diff --git a/coreutils-selinux.patch b/coreutils-selinux.patch new file mode 100644 index 0000000..fca5753 --- /dev/null +++ b/coreutils-selinux.patch @@ -0,0 +1,2552 @@ +--- /dev/null 2003-09-15 09:40:47.000000000 -0400 ++++ coreutils-5.0/src/chcon.c 2003-12-12 13:03:00.709576564 -0500 +@@ -0,0 +1,415 @@ ++/* chcontext -- change security context of a pathname */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "system.h" ++#include "error.h" ++#include "savedir.h" ++#include "group-member.h" ++ ++enum Change_status ++{ ++ CH_SUCCEEDED, ++ CH_FAILED, ++ CH_NO_CHANGE_REQUESTED ++}; ++ ++enum Verbosity ++{ ++ /* Print a message for each file that is processed. */ ++ V_high, ++ ++ /* Print a message for each file whose attributes we change. */ ++ V_changes_only, ++ ++ /* Do not be verbose. This is the default. */ ++ V_off ++}; ++ ++static int change_dir_context PARAMS ((const char *dir, const struct stat *statp)); ++ ++/* The name the program was run with. */ ++char *program_name; ++ ++/* If nonzero, and the systems has support for it, change the context ++ of symbolic links rather than any files they point to. */ ++static int change_symlinks; ++ ++/* If nonzero, change the context of directories recursively. */ ++static int recurse; ++ ++/* If nonzero, force silence (no error messages). */ ++static int force_silent; ++ ++/* Level of verbosity. */ ++static enum Verbosity verbosity = V_off; ++ ++/* The name of the context file is being given. */ ++static const char *specified_context; ++ ++/* Specific components of the context */ ++static const char *specified_user; ++static const char *specified_role; ++static const char *specified_range; ++static const char *specified_type; ++ ++/* The argument to the --reference option. Use the context of this file. ++ This file must exist. */ ++static char *reference_file; ++ ++/* If nonzero, display usage information and exit. */ ++static int show_help; ++ ++/* If nonzero, print the version on standard output and exit. */ ++static int show_version; ++ ++static struct option const long_options[] = ++{ ++ {"recursive", no_argument, 0, 'R'}, ++ {"changes", no_argument, 0, 'c'}, ++ {"no-dereference", no_argument, 0, 'h'}, ++ {"silent", no_argument, 0, 'f'}, ++ {"quiet", no_argument, 0, 'f'}, ++ {"reference", required_argument, 0, CHAR_MAX + 1}, ++ {"context", required_argument, 0, CHAR_MAX + 2}, ++ {"user", required_argument, 0, 'u'}, ++ {"role", required_argument, 0, 'r'}, ++ {"type", required_argument, 0, 't'}, ++ {"range", required_argument, 0, 'l'}, ++ {"verbose", no_argument, 0, 'v'}, ++ {"help", no_argument, &show_help, 1}, ++ {"version", no_argument, &show_version, 1}, ++ {0, 0, 0, 0} ++}; ++ ++/* Tell the user how/if the context of FILE has been changed. ++ CHANGED describes what (if anything) has happened. */ ++ ++static void ++describe_change (const char *file, security_context_t newcontext, enum Change_status changed) ++{ ++ const char *fmt; ++ switch (changed) ++ { ++ case CH_SUCCEEDED: ++ fmt = _("context of %s changed to %s\n"); ++ break; ++ case CH_FAILED: ++ fmt = _("failed to change context of %s to %s\n"); ++ break; ++ case CH_NO_CHANGE_REQUESTED: ++ fmt = _("context of %s retained as %s\n"); ++ break; ++ default: ++ abort (); ++ } ++ printf (fmt, file, newcontext); ++} ++ ++static int ++compute_context_from_mask (security_context_t context, context_t *ret) ++{ ++ context_t newcontext = context_new (context); ++ if (!newcontext) ++ return 1; ++#define SETCOMPONENT(comp) \ ++ do { \ ++ if (specified_ ## comp) \ ++ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \ ++ goto lose; \ ++ } while (0) ++ ++ SETCOMPONENT(user); ++ SETCOMPONENT(range); ++ SETCOMPONENT(role); ++ SETCOMPONENT(type); ++#undef SETCOMPONENT ++ ++ *ret = newcontext; ++ return 0; ++ lose: ++ context_free (newcontext); ++ return 1; ++} ++ ++/* Change the context of FILE, using specified components. ++ If it is a directory and -R is given, recurse. ++ Return 0 if successful, 1 if errors occurred. */ ++ ++static int ++change_file_context (const char *file) ++{ ++ struct stat file_stats; ++ security_context_t file_context=NULL; ++ context_t context; ++ security_context_t context_string; ++ int errors = 0; ++ ++ if ((lgetfilecon(file, &file_context)<0) && (errno != ENODATA)) ++ { ++ if (force_silent == 0) ++ error (0, errno, "%s", file); ++ return 1; ++ } ++ ++ /* If the file doesn't have a context, and we're not setting all of ++ the context components, there isn't really an obvious default. ++ Thus, we just give up. */ ++ if (file_context == NULL && specified_context == NULL) ++ { ++ error (0, 0, _("can't apply partial context to unlabeled file %s"), file); ++ return 1; ++ } ++ ++ if (specified_context == NULL) ++ { ++ if (compute_context_from_mask (file_context, &context)) ++ { ++ error (0, 0, _("couldn't compute security context from %s"), file_context); ++ return 1; ++ } ++ } ++ else ++ { ++ context = context_new (specified_context); ++ if (!context) ++ error (1, 0,_("invalid context: %s"),specified_context); ++ } ++ ++ context_string = context_str (context); ++ ++ if (strcmp(context_string,file_context)!=0) ++ { ++ int fail; ++ ++ if (change_symlinks) ++ fail = lsetfilecon (file, context_string); ++ else ++ fail = setfilecon (file, context_string); ++ ++ if (verbosity == V_high || (verbosity == V_changes_only && !fail)) ++ describe_change (file, context_string, (fail ? CH_FAILED : CH_SUCCEEDED)); ++ ++ if (fail) ++ { ++ errors = 1; ++ if (force_silent == 0) ++ { ++ error (0, errno, _("failed to change context of %s to %s"), file, context_string); ++ } ++ } ++ } ++ else if (verbosity == V_high) ++ { ++ describe_change (file, context_string, CH_NO_CHANGE_REQUESTED); ++ } ++ ++ context_free(context); ++ freecon(file_context); ++ ++ if (recurse) { ++ if (lstat(file, &file_stats)==0) ++ if (S_ISDIR (file_stats.st_mode)) ++ errors |= change_dir_context (file, &file_stats); ++ } ++ return errors; ++} ++ ++/* Recursively change context of the files in directory DIR ++ using specified context components. ++ STATP points to the results of lstat on DIR. ++ Return 0 if successful, 1 if errors occurred. */ ++ ++static int ++change_dir_context (const char *dir, const struct stat *statp) ++{ ++ char *name_space, *namep; ++ char *path; /* Full path of each entry to process. */ ++ unsigned dirlength; /* Length of `dir' and '\0'. */ ++ unsigned filelength; /* Length of each pathname to process. */ ++ unsigned pathlength; /* Bytes allocated for `path'. */ ++ int errors = 0; ++ ++ errno = 0; ++ name_space = savedir (dir); ++ if (name_space == NULL) ++ { ++ if (errno) ++ { ++ if (force_silent == 0) ++ error (0, errno, "%s", dir); ++ return 1; ++ } ++ else ++ error (1, 0, _("virtual memory exhausted")); ++ } ++ ++ dirlength = strlen (dir) + 1; /* + 1 is for the trailing '/'. */ ++ pathlength = dirlength + 1; ++ /* Give `path' a dummy value; it will be reallocated before first use. */ ++ path = xmalloc (pathlength); ++ strcpy (path, dir); ++ path[dirlength - 1] = '/'; ++ ++ for (namep = name_space; *namep; namep += filelength - dirlength) ++ { ++ filelength = dirlength + strlen (namep) + 1; ++ if (filelength > pathlength) ++ { ++ pathlength = filelength * 2; ++ path = xrealloc (path, pathlength); ++ } ++ strcpy (path + dirlength, namep); ++ errors |= change_file_context (path); ++ } ++ free (path); ++ free (name_space); ++ return errors; ++} ++ ++static void ++usage (int status) ++{ ++ if (status != 0) ++ fprintf (stderr, _("Try `%s --help' for more information.\n"), ++ program_name); ++ else ++ { ++ printf (_("\ ++Usage: %s [OPTION]... CONTEXT FILE...\n\ ++ or: %s [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...\n\ ++ or: %s [OPTION]... --reference=RFILE FILE...\n\ ++"), ++ program_name, program_name, program_name); ++ printf (_("\ ++Change the security context of each FILE to CONTEXT.\n\ ++\n\ ++ -c, --changes like verbose but report only when a change is made\n\ ++ -h, --no-dereference affect symbolic links instead of any referenced file\n\ ++ (available only on systems with lchown system call)\n\ ++ -f, --silent, --quiet suppress most error messages\n\ ++ --reference=RFILE use RFILE's group instead of using a CONTEXT value\n\ ++ -u, --user=USER set user USER in the target security context\n\ ++ -r, --role=ROLE set role ROLE in the target security context\n\ ++ -t, --type=TYPE set type TYPE in the target security context\n\ ++ -l, --range=RANGE set range RANGE in the target security context\n\ ++ -R, --recursive change files and directories recursively\n\ ++ -v, --verbose output a diagnostic for every file processed\n\ ++ --help display this help and exit\n\ ++ --version output version information and exit\n\ ++")); ++ close_stdout (); ++ } ++ exit (status); ++} ++ ++int ++main (int argc, char **argv) ++{ ++ security_context_t ref_context = NULL; ++ int errors = 0; ++ int optc; ++ int component_specified = 0; ++ ++ program_name = argv[0]; ++ setlocale (LC_ALL, ""); ++ bindtextdomain (PACKAGE, LOCALEDIR); ++ textdomain (PACKAGE); ++ ++ recurse = force_silent = 0; ++ ++ while ((optc = getopt_long (argc, argv, "Rcfhvu:r:t:l:", long_options, NULL)) != -1) ++ { ++ switch (optc) ++ { ++ case 0: ++ break; ++ case 'u': ++ specified_user = optarg; ++ component_specified = 1; ++ break; ++ case 'r': ++ specified_role = optarg; ++ component_specified = 1; ++ break; ++ case 't': ++ specified_type = optarg; ++ component_specified = 1; ++ break; ++ case 'l': ++ specified_range = optarg; ++ component_specified = 1; ++ break; ++ case CHAR_MAX + 1: ++ reference_file = optarg; ++ break; ++ case 'R': ++ recurse = 1; ++ break; ++ case 'c': ++ verbosity = V_changes_only; ++ break; ++ case 'f': ++ force_silent = 1; ++ break; ++ case 'h': ++ change_symlinks = 1; ++ break; ++ case 'v': ++ verbosity = V_high; ++ break; ++ default: ++ usage (1); ++ } ++ } ++ ++ if (show_version) ++ { ++ printf ("chcon (%s) %s\n", GNU_PACKAGE, VERSION); ++ close_stdout (); ++ exit (0); ++ } ++ ++ if (show_help) ++ usage (0); ++ ++ ++ if (reference_file && component_specified) ++ { ++ error (0, 0, _("conflicting security context specifiers given")); ++ usage (1); ++ } ++ ++ if (!(((reference_file || component_specified) ++ && (argc - optind > 0)) ++ || (argc - optind > 1))) ++ { ++ error (0, 0, _("too few arguments")); ++ usage (1); ++ } ++ ++ if (reference_file) ++ { ++ if (getfilecon (reference_file, &ref_context)<0) ++ error (1, errno, "%s", reference_file); ++ ++ specified_context = ref_context; ++ } ++ else if (!component_specified) { ++ specified_context = argv[optind++]; ++ } ++ for (; optind < argc; ++optind) ++ errors |= change_file_context (argv[optind]); ++ ++ if (verbosity != V_off) ++ close_stdout (); ++ if (ref_context != NULL) ++ freecon(ref_context); ++ exit (errors); ++} +--- coreutils-5.0/src/copy.c.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/src/copy.c 2003-12-09 20:45:30.000000000 -0500 +@@ -46,6 +46,11 @@ + #include "same.h" + #include "xreadlink.h" + ++#ifdef WITH_SELINUX ++#include /* for is_selinux_enabled() */ ++extern int selinux_enabled; ++#endif ++ + #define DO_CHOWN(Chown, File, New_uid, New_gid) \ + (Chown (File, New_uid, New_gid) \ + /* If non-root uses -p, it's ok if we can't preserve ownership. \ +@@ -1233,6 +1238,32 @@ + In such cases, set this variable to zero. */ + preserve_metadata = 1; + ++#ifdef WITH_SELINUX ++ if (x->preserve_security_context && selinux_enabled) ++ { ++ security_context_t con; ++ ++ if (lgetfilecon (src_path, &con) >= 0) ++ { ++ if (setfscreatecon(con) < 0) ++ { ++ freecon(con); ++ error (0, errno, _("cannot set setfscreatecon %s"), quote (con)); ++ return 1; ++ } ++ freecon(con); ++ } ++ else { ++ if ( errno == ENOTSUP ) { ++ error (0, errno, _("warning: security context not preserved %s"), quote (src_path)); ++ } else { ++ error (0, errno, _("cannot lgetfilecon %s"), quote (src_path)); ++ return 1; ++ } ++ } ++ } ++#endif ++ + if (S_ISDIR (src_mode)) + { + struct dir_list *dir; +@@ -1302,8 +1333,13 @@ + } + + /* Are we crossing a file system boundary? */ +- if (x->one_file_system && device != 0 && device != src_sb.st_dev) ++ if (x->one_file_system && device != 0 && device != src_sb.st_dev) { ++#ifdef WITH_SELINUX ++ if (x->preserve_security_context && selinux_enabled) ++ setfscreatecon(NULL); ++#endif + return 0; ++ } + + /* Copy the contents of the directory. */ + +@@ -1442,6 +1478,11 @@ + } + } + ++#ifdef WITH_SELINUX ++ if (x->preserve_security_context && selinux_enabled) ++ setfscreatecon(NULL); ++#endif ++ + /* There's no need to preserve timestamps or permissions. */ + preserve_metadata = 0; + +@@ -1474,7 +1515,7 @@ + if (command_line_arg) + record_file (x->dest_info, dst_path, NULL); + +- if ( ! preserve_metadata) ++ if ( ! preserve_metadata) + return 0; + + /* POSIX says that `cp -p' must restore the following: +@@ -1576,6 +1617,11 @@ + + un_backup: + ++#ifdef WITH_SELINUX ++ if (x->preserve_security_context && selinux_enabled) ++ setfscreatecon(NULL); ++#endif ++ + /* We have failed to create the destination file. + If we've just added a dev/ino entry via the remember_copied + call above (i.e., unless we've just failed to create a hard link), +--- coreutils-5.0/src/copy.h.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/src/copy.h 2003-12-09 20:44:57.000000000 -0500 +@@ -105,6 +105,9 @@ + int preserve_ownership; + int preserve_mode; + int preserve_timestamps; ++#ifdef WITH_SELINUX ++ int preserve_security_context; ++#endif + + /* Enabled for mv, and for cp by the --preserve=links option. + If nonzero, attempt to preserve in the destination files any +--- coreutils-5.0/src/cp.c.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/src/cp.c 2003-12-09 20:44:57.000000000 -0500 +@@ -52,6 +52,11 @@ + + #define AUTHORS N_ ("Torbjorn Granlund, David MacKenzie, and Jim Meyering") + ++#ifdef WITH_SELINUX ++#include /* for is_selinux_enabled() */ ++int selinux_enabled=0; ++#endif ++ + #ifndef _POSIX_VERSION + uid_t geteuid (); + #endif +@@ -149,6 +154,9 @@ + {"update", no_argument, NULL, 'u'}, + {"verbose", no_argument, NULL, 'v'}, + {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */ ++#ifdef WITH_SELINUX ++ {"context", required_argument, NULL, 'Z'}, ++#endif + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, + {NULL, 0, NULL, 0} +@@ -198,6 +206,9 @@ + additional attributes: links, all\n\ + "), stdout); + fputs (_("\ ++ -c same as --preserve=context\n\ ++"), stdout); ++ fputs (_("\ + --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ + --parents append source path to DIRECTORY\n\ + -P same as `--no-dereference'\n\ +@@ -225,6 +236,7 @@ + destination file is missing\n\ + -v, --verbose explain what is being done\n\ + -x, --one-file-system stay on this file system\n\ ++ -Z, --context=CONTEXT set security context of copy to CONTEXT\n\ + "), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); + fputs (VERSION_OPTION_DESCRIPTION, stdout); +@@ -756,8 +768,8 @@ + { + new_dest = (char *) dest; + } +- +- return copy (source, new_dest, new_dst, x, &unused, NULL); ++ ret=copy (source, new_dest, new_dst, x, &unused, NULL); ++ return ret; + } + + /* unreachable */ +@@ -781,6 +793,10 @@ + x->preserve_mode = 0; + x->preserve_timestamps = 0; + ++#ifdef WITH_SELINUX ++ x->preserve_security_context = 0; ++#endif ++ + x->require_preserve = 0; + x->recursive = 0; + x->sparse_mode = SPARSE_AUTO; +@@ -808,19 +824,20 @@ + PRESERVE_TIMESTAMPS, + PRESERVE_OWNERSHIP, + PRESERVE_LINK, ++ PRESERVE_CONTEXT, + PRESERVE_ALL + }; + static enum File_attribute const preserve_vals[] = + { + PRESERVE_MODE, PRESERVE_TIMESTAMPS, +- PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_ALL ++ PRESERVE_OWNERSHIP, PRESERVE_LINK, PRESERVE_CONTEXT, PRESERVE_ALL + }; + + /* Valid arguments to the `--preserve' option. */ + static char const* const preserve_args[] = + { + "mode", "timestamps", +- "ownership", "links", "all", 0 ++ "ownership", "links", "context", "all", 0 + }; + + char *arg_writable = xstrdup (arg); +@@ -855,11 +872,16 @@ + x->preserve_links = on_off; + break; + ++ case PRESERVE_CONTEXT: ++ x->preserve_security_context = on_off; ++ break; ++ + case PRESERVE_ALL: + x->preserve_mode = on_off; + x->preserve_timestamps = on_off; + x->preserve_ownership = on_off; + x->preserve_links = on_off; ++ x->preserve_security_context = on_off; + break; + + default: +@@ -882,6 +904,10 @@ + struct cp_options x; + int copy_contents = 0; + char *target_directory = NULL; ++#ifdef WITH_SELINUX ++ security_context_t scontext = NULL; ++ selinux_enabled= (is_selinux_enabled()>0); ++#endif + + program_name = argv[0]; + setlocale (LC_ALL, ""); +@@ -896,7 +922,11 @@ + we'll actually use backup_suffix_string. */ + backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); + ++#ifdef WITH_SELINUX ++ while ((c = getopt_long (argc, argv, "abcdfHilLprsuvxPRS:V:Z:", long_opts, NULL)) ++#else + while ((c = getopt_long (argc, argv, "abdfHilLprsuvxPRS:V:", long_opts, NULL)) ++#endif + != -1) + { + switch (c) +@@ -988,6 +1018,36 @@ + x.preserve_timestamps = 1; + x.require_preserve = 1; + break; ++#ifdef WITH_SELINUX ++ case 'c': ++ if ( scontext != NULL ) { ++ (void) fprintf(stderr, "%s: cannot force target context <-- %s and preserve it\n", argv[0], scontext); ++ exit( 1 ); ++ } ++ else if (selinux_enabled) ++ x.preserve_security_context = 1; ++ break; ++ ++ case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !selinux_enabled ) { ++ fprintf( stderr, "Warning: ignoring --context (-Z). " ++ "It requires a SELinux enabled kernel.\n" ); ++ break; ++ } ++ if ( x.preserve_security_context ) { ++ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg); ++ exit( 1 ); ++ } ++ scontext = optarg; ++ /* if there's a security_context given set new path ++ components to that context, too */ ++ if ( setfscreatecon(scontext) < 0 ) { ++ (void) fprintf(stderr, _("cannot set default security context %s"), scontext); ++ exit( 1 ); ++ } ++ break; ++#endif + + case PARENTS_OPTION: + flag_path = 1; +--- coreutils-5.0/src/id.c.selinux 2003-03-27 17:39:46.000000000 -0500 ++++ coreutils-5.0/src/id.c 2003-12-09 20:44:57.000000000 -0500 +@@ -46,6 +46,20 @@ + + int getugroups (); + ++#ifdef WITH_SELINUX ++#include ++static void print_context PARAMS ((char* context)); ++/* Print the SELinux context */ ++static void ++print_context(char *context) ++{ ++ printf ("%s", context); ++} ++ ++/* If nonzero, output only the SELinux context. -Z */ ++static int just_context = 0; ++ ++#endif + static void print_user (uid_t uid); + static void print_group (gid_t gid); + static void print_group_list (const char *username); +@@ -64,8 +78,14 @@ + /* The number of errors encountered so far. */ + static int problems = 0; + ++/* The SELinux context */ ++/* Set `context' to a known invalid value so print_full_info() will * ++ * know when `context' has not been set to a meaningful value. */ ++static security_context_t context=NULL; ++ + static struct option const longopts[] = + { ++ {"context", no_argument, NULL, 'Z'}, + {"group", no_argument, NULL, 'g'}, + {"groups", no_argument, NULL, 'G'}, + {"name", no_argument, NULL, 'n'}, +@@ -89,6 +109,7 @@ + Print information for USERNAME, or the current user.\n\ + \n\ + -a ignore, for compatibility with other versions\n\ ++ -Z, --context print only the context\n\ + -g, --group print only the effective group ID\n\ + -G, --groups print all group IDs\n\ + -n, --name print a name instead of a number, for -ugG\n\ +@@ -110,6 +131,7 @@ + main (int argc, char **argv) + { + int optc; ++ int selinux_enabled=(is_selinux_enabled()>0); + + /* If nonzero, output the list of all group IDs. -G */ + int just_group_list = 0; +@@ -127,7 +149,7 @@ + + atexit (close_stdout); + +- while ((optc = getopt_long (argc, argv, "agnruG", longopts, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "agnruGZ", longopts, NULL)) != -1) + { + switch (optc) + { +@@ -136,6 +158,17 @@ + case 'a': + /* Ignore -a, for compatibility with SVR4. */ + break; ++#ifdef WITH_SELINUX ++ case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !selinux_enabled ) { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " ++ "a selinux-enabled kernel.\n" ); ++ exit( 1 ); ++ } ++ just_context = 1; ++ break; ++#endif + case 'g': + just_group = 1; + break; +@@ -158,8 +191,28 @@ + } + } + +- if (just_user + just_group + just_group_list > 1) +- error (EXIT_FAILURE, 0, _("cannot print only user and only group")); ++#ifdef WITH_SELINUX ++ if (argc - optind == 1) ++ selinux_enabled = 0; ++ ++ if( just_context && !selinux_enabled) ++ error (1, 0, _("\ ++cannot display context when selinux not enabled or when displaying the id\n\ ++of a different user")); ++ ++ /* If we are on a selinux-enabled kernel, get our context. * ++ * Otherwise, leave the context variable alone - it has * ++ * been initialized known invalid value; if we see this invalid * ++ * value later, we will know we are on a non-selinux kernel. */ ++ if( selinux_enabled ) ++ { ++ if (getcon(&context)) ++ error (1, 0, "can't get process context"); ++ } ++#endif ++ ++ if (just_user + just_group + just_group_list + just_context > 1) ++ error (EXIT_FAILURE, 0, _("cannot print \"only\" of more than one choice")); + + if (just_user + just_group + just_group_list == 0 && (use_real || use_name)) + error (EXIT_FAILURE, 0, +@@ -190,6 +243,10 @@ + print_group (use_real ? rgid : egid); + else if (just_group_list) + print_group_list (argv[optind]); ++#ifdef WITH_SELINUX ++ else if (just_context) ++ print_context (context); ++#endif + else + print_full_info (argv[optind]); + putchar ('\n'); +@@ -397,4 +454,9 @@ + free (groups); + } + #endif /* HAVE_GETGROUPS */ ++#ifdef WITH_SELINUX ++ if ( context != NULL ) { ++ printf(" context=%s",context); ++ } ++#endif + } +--- coreutils-5.0/src/install.c.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/src/install.c 2003-12-09 20:44:57.000000000 -0500 +@@ -50,6 +50,11 @@ + # include + #endif + ++#ifdef WITH_SELINUX ++#include /* for is_selinux_enabled() */ ++int selinux_enabled=0; ++#endif ++ + struct passwd *getpwnam (); + struct group *getgrnam (); + +@@ -126,11 +131,17 @@ + static struct option const long_options[] = + { + {"backup", optional_argument, NULL, 'b'}, ++#ifdef WITH_SELINUX ++ {"context", required_argument, NULL, 'Z'}, ++#endif + {"directory", no_argument, NULL, 'd'}, + {"group", required_argument, NULL, 'g'}, + {"mode", required_argument, NULL, 'm'}, + {"owner", required_argument, NULL, 'o'}, + {"preserve-timestamps", no_argument, NULL, 'p'}, ++#ifdef WITH_SELINUX ++ {"preserve_context", no_argument, NULL, 'P'}, ++#endif + {"strip", no_argument, NULL, 's'}, + {"suffix", required_argument, NULL, 'S'}, + {"version-control", required_argument, NULL, 'V'}, /* Deprecated. FIXME. */ +@@ -247,6 +258,9 @@ + + x->update = 0; + x->verbose = 0; ++#ifdef WITH_SELINUX ++ x->preserve_security_context = 0; ++#endif + x->xstat = stat; + x->dest_info = NULL; + x->src_info = NULL; +@@ -265,6 +279,11 @@ + struct cp_options x; + int n_files; + char **file; ++#ifdef WITH_SELINUX ++ security_context_t scontext = NULL; ++ /* set iff kernel has extra selinux system calls */ ++ selinux_enabled = (is_selinux_enabled()>0); ++#endif + + program_name = argv[0]; + setlocale (LC_ALL, ""); +@@ -285,7 +304,11 @@ + we'll actually use backup_suffix_string. */ + backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); + ++#ifdef WITH_SELINUX ++ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPvV:S:Z:", long_options, ++#else + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pvV:S:", long_options, ++#endif + NULL)) != -1) + { + switch (optc) +@@ -338,6 +361,39 @@ + make_backups = 1; + backup_suffix_string = optarg; + break; ++#ifdef WITH_SELINUX ++ case 'P': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !selinux_enabled ) { ++ fprintf( stderr, "Warning: ignoring --preserve_context (-P) " ++ "because the kernel is not selinux-enabled.\n" ); ++ break; ++ } ++ if ( scontext!=NULL ) { /* scontext could be NULL because of calloc() failure */ ++ (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], scontext); ++ exit( 1 ); ++ } ++ x.preserve_security_context = 1; ++ break ; ++ case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !selinux_enabled) { ++ fprintf( stderr, "Warning: ignoring --context (-Z) " ++ "because the kernel is not selinux-enabled.\n" ); ++ break; ++ } ++ if ( x.preserve_security_context ) { ++ ++ (void) fprintf(stderr, "%s: cannot force target context == '%s' and preserve it\n", argv[0], optarg); ++ exit( 1 ); ++ } ++ scontext = optarg; ++ if (setfscreatecon(scontext)) { ++ (void) fprintf(stderr, "%s: cannot setup default context == '%s'\n", argv[0], scontext); ++ exit(1); ++ } ++ break; ++#endif + case_GETOPT_HELP_CHAR; + case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + default: +@@ -721,6 +777,11 @@ + -S, --suffix=SUFFIX override the usual backup suffix\n\ + -v, --verbose print the name of each directory as it is created\n\ + "), stdout); ++ fputs (_("\ ++ -P, --preserve_context (SELinux) Preserve security context\n\ ++ -Z, --context=CONTEXT (SELinux) Set security context of files and directories\n\ ++"), stdout); ++ + fputs (HELP_OPTION_DESCRIPTION, stdout); + fputs (VERSION_OPTION_DESCRIPTION, stdout); + fputs (_("\ +--- coreutils-5.0/src/ls.c.selinux 2003-12-09 20:44:57.000000000 -0500 ++++ coreutils-5.0/src/ls.c 2003-12-09 20:44:57.000000000 -0500 +@@ -132,6 +132,18 @@ + + #define AUTHORS N_ ("Richard Stallman and David MacKenzie") + ++#ifdef WITH_SELINUX ++#include ++int selinux_enabled= 0; ++static int print_scontext = 0; ++#define check_selinux() if (!selinux_enabled) { \ ++ fprintf( stderr, "Sorry, this option can only be used " \ ++ "on a SELinux kernel.\n" ); \ ++ exit( EXIT_FAILURE ); \ ++} ++ ++#endif ++ + #define obstack_chunk_alloc malloc + #define obstack_chunk_free free + +@@ -209,6 +221,10 @@ + /* For long listings, true if the file has an access control list. */ + bool have_acl; + #endif ++ ++#ifdef WITH_SELINUX ++ security_context_t scontext; ++#endif + }; + + #if HAVE_ACL || USE_ACL +@@ -274,6 +290,9 @@ + static void sort_files (void); + static void parse_ls_color (void); + void usage (int status); ++#ifdef WITH_SELINUX ++static void print_scontext_format PARAMS ((const struct fileinfo *f)); ++#endif + + /* The name the program was run with, stripped of any leading path. */ + char *program_name; +@@ -372,7 +391,10 @@ + one_per_line, /* -1 */ + many_per_line, /* -C */ + horizontal, /* -x */ +- with_commas /* -m */ ++#ifdef WITH_SELINUX ++ security_format, /* -Z */ ++#endif ++ with_commas /* -m */ + }; + + static enum format format; +@@ -697,6 +719,11 @@ + SHOW_CONTROL_CHARS_OPTION, + SI_OPTION, + SORT_OPTION, ++#ifdef WITH_SELINUX ++ CONTEXT_OPTION, ++ LCONTEXT_OPTION, ++ SCONTEXT_OPTION, ++#endif + TIME_OPTION, + TIME_STYLE_OPTION + }; +@@ -740,6 +767,11 @@ + {"time-style", required_argument, 0, TIME_STYLE_OPTION}, + {"color", optional_argument, 0, COLOR_OPTION}, + {"block-size", required_argument, 0, BLOCK_SIZE_OPTION}, ++#ifdef WITH_SELINUX ++ {"context", no_argument, 0, CONTEXT_OPTION}, ++ {"lcontext", no_argument, 0, LCONTEXT_OPTION}, ++ {"scontext", no_argument, 0, SCONTEXT_OPTION}, ++#endif + {"author", no_argument, 0, AUTHOR_OPTION}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +@@ -749,12 +781,19 @@ + static char const *const format_args[] = + { + "verbose", "long", "commas", "horizontal", "across", +- "vertical", "single-column", 0 ++ "vertical", "single-column", ++#ifdef WITH_SELINUX ++ "context", ++#endif ++ 0 + }; + + static enum format const format_types[] = + { + long_format, long_format, with_commas, horizontal, horizontal, ++#ifdef WITH_SELINUX ++ security_format, ++#endif + many_per_line, one_per_line + }; + +@@ -1138,6 +1177,9 @@ + + format_needs_stat = sort_type == sort_time || sort_type == sort_size + || format == long_format ++#ifdef WITH_SELINUX ++ || format == security_format || print_scontext ++#endif + || dereference == DEREF_ALWAYS + || print_block_size || print_inode; + format_needs_type = (format_needs_stat == 0 +@@ -1260,6 +1302,11 @@ + /* Record whether there is an option specifying sort type. */ + int sort_type_specified = 0; + ++#ifdef WITH_SELINUX ++ /* 1 iff kernel has new selinux system calls */ ++ selinux_enabled= (is_selinux_enabled()>0); ++#endif ++ + qmark_funny_chars = 0; + + /* initialize all switches to default settings */ +@@ -1310,6 +1357,9 @@ + all_files = 0; + really_all_files = 0; + ignore_patterns = 0; ++#ifdef WITH_SELINUX ++ print_scontext = 0; ++#endif + + /* FIXME: put this in a function. */ + { +@@ -1387,7 +1437,7 @@ + } + + while ((c = getopt_long (argc, argv, +- "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1", ++ "abcdfghiklmnopqrstuvw:xABCDFGHI:LNQRST:UX1Z", + long_options, NULL)) != -1) + { + switch (c) +@@ -1507,6 +1557,13 @@ + format = horizontal; + break; + ++#ifdef WITH_SELINUX ++ case 'Z': ++ check_selinux(); ++ print_scontext = 1; ++ format = security_format; ++ break; ++#endif + case 'A': + really_all_files = 0; + all_files = 1; +@@ -1676,6 +1733,25 @@ + + case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + ++#ifdef WITH_SELINUX ++ ++ case CONTEXT_OPTION: /* new security format */ ++ check_selinux(); ++ print_scontext = 1; ++ format = security_format; ++ break; ++ case LCONTEXT_OPTION: /* long format plus security context */ ++ check_selinux(); ++ print_scontext = 1; ++ format = long_format; ++ break; ++ case SCONTEXT_OPTION: /* short form of new security format */ ++ check_selinux(); ++ print_scontext = 0; ++ format = security_format; ++ break; ++#endif ++ + default: + usage (EXIT_FAILURE); + } +@@ -2339,6 +2415,12 @@ + free (files[i].name); + if (files[i].linkname) + free (files[i].linkname); ++#ifdef WITH_SELINUX ++ if (files[i].scontext) { ++ freecon (files[i].scontext); ++ files[i].scontext=NULL; ++ } ++#endif + } + + files_index = 0; +@@ -2375,6 +2457,9 @@ + f->linkname = 0; + f->linkmode = 0; + f->linkok = 0; ++#ifdef WITH_SELINUX ++ f->scontext = NULL; ++#endif + + if (explicit_arg + || format_needs_stat +@@ -2420,6 +2505,11 @@ + { + int need_lstat; + err = stat (path, &f->stat); ++#ifdef WITH_SELINUX ++ if (err>=0) ++ if (selinux_enabled && (format == security_format || print_scontext)) ++ getfilecon(path, &f->scontext); ++#endif + + if (dereference == DEREF_COMMAND_LINE_ARGUMENTS) + break; +@@ -2438,6 +2528,11 @@ + + default: /* DEREF_NEVER */ + err = lstat (path, &f->stat); ++#ifdef WITH_SELINUX ++ if (err>=0) ++ if (selinux_enabled && (format == security_format || print_scontext)) ++ lgetfilecon(path, &f->scontext); ++#endif + break; + } + +@@ -2924,6 +3019,16 @@ + DIRED_PUTCHAR ('\n'); + } + break; ++ ++#ifdef WITH_SELINUX ++ case security_format: ++ for (i = 0; i < files_index; i++) ++ { ++ print_scontext_format (files + i); ++ DIRED_PUTCHAR ('\n'); ++ } ++ break; ++#endif + } + } + +@@ -3147,6 +3252,14 @@ + } + p += sizeof modebuf + nlink_width + 1; + ++#ifdef WITH_SELINUX ++ ++ if ( print_scontext ) { ++ sprintf (p, "%-32s ", f->scontext); ++ p += strlen (p); ++ } ++#endif ++ + DIRED_INDENT (); + + if (print_owner | print_group | print_author) +@@ -4057,6 +4170,16 @@ + -X sort alphabetically by entry extension\n\ + -1 list one file per line\n\ + "), stdout); ++#ifdef WITH_SELINUX ++printf(_("SELINUX options:\n\n\ ++ --lcontext Display security context. Enable -l. Lines\n\ ++ will probably be too wide for most displays.\n\ ++ --context Display security context so it fits on most\n\ ++ displays. Displays only mode, user, group,\n\ ++ security context and file name.\n\ ++ --scontext Display only security context and file name.\n\ ++")); ++#endif + fputs (HELP_OPTION_DESCRIPTION, stdout); + fputs (VERSION_OPTION_DESCRIPTION, stdout); + fputs (_("\n\ +@@ -4075,3 +4198,79 @@ + } + exit (status); + } ++ ++#ifdef WITH_SELINUX ++ ++static void ++print_scontext_format (const struct fileinfo *f) ++{ ++ char modebuf[12]; ++ ++ /* 7 fields that may require LONGEST_HUMAN_READABLE bytes, ++ 1 10-byte mode string, ++ 9 spaces, one following each of these fields, and ++ 1 trailing NUL byte. */ ++ ++ char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1]; ++ char *buf = init_bigbuf; ++ size_t bufsize = sizeof (init_bigbuf); ++ size_t s; ++ char *p; ++ const char *fmt; ++ char *user_name; ++ char *group_name; ++ int rv; ++ char *scontext; ++ ++ p = buf; ++ ++ if ( print_scontext ) { /* zero means terse listing */ ++ mode_string (f->stat.st_mode, modebuf); ++ modebuf[10] = (FILE_HAS_ACL (f) ? '+' : ' '); ++ modebuf[11] = '\0'; ++ ++ /* print mode */ ++ ++ (void) sprintf (p, "%s ", modebuf); ++ p += strlen (p); ++ ++ /* print standard user and group */ ++ ++ user_name = (numeric_ids ? NULL : getuser (f->stat.st_uid)); ++ if (user_name) ++ (void) sprintf (p, "%-8.8s ", user_name); ++ else ++ (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_uid); ++ p += strlen (p); ++ ++ if ( print_group ) { ++ group_name = (numeric_ids ? NULL : getgroup (f->stat.st_gid)); ++ if (group_name) ++ (void) sprintf (p, "%-8.8s ", group_name); ++ else ++ (void) sprintf (p, "%-8u ", (unsigned int) f->stat.st_gid); ++ p += strlen (p); ++ } ++ } ++ ++ (void) sprintf (p, "%-32s ", f->scontext); ++ p += strlen (p); ++ ++ DIRED_INDENT (); ++ DIRED_FPUTS (buf, stdout, p - buf); ++ print_name_with_quoting (f->name, f->stat.st_mode, f->linkok, &dired_obstack); ++ ++ if (f->filetype == symbolic_link) { ++ if (f->linkname) { ++ DIRED_FPUTS_LITERAL (" -> ", stdout); ++ print_name_with_quoting (f->linkname, f->linkmode, f->linkok - 1, NULL); ++ if (indicator_style != none) ++ print_type_indicator (f->linkmode); ++ } ++ } ++ else { ++ if (indicator_style != none) ++ print_type_indicator (f->stat.st_mode); ++ } ++} ++#endif +--- coreutils-5.0/src/Makefile.am.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/src/Makefile.am 2003-12-09 20:44:57.000000000 -0500 +@@ -4,13 +4,13 @@ + EXTRA_SCRIPTS = nohup + + bin_SCRIPTS = groups @OPTIONAL_BIN_ZCRIPTS@ +-bin_PROGRAMS = chgrp chown chmod cp dd dircolors du \ ++bin_PROGRAMS = chgrp chown chmod chcon cp dd dircolors du \ + ginstall link ln dir vdir ls mkdir \ + mkfifo mknod mv readlink rm rmdir shred stat sync touch unlink \ + cat cksum comm csplit cut expand fmt fold head join md5sum \ + nl od paste pr ptx sha1sum sort split sum tac tail tr tsort unexpand uniq wc \ + basename date dirname echo env expr factor false \ +- id kill logname pathchk printenv printf pwd seq sleep tee \ ++ id kill logname pathchk printenv printf pwd runcon seq sleep tee \ + test true tty whoami yes \ + @OPTIONAL_BIN_PROGS@ @DF_PROG@ + +@@ -34,13 +34,21 @@ + # replacement functions defined in libfetish.a. + LDADD = ../lib/libfetish.a @LIBINTL@ ../lib/libfetish.a + +-dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap @LIBACL@ +-ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap @LIBACL@ ++dir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap @LIBACL@ @LIB_SELINUX@ ++ls_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap @LIBACL@ @LIB_SELINUX@ + shred_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ +-vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap @LIBACL@ +-cp_LDADD = $(LDADD) @LIBACL@ +-ginstall_LDADD = $(LDADD) @LIBACL@ +-mv_LDADD = $(LDADD) @LIBACL@ ++vdir_LDADD = $(LDADD) @LIB_CLOCK_GETTIME@ -ltermcap @LIBACL@ @LIB_SELINUX@ ++cp_LDADD = $(LDADD) @LIBACL@ @LIB_SELINUX@ ++ginstall_LDADD = $(LDADD) @LIBACL@ @LIB_SELINUX@ ++mv_LDADD = $(LDADD) @LIBACL@ @LIB_SELINUX@ ++chcon_LDADD = $(LDADD) @LIB_SELINUX@ ++id_LDADD = $(LDADD) @LIB_SELINUX@ ++mkdir_LDADD = $(LDADD) @LIB_SELINUX@ ++mkfifo_LDADD = $(LDADD) @LIB_SELINUX@ ++mknod_LDADD = $(LDADD) @LIB_SELINUX@ ++stat_LDADD = $(LDADD) @LIB_SELINUX@ ++runcon_LDADD = $(LDADD) @LIB_SELINUX@ ++ + + ## If necessary, add -lm to resolve use of pow in lib/strtod.c. + sort_LDADD = $(LDADD) @POW_LIB@ +--- coreutils-5.0/src/mkdir.c.selinux 2002-09-23 03:35:27.000000000 -0400 ++++ coreutils-5.0/src/mkdir.c 2003-12-09 20:44:57.000000000 -0500 +@@ -34,6 +34,10 @@ + + #define AUTHORS "David MacKenzie" + ++#ifdef WITH_SELINUX ++#include /* for is_selinux_enabled() */ ++#endif ++ + /* The name this program was run with. */ + char *program_name; + +@@ -42,6 +46,9 @@ + + static struct option const longopts[] = + { ++#ifdef WITH_SELINUX ++ {"context", required_argument, NULL, 'Z'}, ++#endif + {"mode", required_argument, NULL, 'm'}, + {"parents", no_argument, NULL, 'p'}, + {"verbose", no_argument, NULL, 'v'}, +@@ -63,6 +70,11 @@ + Create the DIRECTORY(ies), if they do not already exist.\n\ + \n\ + "), stdout); ++#ifdef WITH_SELINUX ++ printf (_("\ ++ -Z, --context=CONTEXT (SELinux) set security context to CONTEXT\n\ ++")); ++#endif + fputs (_("\ + Mandatory arguments to long options are mandatory for short options too.\n\ + "), stdout); +@@ -97,7 +109,11 @@ + + create_parents = 0; + ++#ifdef WITH_SELINUX ++ while ((optc = getopt_long (argc, argv, "pm:vZ:", longopts, NULL)) != -1) ++#else + while ((optc = getopt_long (argc, argv, "pm:v", longopts, NULL)) != -1) ++#endif + { + switch (optc) + { +@@ -112,6 +128,20 @@ + case 'v': /* --verbose */ + verbose_fmt_string = _("created directory %s"); + break; ++#ifdef WITH_SELINUX ++ case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !(is_selinux_enabled()>0)) { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " ++ "a selinux-enabled kernel.\n" ); ++ exit( 1 ); ++ } ++ if (setfscreatecon(optarg)) { ++ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg); ++ exit( 1 ); ++ } ++ break; ++#endif + case_GETOPT_HELP_CHAR; + case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + default: +--- coreutils-5.0/src/mkfifo.c.selinux 2002-08-31 03:29:21.000000000 -0400 ++++ coreutils-5.0/src/mkfifo.c 2003-12-09 20:44:57.000000000 -0500 +@@ -32,11 +32,18 @@ + + #define AUTHORS "David MacKenzie" + ++#ifdef WITH_SELINUX ++#include /* for is_selinux_enabled() */ ++#endif ++ + /* The name this program was run with. */ + char *program_name; + + static struct option const longopts[] = + { ++#ifdef WITH_SELINUX ++ {"context", required_argument, NULL, 'Z'}, ++#endif + {"mode", required_argument, NULL, 'm'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +@@ -57,6 +64,11 @@ + Create named pipes (FIFOs) with the given NAMEs.\n\ + \n\ + "), stdout); ++#ifdef WITH_SELINUX ++ printf (_("\ ++ -Z, --context=CONTEXT set security context (quoted string)\n\ ++"), stdout); ++#endif + fputs (_("\ + Mandatory arguments to long options are mandatory for short options too.\n\ + "), stdout); +@@ -92,7 +104,11 @@ + #ifndef S_ISFIFO + error (4, 0, _("fifo files not supported")); + #else ++#ifdef WITH_SELINUX ++ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1) ++#else + while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1) ++#endif + { + switch (optc) + { +@@ -101,6 +117,19 @@ + case 'm': + specified_mode = optarg; + break; ++#ifdef WITH_SELINUX ++ case 'Z': ++ if( !(is_selinux_enabled()>0)) { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " ++ "a selinux-enabled kernel.\n" ); ++ exit( 1 ); ++ } ++ if (setfscreatecon(optarg)) { ++ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg); ++ exit( 1 ); ++ } ++ break; ++#endif + case_GETOPT_HELP_CHAR; + case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + default: +--- coreutils-5.0/src/mknod.c.selinux 2002-12-14 09:14:59.000000000 -0500 ++++ coreutils-5.0/src/mknod.c 2003-12-09 20:44:57.000000000 -0500 +@@ -36,8 +36,15 @@ + /* The name this program was run with. */ + char *program_name; + ++#ifdef WITH_SELINUX ++#include ++#endif ++ + static struct option const longopts[] = + { ++#ifdef WITH_SELINUX ++ {"context", required_argument, NULL, 'Z'}, ++#endif + {"mode", required_argument, NULL, 'm'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +@@ -58,6 +65,11 @@ + Create the special file NAME of the given TYPE.\n\ + \n\ + "), stdout); ++#ifdef WITH_SELINUX ++ fputs(_("\ ++ -Z, --context=CONTEXT set security context (quoted string)\n\ ++"), stdout); ++#endif + fputs (_("\ + Mandatory arguments to long options are mandatory for short options too.\n\ + "), stdout); +@@ -102,7 +114,11 @@ + + specified_mode = NULL; + ++#ifdef WITH_SELINUX ++ while ((optc = getopt_long (argc, argv, "m:Z:", longopts, NULL)) != -1) ++#else + while ((optc = getopt_long (argc, argv, "m:", longopts, NULL)) != -1) ++#endif + { + switch (optc) + { +@@ -111,6 +127,20 @@ + case 'm': + specified_mode = optarg; + break; ++#ifdef WITH_SELINUX ++ case 'Z': ++ /* politely decline if we're not on a selinux-enabled kernel. */ ++ if( !(is_selinux_enabled()>0)) { ++ fprintf( stderr, "Sorry, --context (-Z) can be used only on " ++ "a selinux-enabled kernel.\n" ); ++ exit( 1 ); ++ } ++ if (setfscreatecon(optarg)) { ++ fprintf( stderr, "Sorry, cannot set default context to %s.\n", optarg); ++ exit( 1 ); ++ } ++ break; ++#endif + case_GETOPT_HELP_CHAR; + case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + default: +--- /dev/null 2003-09-15 09:40:47.000000000 -0400 ++++ coreutils-5.0/src/runcon.c 2003-12-09 20:44:57.000000000 -0500 +@@ -0,0 +1,174 @@ ++/* ++ * runcon [ context | ++ * ( [ -r role ] [-t type] [ -u user ] [ -l levelrange ] ) ++ * command [arg1 [arg2 ...] ] ++ * ++ * attempt to run the specified command with the specified context. ++ * ++ * -r role : use the current context with the specified role ++ * -t type : use the current context with the specified type ++ * -u user : use the current context with the specified user ++ * -l level : use the current context with the specified level range ++ * ++ * Contexts are interpreted as follows: ++ * ++ * Number of MLS ++ * components system? ++ * ++ * 1 - type ++ * 2 - role:type ++ * 3 Y role:type:range ++ * 3 N user:role:type ++ * 4 Y user:role:type:range ++ * 4 N error ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "system.h" ++extern int errno; ++ ++/* The name the program was run with. */ ++char *program_name; ++ ++void ++usage(char *str) ++{ ++ printf(_("Usage: %s [OPTION]... command [args]\n" ++ "Run a program in a different security context.\n\n" ++ " context Complete security context\n" ++ " -t type (for same role as parent)\n" ++ " -u user identity\n" ++ " -r role\n" ++ " -l levelrange\n" ++ " --help display this help and exit\n"), ++ program_name); ++ exit(1); ++} ++ ++int ++main(int argc,char **argv,char **envp ) ++{ ++ char *role = 0; ++ char *range = 0; ++ char *user = 0; ++ char *type = 0; ++ char *context = NULL; ++ security_context_t cur_context = NULL; ++ ++ context_t con; ++ ++ program_name = argv[0]; ++ setlocale (LC_ALL, ""); ++ bindtextdomain (PACKAGE, LOCALEDIR); ++ textdomain (PACKAGE); ++ ++ while (1) { ++ int c; ++ int this_option_optind = optind ? optind : 1; ++ int option_index = 0; ++ static struct option long_options[] = { ++ { "role", 1, 0, 'r' }, ++ { "type", 1, 0, 't' }, ++ { "user", 1, 0, 'u' }, ++ { "range", 1, 0, 'l' }, ++ { "help", 0, 0, '?' }, ++ { 0, 0, 0, 0 } ++ }; ++ c = getopt_long(argc, argv, "s:r:t:u:l:?", long_options, &option_index); ++ if ( c == -1 ) { ++ break; ++ } ++ switch ( c ) { ++ case 'r': ++ if ( role ) { ++ fprintf(stderr,_("multiple roles\n")); ++ exit(1); ++ } ++ role = optarg; ++ break; ++ case 't': ++ if ( type ) { ++ fprintf(stderr,_("multiple types\n")); ++ exit(1); ++ } ++ type = optarg; ++ break; ++ case 'u': ++ if ( user ) { ++ fprintf(stderr,_("multiple users\n")); ++ exit(1); ++ } ++ user = optarg; ++ break; ++ case 'l': ++ if ( range ) { ++ fprintf(stderr,_("multiple levelranges\n")); ++ exit(1); ++ } ++ range = optarg; ++ break; ++ default: ++ fprintf(stderr,_("unrecognised option %c\n"),c); ++ case '?': ++ usage(0); ++ break; ++ } ++ } ++ if ( !(user || role || type || range)) { ++ if ( optind >= argc ) { ++ usage(_("must specify -t, -u, -l, -r, or context")); ++ } ++ context = argv[optind++]; ++ } ++ ++ if ( optind >= argc ) { ++ usage(_("no command found")); ++ } ++ ++ if ( context ) { ++ con = context_new(context); ++ if (!con) { ++ fprintf(stderr,_("%s is not a valid context\n"), context); ++ exit(1); ++ } ++ } ++ else { ++ getcon(&cur_context); ++ con = context_new(cur_context); ++ if (!con) { ++ fprintf(stderr,_("%s is not a valid context\n"), context); ++ exit(1); ++ } ++ if ( user ) { ++ context_user_set(con,user); ++ } ++ if ( type ) { ++ context_type_set(con,type); ++ } ++ if ( range ) { ++ context_range_set(con,range); ++ } ++ if ( role ) { ++ context_role_set(con,role); ++ } ++ } ++ ++ if (setexeccon(context_str(con))!=0) { ++ fprintf(stderr,_("unable to setup security context %s\n"), context_str(con)); ++ exit(1); ++ } ++ if (cur_context!=NULL) ++ freecon(cur_context); ++ ++ if ( execvp(argv[optind],argv+optind) ) { ++ perror("execvp"); ++ exit(1); ++ } ++ return 1; /* can't reach this statement.... */ ++} +--- coreutils-5.0/src/stat.c.selinux 2003-03-22 17:32:02.000000000 -0500 ++++ coreutils-5.0/src/stat.c 2003-12-09 20:44:57.000000000 -0500 +@@ -32,6 +32,13 @@ + # include + #endif + ++#ifdef WITH_SELINUX ++#include ++#define SECURITY_ID_T security_context_t ++#else ++#define SECURITY_ID_T char * ++#endif ++ + /* NetBSD 1.5.2 needs these, for the declaration of struct statfs. */ + #if !HAVE_SYS_STATVFS_H && !HAVE_SYS_VFS_H + # if HAVE_SYS_MOUNT_H && HAVE_SYS_PARAM_H +@@ -93,6 +100,7 @@ + {"dereference", no_argument, 0, 'L'}, + {"format", required_argument, 0, 'c'}, + {"filesystem", no_argument, 0, 'f'}, ++ {"context", no_argument, 0, 'Z'}, + {"terse", no_argument, 0, 't'}, + {GETOPT_HELP_OPTION_DECL}, + {GETOPT_VERSION_OPTION_DECL}, +@@ -332,7 +340,7 @@ + /* print statfs info */ + static void + print_statfs (char *pformat, char m, char const *filename, +- void const *data) ++ void const *data,SECURITY_ID_T scontext) + { + STRUCT_STATVFS const *statfsbuf = data; + +@@ -394,7 +402,10 @@ + strcat (pformat, PRIdMAX); + printf (pformat, (intmax_t) (statfsbuf->f_ffree)); + break; +- ++ case 'C': ++ strcat (pformat, "s"); ++ printf(scontext); ++ break; + default: + strcat (pformat, "c"); + printf (pformat, m); +@@ -404,7 +415,7 @@ + + /* print stat info */ + static void +-print_stat (char *pformat, char m, char const *filename, void const *data) ++print_stat (char *pformat, char m, char const *filename, void const *data, SECURITY_ID_T scontext) + { + struct stat *statbuf = (struct stat *) data; + struct passwd *pw_ent; +@@ -537,6 +548,10 @@ + strcat (pformat, "d"); + printf (pformat, (int) statbuf->st_ctime); + break; ++ case 'C': ++ strcat (pformat, "s"); ++ printf(pformat,scontext); ++ break; + default: + strcat (pformat, "c"); + printf (pformat, m); +@@ -546,8 +561,8 @@ + + static void + print_it (char const *masterformat, char const *filename, +- void (*print_func) (char *, char, char const *, void const *), +- void const *data) ++ void (*print_func) (char *, char, char const *, void const *,SECURITY_ID_T ), ++ void const *data, SECURITY_ID_T scontext) + { + char *b; + +@@ -580,7 +595,7 @@ + putchar ('%'); + break; + default: +- print_func (dest, *p, filename, data); ++ print_func (dest, *p, filename, data,scontext); + break; + } + b = p + 1; +@@ -598,9 +613,17 @@ + + /* stat the filesystem and print what we find */ + static void +-do_statfs (char const *filename, int terse, char const *format) ++do_statfs (char const *filename, int terse, int secure, char const *format) + { + STRUCT_STATVFS statfsbuf; ++ SECURITY_ID_T scontext = NULL; ++#ifdef WITH_SELINUX ++ if(secure) ++ if (getfilecon(filename,&scontext)<0) { ++ perror (filename); ++ return; ++ } ++#endif + int i = statfs (filename, &statfsbuf); + + if (i == -1) +@@ -612,23 +635,40 @@ + + if (format == NULL) + { +- format = (terse +- ? "%n %i %l %t %b %f %a %s %c %d" +- : " File: \"%n\"\n" +- " ID: %-8i Namelen: %-7l Type: %T\n" +- "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n" +- "Inodes: Total: %-10c Free: %-10d"); +- } +- +- print_it (format, filename, print_statfs, &statfsbuf); ++ if (terse) { ++ if(secure) ++ format = "%n %i %l %t %b %f %a %s %c %d %C"; ++ else ++ format = "%n %i %l %t %b %f %a %s %c %d"; ++ } ++ else ++ { ++ if(secure) ++ format = " File: \"%n\"\n" ++ " ID: %-8i Namelen: %-7l Type: %T\n" ++ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n" ++ "Inodes: Total: %-10c Free: %-10d\n" ++ " S_Context: %C\n"; ++ else ++ format= " File: \"%n\"\n" ++ " ID: %-8i Namelen: %-7l Type: %T\n" ++ "Blocks: Total: %-10b Free: %-10f Available: %-10a Size: %s\n" ++ "Inodes: Total: %-10c Free: %-10d"; ++ } ++ } ++ print_it (format, filename, print_statfs, &statfsbuf,scontext); ++#ifdef WITH_SELINUX ++ if (scontext != NULL) ++ freecon(scontext); ++#endif + } +- + /* stat the file and print what we find */ + static void +-do_stat (char const *filename, int follow_links, int terse, ++ do_stat (char const *filename, int follow_links, int terse,int secure, + char const *format) + { + struct stat statbuf; ++ SECURITY_ID_T scontext = NULL; + int i = ((follow_links == 1) + ? stat (filename, &statbuf) + : lstat (filename, &statbuf)); +@@ -639,11 +679,28 @@ + return; + } + ++#ifdef WITH_SELINUX ++ if(secure) { ++ if (link) ++ i=lgetfilecon(filename, &scontext); ++ else ++ i=getfilecon(filename, &scontext); ++ if (i == -1) ++ { ++ perror (filename); ++ return; ++ } ++ } ++#endif ++ + if (format == NULL) + { + if (terse != 0) + { +- format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o"; ++ if (secure) ++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C"; ++ else ++ format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o"; + } + else + { +@@ -651,7 +708,17 @@ + i = statbuf.st_mode & S_IFMT; + if (i == S_IFCHR || i == S_IFBLK) + { +- format = ++ if (secure) ++ format = ++ " File: %N\n" ++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" ++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h" ++ " Device type: %t,%T\n" ++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" ++ " S_Context: %C\n" ++ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; ++ else ++ format = + " File: %N\n" + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" + "Device: %Dh/%dd\tInode: %-10i Links: %-5h" +@@ -661,6 +728,15 @@ + } + else + { ++ if (secure) ++ format = ++ " File: %N\n" ++ " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" ++ "Device: %Dh/%dd\tInode: %-10i Links: %-5h\n" ++ "Access: (%04a/%10.10A) Uid: (%5u/%8U) Gid: (%5g/%8G)\n" ++ "S_Context: %C\n" ++ "Access: %x\n" "Modify: %y\n" "Change: %z\n"; ++ else + format = + " File: %N\n" + " Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n" +@@ -670,7 +746,11 @@ + } + } + } +- print_it (format, filename, print_stat, &statbuf); ++ print_it (format, filename, print_stat, &statbuf,scontext); ++#ifdef WITH_SELINUX ++ if (scontext) ++ freecon(scontext); ++#endif + } + + void +@@ -688,6 +768,7 @@ + -f, --filesystem display filesystem status instead of file status\n\ + -c --format=FORMAT use the specified FORMAT instead of the default\n\ + -L, --dereference follow links\n\ ++ -Z, --context print the security context \n\ + -t, --terse print the information in terse form\n\ + "), stdout); + fputs (HELP_OPTION_DESCRIPTION, stdout); +@@ -739,6 +820,7 @@ + %c Total file nodes in file system\n\ + %d Free file nodes in file system\n\ + %f Free blocks in file system\n\ ++ %C - Security context in SELinux\n\ + "), stdout); + fputs (_("\ + %i File System id in hex\n\ +@@ -761,6 +843,7 @@ + int follow_links = 0; + int fs = 0; + int terse = 0; ++ int secure = 0; + char *format = NULL; + + program_name = argv[0]; +@@ -770,7 +853,7 @@ + + atexit (close_stdout); + +- while ((c = getopt_long (argc, argv, "c:fLlt", long_options, NULL)) != -1) ++ while ((c = getopt_long (argc, argv, "c:fLltZ", long_options, NULL)) != -1) + { + switch (c) + { +@@ -787,6 +870,14 @@ + case 't': + terse = 1; + break; ++ case 'Z': ++ if((is_selinux_enabled()>0)) ++ secure = 1; ++ else { ++ error (0, 0, _("Kernel is not SELinux enabled")); ++ usage (EXIT_FAILURE); ++ } ++ break; + + case_GETOPT_HELP_CHAR; + +@@ -806,9 +897,9 @@ + for (i = optind; i < argc; i++) + { + if (fs == 0) +- do_stat (argv[i], follow_links, terse, format); ++ do_stat (argv[i], follow_links, terse, secure, format); + else +- do_statfs (argv[i], terse, format); ++ do_statfs (argv[i], terse, secure, format); + } + + exit (G_fail ? EXIT_FAILURE : EXIT_SUCCESS); +--- coreutils-5.0/src/mv.c.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/src/mv.c 2003-12-09 20:44:57.000000000 -0500 +@@ -38,6 +38,11 @@ + #include "quote.h" + #include "remove.h" + ++#ifdef WITH_SELINUX ++#include /* for is_selinux_enabled() */ ++int selinux_enabled=0; ++#endif ++ + /* The official name of this program (e.g., no `g' prefix). */ + #define PROGRAM_NAME "mv" + +@@ -381,6 +386,10 @@ + + cp_option_init (&x); + ++#ifdef WITH_SELINUX ++ selinux_enabled= (is_selinux_enabled()>0); ++#endif ++ + /* FIXME: consider not calling getenv for SIMPLE_BACKUP_SUFFIX unless + we'll actually use backup_suffix_string. */ + backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); +--- /dev/null 2003-09-15 09:40:47.000000000 -0400 ++++ coreutils-5.0/man/chcon.x 2003-12-09 20:44:57.000000000 -0500 +@@ -0,0 +1,4 @@ ++[NAME] ++chcon \- change file security context ++[DESCRIPTION] ++.\" Add any additional description here +--- coreutils-5.0/man/Makefile.am.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/man/Makefile.am 2003-12-09 20:44:57.000000000 -0500 +@@ -9,7 +9,7 @@ + rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \ + su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \ + tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \ +- who.1 whoami.1 yes.1 ++ who.1 whoami.1 yes.1 chcon.1 runcon.1 + + man_aux = $(dist_man_MANS:.1=.x) + +@@ -109,6 +109,8 @@ + who.1: $(common_dep) $(srcdir)/who.x ../src/who.c + whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c + yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c ++chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c ++runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c + + SUFFIXES = .x .1 + +--- coreutils-5.0/man/Makefile.in.selinux 2003-04-02 09:28:42.000000000 -0500 ++++ coreutils-5.0/man/Makefile.in 2003-12-09 20:44:57.000000000 -0500 +@@ -1,4 +1,4 @@ +-# Makefile.in generated by automake 1.7.3 from Makefile.am. ++# Makefile.in generated by automake 1.7.7 from Makefile.am. + # @configure_input@ + + # Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003 +@@ -72,6 +72,7 @@ + INTLLIBS = @INTLLIBS@ + KMEM_GROUP = @KMEM_GROUP@ + LDFLAGS = @LDFLAGS@ ++LIBACL = @LIBACL@ + LIBICONV = @LIBICONV@ + LIBINTL = @LIBINTL@ + LIBOBJS = @LIBOBJS@ +@@ -79,6 +80,8 @@ + LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ + LIB_CRYPT = @LIB_CRYPT@ + LIB_NANOSLEEP = @LIB_NANOSLEEP@ ++LIB_PAM = @LIB_PAM@ ++LIB_SELINUX = @LIB_SELINUX@ + LN_S = @LN_S@ + LTLIBICONV = @LTLIBICONV@ + LTLIBINTL = @LTLIBINTL@ +@@ -152,13 +155,13 @@ + basename.1 cat.1 chgrp.1 chmod.1 chown.1 chroot.1 cksum.1 comm.1 \ + cp.1 csplit.1 cut.1 date.1 dd.1 df.1 dir.1 dircolors.1 dirname.1 du.1 \ + echo.1 env.1 expand.1 expr.1 factor.1 false.1 fmt.1 fold.1 groups.1 \ +- head.1 hostid.1 hostname.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \ ++ head.1 hostid.1 id.1 install.1 join.1 link.1 ln.1 logname.1 \ + ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nice.1 nl.1 nohup.1 od.1 \ + paste.1 pathchk.1 pinky.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \ + rm.1 rmdir.1 seq.1 sha1sum.1 shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \ + su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \ + tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \ +- who.1 whoami.1 yes.1 ++ who.1 whoami.1 yes.1 chcon.1 runcon.1 + + + man_aux = $(dist_man_MANS:.1=.x) +@@ -184,7 +187,7 @@ + + NROFF = nroff + MANS = $(dist_man_MANS) +-DIST_COMMON = $(dist_man_MANS) Makefile.am Makefile.in ++DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in Makefile.am + all: all-am + + .SUFFIXES: +@@ -287,7 +290,6 @@ + + installdirs: + $(mkinstalldirs) $(DESTDIR)$(man1dir) +- + install: install-am + install-exec: install-exec-am + install-data: install-data-am +@@ -307,7 +309,7 @@ + clean-generic: + + distclean-generic: +- -rm -f Makefile $(CONFIG_CLEAN_FILES) ++ -rm -f $(CONFIG_CLEAN_FILES) + + maintainer-clean-generic: + @echo "This command is intended for maintainers to use" +@@ -318,6 +320,7 @@ + clean-am: clean-generic mostlyclean-am + + distclean: distclean-am ++ -rm -f Makefile + + distclean-am: clean-am distclean-generic + +@@ -340,6 +343,7 @@ + installcheck-am: + + maintainer-clean: maintainer-clean-am ++ -rm -f Makefile + + maintainer-clean-am: distclean-am maintainer-clean-generic + +@@ -401,7 +405,6 @@ + groups.1: $(common_dep) $(srcdir)/groups.x ../src/groups.sh + head.1: $(common_dep) $(srcdir)/head.x ../src/head.c + hostid.1: $(common_dep) $(srcdir)/hostid.x ../src/hostid.c +-hostname.1: $(common_dep) $(srcdir)/hostname.x ../src/hostname.c + id.1: $(common_dep) $(srcdir)/id.x ../src/id.c + install.1: $(common_dep) $(srcdir)/install.x ../src/install.c + join.1: $(common_dep) $(srcdir)/join.x ../src/join.c +@@ -460,6 +463,8 @@ + who.1: $(common_dep) $(srcdir)/who.x ../src/who.c + whoami.1: $(common_dep) $(srcdir)/whoami.x ../src/whoami.c + yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c ++chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c ++runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c + + # Note the use of $t/$*, rather than just `$*' as in other packages. + # That is necessary to avoid failures for programs that are also shell built-in +--- /dev/null 2003-09-15 09:40:47.000000000 -0400 ++++ coreutils-5.0/man/runcon.x 2003-12-09 20:44:57.000000000 -0500 +@@ -0,0 +1,2 @@ ++[DESCRIPTION] ++.\" Add any additional description here +--- coreutils-5.0/man/stat.1.selinux 2003-03-30 07:13:41.000000000 -0500 ++++ coreutils-5.0/man/stat.1 2003-12-09 20:44:57.000000000 -0500 +@@ -22,6 +22,9 @@ + \fB\-t\fR, \fB\-\-terse\fR + print the information in terse form + .TP ++\fB\-Z\fR, \fB\-\-context\fR ++print security context information for SELinux if available. ++.TP + \fB\-\-help\fR + display this help and exit + .TP +@@ -42,6 +45,9 @@ + %b + Number of blocks allocated (see %B) + .TP ++%C ++SELinux security context ++.TP + %D + Device number in hex + .TP +--- coreutils-5.0/man/cp.1.selinux 2003-03-30 07:13:35.000000000 -0500 ++++ coreutils-5.0/man/cp.1 2003-12-09 20:44:57.000000000 -0500 +@@ -57,7 +57,7 @@ + .TP + \fB\-\-preserve\fR[=\fIATTR_LIST\fR] + preserve the specified attributes (default: +-mode,ownership,timestamps), if possible ++mode,ownership,timestamps) and security contexts, if possible + additional attributes: links, all + .TP + \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR +@@ -109,6 +109,9 @@ + \fB\-\-help\fR + display this help and exit + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set security context of copy to CONTEXT ++.TP + \fB\-\-version\fR + output version information and exit + .PP +--- /dev/null 2003-09-15 09:40:47.000000000 -0400 ++++ coreutils-5.0/man/chcon.1 2003-12-12 13:07:12.023157635 -0500 +@@ -0,0 +1,64 @@ ++.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands" ++.SH NAME ++chcon \- change security context ++.SH SYNOPSIS ++.B chcon ++[\fIOPTION\fR]...\fI CONTEXT FILE\fR... ++.br ++.B chcon ++[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR... ++.SH DESCRIPTION ++.PP ++." Add any additional description here ++.PP ++Change the security context of each FILE to CONTEXT. ++.TP ++\fB\-c\fR, \fB\-\-changes\fR ++like verbose but report only when a change is made ++.TP ++\fB\-h\fR, \fB\-\-no\-dereference\fR ++affect symbolic links instead of any referenced file (available only on systems with lchown system call) ++.TP ++\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR ++suppress most error messages ++.TP ++\fB\-l\fR, \fB\-\-range\fR ++set range RANGE in the target security context ++.TP ++\fB\-\-reference\fR=\fIRFILE\fR ++use RFILE's context instead of using a CONTEXT value ++.TP ++\fB\-R\fR, \fB\-\-recursive\fR ++change files and directories recursively ++.TP ++\fB\-r\fR, \fB\-\-role\fR ++set role ROLE in the target security context ++.TP ++\fB\-t\fR, \fB\-\-type\fR ++set type TYPE in the target security context ++.TP ++\fB\-u\fR, \fB\-\-user\fR ++set user USER in the target security context ++.TP ++\fB\-v\fR, \fB\-\-verbose\fR ++output a diagnostic for every file processed ++.TP ++\fB\-\-help\fR ++display this help and exit ++.TP ++\fB\-\-version\fR ++output version information and exit ++.SH "REPORTING BUGS" ++Report bugs to . ++.SH "SEE ALSO" ++The full documentation for ++.B chcon ++is maintained as a Texinfo manual. If the ++.B info ++and ++.B chcon ++programs are properly installed at your site, the command ++.IP ++.B info chcon ++.PP ++should give you access to the complete manual. +--- coreutils-5.0/man/ls.1.selinux 2003-03-30 07:13:38.000000000 -0500 ++++ coreutils-5.0/man/ls.1 2003-12-09 20:44:57.000000000 -0500 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH LS "1" "March 2003" "ls (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH LS "1" "September 2003" "ls (coreutils) 5.0" FSF + .SH NAME + ls \- list directory contents + .SH SYNOPSIS +@@ -195,6 +195,20 @@ + .TP + \fB\-1\fR + list one file per line ++.PP ++SELinux options: ++.TP ++\fB\-\-lcontext\fR ++Display security context. Enable \fB\-l\fR. Lines ++will probably be too wide for most displays. ++.TP ++\fB\-Z\fR, \fB\-\-context\fR ++Display security context so it fits on most ++displays. Displays only mode, user, group, ++security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only security context and file name. + .TP + \fB\-\-help\fR + display this help and exit +--- coreutils-5.0/man/dir.1.selinux 2003-03-30 07:13:36.000000000 -0500 ++++ coreutils-5.0/man/dir.1 2003-12-09 20:44:57.000000000 -0500 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH DIR "1" "March 2003" "dir (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH DIR "1" "September 2003" "dir (coreutils) 5.0" FSF + .SH NAME + dir \- list directory contents + .SH SYNOPSIS +@@ -195,6 +195,20 @@ + .TP + \fB\-1\fR + list one file per line ++.PP ++SELINUX options: ++.TP ++\fB\-\-lcontext\fR ++Display security context. Enable \fB\-l\fR. Lines ++will probably be too wide for most displays. ++.TP ++\fB\-\-context\fR ++Display security context so it fits on most ++displays. Displays only mode, user, group, ++security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only security context and file name. + .TP + \fB\-\-help\fR + display this help and exit +--- coreutils-5.0/man/id.1.selinux 2003-03-30 07:13:37.000000000 -0500 ++++ coreutils-5.0/man/id.1 2003-12-09 20:44:57.000000000 -0500 +@@ -13,6 +13,9 @@ + \fB\-a\fR + ignore, for compatibility with other versions + .TP ++\fB\-Z\fR, \fB\-\-context\fR ++print only the security context ++.TP + \fB\-g\fR, \fB\-\-group\fR + print only the effective group ID + .TP +--- coreutils-5.0/man/vdir.1.selinux 2003-03-30 07:13:43.000000000 -0500 ++++ coreutils-5.0/man/vdir.1 2003-12-09 20:44:57.000000000 -0500 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH VDIR "1" "March 2003" "vdir (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH VDIR "1" "September 2003" "vdir (coreutils) 5.0" FSF + .SH NAME + vdir \- list directory contents + .SH SYNOPSIS +@@ -195,6 +195,20 @@ + .TP + \fB\-1\fR + list one file per line ++.PP ++SELINUX options: ++.TP ++\fB\-\-lcontext\fR ++Display security context. Enable \fB\-l\fR. Lines ++will probably be too wide for most displays. ++.TP ++\fB\-\-context\fR ++Display security context so it fits on most ++displays. Displays only mode, user, group, ++security context and file name. ++.TP ++\fB\-\-scontext\fR ++Display only security context and file name. + .TP + \fB\-\-help\fR + display this help and exit +--- coreutils-5.0/man/install.1.selinux 2003-12-09 20:44:54.000000000 -0500 ++++ coreutils-5.0/man/install.1 2003-12-09 20:44:57.000000000 -0500 +@@ -1,5 +1,5 @@ +-.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.29. +-.TH INSTALL "1" "March 2003" "install (coreutils) 5.0" "User Commands" ++.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.022. ++.TH INSTALL "1" "September 2003" "install (coreutils) 5.0" FSF + .SH NAME + ginstall \- copy files and set attributes + .SH SYNOPSIS +@@ -60,6 +60,11 @@ + .TP + \fB\-v\fR, \fB\-\-verbose\fR + print the name of each directory as it is created ++.HP ++\fB\-P\fR, \fB\-\-preserve_context\fR (SELinux) Preserve security context ++.TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++(SELinux) Set security context of files and directories + .TP + \fB\-\-help\fR + display this help and exit +--- coreutils-5.0/man/mkdir.1.selinux 2003-03-30 07:13:38.000000000 -0500 ++++ coreutils-5.0/man/mkdir.1 2003-12-09 20:44:57.000000000 -0500 +@@ -12,6 +12,8 @@ + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT ++.TP + \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR + set permission mode (as in chmod), not rwxrwxrwx - umask + .TP +--- coreutils-5.0/man/mkfifo.1.selinux 2003-03-30 07:13:38.000000000 -0500 ++++ coreutils-5.0/man/mkfifo.1 2003-12-09 20:44:57.000000000 -0500 +@@ -12,6 +12,9 @@ + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set security context (quoted string) ++.TP + \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR + set permission mode (as in chmod), not a=rw - umask + .TP +--- coreutils-5.0/man/mknod.1.selinux 2003-03-30 07:13:38.000000000 -0500 ++++ coreutils-5.0/man/mknod.1 2003-12-09 20:44:58.000000000 -0500 +@@ -12,6 +12,9 @@ + .PP + Mandatory arguments to long options are mandatory for short options too. + .TP ++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR ++set security context (quoted string) ++.TP + \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR + set permission mode (as in chmod), not a=rw - umask + .TP +--- /dev/null 2003-09-15 09:40:47.000000000 -0400 ++++ coreutils-5.0/man/runcon.1 2003-12-09 20:44:58.000000000 -0500 +@@ -0,0 +1,39 @@ ++.TH RUNCON "1" "July 2003" "runcon (coreutils) 5.0" "selinux" ++.SH NAME ++runcon \- run command with specified security context ++.SH SYNOPSIS ++.B runcon ++[\fI-t TYPE\fR] [\fI-l LEVEL\fR] [\fI-u USER\fR] [\fI-r ROLE\fR] \fICOMMAND\fR [\fIARGS...\fR] ++.PP ++or ++.PP ++.B runcon ++\fICONTEXT\fR \fICOMMAND\fR [\fIargs...\fR] ++.PP ++.br ++.SH DESCRIPTION ++.PP ++.\" Add any additional description here ++.PP ++Run COMMAND with current security context modified by one or more of LEVEL, ++ROLE, TYPE, and USER, or with completely-specified CONTEXT. ++.TP ++\fB\-t\fR ++change current type to the specified type ++.TP ++\fB\-l\fR ++change current level range to the specified range ++.TP ++\fB\-r\fR ++change current role to the specified role ++.TP ++\fB\-u\fR ++change current user to the specified user ++.PP ++If none of \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified, ++the first argument is used as the complete context. Any additional ++arguments after \fICOMMAND\fR are interpreted as arguments to the ++command. ++.PP ++Note that only carefully-chosen contexts are likely to successfully ++run. +--- coreutils-5.0/README.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/README 2003-12-09 20:44:58.000000000 -0500 +@@ -7,11 +7,11 @@ + + The programs that can be built with this package are: + +- basename cat chgrp chmod chown chroot cksum comm cp csplit cut date dd ++ basename cat chcon chgrp chmod chown chroot cksum comm cp csplit cut date dd + df dir dircolors dirname du echo env expand expr factor false fmt fold + ginstall groups head hostid id join kill link ln logname ls + md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr +- printenv printf ptx pwd readlink rm rmdir seq sha1sum shred sleep sort ++ printenv printf ptx pwd readlink rm rmdir runcon seq sha1sum shred sleep sort + split stat stty su sum sync tac tail tee test touch tr true tsort tty + uname unexpand uniq unlink uptime users vdir wc who whoami yes + +--- coreutils-5.0/configure.ac.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/configure.ac 2003-12-09 20:44:58.000000000 -0500 +@@ -17,6 +17,13 @@ + LIB_PAM="-ldl -lpam -lpam_misc" + AC_SUBST(LIB_PAM)]) + ++dnl Give the chance to enable PAM ++AC_ARG_ENABLE(selinux, dnl ++[ --enable-selinux Enable use of the SELINUX libraries], ++[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) ++LIB_SELINUX="-lselinux" ++AC_SUBST(LIB_SELINUX)]) ++ + jm_PERL + AC_PROG_CC + AC_PROG_CPP +--- coreutils-5.0/config.hin.selinux 2003-12-09 20:44:56.000000000 -0500 ++++ coreutils-5.0/config.hin 2003-12-09 20:44:58.000000000 -0500 +@@ -504,9 +504,6 @@ + /* Define to 1 if you have the `lchown' function. */ + #undef HAVE_LCHOWN + +-/* Define to 1 if you have the `acl' library (-lacl). */ +-#undef HAVE_LIBACL +- + /* Define to 1 if you have the `dgc' library (-ldgc). */ + #undef HAVE_LIBDGC + +@@ -1309,18 +1306,24 @@ + . */ + #undef UMAX4_3 + +-/* the maximum number of simultaneously open files per process */ +-#undef UTILS_OPEN_MAX +- + /* Define if you want access control list support. */ + #undef USE_ACL + ++/* Define if you want to use PAM */ ++#undef USE_PAM ++ ++/* the maximum number of simultaneously open files per process */ ++#undef UTILS_OPEN_MAX ++ + /* Version number of package */ + #undef VERSION + + /* Define if sys/ptem.h is required for struct winsize. */ + #undef WINSIZE_IN_PTEM + ++/* Define if you want to use SELINUX */ ++#undef WITH_SELINUX ++ + /* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ + #undef WORDS_BIGENDIAN diff --git a/coreutils.spec b/coreutils.spec index e0b1762..e50eb59 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -1,10 +1,10 @@ %if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} -%define WITH_SELINUX 0 +%define WITH_SELINUX 1 %endif Summary: The GNU core utilities: a set of tools commonly used in shell scripts Name: coreutils Version: 5.0 -Release: 34.1 +Release: 39 License: GPL Group: System Environment/Base Url: ftp://alpha.gnu.org/gnu/coreutils/ @@ -42,7 +42,6 @@ Patch188: coreutils-4.5.3-suidfail.patch Patch189: coreutils-4.5.3-stoneage.patch # textutils -Patch500: textutils-2.0.17-mem.patch Patch502: textutils-2.0.21-man.patch # sh-utils @@ -75,6 +74,7 @@ Patch907: coreutils-largefile.patch Patch908: coreutils-5.0-md5.patch Patch909: coreutils-lsw.patch Patch910: coreutils-lsw2.patch +Patch911: coreutils-nonerequired.patch #SELINUX Patch %if %{WITH_SELINUX} @@ -127,7 +127,6 @@ the old GNU fileutils, sh-utils, and textutils packages. %patch189 -p1 -b .stoneage # textutils -%patch500 -p1 # patch in new ALL_LINGUAS %patch502 -p1 @@ -158,6 +157,7 @@ the old GNU fileutils, sh-utils, and textutils packages. %patch908 -p1 -b .md5 %patch909 -p1 -b .lsw %patch910 -p1 -b .lsw2 +%patch911 -p1 -b .nonerequired %if %{WITH_SELINUX} #SELinux @@ -293,8 +293,23 @@ fi %_sbindir/chroot %changelog -* Wed Mar 3 2004 Tim Waugh 5.0-34.1 -- Build for Fedora Core 1. +* Tue Jan 20 2004 Dan Walsh 5.0-39 +- Change /etc/pam.d/su to remove preservuser and add multiple + +* Tue Jan 20 2004 Dan Walsh 5.0-38 +- Change is_selinux_enabled to is_selinux_enabled > 0 + +* Tue Jan 20 2004 Dan Walsh 5.0-37 +- Add pam_selinux to pam file to allow switching of roles within selinux + +* Fri Jan 16 2004 Tim Waugh +- The textutils-2.0.17-mem.patch is no longer needed. + +* Thu Jan 15 2004 Tim Waugh 5.0-36 +- Fixed autoconf test causing builds to fail. + +* Tue Dec 9 2003 Dan Walsh 5.0-35 +- Fix copying to non xattr files * Thu Dec 4 2003 Tim Waugh 5.0-34.sel - Fix column widths problems in ls.