|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/README.selinux 2004-12-29 12:24:03.260876459 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/README 2004-12-29 12:24:03.417858780 -0500
|
|
Daniel J Walsh |
129baa |
@@ -7,11 +7,11 @@
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
The programs that can be built with this package are:
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
- [ basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd
|
|
Daniel J Walsh |
129baa |
+ [ basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd
|
|
Daniel J Walsh |
129baa |
df dir dircolors dirname du echo env expand expr factor false fmt fold
|
|
Daniel J Walsh |
129baa |
ginstall groups head hostid hostname id join kill link ln logname ls
|
|
Daniel J Walsh |
129baa |
md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
|
|
Daniel J Walsh |
129baa |
- printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum shred sleep sort
|
|
Daniel J Walsh |
129baa |
+ printenv printf ptx pwd readlink rm rmdir runcon runuser seq sha1sum shred sleep sort
|
|
Daniel J Walsh |
129baa |
split stat stty su sum sync tac tail tee test touch tr true tsort tty
|
|
Daniel J Walsh |
129baa |
uname unexpand uniq unlink uptime users vdir wc who whoami yes
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/src/stat.c.selinux 2004-02-05 08:46:12.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/stat.c 2004-12-29 12:24:03.419858555 -0500
|
|
Daniel J Walsh |
129baa |
@@ -42,6 +42,13 @@
|
|
Daniel J Walsh |
129baa |
# endif
|
|
Daniel J Walsh |
129baa |
#endif
|
|
cvsdist |
4d15f3 |
|
|
cvsdist |
4d15f3 |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h>
|
|
Daniel J Walsh |
129baa |
+#define SECURITY_ID_T security_context_t
|
|
Daniel J Walsh |
129baa |
+#else
|
|
Daniel J Walsh |
129baa |
+#define SECURITY_ID_T char *
|
|
cvsdist |
4d15f3 |
+#endif
|
|
cvsdist |
9a3c57 |
+
|
|
Daniel J Walsh |
129baa |
#include "system.h"
|
|
cvsdist |
9a3c57 |
|
|
Daniel J Walsh |
129baa |
#include "error.h"
|
|
Daniel J Walsh |
129baa |
@@ -95,6 +102,7 @@
|
|
Daniel J Walsh |
129baa |
{"dereference", no_argument, 0, 'L'},
|
|
Daniel J Walsh |
129baa |
{"format", required_argument, 0, 'c'},
|
|
Daniel J Walsh |
129baa |
{"filesystem", no_argument, 0, 'f'},
|
|
Daniel J Walsh |
129baa |
+ {"context", no_argument, 0, 'Z'},
|
|
Daniel J Walsh |
129baa |
{"terse", no_argument, 0, 't'},
|
|
Daniel J Walsh |
129baa |
{GETOPT_HELP_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
{GETOPT_VERSION_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
@@ -345,7 +353,7 @@
|
|
Daniel J Walsh |
129baa |
/* print statfs info */
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
print_statfs (char *pformat, char m, char const *filename,
|
|
Daniel J Walsh |
129baa |
- void const *data)
|
|
Daniel J Walsh |
129baa |
+ void const *data,SECURITY_ID_T scontext)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
STRUCT_STATVFS const *statfsbuf = data;
|
|
cvsdist |
9a3c57 |
|
|
Daniel J Walsh |
129baa |
@@ -407,7 +415,10 @@
|
|
Daniel J Walsh |
129baa |
strcat (pformat, PRIdMAX);
|
|
Daniel J Walsh |
129baa |
printf (pformat, (intmax_t) (statfsbuf->f_ffree));
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
-
|
|
Daniel J Walsh |
129baa |
+ case 'C':
|
|
Daniel J Walsh |
129baa |
+ strcat (pformat, "s");
|
|
Daniel J Walsh |
129baa |
+ printf(scontext);
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
129baa |
strcat (pformat, "c");
|
|
Daniel J Walsh |
129baa |
printf (pformat, m);
|
|
Daniel J Walsh |
129baa |
@@ -417,7 +428,7 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* print stat info */
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
-print_stat (char *pformat, char m, char const *filename, void const *data)
|
|
Daniel J Walsh |
129baa |
+print_stat (char *pformat, char m, char const *filename, void const *data, SECURITY_ID_T scontext)
|
|
cvsdist |
4d15f3 |
{
|
|
Daniel J Walsh |
129baa |
struct stat *statbuf = (struct stat *) data;
|
|
Daniel J Walsh |
129baa |
struct passwd *pw_ent;
|
|
Daniel J Walsh |
129baa |
@@ -553,6 +564,10 @@
|
|
Daniel J Walsh |
129baa |
strcat (pformat, "d");
|
|
Daniel J Walsh |
129baa |
printf (pformat, (int) statbuf->st_ctime);
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+ case 'C':
|
|
Daniel J Walsh |
129baa |
+ strcat (pformat, "s");
|
|
Daniel J Walsh |
129baa |
+ printf(pformat,scontext);
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
129baa |
strcat (pformat, "c");
|
|
Daniel J Walsh |
129baa |
printf (pformat, m);
|
|
Daniel J Walsh |
129baa |
@@ -562,8 +577,8 @@
|
|
cvsdist |
9a3c57 |
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
print_it (char const *masterformat, char const *filename,
|
|
Daniel J Walsh |
129baa |
- void (*print_func) (char *, char, char const *, void const *),
|
|
Daniel J Walsh |
129baa |
- void const *data)
|
|
Daniel J Walsh |
129baa |
+ void (*print_func) (char *, char, char const *, void const *,SECURITY_ID_T ),
|
|
Daniel J Walsh |
129baa |
+ void const *data, SECURITY_ID_T scontext)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
char *b;
|
|
cvsdist |
9a3c57 |
|
|
Daniel J Walsh |
129baa |
@@ -598,7 +613,7 @@
|
|
Daniel J Walsh |
129baa |
putchar ('%');
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
129baa |
- print_func (dest, *p, filename, data);
|
|
Daniel J Walsh |
129baa |
+ print_func (dest, *p, filename, data,scontext);
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
@@ -615,9 +630,17 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* stat the filesystem and print what we find */
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
-do_statfs (char const *filename, int terse, char const *format)
|
|
Daniel J Walsh |
129baa |
+do_statfs (char const *filename, int terse, int secure, char const *format)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
STRUCT_STATVFS statfsbuf;
|
|
Daniel J Walsh |
129baa |
+ SECURITY_ID_T scontext = NULL;
|
|
cvsdist |
4d15f3 |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if(secure)
|
|
Daniel J Walsh |
129baa |
+ if (getfilecon(filename,&scontext)<0) {
|
|
Daniel J Walsh |
129baa |
+ perror (filename);
|
|
Daniel J Walsh |
129baa |
+ return;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+#endif
|
|
Daniel J Walsh |
129baa |
int i = statfs (filename, &statfsbuf);
|
|
cvsdist |
9a3c57 |
|
|
Daniel J Walsh |
129baa |
if (i == -1)
|
|
Daniel J Walsh |
129baa |
@@ -629,23 +652,40 @@
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
if (format == NULL)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
- format = (terse
|
|
Daniel J Walsh |
129baa |
- ? "%n %i %l %t %b %f %a %s %c %d"
|
|
Daniel J Walsh |
129baa |
- : " File: \"%n\"\n"
|
|
Daniel J Walsh |
129baa |
- " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
Daniel J Walsh |
129baa |
- "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
|
|
Daniel J Walsh |
129baa |
- "Inodes: Total: %-10c Free: %-10d");
|
|
Daniel J Walsh |
129baa |
- }
|
|
Daniel J Walsh |
129baa |
-
|
|
Daniel J Walsh |
129baa |
- print_it (format, filename, print_statfs, &statfsbuf);
|
|
Daniel J Walsh |
129baa |
+ if (terse) {
|
|
Daniel J Walsh |
129baa |
+ if(secure)
|
|
Daniel J Walsh |
129baa |
+ format = "%n %i %l %t %b %f %a %s %c %d %C";
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ format = "%n %i %l %t %b %f %a %s %c %d";
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if(secure)
|
|
Daniel J Walsh |
129baa |
+ format = " File: \"%n\"\n"
|
|
Daniel J Walsh |
129baa |
+ " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
Daniel J Walsh |
129baa |
+ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
|
|
Daniel J Walsh |
129baa |
+ "Inodes: Total: %-10c Free: %-10d\n"
|
|
Daniel J Walsh |
129baa |
+ " S_Context: %C\n";
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ format= " File: \"%n\"\n"
|
|
Daniel J Walsh |
129baa |
+ " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
Daniel J Walsh |
129baa |
+ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n"
|
|
Daniel J Walsh |
129baa |
+ "Inodes: Total: %-10c Free: %-10d";
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ print_it (format, filename, print_statfs, &statfsbuf,scontext);
|
|
cvsdist |
5adf0d |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (scontext != NULL)
|
|
Daniel J Walsh |
129baa |
+ freecon(scontext);
|
|
cvsdist |
5adf0d |
+#endif
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
-
|
|
Daniel J Walsh |
129baa |
/* stat the file and print what we find */
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
-do_stat (char const *filename, int follow_links, int terse,
|
|
Daniel J Walsh |
129baa |
+ do_stat (char const *filename, int follow_links, int terse,int secure,
|
|
Daniel J Walsh |
129baa |
char const *format)
|
|
cvsdist |
5adf0d |
{
|
|
Daniel J Walsh |
129baa |
struct stat statbuf;
|
|
Daniel J Walsh |
129baa |
+ SECURITY_ID_T scontext = NULL;
|
|
Daniel J Walsh |
129baa |
int i = ((follow_links == 1)
|
|
Daniel J Walsh |
129baa |
? stat (filename, &statbuf)
|
|
Daniel J Walsh |
129baa |
: lstat (filename, &statbuf));
|
|
Daniel J Walsh |
129baa |
@@ -656,11 +696,28 @@
|
|
Daniel J Walsh |
129baa |
return;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
cvsdist |
5adf0d |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if(secure) {
|
|
Daniel J Walsh |
129baa |
+ if (link)
|
|
Daniel J Walsh |
129baa |
+ i=lgetfilecon(filename, &scontext);
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ i=getfilecon(filename, &scontext);
|
|
Daniel J Walsh |
129baa |
+ if (i == -1)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ perror (filename);
|
|
Daniel J Walsh |
129baa |
+ return;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+#endif
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
if (format == NULL)
|
|
cvsdist |
4d15f3 |
{
|
|
Daniel J Walsh |
129baa |
if (terse != 0)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
|
|
Daniel J Walsh |
129baa |
+ if (secure)
|
|
Daniel J Walsh |
129baa |
+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C";
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o";
|
|
cvsdist |
5adf0d |
}
|
|
Daniel J Walsh |
129baa |
else
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -668,7 +725,17 @@
|
|
Daniel J Walsh |
129baa |
i = statbuf.st_mode & S_IFMT;
|
|
Daniel J Walsh |
129baa |
if (i == S_IFCHR || i == S_IFBLK)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
- format =
|
|
Daniel J Walsh |
129baa |
+ if (secure)
|
|
Daniel J Walsh |
129baa |
+ format =
|
|
Daniel J Walsh |
129baa |
+ " File: %N\n"
|
|
Daniel J Walsh |
129baa |
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
Daniel J Walsh |
129baa |
+ "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
|
|
Daniel J Walsh |
129baa |
+ " Device type: %t,%T\n"
|
|
Daniel J Walsh |
129baa |
+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
Daniel J Walsh |
129baa |
+ " S_Context: %C\n"
|
|
Daniel J Walsh |
129baa |
+ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ format =
|
|
Daniel J Walsh |
129baa |
" File: %N\n"
|
|
Daniel J Walsh |
129baa |
" Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
Daniel J Walsh |
129baa |
"Device: %Dh/%dd\tInode: %-10i Links: %-5h"
|
|
Daniel J Walsh |
129baa |
@@ -678,6 +745,15 @@
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
else
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
+ if (secure)
|
|
Daniel J Walsh |
129baa |
+ format =
|
|
Daniel J Walsh |
129baa |
+ " File: %N\n"
|
|
Daniel J Walsh |
129baa |
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
Daniel J Walsh |
129baa |
+ "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n"
|
|
Daniel J Walsh |
129baa |
+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
Daniel J Walsh |
129baa |
+ "S_Context: %C\n"
|
|
Daniel J Walsh |
129baa |
+ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
format =
|
|
Daniel J Walsh |
129baa |
" File: %N\n"
|
|
Daniel J Walsh |
129baa |
" Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
Daniel J Walsh |
129baa |
@@ -687,7 +763,11 @@
|
|
cvsdist |
4d15f3 |
}
|
|
cvsdist |
4d15f3 |
}
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
- print_it (format, filename, print_stat, &statbuf);
|
|
Daniel J Walsh |
129baa |
+ print_it (format, filename, print_stat, &statbuf,scontext);
|
|
cvsdist |
5adf0d |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (scontext)
|
|
Daniel J Walsh |
129baa |
+ freecon(scontext);
|
|
cvsdist |
5adf0d |
+#endif
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
void
|
|
Daniel J Walsh |
129baa |
@@ -705,6 +785,7 @@
|
|
Daniel J Walsh |
129baa |
-f, --filesystem display filesystem status instead of file status\n\
|
|
Daniel J Walsh |
129baa |
-c --format=FORMAT use the specified FORMAT instead of the default\n\
|
|
Daniel J Walsh |
129baa |
-L, --dereference follow links\n\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context print the security context \n\
|
|
Daniel J Walsh |
129baa |
-t, --terse print the information in terse form\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
Daniel J Walsh |
129baa |
@@ -756,6 +837,7 @@
|
|
Daniel J Walsh |
129baa |
%c Total file nodes in file system\n\
|
|
Daniel J Walsh |
129baa |
%d Free file nodes in file system\n\
|
|
Daniel J Walsh |
129baa |
%f Free blocks in file system\n\
|
|
Daniel J Walsh |
129baa |
+ %C - Security context in SELinux\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
fputs (_("\
|
|
Daniel J Walsh |
129baa |
%i File System id in hex\n\
|
|
Daniel J Walsh |
129baa |
@@ -778,6 +860,7 @@
|
|
Daniel J Walsh |
129baa |
int follow_links = 0;
|
|
Daniel J Walsh |
129baa |
int fs = 0;
|
|
Daniel J Walsh |
129baa |
int terse = 0;
|
|
Daniel J Walsh |
129baa |
+ int secure = 0;
|
|
Daniel J Walsh |
129baa |
char *format = NULL;
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
initialize_main (&argc, &argv);
|
|
Daniel J Walsh |
129baa |
@@ -788,7 +871,7 @@
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
atexit (close_stdout);
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
- while ((c = getopt_long (argc, argv, "c:fLlt", long_options, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+ while ((c = getopt_long (argc, argv, "c:fLltZ", long_options, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (c)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -810,6 +893,14 @@
|
|
Daniel J Walsh |
129baa |
case 't':
|
|
Daniel J Walsh |
129baa |
terse = 1;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ if((is_selinux_enabled()>0))
|
|
Daniel J Walsh |
129baa |
+ secure = 1;
|
|
Daniel J Walsh |
129baa |
+ else {
|
|
Daniel J Walsh |
129baa |
+ error (0, 0, _("Kernel is not SELinux enabled"));
|
|
Daniel J Walsh |
129baa |
+ usage (EXIT_FAILURE);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
case_GETOPT_HELP_CHAR;
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
@@ -829,9 +920,9 @@
|
|
Daniel J Walsh |
129baa |
for (i = optind; i < argc; i++)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
if (fs == 0)
|
|
Daniel J Walsh |
129baa |
- do_stat (argv[i], follow_links, terse, format);
|
|
Daniel J Walsh |
129baa |
+ do_stat (argv[i], follow_links, terse, secure, format);
|
|
Daniel J Walsh |
129baa |
else
|
|
Daniel J Walsh |
129baa |
- do_statfs (argv[i], terse, format);
|
|
Daniel J Walsh |
129baa |
+ do_statfs (argv[i], terse, secure, format);
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS);
|
|
Daniel J Walsh |
fee87d |
--- /dev/null 2004-12-29 02:13:24.827638832 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/runcon.c 2004-12-29 12:24:03.421858330 -0500
|
|
Daniel J Walsh |
129baa |
@@ -0,0 +1,201 @@
|
|
cvsdist |
4d15f3 |
+/*
|
|
cvsdist |
4d15f3 |
+ * runcon [ context |
|
|
cvsdist |
4d15f3 |
+ * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
|
|
cvsdist |
4d15f3 |
+ * command [arg1 [arg2 ...] ]
|
|
cvsdist |
4d15f3 |
+ *
|
|
cvsdist |
4d15f3 |
+ * attempt to run the specified command with the specified context.
|
|
cvsdist |
4d15f3 |
+ *
|
|
cvsdist |
4d15f3 |
+ * -r role : use the current context with the specified role
|
|
cvsdist |
4d15f3 |
+ * -t type : use the current context with the specified type
|
|
cvsdist |
4d15f3 |
+ * -u user : use the current context with the specified user
|
|
cvsdist |
4d15f3 |
+ * -l level : use the current context with the specified level range
|
|
cvsdist |
4d15f3 |
+ *
|
|
cvsdist |
4d15f3 |
+ * Contexts are interpreted as follows:
|
|
cvsdist |
4d15f3 |
+ *
|
|
cvsdist |
4d15f3 |
+ * Number of MLS
|
|
cvsdist |
4d15f3 |
+ * components system?
|
|
cvsdist |
4d15f3 |
+ *
|
|
cvsdist |
4d15f3 |
+ * 1 - type
|
|
cvsdist |
4d15f3 |
+ * 2 - role:type
|
|
cvsdist |
4d15f3 |
+ * 3 Y role:type:range
|
|
cvsdist |
4d15f3 |
+ * 3 N user:role:type
|
|
cvsdist |
4d15f3 |
+ * 4 Y user:role:type:range
|
|
cvsdist |
4d15f3 |
+ * 4 N error
|
|
cvsdist |
4d15f3 |
+ */
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+#include <config.h>
|
|
cvsdist |
4d15f3 |
+#include <unistd.h>
|
|
cvsdist |
4d15f3 |
+#include <stdio.h>
|
|
cvsdist |
4d15f3 |
+#include <getopt.h>
|
|
cvsdist |
4d15f3 |
+#include <selinux/context.h>
|
|
cvsdist |
4d15f3 |
+#include <selinux/selinux.h>
|
|
cvsdist |
4d15f3 |
+#include <errno.h>
|
|
cvsdist |
4d15f3 |
+#include "system.h"
|
|
cvsdist |
4d15f3 |
+extern int errno;
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+/* The name the program was run with. */
|
|
cvsdist |
4d15f3 |
+char *program_name;
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+void
|
|
cvsdist |
4d15f3 |
+usage(char *str)
|
|
cvsdist |
4d15f3 |
+{
|
|
cvsdist |
4d15f3 |
+ printf(_("Usage: %s [OPTION]... command [args]\n"
|
|
cvsdist |
4d15f3 |
+ "Run a program in a different security context.\n\n"
|
|
cvsdist |
4d15f3 |
+ " context Complete security context\n"
|
|
cvsdist |
4d15f3 |
+ " -t type (for same role as parent)\n"
|
|
cvsdist |
4d15f3 |
+ " -u user identity\n"
|
|
cvsdist |
4d15f3 |
+ " -r role\n"
|
|
cvsdist |
4d15f3 |
+ " -l levelrange\n"
|
|
cvsdist |
4d15f3 |
+ " --help display this help and exit\n"),
|
|
cvsdist |
4d15f3 |
+ program_name);
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+}
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+int
|
|
cvsdist |
4d15f3 |
+main(int argc,char **argv,char **envp )
|
|
cvsdist |
4d15f3 |
+{
|
|
cvsdist |
4d15f3 |
+ char *role = 0;
|
|
cvsdist |
4d15f3 |
+ char *range = 0;
|
|
cvsdist |
4d15f3 |
+ char *user = 0;
|
|
cvsdist |
4d15f3 |
+ char *type = 0;
|
|
cvsdist |
4d15f3 |
+ char *context = NULL;
|
|
cvsdist |
4d15f3 |
+ security_context_t cur_context = NULL;
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+ context_t con;
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+ program_name = argv[0];
|
|
cvsdist |
4d15f3 |
+ setlocale (LC_ALL, "");
|
|
cvsdist |
4d15f3 |
+ bindtextdomain (PACKAGE, LOCALEDIR);
|
|
cvsdist |
4d15f3 |
+ textdomain (PACKAGE);
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+ while (1) {
|
|
cvsdist |
4d15f3 |
+ int c;
|
|
cvsdist |
4d15f3 |
+ int this_option_optind = optind ? optind : 1;
|
|
cvsdist |
4d15f3 |
+ int option_index = 0;
|
|
cvsdist |
4d15f3 |
+ static struct option long_options[] = {
|
|
cvsdist |
4d15f3 |
+ { "role", 1, 0, 'r' },
|
|
cvsdist |
4d15f3 |
+ { "type", 1, 0, 't' },
|
|
cvsdist |
4d15f3 |
+ { "user", 1, 0, 'u' },
|
|
cvsdist |
4d15f3 |
+ { "range", 1, 0, 'l' },
|
|
cvsdist |
4d15f3 |
+ { "help", 0, 0, '?' },
|
|
cvsdist |
4d15f3 |
+ { 0, 0, 0, 0 }
|
|
cvsdist |
4d15f3 |
+ };
|
|
cvsdist |
4d15f3 |
+ c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index);
|
|
cvsdist |
4d15f3 |
+ if ( c == -1 ) {
|
|
cvsdist |
5adf0d |
+ break;
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ switch ( c ) {
|
|
cvsdist |
4d15f3 |
+ case 'r':
|
|
cvsdist |
4d15f3 |
+ if ( role ) {
|
|
cvsdist |
4d15f3 |
+ fprintf(stderr,_("multiple roles\n"));
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ role = optarg;
|
|
cvsdist |
4d15f3 |
+ break;
|
|
cvsdist |
4d15f3 |
+ case 't':
|
|
cvsdist |
4d15f3 |
+ if ( type ) {
|
|
cvsdist |
4d15f3 |
+ fprintf(stderr,_("multiple types\n"));
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ type = optarg;
|
|
cvsdist |
4d15f3 |
+ break;
|
|
cvsdist |
4d15f3 |
+ case 'u':
|
|
cvsdist |
4d15f3 |
+ if ( user ) {
|
|
cvsdist |
4d15f3 |
+ fprintf(stderr,_("multiple users\n"));
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ user = optarg;
|
|
cvsdist |
4d15f3 |
+ break;
|
|
cvsdist |
4d15f3 |
+ case 'l':
|
|
cvsdist |
4d15f3 |
+ if ( range ) {
|
|
cvsdist |
4d15f3 |
+ fprintf(stderr,_("multiple levelranges\n"));
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ range = optarg;
|
|
cvsdist |
4d15f3 |
+ break;
|
|
cvsdist |
4d15f3 |
+ default:
|
|
cvsdist |
4d15f3 |
+ fprintf(stderr,_("unrecognised option %c\n"),c);
|
|
cvsdist |
4d15f3 |
+ case '?':
|
|
cvsdist |
4d15f3 |
+ usage(0);
|
|
cvsdist |
5adf0d |
+ break;
|
|
cvsdist |
5adf0d |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if( is_selinux_enabled() != 1 ) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr,
|
|
Daniel J Walsh |
129baa |
+ _("runcon may be used only on a SELinux kernel.\n") );
|
|
Daniel J Walsh |
129baa |
+ exit(-1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+
|
|
cvsdist |
4d15f3 |
+ if ( !(user || role || type || range)) {
|
|
cvsdist |
4d15f3 |
+ if ( optind >= argc ) {
|
|
cvsdist |
4d15f3 |
+ usage(_("must specify -t, -u, -l, -r, or context"));
|
|
cvsdist |
5adf0d |
+ }
|
|
cvsdist |
4d15f3 |
+ context = argv[optind++];
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+ if ( optind >= argc ) {
|
|
cvsdist |
4d15f3 |
+ usage(_("no command found"));
|
|
cvsdist |
5adf0d |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
cvsdist |
4d15f3 |
+ if ( context ) {
|
|
cvsdist |
4d15f3 |
+ con = context_new(context);
|
|
cvsdist |
4d15f3 |
+ if (!con) {
|
|
cvsdist |
4d15f3 |
+ fprintf(stderr,_("%s is not a valid context\n"), context);
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ else {
|
|
Daniel J Walsh |
129baa |
+ if (getcon(&cur_context) < 0) {
|
|
Daniel J Walsh |
129baa |
+ fprintf(stderr,_("Couldn't get current context.\n"));
|
|
Daniel J Walsh |
129baa |
+ exit(1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+ con = context_new(cur_context);
|
|
cvsdist |
4d15f3 |
+ if (!con) {
|
|
Daniel J Walsh |
129baa |
+ fprintf(stderr,_("%s is not a valid context\n"), cur_context);
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ if ( user ) {
|
|
Daniel J Walsh |
129baa |
+ if ( context_user_set(con,user)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf(stderr,_("failed to set new user %s\n"),user);
|
|
Daniel J Walsh |
129baa |
+ exit(1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ if ( type ) {
|
|
Daniel J Walsh |
129baa |
+ if ( context_type_set(con,type)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf(stderr,_("failed to set new type %s\n"),type);
|
|
Daniel J Walsh |
129baa |
+ exit(1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ if ( range ) {
|
|
Daniel J Walsh |
129baa |
+ if ( context_range_set(con,range)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf(stderr,_("failed to set new range %s\n"),range);
|
|
Daniel J Walsh |
129baa |
+ exit(1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ if ( role ) {
|
|
Daniel J Walsh |
129baa |
+ if (context_role_set(con,role)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf(stderr,_("failed to set new role %s\n"),role);
|
|
Daniel J Walsh |
129baa |
+ exit(1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (security_check_context(context_str(con)) < 0) {
|
|
Daniel J Walsh |
129baa |
+ fprintf(stderr, _("%s is not a valid context\n"), context_str(con));
|
|
Daniel J Walsh |
129baa |
+ exit(1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+ if (setexeccon(context_str(con))!=0) {
|
|
cvsdist |
4d15f3 |
+ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ if (cur_context!=NULL)
|
|
cvsdist |
4d15f3 |
+ freecon(cur_context);
|
|
cvsdist |
5adf0d |
+
|
|
cvsdist |
4d15f3 |
+ if ( execvp(argv[optind],argv+optind) ) {
|
|
cvsdist |
4d15f3 |
+ perror("execvp");
|
|
cvsdist |
4d15f3 |
+ exit(1);
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+ return 1; /* can't reach this statement.... */
|
|
cvsdist |
4d15f3 |
+}
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/src/mkdir.c.selinux 2004-01-21 17:27:02.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/mkdir.c 2004-12-29 12:24:03.422858217 -0500
|
|
Daniel J Walsh |
129baa |
@@ -34,6 +34,10 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
#define AUTHORS "David MacKenzie"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
/* The name this program was run with. */
|
|
Daniel J Walsh |
129baa |
char *program_name;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
@@ -42,6 +46,9 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
static struct option const longopts[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{"mode", required_argument, NULL, 'm'},
|
|
Daniel J Walsh |
129baa |
{"parents", no_argument, NULL, 'p'},
|
|
Daniel J Walsh |
129baa |
{"verbose", no_argument, NULL, 'v'},
|
|
Daniel J Walsh |
129baa |
@@ -63,6 +70,11 @@
|
|
Daniel J Walsh |
129baa |
Create the DIRECTORY(ies), if they do not already exist.\n\
|
|
Daniel J Walsh |
129baa |
\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ printf (_("\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
|
|
Daniel J Walsh |
129baa |
+"));
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
fputs (_("\
|
|
Daniel J Walsh |
129baa |
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
@@ -98,7 +110,11 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
create_parents = 0;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+#else
|
|
Daniel J Walsh |
129baa |
while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (optc)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -113,6 +129,20 @@
|
|
Daniel J Walsh |
129baa |
case 'v': /* --verbose */
|
|
Daniel J Walsh |
129baa |
verbose_fmt_string = _("created directory %s");
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Daniel J Walsh |
129baa |
+ if( !(is_selinux_enabled()>0)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Daniel J Walsh |
129baa |
+ "a selinux-enabled kernel.\n" );
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ if (setfscreatecon(optarg)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case_GETOPT_HELP_CHAR;
|
|
Daniel J Walsh |
129baa |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/mv.c.selinux 2004-12-29 12:24:02.845923189 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/mv.c 2004-12-29 12:24:03.424857992 -0500
|
|
Daniel J Walsh |
129baa |
@@ -34,6 +34,11 @@
|
|
Daniel J Walsh |
129baa |
#include "quote.h"
|
|
Daniel J Walsh |
129baa |
#include "remove.h"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Daniel J Walsh |
129baa |
+int selinux_enabled=0;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
/* The official name of this program (e.g., no `g' prefix). */
|
|
Daniel J Walsh |
129baa |
#define PROGRAM_NAME "mv"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
@@ -124,6 +129,9 @@
|
|
Daniel J Walsh |
129baa |
x->preserve_links = 1;
|
|
Daniel J Walsh |
129baa |
x->preserve_mode = 1;
|
|
Daniel J Walsh |
129baa |
x->preserve_timestamps = 1;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ x->preserve_security_context = 1;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
x->require_preserve = 0; /* FIXME: maybe make this an option */
|
|
Daniel J Walsh |
129baa |
x->recursive = 1;
|
|
Daniel J Walsh |
129baa |
x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
|
|
Daniel J Walsh |
129baa |
@@ -376,6 +384,10 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
cp_option_init (&x);
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ selinux_enabled= (is_selinux_enabled()>0);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
/* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
|
|
Daniel J Walsh |
129baa |
we'll actually use backup_suffix_string. */
|
|
Daniel J Walsh |
129baa |
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/ls.c.selinux 2004-12-29 12:24:02.848922851 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/ls.c 2004-12-29 12:24:03.429857429 -0500
|
|
Daniel J Walsh |
129baa |
@@ -121,6 +121,18 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
#define AUTHORS "Richard Stallman", "David MacKenzie"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h>
|
|
Daniel J Walsh |
129baa |
+int selinux_enabled= 0;
|
|
Daniel J Walsh |
129baa |
+static int print_scontext = 0;
|
|
Daniel J Walsh |
129baa |
+#define check_selinux() if (!selinux_enabled) { \
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, this option can only be used " \
|
|
Daniel J Walsh |
129baa |
+ "on a SELinux kernel.\n" ); \
|
|
Daniel J Walsh |
129baa |
+ exit( EXIT_FAILURE ); \
|
|
Daniel J Walsh |
129baa |
+}
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
#define obstack_chunk_alloc malloc
|
|
Daniel J Walsh |
129baa |
#define obstack_chunk_free free
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
@@ -165,7 +177,8 @@
|
|
Daniel J Walsh |
129baa |
symbolic_link DT_INIT (DT_LNK),
|
|
Daniel J Walsh |
129baa |
sock DT_INIT (DT_SOCK),
|
|
Daniel J Walsh |
129baa |
arg_directory DT_INIT (2 * (DT_UNKNOWN | DT_FIFO | DT_CHR | DT_DIR | DT_BLK
|
|
Daniel J Walsh |
129baa |
- | DT_REG | DT_LNK | DT_SOCK))
|
|
Daniel J Walsh |
129baa |
+ | DT_REG | DT_LNK | DT_SOCK)),
|
|
Daniel J Walsh |
129baa |
+ command_line
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
struct fileinfo
|
|
Daniel J Walsh |
129baa |
@@ -174,6 +187,7 @@
|
|
Daniel J Walsh |
129baa |
char *name;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
struct stat stat;
|
|
Daniel J Walsh |
129baa |
+ int stat_failed;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* For symbolic link, name of the file linked to, otherwise zero. */
|
|
Daniel J Walsh |
129baa |
char *linkname;
|
|
Daniel J Walsh |
129baa |
@@ -192,6 +206,10 @@
|
|
Daniel J Walsh |
129baa |
/* For long listings, true if the file has an access control list. */
|
|
Daniel J Walsh |
129baa |
bool have_acl;
|
|
Daniel J Walsh |
129baa |
#endif
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ security_context_t scontext;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
#if HAVE_ACL || USE_ACL
|
|
Daniel J Walsh |
129baa |
@@ -227,7 +245,8 @@
|
|
Daniel J Walsh |
129baa |
static int file_interesting (const struct dirent *next);
|
|
Daniel J Walsh |
129baa |
static uintmax_t gobble_file (const char *name, enum filetype type,
|
|
Daniel J Walsh |
129baa |
int explicit_arg, const char *dirname);
|
|
Daniel J Walsh |
129baa |
-static void print_color_indicator (const char *name, mode_t mode, int linkok);
|
|
Daniel J Walsh |
129baa |
+static void print_color_indicator (const char *name, mode_t mode, int linkok,
|
|
Daniel J Walsh |
129baa |
+ int stat_failed);
|
|
Daniel J Walsh |
129baa |
static void put_indicator (const struct bin_str *ind);
|
|
Daniel J Walsh |
129baa |
static int put_indicator_direct (const struct bin_str *ind);
|
|
Daniel J Walsh |
129baa |
static void add_ignore_pattern (const char *pattern);
|
|
Daniel J Walsh |
129baa |
@@ -247,7 +266,7 @@
|
|
Daniel J Walsh |
129baa |
static void print_long_format (const struct fileinfo *f);
|
|
Daniel J Walsh |
129baa |
static void print_many_per_line (void);
|
|
Daniel J Walsh |
129baa |
static void print_name_with_quoting (const char *p, mode_t mode,
|
|
Daniel J Walsh |
129baa |
- int linkok,
|
|
Daniel J Walsh |
129baa |
+ int linkok, int stat_failed,
|
|
Daniel J Walsh |
129baa |
struct obstack *stack);
|
|
Daniel J Walsh |
129baa |
static void prep_non_filename_text (void);
|
|
Daniel J Walsh |
129baa |
static void print_type_indicator (mode_t mode);
|
|
Daniel J Walsh |
129baa |
@@ -256,6 +275,9 @@
|
|
Daniel J Walsh |
129baa |
static void sort_files (void);
|
|
Daniel J Walsh |
129baa |
static void parse_ls_color (void);
|
|
Daniel J Walsh |
129baa |
void usage (int status);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+static void print_scontext_format (const struct fileinfo *f);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* The name the program was run with, stripped of any leading path. */
|
|
Daniel J Walsh |
129baa |
char *program_name;
|
|
Daniel J Walsh |
129baa |
@@ -354,7 +376,11 @@
|
|
Daniel J Walsh |
129baa |
one_per_line, /* -1 */
|
|
Daniel J Walsh |
129baa |
many_per_line, /* -C */
|
|
Daniel J Walsh |
129baa |
horizontal, /* -x */
|
|
Daniel J Walsh |
129baa |
- with_commas /* -m */
|
|
Daniel J Walsh |
129baa |
+ with_commas, /* -m */
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ security_format, /* -Z */
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+ invalid_format
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
static enum format format;
|
|
Daniel J Walsh |
129baa |
@@ -679,6 +705,11 @@
|
|
Daniel J Walsh |
129baa |
SHOW_CONTROL_CHARS_OPTION,
|
|
Daniel J Walsh |
129baa |
SI_OPTION,
|
|
Daniel J Walsh |
129baa |
SORT_OPTION,
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ CONTEXT_OPTION,
|
|
Daniel J Walsh |
129baa |
+ LCONTEXT_OPTION,
|
|
Daniel J Walsh |
129baa |
+ SCONTEXT_OPTION,
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
TIME_OPTION,
|
|
Daniel J Walsh |
129baa |
TIME_STYLE_OPTION
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
@@ -722,6 +753,11 @@
|
|
Daniel J Walsh |
129baa |
{"time-style", required_argument, 0, TIME_STYLE_OPTION},
|
|
Daniel J Walsh |
129baa |
{"color", optional_argument, 0, COLOR_OPTION},
|
|
Daniel J Walsh |
129baa |
{"block-size", required_argument, 0, BLOCK_SIZE_OPTION},
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", no_argument, 0, CONTEXT_OPTION},
|
|
Daniel J Walsh |
129baa |
+ {"lcontext", no_argument, 0, LCONTEXT_OPTION},
|
|
Daniel J Walsh |
129baa |
+ {"scontext", no_argument, 0, SCONTEXT_OPTION},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{"author", no_argument, 0, AUTHOR_OPTION},
|
|
Daniel J Walsh |
129baa |
{GETOPT_HELP_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
{GETOPT_VERSION_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
@@ -731,13 +767,21 @@
|
|
Daniel J Walsh |
129baa |
static char const *const format_args[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
"verbose", "long", "commas", "horizontal", "across",
|
|
Daniel J Walsh |
129baa |
- "vertical", "single-column", 0
|
|
Daniel J Walsh |
129baa |
+ "vertical", "single-column",
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ "context",
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+ 0
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
static enum format const format_types[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
long_format, long_format, with_commas, horizontal, horizontal,
|
|
Daniel J Walsh |
129baa |
- many_per_line, one_per_line
|
|
Daniel J Walsh |
129baa |
+ many_per_line, one_per_line,
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ security_format,
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+ invalid_format
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
static char const *const sort_args[] =
|
|
Daniel J Walsh |
129baa |
@@ -1101,6 +1145,9 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
format_needs_stat = sort_type == sort_time || sort_type == sort_size
|
|
Daniel J Walsh |
129baa |
|| format == long_format
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ || format == security_format || print_scontext
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|| dereference == DEREF_ALWAYS
|
|
Daniel J Walsh |
129baa |
|| print_block_size || print_inode;
|
|
Daniel J Walsh |
129baa |
format_needs_type = (format_needs_stat == 0
|
|
Daniel J Walsh |
129baa |
@@ -1125,7 +1172,7 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
for (; i < argc; i++)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
- gobble_file (argv[i], unknown, 1, "");
|
|
Daniel J Walsh |
129baa |
+ gobble_file (argv[i], command_line, 1, "");
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
if (dir_defaulted)
|
|
Daniel J Walsh |
129baa |
@@ -1223,6 +1270,11 @@
|
|
Daniel J Walsh |
129baa |
/* Record whether there is an option specifying sort type. */
|
|
Daniel J Walsh |
129baa |
int sort_type_specified = 0;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ /* 1 iff kernel has new selinux system calls */
|
|
Daniel J Walsh |
129baa |
+ selinux_enabled= (is_selinux_enabled()>0);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
qmark_funny_chars = 0;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* initialize all switches to default settings */
|
|
Daniel J Walsh |
129baa |
@@ -1273,6 +1325,9 @@
|
|
Daniel J Walsh |
129baa |
all_files = 0;
|
|
Daniel J Walsh |
129baa |
really_all_files = 0;
|
|
Daniel J Walsh |
129baa |
ignore_patterns = 0;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ print_scontext = 0;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* FIXME: put this in a function. */
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -1350,7 +1405,7 @@
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
while ((c = getopt_long (argc, argv,
|
|
Daniel J Walsh |
129baa |
- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
|
|
Daniel J Walsh |
129baa |
+ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
|
|
Daniel J Walsh |
129baa |
long_options, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (c)
|
|
Daniel J Walsh |
129baa |
@@ -1470,6 +1525,13 @@
|
|
Daniel J Walsh |
129baa |
format = horizontal;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ check_selinux();
|
|
Daniel J Walsh |
129baa |
+ print_scontext = 1;
|
|
Daniel J Walsh |
129baa |
+ format = security_format;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case 'A':
|
|
Daniel J Walsh |
129baa |
really_all_files = 0;
|
|
Daniel J Walsh |
129baa |
all_files = 1;
|
|
Daniel J Walsh |
129baa |
@@ -1637,6 +1699,25 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ case CONTEXT_OPTION: /* new security format */
|
|
Daniel J Walsh |
129baa |
+ check_selinux();
|
|
Daniel J Walsh |
129baa |
+ print_scontext = 1;
|
|
Daniel J Walsh |
129baa |
+ format = security_format;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case LCONTEXT_OPTION: /* long format plus security context */
|
|
Daniel J Walsh |
129baa |
+ check_selinux();
|
|
Daniel J Walsh |
129baa |
+ print_scontext = 1;
|
|
Daniel J Walsh |
129baa |
+ format = long_format;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case SCONTEXT_OPTION: /* short form of new security format */
|
|
Daniel J Walsh |
129baa |
+ check_selinux();
|
|
Daniel J Walsh |
129baa |
+ print_scontext = 0;
|
|
Daniel J Walsh |
129baa |
+ format = security_format;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
129baa |
usage (EXIT_FAILURE);
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
@@ -2300,6 +2381,12 @@
|
|
Daniel J Walsh |
129baa |
free (files[i].name);
|
|
Daniel J Walsh |
129baa |
if (files[i].linkname)
|
|
Daniel J Walsh |
129baa |
free (files[i].linkname);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (files[i].scontext) {
|
|
Daniel J Walsh |
129baa |
+ freecon (files[i].scontext);
|
|
Daniel J Walsh |
129baa |
+ files[i].scontext=NULL;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
files_index = 0;
|
|
Daniel J Walsh |
129baa |
@@ -2336,11 +2423,14 @@
|
|
Daniel J Walsh |
129baa |
f->linkname = 0;
|
|
Daniel J Walsh |
129baa |
f->linkmode = 0;
|
|
Daniel J Walsh |
129baa |
f->linkok = 0;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ f->scontext = NULL;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
if (explicit_arg
|
|
Daniel J Walsh |
129baa |
|| format_needs_stat
|
|
Daniel J Walsh |
129baa |
|| (format_needs_type
|
|
Daniel J Walsh |
129baa |
- && (type == unknown
|
|
Daniel J Walsh |
129baa |
+ && (type == unknown || type == command_line
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* FIXME: remove this disjunct.
|
|
Daniel J Walsh |
129baa |
I don't think we care about symlinks here, but for now
|
|
Daniel J Walsh |
129baa |
@@ -2373,6 +2463,11 @@
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
case DEREF_ALWAYS:
|
|
Daniel J Walsh |
129baa |
err = stat (path, &f->stat);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (err>=0)
|
|
Daniel J Walsh |
129baa |
+ if (selinux_enabled && (format == security_format || print_scontext))
|
|
Daniel J Walsh |
129baa |
+ getfilecon(path, &f->scontext);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
case DEREF_COMMAND_LINE_ARGUMENTS:
|
|
Daniel J Walsh |
129baa |
@@ -2381,6 +2476,11 @@
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
int need_lstat;
|
|
Daniel J Walsh |
129baa |
err = stat (path, &f->stat);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (err>=0)
|
|
Daniel J Walsh |
129baa |
+ if (selinux_enabled && (format == security_format || print_scontext))
|
|
Daniel J Walsh |
129baa |
+ getfilecon(path, &f->scontext);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
@@ -2399,18 +2499,42 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
default: /* DEREF_NEVER */
|
|
Daniel J Walsh |
129baa |
err = lstat (path, &f->stat);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (err>=0)
|
|
Daniel J Walsh |
129baa |
+ if (selinux_enabled && (format == security_format || print_scontext))
|
|
Daniel J Walsh |
129baa |
+ lgetfilecon(path, &f->scontext);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
- if (err < 0)
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed = (err < 0);
|
|
Daniel J Walsh |
129baa |
+ if (f->stat_failed)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
- error (0, errno, "%s", quotearg_colon (path));
|
|
Daniel J Walsh |
129baa |
- exit_status = 1;
|
|
Daniel J Walsh |
129baa |
+ /* We treat stat failures for files the user named special.
|
|
Daniel J Walsh |
129baa |
+ There is no guarantee that these files really exist so
|
|
Daniel J Walsh |
129baa |
+ we do not print any information. */
|
|
Daniel J Walsh |
129baa |
+ if (type == command_line)
|
|
cvsdist |
4d15f3 |
+ {
|
|
Daniel J Walsh |
129baa |
+ error (0, errno, "%s", quotearg_colon (path));
|
|
Daniel J Walsh |
129baa |
+ exit_status = 1;
|
|
Daniel J Walsh |
129baa |
+ return 0;
|
|
cvsdist |
4d15f3 |
+ }
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+ f->filetype = type;
|
|
Daniel J Walsh |
129baa |
+ memset (&f->stat, '\0', sizeof (f->stat));
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+ f->name = xstrdup (name);
|
|
Daniel J Walsh |
129baa |
+ files_index++;
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
return 0;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
#if HAVE_ACL || USE_ACL
|
|
Daniel J Walsh |
129baa |
- if (format == long_format)
|
|
Daniel J Walsh |
129baa |
+ if (format == long_format
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ || format == security_format
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+ )
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
int n = file_has_acl (path, &f->stat);
|
|
Daniel J Walsh |
129baa |
f->have_acl = (0 < n);
|
|
Daniel J Walsh |
129baa |
@@ -2893,6 +3017,16 @@
|
|
Daniel J Walsh |
129baa |
DIRED_PUTCHAR ('\n');
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
break;
|
|
cvsdist |
4d15f3 |
+
|
|
cvsdist |
4d15f3 |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case security_format:
|
|
Daniel J Walsh |
129baa |
+ for (i = 0; i < files_index; i++)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ print_scontext_format (files + i);
|
|
Daniel J Walsh |
129baa |
+ DIRED_PUTCHAR ('\n');
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
cvsdist |
4d15f3 |
+#endif
|
|
cvsdist |
4d15f3 |
}
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
@@ -2974,9 +3108,9 @@
|
|
Daniel J Walsh |
129baa |
WIDTH. */
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
-format_user (uid_t u, int width)
|
|
Daniel J Walsh |
129baa |
+format_user (uid_t u, int width, int stat_failed)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
- char const *name = (numeric_ids ? NULL : getuser (u));
|
|
Daniel J Walsh |
129baa |
+ char const *name = stat_failed ? "?" : (numeric_ids ? NULL : getuser (u));
|
|
Daniel J Walsh |
129baa |
if (name)
|
|
Daniel J Walsh |
129baa |
printf ("%-*s ", width, name);
|
|
Daniel J Walsh |
129baa |
else
|
|
Daniel J Walsh |
129baa |
@@ -2988,9 +3122,9 @@
|
|
Daniel J Walsh |
129baa |
/* Likewise, for groups. */
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
-format_group (gid_t g, int width)
|
|
Daniel J Walsh |
129baa |
+format_group (gid_t g, int width, int stat_failed)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
- char const *name = (numeric_ids ? NULL : getgroup (g));
|
|
Daniel J Walsh |
129baa |
+ char const *name = stat_failed ? "?" : (numeric_ids ? NULL : getgroup (g));
|
|
Daniel J Walsh |
129baa |
if (name)
|
|
Daniel J Walsh |
129baa |
printf ("%-*s ", width, name);
|
|
Daniel J Walsh |
129baa |
else
|
|
Daniel J Walsh |
129baa |
@@ -3095,7 +3229,7 @@
|
|
cvsdist |
4d15f3 |
{
|
|
Daniel J Walsh |
129baa |
char hbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
Daniel J Walsh |
129baa |
sprintf (p, "%*s ", inode_number_width,
|
|
Daniel J Walsh |
129baa |
- umaxtostr (f->stat.st_ino, hbuf));
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed ? "?" : umaxtostr (f->stat.st_ino, hbuf));
|
|
Daniel J Walsh |
129baa |
p += inode_number_width + 1;
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
@@ -3103,8 +3237,10 @@
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
char hbuf[LONGEST_HUMAN_READABLE + 1];
|
|
Daniel J Walsh |
129baa |
sprintf (p, "%*s ", block_size_width,
|
|
Daniel J Walsh |
129baa |
- human_readable (ST_NBLOCKS (f->stat), hbuf, human_output_opts,
|
|
Daniel J Walsh |
129baa |
- ST_NBLOCKSIZE, output_block_size));
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed
|
|
Daniel J Walsh |
129baa |
+ ? "?"
|
|
Daniel J Walsh |
129baa |
+ : human_readable (ST_NBLOCKS (f->stat), hbuf, human_output_opts,
|
|
Daniel J Walsh |
129baa |
+ ST_NBLOCKSIZE, output_block_size));
|
|
Daniel J Walsh |
129baa |
p += block_size_width + 1;
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
@@ -3113,10 +3249,18 @@
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
char hbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
Daniel J Walsh |
129baa |
sprintf (p, "%s %*s ", modebuf, nlink_width,
|
|
Daniel J Walsh |
129baa |
- umaxtostr (f->stat.st_nlink, hbuf));
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed ? "?" : umaxtostr (f->stat.st_nlink, hbuf));
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
p += sizeof modebuf + nlink_width + 1;
|
|
cvsdist |
4d15f3 |
|
|
cvsdist |
5adf0d |
+#ifdef WITH_SELINUX
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+ if ( print_scontext ) {
|
|
Daniel J Walsh |
129baa |
+ sprintf (p, "%-32s ", f->scontext ?: "");
|
|
Daniel J Walsh |
129baa |
+ p += strlen (p);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
DIRED_INDENT ();
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
if (print_owner | print_group | print_author)
|
|
Daniel J Walsh |
129baa |
@@ -3124,18 +3268,19 @@
|
|
Daniel J Walsh |
129baa |
DIRED_FPUTS (buf, stdout, p - buf);
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
if (print_owner)
|
|
Daniel J Walsh |
129baa |
- format_user (f->stat.st_uid, owner_width);
|
|
Daniel J Walsh |
129baa |
+ format_user (f->stat.st_uid, owner_width, f->stat_failed);
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
if (print_group)
|
|
Daniel J Walsh |
129baa |
- format_group (f->stat.st_gid, group_width);
|
|
Daniel J Walsh |
129baa |
+ format_group (f->stat.st_gid, group_width, f->stat_failed);
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
if (print_author)
|
|
Daniel J Walsh |
129baa |
- format_user (f->stat.st_author, author_width);
|
|
Daniel J Walsh |
129baa |
+ format_user (f->stat.st_author, author_width, f->stat_failed);
|
|
cvsdist |
5adf0d |
|
|
Daniel J Walsh |
129baa |
p = buf;
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
- if (S_ISCHR (f->stat.st_mode) || S_ISBLK (f->stat.st_mode))
|
|
Daniel J Walsh |
129baa |
+ if (!f->stat_failed
|
|
Daniel J Walsh |
129baa |
+ && (S_ISCHR (f->stat.st_mode) || S_ISBLK (f->stat.st_mode)))
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
char majorbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
Daniel J Walsh |
129baa |
char minorbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
Daniel J Walsh |
129baa |
@@ -3153,13 +3298,15 @@
|
|
Daniel J Walsh |
129baa |
char hbuf[LONGEST_HUMAN_READABLE + 1];
|
|
Daniel J Walsh |
129baa |
uintmax_t size = unsigned_file_size (f->stat.st_size);
|
|
Daniel J Walsh |
129baa |
sprintf (p, "%*s ", file_size_width,
|
|
Daniel J Walsh |
129baa |
- human_readable (size, hbuf, human_output_opts,
|
|
Daniel J Walsh |
129baa |
- 1, file_output_block_size));
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed
|
|
Daniel J Walsh |
129baa |
+ ? "?"
|
|
Daniel J Walsh |
129baa |
+ : human_readable (size, hbuf, human_output_opts,
|
|
Daniel J Walsh |
129baa |
+ 1, file_output_block_size));
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
p += file_size_width + 1;
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
- if ((when_local = localtime (&when)))
|
|
Daniel J Walsh |
129baa |
+ if (!f->stat_failed && (when_local = localtime (&when)))
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
time_t six_months_ago;
|
|
Daniel J Walsh |
129baa |
int recent;
|
|
Daniel J Walsh |
129baa |
@@ -3214,15 +3361,17 @@
|
|
Daniel J Walsh |
129baa |
print it as a huge integer number of seconds. */
|
|
Daniel J Walsh |
129baa |
char hbuf[INT_BUFSIZE_BOUND (intmax_t)];
|
|
Daniel J Walsh |
129baa |
sprintf (p, "%*s ", long_time_expected_width (),
|
|
Daniel J Walsh |
129baa |
- (TYPE_SIGNED (time_t)
|
|
Daniel J Walsh |
129baa |
- ? imaxtostr (when, hbuf)
|
|
Daniel J Walsh |
129baa |
- : umaxtostr (when, hbuf)));
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed
|
|
Daniel J Walsh |
129baa |
+ ? "?"
|
|
Daniel J Walsh |
129baa |
+ : (TYPE_SIGNED (time_t)
|
|
Daniel J Walsh |
129baa |
+ ? imaxtostr (when, hbuf)
|
|
Daniel J Walsh |
129baa |
+ : umaxtostr (when, hbuf)));
|
|
Daniel J Walsh |
129baa |
p += strlen (p);
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
DIRED_FPUTS (buf, stdout, p - buf);
|
|
Daniel J Walsh |
129baa |
print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
|
|
Daniel J Walsh |
129baa |
- &dired_obstack);
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed, &dired_obstack);
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
if (f->filetype == symbolic_link)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -3230,7 +3379,7 @@
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
DIRED_FPUTS_LITERAL (" -> ", stdout);
|
|
Daniel J Walsh |
129baa |
print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1,
|
|
Daniel J Walsh |
129baa |
- NULL);
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed, NULL);
|
|
Daniel J Walsh |
129baa |
if (indicator_style != none)
|
|
Daniel J Walsh |
129baa |
print_type_indicator (f->linkmode);
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
@@ -3412,10 +3561,10 @@
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
print_name_with_quoting (const char *p, mode_t mode, int linkok,
|
|
Daniel J Walsh |
129baa |
- struct obstack *stack)
|
|
Daniel J Walsh |
129baa |
+ int stat_failed, struct obstack *stack)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
if (print_with_color)
|
|
Daniel J Walsh |
129baa |
- print_color_indicator (p, mode, linkok);
|
|
Daniel J Walsh |
129baa |
+ print_color_indicator (p, mode, linkok, stat_failed);
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
if (stack)
|
|
Daniel J Walsh |
129baa |
PUSH_CURRENT_DIRED_POS (stack);
|
|
Daniel J Walsh |
129baa |
@@ -3460,7 +3609,8 @@
|
|
Daniel J Walsh |
129baa |
human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
|
|
Daniel J Walsh |
129baa |
ST_NBLOCKSIZE, output_block_size));
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
- print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok, NULL);
|
|
Daniel J Walsh |
129baa |
+ print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed, NULL);
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
if (indicator_style != none)
|
|
Daniel J Walsh |
129baa |
print_type_indicator (f->stat.st_mode);
|
|
Daniel J Walsh |
129baa |
@@ -3499,7 +3649,8 @@
|
|
Daniel J Walsh |
129baa |
}
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
static void
|
|
Daniel J Walsh |
129baa |
-print_color_indicator (const char *name, mode_t mode, int linkok)
|
|
Daniel J Walsh |
129baa |
+print_color_indicator (const char *name, mode_t mode, int linkok,
|
|
Daniel J Walsh |
129baa |
+ int stat_failed)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
int type = C_FILE;
|
|
Daniel J Walsh |
129baa |
struct color_ext_type *ext; /* Color extension */
|
|
Daniel J Walsh |
129baa |
@@ -3536,6 +3687,8 @@
|
|
Daniel J Walsh |
129baa |
type = C_CHR;
|
|
Daniel J Walsh |
129baa |
else if (S_ISDOOR (mode))
|
|
Daniel J Walsh |
129baa |
type = C_DOOR;
|
|
Daniel J Walsh |
129baa |
+ else if (stat_failed)
|
|
Daniel J Walsh |
129baa |
+ type = C_ORPHAN;
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
if ((type == C_FILE) && ((mode & S_ISUID) != 0))
|
|
Daniel J Walsh |
129baa |
type = C_UID;
|
|
Daniel J Walsh |
129baa |
@@ -4037,6 +4190,16 @@
|
|
Daniel J Walsh |
129baa |
-X sort alphabetically by entry extension\n\
|
|
Daniel J Walsh |
129baa |
-1 list one file per line\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
cvsdist |
4d15f3 |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+printf(_("\nSELINUX options:\n\n\
|
|
Daniel J Walsh |
129baa |
+ --lcontext Display security context. Enable -l. Lines\n\
|
|
Daniel J Walsh |
129baa |
+ will probably be too wide for most displays.\n\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context Display security context so it fits on most\n\
|
|
Daniel J Walsh |
129baa |
+ displays. Displays only mode, user, group,\n\
|
|
Daniel J Walsh |
129baa |
+ security context and file name.\n\
|
|
Daniel J Walsh |
129baa |
+ --scontext Display only security context and file name.\n\
|
|
Daniel J Walsh |
129baa |
+\n\n"));
|
|
cvsdist |
4d15f3 |
+#endif
|
|
Daniel J Walsh |
129baa |
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
Daniel J Walsh |
129baa |
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
Daniel J Walsh |
129baa |
fputs (_("\n\
|
|
Daniel J Walsh |
129baa |
@@ -4055,3 +4218,83 @@
|
|
cvsdist |
4d15f3 |
}
|
|
Daniel J Walsh |
129baa |
exit (status);
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
+
|
|
cvsdist |
4d15f3 |
+#ifdef WITH_SELINUX
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+static void
|
|
Daniel J Walsh |
129baa |
+print_scontext_format (const struct fileinfo *f)
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ char modebuf[12];
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
|
|
Daniel J Walsh |
129baa |
+ 1 10-byte mode string,
|
|
Daniel J Walsh |
129baa |
+ 9 spaces, one following each of these fields, and
|
|
Daniel J Walsh |
129baa |
+ 1 trailing NUL byte. */
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
|
|
Daniel J Walsh |
129baa |
+ char *buf = init_bigbuf;
|
|
Daniel J Walsh |
129baa |
+ size_t bufsize = sizeof (init_bigbuf);
|
|
Daniel J Walsh |
129baa |
+ size_t s;
|
|
Daniel J Walsh |
129baa |
+ char *p;
|
|
Daniel J Walsh |
129baa |
+ const char *fmt;
|
|
Daniel J Walsh |
129baa |
+ char *user_name;
|
|
Daniel J Walsh |
129baa |
+ char *group_name;
|
|
Daniel J Walsh |
129baa |
+ int rv;
|
|
Daniel J Walsh |
129baa |
+ char *scontext;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ p = buf;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if ( print_scontext ) { /* zero means terse listing */
|
|
Daniel J Walsh |
129baa |
+ mode_string (f->stat.st_mode, modebuf);
|
|
Daniel J Walsh |
129baa |
+ modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
|
|
Daniel J Walsh |
129baa |
+ modebuf[11] = '\0';
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ /* print mode */
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ (void) sprintf (p, "%s ", modebuf);
|
|
Daniel J Walsh |
129baa |
+ p += strlen (p);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ /* print standard user and group */
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ user_name = f->stat_failed ? "?" :
|
|
Daniel J Walsh |
129baa |
+ (numeric_ids ? NULL : getuser (f->stat.st_uid));
|
|
Daniel J Walsh |
129baa |
+ if (user_name)
|
|
Daniel J Walsh |
129baa |
+ (void) sprintf (p, "%-8.8s ", user_name);
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid);
|
|
Daniel J Walsh |
129baa |
+ p += strlen (p);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if ( print_group ) {
|
|
Daniel J Walsh |
129baa |
+ group_name = f->stat_failed ? "?" :
|
|
Daniel J Walsh |
129baa |
+ (numeric_ids ? NULL : getgroup (f->stat.st_gid));
|
|
Daniel J Walsh |
129baa |
+ if (group_name)
|
|
Daniel J Walsh |
129baa |
+ (void) sprintf (p, "%-8.8s ", group_name);
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid);
|
|
Daniel J Walsh |
129baa |
+ p += strlen (p);
|
|
cvsdist |
5adf0d |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ (void) sprintf (p, "%-32s ", f->scontext ?: "");
|
|
Daniel J Walsh |
129baa |
+ p += strlen (p);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ DIRED_INDENT ();
|
|
Daniel J Walsh |
129baa |
+ DIRED_FPUTS (buf, stdout, p - buf);
|
|
Daniel J Walsh |
129baa |
+ print_name_with_quoting (f->name, f->stat.st_mode, f->linkok,
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed, &dired_obstack);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (f->filetype == symbolic_link) {
|
|
Daniel J Walsh |
129baa |
+ if (f->linkname) {
|
|
Daniel J Walsh |
129baa |
+ DIRED_FPUTS_LITERAL (" -> ", stdout);
|
|
Daniel J Walsh |
129baa |
+ print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1,
|
|
Daniel J Walsh |
129baa |
+ f->stat_failed, NULL);
|
|
Daniel J Walsh |
129baa |
+ if (indicator_style != none)
|
|
Daniel J Walsh |
129baa |
+ print_type_indicator (f->linkmode);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+ }
|
|
Daniel J Walsh |
129baa |
+ else {
|
|
Daniel J Walsh |
129baa |
+ if (indicator_style != none)
|
|
Daniel J Walsh |
129baa |
+ print_type_indicator (f->stat.st_mode);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+}
|
|
cvsdist |
4d15f3 |
+#endif
|
|
Daniel J Walsh |
fee87d |
--- /dev/null 2004-12-29 02:13:24.827638832 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/chcon.c 2004-12-29 12:24:03.430857317 -0500
|
|
Daniel J Walsh |
129baa |
@@ -0,0 +1,421 @@
|
|
Daniel J Walsh |
129baa |
+/* chcontext -- change security context of a pathname */
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+#include <config.h>
|
|
Daniel J Walsh |
129baa |
+#include <stdio.h>
|
|
Daniel J Walsh |
129baa |
+#include <sys/types.h>
|
|
Daniel J Walsh |
129baa |
+#include <grp.h>
|
|
Daniel J Walsh |
129baa |
+#include <getopt.h>
|
|
cvsdist |
4d15f3 |
+#include <selinux/selinux.h>
|
|
Daniel J Walsh |
129baa |
+#include <selinux/context.h>
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+#include "system.h"
|
|
Daniel J Walsh |
129baa |
+#include "error.h"
|
|
Daniel J Walsh |
129baa |
+#include "savedir.h"
|
|
Daniel J Walsh |
129baa |
+#include "group-member.h"
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+enum Change_status
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ CH_SUCCEEDED,
|
|
Daniel J Walsh |
129baa |
+ CH_FAILED,
|
|
Daniel J Walsh |
129baa |
+ CH_NO_CHANGE_REQUESTED
|
|
Daniel J Walsh |
129baa |
+};
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+enum Verbosity
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ /* Print a message for each file that is processed. */
|
|
Daniel J Walsh |
129baa |
+ V_high,
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ /* Print a message for each file whose attributes we change. */
|
|
Daniel J Walsh |
129baa |
+ V_changes_only,
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ /* Do not be verbose. This is the default. */
|
|
Daniel J Walsh |
129baa |
+ V_off
|
|
Daniel J Walsh |
129baa |
+};
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+static int change_dir_context (const char *dir, const struct stat *statp);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* The name the program was run with. */
|
|
Daniel J Walsh |
129baa |
+char *program_name;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* If nonzero, and the systems has support for it, change the context
|
|
Daniel J Walsh |
129baa |
+ of symbolic links rather than any files they point to. */
|
|
Daniel J Walsh |
129baa |
+static int change_symlinks;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* If nonzero, change the context of directories recursively. */
|
|
Daniel J Walsh |
129baa |
+static int recurse;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* If nonzero, force silence (no error messages). */
|
|
Daniel J Walsh |
129baa |
+static int force_silent;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* Level of verbosity. */
|
|
Daniel J Walsh |
129baa |
+static enum Verbosity verbosity = V_off;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* The name of the context file is being given. */
|
|
Daniel J Walsh |
129baa |
+static const char *specified_context;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* Specific components of the context */
|
|
Daniel J Walsh |
129baa |
+static const char *specified_user;
|
|
Daniel J Walsh |
129baa |
+static const char *specified_role;
|
|
Daniel J Walsh |
129baa |
+static const char *specified_range;
|
|
Daniel J Walsh |
129baa |
+static const char *specified_type;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* The argument to the --reference option. Use the context of this file.
|
|
Daniel J Walsh |
129baa |
+ This file must exist. */
|
|
Daniel J Walsh |
129baa |
+static char *reference_file;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* If nonzero, display usage information and exit. */
|
|
Daniel J Walsh |
129baa |
+static int show_help;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* If nonzero, print the version on standard output and exit. */
|
|
Daniel J Walsh |
129baa |
+static int show_version;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+static struct option const long_options[] =
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ {"recursive", no_argument, 0, 'R'},
|
|
Daniel J Walsh |
129baa |
+ {"changes", no_argument, 0, 'c'},
|
|
Daniel J Walsh |
129baa |
+ {"no-dereference", no_argument, 0, 'h'},
|
|
Daniel J Walsh |
129baa |
+ {"silent", no_argument, 0, 'f'},
|
|
Daniel J Walsh |
129baa |
+ {"quiet", no_argument, 0, 'f'},
|
|
Daniel J Walsh |
129baa |
+ {"reference", required_argument, 0, CHAR_MAX + 1},
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, 0, CHAR_MAX + 2},
|
|
Daniel J Walsh |
129baa |
+ {"user", required_argument, 0, 'u'},
|
|
Daniel J Walsh |
129baa |
+ {"role", required_argument, 0, 'r'},
|
|
Daniel J Walsh |
129baa |
+ {"type", required_argument, 0, 't'},
|
|
Daniel J Walsh |
129baa |
+ {"range", required_argument, 0, 'l'},
|
|
Daniel J Walsh |
129baa |
+ {"verbose", no_argument, 0, 'v'},
|
|
Daniel J Walsh |
129baa |
+ {"help", no_argument, &show_help, 1},
|
|
Daniel J Walsh |
129baa |
+ {"version", no_argument, &show_version, 1},
|
|
Daniel J Walsh |
129baa |
+ {0, 0, 0, 0}
|
|
Daniel J Walsh |
129baa |
+};
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* Tell the user how/if the context of FILE has been changed.
|
|
Daniel J Walsh |
129baa |
+ CHANGED describes what (if anything) has happened. */
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+static void
|
|
Daniel J Walsh |
129baa |
+describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ const char *fmt;
|
|
Daniel J Walsh |
129baa |
+ switch (changed)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ case CH_SUCCEEDED:
|
|
Daniel J Walsh |
129baa |
+ fmt = _("context of %s changed to %s\n");
|
|
cvsdist |
4d15f3 |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case CH_FAILED:
|
|
Daniel J Walsh |
129baa |
+ fmt = _("failed to change context of %s to %s\n");
|
|
cvsdist |
4d15f3 |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case CH_NO_CHANGE_REQUESTED:
|
|
Daniel J Walsh |
129baa |
+ fmt = _("context of %s retained as %s\n");
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ default:
|
|
Daniel J Walsh |
129baa |
+ abort ();
|
|
cvsdist |
5adf0d |
+ }
|
|
Daniel J Walsh |
129baa |
+ printf (fmt, file, newcontext);
|
|
Daniel J Walsh |
129baa |
+}
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+static int
|
|
Daniel J Walsh |
129baa |
+compute_context_from_mask (security_context_t context, context_t *ret)
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ context_t newcontext = context_new (context);
|
|
Daniel J Walsh |
129baa |
+ if (!newcontext)
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+#define SETCOMPONENT(comp) \
|
|
Daniel J Walsh |
129baa |
+ do { \
|
|
Daniel J Walsh |
129baa |
+ if (specified_ ## comp) \
|
|
Daniel J Walsh |
129baa |
+ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
|
|
Daniel J Walsh |
129baa |
+ goto lose; \
|
|
Daniel J Walsh |
129baa |
+ } while (0)
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ SETCOMPONENT(user);
|
|
Daniel J Walsh |
129baa |
+ SETCOMPONENT(range);
|
|
Daniel J Walsh |
129baa |
+ SETCOMPONENT(role);
|
|
Daniel J Walsh |
129baa |
+ SETCOMPONENT(type);
|
|
Daniel J Walsh |
129baa |
+#undef SETCOMPONENT
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ *ret = newcontext;
|
|
Daniel J Walsh |
129baa |
+ return 0;
|
|
Daniel J Walsh |
129baa |
+ lose:
|
|
Daniel J Walsh |
129baa |
+ context_free (newcontext);
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
cvsdist |
4d15f3 |
+}
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+/* Change the context of FILE, using specified components.
|
|
Daniel J Walsh |
129baa |
+ If it is a directory and -R is given, recurse.
|
|
Daniel J Walsh |
129baa |
+ Return 0 if successful, 1 if errors occurred. */
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+static int
|
|
Daniel J Walsh |
129baa |
+change_file_context (const char *file)
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ struct stat file_stats;
|
|
Daniel J Walsh |
129baa |
+ security_context_t file_context=NULL;
|
|
Daniel J Walsh |
129baa |
+ context_t context;
|
|
Daniel J Walsh |
129baa |
+ security_context_t context_string;
|
|
Daniel J Walsh |
129baa |
+ int errors = 0;
|
|
Daniel J Walsh |
129baa |
+ int status = 0;
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ if (change_symlinks)
|
|
Daniel J Walsh |
129baa |
+ status = lgetfilecon(file, &file_context);
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ status = getfilecon(file, &file_context);
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ if ((status < 0) && (errno != ENODATA))
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if (force_silent == 0)
|
|
Daniel J Walsh |
129baa |
+ error (0, errno, "%s", file);
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ /* If the file doesn't have a context, and we're not setting all of
|
|
Daniel J Walsh |
129baa |
+ the context components, there isn't really an obvious default.
|
|
Daniel J Walsh |
129baa |
+ Thus, we just give up. */
|
|
Daniel J Walsh |
129baa |
+ if (file_context == NULL && specified_context == NULL)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (specified_context == NULL)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if (compute_context_from_mask (file_context, &context))
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ error (0, 0, _("couldn't compute security context from %s"), file_context);
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ context = context_new (specified_context);
|
|
Daniel J Walsh |
129baa |
+ if (!context)
|
|
Daniel J Walsh |
129baa |
+ error (1, 0,_("invalid context: %s"),specified_context);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ context_string = context_str (context);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (file_context == NULL || strcmp(context_string,file_context)!=0)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ int fail;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (change_symlinks)
|
|
Daniel J Walsh |
129baa |
+ fail = lsetfilecon (file, context_string);
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ fail = setfilecon (file, context_string);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (verbosity == V_high || (verbosity == V_changes_only && !fail))
|
|
Daniel J Walsh |
129baa |
+ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (fail)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ errors = 1;
|
|
Daniel J Walsh |
129baa |
+ if (force_silent == 0)
|
|
cvsdist |
4d15f3 |
+ {
|
|
Daniel J Walsh |
129baa |
+ error (0, errno, _("failed to change context of %s to %s"), file, context_string);
|
|
cvsdist |
4d15f3 |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ else if (verbosity == V_high)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ context_free(context);
|
|
Daniel J Walsh |
129baa |
+ freecon(file_context);
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ if (recurse) {
|
|
Daniel J Walsh |
129baa |
+ if (lstat(file, &file_stats)==0)
|
|
Daniel J Walsh |
129baa |
+ if (S_ISDIR (file_stats.st_mode))
|
|
Daniel J Walsh |
129baa |
+ errors |= change_dir_context (file, &file_stats);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ return errors;
|
|
Daniel J Walsh |
129baa |
+}
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+/* Recursively change context of the files in directory DIR
|
|
Daniel J Walsh |
129baa |
+ using specified context components.
|
|
Daniel J Walsh |
129baa |
+ STATP points to the results of lstat on DIR.
|
|
Daniel J Walsh |
129baa |
+ Return 0 if successful, 1 if errors occurred. */
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+static int
|
|
Daniel J Walsh |
129baa |
+change_dir_context (const char *dir, const struct stat *statp)
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ char *name_space, *namep;
|
|
Daniel J Walsh |
129baa |
+ char *path; /* Full path of each entry to process. */
|
|
Daniel J Walsh |
129baa |
+ unsigned dirlength; /* Length of `dir' and '\0'. */
|
|
Daniel J Walsh |
129baa |
+ unsigned filelength; /* Length of each pathname to process. */
|
|
Daniel J Walsh |
129baa |
+ unsigned pathlength; /* Bytes allocated for `path'. */
|
|
Daniel J Walsh |
129baa |
+ int errors = 0;
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+ errno = 0;
|
|
Daniel J Walsh |
129baa |
+ name_space = savedir (dir);
|
|
Daniel J Walsh |
129baa |
+ if (name_space == NULL)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if (errno)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if (force_silent == 0)
|
|
Daniel J Walsh |
129baa |
+ error (0, errno, "%s", dir);
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ error (1, 0, _("virtual memory exhausted"));
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
|
|
Daniel J Walsh |
129baa |
+ pathlength = dirlength + 1;
|
|
Daniel J Walsh |
129baa |
+ /* Give `path' a dummy value; it will be reallocated before first use. */
|
|
Daniel J Walsh |
129baa |
+ path = xmalloc (pathlength);
|
|
Daniel J Walsh |
129baa |
+ strcpy (path, dir);
|
|
Daniel J Walsh |
129baa |
+ path[dirlength - 1] = '/';
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ for (namep = name_space; *namep; namep += filelength - dirlength)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ filelength = dirlength + strlen (namep) + 1;
|
|
Daniel J Walsh |
129baa |
+ if (filelength > pathlength)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ pathlength = filelength * 2;
|
|
Daniel J Walsh |
129baa |
+ path = xrealloc (path, pathlength);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ strcpy (path + dirlength, namep);
|
|
Daniel J Walsh |
129baa |
+ errors |= change_file_context (path);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ free (path);
|
|
Daniel J Walsh |
129baa |
+ free (name_space);
|
|
Daniel J Walsh |
129baa |
+ return errors;
|
|
Daniel J Walsh |
129baa |
+}
|
|
cvsdist |
5adf0d |
+
|
|
cvsdist |
4d15f3 |
+static void
|
|
Daniel J Walsh |
129baa |
+usage (int status)
|
|
cvsdist |
4d15f3 |
+{
|
|
Daniel J Walsh |
129baa |
+ if (status != 0)
|
|
Daniel J Walsh |
129baa |
+ fprintf (stderr, _("Try `%s --help' for more information.\n"),
|
|
Daniel J Walsh |
129baa |
+ program_name);
|
|
Daniel J Walsh |
129baa |
+ else
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ printf (_("\
|
|
Daniel J Walsh |
129baa |
+Usage: %s [OPTION]... CONTEXT FILE...\n\
|
|
Daniel J Walsh |
129baa |
+ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
|
|
Daniel J Walsh |
129baa |
+ or: %s [OPTION]... --reference=RFILE FILE...\n\
|
|
Daniel J Walsh |
129baa |
+"),
|
|
Daniel J Walsh |
129baa |
+ program_name, program_name, program_name);
|
|
Daniel J Walsh |
129baa |
+ printf (_("\
|
|
Daniel J Walsh |
129baa |
+Change the security context of each FILE to CONTEXT.\n\
|
|
Daniel J Walsh |
129baa |
+\n\
|
|
Daniel J Walsh |
129baa |
+ -c, --changes like verbose but report only when a change is made\n\
|
|
Daniel J Walsh |
129baa |
+ -h, --no-dereference affect symbolic links instead of any referenced file\n\
|
|
Daniel J Walsh |
129baa |
+ (available only on systems with lchown system call)\n\
|
|
Daniel J Walsh |
129baa |
+ -f, --silent, --quiet suppress most error messages\n\
|
|
Daniel J Walsh |
129baa |
+ --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
|
|
Daniel J Walsh |
129baa |
+ -u, --user=USER set user USER in the target security context\n\
|
|
Daniel J Walsh |
129baa |
+ -r, --role=ROLE set role ROLE in the target security context\n\
|
|
Daniel J Walsh |
129baa |
+ -t, --type=TYPE set type TYPE in the target security context\n\
|
|
Daniel J Walsh |
129baa |
+ -l, --range=RANGE set range RANGE in the target security context\n\
|
|
Daniel J Walsh |
129baa |
+ -R, --recursive change files and directories recursively\n\
|
|
Daniel J Walsh |
129baa |
+ -v, --verbose output a diagnostic for every file processed\n\
|
|
Daniel J Walsh |
129baa |
+ --help display this help and exit\n\
|
|
Daniel J Walsh |
129baa |
+ --version output version information and exit\n\
|
|
Daniel J Walsh |
129baa |
+"));
|
|
Daniel J Walsh |
129baa |
+ close_stdout ();
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ exit (status);
|
|
Daniel J Walsh |
129baa |
+}
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+int
|
|
Daniel J Walsh |
129baa |
+main (int argc, char **argv)
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ security_context_t ref_context = NULL;
|
|
Daniel J Walsh |
129baa |
+ int errors = 0;
|
|
Daniel J Walsh |
129baa |
+ int optc;
|
|
Daniel J Walsh |
129baa |
+ int component_specified = 0;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ program_name = argv[0];
|
|
Daniel J Walsh |
129baa |
+ setlocale (LC_ALL, "");
|
|
Daniel J Walsh |
129baa |
+ bindtextdomain (PACKAGE, LOCALEDIR);
|
|
Daniel J Walsh |
129baa |
+ textdomain (PACKAGE);
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ recurse = force_silent = 0;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ switch (optc)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ case 0:
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'u':
|
|
Daniel J Walsh |
129baa |
+ specified_user = optarg;
|
|
Daniel J Walsh |
129baa |
+ component_specified = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'r':
|
|
Daniel J Walsh |
129baa |
+ specified_role = optarg;
|
|
Daniel J Walsh |
129baa |
+ component_specified = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 't':
|
|
Daniel J Walsh |
129baa |
+ specified_type = optarg;
|
|
Daniel J Walsh |
129baa |
+ component_specified = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'l':
|
|
Daniel J Walsh |
129baa |
+ specified_range = optarg;
|
|
Daniel J Walsh |
129baa |
+ component_specified = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case CHAR_MAX + 1:
|
|
Daniel J Walsh |
129baa |
+ reference_file = optarg;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'R':
|
|
Daniel J Walsh |
129baa |
+ recurse = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'c':
|
|
Daniel J Walsh |
129baa |
+ verbosity = V_changes_only;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'f':
|
|
Daniel J Walsh |
129baa |
+ force_silent = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'h':
|
|
Daniel J Walsh |
129baa |
+ change_symlinks = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ case 'v':
|
|
Daniel J Walsh |
129baa |
+ verbosity = V_high;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ default:
|
|
Daniel J Walsh |
129baa |
+ usage (1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ if (show_version)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
|
|
Daniel J Walsh |
129baa |
+ close_stdout ();
|
|
Daniel J Walsh |
129baa |
+ exit (0);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+ if (show_help)
|
|
Daniel J Walsh |
129baa |
+ usage (0);
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (reference_file && component_specified)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ error (0, 0, _("conflicting security context specifiers given"));
|
|
Daniel J Walsh |
129baa |
+ usage (1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
cvsdist |
4d15f3 |
+
|
|
Daniel J Walsh |
129baa |
+ if (!(((reference_file || component_specified)
|
|
Daniel J Walsh |
129baa |
+ && (argc - optind > 0))
|
|
Daniel J Walsh |
129baa |
+ || (argc - optind > 1)))
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ error (0, 0, _("too few arguments"));
|
|
Daniel J Walsh |
129baa |
+ usage (1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (reference_file)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if (getfilecon (reference_file, &ref_context)<0)
|
|
Daniel J Walsh |
129baa |
+ error (1, errno, "%s", reference_file);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ specified_context = ref_context;
|
|
cvsdist |
5adf0d |
+ }
|
|
Daniel J Walsh |
129baa |
+ else if (!component_specified) {
|
|
Daniel J Walsh |
129baa |
+ specified_context = argv[optind++];
|
|
cvsdist |
5adf0d |
+ }
|
|
Daniel J Walsh |
129baa |
+ for (; optind < argc; ++optind)
|
|
Daniel J Walsh |
129baa |
+ errors |= change_file_context (argv[optind]);
|
|
cvsdist |
5adf0d |
+
|
|
Daniel J Walsh |
129baa |
+ if (verbosity != V_off)
|
|
Daniel J Walsh |
129baa |
+ close_stdout ();
|
|
Daniel J Walsh |
129baa |
+ if (ref_context != NULL)
|
|
Daniel J Walsh |
129baa |
+ freecon(ref_context);
|
|
Daniel J Walsh |
129baa |
+ exit (errors);
|
|
Daniel J Walsh |
129baa |
+}
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/id.c.selinux 2004-12-29 12:24:03.287873419 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/id.c 2004-12-29 12:24:03.432857091 -0500
|
|
Daniel J Walsh |
129baa |
@@ -45,6 +45,20 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
int getugroups ();
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h>
|
|
Daniel J Walsh |
129baa |
+static void print_context (char* context);
|
|
Daniel J Walsh |
129baa |
+/* Print the SELinux context */
|
|
Daniel J Walsh |
129baa |
+static void
|
|
Daniel J Walsh |
129baa |
+print_context(char *context)
|
|
Daniel J Walsh |
129baa |
+{
|
|
Daniel J Walsh |
129baa |
+ printf ("%s", context);
|
|
Daniel J Walsh |
129baa |
+}
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+/* If nonzero, output only the SELinux context. -Z */
|
|
Daniel J Walsh |
129baa |
+static int just_context = 0;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
static void print_user (uid_t uid);
|
|
Daniel J Walsh |
129baa |
static void print_group (gid_t gid);
|
|
Daniel J Walsh |
129baa |
static void print_group_list (const char *username);
|
|
Daniel J Walsh |
129baa |
@@ -63,8 +77,14 @@
|
|
Daniel J Walsh |
129baa |
/* Nonzero if errors have been encountered. */
|
|
Daniel J Walsh |
129baa |
static int problems = 0;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+/* The SELinux context */
|
|
Daniel J Walsh |
129baa |
+/* Set `context' to a known invalid value so print_full_info() will *
|
|
Daniel J Walsh |
129baa |
+ * know when `context' has not been set to a meaningful value. */
|
|
Daniel J Walsh |
129baa |
+static security_context_t context=NULL;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
static struct option const longopts[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
+ {"context", no_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
{"group", no_argument, NULL, 'g'},
|
|
Daniel J Walsh |
129baa |
{"groups", no_argument, NULL, 'G'},
|
|
Daniel J Walsh |
129baa |
{"name", no_argument, NULL, 'n'},
|
|
Daniel J Walsh |
129baa |
@@ -88,6 +108,7 @@
|
|
Daniel J Walsh |
129baa |
Print information for USERNAME, or the current user.\n\
|
|
Daniel J Walsh |
129baa |
\n\
|
|
Daniel J Walsh |
129baa |
-a ignore, for compatibility with other versions\n\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context print only the context\n\
|
|
Daniel J Walsh |
129baa |
-g, --group print only the effective group ID\n\
|
|
Daniel J Walsh |
129baa |
-G, --groups print all group IDs\n\
|
|
Daniel J Walsh |
129baa |
-n, --name print a name instead of a number, for -ugG\n\
|
|
Daniel J Walsh |
129baa |
@@ -109,6 +130,7 @@
|
|
Daniel J Walsh |
129baa |
main (int argc, char **argv)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
int optc;
|
|
Daniel J Walsh |
129baa |
+ int selinux_enabled=(is_selinux_enabled()>0);
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* If nonzero, output the list of all group IDs. -G */
|
|
Daniel J Walsh |
129baa |
int just_group_list = 0;
|
|
Daniel J Walsh |
129baa |
@@ -127,7 +149,7 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
atexit (close_stdout);
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (optc)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -136,6 +158,17 @@
|
|
Daniel J Walsh |
129baa |
case 'a':
|
|
Daniel J Walsh |
129baa |
/* Ignore -a, for compatibility with SVR4. */
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Daniel J Walsh |
129baa |
+ if( !selinux_enabled ) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Daniel J Walsh |
129baa |
+ "a selinux-enabled kernel.\n" );
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ just_context = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case 'g':
|
|
Daniel J Walsh |
129baa |
just_group = 1;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
@@ -158,8 +191,28 @@
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
- if (just_user + just_group + just_group_list > 1)
|
|
Daniel J Walsh |
129baa |
- error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (argc - optind == 1)
|
|
Daniel J Walsh |
129baa |
+ selinux_enabled = 0;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if( just_context && !selinux_enabled)
|
|
Daniel J Walsh |
129baa |
+ error (1, 0, _("\
|
|
Daniel J Walsh |
129baa |
+cannot display context when selinux not enabled or when displaying the id\n\
|
|
Daniel J Walsh |
129baa |
+of a different user"));
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ /* If we are on a selinux-enabled kernel, get our context. *
|
|
Daniel J Walsh |
129baa |
+ * Otherwise, leave the context variable alone - it has *
|
|
Daniel J Walsh |
129baa |
+ * been initialized known invalid value; if we see this invalid *
|
|
Daniel J Walsh |
129baa |
+ * value later, we will know we are on a non-selinux kernel. */
|
|
Daniel J Walsh |
129baa |
+ if( selinux_enabled )
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if (getcon(&context))
|
|
Daniel J Walsh |
129baa |
+ error (1, 0, "can't get process context");
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (just_user + just_group + just_group_list + just_context > 1)
|
|
Daniel J Walsh |
129baa |
+ error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
if (just_user + just_group + just_group_list == 0 && (use_real || use_name))
|
|
Daniel J Walsh |
129baa |
error (EXIT_FAILURE, 0,
|
|
Daniel J Walsh |
129baa |
@@ -190,6 +243,10 @@
|
|
Daniel J Walsh |
129baa |
print_group (use_real ? rgid : egid);
|
|
Daniel J Walsh |
129baa |
else if (just_group_list)
|
|
Daniel J Walsh |
129baa |
print_group_list (argv[optind]);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ else if (just_context)
|
|
Daniel J Walsh |
129baa |
+ print_context (context);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
else
|
|
Daniel J Walsh |
129baa |
print_full_info (argv[optind]);
|
|
Daniel J Walsh |
129baa |
putchar ('\n');
|
|
Daniel J Walsh |
129baa |
@@ -419,4 +476,9 @@
|
|
Daniel J Walsh |
129baa |
free (groups);
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
#endif /* HAVE_GETGROUPS */
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if ( context != NULL ) {
|
|
Daniel J Walsh |
129baa |
+ printf(" context=%s",context);
|
|
cvsdist |
5adf0d |
+ }
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/install.c.selinux 2004-12-29 12:24:02.850922625 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/install.c 2004-12-29 12:24:47.138935019 -0500
|
|
Daniel J Walsh |
fee87d |
@@ -47,6 +47,43 @@
|
|
Daniel J Walsh |
129baa |
# include <sys/wait.h>
|
|
Daniel J Walsh |
129baa |
#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Daniel J Walsh |
129baa |
+int selinux_enabled=0;
|
|
Daniel J Walsh |
fee87d |
+static int use_default_selinux_context = 1;
|
|
Daniel J Walsh |
129baa |
+/* Modify file context to match the specified policy,
|
|
Daniel J Walsh |
129baa |
+ If an error occurs the file will remain with the default directory
|
|
Daniel J Walsh |
129baa |
+ context.*/
|
|
Daniel J Walsh |
fee87d |
+static void setdefaultfilecon(const char *path) {
|
|
Daniel J Walsh |
129baa |
+ struct stat st;
|
|
Daniel J Walsh |
129baa |
+ security_context_t scontext=NULL;
|
|
Daniel J Walsh |
129baa |
+ if (selinux_enabled != 1) {
|
|
Daniel J Walsh |
129baa |
+ /* Indicate no context found. */
|
|
Daniel J Walsh |
fee87d |
+ return;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ if (lstat(path, &st) != 0)
|
|
Daniel J Walsh |
fee87d |
+ return;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ /* If there's an error determining the context, or it has none,
|
|
Daniel J Walsh |
fee87d |
+ return to allow default context */
|
|
Daniel J Walsh |
129baa |
+ if ((matchpathcon(path, st.st_mode, &scontext) != 0) ||
|
|
Daniel J Walsh |
fee87d |
+ (strcmp(scontext, "<<none>>") == 0)) {
|
|
Daniel J Walsh |
129baa |
+ if (scontext != NULL) {
|
|
Daniel J Walsh |
129baa |
+ freecon(scontext);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
fee87d |
+ return;
|
|
Daniel J Walsh |
fee87d |
+ }
|
|
Daniel J Walsh |
fee87d |
+ if (lsetfilecon(path, scontext) < 0) {
|
|
Daniel J Walsh |
fee87d |
+ if (errno != ENOTSUP) {
|
|
Daniel J Walsh |
fee87d |
+ error (0, errno,
|
|
Daniel J Walsh |
fee87d |
+ _("warning: failed to change context of %s to %s"), path, scontext);
|
|
Daniel J Walsh |
fee87d |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ freecon(scontext);
|
|
Daniel J Walsh |
fee87d |
+ return;
|
|
cvsdist |
5adf0d |
+}
|
|
cvsdist |
4d15f3 |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
struct passwd *getpwnam ();
|
|
Daniel J Walsh |
129baa |
struct group *getgrnam ();
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
fee87d |
@@ -123,11 +160,17 @@
|
|
Daniel J Walsh |
129baa |
static struct option const long_options[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
{"backup", optional_argument, NULL, 'b'},
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{"directory", no_argument, NULL, 'd'},
|
|
Daniel J Walsh |
129baa |
{"group", required_argument, NULL, 'g'},
|
|
Daniel J Walsh |
129baa |
{"mode", required_argument, NULL, 'm'},
|
|
Daniel J Walsh |
129baa |
{"owner", required_argument, NULL, 'o'},
|
|
Daniel J Walsh |
129baa |
{"preserve-timestamps", no_argument, NULL, 'p'},
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"preserve_context", no_argument, NULL, 'P'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{"strip", no_argument, NULL, 's'},
|
|
Daniel J Walsh |
129baa |
{"suffix", required_argument, NULL, 'S'},
|
|
Daniel J Walsh |
129baa |
{"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
|
|
Daniel J Walsh |
fee87d |
@@ -244,6 +287,9 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
x->update = 0;
|
|
Daniel J Walsh |
129baa |
x->verbose = 0;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ x->preserve_security_context = 0;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
x->dest_info = NULL;
|
|
Daniel J Walsh |
129baa |
x->src_info = NULL;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
fee87d |
@@ -261,6 +307,11 @@
|
|
Daniel J Walsh |
129baa |
struct cp_options x;
|
|
Daniel J Walsh |
129baa |
int n_files;
|
|
Daniel J Walsh |
129baa |
char **file;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ security_context_t scontext = NULL;
|
|
Daniel J Walsh |
129baa |
+ /* set iff kernel has extra selinux system calls */
|
|
Daniel J Walsh |
129baa |
+ selinux_enabled = (is_selinux_enabled()>0);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
initialize_main (&argc, &argv);
|
|
Daniel J Walsh |
129baa |
program_name = argv[0];
|
|
Daniel J Walsh |
fee87d |
@@ -282,7 +333,11 @@
|
|
Daniel J Walsh |
129baa |
we'll actually use backup_suffix_string. */
|
|
Daniel J Walsh |
129baa |
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Tim Waugh |
dc03f7 |
+ while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pPvV:S:Z:", long_options,
|
|
Daniel J Walsh |
129baa |
+#else
|
|
Tim Waugh |
dc03f7 |
while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pvV:S:", long_options,
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (optc)
|
|
Daniel J Walsh |
fee87d |
@@ -335,6 +390,41 @@
|
|
Daniel J Walsh |
129baa |
make_backups = 1;
|
|
Daniel J Walsh |
129baa |
backup_suffix_string = optarg;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'P':
|
|
Daniel J Walsh |
129baa |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Daniel J Walsh |
129baa |
+ if( !selinux_enabled ) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Warning: ignoring --preserve_context (-P) "
|
|
Daniel J Walsh |
129baa |
+ "because the kernel is not selinux-enabled.\n" );
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
|
|
Daniel J Walsh |
129baa |
+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], scontext);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ x.preserve_security_context = 1;
|
|
Daniel J Walsh |
fee87d |
+ use_default_selinux_context = 0;
|
|
Daniel J Walsh |
129baa |
+ break ;
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Daniel J Walsh |
129baa |
+ if( !selinux_enabled) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Warning: ignoring --context (-Z) "
|
|
Daniel J Walsh |
129baa |
+ "because the kernel is not selinux-enabled.\n" );
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ if ( x.preserve_security_context ) {
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ scontext = optarg;
|
|
Daniel J Walsh |
fee87d |
+ use_default_selinux_context = 0;
|
|
Daniel J Walsh |
129baa |
+ if (setfscreatecon(scontext)) {
|
|
Daniel J Walsh |
129baa |
+ (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], scontext);
|
|
Daniel J Walsh |
129baa |
+ exit(1);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case_GETOPT_HELP_CHAR;
|
|
Daniel J Walsh |
129baa |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
fee87d |
@@ -564,6 +654,10 @@
|
|
Daniel J Walsh |
129baa |
err = 1;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
fee87d |
+ if (use_default_selinux_context)
|
|
Daniel J Walsh |
fee87d |
+ setdefaultfilecon(path);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
return err;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
fee87d |
@@ -716,6 +810,11 @@
|
|
Daniel J Walsh |
129baa |
-S, --suffix=SUFFIX override the usual backup suffix\n\
|
|
Daniel J Walsh |
129baa |
-v, --verbose print the name of each directory as it is created\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
+ fputs (_("\
|
|
Daniel J Walsh |
129baa |
+ -P, --preserve_context (SELinux) Preserve security context\n\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
|
|
Daniel J Walsh |
129baa |
+"), stdout);
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
Daniel J Walsh |
129baa |
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
Daniel J Walsh |
129baa |
fputs (_("\
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/copy.h.selinux 2004-12-29 12:24:02.853922288 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/copy.h 2004-12-29 12:24:03.435856754 -0500
|
|
Daniel J Walsh |
129baa |
@@ -105,6 +105,9 @@
|
|
Daniel J Walsh |
129baa |
int preserve_ownership;
|
|
Daniel J Walsh |
129baa |
int preserve_mode;
|
|
Daniel J Walsh |
129baa |
int preserve_timestamps;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ int preserve_security_context;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* Enabled for mv, and for cp by the --preserve=links option.
|
|
Daniel J Walsh |
129baa |
If nonzero, attempt to preserve in the destination files any
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/Makefile.am.selinux 2004-12-29 12:24:03.264876008 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/Makefile.am 2004-12-29 12:24:03.436856641 -0500
|
|
Daniel J Walsh |
129baa |
@@ -3,13 +3,13 @@
|
|
Daniel J Walsh |
129baa |
EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
bin_SCRIPTS = groups
|
|
Daniel J Walsh |
129baa |
-bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
|
|
Daniel J Walsh |
129baa |
+bin_PROGRAMS = [ chgrp chown chmod chcon cp dd dircolors du \
|
|
Daniel J Walsh |
129baa |
ginstall link ln dir vdir ls mkdir \
|
|
Daniel J Walsh |
129baa |
mkfifo mknod mv nohup readlink rm rmdir shred stat sync touch unlink \
|
|
Daniel J Walsh |
129baa |
cat cksum comm csplit cut expand fmt fold head join md5sum \
|
|
Daniel J Walsh |
129baa |
nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \
|
|
Daniel J Walsh |
129baa |
basename date dirname echo env expr factor false \
|
|
Daniel J Walsh |
129baa |
- hostname id kill logname pathchk printenv printf pwd seq sleep tee \
|
|
Daniel J Walsh |
129baa |
+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
|
|
Daniel J Walsh |
129baa |
test true tty whoami yes \
|
|
Daniel J Walsh |
129baa |
$(OPTIONAL_BIN_PROGS) $(DF_PROG)
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
@@ -32,13 +32,20 @@
|
|
Daniel J Walsh |
129baa |
# replacement functions defined in libfetish.a.
|
|
Daniel J Walsh |
129baa |
LDADD = ../lib/libfetish.a $(LIBINTL) ../lib/libfetish.a
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
-dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@
|
|
Daniel J Walsh |
129baa |
-ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@
|
|
Daniel J Walsh |
129baa |
+dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@ @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@ @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
shred_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
|
|
Daniel J Walsh |
129baa |
-vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@
|
|
Daniel J Walsh |
129baa |
-cp_LDADD = $(LDADD) @LIBACL@
|
|
Daniel J Walsh |
129baa |
-ginstall_LDADD = $(LDADD) @LIBACL@
|
|
Daniel J Walsh |
129baa |
-mv_LDADD = $(LDADD) @LIBACL@
|
|
Daniel J Walsh |
129baa |
+vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@ @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+cp_LDADD = $(LDADD) @LIBACL@ @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+ginstall_LDADD = $(LDADD) @LIBACL@ @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+mv_LDADD = $(LDADD) @LIBACL@ @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+chcon_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+id_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+mkdir_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+mknod_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+stat_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
+runcon_LDADD = $(LDADD) @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
## If necessary, add -lm to resolve use of pow in lib/strtod.c.
|
|
Daniel J Walsh |
129baa |
sort_LDADD = $(LDADD) $(POW_LIB)
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/copy.c.selinux 2004-12-29 12:24:03.382862721 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/copy.c 2004-12-29 12:24:03.439856303 -0500
|
|
Daniel J Walsh |
129baa |
@@ -42,6 +42,11 @@
|
|
Daniel J Walsh |
129baa |
#include "utimens.h"
|
|
Daniel J Walsh |
129baa |
#include "xreadlink.h"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Daniel J Walsh |
129baa |
+extern int selinux_enabled;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
#define DO_CHOWN(Chown, File, New_uid, New_gid) \
|
|
Daniel J Walsh |
129baa |
(Chown (File, New_uid, New_gid) \
|
|
Daniel J Walsh |
129baa |
/* If non-root uses -p, it's ok if we can't preserve ownership. \
|
|
Daniel J Walsh |
129baa |
@@ -1289,6 +1294,34 @@
|
|
Daniel J Walsh |
129baa |
In such cases, set this variable to zero. */
|
|
Daniel J Walsh |
129baa |
preserve_metadata = 1;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ security_context_t con;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ if (lgetfilecon (src_path, &con) >= 0)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ if (setfscreatecon(con) < 0)
|
|
Daniel J Walsh |
129baa |
+ {
|
|
Daniel J Walsh |
129baa |
+ error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
|
|
Daniel J Walsh |
129baa |
+ if (x->require_preserve) {
|
|
Daniel J Walsh |
129baa |
+ freecon(con);
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ freecon(con);
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ else {
|
|
Daniel J Walsh |
129baa |
+ if ( errno == ENOTSUP ) {
|
|
Daniel J Walsh |
129baa |
+ error (0, errno, _("warning: security context not preserved %s"), quote (src_path));
|
|
Daniel J Walsh |
129baa |
+ } else if ( errno != ENODATA ) {
|
|
Daniel J Walsh |
129baa |
+ error (0, errno, _("cannot lgetfilecon %s"), quote (src_path));
|
|
Daniel J Walsh |
129baa |
+ return 1;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
if (S_ISDIR (src_mode))
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
struct dir_list *dir;
|
|
Daniel J Walsh |
129baa |
@@ -1358,8 +1391,13 @@
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* Are we crossing a file system boundary? */
|
|
Daniel J Walsh |
129baa |
- if (x->one_file_system && device != 0 && device != src_sb.st_dev)
|
|
Daniel J Walsh |
129baa |
+ if (x->one_file_system && device != 0 && device != src_sb.st_dev) {
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Daniel J Walsh |
129baa |
+ setfscreatecon(NULL);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
return 0;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* Copy the contents of the directory. */
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
@@ -1492,6 +1530,11 @@
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Daniel J Walsh |
129baa |
+ setfscreatecon(NULL);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
/* There's no need to preserve timestamps or permissions. */
|
|
Daniel J Walsh |
129baa |
preserve_metadata = 0;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
@@ -1524,7 +1567,7 @@
|
|
Daniel J Walsh |
129baa |
if (command_line_arg)
|
|
Daniel J Walsh |
129baa |
record_file (x->dest_info, dst_path, NULL);
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
- if ( ! preserve_metadata)
|
|
Daniel J Walsh |
129baa |
+ if ( ! preserve_metadata)
|
|
Daniel J Walsh |
129baa |
return 0;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* POSIX says that `cp -p' must restore the following:
|
|
Daniel J Walsh |
129baa |
@@ -1630,6 +1673,11 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
un_backup:
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ if (x->preserve_security_context && selinux_enabled)
|
|
Daniel J Walsh |
129baa |
+ setfscreatecon(NULL);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
/* We have failed to create the destination file.
|
|
Daniel J Walsh |
129baa |
If we've just added a dev/ino entry via the remember_copied
|
|
Daniel J Walsh |
129baa |
call above (i.e., unless we've just failed to create a hard link),
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/src/mknod.c.selinux 2004-01-21 17:27:02.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/mknod.c 2004-12-29 12:24:03.440856191 -0500
|
|
Daniel J Walsh |
129baa |
@@ -36,8 +36,15 @@
|
|
Daniel J Walsh |
129baa |
/* The name this program was run with. */
|
|
Daniel J Walsh |
129baa |
char *program_name;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h>
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
static struct option const longopts[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{"mode", required_argument, NULL, 'm'},
|
|
Daniel J Walsh |
129baa |
{GETOPT_HELP_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
{GETOPT_VERSION_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
@@ -58,6 +65,11 @@
|
|
Daniel J Walsh |
129baa |
Create the special file NAME of the given TYPE.\n\
|
|
Daniel J Walsh |
129baa |
\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ fputs(_("\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context=CONTEXT set security context (quoted string)\n\
|
|
Daniel J Walsh |
129baa |
+"), stdout);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
fputs (_("\
|
|
Daniel J Walsh |
129baa |
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
@@ -103,7 +115,11 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
specified_mode = NULL;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+#else
|
|
Daniel J Walsh |
129baa |
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (optc)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -112,6 +128,20 @@
|
|
Daniel J Walsh |
129baa |
case 'm':
|
|
Daniel J Walsh |
129baa |
specified_mode = optarg;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Daniel J Walsh |
129baa |
+ if( !(is_selinux_enabled()>0)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Daniel J Walsh |
129baa |
+ "a selinux-enabled kernel.\n" );
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ if (setfscreatecon(optarg)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case_GETOPT_HELP_CHAR;
|
|
Daniel J Walsh |
129baa |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/src/cp.c.selinux 2004-12-29 12:24:02.852922400 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/cp.c 2004-12-29 12:24:03.443855853 -0500
|
|
Daniel J Walsh |
129baa |
@@ -49,6 +49,11 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
#define AUTHORS "Torbjorn Granlund", "David MacKenzie", "Jim Meyering"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Daniel J Walsh |
129baa |
+int selinux_enabled=0;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
#ifndef _POSIX_VERSION
|
|
Daniel J Walsh |
129baa |
uid_t geteuid ();
|
|
Daniel J Walsh |
129baa |
#endif
|
|
Daniel J Walsh |
129baa |
@@ -143,6 +148,9 @@
|
|
Daniel J Walsh |
129baa |
{"update", no_argument, NULL, 'u'},
|
|
Daniel J Walsh |
129baa |
{"verbose", no_argument, NULL, 'v'},
|
|
Daniel J Walsh |
129baa |
{"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{GETOPT_HELP_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
{GETOPT_VERSION_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
{NULL, 0, NULL, 0}
|
|
Daniel J Walsh |
129baa |
@@ -192,6 +200,9 @@
|
|
Daniel J Walsh |
129baa |
additional attributes: links, all\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
fputs (_("\
|
|
Daniel J Walsh |
129baa |
+ -c same as --preserve=context\n\
|
|
Daniel J Walsh |
129baa |
+"), stdout);
|
|
Daniel J Walsh |
129baa |
+ fputs (_("\
|
|
Daniel J Walsh |
129baa |
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\
|
|
Daniel J Walsh |
129baa |
--parents append source path to DIRECTORY\n\
|
|
Daniel J Walsh |
129baa |
-P same as `--no-dereference'\n\
|
|
Daniel J Walsh |
129baa |
@@ -219,6 +230,7 @@
|
|
Daniel J Walsh |
129baa |
destination file is missing\n\
|
|
Daniel J Walsh |
129baa |
-v, --verbose explain what is being done\n\
|
|
Daniel J Walsh |
129baa |
-x, --one-file-system stay on this file system\n\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
Daniel J Walsh |
129baa |
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
Daniel J Walsh |
129baa |
@@ -748,8 +760,8 @@
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
new_dest = (char *) dest;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
-
|
|
Daniel J Walsh |
129baa |
- return copy (source, new_dest, new_dst, x, &unused, NULL);
|
|
Daniel J Walsh |
129baa |
+ ret=copy (source, new_dest, new_dst, x, &unused, NULL);
|
|
Daniel J Walsh |
129baa |
+ return ret;
|
|
Daniel J Walsh |
129baa |
}
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* unreachable */
|
|
Daniel J Walsh |
129baa |
@@ -773,6 +785,10 @@
|
|
Daniel J Walsh |
129baa |
x->preserve_mode = 0;
|
|
Daniel J Walsh |
129baa |
x->preserve_timestamps = 0;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ x->preserve_security_context = 0;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
x->require_preserve = 0;
|
|
Daniel J Walsh |
129baa |
x->recursive = 0;
|
|
Daniel J Walsh |
129baa |
x->sparse_mode = SPARSE_AUTO;
|
|
Daniel J Walsh |
129baa |
@@ -800,19 +816,20 @@
|
|
Daniel J Walsh |
129baa |
PRESERVE_TIMESTAMPS,
|
|
Daniel J Walsh |
129baa |
PRESERVE_OWNERSHIP,
|
|
Daniel J Walsh |
129baa |
PRESERVE_LINK,
|
|
Daniel J Walsh |
129baa |
+ PRESERVE_CONTEXT,
|
|
Daniel J Walsh |
129baa |
PRESERVE_ALL
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
static enum File_attribute const preserve_vals[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
PRESERVE_MODE, PRESERVE_TIMESTAMPS,
|
|
Daniel J Walsh |
129baa |
- PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
|
|
Daniel J Walsh |
129baa |
+ PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
/* Valid arguments to the `--preserve' option. */
|
|
Daniel J Walsh |
129baa |
static char const* const preserve_args[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
"mode", "timestamps",
|
|
Daniel J Walsh |
129baa |
- "ownership", "links", "all", 0
|
|
Daniel J Walsh |
129baa |
+ "ownership", "links", "context", "all", 0
|
|
Daniel J Walsh |
129baa |
};
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
char *arg_writable = xstrdup (arg);
|
|
Daniel J Walsh |
129baa |
@@ -847,11 +864,16 @@
|
|
Daniel J Walsh |
129baa |
x->preserve_links = on_off;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+ case PRESERVE_CONTEXT:
|
|
Daniel J Walsh |
129baa |
+ x->preserve_security_context = on_off;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
case PRESERVE_ALL:
|
|
Daniel J Walsh |
129baa |
x->preserve_mode = on_off;
|
|
Daniel J Walsh |
129baa |
x->preserve_timestamps = on_off;
|
|
Daniel J Walsh |
129baa |
x->preserve_ownership = on_off;
|
|
Daniel J Walsh |
129baa |
x->preserve_links = on_off;
|
|
Daniel J Walsh |
129baa |
+ x->preserve_security_context = on_off;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
129baa |
@@ -875,6 +897,10 @@
|
|
Daniel J Walsh |
129baa |
struct cp_options x;
|
|
Daniel J Walsh |
129baa |
int copy_contents = 0;
|
|
Daniel J Walsh |
129baa |
char *target_directory = NULL;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ security_context_t scontext = NULL;
|
|
Daniel J Walsh |
129baa |
+ selinux_enabled= (is_selinux_enabled()>0);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
initialize_main (&argc, &argv);
|
|
Daniel J Walsh |
129baa |
program_name = argv[0];
|
|
Daniel J Walsh |
129baa |
@@ -890,7 +916,11 @@
|
|
Daniel J Walsh |
129baa |
we'll actually use backup_suffix_string. */
|
|
Daniel J Walsh |
129baa |
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:Z:", long_opts, NULL))
|
|
Daniel J Walsh |
129baa |
+#else
|
|
Daniel J Walsh |
129baa |
while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL))
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
!= -1)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (c)
|
|
Daniel J Walsh |
129baa |
@@ -981,6 +1011,36 @@
|
|
Daniel J Walsh |
129baa |
x.preserve_timestamps = 1;
|
|
Daniel J Walsh |
129baa |
x.require_preserve = 1;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'c':
|
|
Daniel J Walsh |
129baa |
+ if ( scontext != NULL ) {
|
|
Daniel J Walsh |
129baa |
+ (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ else if (selinux_enabled)
|
|
Daniel J Walsh |
129baa |
+ x.preserve_security_context = 1;
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
Daniel J Walsh |
129baa |
+ if( !selinux_enabled ) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Warning: ignoring --context (-Z). "
|
|
Daniel J Walsh |
129baa |
+ "It requires a SELinux enabled kernel.\n" );
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ if ( x.preserve_security_context ) {
|
|
Daniel J Walsh |
129baa |
+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ scontext = optarg;
|
|
Daniel J Walsh |
129baa |
+ /* if there's a security_context given set new path
|
|
Daniel J Walsh |
129baa |
+ components to that context, too */
|
|
Daniel J Walsh |
129baa |
+ if ( setfscreatecon(scontext) < 0 ) {
|
|
Daniel J Walsh |
129baa |
+ (void) fprintf(stderr, _("cannot set default security context %s"), scontext);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
case PARENTS_OPTION:
|
|
Daniel J Walsh |
129baa |
flag_path = 1;
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/src/mkfifo.c.selinux 2004-01-21 17:27:02.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/src/mkfifo.c 2004-12-29 12:24:03.444855740 -0500
|
|
Daniel J Walsh |
129baa |
@@ -32,11 +32,18 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
#define AUTHORS "David MacKenzie"
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
/* The name this program was run with. */
|
|
Daniel J Walsh |
129baa |
char *program_name;
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
static struct option const longopts[] =
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ {"context", required_argument, NULL, 'Z'},
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{"mode", required_argument, NULL, 'm'},
|
|
Daniel J Walsh |
129baa |
{GETOPT_HELP_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
{GETOPT_VERSION_OPTION_DECL},
|
|
Daniel J Walsh |
129baa |
@@ -57,6 +64,11 @@
|
|
Daniel J Walsh |
129baa |
Create named pipes (FIFOs) with the given NAMEs.\n\
|
|
Daniel J Walsh |
129baa |
\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ printf (_("\
|
|
Daniel J Walsh |
129baa |
+ -Z, --context=CONTEXT set security context (quoted string)\n\
|
|
Daniel J Walsh |
129baa |
+"), stdout);
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
fputs (_("\
|
|
Daniel J Walsh |
129baa |
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
Daniel J Walsh |
129baa |
"), stdout);
|
|
Daniel J Walsh |
129baa |
@@ -93,7 +105,11 @@
|
|
Daniel J Walsh |
129baa |
#ifndef S_ISFIFO
|
|
Daniel J Walsh |
129baa |
error (EXIT_FAILURE, 0, _("fifo files not supported"));
|
|
Daniel J Walsh |
129baa |
#else
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+#else
|
|
Daniel J Walsh |
129baa |
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
switch (optc)
|
|
Daniel J Walsh |
129baa |
{
|
|
Daniel J Walsh |
129baa |
@@ -102,6 +118,19 @@
|
|
Daniel J Walsh |
129baa |
case 'm':
|
|
Daniel J Walsh |
129baa |
specified_mode = optarg;
|
|
Daniel J Walsh |
129baa |
break;
|
|
Daniel J Walsh |
129baa |
+#ifdef WITH_SELINUX
|
|
Daniel J Walsh |
129baa |
+ case 'Z':
|
|
Daniel J Walsh |
129baa |
+ if( !(is_selinux_enabled()>0)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
Daniel J Walsh |
129baa |
+ "a selinux-enabled kernel.\n" );
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ if (setfscreatecon(optarg)) {
|
|
Daniel J Walsh |
129baa |
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
Daniel J Walsh |
129baa |
+ exit( 1 );
|
|
Daniel J Walsh |
129baa |
+ }
|
|
Daniel J Walsh |
129baa |
+ break;
|
|
Daniel J Walsh |
129baa |
+#endif
|
|
Daniel J Walsh |
129baa |
case_GETOPT_HELP_CHAR;
|
|
Daniel J Walsh |
129baa |
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
Daniel J Walsh |
129baa |
default:
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/configure.ac.selinux 2004-12-29 12:24:02.947911703 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/configure.ac 2004-12-29 12:24:03.446855515 -0500
|
|
Daniel J Walsh |
129baa |
@@ -14,6 +14,13 @@
|
|
Daniel J Walsh |
129baa |
LIB_PAM="-ldl -lpam -lpam_misc"
|
|
Daniel J Walsh |
129baa |
AC_SUBST(LIB_PAM)])
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
+dnl Give the chance to enable SELINUX
|
|
Daniel J Walsh |
129baa |
+AC_ARG_ENABLE(selinux, dnl
|
|
Daniel J Walsh |
129baa |
+[ --enable-selinux Enable use of the SELINUX libraries],
|
|
Daniel J Walsh |
129baa |
+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
|
|
Daniel J Walsh |
129baa |
+LIB_SELINUX="-lselinux"
|
|
Daniel J Walsh |
129baa |
+AC_SUBST(LIB_SELINUX)])
|
|
Daniel J Walsh |
129baa |
+
|
|
Daniel J Walsh |
129baa |
gl_DEFAULT_POSIX2_VERSION
|
|
Daniel J Walsh |
129baa |
gl_USE_SYSTEM_EXTENSIONS
|
|
Daniel J Walsh |
129baa |
jm_PERL
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/mkfifo.1.selinux 2004-03-02 17:52:28.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/mkfifo.1 2004-12-29 12:24:03.446855515 -0500
|
|
Daniel J Walsh |
129baa |
@@ -12,6 +12,9 @@
|
|
Daniel J Walsh |
129baa |
.PP
|
|
Daniel J Walsh |
129baa |
Mandatory arguments to long options are mandatory for short options too.
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
Daniel J Walsh |
129baa |
+set security context (quoted string)
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
Daniel J Walsh |
129baa |
set permission mode (as in chmod), not a=rw - umask
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/ls.1.selinux 2004-03-02 17:52:28.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/ls.1 2004-12-29 12:24:03.448855290 -0500
|
|
Daniel J Walsh |
129baa |
@@ -195,6 +195,20 @@
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
\fB\-1\fR
|
|
Daniel J Walsh |
129baa |
list one file per line
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+SELinux options:
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-\-lcontext\fR
|
|
Daniel J Walsh |
129baa |
+Display security context. Enable \fB\-l\fR. Lines
|
|
Daniel J Walsh |
129baa |
+will probably be too wide for most displays.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-Z\fR, \fB\-\-context\fR
|
|
Daniel J Walsh |
129baa |
+Display security context so it fits on most
|
|
Daniel J Walsh |
129baa |
+displays. Displays only mode, user, group,
|
|
Daniel J Walsh |
129baa |
+security context and file name.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-\-scontext\fR
|
|
Daniel J Walsh |
129baa |
+Display only security context and file name.
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
\fB\-\-help\fR
|
|
Daniel J Walsh |
129baa |
display this help and exit
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/dir.1.selinux 2004-03-02 17:51:06.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/dir.1 2004-12-29 12:24:03.452854839 -0500
|
|
Daniel J Walsh |
129baa |
@@ -195,6 +195,20 @@
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
\fB\-1\fR
|
|
Daniel J Walsh |
129baa |
list one file per line
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+SELINUX options:
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-\-lcontext\fR
|
|
Daniel J Walsh |
129baa |
+Display security context. Enable \fB\-l\fR. Lines
|
|
Daniel J Walsh |
129baa |
+will probably be too wide for most displays.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-\-context\fR
|
|
Daniel J Walsh |
129baa |
+Display security context so it fits on most
|
|
Daniel J Walsh |
129baa |
+displays. Displays only mode, user, group,
|
|
Daniel J Walsh |
129baa |
+security context and file name.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-\-scontext\fR
|
|
Daniel J Walsh |
129baa |
+Display only security context and file name.
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
\fB\-\-help\fR
|
|
Daniel J Walsh |
129baa |
display this help and exit
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/mkdir.1.selinux 2004-03-02 17:52:28.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/mkdir.1 2004-12-29 12:24:03.453854727 -0500
|
|
Daniel J Walsh |
129baa |
@@ -12,6 +12,8 @@
|
|
Daniel J Walsh |
129baa |
.PP
|
|
Daniel J Walsh |
129baa |
Mandatory arguments to long options are mandatory for short options too.
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
Daniel J Walsh |
129baa |
set permission mode (as in chmod), not rwxrwxrwx - umask
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
fee87d |
--- /dev/null 2004-12-29 02:13:24.827638832 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/runcon.1 2004-12-29 12:24:03.454854614 -0500
|
|
Daniel J Walsh |
129baa |
@@ -0,0 +1,39 @@
|
|
Daniel J Walsh |
129baa |
+.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux"
|
|
Daniel J Walsh |
129baa |
+.SH NAME
|
|
Daniel J Walsh |
129baa |
+runcon \- run command with specified security context
|
|
Daniel J Walsh |
129baa |
+.SH SYNOPSIS
|
|
Daniel J Walsh |
129baa |
+.B runcon
|
|
Daniel J Walsh |
129baa |
+[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+or
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+.B runcon
|
|
Daniel J Walsh |
129baa |
+\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+.br
|
|
Daniel J Walsh |
129baa |
+.SH DESCRIPTION
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+.\" Add any additional description here
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+Run COMMAND with current security context modified by one or more of LEVEL,
|
|
Daniel J Walsh |
129baa |
+ROLE, TYPE, and USER, or with completely-specified CONTEXT.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-t\fR
|
|
Daniel J Walsh |
129baa |
+change current type to the specified type
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-l\fR
|
|
Daniel J Walsh |
129baa |
+change current level range to the specified range
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-r\fR
|
|
Daniel J Walsh |
129baa |
+change current role to the specified role
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-u\fR
|
|
Daniel J Walsh |
129baa |
+change current user to the specified user
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
|
|
Daniel J Walsh |
129baa |
+the first argument is used as the complete context. Any additional
|
|
Daniel J Walsh |
129baa |
+arguments after \fICOMMAND\fR are interpreted as arguments to the
|
|
Daniel J Walsh |
129baa |
+command.
|
|
Daniel J Walsh |
129baa |
+.PP
|
|
Daniel J Walsh |
129baa |
+Note that only carefully-chosen contexts are likely to successfully
|
|
Daniel J Walsh |
129baa |
+run.
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/Makefile.in.selinux 2004-03-11 03:58:00.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/Makefile.in 2004-12-29 12:24:03.456854389 -0500
|
|
Daniel J Walsh |
129baa |
@@ -185,6 +185,7 @@
|
|
Daniel J Walsh |
129baa |
INTLLIBS = @INTLLIBS@
|
|
Daniel J Walsh |
129baa |
KMEM_GROUP = @KMEM_GROUP@
|
|
Daniel J Walsh |
129baa |
LDFLAGS = @LDFLAGS@
|
|
Daniel J Walsh |
129baa |
+LIBACL = @LIBACL@
|
|
Daniel J Walsh |
129baa |
LIBICONV = @LIBICONV@
|
|
Daniel J Walsh |
129baa |
LIBINTL = @LIBINTL@
|
|
Daniel J Walsh |
129baa |
LIBOBJS = @LIBOBJS@
|
|
Daniel J Walsh |
129baa |
@@ -192,6 +193,8 @@
|
|
Daniel J Walsh |
129baa |
LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@
|
|
Daniel J Walsh |
129baa |
LIB_CRYPT = @LIB_CRYPT@
|
|
Daniel J Walsh |
129baa |
LIB_NANOSLEEP = @LIB_NANOSLEEP@
|
|
Daniel J Walsh |
129baa |
+LIB_PAM = @LIB_PAM@
|
|
Daniel J Walsh |
129baa |
+LIB_SELINUX = @LIB_SELINUX@
|
|
Daniel J Walsh |
129baa |
LN_S = @LN_S@
|
|
Daniel J Walsh |
129baa |
LTLIBICONV = @LTLIBICONV@
|
|
Daniel J Walsh |
129baa |
LTLIBINTL = @LTLIBINTL@
|
|
Daniel J Walsh |
129baa |
@@ -273,7 +276,7 @@
|
|
Daniel J Walsh |
129baa |
rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
|
|
Daniel J Walsh |
129baa |
su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
|
|
Daniel J Walsh |
129baa |
tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
|
|
Daniel J Walsh |
129baa |
- who.1 whoami.1 yes.1
|
|
Daniel J Walsh |
129baa |
+ who.1 whoami.1 yes.1 chcon.1 runcon.1
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
man_aux = $(dist_man_MANS:.1=.x)
|
|
Daniel J Walsh |
129baa |
EXTRA_DIST = $(man_aux) help2man
|
|
Daniel J Walsh |
129baa |
@@ -595,6 +598,8 @@
|
|
Daniel J Walsh |
129baa |
who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
|
|
Daniel J Walsh |
129baa |
whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
|
|
Daniel J Walsh |
129baa |
yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
|
|
Daniel J Walsh |
129baa |
+chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
|
|
Daniel J Walsh |
129baa |
+runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
# Note the use of $t/$*, rather than just `$*' as in other packages.
|
|
Daniel J Walsh |
129baa |
# That is necessary to avoid failures for programs that are also shell built-in
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/man/install.1.selinux 2004-12-29 12:24:02.671942781 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/install.1 2004-12-29 12:24:03.458854164 -0500
|
|
Daniel J Walsh |
129baa |
@@ -60,6 +60,11 @@
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
\fB\-v\fR, \fB\-\-verbose\fR
|
|
Daniel J Walsh |
129baa |
print the name of each directory as it is created
|
|
Daniel J Walsh |
129baa |
+.HP
|
|
Daniel J Walsh |
129baa |
+\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
Daniel J Walsh |
129baa |
+(SELinux) Set security context of files and directories
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
\fB\-\-help\fR
|
|
Daniel J Walsh |
129baa |
display this help and exit
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/stat.1.selinux 2004-03-02 17:52:31.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/stat.1 2004-12-29 12:24:03.459854051 -0500
|
|
Daniel J Walsh |
129baa |
@@ -22,6 +22,9 @@
|
|
Daniel J Walsh |
129baa |
\fB\-t\fR, \fB\-\-terse\fR
|
|
Daniel J Walsh |
129baa |
print the information in terse form
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-Z\fR, \fB\-\-context\fR
|
|
Daniel J Walsh |
129baa |
+print security context information for SELinux if available.
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
\fB\-\-help\fR
|
|
Daniel J Walsh |
129baa |
display this help and exit
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
@@ -42,6 +45,9 @@
|
|
Daniel J Walsh |
129baa |
%b
|
|
Daniel J Walsh |
129baa |
Number of blocks allocated (see %B)
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
+%C
|
|
Daniel J Walsh |
129baa |
+SELinux security context
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
%D
|
|
Daniel J Walsh |
129baa |
Device number in hex
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
fee87d |
--- /dev/null 2004-12-29 02:13:24.827638832 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/chcon.1 2004-12-29 12:24:03.461853826 -0500
|
|
cvsdist |
4d15f3 |
@@ -0,0 +1,64 @@
|
|
cvsdist |
4d15f3 |
+.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
|
|
cvsdist |
4d15f3 |
+.SH NAME
|
|
cvsdist |
4d15f3 |
+chcon \- change security context
|
|
cvsdist |
4d15f3 |
+.SH SYNOPSIS
|
|
cvsdist |
4d15f3 |
+.B chcon
|
|
cvsdist |
4d15f3 |
+[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
|
|
cvsdist |
4d15f3 |
+.br
|
|
cvsdist |
4d15f3 |
+.B chcon
|
|
cvsdist |
4d15f3 |
+[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
|
|
cvsdist |
4d15f3 |
+.SH DESCRIPTION
|
|
cvsdist |
4d15f3 |
+.PP
|
|
cvsdist |
4d15f3 |
+." Add any additional description here
|
|
cvsdist |
4d15f3 |
+.PP
|
|
cvsdist |
4d15f3 |
+Change the security context of each FILE to CONTEXT.
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-c\fR, \fB\-\-changes\fR
|
|
cvsdist |
4d15f3 |
+like verbose but report only when a change is made
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-h\fR, \fB\-\-no\-dereference\fR
|
|
cvsdist |
4d15f3 |
+affect symbolic links instead of any referenced file (available only on systems with lchown system call)
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
|
|
cvsdist |
4d15f3 |
+suppress most error messages
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-l\fR, \fB\-\-range\fR
|
|
cvsdist |
4d15f3 |
+set range RANGE in the target security context
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-\-reference\fR=\fIRFILE\fR
|
|
cvsdist |
4d15f3 |
+use RFILE's context instead of using a CONTEXT value
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-R\fR, \fB\-\-recursive\fR
|
|
cvsdist |
4d15f3 |
+change files and directories recursively
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-r\fR, \fB\-\-role\fR
|
|
cvsdist |
4d15f3 |
+set role ROLE in the target security context
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-t\fR, \fB\-\-type\fR
|
|
cvsdist |
4d15f3 |
+set type TYPE in the target security context
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-u\fR, \fB\-\-user\fR
|
|
cvsdist |
4d15f3 |
+set user USER in the target security context
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-v\fR, \fB\-\-verbose\fR
|
|
cvsdist |
4d15f3 |
+output a diagnostic for every file processed
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-\-help\fR
|
|
cvsdist |
4d15f3 |
+display this help and exit
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-\-version\fR
|
|
cvsdist |
4d15f3 |
+output version information and exit
|
|
cvsdist |
4d15f3 |
+.SH "REPORTING BUGS"
|
|
cvsdist |
4d15f3 |
+Report bugs to <email@host.com>.
|
|
cvsdist |
4d15f3 |
+.SH "SEE ALSO"
|
|
cvsdist |
4d15f3 |
+The full documentation for
|
|
cvsdist |
4d15f3 |
+.B chcon
|
|
cvsdist |
4d15f3 |
+is maintained as a Texinfo manual. If the
|
|
cvsdist |
4d15f3 |
+.B info
|
|
cvsdist |
4d15f3 |
+and
|
|
cvsdist |
4d15f3 |
+.B chcon
|
|
cvsdist |
4d15f3 |
+programs are properly installed at your site, the command
|
|
cvsdist |
4d15f3 |
+.IP
|
|
cvsdist |
4d15f3 |
+.B info chcon
|
|
cvsdist |
4d15f3 |
+.PP
|
|
cvsdist |
4d15f3 |
+should give you access to the complete manual.
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/mknod.1.selinux 2004-03-02 17:52:28.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/mknod.1 2004-12-29 12:24:03.463853601 -0500
|
|
cvsdist |
4d15f3 |
@@ -12,6 +12,9 @@
|
|
cvsdist |
4d15f3 |
.PP
|
|
cvsdist |
4d15f3 |
Mandatory arguments to long options are mandatory for short options too.
|
|
cvsdist |
4d15f3 |
.TP
|
|
cvsdist |
4d15f3 |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
cvsdist |
4d15f3 |
+set security context (quoted string)
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
cvsdist |
4d15f3 |
set permission mode (as in chmod), not a=rw - umask
|
|
cvsdist |
4d15f3 |
.TP
|
|
Daniel J Walsh |
fee87d |
--- /dev/null 2004-12-29 02:13:24.827638832 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/chcon.x 2004-12-29 12:24:03.464853488 -0500
|
|
cvsdist |
4d15f3 |
@@ -0,0 +1,4 @@
|
|
cvsdist |
4d15f3 |
+[NAME]
|
|
cvsdist |
4d15f3 |
+chcon \- change file security context
|
|
cvsdist |
4d15f3 |
+[DESCRIPTION]
|
|
cvsdist |
4d15f3 |
+.\" Add any additional description here
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/man/Makefile.am.selinux 2004-12-29 12:24:03.258876684 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/Makefile.am 2004-12-29 12:24:03.466853263 -0500
|
|
cvsdist |
4d15f3 |
@@ -10,7 +10,7 @@
|
|
Daniel J Walsh |
129baa |
rm.1 rmdir.1 runuser.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
|
|
cvsdist |
4d15f3 |
su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
|
|
cvsdist |
4d15f3 |
tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
|
|
cvsdist |
4d15f3 |
- who.1 whoami.1 yes.1
|
|
cvsdist |
4d15f3 |
+ who.1 whoami.1 yes.1 chcon.1 runcon.1
|
|
cvsdist |
4d15f3 |
|
|
cvsdist |
4d15f3 |
man_aux = $(dist_man_MANS:.1=.x)
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
@@ -113,6 +113,8 @@
|
|
cvsdist |
4d15f3 |
who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
|
|
cvsdist |
4d15f3 |
whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
|
|
cvsdist |
4d15f3 |
yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
|
|
cvsdist |
4d15f3 |
+chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
|
|
cvsdist |
4d15f3 |
+runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
|
|
cvsdist |
4d15f3 |
|
|
cvsdist |
4d15f3 |
SUFFIXES = .x .1
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
fee87d |
--- /dev/null 2004-12-29 02:13:24.827638832 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/runcon.x 2004-12-29 12:24:03.467853150 -0500
|
|
Daniel J Walsh |
129baa |
@@ -0,0 +1,2 @@
|
|
Daniel J Walsh |
129baa |
+[DESCRIPTION]
|
|
Daniel J Walsh |
129baa |
+.\" Add any additional description here
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/id.1.selinux 2004-03-02 17:52:27.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/id.1 2004-12-29 12:24:03.469852925 -0500
|
|
Daniel J Walsh |
129baa |
@@ -13,6 +13,9 @@
|
|
Daniel J Walsh |
129baa |
\fB\-a\fR
|
|
Daniel J Walsh |
129baa |
ignore, for compatibility with other versions
|
|
Daniel J Walsh |
129baa |
.TP
|
|
Daniel J Walsh |
129baa |
+\fB\-Z\fR, \fB\-\-context\fR
|
|
Daniel J Walsh |
129baa |
+print only the security context
|
|
Daniel J Walsh |
129baa |
+.TP
|
|
Daniel J Walsh |
129baa |
\fB\-g\fR, \fB\-\-group\fR
|
|
Daniel J Walsh |
129baa |
print only the effective group ID
|
|
Daniel J Walsh |
129baa |
.TP
|
|
cvsdist |
4d15f3 |
--- coreutils-5.2.1/man/cp.1.selinux 2004-03-02 17:51:05.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/cp.1 2004-12-29 12:24:03.470852813 -0500
|
|
cvsdist |
4d15f3 |
@@ -57,7 +57,7 @@
|
|
cvsdist |
4d15f3 |
.TP
|
|
cvsdist |
4d15f3 |
\fB\-\-preserve\fR[=\fIATTR_LIST\fR]
|
|
cvsdist |
4d15f3 |
preserve the specified attributes (default:
|
|
cvsdist |
4d15f3 |
-mode,ownership,timestamps), if possible
|
|
cvsdist |
4d15f3 |
+mode,ownership,timestamps) and security contexts, if possible
|
|
cvsdist |
4d15f3 |
additional attributes: links, all
|
|
cvsdist |
4d15f3 |
.TP
|
|
cvsdist |
4d15f3 |
\fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
|
|
cvsdist |
4d15f3 |
@@ -109,6 +109,9 @@
|
|
cvsdist |
4d15f3 |
\fB\-\-help\fR
|
|
cvsdist |
4d15f3 |
display this help and exit
|
|
cvsdist |
4d15f3 |
.TP
|
|
cvsdist |
4d15f3 |
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
cvsdist |
4d15f3 |
+set security context of copy to CONTEXT
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
\fB\-\-version\fR
|
|
cvsdist |
4d15f3 |
output version information and exit
|
|
cvsdist |
4d15f3 |
.PP
|
|
Daniel J Walsh |
129baa |
--- coreutils-5.2.1/man/vdir.1.selinux 2004-03-02 17:52:33.000000000 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/man/vdir.1 2004-12-29 12:24:03.471852700 -0500
|
|
cvsdist |
4d15f3 |
@@ -195,6 +195,20 @@
|
|
cvsdist |
4d15f3 |
.TP
|
|
cvsdist |
4d15f3 |
\fB\-1\fR
|
|
cvsdist |
4d15f3 |
list one file per line
|
|
cvsdist |
4d15f3 |
+.PP
|
|
cvsdist |
4d15f3 |
+SELINUX options:
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-\-lcontext\fR
|
|
cvsdist |
4d15f3 |
+Display security context. Enable \fB\-l\fR. Lines
|
|
cvsdist |
4d15f3 |
+will probably be too wide for most displays.
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-\-context\fR
|
|
cvsdist |
4d15f3 |
+Display security context so it fits on most
|
|
cvsdist |
4d15f3 |
+displays. Displays only mode, user, group,
|
|
cvsdist |
4d15f3 |
+security context and file name.
|
|
cvsdist |
4d15f3 |
+.TP
|
|
cvsdist |
4d15f3 |
+\fB\-\-scontext\fR
|
|
cvsdist |
4d15f3 |
+Display only security context and file name.
|
|
cvsdist |
4d15f3 |
.TP
|
|
cvsdist |
4d15f3 |
\fB\-\-help\fR
|
|
cvsdist |
4d15f3 |
display this help and exit
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/tests/help-version.selinux 2004-12-29 12:24:03.261876346 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/tests/help-version 2004-12-29 12:24:03.473852475 -0500
|
|
Daniel J Walsh |
129baa |
@@ -42,6 +42,8 @@
|
|
cvsdist |
9a3c57 |
|
|
Daniel J Walsh |
129baa |
# Skip `test'; it doesn't accept --help or --version.
|
|
Daniel J Walsh |
129baa |
test $i = test && continue;
|
|
Daniel J Walsh |
129baa |
+ test $i = chcon && continue;
|
|
Daniel J Walsh |
129baa |
+ test $i = runcon && continue;
|
|
cvsdist |
4d15f3 |
|
|
Daniel J Walsh |
129baa |
# false fails even when invoked with --help or --version.
|
|
Daniel J Walsh |
129baa |
if test $i = false; then
|
|
Daniel J Walsh |
129baa |
@@ -155,7 +157,7 @@
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
for i in $all_programs; do
|
|
Daniel J Walsh |
129baa |
# Skip these.
|
|
Daniel J Walsh |
129baa |
- case $i in chroot|stty|tty|false) continue;; esac
|
|
Daniel J Walsh |
129baa |
+ case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
|
|
Daniel J Walsh |
129baa |
|
|
Daniel J Walsh |
129baa |
rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out
|
|
Daniel J Walsh |
129baa |
echo > $tmp_in
|
|
Daniel J Walsh |
fee87d |
--- coreutils-5.2.1/config.hin.selinux 2004-12-29 12:24:02.949911478 -0500
|
|
Daniel J Walsh |
fee87d |
+++ coreutils-5.2.1/config.hin 2004-12-29 12:24:03.475852250 -0500
|
|
cvsdist |
4d15f3 |
@@ -1374,6 +1374,9 @@
|
|
cvsdist |
4d15f3 |
/* Define if sys/ptem.h is required for struct winsize. */
|
|
cvsdist |
4d15f3 |
#undef WINSIZE_IN_PTEM
|
|
cvsdist |
4d15f3 |
|
|
cvsdist |
4d15f3 |
+/* Define if you want to use SELINUX */
|
|
cvsdist |
4d15f3 |
+#undef WITH_SELINUX
|
|
cvsdist |
5adf0d |
+
|
|
cvsdist |
4d15f3 |
/* Define to 1 if your processor stores words with the most significant byte
|
|
cvsdist |
4d15f3 |
first (like Motorola and SPARC, unlike Intel and VAX). */
|
|
cvsdist |
4d15f3 |
#undef WORDS_BIGENDIAN
|