diff options
Diffstat (limited to 'debian/patches/402_cppw_selinux')
-rw-r--r-- | debian/patches/402_cppw_selinux | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux new file mode 100644 index 0000000..5f2da1b --- /dev/null +++ b/debian/patches/402_cppw_selinux @@ -0,0 +1,64 @@ +Goal: Add selinux support to cppw + +Fix: + +Status wrt upstream: cppw is not available upstream. + The patch was made based on the + 302_vim_selinux_support patch. It needs to be + reviewed by an SE-Linux aware person. + +Depends on 401_cppw_src.dpatch + +Index: git/src/cppw.c +=================================================================== +--- git.orig/src/cppw.c ++++ git/src/cppw.c +@@ -34,6 +34,9 @@ + #include <sys/types.h> + #include <signal.h> + #include <utime.h> ++#ifdef WITH_SELINUX ++#include <selinux/selinux.h> ++#endif /* WITH_SELINUX */ + #include "exitcodes.h" + #include "prototypes.h" + #include "pwio.h" +@@ -139,6 +142,22 @@ + if (access (file, F_OK) != 0) { + cppwexit (file, 1, 1); + } ++#ifdef WITH_SELINUX ++ /* if SE Linux is enabled then set the context of all new files ++ * to be the context of the file we are editing */ ++ if (is_selinux_enabled () > 0) { ++ security_context_t passwd_context=NULL; ++ int ret = 0; ++ if (getfilecon (file, &passwd_context) < 0) { ++ cppwexit (_("Couldn't get file context"), errno, 1); ++ } ++ ret = setfscreatecon (passwd_context); ++ freecon (passwd_context); ++ if (0 != ret) { ++ cppwexit (_("setfscreatecon () failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ + if (file_lock () == 0) { + cppwexit (_("Couldn't lock file"), 0, 5); + } +@@ -167,6 +186,15 @@ + cppwexit (NULL,0,1); + } + ++#ifdef WITH_SELINUX ++ /* unset the fscreatecon */ ++ if (is_selinux_enabled () > 0) { ++ if (setfscreatecon (NULL)) { ++ cppwexit (_("setfscreatecon() failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ ++ + (*file_unlock) (); + } + |