| |
| |
| @@ -195,6 +195,21 @@ |
| fi |
| |
| |
| +dnl vim: set sw=2 tw=78 fo+=l: |
| +dnl Link with -lselinux for SELinux stuff; if not found |
| +AC_MSG_CHECKING(--disable-selinux argument) |
| +AC_ARG_ENABLE(selinux, |
| + [ --disable-selinux Don't check for SELinux support.], |
| + , [enable_selinux="yes"]) |
| +if test "$enable_selinux" = "yes"; then |
| + AC_MSG_RESULT(no) |
| + AC_CHECK_LIB(selinux, is_selinux_enabled, |
| + [LIBS="$LIBS -lselinux" |
| + AC_DEFINE(HAVE_SELINUX)]) |
| +else |
| + AC_MSG_RESULT(yes) |
| +fi |
| + |
| dnl Check user requested features. |
| |
| AC_MSG_CHECKING(--with-features argument) |
| |
| |
| @@ -155,6 +155,7 @@ |
| #undef HAVE_READLINK |
| #undef HAVE_RENAME |
| #undef HAVE_SELECT |
| +#undef HAVE_SELINUX |
| #undef HAVE_SETENV |
| #undef HAVE_SETPGID |
| #undef HAVE_SETSID |
| |
| |
| @@ -1,3 +1,4 @@ |
| + |
| /* vi:set ts=8 sts=4 sw=4: |
| * |
| * VIM - Vi IMproved by Bram Moolenaar |
| @@ -3079,6 +3080,9 @@ |
| ) |
| mch_setperm(backup, |
| (perm & 0707) | ((perm & 07) << 3)); |
| +#ifdef HAVE_SELINUX |
| + mch_copy_sec(fname, backup); |
| +#endif |
| #endif |
| |
| /* |
| @@ -3115,6 +3119,9 @@ |
| #ifdef HAVE_ACL |
| mch_set_acl(backup, acl); |
| #endif |
| +#ifdef HAVE_SELINUX |
| + mch_copy_sec(fname, backup); |
| +#endif |
| break; |
| } |
| } |
| @@ -3719,6 +3726,12 @@ |
| mch_set_acl(wfname, acl); |
| #endif |
| |
| +#ifdef HAVE_SELINUX |
| + /* Probably need to set the security context */ |
| + if (!backup_copy) |
| + mch_copy_sec(backup, wfname); |
| +#endif |
| + |
| #ifdef UNIX |
| /* When creating a new file, set its owner/group to that of the original |
| * file. Get the new device and inode number. */ |
| |
| |
| @@ -41,6 +41,10 @@ |
| # include <X11/SM/SMlib.h> |
| #endif |
| |
| +#ifdef HAVE_SELINUX |
| +#include <selinux/selinux.h> |
| +static int selinux_enabled=-1; |
| +#endif |
| /* |
| * Use this prototype for select, some include files have a wrong prototype |
| */ |
| @@ -2279,6 +2283,55 @@ |
| } vim_acl_solaris_T; |
| # endif |
| |
| +mch_copy_sec(from_file, to_file) |
| + char_u *from_file; |
| + char_u *to_file; |
| +{ |
| + if (from_file == NULL) |
| + return; |
| + |
| +#ifdef HAVE_SELINUX |
| + if (selinux_enabled == -1) |
| + selinux_enabled = is_selinux_enabled (); |
| + |
| + if (selinux_enabled>0) |
| + { |
| + security_context_t from_context=NULL; |
| + security_context_t to_context=NULL; |
| + if (getfilecon (from_file, &from_context) < 0) |
| + { |
| + /* If the filesystem doesn't support extended attributes, |
| + the original had no special security context and the |
| + target cannot have one either. */ |
| + if (errno == EOPNOTSUPP) |
| + return ; |
| + |
| + MSG_PUTS(_("\nCould not get security context for ")); |
| + msg_outtrans(from_file); |
| + msg_putchar('\n'); |
| + return ; |
| + } |
| + if (getfilecon (to_file, &to_context) < 0) |
| + { |
| + MSG_PUTS(_("\nCould not get security context for ")); |
| + msg_outtrans(to_file); |
| + msg_putchar('\n'); |
| + freecon (from_context); |
| + return ; |
| + } |
| + if (strcmp(from_context,to_context) != 0 ) { |
| + if (setfilecon (to_file, from_context) < 0) |
| + { |
| + MSG_PUTS(_("\nCould not set security context for ")); |
| + msg_outtrans(to_file); |
| + msg_putchar('\n'); |
| + } |
| + } |
| + freecon (to_context); |
| + freecon (from_context); |
| + } |
| +#endif /* HAVE_SELINUX */ |
| +} |
| /* |
| * Return a pointer to the ACL of file "fname" in allocated memory. |
| * Return NULL if the ACL is not available for whatever reason. |