coreutils-selinux.patch: undocument downstream SELinux options

They have been deprecated since 2009.
2023-01-02 13:24:04 +01:00 · 2023-01-02 13:24:04 +01:00 · 9d850274b1
commit 9d850274b1
parent ad57d2b8e8
2 changed files with 35 additions and 82 deletions
--- a/coreutils-selinux.patch
+++ b/coreutils-selinux.patch
@ -4,65 +4,15 @@ Date: Mon, 4 Oct 2021 08:45:53 +0200
 Subject: [PATCH] coreutils-selinux.patch

 ---
- doc/coreutils.texi |  5 +++++
- man/chcon.x        |  2 +-
- man/runcon.x       |  2 +-
- src/cp.c           | 16 +++++++++++++++-
- src/install.c      | 10 ++++++++--
- 5 files changed, 30 insertions(+), 5 deletions(-)
+ src/cp.c      | 19 ++++++++++++++++++-
+ src/install.c | 12 +++++++++++-
+ 2 files changed, 29 insertions(+), 2 deletions(-)

-diff --git a/doc/coreutils.texi b/doc/coreutils.texi
-index 6810c15..19b535c 100644
--- a/doc/coreutils.texi
-+++ b/doc/coreutils.texi
-@@ -8766,6 +8766,11 @@ done
- exit $fail
- @end example
- 
-+@item -c
-+@cindex SELinux security context information, preserving
-+Preserve SELinux security context of the original files if possible.
-+Some file systems don't support storing of SELinux security context.
-+
- @item --copy-contents
- @cindex directories, copying recursively
- @cindex copying directories recursively
-diff --git a/man/chcon.x b/man/chcon.x
-index 8c1ff6f..c84fb96 100644
--- a/man/chcon.x
-+++ b/man/chcon.x
-@@ -1,4 +1,4 @@
- [NAME]
-chcon \- change file security context
-+chcon \- change file SELinux security context
- [DESCRIPTION]
- .\" Add any additional description here
-diff --git a/man/runcon.x b/man/runcon.x
-index d2df13e..5c5f5d8 100644
--- a/man/runcon.x
-+++ b/man/runcon.x
-@@ -1,5 +1,5 @@
- [NAME]
-runcon \- run command with specified security context
-+runcon \- run command with specified SELinux security context
- [DESCRIPTION]
- Run COMMAND with completely-specified CONTEXT, or with current or
- transitioned security context modified by one or more of LEVEL,
 diff --git a/src/cp.c b/src/cp.c
 index c97a675..89fb8ec 100644
 --- a/src/cp.c
 +++ b/src/cp.c
-@@ -191,6 +191,9 @@ Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.\n\
-                                  additional attributes: context, links, xattr,\
- \n\
-                                  all\n\
-+"), stdout);
-+      fputs (_("\
-+  -c                           deprecated, same as --preserve=context\n\
- "), stdout);
-       fputs (_("\
-       --no-preserve=ATTR_LIST  don't preserve the specified attributes\n\
-@@ -954,7 +957,7 @@ main (int argc, char **argv)
+@@ -952,7 +952,7 @@ main (int argc, char **argv)
   selinux_enabled = (0 < is_selinux_enabled ());
   cp_option_init (&x);
 
@ -71,21 +21,27 @@ index c97a675..89fb8ec 100644
                            long_opts, NULL))
          != -1)
     {
-@@ -1002,6 +1005,17 @@ main (int argc, char **argv)
+@@ -1000,6 +1000,23 @@ main (int argc, char **argv)
           copy_contents = true;
           break;
 
 +        case 'c':
-+          fprintf (stderr, "%s: warning: option '-c' is deprecated, please use '--preserve=context' instead\n", argv[0]);
-+          if ( x.set_security_context ) {
-+              (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
-+             exit( 1 );
-+           }
-+           else if (selinux_enabled) {
+          fprintf (stderr, "%s: warning: option '-c' is deprecated,"
+                  " please use '--preserve=context' instead\n", argv[0]);
+          if (x.set_security_context)
+            {
+              fprintf (stderr,
+                      "%s: cannot force target context and preserve it\n",
+                      argv[0]);
+              exit (1);
+            }
+          else if (selinux_enabled)
+            {
 +              x.preserve_security_context = true;
 +              x.require_preserve_context = true;
-+           }
+            }
 +          break;
+
         case 'd':
           x.preserve_links = true;
           x.dereference = DEREF_NEVER;
@ -93,16 +49,7 @@ diff --git a/src/install.c b/src/install.c
 index c9456fe..2b1bee9 100644
 --- a/src/install.c
 +++ b/src/install.c
-@@ -638,7 +638,7 @@ In the 4th form, create all components of the given DIRECTORY(ies).\n\
-   -v, --verbose       print the name of each directory as it is created\n\
- "), stdout);
-       fputs (_("\
-      --preserve-context  preserve SELinux security context\n\
-+  -P, --preserve-context  preserve SELinux security context (-P deprecated)\n\
-   -Z                      set SELinux security context of destination\n\
-                             file and each created directory to default type\n\
-       --context[=CTX]     like -Z, or if CTX is specified then set the\n\
-@@ -790,7 +790,7 @@ main (int argc, char **argv)
+@@ -794,7 +794,7 @@ main (int argc, char **argv)
   dir_arg = false;
   umask (0);
 
@ -111,23 +58,27 @@ index c9456fe..2b1bee9 100644
                               NULL)) != -1)
     {
       switch (optc)
-@@ -851,6 +851,8 @@ main (int argc, char **argv)
+@@ -855,6 +855,9 @@ main (int argc, char **argv)
           no_target_directory = true;
           break;
 
 +        case 'P':
-+          fprintf (stderr, "%s: warning: option '-P' is deprecated, please use '--preserve-context' instead\n", argv[0]);
+          fprintf (stderr, "%s: warning: option '-P' is deprecated,"
+                  " please use '--preserve-context' instead\n", argv[0]);
         case PRESERVE_CONTEXT_OPTION:
           if (! selinux_enabled)
             {
-@@ -858,6 +860,10 @@ main (int argc, char **argv)
+@@ -862,6 +865,13 @@ main (int argc, char **argv)
                              "this kernel is not SELinux-enabled"));
               break;
             }
-+          if ( x.set_security_context ) {
-+             (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
-+             exit( 1 );
-+          }
+          if (x.set_security_context)
+            {
+              fprintf (stderr,
+                      "%s: cannot force target context and preserve it\n",
+                      argv[0]);
+              exit (1);
+            }
           x.preserve_security_context = true;
           use_default_selinux_context = false;
           break;
--- a/coreutils.spec
+++ b/coreutils.spec
@ -1,7 +1,7 @@
 Summary: A set of basic GNU tools commonly used in shell scripts
 Name:    coreutils
 Version: 9.1
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv3+
 Url:     https://www.gnu.org/software/coreutils/
 Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
@ -44,8 +44,7 @@ Patch800: coreutils-i18n.patch
 # getgrouplist() patch from Ulrich Drepper.
 Patch908: coreutils-getgrouplist.patch

-# SELINUX Patch - implements Redhat changes
-# (upstream did some SELinux implementation unlike with RedHat patch)
+# downstream SELinux options deprecated since 2009
 Patch950: coreutils-selinux.patch

 Conflicts: filesystem < 3
@ -265,6 +264,9 @@ rm -f $RPM_BUILD_ROOT%{_infodir}/dir
 %license COPYING

 %changelog
+* Mon Jan 02 2023 Kamil Dudka <kdudka@redhat.com> - 9.1-10
+- undocument downstream SELinux options deprecated since 2009
+
 * Mon Jan 02 2023 Kamil Dudka <kdudka@redhat.com> - 9.1-9
 - basic support for checking NFSv4 ACLs (#2137866)