diff -urNp coreutils-8.7-orig/configure.ac coreutils-8.7/configure.ac --- coreutils-8.7-orig/configure.ac 2010-11-15 10:03:39.636171519 +0100 +++ coreutils-8.7/configure.ac 2010-11-15 10:04:08.161930423 +0100 @@ -133,6 +133,13 @@ if test "$gl_gcc_warnings" = yes; then AC_SUBST([GNULIB_TEST_WARN_CFLAGS]) fi +dnl Give the chance to enable SELINUX +AC_ARG_ENABLE(selinux, dnl +[ --enable-selinux Enable use of the SELINUX libraries], +[AC_DEFINE(WITH_SELINUX, 1, [Define if you want to use SELINUX]) +LIB_SELINUX="-lselinux" +AC_SUBST(LIB_SELINUX)]) + AC_FUNC_FORK AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam], diff -urNp coreutils-8.7-orig/man/chcon.x coreutils-8.7/man/chcon.x --- coreutils-8.7-orig/man/chcon.x 2009-09-01 13:01:16.000000000 +0200 +++ coreutils-8.7/man/chcon.x 2010-11-15 10:04:08.161930423 +0100 @@ -1,4 +1,4 @@ [NAME] -chcon \- change file security context +chcon \- change file SELinux security context [DESCRIPTION] .\" Add any additional description here diff -urNp coreutils-8.7-orig/man/runcon.x coreutils-8.7/man/runcon.x --- coreutils-8.7-orig/man/runcon.x 2009-09-01 13:01:16.000000000 +0200 +++ coreutils-8.7/man/runcon.x 2010-11-15 10:04:08.162922322 +0100 @@ -1,5 +1,5 @@ [NAME] -runcon \- run command with specified security context +runcon \- run command with specified SELinux security context [DESCRIPTION] Run COMMAND with completely-specified CONTEXT, or with current or transitioned security context modified by one or more of LEVEL, diff -urNp coreutils-8.7-orig/src/copy.c coreutils-8.7/src/copy.c --- coreutils-8.7-orig/src/copy.c 2010-10-28 12:31:17.000000000 +0200 +++ coreutils-8.7/src/copy.c 2010-11-15 10:04:08.165921553 +0100 @@ -1924,6 +1924,8 @@ copy_internal (char const *src_name, cha { /* Here, we are crossing a file system boundary and cp's -x option is in effect: so don't copy the contents of this directory. */ + if (x->preserve_security_context) + restore_default_fscreatecon_or_die (); } else { diff -urNp coreutils-8.7-orig/src/copy.h coreutils-8.7/src/copy.h --- coreutils-8.7-orig/src/copy.h 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/copy.h 2010-11-15 10:04:08.166925814 +0100 @@ -158,6 +158,9 @@ struct cp_options bool preserve_mode; bool preserve_timestamps; + /* If true, attempt to set specified security context */ + bool set_security_context; + /* Enabled for mv, and for cp by the --preserve=links option. If true, attempt to preserve in the destination files any logical hard links between the source files. If used with cp's diff -urNp coreutils-8.7-orig/src/cp.c coreutils-8.7/src/cp.c --- coreutils-8.7-orig/src/cp.c 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/cp.c 2010-11-15 10:04:08.168931890 +0100 @@ -141,6 +141,7 @@ static struct option const long_opts[] = {"target-directory", required_argument, NULL, 't'}, {"update", no_argument, NULL, 'u'}, {"verbose", no_argument, NULL, 'v'}, + {"context", required_argument, NULL, 'Z'}, {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, {NULL, 0, NULL, 0} @@ -200,6 +201,9 @@ Mandatory arguments to long options are all\n\ "), stdout); fputs (_("\ + -c same as --preserve=context\n\ +"), stdout); + fputs (_("\ --no-preserve=ATTR_LIST don't preserve the specified attributes\n\ --parents use full source file name under DIRECTORY\n\ "), stdout); @@ -226,6 +230,7 @@ Mandatory arguments to long options are destination file is missing\n\ -v, --verbose explain what is being done\n\ -x, --one-file-system stay on this file system\n\ + -Z, --context=CONTEXT set security context of copy to CONTEXT\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); @@ -780,6 +785,7 @@ cp_option_init (struct cp_options *x) x->preserve_timestamps = false; x->preserve_security_context = false; x->require_preserve_context = false; + x->set_security_context = false; x->preserve_xattr = false; x->reduce_diagnostics = false; x->require_preserve_xattr = false; @@ -927,7 +933,7 @@ main (int argc, char **argv) we'll actually use backup_suffix_string. */ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); - while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:T", + while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ:", long_opts, NULL)) != -1) { @@ -974,6 +980,16 @@ main (int argc, char **argv) copy_contents = true; break; + case 'c': + if ( x.set_security_context ) { + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); + exit( 1 ); + } + else if (selinux_enabled) { + x.preserve_security_context = true; + x.require_preserve_context = true; + } + break; case 'd': x.preserve_links = true; x.dereference = DEREF_NEVER; @@ -1083,6 +1099,27 @@ main (int argc, char **argv) x.one_file_system = true; break; + + case 'Z': + /* politely decline if we're not on a selinux-enabled kernel. */ + if( !selinux_enabled ) { + fprintf( stderr, "Warning: ignoring --context (-Z). " + "It requires a SELinux enabled kernel.\n" ); + break; + } + if ( x.preserve_security_context ) { + (void) fprintf(stderr, "%s: cannot force target context to '%s' and preserve it\n", argv[0], optarg); + exit( 1 ); + } + x.set_security_context = true; + /* if there's a security_context given set new path + components to that context, too */ + if ( setfscreatecon(optarg) < 0 ) { + (void) fprintf(stderr, _("cannot set default security context %s\n"), optarg); + exit( 1 ); + } + break; + case 'S': make_backups = true; backup_suffix_string = optarg; diff -urNp coreutils-8.7-orig/src/chcon.c coreutils-8.7/src/chcon.c --- coreutils-8.7-orig/src/chcon.c 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/chcon.c 2010-11-15 10:04:08.169922391 +0100 @@ -356,7 +356,7 @@ Usage: %s [OPTION]... CONTEXT FILE...\n\ "), program_name, program_name, program_name); fputs (_("\ -Change the security context of each FILE to CONTEXT.\n\ +Change the SELinux security context of each FILE to CONTEXT.\n\ With --reference, change the security context of each FILE to that of RFILE.\n\ \n\ -h, --no-dereference affect symbolic links instead of any referenced file\n\ diff -urNp coreutils-8.7-orig/src/id.c coreutils-8.7/src/id.c --- coreutils-8.7-orig/src/id.c 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/id.c 2010-11-15 10:04:08.170933217 +0100 @@ -107,7 +107,7 @@ int main (int argc, char **argv) { int optc; - int selinux_enabled = (is_selinux_enabled () > 0); + bool selinux_enabled = (is_selinux_enabled () > 0); /* If true, output the list of all group IDs. -G */ bool just_group_list = false; diff -urNp coreutils-8.7-orig/src/install.c coreutils-8.7/src/install.c --- coreutils-8.7-orig/src/install.c 2010-10-15 21:56:29.000000000 +0200 +++ coreutils-8.7/src/install.c 2010-11-15 10:04:08.171921693 +0100 @@ -283,6 +283,7 @@ cp_option_init (struct cp_options *x) x->data_copy_required = true; x->require_preserve = false; x->require_preserve_context = false; + x->set_security_context = false; x->require_preserve_xattr = false; x->recursive = false; x->sparse_mode = SPARSE_AUTO; @@ -460,7 +461,7 @@ main (int argc, char **argv) we'll actually use backup_suffix_string. */ backup_suffix_string = getenv ("SIMPLE_BACKUP_SUFFIX"); - while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z:", long_options, + while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z:", long_options, NULL)) != -1) { switch (optc) @@ -534,6 +535,7 @@ main (int argc, char **argv) error (0, 0, _("WARNING: --preserve_context is deprecated; " "use --preserve-context instead")); /* fall through */ + case 'P': case PRESERVE_CONTEXT_OPTION: if ( ! selinux_enabled) { @@ -541,6 +543,10 @@ main (int argc, char **argv) "this kernel is not SELinux-enabled")); break; } + if ( x.set_security_context ) { + (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]); + exit( 1 ); + } x.preserve_security_context = true; use_default_selinux_context = false; break; @@ -552,6 +558,7 @@ main (int argc, char **argv) break; } scontext = optarg; + x.set_security_context = true; use_default_selinux_context = false; break; case_GETOPT_HELP_CHAR; @@ -985,8 +992,8 @@ Mandatory arguments to long options are -v, --verbose print the name of each directory as it is created\n\ "), stdout); fputs (_("\ - --preserve-context preserve SELinux security context\n\ - -Z, --context=CONTEXT set SELinux security context of files and directories\n\ + -P, --preserve-context (SELinux) preserve security context\n\ + -Z, --context=CONTEXT (SELinux) set security context of files and directories\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); diff -urNp coreutils-8.7-orig/src/ls.c coreutils-8.7/src/ls.c --- coreutils-8.7-orig/src/ls.c 2010-10-25 12:07:57.000000000 +0200 +++ coreutils-8.7/src/ls.c 2010-11-15 10:04:08.175921763 +0100 @@ -159,7 +159,8 @@ enum filetype symbolic_link, sock, whiteout, - arg_directory + arg_directory, + command_line }; /* Display letters and indicators for each filetype. @@ -276,6 +277,7 @@ static void queue_directory (char const static void sort_files (void); static void parse_ls_color (void); void usage (int status); +static void print_scontext_format (const struct fileinfo *f); /* Initial size of hash table. Most hierarchies are likely to be shallower than this. */ @@ -345,7 +347,7 @@ static struct pending *pending_dirs; static struct timespec current_time; -static bool print_scontext; +static int print_scontext = 0; static char UNKNOWN_SECURITY_CONTEXT[] = "?"; /* Whether any of the files has an ACL. This affects the width of the @@ -385,7 +387,9 @@ enum format one_per_line, /* -1 */ many_per_line, /* -C */ horizontal, /* -x */ - with_commas /* -m */ + with_commas, /* -m */ + security_format, /* -Z */ + invalid_format }; static enum format format; @@ -787,6 +791,9 @@ enum SHOW_CONTROL_CHARS_OPTION, SI_OPTION, SORT_OPTION, + CONTEXT_OPTION, + LCONTEXT_OPTION, + SCONTEXT_OPTION, TIME_OPTION, TIME_STYLE_OPTION }; @@ -832,7 +839,9 @@ static struct option const long_options[ {"time-style", required_argument, NULL, TIME_STYLE_OPTION}, {"color", optional_argument, NULL, COLOR_OPTION}, {"block-size", required_argument, NULL, BLOCK_SIZE_OPTION}, - {"context", no_argument, 0, 'Z'}, + {"context", no_argument, 0, CONTEXT_OPTION}, + {"lcontext", no_argument, 0, LCONTEXT_OPTION}, + {"scontext", no_argument, 0, SCONTEXT_OPTION}, {"author", no_argument, NULL, AUTHOR_OPTION}, {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, @@ -842,12 +851,12 @@ static struct option const long_options[ static char const *const format_args[] = { "verbose", "long", "commas", "horizontal", "across", - "vertical", "single-column", NULL + "vertical", "single-column", "context", NULL }; static enum format const format_types[] = { long_format, long_format, with_commas, horizontal, horizontal, - many_per_line, one_per_line + many_per_line, one_per_line, security_format }; ARGMATCH_VERIFY (format_args, format_types); @@ -1289,7 +1298,8 @@ main (int argc, char **argv) /* Avoid following symbolic links when possible. */ if (is_colored (C_ORPHAN) || (is_colored (C_EXEC) && color_symlink_as_referent) - || (is_colored (C_MISSING) && format == long_format)) + || (is_colored (C_MISSING) && (format == long_format + || format == security_format))) check_symlink_color = true; /* If the standard output is a controlling terminal, watch out @@ -1336,7 +1346,7 @@ main (int argc, char **argv) if (dereference == DEREF_UNDEFINED) dereference = ((immediate_dirs || indicator_style == classify - || format == long_format) + || format == long_format || format == security_format) ? DEREF_NEVER : DEREF_COMMAND_LINE_SYMLINK_TO_DIR); @@ -1356,7 +1366,7 @@ main (int argc, char **argv) format_needs_stat = sort_type == sort_time || sort_type == sort_size || format == long_format - || print_scontext + || format == security_format || print_scontext || print_block_size; format_needs_type = (! format_needs_stat && (recursive @@ -1387,7 +1397,7 @@ main (int argc, char **argv) } else do - gobble_file (argv[i++], unknown, NOT_AN_INODE_NUMBER, true, ""); + gobble_file (argv[i++], command_line, NOT_AN_INODE_NUMBER, true, ""); while (i < argc); if (cwd_n_used) @@ -1558,7 +1568,7 @@ decode_switches (int argc, char **argv) ignore_mode = IGNORE_DEFAULT; ignore_patterns = NULL; hide_patterns = NULL; - print_scontext = false; + print_scontext = 0; /* FIXME: put this in a function. */ { @@ -1940,13 +1950,27 @@ decode_switches (int argc, char **argv) break; case 'Z': - print_scontext = true; + print_scontext = 1; + format = security_format; break; case_GETOPT_HELP_CHAR; case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); + case CONTEXT_OPTION: /* default security context format */ + print_scontext = 1; + format = security_format; + break; + case LCONTEXT_OPTION: /* long format plus security context */ + print_scontext = 1; + format = long_format; + break; + case SCONTEXT_OPTION: /* short form of new security format */ + print_scontext = 0; + format = security_format; + break; + default: usage (LS_FAILURE); } @@ -2690,8 +2714,10 @@ clear_files (void) struct fileinfo *f = sorted_file[i]; free (f->name); free (f->linkname); - if (f->scontext != UNKNOWN_SECURITY_CONTEXT) - freecon (f->scontext); + if (f->scontext != UNKNOWN_SECURITY_CONTEXT) { + freecon (f->scontext); + f->scontext = NULL; + } } cwd_n_used = 0; @@ -2733,6 +2759,7 @@ gobble_file (char const *name, enum file memset (f, '\0', sizeof *f); f->stat.st_ino = inode; f->filetype = type; + f->scontext = NULL; if (command_line_arg || format_needs_stat @@ -2842,7 +2869,7 @@ gobble_file (char const *name, enum file && print_with_color && is_colored (C_CAP)) f->has_capability = has_capability (absolute_name); - if (format == long_format || print_scontext) + if (format == long_format || format == security_format || print_scontext) { bool have_selinux = false; bool have_acl = false; @@ -2865,7 +2892,7 @@ gobble_file (char const *name, enum file err = 0; } - if (err == 0 && format == long_format) + if (err == 0 && (format == long_format || format == security_format)) { int n = file_has_acl (absolute_name, &f->stat); err = (n < 0); @@ -2884,7 +2911,8 @@ gobble_file (char const *name, enum file } if (S_ISLNK (f->stat.st_mode) - && (format == long_format || check_symlink_color)) + && (format == long_format || format == security_format + || check_symlink_color)) { char *linkname; struct stat linkstats; @@ -2904,6 +2932,7 @@ gobble_file (char const *name, enum file command line are automatically traced if not being listed as files. */ if (!command_line_arg || format == long_format + || format == security_format || !S_ISDIR (linkstats.st_mode)) { /* Get the linked-to file's mode for the filetype indicator @@ -2943,7 +2972,7 @@ gobble_file (char const *name, enum file block_size_width = len; } - if (format == long_format) + if (format == long_format || format == security_format) { if (print_owner) { @@ -3444,6 +3473,13 @@ print_current_files (void) print_long_format (sorted_file[i]); DIRED_PUTCHAR ('\n'); } + break; + case security_format: + for (i = 0; i < cwd_n_used; i++) + { + print_scontext_format (sorted_file[i]); + DIRED_PUTCHAR ('\n'); + } break; } } @@ -3606,6 +3642,67 @@ format_inode (char *buf, size_t buflen, : (char *) "?"); } +/* Print info about f in scontext format */ +static void +print_scontext_format (const struct fileinfo *f) +{ + char modebuf[12]; + + /* 7 fields that may require LONGEST_HUMAN_READABLE bytes, + 1 10-byte mode string, + 9 spaces, one following each of these fields, and + 1 trailing NUL byte. */ + + char init_bigbuf[7 * LONGEST_HUMAN_READABLE + 10 + 9 + 1]; + char *buf = init_bigbuf; + char *p; + + p = buf; + + if ( print_scontext ) { /* zero means terse listing */ + filemodestring (&f->stat, modebuf); + if (! any_has_acl) + modebuf[10] = '\0'; + else if (f->acl_type == ACL_T_SELINUX_ONLY) + modebuf[10] = '.'; + else if (f->acl_type == ACL_T_YES) + modebuf[10] = '+'; + modebuf[11] = '\0'; + + /* print mode */ + + (void) sprintf (p, "%s ", modebuf); + p += strlen (p); + + /* print standard user and group */ + + DIRED_FPUTS (buf, stdout, p - buf); + format_user (f->stat.st_uid, owner_width, f->stat_ok); + format_group (f->stat.st_gid, group_width, f->stat_ok); + p = buf; + } + + (void) sprintf (p, "%-32s ", f->scontext ?: ""); + p += strlen (p); + + DIRED_INDENT (); + DIRED_FPUTS (buf, stdout, p - buf); + size_t w = print_name_with_quoting (f, false, &dired_obstack, p - buf); + + if (f->filetype == symbolic_link) { + if (f->linkname) { + DIRED_FPUTS_LITERAL (" -> ", stdout); + print_name_with_quoting (f, true, NULL, (p - buf) + w + 4); + if (indicator_style != none) + print_type_indicator (f->stat_ok, f->linkmode, f->filetype); + } + } + else { + if (indicator_style != none) + print_type_indicator (f->stat_ok, f->stat.st_mode, f->filetype); + } +} + /* Print information about F in long format. */ static void print_long_format (const struct fileinfo *f) @@ -3697,9 +3794,15 @@ print_long_format (const struct fileinfo The latter is wrong when nlink_width is zero. */ p += strlen (p); + if (print_scontext) + { + sprintf (p, "%-32s ", f->scontext ? f->scontext : ""); + p += strlen (p); + } + DIRED_INDENT (); - if (print_owner || print_group || print_author || print_scontext) + if (print_owner || print_group || print_author) { DIRED_FPUTS (buf, stdout, p - buf); @@ -3712,9 +3815,6 @@ print_long_format (const struct fileinfo if (print_author) format_user (f->stat.st_author, author_width, f->stat_ok); - if (print_scontext) - format_user_or_group (f->scontext, 0, scontext_width); - p = buf; } @@ -4059,9 +4159,6 @@ print_file_name_and_frills (const struct : human_readable (ST_NBLOCKS (f->stat), buf, human_output_opts, ST_NBLOCKSIZE, output_block_size)); - if (print_scontext) - printf ("%*s ", format == with_commas ? 0 : scontext_width, f->scontext); - size_t width = print_name_with_quoting (f, false, NULL, start_col); if (indicator_style != none) @@ -4265,9 +4362,6 @@ length_of_file_name_and_frills (const st output_block_size)) : block_size_width); - if (print_scontext) - len += 1 + (format == with_commas ? strlen (f->scontext) : scontext_width); - quote_name (NULL, f->name, filename_quoting_options, &name_width); len += name_width; @@ -4700,9 +4794,16 @@ Mandatory arguments to long options are -w, --width=COLS assume screen width instead of current value\n\ -x list entries by lines instead of by columns\n\ -X sort alphabetically by entry extension\n\ - -Z, --context print any SELinux security context of each file\n\ -1 list one file per line\n\ "), stdout); + fputs(_("\nSELinux options:\n\n\ + --lcontext Display security context. Enable -l. Lines\n\ + will probably be too wide for most displays.\n\ + -Z, --context Display security context so it fits on most\n\ + displays. Displays only mode, user, group,\n\ + security context and file name.\n\ + --scontext Display only security context and file name.\n\ +"), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); emit_size_note (); diff -urNp coreutils-8.7-orig/src/mkdir.c coreutils-8.7/src/mkdir.c --- coreutils-8.7-orig/src/mkdir.c 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/mkdir.c 2010-11-15 10:04:08.177942716 +0100 @@ -38,6 +38,7 @@ static struct option const longopts[] = { {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, + {"context", required_argument, NULL, 'Z'}, {"mode", required_argument, NULL, 'm'}, {"parents", no_argument, NULL, 'p'}, {"verbose", no_argument, NULL, 'v'}, diff -urNp coreutils-8.7-orig/src/mknod.c coreutils-8.7/src/mknod.c --- coreutils-8.7-orig/src/mknod.c 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/mknod.c 2010-11-15 10:04:08.177942716 +0100 @@ -35,7 +35,7 @@ static struct option const longopts[] = { - {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, + {GETOPT_SELINUX_CONTEXT_OPTION_DECL}, {"mode", required_argument, NULL, 'm'}, {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, diff -urNp coreutils-8.7-orig/src/mv.c coreutils-8.7/src/mv.c --- coreutils-8.7-orig/src/mv.c 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/mv.c 2010-11-15 10:04:08.179924138 +0100 @@ -118,6 +118,7 @@ cp_option_init (struct cp_options *x) x->preserve_mode = true; x->preserve_timestamps = true; x->preserve_security_context = selinux_enabled; + x->set_security_context = false; x->reduce_diagnostics = false; x->data_copy_required = true; x->require_preserve = false; /* FIXME: maybe make this an option */ diff -urNp coreutils-8.7-orig/src/runcon.c coreutils-8.7/src/runcon.c --- coreutils-8.7-orig/src/runcon.c 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/src/runcon.c 2010-11-15 10:04:08.180922252 +0100 @@ -86,7 +86,7 @@ Usage: %s CONTEXT COMMAND [args]\n\ or: %s [ -c ] [-u USER] [-r ROLE] [-t TYPE] [-l RANGE] COMMAND [args]\n\ "), program_name, program_name); fputs (_("\ -Run a program in a different security context.\n\ +Run a program in a different SELinux security context.\n\ With neither CONTEXT nor COMMAND, print the current security context.\n\ \n\ CONTEXT Complete security context\n\ diff -urNp coreutils-8.7-orig/tests/init.cfg coreutils-8.7/tests/init.cfg --- coreutils-8.7-orig/tests/init.cfg 2010-11-08 14:10:20.000000000 +0100 +++ coreutils-8.7/tests/init.cfg 2010-11-15 10:04:08.181922042 +0100 @@ -216,8 +216,8 @@ skip_if_() require_selinux_() { - case `ls -Zd .` in - '? .'|'unlabeled .') + case `ls -Zd . | cut -f4 -d" "` in + '?'|'unlabeled') skip_test_ "this system (or maybe just" \ "the current file system) lacks SELinux support" ;; diff -urNp coreutils-8.7-orig/tests/misc/selinux coreutils-8.7/tests/misc/selinux --- coreutils-8.7-orig/tests/misc/selinux 2010-10-11 19:35:11.000000000 +0200 +++ coreutils-8.7/tests/misc/selinux 2010-11-15 10:04:08.181922042 +0100 @@ -44,7 +44,7 @@ chcon $ctx f d p || # inspect that context with both ls -Z and stat. for i in d f p; do - c=`ls -dogZ $i|cut -d' ' -f3`; test x$c = x$ctx || fail=1 + c=`ls -dogZ $i|cut -d' ' -f4`; test x$c = x$ctx || fail=1 c=`stat --printf %C $i`; test x$c = x$ctx || fail=1 done