---- ---- ---- ---- ----
[root@foo selinux]# uname -a
Linux foo.localdomain 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:20:55 EDT
2009 i686 i686 i386 GNU/Linux
[root@foo selinux]# cat /etc/*release
CentOS release 5.3 (Final)
---- ---- ---- ---- ----
I'm not sure whether this is by design or not, but I'd like to point out
for some reason "ls" doesn't see "ls -lZ" as the same as "ls -Zl"
[root@foo selinux]# ls -lZ ./custom-policy/modules/active/base.pp
-rw------- root root root:object_r:semanage_store_t
[root@foo selinux]# ls -Zl ./custom-policy/modules/active/base.pp
-rw------- 1 root:object_r:semanage_store_t root root 13383956 Sep 14
With "-Zl" I believe the time stamp is correctly shown for the file,
where as with "-lZ" it is not.
I can reproduce the issue even in rawhide, but not with upstream coreutils. It seems to be caused by the downstream SELinux patch.
Thanks for report, but sorry - it's not a bug. In ls is one rule - last format option specified is used. So -Z sets security format (equivalent of --scontext) - without timestamp - and -l sets long format - with timestamp. Output format depends on the order of short options, but this is expected - try e.g. ls -ml vs. ls -lm . Closing NOTABUG.
However - maybe documenting that general behaviour at least in info documentation might be good idea. It seems that this information is missing at first sight.
Kamil: it's because upstream doesn't use SELinux format - they use just boolean whether display SELinux context or not... in Red Hat based distros with that SELinux patch we have --context (equivalent to -Z - like long, but context is shown instead of timestamp) , --lcontext (context and timestamp shown) and --scontext(just name and context).
My line of thinking ... we have mutually exclusive options, the last option holds -- we can mention it in the info documentation, but it's sort of expected behavior in GNU coreutils.
But this is more likely about the side effect of -Z. I figured out that -lZ is equivalent to --context, however -Zl is equivalent --lcontext. This is what we *should* document in case we want to keep it this way.
Thanks for clearing this up. Glad it's not a bug, however, I agree maybe the documentation needs updating.
Display security context so it fits on most displays. Displays only mode, user, group,
security context and file name.
Display security context with long listing. Lines with long listing and security context will probably be too wide for most displays.
Display only security context and file name.
Maybe the "ls has a rule - last format option specified is used." should be documented too with an example. Though this will probably be missed by 90% of people skimming the man page.
You know best. Thanks for the response.
Ok, as we already have the burden of SELinux distro-specific modifications, more specific info about those --<X>context options should be done. I'm ok with it.
We'll see what's the upstream opinion about the info improvement about "last format option".