rpms/coreutils/FC-6 coreutils-selinux.patch,1.27,1.28
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Nov 24 18:34:40 UTC 2006
Author: twaugh
Update of /cvs/dist/rpms/coreutils/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv17391
Modified Files:
coreutils-selinux.patch
Log Message:
Use the right patch.
coreutils-selinux.patch:
README | 4
config.hin | 33 +---
configure.ac | 7
man/Makefile.am | 4
man/chcon.1 | 64 ++++++++
man/chcon.x | 4
man/cp.1 | 5
man/dir.1 | 14 +
man/id.1 | 3
man/install.1 | 5
man/ls.1 | 14 +
man/mkdir.1 | 2
man/mkfifo.1 | 3
man/mknod.1 | 3
man/runcon.1 | 45 +++++
man/runcon.x | 14 +
man/stat.1 | 6
man/vdir.1 | 14 +
src/Makefile.am | 23 +-
src/chcon.c | 421 +++++++++++++++++++++++++++++++++++++++++++++++++++++
src/copy.c | 73 +++++++++
src/copy.h | 4
src/cp.c | 67 ++++++++
src/id.c | 68 ++++++++
src/install.c | 99 ++++++++++++
src/ls.c | 296 ++++++++++++++++++++++++++++++++-----
src/mkdir.c | 30 +++
src/mkfifo.c | 29 +++
src/mknod.c | 30 +++
src/mv.c | 13 +
src/runcon.c | 253 +++++++++++++++++++++++++++++++
src/stat.c | 146 ++++++++++++++----
tests/help-version | 4
33 files changed, 1699 insertions(+), 101 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.27 -r 1.28 coreutils-selinux.patch
Index: coreutils-selinux.patch
===================================================================
RCS file: /cvs/dist/rpms/coreutils/FC-6/coreutils-selinux.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- coreutils-selinux.patch 24 Nov 2006 18:30:58 -0000 1.27
+++ coreutils-selinux.patch 24 Nov 2006 18:34:38 -0000 1.28
@@ -1,11 +1,2937 @@
+--- /dev/null 2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/src/chcon.c 2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,421 @@
++/* chcontext -- change security context of a pathname */
++
++#include <config.h>
++#include <stdio.h>
++#include <sys/types.h>
++#include <grp.h>
++#include <getopt.h>
++#include <selinux/selinux.h>
++#include <selinux/context.h>
++
++#include "system.h"
++#include "error.h"
++#include "savedir.h"
++#include "group-member.h"
++
++enum Change_status
++{
++ CH_SUCCEEDED,
++ CH_FAILED,
++ CH_NO_CHANGE_REQUESTED
++};
++
++enum Verbosity
++{
++ /* Print a message for each file that is processed. */
++ V_high,
++
++ /* Print a message for each file whose attributes we change. */
++ V_changes_only,
++
++ /* Do not be verbose. This is the default. */
++ V_off
++};
++
++static int change_dir_context (const char *dir, const struct stat *statp);
++
++/* The name the program was run with. */
++char *program_name;
++
++/* If nonzero, and the systems has support for it, change the context
++ of symbolic links rather than any files they point to. */
++static int change_symlinks;
++
++/* If nonzero, change the context of directories recursively. */
++static int recurse;
++
++/* If nonzero, force silence (no error messages). */
++static int force_silent;
++
++/* Level of verbosity. */
++static enum Verbosity verbosity = V_off;
++
++/* The name of the context file is being given. */
++static const char *specified_context;
++
++/* Specific components of the context */
++static const char *specified_user;
++static const char *specified_role;
++static const char *specified_range;
++static const char *specified_type;
++
++/* The argument to the --reference option. Use the context of this file.
++ This file must exist. */
++static char *reference_file;
++
++/* If nonzero, display usage information and exit. */
++static int show_help;
++
++/* If nonzero, print the version on standard output and exit. */
++static int show_version;
++
++static struct option const long_options[] =
++{
++ {"recursive", no_argument, 0, 'R'},
++ {"changes", no_argument, 0, 'c'},
++ {"no-dereference", no_argument, 0, 'h'},
++ {"silent", no_argument, 0, 'f'},
++ {"quiet", no_argument, 0, 'f'},
++ {"reference", required_argument, 0, CHAR_MAX + 1},
++ {"context", required_argument, 0, CHAR_MAX + 2},
++ {"user", required_argument, 0, 'u'},
++ {"role", required_argument, 0, 'r'},
++ {"type", required_argument, 0, 't'},
++ {"range", required_argument, 0, 'l'},
++ {"verbose", no_argument, 0, 'v'},
++ {"help", no_argument, &show_help, 1},
++ {"version", no_argument, &show_version, 1},
++ {0, 0, 0, 0}
++};
++
++/* Tell the user how/if the context of FILE has been changed.
++ CHANGED describes what (if anything) has happened. */
++
++static void
++describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
++{
++ const char *fmt;
++ switch (changed)
++ {
++ case CH_SUCCEEDED:
++ fmt = _("context of %s changed to %s\n");
++ break;
++ case CH_FAILED:
++ fmt = _("failed to change context of %s to %s\n");
++ break;
++ case CH_NO_CHANGE_REQUESTED:
++ fmt = _("context of %s retained as %s\n");
++ break;
++ default:
++ abort ();
++ }
++ printf (fmt, file, newcontext);
++}
++
++static int
++compute_context_from_mask (security_context_t context, context_t *ret)
++{
++ context_t newcontext = context_new (context);
++ if (!newcontext)
++ return 1;
++#define SETCOMPONENT(comp) \
++ do { \
++ if (specified_ ## comp) \
++ if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
++ goto lose; \
++ } while (0)
++
++ SETCOMPONENT(user);
++ SETCOMPONENT(range);
++ SETCOMPONENT(role);
++ SETCOMPONENT(type);
++#undef SETCOMPONENT
++
++ *ret = newcontext;
++ return 0;
++ lose:
++ context_free (newcontext);
++ return 1;
++}
++
++/* Change the context of FILE, using specified components.
++ If it is a directory and -R is given, recurse.
++ Return 0 if successful, 1 if errors occurred. */
++
++static int
++change_file_context (const char *file)
++{
++ struct stat file_stats;
++ security_context_t file_context=NULL;
++ context_t context;
++ security_context_t context_string;
++ int errors = 0;
++ int status = 0;
++
++ if (change_symlinks)
++ status = lgetfilecon(file, &file_context);
++ else
++ status = getfilecon(file, &file_context);
++
++ if ((status < 0) && (errno != ENODATA))
++ {
++ if (force_silent == 0)
++ error (0, errno, "%s", file);
++ return 1;
++ }
++
++ /* If the file doesn't have a context, and we're not setting all of
++ the context components, there isn't really an obvious default.
++ Thus, we just give up. */
++ if (file_context == NULL && specified_context == NULL)
++ {
++ error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
++ return 1;
++ }
++
++ if (specified_context == NULL)
++ {
++ if (compute_context_from_mask (file_context, &context))
++ {
++ error (0, 0, _("couldn't compute security context from %s"), file_context);
++ return 1;
++ }
++ }
++ else
++ {
++ context = context_new (specified_context);
++ if (!context)
++ error (1, 0,_("invalid context: %s"),specified_context);
[...2552 lines suppressed...]
+ yes.1: $(common_dep) $(srcdir)/yes.x ../src/yes.c
++chcon.1: $(common_dep) $(srcdir)/chcon.x ../src/chcon.c
++runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c
+
+ SUFFIXES = .x .1
- if( just_context && !selinux_enabled)
+--- coreutils-5.97/man/cp.1.selinux 2006-05-25 18:27:33.000000000 +0100
++++ coreutils-5.97/man/cp.1 2006-11-17 13:56:55.000000000 +0000
+@@ -57,7 +57,7 @@
+ .TP
+ \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
+ preserve the specified attributes (default:
+-mode,ownership,timestamps), if possible
++mode,ownership,timestamps) and security contexts, if possible
+ additional attributes: links, all
+ .TP
+ \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
+@@ -105,6 +105,9 @@
+ \fB\-\-help\fR
+ display this help and exit
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context of copy to CONTEXT
++.TP
+ \fB\-\-version\fR
+ output version information and exit
+ .PP
+--- coreutils-5.97/man/mkfifo.1.selinux 2006-05-25 18:27:36.000000000 +0100
++++ coreutils-5.97/man/mkfifo.1 2006-11-17 13:56:55.000000000 +0000
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not a=rw \- umask
+ .TP
+--- coreutils-5.97/man/mknod.1.selinux 2006-05-25 18:27:36.000000000 +0100
++++ coreutils-5.97/man/mknod.1 2006-11-17 13:56:55.000000000 +0000
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not a=rw \- umask
+ .TP
+--- coreutils-5.97/man/mkdir.1.selinux 2006-05-25 18:27:35.000000000 +0100
++++ coreutils-5.97/man/mkdir.1 2006-11-17 13:56:55.000000000 +0000
+@@ -12,6 +12,8 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not rwxrwxrwx \- umask
+ .TP
+--- coreutils-5.97/man/dir.1.selinux 2006-06-01 08:33:14.000000000 +0100
++++ coreutils-5.97/man/dir.1 2006-11-17 13:56:55.000000000 +0000
+@@ -201,6 +201,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELINUX options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+--- /dev/null 2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/man/runcon.x 2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,14 @@
++[NAME]
++runcon \- run command with specified security context
++[DESCRIPTION]
++Run COMMAND with completely-specified CONTEXT, or with current or
++transitioned security context modified by one or more of LEVEL,
++ROLE, TYPE, and USER.
++.PP
++If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
++the first argument is used as the complete context. Any additional
++arguments after \fICOMMAND\fR are interpreted as arguments to the
++command.
++.PP
++Note that only carefully-chosen contexts are likely to successfully
++run.
+--- coreutils-5.97/man/vdir.1.selinux 2006-06-01 08:33:14.000000000 +0100
++++ coreutils-5.97/man/vdir.1 2006-11-17 13:56:55.000000000 +0000
+@@ -201,6 +201,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELINUX options:
++.TP
++\fB\-\-lcontext\fR
++Display security context. Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays. Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+--- /dev/null 2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/man/chcon.x 2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,4 @@
++[NAME]
++chcon \- change file security context
++[DESCRIPTION]
++.\" Add any additional description here
+--- /dev/null 2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/man/chcon.1 2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,64 @@
++.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
++.SH NAME
++chcon \- change security context
++.SH SYNOPSIS
++.B chcon
++[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
++.br
++.B chcon
++[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
++.SH DESCRIPTION
++.PP
++." Add any additional description here
++.PP
++Change the security context of each FILE to CONTEXT.
++.TP
++\fB\-c\fR, \fB\-\-changes\fR
++like verbose but report only when a change is made
++.TP
++\fB\-h\fR, \fB\-\-no\-dereference\fR
++affect symbolic links instead of any referenced file (available only on systems with lchown system call)
++.TP
++\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
++suppress most error messages
++.TP
++\fB\-l\fR, \fB\-\-range\fR
++set range RANGE in the target security context
++.TP
++\fB\-\-reference\fR=\fIRFILE\fR
++use RFILE's context instead of using a CONTEXT value
++.TP
++\fB\-R\fR, \fB\-\-recursive\fR
++change files and directories recursively
++.TP
++\fB\-r\fR, \fB\-\-role\fR
++set role ROLE in the target security context
++.TP
++\fB\-t\fR, \fB\-\-type\fR
++set type TYPE in the target security context
++.TP
++\fB\-u\fR, \fB\-\-user\fR
++set user USER in the target security context
++.TP
++\fB\-v\fR, \fB\-\-verbose\fR
++output a diagnostic for every file processed
++.TP
++\fB\-\-help\fR
++display this help and exit
++.TP
++\fB\-\-version\fR
++output version information and exit
++.SH "REPORTING BUGS"
++Report bugs to <https://bugzilla.redhat.com/bugzilla>.
++.SH "SEE ALSO"
++The full documentation for
++.B chcon
++is maintained as a Texinfo manual. If the
++.B info
++and
++.B chcon
++programs are properly installed at your site, the command
++.IP
++.B info chcon
++.PP
++should give you access to the complete manual.
More information about the fedora-cvs-commits
mailing list