This patch adds support for displaying SELinux context information in
colors defined by mcstrans(8)/secolor.conf(5). The new behavior is
enabled through the use of the "-C/--color" option and requires the
"-P" option also be specified.
The reason for this addition is that in some situations, notably MLS,
users find it helpful to add SELinux context information to their prompt:
# example taken from the RHEL6 CC certification bash scripts
SEROLE=`secon -rP 2>/dev/null`
SEMLS=`secon -lP 2>/dev/null`
PS1="[\u/$SEROLE/$SEMLS@\h \W]\\$ "
export PS1
With the added functionality provided by this patch we can also display
the associated color information (note the addition of the "C" option):
SEROLE=`secon -rP 2>/dev/null`
SEMLS=`secon -lPC 2>/dev/null`
PS1="[\u/$SEROLE/$SEMLS@\h \W]\\$ "
export PS1
Note that in the example above only the MLS range is colored, but the
patch does provide support for all of the color information provided
by mcstransd/secolor.conf (user,role,type,range).
Finally, one quick word on the colors themselves; the secolor.conf
configuration file allows 32-bit colors but the ANSI color coding only
allows 8-bit colors so the colors displayed by secon using the "-C"
option will be a bit lossy.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>