aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-09-26 04:04:07 -04:00
Code Activity

updated for version 7.4.238

Browse Source 
Problem:    Vim does not support the smack library.
Solution:   Add smack support (Jose Bollo)
This commit is contained in:
Bram Moolenaar
2014-04-02 14:05:38 +02:00
parent 6716d9af11
commit 5bd32f47ec
8 changed files with 214 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
src/auto/configure vendored
View File

@@ -782,6 +782,7 @@ with_ex_name
with_view_name with_view_name
with_global_runtime with_global_runtime
with_modified_by with_modified_by
enable_smack
enable_selinux enable_selinux
with_features with_features
with_compiledby with_compiledby
@@ -1453,7 +1454,8 @@ Optional Features:
--enable-fail-if-missing Fail if dependencies on additional features --enable-fail-if-missing Fail if dependencies on additional features
specified on the command line are missing. specified on the command line are missing.
--disable-darwin Disable Darwin (Mac OS X) support. --disable-darwin Disable Darwin (Mac OS X) support.
--disable-selinux Don't check for SELinux support. --disable-smack Do not check for Smack support.
--disable-selinux Do not check for SELinux support.
--disable-xsmp Disable XSMP session management --disable-xsmp Disable XSMP session management
--disable-xsmp-interact Disable XSMP interaction --disable-xsmp-interact Disable XSMP interaction
--enable-luainterp=OPTS Include Lua interpreter. default=no OPTS=no/yes/dynamic --enable-luainterp=OPTS Include Lua interpreter. default=no OPTS=no/yes/dynamic
@@ -4588,19 +4590,90 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-selinux argument" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-smack argument" >&5
$as_echo_n "checking --disable-smack argument... " >&6; }
# Check whether --enable-smack was given.
if test "${enable_smack+set}" = set; then :
enableval=$enable_smack;
else
enable_smack="yes"
fi
if test "$enable_smack" = "yes"; then
ac_fn_c_check_header_mongrel "$LINENO" "linux/xattr.h" "ac_cv_header_linux_xattr_h" "$ac_includes_default"
if test "x$ac_cv_header_linux_xattr_h" = xyes; then :
true
else
enable_smack="no"
fi
fi
if test "$enable_smack" = "yes"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for llistxattr in -lattr" >&5
$as_echo_n "checking for llistxattr in -lattr... " >&6; }
if ${ac_cv_lib_attr_llistxattr+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lattr $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char llistxattr ();
int
main ()
{
return llistxattr ();
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_attr_llistxattr=yes
else
ac_cv_lib_attr_llistxattr=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_attr_llistxattr" >&5
$as_echo "$ac_cv_lib_attr_llistxattr" >&6; }
if test "x$ac_cv_lib_attr_llistxattr" = xyes; then :
LIBS="$LIBS -lattr"
found_smack="yes"
$as_echo "#define HAVE_SMACK 1" >>confdefs.h
fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
fi
if test "x$found_smack" = "x"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-selinux argument" >&5
$as_echo_n "checking --disable-selinux argument... " >&6; } $as_echo_n "checking --disable-selinux argument... " >&6; }
# Check whether --enable-selinux was given. # Check whether --enable-selinux was given.
if test "${enable_selinux+set}" = set; then : if test "${enable_selinux+set}" = set; then :
enableval=$enable_selinux; enableval=$enable_selinux;
else else
enable_selinux="yes" enable_selinux="yes"
fi fi
if test "$enable_selinux" = "yes"; then if test "$enable_selinux" = "yes"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; } $as_echo "no" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5
$as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; } $as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; }
if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then : if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then :
$as_echo_n "(cached) " >&6 $as_echo_n "(cached) " >&6
@@ -4638,13 +4711,14 @@ fi
$as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; } $as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; }
if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then : if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then :
LIBS="$LIBS -lselinux" LIBS="$LIBS -lselinux"
$as_echo "#define HAVE_SELINUX 1" >>confdefs.h $as_echo "#define HAVE_SELINUX 1" >>confdefs.h
fi fi
else else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; } $as_echo "yes" >&6; }
fi
fi fi

1
src/config.h.in
View File

@@ -191,6 +191,7 @@
#undef HAVE_SIGSETJMP #undef HAVE_SIGSETJMP
#undef HAVE_SIGSTACK #undef HAVE_SIGSTACK
#undef HAVE_SIGVEC #undef HAVE_SIGVEC
#undef HAVE_SMACK
#undef HAVE_STRCASECMP #undef HAVE_STRCASECMP
#undef HAVE_STRERROR #undef HAVE_STRERROR
#undef HAVE_STRFTIME #undef HAVE_STRFTIME

39
src/configure.in
View File

@@ -387,20 +387,41 @@ fi
AC_SUBST(QUOTESED) AC_SUBST(QUOTESED)
dnl Link with -lselinux for SELinux stuff; if not found dnl Link with -lsmack for Smack stuff; if not found
AC_MSG_CHECKING(--disable-selinux argument) AC_MSG_CHECKING(--disable-smack argument)
AC_ARG_ENABLE(selinux, AC_ARG_ENABLE(smack,
[ --disable-selinux Don't check for SELinux support.], [ --disable-smack Do not check for Smack support.],
, enable_selinux="yes") , enable_smack="yes")
if test "$enable_selinux" = "yes"; then if test "$enable_smack" = "yes"; then
AC_CHECK_HEADER([linux/xattr.h], true, enable_smack="no")
fi
if test "$enable_smack" = "yes"; then
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
AC_CHECK_LIB(selinux, is_selinux_enabled, AC_CHECK_LIB(attr, llistxattr,
[LIBS="$LIBS -lselinux" [LIBS="$LIBS -lattr"
AC_DEFINE(HAVE_SELINUX)]) found_smack="yes"
AC_DEFINE(HAVE_SMACK)])
else else
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
fi fi
dnl When smack was found don't search for SELinux
if test "x$found_smack" = "x"; then
dnl Link with -lselinux for SELinux stuff; if not found
AC_MSG_CHECKING(--disable-selinux argument)
AC_ARG_ENABLE(selinux,
[ --disable-selinux Do not check for SELinux support.],
, enable_selinux="yes")
if test "$enable_selinux" = "yes"; then
AC_MSG_RESULT(no)
AC_CHECK_LIB(selinux, is_selinux_enabled,
[LIBS="$LIBS -lselinux"
AC_DEFINE(HAVE_SELINUX)])
else
AC_MSG_RESULT(yes)
fi
fi
dnl Check user requested features. dnl Check user requested features.
AC_MSG_CHECKING(--with-features argument) AC_MSG_CHECKING(--with-features argument)

8
src/fileio.c
View File

@@ -4030,7 +4030,7 @@ buf_write(buf, fname, sfname, start, end, eap, append, forceit,
) )
mch_setperm(backup, mch_setperm(backup,
(perm & 0707) | ((perm & 07) << 3)); (perm & 0707) | ((perm & 07) << 3));
# ifdef HAVE_SELINUX # if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
mch_copy_sec(fname, backup); mch_copy_sec(fname, backup);
# endif # endif
#endif #endif
@@ -4069,7 +4069,7 @@ buf_write(buf, fname, sfname, start, end, eap, append, forceit,
#ifdef HAVE_ACL #ifdef HAVE_ACL
mch_set_acl(backup, acl); mch_set_acl(backup, acl);
#endif #endif
#ifdef HAVE_SELINUX #if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
mch_copy_sec(fname, backup); mch_copy_sec(fname, backup);
#endif #endif
break; break;
@@ -4718,7 +4718,7 @@ restore_backup:
} }
#endif #endif
#ifdef HAVE_SELINUX #if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
/* Probably need to set the security context. */ /* Probably need to set the security context. */
if (!backup_copy) if (!backup_copy)
mch_copy_sec(backup, wfname); mch_copy_sec(backup, wfname);
@@ -6707,7 +6707,7 @@ vim_rename(from, to)
mch_set_acl(to, acl); mch_set_acl(to, acl);
mch_free_acl(acl); mch_free_acl(acl);
#endif #endif
#ifdef HAVE_SELINUX #if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
mch_copy_sec(from, to); mch_copy_sec(from, to);
#endif #endif
if (errmsg != NULL) if (errmsg != NULL)

2
src/memfile.c
View File

@@ -1358,7 +1358,7 @@ mf_do_open(mfp, fname, flags)
if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0) if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0)
fcntl(mfp->mf_fd, F_SETFD, fdflags | FD_CLOEXEC); fcntl(mfp->mf_fd, F_SETFD, fdflags | FD_CLOEXEC);
#endif #endif
#ifdef HAVE_SELINUX #if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
mch_copy_sec(fname, mfp->mf_fname); mch_copy_sec(fname, mfp->mf_fname);
#endif #endif
mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */ mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */

92
src/os_unix.c
View File

@@ -46,6 +46,14 @@
static int selinux_enabled = -1; static int selinux_enabled = -1;
#endif #endif
#ifdef HAVE_SMACK
# include <attr/xattr.h>
# include <linux/xattr.h>
# ifndef SMACK_LABEL_LEN
# define SMACK_LABEL_LEN 1024
# endif
#endif
/* /*
* Use this prototype for select, some include files have a wrong prototype * Use this prototype for select, some include files have a wrong prototype
*/ */
@@ -2798,6 +2806,90 @@ mch_copy_sec(from_file, to_file)
} }
#endif /* HAVE_SELINUX */ #endif /* HAVE_SELINUX */
#if defined(HAVE_SMACK) && !defined(PROTO)
/*
* Copy security info from "from_file" to "to_file".
*/
void
mch_copy_sec(from_file, to_file)
char_u *from_file;
char_u *to_file;
{
static const char const *smack_copied_attributes[] =
{
XATTR_NAME_SMACK,
XATTR_NAME_SMACKEXEC,
XATTR_NAME_SMACKMMAP
};
char buffer[SMACK_LABEL_LEN];
const char *name;
int index;
int ret;
ssize_t size;
if (from_file == NULL)
return;
for (index = 0 ; index < (int)(sizeof(smack_copied_attributes)
/ sizeof(smack_copied_attributes)[0]) ; index++)
{
/* get the name of the attribute to copy */
name = smack_copied_attributes[index];
/* get the value of the attribute in buffer */
size = getxattr((char*)from_file, name, buffer, sizeof(buffer));
if (size >= 0)
{
/* copy the attribute value of buffer */
ret = setxattr((char*)to_file, name, buffer, (size_t)size, 0);
if (ret < 0)
{
MSG_PUTS(_("Could not set security context "));
MSG_PUTS(name);
MSG_PUTS(_(" for "));
msg_outtrans(to_file);
msg_putchar('\n');
}
}
else
{
/* what reason of not having the attribute value? */
switch (errno)
{
case ENOTSUP:
/* extended attributes aren't supported or enabled */
/* should a message be echoed? not sure... */
return; /* leave because it isn't usefull to continue */
case ERANGE:
default:
/* no enough size OR unexpected error */
MSG_PUTS(_("Could not get security context "));
MSG_PUTS(name);
MSG_PUTS(_(" for "));
msg_outtrans(from_file);
MSG_PUTS(_(". Removing it!\n"));
/* FALLTHROUGH to remove the attribute */
case ENODATA:
/* no attribute of this name */
ret = removexattr((char*)to_file, name);
if (ret < 0 && errno != ENODATA)
{
MSG_PUTS(_("Could not remove security context "));
MSG_PUTS(name);
MSG_PUTS(_(" for "));
msg_outtrans(to_file);
msg_putchar('\n');
}
break;
}
}
}
}
#endif /* HAVE_SMACK */
/* /*
* Return a pointer to the ACL of file "fname" in allocated memory. * Return a pointer to the ACL of file "fname" in allocated memory.
* Return NULL if the ACL is not available for whatever reason. * Return NULL if the ACL is not available for whatever reason.

2
src/undo.c
View File

@@ -1455,7 +1455,7 @@ u_write_undo(name, forceit, buf, hash)
# endif # endif
) )
mch_setperm(file_name, (perm & 0707) | ((perm & 07) << 3)); mch_setperm(file_name, (perm & 0707) | ((perm & 07) << 3));
# ifdef HAVE_SELINUX # if defined(HAVE_SELINUX) || defined(HAVE_SMACK)
if (buf->b_ffname != NULL) if (buf->b_ffname != NULL)
mch_copy_sec(buf->b_ffname, file_name); mch_copy_sec(buf->b_ffname, file_name);
# endif # endif

2
src/version.c
View File

@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
238,
/**/ /**/
237, 237,
/**/ /**/