rpms/vim
5
0
Fork 0
Code Issues Pull Requests Releases Activity
b2e78d10d6
vim/7.1.296

329 lines
9.2 KiB
Plaintext
Raw Normal View History

- patchlevel 296
2008-05-15 09:40:23 +00:00
To: vim-dev@vim.org
Subject: Patch 7.1.296
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------
Patch 7.1.296
Problem: SELinux is not supported.
Solution: Detect the selinux library and use mch_copy_sec(). (James Vega)
Files: src/auto/configure, src/config.h.in, src/configure.in,
src/fileio.c, src/memfile.c, src/os_unix.c, src/proto/os_unix.pro
*** ../vim-7.1.295/src/auto/configure Wed Feb 20 12:43:05 2008
--- src/auto/configure Wed May 7 18:16:09 2008
***************
*** 845,850 ****
--- 845,851 ----
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-darwin Disable Darwin (Mac OS X) support.
+ --disable-selinux Don't check for SELinux support.
--disable-xsmp Disable XSMP session management
--disable-xsmp-interact Disable XSMP interaction
--enable-mzschemeinterp Include MzScheme interpreter.
***************
*** 3611,3616 ****
--- 3612,3705 ----
esac
fi
+ echo "$as_me:$LINENO: checking --disable-selinux argument" >&5
+ echo $ECHO_N "checking --disable-selinux argument... $ECHO_C" >&6
+ # Check whether --enable-selinux or --disable-selinux was given.
+ if test "${enable_selinux+set}" = set; then
+ enableval="$enable_selinux"
+
+ else
+ enable_selinux="yes"
+ fi;
+ if test "$enable_selinux" = "yes"; then
+ echo "$as_me:$LINENO: result: no" >&5
+ echo "${ECHO_T}no" >&6
+ echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5
+ echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6
+ if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+ LIBS="-lselinux $LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h. */
+ _ACEOF
+ cat confdefs.h >>conftest.$ac_ext
+ cat >>conftest.$ac_ext <<_ACEOF
+ /* end confdefs.h. */
+
+ /* Override any gcc2 internal prototype to avoid an error. */
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+ /* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+ char is_selinux_enabled ();
+ int
+ main ()
+ {
+ is_selinux_enabled ();
+ ;
+ return 0;
+ }
+ _ACEOF
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_selinux_is_selinux_enabled=yes
+ else
+ echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_cv_lib_selinux_is_selinux_enabled=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+ echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
+ echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6
+ if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then
+ LIBS="$LIBS -lselinux"
+ cat >>confdefs.h <<\_ACEOF
+ #define HAVE_SELINUX 1
+ _ACEOF
+
+ fi
+
+ else
+ echo "$as_me:$LINENO: result: yes" >&5
+ echo "${ECHO_T}yes" >&6
+ fi
echo "$as_me:$LINENO: checking --with-features argument" >&5
*** ../vim-7.1.295/src/config.h.in Tue May 1 13:37:23 2007
--- src/config.h.in Wed May 7 18:10:49 2008
***************
*** 156,161 ****
--- 156,162 ----
#undef HAVE_READLINK
#undef HAVE_RENAME
#undef HAVE_SELECT
+ #undef HAVE_SELINUX
#undef HAVE_SETENV
#undef HAVE_SETPGID
#undef HAVE_SETSID
*** ../vim-7.1.295/src/configure.in Wed Feb 20 12:43:05 2008
--- src/configure.in Wed May 7 18:15:40 2008
***************
*** 299,304 ****
--- 299,317 ----
esac
fi
+ dnl Link with -lselinux for SELinux stuff; if not found
+ AC_MSG_CHECKING(--disable-selinux argument)
+ AC_ARG_ENABLE(selinux,
+ [ --disable-selinux Don't check for SELinux support.],
+ , enable_selinux="yes")
+ if test "$enable_selinux" = "yes"; then
+ AC_MSG_RESULT(no)
+ AC_CHECK_LIB(selinux, is_selinux_enabled,
+ [LIBS="$LIBS -lselinux"
+ AC_DEFINE(HAVE_SELINUX)])
+ else
+ AC_MSG_RESULT(yes)
+ fi
dnl Check user requested features.
*** ../vim-7.1.295/src/fileio.c Tue Mar 11 22:01:16 2008
--- src/fileio.c Wed May 7 18:17:45 2008
***************
*** 3651,3656 ****
--- 3660,3668 ----
)
mch_setperm(backup,
(perm & 0707) | ((perm & 07) << 3));
+ # ifdef HAVE_SELINUX
+ mch_copy_sec(fname, backup);
+ # endif
#endif
/*
***************
*** 3687,3692 ****
--- 3699,3707 ----
#ifdef HAVE_ACL
mch_set_acl(backup, acl);
#endif
+ #ifdef HAVE_SELINUX
+ mch_copy_sec(fname, backup);
+ #endif
break;
}
}
***************
*** 4309,4314 ****
--- 4324,4335 ----
}
#endif
+ #ifdef HAVE_SELINUX
+ /* Probably need to set the security context. */
+ if (!backup_copy)
+ mch_copy_sec(backup, wfname);
+ #endif
+
#ifdef UNIX
/* When creating a new file, set its owner/group to that of the original
* file. Get the new device and inode number. */
*** ../vim-7.1.295/src/memfile.c Fri May 11 20:15:45 2007
--- src/memfile.c Wed May 7 18:10:49 2008
***************
*** 1346,1350 ****
--- 1346,1355 ----
mfp->mf_ffname = NULL;
}
else
+ {
+ #ifdef HAVE_SELINUX
+ mch_copy_sec(fname, mfp->mf_fname);
+ #endif
mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */
+ }
}
*** ../vim-7.1.295/src/os_unix.c Wed Mar 12 13:16:37 2008
--- src/os_unix.c Wed May 7 18:24:46 2008
***************
*** 45,50 ****
--- 45,55 ----
# include <X11/SM/SMlib.h>
#endif
+ #ifdef HAVE_SELINUX
+ # include <selinux/selinux.h>
+ static int selinux_enabled = -1;
+ #endif
+
/*
* Use this prototype for select, some include files have a wrong prototype
*/
***************
*** 2557,2562 ****
--- 2562,2623 ----
} vim_acl_solaris_T;
# endif
+ #if defined(HAVE_SELINUX) || defined(PROTO)
+ /*
+ * Copy security info from "from_file" to "to_file".
+ */
+ void
+ mch_copy_sec(from_file, to_file)
+ char_u *from_file;
+ char_u *to_file;
+ {
+ if (from_file == NULL)
+ return;
+
+ if (selinux_enabled == -1)
+ selinux_enabled = is_selinux_enabled();
+
+ if (selinux_enabled > 0)
+ {
+ security_context_t from_context = NULL;
+ security_context_t to_context = NULL;
+
+ if (getfilecon((char *)from_file, &from_context) < 0)
+ {
+ /* If the filesystem doesn't support extended attributes,
+ the original had no special security context and the
+ target cannot have one either. */
+ if (errno == EOPNOTSUPP)
+ return;
+
+ MSG_PUTS(_("\nCould not get security context for "));
+ msg_outtrans(from_file);
+ msg_putchar('\n');
+ return;
+ }
+ if (getfilecon((char *)to_file, &to_context) < 0)
+ {
+ MSG_PUTS(_("\nCould not get security context for "));
+ msg_outtrans(to_file);
+ msg_putchar('\n');
+ freecon (from_context);
+ return ;
+ }
+ if (strcmp(from_context, to_context) != 0)
+ {
+ if (setfilecon((char *)to_file, from_context) < 0)
+ {
+ MSG_PUTS(_("\nCould not set security context for "));
+ msg_outtrans(to_file);
+ msg_putchar('\n');
+ }
+ }
+ freecon(to_context);
+ freecon(from_context);
+ }
+ }
+ #endif /* HAVE_SELINUX */
+
/*
* Return a pointer to the ACL of file "fname" in allocated memory.
* Return NULL if the ACL is not available for whatever reason.
*** ../vim-7.1.295/src/proto/os_unix.pro Sat May 5 20:23:37 2007
--- src/proto/os_unix.pro Wed May 7 18:25:14 2008
***************
*** 34,39 ****
--- 34,40 ----
void fname_case __ARGS((char_u *name, int len));
long mch_getperm __ARGS((char_u *name));
int mch_setperm __ARGS((char_u *name, long perm));
+ void mch_copy_sec __ARGS((char_u *from_file, char_u *to_file));
vim_acl_T mch_get_acl __ARGS((char_u *fname));
void mch_set_acl __ARGS((char_u *fname, vim_acl_T aclent));
void mch_free_acl __ARGS((vim_acl_T aclent));
*** ../vim-7.1.295/src/version.c Wed May 7 17:39:17 2008
--- src/version.c Wed May 7 18:50:01 2008
***************
*** 668,669 ****
--- 673,676 ----
{ /* Add new patch number below this line */
+ /**/
+ 296,
/**/
--
Michael: There is no such thing as a dump question.
Bernard: Sure there is. For example "what is a core dump?"
/// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ download, build and distribute -- http://www.A-A-P.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Reference in New Issue Copy Permalink