From unknown Sun Aug 17 22:01:44 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#17220 <17220@debbugs.gnu.org> To: bug#17220 <17220@debbugs.gnu.org> Subject: Status: SELinux options in --help / manpage may be confusing Reply-To: bug#17220 <17220@debbugs.gnu.org> Date: Mon, 18 Aug 2025 05:01:44 +0000 retitle 17220 SELinux options in --help / manpage may be confusing reassign 17220 coreutils submitter 17220 ovasik@redhat.com severity 17220 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 08 09:48:05 2014 Received: (at submit) by debbugs.gnu.org; 8 Apr 2014 13:48:05 +0000 Received: from localhost ([127.0.0.1]:40428 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXWNh-0000MU-72 for submit@debbugs.gnu.org; Tue, 08 Apr 2014 09:48:05 -0400 Received: from eggs.gnu.org ([208.118.235.92]:46908) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXWNd-0000M2-M5 for submit@debbugs.gnu.org; Tue, 08 Apr 2014 09:48:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WXWNU-0006XE-Cv for submit@debbugs.gnu.org; Tue, 08 Apr 2014 09:48:01 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:32868) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WXWNU-0006X2-9X for submit@debbugs.gnu.org; Tue, 08 Apr 2014 09:47:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48587) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WXWNN-00006U-S7 for bug-coreutils@gnu.org; Tue, 08 Apr 2014 09:47:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WXWNH-0006UH-Kz for bug-coreutils@gnu.org; Tue, 08 Apr 2014 09:47:45 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47300) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WXWNH-0006U4-DD for bug-coreutils@gnu.org; Tue, 08 Apr 2014 09:47:39 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s38DlbXJ026091 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 8 Apr 2014 09:47:38 -0400 Received: from [10.34.4.227] (unused-4-227.brq.redhat.com [10.34.4.227]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s38Dlawd002342 for ; Tue, 8 Apr 2014 09:47:37 -0400 Subject: SELinux options in --help / manpage may be confusing From: Ondrej Vasik To: CoreutilsBugs Content-Type: text/plain; charset="UTF-8" Organization: Red Hat, Inc. Date: Tue, 08 Apr 2014 15:47:35 +0200 Message-ID: <1396964855.30555.21.camel@dhcp-24-196.brq.redhat.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: ovasik@redhat.com List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi, recently I got one bug report, asking about mknod not running correctly with old syntax mknod -m 666 -Z system_u:object_r:random_device_t:s0 /dev/random2 c 1 9 This is not a bug, as since 8.22, short version of -Z doesn't accept optional arguments. However, --help and manpage is a bit misleading. I think we should split the lines for -Z and --context , as both are doing a bit different thing. -Z restores the default SELinux context --context=[CTX] restores the default SELinux context if no CTX is specified, otherwise sets the SELinux/SMACK context to CTX. Now, with having them both on one lines, it gives user the feeling that -Z accepts argument, which may lead to scripts errors. This is not only about mknod, but about all utilities with -Z option (and recent change in behaviour) Thanks in advance for consideration! Greetings, Ondrej From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 08 11:27:58 2014 Received: (at 17220) by debbugs.gnu.org; 8 Apr 2014 15:27:58 +0000 Received: from localhost ([127.0.0.1]:41017 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXXwL-0004Ns-Dv for submit@debbugs.gnu.org; Tue, 08 Apr 2014 11:27:58 -0400 Received: from mail2.vodafone.ie ([213.233.128.44]:28870) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXXwG-0004Ne-Og for 17220@debbugs.gnu.org; Tue, 08 Apr 2014 11:27:55 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApQBAJoURFNtTm0E/2dsb2JhbAANRgaHIr4Qgw6BNYMZAQEBBCMPAUYQCw0LAgIFFgsCAgkDAgECAUUTAQcBAYd9pxx2oiEXgSmNAEMHFoJZgUkBA59Xjnc Received: from unknown (HELO [192.168.1.79]) ([109.78.109.4]) by mail2.vodafone.ie with ESMTP; 08 Apr 2014 16:27:50 +0100 Message-ID: <53441570.2000309@draigBrady.com> Date: Tue, 08 Apr 2014 16:27:44 +0100 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: ovasik@redhat.com Subject: Re: bug#17220: SELinux options in --help / manpage may be confusing References: <1396964855.30555.21.camel@dhcp-24-196.brq.redhat.com> In-Reply-To: <1396964855.30555.21.camel@dhcp-24-196.brq.redhat.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17220 Cc: 17220@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 04/08/2014 02:47 PM, Ondrej Vasik wrote: > Hi, > recently I got one bug report, asking about mknod not running correctly > with old syntax > mknod -m 666 -Z system_u:object_r:random_device_t:s0 /dev/random2 c 1 9 > This is not a bug, as since 8.22, short version of -Z doesn't accept > optional arguments. > > However, --help and manpage is a bit misleading. I think we should split > the lines for -Z and --context , as both are doing a bit different > thing. > -Z restores the default SELinux context > --context=[CTX] restores the default SELinux context if no CTX is > specified, otherwise sets the SELinux/SMACK context to CTX. > > Now, with having them both on one lines, it gives user the feeling that > -Z accepts argument, which may lead to scripts errors. This is not only > about mknod, but about all utilities with -Z option (and recent change > in behaviour) > > Thanks in advance for consideration! Note the -o, --option[=optional long arg] is a very common idiom in the coreutils' --help and thus man pages. In the unusual case where a short option takes an optional arg we use: -w[BYTES], --width[=BYTES] output BYTES bytes per output line; 32 is implied when BYTES is not specified Though -Z, --context[=CTX] are slightly different concepts as you say so we should split out the descriptions. So currently we have this: -Z, --context[=CTX] set the SELinux security context of NAME to default type, or set the SELinux or SMACK security context to CTX if specified I'll push a patch that changes all utils along the lines of: -Z set the SELinux security context of NAME to default type --context[=CTX] likewise, or if CTX is specified then set the SELinux or SMACK security context to CTX cheers, Pádraig. p.s. for completeness, for mandatory args we use: -t, --format=TYPE select output format or formats From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 09 09:18:37 2014 Received: (at 17220-done) by debbugs.gnu.org; 9 Apr 2014 13:18:37 +0000 Received: from localhost ([127.0.0.1]:38610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXsOi-0001lY-It for submit@debbugs.gnu.org; Wed, 09 Apr 2014 09:18:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54125) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WXsOf-0001lP-IY for 17220-done@debbugs.gnu.org; Wed, 09 Apr 2014 09:18:34 -0400 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s39DIVC0003899 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <17220-done@debbugs.gnu.org>; Wed, 9 Apr 2014 09:18:32 -0400 Received: from [10.36.116.95] (ovpn-116-95.ams2.redhat.com [10.36.116.95]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s39DISrs024103 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Wed, 9 Apr 2014 09:18:29 -0400 Message-ID: <534548A3.8020405@draigBrady.com> Date: Wed, 09 Apr 2014 14:18:27 +0100 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: ovasik@redhat.com Subject: Re: bug#17220: SELinux options in --help / manpage may be confusing References: <1396964855.30555.21.camel@dhcp-24-196.brq.redhat.com> <53441570.2000309@draigBrady.com> In-Reply-To: <53441570.2000309@draigBrady.com> X-Enigmail-Version: 1.6 Content-Type: multipart/mixed; boundary="------------050309050505050300060509" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 17220-done Cc: 17220-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) This is a multi-part message in MIME format. --------------050309050505050300060509 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Will push the attached soon. thanks, Pádraig. --------------050309050505050300060509 Content-Type: text/x-patch; name="context-clarification.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="context-clarification.patch" >From 30acfcab5093debf433d966c5666d2e505c389c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A1draig=20Brady?= Date: Wed, 9 Apr 2014 13:37:42 +0100 Subject: [PATCH] doc: clarify in --help that -Z doesn't take an argument * NEWS: Fix a confusing old entry. * cfg.mk (old_NEWS_hash): Adjust accordingly. * src/cp.c (usage): Separate the -Z and --context descriptions. * src/install.c: Likewise. * src/mkdir.c: Likewise. * src/mkfifo.c: Likewise. * src/mknod.c: Likewise. Fixes http://bugs.gnu.org/17220 --- NEWS | 2 +- cfg.mk | 2 +- src/cp.c | 6 ++++-- src/install.c | 6 ++++-- src/mkdir.c | 9 ++++++--- src/mkfifo.c | 6 +++--- src/mknod.c | 6 +++--- 7 files changed, 22 insertions(+), 15 deletions(-) diff --git a/NEWS b/NEWS index 06e78a7..0a48456 100644 --- a/NEWS +++ b/NEWS @@ -148,7 +148,7 @@ GNU coreutils NEWS -*- outline -*- a NUL instead of a white space character. id and ls with -Z report the SMACK security context where available. - mkdir, mkfifo and mknod with -Z set the SMACK context where available. + mkdir, mkfifo and mknod with --context set the SMACK context where available. id can now lookup by user ID, in addition to the existing name lookup. diff --git a/cfg.mk b/cfg.mk index cc6f4b8..c2ebb5d 100644 --- a/cfg.mk +++ b/cfg.mk @@ -45,7 +45,7 @@ export VERBOSE = yes # 4914152 9e export XZ_OPT = -8e -old_NEWS_hash = 2d79d365444c9328fe28352d24f3ba1b +old_NEWS_hash = 88cd502ce932ab23e636c63a73a48c29 # Add an exemption for sc_makefile_at_at_check. _makefile_at_at_check_exceptions = ' && !/^cu_install_program =/' diff --git a/src/cp.c b/src/cp.c index ee7d088..a254116 100644 --- a/src/cp.c +++ b/src/cp.c @@ -230,8 +230,10 @@ Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.\n\ -x, --one-file-system stay on this file system\n\ "), stdout); fputs (_("\ - -Z, --context[=CTX] set SELinux security context of destination\n\ - file to default type, or to CTX if specified\n\ + -Z set SELinux security context of destination\n\ + file to default type\n\ + --context[=CTX] like -Z, or if CTX is specified then set the\n\ + SELinux or SMACK security context to CTX\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); diff --git a/src/install.c b/src/install.c index 0554047..c9bfdae 100644 --- a/src/install.c +++ b/src/install.c @@ -647,8 +647,10 @@ In the 4th form, create all components of the given DIRECTORY(ies).\n\ "), stdout); fputs (_("\ --preserve-context preserve SELinux security context\n\ - -Z, --context[=CTX] set SELinux security context of destination file to\n\ - default type, or to CTX if specified\n\ + -Z set SELinux security context of destination\n\ + file to default type\n\ + --context[=CTX] like -Z, or if CTX is specified then set the\n\ + SELinux or SMACK security context to CTX\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); diff --git a/src/mkdir.c b/src/mkdir.c index a6f6c24..04367eb 100644 --- a/src/mkdir.c +++ b/src/mkdir.c @@ -66,9 +66,12 @@ Create the DIRECTORY(ies), if they do not already exist.\n\ -m, --mode=MODE set file mode (as in chmod), not a=rwx - umask\n\ -p, --parents no error if existing, make parent directories as needed\n\ -v, --verbose print a message for each created directory\n\ - -Z, --context[=CTX] set the SELinux security context of each created\n\ - directory to default type or set the SELinux or\n\ - SMACK security context to CTX if specified\n\ +"), stdout); + fputs (_("\ + -Z set SELinux security context of each created directory\n\ + to the default type\n\ + --context[=CTX] like -Z, or if CTX is specified then set the SELinux\n\ + or SMACK security context to CTX\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); diff --git a/src/mkfifo.c b/src/mkfifo.c index cf97059..5a52d6a 100644 --- a/src/mkfifo.c +++ b/src/mkfifo.c @@ -61,9 +61,9 @@ Create named pipes (FIFOs) with the given NAMEs.\n\ -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\ "), stdout); fputs (_("\ - -Z, --context[=CTX] set the SELinux security context of each NAME to\n\ - default type, or set the SELinux or SMACK\n\ - security context to CTX if specified\n\ + -Z set the SELinux security context to default type\n\ + --context[=CTX] like -Z, or if CTX is specified then set the SELinux\n\ + or SMACK security context to CTX\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); diff --git a/src/mknod.c b/src/mknod.c index dfb9ef4..6e67094 100644 --- a/src/mknod.c +++ b/src/mknod.c @@ -63,9 +63,9 @@ Create the special file NAME of the given TYPE.\n\ -m, --mode=MODE set file permission bits to MODE, not a=rw - umask\n\ "), stdout); fputs (_("\ - -Z, --context[=CTX] set the SELinux security context of NAME to\n\ - default type, or set the SELinux or SMACK\n\ - security context to CTX if specified\n\ + -Z set the SELinux security context to default type\n\ + --context[=CTX] like -Z, or if CTX is specified then set the SELinux\n\ + or SMACK security context to CTX\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); fputs (VERSION_OPTION_DESCRIPTION, stdout); -- 1.7.7.6 --------------050309050505050300060509-- From unknown Sun Aug 17 22:01:44 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 08 May 2014 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator