You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
4.4 KiB
120 lines
4.4 KiB
diff --git a/man/chcon.x b/man/chcon.x |
|
index 8c1ff6f..c84fb96 100644 |
|
--- a/man/chcon.x |
|
+++ b/man/chcon.x |
|
@@ -1,4 +1,4 @@ |
|
[NAME] |
|
-chcon \- change file security context |
|
+chcon \- change file SELinux security context |
|
[DESCRIPTION] |
|
.\" Add any additional description here |
|
diff --git a/man/runcon.x b/man/runcon.x |
|
index d2df13e..5c5f5d8 100644 |
|
--- a/man/runcon.x |
|
+++ b/man/runcon.x |
|
@@ -1,5 +1,5 @@ |
|
[NAME] |
|
-runcon \- run command with specified security context |
|
+runcon \- run command with specified SELinux security context |
|
[DESCRIPTION] |
|
Run COMMAND with completely-specified CONTEXT, or with current or |
|
transitioned security context modified by one or more of LEVEL, |
|
diff --git a/src/cp.c b/src/cp.c |
|
index 1b528c6..25dbb88 100644 |
|
--- a/src/cp.c |
|
+++ b/src/cp.c |
|
@@ -203,6 +203,9 @@ Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.\n\ |
|
all\n\ |
|
"), stdout); |
|
fputs (_("\ |
|
+ -c deprecated, same as --preserve=context\n\ |
|
+"), stdout); |
|
+ fputs (_("\ |
|
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\ |
|
--parents use full source file name under DIRECTORY\n\ |
|
"), stdout); |
|
@@ -929,7 +932,7 @@ main (int argc, char **argv) |
|
selinux_enabled = (0 < is_selinux_enabled ()); |
|
cp_option_init (&x); |
|
|
|
- while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:TZ", |
|
+ while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ", |
|
long_opts, NULL)) |
|
!= -1) |
|
{ |
|
@@ -977,6 +980,17 @@ main (int argc, char **argv) |
|
copy_contents = true; |
|
break; |
|
|
|
+ case 'c': |
|
+ fprintf (stderr, "%s: warning: option '-c' is deprecated, please use '--preserve=context' instead\n", argv[0]); |
|
+ if ( x.set_security_context ) { |
|
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); |
|
+ exit( 1 ); |
|
+ } |
|
+ else if (selinux_enabled) { |
|
+ x.preserve_security_context = true; |
|
+ x.require_preserve_context = true; |
|
+ } |
|
+ break; |
|
case 'd': |
|
x.preserve_links = true; |
|
x.dereference = DEREF_NEVER; |
|
diff --git a/doc/coreutils.texi b/doc/coreutils.texi |
|
index 47e4480..cff2ead 100644 |
|
--- a/doc/coreutils.texi |
|
+++ b/doc/coreutils.texi |
|
@@ -8083,6 +8083,11 @@ done |
|
exit $fail |
|
@end example |
|
|
|
+@item -c |
|
+@cindex SELinux security context information, preserving |
|
+Preserve SELinux security context of the original files if possible. |
|
+Some file systems don't support storing of SELinux security context. |
|
+ |
|
@item --copy-contents |
|
@cindex directories, copying recursively |
|
@cindex copying directories recursively |
|
diff --git a/src/install.c b/src/install.c |
|
index d79d597..437889a 100644 |
|
--- a/src/install.c |
|
+++ b/src/install.c |
|
@@ -673,7 +673,7 @@ In the 4th form, create all components of the given DIRECTORY(ies).\n\ |
|
-v, --verbose print the name of each directory as it is created\n\ |
|
"), stdout); |
|
fputs (_("\ |
|
- --preserve-context preserve SELinux security context\n\ |
|
+ -P, --preserve-context preserve SELinux security context (-P deprecated)\n\ |
|
-Z set SELinux security context of destination\n\ |
|
file and each created directory to default type\n\ |
|
--context[=CTX] like -Z, or if CTX is specified then set the\n\ |
|
@@ -824,7 +824,7 @@ main (int argc, char **argv) |
|
dir_arg = false; |
|
umask (0); |
|
|
|
- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z", long_options, |
|
+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z", long_options, |
|
NULL)) != -1) |
|
{ |
|
switch (optc) |
|
@@ -885,6 +885,8 @@ main (int argc, char **argv) |
|
no_target_directory = true; |
|
break; |
|
|
|
+ case 'P': |
|
+ fprintf (stderr, "%s: warning: option '-P' is deprecated, please use '--preserve-context' instead\n", argv[0]); |
|
case PRESERVE_CONTEXT_OPTION: |
|
if (! selinux_enabled) |
|
{ |
|
@@ -892,6 +894,10 @@ main (int argc, char **argv) |
|
"this kernel is not SELinux-enabled")); |
|
break; |
|
} |
|
+ if ( x.set_security_context ) { |
|
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); |
|
+ exit( 1 ); |
|
+ } |
|
x.preserve_security_context = true; |
|
use_default_selinux_context = false; |
|
break;
|
|
|