cvsdist 1401a3
--- vim62/src/configure.in.selinux	2004-01-20 11:34:17.177103792 -0500
cvsdist 1401a3
+++ vim62/src/configure.in	2004-01-20 11:34:18.507126105 -0500
Karsten Hopp eb3561
@@ -195,6 +195,21 @@
cvsdist 1401a3
 fi
cvsdist 1401a3
 
cvsdist 1401a3
 
cvsdist 1401a3
+dnl vim: set sw=2 tw=78 fo+=l:
cvsdist 1401a3
+dnl Link with -lselinux for SELinux stuff; if not found
cvsdist 1401a3
+AC_MSG_CHECKING(--disable-selinux argument)
cvsdist 1401a3
+AC_ARG_ENABLE(selinux,
cvsdist 1401a3
+	[  --disable-selinux	  Don't check for SELinux support.],
cvsdist 1401a3
+	, [enable_selinux="yes"])
cvsdist 1401a3
+if test "$enable_selinux" = "yes"; then
cvsdist 1401a3
+   AC_MSG_RESULT(no)
Karsten Hopp eb3561
+   AC_CHECK_LIB(selinux, is_selinux_enabled,
Karsten Hopp eb3561
+     [LIBS="$LIBS -lselinux"
Karsten Hopp eb3561
+      AC_DEFINE(HAVE_SELINUX)])
cvsdist 1401a3
+else
cvsdist 1401a3
+   AC_MSG_RESULT(yes)
cvsdist 1401a3
+fi
cvsdist 1401a3
+
cvsdist 1401a3
 dnl Check user requested features.
cvsdist 1401a3
 
cvsdist 1401a3
 AC_MSG_CHECKING(--with-features argument)
cvsdist 1401a3
--- vim62/src/config.h.in.selinux	2003-05-25 12:07:42.000000000 -0400
cvsdist 1401a3
+++ vim62/src/config.h.in	2004-01-20 11:34:18.507126105 -0500
cvsdist 1401a3
@@ -155,6 +155,7 @@
cvsdist 1401a3
 #undef HAVE_READLINK
cvsdist 1401a3
 #undef HAVE_RENAME
cvsdist 1401a3
 #undef HAVE_SELECT
cvsdist 1401a3
+#undef HAVE_SELINUX
cvsdist 1401a3
 #undef HAVE_SETENV
cvsdist 1401a3
 #undef HAVE_SETPGID
cvsdist 1401a3
 #undef HAVE_SETSID
cvsdist 1401a3
--- vim62/src/fileio.c.selinux	2004-01-20 11:34:16.577093725 -0500
cvsdist 1401a3
+++ vim62/src/fileio.c	2004-01-20 11:34:18.517126273 -0500
cvsdist 1401a3
@@ -1,3 +1,4 @@
cvsdist 1401a3
+
cvsdist 1401a3
 /* vi:set ts=8 sts=4 sw=4:
cvsdist 1401a3
  *
cvsdist 1401a3
  * VIM - Vi IMproved	by Bram Moolenaar
cvsdist 1401a3
@@ -3079,6 +3080,9 @@
cvsdist 1401a3
 						)
cvsdist 1401a3
 			    mch_setperm(backup,
cvsdist 1401a3
 					  (perm & 0707) | ((perm & 07) << 3));
cvsdist 1401a3
+#ifdef HAVE_SELINUX
cvsdist a46b9f
+			mch_copy_sec(fname, backup);
cvsdist 1401a3
+#endif
cvsdist 1401a3
 #endif
cvsdist 1401a3
 
cvsdist 1401a3
 			/*
cvsdist 1401a3
@@ -3115,6 +3119,9 @@
cvsdist 1401a3
 #ifdef HAVE_ACL
cvsdist 1401a3
 			mch_set_acl(backup, acl);
cvsdist 1401a3
 #endif
cvsdist 1401a3
+#ifdef HAVE_SELINUX
cvsdist a46b9f
+			mch_copy_sec(fname, backup);
cvsdist 1401a3
+#endif
cvsdist 1401a3
 			break;
cvsdist 1401a3
 		    }
cvsdist 1401a3
 		}
cvsdist 1401a3
@@ -3719,6 +3726,12 @@
cvsdist 1401a3
 	mch_set_acl(wfname, acl);
cvsdist 1401a3
 #endif
cvsdist 1401a3
 
cvsdist 1401a3
+#ifdef HAVE_SELINUX
cvsdist 1401a3
+    /* Probably need to set the security context */
cvsdist 1401a3
+    if (!backup_copy)
cvsdist 1401a3
+	mch_copy_sec(backup, wfname);
cvsdist 1401a3
+#endif
cvsdist 1401a3
+
cvsdist 1401a3
 #ifdef UNIX
cvsdist 1401a3
     /* When creating a new file, set its owner/group to that of the original
cvsdist 1401a3
      * file.  Get the new device and inode number. */
cvsdist 1401a3
--- vim62/src/os_unix.c.selinux	2004-01-20 11:34:15.897082317 -0500
cvsdist 1401a3
+++ vim62/src/os_unix.c	2004-01-20 11:37:54.310746614 -0500
cvsdist 1401a3
@@ -41,6 +41,10 @@
cvsdist 1401a3
 # include <X11/SM/SMlib.h>
cvsdist 1401a3
 #endif
cvsdist 1401a3
 
cvsdist 1401a3
+#ifdef HAVE_SELINUX
cvsdist 1401a3
+#include <selinux/selinux.h>
cvsdist 1401a3
+static int selinux_enabled=-1;
cvsdist 1401a3
+#endif
cvsdist 1401a3
 /*
cvsdist 1401a3
  * Use this prototype for select, some include files have a wrong prototype
cvsdist 1401a3
  */
cvsdist 1401a3
@@ -2279,6 +2283,55 @@
cvsdist 1401a3
 } vim_acl_solaris_T;
cvsdist 1401a3
 # endif
cvsdist 1401a3
 
cvsdist 1401a3
+mch_copy_sec(from_file, to_file)
cvsdist 1401a3
+     char_u	*from_file;
cvsdist 1401a3
+     char_u	*to_file;
cvsdist 1401a3
+{
cvsdist 1401a3
+  if (from_file == NULL)
cvsdist 1401a3
+    return;
cvsdist 1401a3
+  
cvsdist 1401a3
+#ifdef HAVE_SELINUX
cvsdist 1401a3
+  if (selinux_enabled == -1)
cvsdist 1401a3
+    selinux_enabled = is_selinux_enabled ();
cvsdist 1401a3
+
cvsdist 1401a3
+  if (selinux_enabled>0)
cvsdist 1401a3
+    {
cvsdist 1401a3
+      security_context_t from_context=NULL;
cvsdist 1401a3
+      security_context_t to_context=NULL;
cvsdist 1401a3
+      if (getfilecon (from_file, &from_context) < 0)
cvsdist 1401a3
+	{
cvsdist 1401a3
+	  /* If the filesystem doesn't support extended attributes,
cvsdist 1401a3
+	     the original had no special security context and the
cvsdist 1401a3
+	     target cannot have one either.  */
cvsdist 1401a3
+	  if (errno == EOPNOTSUPP)
cvsdist 1401a3
+	    return ;
cvsdist 1401a3
+	  
cvsdist 1401a3
+	  MSG_PUTS(_("\nCould not get security context for "));
cvsdist 1401a3
+	  msg_outtrans(from_file);
cvsdist 1401a3
+	  msg_putchar('\n');
cvsdist 1401a3
+	  return ;
cvsdist 1401a3
+	}
cvsdist 1401a3
+      if (getfilecon (to_file, &to_context) < 0)
cvsdist 1401a3
+	{
cvsdist 1401a3
+	  MSG_PUTS(_("\nCould not get security context for "));
cvsdist 1401a3
+	  msg_outtrans(to_file);
cvsdist 1401a3
+	  msg_putchar('\n');
cvsdist 1401a3
+	  freecon (from_context);
cvsdist 1401a3
+	  return ;
cvsdist 1401a3
+	}
cvsdist 1401a3
+      if (strcmp(from_context,to_context) != 0 ) {
cvsdist 1401a3
+	if (setfilecon (to_file, from_context) < 0)
cvsdist 1401a3
+	  {
cvsdist 1401a3
+	    MSG_PUTS(_("\nCould not set security context for "));
cvsdist 1401a3
+	    msg_outtrans(to_file);
cvsdist 1401a3
+	    msg_putchar('\n');
cvsdist 1401a3
+	  }
cvsdist 1401a3
+      }
cvsdist 1401a3
+      freecon (to_context);
cvsdist 1401a3
+      freecon (from_context);
cvsdist 1401a3
+    }
cvsdist 1401a3
+#endif /* HAVE_SELINUX */
cvsdist 1401a3
+}
cvsdist 1401a3
 /*
cvsdist 1401a3
  * Return a pointer to the ACL of file "fname" in allocated memory.
cvsdist 1401a3
  * Return NULL if the ACL is not available for whatever reason.