|
* tests/cp/Makefile.am (TESTS): Add cp-a-selinux.
* tests/selinux: New file.
* tests/Makefile.am (EXTRA_DIST): Add selinux.
* tests/misc/selinux: Source the new script, rather than open coding it.
Change how "cp -a" and "cp --preserve=context" work with SELinux.
Now, cp -a attempts to preserve context, but failure to do so does
not change cp's exit status. However "cp --preserve=context" is
similar, but failure *does* cause cp to exit with nonzero status.
* src/copy.h (struct cp_options) [require_preserve_context]: New member.
* src/copy.c (copy_reg, copy_internal): Implement the above.
* src/mv.c (cp_option_init): Initialize the new member.
* src/install.c (cp_option_init): Likewise.
* src/cp.c (cp_option_init): Likewise.
(decode_preserve_arg): Set it or reset it.
FIXME: add an on-writable-NFS-only test
|
|
I started with the patches from Red Hat.
The entries below tell how the code evolved.
* src/ls.c (print_long_format, print_file_name_and_frills): When
there is no security context (due to getfilecon/lgetfilecon failing
with e.g. ENOTSUP), print it as "?", not "".
* src/ls.c (print_file_name_and_frills): Make -Z work without -l.
(length_of_file_name_and_frills): Likewise.
* src/ls.c: Remove the --lcontext and --scontext options.
Change the way -Z, --context work so that it no longer implies -l.
Thus, -Z -l will work like -lcontext and -Z without -l will work
like --scontext.
Adjust tests to reflect new 'ls -l' syntax -- affects only
systems with SELinux when operating on a file with no ACL.
These tests assumed that everything before the first space on
each line is the 10-byte mode string. But there may also be a "+"
in the 11th column, just before the space. However, note that this
is not new. The same thing would have happened even without the
change below, when listing a file with an ACL.
* tests/chmod/equals, tests/cp/cp-parents, tests/cp/fail-perm:
* tests/cp/link-preserve, tests/install/basic-1, tests/misc/mknod:
* tests/mkdir/parents, tests/mkdir/special-1, tests/mv/partition-perm:
Don't make compilation depend on USE_ACL. An SELinux security
context counts as an "alternate access control method", so ls
must output a "+" for each file with a security context.
* src/ls.c [struct fileinfo] (have_acl): Declare unconditionally.
(FILE_HAS_ACL): Remove macro definition. Use f->have_acl directly.
(gobble_file): Record whether a file has a security context, and
update the condition used to determine whether to print the "+".
(gobble_file): Call getfilecon/lgetfilecon also when
format == long_format, so that we get the "+".
* src/ls.c (gobble_file): Add a comment explaining why (with a
security context option) ls doesn't exit nonzero due to e.g.,
getfilecon failing with errno == ENOTSUP.
* src/ls.c (gobble_file): Ignore failure of getfilecon if it's due
to ENOTSUP.
* src/ls.c (gobble_file): Factor out three small blocks using
getfilecon and lgetfilecon.
Don't ignore return value from getfilecon and lgetfilecon.
* src/ls.c (print_long_format): Don't use ?: (empty 2nd arg with C
ternary operator).
(print_scontext_format): Likewise.
(print_scontext): Declare to be "bool", not int. Adjust uses.
* src/Makefile.am (dir_LDADD, ls_LDADD, vdir_LDADD): Add $(LIB_SELINUX).
* tests/misc/chcon: New file.
* tests/misc/chcon-fail: New file.
* tests/Makefile.am (check-root): Run new, root-only misc/chcon test.
* tests/misc/Makefile.am (TESTS): Add chcon and chcon-fail.
* tests/misc/Makefile.am (TESTS): Add selinux.
* tests/misc/selinux: New file.
* tests/help-version: Skip chcon.
|
