---- ---- ---- ---- ---- System Info [root@foo selinux]# uname -a Linux foo.localdomain 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:20:55 EDT 2009 i686 i686 i386 GNU/Linux [root@foo selinux]# cat /etc/*release CentOS release 5.3 (Final) ---- ---- ---- ---- ---- I'm not sure whether this is by design or not, but I'd like to point out for some reason "ls" doesn't see "ls -lZ" as the same as "ls -Zl" [root@foo selinux]# ls -lZ ./custom-policy/modules/active/base.pp -rw------- root root root:object_r:semanage_store_t ./custom-policy/modules/active/base.pp [root@foo selinux]# ls -Zl ./custom-policy/modules/active/base.pp -rw------- 1 root:object_r:semanage_store_t root root 13383956 Sep 14 20:33 ./custom-policy/modules/active/base.pp With "-Zl" I believe the time stamp is correctly shown for the file, where as with "-lZ" it is not.
I can reproduce the issue even in rawhide, but not with upstream coreutils. It seems to be caused by the downstream SELinux patch.
Thanks for report, but sorry - it's not a bug. In ls is one rule - last format option specified is used. So -Z sets security format (equivalent of --scontext) - without timestamp - and -l sets long format - with timestamp. Output format depends on the order of short options, but this is expected - try e.g. ls -ml vs. ls -lm . Closing NOTABUG. However - maybe documenting that general behaviour at least in info documentation might be good idea. It seems that this information is missing at first sight.
Kamil: it's because upstream doesn't use SELinux format - they use just boolean whether display SELinux context or not... in Red Hat based distros with that SELinux patch we have --context (equivalent to -Z - like long, but context is shown instead of timestamp) , --lcontext (context and timestamp shown) and --scontext(just name and context).
My line of thinking ... we have mutually exclusive options, the last option holds -- we can mention it in the info documentation, but it's sort of expected behavior in GNU coreutils. But this is more likely about the side effect of -Z. I figured out that -lZ is equivalent to --context, however -Zl is equivalent --lcontext. This is what we *should* document in case we want to keep it this way.
Thanks for clearing this up. Glad it's not a bug, however, I agree maybe the documentation needs updating. Possible Suggestion: "... SELinux options: -Z, --context Display security context so it fits on most displays. Displays only mode, user, group, security context and file name. -Zl --lcontext Display security context with long listing. Lines with long listing and security context will probably be too wide for most displays. --scontext Display only security context and file name. ..." Maybe the "ls has a rule - last format option specified is used." should be documented too with an example. Though this will probably be missed by 90% of people skimming the man page. You know best. Thanks for the response.
Ok, as we already have the burden of SELinux distro-specific modifications, more specific info about those --<X>context options should be done. I'm ok with it. We'll see what's the upstream opinion about the info improvement about "last format option".