rpms/coreutils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Fix SELinux patch to better handle MLS integration

Browse Source
This commit is contained in:
Daniel J Walsh 2005-05-16 18:31:25 +00:00
parent 9513ddc594
commit a9153b8deb
2 changed files with 144 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
coreutils-selinux.patch
View File

@ -1,3 +1,4 @@
unchanged:
--- coreutils-5.2.1/README.selinux 2004-12-29 12:24:03.260876459 -0500 --- coreutils-5.2.1/README.selinux 2004-12-29 12:24:03.260876459 -0500
+++ coreutils-5.2.1/README 2004-12-29 12:24:03.417858780 -0500 +++ coreutils-5.2.1/README 2004-12-29 12:24:03.417858780 -0500
@@ -7,11 +7,11 @@ @@ -7,11 +7,11 @@
@ -14,6 +15,7 @@
split stat stty su sum sync tac tail tee test touch tr true tsort tty split stat stty su sum sync tac tail tee test touch tr true tsort tty
uname unexpand uniq unlink uptime users vdir wc who whoami yes uname unexpand uniq unlink uptime users vdir wc who whoami yes
unchanged:
--- coreutils-5.2.1/src/stat.c.selinux 2004-02-05 08:46:12.000000000 -0500 --- coreutils-5.2.1/src/stat.c.selinux 2004-02-05 08:46:12.000000000 -0500
+++ coreutils-5.2.1/src/stat.c 2004-12-29 12:24:03.419858555 -0500 +++ coreutils-5.2.1/src/stat.c 2004-12-29 12:24:03.419858555 -0500
@@ -42,6 +42,13 @@ @@ -42,6 +42,13 @@
@ -308,12 +310,13 @@
} }
exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS); exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS);
--- /dev/null 2004-12-29 02:13:24.827638832 -0500 diff -u coreutils-5.2.1/src/runcon.c coreutils-5.2.1/src/runcon.c
+++ coreutils-5.2.1/src/runcon.c 2004-12-29 12:24:03.421858330 -0500 --- coreutils-5.2.1/src/runcon.c 2004-12-29 12:24:03.421858330 -0500
@@ -0,0 +1,201 @@ +++ coreutils-5.2.1/src/runcon.c 2005-05-16 14:19:19.000000000 -0400
@@ -0,0 +1,253 @@
+/* +/*
+ * runcon [ context | + * runcon [ context |
+ * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] ) + * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
+ * command [arg1 [arg2 ...] ] + * command [arg1 [arg2 ...] ]
+ * + *
+ * attempt to run the specified command with the specified context. + * attempt to run the specified command with the specified context.
@ -322,6 +325,7 @@
+ * -t type : use the current context with the specified type + * -t type : use the current context with the specified type
+ * -u user : use the current context with the specified user + * -u user : use the current context with the specified user
+ * -l level : use the current context with the specified level range + * -l level : use the current context with the specified level range
+ * -c : compute process transition context before modifying
+ * + *
+ * Contexts are interpreted as follows: + * Contexts are interpreted as follows:
+ * + *
@ -342,6 +346,7 @@
+#include <getopt.h> +#include <getopt.h>
+#include <selinux/context.h> +#include <selinux/context.h>
+#include <selinux/selinux.h> +#include <selinux/selinux.h>
+#include <selinux/flask.h>
+#include <errno.h> +#include <errno.h>
+#include "system.h" +#include "system.h"
+extern int errno; +extern int errno;
@ -349,19 +354,28 @@
+/* The name the program was run with. */ +/* The name the program was run with. */
+char *program_name; +char *program_name;
+ +
+/* If nonzero, display usage information and exit. */
+static int show_help;
+
+/* If nonzero, print the version on standard output and exit. */
+static int show_version;
+
+void +void
+usage(char *str) +usage(int status)
+{ +{
+ printf(_("Usage: %s [OPTION]... command [args]\n" + printf(_("Usage: %s CONTEXT COMMAND [args]\n"
+ " or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n"
+ "Run a program in a different security context.\n\n" + "Run a program in a different security context.\n\n"
+ " context Complete security context\n" + " CONTEXT Complete security context\n"
+ " -t type (for same role as parent)\n" + " -c, --compute compute process transition context before modifying\n"
+ " -u user identity\n" + " -t, --type=TYPE type (for same role as parent)\n"
+ " -r role\n" + " -u, --user=USER user identity\n"
+ " -l levelrange\n" + " -r, --role=ROLE role\n"
+ " --help display this help and exit\n"), + " -l, --range=RANGE levelrange\n"
+ program_name); + " --help display this help and exit\n"
+ exit(1); + " --version output version information and exit\n"),
+ program_name, program_name);
+ exit(status);
+} +}
+ +
+int +int
@ -373,6 +387,9 @@
+ char *type = 0; + char *type = 0;
+ char *context = NULL; + char *context = NULL;
+ security_context_t cur_context = NULL; + security_context_t cur_context = NULL;
+ security_context_t file_context = NULL;
+ security_context_t new_context = NULL;
+ int compute_trans = 0;
+ +
+ context_t con; + context_t con;
+ +
@ -390,14 +407,18 @@
+ { "type", 1, 0, 't' }, + { "type", 1, 0, 't' },
+ { "user", 1, 0, 'u' }, + { "user", 1, 0, 'u' },
+ { "range", 1, 0, 'l' }, + { "range", 1, 0, 'l' },
+ { "help", 0, 0, '?' }, + { "compute", 0, 0, 'c' },
+ { "help", 0, &show_help, 1 },
+ { "version", 0, &show_version, 1 },
+ { 0, 0, 0, 0 } + { 0, 0, 0, 0 }
+ }; + };
+ c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index); + c = getopt_long(argc, argv, "r:t:u:l:c", long_options, &option_index);
+ if ( c == -1 ) { + if ( c == -1 ) {
+ break; + break;
+ } + }
+ switch ( c ) { + switch ( c ) {
+ case 0:
+ break;
+ case 'r': + case 'r':
+ if ( role ) { + if ( role ) {
+ fprintf(stderr,_("multiple roles\n")); + fprintf(stderr,_("multiple roles\n"));
@ -426,31 +447,42 @@
+ } + }
+ range = optarg; + range = optarg;
+ break; + break;
+ case 'c':
+ compute_trans = 1;
+ break;
+ default: + default:
+ fprintf(stderr,_("unrecognised option %c\n"),c); + usage(1);
+ case '?':
+ usage(0);
+ break; + break;
+ } + }
+ } + }
+ +
+ if (show_version) {
+ printf("runcon (%s) %s\n", GNU_PACKAGE, VERSION);
+ exit(0);
+ }
+
+ if (show_help)
+ usage(0);
+
+ if ( !(user || role || type || range || compute_trans)) {
+ if ( optind >= argc ) {
+ fprintf(stderr,_("must specify -c, -t, -u, -l, -r, or context\n"));
+ usage(1);
+ }
+ context = argv[optind++];
+ }
+
+ if ( optind >= argc ) {
+ fprintf(stderr,_("no command found\n"));
+ usage(1);
+ }
+
+ if( is_selinux_enabled() != 1 ) { + if( is_selinux_enabled() != 1 ) {
+ fprintf( stderr, + fprintf( stderr,
+ _("runcon may be used only on a SELinux kernel.\n") ); + _("runcon may be used only on a SELinux kernel.\n") );
+ exit(-1); + exit(-1);
+ } + }
+ +
+ if ( !(user || role || type || range)) {
+ if ( optind >= argc ) {
+ usage(_("must specify -t, -u, -l, -r, or context"));
+ }
+ context = argv[optind++];
+ }
+
+ if ( optind >= argc ) {
+ usage(_("no command found"));
+ }
+
+ if ( context ) { + if ( context ) {
+ con = context_new(context); + con = context_new(context);
+ if (!con) { + if (!con) {
@ -463,6 +495,29 @@
+ fprintf(stderr,_("Couldn't get current context.\n")); + fprintf(stderr,_("Couldn't get current context.\n"));
+ exit(1); + exit(1);
+ } + }
+
+ /* We will generate context based on process transition */
+ if ( compute_trans ) {
+ /* Get context of file to be executed */
+ if (getfilecon(argv[optind], &file_context) == -1) {
+ fprintf(stderr,_("unable to retrieve attributes of %s\n"),
+ argv[optind]);
+ exit(1);
+ }
+ /* compute result of process transition */
+ if (security_compute_create(cur_context, file_context,
+ SECCLASS_PROCESS, &new_context) != 0) {
+ fprintf(stderr,_("unable to compute a new context\n"));
+ exit(1);
+ }
+ /* free contexts */
+ freecon(file_context);
+ freecon(cur_context);
+
+ /* set cur_context equal to new_context */
+ cur_context = new_context;
+ }
+
+ con = context_new(cur_context); + con = context_new(cur_context);
+ if (!con) { + if (!con) {
+ fprintf(stderr,_("%s is not a valid context\n"), cur_context); + fprintf(stderr,_("%s is not a valid context\n"), cur_context);
@ -512,6 +567,7 @@
+ } + }
+ return 1; /* can't reach this statement.... */ + return 1; /* can't reach this statement.... */
+} +}
unchanged:
--- coreutils-5.2.1/src/mkdir.c.selinux 2004-01-21 17:27:02.000000000 -0500 --- coreutils-5.2.1/src/mkdir.c.selinux 2004-01-21 17:27:02.000000000 -0500
+++ coreutils-5.2.1/src/mkdir.c 2004-12-29 12:24:03.422858217 -0500 +++ coreutils-5.2.1/src/mkdir.c 2004-12-29 12:24:03.422858217 -0500
@@ -34,6 +34,10 @@ @@ -34,6 +34,10 @@
@ -580,6 +636,7 @@
case_GETOPT_HELP_CHAR; case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default: default:
unchanged:
--- coreutils-5.2.1/src/mv.c.selinux 2004-12-29 12:24:02.845923189 -0500 --- coreutils-5.2.1/src/mv.c.selinux 2004-12-29 12:24:02.845923189 -0500
+++ coreutils-5.2.1/src/mv.c 2004-12-29 12:24:03.424857992 -0500 +++ coreutils-5.2.1/src/mv.c 2004-12-29 12:24:03.424857992 -0500
@@ -34,6 +34,11 @@ @@ -34,6 +34,11 @@
@ -615,6 +672,7 @@
/* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
we'll actually use backup_suffix_string. */ we'll actually use backup_suffix_string. */
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
unchanged:
--- coreutils-5.2.1/src/ls.c.selinux 2004-12-29 12:24:02.848922851 -0500 --- coreutils-5.2.1/src/ls.c.selinux 2004-12-29 12:24:02.848922851 -0500
+++ coreutils-5.2.1/src/ls.c 2004-12-29 12:24:03.429857429 -0500 +++ coreutils-5.2.1/src/ls.c 2004-12-29 12:24:03.429857429 -0500
@@ -121,6 +121,18 @@ @@ -121,6 +121,18 @@
@ -1233,6 +1291,7 @@
+ } + }
+} +}
+#endif +#endif
unchanged:
--- /dev/null 2004-12-29 02:13:24.827638832 -0500 --- /dev/null 2004-12-29 02:13:24.827638832 -0500
+++ coreutils-5.2.1/src/chcon.c 2004-12-29 12:24:03.430857317 -0500 +++ coreutils-5.2.1/src/chcon.c 2004-12-29 12:24:03.430857317 -0500
@@ -0,0 +1,421 @@ @@ -0,0 +1,421 @@
@ -1657,6 +1716,7 @@
+ freecon(ref_context); + freecon(ref_context);
+ exit (errors); + exit (errors);
+} +}
unchanged:
--- coreutils-5.2.1/src/id.c.selinux 2004-12-29 12:24:03.287873419 -0500 --- coreutils-5.2.1/src/id.c.selinux 2004-12-29 12:24:03.287873419 -0500
+++ coreutils-5.2.1/src/id.c 2004-12-29 12:24:03.432857091 -0500 +++ coreutils-5.2.1/src/id.c 2004-12-29 12:24:03.432857091 -0500
@@ -45,6 +45,20 @@ @@ -45,6 +45,20 @@
@ -1790,6 +1850,7 @@
+ } + }
+#endif +#endif
} }
unchanged:
--- coreutils-5.2.1/src/install.c.selinux 2004-12-29 12:24:02.850922625 -0500 --- coreutils-5.2.1/src/install.c.selinux 2004-12-29 12:24:02.850922625 -0500
+++ coreutils-5.2.1/src/install.c 2004-12-29 12:24:47.138935019 -0500 +++ coreutils-5.2.1/src/install.c 2004-12-29 12:24:47.138935019 -0500
@@ -47,6 +47,43 @@ @@ -47,6 +47,43 @@
@ -1953,6 +2014,7 @@
fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (HELP_OPTION_DESCRIPTION, stdout);
fputs (VERSION_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout);
fputs (_("\ fputs (_("\
unchanged:
--- coreutils-5.2.1/src/copy.h.selinux 2004-12-29 12:24:02.853922288 -0500 --- coreutils-5.2.1/src/copy.h.selinux 2004-12-29 12:24:02.853922288 -0500
+++ coreutils-5.2.1/src/copy.h 2004-12-29 12:24:03.435856754 -0500 +++ coreutils-5.2.1/src/copy.h 2004-12-29 12:24:03.435856754 -0500
@@ -105,6 +105,9 @@ @@ -105,6 +105,9 @@
@ -1965,6 +2027,7 @@
/* Enabled for mv, and for cp by the --preserve=links option. /* Enabled for mv, and for cp by the --preserve=links option.
If nonzero, attempt to preserve in the destination files any If nonzero, attempt to preserve in the destination files any
unchanged:
--- coreutils-5.2.1/src/Makefile.am.selinux 2004-12-29 12:24:03.264876008 -0500 --- coreutils-5.2.1/src/Makefile.am.selinux 2004-12-29 12:24:03.264876008 -0500
+++ coreutils-5.2.1/src/Makefile.am 2004-12-29 12:24:03.436856641 -0500 +++ coreutils-5.2.1/src/Makefile.am 2004-12-29 12:24:03.436856641 -0500
@@ -3,13 +3,13 @@ @@ -3,13 +3,13 @@
@ -2010,6 +2073,7 @@
## If necessary, add -lm to resolve use of pow in lib/strtod.c. ## If necessary, add -lm to resolve use of pow in lib/strtod.c.
sort_LDADD = $(LDADD) $(POW_LIB) sort_LDADD = $(LDADD) $(POW_LIB)
unchanged:
--- coreutils-5.2.1/src/copy.c.selinux 2004-12-29 12:24:03.382862721 -0500 --- coreutils-5.2.1/src/copy.c.selinux 2004-12-29 12:24:03.382862721 -0500
+++ coreutils-5.2.1/src/copy.c 2004-12-29 12:24:03.439856303 -0500 +++ coreutils-5.2.1/src/copy.c 2004-12-29 12:24:03.439856303 -0500
@@ -42,6 +42,11 @@ @@ -42,6 +42,11 @@
@ -2107,6 +2171,7 @@
/* We have failed to create the destination file. /* We have failed to create the destination file.
If we've just added a dev/ino entry via the remember_copied If we've just added a dev/ino entry via the remember_copied
call above (i.e., unless we've just failed to create a hard link), call above (i.e., unless we've just failed to create a hard link),
unchanged:
--- coreutils-5.2.1/src/mknod.c.selinux 2004-01-21 17:27:02.000000000 -0500 --- coreutils-5.2.1/src/mknod.c.selinux 2004-01-21 17:27:02.000000000 -0500
+++ coreutils-5.2.1/src/mknod.c 2004-12-29 12:24:03.440856191 -0500 +++ coreutils-5.2.1/src/mknod.c 2004-12-29 12:24:03.440856191 -0500
@@ -36,8 +36,15 @@ @@ -36,8 +36,15 @@
@ -2170,6 +2235,7 @@
case_GETOPT_HELP_CHAR; case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default: default:
unchanged:
--- coreutils-5.2.1/src/cp.c.selinux 2004-12-29 12:24:02.852922400 -0500 --- coreutils-5.2.1/src/cp.c.selinux 2004-12-29 12:24:02.852922400 -0500
+++ coreutils-5.2.1/src/cp.c 2004-12-29 12:24:03.443855853 -0500 +++ coreutils-5.2.1/src/cp.c 2004-12-29 12:24:03.443855853 -0500
@@ -49,6 +49,11 @@ @@ -49,6 +49,11 @@
@ -2334,6 +2400,7 @@
case PARENTS_OPTION: case PARENTS_OPTION:
flag_path = 1; flag_path = 1;
unchanged:
--- coreutils-5.2.1/src/mkfifo.c.selinux 2004-01-21 17:27:02.000000000 -0500 --- coreutils-5.2.1/src/mkfifo.c.selinux 2004-01-21 17:27:02.000000000 -0500
+++ coreutils-5.2.1/src/mkfifo.c 2004-12-29 12:24:03.444855740 -0500 +++ coreutils-5.2.1/src/mkfifo.c 2004-12-29 12:24:03.444855740 -0500
@@ -32,11 +32,18 @@ @@ -32,11 +32,18 @@
@ -2399,6 +2466,7 @@
case_GETOPT_HELP_CHAR; case_GETOPT_HELP_CHAR;
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
default: default:
unchanged:
--- coreutils-5.2.1/configure.ac.selinux 2004-12-29 12:24:02.947911703 -0500 --- coreutils-5.2.1/configure.ac.selinux 2004-12-29 12:24:02.947911703 -0500
+++ coreutils-5.2.1/configure.ac 2004-12-29 12:24:03.446855515 -0500 +++ coreutils-5.2.1/configure.ac 2004-12-29 12:24:03.446855515 -0500
@@ -14,6 +14,13 @@ @@ -14,6 +14,13 @@
@ -2415,6 +2483,7 @@
gl_DEFAULT_POSIX2_VERSION gl_DEFAULT_POSIX2_VERSION
gl_USE_SYSTEM_EXTENSIONS gl_USE_SYSTEM_EXTENSIONS
jm_PERL jm_PERL
unchanged:
--- coreutils-5.2.1/man/mkfifo.1.selinux 2004-03-02 17:52:28.000000000 -0500 --- coreutils-5.2.1/man/mkfifo.1.selinux 2004-03-02 17:52:28.000000000 -0500
+++ coreutils-5.2.1/man/mkfifo.1 2004-12-29 12:24:03.446855515 -0500 +++ coreutils-5.2.1/man/mkfifo.1 2004-12-29 12:24:03.446855515 -0500
@@ -12,6 +12,9 @@ @@ -12,6 +12,9 @@
@ -2427,6 +2496,7 @@
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
set permission mode (as in chmod), not a=rw - umask set permission mode (as in chmod), not a=rw - umask
.TP .TP
unchanged:
--- coreutils-5.2.1/man/ls.1.selinux 2004-03-02 17:52:28.000000000 -0500 --- coreutils-5.2.1/man/ls.1.selinux 2004-03-02 17:52:28.000000000 -0500
+++ coreutils-5.2.1/man/ls.1 2004-12-29 12:24:03.448855290 -0500 +++ coreutils-5.2.1/man/ls.1 2004-12-29 12:24:03.448855290 -0500
@@ -195,6 +195,20 @@ @@ -195,6 +195,20 @@
@ -2450,6 +2520,7 @@
.TP .TP
\fB\-\-help\fR \fB\-\-help\fR
display this help and exit display this help and exit
unchanged:
--- coreutils-5.2.1/man/dir.1.selinux 2004-03-02 17:51:06.000000000 -0500 --- coreutils-5.2.1/man/dir.1.selinux 2004-03-02 17:51:06.000000000 -0500
+++ coreutils-5.2.1/man/dir.1 2004-12-29 12:24:03.452854839 -0500 +++ coreutils-5.2.1/man/dir.1 2004-12-29 12:24:03.452854839 -0500
@@ -195,6 +195,20 @@ @@ -195,6 +195,20 @@
@ -2473,6 +2544,7 @@
.TP .TP
\fB\-\-help\fR \fB\-\-help\fR
display this help and exit display this help and exit
unchanged:
--- coreutils-5.2.1/man/mkdir.1.selinux 2004-03-02 17:52:28.000000000 -0500 --- coreutils-5.2.1/man/mkdir.1.selinux 2004-03-02 17:52:28.000000000 -0500
+++ coreutils-5.2.1/man/mkdir.1 2004-12-29 12:24:03.453854727 -0500 +++ coreutils-5.2.1/man/mkdir.1 2004-12-29 12:24:03.453854727 -0500
@@ -12,6 +12,8 @@ @@ -12,6 +12,8 @@
@ -2484,15 +2556,16 @@
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
set permission mode (as in chmod), not rwxrwxrwx - umask set permission mode (as in chmod), not rwxrwxrwx - umask
.TP .TP
--- /dev/null 2004-12-29 02:13:24.827638832 -0500 diff -u coreutils-5.2.1/man/runcon.1 coreutils-5.2.1/man/runcon.1
+++ coreutils-5.2.1/man/runcon.1 2004-12-29 12:24:03.454854614 -0500 --- coreutils-5.2.1/man/runcon.1 2004-12-29 12:24:03.454854614 -0500
@@ -0,0 +1,39 @@ +++ coreutils-5.2.1/man/runcon.1 2005-05-16 14:18:12.000000000 -0400
+.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux" @@ -0,0 +1,43 @@
+.TH RUNCON "1" "February 2005" "runcon (coreutils) 5.0" "selinux"
+.SH NAME +.SH NAME
+runcon \- run command with specified security context +runcon \- run command with specified security context
+.SH SYNOPSIS +.SH SYNOPSIS
+.B runcon +.B runcon
+[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR] +[\fI-c\fR] [\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
+.PP +.PP
+or +or
+.PP +.PP
@ -2504,8 +2577,12 @@
+.PP +.PP
+.\" Add any additional description here +.\" Add any additional description here
+.PP +.PP
+Run COMMAND with current security context modified by one or more of LEVEL, +Run COMMAND with completely-specified CONTEXT, or with current or
+ROLE, TYPE, and USER, or with completely-specified CONTEXT. +transitioned security context modified by one or more of LEVEL,
+ROLE, TYPE, and USER.
+.TP
+\fB\-c\fR
+compute process transition before modifying context
+.TP +.TP
+\fB\-t\fR +\fB\-t\fR
+change current type to the specified type +change current type to the specified type
@ -2519,13 +2596,14 @@
+\fB\-u\fR +\fB\-u\fR
+change current user to the specified user +change current user to the specified user
+.PP +.PP
+If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified, +If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
+the first argument is used as the complete context. Any additional +the first argument is used as the complete context. Any additional
+arguments after \fICOMMAND\fR are interpreted as arguments to the +arguments after \fICOMMAND\fR are interpreted as arguments to the
+command. +command.
+.PP +.PP
+Note that only carefully-chosen contexts are likely to successfully +Note that only carefully-chosen contexts are likely to successfully
+run. +run.
unchanged:
--- coreutils-5.2.1/man/Makefile.in.selinux 2004-03-11 03:58:00.000000000 -0500 --- coreutils-5.2.1/man/Makefile.in.selinux 2004-03-11 03:58:00.000000000 -0500
+++ coreutils-5.2.1/man/Makefile.in 2004-12-29 12:24:03.456854389 -0500 +++ coreutils-5.2.1/man/Makefile.in 2004-12-29 12:24:03.456854389 -0500
@@ -185,6 +185,7 @@ @@ -185,6 +185,7 @@
@ -2563,6 +2641,7 @@
# Note the use of $t/$*, rather than just `$*' as in other packages. # Note the use of $t/$*, rather than just `$*' as in other packages.
# That is necessary to avoid failures for programs that are also shell built-in # That is necessary to avoid failures for programs that are also shell built-in
unchanged:
--- coreutils-5.2.1/man/install.1.selinux 2004-12-29 12:24:02.671942781 -0500 --- coreutils-5.2.1/man/install.1.selinux 2004-12-29 12:24:02.671942781 -0500
+++ coreutils-5.2.1/man/install.1 2004-12-29 12:24:03.458854164 -0500 +++ coreutils-5.2.1/man/install.1 2004-12-29 12:24:03.458854164 -0500
@@ -60,6 +60,11 @@ @@ -60,6 +60,11 @@
@ -2577,6 +2656,7 @@
.TP .TP
\fB\-\-help\fR \fB\-\-help\fR
display this help and exit display this help and exit
unchanged:
--- coreutils-5.2.1/man/stat.1.selinux 2004-03-02 17:52:31.000000000 -0500 --- coreutils-5.2.1/man/stat.1.selinux 2004-03-02 17:52:31.000000000 -0500
+++ coreutils-5.2.1/man/stat.1 2004-12-29 12:24:03.459854051 -0500 +++ coreutils-5.2.1/man/stat.1 2004-12-29 12:24:03.459854051 -0500
@@ -22,6 +22,9 @@ @@ -22,6 +22,9 @@
@ -2599,6 +2679,7 @@
%D %D
Device number in hex Device number in hex
.TP .TP
unchanged:
--- /dev/null 2004-12-29 02:13:24.827638832 -0500 --- /dev/null 2004-12-29 02:13:24.827638832 -0500
+++ coreutils-5.2.1/man/chcon.1 2004-12-29 12:24:03.461853826 -0500 +++ coreutils-5.2.1/man/chcon.1 2004-12-29 12:24:03.461853826 -0500
@@ -0,0 +1,64 @@ @@ -0,0 +1,64 @@
@ -2666,6 +2747,7 @@
+.B info chcon +.B info chcon
+.PP +.PP
+should give you access to the complete manual. +should give you access to the complete manual.
unchanged:
--- coreutils-5.2.1/man/mknod.1.selinux 2004-03-02 17:52:28.000000000 -0500 --- coreutils-5.2.1/man/mknod.1.selinux 2004-03-02 17:52:28.000000000 -0500
+++ coreutils-5.2.1/man/mknod.1 2004-12-29 12:24:03.463853601 -0500 +++ coreutils-5.2.1/man/mknod.1 2004-12-29 12:24:03.463853601 -0500
@@ -12,6 +12,9 @@ @@ -12,6 +12,9 @@
@ -2678,6 +2760,7 @@
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
set permission mode (as in chmod), not a=rw - umask set permission mode (as in chmod), not a=rw - umask
.TP .TP
unchanged:
--- /dev/null 2004-12-29 02:13:24.827638832 -0500 --- /dev/null 2004-12-29 02:13:24.827638832 -0500
+++ coreutils-5.2.1/man/chcon.x 2004-12-29 12:24:03.464853488 -0500 +++ coreutils-5.2.1/man/chcon.x 2004-12-29 12:24:03.464853488 -0500
@@ -0,0 +1,4 @@ @@ -0,0 +1,4 @@
@ -2685,6 +2768,7 @@
+chcon \- change file security context +chcon \- change file security context
+[DESCRIPTION] +[DESCRIPTION]
+.\" Add any additional description here +.\" Add any additional description here
unchanged:
--- coreutils-5.2.1/man/Makefile.am.selinux 2004-12-29 12:24:03.258876684 -0500 --- coreutils-5.2.1/man/Makefile.am.selinux 2004-12-29 12:24:03.258876684 -0500
+++ coreutils-5.2.1/man/Makefile.am 2004-12-29 12:24:03.466853263 -0500 +++ coreutils-5.2.1/man/Makefile.am 2004-12-29 12:24:03.466853263 -0500
@@ -10,7 +10,7 @@ @@ -10,7 +10,7 @@
@ -2705,11 +2789,25 @@
SUFFIXES = .x .1 SUFFIXES = .x .1
--- /dev/null 2004-12-29 02:13:24.827638832 -0500 diff -u coreutils-5.2.1/man/runcon.x coreutils-5.2.1/man/runcon.x
+++ coreutils-5.2.1/man/runcon.x 2004-12-29 12:24:03.467853150 -0500 --- coreutils-5.2.1/man/runcon.x 2004-12-29 12:24:03.467853150 -0500
@@ -0,0 +1,2 @@ +++ coreutils-5.2.1/man/runcon.x 2005-05-16 14:18:12.000000000 -0400
@@ -0,0 +1,14 @@
+[NAME]
+runcon \- run command with specified security context
+[DESCRIPTION] +[DESCRIPTION]
+.\" Add any additional description here +Run COMMAND with completely-specified CONTEXT, or with current or
+transitioned security context modified by one or more of LEVEL,
+ROLE, TYPE, and USER.
+.PP
+If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
+the first argument is used as the complete context. Any additional
+arguments after \fICOMMAND\fR are interpreted as arguments to the
+command.
+.PP
+Note that only carefully-chosen contexts are likely to successfully
+run.
unchanged:
--- coreutils-5.2.1/man/id.1.selinux 2004-03-02 17:52:27.000000000 -0500 --- coreutils-5.2.1/man/id.1.selinux 2004-03-02 17:52:27.000000000 -0500
+++ coreutils-5.2.1/man/id.1 2004-12-29 12:24:03.469852925 -0500 +++ coreutils-5.2.1/man/id.1 2004-12-29 12:24:03.469852925 -0500
@@ -13,6 +13,9 @@ @@ -13,6 +13,9 @@
@ -2722,6 +2820,7 @@
\fB\-g\fR, \fB\-\-group\fR \fB\-g\fR, \fB\-\-group\fR
print only the effective group ID print only the effective group ID
.TP .TP
unchanged:
--- coreutils-5.2.1/man/cp.1.selinux 2004-03-02 17:51:05.000000000 -0500 --- coreutils-5.2.1/man/cp.1.selinux 2004-03-02 17:51:05.000000000 -0500
+++ coreutils-5.2.1/man/cp.1 2004-12-29 12:24:03.470852813 -0500 +++ coreutils-5.2.1/man/cp.1 2004-12-29 12:24:03.470852813 -0500
@@ -57,7 +57,7 @@ @@ -57,7 +57,7 @@
@ -2743,6 +2842,7 @@
\fB\-\-version\fR \fB\-\-version\fR
output version information and exit output version information and exit
.PP .PP
unchanged:
--- coreutils-5.2.1/man/vdir.1.selinux 2004-03-02 17:52:33.000000000 -0500 --- coreutils-5.2.1/man/vdir.1.selinux 2004-03-02 17:52:33.000000000 -0500
+++ coreutils-5.2.1/man/vdir.1 2004-12-29 12:24:03.471852700 -0500 +++ coreutils-5.2.1/man/vdir.1 2004-12-29 12:24:03.471852700 -0500
@@ -195,6 +195,20 @@ @@ -195,6 +195,20 @@
@ -2766,6 +2866,7 @@
.TP .TP
\fB\-\-help\fR \fB\-\-help\fR
display this help and exit display this help and exit
unchanged:
--- coreutils-5.2.1/tests/help-version.selinux 2004-12-29 12:24:03.261876346 -0500 --- coreutils-5.2.1/tests/help-version.selinux 2004-12-29 12:24:03.261876346 -0500
+++ coreutils-5.2.1/tests/help-version 2004-12-29 12:24:03.473852475 -0500 +++ coreutils-5.2.1/tests/help-version 2004-12-29 12:24:03.473852475 -0500
@@ -42,6 +42,8 @@ @@ -42,6 +42,8 @@
@ -2786,6 +2887,7 @@
rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out
echo > $tmp_in echo > $tmp_in
unchanged:
--- coreutils-5.2.1/config.hin.selinux 2004-12-29 12:24:02.949911478 -0500 --- coreutils-5.2.1/config.hin.selinux 2004-12-29 12:24:02.949911478 -0500
+++ coreutils-5.2.1/config.hin 2004-12-29 12:24:03.475852250 -0500 +++ coreutils-5.2.1/config.hin 2004-12-29 12:24:03.475852250 -0500
@@ -1374,6 +1374,9 @@ @@ -1374,6 +1374,9 @@

2
coreutils.spec
View File

@ -53,7 +53,6 @@ Patch924: coreutils-stale-utmp.patch
#SELINUX Patch #SELINUX Patch
Patch950: coreutils-selinux.patch Patch950: coreutils-selinux.patch
Patch951: coreutils-runcon.patch
BuildRoot: %_tmppath/%{name}-root BuildRoot: %_tmppath/%{name}-root
BuildRequires: gettext libtermcap-devel bison BuildRequires: gettext libtermcap-devel bison
@ -117,7 +116,6 @@ the old GNU fileutils, sh-utils, and textutils packages.
#SELinux #SELinux
%patch950 -p1 -b .selinux %patch950 -p1 -b .selinux
%patch951 -p1 -b .runcon
# Don't run basic-1 test, since it breaks when run in the background # Don't run basic-1 test, since it breaks when run in the background
# (bug #102033). # (bug #102033).