- new

[packages/vim.git] / 7.1.296

To: vim-dev@vim.org
Subject: Patch 7.1.296
Fcc: outbox
From: Bram Moolenaar <Bram@moolenaar.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
------------

Patch 7.1.296
Problem:    SELinux is not supported.
Solution:   Detect the selinux library and use mch_copy_sec(). (James Vega)
Files:      src/auto/configure, src/config.h.in, src/configure.in,
            src/fileio.c, src/memfile.c, src/os_unix.c, src/proto/os_unix.pro


*** ../vim-7.1.295/src/auto/configure   Wed Feb 20 12:43:05 2008
--- src/auto/configure  Wed May  7 18:16:09 2008
***************
*** 845,850 ****
--- 845,851 ----
    --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
    --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
    --disable-darwin        Disable Darwin (Mac OS X) support.
+   --disable-selinux     Don't check for SELinux support.
    --disable-xsmp          Disable XSMP session management
    --disable-xsmp-interact Disable XSMP interaction
    --enable-mzschemeinterp   Include MzScheme interpreter.
***************
*** 3611,3616 ****
--- 3612,3705 ----
  esac
  fi
  
+ echo "$as_me:$LINENO: checking --disable-selinux argument" >&5
+ echo $ECHO_N "checking --disable-selinux argument... $ECHO_C" >&6
+ # Check whether --enable-selinux or --disable-selinux was given.
+ if test "${enable_selinux+set}" = set; then
+   enableval="$enable_selinux"
+ 
+ else
+   enable_selinux="yes"
+ fi;
+ if test "$enable_selinux" = "yes"; then
+   echo "$as_me:$LINENO: result: no" >&5
+ echo "${ECHO_T}no" >&6
+   echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5
+ echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6
+ if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then
+   echo $ECHO_N "(cached) $ECHO_C" >&6
+ else
+   ac_check_lib_save_LIBS=$LIBS
+ LIBS="-lselinux  $LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+ /* confdefs.h.  */
+ _ACEOF
+ cat confdefs.h >>conftest.$ac_ext
+ cat >>conftest.$ac_ext <<_ACEOF
+ /* end confdefs.h.  */
+ 
+ /* Override any gcc2 internal prototype to avoid an error.  */
+ #ifdef __cplusplus
+ extern "C"
+ #endif
+ /* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+ char is_selinux_enabled ();
+ int
+ main ()
+ {
+ is_selinux_enabled ();
+   ;
+   return 0;
+ }
+ _ACEOF
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+   (eval $ac_link) 2>conftest.er1
+   ac_status=$?
+   grep -v '^ *+' conftest.er1 >conftest.err
+   rm -f conftest.er1
+   cat conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); } &&
+        { ac_try='test -z "$ac_c_werror_flag"
+                        || test ! -s conftest.err'
+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+   (eval $ac_try) 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }; } &&
+        { ac_try='test -s conftest$ac_exeext'
+   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+   (eval $ac_try) 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); }; }; then
+   ac_cv_lib_selinux_is_selinux_enabled=yes
+ else
+   echo "$as_me: failed program was:" >&5
+ sed 's/^/| /' conftest.$ac_ext >&5
+ 
+ ac_cv_lib_selinux_is_selinux_enabled=no
+ fi
+ rm -f conftest.err conftest.$ac_objext \
+       conftest$ac_exeext conftest.$ac_ext
+ LIBS=$ac_check_lib_save_LIBS
+ fi
+ echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
+ echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6
+ if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then
+   LIBS="$LIBS -lselinux"
+          cat >>confdefs.h <<\_ACEOF
+ #define HAVE_SELINUX 1
+ _ACEOF
+ 
+ fi
+ 
+ else
+    echo "$as_me:$LINENO: result: yes" >&5
+ echo "${ECHO_T}yes" >&6
+ fi
  
  
  echo "$as_me:$LINENO: checking --with-features argument" >&5
*** ../vim-7.1.295/src/config.h.in      Tue May  1 13:37:23 2007
--- src/config.h.in     Wed May  7 18:10:49 2008
***************
*** 156,161 ****
--- 156,162 ----
  #undef HAVE_READLINK
  #undef HAVE_RENAME
  #undef HAVE_SELECT
+ #undef HAVE_SELINUX
  #undef HAVE_SETENV
  #undef HAVE_SETPGID
  #undef HAVE_SETSID
*** ../vim-7.1.295/src/configure.in     Wed Feb 20 12:43:05 2008
--- src/configure.in    Wed May  7 18:15:40 2008
***************
*** 299,304 ****
--- 299,317 ----
  esac
  fi
  
+ dnl Link with -lselinux for SELinux stuff; if not found
+ AC_MSG_CHECKING(--disable-selinux argument)
+ AC_ARG_ENABLE(selinux,
+       [  --disable-selinux      Don't check for SELinux support.],
+       , enable_selinux="yes")
+ if test "$enable_selinux" = "yes"; then
+   AC_MSG_RESULT(no)
+   AC_CHECK_LIB(selinux, is_selinux_enabled,
+         [LIBS="$LIBS -lselinux"
+          AC_DEFINE(HAVE_SELINUX)])
+ else
+    AC_MSG_RESULT(yes)
+ fi
  
  dnl Check user requested features.
  
*** ../vim-7.1.295/src/fileio.c Tue Mar 11 22:01:16 2008
--- src/fileio.c        Wed May  7 18:17:45 2008
***************
*** 3651,3656 ****
--- 3660,3668 ----
                                                )
                            mch_setperm(backup,
                                          (perm & 0707) | ((perm & 07) << 3));
+ # ifdef HAVE_SELINUX
+                       mch_copy_sec(fname, backup);
+ # endif
  #endif
  
                        /*
***************
*** 3687,3692 ****
--- 3699,3707 ----
  #ifdef HAVE_ACL
                        mch_set_acl(backup, acl);
  #endif
+ #ifdef HAVE_SELINUX
+                       mch_copy_sec(fname, backup);
+ #endif
                        break;
                    }
                }
***************
*** 4309,4314 ****
--- 4324,4335 ----
      }
  #endif
  
+ #ifdef HAVE_SELINUX
+     /* Probably need to set the security context. */
+     if (!backup_copy)
+       mch_copy_sec(backup, wfname);
+ #endif
+ 
  #ifdef UNIX
      /* When creating a new file, set its owner/group to that of the original
       * file.  Get the new device and inode number. */
*** ../vim-7.1.295/src/memfile.c        Fri May 11 20:15:45 2007
--- src/memfile.c       Wed May  7 18:10:49 2008
***************
*** 1346,1350 ****
--- 1346,1355 ----
        mfp->mf_ffname = NULL;
      }
      else
+     {
+ #ifdef HAVE_SELINUX
+       mch_copy_sec(fname, mfp->mf_fname);
+ #endif
        mch_hide(mfp->mf_fname);    /* try setting the 'hidden' flag */
+     }
  }
*** ../vim-7.1.295/src/os_unix.c        Wed Mar 12 13:16:37 2008
--- src/os_unix.c       Wed May  7 18:24:46 2008
***************
*** 45,50 ****
--- 45,55 ----
  # include <X11/SM/SMlib.h>
  #endif
  
+ #ifdef HAVE_SELINUX
+ # include <selinux/selinux.h>
+ static int selinux_enabled = -1;
+ #endif
+ 
  /*
   * Use this prototype for select, some include files have a wrong prototype
   */
***************
*** 2557,2562 ****
--- 2562,2623 ----
  } vim_acl_solaris_T;
  # endif
  
+ #if defined(HAVE_SELINUX) || defined(PROTO)
+ /*
+  * Copy security info from "from_file" to "to_file".
+  */
+     void
+ mch_copy_sec(from_file, to_file)
+     char_u    *from_file;
+     char_u    *to_file;
+ {
+     if (from_file == NULL)
+       return;
+ 
+     if (selinux_enabled == -1)
+       selinux_enabled = is_selinux_enabled();
+ 
+     if (selinux_enabled > 0)
+     {
+       security_context_t from_context = NULL;
+       security_context_t to_context = NULL;
+ 
+       if (getfilecon((char *)from_file, &from_context) < 0)
+       {
+           /* If the filesystem doesn't support extended attributes,
+              the original had no special security context and the
+              target cannot have one either.  */
+           if (errno == EOPNOTSUPP)
+               return;
+ 
+           MSG_PUTS(_("\nCould not get security context for "));
+           msg_outtrans(from_file);
+           msg_putchar('\n');
+           return;
+       }
+       if (getfilecon((char *)to_file, &to_context) < 0)
+       {
+           MSG_PUTS(_("\nCould not get security context for "));
+           msg_outtrans(to_file);
+           msg_putchar('\n');
+           freecon (from_context);
+           return ;
+       }
+       if (strcmp(from_context, to_context) != 0)
+       {
+           if (setfilecon((char *)to_file, from_context) < 0)
+           {
+               MSG_PUTS(_("\nCould not set security context for "));
+               msg_outtrans(to_file);
+               msg_putchar('\n');
+           }
+       }
+       freecon(to_context);
+       freecon(from_context);
+     }
+ }
+ #endif /* HAVE_SELINUX */
+ 
  /*
   * Return a pointer to the ACL of file "fname" in allocated memory.
   * Return NULL if the ACL is not available for whatever reason.
*** ../vim-7.1.295/src/proto/os_unix.pro        Sat May  5 20:23:37 2007
--- src/proto/os_unix.pro       Wed May  7 18:25:14 2008
***************
*** 34,39 ****
--- 34,40 ----
  void fname_case __ARGS((char_u *name, int len));
  long mch_getperm __ARGS((char_u *name));
  int mch_setperm __ARGS((char_u *name, long perm));
+ void mch_copy_sec __ARGS((char_u *from_file, char_u *to_file));
  vim_acl_T mch_get_acl __ARGS((char_u *fname));
  void mch_set_acl __ARGS((char_u *fname, vim_acl_T aclent));
  void mch_free_acl __ARGS((vim_acl_T aclent));
*** ../vim-7.1.295/src/version.c        Wed May  7 17:39:17 2008
--- src/version.c       Wed May  7 18:50:01 2008
***************
*** 668,669 ****
--- 673,676 ----
  {   /* Add new patch number below this line */
+ /**/
+     296,
  /**/

-- 
Michael: There is no such thing as a dump question.
Bernard: Sure there is.  For example "what is a core dump?"

 /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///