From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 Description of problem: The patch added to have vim maintain SELinux contexts does not work if the file being edited is a symlink. In that case, a backup file is created and the context of the backup is given to the final file (not the context of the original file). For example, suppose you a file 'file1' with context 'system_u:object_r:initrc_exec_t'. If you edit the file, it remains with that context. Suppose you have a symbolic link 'symlink1' to that file with context 'system_u;object_r:etc_t'. If you edit the symlink (file), 'file1' now has a different context, something like 'root:object_r:etc_t' (the type depends on the path, not on the context of the symlink). Version-Release number of selected component (if applicable): vim-enhanced-6.2.457-1 (and vim-enhanced-6.3.011-2) How reproducible: Always Steps to Reproduce: 1. create a symlink to a file. 2. modify file via 'vim file' and 'vim symlink' 3. ls -lZ file after both. Additional info:
OK. I've dug a bit deeper. I think the calls to mch_copy_sec() have the args reversed in the code segment executed when 'backup_copy' is TRUE. Here is a patch that makes it work with both real files and symlinks. [I only (lightly) tested those two cases.] tom -------------------------------------------------- *** fileio.c 2004-07-07 10:22:46.514931406 -0700 --- SAVE/fileio.c 2004-07-07 10:15:42.922396738 -0700 *************** *** 3331,3337 **** mch_setperm(backup, (perm & 0707) | ((perm & 07) << 3)); #ifdef HAVE_SELINUX ! mch_copy_sec(fname, backup); #endif #endif --- 3331,3337 ---- mch_setperm(backup, (perm & 0707) | ((perm & 07) << 3)); #ifdef HAVE_SELINUX ! mch_copy_sec(backup, fname); #endif #endif *************** *** 3370,3376 **** mch_set_acl(backup, acl); #endif #ifdef HAVE_SELINUX ! mch_copy_sec(fname, backup); #endif break; } --- 3370,3376 ---- mch_set_acl(backup, acl); #endif #ifdef HAVE_SELINUX ! mch_copy_sec(backup, fname); #endif break; }
vim 6.3.011-4 and newer will have this fix, thanks for tracking down the bug !