Blame SOURCES/coreutils-selinux.patch

47d86b
diff -urNp coreutils-8.21-orig/configure.ac coreutils-8.21/configure.ac
47d86b
--- coreutils-8.21-orig/configure.ac	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/configure.ac	2013-02-15 14:31:58.937482694 +0100
47d86b
@@ -204,6 +204,13 @@ if test "$gl_gcc_warnings" = yes; then
47d86b
   AC_SUBST([GNULIB_TEST_WARN_CFLAGS])
47d86b
 fi
47d86b
 
47d86b
+dnl Give the chance to enable SELINUX
47d86b
+AC_ARG_ENABLE(selinux, dnl
47d86b
+[  --enable-selinux              Enable use of the SELINUX libraries],
47d86b
+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
47d86b
+LIB_SELINUX="-lselinux"
47d86b
+AC_SUBST(LIB_SELINUX)])
47d86b
+
47d86b
 AC_FUNC_FORK
47d86b
 
47d86b
 optional_bin_progs=
47d86b
diff -urNp coreutils-8.21-orig/init.cfg coreutils-8.21/init.cfg
47d86b
--- coreutils-8.21-orig/init.cfg	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/init.cfg	2013-02-15 14:31:58.957469955 +0100
47d86b
@@ -308,8 +308,8 @@ require_selinux_()
47d86b
 
47d86b
   # Independent of whether SELinux is enabled system-wide,
47d86b
   # the current file system may lack SELinux support.
47d86b
-  case $(ls -Zd .) in
47d86b
-    '? .'|'unlabeled .')
47d86b
+  case $(ls -Zd . | cut -f4 -d" ") in
47d86b
+    '?'|'unlabeled')
47d86b
       skip_ "this system (or maybe just" \
47d86b
         "the current file system) lacks SELinux support"
47d86b
     ;;
47d86b
diff -urNp coreutils-8.21-orig/man/chcon.x coreutils-8.21/man/chcon.x
47d86b
--- coreutils-8.21-orig/man/chcon.x	2011-08-23 15:44:01.000000000 +0200
47d86b
+++ coreutils-8.21/man/chcon.x	2013-02-15 14:31:58.937482694 +0100
47d86b
@@ -1,4 +1,4 @@
47d86b
 [NAME]
47d86b
-chcon \- change file security context
47d86b
+chcon \- change file SELinux security context
47d86b
 [DESCRIPTION]
47d86b
 .\" Add any additional description here
47d86b
diff -urNp coreutils-8.21-orig/man/runcon.x coreutils-8.21/man/runcon.x
47d86b
--- coreutils-8.21-orig/man/runcon.x	2011-08-23 15:44:01.000000000 +0200
47d86b
+++ coreutils-8.21/man/runcon.x	2013-02-15 14:31:58.938486496 +0100
47d86b
@@ -1,5 +1,5 @@
47d86b
 [NAME]
47d86b
-runcon \- run command with specified security context
47d86b
+runcon \- run command with specified SELinux security context
47d86b
 [DESCRIPTION]
47d86b
 Run COMMAND with completely-specified CONTEXT, or with current or
47d86b
 transitioned security context modified by one or more of LEVEL,
47d86b
diff -urNp coreutils-8.21-orig/src/chcon.c coreutils-8.21/src/chcon.c
47d86b
--- coreutils-8.21-orig/src/chcon.c	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/src/chcon.c	2013-02-15 14:31:58.939469828 +0100
47d86b
@@ -355,7 +355,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\
47d86b
 "),
47d86b
         program_name, program_name, program_name);
47d86b
       fputs (_("\
47d86b
-Change the security context of each FILE to CONTEXT.\n\
47d86b
+Change the SELinux security context of each FILE to CONTEXT.\n\
47d86b
 With --reference, change the security context of each FILE to that of RFILE.\n\
47d86b
 "), stdout);
47d86b
 
47d86b
diff -urNp coreutils-8.21-orig/src/copy.c coreutils-8.21/src/copy.c
47d86b
--- coreutils-8.21-orig/src/copy.c	2013-02-07 10:37:05.000000000 +0100
47d86b
+++ coreutils-8.21/src/copy.c	2013-02-15 14:31:58.941467872 +0100
47d86b
@@ -2315,6 +2315,8 @@ copy_internal (char const *src_name, cha
47d86b
         {
47d86b
           /* Here, we are crossing a file system boundary and cp's -x option
47d86b
              is in effect: so don't copy the contents of this directory. */
47d86b
+        if (x->preserve_security_context)
47d86b
+           restore_default_fscreatecon_or_die ();
47d86b
         }
47d86b
       else
47d86b
         {
47d86b
diff -urNp coreutils-8.21-orig/src/copy.h coreutils-8.21/src/copy.h
47d86b
--- coreutils-8.21-orig/src/copy.h	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/src/copy.h	2013-02-15 14:31:58.943470982 +0100
47d86b
@@ -159,6 +159,9 @@ struct cp_options
47d86b
   bool preserve_timestamps;
47d86b
   bool explicit_no_preserve_mode;
47d86b
 
47d86b
+  /* If true, attempt to set specified security context */
47d86b
+  bool set_security_context;
47d86b
+
47d86b
   /* Enabled for mv, and for cp by the --preserve=links option.
47d86b
      If true, attempt to preserve in the destination files any
47d86b
      logical hard links between the source files.  If used with cp's
47d86b
diff -urNp coreutils-8.21-orig/src/cp.c coreutils-8.21/src/cp.c
47d86b
--- coreutils-8.21-orig/src/cp.c	2013-02-07 10:37:05.000000000 +0100
47d86b
+++ coreutils-8.21/src/cp.c	2013-02-15 14:31:58.945468929 +0100
47d86b
@@ -141,6 +141,7 @@ static struct option const long_opts[] =
47d86b
   {"target-directory", required_argument, NULL, 't'},
47d86b
   {"update", no_argument, NULL, 'u'},
47d86b
   {"verbose", no_argument, NULL, 'v'},
47d86b
+  {"context", required_argument, NULL, 'Z'},
47d86b
   {GETOPT_HELP_OPTION_DECL},
47d86b
   {GETOPT_VERSION_OPTION_DECL},
47d86b
   {NULL, 0, NULL, 0}
47d86b
@@ -201,6 +202,9 @@ Copy SOURCE to DEST, or multiple SOURCE(
47d86b
                                  all\n\
47d86b
 "), stdout);
47d86b
       fputs (_("\
47d86b
+  -c                           same as --preserve=context\n\
47d86b
+"), stdout);
47d86b
+      fputs (_("\
47d86b
       --no-preserve=ATTR_LIST  don't preserve the specified attributes\n\
47d86b
       --parents                use full source file name under DIRECTORY\n\
47d86b
 "), stdout);
47d86b
@@ -227,6 +231,7 @@ Copy SOURCE to DEST, or multiple SOURCE(
47d86b
                                  destination file is missing\n\
47d86b
   -v, --verbose                explain what is being done\n\
47d86b
   -x, --one-file-system        stay on this file system\n\
47d86b
+  -Z, --context=CONTEXT        set security context of copy to CONTEXT\n\
47d86b
 "), stdout);
47d86b
       fputs (HELP_OPTION_DESCRIPTION, stdout);
47d86b
       fputs (VERSION_OPTION_DESCRIPTION, stdout);
47d86b
@@ -784,6 +789,7 @@ cp_option_init (struct cp_options *x)
47d86b
   x->explicit_no_preserve_mode = false;
47d86b
   x->preserve_security_context = false;
47d86b
   x->require_preserve_context = false;
47d86b
+  x->set_security_context = false;
47d86b
   x->preserve_xattr = false;
47d86b
   x->reduce_diagnostics = false;
47d86b
   x->require_preserve_xattr = false;
47d86b
@@ -933,7 +939,7 @@ main (int argc, char **argv)
47d86b
      we'll actually use backup_suffix_string.  */
47d86b
   backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
47d86b
 
47d86b
-  while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T",
47d86b
+  while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:",
47d86b
                            long_opts, NULL))
47d86b
          != -1)
47d86b
     {
47d86b
@@ -981,6 +987,16 @@ main (int argc, char **argv)
47d86b
           copy_contents = true;
47d86b
           break;
47d86b
 
47d86b
+        case 'c':
47d86b
+          if ( x.set_security_context ) { 
47d86b
+              (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
47d86b
+             exit( 1 );
47d86b
+           }
47d86b
+           else if (selinux_enabled) {
47d86b
+              x.preserve_security_context = true;
47d86b
+              x.require_preserve_context = true;
47d86b
+           }
47d86b
+          break;
47d86b
         case 'd':
47d86b
           x.preserve_links = true;
47d86b
           x.dereference = DEREF_NEVER;
47d86b
@@ -1091,6 +1107,27 @@ main (int argc, char **argv)
47d86b
           x.one_file_system = true;
47d86b
           break;
47d86b
 
47d86b
+
47d86b
+        case 'Z':
47d86b
+          /* politely decline if we're not on a selinux-enabled kernel. */
47d86b
+          if( !selinux_enabled ) {
47d86b
+             fprintf( stderr, "Warning:  ignoring --context (-Z). "
47d86b
+                              "It requires a SELinux enabled kernel.\n" );
47d86b
+             break;
47d86b
+         }
47d86b
+         if ( x.preserve_security_context ) {
47d86b
+            (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
47d86b
+            exit( 1 );
47d86b
+         }
47d86b
+         x.set_security_context = true;
47d86b
+         /* if there's a security_context given set new path 
47d86b
+            components to that context, too */
47d86b
+         if ( setfscreatecon(optarg) < 0 ) {
47d86b
+            (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg);
47d86b
+            exit( 1 );
47d86b
+         }
47d86b
+         break;
47d86b
+
47d86b
         case 'S':
47d86b
           make_backups = true;
47d86b
           backup_suffix_string = optarg;
47d86b
diff -urNp coreutils-8.21-orig/src/id.c coreutils-8.21/src/id.c
47d86b
--- coreutils-8.21-orig/src/id.c	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/src/id.c	2013-02-15 14:31:58.946469154 +0100
47d86b
@@ -106,7 +106,7 @@ int
47d86b
 main (int argc, char **argv)
47d86b
 {
47d86b
   int optc;
47d86b
-  int selinux_enabled = (is_selinux_enabled () > 0);
47d86b
+  bool selinux_enabled = (is_selinux_enabled () > 0);
47d86b
 
47d86b
   /* If true, output the list of all group IDs. -G */
47d86b
   bool just_group_list = false;
47d86b
diff -urNp coreutils-8.21-orig/src/install.c coreutils-8.21/src/install.c
47d86b
--- coreutils-8.21-orig/src/install.c	2013-02-07 10:37:05.000000000 +0100
47d86b
+++ coreutils-8.21/src/install.c	2013-02-15 14:31:58.948469440 +0100
47d86b
@@ -280,6 +280,7 @@ cp_option_init (struct cp_options *x)
47d86b
   x->data_copy_required = true;
47d86b
   x->require_preserve = false;
47d86b
   x->require_preserve_context = false;
47d86b
+  x->set_security_context = false;
47d86b
   x->require_preserve_xattr = false;
47d86b
   x->recursive = false;
47d86b
   x->sparse_mode = SPARSE_AUTO;
47d86b
@@ -639,7 +640,7 @@ In the 4th form, create all components o
47d86b
   -v, --verbose       print the name of each directory as it is created\n\
47d86b
 "), stdout);
47d86b
       fputs (_("\
47d86b
-      --preserve-context  preserve SELinux security context\n\
47d86b
+  -P, --preserve-context  preserve SELinux security context\n\
47d86b
   -Z, --context=CONTEXT  set SELinux security context of files and directories\
47d86b
 \n\
47d86b
 "), stdout);
47d86b
@@ -782,7 +783,7 @@ main (int argc, char **argv)
47d86b
      we'll actually use backup_suffix_string.  */
47d86b
   backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
47d86b
 
47d86b
-  while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options,
47d86b
+  while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options,
47d86b
                               NULL)) != -1)
47d86b
     {
47d86b
       switch (optc)
47d86b
@@ -853,6 +854,7 @@ main (int argc, char **argv)
47d86b
           no_target_directory = true;
47d86b
           break;
47d86b
 
47d86b
+        case 'P':
47d86b
         case PRESERVE_CONTEXT_OPTION:
47d86b
           if ( ! selinux_enabled)
47d86b
             {
47d86b
@@ -860,6 +862,10 @@ main (int argc, char **argv)
47d86b
                              "this kernel is not SELinux-enabled"));
47d86b
               break;
47d86b
             }
47d86b
+          if ( x.set_security_context ) {
47d86b
+             (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
47d86b
+             exit( 1 );
47d86b
+          }
47d86b
           x.preserve_security_context = true;
47d86b
           use_default_selinux_context = false;
47d86b
           break;
47d86b
@@ -871,6 +877,7 @@ main (int argc, char **argv)
47d86b
               break;
47d86b
             }
47d86b
           scontext = optarg;
47d86b
+          x.set_security_context = true;
47d86b
           use_default_selinux_context = false;
47d86b
           break;
47d86b
         case_GETOPT_HELP_CHAR;
47d86b
diff -urNp coreutils-8.21-orig/src/ls.c coreutils-8.21/src/ls.c
47d86b
--- coreutils-8.21-orig/src/ls.c	2013-02-03 04:24:02.000000000 +0100
47d86b
+++ coreutils-8.21/src/ls.c	2013-02-15 14:31:58.953469008 +0100
47d86b
@@ -165,7 +165,8 @@ enum filetype
47d86b
     symbolic_link,
47d86b
     sock,
47d86b
     whiteout,
47d86b
-    arg_directory
47d86b
+    arg_directory,
47d86b
+    command_line
47d86b
   };
47d86b
 
47d86b
 /* Display letters and indicators for each filetype.
47d86b
@@ -281,6 +282,7 @@ static void queue_directory (char const 
47d86b
                              bool command_line_arg);
47d86b
 static void sort_files (void);
47d86b
 static void parse_ls_color (void);
47d86b
+static void print_scontext_format (const struct fileinfo *f);
47d86b
 
47d86b
 /* Initial size of hash table.
47d86b
    Most hierarchies are likely to be shallower than this.  */
47d86b
@@ -350,7 +352,7 @@ static struct pending *pending_dirs;
47d86b
 
47d86b
 static struct timespec current_time;
47d86b
 
47d86b
-static bool print_scontext;
47d86b
+static int print_scontext = 0;
47d86b
 static char UNKNOWN_SECURITY_CONTEXT[] = "?";
47d86b
 
47d86b
 /* Whether any of the files has an ACL.  This affects the width of the
47d86b
@@ -390,7 +392,9 @@ enum format
47d86b
     one_per_line,		/* -1 */
47d86b
     many_per_line,		/* -C */
47d86b
     horizontal,			/* -x */
47d86b
-    with_commas			/* -m */
47d86b
+    with_commas,			/* -m */
47d86b
+    security_format, /* -Z */
47d86b
+    invalid_format
47d86b
   };
47d86b
 
47d86b
 static enum format format;
47d86b
@@ -793,6 +797,9 @@ enum
47d86b
   SHOW_CONTROL_CHARS_OPTION,
47d86b
   SI_OPTION,
47d86b
   SORT_OPTION,
47d86b
+  CONTEXT_OPTION,
47d86b
+  LCONTEXT_OPTION,
47d86b
+  SCONTEXT_OPTION,
47d86b
   TIME_OPTION,
47d86b
   TIME_STYLE_OPTION
47d86b
 };
47d86b
@@ -839,7 +846,9 @@ static struct option const long_options[
47d86b
   {"time-style", required_argument, NULL, TIME_STYLE_OPTION},
47d86b
   {"color", optional_argument, NULL, COLOR_OPTION},
47d86b
   {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
47d86b
-  {"context", no_argument, 0, 'Z'},
47d86b
+  {"context", no_argument, 0, CONTEXT_OPTION},
47d86b
+  {"lcontext", no_argument, 0, LCONTEXT_OPTION},
47d86b
+  {"scontext", no_argument, 0, SCONTEXT_OPTION},
47d86b
   {"author", no_argument, NULL, AUTHOR_OPTION},
47d86b
   {GETOPT_HELP_OPTION_DECL},
47d86b
   {GETOPT_VERSION_OPTION_DECL},
47d86b
@@ -849,12 +858,12 @@ static struct option const long_options[
47d86b
 static char const *const format_args[] =
47d86b
 {
47d86b
   "verbose", "long", "commas", "horizontal", "across",
47d86b
-  "vertical", "single-column", NULL
47d86b
+  "vertical", "single-column", "context", NULL
47d86b
 };
47d86b
 static enum format const format_types[] =
47d86b
 {
47d86b
   long_format, long_format, with_commas, horizontal, horizontal,
47d86b
-  many_per_line, one_per_line
47d86b
+  many_per_line, one_per_line, security_format
47d86b
 };
47d86b
 ARGMATCH_VERIFY (format_args, format_types);
47d86b
 
47d86b
@@ -1296,7 +1305,8 @@ main (int argc, char **argv)
47d86b
       /* Avoid following symbolic links when possible.  */
47d86b
       if (is_colored (C_ORPHAN)
47d86b
           || (is_colored (C_EXEC) && color_symlink_as_referent)
47d86b
-          || (is_colored (C_MISSING) && format == long_format))
47d86b
+          || (is_colored (C_MISSING) && (format == long_format
47d86b
+              || format == security_format)))
47d86b
         check_symlink_color = true;
47d86b
 
47d86b
       /* If the standard output is a controlling terminal, watch out
47d86b
@@ -1343,7 +1353,7 @@ main (int argc, char **argv)
47d86b
   if (dereference == DEREF_UNDEFINED)
47d86b
     dereference = ((immediate_dirs
47d86b
                     || indicator_style == classify
47d86b
-                    || format == long_format)
47d86b
+                    || format == long_format || format == security_format)
47d86b
                    ? DEREF_NEVER
47d86b
                    : DEREF_COMMAND_LINE_SYMLINK_TO_DIR);
47d86b
 
47d86b
@@ -1363,7 +1373,7 @@ main (int argc, char **argv)
47d86b
 
47d86b
   format_needs_stat = sort_type == sort_time || sort_type == sort_size
47d86b
     || format == long_format
47d86b
-    || print_scontext
47d86b
+    || format == security_format || print_scontext
47d86b
     || print_block_size;
47d86b
   format_needs_type = (! format_needs_stat
47d86b
                        && (recursive
47d86b
@@ -1394,7 +1404,7 @@ main (int argc, char **argv)
47d86b
     }
47d86b
   else
47d86b
     do
47d86b
-      gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, "");
47d86b
+      gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, "");
47d86b
     while (i < argc);
47d86b
 
47d86b
   if (cwd_n_used)
47d86b
@@ -1565,7 +1575,7 @@ decode_switches (int argc, char **argv)
47d86b
   ignore_mode = IGNORE_DEFAULT;
47d86b
   ignore_patterns = NULL;
47d86b
   hide_patterns = NULL;
47d86b
-  print_scontext = false;
47d86b
+  print_scontext = 0;
47d86b
 
47d86b
   /* FIXME: put this in a function.  */
47d86b
   {
47d86b
@@ -1941,13 +1951,27 @@ decode_switches (int argc, char **argv)
47d86b
           break;
47d86b
 
47d86b
         case 'Z':
47d86b
-          print_scontext = true;
47d86b
+          print_scontext = 1;
47d86b
+    format = security_format;
47d86b
           break;
47d86b
 
47d86b
         case_GETOPT_HELP_CHAR;
47d86b
 
47d86b
         case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
47d86b
 
47d86b
+  case CONTEXT_OPTION: /* default security context format */
47d86b
+                print_scontext = 1;
47d86b
+                format = security_format;
47d86b
+                break;
47d86b
+        case LCONTEXT_OPTION: /* long format plus security context */
47d86b
+                print_scontext = 1;
47d86b
+                format = long_format;
47d86b
+                break;
47d86b
+        case SCONTEXT_OPTION: /* short form of new security format */
47d86b
+                print_scontext = 0;
47d86b
+                format = security_format;
47d86b
+                break;
47d86b
+
47d86b
         default:
47d86b
           usage (LS_FAILURE);
47d86b
         }
47d86b
@@ -2883,6 +2907,7 @@ gobble_file (char const *name, enum file
47d86b
   memset (f, '\0', sizeof *f);
47d86b
   f->stat.st_ino = inode;
47d86b
   f->filetype = type;
47d86b
+  f->scontext = NULL;
47d86b
 
47d86b
   if (command_line_arg
47d86b
       || format_needs_stat
47d86b
@@ -2995,7 +3020,7 @@ gobble_file (char const *name, enum file
47d86b
           && print_with_color && is_colored (C_CAP))
47d86b
         f->has_capability = has_capability_cache (absolute_name, f);
47d86b
 
47d86b
-      if (format == long_format || print_scontext)
47d86b
+      if (format == long_format || format == security_format || print_scontext)
47d86b
         {
47d86b
           bool have_selinux = false;
47d86b
           bool have_acl = false;
47d86b
@@ -3016,7 +3041,7 @@ gobble_file (char const *name, enum file
47d86b
                 err = 0;
47d86b
             }
47d86b
 
47d86b
-          if (err == 0 && format == long_format)
47d86b
+          if (err == 0 && (format == long_format || format == security_format))
47d86b
             {
47d86b
               int n = file_has_acl_cache (absolute_name, f);
47d86b
               err = (n < 0);
47d86b
@@ -3035,7 +3060,8 @@ gobble_file (char const *name, enum file
47d86b
         }
47d86b
 
47d86b
       if (S_ISLNK (f->stat.st_mode)
47d86b
-          && (format == long_format || check_symlink_color))
47d86b
+          && (format == long_format || format == security_format
47d86b
+              || check_symlink_color))
47d86b
         {
47d86b
           struct stat linkstats;
47d86b
 
47d86b
@@ -3054,6 +3080,7 @@ gobble_file (char const *name, enum file
47d86b
                  command line are automatically traced if not being
47d86b
                  listed as files.  */
47d86b
               if (!command_line_arg || format == long_format
47d86b
+                  || format == security_format
47d86b
                   || !S_ISDIR (linkstats.st_mode))
47d86b
                 {
47d86b
                   /* Get the linked-to file's mode for the filetype indicator
47d86b
@@ -3087,7 +3114,7 @@ gobble_file (char const *name, enum file
47d86b
             block_size_width = len;
47d86b
         }
47d86b
 
47d86b
-      if (format == long_format)
47d86b
+      if (format == long_format || format == security_format)
47d86b
         {
47d86b
           if (print_owner)
47d86b
             {
47d86b
@@ -3591,6 +3618,13 @@ print_current_files (void)
47d86b
           print_long_format (sorted_file[i]);
47d86b
           DIRED_PUTCHAR ('\n');
47d86b
         }
47d86b
+     break;
47d86b
+    case security_format:
47d86b
+      for (i = 0; i < cwd_n_used; i++)
47d86b
+      {
47d86b
+        print_scontext_format (sorted_file[i]);
47d86b
+        DIRED_PUTCHAR ('\n');
47d86b
+      }
47d86b
       break;
47d86b
     }
47d86b
 }
47d86b
@@ -3753,6 +3787,67 @@ format_inode (char *buf, size_t buflen, 
47d86b
           : (char *) "?");
47d86b
 }
47d86b
 
47d86b
+/* Print info about f in scontext format */
47d86b
+static void
47d86b
+print_scontext_format (const struct fileinfo *f)
47d86b
+{
47d86b
+  char modebuf[12];
47d86b
+
47d86b
+  /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
47d86b
+     1 10-byte mode string,
47d86b
+     9 spaces, one following each of these fields, and
47d86b
+     1 trailing NUL byte.  */
47d86b
+
47d86b
+  char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10  + 9 + 1];
47d86b
+  char *buf = init_bigbuf;
47d86b
+  char *p;
47d86b
+
47d86b
+  p = buf;
47d86b
+
47d86b
+  if ( print_scontext ) { /* zero means terse listing */
47d86b
+    filemodestring (&f->stat, modebuf);
47d86b
+    if (! any_has_acl)
47d86b
+      modebuf[10] = '\0';
47d86b
+    else if (f->acl_type == ACL_T_SELINUX_ONLY)
47d86b
+      modebuf[10] = '.';
47d86b
+    else if (f->acl_type == ACL_T_YES)
47d86b
+      modebuf[10] = '+';
47d86b
+    modebuf[11] = '\0';
47d86b
+
47d86b
+    /* print mode */
47d86b
+
47d86b
+    (void) sprintf (p, "%s ", modebuf);
47d86b
+    p += strlen (p);
47d86b
+
47d86b
+    /* print standard user and group */
47d86b
+
47d86b
+    DIRED_FPUTS (buf, stdout, p - buf);
47d86b
+    format_user (f->stat.st_uid, owner_width, f->stat_ok);
47d86b
+    format_group (f->stat.st_gid, group_width, f->stat_ok);
47d86b
+    p = buf;
47d86b
+  }
47d86b
+
47d86b
+  (void) sprintf (p, "%-32s ", f->scontext ?: "");
47d86b
+  p += strlen (p);
47d86b
+
47d86b
+  DIRED_INDENT ();
47d86b
+  DIRED_FPUTS (buf, stdout, p - buf);
47d86b
+  size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf);
47d86b
+
47d86b
+  if (f->filetype == symbolic_link) {
47d86b
+      if (f->linkname) {
47d86b
+          DIRED_FPUTS_LITERAL (" -> ", stdout);
47d86b
+          print_name_with_quoting (f, true, NULL, (p - buf) + w + 4);
47d86b
+          if (indicator_style != none)
47d86b
+            print_type_indicator (f->stat_ok, f->linkmode, f->filetype);
47d86b
+      }
47d86b
+  }
47d86b
+  else {
47d86b
+    if (indicator_style != none)
47d86b
+      print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);
47d86b
+  }
47d86b
+}
47d86b
+
47d86b
 /* Print information about F in long format.  */
47d86b
 static void
47d86b
 print_long_format (const struct fileinfo *f)
47d86b
@@ -3844,9 +3939,15 @@ print_long_format (const struct fileinfo
47d86b
      The latter is wrong when nlink_width is zero.  */
47d86b
   p += strlen (p);
47d86b
 
47d86b
+  if (print_scontext)
47d86b
+    {
47d86b
+      sprintf (p, "%-32s ", f->scontext ? f->scontext : "");
47d86b
+      p += strlen (p);
47d86b
+    }
47d86b
+
47d86b
   DIRED_INDENT ();
47d86b
 
47d86b
-  if (print_owner || print_group || print_author || print_scontext)
47d86b
+  if (print_owner || print_group || print_author)
47d86b
     {
47d86b
       DIRED_FPUTS (buf, stdout, p - buf);
47d86b
 
47d86b
@@ -3859,9 +3960,6 @@ print_long_format (const struct fileinfo
47d86b
       if (print_author)
47d86b
         format_user (f->stat.st_author, author_width, f->stat_ok);
47d86b
 
47d86b
-      if (print_scontext)
47d86b
-        format_user_or_group (f->scontext, 0, scontext_width);
47d86b
-
47d86b
       p = buf;
47d86b
     }
47d86b
 
47d86b
@@ -4207,9 +4305,6 @@ print_file_name_and_frills (const struct
47d86b
             : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
47d86b
                               ST_NBLOCKSIZE, output_block_size));
47d86b
 
47d86b
-  if (print_scontext)
47d86b
-    printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext);
47d86b
-
47d86b
   size_t width = print_name_with_quoting (f, false, NULL, start_col);
47d86b
 
47d86b
   if (indicator_style != none)
47d86b
@@ -4417,9 +4512,6 @@ length_of_file_name_and_frills (const st
47d86b
                                             output_block_size))
47d86b
                 : block_size_width);
47d86b
 
47d86b
-  if (print_scontext)
47d86b
-    len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width);
47d86b
-
47d86b
   quote_name (NULL, f->name, filename_quoting_options, &name_width);
47d86b
   len += name_width;
47d86b
 
47d86b
@@ -4856,9 +4948,16 @@ Sort entries alphabetically if none of -
47d86b
   -w, --width=COLS           assume screen width instead of current value\n\
47d86b
   -x                         list entries by lines instead of by columns\n\
47d86b
   -X                         sort alphabetically by entry extension\n\
47d86b
-  -Z, --context              print any SELinux security context of each file\n\
47d86b
   -1                         list one file per line\n\
47d86b
 "), stdout);
47d86b
+      fputs(_("\nSELinux options:\n\n\
47d86b
+  --lcontext                 Display security context.   Enable -l. Lines\n\
47d86b
+                             will probably be too wide for most displays.\n\
47d86b
+  -Z, --context              Display security context so it fits on most\n\
47d86b
+                             displays.  Displays only mode, user, group,\n\
47d86b
+                             security context and file name.\n\
47d86b
+  --scontext                 Display only security context and file name.\n\
47d86b
+"), stdout);
47d86b
       fputs (HELP_OPTION_DESCRIPTION, stdout);
47d86b
       fputs (VERSION_OPTION_DESCRIPTION, stdout);
47d86b
       emit_size_note ();
47d86b
diff -urNp coreutils-8.21-orig/src/mkdir.c coreutils-8.21/src/mkdir.c
47d86b
--- coreutils-8.21-orig/src/mkdir.c	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/src/mkdir.c	2013-02-15 14:31:58.954469576 +0100
47d86b
@@ -38,6 +38,7 @@
47d86b
 static struct option const longopts[] =
47d86b
 {
47d86b
   {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
47d86b
+  {"context", required_argument, NULL, 'Z'},
47d86b
   {"mode", required_argument, NULL, 'm'},
47d86b
   {"parents", no_argument, NULL, 'p'},
47d86b
   {"verbose", no_argument, NULL, 'v'},
47d86b
diff -urNp coreutils-8.21-orig/src/mknod.c coreutils-8.21/src/mknod.c
47d86b
--- coreutils-8.21-orig/src/mknod.c	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/src/mknod.c	2013-02-15 14:31:58.955470548 +0100
47d86b
@@ -35,7 +35,7 @@
47d86b
 
47d86b
 static struct option const longopts[] =
47d86b
 {
47d86b
-  {GETOPT_SELINUX_CONTEXT_OPTION_DECL},
47d86b
+  {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, 
47d86b
   {"mode", required_argument, NULL, 'm'},
47d86b
   {GETOPT_HELP_OPTION_DECL},
47d86b
   {GETOPT_VERSION_OPTION_DECL},
47d86b
diff -urNp coreutils-8.21-orig/src/mv.c coreutils-8.21/src/mv.c
47d86b
--- coreutils-8.21-orig/src/mv.c	2013-02-07 10:37:05.000000000 +0100
47d86b
+++ coreutils-8.21/src/mv.c	2013-02-15 14:31:58.956469593 +0100
47d86b
@@ -120,6 +120,7 @@ cp_option_init (struct cp_options *x)
47d86b
   x->preserve_timestamps = true;
47d86b
   x->explicit_no_preserve_mode= false;
47d86b
   x->preserve_security_context = selinux_enabled;
47d86b
+  x->set_security_context = false;
47d86b
   x->reduce_diagnostics = false;
47d86b
   x->data_copy_required = true;
47d86b
   x->require_preserve = false;  /* FIXME: maybe make this an option */
47d86b
diff -urNp coreutils-8.21-orig/src/runcon.c coreutils-8.21/src/runcon.c
47d86b
--- coreutils-8.21-orig/src/runcon.c	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/src/runcon.c	2013-02-15 14:31:58.956469593 +0100
47d86b
@@ -85,7 +85,7 @@ Usage: %s CONTEXT COMMAND [args]\n\
47d86b
   or:  %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\
47d86b
 "), program_name, program_name);
47d86b
       fputs (_("\
47d86b
-Run a program in a different security context.\n\
47d86b
+Run a program in a different SELinux security context.\n\
47d86b
 With neither CONTEXT nor COMMAND, print the current security context.\n\
47d86b
 "), stdout);
47d86b
 
47d86b
diff -urNp coreutils-8.21-orig/tests/misc/selinux.sh coreutils-8.21/tests/misc/selinux.sh
47d86b
--- coreutils-8.21-orig/tests/misc/selinux.sh	2013-01-31 01:46:24.000000000 +0100
47d86b
+++ coreutils-8.21/tests/misc/selinux.sh	2013-02-15 14:31:58.957469955 +0100
47d86b
@@ -37,7 +37,7 @@ chcon $ctx f d p ||
47d86b
 
47d86b
 # inspect that context with both ls -Z and stat.
47d86b
 for i in d f p; do
47d86b
-  c=$(ls -dogZ $i|cut -d' ' -f3); test x$c = x$ctx || fail=1
47d86b
+  c=$(ls -dogZ $i|cut -d' ' -f4); test x$c = x$ctx || fail=1
47d86b
   c=$(stat --printf %C $i); test x$c = x$ctx || fail=1
47d86b
 done
47d86b