--- vim62/src/configure.in.selinux 2004-01-20 11:34:17.177103792 -0500 +++ vim62/src/configure.in 2004-01-20 11:34:18.507126105 -0500 @@ -195,6 +195,21 @@ fi +dnl vim: set sw=2 tw=78 fo+=l: +dnl Link with -lselinux for SELinux stuff; if not found +AC_MSG_CHECKING(--disable-selinux argument) +AC_ARG_ENABLE(selinux, + [ --disable-selinux Don't check for SELinux support.], + , [enable_selinux="yes"]) +if test "$enable_selinux" = "yes"; then + AC_MSG_RESULT(no) + AC_CHECK_LIB(selinux, is_selinux_enabled, + [LIBS="$LIBS -lselinux" + AC_DEFINE(HAVE_SELINUX)]) +else + AC_MSG_RESULT(yes) +fi + dnl Check user requested features. AC_MSG_CHECKING(--with-features argument) --- vim62/src/config.h.in.selinux 2003-05-25 12:07:42.000000000 -0400 +++ vim62/src/config.h.in 2004-01-20 11:34:18.507126105 -0500 @@ -155,6 +155,7 @@ #undef HAVE_READLINK #undef HAVE_RENAME #undef HAVE_SELECT +#undef HAVE_SELINUX #undef HAVE_SETENV #undef HAVE_SETPGID #undef HAVE_SETSID --- vim62/src/fileio.c.selinux 2004-01-20 11:34:16.577093725 -0500 +++ vim62/src/fileio.c 2004-01-20 11:34:18.517126273 -0500 @@ -1,3 +1,4 @@ + /* vi:set ts=8 sts=4 sw=4: * * VIM - Vi IMproved by Bram Moolenaar @@ -3079,6 +3080,9 @@ ) mch_setperm(backup, (perm & 0707) | ((perm & 07) << 3)); +#ifdef HAVE_SELINUX + mch_copy_sec(fname, backup); +#endif #endif /* @@ -3115,6 +3119,9 @@ #ifdef HAVE_ACL mch_set_acl(backup, acl); #endif +#ifdef HAVE_SELINUX + mch_copy_sec(fname, backup); +#endif break; } } @@ -3719,6 +3726,12 @@ mch_set_acl(wfname, acl); #endif +#ifdef HAVE_SELINUX + /* Probably need to set the security context */ + if (!backup_copy) + mch_copy_sec(backup, wfname); +#endif + #ifdef UNIX /* When creating a new file, set its owner/group to that of the original * file. Get the new device and inode number. */ --- vim62/src/os_unix.c.selinux 2004-01-20 11:34:15.897082317 -0500 +++ vim62/src/os_unix.c 2004-01-20 11:37:54.310746614 -0500 @@ -41,6 +41,10 @@ # include #endif +#ifdef HAVE_SELINUX +#include +static int selinux_enabled=-1; +#endif /* * Use this prototype for select, some include files have a wrong prototype */ @@ -2279,6 +2283,55 @@ } vim_acl_solaris_T; # endif +mch_copy_sec(from_file, to_file) + char_u *from_file; + char_u *to_file; +{ + if (from_file == NULL) + return; + +#ifdef HAVE_SELINUX + if (selinux_enabled == -1) + selinux_enabled = is_selinux_enabled (); + + if (selinux_enabled>0) + { + security_context_t from_context=NULL; + security_context_t to_context=NULL; + if (getfilecon (from_file, &from_context) < 0) + { + /* If the filesystem doesn't support extended attributes, + the original had no special security context and the + target cannot have one either. */ + if (errno == EOPNOTSUPP) + return ; + + MSG_PUTS(_("\nCould not get security context for ")); + msg_outtrans(from_file); + msg_putchar('\n'); + return ; + } + if (getfilecon (to_file, &to_context) < 0) + { + MSG_PUTS(_("\nCould not get security context for ")); + msg_outtrans(to_file); + msg_putchar('\n'); + freecon (from_context); + return ; + } + if (strcmp(from_context,to_context) != 0 ) { + if (setfilecon (to_file, from_context) < 0) + { + MSG_PUTS(_("\nCould not set security context for ")); + msg_outtrans(to_file); + msg_putchar('\n'); + } + } + freecon (to_context); + freecon (from_context); + } +#endif /* HAVE_SELINUX */ +} /* * Return a pointer to the ACL of file "fname" in allocated memory. * Return NULL if the ACL is not available for whatever reason.