id: don't print context=... when POSIXLY_CORRECT is set

* src/id.c (print_full_info) [POSIXLY_CORRECT]: Don't print context.
Reported by Ulrich Drepper.
* NEWS (Changes in behavior): Mention it.
* doc/coreutils.texi (id invocation): Document that id also prints the
security context, when possible, and when POSIXLY_CORRECT is not set.
* tests/id/no-context: New file.  Test for this.
* tests/Makefile.am (TESTS): Add it.

diff --git a/NEWS b/NEWS
index 6cfe8bb..b3c6c8c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,11 @@ GNU coreutils NEWS                                    -*- outline -*-
 
 * Noteworthy changes in release ?.? (????-??-??) [?]
 
+** Changes in behavior
+
+  id no longer prints SELinux " context=..." when the POSIXLY_CORRECT
+  environment variable is set.
+
 ** Improvements
 
   rm: rewrite to use gnulib's fts

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 22d307a..8b28566 100644 (file)
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -12825,9 +12825,13 @@ running it if no user is specified.  Synopsis:
 id [@var{option}]@dots{} [@var{username}]
 @end example
 
+@vindex POSIXLY_CORRECT
 By default, it prints the real user ID, real group ID, effective user ID
 if different from the real user ID, effective group ID if different from
 the real group ID, and supplemental group IDs.
+In addition, if SELinux
+is enabled and the @env{POSIXLY_CORRECT} environment variable is not set,
+then print @samp{context=@var{c}}, where @var{c} is the security context.
 
 Each of these numeric values is preceded by an identifying string and
 followed by the corresponding user or group name in parentheses.

diff --git a/src/id.c b/src/id.c
index b28643b..ec255e2 100644 (file)
--- a/src/id.c
+++ b/src/id.c
@@ -328,6 +328,9 @@ print_full_info (const char *username)
     free (groups);
   }
 #endif /* HAVE_GETGROUPS */
-  if (context != NULL)
+
+  /* POSIX mandates the precise output format, and that it not include
+     any context=... part, so skip that if POSIXLY_CORRECT is set.  */
+  if (context != NULL && ! getenv ("POSIXLY_CORRECT"))
     printf (_(" context=%s"), context);
 }

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 7a20e0c..43a493f 100644 (file)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -334,6 +334,7 @@ TESTS =                                             \
   du/slink                                     \
   du/trailing-slash                            \
   du/two-args                                  \
+  id/no-context                                        \
   install/basic-1                              \
   install/create-leading                       \
   install/d-slashdot                           \

diff --git a/tests/id/no-context b/tests/id/no-context
new file mode 100755 (executable)
index 0000000..f875ee0
--- /dev/null
+++ b/tests/id/no-context
@@ -0,0 +1,40 @@
+#!/bin/sh
+# With POSIXLY_CORRECT, id must not print context=...
+
+# Copyright (C) 2009 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+if test "$VERBOSE" = yes; then
+  set -x
+  id --version
+fi
+
+. $srcdir/test-lib.sh
+
+# We don't need selinux *FS* support to test id,
+# but this is as good a witness as any, in general.
+require_selinux_
+
+fail=0
+
+# Require the context=... part by default.
+id > out || fail=1
+grep context= out || fail=1
+
+# Require no context=... part in conforming mode.
+POSIXLY_CORRECT=1 id > out || fail=1
+grep context= out && fail=1
+
+Exit $fail