|
 |
d3767b |
diff --git a/man/chcon.x b/man/chcon.x
|
|
|
d3767b |
index 8c1ff6f..c84fb96 100644
|
|
|
d3767b |
--- a/man/chcon.x
|
|
|
d3767b |
+++ b/man/chcon.x
|
|
|
d3767b |
@@ -1,4 +1,4 @@
|
|
|
d3767b |
[NAME]
|
|
|
d3767b |
-chcon \- change file security context
|
|
|
d3767b |
+chcon \- change file SELinux security context
|
|
|
d3767b |
[DESCRIPTION]
|
|
|
d3767b |
.\" Add any additional description here
|
|
|
d3767b |
diff --git a/man/runcon.x b/man/runcon.x
|
|
|
d3767b |
index d2df13e..5c5f5d8 100644
|
|
|
d3767b |
--- a/man/runcon.x
|
|
|
d3767b |
+++ b/man/runcon.x
|
|
|
d3767b |
@@ -1,5 +1,5 @@
|
|
|
d3767b |
[NAME]
|
|
|
d3767b |
-runcon \- run command with specified security context
|
|
|
d3767b |
+runcon \- run command with specified SELinux security context
|
|
|
d3767b |
[DESCRIPTION]
|
|
|
d3767b |
Run COMMAND with completely-specified CONTEXT, or with current or
|
|
|
d3767b |
transitioned security context modified by one or more of LEVEL,
|
|
|
d3767b |
diff --git a/src/cp.c b/src/cp.c
|
|
|
d3767b |
index 1b528c6..25dbb88 100644
|
|
|
d3767b |
--- a/src/cp.c
|
|
|
d3767b |
+++ b/src/cp.c
|
|
|
d3767b |
@@ -203,6 +203,9 @@ Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.\n\
|
|
|
d3767b |
all\n\
|
|
|
d3767b |
"), stdout);
|
|
|
d3767b |
fputs (_("\
|
|
|
d3767b |
+ -c deprecated, same as --preserve=context\n\
|
|
|
d3767b |
+"), stdout);
|
|
|
d3767b |
+ fputs (_("\
|
|
|
d3767b |
--no-preserve=ATTR_LIST don't preserve the specified attributes\n\
|
|
|
d3767b |
--parents use full source file name under DIRECTORY\n\
|
|
|
d3767b |
"), stdout);
|
|
|
d3767b |
@@ -929,7 +932,7 @@ main (int argc, char **argv)
|
|
|
d3767b |
selinux_enabled = (0 < is_selinux_enabled ());
|
|
|
d3767b |
cp_option_init (&x);
|
|
|
d3767b |
|
|
|
d3767b |
- while ((c = getopt_long (argc, argv, "abdfHilLnprst:uvxPRS:TZ",
|
|
|
d3767b |
+ while ((c = getopt_long (argc, argv, "abcdfHilLnprst:uvxPRS:TZ",
|
|
|
d3767b |
long_opts, NULL))
|
|
|
d3767b |
!= -1)
|
|
|
d3767b |
{
|
|
|
d3767b |
@@ -977,6 +980,17 @@ main (int argc, char **argv)
|
|
|
d3767b |
copy_contents = true;
|
|
|
d3767b |
break;
|
|
|
d3767b |
|
|
|
d3767b |
+ case 'c':
|
|
|
d3767b |
+ fprintf (stderr, "%s: warning: option '-c' is deprecated, please use '--preserve=context' instead\n", argv[0]);
|
|
|
d3767b |
+ if ( x.set_security_context ) {
|
|
|
d3767b |
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
|
|
|
d3767b |
+ exit( 1 );
|
|
|
d3767b |
+ }
|
|
|
d3767b |
+ else if (selinux_enabled) {
|
|
|
d3767b |
+ x.preserve_security_context = true;
|
|
|
d3767b |
+ x.require_preserve_context = true;
|
|
|
d3767b |
+ }
|
|
|
d3767b |
+ break;
|
|
|
d3767b |
case 'd':
|
|
|
d3767b |
x.preserve_links = true;
|
|
|
d3767b |
x.dereference = DEREF_NEVER;
|
|
|
d3767b |
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
|
|
|
d3767b |
index 47e4480..cff2ead 100644
|
|
|
d3767b |
--- a/doc/coreutils.texi
|
|
|
d3767b |
+++ b/doc/coreutils.texi
|
|
|
d3767b |
@@ -8083,6 +8083,11 @@ done
|
|
|
d3767b |
exit $fail
|
|
|
d3767b |
@end example
|
|
|
d3767b |
|
|
|
d3767b |
+@item -c
|
|
|
d3767b |
+@cindex SELinux security context information, preserving
|
|
|
d3767b |
+Preserve SELinux security context of the original files if possible.
|
|
|
d3767b |
+Some file systems don't support storing of SELinux security context.
|
|
|
d3767b |
+
|
|
|
d3767b |
@item --copy-contents
|
|
|
d3767b |
@cindex directories, copying recursively
|
|
|
d3767b |
@cindex copying directories recursively
|
|
|
d3767b |
diff --git a/src/install.c b/src/install.c
|
|
|
d3767b |
index d79d597..437889a 100644
|
|
|
d3767b |
--- a/src/install.c
|
|
|
d3767b |
+++ b/src/install.c
|
|
|
d3767b |
@@ -673,7 +673,7 @@ In the 4th form, create all components of the given DIRECTORY(ies).\n\
|
|
|
d3767b |
-v, --verbose print the name of each directory as it is created\n\
|
|
|
d3767b |
"), stdout);
|
|
|
d3767b |
fputs (_("\
|
|
|
d3767b |
- --preserve-context preserve SELinux security context\n\
|
|
|
d3767b |
+ -P, --preserve-context preserve SELinux security context (-P deprecated)\n\
|
|
|
d3767b |
-Z set SELinux security context of destination\n\
|
|
|
d3767b |
file and each created directory to default type\n\
|
|
|
d3767b |
--context[=CTX] like -Z, or if CTX is specified then set the\n\
|
|
|
d3767b |
@@ -824,7 +824,7 @@ main (int argc, char **argv)
|
|
|
d3767b |
dir_arg = false;
|
|
|
d3767b |
umask (0);
|
|
|
d3767b |
|
|
|
d3767b |
- while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pt:TvS:Z", long_options,
|
|
|
d3767b |
+ while ((optc = getopt_long (argc, argv, "bcCsDdg:m:o:pPt:TvS:Z", long_options,
|
|
|
d3767b |
NULL)) != -1)
|
|
|
d3767b |
{
|
|
|
d3767b |
switch (optc)
|
|
|
d3767b |
@@ -885,6 +885,8 @@ main (int argc, char **argv)
|
|
|
d3767b |
no_target_directory = true;
|
|
|
d3767b |
break;
|
|
|
d3767b |
|
|
|
d3767b |
+ case 'P':
|
|
|
d3767b |
+ fprintf (stderr, "%s: warning: option '-P' is deprecated, please use '--preserve-context' instead\n", argv[0]);
|
|
|
d3767b |
case PRESERVE_CONTEXT_OPTION:
|
|
|
d3767b |
if (! selinux_enabled)
|
|
|
d3767b |
{
|
|
|
d3767b |
@@ -892,6 +894,10 @@ main (int argc, char **argv)
|
|
|
d3767b |
"this kernel is not SELinux-enabled"));
|
|
|
d3767b |
break;
|
|
|
d3767b |
}
|
|
|
d3767b |
+ if ( x.set_security_context ) {
|
|
|
d3767b |
+ (void) fprintf(stderr, "%s: cannot force target context and preserve it\n", argv[0]);
|
|
|
d3767b |
+ exit( 1 );
|
|
|
d3767b |
+ }
|
|
|
d3767b |
x.preserve_security_context = true;
|
|
|
d3767b |
use_default_selinux_context = false;
|
|
|
d3767b |
break;
|