rpms/coreutils/FC-6 coreutils-selinux.patch,1.27,1.28

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Nov 24 18:34:40 UTC 2006 

Author: twaugh

Update of /cvs/dist/rpms/coreutils/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv17391

Modified Files:
	coreutils-selinux.patch 
Log Message:
Use the right patch.

coreutils-selinux.patch:
 README             |    4 
 config.hin         |   33 +---
 configure.ac       |    7 
 man/Makefile.am    |    4 
 man/chcon.1        |   64 ++++++++
 man/chcon.x        |    4 
 man/cp.1           |    5 
 man/dir.1          |   14 +
 man/id.1           |    3 
 man/install.1      |    5 
 man/ls.1           |   14 +
 man/mkdir.1        |    2 
 man/mkfifo.1       |    3 
 man/mknod.1        |    3 
 man/runcon.1       |   45 +++++
 man/runcon.x       |   14 +
 man/stat.1         |    6 
 man/vdir.1         |   14 +
 src/Makefile.am    |   23 +-
 src/chcon.c        |  421 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/copy.c         |   73 +++++++++
 src/copy.h         |    4 
 src/cp.c           |   67 ++++++++
 src/id.c           |   68 ++++++++
 src/install.c      |   99 ++++++++++++
 src/ls.c           |  296 ++++++++++++++++++++++++++++++++-----
 src/mkdir.c        |   30 +++
 src/mkfifo.c       |   29 +++
 src/mknod.c        |   30 +++
 src/mv.c           |   13 +
 src/runcon.c       |  253 +++++++++++++++++++++++++++++++
 src/stat.c         |  146 ++++++++++++++----
 tests/help-version |    4 
 33 files changed, 1699 insertions(+), 101 deletions(-)

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.27 -r 1.28 coreutils-selinux.patch
Index: coreutils-selinux.patch
===================================================================
RCS file: /cvs/dist/rpms/coreutils/FC-6/coreutils-selinux.patch,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- coreutils-selinux.patch	24 Nov 2006 18:30:58 -0000	1.27
+++ coreutils-selinux.patch	24 Nov 2006 18:34:38 -0000	1.28
@@ -1,11 +1,2937 @@
+--- /dev/null	2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/src/chcon.c	2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,421 @@
++/* chcontext -- change security context of a pathname */
++
++#include <config.h>
++#include <stdio.h>
++#include <sys/types.h>
++#include <grp.h>
++#include <getopt.h>
++#include <selinux/selinux.h>
++#include <selinux/context.h>
++
++#include "system.h"
++#include "error.h"
++#include "savedir.h"
++#include "group-member.h"
++
++enum Change_status
++{
++  CH_SUCCEEDED,
++  CH_FAILED,
++  CH_NO_CHANGE_REQUESTED
++};
++
++enum Verbosity
++{
++  /* Print a message for each file that is processed.  */
++  V_high,
++
++  /* Print a message for each file whose attributes we change.  */
++  V_changes_only,
++
++  /* Do not be verbose.  This is the default. */
++  V_off
++};
++
++static int change_dir_context (const char *dir, const struct stat *statp);
++
++/* The name the program was run with. */
++char *program_name;
++
++/* If nonzero, and the systems has support for it, change the context
++   of symbolic links rather than any files they point to.  */
++static int change_symlinks;
++
++/* If nonzero, change the context of directories recursively. */
++static int recurse;
++
++/* If nonzero, force silence (no error messages). */
++static int force_silent;
++
++/* Level of verbosity.  */
++static enum Verbosity verbosity = V_off;
++
++/* The name of the context file is being given. */
++static const char *specified_context;
++
++/* Specific components of the context */
++static const char *specified_user;
++static const char *specified_role;
++static const char *specified_range;
++static const char *specified_type;
++
++/* The argument to the --reference option.  Use the context of this file.
++   This file must exist.  */
++static char *reference_file;
++
++/* If nonzero, display usage information and exit.  */
++static int show_help;
++
++/* If nonzero, print the version on standard output and exit.  */
++static int show_version;
++
++static struct option const long_options[] =
++{
++  {"recursive", no_argument, 0, 'R'},
++  {"changes", no_argument, 0, 'c'},
++  {"no-dereference", no_argument, 0, 'h'},
++  {"silent", no_argument, 0, 'f'},
++  {"quiet", no_argument, 0, 'f'},
++  {"reference", required_argument, 0, CHAR_MAX + 1},
++  {"context", required_argument, 0, CHAR_MAX + 2},
++  {"user", required_argument, 0, 'u'},
++  {"role", required_argument, 0, 'r'},      
++  {"type", required_argument, 0, 't'},
++  {"range", required_argument, 0, 'l'},   
++  {"verbose", no_argument, 0, 'v'},
++  {"help", no_argument, &show_help, 1},
++  {"version", no_argument, &show_version, 1},
++  {0, 0, 0, 0}
++};
++
++/* Tell the user how/if the context of FILE has been changed.
++   CHANGED describes what (if anything) has happened. */
++
++static void
++describe_change (const char *file, security_context_t newcontext, enum Change_status changed)
++{
++  const char *fmt;
++  switch (changed)
++    {
++    case CH_SUCCEEDED:
++      fmt = _("context of %s changed to %s\n");
++      break;
++    case CH_FAILED:
++      fmt = _("failed to change context of %s to %s\n");
++      break;
++    case CH_NO_CHANGE_REQUESTED:
++      fmt = _("context of %s retained as %s\n");
++      break;
++    default:
++      abort ();
++    }
++  printf (fmt, file, newcontext);
++}
++
++static int
++compute_context_from_mask (security_context_t context, context_t *ret)
++{
++  context_t newcontext = context_new (context);
++  if (!newcontext)
++    return 1;
++#define SETCOMPONENT(comp) \
++  do { \
++    if (specified_ ## comp) \
++      if (context_ ## comp ## _set (newcontext, specified_ ## comp)) \
++        goto lose; \
++  } while (0)
++      
++  SETCOMPONENT(user);
++  SETCOMPONENT(range);
++  SETCOMPONENT(role);
++  SETCOMPONENT(type);
++#undef SETCOMPONENT
++  
++  *ret = newcontext;
++  return 0;
++ lose:
++  context_free (newcontext);
++  return 1;
++}
++
++/* Change the context of FILE, using specified components.
++   If it is a directory and -R is given, recurse.
++   Return 0 if successful, 1 if errors occurred. */
++
++static int
++change_file_context (const char *file)
++{
++  struct stat file_stats;
++  security_context_t file_context=NULL;
++  context_t context;
++  security_context_t context_string;
++  int errors = 0;
++  int status = 0;
++
++  if (change_symlinks)
++    status = lgetfilecon(file, &file_context);
++  else 
++    status = getfilecon(file, &file_context);
++
++  if ((status < 0) && (errno != ENODATA))
++    {
++      if (force_silent == 0)
++	error (0, errno, "%s", file);
++      return 1;
++    }
++
++  /* If the file doesn't have a context, and we're not setting all of
++     the context components, there isn't really an obvious default.
++     Thus, we just give up. */
++  if (file_context == NULL && specified_context == NULL)
++    {
++      error (0, 0, _("can't apply partial context to unlabeled file %s"), file);
++      return 1;
++    }
++      
++  if (specified_context == NULL)
++    {
++      if (compute_context_from_mask (file_context, &context))
++	{
++	  error (0, 0, _("couldn't compute security context from %s"), file_context);
++	      return 1;
++	}
++    }
++  else
++    {
++      context = context_new (specified_context);
++      if (!context)
++	error (1, 0,_("invalid context: %s"),specified_context);	    
[...2552 lines suppressed...]
+ yes.1:		$(common_dep)	$(srcdir)/yes.x		../src/yes.c
++chcon.1:	$(common_dep)	$(srcdir)/chcon.x	../src/chcon.c
++runcon.1:	$(common_dep)	$(srcdir)/runcon.x	../src/runcon.c
+ 
+ SUFFIXES = .x .1
  
-   if( just_context  && !selinux_enabled)
+--- coreutils-5.97/man/cp.1.selinux	2006-05-25 18:27:33.000000000 +0100
++++ coreutils-5.97/man/cp.1	2006-11-17 13:56:55.000000000 +0000
+@@ -57,7 +57,7 @@
+ .TP
+ \fB\-\-preserve\fR[=\fIATTR_LIST\fR]
+ preserve the specified attributes (default:
+-mode,ownership,timestamps), if possible
++mode,ownership,timestamps) and security contexts, if possible
+ additional attributes: links, all
+ .TP
+ \fB\-\-no\-preserve\fR=\fIATTR_LIST\fR
+@@ -105,6 +105,9 @@
+ \fB\-\-help\fR
+ display this help and exit
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context of copy to CONTEXT
++.TP
+ \fB\-\-version\fR
+ output version information and exit
+ .PP
+--- coreutils-5.97/man/mkfifo.1.selinux	2006-05-25 18:27:36.000000000 +0100
++++ coreutils-5.97/man/mkfifo.1	2006-11-17 13:56:55.000000000 +0000
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not a=rw \- umask
+ .TP
+--- coreutils-5.97/man/mknod.1.selinux	2006-05-25 18:27:36.000000000 +0100
++++ coreutils-5.97/man/mknod.1	2006-11-17 13:56:55.000000000 +0000
+@@ -12,6 +12,9 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR
++set security context (quoted string)
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not a=rw \- umask
+ .TP
+--- coreutils-5.97/man/mkdir.1.selinux	2006-05-25 18:27:35.000000000 +0100
++++ coreutils-5.97/man/mkdir.1	2006-11-17 13:56:55.000000000 +0000
+@@ -12,6 +12,8 @@
+ .PP
+ Mandatory arguments to long options are mandatory for short options too.
+ .TP
++\fB\-Z\fR, \fB\-\-context\fR=\fICONTEXT\fR (SELinux) set security context to CONTEXT
++.TP
+ \fB\-m\fR, \fB\-\-mode\fR=\fIMODE\fR
+ set permission mode (as in chmod), not rwxrwxrwx \- umask
+ .TP
+--- coreutils-5.97/man/dir.1.selinux	2006-06-01 08:33:14.000000000 +0100
++++ coreutils-5.97/man/dir.1	2006-11-17 13:56:55.000000000 +0000
+@@ -201,6 +201,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELINUX options:
++.TP
++\fB\-\-lcontext\fR
++Display security context.   Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays.  Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+--- /dev/null	2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/man/runcon.x	2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,14 @@
++[NAME]
++runcon \- run command with specified security context
++[DESCRIPTION]
++Run COMMAND with completely-specified CONTEXT, or with current or
++transitioned security context modified by one or more of LEVEL,
++ROLE, TYPE, and USER.
++.PP
++If none of \fI-c\fR, \fI-t\fR, \fI-u\fR, \fI-r\fR, or \fI-l\fR, is specified,
++the first argument is used as the complete context.  Any additional
++arguments after \fICOMMAND\fR are interpreted as arguments to the
++command.
++.PP
++Note that only carefully-chosen contexts are likely to successfully
++run.
+--- coreutils-5.97/man/vdir.1.selinux	2006-06-01 08:33:14.000000000 +0100
++++ coreutils-5.97/man/vdir.1	2006-11-17 13:56:55.000000000 +0000
+@@ -201,6 +201,20 @@
+ .TP
+ \fB\-1\fR
+ list one file per line
++.PP
++SELINUX options:
++.TP
++\fB\-\-lcontext\fR
++Display security context.   Enable \fB\-l\fR. Lines
++will probably be too wide for most displays.
++.TP
++\fB\-\-context\fR
++Display security context so it fits on most
++displays.  Displays only mode, user, group,
++security context and file name.
++.TP
++\fB\-\-scontext\fR
++Display only security context and file name.
+ .TP
+ \fB\-\-help\fR
+ display this help and exit
+--- /dev/null	2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/man/chcon.x	2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,4 @@
++[NAME]
++chcon \- change file security context
++[DESCRIPTION]
++.\" Add any additional description here
+--- /dev/null	2006-11-23 08:31:37.745607750 +0000
++++ coreutils-5.97/man/chcon.1	2006-11-17 13:56:55.000000000 +0000
+@@ -0,0 +1,64 @@
++.TH CHCON 1 "July 2003" "chcon (coreutils) 5.0" "User Commands"
++.SH NAME
++chcon \- change security context
++.SH SYNOPSIS
++.B chcon
++[\fIOPTION\fR]...\fI CONTEXT FILE\fR...
++.br
++.B chcon
++[\fIOPTION\fR]...\fI --reference=RFILE FILE\fR...
++.SH DESCRIPTION
++.PP
++." Add any additional description here
++.PP
++Change the security context of each FILE to CONTEXT.
++.TP
++\fB\-c\fR, \fB\-\-changes\fR
++like verbose but report only when a change is made
++.TP
++\fB\-h\fR, \fB\-\-no\-dereference\fR
++affect symbolic links instead of any referenced file (available only on systems with lchown system call)
++.TP
++\fB\-f\fR, \fB\-\-silent\fR, \fB\-\-quiet\fR
++suppress most error messages
++.TP
++\fB\-l\fR, \fB\-\-range\fR
++set range RANGE in the target security context
++.TP
++\fB\-\-reference\fR=\fIRFILE\fR
++use RFILE's context instead of using a CONTEXT value
++.TP
++\fB\-R\fR, \fB\-\-recursive\fR
++change files and directories recursively
++.TP
++\fB\-r\fR, \fB\-\-role\fR
++set role ROLE in the target security context
++.TP
++\fB\-t\fR, \fB\-\-type\fR
++set type TYPE in the target security context
++.TP
++\fB\-u\fR, \fB\-\-user\fR
++set user USER in the target security context
++.TP
++\fB\-v\fR, \fB\-\-verbose\fR
++output a diagnostic for every file processed
++.TP
++\fB\-\-help\fR
++display this help and exit
++.TP
++\fB\-\-version\fR
++output version information and exit
++.SH "REPORTING BUGS"
++Report bugs to <https://bugzilla.redhat.com/bugzilla>.
++.SH "SEE ALSO"
++The full documentation for
++.B chcon
++is maintained as a Texinfo manual.  If the
++.B info
++and
++.B chcon
++programs are properly installed at your site, the command
++.IP
++.B info chcon
++.PP
++should give you access to the complete manual.

More information about the fedora-cvs-commits mailing list