "c:fLlt", long_options, NULL)) != -1)
++ while ((c = getopt_long (argc, argv, "c:fLltZ", long_options, NULL)) != -1)
+ {
+ switch (c)
+ {
+@@ -787,6 +870,14 @@
+ case 't':
+ terse = 1;
+ break;
++ case 'Z':
++ if(is_selinux_enabled())
++ secure = 1;
++ else {
++ error (0, 0, _("Kernel is not SELinux enabled"));
++ usage (EXIT_FAILURE);
++ }
++ break;
+
+ case_GETOPT_HELP_CHAR;
+
+@@ -806,9 +897,9 @@
+ for (i = optind; i < argc; i++)
+ {
+ if (fs == 0)
+- do_stat (argv[i], follow_links, terse, format);
++ do_stat (argv[i], follow_links, terse, secure, format);
+ else
+- do_statfs (argv[i], terse, format);
++ do_statfs (argv[i], terse, secure, format);
+ }
+
+ exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS);
projects / packages / coreutils.git / commitdiff