| To: vim_dev@googlegroups.com |
| Subject: Patch 7.4.238 |
| Fcc: outbox |
| From: Bram Moolenaar <Bram@moolenaar.net> |
| Mime-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| |
| Patch 7.4.238 |
| Problem: Vim does not support the smack library. |
| Solution: Add smack support (Jose Bollo) |
| Files: src/config.h.in, src/configure.in, src/fileio.c, src/memfile.c, |
| src/os_unix.c, src/undo.c, src/auto/configure |
| |
| |
| |
| |
| |
| *** 191,196 **** |
| --- 191,197 ---- |
| #undef HAVE_SIGSETJMP |
| #undef HAVE_SIGSTACK |
| #undef HAVE_SIGVEC |
| + #undef HAVE_SMACK |
| #undef HAVE_STRCASECMP |
| #undef HAVE_STRERROR |
| #undef HAVE_STRFTIME |
| |
| |
| |
| *** 387,406 **** |
| AC_SUBST(QUOTESED) |
| |
| |
| ! dnl Link with -lselinux for SELinux stuff; if not found |
| ! AC_MSG_CHECKING(--disable-selinux argument) |
| ! AC_ARG_ENABLE(selinux, |
| ! [ --disable-selinux Don't check for SELinux support.], |
| ! , enable_selinux="yes") |
| ! if test "$enable_selinux" = "yes"; then |
| AC_MSG_RESULT(no) |
| ! AC_CHECK_LIB(selinux, is_selinux_enabled, |
| ! [LIBS="$LIBS -lselinux" |
| ! AC_DEFINE(HAVE_SELINUX)]) |
| else |
| AC_MSG_RESULT(yes) |
| fi |
| |
| dnl Check user requested features. |
| |
| AC_MSG_CHECKING(--with-features argument) |
| --- 387,427 ---- |
| AC_SUBST(QUOTESED) |
| |
| |
| ! dnl Link with -lsmack for Smack stuff; if not found |
| ! AC_MSG_CHECKING(--disable-smack argument) |
| ! AC_ARG_ENABLE(smack, |
| ! [ --disable-smack Do not check for Smack support.], |
| ! , enable_smack="yes") |
| ! if test "$enable_smack" = "yes"; then |
| ! AC_CHECK_HEADER([linux/xattr.h], true, enable_smack="no") |
| ! fi |
| ! if test "$enable_smack" = "yes"; then |
| AC_MSG_RESULT(no) |
| ! AC_CHECK_LIB(attr, llistxattr, |
| ! [LIBS="$LIBS -lattr" |
| ! found_smack="yes" |
| ! AC_DEFINE(HAVE_SMACK)]) |
| else |
| AC_MSG_RESULT(yes) |
| fi |
| |
| + dnl When smack was found don't search for SELinux |
| + if test "x$found_smack" = "x"; then |
| + dnl Link with -lselinux for SELinux stuff; if not found |
| + AC_MSG_CHECKING(--disable-selinux argument) |
| + AC_ARG_ENABLE(selinux, |
| + [ --disable-selinux Do not check for SELinux support.], |
| + , enable_selinux="yes") |
| + if test "$enable_selinux" = "yes"; then |
| + AC_MSG_RESULT(no) |
| + AC_CHECK_LIB(selinux, is_selinux_enabled, |
| + [LIBS="$LIBS -lselinux" |
| + AC_DEFINE(HAVE_SELINUX)]) |
| + else |
| + AC_MSG_RESULT(yes) |
| + fi |
| + fi |
| + |
| dnl Check user requested features. |
| |
| AC_MSG_CHECKING(--with-features argument) |
| |
| |
| |
| *** 4030,4036 **** |
| ) |
| mch_setperm(backup, |
| (perm & 0707) | ((perm & 07) << 3)); |
| ! # ifdef HAVE_SELINUX |
| mch_copy_sec(fname, backup); |
| # endif |
| #endif |
| --- 4030,4036 ---- |
| ) |
| mch_setperm(backup, |
| (perm & 0707) | ((perm & 07) << 3)); |
| ! # if defined(HAVE_SELINUX) || defined(HAVE_SMACK) |
| mch_copy_sec(fname, backup); |
| # endif |
| #endif |
| |
| *** 4069,4075 **** |
| #ifdef HAVE_ACL |
| mch_set_acl(backup, acl); |
| #endif |
| ! #ifdef HAVE_SELINUX |
| mch_copy_sec(fname, backup); |
| #endif |
| break; |
| --- 4069,4075 ---- |
| #ifdef HAVE_ACL |
| mch_set_acl(backup, acl); |
| #endif |
| ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) |
| mch_copy_sec(fname, backup); |
| #endif |
| break; |
| |
| *** 4718,4724 **** |
| } |
| #endif |
| |
| ! #ifdef HAVE_SELINUX |
| /* Probably need to set the security context. */ |
| if (!backup_copy) |
| mch_copy_sec(backup, wfname); |
| --- 4718,4724 ---- |
| } |
| #endif |
| |
| ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) |
| /* Probably need to set the security context. */ |
| if (!backup_copy) |
| mch_copy_sec(backup, wfname); |
| |
| *** 6707,6713 **** |
| mch_set_acl(to, acl); |
| mch_free_acl(acl); |
| #endif |
| ! #ifdef HAVE_SELINUX |
| mch_copy_sec(from, to); |
| #endif |
| if (errmsg != NULL) |
| --- 6707,6713 ---- |
| mch_set_acl(to, acl); |
| mch_free_acl(acl); |
| #endif |
| ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) |
| mch_copy_sec(from, to); |
| #endif |
| if (errmsg != NULL) |
| |
| |
| |
| *** 1358,1364 **** |
| if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0) |
| fcntl(mfp->mf_fd, F_SETFD, fdflags | FD_CLOEXEC); |
| #endif |
| ! #ifdef HAVE_SELINUX |
| mch_copy_sec(fname, mfp->mf_fname); |
| #endif |
| mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */ |
| --- 1358,1364 ---- |
| if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0) |
| fcntl(mfp->mf_fd, F_SETFD, fdflags | FD_CLOEXEC); |
| #endif |
| ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) |
| mch_copy_sec(fname, mfp->mf_fname); |
| #endif |
| mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */ |
| |
| |
| |
| *** 46,51 **** |
| --- 46,59 ---- |
| static int selinux_enabled = -1; |
| #endif |
| |
| + #ifdef HAVE_SMACK |
| + # include <attr/xattr.h> |
| + # include <linux/xattr.h> |
| + # ifndef SMACK_LABEL_LEN |
| + # define SMACK_LABEL_LEN 1024 |
| + # endif |
| + #endif |
| + |
| /* |
| * Use this prototype for select, some include files have a wrong prototype |
| */ |
| |
| *** 2798,2803 **** |
| --- 2806,2895 ---- |
| } |
| #endif /* HAVE_SELINUX */ |
| |
| + #if defined(HAVE_SMACK) && !defined(PROTO) |
| + /* |
| + * Copy security info from "from_file" to "to_file". |
| + */ |
| + void |
| + mch_copy_sec(from_file, to_file) |
| + char_u *from_file; |
| + char_u *to_file; |
| + { |
| + static const char const *smack_copied_attributes[] = |
| + { |
| + XATTR_NAME_SMACK, |
| + XATTR_NAME_SMACKEXEC, |
| + XATTR_NAME_SMACKMMAP |
| + }; |
| + |
| + char buffer[SMACK_LABEL_LEN]; |
| + const char *name; |
| + int index; |
| + int ret; |
| + ssize_t size; |
| + |
| + if (from_file == NULL) |
| + return; |
| + |
| + for (index = 0 ; index < (int)(sizeof(smack_copied_attributes) |
| + / sizeof(smack_copied_attributes)[0]) ; index++) |
| + { |
| + /* get the name of the attribute to copy */ |
| + name = smack_copied_attributes[index]; |
| + |
| + /* get the value of the attribute in buffer */ |
| + size = getxattr((char*)from_file, name, buffer, sizeof(buffer)); |
| + if (size >= 0) |
| + { |
| + /* copy the attribute value of buffer */ |
| + ret = setxattr((char*)to_file, name, buffer, (size_t)size, 0); |
| + if (ret < 0) |
| + { |
| + MSG_PUTS(_("Could not set security context ")); |
| + MSG_PUTS(name); |
| + MSG_PUTS(_(" for ")); |
| + msg_outtrans(to_file); |
| + msg_putchar('\n'); |
| + } |
| + } |
| + else |
| + { |
| + /* what reason of not having the attribute value? */ |
| + switch (errno) |
| + { |
| + case ENOTSUP: |
| + /* extended attributes aren't supported or enabled */ |
| + /* should a message be echoed? not sure... */ |
| + return; /* leave because it isn't usefull to continue */ |
| + |
| + case ERANGE: |
| + default: |
| + /* no enough size OR unexpected error */ |
| + MSG_PUTS(_("Could not get security context ")); |
| + MSG_PUTS(name); |
| + MSG_PUTS(_(" for ")); |
| + msg_outtrans(from_file); |
| + MSG_PUTS(_(". Removing it!\n")); |
| + /* FALLTHROUGH to remove the attribute */ |
| + |
| + case ENODATA: |
| + /* no attribute of this name */ |
| + ret = removexattr((char*)to_file, name); |
| + if (ret < 0 && errno != ENODATA) |
| + { |
| + MSG_PUTS(_("Could not remove security context ")); |
| + MSG_PUTS(name); |
| + MSG_PUTS(_(" for ")); |
| + msg_outtrans(to_file); |
| + msg_putchar('\n'); |
| + } |
| + break; |
| + } |
| + } |
| + } |
| + } |
| + #endif /* HAVE_SMACK */ |
| + |
| /* |
| * Return a pointer to the ACL of file "fname" in allocated memory. |
| * Return NULL if the ACL is not available for whatever reason. |
| |
| |
| |
| *** 1455,1461 **** |
| # endif |
| ) |
| mch_setperm(file_name, (perm & 0707) | ((perm & 07) << 3)); |
| ! # ifdef HAVE_SELINUX |
| if (buf->b_ffname != NULL) |
| mch_copy_sec(buf->b_ffname, file_name); |
| # endif |
| --- 1455,1461 ---- |
| # endif |
| ) |
| mch_setperm(file_name, (perm & 0707) | ((perm & 07) << 3)); |
| ! # if defined(HAVE_SELINUX) || defined(HAVE_SMACK) |
| if (buf->b_ffname != NULL) |
| mch_copy_sec(buf->b_ffname, file_name); |
| # endif |
| |
| |
| |
| *** 782,787 **** |
| --- 782,788 ---- |
| with_view_name |
| with_global_runtime |
| with_modified_by |
| + enable_smack |
| enable_selinux |
| with_features |
| with_compiledby |
| |
| *** 1453,1459 **** |
| --enable-fail-if-missing Fail if dependencies on additional features |
| specified on the command line are missing. |
| --disable-darwin Disable Darwin (Mac OS X) support. |
| ! --disable-selinux Don't check for SELinux support. |
| --disable-xsmp Disable XSMP session management |
| --disable-xsmp-interact Disable XSMP interaction |
| --enable-luainterp=OPTS Include Lua interpreter. default=no OPTS=no/yes/dynamic |
| --- 1454,1461 ---- |
| --enable-fail-if-missing Fail if dependencies on additional features |
| specified on the command line are missing. |
| --disable-darwin Disable Darwin (Mac OS X) support. |
| ! --disable-smack Do not check for Smack support. |
| ! --disable-selinux Do not check for SELinux support. |
| --disable-xsmp Disable XSMP session management |
| --disable-xsmp-interact Disable XSMP interaction |
| --enable-luainterp=OPTS Include Lua interpreter. default=no OPTS=no/yes/dynamic |
| |
| *** 4588,4606 **** |
| |
| |
| |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-selinux argument" >&5 |
| $as_echo_n "checking --disable-selinux argument... " >&6; } |
| ! # Check whether --enable-selinux was given. |
| if test "${enable_selinux+set}" = set; then : |
| enableval=$enable_selinux; |
| else |
| enable_selinux="yes" |
| fi |
| |
| ! if test "$enable_selinux" = "yes"; then |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
| $as_echo "no" >&6; } |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5 |
| $as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; } |
| if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then : |
| $as_echo_n "(cached) " >&6 |
| --- 4590,4679 ---- |
| |
| |
| |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-smack argument" >&5 |
| ! $as_echo_n "checking --disable-smack argument... " >&6; } |
| ! # Check whether --enable-smack was given. |
| ! if test "${enable_smack+set}" = set; then : |
| ! enableval=$enable_smack; |
| ! else |
| ! enable_smack="yes" |
| ! fi |
| ! |
| ! if test "$enable_smack" = "yes"; then |
| ! ac_fn_c_check_header_mongrel "$LINENO" "linux/xattr.h" "ac_cv_header_linux_xattr_h" "$ac_includes_default" |
| ! if test "x$ac_cv_header_linux_xattr_h" = xyes; then : |
| ! true |
| ! else |
| ! enable_smack="no" |
| ! fi |
| ! |
| ! |
| ! fi |
| ! if test "$enable_smack" = "yes"; then |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
| ! $as_echo "no" >&6; } |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking for llistxattr in -lattr" >&5 |
| ! $as_echo_n "checking for llistxattr in -lattr... " >&6; } |
| ! if ${ac_cv_lib_attr_llistxattr+:} false; then : |
| ! $as_echo_n "(cached) " >&6 |
| ! else |
| ! ac_check_lib_save_LIBS=$LIBS |
| ! LIBS="-lattr $LIBS" |
| ! cat confdefs.h - <<_ACEOF >conftest.$ac_ext |
| ! /* end confdefs.h. */ |
| ! |
| ! /* Override any GCC internal prototype to avoid an error. |
| ! Use char because int might match the return type of a GCC |
| ! builtin and then its argument prototype would still apply. */ |
| ! #ifdef __cplusplus |
| ! extern "C" |
| ! #endif |
| ! char llistxattr (); |
| ! int |
| ! main () |
| ! { |
| ! return llistxattr (); |
| ! ; |
| ! return 0; |
| ! } |
| ! _ACEOF |
| ! if ac_fn_c_try_link "$LINENO"; then : |
| ! ac_cv_lib_attr_llistxattr=yes |
| ! else |
| ! ac_cv_lib_attr_llistxattr=no |
| ! fi |
| ! rm -f core conftest.err conftest.$ac_objext \ |
| ! conftest$ac_exeext conftest.$ac_ext |
| ! LIBS=$ac_check_lib_save_LIBS |
| ! fi |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_attr_llistxattr" >&5 |
| ! $as_echo "$ac_cv_lib_attr_llistxattr" >&6; } |
| ! if test "x$ac_cv_lib_attr_llistxattr" = xyes; then : |
| ! LIBS="$LIBS -lattr" |
| ! found_smack="yes" |
| ! $as_echo "#define HAVE_SMACK 1" >>confdefs.h |
| ! |
| ! fi |
| ! |
| ! else |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 |
| ! $as_echo "yes" >&6; } |
| ! fi |
| ! |
| ! if test "x$found_smack" = "x"; then |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-selinux argument" >&5 |
| $as_echo_n "checking --disable-selinux argument... " >&6; } |
| ! # Check whether --enable-selinux was given. |
| if test "${enable_selinux+set}" = set; then : |
| enableval=$enable_selinux; |
| else |
| enable_selinux="yes" |
| fi |
| |
| ! if test "$enable_selinux" = "yes"; then |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
| $as_echo "no" >&6; } |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5 |
| $as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; } |
| if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then : |
| $as_echo_n "(cached) " >&6 |
| |
| *** 4638,4650 **** |
| $as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; } |
| if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then : |
| LIBS="$LIBS -lselinux" |
| ! $as_echo "#define HAVE_SELINUX 1" >>confdefs.h |
| |
| fi |
| |
| ! else |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 |
| $as_echo "yes" >&6; } |
| fi |
| |
| |
| --- 4711,4724 ---- |
| $as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; } |
| if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then : |
| LIBS="$LIBS -lselinux" |
| ! $as_echo "#define HAVE_SELINUX 1" >>confdefs.h |
| |
| fi |
| |
| ! else |
| ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 |
| $as_echo "yes" >&6; } |
| + fi |
| fi |
| |
| |
| |
| |
| |
| *** 736,737 **** |
| --- 736,739 ---- |
| { /* Add new patch number below this line */ |
| + /**/ |
| + 238, |
| /**/ |
| |
| -- |
| hundred-and-one symptoms of being an internet addict: |
| 25. You believe nothing looks sexier than a man in boxer shorts illuminated |
| only by a 17" inch svga monitor. |
| |
| /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ |
| /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ |
| \\\ an exciting new programming language -- http://www.Zimbu.org /// |
| \\\ help me help AIDS victims -- http://ICCF-Holland.org /// |