rpms / vim

Clone
Source Code
GIT

Files

  1.   422c1ab718fa845e1504d92786e485259bc5a6fa
  2.   7.1.296
Blob Blame History Raw 
To: vim-dev@vim.org
Subject: Patch 7.1.296
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 7.1.296
Problem:    SELinux is not supported.
Solution:   Detect the selinux library and use mch_copy_sec(). (James Vega)
Files:	    src/auto/configure, src/config.h.in, src/configure.in,
	    src/fileio.c, src/memfile.c, src/os_unix.c, src/proto/os_unix.pro


*** ../vim-7.1.295/src/auto/configure	Wed Feb 20 12:43:05 2008
--- src/auto/configure	Wed May  7 18:16:09 2008
***************
*** 845,850 ****
--- 845,851 ----
    --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
    --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
    --disable-darwin        Disable Darwin (Mac OS X) support.
+   --disable-selinux	  Don't check for SELinux support.
    --disable-xsmp          Disable XSMP session management
    --disable-xsmp-interact Disable XSMP interaction
    --enable-mzschemeinterp   Include MzScheme interpreter.
***************
*** 3611,3616 ****
--- 3612,3705 ----
  esac
  fi
  
+ echo "$as_me:$LINENO: checking --disable-selinux argument" >&5
+ echo $ECHO_N "checking --disable-selinux argument... $ECHO_C" >&6
+ # Check whether --enable-selinux or --disable-selinux was given.
+ if test "${enable_selinux+set}" = set; then
+   enableval="$enable_selinux"
+ 
+ else
+   enable_selinux="yes"
+ fi;
+ if test "$enable_selinux" = "yes"; then
+   echo "$as_me:$LINENO: result: no" >&5
+ echo "${ECHO_T}no" >&6
+   echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5
+ echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6
+ if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then
+   echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+   ac_check_lib_save_LIBS=$LIBS
+ LIBS="-lselinux  $LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+ _ACEOF
+ cat confdefs.h >>conftest.$ac_ext
+ cat >>conftest.$ac_ext <<_ACEOF
+ /* end confdefs.h.  */
+ 
+ /* Override any gcc2 internal prototype to avoid an error.  */
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+ /* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+ char is_selinux_enabled ();
+ int
+ main ()
+ {
+ is_selinux_enabled ();
+   ;
+   return 0;
+ }
+ _ACEOF
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+   (eval $ac_link) 2>conftest.er1
+   ac_status=$?
+   grep -v '^ *+' conftest.er1 >conftest.err
+   rm -f conftest.er1
+   cat conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); } &&
+ 	 { ac_try='test -z "$ac_c_werror_flag"
+ 			 || test ! -s conftest.err'
+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+   (eval $ac_try) 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }; } &&
+ 	 { ac_try='test -s conftest$ac_exeext'
+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+   (eval $ac_try) 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }; }; then
+   ac_cv_lib_selinux_is_selinux_enabled=yes
+ else
+   echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+ 
+ ac_cv_lib_selinux_is_selinux_enabled=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+       conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+ echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
+ echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6
+ if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then
+   LIBS="$LIBS -lselinux"
+ 	   cat >>confdefs.h <<\_ACEOF
+ #define HAVE_SELINUX 1
+ _ACEOF
+ 
+ fi
+ 
+ else
+    echo "$as_me:$LINENO: result: yes" >&5
+ echo "${ECHO_T}yes" >&6
+ fi
  
  
  echo "$as_me:$LINENO: checking --with-features argument" >&5
*** ../vim-7.1.295/src/config.h.in	Tue May  1 13:37:23 2007
--- src/config.h.in	Wed May  7 18:10:49 2008
***************
*** 156,161 ****
--- 156,162 ----
  #undef HAVE_READLINK
  #undef HAVE_RENAME
  #undef HAVE_SELECT
+ #undef HAVE_SELINUX
  #undef HAVE_SETENV
  #undef HAVE_SETPGID
  #undef HAVE_SETSID
*** ../vim-7.1.295/src/configure.in	Wed Feb 20 12:43:05 2008
--- src/configure.in	Wed May  7 18:15:40 2008
***************
*** 299,304 ****
--- 299,317 ----
  esac
  fi
  
+ dnl Link with -lselinux for SELinux stuff; if not found
+ AC_MSG_CHECKING(--disable-selinux argument)
+ AC_ARG_ENABLE(selinux,
+ 	[  --disable-selinux	  Don't check for SELinux support.],
+ 	, enable_selinux="yes")
+ if test "$enable_selinux" = "yes"; then
+   AC_MSG_RESULT(no)
+   AC_CHECK_LIB(selinux, is_selinux_enabled,
+ 	  [LIBS="$LIBS -lselinux"
+ 	   AC_DEFINE(HAVE_SELINUX)])
+ else
+    AC_MSG_RESULT(yes)
+ fi
  
  dnl Check user requested features.
  
*** ../vim-7.1.295/src/fileio.c	Tue Mar 11 22:01:16 2008
--- src/fileio.c	Wed May  7 18:17:45 2008
***************
*** 3651,3656 ****
--- 3660,3668 ----
  						)
  			    mch_setperm(backup,
  					  (perm & 0707) | ((perm & 07) << 3));
+ # ifdef HAVE_SELINUX
+ 			mch_copy_sec(fname, backup);
+ # endif
  #endif
  
  			/*
***************
*** 3687,3692 ****
--- 3699,3707 ----
  #ifdef HAVE_ACL
  			mch_set_acl(backup, acl);
  #endif
+ #ifdef HAVE_SELINUX
+ 			mch_copy_sec(fname, backup);
+ #endif
  			break;
  		    }
  		}
***************
*** 4309,4314 ****
--- 4324,4335 ----
      }
  #endif
  
+ #ifdef HAVE_SELINUX
+     /* Probably need to set the security context. */
+     if (!backup_copy)
+ 	mch_copy_sec(backup, wfname);
+ #endif
+ 
  #ifdef UNIX
      /* When creating a new file, set its owner/group to that of the original
       * file.  Get the new device and inode number. */
*** ../vim-7.1.295/src/memfile.c	Fri May 11 20:15:45 2007
--- src/memfile.c	Wed May  7 18:10:49 2008
***************
*** 1346,1350 ****
--- 1346,1355 ----
  	mfp->mf_ffname = NULL;
      }
      else
+     {
+ #ifdef HAVE_SELINUX
+ 	mch_copy_sec(fname, mfp->mf_fname);
+ #endif
  	mch_hide(mfp->mf_fname);    /* try setting the 'hidden' flag */
+     }
  }
*** ../vim-7.1.295/src/os_unix.c	Wed Mar 12 13:16:37 2008
--- src/os_unix.c	Wed May  7 18:24:46 2008
***************
*** 45,50 ****
--- 45,55 ----
  # include <X11/SM/SMlib.h>
  #endif
  
+ #ifdef HAVE_SELINUX
+ # include <selinux/selinux.h>
+ static int selinux_enabled = -1;
+ #endif
+ 
  /*
   * Use this prototype for select, some include files have a wrong prototype
   */
***************
*** 2557,2562 ****
--- 2562,2623 ----
  } vim_acl_solaris_T;
  # endif
  
+ #if defined(HAVE_SELINUX) || defined(PROTO)
+ /*
+  * Copy security info from "from_file" to "to_file".
+  */
+     void
+ mch_copy_sec(from_file, to_file)
+     char_u	*from_file;
+     char_u	*to_file;
+ {
+     if (from_file == NULL)
+ 	return;
+ 
+     if (selinux_enabled == -1)
+ 	selinux_enabled = is_selinux_enabled();
+ 
+     if (selinux_enabled > 0)
+     {
+ 	security_context_t from_context = NULL;
+ 	security_context_t to_context = NULL;
+ 
+ 	if (getfilecon((char *)from_file, &from_context) < 0)
+ 	{
+ 	    /* If the filesystem doesn't support extended attributes,
+ 	       the original had no special security context and the
+ 	       target cannot have one either.  */
+ 	    if (errno == EOPNOTSUPP)
+ 		return;
+ 
+ 	    MSG_PUTS(_("\nCould not get security context for "));
+ 	    msg_outtrans(from_file);
+ 	    msg_putchar('\n');
+ 	    return;
+ 	}
+ 	if (getfilecon((char *)to_file, &to_context) < 0)
+ 	{
+ 	    MSG_PUTS(_("\nCould not get security context for "));
+ 	    msg_outtrans(to_file);
+ 	    msg_putchar('\n');
+ 	    freecon (from_context);
+ 	    return ;
+ 	}
+ 	if (strcmp(from_context, to_context) != 0)
+ 	{
+ 	    if (setfilecon((char *)to_file, from_context) < 0)
+ 	    {
+ 		MSG_PUTS(_("\nCould not set security context for "));
+ 		msg_outtrans(to_file);
+ 		msg_putchar('\n');
+ 	    }
+ 	}
+ 	freecon(to_context);
+ 	freecon(from_context);
+     }
+ }
+ #endif /* HAVE_SELINUX */
+ 
  /*
   * Return a pointer to the ACL of file "fname" in allocated memory.
   * Return NULL if the ACL is not available for whatever reason.
*** ../vim-7.1.295/src/proto/os_unix.pro	Sat May  5 20:23:37 2007
--- src/proto/os_unix.pro	Wed May  7 18:25:14 2008
***************
*** 34,39 ****
--- 34,40 ----
  void fname_case __ARGS((char_u *name, int len));
  long mch_getperm __ARGS((char_u *name));
  int mch_setperm __ARGS((char_u *name, long perm));
+ void mch_copy_sec __ARGS((char_u *from_file, char_u *to_file));
  vim_acl_T mch_get_acl __ARGS((char_u *fname));
  void mch_set_acl __ARGS((char_u *fname, vim_acl_T aclent));
  void mch_free_acl __ARGS((vim_acl_T aclent));
*** ../vim-7.1.295/src/version.c	Wed May  7 17:39:17 2008
--- src/version.c	Wed May  7 18:50:01 2008
***************
*** 668,669 ****
--- 673,676 ----
  {   /* Add new patch number below this line */
+ /**/
+     296,
  /**/

-- 
Michael: There is no such thing as a dump question.
Bernard: Sure there is.  For example "what is a core dump?"

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation