diff --git a/coreutils-4.5.3-sysinfo.patch b/coreutils-4.5.3-sysinfo.patch index cd22a2b..94c9f91 100644 --- a/coreutils-4.5.3-sysinfo.patch +++ b/coreutils-4.5.3-sysinfo.patch @@ -1,15 +1,15 @@ --- coreutils-5.97/src/uname.c.sysinfo 2005-09-15 20:57:04.000000000 +0100 +++ coreutils-5.97/src/uname.c 2006-08-24 17:15:56.000000000 +0100 -@@ -155,7 +155,7 @@ +@@ -263,7 +263,7 @@ + int main (int argc, char **argv) { - int c; - static char const unknown[] = "unknown"; + static char unknown[] = "unknown"; /* Mask indicating which elements to print. */ unsigned int toprint = 0; -@@ -249,13 +249,35 @@ +@@ -306,13 +306,35 @@ if (toprint & PRINT_PROCESSOR) { @@ -46,7 +46,7 @@ #endif #ifdef UNAME_PROCESSOR if (element == unknown) -@@ -293,7 +315,7 @@ +@@ -348,7 +370,7 @@ if (toprint & PRINT_HARDWARE_PLATFORM) { @@ -55,7 +55,7 @@ #if HAVE_SYSINFO && defined SI_PLATFORM { static char hardware_platform[257]; -@@ -301,6 +323,14 @@ +@@ -356,6 +378,14 @@ hardware_platform, sizeof hardware_platform)) element = hardware_platform; } diff --git a/coreutils-5.2.1-runuser.patch b/coreutils-5.2.1-runuser.patch index b64dbfe..c817580 100644 --- a/coreutils-5.2.1-runuser.patch +++ b/coreutils-5.2.1-runuser.patch @@ -1,5 +1,5 @@ ---- coreutils-6.7/tests/help-version.runuser 2006-12-07 09:06:04.000000000 +0000 -+++ coreutils-6.7/tests/help-version 2007-01-09 17:31:44.000000000 +0000 +--- coreutils-6.10/tests/misc/help-version.runuser ++++ coreutils-6.10/tests/misc/help-version @@ -168,6 +168,7 @@ seq_args=10 sleep_args=0 @@ -8,17 +8,19 @@ # I'd rather not run sync, since it spins up disks that I've # deliberately caused to spin down (but not unmounted). ---- coreutils-6.7/README.runuser 2006-11-24 21:28:27.000000000 +0000 -+++ coreutils-6.7/README 2007-01-09 17:32:16.000000000 +0000 -@@ -11,7 +11,7 @@ - dd df dir dircolors dirname du echo env expand expr factor false fmt fold - ginstall groups head hostid hostname id join kill link ln logname ls - md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr -- printenv printf ptx pwd readlink rm rmdir seq sha1sum sha224sum sha256sum -+ printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum sha256sum - sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac - tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime - users vdir wc who whoami yes +--- coreutils-6.10/README.runuser ++++ coreutils-6.10/README +@@ -11,8 +11,8 @@ + factor false fmt fold groups head hostid hostname id install join kill + link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup + od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir +- runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf +- sleep sort split stat stty su sum sync tac tail tee test touch tr true ++ runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred ++ shuf sleep sort split stat stty su sum sync tac tail tee test touch tr true + tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes + + See the file NEWS for a list of major changes in the current release. --- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000 +++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000 @@ -110,9 +110,15 @@ @@ -92,7 +94,7 @@ +#ifdef RUNUSER + if (getuid() != geteuid()) + /* safety net: deny operation if we are suid by accident */ -+ error(EXIT_FAIL, 1, "runuser may not be setuid"); ++ error(EXIT_FAILURE, 1, "runuser may not be setuid"); +#else retval = pam_authenticate(pamh, 0); PAM_BAIL_P; @@ -190,7 +192,7 @@ + case 'g': + gr = getgrnam(optarg); + if (!gr) -+ error (EXIT_FAIL, 0, _("group %s does not exist"), optarg); ++ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg); + use_gid = 1; + groups[0] = gr->gr_gid; + break; @@ -198,12 +200,12 @@ + case 'G': + num_supp_groups++; + if (num_supp_groups >= NGROUPS_MAX) -+ error (EXIT_FAIL, 0, ++ error (EXIT_FAILURE, 0, + _("Can't specify more than %d supplemental groups"), + NGROUPS_MAX - 1); + gr = getgrnam(optarg); + if (!gr) -+ error (EXIT_FAIL, 0, _("group %s does not exist"), optarg); ++ error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg); + groups[num_supp_groups] = gr->gr_gid; + break; +#endif @@ -252,17 +254,17 @@ +#endif + ); } ---- coreutils-6.7/src/Makefile.am.runuser 2007-01-09 17:27:56.000000000 +0000 -+++ coreutils-6.7/src/Makefile.am 2007-01-09 17:27:56.000000000 +0000 -@@ -17,7 +17,7 @@ - ## along with this program; if not, write to the Free Software Foundation, - ## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - --EXTRA_PROGRAMS = chroot df hostid nice pinky stty su uname uptime users who -+EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who - - bin_SCRIPTS = groups - bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \ +--- coreutils-6.10/src/Makefile.am.runuser ++++ coreutils-6.10/src/Makefile.am +@@ -38,7 +38,7 @@ + shuf sort split sum tac tail tr tsort unexpand uniq wc \ + basename date dirname echo env expr factor false \ + id kill logname pathchk printenv printf pwd \ +- runcon seq sleep tee \ ++ runcon runuser seq sleep tee \ + test true tty whoami yes \ + base64 + @@ -112,6 +112,10 @@ mv_LDADD += $(LIB_ACL) ginstall_LDADD += $(LIB_ACL) @@ -283,27 +285,26 @@ installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'` ---- coreutils-6.7/AUTHORS.runuser 2006-10-22 17:54:15.000000000 +0100 -+++ coreutils-6.7/AUTHORS 2007-01-09 17:27:56.000000000 +0000 +--- coreutils-6.10/AUTHORS.runuser ++++ coreutils-6.10/AUTHORS @@ -60,6 +60,7 @@ readlink: Dmitry V. Levin rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering rmdir: David MacKenzie +runuser: David MacKenzie, Dan Walsh + runcon: Russell Coker seq: Ulrich Drepper sha1sum: Ulrich Drepper, Scott Miller, David Madore - sha224sum: Ulrich Drepper, Scott Miller, David Madore ---- coreutils-6.7/man/Makefile.am.runuser 2006-11-16 08:49:56.000000000 +0000 -+++ coreutils-6.7/man/Makefile.am 2007-01-09 17:32:38.000000000 +0000 -@@ -26,7 +26,7 @@ - link.1 ln.1 logname.1 \ - ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nl.1 nohup.1 od.1 \ - paste.1 pathchk.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \ -- rm.1 rmdir.1 seq.1 sha1sum.1 sha224sum.1 sha256sum.1 sha384sum.1 sha512sum.1 \ -+ rm.1 rmdir.1 runuser.1 seq.1 sha1sum.1 sha224sum.1 sha256sum.1 sha384sum.1 sha512sum.1 \ - shred.1 shuf.1 sleep.1 sort.1 split.1 stat.1 \ - su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \ - tty.1 unexpand.1 uniq.1 unlink.1 vdir.1 wc.1 \ +--- coreutils-6.10/man/Makefile.am.runuser ++++ coreutils-6.10/man/Makefile.am +@@ -92,6 +92,7 @@ + rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c + rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c + runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c ++runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c + seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c + sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c + sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c --- /dev/null 2007-01-09 09:38:07.860075128 +0000 +++ coreutils-6.7/man/runuser.x 2007-01-09 17:27:56.000000000 +0000 @@ -0,0 +1,4 @@ @@ -312,7 +313,7 @@ +[DESCRIPTION] +.\" Add any additional description here --- /dev/null 2007-01-09 09:38:07.860075128 +0000 -+++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000 ++++ coreutils-6.10/man/runuser.1 2007-01-09 17:27:56.000000000 +0000 @@ -0,0 +1,68 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33. +.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands" @@ -330,7 +331,7 @@ +to set user ID, the command will fail. +.TP +-, \fB\-l\fR, \fB\-\-login\fR -+make the shell a login shell ++make the shell a login shell, uses runuser-l PAM file instead of default one. +.TP +\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR +pass a single COMMAND to the shell with \fB\-c\fR diff --git a/coreutils-6.9-cp-i-u.patch b/coreutils-6.9-cp-i-u.patch deleted file mode 100644 index 167cacc..0000000 --- a/coreutils-6.9-cp-i-u.patch +++ /dev/null @@ -1,110 +0,0 @@ -When "cp -i --update old new" would do nothing because "new" is -newer than "old", cp would nonetheless prompt for whether it is -ok to overwrite "new". Then, regardless of the response (because -of the --update option), cp would do nothing. - -The following patch eliminates the unnecessary prompt in that case. - -diff --git a/src/copy.c b/src/copy.c -index b7bf73b..0e549d2 100644 ---- a/src/copy.c -+++ b/src/copy.c -@@ -1210,6 +1210,30 @@ copy_internal (char const *src_name, char const *dst_name, - return false; - } - -+ if (!S_ISDIR (src_mode) && x->update) -+ { -+ /* When preserving time stamps (but not moving within a file -+ system), don't worry if the destination time stamp is -+ less than the source merely because of time stamp -+ truncation. */ -+ int options = ((x->preserve_timestamps -+ && ! (x->move_mode -+ && dst_sb.st_dev == src_sb.st_dev)) -+ ? UTIMECMP_TRUNCATE_SOURCE -+ : 0); -+ -+ if (0 <= utimecmp (dst_name, &dst_sb, &src_sb, options)) -+ { -+ /* We're using --update and the destination is not older -+ than the source, so do not copy or move. Pretend the -+ rename succeeded, so the caller (if it's mv) doesn't -+ end up removing the source file. */ -+ if (rename_succeeded) -+ *rename_succeeded = true; -+ return true; -+ } -+ } -+ - /* When there is an existing destination file, we may end up - returning early, and hence not copying/moving the file. - This may be due to an interactive `negative' reply to the -@@ -1302,30 +1326,6 @@ copy_internal (char const *src_name, char const *dst_name, - return false; - } - } -- -- if (x->update) -- { -- /* When preserving time stamps (but not moving within a file -- system), don't worry if the destination time stamp is -- less than the source merely because of time stamp -- truncation. */ -- int options = ((x->preserve_timestamps -- && ! (x->move_mode -- && dst_sb.st_dev == src_sb.st_dev)) -- ? UTIMECMP_TRUNCATE_SOURCE -- : 0); -- -- if (0 <= utimecmp (dst_name, &dst_sb, &src_sb, options)) -- { -- /* We're using --update and the destination is not older -- than the source, so do not copy or move. Pretend the -- rename succeeded, so the caller (if it's mv) doesn't -- end up removing the source file. */ -- if (rename_succeeded) -- *rename_succeeded = true; -- return true; -- } -- } - } - - if (x->move_mode) -diff --git a/tests/mv/update b/tests/mv/update -index 0c06024..6c3d149 100755 ---- a/tests/mv/update -+++ b/tests/mv/update -@@ -1,7 +1,7 @@ - #!/bin/sh - # make sure --update works as advertised - --# Copyright (C) 2001, 2004, 2006 Free Software Foundation, Inc. -+# Copyright (C) 2001, 2004, 2006-2007 Free Software Foundation, Inc. - - # This program is free software; you can redistribute it and/or modify - # it under the terms of the GNU General Public License as published by -@@ -46,11 +46,16 @@ fi - - fail=0 - --for cp_or_mv in cp mv; do -- # This is a no-op. -- $cp_or_mv --update old new || fail=1 -- case "`cat new`" in new) ;; *) fail=1 ;; esac -- case "`cat old`" in old) ;; *) fail=1 ;; esac -+for interactive in '' -i; do -+ for cp_or_mv in cp mv; do -+ # This is a no-op, with no prompt. -+ # With coreutils-6.9 and earlier, using --update with -i would -+ # mistakenly elicit a prompt. -+ $cp_or_mv $interactive --update old new < /dev/null > out 2>&1 || fail=1 -+ test -s out && fail=1 -+ case "`cat new`" in new) ;; *) fail=1 ;; esac -+ case "`cat old`" in old) ;; *) fail=1 ;; esac -+ done - done - - # This will actually perform the rename. --- -1.5.3.rc1.16.g9d6f diff --git a/coreutils-6.9-du-ls-upstream.patch b/coreutils-6.9-du-ls-upstream.patch deleted file mode 100644 index ff285f2..0000000 --- a/coreutils-6.9-du-ls-upstream.patch +++ /dev/null @@ -1,98 +0,0 @@ -Fixes some small bugs (merged upstream patches) -Fixed RedHat Bugzillas: 250089(fix by jplans@redhat.com), 239266 - -diff -Naurp coreutils-5.2.1/lib/fts.c coreutils-5.2.1.new/lib/fts.c ---- coreutils-5.2.1/lib/fts.c 2003-12-20 10:05:23.000000000 -0800 -+++ coreutils-5.2.1.new/lib/fts.c 2007-06-14 11:38:00.696001000 -0700 -@@ -685,7 +685,7 @@ fts_read(sp) - /* If fts_build's call to fts_safe_changedir failed - because it was not able to fchdir into a - subdirectory, tell the caller. */ -- if (p->fts_errno) -+ if (p->fts_errno && p->fts_info != FTS_DNR) - p->fts_info = FTS_ERR; - LEAVE_DIR (sp, p, "2"); - return (p); - } -diff -ur coreutils-6.9-orig/src/du.c coreutils-6.9/src/du.c ---- coreutils-6.9-orig/src/du.c -+++ coreutils-6.9/src/du.c - duinfo_add (&dulvl[level].ent, &dui); - - /* Even if this directory is unreadable or we can't chdir into it, -- do let its size contribute to the total, ... */ -+ do let its size contribute to the total. */ - duinfo_add (&tot_dui, &dui); - -- /* ... but don't print out a total for it, since without the size(s) -- of any potential entries, it could be very misleading. */ -- if (ent->fts_info == FTS_DNR) -- return ok; -- - /* If we're not counting an entry, e.g., because it's a hard link - to a file we've already counted (and --count-links), then don't - print a line for it. */ -diff -urNp coreutils-6.9-orig/src/dircolors.hin coreutils-6.9/src/dircolors.hin ---- coreutils-6.9-orig/src/dircolors.hin 2007-03-18 22:36:43.000000000 +0100 -+++ coreutils-6.9/src/dircolors.hin 2007-11-02 12:27:03.000000000 +0100 -@@ -27,6 +27,7 @@ TERM cons25 - TERM console - TERM cygwin - TERM dtterm -+TERM eterm-color - TERM gnome - TERM konsole - TERM kterm -@@ -40,6 +40,7 @@ TERM rxvt-cygwin - TERM rxvt-cygwin-native - TERM rxvt-unicode - TERM screen -+TERM screen-256color - TERM screen-bce - TERM screen-w - TERM screen.linux -@@ -46,7 +47,9 @@ TERM screen-w - TERM screen.linux - TERM vt100 - TERM xterm -+TERM xterm-16color - TERM xterm-256color -+TERM xterm-88color - TERM xterm-color - TERM xterm-debian - -diff -ur a/src/ls.c b/src/ls.c ---- a/src/ls.c -+++ b/src/ls.c -@@ -1168,7 +1168,7 @@ main (int argc, char **argv) - { - /* Avoid following symbolic links when possible. */ - if (is_colored (C_ORPHAN) -- || is_colored (C_EXEC) -+ || (is_colored (C_EXEC) && color_symlink_as_referent) - || (is_colored (C_MISSING) && format == long_format)) - check_symlink_color = true; - -@@ -2570,7 +2574,8 @@ gobble_file (char const *name, enum file - || ((print_inode || format_needs_type) - && (type == symbolic_link || type == unknown) - && (dereference == DEREF_ALWAYS -- || (command_line_arg && dereference != DEREF_NEVER))) -+ || (command_line_arg && dereference != DEREF_NEVER) -+ || color_symlink_as_referent || check_symlink_color)) - /* Command line dereferences are already taken care of by the above - assertion that the inode number is not yet known. */ - || (print_inode && inode == NOT_AN_INODE_NUMBER) -@@ -2713,6 +2713,12 @@ gobble_file (char const *name, enum filetype type, ino_t inode, - free (linkname); - } - -+ /* When not distinguishing types of symlinks, pretend we know that -+ it is stat'able, so that it will be colored as a regular symlink, -+ and not as an orphan. */ -+ if (S_ISLNK (f->stat.st_mode) && !check_symlink_color) -+ f->linkok = true; -+ - if (S_ISLNK (f->stat.st_mode)) - f->filetype = symbolic_link; - else if (S_ISDIR (f->stat.st_mode)) diff --git a/coreutils-6.9-requiresecuritycontext.patch b/coreutils-6.9-requiresecuritycontext.patch deleted file mode 100644 index 1eca6ef..0000000 --- a/coreutils-6.9-requiresecuritycontext.patch +++ /dev/null @@ -1,160 +0,0 @@ -diff -ur coreutils-6.9-orig/src/install.c coreutils-6.9/src/install.c ---- coreutils-6.9-orig/src/install.c 2007-10-30 12:34:07.000000000 +0100 -+++ coreutils-6.9/src/install.c 2007-10-30 15:41:15.000000000 +0100 -@@ -174,6 +174,7 @@ - x->preserve_mode = false; - x->preserve_timestamps = false; - x->require_preserve = false; -+ x->require_preserve_context = false; - x->recursive = false; - x->sparse_mode = SPARSE_AUTO; - x->symbolic_link = false; -diff -ur coreutils-6.9-orig/src/mv.c coreutils-6.9/src/mv.c ---- coreutils-6.9-orig/src/mv.c 2007-10-30 12:34:07.000000000 +0100 -+++ coreutils-6.9/src/mv.c 2007-10-30 15:34:37.000000000 +0100 -@@ -131,6 +131,7 @@ - x->preserve_timestamps = true; - x->preserve_security_context = selinux_enabled; - x->require_preserve = false; /* FIXME: maybe make this an option */ -+ x->require_preserve_context = false; - x->recursive = true; - x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */ - x->symbolic_link = false; -diff -ur coreutils-6.9-orig/src/copy.c coreutils-6.9/src/copy.c ---- coreutils-6.9-orig/src/copy.c 2007-10-30 12:34:07.000000000 +0100 -+++ coreutils-6.9/src/copy.c 2007-10-30 16:01:22.000000000 +0100 -@@ -306,25 +307,33 @@ - if (! *new_dst) - { - dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY); - - #ifdef WITH_SELINUX -- if (dest_desc >= 0 && selinux_enabled && -- (x->preserve_security_context || x->set_security_context)) -+ if (x->preserve_security_context && 0 <= dest_desc) - { -- security_context_t con; -- if(getfscreatecon(&con) == -1) -+ security_context_t con = NULL; -+ if(getfscreatecon(&con) < 0) - { -- return_val = false; -- goto close_src_desc; -+ if (x->require_preserve_context) -+ { -+ error(0, errno, _("failed to get file system create context")); -+ return_val = false; -+ goto close_src_desc; -+ } - } - - if (con) - { -- if(fsetfilecon(dest_desc, con) == -1) -+ if(fsetfilecon(dest_desc, con) < 0) - { -- return_val = false; -- freecon(con); -- goto close_src_desc; -+ if (x->require_preserve_context) -+ { -+ error(0, errno, _("failed to set security context of %s to %s"), -+ quote_n (0, dst_name), quote_n(1, con)); -+ return_val = false; -+ freecon(con); -+ goto close_src_desc; -+ } - } - freecon(con); - } -@@ -1577,10 +1587,10 @@ - { - if (setfscreatecon(con) < 0) - { -- error (0, errno, _("cannot set setfscreatecon %s"), quote (con)); -- if (x->require_preserve) { -- freecon(con); -- return 1; -+ error (0, errno, _("cannot set default file creation context to %s"), quote (con)); -+ if (x->require_preserve_context) { -+ freecon(con); -+ return false; - } - } - freecon(con); -@@ -1588,7 +1598,8 @@ - else { - if (( errno != ENOTSUP ) && ( errno != ENODATA )) { - error (0, errno, _("cannot lgetfilecon %s"), quote (src_name)); -- return 1; -+ if (x->require_preserve_context) -+ return false; - } - } - } -diff -ur coreutils-6.9-orig/src/copy.h coreutils-6.9/src/copy.h ---- coreutils-6.9-orig/src/copy.h 2007-10-30 12:34:07.000000000 +0100 -+++ coreutils-6.9/src/copy.h 2007-10-30 15:52:59.000000000 +0100 -@@ -150,6 +150,18 @@ - it be zero. */ - bool require_preserve; - -+ /* Useful only when preserve_security_context is true. -+ If true, a failed attempt to preserve a file's security context -+ propagates failure "out" to the caller. If false, a failure to -+ preserve a file's security context does not change the invoking -+ application's exit status. Give diagnostics for failed syscalls -+ regardless of this setting. For example, with "cp --preserve=context" -+ this flag is "true", while with "cp -a", it is false. That means -+ "cp -a" attempts to preserve any security context, but does not -+ fail if it is unable to do so. */ -+ bool require_preserve_context; -+ -+ - /* If true, copy directories recursively and copy special files - as themselves rather than copying their contents. */ - bool recursive; -diff -ur coreutils-6.9-orig/src/cp.c coreutils-6.9/src/cp.c ---- coreutils-6.9-orig/src/cp.c 2007-10-30 12:42:13.000000000 +0100 -+++ coreutils-6.9/src/cp.c 2007-10-30 16:00:33.000000000 +0100 -@@ -766,7 +766,7 @@ - x->preserve_security_context = false; - x->set_security_context = false; - #endif -- -+ x->require_preserve_context = false; - x->require_preserve = false; - x->recursive = false; - x->sparse_mode = SPARSE_AUTO; -@@ -844,6 +844,7 @@ - - case PRESERVE_CONTEXT: - x->preserve_security_context = on_off; -+ x->require_preserve_context = on_off; - break; - - case PRESERVE_ALL: -@@ -851,7 +834,10 @@ - x->preserve_timestamps = on_off; - x->preserve_ownership = on_off; - x->preserve_links = on_off; -- x->preserve_security_context = on_off; -+ if (selinux_enabled) { -+ x->preserve_security_context = on_off; -+ x->require_preserve_context = on_off; -+ } - break; - - default: -@@ -915,8 +916,9 @@ - x.preserve_ownership = true; - x.preserve_mode = true; - x.preserve_timestamps = true; -- x.preserve_security_context = true; -- x.require_preserve = true; -+ if (selinux_enabled) -+ x.preserve_security_context = true; -+ x.require_preserve = true; - x.recursive = true; - break; - diff --git a/coreutils-6.9-statsecuritycontext.patch b/coreutils-6.9-statsecuritycontext.patch deleted file mode 100644 index 062a95b..0000000 --- a/coreutils-6.9-statsecuritycontext.patch +++ /dev/null @@ -1,205 +0,0 @@ -diff -urp coreutils-6.9-orig/src/stat.c coreutils-6.9/src/stat.c ---- coreutils-6.9-orig/src/stat.c 2007-12-04 16:26:39.000000000 +0100 -+++ coreutils-6.9/src/stat.c 2007-12-05 00:05:11.000000000 +0100 -@@ -55,12 +55,7 @@ - # include - #endif - --#ifdef WITH_SELINUX - #include --#define SECURITY_ID_T security_context_t --#else --#define SECURITY_ID_T char * --#endif - - #include "system.h" - -@@ -179,6 +174,9 @@ static struct option const long_options[ - - char *program_name; - -+/* Whether to follow symbolic links; True for --dereference (-L). */ -+static bool follow_links = false; -+ - /* Whether to interpret backslash-escape sequences. - True for --printf=FMT, not for --format=FMT (-c). */ - static bool interpret_backslash_escapes; -@@ -402,10 +400,30 @@ out_uint_x (char *pformat, size_t prefix - printf (pformat, arg); - } - -+/* Very specialized function (modifies FORMAT), just so as to avoid -+ duplicating this code between both print_statfs and print_stat. */ -+static void -+out_file_context (char const *filename, char *pformat, size_t prefix_len) -+{ -+ char *scontext; -+ if ((follow_links -+ ? getfilecon (filename, &scontext) -+ : lgetfilecon (filename, &scontext)) < 0) -+ { -+ error (0, errno, _("failed to get security context of %s"), -+ quote (filename)); -+ scontext = NULL; -+ } -+ strcpy (pformat + prefix_len, "s"); -+ printf (pformat, (scontext ? scontext : "?")); -+ if (scontext) -+ freecon (scontext); -+} -+ - /* print statfs info */ - static void - print_statfs (char *pformat, size_t prefix_len, char m, char const *filename, -- void const *data, SECURITY_ID_T scontext) -+ void const *data) - { - STRUCT_STATVFS const *statfsbuf = data; - -@@ -481,8 +499,7 @@ print_statfs (char *pformat, size_t pref - out_int (pformat, prefix_len, statfsbuf->f_ffree); - break; - case 'C': -- strcat (pformat, "s"); -- printf(scontext); -+ out_file_context (filename, pformat, prefix_len); - break; - default: - fputc ('?', stdout); -@@ -493,7 +510,7 @@ print_statfs (char *pformat, size_t pref - /* print stat info */ - static void - print_stat (char *pformat, size_t prefix_len, char m, -- char const *filename, void const *data, SECURITY_ID_T scontext) -+ char const *filename, void const *data) - { - struct stat *statbuf = (struct stat *) data; - struct passwd *pw_ent; -@@ -607,8 +624,7 @@ print_stat (char *pformat, size_t prefix - out_uint (pformat, prefix_len, statbuf->st_ctime); - break; - case 'C': -- strcat (pformat, "s"); -- printf(pformat,scontext); -+ out_file_context(filename, pformat, prefix_len); - break; - default: - fputc ('?', stdout); -@@ -656,9 +672,8 @@ print_esc_char (char c) - - static void - print_it (char const *format, char const *filename, -- void (*print_func) (char *, size_t, char, char const *, void const *, -- SECURITY_ID_T ), -- void const *data, SECURITY_ID_T scontext) -+ void (*print_func) (char *, size_t, char, char const *, void const *), -+ void const *data) - { - /* Add 2 to accommodate our conversion of the stat `%s' format string - to the longer printf `%llu' one. */ -@@ -699,7 +714,7 @@ print_it (char const *format, char const - putchar ('%'); - break; - default: -- print_func (dest, len + 1, *fmt_char, filename, data, scontext); -+ print_func (dest, len + 1, *fmt_char, filename, data); - break; - } - break; -@@ -765,18 +780,6 @@ static bool - do_statfs (char const *filename, bool terse, bool secure, char const *format) - { - STRUCT_STATVFS statfsbuf; -- SECURITY_ID_T scontext = NULL; --#ifdef WITH_SELINUX -- if(is_selinux_enabled()) { -- if (getfilecon(filename,&scontext)<0) { -- if (secure) { -- perror (filename); -- return false; -- } -- scontext = NULL; -- } -- } --#endif - - if (STATFS (filename, &statfsbuf) != 0) - { -@@ -812,43 +815,23 @@ do_statfs (char const *filename, bool te - } - } - -- print_it (format, filename, print_statfs, &statfsbuf, scontext); --#ifdef WITH_SELINUX -- if (scontext != NULL) -- freecon(scontext); --#endif -+ print_it (format, filename, print_statfs, &statfsbuf); - return true; - } - - /* stat the file and print what we find */ - static bool --do_stat (char const *filename, bool follow_links, bool terse, bool secure, -+do_stat (char const *filename, bool terse, bool secure, - char const *format) - { - struct stat statbuf; -- SECURITY_ID_T scontext = NULL; -- -+ - if ((follow_links ? stat : lstat) (filename, &statbuf) != 0) - { - error (0, errno, _("cannot stat %s"), quote (filename)); - return false; - } - --#ifdef WITH_SELINUX -- if(is_selinux_enabled()) { -- int i; -- if (!follow_links) -- i=lgetfilecon(filename, &scontext); -- else -- i=getfilecon(filename, &scontext); -- if (i == -1 && secure) -- { -- perror (filename); -- return false; -- } -- } --#endif -- - if (format == NULL) - { - if (terse) -@@ -893,11 +876,7 @@ do_stat (char const *filename, bool foll - } - } - } -- print_it (format, filename, print_stat, &statbuf, scontext); --#ifdef WITH_SELINUX -- if (scontext) -- freecon(scontext); --#endif -+ print_it (format, filename, print_stat, &statbuf); - return true; - } - -@@ -996,7 +975,6 @@ main (int argc, char *argv[]) - { - int c; - int i; -- bool follow_links = false; - bool fs = false; - bool terse = false; - bool secure = false; -@@ -1065,7 +1043,7 @@ main (int argc, char *argv[]) - for (i = optind; i < argc; i++) - ok &= (fs - ? do_statfs (argv[i], terse, secure, format) -- : do_stat (argv[i], follow_links, terse, secure, format)); -+ : do_stat (argv[i], terse, secure, format)); - - exit (ok ? EXIT_SUCCESS : EXIT_FAILURE); - } - diff --git a/coreutils-DIR_COLORS b/coreutils-DIR_COLORS index 01f6828..0583c2f 100644 --- a/coreutils-DIR_COLORS +++ b/coreutils-DIR_COLORS @@ -15,8 +15,9 @@ COLOR tty OPTIONS -F -T 0 # Below, there should be one TERM entry for each termtype that is colorizable -TERM linux -TERM console +TERM Eterm +TERM ansi +TERM color-xterm TERM con132x25 TERM con132x30 TERM con132x43 @@ -28,26 +29,34 @@ TERM con80x43 TERM con80x50 TERM con80x60 TERM cons25 -TERM xterm -TERM rxvt -TERM rxvt-unicode -TERM xterm-color -TERM xterm-16color -TERM xterm-256color -TERM xterm-88color -TERM color-xterm -TERM vt100 +TERM console +TERM cygwin TERM dtterm TERM eterm-color -TERM color_xterm -TERM ansi +TERM gnome +TERM konsole +TERM kterm +TERM linux +TERM linux-c +TERM mach-color +TERM mlterm +TERM putty +TERM rxvt +TERM rxvt-cygwin +TERM rxvt-cygwin-native +TERM rxvt-unicode TERM screen TERM screen-256color +TERM screen-bce +TERM screen-w TERM screen.linux -TERM kon -TERM kterm -TERM gnome -TERM konsole +TERM vt100 +TERM xterm +TERM xterm-16color +TERM xterm-256color +TERM xterm-88color +TERM xterm-color +TERM xterm-debian # EIGHTBIT, followed by '1' for on, '0' for off. (8-bit output) EIGHTBIT 1 @@ -63,13 +72,21 @@ EIGHTBIT 1 NORMAL 00 # global default, although everything should be something. FILE 00 # normal file DIR 01;34 # directory -LINK 01;36 # symbolic link +LINK 01;36 # symbolic link (If you set this to 'target' instead of a + # numerical value, the color is as for the file pointed to.) FIFO 40;33 # pipe SOCK 01;35 # socket +DOOR 01;35 # door BLK 40;33;01 # block device driver CHR 40;33;01 # character device driver -ORPHAN 01;05;37;41 # orphaned syminks +ORPHAN 40;31;01 # symlink to nonexistent file, or non-stat'able file MISSING 01;05;37;41 # ... and the files they point to +SETUID 37;41 # file that is setuid (u+s) +SETGID 30;43 # file that is setgid (g+s) +STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w) +OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky +STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable + # This is for files with execute permission: EXEC 01;32 @@ -77,31 +94,90 @@ EXEC 01;32 # List any file extensions like '.gz' or '.tar' that you would like ls # to colorize below. Put the extension, a space, and the color init string. # (and any comments you want to add after a '#') -.cmd 01;32 # executables (bright green) +# executables (bright green) +.cmd 01;32 .exe 01;32 .com 01;32 .btm 01;32 .bat 01;32 .sh 01;32 .csh 01;32 -.tar 01;31 # archives or compressed (bright red) + # archives or compressed (bright red) +.tar 01;31 .tgz 01;31 +.svgz 01;31 .arj 01;31 .taz 01;31 .lzh 01;31 +.lzma 01;31 .zip 01;31 .z 01;31 .Z 01;31 +.dz 01;31 .gz 01;31 .bz2 01;31 +.tbz2 01;31 .bz 01;31 .tz 01;31 +.deb 01;31 .rpm 01;31 +.jar 01;31 +.rar 01;31 +.ace 01;31 +.zoo 01;31 .cpio 01;31 -.jpg 01;35 # image formats +.7z 01;31 +.rz 01;31 +# image formats (magenta) +.jpg 01;35 +.jpeg 01;35 .gif 01;35 .bmp 01;35 +.pbm 01;35 +.pgm 01;35 +.ppm 01;35 +.tga 01;35 .xbm 01;35 .xpm 01;35 -.png 01;35 .tif 01;35 +.tiff 01;35 +.png 01;35 +.mng 01;35 +.pcx 01;35 +.mov 01;35 +.mpg 01;35 +.mpeg 01;35 +.m2v 01;35 +.mkv 01;35 +.ogm 01;35 +.mp4 01;35 +.m4v 01;35 +.mp4v 01;35 +.vob 01;35 +.qt 01;35 +.nuv 01;35 +.wmv 01;35 +.asf 01;35 +.rm 01;35 +.rmvb 01;35 +.flc 01;35 +.avi 01;35 +.fli 01;35 +.gl 01;35 +.dl 01;35 +.xcf 01;35 +.xwd 01;35 +.yuv 01;35 +.svg 01;35 +# audio formats (cyan) +.aac 00;36 +.au 00;36 +.flac 00;36 +.mid 00;36 +.midi 00;36 +.mka 00;36 +.mp3 00;36 +.mpc 00;36 +.ogg 00;36 +.ra 00;36 +.wav 00;36 diff --git a/coreutils-DIR_COLORS.256color b/coreutils-DIR_COLORS.256color new file mode 100644 index 0000000..21d8284 --- /dev/null +++ b/coreutils-DIR_COLORS.256color @@ -0,0 +1,161 @@ +# Configuration file for the 256color ls utility +# This file goes in the /etc directory, and must be world readable. +# You can copy this file to .dir_colors in your $HOME directory to override +# the system defaults. +# In the case that you are not satisfied with supplied colors, please +# submit your color configuration or attach your file with colors readable +# on ALL color background schemas (white,gray,black) to RedHat Bugzilla +# ticket on https://bugzilla.redhat.com/show_bug.cgi?id=429121 . TIA. +# Please just keep ls color conventions from 8 color scheme. + +# COLOR needs one of these arguments: 'tty' colorizes output to ttys, but not +# pipes. 'all' adds color characters to all output. 'none' shuts colorization +# off. +COLOR tty + +# Extra command line options for ls go here. +# Basically these ones are: +# -F = show '/' for dirs, '*' for executables, etc. +# -T 0 = don't trust tab spacing when formatting ls output. +OPTIONS -F -T 0 + +# Below, there should be one TERM entry for each termtype that is colorizable +TERM putty-256color +TERM rxvt-256color +TERM screen-256color +TERM xterm-256color +TERM gnome-256color + +# EIGHTBIT, followed by '1' for on, '0' for off. (8-bit output) +EIGHTBIT 1 + +# Below are the color init strings for the basic file types. A color init +# string consists of one or more of the following numeric codes: +# Attribute codes: +# 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed +# Text color(8 colors mode) codes: +# 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white +# Background color(8 colors mode) codes: +# 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white +# Text color(256 colors mode) codes: +# Valid syntax for text 256color is 38;5; , where color number +# is number between 0 and 255. +# You may find following command useful to search the best one for you: +# for ((x=0; x<=255; x++));do echo -e "${x}:\033[38;5;${x}mcolor\033[000m";done +# Background color(256 colors mode) codes: +# Valid syntax for background 256color is 48;5; , where +# color number is number between 0 and 255. +# You may find following command useful to search the best one for you: +# for ((x=0; x<=255; x++));do echo -e "${x}:\033[48;5;${x}mcolor\033[000m";done + +NORMAL 00 # global default, although everything should be something. +FILE 00 # normal file +DIR 01;38;5;27 # directory +LINK 01;38;5;51 # symbolic link (If you set this to 'target' instead of a + # numerical value, the color is as for the file pointed to.) +FIFO 40;38;5;11 # pipe +SOCK 01;38;5;13 # socket +DOOR 01;38;5;5 # door +BLK 01;48;5;232;38;5;11 # block device driver +CHR 01;48;5;232;38;5;3 # character device driver +ORPHAN 01;48;5;232;38;5;9 # symlink to nonexistent file, or non-stat'able file +MISSING 01;05;48;5;232;38;5;15 # ... and the files they point to +SETUID 48;5;196;38;5;15 # file that is setuid (u+s) +SETGID 48;5;11;38;5;16 # file that is setgid (g+s) +STICKY_OTHER_WRITABLE 48;5;10;38;5;16 # dir that is sticky and other-writable (+t,o+w) +OTHER_WRITABLE 48;5;10;38;5;21 # dir that is other-writable (o+w) and not sticky +STICKY 48;5;21;38;5;15 # dir with the sticky bit set (+t) and not other-writable + +# This is for files with execute permission: +EXEC 01;38;5;10 + +# List any file extensions like '.gz' or '.tar' that you would like ls +# to colorize below. Put the extension, a space, and the color init string. +# (and any comments you want to add after a '#') +# executables (bright green) +.cmd 01;38;5;10 +.exe 01;38;5;10 +.com 01;38;5;10 +.btm 01;38;5;10 +.bat 01;38;5;10 +.sh 01;38;5;10 +.csh 01;38;5;10 + # archives or compressed (bright red) +.tar 01;38;5;9 +.tgz 01;38;5;9 +.svgz 01;38;5;9 +.arj 01;38;5;9 +.taz 01;38;5;9 +.lzh 01;38;5;9 +.lzma 01;38;5;9 +.zip 01;38;5;9 +.z 01;38;5;9 +.Z 01;38;5;9 +.dz 01;38;5;9 +.gz 01;38;5;9 +.bz2 01;38;5;9 +.tbz2 01;38;5;9 +.bz 01;38;5;9 +.tz 01;38;5;9 +.deb 01;38;5;9 +.rpm 01;38;5;9 +.jar 01;38;5;9 +.rar 01;38;5;9 +.ace 01;38;5;9 +.zoo 01;38;5;9 +.cpio 01;38;5;9 +.7z 01;38;5;9 +.rz 01;38;5;9 +# image formats (magenta) +.jpg 01;38;5;13 +.jpeg 01;38;5;13 +.gif 01;38;5;13 +.bmp 01;38;5;13 +.pbm 01;38;5;13 +.pgm 01;38;5;13 +.ppm 01;38;5;13 +.tga 01;38;5;13 +.xbm 01;38;5;13 +.xpm 01;38;5;13 +.tif 01;38;5;13 +.tiff 01;38;5;13 +.png 01;38;5;13 +.mng 01;38;5;13 +.pcx 01;38;5;13 +.mov 01;38;5;13 +.mpg 01;38;5;13 +.mpeg 01;38;5;13 +.m2v 01;38;5;13 +.mkv 01;38;5;13 +.ogm 01;38;5;13 +.mp4 01;38;5;13 +.m4v 01;38;5;13 +.mp4v 01;38;5;13 +.vob 01;38;5;13 +.qt 01;38;5;13 +.nuv 01;38;5;13 +.wmv 01;38;5;13 +.asf 01;38;5;13 +.rm 01;38;5;13 +.rmvb 01;38;5;13 +.flc 01;38;5;13 +.avi 01;38;5;13 +.fli 01;38;5;13 +.gl 01;38;5;13 +.dl 01;38;5;13 +.xcf 01;38;5;13 +.xwd 01;38;5;13 +.yuv 01;38;5;13 +.svg 01;38;5;13 +# audio formats (cyan) +.aac 00;38;5;14 +.au 00;38;5;14 +.flac 00;38;5;14 +.mid 00;38;5;14 +.midi 00;38;5;14 +.mka 00;38;5;14 +.mp3 00;38;5;14 +.mpc 00;38;5;14 +.ogg 00;38;5;14 +.ra 00;38;5;14 +.wav 00;38;5;14 diff --git a/coreutils-DIR_COLORS.xterm b/coreutils-DIR_COLORS.xterm index 7d20036..0aa54d2 100644 --- a/coreutils-DIR_COLORS.xterm +++ b/coreutils-DIR_COLORS.xterm @@ -54,13 +54,21 @@ EIGHTBIT 1 NORMAL 00 # global default, although everything should be something. FILE 00 # normal file DIR 00;34 # directory -LINK 00;36 # symbolic link +LINK 00;36 # symbolic link (If you set this to 'target' instead of a + # numerical value, the color is as for the file pointed to.) FIFO 40;33 # pipe SOCK 00;35 # socket +DOOR 00;35 # door BLK 40;33;01 # block device driver CHR 40;33;01 # character device driver -ORPHAN 01;05;37;41 # orphaned syminks +ORPHAN 40;31;01 # symlink to nonexistent file, or non-stat'able file MISSING 01;05;37;41 # ... and the files they point to +SETUID 37;41 # file that is setuid (u+s) +SETGID 30;43 # file that is setgid (g+s) +STICKY_OTHER_WRITABLE 30;42 # dir that is sticky and other-writable (+t,o+w) +OTHER_WRITABLE 34;42 # dir that is other-writable (o+w) and not sticky +STICKY 37;44 # dir with the sticky bit set (+t) and not other-writable + # This is for files with execute permission: EXEC 00;32 @@ -75,24 +83,82 @@ EXEC 00;32 .bat 00;32 .sh 00;32 .csh 00;32 -.tar 00;31 # archives or compressed (red) + # archives or compressed (red) +.tar 00;31 .tgz 00;31 +.svgz 00;31 .arj 00;31 .taz 00;31 .lzh 00;31 +.lzma 00;31 .zip 00;31 .z 00;31 .Z 00;31 +.dz 00;31 .gz 00;31 .bz2 00;31 +.tbz2 00;31 .bz 00;31 .tz 00;31 +.deb 00;31 .rpm 00;31 +.jar 00;31 +.rar 00;31 +.ace 00;31 +.zoo 00;31 .cpio 00;31 -.jpg 00;35 # image formats +.7z 00;31 +.rz 00;31 +# image formats (magenta) +.jpg 00;35 +.jpeg 00;35 .gif 00;35 .bmp 00;35 +.pbm 00;35 +.pgm 00;35 +.ppm 00;35 +.tga 00;35 .xbm 00;35 .xpm 00;35 -.png 00;35 .tif 00;35 +.tiff 00;35 +.png 00;35 +.mng 00;35 +.pcx 00;35 +.mov 00;35 +.mpg 00;35 +.mpeg 00;35 +.m2v 00;35 +.mkv 00;35 +.ogm 00;35 +.mp4 00;35 +.m4v 00;35 +.mp4v 00;35 +.vob 00;35 +.qt 00;35 +.nuv 00;35 +.wmv 00;35 +.asf 00;35 +.rm 00;35 +.rmvb 00;35 +.flc 00;35 +.avi 00;35 +.fli 00;35 +.gl 00;35 +.dl 00;35 +.xcf 00;35 +.xwd 00;35 +.yuv 00;35 +.svg 00;35 +# audio formats (cyan) +.aac 00;36 +.au 00;36 +.flac 00;36 +.mid 00;36 +.midi 00;36 +.mka 00;36 +.mp3 00;36 +.mpc 00;36 +.ogg 00;36 +.ra 00;36 +.wav 00;36 diff --git a/coreutils-futimens.patch b/coreutils-futimens.patch deleted file mode 100644 index bb08384..0000000 --- a/coreutils-futimens.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- coreutils-6.9/lib/utimens.h.futimens 2007-02-23 18:25:21.000000000 +0000 -+++ coreutils-6.9/lib/utimens.h 2007-06-13 11:40:37.000000000 +0100 -@@ -1,3 +1,3 @@ - #include --int futimens (int, char const *, struct timespec const [2]); -+int gl_futimens (int, char const *, struct timespec const [2]); - int utimens (char const *, struct timespec const [2]); ---- coreutils-6.9/lib/utimens.c.futimens 2007-01-18 08:33:34.000000000 +0000 -+++ coreutils-6.9/lib/utimens.c 2007-06-13 11:40:37.000000000 +0100 -@@ -75,7 +75,7 @@ struct utimbuf - Return 0 on success, -1 (setting errno) on failure. */ - - int --futimens (int fd ATTRIBUTE_UNUSED, -+gl_futimens (int fd ATTRIBUTE_UNUSED, - char const *file, struct timespec const timespec[2]) - { - /* Some Linux-based NFS clients are buggy, and mishandle time stamps -@@ -185,5 +185,5 @@ futimens (int fd ATTRIBUTE_UNUSED, - int - utimens (char const *file, struct timespec const timespec[2]) - { -- return futimens (-1, file, timespec); -+ return gl_futimens (-1, file, timespec); - } ---- coreutils-6.9/src/copy.c.futimens 2007-06-13 11:56:44.000000000 +0100 -+++ coreutils-6.9/src/copy.c 2007-06-13 11:57:00.000000000 +0100 -@@ -547,7 +547,7 @@ copy_reg (char const *src_name, char con - timespec[0] = get_stat_atime (src_sb); - timespec[1] = get_stat_mtime (src_sb); - -- if (futimens (dest_desc, dst_name, timespec) != 0) -+ if (gl_futimens (dest_desc, dst_name, timespec) != 0) - { - error (0, errno, _("preserving times for %s"), quote (dst_name)); - if (x->require_preserve) ---- coreutils-6.9/src/touch.c.futimens 2007-06-13 11:58:00.000000000 +0100 -+++ coreutils-6.9/src/touch.c 2007-06-13 11:58:06.000000000 +0100 -@@ -182,7 +182,7 @@ touch (const char *file) - t = timespec; - } - -- ok = (futimens (fd, (fd == STDOUT_FILENO ? NULL : file), t) == 0); -+ ok = (gl_futimens (fd, (fd == STDOUT_FILENO ? NULL : file), t) == 0); - - if (fd == STDIN_FILENO) - { diff --git a/coreutils-getdateYYYYMMDD.patch b/coreutils-getdateYYYYMMDD.patch deleted file mode 100644 index 63cd449..0000000 --- a/coreutils-getdateYYYYMMDD.patch +++ /dev/null @@ -1,124 +0,0 @@ -diff -urNp coreutils-6.9.orig/lib/getdate.y coreutils-6.9/lib/getdate.y ---- coreutils-6.9.orig/lib/getdate.y 2007-02-23 19:25:21.000000000 +0100 -+++ coreutils-6.9/lib/getdate.y 2007-11-23 10:27:13.000000000 +0100 -@@ -199,6 +199,42 @@ static int yylex (union YYSTYPE *, parse - static int yyerror (parser_control const *, char const *); - static long int time_zone_hhmm (textint, long int); - -+static void -+digits_to_date_time (parser_control *pc, textint text_int) -+{ -+ if (pc->dates_seen && ! pc->year.digits -+ && ! pc->rels_seen && (pc->times_seen || 2 < text_int.digits)) -+ pc->year = text_int; -+ else -+ { -+ if (4 < text_int.digits) -+ { -+ pc->dates_seen++; -+ pc->day = text_int.value % 100; -+ pc->month = (text_int.value / 100) % 100; -+ pc->year.value = text_int.value / 10000; -+ pc->year.digits = text_int.digits - 4; -+ } -+ else -+ { -+ pc->times_seen++; -+ if (text_int.digits <= 2) -+ { -+ pc->hour = text_int.value; -+ pc->minutes = 0; -+ } -+ else -+ { -+ pc->hour = text_int.value / 100; -+ pc->minutes = text_int.value % 100; -+ } -+ pc->seconds.tv_sec = 0; -+ pc->seconds.tv_nsec = 0; -+ pc->meridian = MER24; -+ } -+ } -+} -+ - %} - - /* We want a reentrant parser, even if the TZ manipulation and the calls to -@@ -268,6 +304,7 @@ item: - | rel - { pc->rels_seen = true; } - | number -+ | hybrid - ; - - time: -@@ -543,38 +580,23 @@ unsigned_seconds: - - number: - tUNUMBER -+ { digits_to_date_time (pc, $1); } -+ ; -+ -+hybrid: -+ tUNUMBER relunit_snumber - { -- if (pc->dates_seen && ! pc->year.digits -- && ! pc->rels_seen && (pc->times_seen || 2 < $1.digits)) -- pc->year = $1; -- else -- { -- if (4 < $1.digits) -- { -- pc->dates_seen++; -- pc->day = $1.value % 100; -- pc->month = ($1.value / 100) % 100; -- pc->year.value = $1.value / 10000; -- pc->year.digits = $1.digits - 4; -- } -- else -- { -- pc->times_seen++; -- if ($1.digits <= 2) -- { -- pc->hour = $1.value; -- pc->minutes = 0; -- } -- else -- { -- pc->hour = $1.value / 100; -- pc->minutes = $1.value % 100; -- } -- pc->seconds.tv_sec = 0; -- pc->seconds.tv_nsec = 0; -- pc->meridian = MER24; -- } -- } -+ /* Hybrid all-digit and relative offset, so that we accept e.g., -+ "YYYYMMDD +N days" as well as "YYYYMMDD N days". */ -+ digits_to_date_time (pc, $1); -+ pc->rel.ns += $2.ns; -+ pc->rel.seconds += $2.seconds; -+ pc->rel.minutes += $2.minutes; -+ pc->rel.hour += $2.hour; -+ pc->rel.day += $2.day; -+ pc->rel.month += $2.month; -+ pc->rel.year += $2.year; -+ pc->rels_seen = true; - } - ; - -diff -urNp coreutils-6.9.orig/tests/misc/date coreutils-6.9/tests/misc/date ---- coreutils-6.9.orig/tests/misc/date 2007-03-18 22:36:43.000000000 +0100 -+++ coreutils-6.9/tests/misc/date 2007-11-23 10:14:19.000000000 +0100 -@@ -135,6 +135,11 @@ my @Tests = - ['next-mo', "-d '$d1 next month' '+%Y-%m-%d %T'", {OUT=>"$dm $t0"}], - ['next-y', "-d '$d1 next year' '+%Y-%m-%d %T'", {OUT=>"$dy $t0"}], - -+ # This has always worked, ... -+ ['rel-1', "-d '20050101 1 day' +%F", {OUT=>"2005-01-02"}], -+ # ...but up to coreutils-6.9, this was rejected due to the "+". -+ ['rel-1p', "-d '20050101 +1 day' +%F", {OUT=>"2005-01-02"}], -+ - ['utc-0', "-u -d '08/01/97 6:00' '+%D,%H:%M'", {OUT=>"08/01/97,06:00"}, - {ENV => 'TZ=UTC+4'}], - diff --git a/coreutils-getfacl-exit-code.patch b/coreutils-getfacl-exit-code.patch deleted file mode 100644 index a6bccc3..0000000 --- a/coreutils-getfacl-exit-code.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- coreutils-6.8+/tests/cp/acl.getfacl-exit-code 2007-03-01 16:48:29.000000000 +0000 -+++ coreutils-6.8+/tests/cp/acl 2007-03-01 16:49:35.000000000 +0000 -@@ -70,16 +70,16 @@ - # copy a file without preserving permissions - cp a/file b/ || fail=1 - --acl2=`cd b && getfacl file` || framework_failure=1 -+acl2=`cd b && getfacl file` - test "$acl1" = "$acl2" || fail=1 - rm a/file || framework_failure=1 - - # copy a file, preserving permissions - touch a/file || framework_failure=1 --setfacl -m user:bin:rw a/file || framework_failure=1 --acl1=`cd a && getfacl file` || framework_failure=1 -+setfacl -m user:bin:rw a/file -+acl1=`cd a && getfacl file` - cp -p a/file b/ || fail=1 --acl2=`cd b && getfacl file` || framework_failure=1 -+acl2=`cd b && getfacl file` - test "$acl1" = "$acl2" || fail=1 - - if test $framework_failure = 1; then diff --git a/coreutils-getgrouplist.patch b/coreutils-getgrouplist.patch index 0be83c0..90ea849 100644 --- a/coreutils-getgrouplist.patch +++ b/coreutils-getgrouplist.patch @@ -1,44 +1,56 @@ ---- coreutils-6.7/lib/getugroups.c.getgrouplist 2006-09-14 10:53:58.000000000 +0100 -+++ coreutils-6.7/lib/getugroups.c 2007-01-09 17:33:09.000000000 +0000 -@@ -21,6 +21,9 @@ +diff -urp coreutils-6.10-orig/lib/getugroups.c coreutils-6.10/lib/getugroups.c +--- coreutils-6.10-orig/lib/getugroups.c 2007-10-17 15:47:25.000000000 +0200 ++++ coreutils-6.10/lib/getugroups.c 2008-01-24 16:37:04.000000000 +0100 +@@ -19,6 +19,9 @@ #include +/* We do not need this code if getgrouplist(3) is available. */ +#ifndef HAVE_GETGROUPLIST + - #include + #include "getugroups.h" + #include /* grp.h on alpha OSF1 V2.0 uses "FILE *". */ - #include -@@ -102,3 +105,4 @@ +@@ -114,3 +117,4 @@ getugroups (int maxcount, GETGROUPS_T *g return count; } +#endif /* have getgrouplist */ ---- coreutils-6.7/src/id.c.getgrouplist 2006-10-22 17:54:15.000000000 +0100 -+++ coreutils-6.7/src/id.c 2007-01-09 17:33:09.000000000 +0000 -@@ -253,7 +253,14 @@ - if (!username) - max_n_groups = getgroups (0, NULL); - else -- max_n_groups = getugroups (0, NULL, username, gid); -+ { +diff -urp coreutils-6.10-orig/lib/mgetgroups.c coreutils-6.10/lib/mgetgroups.c +--- coreutils-6.10-orig/lib/mgetgroups.c 2007-11-25 14:23:31.000000000 +0100 ++++ coreutils-6.10/lib/mgetgroups.c 2008-01-24 16:41:15.000000000 +0100 +@@ -43,9 +43,17 @@ mgetgroups (const char *username, gid_t + int ng; + GETGROUPS_T *g; + +- max_n_groups = (username +- ? getugroups (0, NULL, username, gid) +- : getgroups (0, NULL)); ++ if (!username) ++ max_n_groups = getgroups(0, NULL); ++ else ++ { +#ifdef HAVE_GETGROUPLIST + max_n_groups = 0; + getgrouplist (username, gid, NULL, &max_n_groups); +#else + max_n_groups = getugroups (0, NULL, username, gid); +#endif -+ } ++ } - if (max_n_groups < 0) - ng = -1; -@@ -263,7 +270,22 @@ - if (!username) - ng = getgroups (max_n_groups, g); - else -- ng = getugroups (max_n_groups, g, username, gid); -+ { + /* If we failed to count groups with NULL for a buffer, + try again with a non-NULL one, just in case. */ +@@ -62,9 +70,25 @@ mgetgroups (const char *username, gid_t + if (g == NULL) + return -1; + +- ng = (username +- ? getugroups (max_n_groups, g, username, gid) +- : getgroups (max_n_groups, g)); ++ if (!username) ++ ng = getgroups (max_n_groups, g); ++ else ++ { +#ifdef HAVE_GETGROUPLIST + int e; + ng = max_n_groups; @@ -53,13 +65,14 @@ +#else + ng = getugroups (max_n_groups, g, username, gid); +#endif -+ } - } ++ } if (ng < 0) ---- coreutils-6.7/m4/jm-macros.m4.getgrouplist 2006-12-06 11:04:22.000000000 +0000 -+++ coreutils-6.7/m4/jm-macros.m4 2007-01-09 17:33:47.000000000 +0000 -@@ -64,6 +64,7 @@ + { +diff -urp coreutils-6.10-orig/m4/jm-macros.m4 coreutils-6.10/m4/jm-macros.m4 +--- coreutils-6.10-orig/m4/jm-macros.m4 2007-11-25 14:23:31.000000000 +0100 ++++ coreutils-6.10/m4/jm-macros.m4 2008-01-24 16:42:00.000000000 +0100 +@@ -52,6 +52,7 @@ AC_DEFUN([coreutils_MACROS], fchown \ fchmod \ ftruncate \ diff --git a/coreutils-i18n.patch b/coreutils-i18n.patch index 108cbc3..33e6488 100644 --- a/coreutils-i18n.patch +++ b/coreutils-i18n.patch @@ -89,8 +89,8 @@ +Cherry@30 --- coreutils-6.8+/tests/sort/Makefile.am.i18n 2007-01-24 07:47:37.000000000 +0000 +++ coreutils-6.8+/tests/sort/Makefile.am 2007-03-01 15:09:59.000000000 +0000 -@@ -66,15 +66,17 @@ - bigfield.O bigfield.E +@@ -66,12 +66,14 @@ + bigfield.O bigfield.E obs-inval.O obs-inval.E realloc-buf.O realloc-buf.E ##test-files-end -EXTRA_DIST = Test.pm $x-tests $(explicit) $(maint_gen) @@ -99,9 +99,6 @@ + +EXTRA_DIST = Test.pm $x-tests $(explicit) $(maint_gen) mb1.I mb1.X mb2.I mb2.X +noinst_SCRIPTS = $x-tests # $x-mb-tests - TESTS_ENVIRONMENT = \ - CU_TEST_NAME=`basename $(abs_srcdir)`,$$tst \ - PATH="$(VG_PATH_PREFIX)`pwd`/../../src$(PATH_SEPARATOR)$$PATH" editpl = sed -e 's,@''PERL''@,$(PERL),g' -e 's,@''srcdir''@,$(srcdir),g' @@ -1096,7 +1093,7 @@ + mbstate_t thisstate; +#endif + - if (readlinebuffer (thisline, stdin) == 0) + if (readlinebuffer_delim (thisline, stdin, delimiter) == 0) break; thisfield = find_field (thisline); thislen = thisline->length - 1 - (thisfield - thisline->buffer); @@ -1130,7 +1127,7 @@ + mbstate_t prevstate; +#endif - if (readlinebuffer (prevline, stdin) == 0) + if (readlinebuffer_delim (prevline, stdin, delimiter) == 0) goto closefiles; prevfield = find_field (prevline); prevlen = prevline->length - 1 - (prevfield - prevline->buffer); @@ -1146,7 +1143,7 @@ +#if HAVE_MBRTOWC + mbstate_t thisstate; +#endif - if (readlinebuffer (thisline, stdin) == 0) + if (readlinebuffer_delim (thisline, stdin, delimiter) == 0) { if (ferror (stdin)) @@ -341,6 +561,15 @@ @@ -3612,7 +3609,7 @@ fieldstr++; @@ -387,14 +464,16 @@ - if (value == 0) + if (!rhs_specified) { /* `n-'. From `initial' to end of line. */ - eol_range_start = initial; @@ -3625,7 +3622,7 @@ { /* `m-n' or `-n' (1-n). */ if (value < initial) -- FATAL_ERROR (_("invalid byte or field list")); +- FATAL_ERROR (_("invalid decreasing range")); + FATAL_ERROR (_("invalid byte, character or field list")); /* Is there already a range going to end of line? */ diff --git a/coreutils-ls-x.patch b/coreutils-ls-x.patch deleted file mode 100644 index de1de02..0000000 --- a/coreutils-ls-x.patch +++ /dev/null @@ -1,109 +0,0 @@ ---- coreutils-6.9/src/ls.c.ls-x 2007-06-13 14:27:36.000000000 +0100 -+++ coreutils-6.9/src/ls.c 2007-06-13 14:28:42.000000000 +0100 -@@ -4151,16 +4151,16 @@ - size_t pos = 0; - size_t cols = calculate_columns (false); - struct column_info const *line_fmt = &column_info[cols - 1]; -- size_t name_length = length_of_file_name_and_frills (cwd_file); -+ struct fileinfo const *f = sorted_file[0]; -+ size_t name_length = length_of_file_name_and_frills (f); - size_t max_name_length = line_fmt->col_arr[0]; - - /* Print first entry. */ -- print_file_name_and_frills (cwd_file); -+ print_file_name_and_frills (f); - - /* Now the rest. */ - for (filesno = 1; filesno < cwd_n_used; ++filesno) - { -- struct fileinfo const *f; - size_t col = filesno % cols; - - if (col == 0) ---- coreutils-6.9/tests/ls/Makefile.am.ls-x 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/tests/ls/Makefile.am 2007-06-13 14:28:42.000000000 +0100 -@@ -24,7 +24,7 @@ - stat-dtype \ - inode dangle file-type recursive dired infloop \ - rt-1 time-1 symlink-slash follow-slink no-arg m-option \ -- stat-vs-dirent -+ stat-vs-dirent x-option - - EXTRA_DIST = $(TESTS) - TESTS_ENVIRONMENT = \ ---- /dev/null 2007-06-13 08:43:51.993263382 +0100 -+++ coreutils-6.9/tests/ls/x-option 2007-06-13 14:28:42.000000000 +0100 -@@ -0,0 +1,59 @@ -+#!/bin/sh -+# Exercise the -x option. -+ -+# Copyright (C) 2007 Free Software Foundation, Inc. -+ -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+ -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+ -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+# 02110-1301, USA. -+ -+if test "$VERBOSE" = yes; then -+ set -x -+ ls --version -+fi -+ -+. $srcdir/../envvar-check -+. $srcdir/../lang-default -+ -+pwd=`pwd` -+t0=`echo "$0"|sed 's,.*/,,'`.tmp; tmp=$t0/$$ -+trap 'status=$?; cd "$pwd" && chmod -R u+rwx $t0 && rm -rf $t0 && exit $status' 0 -+trap '(exit $?); exit $?' 1 2 13 15 -+ -+framework_failure=0 -+mkdir -p $tmp || framework_failure=1 -+cd $tmp || framework_failure=1 -+mkdir subdir || framework_failure=1 -+touch subdir/b || framework_failure=1 -+touch subdir/a || framework_failure=1 -+ -+if test $framework_failure = 1; then -+ echo "$0: failure in testing framework" 1>&2 -+ (exit 1); exit 1 -+fi -+ -+fail=0 -+ -+# Coreutils 6.8 and 6.9 would output this in the wrong order. -+ls -x subdir > out || fail=1 -+ls -rx subdir >> out || fail=1 -+cat <<\EOF > exp || fail=1 -+a b -+b a -+EOF -+ -+cmp out exp || fail=1 -+test $fail = 1 && diff out exp 2> /dev/null -+ -+(exit $fail); exit $fail ---- coreutils-6.9/NEWS.ls-x 2007-03-22 21:19:45.000000000 +0000 -+++ coreutils-6.9/NEWS 2007-06-13 14:28:42.000000000 +0100 -@@ -13,6 +13,11 @@ - Using pr -m -s (i.e. merging files, with TAB as the output separator) - no longer inserts extraneous spaces between output columns. - -+** Bug fixes -+ -+ ls -x DIR would sometimes output the wrong string in place of the -+ first entry. [introduced in coreutils-6.8] -+ - - * Noteworthy changes in release 6.8 (2007-02-24) [not-unstable] - diff --git a/coreutils-overflow.patch b/coreutils-overflow.patch index 81592cc..0d55a6d 100644 --- a/coreutils-overflow.patch +++ b/coreutils-overflow.patch @@ -1,7 +1,7 @@ --- coreutils-5.2.1/src/who.c.overflow 2005-05-25 09:59:06.000000000 +0100 +++ coreutils-5.2.1/src/who.c 2005-05-25 10:00:31.000000000 +0100 @@ -75,7 +75,7 @@ - # define NEW_TIME 0 + # define UT_TYPE_NEW_TIME(U) false #endif -#define IDLESTR_LEN 6 diff --git a/coreutils-pam.patch b/coreutils-pam.patch index a0fe36b..8593ecc 100644 --- a/coreutils-pam.patch +++ b/coreutils-pam.patch @@ -177,13 +177,13 @@ + pam_close_session(pamh, 0); + pam_end(pamh, PAM_ABORT); +#endif - error (EXIT_FAIL, errno, _("cannot set groups")); + error (EXIT_FAILURE, errno, _("cannot set groups")); + } endgrent (); #endif if (setgid (pw->pw_gid)) @@ -318,6 +413,31 @@ - error (EXIT_FAIL, errno, _("cannot set user id")); + error (EXIT_FAILURE, errno, _("cannot set user id")); } +#ifdef USE_PAM @@ -397,7 +397,7 @@ --- coreutils-6.7/configure.ac.pam 2006-12-07 21:30:24.000000000 +0000 +++ coreutils-6.7/configure.ac 2007-01-09 17:18:04.000000000 +0000 -@@ -39,6 +39,13 @@ +@@ -44,6 +44,13 @@ gl_INIT coreutils_MACROS @@ -408,6 +408,6 @@ +LIB_PAM="-ldl -lpam -lpam_misc" +AC_SUBST(LIB_PAM)]) + - AC_CHECK_FUNCS(uname, - OPTIONAL_BIN_PROGS="$OPTIONAL_BIN_PROGS uname\$(EXEEXT)" - MAN="$MAN uname.1") + AC_FUNC_FORK + + optional_bin_progs= diff --git a/coreutils-selinux.patch b/coreutils-selinux.patch index c221d1e..081efa6 100644 --- a/coreutils-selinux.patch +++ b/coreutils-selinux.patch @@ -1,45 +1,528 @@ ---- coreutils-6.9/tests/help-version.selinux 2007-03-23 11:59:21.000000000 +0000 -+++ coreutils-6.9/tests/help-version 2007-03-23 11:59:21.000000000 +0000 -@@ -72,6 +72,8 @@ +diff -urp coreutils-6.10-orig/configure.ac coreutils-6.10/configure.ac +--- coreutils-6.10-orig/configure.ac 2008-01-25 12:32:33.000000000 +0100 ++++ coreutils-6.10/configure.ac 2008-01-25 14:10:34.000000000 +0100 +@@ -51,6 +51,13 @@ AC_ARG_ENABLE(pam, dnl + LIB_PAM="-ldl -lpam -lpam_misc" + AC_SUBST(LIB_PAM)]) + ++dnl Give the chance to enable SELINUX ++AC_ARG_ENABLE(selinux, dnl ++[ --enable-selinux Enable use of the SELINUX libraries], ++[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) ++LIB_SELINUX="-lselinux" ++AC_SUBST(LIB_SELINUX)]) ++ + AC_FUNC_FORK + + optional_bin_progs= +diff -urp coreutils-6.10-orig/man/cp.1 coreutils-6.10/man/cp.1 +--- coreutils-6.10-orig/man/cp.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/cp.1 2008-01-25 14:42:25.000000000 +0100 +@@ -58,7 +58,7 @@ same as \fB\-\-preserve\fR=\fImode\fR,ow + \fB\-\-preserve\fR[=\fIATTR_LIST\fR] + preserve the specified attributes (default: + mode,ownership,timestamps), if possible +-additional attributes: context, links, all ++additional attributes: security context, links, all + .TP + \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR + don't preserve the specified attributes +@@ -102,6 +102,9 @@ explain what is being done + .TP + \fB\-x\fR, \fB\-\-one\-file\-system\fR + stay on this file system ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++(SELinux) set SELinux security context of copy to CONTEXT ++.TP + .TP + \fB\-\-help\fR + display this help and exit +diff -urp coreutils-6.10-orig/man/dir.1 coreutils-6.10/man/dir.1 +--- coreutils-6.10-orig/man/dir.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/dir.1 2008-01-25 14:46:19.000000000 +0100 +@@ -203,11 +203,24 @@ list entries by lines instead of by colu + \fB\-X\fR + sort alphabetically by entry extension + .TP +-\fB\-Z\fR, \fB\-\-context\fR +-print any SELinux security context of each file +-.TP + \fB\-1\fR + list one file per line ++.PP ++SELINUX options: ++.TP ++\fB\-\-lcontext\fR ++Display SELinux security context. ++Enable \fB\-l\fR. Lines will probably be too ++wide for most displays. ++.TP ++\fB\-\-context\fR ++Display SELinux security context so it fits ++on most displays. Displays only mode, user, ++group, security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only SELinux security context and ++file name. + .TP + \fB\-\-help\fR + display this help and exit +diff -urp coreutils-6.10-orig/man/chcon.1 coreutils-6.10/man/chcon.1 +--- coreutils-6.10-orig/man/chcon.1 2008-01-25 12:34:22.000000000 +0100 ++++ coreutils-6.10/man/chcon.1 2008-01-25 14:15:52.000000000 +0100 +@@ -1,7 +1,7 @@ + .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.35. + .TH CHCON "1" "January 2008" "GNU coreutils 6.10" "User Commands" + .SH NAME +-chcon \- change file security context ++chcon \- change file SELinux security context + .SH SYNOPSIS + .B chcon + [\fIOPTION\fR]... \fICONTEXT FILE\fR... +@@ -14,7 +14,7 @@ chcon \- change file security context + .SH DESCRIPTION + .\" Add any additional description here + .PP +-Change the security context of each FILE to CONTEXT. ++Change the SELinux security context of each FILE to CONTEXT. + With \fB\-\-reference\fR, change the security context of each FILE to that of RFILE. + .TP + \fB\-c\fR, \fB\-\-changes\fR +@@ -74,6 +74,8 @@ License GPLv3+: GNU GPL version 3 or lat + .br + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. ++.SH "REPORTING BUGS" ++Report bugs to . + .SH "SEE ALSO" + The full documentation for + .B chcon +diff -urp coreutils-6.10-orig/man/id.1 coreutils-6.10/man/id.1 +--- coreutils-6.10-orig/man/id.1 2008-01-25 12:34:24.000000000 +0100 ++++ coreutils-6.10/man/id.1 2008-01-25 14:40:22.000000000 +0100 +@@ -14,7 +14,7 @@ Print information for USERNAME, or the c + ignore, for compatibility with other versions + .TP + \fB\-Z\fR, \fB\-\-context\fR +-print only the security context of the current user ++print only the SELinux security context of the current user + .TP + \fB\-g\fR, \fB\-\-group\fR + print only the effective group ID +diff -urp coreutils-6.10-orig/man/install.1 coreutils-6.10/man/install.1 +--- coreutils-6.10-orig/man/install.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/install.1 2008-01-25 14:32:47.000000000 +0100 +@@ -68,11 +68,11 @@ treat DEST as a normal file + \fB\-v\fR, \fB\-\-verbose\fR + print the name of each directory as it is created + .TP +-\fB\-\-preserve\-context\fR +-preserve SELinux security context ++\fB\-P\fR, \fB\-\-preserve_context\fR \fB\-\-preserve\-context\fR ++(SELinux) preserve SELinux security context + .TP + \fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR +-set SELinux security context of files and directories ++(SELinux) set SELinux security context of files and directories + .TP + \fB\-\-help\fR + display this help and exit +diff -urp coreutils-6.10-orig/man/ls.1 coreutils-6.10/man/ls.1 +--- coreutils-6.10-orig/man/ls.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/ls.1 2008-01-25 14:39:10.000000000 +0100 +@@ -203,11 +203,24 @@ list entries by lines instead of by colu + \fB\-X\fR + sort alphabetically by entry extension + .TP +-\fB\-Z\fR, \fB\-\-context\fR +-print any SELinux security context of each file +-.TP + \fB\-1\fR + list one file per line ++.PP ++SELinux options: ++.TP ++\fB\-\-lcontext\fR ++Display SELinux security context. ++Enable \fB\-l\fR. Lines will probably be too ++wide for most displays. ++.TP ++\fB\-Z\fR, \fB\-\-context\fR ++Display SELinux security context so it fits ++on most displays. Displays only mode, user, ++group, security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only SELinux security context and ++file name. + .TP + \fB\-\-help\fR + display this help and exit +diff -urp coreutils-6.10-orig/man/mkdir.1 coreutils-6.10/man/mkdir.1 +--- coreutils-6.10-orig/man/mkdir.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/mkdir.1 2008-01-25 14:36:44.000000000 +0100 +@@ -21,9 +21,9 @@ no error if existing, make parent direct + \fB\-v\fR, \fB\-\-verbose\fR + print a message for each created directory + .TP +-\fB\-Z\fR, \fB\-\-context\fR=\fICTX\fR +-set the SELinux security context of each created +-directory to CTX ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++(SELinux) set the SELinux security context of each ++created directory to CONTEXT + .TP + \fB\-\-help\fR + display this help and exit +diff -urp coreutils-6.10-orig/man/mkfifo.1 coreutils-6.10/man/mkfifo.1 +--- coreutils-6.10-orig/man/mkfifo.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/mkfifo.1 2008-01-25 14:43:27.000000000 +0100 +@@ -10,8 +10,8 @@ mkfifo \- make FIFOs (named pipes) + .PP + Create named pipes (FIFOs) with the given NAMEs. + .TP +-\fB\-Z\fR, \fB\-\-context\fR=\fICTX\fR +-set the SELinux security context of each NAME to CTX ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set the SELinux security context of each NAME to CONTEXT(quoted string) + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP +diff -urp coreutils-6.10-orig/man/mknod.1 coreutils-6.10/man/mknod.1 +--- coreutils-6.10-orig/man/mknod.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/mknod.1 2008-01-25 14:39:49.000000000 +0100 +@@ -10,8 +10,8 @@ mknod \- make block or character special + .PP + Create the special file NAME of the given TYPE. + .TP +-\fB\-Z\fR, \fB\-\-context\fR=\fICTX\fR +-set the SELinux security context of NAME to CTX ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set the SELinux security context of NAME to CONTEXT + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP +diff -urp coreutils-6.10-orig/man/stat.1 coreutils-6.10/man/stat.1 +--- coreutils-6.10-orig/man/stat.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/stat.1 2008-01-25 14:11:23.000000000 +0100 +@@ -28,6 +28,9 @@ If you want a newline, include \en in FO + \fB\-t\fR, \fB\-\-terse\fR + print the information in terse form + .TP ++\fB\-Z\fR, \fB\-\-context\fR ++print security context information for SELinux if available. ++.TP + \fB\-\-help\fR + display this help and exit + .TP +diff -urp coreutils-6.10-orig/man/vdir.1 coreutils-6.10/man/vdir.1 +--- coreutils-6.10-orig/man/vdir.1 2008-01-25 12:34:23.000000000 +0100 ++++ coreutils-6.10/man/vdir.1 2008-01-25 14:35:10.000000000 +0100 +@@ -208,6 +208,20 @@ print any SELinux security context of ea + .TP + \fB\-1\fR + list one file per line ++.PP ++SELINUX options: ++.TP ++\fB\-\-lcontext\fR ++Display SELinux security context. Enable \fB\-l\fR. ++Lines will probably be too wide for most displays. ++.TP ++\fB\-\-context\fR ++Display SELinux security context so it fits ++on most displays. Displays only mode, user, ++group, SELinux security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only SELinux security context and file name. + .TP + \fB\-\-help\fR + display this help and exit +diff -urp coreutils-6.10-orig/src/copy.c coreutils-6.10/src/copy.c +--- coreutils-6.10-orig/src/copy.c 2008-01-05 23:59:11.000000000 +0100 ++++ coreutils-6.10/src/copy.c 2008-01-25 17:23:17.000000000 +0100 +@@ -370,9 +367,10 @@ copy_reg (char const *src_name, char con + security_context_t con = NULL; + if (getfscreatecon (&con) < 0) + { +- error (0, errno, _("failed to get file system create context")); ++ //do not show error when we not require security context (-a option) + if (x->require_preserve_context) + { ++ error (0, errno, _("failed to get file system create context")); + return_val = false; + goto close_src_and_dst_desc; + } +@@ -383,11 +387,12 @@ copy_reg (char const *src_name, char con + { + if (fsetfilecon (dest_desc, con) < 0) + { +- error (0, errno, +- _("failed to set the security context of %s to %s"), +- quote_n (0, dst_name), quote_n (1, con)); ++ //do not show error when we not require security context (-a option) + if (x->require_preserve_context) + { ++ error (0, errno, ++ _("failed to set the security context of %s to %s"), ++ quote_n (0, dst_name), quote_n (1, con)); + return_val = false; + freecon (con); + goto close_src_and_dst_desc; +@@ -1630,11 +1635,12 @@ copy_internal (char const *src_name, cha + { + if (setfscreatecon (con) < 0) + { +- error (0, errno, +- _("failed to set default file creation context to %s"), +- quote (con)); ++ //do not show error when we not require security context (-a option) + if (x->require_preserve_context) + { ++ error (0, errno, ++ _("failed to set default file creation context to %s"), ++ quote (con)); + freecon (con); + return false; + } +@@ -1644,12 +1650,14 @@ copy_internal (char const *src_name, cha + else + { + if (errno != ENOTSUP && errno != ENODATA) +- { +- error (0, errno, +- _("failed to get security context of %s"), +- quote (src_name)); +- if (x->require_preserve_context) +- return false; ++ { ++ //do not show error when we not require security context (-a option) ++ if (x->require_preserve_context) { ++ error (0, errno, ++ _("failed to get security context of %s"), ++ quote (src_name)); ++ return false; ++ } + } + } + } +@@ -1735,6 +1743,8 @@ copy_internal (char const *src_name, cha + { + /* Here, we are crossing a file system boundary and cp's -x option + is in effect: so don't copy the contents of this directory. */ ++ if (x->preserve_security_context) ++ restore_default_fscreatecon_or_die (); + } + else + { +diff -urp coreutils-6.10-orig/src/copy.h coreutils-6.10/src/copy.h +--- coreutils-6.10-orig/src/copy.h 2008-01-05 23:58:25.000000000 +0100 ++++ coreutils-6.10/src/copy.h 2008-01-25 16:29:21.000000000 +0100 +@@ -141,6 +141,9 @@ struct cp_options + bool preserve_mode; + bool preserve_timestamps; + ++ /* If true, attempt to set specified security context */ ++ bool set_security_context; ++ + /* Enabled for mv, and for cp by the --preserve=links option. + If true, attempt to preserve in the destination files any + logical hard links between the source files. If used with cp's +diff -urp coreutils-6.10-orig/src/cp.c coreutils-6.10/src/cp.c +--- coreutils-6.10-orig/src/cp.c 2008-01-11 12:19:53.000000000 +0100 ++++ coreutils-6.10/src/cp.c 2008-01-25 16:26:22.000000000 +0100 +@@ -147,6 +147,7 @@ static struct option const long_opts[] = + {"target-directory", required_argument, NULL, 't'}, + {"update", no_argument, NULL, 'u'}, + {"verbose", no_argument, NULL, 'v'}, ++ {"context", required_argument, NULL, 'Z'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, + {NULL, 0, NULL, 0} +@@ -200,6 +201,9 @@ Mandatory arguments to long options are + additional attributes: context, links, all\n\ + "), stdout); + fputs (_("\ ++ -c same as --preserve=context\n\ ++"), stdout); ++ fputs (_("\ + --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ + --parents use full source file name under DIRECTORY\n\ + "), stdout); +@@ -225,6 +229,7 @@ Mandatory arguments to long options are + destination file is missing\n\ + -v, --verbose explain what is being done\n\ + -x, --one-file-system stay on this file system\n\ ++ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\ + "), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); + fputs (VERSION_OPTION_DESCRIPTION, stdout); +@@ -774,6 +779,7 @@ cp_option_init (struct cp_options *x) + x->preserve_timestamps = false; + x->preserve_security_context = false; + x->require_preserve_context = false; ++ x->set_security_context = false; - # Skip `test'; it doesn't accept --help or --version. - test $i = test && continue; -+ test $i = chcon && continue; -+ test $i = runcon && continue; + x->require_preserve = false; + x->recursive = false; +@@ -867,8 +873,10 @@ decode_preserve_arg (char const *arg, st + x->preserve_timestamps = on_off; + x->preserve_ownership = on_off; + x->preserve_links = on_off; +- if (selinux_enabled) ++ if (selinux_enabled) { + x->preserve_security_context = on_off; ++ x->require_preserve_context = on_off; ++ } + break; - # false fails even when invoked with --help or --version. - if test $i = false; then -@@ -198,7 +200,7 @@ + default: +@@ -909,7 +917,7 @@ main (int argc, char **argv) + we'll actually use backup_suffix_string. */ + backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); - for i in $all_programs; do - # Skip these. -- case $i in chroot|stty|tty|false) continue;; esac -+ case $i in chroot|stty|tty|false|chcon|runcon) continue;; esac +- while ((c = getopt_long (argc, argv, "abdfHilLprst:uvxPRS:T", ++ while ((c = getopt_long (argc, argv, "abcdfHilLprst:uvxPRS:TZ", + long_opts, NULL)) + != -1) + { +@@ -920,13 +928,15 @@ main (int argc, char **argv) + sparse_type_string, sparse_type); + break; - rm -rf $tmp_in $tmp_in2 $tmp_dir $tmp_out - echo > $tmp_in ---- coreutils-6.9/src/ls.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/ls.c 2007-03-23 11:59:21.000000000 +0000 -@@ -111,6 +111,18 @@ +- case 'a': /* Like -dpPR. */ ++ case 'a': /* Like -dpPRc. */ + x.dereference = DEREF_NEVER; + x.preserve_links = true; + x.preserve_ownership = true; + x.preserve_mode = true; + x.preserve_timestamps = true; +- x.require_preserve = true; ++ x.require_preserve = true; ++ if (selinux_enabled) ++ x.preserve_security_context = true; + x.recursive = true; + break; - #define AUTHORS "Richard Stallman", "David MacKenzie" +@@ -940,6 +950,16 @@ main (int argc, char **argv) + copy_contents = true; + break; + ++ case 'c': ++ if ( x.set_security_context ) { ++ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); ++ exit( 1 ); ++ } ++ else if (selinux_enabled) { ++ x.preserve_security_context = true; ++ x.require_preserve_context = true; ++ } ++ break; + case 'd': + x.preserve_links = true; + x.dereference = DEREF_NEVER; +@@ -1052,6 +1072,27 @@ main (int argc, char **argv) + x.one_file_system = true; + break; -+#ifdef WITH_SELINUX -+#include -+ -+static int print_scontext = 0; -+ -+ -+ -+ -+ + -+#endif ++ case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !selinux_enabled ) { ++ fprintf( stderr, "Warning: ignoring --context (-Z). " ++ "It requires a SELinux enabled kernel.\n" ); ++ break; ++ } ++ if ( x.preserve_security_context ) { ++ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg); ++ exit( 1 ); ++ } ++ x.set_security_context = true; ++ /* if there's a security_context given set new path ++ components to that context, too */ ++ if ( setfscreatecon(optarg) < 0 ) { ++ (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg); ++ exit( 1 ); ++ } ++ break; + - #define obstack_chunk_alloc malloc - #define obstack_chunk_free free + case 'S': + make_backups = true; + backup_suffix_string = optarg; +diff -urp coreutils-6.10-orig/src/id.c coreutils-6.10/src/id.c +--- coreutils-6.10-orig/src/id.c 2008-01-05 23:59:11.000000000 +0100 ++++ coreutils-6.10/src/id.c 2008-01-25 17:13:53.000000000 +0100 +@@ -110,7 +110,7 @@ int + main (int argc, char **argv) + { + int optc; +- int selinux_enabled = (is_selinux_enabled () > 0); ++ bool selinux_enabled = (is_selinux_enabled () > 0); + + /* If true, output the list of all group IDs. -G */ + bool just_group_list = false; +diff -urp coreutils-6.10-orig/src/install.c coreutils-6.10/src/install.c +--- coreutils-6.10-orig/src/install.c 2008-01-05 23:59:11.000000000 +0100 ++++ coreutils-6.10/src/install.c 2008-01-25 17:32:42.000000000 +0100 + +@@ -146,11 +146,11 @@ static struct option const long_options[ + {"no-target-directory", no_argument, NULL, 'T'}, + {"owner", required_argument, NULL, 'o'}, + {"preserve-timestamps", no_argument, NULL, 'p'}, +- {"preserve-context", no_argument, NULL, PRESERVE_CONTEXT_OPTION}, ++ {"preserve-context", no_argument, NULL, 'P'}, + /* Continue silent support for --preserve_context until Jan 2008. FIXME-obs + After that, FIXME-obs: warn in, say, late 2008, and disable altogether + a year or two later. */ +- {"preserve_context", no_argument, NULL, PRESERVE_CONTEXT_OPTION}, ++ {"preserve_context", no_argument, NULL, 'P'}, + {"strip", no_argument, NULL, 's'}, + {"suffix", required_argument, NULL, 'S'}, + {"target-directory", required_argument, NULL, 't'}, +@@ -178,6 +178,7 @@ cp_option_init (struct cp_options *x) + x->preserve_timestamps = false; + x->require_preserve = false; + x->require_preserve_context = false; ++ x->set_security_context = false; + x->recursive = false; + x->sparse_mode = SPARSE_AUTO; + x->symbolic_link = false; +@@ -408,6 +409,7 @@ main (int argc, char **argv) + no_target_directory = true; + break; + ++ case 'P': + case PRESERVE_CONTEXT_OPTION: + if ( ! selinux_enabled) + { +@@ -415,6 +417,10 @@ main (int argc, char **argv) + "this kernel is not SELinux-enabled.")); + break; + } ++ if ( x.set_security_context ) { ++ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); ++ exit( 1 ); ++ } + x.preserve_security_context = true; + use_default_selinux_context = false; + break; +@@ -825,8 +831,8 @@ Mandatory arguments to long options are + -v, --verbose print the name of each directory as it is created\n\ + "), stdout); + fputs (_("\ +- --preserve-context preserve SELinux security context\n\ +- -Z, --context=CONTEXT set SELinux security context of files and directories\n\ ++ -P, --preserve-context (SELinux) preserve security context\n\ ++ -Z, --context=CONTEXT (SELinux) set security context of files and directories\n\ + "), stdout); -@@ -133,7 +145,8 @@ + fputs (HELP_OPTION_DESCRIPTION, stdout); +diff -urp coreutils-6.10-orig/src/ls.c coreutils-6.10/src/ls.c +--- coreutils-6.10-orig/src/ls.c 2008-01-11 11:34:22.000000000 +0100 ++++ coreutils-6.10/src/ls.c 2008-01-25 15:34:49.000000000 +0100 +@@ -134,7 +134,8 @@ enum filetype symbolic_link, sock, whiteout, @@ -49,96 +532,80 @@ }; /* Display letters and indicators for each filetype. -@@ -177,6 +190,10 @@ - /* For long listings, true if the file has an access control list. */ - bool have_acl; - #endif -+ -+#ifdef WITH_SELINUX -+ security_context_t scontext; -+#endif - }; - - #if USE_ACL -@@ -247,6 +264,9 @@ +@@ -241,6 +242,7 @@ static void queue_directory (char const static void sort_files (void); static void parse_ls_color (void); void usage (int status); -+#ifdef WITH_SELINUX +static void print_scontext_format (const struct fileinfo *f); -+#endif /* The name this program was run with. */ char *program_name; -@@ -360,7 +380,11 @@ +@@ -314,7 +316,7 @@ static struct pending *pending_dirs; + static time_t current_time = TYPE_MINIMUM (time_t); + static int current_time_ns = -1; + +-static bool print_scontext; ++static int print_scontext = 0; + static char UNKNOWN_SECURITY_CONTEXT[] = "?"; + + /* Whether any of the files has an ACL. This affects the width of the +@@ -354,7 +356,9 @@ enum format one_per_line, /* -1 */ many_per_line, /* -C */ horizontal, /* -x */ - with_commas /* -m */ -+ with_commas, /* -m */ -+#ifdef WITH_SELINUX -+ security_format, /* -Z */ -+#endif ++ with_commas, /* -m */ ++ security_format, /* -Z */ + invalid_format }; static enum format format; -@@ -741,6 +765,11 @@ +@@ -731,6 +735,9 @@ enum SHOW_CONTROL_CHARS_OPTION, SI_OPTION, SORT_OPTION, -+#ifdef WITH_SELINUX + CONTEXT_OPTION, + LCONTEXT_OPTION, + SCONTEXT_OPTION, -+#endif TIME_OPTION, TIME_STYLE_OPTION }; -@@ -787,6 +816,11 @@ +@@ -776,7 +783,9 @@ static struct option const long_options[ {"time-style", required_argument, NULL, TIME_STYLE_OPTION}, {"color", optional_argument, NULL, COLOR_OPTION}, {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION}, -+#ifdef WITH_SELINUX +- {"context", no_argument, 0, 'Z'}, + {"context", no_argument, 0, CONTEXT_OPTION}, + {"lcontext", no_argument, 0, LCONTEXT_OPTION}, + {"scontext", no_argument, 0, SCONTEXT_OPTION}, -+#endif {"author", no_argument, NULL, AUTHOR_OPTION}, {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, -@@ -796,12 +830,19 @@ +@@ -786,12 +795,12 @@ static struct option const long_options[ static char const *const format_args[] = { "verbose", "long", "commas", "horizontal", "across", - "vertical", "single-column", NULL -+ "vertical", "single-column", -+#ifdef WITH_SELINUX -+ "context", -+#endif -+ NULL ++ "vertical", "single-column", "context", NULL }; static enum format const format_types[] = { long_format, long_format, with_commas, horizontal, horizontal, - many_per_line, one_per_line -+#ifdef WITH_SELINUX -+ , security_format -+#endif +- many_per_line, one_per_line ++ many_per_line, one_per_line, security_format }; ARGMATCH_VERIFY (format_args, format_types); -@@ -1246,6 +1287,9 @@ +@@ -1236,7 +1245,7 @@ main (int argc, char **argv) format_needs_stat = sort_type == sort_time || sort_type == sort_size || format == long_format -+#ifdef WITH_SELINUX +- || print_scontext + || format == security_format || print_scontext -+#endif || print_block_size; format_needs_type = (! format_needs_stat && (recursive -@@ -1276,7 +1320,7 @@ +@@ -1267,7 +1276,7 @@ main (int argc, char **argv) } else do @@ -147,195 +614,194 @@ while (i < argc); if (cwd_n_used) -@@ -1439,6 +1483,9 @@ +@@ -1429,7 +1438,7 @@ decode_switches (int argc, char **argv) ignore_mode = IGNORE_DEFAULT; ignore_patterns = NULL; hide_patterns = NULL; -+#ifdef WITH_SELINUX -+ print_scontext = 0; -+#endif +- print_scontext = false; ++ print_scontext = 0; /* FIXME: put this in a function. */ { -@@ -1514,7 +1561,7 @@ - } - - while ((c = getopt_long (argc, argv, -- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1", -+ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z", - long_options, NULL)) != -1) - { - switch (c) -@@ -1637,6 +1684,13 @@ - format = horizontal; +@@ -1811,13 +1820,27 @@ decode_switches (int argc, char **argv) break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ + case 'Z': +- print_scontext = true; + print_scontext = 1; -+ format = security_format; -+ break; -+#endif - case 'A': - if (ignore_mode == IGNORE_DEFAULT) - ignore_mode = IGNORE_DOT_AND_DOTDOT; -@@ -1817,6 +1871,25 @@ ++ format = security_format; + break; + + case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); -+#ifdef WITH_SELINUX -+ -+ case CONTEXT_OPTION: /* new security format */ -+ ++ case CONTEXT_OPTION: /* default security context format */ + print_scontext = 1; + format = security_format; + break; + case LCONTEXT_OPTION: /* long format plus security context */ -+ + print_scontext = 1; + format = long_format; + break; + case SCONTEXT_OPTION: /* short form of new security format */ -+ + print_scontext = 0; + format = security_format; + break; -+#endif + default: usage (LS_FAILURE); } -@@ -2514,6 +2587,13 @@ - for (i = 0; i < cwd_n_used; i++) - { +@@ -2517,8 +2540,10 @@ clear_files (void) struct fileinfo *f = sorted_file[i]; -+#ifdef WITH_SELINUX -+ if (f->scontext) -+ { -+ freecon (f->scontext); -+ f->scontext = NULL; -+ } -+#endif /* SELINUX */ free (f->name); free (f->linkname); +- if (f->scontext != UNKNOWN_SECURITY_CONTEXT) +- freecon (f->scontext); ++ if (f->scontext != UNKNOWN_SECURITY_CONTEXT) { ++ freecon (f->scontext); ++ f->scontext = NULL; ++ } } -@@ -2558,6 +2638,9 @@ + + cwd_n_used = 0; +@@ -2560,6 +2585,7 @@ gobble_file (char const *name, enum file memset (f, '\0', sizeof *f); f->stat.st_ino = inode; f->filetype = type; -+#ifdef WITH_SELINUX + f->scontext = NULL; -+#endif if (command_line_arg || format_needs_stat -@@ -2606,6 +2689,11 @@ +@@ -2609,7 +2635,7 @@ gobble_file (char const *name, enum file { case DEREF_ALWAYS: err = stat (absolute_name, &f->stat); -+#ifdef WITH_SELINUX -+ if (err>=0) -+ if (format == security_format || print_scontext) -+ getfilecon(absolute_name, &f->scontext); -+#endif +- do_deref = true; ++ do_deref = true; break; case DEREF_COMMAND_LINE_ARGUMENTS: -@@ -2614,6 +2702,11 @@ +@@ -2618,7 +2644,7 @@ gobble_file (char const *name, enum file { bool need_lstat; err = stat (absolute_name, &f->stat); -+#ifdef WITH_SELINUX -+ if (err>=0) -+ if (format == security_format || print_scontext) -+ getfilecon(absolute_name, &f->scontext); -+#endif +- do_deref = true; ++ do_deref = true; if (dereference == DEREF_COMMAND_LINE_ARGUMENTS) break; -@@ -2632,6 +2725,11 @@ +@@ -2637,7 +2663,7 @@ gobble_file (char const *name, enum file default: /* DEREF_NEVER */ err = lstat (absolute_name, &f->stat); -+#ifdef WITH_SELINUX -+ if (err == 0) -+ if (format == security_format || print_scontext) -+ lgetfilecon(absolute_name, &f->scontext); -+#endif +- do_deref = false; ++ do_deref = false; break; } -@@ -2654,7 +2752,11 @@ +@@ -2659,7 +2685,7 @@ gobble_file (char const *name, enum file + f->stat_ok = true; - #if USE_ACL -- if (format == long_format) -+ if (format == long_format -+#ifdef WITH_SELINUX -+ || format == security_format -+#endif -+ ) +- if (format == long_format || print_scontext) ++ if (format == long_format || format == security_format) { - int n = file_has_acl (absolute_name, &f->stat); - f->have_acl = (0 < n); -@@ -3207,6 +3309,16 @@ + bool have_acl = false; + int attr_len = (do_deref +@@ -3255,6 +3281,13 @@ print_current_files (void) + print_long_format (sorted_file[i]); DIRED_PUTCHAR ('\n'); } - break; -+ -+#ifdef WITH_SELINUX ++ break; + case security_format: + for (i = 0; i < cwd_n_used; i++) + { + print_scontext_format (sorted_file[i]); + DIRED_PUTCHAR ('\n'); + } -+ break; -+#endif + break; } } - -@@ -3461,6 +3573,15 @@ +@@ -3481,7 +3514,7 @@ print_long_format (const struct fileinfo + The latter is wrong when inode_number_width is zero. */ + p += strlen (p); + } +- ++ + if (print_block_size) + { + char hbuf[LONGEST_HUMAN_READABLE + 1]; +@@ -3510,9 +3543,15 @@ print_long_format (const struct fileinfo The latter is wrong when nlink_width is zero. */ p += strlen (p); -+#ifdef WITH_SELINUX -+ + if (print_scontext) + { + sprintf (p, "%-32s ", f->scontext ? f->scontext : ""); + p += strlen (p); + } -+#endif + DIRED_INDENT (); - if (print_owner | print_group | print_author) -@@ -4405,6 +4526,16 @@ +- if (print_owner | print_group | print_author | print_scontext) ++ if (print_owner | print_group | print_author) + { + DIRED_FPUTS (buf, stdout, p - buf); + +@@ -3525,9 +3564,6 @@ print_long_format (const struct fileinfo + if (print_author) + format_user (f->stat.st_author, author_width, f->stat_ok); + +- if (print_scontext) +- format_user_or_group (f->scontext, 0, scontext_width); +- + p = buf; + } + +@@ -3864,9 +3900,6 @@ print_file_name_and_frills (const struct + human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts, + ST_NBLOCKSIZE, output_block_size)); + +- if (print_scontext) +- printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext); +- + print_name_with_quoting (f->name, FILE_OR_LINK_MODE (f), f->linkok, + f->stat_ok, f->filetype, NULL); + +@@ -4030,9 +4063,6 @@ length_of_file_name_and_frills (const st + output_block_size)) + : block_size_width); + +- if (print_scontext) +- len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width); +- + quote_name (NULL, f->name, filename_quoting_options, &name_width); + len += name_width; + +@@ -4461,9 +4491,16 @@ Mandatory arguments to long options are + -w, --width=COLS assume screen width instead of current value\n\ + -x list entries by lines instead of by columns\n\ -X sort alphabetically by entry extension\n\ +- -Z, --context print any SELinux security context of each file\n\ -1 list one file per line\n\ "), stdout); -+#ifdef WITH_SELINUX -+printf(_("\nSELINUX options:\n\n\ -+ --lcontext Display security context. Enable -l. Lines\n\ -+ will probably be too wide for most displays.\n\ -+ -Z, --context Display security context so it fits on most\n\ -+ displays. Displays only mode, user, group,\n\ -+ security context and file name.\n\ -+ --scontext Display only security context and file name.\n\ -+\n\n")); -+#endif ++ fputs(_("\nSELINUX options:\n\n\ ++ --lcontext Display security context. Enable -l. Lines\n\ ++ will probably be too wide for most displays.\n\ ++ -Z, --context Display security context so it fits on most\n\ ++ displays. Displays only mode, user, group,\n\ ++ security context and file name.\n\ ++ --scontext Display only security context and file name.\n\ ++"), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); fputs (_("\n\ -@@ -4428,3 +4559,70 @@ +@@ -4487,3 +4524,67 @@ Exit status is 0 if OK, 1 if minor probl } exit (status); } + -+#ifdef WITH_SELINUX -+ +static void +print_scontext_format (const struct fileinfo *f) +{ @@ -361,7 +827,7 @@ + + if ( print_scontext ) { /* zero means terse listing */ + filemodestring (&f->stat, modebuf); -+ modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' '); ++ modebuf[10] = (f->have_acl ? '+' : ' '); + modebuf[11] = '\0'; + + /* print mode */ @@ -399,2229 +865,271 @@ + print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype); + } +} -+#endif ---- coreutils-6.9/src/cp.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/cp.c 2007-03-23 11:59:21.000000000 +0000 -@@ -51,6 +51,11 @@ - - #define AUTHORS "Torbjorn Granlund", "David MacKenzie", "Jim Meyering" - -+#ifdef WITH_SELINUX -+#include /* for is_selinux_enabled() */ -+int selinux_enabled=0; -+#endif -+ - /* Used by do_copy, make_dir_parents_private, and re_protect - to keep a list of leading directories whose protections - need to be fixed after copying. */ -@@ -141,6 +146,9 @@ - {"target-directory", required_argument, NULL, 't'}, - {"update", no_argument, NULL, 'u'}, - {"verbose", no_argument, NULL, 'v'}, -+#ifdef WITH_SELINUX +diff -urp coreutils-6.10-orig/src/mkdir.c coreutils-6.10/src/mkdir.c +--- coreutils-6.10-orig/src/mkdir.c 2008-01-05 23:58:25.000000000 +0100 ++++ coreutils-6.10/src/mkdir.c 2008-01-25 16:35:14.000000000 +0100 +@@ -41,6 +41,7 @@ char *program_name; + static struct option const longopts[] = + { + {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, + {"context", required_argument, NULL, 'Z'}, -+#endif - {GETOPT_HELP_OPTION_DECL}, - {GETOPT_VERSION_OPTION_DECL}, - {NULL, 0, NULL, 0} -@@ -194,6 +202,9 @@ - additional attributes: links, all\n\ - "), stdout); - fputs (_("\ -+ -c same as --preserve=context\n\ -+"), stdout); -+ fputs (_("\ - --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ - --parents use full source file name under DIRECTORY\n\ - "), stdout); -@@ -219,6 +230,7 @@ - destination file is missing\n\ - -v, --verbose explain what is being done\n\ - -x, --one-file-system stay on this file system\n\ -+ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\ + {"mode", required_argument, NULL, 'm'}, + {"parents", no_argument, NULL, 'p'}, + {"verbose", no_argument, NULL, 'v'}, +@@ -69,8 +70,8 @@ Mandatory arguments to long options are + -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask\n\ + -p, --parents no error if existing, make parent directories as needed\n\ + -v, --verbose print a message for each created directory\n\ +- -Z, --context=CTX set the SELinux security context of each created\n\ +- directory to CTX\n\ ++ -Z, --context=CONTEXT set the SELinux security context of each created\n\ ++ createddirectory to CONTEXT\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); -@@ -750,6 +762,11 @@ - x->preserve_mode = false; - x->preserve_timestamps = false; - -+#ifdef WITH_SELINUX -+ x->preserve_security_context = false; -+ x->set_security_context = false; -+#endif -+ - x->require_preserve = false; - x->recursive = false; - x->sparse_mode = SPARSE_AUTO; -@@ -777,18 +794,19 @@ - PRESERVE_TIMESTAMPS, - PRESERVE_OWNERSHIP, - PRESERVE_LINK, -+ PRESERVE_CONTEXT, - PRESERVE_ALL - }; - static enum File_attribute const preserve_vals[] = - { - PRESERVE_MODE, PRESERVE_TIMESTAMPS, -- PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL -+ PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL - }; - /* Valid arguments to the `--preserve' option. */ - static char const* const preserve_args[] = - { - "mode", "timestamps", -- "ownership", "links", "all", NULL -+ "ownership", "links", "context", "all", NULL - }; - ARGMATCH_VERIFY (preserve_args, preserve_vals); - -@@ -824,11 +842,16 @@ - x->preserve_links = on_off; +@@ -173,6 +174,12 @@ main (int argc, char **argv) + options.created_directory_format = _("created directory %s"); + break; + case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !(is_selinux_enabled()>0)) { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " ++ "a selinux-enabled kernel.\n" ); ++ exit( 1 ); ++ } + scontext = optarg; + break; + case_GETOPT_HELP_CHAR; +diff -urp coreutils-6.10-orig/src/mkfifo.c coreutils-6.10/src/mkfifo.c +--- coreutils-6.10-orig/src/mkfifo.c 2008-01-05 23:58:25.000000000 +0100 ++++ coreutils-6.10/src/mkfifo.c 2008-01-25 16:58:15.000000000 +0100 +@@ -58,7 +58,8 @@ Create named pipes (FIFOs) with the give + \n\ + "), stdout); + fputs (_("\ +- -Z, --context=CTX set the SELinux security context of each NAME to CTX\n\ ++ -Z, --context=CONTEXT set the SELinux security context \n\ ++ of each NAME to CONTEXT(quoted string)\n\ + "), stdout); + fputs (_("\ + Mandatory arguments to long options are mandatory for short options too.\n\ +@@ -98,6 +99,12 @@ main (int argc, char **argv) + specified_mode = optarg; break; + case 'Z': ++ if (!(0 < is_selinux_enabled())) ++ { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " ++ "a selinux-enabled kernel.\n" ); ++ exit (1); ++ } + scontext = optarg; + break; + case_GETOPT_HELP_CHAR; +diff -urp coreutils-6.10-orig/src/mknod.c coreutils-6.10/src/mknod.c +--- coreutils-6.10-orig/src/mknod.c 2008-01-05 23:58:25.000000000 +0100 ++++ coreutils-6.10/src/mknod.c 2008-01-25 17:01:11.000000000 +0100 +@@ -38,7 +38,7 @@ char *program_name; -+ case PRESERVE_CONTEXT: -+ x->preserve_security_context = on_off; -+ break; -+ - case PRESERVE_ALL: - x->preserve_mode = on_off; - x->preserve_timestamps = on_off; - x->preserve_ownership = on_off; - x->preserve_links = on_off; -+ x->preserve_security_context = on_off; + static struct option const longopts[] = + { +- {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, ++ {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, + {"mode", required_argument, NULL, 'm'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +@@ -60,7 +60,8 @@ Create the special file NAME of the give + \n\ + "), stdout); + fputs(_("\ +- -Z, --context=CTX set the SELinux security context of NAME to CTX\n\ ++ -Z, --context=CONTEXT set the SELinux security context \n\ ++ of NAME to CONTEXT(quoted string)\n\ + "), stdout); + fputs (_("\ + Mandatory arguments to long options are mandatory for short options too.\n\ +@@ -114,6 +115,12 @@ main (int argc, char **argv) + specified_mode = optarg; break; + case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !(is_selinux_enabled()>0)) { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " ++ "a selinux-enabled kernel.\n" ); ++ exit( 1 ); ++ } + scontext = optarg; + break; + case_GETOPT_HELP_CHAR; +diff -urp coreutils-6.10-orig/src/mv.c coreutils-6.10/src/mv.c +--- coreutils-6.10-orig/src/mv.c 2008-01-05 23:59:11.000000000 +0100 ++++ coreutils-6.10/src/mv.c 2008-01-25 17:11:50.000000000 +0100 +@@ -137,6 +137,7 @@ cp_option_init (struct cp_options *x) + x->preserve_mode = true; + x->preserve_timestamps = true; + x->preserve_security_context = selinux_enabled; ++ x->set_security_context = false; + x->require_preserve = false; /* FIXME: maybe make this an option */ + x->require_preserve_context = false; + x->recursive = true; +diff -urp coreutils-6.10-orig/src/stat.c coreutils-6.10/src/stat.c +--- coreutils-6.10-orig/src/stat.c 2008-01-05 23:59:11.000000000 +0100 ++++ coreutils-6.10/src/stat.c 2008-01-25 16:50:24.000000000 +0100 +@@ -831,7 +831,7 @@ print_it (char const *format, char const - default: -@@ -853,6 +876,9 @@ - bool copy_contents = false; - char *target_directory = NULL; - bool no_target_directory = false; -+#ifdef WITH_SELINUX -+ selinux_enabled= (is_selinux_enabled()>0); -+#endif + /* Stat the file system and print what we find. */ + static bool +-do_statfs (char const *filename, bool terse, char const *format) ++do_statfs (char const *filename, bool terse, bool secure, char const *format) + { + STRUCT_STATVFS statfsbuf; - initialize_main (&argc, &argv); - program_name = argv[0]; -@@ -868,7 +894,11 @@ - we'll actually use backup_suffix_string. */ - backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); +@@ -843,15 +843,31 @@ do_statfs (char const *filename, bool te + } -+#ifdef WITH_SELINUX -+ while ((c = getopt_long (argc, argv, "abcdfHilLprst:uvxPRS:TZ:", -+#else - while ((c = getopt_long (argc, argv, "abdfHilLprst:uvxPRS:T", -+#endif - long_opts, NULL)) - != -1) + if (format == NULL) ++ { ++ if (terse) { -@@ -879,12 +909,13 @@ - sparse_type_string, sparse_type); - break; +- format = (terse +- ? "%n %i %l %t %s %S %b %f %a %c %d\n" +- : " File: \"%n\"\n" +- " ID: %-8i Namelen: %-7l Type: %T\n" +- "Block size: %-10s Fundamental block size: %S\n" +- "Blocks: Total: %-10b Free: %-10f Available: %a\n" +- "Inodes: Total: %-10c Free: %d\n"); ++ if (secure) ++ format = "%n %i %l %t %s %S %b %f %a %c %d %C\n"; ++ else ++ format = "%n %i %l %t %s %S %b %f %a %c %d\n"; + } ++ else ++ { ++ if (secure) ++ format = " File: \"%n\"\n" ++ " ID: %-8i Namelen: %-7l Type: %T\n" ++ "Block size: %-10s Fundamental block size: %S\n" ++ "Blocks: Total: %-10b Free: %-10f Available: %a\n" ++ "Inodes: Total: %-10c Free: %d\n" ++ " S_Context: %C\n"; ++ else ++ format = " File: \"%n\"\n" ++ " ID: %-8i Namelen: %-7l Type: %T\n" ++ "Block size: %-10s Fundamental block size: %S\n" ++ "Blocks: Total: %-10b Free: %-10f Available: %a\n" ++ "Inodes: Total: %-10c Free: %d\n"; ++ } ++ } -- case 'a': /* Like -dpPR. */ -+ case 'a': /* Like -dpPRc. */ - x.dereference = DEREF_NEVER; - x.preserve_links = true; - x.preserve_ownership = true; - x.preserve_mode = true; - x.preserve_timestamps = true; -+ x.preserve_security_context = true; - x.require_preserve = true; - x.recursive = true; - break; -@@ -959,6 +990,36 @@ - case 'R': - x.recursive = true; - break; -+#ifdef WITH_SELINUX -+ case 'c': -+ if ( x.set_security_context ) { -+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); -+ exit( 1 ); -+ } -+ else if (selinux_enabled) -+ x.preserve_security_context = true; -+ break; -+ -+ case 'Z': -+ /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !selinux_enabled ) { -+ fprintf( stderr, "Warning: ignoring --context (-Z). " -+ "It requires a SELinux enabled kernel.\n" ); -+ break; -+ } -+ if ( x.preserve_security_context ) { -+ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg); -+ exit( 1 ); -+ } -+ x.set_security_context = true; -+ /* if there's a security_context given set new path -+ components to that context, too */ -+ if ( setfscreatecon(optarg) < 0 ) { -+ (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg); -+ exit( 1 ); -+ } -+ break; -+#endif + print_it (format, filename, print_statfs, &statfsbuf); + return true; +@@ -859,7 +875,7 @@ do_statfs (char const *filename, bool te - case REPLY_OPTION: /* Deprecated */ - x.interactive = XARGMATCH ("--reply", optarg, ---- coreutils-6.9/src/Makefile.am.selinux 2007-03-23 11:59:21.000000000 +0000 -+++ coreutils-6.9/src/Makefile.am 2007-03-23 11:59:21.000000000 +0000 -@@ -19,14 +19,14 @@ - EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who + /* stat the file and print what we find */ + static bool +-do_stat (char const *filename, bool terse, char const *format) ++do_stat (char const *filename, bool secure , bool terse, char const *format) + { + struct stat statbuf; - bin_SCRIPTS = groups --bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \ -+bin_PROGRAMS = [ chcon chgrp chown chmod cp dd dircolors du \ - ginstall link ln dir vdir ls mkdir \ - mkfifo mknod mv nohup readlink rm rmdir shred stat sync touch unlink \ - cat cksum comm csplit cut expand fmt fold head join md5sum \ - nl od paste pr ptx sha1sum sha224sum sha256sum sha384sum sha512sum \ - shuf sort split sum tac tail tr tsort unexpand uniq wc \ - basename date dirname echo env expr factor false \ -- hostname id kill logname pathchk printenv printf pwd seq sleep tee \ -+ hostname id kill logname pathchk printenv printf pwd runcon seq sleep tee \ - test true tty whoami yes \ - base64 \ - $(OPTIONAL_BIN_PROGS) $(DF_PROG) -@@ -60,9 +60,9 @@ - LDADD = ../lib/libcoreutils.a $(LIBINTL) ../lib/libcoreutils.a +@@ -872,9 +888,12 @@ do_stat (char const *filename, bool ters + if (format == NULL) + { + if (terse) +- { +- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n"; +- } ++ { ++ if (secure) ++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n"; ++ else ++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n"; ++ } + else + { + /* Temporary hack to match original output until conditional +@@ -891,12 +910,22 @@ do_stat (char const *filename, bool ters + } + else + { +- format = +- " File: %N\n" +- " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" +- "Device: %Dh/%dd\tInode: %-10i Links: %h\n" +- "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" +- "Access: %x\n" "Modify: %y\n" "Change: %z\n"; ++ if (secure) ++ format = ++ " File: %N\n" ++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" ++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h" ++ " Device type: %t,%T\n" ++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" ++ " S_Context: %C\n" ++ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; ++ else ++ format = ++ " File: %N\n" ++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" ++ "Device: %Dh/%dd\tInode: %-10i Links: %h\n" ++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" ++ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; + } + } + } +@@ -917,6 +946,7 @@ usage (int status) + Display file or file system status.\n\ + \n\ + -L, --dereference follow links\n\ ++ -Z, --context print the SELinux security context \n\ + -f, --file-system display file system status instead of file status\n\ + "), stdout); + fputs (_("\ +@@ -1001,6 +1031,7 @@ main (int argc, char *argv[]) + int i; + bool fs = false; + bool terse = false; ++ bool secure = false; + char *format = NULL; + bool ok = true; - # for eaccess in lib/euidaccess.c. --cp_LDADD = $(LDADD) $(LIB_EACCESS) --ginstall_LDADD = $(LDADD) $(LIB_EACCESS) --mv_LDADD = $(LDADD) $(LIB_EACCESS) -+cp_LDADD = $(LDADD) $(LIB_EACCESS) @LIB_SELINUX@ -+ginstall_LDADD = $(LDADD) $(LIB_EACCESS) @LIB_SELINUX@ -+mv_LDADD = $(LDADD) $(LIB_EACCESS) @LIB_SELINUX@ - pathchk_LDADD = $(LDADD) $(LIB_EACCESS) - rm_LDADD = $(LDADD) $(LIB_EACCESS) - test_LDADD = $(LDADD) $(LIB_EACCESS) -@@ -71,12 +71,19 @@ +@@ -1040,9 +1071,13 @@ main (int argc, char *argv[]) + terse = true; + break; - # for clock_gettime and fdatasync - dd_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC) --dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) --ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) -+dir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIB_SELINUX@ -+ls_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIB_SELINUX@ - pr_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) - shred_LDADD = $(LDADD) $(LIB_GETHRXTIME) $(LIB_FDATASYNC) - shuf_LDADD = $(LDADD) $(LIB_GETHRXTIME) --vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) -+vdir_LDADD = $(LDADD) $(LIB_CLOCK_GETTIME) @LIB_SELINUX@ -+chcon_LDADD = $(LDADD) @LIB_SELINUX@ -+id_LDADD = $(LDADD) @LIB_SELINUX@ -+mkdir_LDADD = $(LDADD) @LIB_SELINUX@ -+mkfifo_LDADD = $(LDADD) @LIB_SELINUX@ -+mknod_LDADD = $(LDADD) @LIB_SELINUX@ -+stat_LDADD = $(LDADD) @LIB_SELINUX@ -+runcon_LDADD = $(LDADD) @LIB_SELINUX@ +- case 'Z': /* FIXME: remove in 2010, warn in mid 2008 */ +- /* Ignored, for compatibility with distributions +- that implemented this before upstream. */ ++ case 'Z': ++ if((is_selinux_enabled()>0)) ++ secure = 1; ++ else { ++ error (0, 0, _("Kernel is not SELinux enabled")); ++ usage (EXIT_FAILURE); ++ } + break; - ## If necessary, add -lm to resolve use of pow in lib/strtod.c. - sort_LDADD = $(LDADD) $(POW_LIB) $(LIB_GETHRXTIME) ---- coreutils-6.9/src/copy.h.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/copy.h 2007-03-23 11:59:21.000000000 +0000 -@@ -127,6 +127,10 @@ - bool preserve_ownership; - bool preserve_mode; - bool preserve_timestamps; -+#ifdef WITH_SELINUX -+ bool preserve_security_context; -+ bool set_security_context; -+#endif - - /* Enabled for mv, and for cp by the --preserve=links option. - If true, attempt to preserve in the destination files any ---- /dev/null 2007-03-23 08:54:03.819414923 +0000 -+++ coreutils-6.9/src/chcon.c 2007-03-23 11:59:21.000000000 +0000 -@@ -0,0 +1,421 @@ -+/* chcontext -- change security context of a pathname */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "system.h" -+#include "error.h" -+#include "savedir.h" -+#include "group-member.h" -+ -+enum Change_status -+{ -+ CH_SUCCEEDED, -+ CH_FAILED, -+ CH_NO_CHANGE_REQUESTED -+}; -+ -+enum Verbosity -+{ -+ /* Print a message for each file that is processed. */ -+ V_high, -+ -+ /* Print a message for each file whose attributes we change. */ -+ V_changes_only, -+ -+ /* Do not be verbose. This is the default. */ -+ V_off -+}; -+ -+static int change_dir_context (const char *dir, const struct stat *statp); -+ -+/* The name the program was run with. */ -+char *program_name; -+ -+/* If nonzero, and the systems has support for it, change the context -+ of symbolic links rather than any files they point to. */ -+static int change_symlinks; -+ -+/* If nonzero, change the context of directories recursively. */ -+static int recurse; -+ -+/* If nonzero, force silence (no error messages). */ -+static int force_silent; -+ -+/* Level of verbosity. */ -+static enum Verbosity verbosity = V_off; -+ -+/* The name of the context file is being given. */ -+static const char *specified_context; -+ -+/* Specific components of the context */ -+static const char *specified_user; -+static const char *specified_role; -+static const char *specified_range; -+static const char *specified_type; -+ -+/* The argument to the --reference option. Use the context of this file. -+ This file must exist. */ -+static char *reference_file; -+ -+/* If nonzero, display usage information and exit. */ -+static int show_help; -+ -+/* If nonzero, print the version on standard output and exit. */ -+static int show_version; -+ -+static struct option const long_options[] = -+{ -+ {"recursive", no_argument, 0, 'R'}, -+ {"changes", no_argument, 0, 'c'}, -+ {"no-dereference", no_argument, 0, 'h'}, -+ {"silent", no_argument, 0, 'f'}, -+ {"quiet", no_argument, 0, 'f'}, -+ {"reference", required_argument, 0, CHAR_MAX + 1}, -+ {"context", required_argument, 0, CHAR_MAX + 2}, -+ {"user", required_argument, 0, 'u'}, -+ {"role", required_argument, 0, 'r'}, -+ {"type", required_argument, 0, 't'}, -+ {"range", required_argument, 0, 'l'}, -+ {"verbose", no_argument, 0, 'v'}, -+ {"help", no_argument, &show_help, 1}, -+ {"version", no_argument, &show_version, 1}, -+ {0, 0, 0, 0} -+}; -+ -+/* Tell the user how/if the context of FILE has been changed. -+ CHANGED describes what (if anything) has happened. */ -+ -+static void -+describe_change (const char *file, security_context_t newcontext, enum Change_status changed) -+{ -+ const char *fmt; -+ switch (changed) -+ { -+ case CH_SUCCEEDED: -+ fmt = _("context of %s changed to %s\n"); -+ break; -+ case CH_FAILED: -+ fmt = _("failed to change context of %s to %s\n"); -+ break; -+ case CH_NO_CHANGE_REQUESTED: -+ fmt = _("context of %s retained as %s\n"); -+ break; -+ default: -+ abort (); -+ } -+ printf (fmt, file, newcontext); -+} -+ -+static int -+compute_context_from_mask (security_context_t context, context_t *ret) -+{ -+ context_t newcontext = context_new (context); -+ if (!newcontext) -+ return 1; -+#define SETCOMPONENT(comp) \ -+ do { \ -+ if (specified_ ## comp) \ -+ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \ -+ goto lose; \ -+ } while (0) -+ -+ SETCOMPONENT(user); -+ SETCOMPONENT(range); -+ SETCOMPONENT(role); -+ SETCOMPONENT(type); -+#undef SETCOMPONENT -+ -+ *ret = newcontext; -+ return 0; -+ lose: -+ context_free (newcontext); -+ return 1; -+} -+ -+/* Change the context of FILE, using specified components. -+ If it is a directory and -R is given, recurse. -+ Return 0 if successful, 1 if errors occurred. */ -+ -+static int -+change_file_context (const char *file) -+{ -+ struct stat file_stats; -+ security_context_t file_context=NULL; -+ context_t context; -+ security_context_t context_string; -+ int errors = 0; -+ int status = 0; -+ -+ if (change_symlinks) -+ status = lgetfilecon(file, &file_context); -+ else -+ status = getfilecon(file, &file_context); -+ -+ if ((status < 0) && (errno != ENODATA)) -+ { -+ if (force_silent == 0) -+ error (0, errno, "%s", file); -+ return 1; -+ } -+ -+ /* If the file doesn't have a context, and we're not setting all of -+ the context components, there isn't really an obvious default. -+ Thus, we just give up. */ -+ if (file_context == NULL && specified_context == NULL) -+ { -+ error (0, 0, _("can't apply partial context to unlabeled file %s"), file); -+ return 1; -+ } -+ -+ if (specified_context == NULL) -+ { -+ if (compute_context_from_mask (file_context, &context)) -+ { -+ error (0, 0, _("couldn't compute security context from %s"), file_context); -+ return 1; -+ } -+ } -+ else -+ { -+ context = context_new (specified_context); -+ if (!context) -+ error (1, 0,_("invalid context: %s"),specified_context); -+ } -+ -+ context_string = context_str (context); -+ -+ if (file_context == NULL || strcmp(context_string,file_context)!=0) -+ { -+ int fail; -+ -+ if (change_symlinks) -+ fail = lsetfilecon (file, context_string); -+ else -+ fail = setfilecon (file, context_string); -+ -+ if (verbosity == V_high || (verbosity == V_changes_only && !fail)) -+ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED)); -+ -+ if (fail) -+ { -+ errors = 1; -+ if (force_silent == 0) -+ { -+ error (0, errno, _("failed to change context of %s to %s"), file, context_string); -+ } -+ } -+ } -+ else if (verbosity == V_high) -+ { -+ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED); -+ } -+ -+ context_free(context); -+ freecon(file_context); -+ -+ if (recurse) { -+ if (lstat(file, &file_stats)==0) -+ if (S_ISDIR (file_stats.st_mode)) -+ errors |= change_dir_context (file, &file_stats); -+ } -+ return errors; -+} -+ -+/* Recursively change context of the files in directory DIR -+ using specified context components. -+ STATP points to the results of lstat on DIR. -+ Return 0 if successful, 1 if errors occurred. */ -+ -+static int -+change_dir_context (const char *dir, const struct stat *statp) -+{ -+ char *name_space, *namep; -+ char *path; /* Full path of each entry to process. */ -+ unsigned dirlength; /* Length of `dir' and '\0'. */ -+ unsigned filelength; /* Length of each pathname to process. */ -+ unsigned pathlength; /* Bytes allocated for `path'. */ -+ int errors = 0; -+ -+ errno = 0; -+ name_space = savedir (dir); -+ if (name_space == NULL) -+ { -+ if (errno) -+ { -+ if (force_silent == 0) -+ error (0, errno, "%s", dir); -+ return 1; -+ } -+ else -+ error (1, 0, _("virtual memory exhausted")); -+ } -+ -+ dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */ -+ pathlength = dirlength + 1; -+ /* Give `path' a dummy value; it will be reallocated before first use. */ -+ path = xmalloc (pathlength); -+ strcpy (path, dir); -+ path[dirlength - 1] = '/'; -+ -+ for (namep = name_space; *namep; namep += filelength - dirlength) -+ { -+ filelength = dirlength + strlen (namep) + 1; -+ if (filelength > pathlength) -+ { -+ pathlength = filelength * 2; -+ path = xrealloc (path, pathlength); -+ } -+ strcpy (path + dirlength, namep); -+ errors |= change_file_context (path); -+ } -+ free (path); -+ free (name_space); -+ return errors; -+} -+ -+static void -+usage (int status) -+{ -+ if (status != 0) -+ fprintf (stderr, _("Try `%s --help' for more information.\n"), -+ program_name); -+ else -+ { -+ printf (_("\ -+Usage: %s [OPTION]... CONTEXT FILE...\n\ -+ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\ -+ or: %s [OPTION]... --reference=RFILE FILE...\n\ -+"), -+ program_name, program_name, program_name); -+ printf (_("\ -+Change the security context of each FILE to CONTEXT.\n\ -+\n\ -+ -c, --changes like verbose but report only when a change is made\n\ -+ -h, --no-dereference affect symbolic links instead of any referenced file\n\ -+ (available only on systems with lchown system call)\n\ -+ -f, --silent, --quiet suppress most error messages\n\ -+ --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\ -+ -u, --user=USER set user USER in the target security context\n\ -+ -r, --role=ROLE set role ROLE in the target security context\n\ -+ -t, --type=TYPE set type TYPE in the target security context\n\ -+ -l, --range=RANGE set range RANGE in the target security context\n\ -+ -R, --recursive change files and directories recursively\n\ -+ -v, --verbose output a diagnostic for every file processed\n\ -+ --help display this help and exit\n\ -+ --version output version information and exit\n\ -+")); -+ close_stdout (); -+ } -+ exit (status); -+} -+ -+int -+main (int argc, char **argv) -+{ -+ security_context_t ref_context = NULL; -+ int errors = 0; -+ int optc; -+ int component_specified = 0; -+ -+ program_name = argv[0]; -+ setlocale (LC_ALL, ""); -+ bindtextdomain (PACKAGE, LOCALEDIR); -+ textdomain (PACKAGE); -+ -+ recurse = force_silent = 0; -+ -+ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1) -+ { -+ switch (optc) -+ { -+ case 0: -+ break; -+ case 'u': -+ specified_user = optarg; -+ component_specified = 1; -+ break; -+ case 'r': -+ specified_role = optarg; -+ component_specified = 1; -+ break; -+ case 't': -+ specified_type = optarg; -+ component_specified = 1; -+ break; -+ case 'l': -+ specified_range = optarg; -+ component_specified = 1; -+ break; -+ case CHAR_MAX + 1: -+ reference_file = optarg; -+ break; -+ case 'R': -+ recurse = 1; -+ break; -+ case 'c': -+ verbosity = V_changes_only; -+ break; -+ case 'f': -+ force_silent = 1; -+ break; -+ case 'h': -+ change_symlinks = 1; -+ break; -+ case 'v': -+ verbosity = V_high; -+ break; -+ default: -+ usage (1); -+ } -+ } -+ -+ if (show_version) -+ { -+ printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION); -+ close_stdout (); -+ exit (0); -+ } -+ -+ if (show_help) -+ usage (0); -+ -+ -+ if (reference_file && component_specified) -+ { -+ error (0, 0, _("conflicting security context specifiers given")); -+ usage (1); -+ } -+ -+ if (!(((reference_file || component_specified) -+ && (argc - optind > 0)) -+ || (argc - optind > 1))) -+ { -+ error (0, 0, _("too few arguments")); -+ usage (1); -+ } -+ -+ if (reference_file) -+ { -+ if (getfilecon (reference_file, &ref_context)<0) -+ error (1, errno, "%s", reference_file); -+ -+ specified_context = ref_context; -+ } -+ else if (!component_specified) { -+ specified_context = argv[optind++]; -+ } -+ for (; optind < argc; ++optind) -+ errors |= change_file_context (argv[optind]); -+ -+ if (verbosity != V_off) -+ close_stdout (); -+ if (ref_context != NULL) -+ freecon(ref_context); -+ exit (errors); -+} ---- coreutils-6.9/src/mkdir.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/mkdir.c 2007-03-23 11:59:21.000000000 +0000 -@@ -35,11 +35,18 @@ - - #define AUTHORS "David MacKenzie" - -+#ifdef WITH_SELINUX -+#include /* for is_selinux_enabled() */ -+#endif -+ - /* The name this program was run with. */ - char *program_name; - - static struct option const longopts[] = - { -+#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'Z'}, -+#endif - {"mode", required_argument, NULL, 'm'}, - {"parents", no_argument, NULL, 'p'}, - {"verbose", no_argument, NULL, 'v'}, -@@ -61,6 +68,11 @@ - Create the DIRECTORY(ies), if they do not already exist.\n\ - \n\ - "), stdout); -+#ifdef WITH_SELINUX -+ printf (_("\ -+ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\ -+")); -+#endif - fputs (_("\ - Mandatory arguments to long options are mandatory for short options too.\n\ - "), stdout); -@@ -154,7 +166,11 @@ - - atexit (close_stdout); - -+#ifdef WITH_SELINUX -+ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1) -+#else - while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1) -+#endif - { - switch (optc) - { -@@ -167,6 +183,20 @@ - case 'v': /* --verbose */ - options.created_directory_format = _("created directory %s"); - break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !(is_selinux_enabled()>0)) { -+ fprintf( stderr, "Sorry, --context (-Z) can be used only on " -+ "a selinux-enabled kernel.\n" ); -+ exit( 1 ); -+ } -+ if (setfscreatecon(optarg)) { -+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg); -+ exit( 1 ); -+ } -+ break; -+#endif - case_GETOPT_HELP_CHAR; - case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); - default: ---- coreutils-6.9/src/stat.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/stat.c 2007-03-23 11:59:21.000000000 +0000 -@@ -55,6 +55,13 @@ - # include - #endif - -+#ifdef WITH_SELINUX -+#include -+#define SECURITY_ID_T security_context_t -+#else -+#define SECURITY_ID_T char * -+#endif -+ - #include "system.h" - - #include "error.h" -@@ -158,6 +165,7 @@ - }; - - static struct option const long_options[] = { -+ {"context", no_argument, 0, 'Z'}, - {"dereference", no_argument, NULL, 'L'}, - {"file-system", no_argument, NULL, 'f'}, - {"filesystem", no_argument, NULL, 'f'}, /* obsolete and undocumented alias */ -@@ -397,7 +405,7 @@ - /* print statfs info */ - static void - print_statfs (char *pformat, size_t prefix_len, char m, char const *filename, -- void const *data) -+ void const *data, SECURITY_ID_T scontext) - { - STRUCT_STATVFS const *statfsbuf = data; - -@@ -472,7 +480,10 @@ - case 'd': - out_int (pformat, prefix_len, statfsbuf->f_ffree); - break; -- -+ case 'C': -+ strcat (pformat, "s"); -+ printf(scontext); -+ break; - default: - fputc ('?', stdout); - break; -@@ -482,7 +493,7 @@ - /* print stat info */ - static void - print_stat (char *pformat, size_t prefix_len, char m, -- char const *filename, void const *data) -+ char const *filename, void const *data, SECURITY_ID_T scontext) - { - struct stat *statbuf = (struct stat *) data; - struct passwd *pw_ent; -@@ -595,6 +606,10 @@ - else - out_uint (pformat, prefix_len, statbuf->st_ctime); - break; -+ case 'C': -+ strcat (pformat, "s"); -+ printf(pformat,scontext); -+ break; - default: - fputc ('?', stdout); - break; -@@ -641,8 +656,9 @@ - - static void - print_it (char const *format, char const *filename, -- void (*print_func) (char *, size_t, char, char const *, void const *), -- void const *data) -+ void (*print_func) (char *, size_t, char, char const *, void const *, -+ SECURITY_ID_T ), -+ void const *data, SECURITY_ID_T scontext) - { - /* Add 2 to accommodate our conversion of the stat `%s' format string - to the longer printf `%llu' one. */ -@@ -683,7 +699,7 @@ - putchar ('%'); - break; - default: -- print_func (dest, len + 1, *fmt_char, filename, data); -+ print_func (dest, len + 1, *fmt_char, filename, data, scontext); - break; - } - break; -@@ -746,9 +762,21 @@ - - /* Stat the file system and print what we find. */ - static bool --do_statfs (char const *filename, bool terse, char const *format) -+do_statfs (char const *filename, bool terse, bool secure, char const *format) - { - STRUCT_STATVFS statfsbuf; -+ SECURITY_ID_T scontext = NULL; -+#ifdef WITH_SELINUX -+ if(is_selinux_enabled()) { -+ if (getfilecon(filename,&scontext)<0) { -+ if (secure) { -+ perror (filename); -+ return false; -+ } -+ scontext = NULL; -+ } -+ } -+#endif - - if (STATFS (filename, &statfsbuf) != 0) - { -@@ -759,25 +787,46 @@ - - if (format == NULL) - { -- format = (terse -- ? "%n %i %l %t %s %S %b %f %a %c %d\n" -- : " File: \"%n\"\n" -- " ID: %-8i Namelen: %-7l Type: %T\n" -- "Block size: %-10s Fundamental block size: %S\n" -- "Blocks: Total: %-10b Free: %-10f Available: %a\n" -- "Inodes: Total: %-10c Free: %d\n"); -+ if (terse) -+ { -+ if (secure) -+ format = "%n %i %l %t %s %S %b %f %a %c %d %C\n"; -+ else -+ format = "%n %i %l %t %s %S %b %f %a %c %d\n"; -+ } -+ else -+ { -+ if (secure) -+ format = " File: \"%n\"\n" -+ " ID: %-8i Namelen: %-7l Type: %T\n" -+ "Block size: %-10s Fundamental block size: %S\n" -+ "Blocks: Total: %-10b Free: %-10f Available: %a\n" -+ "Inodes: Total: %-10c Free: %d\n" -+ " S_Context: %C\n"; -+ else -+ format = " File: \"%n\"\n" -+ " ID: %-8i Namelen: %-7l Type: %T\n" -+ "Block size: %-10s Fundamental block size: %S\n" -+ "Blocks: Total: %-10b Free: %-10f Available: %a\n" -+ "Inodes: Total: %-10c Free: %d\n"; -+ } - } - -- print_it (format, filename, print_statfs, &statfsbuf); -+ print_it (format, filename, print_statfs, &statfsbuf, scontext); -+#ifdef WITH_SELINUX -+ if (scontext != NULL) -+ freecon(scontext); -+#endif - return true; - } - - /* stat the file and print what we find */ - static bool --do_stat (char const *filename, bool follow_links, bool terse, -+do_stat (char const *filename, bool follow_links, bool terse, bool secure, - char const *format) - { - struct stat statbuf; -+ SECURITY_ID_T scontext = NULL; - - if ((follow_links ? stat : lstat) (filename, &statbuf) != 0) - { -@@ -785,11 +834,29 @@ - return false; - } - -+#ifdef WITH_SELINUX -+ if(is_selinux_enabled()) { -+ int i; -+ if (!follow_links) -+ i=lgetfilecon(filename, &scontext); -+ else -+ i=getfilecon(filename, &scontext); -+ if (i == -1 && secure) -+ { -+ perror (filename); -+ return false; -+ } -+ } -+#endif -+ - if (format == NULL) - { - if (terse) - { -- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n"; -+ if (secure) -+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n"; -+ else -+ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n"; - } - else - { -@@ -807,16 +874,30 @@ - } - else - { -- format = -- " File: %N\n" -- " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" -- "Device: %Dh/%dd\tInode: %-10i Links: %h\n" -- "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" -- "Access: %x\n" "Modify: %y\n" "Change: %z\n"; -+ if (secure) -+ format = -+ " File: %N\n" -+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" -+ "Device: %Dh/%dd\tInode: %-10i Links: %-5h" -+ " Device type: %t,%T\n" -+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" -+ " S_Context: %C\n" -+ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; -+ else -+ format = -+ " File: %N\n" -+ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" -+ "Device: %Dh/%dd\tInode: %-10i Links: %h\n" -+ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" -+ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; - } - } - } -- print_it (format, filename, print_stat, &statbuf); -+ print_it (format, filename, print_stat, &statbuf, scontext); -+#ifdef WITH_SELINUX -+ if (scontext) -+ freecon(scontext); -+#endif - return true; - } - -@@ -833,6 +914,7 @@ - Display file or file system status.\n\ - \n\ - -L, --dereference follow links\n\ -+ -Z, --context print the security context \n\ - -f, --file-system display file system status instead of file status\n\ - "), stdout); - fputs (_("\ -@@ -892,6 +974,7 @@ - %c Total file nodes in file system\n\ - %d Free file nodes in file system\n\ - %f Free blocks in file system\n\ -+ %C - Security context in SELinux\n\ - "), stdout); - fputs (_("\ - %i File System ID in hex\n\ -@@ -916,6 +999,7 @@ - bool follow_links = false; - bool fs = false; - bool terse = false; -+ bool secure = false; - char *format = NULL; - bool ok = true; - -@@ -927,7 +1011,7 @@ - - atexit (close_stdout); - -- while ((c = getopt_long (argc, argv, "c:fLt", long_options, NULL)) != -1) -+ while ((c = getopt_long (argc, argv, "c:fLtZ", long_options, NULL)) != -1) - { - switch (c) - { -@@ -954,6 +1038,14 @@ - case 't': - terse = true; - break; -+ case 'Z': -+ if((is_selinux_enabled()>0)) -+ secure = 1; -+ else { -+ error (0, 0, _("Kernel is not SELinux enabled")); -+ usage (EXIT_FAILURE); -+ } -+ break; - - case_GETOPT_HELP_CHAR; - -@@ -972,8 +1064,8 @@ + case_GETOPT_HELP_CHAR; +@@ -1062,8 +1097,8 @@ main (int argc, char *argv[]) for (i = optind; i < argc; i++) ok &= (fs - ? do_statfs (argv[i], terse, format) -- : do_stat (argv[i], follow_links, terse, format)); +- : do_stat (argv[i], terse, format)); + ? do_statfs (argv[i], terse, secure, format) -+ : do_stat (argv[i], follow_links, terse, secure, format)); ++ : do_stat (argv[i], terse, secure, format)); exit (ok ? EXIT_SUCCESS : EXIT_FAILURE); } ---- coreutils-6.9/src/mkfifo.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/mkfifo.c 2007-03-23 11:59:21.000000000 +0000 -@@ -32,11 +32,18 @@ - - #define AUTHORS "David MacKenzie" - -+#ifdef WITH_SELINUX -+#include /* for is_selinux_enabled() */ -+#endif -+ - /* The name this program was run with. */ - char *program_name; - - static struct option const longopts[] = - { -+#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'Z'}, -+#endif - {"mode", required_argument, NULL, 'm'}, - {GETOPT_HELP_OPTION_DECL}, - {GETOPT_VERSION_OPTION_DECL}, -@@ -56,6 +63,11 @@ - Create named pipes (FIFOs) with the given NAMEs.\n\ - \n\ - "), stdout); -+#ifdef WITH_SELINUX -+ fputs (_("\ -+ -Z, --context=CONTEXT set security context (quoted string)\n\ -+"), stdout); -+#endif - fputs (_("\ - Mandatory arguments to long options are mandatory for short options too.\n\ - "), stdout); -@@ -85,13 +97,32 @@ - - atexit (close_stdout); - -- while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1) -+ while ((optc = getopt_long (argc, argv, "m:" -+#ifdef WITH_SELINUX -+ "Z:" -+#endif -+ , longopts, NULL)) != -1) - { - switch (optc) - { - case 'm': - specified_mode = optarg; - break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ if (!(is_selinux_enabled()>0)) -+ { -+ fprintf( stderr, "Sorry, --context (-Z) can be used only on " -+ "a selinux-enabled kernel.\n" ); -+ exit (1); -+ } -+ if (setfscreatecon(optarg)) -+ { -+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg); -+ exit (1); -+ } -+ break; -+#endif - case_GETOPT_HELP_CHAR; - case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); - default: ---- coreutils-6.9/src/mknod.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/mknod.c 2007-03-23 11:59:21.000000000 +0000 -@@ -36,8 +36,15 @@ - /* The name this program was run with. */ - char *program_name; - -+#ifdef WITH_SELINUX -+#include -+#endif -+ - static struct option const longopts[] = - { -+#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'Z'}, -+#endif - {"mode", required_argument, NULL, 'm'}, - {GETOPT_HELP_OPTION_DECL}, - {GETOPT_VERSION_OPTION_DECL}, -@@ -58,6 +65,11 @@ - Create the special file NAME of the given TYPE.\n\ - \n\ - "), stdout); -+#ifdef WITH_SELINUX -+ fputs(_("\ -+ -Z, --context=CONTEXT set security context (quoted string)\n\ -+"), stdout); -+#endif - fputs (_("\ - Mandatory arguments to long options are mandatory for short options too.\n\ - "), stdout); -@@ -101,13 +113,31 @@ - - atexit (close_stdout); - -+#ifdef WITH_SELINUX -+ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1) -+#else - while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1) -+#endif - { - switch (optc) - { - case 'm': - specified_mode = optarg; - break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !(is_selinux_enabled()>0)) { -+ fprintf( stderr, "Sorry, --context (-Z) can be used only on " -+ "a selinux-enabled kernel.\n" ); -+ exit( 1 ); -+ } -+ if (setfscreatecon(optarg)) { -+ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg); -+ exit( 1 ); -+ } -+ break; -+#endif - case_GETOPT_HELP_CHAR; - case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); - default: ---- coreutils-6.9/src/id.c.selinux 2007-03-23 11:59:21.000000000 +0000 -+++ coreutils-6.9/src/id.c 2007-03-23 11:59:21.000000000 +0000 -@@ -37,6 +37,20 @@ - - int getugroups (); - -+#ifdef WITH_SELINUX -+#include -+static void print_context (char* context); -+/* Print the SELinux context */ -+static void -+print_context(char *context) -+{ -+ printf ("%s", context); -+} -+ -+/* If nonzero, output only the SELinux context. -Z */ -+static int just_context = 0; -+ -+#endif - static void print_user (uid_t uid); - static void print_group (gid_t gid); - static void print_group_list (const char *username); -@@ -55,8 +69,14 @@ - /* True unless errors have been encountered. */ - static bool ok = true; - -+/* The SELinux context */ -+/* Set `context' to a known invalid value so print_full_info() will * -+ * know when `context' has not been set to a meaningful value. */ -+static security_context_t context=NULL; -+ - static struct option const longopts[] = - { -+ {"context", no_argument, NULL, 'Z'}, - {"group", no_argument, NULL, 'g'}, - {"groups", no_argument, NULL, 'G'}, - {"name", no_argument, NULL, 'n'}, -@@ -80,6 +100,7 @@ - Print information for USERNAME, or the current user.\n\ - \n\ - -a ignore, for compatibility with other versions\n\ -+ -Z, --context print only the context of the current process\n\ - -g, --group print only the effective group ID\n\ - -G, --groups print all group IDs\n\ - -n, --name print a name instead of a number, for -ugG\n\ -@@ -101,6 +122,7 @@ - main (int argc, char **argv) - { - int optc; -+ int selinux_enabled=(is_selinux_enabled()>0); - - /* If true, output the list of all group IDs. -G */ - bool just_group_list = false; -@@ -119,13 +141,24 @@ - - atexit (close_stdout); - -- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1) -+ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1) - { - switch (optc) - { - case 'a': - /* Ignore -a, for compatibility with SVR4. */ - break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !selinux_enabled ) { -+ fprintf( stderr, "Sorry, --context (-Z) can be used only on " -+ "a selinux-enabled kernel.\n" ); -+ exit( 1 ); -+ } -+ just_context = 1; -+ break; -+#endif - case 'g': - just_group = true; - break; -@@ -148,8 +181,28 @@ - } - } - -- if (just_user + just_group + just_group_list > 1) -- error (EXIT_FAILURE, 0, _("cannot print only user and only group")); -+#ifdef WITH_SELINUX -+ if (argc - optind == 1) -+ if (just_context) error (1, 0, _("\ -+cannot print security context when user specified")); -+ -+ if( just_context && !selinux_enabled) -+ error (1, 0, _("\ -+cannot display context when selinux not enabled")); -+ -+ /* If we are on a selinux-enabled kernel, get our context. * -+ * Otherwise, leave the context variable alone - it has * -+ * been initialized known invalid value; if we see this invalid * -+ * value later, we will know we are on a non-selinux kernel. */ -+ if( selinux_enabled ) -+ { -+ if (getcon(&context) && just_context) -+ error (1, 0, "can't get process context"); -+ } -+#endif -+ -+ if (just_user + just_group + just_group_list + just_context > 1) -+ error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice")); - - if (just_user + just_group + just_group_list == 0 && (use_real | use_name)) - error (EXIT_FAILURE, 0, -@@ -183,6 +236,10 @@ - print_group (use_real ? rgid : egid); - else if (just_group_list) - print_group_list (argv[optind]); -+#ifdef WITH_SELINUX -+ else if (just_context) -+ print_context (context); -+#endif - else - print_full_info (argv[optind]); - putchar ('\n'); -@@ -407,4 +464,9 @@ - free (groups); - } - #endif /* HAVE_GETGROUPS */ -+#ifdef WITH_SELINUX -+ if ( context != NULL ) { -+ printf(" context=%s",context); -+ } -+#endif - } ---- coreutils-6.9/src/mv.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/mv.c 2007-03-23 11:59:21.000000000 +0000 -@@ -33,6 +33,11 @@ - #include "quote.h" - #include "remove.h" - -+#ifdef WITH_SELINUX -+#include /* for is_selinux_enabled() */ -+int selinux_enabled=0; -+#endif -+ - /* The official name of this program (e.g., no `g' prefix). */ - #define PROGRAM_NAME "mv" - -@@ -126,6 +131,10 @@ - x->preserve_links = true; - x->preserve_mode = true; - x->preserve_timestamps = true; -+#ifdef WITH_SELINUX -+ x->preserve_security_context = true; -+ x->set_security_context = false; -+#endif - x->require_preserve = false; /* FIXME: maybe make this an option */ - x->recursive = true; - x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */ -@@ -357,6 +366,10 @@ - - cp_option_init (&x); - -+#ifdef WITH_SELINUX -+ selinux_enabled= (is_selinux_enabled()>0); -+#endif -+ - /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless - we'll actually use backup_suffix_string. */ - backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); ---- /dev/null 2007-03-23 08:54:03.819414923 +0000 -+++ coreutils-6.9/src/runcon.c 2007-03-23 11:59:21.000000000 +0000 -@@ -0,0 +1,252 @@ -+/* -+ * runcon [ context | -+ * ( [ -c ] [ -r role ] [-t type] [ -u user ] [ -l levelrange ] ) -+ * command [arg1 [arg2 ...] ] -+ * -+ * attempt to run the specified command with the specified context. -+ * -+ * -r role : use the current context with the specified role -+ * -t type : use the current context with the specified type -+ * -u user : use the current context with the specified user -+ * -l level : use the current context with the specified level range -+ * -c : compute process transition context before modifying -+ * -+ * Contexts are interpreted as follows: -+ * -+ * Number of MLS -+ * components system? -+ * -+ * 1 - type -+ * 2 - role:type -+ * 3 Y role:type:range -+ * 3 N user:role:type -+ * 4 Y user:role:type:range -+ * 4 N error -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "system.h" -+extern int errno; -+ -+/* The name the program was run with. */ -+char *program_name; -+ -+/* If nonzero, display usage information and exit. */ -+static int show_help; -+ -+/* If nonzero, print the version on standard output and exit. */ -+static int show_version; -+ -+void -+usage(int status) -+{ -+ printf(_("Usage: %s CONTEXT COMMAND [args]\n" -+ " or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n" -+ "Run a program in a different security context.\n\n" -+ " CONTEXT Complete security context\n" -+ " -c, --compute compute process transition context before modifying\n" -+ " -t, --type=TYPE type (for same role as parent)\n" -+ " -u, --user=USER user identity\n" -+ " -r, --role=ROLE role\n" -+ " -l, --range=RANGE levelrange\n" -+ " --help display this help and exit\n" -+ " --version output version information and exit\n"), -+ program_name, program_name); -+ exit(status); -+} -+ -+int -+main(int argc,char **argv,char **envp ) -+{ -+ char *role = 0; -+ char *range = 0; -+ char *user = 0; -+ char *type = 0; -+ char *context = NULL; -+ security_context_t cur_context = NULL; -+ security_context_t file_context = NULL; -+ security_context_t new_context = NULL; -+ int compute_trans = 0; -+ -+ context_t con; -+ -+ program_name = argv[0]; -+ setlocale (LC_ALL, ""); -+ bindtextdomain (PACKAGE, LOCALEDIR); -+ textdomain (PACKAGE); -+ -+ while (1) { -+ int this_option_optind = optind ? optind : 1; -+ int option_index = 0; -+ static struct option long_options[] = { -+ { "role", 1, 0, 'r' }, -+ { "type", 1, 0, 't' }, -+ { "user", 1, 0, 'u' }, -+ { "range", 1, 0, 'l' }, -+ { "compute", 0, 0, 'c' }, -+ { "help", 0, &show_help, 1 }, -+ { "version", 0, &show_version, 1 }, -+ { 0, 0, 0, 0 } -+ }; -+ int c = getopt_long(argc, argv, "+r:t:u:l:c", long_options, &option_index); -+ if ( c == -1 ) { -+ break; -+ } -+ switch ( c ) { -+ case 0: -+ break; -+ case 'r': -+ if ( role ) { -+ fprintf(stderr,_("multiple roles\n")); -+ exit(1); -+ } -+ role = optarg; -+ break; -+ case 't': -+ if ( type ) { -+ fprintf(stderr,_("multiple types\n")); -+ exit(1); -+ } -+ type = optarg; -+ break; -+ case 'u': -+ if ( user ) { -+ fprintf(stderr,_("multiple users\n")); -+ exit(1); -+ } -+ user = optarg; -+ break; -+ case 'l': -+ if ( range ) { -+ fprintf(stderr,_("multiple levelranges\n")); -+ exit(1); -+ } -+ range = optarg; -+ break; -+ case 'c': -+ compute_trans = 1; -+ break; -+ default: -+ usage(1); -+ break; -+ } -+ } -+ -+ if (show_version) { -+ printf("runcon (%s) %s\n", GNU_PACKAGE, VERSION); -+ exit(0); -+ } -+ -+ if (show_help) -+ usage(0); -+ -+ if ( !(user || role || type || range || compute_trans)) { -+ if ( optind >= argc ) { -+ fprintf(stderr,_("must specify -c, -t, -u, -l, -r, or context\n")); -+ usage(1); -+ } -+ context = argv[optind++]; -+ } -+ -+ if ( optind >= argc ) { -+ fprintf(stderr,_("no command found\n")); -+ usage(1); -+ } -+ -+ if( is_selinux_enabled() != 1 ) { -+ fprintf( stderr, -+ _("runcon may be used only on a SELinux kernel.\n") ); -+ exit(-1); -+ } -+ -+ if ( context ) { -+ con = context_new(context); -+ if (!con) { -+ fprintf(stderr,_("%s is not a valid context\n"), context); -+ exit(1); -+ } -+ } -+ else { -+ if (getcon(&cur_context) < 0) { -+ fprintf(stderr,_("Couldn't get current context.\n")); -+ exit(1); -+ } -+ -+ /* We will generate context based on process transition */ -+ if ( compute_trans ) { -+ /* Get context of file to be executed */ -+ if (getfilecon(argv[optind], &file_context) == -1) { -+ fprintf(stderr,_("unable to retrieve attributes of %s\n"), -+ argv[optind]); -+ exit(1); -+ } -+ /* compute result of process transition */ -+ if (security_compute_create(cur_context, file_context, -+ SECCLASS_PROCESS, &new_context) != 0) { -+ fprintf(stderr,_("unable to compute a new context\n")); -+ exit(1); -+ } -+ /* free contexts */ -+ freecon(file_context); -+ freecon(cur_context); -+ -+ /* set cur_context equal to new_context */ -+ cur_context = new_context; -+ } -+ -+ con = context_new(cur_context); -+ if (!con) { -+ fprintf(stderr,_("%s is not a valid context\n"), cur_context); -+ exit(1); -+ } -+ if ( user ) { -+ if ( context_user_set(con,user)) { -+ fprintf(stderr,_("failed to set new user %s\n"),user); -+ exit(1); -+ } -+ } -+ if ( type ) { -+ if ( context_type_set(con,type)) { -+ fprintf(stderr,_("failed to set new type %s\n"),type); -+ exit(1); -+ } -+ } -+ if ( range ) { -+ if ( context_range_set(con,range)) { -+ fprintf(stderr,_("failed to set new range %s\n"),range); -+ exit(1); -+ } -+ } -+ if ( role ) { -+ if (context_role_set(con,role)) { -+ fprintf(stderr,_("failed to set new role %s\n"),role); -+ exit(1); -+ } -+ } -+ } -+ -+ if (security_check_context(context_str(con)) < 0) { -+ fprintf(stderr, _("%s is not a valid context\n"), context_str(con)); -+ exit(1); -+ } -+ -+ if (setexeccon(context_str(con))!=0) { -+ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con)); -+ exit(1); -+ } -+ if (cur_context!=NULL) -+ freecon(cur_context); -+ -+ if ( execvp(argv[optind],argv+optind) ) { -+ perror("execvp"); -+ exit(1); -+ } -+ return 1; /* can't reach this statement.... */ -+} ---- coreutils-6.9/src/copy.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/copy.c 2007-03-23 12:00:30.000000000 +0000 -@@ -54,6 +54,11 @@ - #include "xreadlink.h" - #include "yesno.h" - -+#ifdef WITH_SELINUX -+#include /* for is_selinux_enabled() */ -+extern int selinux_enabled; -+#endif -+ - #ifndef HAVE_FCHOWN - # define HAVE_FCHOWN false - # define fchown(fd, uid, gid) (-1) -@@ -302,6 +307,30 @@ - { - dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY); - -+#ifdef WITH_SELINUX -+ if (dest_desc >= 0 && selinux_enabled && -+ (x->preserve_security_context || x->set_security_context)) -+ { -+ security_context_t con; -+ if(getfscreatecon(&con) == -1) -+ { -+ return_val = false; -+ goto close_src_desc; -+ } -+ -+ if (con) -+ { -+ if(fsetfilecon(dest_desc, con) == -1) -+ { -+ return_val = false; -+ freecon(con); -+ goto close_src_desc; -+ } -+ freecon(con); -+ } -+ } -+#endif -+ - if (dest_desc < 0 && x->unlink_dest_after_failed_open) - { - if (unlink (dst_name) != 0) -@@ -1539,6 +1568,32 @@ - In such cases, set this variable to zero. */ - preserve_metadata = true; - -+#ifdef WITH_SELINUX -+ if (x->preserve_security_context && selinux_enabled) -+ { -+ security_context_t con; -+ -+ if (lgetfilecon (src_name, &con) >= 0) -+ { -+ if (setfscreatecon(con) < 0) -+ { -+ error (0, errno, _("cannot set setfscreatecon %s"), quote (con)); -+ if (x->require_preserve) { -+ freecon(con); -+ return 1; -+ } -+ } -+ freecon(con); -+ } -+ else { -+ if (( errno != ENOTSUP ) && ( errno != ENODATA )) { -+ error (0, errno, _("cannot lgetfilecon %s"), quote (src_name)); -+ return 1; -+ } -+ } -+ } -+#endif -+ - if (S_ISDIR (src_mode)) - { - struct dir_list *dir; -@@ -1614,6 +1669,10 @@ - { - /* Here, we are crossing a file system boundary and cp's -x option - is in effect: so don't copy the contents of this directory. */ -+#ifdef WITH_SELINUX -+ if (x->preserve_security_context && selinux_enabled) -+ setfscreatecon(NULL); -+#endif - } - else - { -@@ -1762,6 +1821,11 @@ - } - } - -+#ifdef WITH_SELINUX -+ if (x->preserve_security_context && selinux_enabled) -+ setfscreatecon(NULL); -+#endif -+ - /* There's no need to preserve timestamps or permissions. */ - preserve_metadata = false; - -@@ -1895,6 +1959,11 @@ - - un_backup: - -+#ifdef WITH_SELINUX -+ if (x->preserve_security_context && selinux_enabled) -+ setfscreatecon(NULL); -+#endif -+ - /* We have failed to create the destination file. - If we've just added a dev/ino entry via the remember_copied - call above (i.e., unless we've just failed to create a hard link), ---- coreutils-6.9/src/install.c.selinux 2007-03-18 21:36:43.000000000 +0000 -+++ coreutils-6.9/src/install.c 2007-03-23 11:59:21.000000000 +0000 -@@ -49,6 +49,43 @@ - # include - #endif - -+#ifdef WITH_SELINUX -+#include /* for is_selinux_enabled() */ -+int selinux_enabled=0; -+static int use_default_selinux_context = 1; -+/* Modify file context to match the specified policy, -+ If an error occurs the file will remain with the default directory -+ context.*/ -+static void setdefaultfilecon(const char *path) { -+ struct stat st; -+ security_context_t scontext=NULL; -+ if (selinux_enabled != 1) { -+ /* Indicate no context found. */ -+ return; -+ } -+ if (lstat(path, &st) != 0) -+ return; -+ -+ /* If there's an error determining the context, or it has none, -+ return to allow default context */ -+ if ((matchpathcon(path, st.st_mode, &scontext) != 0) || -+ (strcmp(scontext, "<>") == 0)) { -+ if (scontext != NULL) { -+ freecon(scontext); -+ } -+ return; -+ } -+ if (lsetfilecon(path, scontext) < 0) { -+ if (errno != ENOTSUP) { -+ error (0, errno, -+ _("warning: failed to change context of %s to %s"), path, scontext); -+ } -+ } -+ freecon(scontext); -+ return; -+} -+#endif -+ - #if ! HAVE_ENDGRENT - # define endgrent() ((void) 0) - #endif -@@ -124,12 +161,18 @@ - static struct option const long_options[] = - { - {"backup", optional_argument, NULL, 'b'}, -+#ifdef WITH_SELINUX -+ {"context", required_argument, NULL, 'Z'}, -+#endif - {"directory", no_argument, NULL, 'd'}, - {"group", required_argument, NULL, 'g'}, - {"mode", required_argument, NULL, 'm'}, - {"no-target-directory", no_argument, NULL, 'T'}, - {"owner", required_argument, NULL, 'o'}, - {"preserve-timestamps", no_argument, NULL, 'p'}, -+#ifdef WITH_SELINUX -+ {"preserve_context", no_argument, NULL, 'P'}, -+#endif - {"strip", no_argument, NULL, 's'}, - {"suffix", required_argument, NULL, 'S'}, - {"target-directory", required_argument, NULL, 't'}, -@@ -169,6 +212,10 @@ - x->stdin_tty = false; - - x->update = false; -+#ifdef WITH_SELINUX -+ x->preserve_security_context = false; -+ x->set_security_context = false; -+#endif - x->verbose = false; - x->dest_info = NULL; - x->src_info = NULL; -@@ -222,6 +269,10 @@ - bool no_target_directory = false; - int n_files; - char **file; -+#ifdef WITH_SELINUX -+ /* set iff kernel has extra selinux system calls */ -+ selinux_enabled = (is_selinux_enabled()>0); -+#endif - - initialize_main (&argc, &argv); - program_name = argv[0]; -@@ -243,7 +294,11 @@ - we'll actually use backup_suffix_string. */ - backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); - -+#ifdef WITH_SELINUX -+ while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pPt:TvS:Z:", long_options, -+#else - while ((optc = getopt_long (argc, argv, "bcsDdg:m:o:pt:TvS:", long_options, -+#endif - NULL)) != -1) - { - switch (optc) -@@ -305,6 +360,41 @@ - case 'T': - no_target_directory = true; - break; -+#ifdef WITH_SELINUX -+ case 'P': -+ /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !selinux_enabled ) { -+ fprintf( stderr, "Warning: ignoring --preserve_context (-P) " -+ "because the kernel is not selinux-enabled.\n" ); -+ break; -+ } -+ if ( x.set_security_context ) { -+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); -+ exit( 1 ); -+ } -+ x.preserve_security_context = true; -+ use_default_selinux_context = 0; -+ break ; -+ case 'Z': -+ /* politely decline if we're not on a selinux-enabled kernel. */ -+ if( !selinux_enabled) { -+ fprintf( stderr, "Warning: ignoring --context (-Z) " -+ "because the kernel is not selinux-enabled.\n" ); -+ break; -+ } -+ if ( x.preserve_security_context ) { -+ -+ (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg); -+ exit( 1 ); -+ } -+ use_default_selinux_context = 0; -+ x.set_security_context = true; -+ if (setfscreatecon(optarg)) { -+ (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], optarg); -+ exit(1); -+ } -+ break; -+#endif - case_GETOPT_HELP_CHAR; - case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); - default: -@@ -503,6 +591,7 @@ - static bool - change_attributes (char const *name) - { -+ bool ok = false; - /* chown must precede chmod because on some systems, - chown clears the set[ug]id bits for non-superusers, - resulting in incorrect permissions. -@@ -521,9 +610,14 @@ - else if (chmod (name, mode) != 0) - error (0, errno, _("cannot change permissions of %s"), quote (name)); - else -- return true; -+ ok = true; -+ -+#ifdef WITH_SELINUX -+ if (use_default_selinux_context) -+ setdefaultfilecon (name); -+#endif - -- return false; -+ return ok; - } - - /* Set the timestamps of file TO to match those of file FROM. -@@ -687,6 +781,11 @@ - -T, --no-target-directory treat DEST as a normal file\n\ - -v, --verbose print the name of each directory as it is created\n\ - "), stdout); -+ fputs (_("\ -+ -P, --preserve_context (SELinux) Preserve security context\n\ -+ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\ -+"), stdout); -+ - fputs (HELP_OPTION_DESCRIPTION, stdout); - fputs (VERSION_OPTION_DESCRIPTION, stdout); - fputs (_("\ ---- coreutils-6.9/configure.ac.selinux 2007-03-23 11:59:21.000000000 +0000 -+++ coreutils-6.9/configure.ac 2007-03-23 11:59:21.000000000 +0000 -@@ -48,6 +48,13 @@ - LIB_PAM="-ldl -lpam -lpam_misc" - AC_SUBST(LIB_PAM)]) - -+dnl Give the chance to enable SELINUX -+AC_ARG_ENABLE(selinux, dnl -+[ --enable-selinux Enable use of the SELINUX libraries], -+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) -+LIB_SELINUX="-lselinux" -+AC_SUBST(LIB_SELINUX)]) -+ - AC_CHECK_FUNCS(uname, - OPTIONAL_BIN_PROGS="$OPTIONAL_BIN_PROGS uname\$(EXEEXT)" - MAN="$MAN uname.1") ---- coreutils-6.9/man/stat.1.selinux 2007-03-22 21:21:53.000000000 +0000 -+++ coreutils-6.9/man/stat.1 2007-03-23 11:59:21.000000000 +0000 -@@ -28,6 +28,9 @@ - \fB\-t\fR, \fB\-\-terse\fR - print the information in terse form - .TP -+\fB\-Z\fR, \fB\-\-context\fR -+print security context information for SELinux if available. -+.TP - \fB\-\-help\fR - display this help and exit - .TP -@@ -51,6 +54,9 @@ - %d - Device number in decimal - .TP -+%C -+SELinux security context -+.TP - %D - Device number in hex - .TP ---- /dev/null 2007-03-23 08:54:03.819414923 +0000 -+++ coreutils-6.9/man/chcon.x 2007-03-23 11:59:21.000000000 +0000 -@@ -0,0 +1,4 @@ -+[NAME] -+chcon \- change file security context -+[DESCRIPTION] -+.\" Add any additional description here ---- /dev/null 2007-03-23 08:54:03.819414923 +0000 -+++ coreutils-6.9/man/chcon.1 2007-03-23 11:59:21.000000000 +0000 -@@ -0,0 +1,64 @@ -+.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands" -+.SH NAME -+chcon \- change SELinux security context -+.SH SYNOPSIS -+.B chcon -+[\fIOPTION\fR]...\fI CONTEXT FILE\fR... -+.br -+.B chcon -+[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR... -+.SH DESCRIPTION -+.PP -+." Add any additional description here -+.PP -+Change the security context of each FILE to CONTEXT. -+.TP -+\fB\-c\fR, \fB\-\-changes\fR -+like verbose but report only when a change is made -+.TP -+\fB\-h\fR, \fB\-\-no\-dereference\fR -+affect symbolic links instead of any referenced file (available only on systems with lchown system call) -+.TP -+\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR -+suppress most error messages -+.TP -+\fB\-l\fR, \fB\-\-range\fR -+set range RANGE in the target security context -+.TP -+\fB\-\-reference\fR=\fIRFILE\fR -+use RFILE's context instead of using a CONTEXT value -+.TP -+\fB\-R\fR, \fB\-\-recursive\fR -+change files and directories recursively -+.TP -+\fB\-r\fR, \fB\-\-role\fR -+set role ROLE in the target security context -+.TP -+\fB\-t\fR, \fB\-\-type\fR -+set type TYPE in the target security context -+.TP -+\fB\-u\fR, \fB\-\-user\fR -+set user USER in the target security context -+.TP -+\fB\-v\fR, \fB\-\-verbose\fR -+output a diagnostic for every file processed -+.TP -+\fB\-\-help\fR -+display this help and exit -+.TP -+\fB\-\-version\fR -+output version information and exit -+.SH "REPORTING BUGS" -+Report bugs to . -+.SH "SEE ALSO" -+The full documentation for -+.B chcon -+is maintained as a Texinfo manual. If the -+.B info -+and -+.B chcon -+programs are properly installed at your site, the command -+.IP -+.B info chcon -+.PP -+should give you access to the complete manual. ---- coreutils-6.9/man/dir.1.selinux 2007-03-22 21:21:48.000000000 +0000 -+++ coreutils-6.9/man/dir.1 2007-03-23 11:59:21.000000000 +0000 -@@ -205,6 +205,20 @@ - .TP - \fB\-1\fR - list one file per line -+.PP -+SELINUX options: -+.TP -+\fB\-\-lcontext\fR -+Display security context. Enable \fB\-l\fR. Lines -+will probably be too wide for most displays. -+.TP -+\fB\-\-context\fR -+Display security context so it fits on most -+displays. Displays only mode, user, group, -+security context and file name. -+.TP -+\fB\-\-scontext\fR -+Display only security context and file name. - .TP - \fB\-\-help\fR - display this help and exit ---- coreutils-6.9/man/mkfifo.1.selinux 2007-03-22 21:21:51.000000000 +0000 -+++ coreutils-6.9/man/mkfifo.1 2007-03-23 11:59:21.000000000 +0000 -@@ -12,6 +12,9 @@ - .PP - Mandatory arguments to long options are mandatory for short options too. - .TP -+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR -+set security context (quoted string) -+.TP - \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR - set file permission bits to MODE, not a=rw \- umask - .TP ---- coreutils-6.9/man/Makefile.am.selinux 2007-03-23 11:59:21.000000000 +0000 -+++ coreutils-6.9/man/Makefile.am 2007-03-23 11:59:21.000000000 +0000 -@@ -29,7 +29,7 @@ - shred.1 shuf.1 sleep.1 sort.1 split.1 stat.1 \ - su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \ - tty.1 unexpand.1 uniq.1 unlink.1 vdir.1 wc.1 \ -- whoami.1 yes.1 $(MAN) -+ whoami.1 yes.1 chcon.1 runcon.1 $(MAN) - optional_mans = \ - chroot.1 hostid.1 nice.1 pinky.1 stty.1 uname.1 uptime.1 users.1 who.1 - -@@ -141,6 +141,8 @@ - who.1: $(common_dep) $(srcdir)/who.x ../src/who.c - whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c - yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c -+chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c -+runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c - - SUFFIXES = .x .1 - ---- coreutils-6.9/man/cp.1.selinux 2007-03-22 21:21:47.000000000 +0000 -+++ coreutils-6.9/man/cp.1 2007-03-23 11:59:21.000000000 +0000 -@@ -57,7 +57,7 @@ - .TP - \fB\-\-preserve\fR[=\fIATTR_LIST\fR] - preserve the specified attributes (default: --mode,ownership,timestamps), if possible -+mode,ownership,timestamps) and security contexts, if possible - additional attributes: links, all - .TP - \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR -@@ -106,6 +106,9 @@ - \fB\-\-help\fR - display this help and exit - .TP -+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR -+set security context of copy to CONTEXT -+.TP - \fB\-\-version\fR - output version information and exit - .PP ---- coreutils-6.9/man/id.1.selinux 2007-03-22 21:21:50.000000000 +0000 -+++ coreutils-6.9/man/id.1 2007-03-23 11:59:21.000000000 +0000 -@@ -13,6 +13,9 @@ - \fB\-a\fR - ignore, for compatibility with other versions - .TP -+\fB\-Z\fR, \fB\-\-context\fR -+print only the security context of the current process -+.TP - \fB\-g\fR, \fB\-\-group\fR - print only the effective group ID - .TP ---- /dev/null 2007-03-23 08:54:03.819414923 +0000 -+++ coreutils-6.9/man/runcon.x 2007-03-23 11:59:21.000000000 +0000 -@@ -0,0 +1,14 @@ -+[NAME] -+runcon \- run command with specified security context -+[DESCRIPTION] -+Run COMMAND with completely-specified CONTEXT, or with current or -+transitioned security context modified by one or more of LEVEL, -+ROLE, TYPE, and USER. -+.PP -+If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified, -+the first argument is used as the complete context. Any additional -+arguments after \fICOMMAND\fR are interpreted as arguments to the -+command. -+.PP -+Note that only carefully-chosen contexts are likely to successfully -+run. ---- /dev/null 2007-03-23 08:54:03.819414923 +0000 -+++ coreutils-6.9/man/runcon.1 2007-03-23 11:59:21.000000000 +0000 -@@ -0,0 +1,45 @@ -+.TH RUNCON "1" "February 2005" "runcon (coreutils) 5.0" "selinux" -+.SH NAME -+runcon \- run command with specified SELinux security context -+.SH SYNOPSIS -+.B runcon -+[\fI-c\fR] [\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR] -+.PP -+or -+.PP -+.B runcon -+\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR] -+.PP -+.br -+.SH DESCRIPTION -+.PP -+.\" Add any additional description here -+.PP -+Run COMMAND with completely-specified CONTEXT, or with current or -+transitioned security context modified by one or more of LEVEL, -+ROLE, TYPE, and USER. -+.TP -+\fB\-c\fR -+compute process transition before modifying context -+.TP -+\fB\-t\fR -+change current type to the specified type -+.TP -+\fB\-l\fR -+change current level range to the specified range -+.TP -+\fB\-r\fR -+change current role to the specified role -+.TP -+\fB\-u\fR -+change current user to the specified user -+.TP -+\fB\-\-\fR -+The \fB\-\-\fR flag indicates that \fBruncon\fR should stop processing command -+line arguments. Further arguments will be passed to COMMAND. -+.PP -+If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified, -+the first argument is used as the complete context. -+.PP -+Note that only carefully-chosen contexts are likely to successfully -+run. ---- coreutils-6.9/man/mknod.1.selinux 2007-03-22 21:21:51.000000000 +0000 -+++ coreutils-6.9/man/mknod.1 2007-03-23 11:59:21.000000000 +0000 -@@ -12,6 +12,9 @@ - .PP - Mandatory arguments to long options are mandatory for short options too. - .TP -+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR -+set security context (quoted string) -+.TP - \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR - set file permission bits to MODE, not a=rw \- umask - .TP ---- coreutils-6.9/man/ls.1.selinux 2007-03-22 21:21:51.000000000 +0000 -+++ coreutils-6.9/man/ls.1 2007-03-23 11:59:21.000000000 +0000 -@@ -205,6 +205,20 @@ - .TP - \fB\-1\fR - list one file per line -+.PP -+SELinux options: -+.TP -+\fB\-\-lcontext\fR -+Display security context. Enable \fB\-l\fR. Lines -+will probably be too wide for most displays. -+.TP -+\fB\-Z\fR, \fB\-\-context\fR -+Display security context so it fits on most -+displays. Displays only mode, user, group, -+security context and file name. -+.TP -+\fB\-\-scontext\fR -+Display only security context and file name. - .TP - \fB\-\-help\fR - display this help and exit ---- coreutils-6.9/man/mkdir.1.selinux 2007-03-22 21:21:51.000000000 +0000 -+++ coreutils-6.9/man/mkdir.1 2007-03-23 11:59:21.000000000 +0000 -@@ -12,6 +12,8 @@ - .PP - Mandatory arguments to long options are mandatory for short options too. - .TP -+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT -+.TP - \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR - set file mode (as in chmod), not a=rwx \- umask - .TP ---- coreutils-6.9/man/vdir.1.selinux 2007-03-22 21:21:55.000000000 +0000 -+++ coreutils-6.9/man/vdir.1 2007-03-23 11:59:21.000000000 +0000 -@@ -205,6 +205,20 @@ - .TP - \fB\-1\fR - list one file per line -+.PP -+SELINUX options: -+.TP -+\fB\-\-lcontext\fR -+Display security context. Enable \fB\-l\fR. Lines -+will probably be too wide for most displays. -+.TP -+\fB\-\-context\fR -+Display security context so it fits on most -+displays. Displays only mode, user, group, -+security context and file name. -+.TP -+\fB\-\-scontext\fR -+Display only security context and file name. - .TP - \fB\-\-help\fR - display this help and exit ---- coreutils-6.9/man/install.1.selinux 2007-03-22 21:21:50.000000000 +0000 -+++ coreutils-6.9/man/install.1 2007-03-23 11:59:21.000000000 +0000 -@@ -67,6 +67,11 @@ - .TP - \fB\-v\fR, \fB\-\-verbose\fR - print the name of each directory as it is created -+.HP -+\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context -+.TP -+\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR -+(SELinux) Set security context of files and directories - .TP - \fB\-\-help\fR - display this help and exit ---- coreutils-6.9/README.selinux 2007-03-23 11:59:21.000000000 +0000 -+++ coreutils-6.9/README 2007-03-23 11:59:21.000000000 +0000 -@@ -7,11 +7,11 @@ - - The programs that can be built with this package are: +diff -urp coreutils-6.10-orig/tests/misc/selinux coreutils-6.10/tests/misc/selinux +--- coreutils-6.10-orig/tests/misc/selinux 2008-01-11 11:34:22.000000000 +0100 ++++ coreutils-6.10/tests/misc/selinux 2008-01-25 18:17:59.000000000 +0100 +@@ -32,7 +32,7 @@ chcon $ctx f d p 2>/dev/null || { + + # inspect that context with both ls -Z and stat. + for i in d f p; do +- c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1 ++ c=`ls -dogZ $i|cut -d' ' -f4`; test x$c = x$ctx || fail=1 + c=`stat --printf %C $i`; test x$c = x$ctx || fail=1 + done -- [ base64 basename cat chgrp chmod chown chroot cksum comm cp csplit cut date -+ [ base64 basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date - dd df dir dircolors dirname du echo env expand expr factor false fmt fold - ginstall groups head hostid hostname id join kill link ln logname ls - md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr -- printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum sha256sum -+ printenv printf ptx pwd readlink rm rmdir runcon runuser seq sha1sum sha224sum sha256sum - sha384sum sha512sum shred shuf sleep sort split stat stty su sum sync tac - tail tee test touch tr true tsort tty uname unexpand uniq unlink uptime - users vdir wc who whoami yes diff --git a/coreutils-split-pam.patch b/coreutils-split-pam.patch index 4d36447..6052bc4 100644 --- a/coreutils-split-pam.patch +++ b/coreutils-split-pam.patch @@ -28,3 +28,30 @@ diff -uNrp -x '*~' coreutils-5.97-orig/src/su.c coreutils-5.97/src/su.c PAM_BAIL_P; #ifndef RUNUSER +diff -urp coreutils-6.10-orig/doc/coreutils.info coreutils-6.10/doc/coreutils.info +--- coreutils-6.10-orig/doc/coreutils.info 2008-01-22 00:32:44.000000000 +0100 ++++ coreutils-6.10/doc/coreutils.info 2008-01-24 17:17:04.000000000 +0100 +@@ -11006,7 +11006,8 @@ options::. + set, even for the super-user, as described above), and set `PATH' + to a compiled-in default value. Change to USER's home directory. + Prepend `-' to the shell's name, intended to make it read its +- login startup file(s). ++ login startup file(s). When this option is given, /etc/pam.d/su-l ++ PAM file is used instead of the default one. + + `-m' + `-p' +diff -urp coreutils-6.10-orig/doc/coreutils.texi coreutils-6.10/doc/coreutils.texi +--- coreutils-6.10-orig/doc/coreutils.texi 2008-01-24 16:50:57.000000000 +0100 ++++ coreutils-6.10/doc/coreutils.texi 2008-01-24 17:12:58.000000000 +0100 +@@ -13670,7 +13670,9 @@ the exit status of @var{command} otherwi + + @command{su} allows one user to temporarily become another user. It runs a + command (often an interactive shell) with the real and effective user +-ID, group ID, and supplemental groups of a given @var{user}. Synopsis: ++ID, group ID, and supplemental groups of a given @var{user}. When the -l ++option is given, the su-l PAM file is used instead of the default su PAM file. ++Synopsis: + + @example + su [@var{option}]@dots{} [@var{user} [@var{arg}]@dots{}] diff --git a/coreutils.spec b/coreutils.spec index f5e5007..28b4a7b 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,14 +1,15 @@ Summary: The GNU core utilities: a set of tools commonly used in shell scripts Name: coreutils -Version: 6.9 -Release: 17%{?dist} -License: GPLv2+ +Version: 6.10 +Release: 1%{?dist} +License: GPLv3+ Group: System Environment/Base Url: http://www.gnu.org/software/coreutils/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Source0: ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.bz2 +Source0: ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.lzma Source101: coreutils-DIR_COLORS Source102: coreutils-DIR_COLORS.xterm +Source103: coreutils-DIR_COLORS.256color Source105: coreutils-colorls.sh Source106: coreutils-colorls.csh Source200: coreutils-su.pamd @@ -17,14 +18,10 @@ Source202: coreutils-su-l.pamd Source203: coreutils-runuser-l.pamd # From upstream -Patch1: coreutils-futimens.patch -Patch2: coreutils-ls-x.patch -Patch3: coreutils-6.9-cp-i-u.patch -Patch4: coreutils-6.9-du-ls-upstream.patch # Our patches Patch100: coreutils-chgrp.patch -Patch101: coreutils-getdateYYYYMMDD.patch +Patch101: coreutils-6.10-configuration.patch # sh-utils Patch703: sh-utils-2.0.11-dateman.patch @@ -46,17 +43,18 @@ Patch912: coreutils-overflow.patch Patch915: coreutils-split-pam.patch Patch916: coreutils-getfacl-exit-code.patch -#SELINUX Patch +#SELINUX Patch - implements Redhat changes +#(upstream did some SELinux implementation unlike with RedHat patch) Patch950: coreutils-selinux.patch -#SELINUX Patch fix to allow cp -a rewrite file on different filesystem -Patch951: coreutils-6.9-requiresecuritycontext.patch -Patch952: coreutils-6.9-statsecuritycontext.patch BuildRequires: libselinux-devel >= 1.25.6-1 BuildRequires: libacl-devel BuildRequires: gettext bison BuildRequires: texinfo >= 4.3 -BuildRequires: autoconf >= 2.58, automake >= 1.8 +BuildRequires: lzma +BuildRequires: autoconf >= 2.58 +#dist-lzma required +BuildRequires: automake >= 1.10.1 %{?!nopam:BuildRequires: pam-devel} Requires(post): libselinux >= 1.25.6-1 @@ -73,11 +71,12 @@ Provides: fileutils = %{version}-%{release} Provides: sh-utils = %{version}-%{release} Provides: stat = %{version}-%{release} Provides: textutils = %{version}-%{release} +Obsoletes: mktemp +Provides: mktemp = %{version}-%{release} Obsoletes: fileutils <= 4.1.9 Obsoletes: sh-utils <= 2.0.12 Obsoletes: stat <= 3.3 Obsoletes: textutils <= 2.0.21 - # readlink(1) moved here from tetex. Conflicts: tetex < 1.0.7-66 @@ -86,17 +85,17 @@ These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages. %prep -%setup -q +#do not unpack in setup because of lzma is not yet supported in setup macro +%setup -q -c -T +cd .. +lzma -dc %SOURCE0 | tar xf - +cd %name-%version # From upstream -%patch1 -p1 -b .futimens -%patch2 -p1 -b .ls-x -%patch3 -p1 -b .cp-i-u -%patch4 -p1 -b .du-ls # Our patches %patch100 -p1 -b .chgrp -%patch101 -p1 -b .getdate +%patch101 -p1 -b .configure # sh-utils %patch703 -p1 -b .dateman @@ -118,15 +117,8 @@ the old GNU fileutils, sh-utils, and textutils packages. #SELinux %patch950 -p1 -b .selinux -%patch951 -p1 -b .require-preserve -%patch952 -p1 -b .statsecuritycontext - -# Don't run basic-1 test, since it breaks when run in the background -# (bug #102033). -sed -i -e 's/basic-1//g' tests/stty/Makefile* chmod a+x tests/sort/sort-mb-tests -chmod a+x tests/ls/x-option %build %ifarch s390 s390x @@ -142,6 +134,7 @@ autoconf --force automake --copy --add-missing %configure --enable-largefile --with-afs %{?!nopam:--enable-pam} \ --enable-selinux \ + --enable-install-program=su,hostname \ DEFAULT_POSIX2_VERSION=200112 alternative=199209 || : make all %{?_smp_mflags} \ %{?!nopam:CPPFLAGS="-DUSE_PAM"} \ @@ -173,7 +166,7 @@ bzip2 -9f ChangeLog # let be compatible with old fileutils, sh-utils and textutils packages : mkdir -p $RPM_BUILD_ROOT{/bin,%_bindir,%_sbindir,/sbin} %{?!nopam:mkdir -p $RPM_BUILD_ROOT%_sysconfdir/pam.d} -for f in basename cat chgrp chmod chown cp cut date dd df echo env false link ln ls mkdir mknod mv nice pwd rm rmdir sleep sort stty sync touch true uname unlink +for f in basename cat chgrp chmod chown cp cut date dd df echo env false link ln ls mkdir mknod mktemp mv nice pwd rm rmdir sleep sort stty sync touch true uname unlink do mv $RPM_BUILD_ROOT{%_bindir,/bin}/$f done @@ -186,6 +179,7 @@ for i in env cut; do ln -sf ../../bin/$i $RPM_BUILD_ROOT/usr/bin; done mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/profile.d install -p -c -m644 %SOURCE101 $RPM_BUILD_ROOT%{_sysconfdir}/DIR_COLORS install -p -c -m644 %SOURCE102 $RPM_BUILD_ROOT%{_sysconfdir}/DIR_COLORS.xterm +install -p -c -m644 %SOURCE103 $RPM_BUILD_ROOT%{_sysconfdir}/DIR_COLORS.256color install -p -c -m644 %SOURCE105 $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/colorls.sh install -p -c -m644 %SOURCE106 $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/colorls.csh @@ -280,6 +274,7 @@ fi /bin/stty %attr(4755,root,root) /bin/su /bin/sync +/bin/mktemp /bin/touch /bin/true /bin/uname @@ -291,6 +286,23 @@ fi /sbin/runuser %changelog +* Fri Jan 25 2008 Ondrej Vasik - 6.10-1 +- New upstream release(changed %%prep because of lack of lzma + support in %%setup macro) +- License GPLv3+ +- removed patches cp-i-u,du-ls-upstream,statsecuritycontext, + futimens,getdateYYYYMMDD,ls-x +- modified patches to be compilable after upstream changes +- selinux patch reworked to have backward compatibility with + F8(cp,ls and stat behaviour differ from upstream in SELinux + options) +- su-l/runuser-l pam file usage a bit documented(#368721) +- more TERMs for DIR_COLORS, added colors for audio files, + more image/compress file types(taken from upstream + dircolors.hin) +- new file DIR_COLORS.256color which takes advantage from + 256color term types-not really used yet(#429121) + * Wed Jan 16 2008 Ondrej Vasik - 6.9-17 - added several missing colored TERMs(including rxvt-unicode, screen-256color and xterm-256color) to DIR_COLORS and