[packages/findutils.git] / findutils-selinux.patch

--- findutils-4.4.0/find/Makefile.am.orig	2007-07-22 14:29:31.000000000 +0200
+++ findutils-4.4.0/find/Makefile.am	2008-03-16 01:19:36.539333465 +0100
@@ -25,8 +25,9 @@
 endif
 
 EXTRA_DIST = defs.h $(man_MANS)
+DEFS = @DEFS@ -DWITH_SELINUX
 INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
-LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@
+LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@ -lselinux
 man_MANS = find.1
 SUBDIRS = . testsuite
 
--- findutils-4.4.0/find/defs.h.orig	2008-03-10 10:37:21.000000000 +0100
+++ findutils-4.4.0/find/defs.h	2008-03-16 01:22:53.718566717 +0100
@@ -49,6 +49,9 @@
 #include <stdint.h>		/* for uintmax_t */
 #include <sys/stat.h> /* S_ISUID etc. */
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
 
 
 #ifndef CHAR_BIT
@@ -314,6 +317,9 @@
     struct perm_val perm;	/* perm */
     struct samefile_file_id samefileid; /* samefile */
     mode_t type;		/* type */
+#ifdef WITH_SELINUX
+    security_context_t scontext; /* scontext */
+#endif /*WITH_SELINUX*/
     struct format_val printf_vec; /* printf fprintf fprint ls fls print0 fprint0 print */
   } args;
 
@@ -589,6 +595,10 @@
   /* Pointer to the function used to stat files. */
   int (*xstat) (const char *name, struct stat *statbuf);
 
+#ifdef WITH_SELINUX
+  int (*x_getfilecon) ();
+#endif /* WITH_SELINUX */
+
 
   /* Indicate if we can implement safely_chdir() using the O_NOFOLLOW 
    * flag to open(2). 
@@ -657,4 +667,9 @@
 extern char *program_name;
 
 
+#ifdef WITH_SELINUX
+PREDICATEFUNCTION pred_scontext;
+extern int (*x_getfilecon) ();
+#endif /*WITH_SELINUX*/
+
 #endif
--- findutils-4.4.0/find/find.1.orig	2007-12-19 20:53:14.000000000 +0100
+++ findutils-4.4.0/find/find.1	2008-03-16 01:24:14.939206112 +0100
@@ -935,6 +935,10 @@
 .B \-type
 does not check.
 
+.IP "\-context \fIscontext\fR"
+.IP "\-\-context \fIscontext\fR"
+(SELinux only) File has the security context \fIscontext\fR.
+
 .SS ACTIONS
 .IP "\-delete\fR"
 Delete files; true if removal succeeded.  If the removal failed, an
@@ -1340,6 +1344,8 @@
 U=unknown type (shouldn't happen)
 .IP %Y
 File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
+.IP %Z
+(SELinux only) file's security context.
 .PP
 A `%' character followed by any other character is discarded, but the
 other character is printed (don't rely on this, as further format
--- findutils-4.4.0/find/parser.c.orig	2008-03-10 10:37:21.000000000 +0100
+++ findutils-4.4.0/find/parser.c	2008-03-17 20:23:52.047453360 +0100
@@ -53,6 +53,10 @@
 #include <unistd.h> 
 #include <sys/stat.h>
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -156,6 +160,9 @@
 static boolean parse_warn          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 static boolean parse_xtype         PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 static boolean parse_quit          PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+#ifdef WITH_SELINUX
+static boolean parse_scontext      PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
+#endif /*WITH_SELINUX*/
 
 boolean parse_print             PARAMS((const struct parser_table*, char *argv[], int *arg_ptr));
 
@@ -322,6 +329,10 @@
   {ARG_TEST,       "writable",               parse_accesscheck, pred_writable}, /* GNU, 4.3.0+ */
   PARSE_OPTION     ("xdev",                  xdev), /* POSIX */
   PARSE_TEST       ("xtype",                 xtype),	     /* GNU */
+#ifdef WITH_SELINUX
+  PARSE_TEST       ("context",               scontext),      /* SELINUX */
+  PARSE_TEST       ("-context",              scontext),      /* SELINUX */
+#endif /*WITH_SELINUX*/
 #ifdef UNIMPLEMENTED_UNIX
   /* It's pretty ugly for find to know about archive formats.
      Plus what it could do with cpio archives is very limited.
@@ -451,11 +462,17 @@
 	{
 	case SYMLINK_ALWAYS_DEREF:  /* -L */
 	  options.xstat = optionl_stat;
+#ifdef WITH_SELINUX
+	  options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
 	  options.no_leaf_check = true;
 	  break;
 	  
 	case SYMLINK_NEVER_DEREF:	/* -P (default) */
 	  options.xstat = optionp_stat;
+#ifdef WITH_SELINUX
+	  options.x_getfilecon = lgetfilecon;
+#endif /* WITH_SELINUX */
 	  /* Can't turn no_leaf_check off because the user might have specified 
 	   * -noleaf anyway
 	   */
@@ -463,6 +480,9 @@
 	  
 	case SYMLINK_DEREF_ARGSONLY: /* -H */
 	  options.xstat = optionh_stat;
+#ifdef WITH_SELINUX
+	  options.x_getfilecon = getfilecon;
+#endif /* WITH_SELINUX */
 	  options.no_leaf_check = true;
 	}
     }
@@ -1129,6 +1149,10 @@
       -readable -writable -executable\n\
       -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
       -used N -user NAME -xtype [bcdpfls]\n"));
+#ifdef WITH_SELINUX
+  puts (_("\
+      -context CONTEXT\n"));
+#endif /*WITH_SELINUX*/
   puts (_("\
 actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\
       -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\
@@ -2392,6 +2416,30 @@
     }
 }
 
+#ifdef WITH_SELINUX
+
+static boolean
+parse_scontext (const struct parser_table *entry, char **argv, int *arg_ptr)
+{
+  struct predicate *our_pred;
+
+  if ( (argv == NULL) || (argv[*arg_ptr] == NULL) )
+    return( false );
+
+  our_pred = insert_primary_withpred (entry, pred_scontext);
+  our_pred->need_stat = our_pred->need_type = false;
+#ifdef DEBUG
+  our_pred->p_name = find_pred_name (pred_scontext);
+#endif /*DEBUG*/
+
+  our_pred->args.scontext = argv[*arg_ptr];;
+
+  (*arg_ptr)++;
+  return( true );
+}
+
+#endif /*WITH_SELINUX*/
+
 static boolean
 parse_used (const struct parser_table* entry, char **argv, int *arg_ptr)
 {
@@ -2777,7 +2825,11 @@
 	  if (*scan2 == '.')
 	    for (scan2++; ISDIGIT (*scan2); scan2++)
 	      /* Do nothing. */ ;
+#ifdef WITH_SELINUX
+	  if (strchr ("abcdDfFgGhHiklmMnpPsStuUyYZ", *scan2))
+#else  /* WITH_SELINUX */
 	  if (strchr ("abcdDfFgGhHiklmMnpPsStuUyY", *scan2))
+#endif /* WITH_SELINUX */
 	    {
 	      segmentp = make_segment (segmentp, format, scan2 - format,
 				       KIND_FORMAT, *scan2, 0,
--- findutils-4.2.11/find/pred.c.orig	2005-01-03 01:15:48.000000000 +0100
+++ findutils-4.2.11/find/pred.c	2005-01-09 18:22:25.204312920 +0100
@@ -30,6 +30,14 @@
 #include "filemode.h"
 #include "wait.h"
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#endif /*WITH_SELINUX*/
+
+#ifndef FNM_CASEFOLD
+#define FNM_CASEFOLD (1<<4)
+#endif  /*FNM_CASEFOLD*/
+
 #if ENABLE_NLS
 # include <libintl.h>
 # define _(Text) gettext (Text)
@@ -73,7 +81,6 @@
 
 extern int yesno ();
 
-
 /* Get or fake the disk device blocksize.
    Usually defined by sys/param.h (if at all).  */
 #ifndef DEV_BSIZE
@@ -202,6 +209,9 @@
   {pred_used, "used    "},
   {pred_user, "user    "},
   {pred_xtype, "xtype   "},
+#ifdef WITH_SELINUX
+  {pred_scontext, "context"},
+#endif /*WITH_SELINUX*/
   {0, "none    "}
 };
 
@@ -813,6 +823,26 @@
 
 	  }
 	  break;
+#ifdef WITH_SELINUX
+      case 'Z':               /* SELinux security context */
+        {
+          security_context_t scontext;
+          int rv;
+          rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+          if ( rv < 0 ) {
+            (void) fprintf(stderr, "getfileconf(%s): %s",
+                           pathname, strerror(errno));
+            (void) fflush(stderr);
+          }
+          else {
+	      segment->text[segment->text_len] = 's';
+	      checked_fprintf (dest, segment->text, scontext);
+	      freecon(scontext);
+          }
+        }
+        break ;
+#endif /* WITH_SELINUX */
 	}
     }
   return (true);
@@ -1366,6 +1396,31 @@
    */
   return (pred_type (pathname, &sbuf, pred_ptr));
 }
+  
+
+#ifdef WITH_SELINUX
+
+boolean
+pred_scontext (const char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
+{
+  int rv;
+  security_context_t scontext;
+
+  rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
+
+  if ( rv < 0 ) {
+    (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
+    (void) fflush(stderr);
+    return ( false );
+  }
+
+  rv= (strcmp(scontext, pred_ptr->args.scontext) == 0);
+  freecon(scontext);
+  return rv;
+}
+
+#endif /*WITH_SELINUX*/
+
 \f
 /*  1) fork to get a child; parent remembers the child pid
     2) child execs the command requested
--- findutils-4.4.0/find/tree.c.orig	2007-12-20 22:40:35.000000000 +0100
+++ findutils-4.4.0/find/tree.c	2008-03-17 20:21:28.427267235 +0100
@@ -1194,6 +1194,9 @@
   struct predicate *cur_pred;
   const struct parser_table *entry_close, *entry_print, *entry_open;
   int i, oldi;
+#ifdef WITH_SELINUX
+  int is_selinux_enabled_flag;
+#endif /* WITH_SELINUX */
 
   predicates = NULL;
   
@@ -1230,6 +1233,14 @@
 	}
 
       predicate_name = argv[i];
+#ifdef WITH_SELINUX
+      if (! is_selinux_enabled_flag) {
+	if ((strncmp(predicate_name,"-context",strlen("-context"))==0) ||
+	    (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
+	  error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
+	}
+      }
+#endif
       parse_entry = find_parser (predicate_name);
       if (parse_entry == NULL)
 	{
--- findutils-4.4.0/find/util.c.orig	2008-03-10 10:37:22.000000000 +0100
+++ findutils-4.4.0/find/util.c	2008-03-16 01:28:33.177920622 +0100
@@ -97,6 +97,9 @@
   new_pred->pred_func = pred_func;
   new_pred->p_name = entry->parser_name;
   new_pred->args.str = NULL;
+#ifdef WITH_SELINUX
+  new_pred->args.scontext = NULL;
+#endif
   new_pred->p_type = PRIMARY_TYPE;
   new_pred->p_prec = NO_PREC;
   return new_pred;
--- findutils-4.4.0/po/pl.po.orig	2008-03-15 12:43:32.000000000 +0100
+++ findutils-4.4.0/po/pl.po	2008-03-17 20:28:05.717905863 +0100
@@ -453,6 +453,10 @@
 "      -wholename WZORZEC -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n"
 "      -used N -user NAZWA -xtype [bcdpfls]\n"
 
+#: find/parser.c:1154
+msgid "      -context CONTEXT\n"
+msgstr "      -context KONTEKST\n"
+
 #: find/parser.c:1132
 msgid ""
 "actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n"
@@ -755,6 +759,11 @@
 msgid "unknown predicate `%s'"
Commit	Line	Data
72db70f1 JB	1	--- findutils-4.4.0/find/Makefile.am.orig 2007-07-22 14:29:31.000000000 +0200
	2	+++ findutils-4.4.0/find/Makefile.am 2008-03-16 01:19:36.539333465 +0100
	3	@@ -25,8 +25,9 @@
	4	endif
	5
32939b0c	6	EXTRA_DIST = defs.h $(man_MANS)
72db70f1	7	+DEFS = @DEFS@ -DWITH_SELINUX
32939b0c	8	INCLUDES = -I../gnulib/lib -I$(top_srcdir)/lib -I$(top_srcdir)/gnulib/lib -I../intl -DLOCALEDIR=\"$(localedir)\"
72db70f1 JB	9	-LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@
72db70f1 JB	10	+LDADD = ./libfindtools.a ../lib/libfind.a ../gnulib/lib/libgnulib.a @INTLLIBS@ @LIB_CLOCK_GETTIME@ @FINDLIBS@ -lselinux
32939b0c	11	man_MANS = find.1
72db70f1	12	SUBDIRS = . testsuite
32939b0c	13
72db70f1 JB	14	--- findutils-4.4.0/find/defs.h.orig 2008-03-10 10:37:21.000000000 +0100
	15	+++ findutils-4.4.0/find/defs.h 2008-03-16 01:22:53.718566717 +0100
	16	@@ -49,6 +49,9 @@
	17	#include <stdint.h> /* for uintmax_t */
	18	#include <sys/stat.h> /* S_ISUID etc. */
32939b0c JB	19
	20	+#ifdef WITH_SELINUX
	21	+#include <selinux/selinux.h>
	22	+#endif /WITH_SELINUX/
72db70f1 JB	23
	24
	25	#ifndef CHAR_BIT
	26	@@ -314,6 +317,9 @@
	27	struct perm_val perm; /* perm */
	28	struct samefile_file_id samefileid; /* samefile */
32939b0c	29	mode_t type; /* type */
32939b0c JB	30	+#ifdef WITH_SELINUX
	31	+ security_context_t scontext; /* scontext */
	32	+#endif /WITH_SELINUX/
72db70f1	33	struct format_val printf_vec; /* printf fprintf fprint ls fls print0 fprint0 print */
32939b0c JB	34	} args;
32939b0c JB	35
72db70f1	36	@@ -589,6 +595,10 @@
1db50576 JB	37	/* Pointer to the function used to stat files. */
1db50576 JB	38	int (xstat) (const char name, struct stat *statbuf);
72db70f1	39
1db50576 JB	40	+#ifdef WITH_SELINUX
	41	+ int (*x_getfilecon) ();
	42	+#endif /* WITH_SELINUX */
72db70f1	43	+
1db50576	44
72db70f1 JB	45	/* Indicate if we can implement safely_chdir() using the O_NOFOLLOW
	46	* flag to open(2).
	47	@@ -657,4 +667,9 @@
	48	extern char *program_name;
2cf781ec	49
32939b0c JB	50
32939b0c JB	51	+#ifdef WITH_SELINUX
72db70f1	52	+PREDICATEFUNCTION pred_scontext;
32939b0c JB	53	+extern int (*x_getfilecon) ();
	54	+#endif /WITH_SELINUX/
	55	+
dd23e660	56	#endif
72db70f1 JB	57	--- findutils-4.4.0/find/find.1.orig 2007-12-19 20:53:14.000000000 +0100
	58	+++ findutils-4.4.0/find/find.1 2008-03-16 01:24:14.939206112 +0100
	59	@@ -935,6 +935,10 @@
	60	.B \-type
	61	does not check.
	62
32939b0c	63	+.IP "\-context \fIscontext\fR"
72db70f1	64	+.IP "\-\-context \fIscontext\fR"
32939b0c	65	+(SELinux only) File has the security context \fIscontext\fR.
72db70f1	66	+
dace4399	67	.SS ACTIONS
095a6182	68	.IP "\-delete\fR"
72db70f1 JB	69	Delete files; true if removal succeeded. If the removal failed, an
	70	@@ -1340,6 +1344,8 @@
	71	U=unknown type (shouldn't happen)
095a6182 JB	72	.IP %Y
095a6182 JB	73	File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
32939b0c JB	74	+.IP %Z
	75	+(SELinux only) file's security context.
	76	.PP
72db70f1 JB	77	A `%' character followed by any other character is discarded, but the
	78	other character is printed (don't rely on this, as further format
	79	--- findutils-4.4.0/find/parser.c.orig 2008-03-10 10:37:21.000000000 +0100
	80	+++ findutils-4.4.0/find/parser.c 2008-03-17 20:23:52.047453360 +0100
	81	@@ -53,6 +53,10 @@
4c6d4011	82	#include <unistd.h>
72db70f1	83	#include <sys/stat.h>
32939b0c JB	84
	85	+#ifdef WITH_SELINUX
	86	+#include <selinux/selinux.h>
	87	+#endif /WITH_SELINUX/
	88	+
	89	#if ENABLE_NLS
	90	# include <libintl.h>
	91	# define _(Text) gettext (Text)
72db70f1	92	@@ -156,6 +160,9 @@
4c6d4011 JB	93	static boolean parse_warn PARAMS((const struct parser_table, char argv[], int *arg_ptr));
	94	static boolean parse_xtype PARAMS((const struct parser_table, char argv[], int *arg_ptr));
	95	static boolean parse_quit PARAMS((const struct parser_table, char argv[], int *arg_ptr));
32939b0c	96	+#ifdef WITH_SELINUX
4c6d4011	97	+static boolean parse_scontext PARAMS((const struct parser_table, char argv[], int *arg_ptr));
32939b0c JB	98	+#endif /WITH_SELINUX/
32939b0c JB	99
72db70f1	100	boolean parse_print PARAMS((const struct parser_table, char argv[], int *arg_ptr));
4c6d4011	101
72db70f1 JB	102	@@ -322,6 +329,10 @@
	103	{ARG_TEST, "writable", parse_accesscheck, pred_writable}, /* GNU, 4.3.0+ */
	104	PARSE_OPTION ("xdev", xdev), /* POSIX */
4c6d4011	105	PARSE_TEST ("xtype", xtype), /* GNU */
32939b0c	106	+#ifdef WITH_SELINUX
4c6d4011 JB	107	+ PARSE_TEST ("context", scontext), /* SELINUX */
4c6d4011 JB	108	+ PARSE_TEST ("-context", scontext), /* SELINUX */
32939b0c	109	+#endif /WITH_SELINUX/
4c6d4011 JB	110	#ifdef UNIMPLEMENTED_UNIX
	111	/* It's pretty ugly for find to know about archive formats.
	112	Plus what it could do with cpio archives is very limited.
72db70f1 JB	113	@@ -451,11 +462,17 @@
	114	{
	115	case SYMLINK_ALWAYS_DEREF: /* -L */
	116	options.xstat = optionl_stat;
	117	+#ifdef WITH_SELINUX
	118	+ options.x_getfilecon = getfilecon;
	119	+#endif /* WITH_SELINUX */
	120	options.no_leaf_check = true;
	121	break;
	122
	123	case SYMLINK_NEVER_DEREF: /* -P (default) */
	124	options.xstat = optionp_stat;
	125	+#ifdef WITH_SELINUX
	126	+ options.x_getfilecon = lgetfilecon;
	127	+#endif /* WITH_SELINUX */
	128	/* Can't turn no_leaf_check off because the user might have specified
	129	* -noleaf anyway
	130	*/
	131	@@ -463,6 +480,9 @@
	132
	133	case SYMLINK_DEREF_ARGSONLY: /* -H */
	134	options.xstat = optionh_stat;
	135	+#ifdef WITH_SELINUX
	136	+ options.x_getfilecon = getfilecon;
	137	+#endif /* WITH_SELINUX */
	138	options.no_leaf_check = true;
	139	}
	140	}
	141	@@ -1129,6 +1149,10 @@
	142	-readable -writable -executable\n\
095a6182	143	-wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n\
1db50576	144	-used N -user NAME -xtype [bcdpfls]\n"));
32939b0c JB	145	+#ifdef WITH_SELINUX
	146	+ puts (_("\
	147	+ -context CONTEXT\n"));
	148	+#endif /WITH_SELINUX/
	149	puts (_("\
4c6d4011 JB	150	actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n\
4c6d4011 JB	151	-fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit\n\
72db70f1 JB	152	@@ -2392,6 +2416,30 @@
72db70f1 JB	153	}
32939b0c JB	154	}
	155
	156	+#ifdef WITH_SELINUX
	157	+
	158	+static boolean
4c6d4011	159	+parse_scontext (const struct parser_table entry, char argv, int arg_ptr)
32939b0c JB	160	+{
	161	+ struct predicate *our_pred;
	162	+
	163	+ if ( (argv == NULL) \|\| (argv[*arg_ptr] == NULL) )
	164	+ return( false );
	165	+
4c6d4011 JB	166	+ our_pred = insert_primary_withpred (entry, pred_scontext);
4c6d4011 JB	167	+ our_pred->need_stat = our_pred->need_type = false;
32939b0c JB	168	+#ifdef DEBUG
	169	+ our_pred->p_name = find_pred_name (pred_scontext);
	170	+#endif /DEBUG/
	171	+
	172	+ our_pred->args.scontext = argv[*arg_ptr];;
	173	+
	174	+ (*arg_ptr)++;
	175	+ return( true );
	176	+}
	177	+
	178	+#endif /WITH_SELINUX/
	179	+
	180	static boolean
4c6d4011	181	parse_used (const struct parser_table* entry, char *argv, int arg_ptr)
32939b0c	182	{
72db70f1	183	@@ -2777,7 +2825,11 @@
32939b0c JB	184	if (*scan2 == '.')
	185	for (scan2++; ISDIGIT (*scan2); scan2++)
	186	/* Do nothing. */ ;
32939b0c	187	+#ifdef WITH_SELINUX
72db70f1	188	+ if (strchr ("abcdDfFgGhHiklmMnpPsStuUyYZ", *scan2))
32939b0c	189	+#else /* WITH_SELINUX */
72db70f1	190	if (strchr ("abcdDfFgGhHiklmMnpPsStuUyY", *scan2))
32939b0c JB	191	+#endif /* WITH_SELINUX */
	192	{
	193	segmentp = make_segment (segmentp, format, scan2 - format,
72db70f1	194	KIND_FORMAT, *scan2, 0,
1db50576 JB	195	--- findutils-4.2.11/find/pred.c.orig 2005-01-03 01:15:48.000000000 +0100
	196	+++ findutils-4.2.11/find/pred.c 2005-01-09 18:22:25.204312920 +0100
	197	@@ -30,6 +30,14 @@
	198	#include "filemode.h"
32939b0c JB	199	#include "wait.h"
	200
	201	+#ifdef WITH_SELINUX
	202	+#include <selinux/selinux.h>
	203	+#endif /WITH_SELINUX/
	204	+
	205	+#ifndef FNM_CASEFOLD
	206	+#define FNM_CASEFOLD (1<<4)
	207	+#endif /FNM_CASEFOLD/
	208	+
	209	#if ENABLE_NLS
	210	# include <libintl.h>
	211	# define _(Text) gettext (Text)
1db50576	212	@@ -73,7 +81,6 @@
32939b0c JB	213
	214	extern int yesno ();
	215
	216	-
	217	/* Get or fake the disk device blocksize.
	218	Usually defined by sys/param.h (if at all). */
	219	#ifndef DEV_BSIZE
1db50576	220	@@ -202,6 +209,9 @@
32939b0c JB	221	{pred_used, "used "},
	222	{pred_user, "user "},
	223	{pred_xtype, "xtype "},
	224	+#ifdef WITH_SELINUX
	225	+ {pred_scontext, "context"},
	226	+#endif /WITH_SELINUX/
	227	{0, "none "}
	228	};
	229
1db50576 JB	230	@@ -813,6 +823,26 @@
	231
	232	}
32939b0c JB	233	break;
	234	+#ifdef WITH_SELINUX
	235	+ case 'Z': /* SELinux security context */
	236	+ {
	237	+ security_context_t scontext;
	238	+ int rv;
1db50576	239	+ rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
32939b0c JB	240	+
	241	+ if ( rv < 0 ) {
	242	+ (void) fprintf(stderr, "getfileconf(%s): %s",
	243	+ pathname, strerror(errno));
	244	+ (void) fflush(stderr);
	245	+ }
	246	+ else {
	247	+ segment->text[segment->text_len] = 's';
72db70f1	248	+ checked_fprintf (dest, segment->text, scontext);
32939b0c JB	249	+ freecon(scontext);
	250	+ }
	251	+ }
	252	+ break ;
	253	+#endif /* WITH_SELINUX */
	254	}
	255	}
	256	return (true);
1db50576 JB	257	@@ -1366,6 +1396,31 @@
1db50576 JB	258	*/
32939b0c JB	259	return (pred_type (pathname, &sbuf, pred_ptr));
	260	}
	261	+
	262	+
	263	+#ifdef WITH_SELINUX
	264	+
	265	+boolean
72db70f1	266	+pred_scontext (const char pathname, struct stat stat_buf, struct predicate *pred_ptr)
32939b0c JB	267	+{
	268	+ int rv;
	269	+ security_context_t scontext;
	270	+
1db50576	271	+ rv = (*options.x_getfilecon)(state.rel_pathname, &scontext);
32939b0c JB	272	+
	273	+ if ( rv < 0 ) {
	274	+ (void) fprintf(stderr, "getfilecon(%s): %s\n", pathname, strerror(errno));
	275	+ (void) fflush(stderr);
	276	+ return ( false );
	277	+ }
	278	+
1db50576	279	+ rv= (strcmp(scontext, pred_ptr->args.scontext) == 0);
32939b0c JB	280	+ freecon(scontext);
	281	+ return rv;
	282	+}
	283	+
	284	+#endif /WITH_SELINUX/
	285	+
	286	\f
	287	/* 1) fork to get a child; parent remembers the child pid
	288	2) child execs the command requested
72db70f1 JB	289	--- findutils-4.4.0/find/tree.c.orig 2007-12-20 22:40:35.000000000 +0100
	290	+++ findutils-4.4.0/find/tree.c 2008-03-17 20:21:28.427267235 +0100
	291	@@ -1194,6 +1194,9 @@
	292	struct predicate *cur_pred;
	293	const struct parser_table entry_close, entry_print, *entry_open;
	294	int i, oldi;
	295	+#ifdef WITH_SELINUX
	296	+ int is_selinux_enabled_flag;
	297	+#endif /* WITH_SELINUX */
	298
	299	predicates = NULL;
	300
	301	@@ -1230,6 +1233,14 @@
	302	}
	303
	304	predicate_name = argv[i];
	305	+#ifdef WITH_SELINUX
	306	+ if (! is_selinux_enabled_flag) {
	307	+ if ((strncmp(predicate_name,"-context",strlen("-context"))==0) \|\|
	308	+ (strncmp(predicate_name,"--context",strlen("--context"))==0)) {
	309	+ error (1, 0,_("Error: invalid predicate %s: the kernel is not SELinux-enabled.\n"),predicate_name);
	310	+ }
	311	+ }
	312	+#endif
	313	parse_entry = find_parser (predicate_name);
	314	if (parse_entry == NULL)
	315	{
	316	--- findutils-4.4.0/find/util.c.orig 2008-03-10 10:37:22.000000000 +0100
	317	+++ findutils-4.4.0/find/util.c 2008-03-16 01:28:33.177920622 +0100
	318	@@ -97,6 +97,9 @@
	319	new_pred->pred_func = pred_func;
	320	new_pred->p_name = entry->parser_name;
	321	new_pred->args.str = NULL;
32939b0c	322	+#ifdef WITH_SELINUX
72db70f1	323	+ new_pred->args.scontext = NULL;
32939b0c	324	+#endif
72db70f1 JB	325	new_pred->p_type = PRIMARY_TYPE;
	326	new_pred->p_prec = NO_PREC;
	327	return new_pred;
	328	--- findutils-4.4.0/po/pl.po.orig 2008-03-15 12:43:32.000000000 +0100
	329	+++ findutils-4.4.0/po/pl.po 2008-03-17 20:28:05.717905863 +0100
	330	@@ -453,6 +453,10 @@
	331	" -wholename WZORZEC -size N[bcwkMG] -true -type [bcdpflsD] -uid N\n"
	332	" -used N -user NAZWA -xtype [bcdpfls]\n"
	333
	334	+#: find/parser.c:1154
	335	+msgid " -context CONTEXT\n"
	336	+msgstr " -context KONTEKST\n"
	337	+
	338	#: find/parser.c:1132
	339	msgid ""
	340	"actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print \n"
	341	@@ -755,6 +759,11 @@
	342	msgid "unknown predicate `%s'"
	343