To: vim_dev@googlegroups.com Subject: Patch 7.4.238 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 7.4.238 Problem: Vim does not support the smack library. Solution: Add smack support (Jose Bollo) Files: src/config.h.in, src/configure.in, src/fileio.c, src/memfile.c, src/os_unix.c, src/undo.c, src/auto/configure *** ../vim-7.4.237/src/config.h.in 2014-02-23 22:52:33.364764715 +0100 --- src/config.h.in 2014-04-02 13:37:41.095910851 +0200 *************** *** 191,196 **** --- 191,197 ---- #undef HAVE_SIGSETJMP #undef HAVE_SIGSTACK #undef HAVE_SIGVEC + #undef HAVE_SMACK #undef HAVE_STRCASECMP #undef HAVE_STRERROR #undef HAVE_STRFTIME *** ../vim-7.4.237/src/configure.in 2014-03-27 18:51:06.604760919 +0100 --- src/configure.in 2014-04-02 13:49:36.955901004 +0200 *************** *** 387,406 **** AC_SUBST(QUOTESED) ! dnl Link with -lselinux for SELinux stuff; if not found ! AC_MSG_CHECKING(--disable-selinux argument) ! AC_ARG_ENABLE(selinux, ! [ --disable-selinux Don't check for SELinux support.], ! , enable_selinux="yes") ! if test "$enable_selinux" = "yes"; then AC_MSG_RESULT(no) ! AC_CHECK_LIB(selinux, is_selinux_enabled, ! [LIBS="$LIBS -lselinux" ! AC_DEFINE(HAVE_SELINUX)]) else AC_MSG_RESULT(yes) fi dnl Check user requested features. AC_MSG_CHECKING(--with-features argument) --- 387,427 ---- AC_SUBST(QUOTESED) ! dnl Link with -lsmack for Smack stuff; if not found ! AC_MSG_CHECKING(--disable-smack argument) ! AC_ARG_ENABLE(smack, ! [ --disable-smack Do not check for Smack support.], ! , enable_smack="yes") ! if test "$enable_smack" = "yes"; then ! AC_CHECK_HEADER([linux/xattr.h], true, enable_smack="no") ! fi ! if test "$enable_smack" = "yes"; then AC_MSG_RESULT(no) ! AC_CHECK_LIB(attr, llistxattr, ! [LIBS="$LIBS -lattr" ! found_smack="yes" ! AC_DEFINE(HAVE_SMACK)]) else AC_MSG_RESULT(yes) fi + dnl When smack was found don't search for SELinux + if test "x$found_smack" = "x"; then + dnl Link with -lselinux for SELinux stuff; if not found + AC_MSG_CHECKING(--disable-selinux argument) + AC_ARG_ENABLE(selinux, + [ --disable-selinux Do not check for SELinux support.], + , enable_selinux="yes") + if test "$enable_selinux" = "yes"; then + AC_MSG_RESULT(no) + AC_CHECK_LIB(selinux, is_selinux_enabled, + [LIBS="$LIBS -lselinux" + AC_DEFINE(HAVE_SELINUX)]) + else + AC_MSG_RESULT(yes) + fi + fi + dnl Check user requested features. AC_MSG_CHECKING(--with-features argument) *** ../vim-7.4.237/src/fileio.c 2014-03-12 16:51:35.056792541 +0100 --- src/fileio.c 2014-04-02 13:39:28.983909367 +0200 *************** *** 4030,4036 **** ) mch_setperm(backup, (perm & 0707) | ((perm & 07) << 3)); ! # ifdef HAVE_SELINUX mch_copy_sec(fname, backup); # endif #endif --- 4030,4036 ---- ) mch_setperm(backup, (perm & 0707) | ((perm & 07) << 3)); ! # if defined(HAVE_SELINUX) || defined(HAVE_SMACK) mch_copy_sec(fname, backup); # endif #endif *************** *** 4069,4075 **** #ifdef HAVE_ACL mch_set_acl(backup, acl); #endif ! #ifdef HAVE_SELINUX mch_copy_sec(fname, backup); #endif break; --- 4069,4075 ---- #ifdef HAVE_ACL mch_set_acl(backup, acl); #endif ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) mch_copy_sec(fname, backup); #endif break; *************** *** 4718,4724 **** } #endif ! #ifdef HAVE_SELINUX /* Probably need to set the security context. */ if (!backup_copy) mch_copy_sec(backup, wfname); --- 4718,4724 ---- } #endif ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) /* Probably need to set the security context. */ if (!backup_copy) mch_copy_sec(backup, wfname); *************** *** 6707,6713 **** mch_set_acl(to, acl); mch_free_acl(acl); #endif ! #ifdef HAVE_SELINUX mch_copy_sec(from, to); #endif if (errmsg != NULL) --- 6707,6713 ---- mch_set_acl(to, acl); mch_free_acl(acl); #endif ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) mch_copy_sec(from, to); #endif if (errmsg != NULL) *** ../vim-7.4.237/src/memfile.c 2013-05-23 22:22:22.000000000 +0200 --- src/memfile.c 2014-04-02 13:37:41.103910851 +0200 *************** *** 1358,1364 **** if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0) fcntl(mfp->mf_fd, F_SETFD, fdflags | FD_CLOEXEC); #endif ! #ifdef HAVE_SELINUX mch_copy_sec(fname, mfp->mf_fname); #endif mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */ --- 1358,1364 ---- if (fdflags >= 0 && (fdflags & FD_CLOEXEC) == 0) fcntl(mfp->mf_fd, F_SETFD, fdflags | FD_CLOEXEC); #endif ! #if defined(HAVE_SELINUX) || defined(HAVE_SMACK) mch_copy_sec(fname, mfp->mf_fname); #endif mch_hide(mfp->mf_fname); /* try setting the 'hidden' flag */ *** ../vim-7.4.237/src/os_unix.c 2014-04-01 21:00:45.436733663 +0200 --- src/os_unix.c 2014-04-02 13:58:55.427893322 +0200 *************** *** 46,51 **** --- 46,59 ---- static int selinux_enabled = -1; #endif + #ifdef HAVE_SMACK + # include + # include + # ifndef SMACK_LABEL_LEN + # define SMACK_LABEL_LEN 1024 + # endif + #endif + /* * Use this prototype for select, some include files have a wrong prototype */ *************** *** 2798,2803 **** --- 2806,2895 ---- } #endif /* HAVE_SELINUX */ + #if defined(HAVE_SMACK) && !defined(PROTO) + /* + * Copy security info from "from_file" to "to_file". + */ + void + mch_copy_sec(from_file, to_file) + char_u *from_file; + char_u *to_file; + { + static const char const *smack_copied_attributes[] = + { + XATTR_NAME_SMACK, + XATTR_NAME_SMACKEXEC, + XATTR_NAME_SMACKMMAP + }; + + char buffer[SMACK_LABEL_LEN]; + const char *name; + int index; + int ret; + ssize_t size; + + if (from_file == NULL) + return; + + for (index = 0 ; index < (int)(sizeof(smack_copied_attributes) + / sizeof(smack_copied_attributes)[0]) ; index++) + { + /* get the name of the attribute to copy */ + name = smack_copied_attributes[index]; + + /* get the value of the attribute in buffer */ + size = getxattr((char*)from_file, name, buffer, sizeof(buffer)); + if (size >= 0) + { + /* copy the attribute value of buffer */ + ret = setxattr((char*)to_file, name, buffer, (size_t)size, 0); + if (ret < 0) + { + MSG_PUTS(_("Could not set security context ")); + MSG_PUTS(name); + MSG_PUTS(_(" for ")); + msg_outtrans(to_file); + msg_putchar('\n'); + } + } + else + { + /* what reason of not having the attribute value? */ + switch (errno) + { + case ENOTSUP: + /* extended attributes aren't supported or enabled */ + /* should a message be echoed? not sure... */ + return; /* leave because it isn't usefull to continue */ + + case ERANGE: + default: + /* no enough size OR unexpected error */ + MSG_PUTS(_("Could not get security context ")); + MSG_PUTS(name); + MSG_PUTS(_(" for ")); + msg_outtrans(from_file); + MSG_PUTS(_(". Removing it!\n")); + /* FALLTHROUGH to remove the attribute */ + + case ENODATA: + /* no attribute of this name */ + ret = removexattr((char*)to_file, name); + if (ret < 0 && errno != ENODATA) + { + MSG_PUTS(_("Could not remove security context ")); + MSG_PUTS(name); + MSG_PUTS(_(" for ")); + msg_outtrans(to_file); + msg_putchar('\n'); + } + break; + } + } + } + } + #endif /* HAVE_SMACK */ + /* * Return a pointer to the ACL of file "fname" in allocated memory. * Return NULL if the ACL is not available for whatever reason. *** ../vim-7.4.237/src/undo.c 2014-03-23 15:12:29.943264337 +0100 --- src/undo.c 2014-04-02 13:42:15.387907078 +0200 *************** *** 1455,1461 **** # endif ) mch_setperm(file_name, (perm & 0707) | ((perm & 07) << 3)); ! # ifdef HAVE_SELINUX if (buf->b_ffname != NULL) mch_copy_sec(buf->b_ffname, file_name); # endif --- 1455,1461 ---- # endif ) mch_setperm(file_name, (perm & 0707) | ((perm & 07) << 3)); ! # if defined(HAVE_SELINUX) || defined(HAVE_SMACK) if (buf->b_ffname != NULL) mch_copy_sec(buf->b_ffname, file_name); # endif *** ../vim-7.4.237/src/auto/configure 2014-03-27 18:51:06.612760919 +0100 --- src/auto/configure 2014-04-02 13:50:11.375900531 +0200 *************** *** 782,787 **** --- 782,788 ---- with_view_name with_global_runtime with_modified_by + enable_smack enable_selinux with_features with_compiledby *************** *** 1453,1459 **** --enable-fail-if-missing Fail if dependencies on additional features specified on the command line are missing. --disable-darwin Disable Darwin (Mac OS X) support. ! --disable-selinux Don't check for SELinux support. --disable-xsmp Disable XSMP session management --disable-xsmp-interact Disable XSMP interaction --enable-luainterp=OPTS Include Lua interpreter. default=no OPTS=no/yes/dynamic --- 1454,1461 ---- --enable-fail-if-missing Fail if dependencies on additional features specified on the command line are missing. --disable-darwin Disable Darwin (Mac OS X) support. ! --disable-smack Do not check for Smack support. ! --disable-selinux Do not check for SELinux support. --disable-xsmp Disable XSMP session management --disable-xsmp-interact Disable XSMP interaction --enable-luainterp=OPTS Include Lua interpreter. default=no OPTS=no/yes/dynamic *************** *** 4588,4606 **** ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-selinux argument" >&5 $as_echo_n "checking --disable-selinux argument... " >&6; } ! # Check whether --enable-selinux was given. if test "${enable_selinux+set}" = set; then : enableval=$enable_selinux; else enable_selinux="yes" fi ! if test "$enable_selinux" = "yes"; then ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5 $as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; } if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then : $as_echo_n "(cached) " >&6 --- 4590,4679 ---- ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-smack argument" >&5 ! $as_echo_n "checking --disable-smack argument... " >&6; } ! # Check whether --enable-smack was given. ! if test "${enable_smack+set}" = set; then : ! enableval=$enable_smack; ! else ! enable_smack="yes" ! fi ! ! if test "$enable_smack" = "yes"; then ! ac_fn_c_check_header_mongrel "$LINENO" "linux/xattr.h" "ac_cv_header_linux_xattr_h" "$ac_includes_default" ! if test "x$ac_cv_header_linux_xattr_h" = xyes; then : ! true ! else ! enable_smack="no" ! fi ! ! ! fi ! if test "$enable_smack" = "yes"; then ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ! $as_echo "no" >&6; } ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking for llistxattr in -lattr" >&5 ! $as_echo_n "checking for llistxattr in -lattr... " >&6; } ! if ${ac_cv_lib_attr_llistxattr+:} false; then : ! $as_echo_n "(cached) " >&6 ! else ! ac_check_lib_save_LIBS=$LIBS ! LIBS="-lattr $LIBS" ! cat confdefs.h - <<_ACEOF >conftest.$ac_ext ! /* end confdefs.h. */ ! ! /* Override any GCC internal prototype to avoid an error. ! Use char because int might match the return type of a GCC ! builtin and then its argument prototype would still apply. */ ! #ifdef __cplusplus ! extern "C" ! #endif ! char llistxattr (); ! int ! main () ! { ! return llistxattr (); ! ; ! return 0; ! } ! _ACEOF ! if ac_fn_c_try_link "$LINENO"; then : ! ac_cv_lib_attr_llistxattr=yes ! else ! ac_cv_lib_attr_llistxattr=no ! fi ! rm -f core conftest.err conftest.$ac_objext \ ! conftest$ac_exeext conftest.$ac_ext ! LIBS=$ac_check_lib_save_LIBS ! fi ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_attr_llistxattr" >&5 ! $as_echo "$ac_cv_lib_attr_llistxattr" >&6; } ! if test "x$ac_cv_lib_attr_llistxattr" = xyes; then : ! LIBS="$LIBS -lattr" ! found_smack="yes" ! $as_echo "#define HAVE_SMACK 1" >>confdefs.h ! ! fi ! ! else ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ! $as_echo "yes" >&6; } ! fi ! ! if test "x$found_smack" = "x"; then ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking --disable-selinux argument" >&5 $as_echo_n "checking --disable-selinux argument... " >&6; } ! # Check whether --enable-selinux was given. if test "${enable_selinux+set}" = set; then : enableval=$enable_selinux; else enable_selinux="yes" fi ! if test "$enable_selinux" = "yes"; then ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ! { $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5 $as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; } if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then : $as_echo_n "(cached) " >&6 *************** *** 4638,4650 **** $as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; } if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then : LIBS="$LIBS -lselinux" ! $as_echo "#define HAVE_SELINUX 1" >>confdefs.h fi ! else ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi --- 4711,4724 ---- $as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; } if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then : LIBS="$LIBS -lselinux" ! $as_echo "#define HAVE_SELINUX 1" >>confdefs.h fi ! else ! { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } + fi fi *** ../vim-7.4.237/src/version.c 2014-04-02 12:12:04.163981514 +0200 --- src/version.c 2014-04-02 13:38:22.511910282 +0200 *************** *** 736,737 **** --- 736,739 ---- { /* Add new patch number below this line */ + /**/ + 238, /**/ -- hundred-and-one symptoms of being an internet addict: 25. You believe nothing looks sexier than a man in boxer shorts illuminated only by a 17" inch svga monitor. /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///