1 diff -ur coreutils-6.9-orig/src/install.c coreutils-6.9/src/install.c
2 --- a/src/install.c 2007-10-30 12:34:07.000000000 +0100
3 +++ b/src/install.c 2007-10-30 15:41:15.000000000 +0100
5 x->preserve_mode = false;
6 x->preserve_timestamps = false;
7 x->require_preserve = false;
8 + x->require_preserve_context = false;
10 x->sparse_mode = SPARSE_AUTO;
11 x->symbolic_link = false;
12 diff -ur coreutils-6.9-orig/src/mv.c coreutils-6.9/src/mv.c
13 --- a/src/mv.c 2007-10-30 12:34:07.000000000 +0100
14 +++ b/src/mv.c 2007-10-30 15:34:37.000000000 +0100
16 x->preserve_timestamps = true;
17 x->preserve_security_context = selinux_enabled;
18 x->require_preserve = false; /* FIXME: maybe make this an option */
19 + x->require_preserve_context = false;
21 x->sparse_mode = SPARSE_AUTO; /* FIXME: maybe make this an option */
22 x->symbolic_link = false;
23 diff -ur coreutils-6.9-orig/src/copy.c coreutils-6.9/src/copy.c
24 --- coreutils-6.9-orig/src/copy.c 2007-10-30 12:34:07.000000000 +0100
25 +++ coreutils-6.9/src/copy.c 2007-10-30 16:01:22.000000000 +0100
29 dest_desc = open (dst_name, O_WRONLY | O_TRUNC | O_BINARY);
32 - if (dest_desc >= 0 && selinux_enabled &&
33 - (x->preserve_security_context || x->set_security_context))
34 + if (x->preserve_security_context && 0 <= dest_desc)
36 - security_context_t con;
37 - if(getfscreatecon(&con) == -1)
38 + security_context_t con = NULL;
39 + if(getfscreatecon(&con) < 0)
42 - goto close_src_desc;
43 + if (x->require_preserve_context)
45 + error(0, errno, _("failed to get file system create context"));
47 + goto close_src_desc;
53 - if(fsetfilecon(dest_desc, con) == -1)
54 + if(fsetfilecon(dest_desc, con) < 0)
58 - goto close_src_desc;
59 + if (x->require_preserve_context)
61 + error(0, errno, _("failed to set security context of %s to %s"),
62 + quote_n (0, dst_name), quote_n(1, con));
65 + goto close_src_desc;
70 @@ -1577,10 +1587,10 @@
72 if (setfscreatecon(con) < 0)
74 - error (0, errno, _("cannot set setfscreatecon %s"), quote (con));
75 - if (x->require_preserve) {
78 + error (0, errno, _("cannot set default file creation context to %s"), quote (con));
79 + if (x->require_preserve_context) {
87 if (( errno != ENOTSUP ) && ( errno != ENODATA )) {
88 error (0, errno, _("cannot lgetfilecon %s"), quote (src_name));
90 + if (x->require_preserve_context)
95 diff -ur coreutils-6.9-orig/src/copy.h coreutils-6.9/src/copy.h
96 --- coreutils-6.9-orig/src/copy.h 2007-10-30 12:34:07.000000000 +0100
97 +++ coreutils-6.9/src/copy.h 2007-10-30 15:52:59.000000000 +0100
100 bool require_preserve;
102 + /* Useful only when preserve_security_context is true.
103 + If true, a failed attempt to preserve a file's security context
104 + propagates failure "out" to the caller. If false, a failure to
105 + preserve a file's security context does not change the invoking
106 + application's exit status. Give diagnostics for failed syscalls
107 + regardless of this setting. For example, with "cp --preserve=context"
108 + this flag is "true", while with "cp -a", it is false. That means
109 + "cp -a" attempts to preserve any security context, but does not
110 + fail if it is unable to do so. */
111 + bool require_preserve_context;
114 /* If true, copy directories recursively and copy special files
115 as themselves rather than copying their contents. */
117 diff -ur coreutils-6.9-orig/src/cp.c coreutils-6.9/src/cp.c
118 --- coreutils-6.9-orig/src/cp.c 2007-10-30 12:42:13.000000000 +0100
119 +++ coreutils-6.9/src/cp.c 2007-10-30 16:00:33.000000000 +0100
121 x->preserve_security_context = false;
122 x->set_security_context = false;
125 + x->require_preserve_context = false;
126 x->require_preserve = false;
127 x->recursive = false;
128 x->sparse_mode = SPARSE_AUTO;
131 case PRESERVE_CONTEXT:
132 x->preserve_security_context = on_off;
133 + x->require_preserve_context = on_off;
138 x->preserve_timestamps = on_off;
139 x->preserve_ownership = on_off;
140 x->preserve_links = on_off;
141 - x->preserve_security_context = on_off;
142 + if (selinux_enabled) {
143 + x->preserve_security_context = on_off;
144 + x->require_preserve_context = on_off;
150 x.preserve_ownership = true;
151 x.preserve_mode = true;
152 x.preserve_timestamps = true;
153 - x.preserve_security_context = true;
154 - x.require_preserve = true;
155 + if (selinux_enabled)
156 + x.preserve_security_context = true;
157 + x.require_preserve = true;