3029 lines
86 KiB
Diff
3029 lines
86 KiB
Diff
--- /dev/null 2006-06-22 09:01:01.637265000 +0100
|
|
+++ coreutils-5.96/src/chcon.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -0,0 +1,421 @@
|
|
+/* chcontext -- change security context of a pathname */
|
|
+
|
|
+#include <config.h>
|
|
+#include <stdio.h>
|
|
+#include <sys/types.h>
|
|
+#include <grp.h>
|
|
+#include <getopt.h>
|
|
+#include <selinux/selinux.h>
|
|
+#include <selinux/context.h>
|
|
+
|
|
+#include "system.h"
|
|
+#include "error.h"
|
|
+#include "savedir.h"
|
|
+#include "group-member.h"
|
|
+
|
|
+enum Change_status
|
|
+{
|
|
+ CH_SUCCEEDED,
|
|
+ CH_FAILED,
|
|
+ CH_NO_CHANGE_REQUESTED
|
|
+};
|
|
+
|
|
+enum Verbosity
|
|
+{
|
|
+ /* Print a message for each file that is processed. */
|
|
+ V_high,
|
|
+
|
|
+ /* Print a message for each file whose attributes we change. */
|
|
+ V_changes_only,
|
|
+
|
|
+ /* Do not be verbose. This is the default. */
|
|
+ V_off
|
|
+};
|
|
+
|
|
+static int change_dir_context (const char *dir, const struct stat *statp);
|
|
+
|
|
+/* The name the program was run with. */
|
|
+char *program_name;
|
|
+
|
|
+/* If nonzero, and the systems has support for it, change the context
|
|
+ of symbolic links rather than any files they point to. */
|
|
+static int change_symlinks;
|
|
+
|
|
+/* If nonzero, change the context of directories recursively. */
|
|
+static int recurse;
|
|
+
|
|
+/* If nonzero, force silence (no error messages). */
|
|
+static int force_silent;
|
|
+
|
|
+/* Level of verbosity. */
|
|
+static enum Verbosity verbosity = V_off;
|
|
+
|
|
+/* The name of the context file is being given. */
|
|
+static const char *specified_context;
|
|
+
|
|
+/* Specific components of the context */
|
|
+static const char *specified_user;
|
|
+static const char *specified_role;
|
|
+static const char *specified_range;
|
|
+static const char *specified_type;
|
|
+
|
|
+/* The argument to the --reference option. Use the context of this file.
|
|
+ This file must exist. */
|
|
+static char *reference_file;
|
|
+
|
|
+/* If nonzero, display usage information and exit. */
|
|
+static int show_help;
|
|
+
|
|
+/* If nonzero, print the version on standard output and exit. */
|
|
+static int show_version;
|
|
+
|
|
+static struct option const long_options[] =
|
|
+{
|
|
+ {"recursive", no_argument, 0, 'R'},
|
|
+ {"changes", no_argument, 0, 'c'},
|
|
+ {"no-dereference", no_argument, 0, 'h'},
|
|
+ {"silent", no_argument, 0, 'f'},
|
|
+ {"quiet", no_argument, 0, 'f'},
|
|
+ {"reference", required_argument, 0, CHAR_MAX + 1},
|
|
+ {"context", required_argument, 0, CHAR_MAX + 2},
|
|
+ {"user", required_argument, 0, 'u'},
|
|
+ {"role", required_argument, 0, 'r'},
|
|
+ {"type", required_argument, 0, 't'},
|
|
+ {"range", required_argument, 0, 'l'},
|
|
+ {"verbose", no_argument, 0, 'v'},
|
|
+ {"help", no_argument, &show_help, 1},
|
|
+ {"version", no_argument, &show_version, 1},
|
|
+ {0, 0, 0, 0}
|
|
+};
|
|
+
|
|
+/* Tell the user how/if the context of FILE has been changed.
|
|
+ CHANGED describes what (if anything) has happened. */
|
|
+
|
|
+static void
|
|
+describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
|
|
+{
|
|
+ const char *fmt;
|
|
+ switch (changed)
|
|
+ {
|
|
+ case CH_SUCCEEDED:
|
|
+ fmt = _("context of %s changed to %s\n");
|
|
+ break;
|
|
+ case CH_FAILED:
|
|
+ fmt = _("failed to change context of %s to %s\n");
|
|
+ break;
|
|
+ case CH_NO_CHANGE_REQUESTED:
|
|
+ fmt = _("context of %s retained as %s\n");
|
|
+ break;
|
|
+ default:
|
|
+ abort ();
|
|
+ }
|
|
+ printf (fmt, file, newcontext);
|
|
+}
|
|
+
|
|
+static int
|
|
+compute_context_from_mask (security_context_t context, context_t *ret)
|
|
+{
|
|
+ context_t newcontext = context_new (context);
|
|
+ if (!newcontext)
|
|
+ return 1;
|
|
+#define SETCOMPONENT(comp) \
|
|
+ do { \
|
|
+ if (specified_ ## comp) \
|
|
+ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
|
|
+ goto lose; \
|
|
+ } while (0)
|
|
+
|
|
+ SETCOMPONENT(user);
|
|
+ SETCOMPONENT(range);
|
|
+ SETCOMPONENT(role);
|
|
+ SETCOMPONENT(type);
|
|
+#undef SETCOMPONENT
|
|
+
|
|
+ *ret = newcontext;
|
|
+ return 0;
|
|
+ lose:
|
|
+ context_free (newcontext);
|
|
+ return 1;
|
|
+}
|
|
+
|
|
+/* Change the context of FILE, using specified components.
|
|
+ If it is a directory and -R is given, recurse.
|
|
+ Return 0 if successful, 1 if errors occurred. */
|
|
+
|
|
+static int
|
|
+change_file_context (const char *file)
|
|
+{
|
|
+ struct stat file_stats;
|
|
+ security_context_t file_context=NULL;
|
|
+ context_t context;
|
|
+ security_context_t context_string;
|
|
+ int errors = 0;
|
|
+ int status = 0;
|
|
+
|
|
+ if (change_symlinks)
|
|
+ status = lgetfilecon(file, &file_context);
|
|
+ else
|
|
+ status = getfilecon(file, &file_context);
|
|
+
|
|
+ if ((status < 0) && (errno != ENODATA))
|
|
+ {
|
|
+ if (force_silent == 0)
|
|
+ error (0, errno, "%s", file);
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
+ /* If the file doesn't have a context, and we're not setting all of
|
|
+ the context components, there isn't really an obvious default.
|
|
+ Thus, we just give up. */
|
|
+ if (file_context == NULL && specified_context == NULL)
|
|
+ {
|
|
+ error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
+ if (specified_context == NULL)
|
|
+ {
|
|
+ if (compute_context_from_mask (file_context, &context))
|
|
+ {
|
|
+ error (0, 0, _("couldn't compute security context from %s"), file_context);
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ context = context_new (specified_context);
|
|
+ if (!context)
|
|
+ error (1, 0,_("invalid context: %s"),specified_context);
|
|
+ }
|
|
+
|
|
+ context_string = context_str (context);
|
|
+
|
|
+ if (file_context == NULL || strcmp(context_string,file_context)!=0)
|
|
+ {
|
|
+ int fail;
|
|
+
|
|
+ if (change_symlinks)
|
|
+ fail = lsetfilecon (file, context_string);
|
|
+ else
|
|
+ fail = setfilecon (file, context_string);
|
|
+
|
|
+ if (verbosity == V_high || (verbosity == V_changes_only && !fail))
|
|
+ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED));
|
|
+
|
|
+ if (fail)
|
|
+ {
|
|
+ errors = 1;
|
|
+ if (force_silent == 0)
|
|
+ {
|
|
+ error (0, errno, _("failed to change context of %s to %s"), file, context_string);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ else if (verbosity == V_high)
|
|
+ {
|
|
+ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED);
|
|
+ }
|
|
+
|
|
+ context_free(context);
|
|
+ freecon(file_context);
|
|
+
|
|
+ if (recurse) {
|
|
+ if (lstat(file, &file_stats)==0)
|
|
+ if (S_ISDIR (file_stats.st_mode))
|
|
+ errors |= change_dir_context (file, &file_stats);
|
|
+ }
|
|
+ return errors;
|
|
+}
|
|
+
|
|
+/* Recursively change context of the files in directory DIR
|
|
+ using specified context components.
|
|
+ STATP points to the results of lstat on DIR.
|
|
+ Return 0 if successful, 1 if errors occurred. */
|
|
+
|
|
+static int
|
|
+change_dir_context (const char *dir, const struct stat *statp)
|
|
+{
|
|
+ char *name_space, *namep;
|
|
+ char *path; /* Full path of each entry to process. */
|
|
+ unsigned dirlength; /* Length of `dir' and '\0'. */
|
|
+ unsigned filelength; /* Length of each pathname to process. */
|
|
+ unsigned pathlength; /* Bytes allocated for `path'. */
|
|
+ int errors = 0;
|
|
+
|
|
+ errno = 0;
|
|
+ name_space = savedir (dir);
|
|
+ if (name_space == NULL)
|
|
+ {
|
|
+ if (errno)
|
|
+ {
|
|
+ if (force_silent == 0)
|
|
+ error (0, errno, "%s", dir);
|
|
+ return 1;
|
|
+ }
|
|
+ else
|
|
+ error (1, 0, _("virtual memory exhausted"));
|
|
+ }
|
|
+
|
|
+ dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */
|
|
+ pathlength = dirlength + 1;
|
|
+ /* Give `path' a dummy value; it will be reallocated before first use. */
|
|
+ path = xmalloc (pathlength);
|
|
+ strcpy (path, dir);
|
|
+ path[dirlength - 1] = '/';
|
|
+
|
|
+ for (namep = name_space; *namep; namep += filelength - dirlength)
|
|
+ {
|
|
+ filelength = dirlength + strlen (namep) + 1;
|
|
+ if (filelength > pathlength)
|
|
+ {
|
|
+ pathlength = filelength * 2;
|
|
+ path = xrealloc (path, pathlength);
|
|
+ }
|
|
+ strcpy (path + dirlength, namep);
|
|
+ errors |= change_file_context (path);
|
|
+ }
|
|
+ free (path);
|
|
+ free (name_space);
|
|
+ return errors;
|
|
+}
|
|
+
|
|
+static void
|
|
+usage (int status)
|
|
+{
|
|
+ if (status != 0)
|
|
+ fprintf (stderr, _("Try `%s --help' for more information.\n"),
|
|
+ program_name);
|
|
+ else
|
|
+ {
|
|
+ printf (_("\
|
|
+Usage: %s [OPTION]... CONTEXT FILE...\n\
|
|
+ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\
|
|
+ or: %s [OPTION]... --reference=RFILE FILE...\n\
|
|
+"),
|
|
+ program_name, program_name, program_name);
|
|
+ printf (_("\
|
|
+Change the security context of each FILE to CONTEXT.\n\
|
|
+\n\
|
|
+ -c, --changes like verbose but report only when a change is made\n\
|
|
+ -h, --no-dereference affect symbolic links instead of any referenced file\n\
|
|
+ (available only on systems with lchown system call)\n\
|
|
+ -f, --silent, --quiet suppress most error messages\n\
|
|
+ --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\
|
|
+ -u, --user=USER set user USER in the target security context\n\
|
|
+ -r, --role=ROLE set role ROLE in the target security context\n\
|
|
+ -t, --type=TYPE set type TYPE in the target security context\n\
|
|
+ -l, --range=RANGE set range RANGE in the target security context\n\
|
|
+ -R, --recursive change files and directories recursively\n\
|
|
+ -v, --verbose output a diagnostic for every file processed\n\
|
|
+ --help display this help and exit\n\
|
|
+ --version output version information and exit\n\
|
|
+"));
|
|
+ close_stdout ();
|
|
+ }
|
|
+ exit (status);
|
|
+}
|
|
+
|
|
+int
|
|
+main (int argc, char **argv)
|
|
+{
|
|
+ security_context_t ref_context = NULL;
|
|
+ int errors = 0;
|
|
+ int optc;
|
|
+ int component_specified = 0;
|
|
+
|
|
+ program_name = argv[0];
|
|
+ setlocale (LC_ALL, "");
|
|
+ bindtextdomain (PACKAGE, LOCALEDIR);
|
|
+ textdomain (PACKAGE);
|
|
+
|
|
+ recurse = force_silent = 0;
|
|
+
|
|
+ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1)
|
|
+ {
|
|
+ switch (optc)
|
|
+ {
|
|
+ case 0:
|
|
+ break;
|
|
+ case 'u':
|
|
+ specified_user = optarg;
|
|
+ component_specified = 1;
|
|
+ break;
|
|
+ case 'r':
|
|
+ specified_role = optarg;
|
|
+ component_specified = 1;
|
|
+ break;
|
|
+ case 't':
|
|
+ specified_type = optarg;
|
|
+ component_specified = 1;
|
|
+ break;
|
|
+ case 'l':
|
|
+ specified_range = optarg;
|
|
+ component_specified = 1;
|
|
+ break;
|
|
+ case CHAR_MAX + 1:
|
|
+ reference_file = optarg;
|
|
+ break;
|
|
+ case 'R':
|
|
+ recurse = 1;
|
|
+ break;
|
|
+ case 'c':
|
|
+ verbosity = V_changes_only;
|
|
+ break;
|
|
+ case 'f':
|
|
+ force_silent = 1;
|
|
+ break;
|
|
+ case 'h':
|
|
+ change_symlinks = 1;
|
|
+ break;
|
|
+ case 'v':
|
|
+ verbosity = V_high;
|
|
+ break;
|
|
+ default:
|
|
+ usage (1);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (show_version)
|
|
+ {
|
|
+ printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION);
|
|
+ close_stdout ();
|
|
+ exit (0);
|
|
+ }
|
|
+
|
|
+ if (show_help)
|
|
+ usage (0);
|
|
+
|
|
+
|
|
+ if (reference_file && component_specified)
|
|
+ {
|
|
+ error (0, 0, _("conflicting security context specifiers given"));
|
|
+ usage (1);
|
|
+ }
|
|
+
|
|
+ if (!(((reference_file || component_specified)
|
|
+ && (argc - optind > 0))
|
|
+ || (argc - optind > 1)))
|
|
+ {
|
|
+ error (0, 0, _("too few arguments"));
|
|
+ usage (1);
|
|
+ }
|
|
+
|
|
+ if (reference_file)
|
|
+ {
|
|
+ if (getfilecon (reference_file, &ref_context)<0)
|
|
+ error (1, errno, "%s", reference_file);
|
|
+
|
|
+ specified_context = ref_context;
|
|
+ }
|
|
+ else if (!component_specified) {
|
|
+ specified_context = argv[optind++];
|
|
+ }
|
|
+ for (; optind < argc; ++optind)
|
|
+ errors |= change_file_context (argv[optind]);
|
|
+
|
|
+ if (verbosity != V_off)
|
|
+ close_stdout ();
|
|
+ if (ref_context != NULL)
|
|
+ freecon(ref_context);
|
|
+ exit (errors);
|
|
+}
|
|
--- coreutils-5.96/src/mv.c.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/mv.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -34,6 +34,11 @@
|
|
#include "quote.h"
|
|
#include "remove.h"
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
+int selinux_enabled=0;
|
|
+#endif
|
|
+
|
|
/* The official name of this program (e.g., no `g' prefix). */
|
|
#define PROGRAM_NAME "mv"
|
|
|
|
@@ -127,6 +132,9 @@
|
|
x->preserve_links = true;
|
|
x->preserve_mode = true;
|
|
x->preserve_timestamps = true;
|
|
+#ifdef WITH_SELINUX
|
|
+ x->preserve_security_context = 1;
|
|
+#endif
|
|
x->require_preserve = false; /* FIXME: maybe make this an option */
|
|
x->recursive = true;
|
|
x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
|
|
@@ -365,6 +373,10 @@
|
|
|
|
cp_option_init (&x);
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ selinux_enabled= (is_selinux_enabled()>0);
|
|
+#endif
|
|
+
|
|
/* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless
|
|
we'll actually use backup_suffix_string. */
|
|
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
--- coreutils-5.96/src/mkdir.c.selinux 2005-06-15 00:55:47.000000000 +0100
|
|
+++ coreutils-5.96/src/mkdir.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -34,11 +34,18 @@
|
|
|
|
#define AUTHORS "David MacKenzie"
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
+#endif
|
|
+
|
|
/* The name this program was run with. */
|
|
char *program_name;
|
|
|
|
static struct option const longopts[] =
|
|
{
|
|
+#ifdef WITH_SELINUX
|
|
+ {"context", required_argument, NULL, 'Z'},
|
|
+#endif
|
|
{"mode", required_argument, NULL, 'm'},
|
|
{"parents", no_argument, NULL, 'p'},
|
|
{"verbose", no_argument, NULL, 'v'},
|
|
@@ -60,6 +67,11 @@
|
|
Create the DIRECTORY(ies), if they do not already exist.\n\
|
|
\n\
|
|
"), stdout);
|
|
+#ifdef WITH_SELINUX
|
|
+ printf (_("\
|
|
+ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\
|
|
+"));
|
|
+#endif
|
|
fputs (_("\
|
|
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
"), stdout);
|
|
@@ -95,7 +107,11 @@
|
|
|
|
atexit (close_stdout);
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1)
|
|
+#else
|
|
while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1)
|
|
+#endif
|
|
{
|
|
switch (optc)
|
|
{
|
|
@@ -108,6 +124,20 @@
|
|
case 'v': /* --verbose */
|
|
verbose_fmt_string = _("created directory %s");
|
|
break;
|
|
+#ifdef WITH_SELINUX
|
|
+ case 'Z':
|
|
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
+ if( !(is_selinux_enabled()>0)) {
|
|
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
+ "a selinux-enabled kernel.\n" );
|
|
+ exit( 1 );
|
|
+ }
|
|
+ if (setfscreatecon(optarg)) {
|
|
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ break;
|
|
+#endif
|
|
case_GETOPT_HELP_CHAR;
|
|
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
default:
|
|
--- coreutils-5.96/src/cp.c.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/cp.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -51,6 +51,11 @@
|
|
|
|
#define AUTHORS "Torbjorn Granlund", "David MacKenzie", "Jim Meyering"
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
+int selinux_enabled=0;
|
|
+#endif
|
|
+
|
|
/* Used by do_copy, make_dir_parents_private, and re_protect
|
|
to keep a list of leading directories whose protections
|
|
need to be fixed after copying. */
|
|
@@ -141,6 +146,9 @@
|
|
{"target-directory", required_argument, NULL, 't'},
|
|
{"update", no_argument, NULL, 'u'},
|
|
{"verbose", no_argument, NULL, 'v'},
|
|
+#ifdef WITH_SELINUX
|
|
+ {"context", required_argument, NULL, 'Z'},
|
|
+#endif
|
|
{GETOPT_HELP_OPTION_DECL},
|
|
{GETOPT_VERSION_OPTION_DECL},
|
|
{NULL, 0, NULL, 0}
|
|
@@ -194,6 +202,9 @@
|
|
additional attributes: links, all\n\
|
|
"), stdout);
|
|
fputs (_("\
|
|
+ -c same as --preserve=context\n\
|
|
+"), stdout);
|
|
+ fputs (_("\
|
|
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\
|
|
--parents use full source file name under DIRECTORY\n\
|
|
"), stdout);
|
|
@@ -219,6 +230,7 @@
|
|
destination file is missing\n\
|
|
-v, --verbose explain what is being done\n\
|
|
-x, --one-file-system stay on this file system\n\
|
|
+ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\
|
|
"), stdout);
|
|
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
@@ -741,6 +753,10 @@
|
|
x->preserve_mode = false;
|
|
x->preserve_timestamps = false;
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ x->preserve_security_context = false;
|
|
+#endif
|
|
+
|
|
x->require_preserve = false;
|
|
x->recursive = false;
|
|
x->sparse_mode = SPARSE_AUTO;
|
|
@@ -768,18 +784,19 @@
|
|
PRESERVE_TIMESTAMPS,
|
|
PRESERVE_OWNERSHIP,
|
|
PRESERVE_LINK,
|
|
+ PRESERVE_CONTEXT,
|
|
PRESERVE_ALL
|
|
};
|
|
static enum File_attribute const preserve_vals[] =
|
|
{
|
|
PRESERVE_MODE, PRESERVE_TIMESTAMPS,
|
|
- PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL
|
|
+ PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL
|
|
};
|
|
/* Valid arguments to the `--preserve' option. */
|
|
static char const* const preserve_args[] =
|
|
{
|
|
"mode", "timestamps",
|
|
- "ownership", "links", "all", NULL
|
|
+ "ownership", "links", "context", "all", NULL
|
|
};
|
|
ARGMATCH_VERIFY (preserve_args, preserve_vals);
|
|
|
|
@@ -815,11 +832,16 @@
|
|
x->preserve_links = on_off;
|
|
break;
|
|
|
|
+ case PRESERVE_CONTEXT:
|
|
+ x->preserve_security_context = on_off;
|
|
+ break;
|
|
+
|
|
case PRESERVE_ALL:
|
|
x->preserve_mode = on_off;
|
|
x->preserve_timestamps = on_off;
|
|
x->preserve_ownership = on_off;
|
|
x->preserve_links = on_off;
|
|
+ x->preserve_security_context = on_off;
|
|
break;
|
|
|
|
default:
|
|
@@ -844,6 +866,10 @@
|
|
bool copy_contents = false;
|
|
char *target_directory = NULL;
|
|
bool no_target_directory = false;
|
|
+#ifdef WITH_SELINUX
|
|
+ security_context_t scontext = NULL;
|
|
+ selinux_enabled= (is_selinux_enabled()>0);
|
|
+#endif
|
|
|
|
initialize_main (&argc, &argv);
|
|
program_name = argv[0];
|
|
@@ -859,7 +885,11 @@
|
|
we'll actually use backup_suffix_string. */
|
|
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ while ((c = getopt_long (argc, argv, "abcdfHilLprst:uvxPRS:TZ:",
|
|
+#else
|
|
while ((c = getopt_long (argc, argv, "abdfHilLprst:uvxPRS:T",
|
|
+#endif
|
|
long_opts, NULL))
|
|
!= -1)
|
|
{
|
|
@@ -950,6 +980,36 @@
|
|
case 'R':
|
|
x.recursive = true;
|
|
break;
|
|
+#ifdef WITH_SELINUX
|
|
+ case 'c':
|
|
+ if ( scontext != NULL ) {
|
|
+ (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ else if (selinux_enabled)
|
|
+ x.preserve_security_context = 1;
|
|
+ break;
|
|
+
|
|
+ case 'Z':
|
|
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
+ if( !selinux_enabled ) {
|
|
+ fprintf( stderr, "Warning: ignoring --context (-Z). "
|
|
+ "It requires a SELinux enabled kernel.\n" );
|
|
+ break;
|
|
+ }
|
|
+ if ( x.preserve_security_context ) {
|
|
+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ scontext = optarg;
|
|
+ /* if there's a security_context given set new path
|
|
+ components to that context, too */
|
|
+ if ( setfscreatecon(scontext) < 0 ) {
|
|
+ (void) fprintf(stderr, _("cannot set default security context %s"), scontext);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ break;
|
|
+#endif
|
|
|
|
case REPLY_OPTION: /* Deprecated */
|
|
x.interactive = XARGMATCH ("--reply", optarg,
|
|
--- coreutils-5.96/src/install.c.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/install.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -48,6 +48,43 @@
|
|
# include <sys/wait.h>
|
|
#endif
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
+int selinux_enabled=0;
|
|
+static int use_default_selinux_context = 1;
|
|
+/* Modify file context to match the specified policy,
|
|
+ If an error occurs the file will remain with the default directory
|
|
+ context.*/
|
|
+static void setdefaultfilecon(const char *path) {
|
|
+ struct stat st;
|
|
+ security_context_t scontext=NULL;
|
|
+ if (selinux_enabled != 1) {
|
|
+ /* Indicate no context found. */
|
|
+ return;
|
|
+ }
|
|
+ if (lstat(path, &st) != 0)
|
|
+ return;
|
|
+
|
|
+ /* If there's an error determining the context, or it has none,
|
|
+ return to allow default context */
|
|
+ if ((matchpathcon(path, st.st_mode, &scontext) != 0) ||
|
|
+ (strcmp(scontext, "<<none>>") == 0)) {
|
|
+ if (scontext != NULL) {
|
|
+ freecon(scontext);
|
|
+ }
|
|
+ return;
|
|
+ }
|
|
+ if (lsetfilecon(path, scontext) < 0) {
|
|
+ if (errno != ENOTSUP) {
|
|
+ error (0, errno,
|
|
+ _("warning: failed to change context of %s to %s"), path, scontext);
|
|
+ }
|
|
+ }
|
|
+ freecon(scontext);
|
|
+ return;
|
|
+}
|
|
+#endif
|
|
+
|
|
#if ! HAVE_ENDGRENT
|
|
# define endgrent() ((void) 0)
|
|
#endif
|
|
@@ -109,12 +146,18 @@
|
|
static struct option const long_options[] =
|
|
{
|
|
{"backup", optional_argument, NULL, 'b'},
|
|
+#ifdef WITH_SELINUX
|
|
+ {"context", required_argument, NULL, 'Z'},
|
|
+#endif
|
|
{"directory", no_argument, NULL, 'd'},
|
|
{"group", required_argument, NULL, 'g'},
|
|
{"mode", required_argument, NULL, 'm'},
|
|
{"no-target-directory", no_argument, NULL, 'T'},
|
|
{"owner", required_argument, NULL, 'o'},
|
|
{"preserve-timestamps", no_argument, NULL, 'p'},
|
|
+#ifdef WITH_SELINUX
|
|
+ {"preserve_context", no_argument, NULL, 'P'},
|
|
+#endif
|
|
{"strip", no_argument, NULL, 's'},
|
|
{"suffix", required_argument, NULL, 'S'},
|
|
{"target-directory", required_argument, NULL, 't'},
|
|
@@ -154,6 +197,9 @@
|
|
x->stdin_tty = false;
|
|
|
|
x->update = false;
|
|
+#ifdef WITH_SELINUX
|
|
+ x->preserve_security_context = 0;
|
|
+#endif
|
|
x->verbose = false;
|
|
x->dest_info = NULL;
|
|
x->src_info = NULL;
|
|
@@ -195,6 +241,11 @@
|
|
bool no_target_directory = false;
|
|
int n_files;
|
|
char **file;
|
|
+#ifdef WITH_SELINUX
|
|
+ security_context_t scontext = NULL;
|
|
+ /* set iff kernel has extra selinux system calls */
|
|
+ selinux_enabled = (is_selinux_enabled()>0);
|
|
+#endif
|
|
|
|
initialize_main (&argc, &argv);
|
|
program_name = argv[0];
|
|
@@ -216,7 +267,11 @@
|
|
we'll actually use backup_suffix_string. */
|
|
backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pPt:TvS:Z:", long_options,
|
|
+#else
|
|
while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pt:TvS:", long_options,
|
|
+#endif
|
|
NULL)) != -1)
|
|
{
|
|
switch (optc)
|
|
@@ -278,6 +333,41 @@
|
|
case 'T':
|
|
no_target_directory = true;
|
|
break;
|
|
+#ifdef WITH_SELINUX
|
|
+ case 'P':
|
|
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
+ if( !selinux_enabled ) {
|
|
+ fprintf( stderr, "Warning: ignoring --preserve_context (-P) "
|
|
+ "because the kernel is not selinux-enabled.\n" );
|
|
+ break;
|
|
+ }
|
|
+ if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */
|
|
+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], scontext);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ x.preserve_security_context = 1;
|
|
+ use_default_selinux_context = 0;
|
|
+ break ;
|
|
+ case 'Z':
|
|
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
+ if( !selinux_enabled) {
|
|
+ fprintf( stderr, "Warning: ignoring --context (-Z) "
|
|
+ "because the kernel is not selinux-enabled.\n" );
|
|
+ break;
|
|
+ }
|
|
+ if ( x.preserve_security_context ) {
|
|
+
|
|
+ (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ scontext = optarg;
|
|
+ use_default_selinux_context = 0;
|
|
+ if (setfscreatecon(scontext)) {
|
|
+ (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], scontext);
|
|
+ exit(1);
|
|
+ }
|
|
+ break;
|
|
+#endif
|
|
case_GETOPT_HELP_CHAR;
|
|
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
default:
|
|
@@ -519,6 +609,10 @@
|
|
ok = false;
|
|
}
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ if (use_default_selinux_context)
|
|
+ setdefaultfilecon(name);
|
|
+#endif
|
|
return ok;
|
|
}
|
|
|
|
@@ -663,6 +757,11 @@
|
|
-T, --no-target-directory treat DEST as a normal file\n\
|
|
-v, --verbose print the name of each directory as it is created\n\
|
|
"), stdout);
|
|
+ fputs (_("\
|
|
+ -P, --preserve_context (SELinux) Preserve security context\n\
|
|
+ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\
|
|
+"), stdout);
|
|
+
|
|
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
fputs (_("\
|
|
--- coreutils-5.96/src/copy.h.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/copy.h 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -127,6 +127,9 @@
|
|
bool preserve_ownership;
|
|
bool preserve_mode;
|
|
bool preserve_timestamps;
|
|
+#ifdef WITH_SELINUX
|
|
+ bool preserve_security_context;
|
|
+#endif
|
|
|
|
/* Enabled for mv, and for cp by the --preserve=links option.
|
|
If true, attempt to preserve in the destination files any
|
|
--- coreutils-5.96/src/Makefile.am.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/Makefile.am 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -20,14 +20,14 @@
|
|
EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who
|
|
|
|
bin_SCRIPTS = groups
|
|
-bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
|
|
+bin_PROGRAMS = [ chgrp chown chmod chcon cp dd dircolors du \
|
|
ginstall link ln dir vdir ls mkdir \
|
|
mkfifo mknod mv nohup readlink rm rmdir shred stat sync touch unlink \
|
|
cat cksum comm csplit cut expand fmt fold head join md5sum \
|
|
nl od paste pr ptx sha1sum sha224sum sha256sum sha384sum sha512sum \
|
|
sort split sum tac tail tr tsort unexpand uniq wc \
|
|
basename date dirname echo env expr factor false \
|
|
- hostname id kill logname pathchk printenv printf pwd seq sleep tee \
|
|
+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \
|
|
test true tty whoami yes \
|
|
base64 \
|
|
$(OPTIONAL_BIN_PROGS) $(DF_PROG)
|
|
@@ -52,9 +52,9 @@
|
|
LDADD = ../lib/libcoreutils.a $(LIBINTL) ../lib/libcoreutils.a
|
|
|
|
# for eaccess in lib/euidaccess.c.
|
|
-cp_LDADD = $(LDADD) $(LIB_EACCESS) @LIBACL@
|
|
-ginstall_LDADD = $(LDADD) $(LIB_EACCESS) @LIBACL@
|
|
-mv_LDADD = $(LDADD) $(LIB_EACCESS) @LIBACL@
|
|
+cp_LDADD = $(LDADD) $(LIB_EACCESS) @LIBACL@ @LIB_SELINUX@
|
|
+ginstall_LDADD = $(LDADD) $(LIB_EACCESS) @LIBACL@ @LIB_SELINUX@
|
|
+mv_LDADD = $(LDADD) $(LIB_EACCESS) @LIBACL@ @LIB_SELINUX@
|
|
pathchk_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
rm_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
test_LDADD = $(LDADD) $(LIB_EACCESS)
|
|
@@ -63,11 +63,18 @@
|
|
|
|
# for clock_gettime and fdatasync
|
|
dd_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
|
|
-dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@
|
|
-ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@
|
|
+dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@ @LIB_SELINUX@
|
|
+ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@ @LIB_SELINUX@
|
|
pr_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME)
|
|
shred_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC)
|
|
-vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@
|
|
+vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIBACL@ @LIB_SELINUX@
|
|
+chcon_LDADD = $(LDADD) @LIB_SELINUX@
|
|
+id_LDADD = $(LDADD) @LIB_SELINUX@
|
|
+mkdir_LDADD = $(LDADD) @LIB_SELINUX@
|
|
+mkfifo_LDADD = $(LDADD) @LIB_SELINUX@
|
|
+mknod_LDADD = $(LDADD) @LIB_SELINUX@
|
|
+stat_LDADD = $(LDADD) @LIB_SELINUX@
|
|
+runcon_LDADD = $(LDADD) @LIB_SELINUX@
|
|
|
|
## If necessary, add -lm to resolve use of pow in lib/strtod.c.
|
|
sort_LDADD = $(LDADD) $(POW_LIB)
|
|
--- /dev/null 2006-06-22 09:01:01.637265000 +0100
|
|
+++ coreutils-5.96/src/runcon.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -0,0 +1,253 @@
|
|
+/*
|
|
+ * runcon [ context |
|
|
+ * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] )
|
|
+ * command [arg1 [arg2 ...] ]
|
|
+ *
|
|
+ * attempt to run the specified command with the specified context.
|
|
+ *
|
|
+ * -r role : use the current context with the specified role
|
|
+ * -t type : use the current context with the specified type
|
|
+ * -u user : use the current context with the specified user
|
|
+ * -l level : use the current context with the specified level range
|
|
+ * -c : compute process transition context before modifying
|
|
+ *
|
|
+ * Contexts are interpreted as follows:
|
|
+ *
|
|
+ * Number of MLS
|
|
+ * components system?
|
|
+ *
|
|
+ * 1 - type
|
|
+ * 2 - role:type
|
|
+ * 3 Y role:type:range
|
|
+ * 3 N user:role:type
|
|
+ * 4 Y user:role:type:range
|
|
+ * 4 N error
|
|
+ */
|
|
+
|
|
+#include <config.h>
|
|
+#include <unistd.h>
|
|
+#include <stdio.h>
|
|
+#include <getopt.h>
|
|
+#include <selinux/context.h>
|
|
+#include <selinux/selinux.h>
|
|
+#include <selinux/flask.h>
|
|
+#include <errno.h>
|
|
+#include "system.h"
|
|
+extern int errno;
|
|
+
|
|
+/* The name the program was run with. */
|
|
+char *program_name;
|
|
+
|
|
+/* If nonzero, display usage information and exit. */
|
|
+static int show_help;
|
|
+
|
|
+/* If nonzero, print the version on standard output and exit. */
|
|
+static int show_version;
|
|
+
|
|
+void
|
|
+usage(int status)
|
|
+{
|
|
+ printf(_("Usage: %s CONTEXT COMMAND [args]\n"
|
|
+ " or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n"
|
|
+ "Run a program in a different security context.\n\n"
|
|
+ " CONTEXT Complete security context\n"
|
|
+ " -c, --compute compute process transition context before modifying\n"
|
|
+ " -t, --type=TYPE type (for same role as parent)\n"
|
|
+ " -u, --user=USER user identity\n"
|
|
+ " -r, --role=ROLE role\n"
|
|
+ " -l, --range=RANGE levelrange\n"
|
|
+ " --help display this help and exit\n"
|
|
+ " --version output version information and exit\n"),
|
|
+ program_name, program_name);
|
|
+ exit(status);
|
|
+}
|
|
+
|
|
+int
|
|
+main(int argc,char **argv,char **envp )
|
|
+{
|
|
+ char *role = 0;
|
|
+ char *range = 0;
|
|
+ char *user = 0;
|
|
+ char *type = 0;
|
|
+ char *context = NULL;
|
|
+ security_context_t cur_context = NULL;
|
|
+ security_context_t file_context = NULL;
|
|
+ security_context_t new_context = NULL;
|
|
+ int compute_trans = 0;
|
|
+
|
|
+ context_t con;
|
|
+
|
|
+ program_name = argv[0];
|
|
+ setlocale (LC_ALL, "");
|
|
+ bindtextdomain (PACKAGE, LOCALEDIR);
|
|
+ textdomain (PACKAGE);
|
|
+
|
|
+ while (1) {
|
|
+ int c;
|
|
+ int this_option_optind = optind ? optind : 1;
|
|
+ int option_index = 0;
|
|
+ static struct option long_options[] = {
|
|
+ { "role", 1, 0, 'r' },
|
|
+ { "type", 1, 0, 't' },
|
|
+ { "user", 1, 0, 'u' },
|
|
+ { "range", 1, 0, 'l' },
|
|
+ { "compute", 0, 0, 'c' },
|
|
+ { "help", 0, &show_help, 1 },
|
|
+ { "version", 0, &show_version, 1 },
|
|
+ { 0, 0, 0, 0 }
|
|
+ };
|
|
+ c = getopt_long(argc, argv, "r:t:u:l:c", long_options, &option_index);
|
|
+ if ( c == -1 ) {
|
|
+ break;
|
|
+ }
|
|
+ switch ( c ) {
|
|
+ case 0:
|
|
+ break;
|
|
+ case 'r':
|
|
+ if ( role ) {
|
|
+ fprintf(stderr,_("multiple roles\n"));
|
|
+ exit(1);
|
|
+ }
|
|
+ role = optarg;
|
|
+ break;
|
|
+ case 't':
|
|
+ if ( type ) {
|
|
+ fprintf(stderr,_("multiple types\n"));
|
|
+ exit(1);
|
|
+ }
|
|
+ type = optarg;
|
|
+ break;
|
|
+ case 'u':
|
|
+ if ( user ) {
|
|
+ fprintf(stderr,_("multiple users\n"));
|
|
+ exit(1);
|
|
+ }
|
|
+ user = optarg;
|
|
+ break;
|
|
+ case 'l':
|
|
+ if ( range ) {
|
|
+ fprintf(stderr,_("multiple levelranges\n"));
|
|
+ exit(1);
|
|
+ }
|
|
+ range = optarg;
|
|
+ break;
|
|
+ case 'c':
|
|
+ compute_trans = 1;
|
|
+ break;
|
|
+ default:
|
|
+ usage(1);
|
|
+ break;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (show_version) {
|
|
+ printf("runcon (%s) %s\n", GNU_PACKAGE, VERSION);
|
|
+ exit(0);
|
|
+ }
|
|
+
|
|
+ if (show_help)
|
|
+ usage(0);
|
|
+
|
|
+ if ( !(user || role || type || range || compute_trans)) {
|
|
+ if ( optind >= argc ) {
|
|
+ fprintf(stderr,_("must specify -c, -t, -u, -l, -r, or context\n"));
|
|
+ usage(1);
|
|
+ }
|
|
+ context = argv[optind++];
|
|
+ }
|
|
+
|
|
+ if ( optind >= argc ) {
|
|
+ fprintf(stderr,_("no command found\n"));
|
|
+ usage(1);
|
|
+ }
|
|
+
|
|
+ if( is_selinux_enabled() != 1 ) {
|
|
+ fprintf( stderr,
|
|
+ _("runcon may be used only on a SELinux kernel.\n") );
|
|
+ exit(-1);
|
|
+ }
|
|
+
|
|
+ if ( context ) {
|
|
+ con = context_new(context);
|
|
+ if (!con) {
|
|
+ fprintf(stderr,_("%s is not a valid context\n"), context);
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+ else {
|
|
+ if (getcon(&cur_context) < 0) {
|
|
+ fprintf(stderr,_("Couldn't get current context.\n"));
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
+ /* We will generate context based on process transition */
|
|
+ if ( compute_trans ) {
|
|
+ /* Get context of file to be executed */
|
|
+ if (getfilecon(argv[optind], &file_context) == -1) {
|
|
+ fprintf(stderr,_("unable to retrieve attributes of %s\n"),
|
|
+ argv[optind]);
|
|
+ exit(1);
|
|
+ }
|
|
+ /* compute result of process transition */
|
|
+ if (security_compute_create(cur_context, file_context,
|
|
+ SECCLASS_PROCESS, &new_context) != 0) {
|
|
+ fprintf(stderr,_("unable to compute a new context\n"));
|
|
+ exit(1);
|
|
+ }
|
|
+ /* free contexts */
|
|
+ freecon(file_context);
|
|
+ freecon(cur_context);
|
|
+
|
|
+ /* set cur_context equal to new_context */
|
|
+ cur_context = new_context;
|
|
+ }
|
|
+
|
|
+ con = context_new(cur_context);
|
|
+ if (!con) {
|
|
+ fprintf(stderr,_("%s is not a valid context\n"), cur_context);
|
|
+ exit(1);
|
|
+ }
|
|
+ if ( user ) {
|
|
+ if ( context_user_set(con,user)) {
|
|
+ fprintf(stderr,_("failed to set new user %s\n"),user);
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+ if ( type ) {
|
|
+ if ( context_type_set(con,type)) {
|
|
+ fprintf(stderr,_("failed to set new type %s\n"),type);
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+ if ( range ) {
|
|
+ if ( context_range_set(con,range)) {
|
|
+ fprintf(stderr,_("failed to set new range %s\n"),range);
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+ if ( role ) {
|
|
+ if (context_role_set(con,role)) {
|
|
+ fprintf(stderr,_("failed to set new role %s\n"),role);
|
|
+ exit(1);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if (security_check_context(context_str(con)) < 0) {
|
|
+ fprintf(stderr, _("%s is not a valid context\n"), context_str(con));
|
|
+ exit(1);
|
|
+ }
|
|
+
|
|
+ if (setexeccon(context_str(con))!=0) {
|
|
+ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con));
|
|
+ exit(1);
|
|
+ }
|
|
+ if (cur_context!=NULL)
|
|
+ freecon(cur_context);
|
|
+
|
|
+ if ( execvp(argv[optind],argv+optind) ) {
|
|
+ perror("execvp");
|
|
+ exit(1);
|
|
+ }
|
|
+ return 1; /* can't reach this statement.... */
|
|
+}
|
|
--- coreutils-5.96/src/ls.c.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/ls.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -135,6 +135,18 @@
|
|
|
|
#define AUTHORS "Richard Stallman", "David MacKenzie"
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h>
|
|
+
|
|
+static int print_scontext = 0;
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+
|
|
+#endif
|
|
+
|
|
#define obstack_chunk_alloc malloc
|
|
#define obstack_chunk_free free
|
|
|
|
@@ -170,7 +182,8 @@
|
|
symbolic_link DT_INIT (DT_LNK),
|
|
sock DT_INIT (DT_SOCK),
|
|
arg_directory DT_INIT (2 * (DT_UNKNOWN | DT_FIFO | DT_CHR | DT_DIR | DT_BLK
|
|
- | DT_REG | DT_LNK | DT_SOCK))
|
|
+ | DT_REG | DT_LNK | DT_SOCK)),
|
|
+ command_line
|
|
};
|
|
|
|
struct fileinfo
|
|
@@ -179,6 +192,7 @@
|
|
char *name;
|
|
|
|
struct stat stat;
|
|
+ int stat_failed;
|
|
|
|
/* For symbolic link, name of the file linked to, otherwise zero. */
|
|
char *linkname;
|
|
@@ -197,6 +211,10 @@
|
|
/* For long listings, true if the file has an access control list. */
|
|
bool have_acl;
|
|
#endif
|
|
+
|
|
+#ifdef WITH_SELINUX
|
|
+ security_context_t scontext;
|
|
+#endif
|
|
};
|
|
|
|
#if HAVE_ACL || USE_ACL
|
|
@@ -232,7 +250,8 @@
|
|
static bool file_ignored (char const *name);
|
|
static uintmax_t gobble_file (char const *name, enum filetype type,
|
|
bool command_line_arg, char const *dirname);
|
|
-static void print_color_indicator (const char *name, mode_t mode, int linkok);
|
|
+static void print_color_indicator (const char *name, mode_t mode, int linkok,
|
|
+ int stat_failed);
|
|
static void put_indicator (const struct bin_str *ind);
|
|
static void add_ignore_pattern (const char *pattern);
|
|
static void attach (char *dest, const char *dirname, const char *name);
|
|
@@ -253,7 +272,7 @@
|
|
static void print_long_format (const struct fileinfo *f);
|
|
static void print_many_per_line (void);
|
|
static void print_name_with_quoting (const char *p, mode_t mode,
|
|
- int linkok,
|
|
+ int linkok, int stat_failed,
|
|
struct obstack *stack);
|
|
static void prep_non_filename_text (void);
|
|
static void print_type_indicator (mode_t mode);
|
|
@@ -263,6 +282,9 @@
|
|
static void sort_files (void);
|
|
static void parse_ls_color (void);
|
|
void usage (int status);
|
|
+#ifdef WITH_SELINUX
|
|
+static void print_scontext_format (const struct fileinfo *f);
|
|
+#endif
|
|
|
|
/* The name this program was run with. */
|
|
char *program_name;
|
|
@@ -371,7 +393,11 @@
|
|
one_per_line, /* -1 */
|
|
many_per_line, /* -C */
|
|
horizontal, /* -x */
|
|
- with_commas /* -m */
|
|
+ with_commas, /* -m */
|
|
+#ifdef WITH_SELINUX
|
|
+ security_format, /* -Z */
|
|
+#endif
|
|
+ invalid_format
|
|
};
|
|
|
|
static enum format format;
|
|
@@ -740,6 +766,11 @@
|
|
SHOW_CONTROL_CHARS_OPTION,
|
|
SI_OPTION,
|
|
SORT_OPTION,
|
|
+#ifdef WITH_SELINUX
|
|
+ CONTEXT_OPTION,
|
|
+ LCONTEXT_OPTION,
|
|
+ SCONTEXT_OPTION,
|
|
+#endif
|
|
TIME_OPTION,
|
|
TIME_STYLE_OPTION
|
|
};
|
|
@@ -784,6 +815,11 @@
|
|
{"time-style", required_argument, NULL, TIME_STYLE_OPTION},
|
|
{"color", optional_argument, NULL, COLOR_OPTION},
|
|
{"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},
|
|
+#ifdef WITH_SELINUX
|
|
+ {"context", no_argument, 0, CONTEXT_OPTION},
|
|
+ {"lcontext", no_argument, 0, LCONTEXT_OPTION},
|
|
+ {"scontext", no_argument, 0, SCONTEXT_OPTION},
|
|
+#endif
|
|
{"author", no_argument, NULL, AUTHOR_OPTION},
|
|
{GETOPT_HELP_OPTION_DECL},
|
|
{GETOPT_VERSION_OPTION_DECL},
|
|
@@ -793,12 +829,19 @@
|
|
static char const *const format_args[] =
|
|
{
|
|
"verbose", "long", "commas", "horizontal", "across",
|
|
- "vertical", "single-column", NULL
|
|
+ "vertical", "single-column",
|
|
+#ifdef WITH_SELINUX
|
|
+ "context",
|
|
+#endif
|
|
+ NULL
|
|
};
|
|
static enum format const format_types[] =
|
|
{
|
|
long_format, long_format, with_commas, horizontal, horizontal,
|
|
many_per_line, one_per_line
|
|
+#ifdef WITH_SELINUX
|
|
+ , security_format
|
|
+#endif
|
|
};
|
|
ARGMATCH_VERIFY (format_args, format_types);
|
|
|
|
@@ -1222,6 +1265,9 @@
|
|
|
|
format_needs_stat = sort_type == sort_time || sort_type == sort_size
|
|
|| format == long_format
|
|
+#ifdef WITH_SELINUX
|
|
+ || format == security_format || print_scontext
|
|
+#endif
|
|
|| dereference == DEREF_ALWAYS
|
|
|| print_block_size || print_inode;
|
|
format_needs_type = (!format_needs_stat
|
|
@@ -1251,7 +1297,7 @@
|
|
}
|
|
else
|
|
do
|
|
- gobble_file (argv[i++], unknown, true, "");
|
|
+ gobble_file (argv[i++], command_line, true, "");
|
|
while (i < argc);
|
|
|
|
if (files_index)
|
|
@@ -1414,6 +1460,9 @@
|
|
ignore_mode = IGNORE_DEFAULT;
|
|
ignore_patterns = NULL;
|
|
hide_patterns = NULL;
|
|
+#ifdef WITH_SELINUX
|
|
+ print_scontext = 0;
|
|
+#endif
|
|
|
|
/* FIXME: put this in a function. */
|
|
{
|
|
@@ -1489,7 +1538,7 @@
|
|
}
|
|
|
|
while ((c = getopt_long (argc, argv,
|
|
- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1",
|
|
+ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z",
|
|
long_options, NULL)) != -1)
|
|
{
|
|
switch (c)
|
|
@@ -1608,6 +1657,13 @@
|
|
format = horizontal;
|
|
break;
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ case 'Z':
|
|
+
|
|
+ print_scontext = 1;
|
|
+ format = security_format;
|
|
+ break;
|
|
+#endif
|
|
case 'A':
|
|
if (ignore_mode == IGNORE_DEFAULT)
|
|
ignore_mode = IGNORE_DOT_AND_DOTDOT;
|
|
@@ -1784,6 +1840,25 @@
|
|
|
|
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+
|
|
+ case CONTEXT_OPTION: /* new security format */
|
|
+
|
|
+ print_scontext = 1;
|
|
+ format = security_format;
|
|
+ break;
|
|
+ case LCONTEXT_OPTION: /* long format plus security context */
|
|
+
|
|
+ print_scontext = 1;
|
|
+ format = long_format;
|
|
+ break;
|
|
+ case SCONTEXT_OPTION: /* short form of new security format */
|
|
+
|
|
+ print_scontext = 0;
|
|
+ format = security_format;
|
|
+ break;
|
|
+#endif
|
|
+
|
|
default:
|
|
usage (LS_FAILURE);
|
|
}
|
|
@@ -2468,6 +2543,12 @@
|
|
{
|
|
free (files[i].name);
|
|
free (files[i].linkname);
|
|
+#ifdef WITH_SELINUX
|
|
+ if (files[i].scontext) {
|
|
+ freecon (files[i].scontext);
|
|
+ files[i].scontext=NULL;
|
|
+ }
|
|
+#endif
|
|
}
|
|
|
|
files_index = 0;
|
|
@@ -2506,11 +2587,14 @@
|
|
f->linkname = NULL;
|
|
f->linkmode = 0;
|
|
f->linkok = false;
|
|
+#ifdef WITH_SELINUX
|
|
+ f->scontext = NULL;
|
|
+#endif
|
|
|
|
if (command_line_arg
|
|
|| format_needs_stat
|
|
|| (format_needs_type
|
|
- && (type == unknown
|
|
+ && (type == unknown || type == command_line
|
|
|
|
/* FIXME: remove this disjunct.
|
|
I don't think we care about symlinks here, but for now
|
|
@@ -2547,6 +2631,11 @@
|
|
{
|
|
case DEREF_ALWAYS:
|
|
err = stat (absolute_name, &f->stat);
|
|
+#ifdef WITH_SELINUX
|
|
+ if (err>=0)
|
|
+ if (format == security_format || print_scontext)
|
|
+ getfilecon(absolute_name, &f->scontext);
|
|
+#endif
|
|
break;
|
|
|
|
case DEREF_COMMAND_LINE_ARGUMENTS:
|
|
@@ -2555,6 +2644,11 @@
|
|
{
|
|
bool need_lstat;
|
|
err = stat (absolute_name, &f->stat);
|
|
+#ifdef WITH_SELINUX
|
|
+ if (err>=0)
|
|
+ if (format == security_format || print_scontext)
|
|
+ getfilecon(absolute_name, &f->scontext);
|
|
+#endif
|
|
|
|
if (dereference == DEREF_COMMAND_LINE_ARGUMENTS)
|
|
break;
|
|
@@ -2573,17 +2667,41 @@
|
|
|
|
default: /* DEREF_NEVER */
|
|
err = lstat (absolute_name, &f->stat);
|
|
+#ifdef WITH_SELINUX
|
|
+ if (err>=0)
|
|
+ if (format == security_format || print_scontext)
|
|
+ lgetfilecon(absolute_name, &f->scontext);
|
|
+#endif
|
|
break;
|
|
}
|
|
|
|
- if (err < 0)
|
|
+ f->stat_failed = (err < 0);
|
|
+ if (f->stat_failed)
|
|
{
|
|
- file_failure (command_line_arg, "%s", absolute_name);
|
|
+ /* We treat stat failures for files the user named special.
|
|
+ There is no guarantee that these files really exist so
|
|
+ we do not print any information. */
|
|
+ if (type == command_line)
|
|
+ {
|
|
+ file_failure (1, "%s", absolute_name);
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ f->filetype = type;
|
|
+ memset (&f->stat, '\0', sizeof (f->stat));
|
|
+
|
|
+ f->name = xstrdup (absolute_name);
|
|
+ files_index++;
|
|
+
|
|
return 0;
|
|
}
|
|
|
|
#if HAVE_ACL || USE_ACL
|
|
- if (format == long_format)
|
|
+ if (format == long_format
|
|
+#ifdef WITH_SELINUX
|
|
+ || format == security_format
|
|
+#endif
|
|
+ )
|
|
{
|
|
int n = file_has_acl (absolute_name, &f->stat);
|
|
f->have_acl = (0 < n);
|
|
@@ -3072,6 +3190,16 @@
|
|
DIRED_PUTCHAR ('\n');
|
|
}
|
|
break;
|
|
+
|
|
+#ifdef WITH_SELINUX
|
|
+ case security_format:
|
|
+ for (i = 0; i < files_index; i++)
|
|
+ {
|
|
+ print_scontext_format (files + i);
|
|
+ DIRED_PUTCHAR ('\n');
|
|
+ }
|
|
+ break;
|
|
+#endif
|
|
}
|
|
}
|
|
|
|
@@ -3179,17 +3307,19 @@
|
|
WIDTH. */
|
|
|
|
static void
|
|
-format_user (uid_t u, int width)
|
|
+format_user (uid_t u, int width, int stat_failed)
|
|
{
|
|
- format_user_or_group (numeric_ids ? NULL : getuser (u), u, width);
|
|
+ format_user_or_group (stat_failed ? "?" :
|
|
+ (numeric_ids ? NULL : getuser (u)), u, width);
|
|
}
|
|
|
|
/* Likewise, for groups. */
|
|
|
|
static void
|
|
-format_group (gid_t g, int width)
|
|
+format_group (gid_t g, int width, int stat_failed)
|
|
{
|
|
- format_user_or_group (numeric_ids ? NULL : getgroup (g), g, width);
|
|
+ format_user_or_group (stat_failed ? "?" :
|
|
+ (numeric_ids ? NULL : getgroup (g)), g, width);
|
|
}
|
|
|
|
/* Return the number of columns that format_user_or_group will print. */
|
|
@@ -3279,7 +3409,7 @@
|
|
{
|
|
char hbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
sprintf (p, "%*s ", inode_number_width,
|
|
- umaxtostr (f->stat.st_ino, hbuf));
|
|
+ f->stat_failed ? "?" : umaxtostr (f->stat.st_ino, hbuf));
|
|
p += inode_number_width + 1;
|
|
}
|
|
|
|
@@ -3287,8 +3417,10 @@
|
|
{
|
|
char hbuf[LONGEST_HUMAN_READABLE + 1];
|
|
char const *blocks =
|
|
- human_readable (ST_NBLOCKS (f->stat), hbuf, human_output_opts,
|
|
- ST_NBLOCKSIZE, output_block_size);
|
|
+ f->stat_failed
|
|
+ ? "?"
|
|
+ : human_readable (ST_NBLOCKS (f->stat), hbuf, human_output_opts,
|
|
+ ST_NBLOCKSIZE, output_block_size);
|
|
int pad;
|
|
for (pad = block_size_width - mbswidth (blocks, 0); 0 < pad; pad--)
|
|
*p++ = ' ';
|
|
@@ -3302,10 +3434,18 @@
|
|
{
|
|
char hbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
sprintf (p, "%s %*s ", modebuf, nlink_width,
|
|
- umaxtostr (f->stat.st_nlink, hbuf));
|
|
+ f->stat_failed ? "?" : umaxtostr (f->stat.st_nlink, hbuf));
|
|
}
|
|
p += sizeof modebuf - 2 + any_has_acl + 1 + nlink_width + 1;
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+
|
|
+ if ( print_scontext ) {
|
|
+ sprintf (p, "%-32s ", f->scontext ?: "");
|
|
+ p += strlen (p);
|
|
+ }
|
|
+#endif
|
|
+
|
|
DIRED_INDENT ();
|
|
|
|
if (print_owner | print_group | print_author)
|
|
@@ -3313,18 +3453,19 @@
|
|
DIRED_FPUTS (buf, stdout, p - buf);
|
|
|
|
if (print_owner)
|
|
- format_user (f->stat.st_uid, owner_width);
|
|
+ format_user (f->stat.st_uid, owner_width, f->stat_failed);
|
|
|
|
if (print_group)
|
|
- format_group (f->stat.st_gid, group_width);
|
|
+ format_group (f->stat.st_gid, group_width, f->stat_failed);
|
|
|
|
if (print_author)
|
|
- format_user (f->stat.st_author, author_width);
|
|
+ format_user (f->stat.st_author, author_width, f->stat_failed);
|
|
|
|
p = buf;
|
|
}
|
|
|
|
- if (S_ISCHR (f->stat.st_mode) || S_ISBLK (f->stat.st_mode))
|
|
+ if (!f->stat_failed
|
|
+ && (S_ISCHR (f->stat.st_mode) || S_ISBLK (f->stat.st_mode)))
|
|
{
|
|
char majorbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
char minorbuf[INT_BUFSIZE_BOUND (uintmax_t)];
|
|
@@ -3342,8 +3483,10 @@
|
|
{
|
|
char hbuf[LONGEST_HUMAN_READABLE + 1];
|
|
char const *size =
|
|
- human_readable (unsigned_file_size (f->stat.st_size),
|
|
- hbuf, human_output_opts, 1, file_output_block_size);
|
|
+ f->stat_failed
|
|
+ ? "?"
|
|
+ : human_readable (unsigned_file_size (f->stat.st_size),
|
|
+ hbuf, human_output_opts, 1, file_output_block_size);
|
|
int pad;
|
|
for (pad = file_size_width - mbswidth (size, 0); 0 < pad; pad--)
|
|
*p++ = ' ';
|
|
@@ -3356,7 +3499,7 @@
|
|
s = 0;
|
|
*p = '\1';
|
|
|
|
- if (when_local)
|
|
+ if (!f->stat_failed && when_local)
|
|
{
|
|
time_t six_months_ago;
|
|
bool recent;
|
|
@@ -3403,15 +3546,17 @@
|
|
print it as a huge integer number of seconds. */
|
|
char hbuf[INT_BUFSIZE_BOUND (intmax_t)];
|
|
sprintf (p, "%*s ", long_time_expected_width (),
|
|
- (TYPE_SIGNED (time_t)
|
|
- ? imaxtostr (when, hbuf)
|
|
- : umaxtostr (when, hbuf)));
|
|
+ f->stat_failed
|
|
+ ? "?"
|
|
+ : (TYPE_SIGNED (time_t)
|
|
+ ? imaxtostr (when, hbuf)
|
|
+ : umaxtostr (when, hbuf)));
|
|
p += strlen (p);
|
|
}
|
|
|
|
DIRED_FPUTS (buf, stdout, p - buf);
|
|
print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
|
|
- &dired_obstack);
|
|
+ f->stat_failed, &dired_obstack);
|
|
|
|
if (f->filetype == symbolic_link)
|
|
{
|
|
@@ -3419,7 +3564,7 @@
|
|
{
|
|
DIRED_FPUTS_LITERAL (" -> ", stdout);
|
|
print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1,
|
|
- NULL);
|
|
+ f->stat_failed, NULL);
|
|
if (indicator_style != none)
|
|
print_type_indicator (f->linkmode);
|
|
}
|
|
@@ -3601,10 +3746,10 @@
|
|
|
|
static void
|
|
print_name_with_quoting (const char *p, mode_t mode, int linkok,
|
|
- struct obstack *stack)
|
|
+ int stat_failed, struct obstack *stack)
|
|
{
|
|
if (print_with_color)
|
|
- print_color_indicator (p, mode, linkok);
|
|
+ print_color_indicator (p, mode, linkok, stat_failed);
|
|
|
|
if (stack)
|
|
PUSH_CURRENT_DIRED_POS (stack);
|
|
@@ -3652,7 +3797,8 @@
|
|
human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,
|
|
ST_NBLOCKSIZE, output_block_size));
|
|
|
|
- print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok, NULL);
|
|
+ print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok,
|
|
+ f->stat_failed, NULL);
|
|
|
|
if (indicator_style != none)
|
|
print_type_indicator (f->stat.st_mode);
|
|
@@ -3693,7 +3839,8 @@
|
|
}
|
|
|
|
static void
|
|
-print_color_indicator (const char *name, mode_t mode, int linkok)
|
|
+print_color_indicator (const char *name, mode_t mode, int linkok,
|
|
+ int stat_failed)
|
|
{
|
|
int type = C_FILE;
|
|
struct color_ext_type *ext; /* Color extension */
|
|
@@ -3732,6 +3879,8 @@
|
|
type = C_CHR;
|
|
else if (S_ISDOOR (mode))
|
|
type = C_DOOR;
|
|
+ else if (stat_failed)
|
|
+ type = C_ORPHAN;
|
|
|
|
if (type == C_FILE)
|
|
{
|
|
@@ -4221,6 +4370,16 @@
|
|
-X sort alphabetically by entry extension\n\
|
|
-1 list one file per line\n\
|
|
"), stdout);
|
|
+#ifdef WITH_SELINUX
|
|
+printf(_("\nSELINUX options:\n\n\
|
|
+ --lcontext Display security context. Enable -l. Lines\n\
|
|
+ will probably be too wide for most displays.\n\
|
|
+ -Z, --context Display security context so it fits on most\n\
|
|
+ displays. Displays only mode, user, group,\n\
|
|
+ security context and file name.\n\
|
|
+ --scontext Display only security context and file name.\n\
|
|
+\n\n"));
|
|
+#endif
|
|
fputs (HELP_OPTION_DESCRIPTION, stdout);
|
|
fputs (VERSION_OPTION_DESCRIPTION, stdout);
|
|
fputs (_("\n\
|
|
@@ -4244,3 +4403,70 @@
|
|
}
|
|
exit (status);
|
|
}
|
|
+
|
|
+#ifdef WITH_SELINUX
|
|
+
|
|
+static void
|
|
+print_scontext_format (const struct fileinfo *f)
|
|
+{
|
|
+ char modebuf[12];
|
|
+
|
|
+ /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,
|
|
+ 1 10-byte mode string,
|
|
+ 9 spaces, one following each of these fields, and
|
|
+ 1 trailing NUL byte. */
|
|
+
|
|
+ char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1];
|
|
+ char *buf = init_bigbuf;
|
|
+ size_t bufsize = sizeof (init_bigbuf);
|
|
+ size_t s;
|
|
+ char *p;
|
|
+ const char *fmt;
|
|
+ char *user_name;
|
|
+ char *group_name;
|
|
+ int rv;
|
|
+ char *scontext;
|
|
+
|
|
+ p = buf;
|
|
+
|
|
+ if ( print_scontext ) { /* zero means terse listing */
|
|
+ mode_string (f->stat.st_mode, modebuf);
|
|
+ modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' ');
|
|
+ modebuf[11] = '\0';
|
|
+
|
|
+ /* print mode */
|
|
+
|
|
+ (void) sprintf (p, "%s ", modebuf);
|
|
+ p += strlen (p);
|
|
+
|
|
+ /* print standard user and group */
|
|
+
|
|
+ DIRED_FPUTS (buf, stdout, p - buf);
|
|
+ format_user (f->stat.st_uid, owner_width, f->stat_failed);
|
|
+ format_group (f->stat.st_gid, group_width, f->stat_failed);
|
|
+ p = buf;
|
|
+ }
|
|
+
|
|
+ (void) sprintf (p, "%-32s ", f->scontext ?: "");
|
|
+ p += strlen (p);
|
|
+
|
|
+ DIRED_INDENT ();
|
|
+ DIRED_FPUTS (buf, stdout, p - buf);
|
|
+ print_name_with_quoting (f->name, f->stat.st_mode, f->linkok,
|
|
+ f->stat_failed, &dired_obstack);
|
|
+
|
|
+ if (f->filetype == symbolic_link) {
|
|
+ if (f->linkname) {
|
|
+ DIRED_FPUTS_LITERAL (" -> ", stdout);
|
|
+ print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1,
|
|
+ f->stat_failed, NULL);
|
|
+ if (indicator_style != none)
|
|
+ print_type_indicator (f->linkmode);
|
|
+ }
|
|
+ }
|
|
+ else {
|
|
+ if (indicator_style != none)
|
|
+ print_type_indicator (f->stat.st_mode);
|
|
+ }
|
|
+}
|
|
+#endif
|
|
--- coreutils-5.96/src/stat.c.selinux 2005-12-15 21:25:53.000000000 +0000
|
|
+++ coreutils-5.96/src/stat.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -42,6 +42,13 @@
|
|
# endif
|
|
#endif
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h>
|
|
+#define SECURITY_ID_T security_context_t
|
|
+#else
|
|
+#define SECURITY_ID_T char *
|
|
+#endif
|
|
+
|
|
#include "system.h"
|
|
|
|
#include "error.h"
|
|
@@ -112,6 +119,7 @@
|
|
};
|
|
|
|
static struct option const long_options[] = {
|
|
+ {"context", no_argument, 0, 'Z'},
|
|
{"dereference", no_argument, NULL, 'L'},
|
|
{"file-system", no_argument, NULL, 'f'},
|
|
{"filesystem", no_argument, NULL, 'f'}, /* obsolete and undocumented alias */
|
|
@@ -331,7 +339,7 @@
|
|
/* print statfs info */
|
|
static void
|
|
print_statfs (char *pformat, size_t buf_len, char m, char const *filename,
|
|
- void const *data)
|
|
+ void const *data, SECURITY_ID_T scontext)
|
|
{
|
|
STRUCT_STATVFS const *statfsbuf = data;
|
|
|
|
@@ -403,7 +411,10 @@
|
|
xstrcat (pformat, buf_len, PRIdMAX);
|
|
printf (pformat, (intmax_t) (statfsbuf->f_ffree));
|
|
break;
|
|
-
|
|
+ case 'C':
|
|
+ strcat (pformat, "s");
|
|
+ printf(scontext);
|
|
+ break;
|
|
default:
|
|
xstrcat (pformat, buf_len, "c");
|
|
printf (pformat, m);
|
|
@@ -414,7 +425,7 @@
|
|
/* print stat info */
|
|
static void
|
|
print_stat (char *pformat, size_t buf_len, char m,
|
|
- char const *filename, void const *data)
|
|
+ char const *filename, void const *data, SECURITY_ID_T scontext)
|
|
{
|
|
struct stat *statbuf = (struct stat *) data;
|
|
struct passwd *pw_ent;
|
|
@@ -548,6 +559,10 @@
|
|
xstrcat (pformat, buf_len, TYPE_SIGNED (time_t) ? "ld" : "lu");
|
|
printf (pformat, (unsigned long int) statbuf->st_ctime);
|
|
break;
|
|
+ case 'C':
|
|
+ strcat (pformat, "s");
|
|
+ printf(pformat,scontext);
|
|
+ break;
|
|
default:
|
|
xstrcat (pformat, buf_len, "c");
|
|
printf (pformat, m);
|
|
@@ -595,8 +610,9 @@
|
|
|
|
static void
|
|
print_it (char const *format, char const *filename,
|
|
- void (*print_func) (char *, size_t, char, char const *, void const *),
|
|
- void const *data)
|
|
+ void (*print_func) (char *, size_t, char, char const *, void const *,
|
|
+ SECURITY_ID_T ),
|
|
+ void const *data, SECURITY_ID_T scontext)
|
|
{
|
|
/* Add 2 to accommodate our conversion of the stat `%s' format string
|
|
to the longer printf `%llu' one. */
|
|
@@ -627,7 +643,7 @@
|
|
putchar ('%');
|
|
break;
|
|
default:
|
|
- print_func (dest, n_alloc, *fmt_char, filename, data);
|
|
+ print_func (dest, n_alloc, *fmt_char, filename, data, scontext);
|
|
break;
|
|
}
|
|
break;
|
|
@@ -690,9 +706,17 @@
|
|
|
|
/* Stat the file system and print what we find. */
|
|
static bool
|
|
-do_statfs (char const *filename, bool terse, char const *format)
|
|
+do_statfs (char const *filename, bool terse, bool secure, char const *format)
|
|
{
|
|
STRUCT_STATVFS statfsbuf;
|
|
+ SECURITY_ID_T scontext = NULL;
|
|
+#ifdef WITH_SELINUX
|
|
+ if(secure)
|
|
+ if (getfilecon(filename,&scontext)<0) {
|
|
+ perror (filename);
|
|
+ return false;
|
|
+ }
|
|
+#endif
|
|
|
|
if (STATFS (filename, &statfsbuf) != 0)
|
|
{
|
|
@@ -703,25 +727,46 @@
|
|
|
|
if (format == NULL)
|
|
{
|
|
- format = (terse
|
|
- ? "%n %i %l %t %s %S %b %f %a %c %d\n"
|
|
- : " File: \"%n\"\n"
|
|
- " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
- "Block size: %-10s Fundamental block size: %S\n"
|
|
- "Blocks: Total: %-10b Free: %-10f Available: %a\n"
|
|
- "Inodes: Total: %-10c Free: %d\n");
|
|
+ if (terse)
|
|
+ {
|
|
+ if (secure)
|
|
+ format = "%n %i %l %t %s %S %b %f %a %c %d %C\n";
|
|
+ else
|
|
+ format = "%n %i %l %t %s %S %b %f %a %c %d\n";
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ if (secure)
|
|
+ format = " File: \"%n\"\n"
|
|
+ " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
+ "Block size: %-10s Fundamental block size: %S\n"
|
|
+ "Blocks: Total: %-10b Free: %-10f Available: %a\n"
|
|
+ "Inodes: Total: %-10c Free: %d\n"
|
|
+ " S_Context: %C\n";
|
|
+ else
|
|
+ format = " File: \"%n\"\n"
|
|
+ " ID: %-8i Namelen: %-7l Type: %T\n"
|
|
+ "Block size: %-10s Fundamental block size: %S\n"
|
|
+ "Blocks: Total: %-10b Free: %-10f Available: %a\n"
|
|
+ "Inodes: Total: %-10c Free: %d\n";
|
|
+ }
|
|
}
|
|
|
|
- print_it (format, filename, print_statfs, &statfsbuf);
|
|
+ print_it (format, filename, print_statfs, &statfsbuf, scontext);
|
|
+#ifdef WITH_SELINUX
|
|
+ if (scontext != NULL)
|
|
+ freecon(scontext);
|
|
+#endif
|
|
return true;
|
|
}
|
|
|
|
/* stat the file and print what we find */
|
|
static bool
|
|
-do_stat (char const *filename, bool follow_links, bool terse,
|
|
+do_stat (char const *filename, bool follow_links, bool terse, bool secure,
|
|
char const *format)
|
|
{
|
|
struct stat statbuf;
|
|
+ SECURITY_ID_T scontext = NULL;
|
|
|
|
if ((follow_links ? stat : lstat) (filename, &statbuf) != 0)
|
|
{
|
|
@@ -729,11 +774,29 @@
|
|
return false;
|
|
}
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ if(secure) {
|
|
+ int i;
|
|
+ if (!follow_links)
|
|
+ i=lgetfilecon(filename, &scontext);
|
|
+ else
|
|
+ i=getfilecon(filename, &scontext);
|
|
+ if (i == -1)
|
|
+ {
|
|
+ perror (filename);
|
|
+ return false;
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (format == NULL)
|
|
{
|
|
if (terse)
|
|
{
|
|
- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
|
|
+ if (secure)
|
|
+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n";
|
|
+ else
|
|
+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";
|
|
}
|
|
else
|
|
{
|
|
@@ -751,16 +814,30 @@
|
|
}
|
|
else
|
|
{
|
|
- format =
|
|
- " File: %N\n"
|
|
- " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
- "Device: %Dh/%dd\tInode: %-10i Links: %h\n"
|
|
- "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
- "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
+ if (secure)
|
|
+ format =
|
|
+ " File: %N\n"
|
|
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
+ "Device: %Dh/%dd\tInode: %-10i Links: %-5h"
|
|
+ " Device type: %t,%T\n"
|
|
+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
+ " S_Context: %C\n"
|
|
+ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
+ else
|
|
+ format =
|
|
+ " File: %N\n"
|
|
+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"
|
|
+ "Device: %Dh/%dd\tInode: %-10i Links: %h\n"
|
|
+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n"
|
|
+ "Access: %x\n" "Modify: %y\n" "Change: %z\n";
|
|
}
|
|
}
|
|
}
|
|
- print_it (format, filename, print_stat, &statbuf);
|
|
+ print_it (format, filename, print_stat, &statbuf, scontext);
|
|
+#ifdef WITH_SELINUX
|
|
+ if (scontext)
|
|
+ freecon(scontext);
|
|
+#endif
|
|
return true;
|
|
}
|
|
|
|
@@ -777,6 +854,7 @@
|
|
Display file or file system status.\n\
|
|
\n\
|
|
-L, --dereference follow links\n\
|
|
+ -Z, --context print the security context \n\
|
|
-f, --file-system display file system status instead of file status\n\
|
|
"), stdout);
|
|
fputs (_("\
|
|
@@ -836,6 +914,7 @@
|
|
%c Total file nodes in file system\n\
|
|
%d Free file nodes in file system\n\
|
|
%f Free blocks in file system\n\
|
|
+ %C - Security context in SELinux\n\
|
|
"), stdout);
|
|
fputs (_("\
|
|
%i File System ID in hex\n\
|
|
@@ -860,6 +939,7 @@
|
|
bool follow_links = false;
|
|
bool fs = false;
|
|
bool terse = false;
|
|
+ bool secure = false;
|
|
char *format = NULL;
|
|
bool ok = true;
|
|
|
|
@@ -871,7 +951,7 @@
|
|
|
|
atexit (close_stdout);
|
|
|
|
- while ((c = getopt_long (argc, argv, "c:fLt", long_options, NULL)) != -1)
|
|
+ while ((c = getopt_long (argc, argv, "c:fLtZ", long_options, NULL)) != -1)
|
|
{
|
|
switch (c)
|
|
{
|
|
@@ -898,6 +978,14 @@
|
|
case 't':
|
|
terse = true;
|
|
break;
|
|
+ case 'Z':
|
|
+ if((is_selinux_enabled()>0))
|
|
+ secure = 1;
|
|
+ else {
|
|
+ error (0, 0, _("Kernel is not SELinux enabled"));
|
|
+ usage (EXIT_FAILURE);
|
|
+ }
|
|
+ break;
|
|
|
|
case_GETOPT_HELP_CHAR;
|
|
|
|
@@ -916,8 +1004,8 @@
|
|
|
|
for (i = optind; i < argc; i++)
|
|
ok &= (fs
|
|
- ? do_statfs (argv[i], terse, format)
|
|
- : do_stat (argv[i], follow_links, terse, format));
|
|
+ ? do_statfs (argv[i], terse, secure, format)
|
|
+ : do_stat (argv[i], follow_links, terse, secure, format));
|
|
|
|
exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
|
|
}
|
|
--- coreutils-5.96/src/mkfifo.c.selinux 2005-05-14 08:58:37.000000000 +0100
|
|
+++ coreutils-5.96/src/mkfifo.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -32,11 +32,18 @@
|
|
|
|
#define AUTHORS "David MacKenzie"
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
+#endif
|
|
+
|
|
/* The name this program was run with. */
|
|
char *program_name;
|
|
|
|
static struct option const longopts[] =
|
|
{
|
|
+#ifdef WITH_SELINUX
|
|
+ {"context", required_argument, NULL, 'Z'},
|
|
+#endif
|
|
{"mode", required_argument, NULL, 'm'},
|
|
{GETOPT_HELP_OPTION_DECL},
|
|
{GETOPT_VERSION_OPTION_DECL},
|
|
@@ -57,6 +64,11 @@
|
|
Create named pipes (FIFOs) with the given NAMEs.\n\
|
|
\n\
|
|
"), stdout);
|
|
+#ifdef WITH_SELINUX
|
|
+ fputs (_("\
|
|
+ -Z, --context=CONTEXT set security context (quoted string)\n\
|
|
+"), stdout);
|
|
+#endif
|
|
fputs (_("\
|
|
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
"), stdout);
|
|
@@ -92,13 +104,30 @@
|
|
#ifndef S_ISFIFO
|
|
error (EXIT_FAILURE, 0, _("fifo files not supported"));
|
|
#else
|
|
+#ifdef WITH_SELINUX
|
|
+ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
|
|
+#else
|
|
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
|
|
+#endif
|
|
{
|
|
switch (optc)
|
|
{
|
|
case 'm':
|
|
specified_mode = optarg;
|
|
break;
|
|
+#ifdef WITH_SELINUX
|
|
+ case 'Z':
|
|
+ if( !(is_selinux_enabled()>0)) {
|
|
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
+ "a selinux-enabled kernel.\n" );
|
|
+ exit( 1 );
|
|
+ }
|
|
+ if (setfscreatecon(optarg)) {
|
|
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ break;
|
|
+#endif
|
|
case_GETOPT_HELP_CHAR;
|
|
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
default:
|
|
--- coreutils-5.96/src/id.c.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/id.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -37,6 +37,20 @@
|
|
|
|
int getugroups ();
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h>
|
|
+static void print_context (char* context);
|
|
+/* Print the SELinux context */
|
|
+static void
|
|
+print_context(char *context)
|
|
+{
|
|
+ printf ("%s", context);
|
|
+}
|
|
+
|
|
+/* If nonzero, output only the SELinux context. -Z */
|
|
+static int just_context = 0;
|
|
+
|
|
+#endif
|
|
static void print_user (uid_t uid);
|
|
static void print_group (gid_t gid);
|
|
static void print_group_list (const char *username);
|
|
@@ -55,8 +69,14 @@
|
|
/* True unless errors have been encountered. */
|
|
static bool ok = true;
|
|
|
|
+/* The SELinux context */
|
|
+/* Set `context' to a known invalid value so print_full_info() will *
|
|
+ * know when `context' has not been set to a meaningful value. */
|
|
+static security_context_t context=NULL;
|
|
+
|
|
static struct option const longopts[] =
|
|
{
|
|
+ {"context", no_argument, NULL, 'Z'},
|
|
{"group", no_argument, NULL, 'g'},
|
|
{"groups", no_argument, NULL, 'G'},
|
|
{"name", no_argument, NULL, 'n'},
|
|
@@ -80,6 +100,7 @@
|
|
Print information for USERNAME, or the current user.\n\
|
|
\n\
|
|
-a ignore, for compatibility with other versions\n\
|
|
+ -Z, --context print only the context\n\
|
|
-g, --group print only the effective group ID\n\
|
|
-G, --groups print all group IDs\n\
|
|
-n, --name print a name instead of a number, for -ugG\n\
|
|
@@ -101,6 +122,7 @@
|
|
main (int argc, char **argv)
|
|
{
|
|
int optc;
|
|
+ int selinux_enabled=(is_selinux_enabled()>0);
|
|
|
|
/* If true, output the list of all group IDs. -G */
|
|
bool just_group_list = false;
|
|
@@ -119,13 +141,24 @@
|
|
|
|
atexit (close_stdout);
|
|
|
|
- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1)
|
|
+ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1)
|
|
{
|
|
switch (optc)
|
|
{
|
|
case 'a':
|
|
/* Ignore -a, for compatibility with SVR4. */
|
|
break;
|
|
+#ifdef WITH_SELINUX
|
|
+ case 'Z':
|
|
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
+ if( !selinux_enabled ) {
|
|
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
+ "a selinux-enabled kernel.\n" );
|
|
+ exit( 1 );
|
|
+ }
|
|
+ just_context = 1;
|
|
+ break;
|
|
+#endif
|
|
case 'g':
|
|
just_group = true;
|
|
break;
|
|
@@ -148,8 +181,28 @@
|
|
}
|
|
}
|
|
|
|
- if (just_user + just_group + just_group_list > 1)
|
|
- error (EXIT_FAILURE, 0, _("cannot print only user and only group"));
|
|
+#ifdef WITH_SELINUX
|
|
+ if (argc - optind == 1)
|
|
+ selinux_enabled = 0;
|
|
+
|
|
+ if( just_context && !selinux_enabled)
|
|
+ error (1, 0, _("\
|
|
+cannot display context when selinux not enabled or when displaying the id\n\
|
|
+of a different user"));
|
|
+
|
|
+ /* If we are on a selinux-enabled kernel, get our context. *
|
|
+ * Otherwise, leave the context variable alone - it has *
|
|
+ * been initialized known invalid value; if we see this invalid *
|
|
+ * value later, we will know we are on a non-selinux kernel. */
|
|
+ if( selinux_enabled )
|
|
+ {
|
|
+ if (getcon(&context) && just_context)
|
|
+ error (1, 0, "can't get process context");
|
|
+ }
|
|
+#endif
|
|
+
|
|
+ if (just_user + just_group + just_group_list + just_context > 1)
|
|
+ error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice"));
|
|
|
|
if (just_user + just_group + just_group_list == 0 && (use_real | use_name))
|
|
error (EXIT_FAILURE, 0,
|
|
@@ -183,6 +236,10 @@
|
|
print_group (use_real ? rgid : egid);
|
|
else if (just_group_list)
|
|
print_group_list (argv[optind]);
|
|
+#ifdef WITH_SELINUX
|
|
+ else if (just_context)
|
|
+ print_context (context);
|
|
+#endif
|
|
else
|
|
print_full_info (argv[optind]);
|
|
putchar ('\n');
|
|
@@ -407,4 +464,9 @@
|
|
free (groups);
|
|
}
|
|
#endif /* HAVE_GETGROUPS */
|
|
+#ifdef WITH_SELINUX
|
|
+ if ( context != NULL ) {
|
|
+ printf(" context=%s",context);
|
|
+ }
|
|
+#endif
|
|
}
|
|
--- coreutils-5.96/src/copy.c.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/src/copy.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -51,6 +51,11 @@
|
|
#include "xreadlink.h"
|
|
#include "yesno.h"
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h> /* for is_selinux_enabled() */
|
|
+extern int selinux_enabled;
|
|
+#endif
|
|
+
|
|
#ifndef HAVE_FCHMOD
|
|
# define HAVE_FCHMOD false
|
|
#endif
|
|
@@ -238,6 +243,29 @@
|
|
{
|
|
dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY, dst_mode);
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ if (selinux_enabled && x->preserve_security_context && dest_desc >= 0)
|
|
+ {
|
|
+ security_context_t con;
|
|
+ if(getfscreatecon(&con) == -1)
|
|
+ {
|
|
+ return_val = false;
|
|
+ goto close_src_desc;
|
|
+ }
|
|
+
|
|
+ if (con)
|
|
+ {
|
|
+ if(fsetfilecon(dest_desc, con) == -1)
|
|
+ {
|
|
+ return_val = false;
|
|
+ freecon(con);
|
|
+ goto close_src_desc;
|
|
+ }
|
|
+ freecon(con);
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (dest_desc < 0 && x->unlink_dest_after_failed_open)
|
|
{
|
|
if (unlink (dst_name) != 0)
|
|
@@ -1410,6 +1438,32 @@
|
|
In such cases, set this variable to zero. */
|
|
preserve_metadata = true;
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ if (x->preserve_security_context && selinux_enabled)
|
|
+ {
|
|
+ security_context_t con;
|
|
+
|
|
+ if (lgetfilecon (src_name, &con) >= 0)
|
|
+ {
|
|
+ if (setfscreatecon(con) < 0)
|
|
+ {
|
|
+ error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
|
|
+ if (x->require_preserve) {
|
|
+ freecon(con);
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+ freecon(con);
|
|
+ }
|
|
+ else {
|
|
+ if (( errno != ENOTSUP ) && ( errno != ENODATA )) {
|
|
+ error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
|
|
+ return 1;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (S_ISDIR (src_mode))
|
|
{
|
|
struct dir_list *dir;
|
|
@@ -1480,7 +1534,13 @@
|
|
|
|
/* Are we crossing a file system boundary? */
|
|
if (x->one_file_system && device != 0 && device != src_sb.st_dev)
|
|
- return true;
|
|
+ {
|
|
+#ifdef WITH_SELINUX
|
|
+ if (x->preserve_security_context && selinux_enabled)
|
|
+ setfscreatecon(NULL);
|
|
+#endif
|
|
+ return true;
|
|
+ }
|
|
|
|
/* Copy the contents of the directory. */
|
|
|
|
@@ -1616,6 +1676,11 @@
|
|
}
|
|
}
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ if (x->preserve_security_context && selinux_enabled)
|
|
+ setfscreatecon(NULL);
|
|
+#endif
|
|
+
|
|
/* There's no need to preserve timestamps or permissions. */
|
|
preserve_metadata = false;
|
|
|
|
@@ -1754,6 +1819,11 @@
|
|
|
|
un_backup:
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ if (x->preserve_security_context && selinux_enabled)
|
|
+ setfscreatecon(NULL);
|
|
+#endif
|
|
+
|
|
/* We have failed to create the destination file.
|
|
If we've just added a dev/ino entry via the remember_copied
|
|
call above (i.e., unless we've just failed to create a hard link),
|
|
--- coreutils-5.96/src/mknod.c.selinux 2005-05-14 08:58:37.000000000 +0100
|
|
+++ coreutils-5.96/src/mknod.c 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -36,8 +36,15 @@
|
|
/* The name this program was run with. */
|
|
char *program_name;
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+#include <selinux/selinux.h>
|
|
+#endif
|
|
+
|
|
static struct option const longopts[] =
|
|
{
|
|
+#ifdef WITH_SELINUX
|
|
+ {"context", required_argument, NULL, 'Z'},
|
|
+#endif
|
|
{"mode", required_argument, NULL, 'm'},
|
|
{GETOPT_HELP_OPTION_DECL},
|
|
{GETOPT_VERSION_OPTION_DECL},
|
|
@@ -58,6 +65,11 @@
|
|
Create the special file NAME of the given TYPE.\n\
|
|
\n\
|
|
"), stdout);
|
|
+#ifdef WITH_SELINUX
|
|
+ fputs(_("\
|
|
+ -Z, --context=CONTEXT set security context (quoted string)\n\
|
|
+"), stdout);
|
|
+#endif
|
|
fputs (_("\
|
|
Mandatory arguments to long options are mandatory for short options too.\n\
|
|
"), stdout);
|
|
@@ -103,13 +115,31 @@
|
|
|
|
specified_mode = NULL;
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1)
|
|
+#else
|
|
while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1)
|
|
+#endif
|
|
{
|
|
switch (optc)
|
|
{
|
|
case 'm':
|
|
specified_mode = optarg;
|
|
break;
|
|
+#ifdef WITH_SELINUX
|
|
+ case 'Z':
|
|
+ /* politely decline if we're not on a selinux-enabled kernel. */
|
|
+ if( !(is_selinux_enabled()>0)) {
|
|
+ fprintf( stderr, "Sorry, --context (-Z) can be used only on "
|
|
+ "a selinux-enabled kernel.\n" );
|
|
+ exit( 1 );
|
|
+ }
|
|
+ if (setfscreatecon(optarg)) {
|
|
+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg);
|
|
+ exit( 1 );
|
|
+ }
|
|
+ break;
|
|
+#endif
|
|
case_GETOPT_HELP_CHAR;
|
|
case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
|
|
default:
|
|
--- coreutils-5.96/README.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/README 2006-06-22 23:32:51.000000000 +0100
|
|
@@ -8,11 +8,11 @@
|
|
The programs that can be built with this package are:
|
|
|
|
[ base64
|
|
- basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd
|
|
+ basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd
|
|
df dir dircolors dirname du echo env expand expr factor false fmt fold
|
|
ginstall groups head hostid hostname id join kill link ln logname ls
|
|
md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
|
|
- printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum
|
|
+ printenv printf ptx pwd readlink rm rmdir runcon runuser seq sha1sum sha224sum
|
|
sha256sum sha384sum sha512sum shred sleep sort
|
|
split stat stty su sum sync tac tail tee test touch tr true tsort tty
|
|
uname unexpand uniq unlink uptime users vdir wc who whoami yes
|
|
--- coreutils-5.96/tests/help-version.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/tests/help-version 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -46,6 +46,8 @@
|
|
|
|
# Skip `test'; it doesn't accept --help or --version.
|
|
test $i = test && continue;
|
|
+ test $i = chcon && continue;
|
|
+ test $i = runcon && continue;
|
|
|
|
# false fails even when invoked with --help or --version.
|
|
if test $i = false; then
|
|
@@ -162,7 +164,7 @@
|
|
|
|
for i in $all_programs; do
|
|
# Skip these.
|
|
- case $i in chroot|stty|tty|false) continue;; esac
|
|
+ case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac
|
|
|
|
rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out
|
|
echo > $tmp_in
|
|
--- coreutils-5.96/configure.ac.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/configure.ac 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -34,6 +34,13 @@
|
|
LIB_PAM="-ldl -lpam -lpam_misc"
|
|
AC_SUBST(LIB_PAM)])
|
|
|
|
+dnl Give the chance to enable SELINUX
|
|
+AC_ARG_ENABLE(selinux, dnl
|
|
+[ --enable-selinux Enable use of the SELINUX libraries],
|
|
+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])
|
|
+LIB_SELINUX="-lselinux"
|
|
+AC_SUBST(LIB_SELINUX)])
|
|
+
|
|
gl_DEFAULT_POSIX2_VERSION
|
|
gl_USE_SYSTEM_EXTENSIONS
|
|
gl_PERL
|
|
--- coreutils-5.96/config.hin.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/config.hin 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -411,10 +411,6 @@
|
|
don't. */
|
|
#undef HAVE_DECL_TTYNAME
|
|
|
|
-/* Define to 1 if you have the declaration of `tzname', and to 0 if you don't.
|
|
- */
|
|
-#undef HAVE_DECL_TZNAME
|
|
-
|
|
/* Define to 1 if you have the declaration of wcwidth(), and to 0 otherwise.
|
|
*/
|
|
#undef HAVE_DECL_WCWIDTH
|
|
@@ -519,6 +515,9 @@
|
|
/* Define to 1 if you have the `getdelim' function. */
|
|
#undef HAVE_GETDELIM
|
|
|
|
+/* Define to 1 if you have the `getgrouplist' function. */
|
|
+#undef HAVE_GETGROUPLIST
|
|
+
|
|
/* Define to 1 if your system has a working `getgroups' function. */
|
|
#undef HAVE_GETGROUPS
|
|
|
|
@@ -613,9 +612,6 @@
|
|
/* Define to 1 if you have the `lchown' function. */
|
|
#undef HAVE_LCHOWN
|
|
|
|
-/* Define to 1 if you have the `acl' library (-lacl). */
|
|
-#undef HAVE_LIBACL
|
|
-
|
|
/* Define to 1 if you have the `dgc' library (-ldgc). */
|
|
#undef HAVE_LIBDGC
|
|
|
|
@@ -1529,17 +1525,17 @@
|
|
/* Define to 1 if unlink (dir) cannot possibly succeed. */
|
|
#undef UNLINK_CANNOT_UNLINK_DIR
|
|
|
|
-/* Define to 1 if you want getc etc. to use unlocked I/O if available.
|
|
- Unlocked I/O can improve performance in unithreaded apps, but it is not
|
|
- safe for multithreaded apps. */
|
|
-#undef USE_UNLOCKED_IO
|
|
-
|
|
/* Define if you want access control list support. */
|
|
#undef USE_ACL
|
|
|
|
/* Define if you want to use PAM */
|
|
#undef USE_PAM
|
|
|
|
+/* Define to 1 if you want getc etc. to use unlocked I/O if available.
|
|
+ Unlocked I/O can improve performance in unithreaded apps, but it is not
|
|
+ safe for multithreaded apps. */
|
|
+#undef USE_UNLOCKED_IO
|
|
+
|
|
/* Version number of package */
|
|
#undef VERSION
|
|
|
|
@@ -1549,6 +1545,9 @@
|
|
/* Define if sys/ptem.h is required for struct winsize. */
|
|
#undef WINSIZE_IN_PTEM
|
|
|
|
+/* Define if you want to use SELINUX */
|
|
+#undef WITH_SELINUX
|
|
+
|
|
/* Define to 1 if your processor stores words with the most significant byte
|
|
first (like Motorola and SPARC, unlike Intel and VAX). */
|
|
#undef WORDS_BIGENDIAN
|
|
@@ -1694,7 +1693,7 @@
|
|
/* Define to rpl_nanosleep if the replacement function should be used. */
|
|
#undef nanosleep
|
|
|
|
-/* Define to `long int' if <sys/types.h> does not define. */
|
|
+/* Define to `long' if <sys/types.h> does not define. */
|
|
#undef off_t
|
|
|
|
/* Define to `int' if <sys/types.h> does not define. */
|
|
@@ -1761,7 +1760,7 @@
|
|
/* Define to empty if the C compiler doesn't support this keyword. */
|
|
#undef signed
|
|
|
|
-/* Define to `unsigned int' if <sys/types.h> does not define. */
|
|
+/* Define to `unsigned' if <sys/types.h> does not define. */
|
|
#undef size_t
|
|
|
|
/* Map `socklen_t' to `int' if it is missing. */
|
|
--- coreutils-5.96/man/ls.1.selinux 2006-05-16 18:31:21.000000000 +0100
|
|
+++ coreutils-5.96/man/ls.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -201,6 +201,20 @@
|
|
.TP
|
|
\fB\-1\fR
|
|
list one file per line
|
|
+.PP
|
|
+SELinux options:
|
|
+.TP
|
|
+\fB\-\-lcontext\fR
|
|
+Display security context. Enable \fB\-l\fR. Lines
|
|
+will probably be too wide for most displays.
|
|
+.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR
|
|
+Display security context so it fits on most
|
|
+displays. Displays only mode, user, group,
|
|
+security context and file name.
|
|
+.TP
|
|
+\fB\-\-scontext\fR
|
|
+Display only security context and file name.
|
|
.TP
|
|
\fB\-\-help\fR
|
|
display this help and exit
|
|
--- coreutils-5.96/man/install.1.selinux 2006-05-16 18:31:20.000000000 +0100
|
|
+++ coreutils-5.96/man/install.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -65,6 +65,11 @@
|
|
.TP
|
|
\fB\-v\fR, \fB\-\-verbose\fR
|
|
print the name of each directory as it is created
|
|
+.HP
|
|
+\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context
|
|
+.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
+(SELinux) Set security context of files and directories
|
|
.TP
|
|
\fB\-\-help\fR
|
|
display this help and exit
|
|
--- coreutils-5.96/man/id.1.selinux 2006-05-16 18:31:20.000000000 +0100
|
|
+++ coreutils-5.96/man/id.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -13,6 +13,9 @@
|
|
\fB\-a\fR
|
|
ignore, for compatibility with other versions
|
|
.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR
|
|
+print only the security context
|
|
+.TP
|
|
\fB\-g\fR, \fB\-\-group\fR
|
|
print only the effective group ID
|
|
.TP
|
|
--- coreutils-5.96/man/stat.1.selinux 2006-05-16 18:31:23.000000000 +0100
|
|
+++ coreutils-5.96/man/stat.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -28,6 +28,9 @@
|
|
\fB\-t\fR, \fB\-\-terse\fR
|
|
print the information in terse form
|
|
.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR
|
|
+print security context information for SELinux if available.
|
|
+.TP
|
|
\fB\-\-help\fR
|
|
display this help and exit
|
|
.TP
|
|
@@ -51,6 +54,9 @@
|
|
%d
|
|
Device number in decimal
|
|
.TP
|
|
+%C
|
|
+SELinux security context
|
|
+.TP
|
|
%D
|
|
Device number in hex
|
|
.TP
|
|
--- /dev/null 2006-06-22 09:01:01.637265000 +0100
|
|
+++ coreutils-5.96/man/runcon.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -0,0 +1,43 @@
|
|
+.TH RUNCON "1" "February 2005" "runcon (coreutils) 5.0" "selinux"
|
|
+.SH NAME
|
|
+runcon \- run command with specified security context
|
|
+.SH SYNOPSIS
|
|
+.B runcon
|
|
+[\fI-c\fR] [\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR]
|
|
+.PP
|
|
+or
|
|
+.PP
|
|
+.B runcon
|
|
+\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR]
|
|
+.PP
|
|
+.br
|
|
+.SH DESCRIPTION
|
|
+.PP
|
|
+.\" Add any additional description here
|
|
+.PP
|
|
+Run COMMAND with completely-specified CONTEXT, or with current or
|
|
+transitioned security context modified by one or more of LEVEL,
|
|
+ROLE, TYPE, and USER.
|
|
+.TP
|
|
+\fB\-c\fR
|
|
+compute process transition before modifying context
|
|
+.TP
|
|
+\fB\-t\fR
|
|
+change current type to the specified type
|
|
+.TP
|
|
+\fB\-l\fR
|
|
+change current level range to the specified range
|
|
+.TP
|
|
+\fB\-r\fR
|
|
+change current role to the specified role
|
|
+.TP
|
|
+\fB\-u\fR
|
|
+change current user to the specified user
|
|
+.PP
|
|
+If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
|
|
+the first argument is used as the complete context. Any additional
|
|
+arguments after \fICOMMAND\fR are interpreted as arguments to the
|
|
+command.
|
|
+.PP
|
|
+Note that only carefully-chosen contexts are likely to successfully
|
|
+run.
|
|
--- coreutils-5.96/man/Makefile.am.selinux 2006-06-22 23:32:16.000000000 +0100
|
|
+++ coreutils-5.96/man/Makefile.am 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -11,7 +11,7 @@
|
|
shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
|
|
su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
|
|
tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
|
|
- who.1 whoami.1 yes.1
|
|
+ who.1 whoami.1 yes.1 chcon.1 runcon.1
|
|
|
|
man_aux = $(dist_man_MANS:.1=.x)
|
|
|
|
@@ -119,6 +119,8 @@
|
|
who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
|
|
whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
|
|
yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
|
|
+chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
|
|
+runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
|
|
|
|
SUFFIXES = .x .1
|
|
|
|
--- coreutils-5.96/man/cp.1.selinux 2006-05-16 18:31:18.000000000 +0100
|
|
+++ coreutils-5.96/man/cp.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -57,7 +57,7 @@
|
|
.TP
|
|
\fB\-\-preserve\fR[=\fIATTR_LIST\fR]
|
|
preserve the specified attributes (default:
|
|
-mode,ownership,timestamps), if possible
|
|
+mode,ownership,timestamps) and security contexts, if possible
|
|
additional attributes: links, all
|
|
.TP
|
|
\fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
|
|
@@ -105,6 +105,9 @@
|
|
\fB\-\-help\fR
|
|
display this help and exit
|
|
.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
+set security context of copy to CONTEXT
|
|
+.TP
|
|
\fB\-\-version\fR
|
|
output version information and exit
|
|
.PP
|
|
--- coreutils-5.96/man/mkfifo.1.selinux 2006-05-16 18:31:21.000000000 +0100
|
|
+++ coreutils-5.96/man/mkfifo.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -12,6 +12,9 @@
|
|
.PP
|
|
Mandatory arguments to long options are mandatory for short options too.
|
|
.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
+set security context (quoted string)
|
|
+.TP
|
|
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
set permission mode (as in chmod), not a=rw \- umask
|
|
.TP
|
|
--- coreutils-5.96/man/mknod.1.selinux 2006-05-16 18:31:21.000000000 +0100
|
|
+++ coreutils-5.96/man/mknod.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -12,6 +12,9 @@
|
|
.PP
|
|
Mandatory arguments to long options are mandatory for short options too.
|
|
.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
|
|
+set security context (quoted string)
|
|
+.TP
|
|
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
set permission mode (as in chmod), not a=rw \- umask
|
|
.TP
|
|
--- coreutils-5.96/man/mkdir.1.selinux 2006-05-16 18:31:21.000000000 +0100
|
|
+++ coreutils-5.96/man/mkdir.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -12,6 +12,8 @@
|
|
.PP
|
|
Mandatory arguments to long options are mandatory for short options too.
|
|
.TP
|
|
+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
|
|
+.TP
|
|
\fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
|
|
set permission mode (as in chmod), not rwxrwxrwx \- umask
|
|
.TP
|
|
--- coreutils-5.96/man/dir.1.selinux 2006-05-16 18:31:19.000000000 +0100
|
|
+++ coreutils-5.96/man/dir.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -201,6 +201,20 @@
|
|
.TP
|
|
\fB\-1\fR
|
|
list one file per line
|
|
+.PP
|
|
+SELINUX options:
|
|
+.TP
|
|
+\fB\-\-lcontext\fR
|
|
+Display security context. Enable \fB\-l\fR. Lines
|
|
+will probably be too wide for most displays.
|
|
+.TP
|
|
+\fB\-\-context\fR
|
|
+Display security context so it fits on most
|
|
+displays. Displays only mode, user, group,
|
|
+security context and file name.
|
|
+.TP
|
|
+\fB\-\-scontext\fR
|
|
+Display only security context and file name.
|
|
.TP
|
|
\fB\-\-help\fR
|
|
display this help and exit
|
|
--- /dev/null 2006-06-22 09:01:01.637265000 +0100
|
|
+++ coreutils-5.96/man/runcon.x 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -0,0 +1,14 @@
|
|
+[NAME]
|
|
+runcon \- run command with specified security context
|
|
+[DESCRIPTION]
|
|
+Run COMMAND with completely-specified CONTEXT, or with current or
|
|
+transitioned security context modified by one or more of LEVEL,
|
|
+ROLE, TYPE, and USER.
|
|
+.PP
|
|
+If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
|
|
+the first argument is used as the complete context. Any additional
|
|
+arguments after \fICOMMAND\fR are interpreted as arguments to the
|
|
+command.
|
|
+.PP
|
|
+Note that only carefully-chosen contexts are likely to successfully
|
|
+run.
|
|
--- coreutils-5.96/man/vdir.1.selinux 2006-05-16 18:31:25.000000000 +0100
|
|
+++ coreutils-5.96/man/vdir.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -201,6 +201,20 @@
|
|
.TP
|
|
\fB\-1\fR
|
|
list one file per line
|
|
+.PP
|
|
+SELINUX options:
|
|
+.TP
|
|
+\fB\-\-lcontext\fR
|
|
+Display security context. Enable \fB\-l\fR. Lines
|
|
+will probably be too wide for most displays.
|
|
+.TP
|
|
+\fB\-\-context\fR
|
|
+Display security context so it fits on most
|
|
+displays. Displays only mode, user, group,
|
|
+security context and file name.
|
|
+.TP
|
|
+\fB\-\-scontext\fR
|
|
+Display only security context and file name.
|
|
.TP
|
|
\fB\-\-help\fR
|
|
display this help and exit
|
|
--- /dev/null 2006-06-22 09:01:01.637265000 +0100
|
|
+++ coreutils-5.96/man/chcon.x 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -0,0 +1,4 @@
|
|
+[NAME]
|
|
+chcon \- change file security context
|
|
+[DESCRIPTION]
|
|
+.\" Add any additional description here
|
|
--- /dev/null 2006-06-22 09:01:01.637265000 +0100
|
|
+++ coreutils-5.96/man/chcon.1 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -0,0 +1,64 @@
|
|
+.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
|
|
+.SH NAME
|
|
+chcon \- change security context
|
|
+.SH SYNOPSIS
|
|
+.B chcon
|
|
+[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
|
|
+.br
|
|
+.B chcon
|
|
+[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
|
|
+.SH DESCRIPTION
|
|
+.PP
|
|
+." Add any additional description here
|
|
+.PP
|
|
+Change the security context of each FILE to CONTEXT.
|
|
+.TP
|
|
+\fB\-c\fR, \fB\-\-changes\fR
|
|
+like verbose but report only when a change is made
|
|
+.TP
|
|
+\fB\-h\fR, \fB\-\-no\-dereference\fR
|
|
+affect symbolic links instead of any referenced file (available only on systems with lchown system call)
|
|
+.TP
|
|
+\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
|
|
+suppress most error messages
|
|
+.TP
|
|
+\fB\-l\fR, \fB\-\-range\fR
|
|
+set range RANGE in the target security context
|
|
+.TP
|
|
+\fB\-\-reference\fR=\fIRFILE\fR
|
|
+use RFILE's context instead of using a CONTEXT value
|
|
+.TP
|
|
+\fB\-R\fR, \fB\-\-recursive\fR
|
|
+change files and directories recursively
|
|
+.TP
|
|
+\fB\-r\fR, \fB\-\-role\fR
|
|
+set role ROLE in the target security context
|
|
+.TP
|
|
+\fB\-t\fR, \fB\-\-type\fR
|
|
+set type TYPE in the target security context
|
|
+.TP
|
|
+\fB\-u\fR, \fB\-\-user\fR
|
|
+set user USER in the target security context
|
|
+.TP
|
|
+\fB\-v\fR, \fB\-\-verbose\fR
|
|
+output a diagnostic for every file processed
|
|
+.TP
|
|
+\fB\-\-help\fR
|
|
+display this help and exit
|
|
+.TP
|
|
+\fB\-\-version\fR
|
|
+output version information and exit
|
|
+.SH "REPORTING BUGS"
|
|
+Report bugs to <https://bugzilla.redhat.com/bugzilla>.
|
|
+.SH "SEE ALSO"
|
|
+The full documentation for
|
|
+.B chcon
|
|
+is maintained as a Texinfo manual. If the
|
|
+.B info
|
|
+and
|
|
+.B chcon
|
|
+programs are properly installed at your site, the command
|
|
+.IP
|
|
+.B info chcon
|
|
+.PP
|
|
+should give you access to the complete manual.
|
|
--- coreutils-5.96/man/Makefile.in.selinux 2006-05-22 07:08:33.000000000 +0100
|
|
+++ coreutils-5.96/man/Makefile.in 2006-06-22 23:32:16.000000000 +0100
|
|
@@ -107,25 +107,25 @@
|
|
$(top_srcdir)/m4/onceonly_2_57.m4 $(top_srcdir)/m4/openat.m4 \
|
|
$(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/perl.m4 \
|
|
$(top_srcdir)/m4/physmem.m4 $(top_srcdir)/m4/po.m4 \
|
|
- $(top_srcdir)/m4/posixtm.m4 $(top_srcdir)/m4/posixver.m4 \
|
|
- $(top_srcdir)/m4/prereq.m4 $(top_srcdir)/m4/progtest.m4 \
|
|
- $(top_srcdir)/m4/putenv.m4 $(top_srcdir)/m4/quote.m4 \
|
|
- $(top_srcdir)/m4/quotearg.m4 $(top_srcdir)/m4/readlink.m4 \
|
|
- $(top_srcdir)/m4/readtokens.m4 $(top_srcdir)/m4/readutmp.m4 \
|
|
- $(top_srcdir)/m4/regex.m4 $(top_srcdir)/m4/rename.m4 \
|
|
- $(top_srcdir)/m4/restrict.m4 $(top_srcdir)/m4/rmdir-errno.m4 \
|
|
- $(top_srcdir)/m4/rmdir.m4 $(top_srcdir)/m4/root-dev-ino.m4 \
|
|
- $(top_srcdir)/m4/rpmatch.m4 $(top_srcdir)/m4/safe-read.m4 \
|
|
- $(top_srcdir)/m4/safe-write.m4 $(top_srcdir)/m4/same.m4 \
|
|
- $(top_srcdir)/m4/save-cwd.m4 $(top_srcdir)/m4/savedir.m4 \
|
|
- $(top_srcdir)/m4/setenv.m4 $(top_srcdir)/m4/settime.m4 \
|
|
- $(top_srcdir)/m4/sha1.m4 $(top_srcdir)/m4/sig2str.m4 \
|
|
- $(top_srcdir)/m4/signed.m4 $(top_srcdir)/m4/socklen.m4 \
|
|
- $(top_srcdir)/m4/sockpfaf.m4 $(top_srcdir)/m4/ssize_t.m4 \
|
|
- $(top_srcdir)/m4/st_dm_mode.m4 $(top_srcdir)/m4/stat-macros.m4 \
|
|
- $(top_srcdir)/m4/stat-prog.m4 $(top_srcdir)/m4/stat-time.m4 \
|
|
- $(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stdint_h.m4 \
|
|
- $(top_srcdir)/m4/stdio-safer.m4 \
|
|
+ $(top_srcdir)/m4/posix_acl.m4 $(top_srcdir)/m4/posixtm.m4 \
|
|
+ $(top_srcdir)/m4/posixver.m4 $(top_srcdir)/m4/prereq.m4 \
|
|
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/m4/putenv.m4 \
|
|
+ $(top_srcdir)/m4/quote.m4 $(top_srcdir)/m4/quotearg.m4 \
|
|
+ $(top_srcdir)/m4/readlink.m4 $(top_srcdir)/m4/readtokens.m4 \
|
|
+ $(top_srcdir)/m4/readutmp.m4 $(top_srcdir)/m4/regex.m4 \
|
|
+ $(top_srcdir)/m4/rename.m4 $(top_srcdir)/m4/restrict.m4 \
|
|
+ $(top_srcdir)/m4/rmdir-errno.m4 $(top_srcdir)/m4/rmdir.m4 \
|
|
+ $(top_srcdir)/m4/root-dev-ino.m4 $(top_srcdir)/m4/rpmatch.m4 \
|
|
+ $(top_srcdir)/m4/safe-read.m4 $(top_srcdir)/m4/safe-write.m4 \
|
|
+ $(top_srcdir)/m4/same.m4 $(top_srcdir)/m4/save-cwd.m4 \
|
|
+ $(top_srcdir)/m4/savedir.m4 $(top_srcdir)/m4/setenv.m4 \
|
|
+ $(top_srcdir)/m4/settime.m4 $(top_srcdir)/m4/sha1.m4 \
|
|
+ $(top_srcdir)/m4/sig2str.m4 $(top_srcdir)/m4/signed.m4 \
|
|
+ $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \
|
|
+ $(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/st_dm_mode.m4 \
|
|
+ $(top_srcdir)/m4/stat-macros.m4 $(top_srcdir)/m4/stat-prog.m4 \
|
|
+ $(top_srcdir)/m4/stat-time.m4 $(top_srcdir)/m4/stdbool.m4 \
|
|
+ $(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio-safer.m4 \
|
|
$(top_srcdir)/m4/stdlib-safer.m4 $(top_srcdir)/m4/stpcpy.m4 \
|
|
$(top_srcdir)/m4/strcase.m4 $(top_srcdir)/m4/strcspn.m4 \
|
|
$(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/strftime.m4 \
|
|
@@ -199,7 +199,6 @@
|
|
GLIBC21 = @GLIBC21@
|
|
GMSGFMT = @GMSGFMT@
|
|
GNU_PACKAGE = @GNU_PACKAGE@
|
|
-GREP = @GREP@
|
|
HAVE__BOOL = @HAVE__BOOL@
|
|
HELP2MAN = @HELP2MAN@
|
|
INSTALL_DATA = @INSTALL_DATA@
|
|
@@ -210,6 +209,7 @@
|
|
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
|
|
KMEM_GROUP = @KMEM_GROUP@
|
|
LDFLAGS = @LDFLAGS@
|
|
+LIBACL = @LIBACL@
|
|
LIBICONV = @LIBICONV@
|
|
LIBINTL = @LIBINTL@
|
|
LIBOBJS = @LIBOBJS@
|
|
@@ -220,6 +220,8 @@
|
|
LIB_FDATASYNC = @LIB_FDATASYNC@
|
|
LIB_GETHRXTIME = @LIB_GETHRXTIME@
|
|
LIB_NANOSLEEP = @LIB_NANOSLEEP@
|
|
+LIB_PAM = @LIB_PAM@
|
|
+LIB_SELINUX = @LIB_SELINUX@
|
|
LN_S = @LN_S@
|
|
LTLIBICONV = @LTLIBICONV@
|
|
LTLIBINTL = @LTLIBINTL@
|
|
@@ -269,30 +271,23 @@
|
|
build_os = @build_os@
|
|
build_vendor = @build_vendor@
|
|
datadir = @datadir@
|
|
-datarootdir = @datarootdir@
|
|
-docdir = @docdir@
|
|
-dvidir = @dvidir@
|
|
exec_prefix = @exec_prefix@
|
|
host = @host@
|
|
host_alias = @host_alias@
|
|
host_cpu = @host_cpu@
|
|
host_os = @host_os@
|
|
host_vendor = @host_vendor@
|
|
-htmldir = @htmldir@
|
|
includedir = @includedir@
|
|
infodir = @infodir@
|
|
install_sh = @install_sh@
|
|
libdir = @libdir@
|
|
libexecdir = @libexecdir@
|
|
-localedir = @localedir@
|
|
localstatedir = @localstatedir@
|
|
mandir = @mandir@
|
|
mkdir_p = @mkdir_p@
|
|
oldincludedir = @oldincludedir@
|
|
-pdfdir = @pdfdir@
|
|
prefix = @prefix@
|
|
program_transform_name = @program_transform_name@
|
|
-psdir = @psdir@
|
|
sbindir = @sbindir@
|
|
sharedstatedir = @sharedstatedir@
|
|
sysconfdir = @sysconfdir@
|
|
@@ -305,10 +300,10 @@
|
|
link.1 ln.1 logname.1 \
|
|
ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nice.1 nl.1 nohup.1 od.1 \
|
|
paste.1 pathchk.1 pinky.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \
|
|
- rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
|
|
+ rm.1 rmdir.1 runuser.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
|
|
su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
|
|
tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
|
|
- who.1 whoami.1 yes.1
|
|
+ who.1 whoami.1 yes.1 chcon.1 runcon.1
|
|
|
|
man_aux = $(dist_man_MANS:.1=.x)
|
|
EXTRA_DIST = $(man_aux) help2man
|
|
@@ -598,6 +593,7 @@
|
|
readlink.1: $(common_dep) $(srcdir)/readlink.x ../src/readlink.c
|
|
rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
|
|
rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
|
|
+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/runuser.c
|
|
seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
|
|
sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
|
|
shred.1: $(common_dep) $(srcdir)/shred.x ../src/shred.c
|
|
@@ -629,6 +625,8 @@
|
|
who.1: $(common_dep) $(srcdir)/who.x ../src/who.c
|
|
whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c
|
|
yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
|
|
+chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
|
|
+runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
|
|
|
|
# Note the use of $t/$*, rather than just `$*' as in other packages.
|
|
# That is necessary to avoid failures for programs that are also shell built-in
|