updated for version 7.1-296

2025-09-23 03:43:49 -04:00 · 2008-05-07 17:09:24 +00:00
parent 2b57078d73
commit 588ebeb7a5
8 changed files with 184 additions and 0 deletions
--- a/src/auto/configure
+++ b/src/auto/configure
@@ -845,6 +845,7 @@ Optional Features:
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
  --disable-darwin        Disable Darwin (Mac OS X) support.
+  --disable-selinux	  Don't check for SELinux support.
  --disable-xsmp          Disable XSMP session management
  --disable-xsmp-interact Disable XSMP interaction
  --enable-mzschemeinterp   Include MzScheme interpreter.
@@ -3611,6 +3612,94 @@ echo "${ECHO_T}no" >&6
 esac
 fi

+echo "$as_me:$LINENO: checking --disable-selinux argument" >&5
+echo $ECHO_N "checking --disable-selinux argument... $ECHO_C" >&6
+# Check whether --enable-selinux or --disable-selinux was given.
+if test "${enable_selinux+set}" = set; then
+  enableval="$enable_selinux"
+
+else
+  enable_selinux="yes"
+fi;
+if test "$enable_selinux" = "yes"; then
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+  echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5
+echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6
+if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char is_selinux_enabled ();
+int
+main ()
+{
+is_selinux_enabled ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_selinux_is_selinux_enabled=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_selinux_is_selinux_enabled=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
+echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6
+if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then
+  LIBS="$LIBS -lselinux"
+	   cat >>confdefs.h <<\_ACEOF
+#define HAVE_SELINUX 1
+_ACEOF
+
+fi
+
+else
+   echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+fi


 echo "$as_me:$LINENO: checking --with-features argument" >&5
--- a/src/config.h.in
+++ b/src/config.h.in
@@ -155,6 +155,7 @@
 #undef HAVE_READLINK
 #undef HAVE_RENAME
 #undef HAVE_SELECT
+#undef HAVE_SELINUX
 #undef HAVE_SETENV
 #undef HAVE_SETPGID
 #undef HAVE_SETSID
--- a/src/configure.in
+++ b/src/configure.in
@@ -299,6 +299,19 @@ case `uname` in
 esac
 fi

+dnl Link with -lselinux for SELinux stuff; if not found
+AC_MSG_CHECKING(--disable-selinux argument)
+AC_ARG_ENABLE(selinux,
+	[  --disable-selinux	  Don't check for SELinux support.],
+	, enable_selinux="yes")
+if test "$enable_selinux" = "yes"; then
+  AC_MSG_RESULT(no)
+  AC_CHECK_LIB(selinux, is_selinux_enabled,
+	  [LIBS="$LIBS -lselinux"
+	   AC_DEFINE(HAVE_SELINUX)])
+else
+   AC_MSG_RESULT(yes)
+fi

 dnl Check user requested features.

--- a/src/fileio.c
+++ b/src/fileio.c
@@ -3651,6 +3651,9 @@ buf_write(buf, fname, sfname, start, end, eap, append, forceit,
 						)
 			    mch_setperm(backup,
 					  (perm & 0707) | ((perm & 07) << 3));
+# ifdef HAVE_SELINUX
+			mch_copy_sec(fname, backup);
+# endif
 #endif

 			/*
@@ -3686,6 +3689,9 @@ buf_write(buf, fname, sfname, start, end, eap, append, forceit,
 #endif
 #ifdef HAVE_ACL
 			mch_set_acl(backup, acl);
+#endif
+#ifdef HAVE_SELINUX
+			mch_copy_sec(fname, backup);
 #endif
 			break;
 		    }
@@ -4309,6 +4315,12 @@ restore_backup:
    }
 #endif

+#ifdef HAVE_SELINUX
+    /* Probably need to set the security context. */
+    if (!backup_copy)
+	mch_copy_sec(backup, wfname);
+#endif
+
 #ifdef UNIX
    /* When creating a new file, set its owner/group to that of the original
     * file.  Get the new device and inode number. */
--- a/src/memfile.c
+++ b/src/memfile.c
@@ -1346,5 +1346,10 @@ mf_do_open(mfp, fname, flags)
 	mfp->mf_ffname = NULL;
    }
    else
+    {
+#ifdef HAVE_SELINUX
+	mch_copy_sec(fname, mfp->mf_fname);
+#endif
 	mch_hide(mfp->mf_fname);    /* try setting the 'hidden' flag */
    }
+}
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -45,6 +45,11 @@
 # include <X11/SM/SMlib.h>
 #endif

+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+static int selinux_enabled = -1;
+#endif
+
 /*
 * Use this prototype for select, some include files have a wrong prototype
 */
@@ -2557,6 +2562,62 @@ typedef struct vim_acl_solaris_T {
 } vim_acl_solaris_T;
 # endif

+#if defined(HAVE_SELINUX) || defined(PROTO)
+/*
+ * Copy security info from "from_file" to "to_file".
+ */
+    void
+mch_copy_sec(from_file, to_file)
+    char_u	*from_file;
+    char_u	*to_file;
+{
+    if (from_file == NULL)
+	return;
+
+    if (selinux_enabled == -1)
+	selinux_enabled = is_selinux_enabled();
+
+    if (selinux_enabled > 0)
+    {
+	security_context_t from_context = NULL;
+	security_context_t to_context = NULL;
+
+	if (getfilecon((char *)from_file, &from_context) < 0)
+	{
+	    /* If the filesystem doesn't support extended attributes,
+	       the original had no special security context and the
+	       target cannot have one either.  */
+	    if (errno == EOPNOTSUPP)
+		return;
+
+	    MSG_PUTS(_("\nCould not get security context for "));
+	    msg_outtrans(from_file);
+	    msg_putchar('\n');
+	    return;
+	}
+	if (getfilecon((char *)to_file, &to_context) < 0)
+	{
+	    MSG_PUTS(_("\nCould not get security context for "));
+	    msg_outtrans(to_file);
+	    msg_putchar('\n');
+	    freecon (from_context);
+	    return ;
+	}
+	if (strcmp(from_context, to_context) != 0)
+	{
+	    if (setfilecon((char *)to_file, from_context) < 0)
+	    {
+		MSG_PUTS(_("\nCould not set security context for "));
+		msg_outtrans(to_file);
+		msg_putchar('\n');
+	    }
+	}
+	freecon(to_context);
+	freecon(from_context);
+    }
+}
+#endif /* HAVE_SELINUX */
+
 /*
 * Return a pointer to the ACL of file "fname" in allocated memory.
 * Return NULL if the ACL is not available for whatever reason.
--- a/src/proto/os_unix.pro
+++ b/src/proto/os_unix.pro
@@ -34,6 +34,7 @@ int mch_isFullName __ARGS((char_u *fname));
 void fname_case __ARGS((char_u *name, int len));
 long mch_getperm __ARGS((char_u *name));
 int mch_setperm __ARGS((char_u *name, long perm));
+void mch_copy_sec __ARGS((char_u *from_file, char_u *to_file));
 vim_acl_T mch_get_acl __ARGS((char_u *fname));
 void mch_set_acl __ARGS((char_u *fname, vim_acl_T aclent));
 void mch_free_acl __ARGS((vim_acl_T aclent));
--- a/src/version.c
+++ b/src/version.c
@@ -666,6 +666,8 @@ static char *(features[]) =

 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    296,
 /**/
    295,
 /**/