diff --git a/man/chcon.x b/man/chcon.x index 8c1ff6f..c84fb96 100644 --- a/man/chcon.x +++ b/man/chcon.x @@ -1,4 +1,4 @@ [NAME] -chcon \- change file security context +chcon \- change file SELinux security context [DESCRIPTION] .\" Add any additional description here diff --git a/man/runcon.x b/man/runcon.x index d2df13e..5c5f5d8 100644 --- a/man/runcon.x +++ b/man/runcon.x @@ -1,5 +1,5 @@ [NAME] -runcon \- run command with specified security context +runcon \- run command with specified SELinux security context [DESCRIPTION] Run COMMAND with completely-specified CONTEXT, or with current or transitioned security context modified by one or more of LEVEL, diff --git a/src/cp.c b/src/cp.c index 1b528c6..25dbb88 100644 --- a/src/cp.c +++ b/src/cp.c @@ -203,6 +203,9 @@ Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.\n\ all\n\ "), stdout); fputs (_("\ + -c deprecated, same as --preserve=context\n\ +"), stdout); + fputs (_("\ --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ --parents use full source file name under DIRECTORY\n\ "), stdout); @@ -929,7 +932,7 @@ main (int argc, char **argv) selinux_enabled = (0 < is_selinux_enabled ()); cp_option_init (&x); - while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:TZ", + while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ", long_opts, NULL)) != -1) { @@ -977,6 +980,17 @@ main (int argc, char **argv) copy_contents = true; break; + case 'c': + fprintf (stderr, "%s: warning: option '-c' is deprecated, please use '--preserve=context' instead\n", argv[0]); + if ( x.set_security_context ) { + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); + exit( 1 ); + } + else if (selinux_enabled) { + x.preserve_security_context = true; + x.require_preserve_context = true; + } + break; case 'd': x.preserve_links = true; x.dereference = DEREF_NEVER; diff --git a/src/id.c b/src/id.c index 05d98a5..d6eb002 100644 --- a/src/id.c +++ b/src/id.c @@ -114,7 +114,7 @@ int main (int argc, char **argv) { int optc; - int selinux_enabled = (is_selinux_enabled () > 0); + bool selinux_enabled = (is_selinux_enabled () > 0); bool smack_enabled = is_smack_enabled (); bool opt_zero = false; char *pw_name = NULL; diff --git a/src/install.c b/src/install.c index d79d597..437889a 100644 --- a/src/install.c +++ b/src/install.c @@ -673,7 +673,7 @@ In the 4th form, create all components of the given DIRECTORY(ies).\n\ -v, --verbose print the name of each directory as it is created\n\ "), stdout); fputs (_("\ - --preserve-context preserve SELinux security context\n\ + -P, --preserve-context preserve SELinux security context (-P deprecated)\n\ -Z set SELinux security context of destination\n\ file and each created directory to default type\n\ --context[=CTX] like -Z, or if CTX is specified then set the\n\ @@ -824,7 +824,7 @@ main (int argc, char **argv) dir_arg = false; umask (0); - while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z", long_options, + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z", long_options, NULL)) != -1) { switch (optc) @@ -885,6 +885,8 @@ main (int argc, char **argv) no_target_directory = true; break; + case 'P': + fprintf (stderr, "%s: warning: option '-P' is deprecated, please use '--preserve-context' instead\n", argv[0]); case PRESERVE_CONTEXT_OPTION: if (! selinux_enabled) { @@ -892,6 +894,10 @@ main (int argc, char **argv) "this kernel is not SELinux-enabled")); break; } + if ( x.set_security_context ) { + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); + exit( 1 ); + } x.preserve_security_context = true; use_default_selinux_context = false; break;