summaryrefslogtreecommitdiffstats
path: root/debian/patches/402_cppw_selinux
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/402_cppw_selinux')
-rw-r--r--debian/patches/402_cppw_selinux64
1 files changed, 64 insertions, 0 deletions
diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux
new file mode 100644
index 0000000..5f2da1b
--- /dev/null
+++ b/debian/patches/402_cppw_selinux
@@ -0,0 +1,64 @@
+Goal: Add selinux support to cppw
+
+Fix:
+
+Status wrt upstream: cppw is not available upstream.
+ The patch was made based on the
+ 302_vim_selinux_support patch. It needs to be
+ reviewed by an SE-Linux aware person.
+
+Depends on 401_cppw_src.dpatch
+
+Index: git/src/cppw.c
+===================================================================
+--- git.orig/src/cppw.c
++++ git/src/cppw.c
+@@ -34,6 +34,9 @@
+ #include <sys/types.h>
+ #include <signal.h>
+ #include <utime.h>
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#endif /* WITH_SELINUX */
+ #include "exitcodes.h"
+ #include "prototypes.h"
+ #include "pwio.h"
+@@ -139,6 +142,22 @@
+ if (access (file, F_OK) != 0) {
+ cppwexit (file, 1, 1);
+ }
++#ifdef WITH_SELINUX
++ /* if SE Linux is enabled then set the context of all new files
++ * to be the context of the file we are editing */
++ if (is_selinux_enabled () > 0) {
++ security_context_t passwd_context=NULL;
++ int ret = 0;
++ if (getfilecon (file, &passwd_context) < 0) {
++ cppwexit (_("Couldn't get file context"), errno, 1);
++ }
++ ret = setfscreatecon (passwd_context);
++ freecon (passwd_context);
++ if (0 != ret) {
++ cppwexit (_("setfscreatecon () failed"), errno, 1);
++ }
++ }
++#endif /* WITH_SELINUX */
+ if (file_lock () == 0) {
+ cppwexit (_("Couldn't lock file"), 0, 5);
+ }
+@@ -167,6 +186,15 @@
+ cppwexit (NULL,0,1);
+ }
+
++#ifdef WITH_SELINUX
++ /* unset the fscreatecon */
++ if (is_selinux_enabled () > 0) {
++ if (setfscreatecon (NULL)) {
++ cppwexit (_("setfscreatecon() failed"), errno, 1);
++ }
++ }
++#endif /* WITH_SELINUX */
++
+ (*file_unlock) ();
+ }
+