diff -urNp coreutils-8.1-orig/configure.ac coreutils-8.1/configure.ac

--- coreutils-8.1-orig/configure.ac	2009-11-20 13:11:20.000000000 +0100

+++ coreutils-8.1/configure.ac	2009-11-20 13:11:40.000000000 +0100

@@ -133,6 +133,13 @@ AC_ARG_ENABLE(pam, dnl

 LIB_PAM="-ldl -lpam -lpam_misc"

 AC_SUBST(LIB_PAM)])

+dnl Give the chance to enable SELINUX

+AC_ARG_ENABLE(selinux, dnl

+[  --enable-selinux              Enable use of the SELINUX libraries],

+[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX])

+LIB_SELINUX="-lselinux"

+AC_SUBST(LIB_SELINUX)])

+

 AC_FUNC_FORK

 optional_bin_progs=

diff -urNp coreutils-8.1-orig/man/chcon.x coreutils-8.1/man/chcon.x

--- coreutils-8.1-orig/man/chcon.x	2009-09-01 13:01:16.000000000 +0200

+++ coreutils-8.1/man/chcon.x	2009-11-20 13:11:40.000000000 +0100

@@ -1,4 +1,4 @@

 [NAME]

-chcon \- change file security context

+chcon \- change file SELinux security context

 [DESCRIPTION]

 .\" Add any additional description here

diff -urNp coreutils-8.1-orig/man/runcon.x coreutils-8.1/man/runcon.x

--- coreutils-8.1-orig/man/runcon.x	2009-09-01 13:01:16.000000000 +0200

+++ coreutils-8.1/man/runcon.x	2009-11-20 13:11:40.000000000 +0100

@@ -1,5 +1,5 @@

 [NAME]

-runcon \- run command with specified security context

+runcon \- run command with specified SELinux security context

 [DESCRIPTION]

 Run COMMAND with completely-specified CONTEXT, or with current or

 transitioned security context modified by one or more of LEVEL,

diff -urNp coreutils-8.1-orig/src/copy.c coreutils-8.1/src/copy.c

--- coreutils-8.1-orig/src/copy.c	2009-10-22 11:18:05.000000000 +0200

+++ coreutils-8.1/src/copy.c	2009-11-20 13:11:40.000000000 +0100

@@ -1935,6 +1935,8 @@ copy_internal (char const *src_name, cha

         {

           /* Here, we are crossing a file system boundary and cp's -x option

              is in effect: so don't copy the contents of this directory. */

+        if (x->preserve_security_context)

+           restore_default_fscreatecon_or_die ();

         }

       else

         {

diff -urNp coreutils-8.1-orig/src/copy.h coreutils-8.1/src/copy.h

--- coreutils-8.1-orig/src/copy.h	2009-09-21 14:29:33.000000000 +0200

+++ coreutils-8.1/src/copy.h	2009-11-20 13:11:40.000000000 +0100

@@ -158,6 +158,9 @@ struct cp_options

   bool preserve_mode;

   bool preserve_timestamps;

+  /* If true, attempt to set specified security context */

+  bool set_security_context;

+

   /* Enabled for mv, and for cp by the --preserve=links option.

      If true, attempt to preserve in the destination files any

      logical hard links between the source files.  If used with cp's

diff -urNp coreutils-8.1-orig/src/cp.c coreutils-8.1/src/cp.c

--- coreutils-8.1-orig/src/cp.c	2009-09-29 15:27:54.000000000 +0200

+++ coreutils-8.1/src/cp.c	2009-11-20 13:11:40.000000000 +0100

@@ -139,6 +139,7 @@ static struct option const long_opts[] =

   {"target-directory", required_argument, NULL, 't'},

   {"update", no_argument, NULL, 'u'},

   {"verbose", no_argument, NULL, 'v'},

+  {"context", required_argument, NULL, 'Z'},

   {GETOPT_HELP_OPTION_DECL},

   {GETOPT_VERSION_OPTION_DECL},

   {NULL, 0, NULL, 0}

@@ -197,6 +198,9 @@ Mandatory arguments to long options are 

                                  all\n\

 "), stdout);

       fputs (_("\

+  -c                           same as --preserve=context\n\

+"), stdout);

+      fputs (_("\

       --no-preserve=ATTR_LIST  don't preserve the specified attributes\n\

       --parents                use full source file name under DIRECTORY\n\

 "), stdout);

@@ -223,6 +227,7 @@ Mandatory arguments to long options are 

                                  destination file is missing\n\

   -v, --verbose                explain what is being done\n\

   -x, --one-file-system        stay on this file system\n\

+  -Z, --context=CONTEXT        set security context of copy to CONTEXT\n\

 "), stdout);

       fputs (HELP_OPTION_DESCRIPTION, stdout);

       fputs (VERSION_OPTION_DESCRIPTION, stdout);

@@ -777,6 +782,7 @@ cp_option_init (struct cp_options *x)

   x->preserve_timestamps = false;

   x->preserve_security_context = false;

   x->require_preserve_context = false;

+  x->set_security_context = false;

   x->preserve_xattr = false;

   x->reduce_diagnostics = false;

   x->require_preserve_xattr = false;

@@ -923,7 +929,7 @@ main (int argc, char **argv)

      we'll actually use backup_suffix_string.  */

   backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");

-  while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T",

+  while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:",

                            long_opts, NULL))

          != -1)

     {

@@ -966,6 +972,16 @@ main (int argc, char **argv)

           copy_contents = true;

           break;

+        case 'c':

+          if ( x.set_security_context ) { 

+              (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);

+             exit( 1 );

+           }

+           else if (selinux_enabled) {

+              x.preserve_security_context = true;

+              x.require_preserve_context = true;

+           }

+          break;

         case 'd':

           x.preserve_links = true;

           x.dereference = DEREF_NEVER;

@@ -1075,6 +1091,27 @@ main (int argc, char **argv)

           x.one_file_system = true;

           break;

+

+        case 'Z':

+          /* politely decline if we're not on a selinux-enabled kernel. */

+          if( !selinux_enabled ) {

+             fprintf( stderr, "Warning:  ignoring --context (-Z). "

+                              "It requires a SELinux enabled kernel.\n" );

+             break;

+         }

+         if ( x.preserve_security_context ) {

+            (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg);

+            exit( 1 );

+         }

+         x.set_security_context = true;

+         /* if there's a security_context given set new path 

+            components to that context, too */

+         if ( setfscreatecon(optarg) < 0 ) {

+            (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg);

+            exit( 1 );

+         }

+         break;

+

         case 'S':

           make_backups = true;

           backup_suffix_string = optarg;

diff -urNp coreutils-8.1-orig/src/chcon.c coreutils-8.1/src/chcon.c

--- coreutils-8.1-orig/src/chcon.c	2009-11-07 08:46:30.000000000 +0100

+++ coreutils-8.1/src/chcon.c	2009-11-20 13:11:40.000000000 +0100

@@ -356,7 +356,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\

 "),

         program_name, program_name, program_name);

       fputs (_("\

-Change the security context of each FILE to CONTEXT.\n\

+Change the SELinux security context of each FILE to CONTEXT.\n\

 With --reference, change the security context of each FILE to that of RFILE.\n\

 \n\

   -h, --no-dereference   affect symbolic links instead of any referenced file\n\

diff -urNp coreutils-8.1-orig/src/id.c coreutils-8.1/src/id.c

--- coreutils-8.1-orig/src/id.c	2009-11-13 15:56:41.000000000 +0100

+++ coreutils-8.1/src/id.c	2009-11-20 13:11:40.000000000 +0100

@@ -107,7 +107,7 @@ int

 main (int argc, char **argv)

 {

   int optc;

-  int selinux_enabled = (is_selinux_enabled () > 0);

+  bool selinux_enabled = (is_selinux_enabled () > 0);

   /* If true, output the list of all group IDs. -G */

   bool just_group_list = false;

diff -urNp coreutils-8.1-orig/src/install.c coreutils-8.1/src/install.c

--- coreutils-8.1-orig/src/install.c	2009-09-29 15:27:54.000000000 +0200

+++ coreutils-8.1/src/install.c	2009-11-20 13:11:40.000000000 +0100

@@ -284,6 +284,7 @@ cp_option_init (struct cp_options *x)

   x->reduce_diagnostics=false;

   x->require_preserve = false;

   x->require_preserve_context = false;

+  x->set_security_context = false;

   x->require_preserve_xattr = false;

   x->recursive = false;

   x->sparse_mode = SPARSE_AUTO;

@@ -461,7 +462,7 @@ main (int argc, char **argv)

      we'll actually use backup_suffix_string.  */

   backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX");

-  while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options,

+  while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options,

                               NULL)) != -1)

     {

       switch (optc)

@@ -535,6 +536,7 @@ main (int argc, char **argv)

           error (0, 0, _("WARNING: --preserve_context is deprecated; "

                          "use --preserve-context instead"));

           /* fall through */

+        case 'P':

         case PRESERVE_CONTEXT_OPTION:

           if ( ! selinux_enabled)

             {

@@ -542,6 +544,10 @@ main (int argc, char **argv)

                              "this kernel is not SELinux-enabled"));

               break;

             }

+          if ( x.set_security_context ) {

+             (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);

+             exit( 1 );

+          }

           x.preserve_security_context = true;

           use_default_selinux_context = false;

           break;

@@ -553,6 +559,7 @@ main (int argc, char **argv)

               break;

             }

           scontext = optarg;

+          x.set_security_context = true;

           use_default_selinux_context = false;

           break;

         case_GETOPT_HELP_CHAR;

@@ -986,8 +993,8 @@ Mandatory arguments to long options are 

   -v, --verbose       print the name of each directory as it is created\n\

 "), stdout);

       fputs (_("\

-      --preserve-context  preserve SELinux security context\n\

-  -Z, --context=CONTEXT  set SELinux security context of files and directories\n\

+  -P, --preserve-context (SELinux) preserve security context\n\

+  -Z, --context=CONTEXT  (SELinux) set security context of files and directories\n\

 "), stdout);

       fputs (HELP_OPTION_DESCRIPTION, stdout);

diff -urNp coreutils-8.1-orig/src/ls.c coreutils-8.1/src/ls.c

--- coreutils-8.1-orig/src/ls.c	2009-11-20 13:11:20.000000000 +0100

+++ coreutils-8.1/src/ls.c	2009-11-20 13:11:40.000000000 +0100

@@ -162,7 +162,8 @@ enum filetype

     symbolic_link,

     sock,

     whiteout,

-    arg_directory

+    arg_directory,

+    command_line

   };

 /* Display letters and indicators for each filetype.

@@ -279,6 +280,7 @@ static void queue_directory (char const 

 static void sort_files (void);

 static void parse_ls_color (void);

 void usage (int status);

+static void print_scontext_format (const struct fileinfo *f);

 /* Initial size of hash table.

    Most hierarchies are likely to be shallower than this.  */

@@ -348,7 +350,7 @@ static struct pending *pending_dirs;

 static struct timespec current_time;

-static bool print_scontext;

+static int print_scontext = 0;

 static char UNKNOWN_SECURITY_CONTEXT[] = "?";

 /* Whether any of the files has an ACL.  This affects the width of the

@@ -388,7 +390,9 @@ enum format

     one_per_line,		/* -1 */

     many_per_line,		/* -C */

     horizontal,			/* -x */

-    with_commas			/* -m */

+    with_commas,			/* -m */

+    security_format, /* -Z */

+    invalid_format

   };

 static enum format format;

@@ -790,6 +794,9 @@ enum

   SHOW_CONTROL_CHARS_OPTION,

   SI_OPTION,

   SORT_OPTION,

+  CONTEXT_OPTION,

+  LCONTEXT_OPTION,

+  SCONTEXT_OPTION,

   TIME_OPTION,

   TIME_STYLE_OPTION

 };

@@ -835,7 +842,9 @@ static struct option const long_options[

   {"time-style", required_argument, NULL, TIME_STYLE_OPTION},

   {"color", optional_argument, NULL, COLOR_OPTION},

   {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION},

-  {"context", no_argument, 0, 'Z'},

+  {"context", no_argument, 0, CONTEXT_OPTION},

+  {"lcontext", no_argument, 0, LCONTEXT_OPTION},

+  {"scontext", no_argument, 0, SCONTEXT_OPTION},

   {"author", no_argument, NULL, AUTHOR_OPTION},

   {GETOPT_HELP_OPTION_DECL},

   {GETOPT_VERSION_OPTION_DECL},

@@ -845,12 +854,12 @@ static struct option const long_options[

 static char const *const format_args[] =

 {

   "verbose", "long", "commas", "horizontal", "across",

-  "vertical", "single-column", NULL

+  "vertical", "single-column", "context", NULL

 };

 static enum format const format_types[] =

 {

   long_format, long_format, with_commas, horizontal, horizontal,

-  many_per_line, one_per_line

+  many_per_line, one_per_line, security_format

 };

 ARGMATCH_VERIFY (format_args, format_types);

@@ -1281,7 +1290,8 @@ main (int argc, char **argv)

       /* Avoid following symbolic links when possible.  */

       if (is_colored (C_ORPHAN)

           || (is_colored (C_EXEC) && color_symlink_as_referent)

-          || (is_colored (C_MISSING) && format == long_format))

+          || (is_colored (C_MISSING) && (format == long_format

+              || format == security_format)))

         check_symlink_color = true;

       /* If the standard output is a controlling terminal, watch out

@@ -1328,7 +1338,7 @@ main (int argc, char **argv)

   if (dereference == DEREF_UNDEFINED)

     dereference = ((immediate_dirs

                     || indicator_style == classify

-                    || format == long_format)

+                    || format == long_format || format == security_format)

                    ? DEREF_NEVER

                    : DEREF_COMMAND_LINE_SYMLINK_TO_DIR);

@@ -1348,7 +1358,7 @@ main (int argc, char **argv)

   format_needs_stat = sort_type == sort_time || sort_type == sort_size

     || format == long_format

-    || print_scontext

+    || format == security_format || print_scontext

     || print_block_size;

   format_needs_type = (! format_needs_stat

                        && (recursive

@@ -1379,7 +1389,7 @@ main (int argc, char **argv)

     }

   else

     do

-      gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, "");

+      gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, "");

     while (i < argc);

   if (cwd_n_used)

@@ -1542,7 +1552,7 @@ decode_switches (int argc, char **argv)

   ignore_mode = IGNORE_DEFAULT;

   ignore_patterns = NULL;

   hide_patterns = NULL;

-  print_scontext = false;

+  print_scontext = 0;

   /* FIXME: put this in a function.  */

   {

@@ -1924,13 +1934,27 @@ decode_switches (int argc, char **argv)

           break;

         case 'Z':

-          print_scontext = true;

+          print_scontext = 1;

+    format = security_format;

           break;

         case_GETOPT_HELP_CHAR;

         case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);

+  case CONTEXT_OPTION: /* default security context format */

+                print_scontext = 1;

+                format = security_format;

+                break;

+        case LCONTEXT_OPTION: /* long format plus security context */

+                print_scontext = 1;

+                format = long_format;

+                break;

+        case SCONTEXT_OPTION: /* short form of new security format */

+                print_scontext = 0;

+                format = security_format;

+                break;

+

         default:

           usage (LS_FAILURE);

         }

@@ -2682,8 +2706,10 @@ clear_files (void)

       struct fileinfo *f = sorted_file[i];

       free (f->name);

       free (f->linkname);

-      if (f->scontext != UNKNOWN_SECURITY_CONTEXT)

-        freecon (f->scontext);

+      if (f->scontext != UNKNOWN_SECURITY_CONTEXT) {

+               freecon (f->scontext);

+        f->scontext = NULL;

+      }

     }

   cwd_n_used = 0;

@@ -2725,6 +2751,7 @@ gobble_file (char const *name, enum file

   memset (f, '\0', sizeof *f);

   f->stat.st_ino = inode;

   f->filetype = type;

+  f->scontext = NULL;

   if (command_line_arg

       || format_needs_stat

@@ -2834,7 +2861,7 @@ gobble_file (char const *name, enum file

           && print_with_color && is_colored (C_CAP))

         f->has_capability = has_capability (absolute_name);

-      if (format == long_format || print_scontext)

+      if (format == long_format || format == security_format || print_scontext)

         {

           bool have_selinux = false;

           bool have_acl = false;

@@ -2857,7 +2884,7 @@ gobble_file (char const *name, enum file

                 err = 0;

             }

-          if (err == 0 && format == long_format)

+          if (err == 0 && (format == long_format || format == security_format))

             {

               int n = file_has_acl (absolute_name, &f->stat);

               err = (n < 0);

@@ -2876,7 +2903,8 @@ gobble_file (char const *name, enum file

         }

       if (S_ISLNK (f->stat.st_mode)

-          && (format == long_format || check_symlink_color))

+          && (format == long_format || format == security_format

+              || check_symlink_color))

         {

           char *linkname;

           struct stat linkstats;

@@ -2896,6 +2924,7 @@ gobble_file (char const *name, enum file

                  command line are automatically traced if not being

                  listed as files.  */

               if (!command_line_arg || format == long_format

+                  || format == security_format

                   || !S_ISDIR (linkstats.st_mode))

                 {

                   /* Get the linked-to file's mode for the filetype indicator

@@ -2935,7 +2964,7 @@ gobble_file (char const *name, enum file

             block_size_width = len;

         }

-      if (format == long_format)

+      if (format == long_format || format == security_format)

         {

           if (print_owner)

             {

@@ -3436,6 +3465,13 @@ print_current_files (void)

           print_long_format (sorted_file[i]);

           DIRED_PUTCHAR ('\n');

         }

+     break;

+    case security_format:

+      for (i = 0; i < cwd_n_used; i++)

+      {

+        print_scontext_format (sorted_file[i]);

+        DIRED_PUTCHAR ('\n');

+      }

       break;

     }

 }

@@ -3598,6 +3634,67 @@ format_inode (char *buf, size_t buflen, 

           : (char *) "?");

 }

+/* Print info about f in scontext format */

+static void

+print_scontext_format (const struct fileinfo *f)

+{

+  char modebuf[12];

+

+  /* 7 fields that may require LONGEST_HUMAN_READABLE bytes,

+     1 10-byte mode string,

+     9 spaces, one following each of these fields, and

+     1 trailing NUL byte.  */

+

+  char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10  + 9 + 1];

+  char *buf = init_bigbuf;

+  char *p;

+

+  p = buf;

+

+  if ( print_scontext ) { /* zero means terse listing */

+    filemodestring (&f->stat, modebuf);

+    if (! any_has_acl)

+      modebuf[10] = '\0';

+    else if (f->acl_type == ACL_T_SELINUX_ONLY)

+      modebuf[10] = '.';

+    else if (f->acl_type == ACL_T_YES)

+      modebuf[10] = '+';

+    modebuf[11] = '\0';

+

+    /* print mode */

+

+    (void) sprintf (p, "%s ", modebuf);

+    p += strlen (p);

+

+    /* print standard user and group */

+

+    DIRED_FPUTS (buf, stdout, p - buf);

+    format_user (f->stat.st_uid, owner_width, f->stat_ok);

+    format_group (f->stat.st_gid, group_width, f->stat_ok);

+    p = buf;

+  }

+

+  (void) sprintf (p, "%-32s ", f->scontext ?: "");

+  p += strlen (p);

+

+  DIRED_INDENT ();

+  DIRED_FPUTS (buf, stdout, p - buf);

+  size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf);

+

+  if (f->filetype == symbolic_link) {

+      if (f->linkname) {

+          DIRED_FPUTS_LITERAL (" -> ", stdout);

+          print_name_with_quoting (f, true, NULL, (p - buf) + w + 4);

+          if (indicator_style != none)

+            print_type_indicator (f->stat_ok, f->linkmode, f->filetype);

+      }

+  }

+  else {

+    if (indicator_style != none)

+      print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype);

+  }

+}

+

 /* Print information about F in long format.  */

 static void

 print_long_format (const struct fileinfo *f)

@@ -3689,9 +3786,15 @@ print_long_format (const struct fileinfo

      The latter is wrong when nlink_width is zero.  */

   p += strlen (p);

+  if (print_scontext)

+    {

+      sprintf (p, "%-32s ", f->scontext ? f->scontext : "");

+      p += strlen (p);

+    }

+

   DIRED_INDENT ();

-  if (print_owner || print_group || print_author || print_scontext)

+  if (print_owner || print_group || print_author)

     {

       DIRED_FPUTS (buf, stdout, p - buf);

@@ -3704,9 +3807,6 @@ print_long_format (const struct fileinfo

       if (print_author)

         format_user (f->stat.st_author, author_width, f->stat_ok);

-      if (print_scontext)

-        format_user_or_group (f->scontext, 0, scontext_width);

-

       p = buf;

     }

@@ -4047,9 +4147,6 @@ print_file_name_and_frills (const struct

             : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts,

                               ST_NBLOCKSIZE, output_block_size));

-  if (print_scontext)

-    printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext);

-

   size_t width = print_name_with_quoting (f, false, NULL, start_col);

   if (indicator_style != none)

@@ -4248,9 +4345,6 @@ length_of_file_name_and_frills (const st

                                             output_block_size))

                 : block_size_width);

-  if (print_scontext)

-    len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width);

-

   quote_name (NULL, f->name, filename_quoting_options, &name_width);

   len += name_width;

@@ -4681,9 +4775,16 @@ Mandatory arguments to long options are 

   -w, --width=COLS           assume screen width instead of current value\n\

   -x                         list entries by lines instead of by columns\n\

   -X                         sort alphabetically by entry extension\n\

-  -Z, --context              print any SELinux security context of each file\n\

   -1                         list one file per line\n\

 "), stdout);

+      fputs(_("\nSELinux options:\n\n\

+  --lcontext                 Display security context.   Enable -l. Lines\n\

+                             will probably be too wide for most displays.\n\

+  -Z, --context              Display security context so it fits on most\n\

+                             displays.  Displays only mode, user, group,\n\

+                             security context and file name.\n\

+  --scontext                 Display only security context and file name.\n\

+"), stdout);

       fputs (HELP_OPTION_DESCRIPTION, stdout);

       fputs (VERSION_OPTION_DESCRIPTION, stdout);

       emit_size_note ();

diff -urNp coreutils-8.1-orig/src/mkdir.c coreutils-8.1/src/mkdir.c

--- coreutils-8.1-orig/src/mkdir.c	2009-09-23 10:25:44.000000000 +0200

+++ coreutils-8.1/src/mkdir.c	2009-11-20 13:11:40.000000000 +0100

@@ -38,6 +38,7 @@

 static struct option const longopts[] =

 {

   {GETOPT_SELINUX_CONTEXT_OPTION_DECL},

+  {"context", required_argument, NULL, 'Z'},

   {"mode", required_argument, NULL, 'm'},

   {"parents", no_argument, NULL, 'p'},

   {"verbose", no_argument, NULL, 'v'},

diff -urNp coreutils-8.1-orig/src/mknod.c coreutils-8.1/src/mknod.c

--- coreutils-8.1-orig/src/mknod.c	2009-09-23 10:25:44.000000000 +0200

+++ coreutils-8.1/src/mknod.c	2009-11-20 13:11:40.000000000 +0100

@@ -35,7 +35,7 @@

 static struct option const longopts[] =

 {

-  {GETOPT_SELINUX_CONTEXT_OPTION_DECL},

+  {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, 

   {"mode", required_argument, NULL, 'm'},

   {GETOPT_HELP_OPTION_DECL},

   {GETOPT_VERSION_OPTION_DECL},

diff -urNp coreutils-8.1-orig/src/mv.c coreutils-8.1/src/mv.c

--- coreutils-8.1-orig/src/mv.c	2009-09-23 10:25:44.000000000 +0200

+++ coreutils-8.1/src/mv.c	2009-11-20 13:11:40.000000000 +0100

@@ -118,6 +118,7 @@ cp_option_init (struct cp_options *x)

   x->preserve_mode = true;

   x->preserve_timestamps = true;

   x->preserve_security_context = selinux_enabled;

+  x->set_security_context = false;

   x->reduce_diagnostics = false;

   x->require_preserve = false;  /* FIXME: maybe make this an option */

   x->require_preserve_context = false;

diff -urNp coreutils-8.1-orig/src/runcon.c coreutils-8.1/src/runcon.c

--- coreutils-8.1-orig/src/runcon.c	2009-10-29 14:53:40.000000000 +0100

+++ coreutils-8.1/src/runcon.c	2009-11-20 13:11:40.000000000 +0100

@@ -86,7 +86,7 @@ Usage: %s CONTEXT COMMAND [args]\n\

   or:  %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\

 "), program_name, program_name);

       fputs (_("\

-Run a program in a different security context.\n\

+Run a program in a different SELinux security context.\n\

 With neither CONTEXT nor COMMAND, print the current security context.\n\

 \n\

   CONTEXT            Complete security context\n\

diff -urNp coreutils-8.1-orig/src/stat.c coreutils-8.1/src/stat.c

--- coreutils-8.1-orig/src/stat.c	2009-10-29 11:11:29.000000000 +0100

+++ coreutils-8.1/src/stat.c	2009-11-20 13:11:40.000000000 +0100

@@ -858,7 +858,7 @@ print_it (char const *format, char const

 /* Stat the file system and print what we find.  */

 static bool

-do_statfs (char const *filename, bool terse, char const *format)

+do_statfs (char const *filename, bool terse, bool secure, char const *format)

 {

   STRUCT_STATVFS statfsbuf;

@@ -877,15 +877,31 @@ do_statfs (char const *filename, bool te

     }

   if (format == NULL)

+  {

+    if (terse)

     {

-      format = (terse

-                ? "%n %i %l %t %s %S %b %f %a %c %d\n"

-                : "  File: \"%n\"\n"

+      if (secure)

+        format = "%n %i %l %t %s %S %b %f %a %c %d %C\n";

+             else

+              format = "%n %i %l %t %s %S %b %f %a %c %d\n";

+    }

+    else

+          {

+            if (secure)

+              format = "  File: \"%n\"\n"

                 "    ID: %-8i Namelen: %-7l Type: %T\n"

                 "Block size: %-10s Fundamental block size: %S\n"

                 "Blocks: Total: %-10b Free: %-10f Available: %a\n"

-                "Inodes: Total: %-10c Free: %d\n");

-    }

+                "Inodes: Total: %-10c Free: %d\n"

+                "   S_Context: %C\n";

+            else

+              format = "  File: \"%n\"\n"

+                "    ID: %-8i Namelen: %-7l Type: %T\n"

+                "Block size: %-10s Fundamental block size: %S\n"

+                "Blocks: Total: %-10b Free: %-10f Available: %a\n"

+                "Inodes: Total: %-10c Free: %d\n";

+     }

+  }

   print_it (format, filename, print_statfs, &statfsbuf);

   return true;

@@ -893,7 +909,7 @@ do_statfs (char const *filename, bool te

 /* stat the file and print what we find */

 static bool

-do_stat (char const *filename, bool terse, char const *format)

+do_stat (char const *filename, bool terse, bool secure, char const *format)

 {

   struct stat statbuf;

@@ -919,9 +935,12 @@ do_stat (char const *filename, bool ters

   if (format == NULL)

     {

       if (terse)

-        {

-          format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";

-        }

+      {

+        if (secure)

+               format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o %C\n";

+             else

+               format = "%n %s %b %f %u %g %D %i %h %t %T %X %Y %Z %o\n";

+      }

       else

         {

           /* Temporary hack to match original output until conditional

@@ -938,12 +957,22 @@ do_stat (char const *filename, bool ters

             }

           else

             {

-              format =

-                "  File: %N\n"

-                "  Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"

-                "Device: %Dh/%dd\tInode: %-10i  Links: %h\n"

-                "Access: (%04a/%10.10A)  Uid: (%5u/%8U)   Gid: (%5g/%8G)\n"

-                "Access: %x\n" "Modify: %y\n" "Change: %z\n";

+        if (secure)

+           format =

+                    "  File: %N\n"

+                    "  Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"

+                    "Device: %Dh/%dd\tInode: %-10i  Links: %-5h"

+                    " Device type: %t,%T\n"

+                     "Access: (%04a/%10.10A)  Uid: (%5u/%8U)   Gid: (%5g/%8G)\n"

+                    "   S_Context: %C\n"

+                    "Access: %x\n" "Modify: %y\n" "Change: %z\n";

+        else 

+                format =

+                    "  File: %N\n"

+                    "  Size: %-10s\tBlocks: %-10b IO Block: %-6o %F\n"

+                    "Device: %Dh/%dd\tInode: %-10i  Links: %h\n"

+                    "Access: (%04a/%10.10A)  Uid: (%5u/%8U)   Gid: (%5g/%8G)\n"

+                    "Access: %x\n" "Modify: %y\n" "Change: %z\n";

             }

         }

     }

@@ -964,6 +993,7 @@ usage (int status)

 Display file or file system status.\n\

 \n\

   -L, --dereference     follow links\n\

+  -Z, --context         print the SELinux security context \n\

   -f, --file-system     display file system status instead of file status\n\

 "), stdout);

       fputs (_("\

@@ -1048,6 +1078,7 @@ main (int argc, char *argv[])

   int i;

   bool fs = false;

   bool terse = false;

+  bool secure = false;

   char *format = NULL;

   bool ok = true;

@@ -1087,13 +1118,13 @@ main (int argc, char *argv[])

           terse = true;

           break;

-        case 'Z':  /* FIXME: remove in 2010 */

-          /* Ignore, for compatibility with distributions

-             that implemented this before upstream.

-             But warn of impending removal.  */

-          error (0, 0,

-                 _("the --context (-Z) option is obsolete and will be removed\n"

-                   "in a future release"));

+        case 'Z':

+    if((is_selinux_enabled()>0))

+            secure = 1;

+          else {

+            error (0, 0, _("Kernel is not SELinux enabled"));

+            usage (EXIT_FAILURE);

+          }

           break;

         case_GETOPT_HELP_CHAR;

@@ -1113,8 +1144,8 @@ main (int argc, char *argv[])

   for (i = optind; i < argc; i++)

     ok &= (fs

-           ? do_statfs (argv[i], terse, format)

-           : do_stat (argv[i], terse, format));

+           ? do_statfs (argv[i], terse, secure, format)

+           : do_stat (argv[i], terse, secure, format));

   exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);

 }

diff -urNp coreutils-8.4-orig/tests/test-lib.sh coreutils-8.4/tests/test-lib.sh

--- coreutils-8.4-orig/tests/test-lib.sh	2010-01-03 18:06:20.000000000 +0100

+++ coreutils-8.4/tests/test-lib.sh	2010-01-14 10:28:17.000000000 +0100

@@ -218,8 +218,8 @@ skip_if_()

 require_selinux_()

 {

-  case `ls -Zd .` in

-    '? .'|'unlabeled .')

+  case `ls -Zd . | cut -f4 -d" "` in

+    '?'|'unlabeled')

       skip_test_ "this system (or maybe just" \

         "the current file system) lacks SELinux support"

     ;;

diff -urNp coreutils-8.1-orig/tests/misc/selinux coreutils-8.1/tests/misc/selinux

--- coreutils-8.1-orig/tests/misc/selinux	2009-10-30 12:51:07.000000000 +0100

+++ coreutils-8.1/tests/misc/selinux	2009-11-20 13:11:40.000000000 +0100

@@ -29,7 +29,7 @@ chcon $ctx f d p ||

 # inspect that context with both ls -Z and stat.

 for i in d f p; do

-  c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1

+  c=`ls -dogZ $i|cut -d' ' -f4`; test x$c = x$ctx || fail=1

   c=`stat --printf %C $i`; test x$c = x$ctx || fail=1

 done