|
 |
f5e30c |
diff --git a/man/chcon.x b/man/chcon.x
|
|
|
f5e30c |
index 8c1ff6f..c84fb96 100644
|
|
|
f5e30c |
--- a/man/chcon.x
|
|
|
f5e30c |
+++ b/man/chcon.x
|
|
|
f5e30c |
@@ -1,4 +1,4 @@
|
|
|
f5e30c |
[NAME]
|
|
|
f5e30c |
-chcon \- change file security context
|
|
|
f5e30c |
+chcon \- change file SELinux security context
|
|
|
f5e30c |
[DESCRIPTION]
|
|
|
f5e30c |
.\" Add any additional description here
|
|
|
f5e30c |
diff --git a/man/runcon.x b/man/runcon.x
|
|
|
f5e30c |
index d2df13e..5c5f5d8 100644
|
|
|
f5e30c |
--- a/man/runcon.x
|
|
|
f5e30c |
+++ b/man/runcon.x
|
|
|
f5e30c |
@@ -1,5 +1,5 @@
|
|
|
f5e30c |
[NAME]
|
|
|
f5e30c |
-runcon \- run command with specified security context
|
|
|
f5e30c |
+runcon \- run command with specified SELinux security context
|
|
|
f5e30c |
[DESCRIPTION]
|
|
|
f5e30c |
Run COMMAND with completely-specified CONTEXT, or with current or
|
|
|
f5e30c |
transitioned security context modified by one or more of LEVEL,
|
|
|
f5e30c |
diff --git a/src/cp.c b/src/cp.c
|
|
|
f5e30c |
index 1b528c6..25dbb88 100644
|
|
|
f5e30c |
--- a/src/cp.c
|
|
|
f5e30c |
+++ b/src/cp.c
|
|
|
f5e30c |
@@ -203,6 +203,9 @@ Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.\n\
|
|
|
f5e30c |
all\n\
|
|
|
f5e30c |
"), stdout);
|
|
|
f5e30c |
fputs (_("\
|
|
|
f5e30c |
+ -c deprecated, same as --preserve=context\n\
|
|
|
f5e30c |
+"), stdout);
|
|
|
f5e30c |
+ fputs (_("\
|
|
|
f5e30c |
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\
|
|
|
f5e30c |
--parents use full source file name under DIRECTORY\n\
|
|
|
f5e30c |
"), stdout);
|
|
|
f5e30c |
@@ -929,7 +932,7 @@ main (int argc, char **argv)
|
|
|
f5e30c |
selinux_enabled = (0 < is_selinux_enabled ());
|
|
|
f5e30c |
cp_option_init (&x);
|
|
|
f5e30c |
|
|
|
f5e30c |
- while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:TZ",
|
|
|
f5e30c |
+ while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ",
|
|
|
f5e30c |
long_opts, NULL))
|
|
|
f5e30c |
!= -1)
|
|
|
f5e30c |
{
|
|
|
f5e30c |
@@ -977,6 +980,17 @@ main (int argc, char **argv)
|
|
|
f5e30c |
copy_contents = true;
|
|
|
f5e30c |
break;
|
|
|
f5e30c |
|
|
|
f5e30c |
+ case 'c':
|
|
|
f5e30c |
+ fprintf (stderr, "%s: warning: option '-c' is deprecated, please use '--preserve=context' instead\n", argv[0]);
|
|
|
f5e30c |
+ if ( x.set_security_context ) {
|
|
|
f5e30c |
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
|
|
|
f5e30c |
+ exit( 1 );
|
|
|
f5e30c |
+ }
|
|
|
f5e30c |
+ else if (selinux_enabled) {
|
|
|
f5e30c |
+ x.preserve_security_context = true;
|
|
|
f5e30c |
+ x.require_preserve_context = true;
|
|
|
f5e30c |
+ }
|
|
|
f5e30c |
+ break;
|
|
|
f5e30c |
case 'd':
|
|
|
f5e30c |
x.preserve_links = true;
|
|
|
f5e30c |
x.dereference = DEREF_NEVER;
|
|
|
f5e30c |
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
|
|
|
f5e30c |
index 47e4480..cff2ead 100644
|
|
|
f5e30c |
--- a/doc/coreutils.texi
|
|
|
f5e30c |
+++ b/doc/coreutils.texi
|
|
|
f5e30c |
@@ -8083,6 +8083,11 @@ done
|
|
|
f5e30c |
exit $fail
|
|
|
f5e30c |
@end example
|
|
|
f5e30c |
|
|
|
f5e30c |
+@item -c
|
|
|
f5e30c |
+@cindex SELinux security context information, preserving
|
|
|
f5e30c |
+Preserve SELinux security context of the original files if possible.
|
|
|
f5e30c |
+Some file systems don't support storing of SELinux security context.
|
|
|
f5e30c |
+
|
|
|
f5e30c |
@item --copy-contents
|
|
|
f5e30c |
@cindex directories, copying recursively
|
|
|
f5e30c |
@cindex copying directories recursively
|
|
|
f5e30c |
diff --git a/src/install.c b/src/install.c
|
|
|
f5e30c |
index d79d597..437889a 100644
|
|
|
f5e30c |
--- a/src/install.c
|
|
|
f5e30c |
+++ b/src/install.c
|
|
|
f5e30c |
@@ -673,7 +673,7 @@ In the 4th form, create all components of the given DIRECTORY(ies).\n\
|
|
|
f5e30c |
-v, --verbose print the name of each directory as it is created\n\
|
|
|
f5e30c |
"), stdout);
|
|
|
f5e30c |
fputs (_("\
|
|
|
f5e30c |
- --preserve-context preserve SELinux security context\n\
|
|
|
f5e30c |
+ -P, --preserve-context preserve SELinux security context (-P deprecated)\n\
|
|
|
f5e30c |
-Z set SELinux security context of destination\n\
|
|
|
f5e30c |
file and each created directory to default type\n\
|
|
|
f5e30c |
--context[=CTX] like -Z, or if CTX is specified then set the\n\
|
|
|
f5e30c |
@@ -824,7 +824,7 @@ main (int argc, char **argv)
|
|
|
f5e30c |
dir_arg = false;
|
|
|
f5e30c |
umask (0);
|
|
|
f5e30c |
|
|
|
f5e30c |
- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z", long_options,
|
|
|
f5e30c |
+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z", long_options,
|
|
|
f5e30c |
NULL)) != -1)
|
|
|
f5e30c |
{
|
|
|
f5e30c |
switch (optc)
|
|
|
f5e30c |
@@ -885,6 +885,8 @@ main (int argc, char **argv)
|
|
|
f5e30c |
no_target_directory = true;
|
|
|
f5e30c |
break;
|
|
|
f5e30c |
|
|
|
f5e30c |
+ case 'P':
|
|
|
f5e30c |
+ fprintf (stderr, "%s: warning: option '-P' is deprecated, please use '--preserve-context' instead\n", argv[0]);
|
|
|
f5e30c |
case PRESERVE_CONTEXT_OPTION:
|
|
|
f5e30c |
if (! selinux_enabled)
|
|
|
f5e30c |
{
|
|
|
f5e30c |
@@ -892,6 +894,10 @@ main (int argc, char **argv)
|
|
|
f5e30c |
"this kernel is not SELinux-enabled"));
|
|
|
f5e30c |
break;
|
|
|
f5e30c |
}
|
|
|
f5e30c |
+ if ( x.set_security_context ) {
|
|
|
f5e30c |
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
|
|
|
f5e30c |
+ exit( 1 );
|
|
|
f5e30c |
+ }
|
|
|
f5e30c |
x.preserve_security_context = true;
|
|
|
f5e30c |
use_default_selinux_context = false;
|
|
|
f5e30c |
break;
|