Mercurial > vim
changeset 1583:ebe059f69b9e v7.1.296
updated for version 7.1-296
| author | vimboss |
|---|---|
| date | Wed, 07 May 2008 17:09:24 +0000 |
| parents | 73c5752b957d |
| children | 7387540b6e52 |
| files | src/auto/configure src/config.h.in src/configure.in src/fileio.c src/memfile.c src/os_unix.c src/proto/os_unix.pro src/version.c |
| diffstat | 8 files changed, 184 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auto/configure +++ b/src/auto/configure @@ -845,6 +845,7 @@ Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-darwin Disable Darwin (Mac OS X) support. + --disable-selinux Don't check for SELinux support. --disable-xsmp Disable XSMP session management --disable-xsmp-interact Disable XSMP interaction --enable-mzschemeinterp Include MzScheme interpreter. @@ -3611,6 +3612,94 @@ echo "${ECHO_T}no" >&6 esac fi +echo "$as_me:$LINENO: checking --disable-selinux argument" >&5 +echo $ECHO_N "checking --disable-selinux argument... $ECHO_C" >&6 +# Check whether --enable-selinux or --disable-selinux was given. +if test "${enable_selinux+set}" = set; then + enableval="$enable_selinux" + +else + enable_selinux="yes" +fi; +if test "$enable_selinux" = "yes"; then + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + echo "$as_me:$LINENO: checking for is_selinux_enabled in -lselinux" >&5 +echo $ECHO_N "checking for is_selinux_enabled in -lselinux... $ECHO_C" >&6 +if test "${ac_cv_lib_selinux_is_selinux_enabled+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lselinux $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char is_selinux_enabled (); +int +main () +{ +is_selinux_enabled (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_selinux_is_selinux_enabled=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_selinux_is_selinux_enabled=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5 +echo "${ECHO_T}$ac_cv_lib_selinux_is_selinux_enabled" >&6 +if test $ac_cv_lib_selinux_is_selinux_enabled = yes; then + LIBS="$LIBS -lselinux" + cat >>confdefs.h <<\_ACEOF +#define HAVE_SELINUX 1 +_ACEOF + +fi + +else + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 +fi echo "$as_me:$LINENO: checking --with-features argument" >&5
--- a/src/config.h.in +++ b/src/config.h.in @@ -155,6 +155,7 @@ #undef HAVE_READLINK #undef HAVE_RENAME #undef HAVE_SELECT +#undef HAVE_SELINUX #undef HAVE_SETENV #undef HAVE_SETPGID #undef HAVE_SETSID
--- a/src/configure.in +++ b/src/configure.in @@ -299,6 +299,19 @@ case `uname` in esac fi +dnl Link with -lselinux for SELinux stuff; if not found +AC_MSG_CHECKING(--disable-selinux argument) +AC_ARG_ENABLE(selinux, + [ --disable-selinux Don't check for SELinux support.], + , enable_selinux="yes") +if test "$enable_selinux" = "yes"; then + AC_MSG_RESULT(no) + AC_CHECK_LIB(selinux, is_selinux_enabled, + [LIBS="$LIBS -lselinux" + AC_DEFINE(HAVE_SELINUX)]) +else + AC_MSG_RESULT(yes) +fi dnl Check user requested features.
--- a/src/fileio.c +++ b/src/fileio.c @@ -3651,6 +3651,9 @@ buf_write(buf, fname, sfname, start, end ) mch_setperm(backup, (perm & 0707) | ((perm & 07) << 3)); +# ifdef HAVE_SELINUX + mch_copy_sec(fname, backup); +# endif #endif /* @@ -3687,6 +3690,9 @@ buf_write(buf, fname, sfname, start, end #ifdef HAVE_ACL mch_set_acl(backup, acl); #endif +#ifdef HAVE_SELINUX + mch_copy_sec(fname, backup); +#endif break; } } @@ -4309,6 +4315,12 @@ restore_backup: } #endif +#ifdef HAVE_SELINUX + /* Probably need to set the security context. */ + if (!backup_copy) + mch_copy_sec(backup, wfname); +#endif + #ifdef UNIX /* When creating a new file, set its owner/group to that of the original * file. Get the new device and inode number. */
--- a/src/memfile.c +++ b/src/memfile.c @@ -1346,5 +1346,10 @@ mf_do_open(mfp, fname, flags) mfp->mf_ffname = NULL; } else + { +#ifdef HAVE_SELINUX + mch_copy_sec(fname, mfp->mf_fname); +#endif mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */ + } }
--- a/src/os_unix.c +++ b/src/os_unix.c @@ -45,6 +45,11 @@ # include <X11/SM/SMlib.h> #endif +#ifdef HAVE_SELINUX +# include <selinux/selinux.h> +static int selinux_enabled = -1; +#endif + /* * Use this prototype for select, some include files have a wrong prototype */ @@ -2557,6 +2562,62 @@ typedef struct vim_acl_solaris_T { } vim_acl_solaris_T; # endif +#if defined(HAVE_SELINUX) || defined(PROTO) +/* + * Copy security info from "from_file" to "to_file". + */ + void +mch_copy_sec(from_file, to_file) + char_u *from_file; + char_u *to_file; +{ + if (from_file == NULL) + return; + + if (selinux_enabled == -1) + selinux_enabled = is_selinux_enabled(); + + if (selinux_enabled > 0) + { + security_context_t from_context = NULL; + security_context_t to_context = NULL; + + if (getfilecon((char *)from_file, &from_context) < 0) + { + /* If the filesystem doesn't support extended attributes, + the original had no special security context and the + target cannot have one either. */ + if (errno == EOPNOTSUPP) + return; + + MSG_PUTS(_("\nCould not get security context for ")); + msg_outtrans(from_file); + msg_putchar('\n'); + return; + } + if (getfilecon((char *)to_file, &to_context) < 0) + { + MSG_PUTS(_("\nCould not get security context for ")); + msg_outtrans(to_file); + msg_putchar('\n'); + freecon (from_context); + return ; + } + if (strcmp(from_context, to_context) != 0) + { + if (setfilecon((char *)to_file, from_context) < 0) + { + MSG_PUTS(_("\nCould not set security context for ")); + msg_outtrans(to_file); + msg_putchar('\n'); + } + } + freecon(to_context); + freecon(from_context); + } +} +#endif /* HAVE_SELINUX */ + /* * Return a pointer to the ACL of file "fname" in allocated memory. * Return NULL if the ACL is not available for whatever reason.
--- a/src/proto/os_unix.pro +++ b/src/proto/os_unix.pro @@ -34,6 +34,7 @@ int mch_isFullName __ARGS((char_u *fname void fname_case __ARGS((char_u *name, int len)); long mch_getperm __ARGS((char_u *name)); int mch_setperm __ARGS((char_u *name, long perm)); +void mch_copy_sec __ARGS((char_u *from_file, char_u *to_file)); vim_acl_T mch_get_acl __ARGS((char_u *fname)); void mch_set_acl __ARGS((char_u *fname, vim_acl_T aclent)); void mch_free_acl __ARGS((vim_acl_T aclent));