Ondřej Vašík <[EMAIL PROTECTED]> wrote:
> Thanks for review and suggested/requested changes. Here is amended patch
> with all of your changes(and similar changes for runcon).
Thanks, but your new patch would have actually reverted some of
my changes, so I've adjusted it and made some more.
Here's the result:
>From 42df6d7de2820e67422ca97b4a8708b3aa38f28f Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= <[EMAIL PROTECTED]>
Date: Mon, 6 Oct 2008 14:18:53 +0200
Subject: [PATCH] doc: document runcon and chcon in SELinux context section
* doc/coreutils.texi: Document runcon and chcon.
Add minimal SELinux context section.
---
doc/coreutils.texi | 179 +++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 178 insertions(+), 1 deletions(-)
diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 67da740..11b9ab9 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -32,7 +32,6 @@
@c * [: (coreutils)[ invocation. File/string tests.
@c * pinky: (coreutils)pinky invocation. FIXME.
@c * mktemp: (coreutils)mktemp invocation. FIXME.
[EMAIL PROTECTED] * chcon: (coreutils)chcon invocation. FIXME.
@dircategory Individual utilities
@direntry
@@ -40,6 +39,7 @@
* base64: (coreutils)base64 invocation. Base64 encode/decode data.
* basename: (coreutils)basename invocation. Strip directory and suffix.
* cat: (coreutils)cat invocation. Concatenate and write files.
+* chcon: (coreutils)chcon invocation. Change SELinux CTX of files.
* chgrp: (coreutils)chgrp invocation. Change file groups.
* chmod: (coreutils)chmod invocation. Change file permissions.
* chown: (coreutils)chown invocation. Change file owners/groups.
@@ -95,6 +95,7 @@
* readlink: (coreutils)readlink invocation. Print referent of a symlink.
* rm: (coreutils)rm invocation. Remove files.
* rmdir: (coreutils)rmdir invocation. Remove empty directories.
+* runcon: (coreutils)runcon invocation. Run in specified SELinux CTX.
* seq: (coreutils)seq invocation. Print numeric sequences
* sha1sum: (coreutils)sha1sum invocation. Print or check SHA-1 digests.
* sha2: (coreutils)sha2 utilities. Print or check SHA-2 digests.
@@ -194,6 +195,7 @@ Top
* Working context:: pwd stty printenv tty
* User information:: id logname whoami groups users who
* System context:: date uname hostname hostid uptime
+* SELinux context:: chcon runcon
* Modified command invocation:: chroot env nice nohup su timeout
* Process control:: kill
* Delaying:: sleep
@@ -421,6 +423,10 @@ Top
* Date input formats:: Specifying date strings.
* Examples of date:: Examples.
+SELinux context
+* chcon invocation:: Change SELinux context of file
+* runcon invocation:: Run a command in specified SELinux context
+
Modified command invocation
* chroot invocation:: Run a command with a different root directory
@@ -12882,6 +12888,177 @@ System context
* uptime invocation:: Print system uptime and load
@end menu
[EMAIL PROTECTED] SELinux context
[EMAIL PROTECTED] SELinux context
+
[EMAIL PROTECTED] SELinux context
[EMAIL PROTECTED] SELinux, context
[EMAIL PROTECTED] commands for SELinux context
+
+This section describes commands for operations with SELinux
+contexts.
+
[EMAIL PROTECTED]
+* chcon invocation:: Change SELinux context of file
+* runcon invocation:: Run a command in specified SELinux context
[EMAIL PROTECTED] menu
+
[EMAIL PROTECTED] chcon invocation
[EMAIL PROTECTED] @command{chcon}: Change SELinux context of file.
+
[EMAIL PROTECTED] chcon
[EMAIL PROTECTED] changing security context
[EMAIL PROTECTED] change SELinux context
+
[EMAIL PROTECTED] changes the SELinux security context of the selected files.
+Synopses:
+
[EMAIL PROTECTED]
+chcon [EMAIL PROTECTED]@dots{} @var{context} @[EMAIL PROTECTED]
+chcon [EMAIL PROTECTED]@dots{} [-u @var{user}] [-r @var{role}] [-l
@var{range}] [-t @var{type}] @[EMAIL PROTECTED]
+chcon [EMAIL PROTECTED]@dots{} [EMAIL PROTECTED] @[EMAIL PROTECTED]
[EMAIL PROTECTED] smallexample
+
+Change the SELinux security context of each @var{file} to @var{context}.
+With @option{--reference}, change the security context of each @var{file}
+to that of @var{rfile}.
+
+The program accepts the following options. Also see @ref{Common options}.
+
[EMAIL PROTECTED] @samp
+
[EMAIL PROTECTED] -h
[EMAIL PROTECTED] --no-dereference
[EMAIL PROTECTED] -h
[EMAIL PROTECTED] --no-dereference
[EMAIL PROTECTED] no dereference
+Affect symbolic links instead of any referenced file.
+
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] --reference
[EMAIL PROTECTED] reference file
+Use @var{rfile}'s security context rather than specifying a @var{context}
value.
+
[EMAIL PROTECTED] -R
[EMAIL PROTECTED] --recursive
[EMAIL PROTECTED] -R
[EMAIL PROTECTED] --recursive
+Operate on files and directories recursively.
+
[EMAIL PROTECTED]
[EMAIL PROTECTED] symlinks}.
+
[EMAIL PROTECTED]
[EMAIL PROTECTED] symlinks}.
+
[EMAIL PROTECTED]
[EMAIL PROTECTED] symlinks}.
+
[EMAIL PROTECTED] -v
[EMAIL PROTECTED] --verbose
[EMAIL PROTECTED] -v
[EMAIL PROTECTED] --verbose
[EMAIL PROTECTED] diagnostic
+Output a diagnostic for every file processed.
+
[EMAIL PROTECTED] -u @var{user}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -u
[EMAIL PROTECTED] --user
+Set user @var{user} in the target security context.
+
[EMAIL PROTECTED] -r @var{role}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -r
[EMAIL PROTECTED] --role
+Set role @var{role} in the target security context.
+
[EMAIL PROTECTED] -t @var{type}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -t
[EMAIL PROTECTED] --type
+Set type @var{type} in the target security context.
+
[EMAIL PROTECTED] -l @var{range}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -l
[EMAIL PROTECTED] --range
+Set range @var{range} in the target security context.
+
[EMAIL PROTECTED] table
+
[EMAIL PROTECTED]
+
[EMAIL PROTECTED] runcon invocation
[EMAIL PROTECTED] @command{runcon}: Run a command in specified SELinux context
+
[EMAIL PROTECTED] runcon
[EMAIL PROTECTED] run with security context
+
+
[EMAIL PROTECTED] runs file in specified SELinux security context.
+
+Synopses:
[EMAIL PROTECTED]
+runcon @var{context} @var{command} [EMAIL PROTECTED]
+runcon [ -c ] [-u @var{user}] [-r @var{role}] [-t @var{type}] [-l @var{range}]
@var{command} [EMAIL PROTECTED]
[EMAIL PROTECTED] smallexample
+
+Run @var{command} with completely-specified @var{context}, or with
+current or transitioned security context modified by one or more of
@var{level},
[EMAIL PROTECTED], @var{type} and @var{user}.
+
+If none of @option{-c}, @option{-t}, @option{-u}, @option{-r}, or @option{-l}
+is specified, the first argument is used as the complete context.
+Any additional arguments after @var{command}
+are interpreted as arguments to the command.
+
+With neither @var{context} nor @var{command}, print the current security
context.
+
+The program accepts the following options. Also see @ref{Common options}.
+
[EMAIL PROTECTED] @samp
+
[EMAIL PROTECTED] -c
[EMAIL PROTECTED] --compute
[EMAIL PROTECTED] -c
[EMAIL PROTECTED] --compute
+Compute process transition context before modifying.
+
[EMAIL PROTECTED] -u @var{user}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -u
[EMAIL PROTECTED] --user
+Set user @var{user} in the target security context.
+
[EMAIL PROTECTED] -r @var{role}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -r
[EMAIL PROTECTED] --role
+Set role @var{role} in the target security context.
+
[EMAIL PROTECTED] -t @var{type}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -t
[EMAIL PROTECTED] --type
+Set type @var{type} in the target security context.
+
[EMAIL PROTECTED] -l @var{range}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -l
[EMAIL PROTECTED] --range
+Set range @var{range} in the target security context.
+
[EMAIL PROTECTED] table
+
[EMAIL PROTECTED] exit status of @command{runcon}
+Exit status:
+
[EMAIL PROTECTED]
+126 if @var{command} is found but cannot be invoked
+127 if @command{runcon} itself fails or if @var{command} cannot be found
+the exit status of @var{command} otherwise
[EMAIL PROTECTED] display
@node date invocation
@section @command{date}: Print or set system date and time
--
1.6.0.2.307.gc427
_______________________________________________
Bug-coreutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-coreutils
