|
cvsdist |
1401a3 |
--- vim62/src/configure.in.selinux 2004-01-20 11:34:17.177103792 -0500
|
|
cvsdist |
1401a3 |
+++ vim62/src/configure.in 2004-01-20 11:34:18.507126105 -0500
|
|
cvsdist |
1401a3 |
@@ -195,6 +195,20 @@
|
|
cvsdist |
1401a3 |
fi
|
|
cvsdist |
1401a3 |
|
|
cvsdist |
1401a3 |
|
|
cvsdist |
1401a3 |
+dnl vim: set sw=2 tw=78 fo+=l:
|
|
cvsdist |
1401a3 |
+dnl Link with -lselinux for SELinux stuff; if not found
|
|
cvsdist |
1401a3 |
+AC_MSG_CHECKING(--disable-selinux argument)
|
|
cvsdist |
1401a3 |
+AC_ARG_ENABLE(selinux,
|
|
cvsdist |
1401a3 |
+ [ --disable-selinux Don't check for SELinux support.],
|
|
cvsdist |
1401a3 |
+ , [enable_selinux="yes"])
|
|
cvsdist |
1401a3 |
+if test "$enable_selinux" = "yes"; then
|
|
cvsdist |
1401a3 |
+ AC_MSG_RESULT(no)
|
|
cvsdist |
1401a3 |
+ AC_CHECK_LIB(selinux, is_selinux_enabled, [LIBS="$LIBS -lselinux"])
|
|
cvsdist |
1401a3 |
+ AC_DEFINE(HAVE_SELINUX)
|
|
cvsdist |
1401a3 |
+else
|
|
cvsdist |
1401a3 |
+ AC_MSG_RESULT(yes)
|
|
cvsdist |
1401a3 |
+fi
|
|
cvsdist |
1401a3 |
+
|
|
cvsdist |
1401a3 |
dnl Check user requested features.
|
|
cvsdist |
1401a3 |
|
|
cvsdist |
1401a3 |
AC_MSG_CHECKING(--with-features argument)
|
|
cvsdist |
1401a3 |
--- vim62/src/config.h.in.selinux 2003-05-25 12:07:42.000000000 -0400
|
|
cvsdist |
1401a3 |
+++ vim62/src/config.h.in 2004-01-20 11:34:18.507126105 -0500
|
|
cvsdist |
1401a3 |
@@ -155,6 +155,7 @@
|
|
cvsdist |
1401a3 |
#undef HAVE_READLINK
|
|
cvsdist |
1401a3 |
#undef HAVE_RENAME
|
|
cvsdist |
1401a3 |
#undef HAVE_SELECT
|
|
cvsdist |
1401a3 |
+#undef HAVE_SELINUX
|
|
cvsdist |
1401a3 |
#undef HAVE_SETENV
|
|
cvsdist |
1401a3 |
#undef HAVE_SETPGID
|
|
cvsdist |
1401a3 |
#undef HAVE_SETSID
|
|
cvsdist |
1401a3 |
--- vim62/src/fileio.c.selinux 2004-01-20 11:34:16.577093725 -0500
|
|
cvsdist |
1401a3 |
+++ vim62/src/fileio.c 2004-01-20 11:34:18.517126273 -0500
|
|
cvsdist |
1401a3 |
@@ -1,3 +1,4 @@
|
|
cvsdist |
1401a3 |
+
|
|
cvsdist |
1401a3 |
/* vi:set ts=8 sts=4 sw=4:
|
|
cvsdist |
1401a3 |
*
|
|
cvsdist |
1401a3 |
* VIM - Vi IMproved by Bram Moolenaar
|
|
cvsdist |
1401a3 |
@@ -3079,6 +3080,9 @@
|
|
cvsdist |
1401a3 |
)
|
|
cvsdist |
1401a3 |
mch_setperm(backup,
|
|
cvsdist |
1401a3 |
(perm & 0707) | ((perm & 07) << 3));
|
|
cvsdist |
1401a3 |
+#ifdef HAVE_SELINUX
|
|
cvsdist |
a46b9f |
+ mch_copy_sec(fname, backup);
|
|
cvsdist |
1401a3 |
+#endif
|
|
cvsdist |
1401a3 |
#endif
|
|
cvsdist |
1401a3 |
|
|
cvsdist |
1401a3 |
/*
|
|
cvsdist |
1401a3 |
@@ -3115,6 +3119,9 @@
|
|
cvsdist |
1401a3 |
#ifdef HAVE_ACL
|
|
cvsdist |
1401a3 |
mch_set_acl(backup, acl);
|
|
cvsdist |
1401a3 |
#endif
|
|
cvsdist |
1401a3 |
+#ifdef HAVE_SELINUX
|
|
cvsdist |
a46b9f |
+ mch_copy_sec(fname, backup);
|
|
cvsdist |
1401a3 |
+#endif
|
|
cvsdist |
1401a3 |
break;
|
|
cvsdist |
1401a3 |
}
|
|
cvsdist |
1401a3 |
}
|
|
cvsdist |
1401a3 |
@@ -3719,6 +3726,12 @@
|
|
cvsdist |
1401a3 |
mch_set_acl(wfname, acl);
|
|
cvsdist |
1401a3 |
#endif
|
|
cvsdist |
1401a3 |
|
|
cvsdist |
1401a3 |
+#ifdef HAVE_SELINUX
|
|
cvsdist |
1401a3 |
+ /* Probably need to set the security context */
|
|
cvsdist |
1401a3 |
+ if (!backup_copy)
|
|
cvsdist |
1401a3 |
+ mch_copy_sec(backup, wfname);
|
|
cvsdist |
1401a3 |
+#endif
|
|
cvsdist |
1401a3 |
+
|
|
cvsdist |
1401a3 |
#ifdef UNIX
|
|
cvsdist |
1401a3 |
/* When creating a new file, set its owner/group to that of the original
|
|
cvsdist |
1401a3 |
* file. Get the new device and inode number. */
|
|
cvsdist |
1401a3 |
--- vim62/src/os_unix.c.selinux 2004-01-20 11:34:15.897082317 -0500
|
|
cvsdist |
1401a3 |
+++ vim62/src/os_unix.c 2004-01-20 11:37:54.310746614 -0500
|
|
cvsdist |
1401a3 |
@@ -41,6 +41,10 @@
|
|
cvsdist |
1401a3 |
# include <X11/SM/SMlib.h>
|
|
cvsdist |
1401a3 |
#endif
|
|
cvsdist |
1401a3 |
|
|
cvsdist |
1401a3 |
+#ifdef HAVE_SELINUX
|
|
cvsdist |
1401a3 |
+#include <selinux/selinux.h>
|
|
cvsdist |
1401a3 |
+static int selinux_enabled=-1;
|
|
cvsdist |
1401a3 |
+#endif
|
|
cvsdist |
1401a3 |
/*
|
|
cvsdist |
1401a3 |
* Use this prototype for select, some include files have a wrong prototype
|
|
cvsdist |
1401a3 |
*/
|
|
cvsdist |
1401a3 |
@@ -2279,6 +2283,55 @@
|
|
cvsdist |
1401a3 |
} vim_acl_solaris_T;
|
|
cvsdist |
1401a3 |
# endif
|
|
cvsdist |
1401a3 |
|
|
cvsdist |
1401a3 |
+mch_copy_sec(from_file, to_file)
|
|
cvsdist |
1401a3 |
+ char_u *from_file;
|
|
cvsdist |
1401a3 |
+ char_u *to_file;
|
|
cvsdist |
1401a3 |
+{
|
|
cvsdist |
1401a3 |
+ if (from_file == NULL)
|
|
cvsdist |
1401a3 |
+ return;
|
|
cvsdist |
1401a3 |
+
|
|
cvsdist |
1401a3 |
+#ifdef HAVE_SELINUX
|
|
cvsdist |
1401a3 |
+ if (selinux_enabled == -1)
|
|
cvsdist |
1401a3 |
+ selinux_enabled = is_selinux_enabled ();
|
|
cvsdist |
1401a3 |
+
|
|
cvsdist |
1401a3 |
+ if (selinux_enabled>0)
|
|
cvsdist |
1401a3 |
+ {
|
|
cvsdist |
1401a3 |
+ security_context_t from_context=NULL;
|
|
cvsdist |
1401a3 |
+ security_context_t to_context=NULL;
|
|
cvsdist |
1401a3 |
+ if (getfilecon (from_file, &from_context) < 0)
|
|
cvsdist |
1401a3 |
+ {
|
|
cvsdist |
1401a3 |
+ /* If the filesystem doesn't support extended attributes,
|
|
cvsdist |
1401a3 |
+ the original had no special security context and the
|
|
cvsdist |
1401a3 |
+ target cannot have one either. */
|
|
cvsdist |
1401a3 |
+ if (errno == EOPNOTSUPP)
|
|
cvsdist |
1401a3 |
+ return ;
|
|
cvsdist |
1401a3 |
+
|
|
cvsdist |
1401a3 |
+ MSG_PUTS(_("\nCould not get security context for "));
|
|
cvsdist |
1401a3 |
+ msg_outtrans(from_file);
|
|
cvsdist |
1401a3 |
+ msg_putchar('\n');
|
|
cvsdist |
1401a3 |
+ return ;
|
|
cvsdist |
1401a3 |
+ }
|
|
cvsdist |
1401a3 |
+ if (getfilecon (to_file, &to_context) < 0)
|
|
cvsdist |
1401a3 |
+ {
|
|
cvsdist |
1401a3 |
+ MSG_PUTS(_("\nCould not get security context for "));
|
|
cvsdist |
1401a3 |
+ msg_outtrans(to_file);
|
|
cvsdist |
1401a3 |
+ msg_putchar('\n');
|
|
cvsdist |
1401a3 |
+ freecon (from_context);
|
|
cvsdist |
1401a3 |
+ return ;
|
|
cvsdist |
1401a3 |
+ }
|
|
cvsdist |
1401a3 |
+ if (strcmp(from_context,to_context) != 0 ) {
|
|
cvsdist |
1401a3 |
+ if (setfilecon (to_file, from_context) < 0)
|
|
cvsdist |
1401a3 |
+ {
|
|
cvsdist |
1401a3 |
+ MSG_PUTS(_("\nCould not set security context for "));
|
|
cvsdist |
1401a3 |
+ msg_outtrans(to_file);
|
|
cvsdist |
1401a3 |
+ msg_putchar('\n');
|
|
cvsdist |
1401a3 |
+ }
|
|
cvsdist |
1401a3 |
+ }
|
|
cvsdist |
1401a3 |
+ freecon (to_context);
|
|
cvsdist |
1401a3 |
+ freecon (from_context);
|
|
cvsdist |
1401a3 |
+ }
|
|
cvsdist |
1401a3 |
+#endif /* HAVE_SELINUX */
|
|
cvsdist |
1401a3 |
+}
|
|
cvsdist |
1401a3 |
/*
|
|
cvsdist |
1401a3 |
* Return a pointer to the ACL of file "fname" in allocated memory.
|
|
cvsdist |
1401a3 |
* Return NULL if the ACL is not available for whatever reason.
|