Bug 524202

Summary: "ls -lZ" is not the same as "ls -Zl"
Product: [Fedora] Fedora Reporter: Stephen Pritchard <bugzilla.redhat.com>
Component: coreutilsAssignee: Ondrej Vasik <ovasik>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: kdudka, ovasik, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-18 07:51:14 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Stephen Pritchard 2009-09-18 07:08:16 EDT
---- ---- ---- ---- ----
System Info

[root@foo selinux]# uname -a
Linux foo.localdomain 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:20:55 EDT
2009 i686 i686 i386 GNU/Linux

[root@foo selinux]# cat /etc/*release
CentOS release 5.3 (Final)

---- ---- ---- ---- ----

I'm not sure whether this is by design or not, but I'd like to point out
for some reason "ls" doesn't see "ls -lZ" as the same as "ls -Zl"

[root@foo selinux]# ls -lZ ./custom-policy/modules/active/base.pp
-rw-------  root root root:object_r:semanage_store_t
[root@foo selinux]# ls -Zl ./custom-policy/modules/active/base.pp
-rw------- 1 root:object_r:semanage_store_t   root root 13383956 Sep 14
20:33 ./custom-policy/modules/active/base.pp

With "-Zl" I believe the time stamp is correctly shown for the file,
where as with "-lZ" it is not.
Comment 1 Kamil Dudka 2009-09-18 07:42:36 EDT
I can reproduce the issue even in rawhide, but not with upstream coreutils. It seems to be caused by the downstream SELinux patch.
Comment 2 Ondrej Vasik 2009-09-18 07:51:14 EDT
Thanks for report, but sorry - it's not a bug. In ls is one rule - last format option specified is used. So -Z sets security format (equivalent of --scontext) - without timestamp - and -l sets long format - with timestamp. Output format depends on the order of short options, but this is expected - try e.g. ls -ml vs. ls -lm . Closing NOTABUG.
However - maybe documenting that general behaviour at least in info documentation might be good idea. It seems that this information is missing at first sight.
Comment 3 Ondrej Vasik 2009-09-18 07:55:03 EDT
Kamil: it's because upstream doesn't use SELinux format - they use just boolean whether display SELinux context or not... in Red Hat based distros with that SELinux patch we have --context (equivalent to -Z - like long, but context is shown instead of timestamp) , --lcontext (context and timestamp shown) and --scontext(just name and context).
Comment 4 Kamil Dudka 2009-09-18 10:19:03 EDT
My line of thinking ... we have mutually exclusive options, the last option holds -- we can mention it in the info documentation, but it's sort of  expected behavior in GNU coreutils.

But this is more likely about the side effect of -Z. I figured out that -lZ is equivalent to --context, however -Zl is equivalent --lcontext. This is what we *should* document in case we want to keep it this way.
Comment 5 Stephen Pritchard 2009-09-18 10:32:53 EDT
Thanks for clearing this up. Glad it's not a bug, however, I agree maybe the documentation needs updating.

Possible Suggestion:
      SELinux options:

       -Z, --context
              Display security context so it fits on most displays.   Displays  only  mode,  user,  group,
              security context and file name.

       -Zl --lcontext
              Display security context with long listing.  Lines with long listing and security context will probably be too wide for most displays.

              Display only security context and file name.

Maybe the "ls has a rule - last format option specified is used." should be documented too with an example.  Though this will probably be missed by 90% of people skimming the man page.

You know best. Thanks for the response.
Comment 6 Ondrej Vasik 2009-09-18 14:05:43 EDT
Ok, as we already have the burden of SELinux distro-specific modifications, more specific info about those --<X>context options should be done. I'm ok with it.

We'll see what's the upstream opinion about the info improvement about "last format option".