** Bug fixes
+ id with no options now prints the SELinux context only when invoked
+ with no USERNAME argument.
+
id and groups once again print the AFS-specific nameless group-ID (PAG).
Printing of such large-numbered, kernel-only (not in /etc/group) group-IDs
was suppressed in 6.11 due to ignorance that they are useful.
cannot display context when selinux not enabled or when displaying the id\n\
of a different user"));
- /* If we are on a selinux-enabled kernel, get our context.
- Otherwise, leave the context variable alone - it has
- been initialized known invalid value; if we see this invalid
- value later, we will know we are on a non-selinux kernel. */
- if (selinux_enabled)
+ /* If we are on a selinux-enabled kernel and no user is specified,
+ get our context. Otherwise, leave the context variable alone -
+ it has been initialized known invalid value and will be not
+ displayed in print_full_info() */
+ if (selinux_enabled && argc == optind)
{
if (getcon (&context) && just_context)
error (EXIT_FAILURE, 0, _("can't get process context"));
--- /dev/null
+#!/bin/sh
+# Ensure that "id" outputs SELinux context only without specified user
+# Copyright (C) 2008 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+if test "$VERBOSE" = yes; then
+ set -x
+ id --version
+fi
+
+. $top_srcdir/tests/test-lib.sh
+# Require selinux - when selinux is disabled, id never prints scontext.
+require_selinux_
+
+fail=0
+
+# Check without specified user, context string should be present.
+id | grep context= >/dev/null || fail=1
+
+# Check with specified user, no context string should be present.
+# But if the current user is nameless, skip this part.
+id -nu > /dev/null \
+ && id $(id -nu) | grep context= >/dev/null && fail=1
+
+(exit $fail); exit $fail