Blob Blame History Raw
--- vim62/src/configure.in.selinux	2004-01-20 11:34:17.177103792 -0500
+++ vim62/src/configure.in	2004-01-20 11:34:18.507126105 -0500
@@ -195,6 +195,20 @@
 fi
 
 
+dnl vim: set sw=2 tw=78 fo+=l:
+dnl Link with -lselinux for SELinux stuff; if not found
+AC_MSG_CHECKING(--disable-selinux argument)
+AC_ARG_ENABLE(selinux,
+	[  --disable-selinux	  Don't check for SELinux support.],
+	, [enable_selinux="yes"])
+if test "$enable_selinux" = "yes"; then
+   AC_MSG_RESULT(no)
+   AC_CHECK_LIB(selinux, is_selinux_enabled, [LIBS="$LIBS -lselinux"])
+   AC_DEFINE(HAVE_SELINUX)
+else
+   AC_MSG_RESULT(yes)
+fi
+
 dnl Check user requested features.
 
 AC_MSG_CHECKING(--with-features argument)
--- vim62/src/config.h.in.selinux	2003-05-25 12:07:42.000000000 -0400
+++ vim62/src/config.h.in	2004-01-20 11:34:18.507126105 -0500
@@ -155,6 +155,7 @@
 #undef HAVE_READLINK
 #undef HAVE_RENAME
 #undef HAVE_SELECT
+#undef HAVE_SELINUX
 #undef HAVE_SETENV
 #undef HAVE_SETPGID
 #undef HAVE_SETSID
--- vim62/src/fileio.c.selinux	2004-01-20 11:34:16.577093725 -0500
+++ vim62/src/fileio.c	2004-01-20 11:34:18.517126273 -0500
@@ -1,3 +1,4 @@
+
 /* vi:set ts=8 sts=4 sw=4:
  *
  * VIM - Vi IMproved	by Bram Moolenaar
@@ -3079,6 +3080,9 @@
 						)
 			    mch_setperm(backup,
 					  (perm & 0707) | ((perm & 07) << 3));
+#ifdef HAVE_SELINUX
+			mch_copy_sec(backup, fname);
+#endif
 #endif
 
 			/*
@@ -3115,6 +3119,9 @@
 #ifdef HAVE_ACL
 			mch_set_acl(backup, acl);
 #endif
+#ifdef HAVE_SELINUX
+			mch_copy_sec(backup,fname);
+#endif
 			break;
 		    }
 		}
@@ -3719,6 +3726,12 @@
 	mch_set_acl(wfname, acl);
 #endif
 
+#ifdef HAVE_SELINUX
+    /* Probably need to set the security context */
+    if (!backup_copy)
+	mch_copy_sec(backup, wfname);
+#endif
+
 #ifdef UNIX
     /* When creating a new file, set its owner/group to that of the original
      * file.  Get the new device and inode number. */
--- vim62/src/os_unix.c.selinux	2004-01-20 11:34:15.897082317 -0500
+++ vim62/src/os_unix.c	2004-01-20 11:37:54.310746614 -0500
@@ -41,6 +41,10 @@
 # include <X11/SM/SMlib.h>
 #endif
 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+static int selinux_enabled=-1;
+#endif
 /*
  * Use this prototype for select, some include files have a wrong prototype
  */
@@ -2279,6 +2283,55 @@
 } vim_acl_solaris_T;
 # endif
 
+mch_copy_sec(from_file, to_file)
+     char_u	*from_file;
+     char_u	*to_file;
+{
+  if (from_file == NULL)
+    return;
+  
+#ifdef HAVE_SELINUX
+  if (selinux_enabled == -1)
+    selinux_enabled = is_selinux_enabled ();
+
+  if (selinux_enabled>0)
+    {
+      security_context_t from_context=NULL;
+      security_context_t to_context=NULL;
+      if (getfilecon (from_file, &from_context) < 0)
+	{
+	  /* If the filesystem doesn't support extended attributes,
+	     the original had no special security context and the
+	     target cannot have one either.  */
+	  if (errno == EOPNOTSUPP)
+	    return ;
+	  
+	  MSG_PUTS(_("\nCould not get security context for "));
+	  msg_outtrans(from_file);
+	  msg_putchar('\n');
+	  return ;
+	}
+      if (getfilecon (to_file, &to_context) < 0)
+	{
+	  MSG_PUTS(_("\nCould not get security context for "));
+	  msg_outtrans(to_file);
+	  msg_putchar('\n');
+	  freecon (from_context);
+	  return ;
+	}
+      if (strcmp(from_context,to_context) != 0 ) {
+	if (setfilecon (to_file, from_context) < 0)
+	  {
+	    MSG_PUTS(_("\nCould not set security context for "));
+	    msg_outtrans(to_file);
+	    msg_putchar('\n');
+	  }
+      }
+      freecon (to_context);
+      freecon (from_context);
+    }
+#endif /* HAVE_SELINUX */
+}
 /*
  * Return a pointer to the ACL of file "fname" in allocated memory.
  * Return NULL if the ACL is not available for whatever reason.