Bug 235744 - vim doesn't restore SELinux context on files after saving, requiring manual restorecon
Summary: vim doesn't restore SELinux context on files after saving, requiring manual r...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: vim
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karsten Hopp
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-09 21:37 UTC by James Hunt
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-04-16 08:11:24 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description James Hunt 2007-04-09 21:37:06 UTC
Description of problem:

When I edit a file in say, /etc, vim does *not* maintain the SELinux security
context of the file as it should.

Version-Release number of selected component (if applicable):

# rpm -qa|grep vim
vim-minimal-7.0.201-1.fc6
vim-common-7.0.201-1.fc6
vim-enhanced-7.0.201-1.fc6
vim-X11-7.0.201-1.fc6
# 

How reproducible:

Every time.

Steps to Reproduce:
1. Ensure roots .vimrc contains, ":set dir=>/tmp"
2. ls -lZ /etc/fstab
-rw-r--r--  root root system_u:object_r:etc_t          /etc/fstab
3. vi /etc/fstab
4. :wq

Actual results:

# ls -lZ /etc/fstab
-rw-r--r--  root root user_u:object_r:tmp_t            /etc/fstab

Expected results:

ls -lZ /etc/fstab
-rw-r--r--  root root system_u:object_r:etc_t          /etc/fstab

Additional info:

To fix the problem, run:

# restorecon -v /etc/fstab
restorecon reset /etc/fstab context
user_u:object_r:tmp_t:s0->system_u:object_r:etc_t:s0

Note: vim _is_ linked to libselinux:

# ldd `which vim`
        linux-gate.so.1 =>  (0x00e11000)
        libselinux.so.1 => /lib/libselinux.so.1 (0x4988f000)
        libncurses.so.5 => /usr/lib/libncurses.so.5 (0x4a1c2000)
        libacl.so.1 => /lib/libacl.so.1 (0x4902d000)
        libgpm.so.1 => /usr/lib/libgpm.so.1 (0x41000000)
        libperl.so =>
/usr/lib/perl5/5.8.8/i386-linux-thread-multi/CORE/libperl.so (0x4a014000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x498fb000)
        libutil.so.1 => /lib/libutil.so.1 (0x49e9f000)
        libc.so.6 => /lib/libc.so.6 (0x48d24000)
        libm.so.6 => /lib/libm.so.6 (0x48e63000)
        libdl.so.2 => /lib/libdl.so.2 (0x48e8c000)
        libpthread.so.0 => /lib/libpthread.so.0 (0x48fca000)
        libsepol.so.1 => /lib/libsepol.so.1 (0x498a8000)
        /lib/ld-linux.so.2 (0x48d07000)
        libattr.so.1 => /lib/libattr.so.1 (0x499ac000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x49926000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x4a178000)

Comment 1 James Hunt 2007-04-11 20:27:18 UTC
This problem seems to have miraculously disappeared after a flurry of selinux
updates (well, two actually :) from Dan.

Please close.


Note You need to log in before you can comment on or make changes to this bug.