From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Karel Klic Newsgroups: gmane.emacs.devel Subject: [PATCH] SELinux support Date: Tue, 02 Mar 2010 20:36:07 +0100 Message-ID: <4B8D68A7.6000907@redhat.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------080704040809020909030704" X-Trace: dough.gmane.org 1267558611 19646 80.91.229.12 (2 Mar 2010 19:36:51 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 2 Mar 2010 19:36:51 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Mar 02 20:36:44 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1NmXtL-0001p8-K9 for ged-emacs-devel@m.gmane.org; Tue, 02 Mar 2010 20:36:35 +0100 Original-Received: from localhost ([127.0.0.1]:49412 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NmXtG-0005bt-4L for ged-emacs-devel@m.gmane.org; Tue, 02 Mar 2010 14:36:22 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NmXtA-0005bD-AE for emacs-devel@gnu.org; Tue, 02 Mar 2010 14:36:16 -0500 Original-Received: from [140.186.70.92] (port=60371 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NmXt8-0005av-GR for emacs-devel@gnu.org; Tue, 02 Mar 2010 14:36:15 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NmXt6-0006MU-13 for emacs-devel@gnu.org; Tue, 02 Mar 2010 14:36:14 -0500 Original-Received: from mx1.redhat.com ([209.132.183.28]:33158) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NmXt5-0006M4-I8 for emacs-devel@gnu.org; Tue, 02 Mar 2010 14:36:11 -0500 Original-Received: from int-mx08.intmail.prod.int.phx2.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o22Ja9WB004671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 2 Mar 2010 14:36:09 -0500 Original-Received: from dhcp-lab-117.englab.brq.redhat.com (dhcp-lab-198.englab.brq.redhat.com [10.34.33.198]) by int-mx08.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o22Ja8xF007865 for ; Tue, 2 Mar 2010 14:36:08 -0500 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100225 Fedora/3.0.2-1.fc12 Thunderbird/3.0.2 X-Scanned-By: MIMEDefang 2.67 on 10.5.11.21 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:121569 Archived-At: This is a multi-part message in MIME format. --------------080704040809020909030704 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Hi, I have created patches that add basic SELinux support into Emacs. Currently, if you have SELinux enabled, and you edit a file and then store it, the backup file (with the tilde) gets the proper SELinux context but the real file loses it. That is caused by "backup by renaming". If you set "backup-by-copying" variable to non-nil, the file you edited preserves the correct context after saving, but the backup file gets the default context (it should get the context of the original file). This causes a lot of problems when editing config files on machines with SELinux enabled. The attached patches modify Emacs so that it preserves SELinux context of edited files. - emacs-1-selinux-config changes the build system to support libselinux - emacs-2-selinux-get-set-context-fun adds two new functions file-selinux-context and set-file-selinux-context - emacs-3-selinux-backups-on-save modifies the buffer saving functions to handle SELinux context The patch can be applied against a recent version of the repository. Best regards, Karel Klic --------------080704040809020909030704 Content-Type: text/x-patch; name="emacs-1-selinux-config.patch" Content-Disposition: attachment; filename="emacs-1-selinux-config.patch" Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mx1.redhat.com id o22Ja9WB004671 diff -U0 emacs-23.1.92/ChangeLog.selinux-config emacs-23.1.92/ChangeLog --- emacs-23.1.92/ChangeLog.selinux-config 2010-02-23 17:09:23.230149718 = +0100 +++ emacs-23.1.92/ChangeLog 2010-02-23 17:12:42.016030415 +0100 @@ -0,0 +1,5 @@ +2010-02-23 Karel Kl=C3=AD=C4=8D + + * configure.in: New option: --with(out)-selinux.=20 + Set HAVE_LIBSELINUX if we find libselinux. + diff -up emacs-23.1.92/configure.in.selinux-config emacs-23.1.92/configur= e.in --- emacs-23.1.92/configure.in.selinux-config 2010-01-30 02:48:36.0000000= 00 +0100 +++ emacs-23.1.92/configure.in 2010-02-23 16:27:35.402024775 +0100 @@ -145,6 +145,7 @@ OPTION_DEFAULT_OFF([ns],[use nextstep (C OPTION_DEFAULT_ON([gpm],[don't use -lgpm for mouse support on a GNU/Linu= x console]) OPTION_DEFAULT_ON([dbus],[don't compile with D-Bus support]) OPTION_DEFAULT_ON([gconf],[don't compile with GConf support]) +OPTION_DEFAULT_ON([selinux],[don't compile with SELinux support]) =20 ## For the times when you want to build Emacs but don't have ## a suitable makeinfo, and can live without the manuals. @@ -1763,6 +1764,15 @@ if test "${HAVE_X11}" =3D "yes" && test "$ fi fi =20 +dnl SELinux is available for GNU/Linux only. +HAVE_LIBSELINUX=3Dno +if test "${with_selinux}" =3D "yes"; then + PKG_CHECK_MODULES(LIBSELINUX, libselinux, HAVE_LIBSELINUX=3Dyes, HAVE= _LIBSELINUX=3Dno) + if test "$HAVE_LIBSELINUX" =3D yes; then + AC_DEFINE(HAVE_LIBSELINUX, 1, [Define to 1 if using SELinux.]) + fi +fi + dnl Do not put whitespace before the #include statements below. dnl Older compilers (eg sunos4 cc) choke on it. HAVE_XAW3D=3Dno @@ -3015,6 +3025,7 @@ echo " Does Emacs use -lrsvg-2? =20 echo " Does Emacs use -lgpm? ${HAVE_G= PM}" echo " Does Emacs use -ldbus? ${HAVE_D= BUS}" echo " Does Emacs use -lgconf? ${HAVE_G= CONF}" +echo " Does Emacs use -lselinux? ${HAVE_L= IBSELINUX}" =20 echo " Does Emacs use -lfreetype? ${HAVE_F= REETYPE}" echo " Does Emacs use -lm17n-flt? ${HAVE_M= 17N_FLT}" diff -U0 emacs-23.1.92/src/ChangeLog.selinux-config emacs-23.1.92/src/Cha= ngeLog --- emacs-23.1.92/src/ChangeLog.selinux-config 2010-02-23 16:54:05.815149= 660 +0100 +++ emacs-23.1.92/src/ChangeLog 2010-02-23 17:08:32.077024278 +0100 @@ -0,0 +1,4 @@ +2010-02-23 Karel Kl=C3=AD=C4=8D + + * Makefile.in: Added libselinux CFLAGS and LIBS. + diff -up emacs-23.1.92/src/Makefile.in.selinux-config emacs-23.1.92/src/M= akefile.in --- emacs-23.1.92/src/Makefile.in.selinux-config 2010-01-16 18:35:57.0000= 00000 +0100 +++ emacs-23.1.92/src/Makefile.in 2010-02-23 16:27:35.403024401 +0100 @@ -253,6 +253,11 @@ GCONF_CFLAGS =3D @GCONF_CFLAGS@ GCONF_LIBS =3D @GCONF_LIBS@ #endif =20 +#ifdef HAVE_LIBSELINUX +LIBSELINUX_CFLAGS =3D @LIBSELINUX_CFLAGS@ +LIBSELINUX_LIBS =3D @LIBSELINUX_LIBS@ +#endif + /* DO NOT use -R. There is a special hack described in lastfile.c which is used instead. Some initialized data areas are modified at initial startup, then labeled as part of the text area when @@ -266,7 +271,7 @@ GCONF_LIBS =3D @GCONF_LIBS@ =20 /* C_SWITCH_X_SITE must come before C_SWITCH_X_MACHINE and C_SWITCH_X_SY= STEM since it may have -I options that should override those two. */ -ALL_CFLAGS=3D-Demacs -DHAVE_CONFIG_H $(MYCPPFLAGS) -I. -I${srcdir} C_SWI= TCH_MACHINE C_SWITCH_SYSTEM C_SWITCH_X_SITE C_SWITCH_X_MACHINE C_SWITCH_X= _SYSTEM C_SWITCH_SYSTEM_TEMACS ${CFLAGS_SOUND} ${RSVG_CFLAGS} ${DBUS_CFLA= GS} ${GCONF_CFLAGS} ${CFLAGS} @FREETYPE_CFLAGS@ @FONTCONFIG_CFLAGS@ @LIBO= TF_CFLAGS@ @M17N_FLT_CFLAGS@ ${DEPFLAGS} +ALL_CFLAGS=3D-Demacs -DHAVE_CONFIG_H $(MYCPPFLAGS) -I. -I${srcdir} C_SWI= TCH_MACHINE C_SWITCH_SYSTEM C_SWITCH_X_SITE C_SWITCH_X_MACHINE C_SWITCH_X= _SYSTEM C_SWITCH_SYSTEM_TEMACS ${CFLAGS_SOUND} ${RSVG_CFLAGS} ${DBUS_CFLA= GS} ${GCONF_CFLAGS} ${LIBSELINUX_CFLAGS} ${CFLAGS} @FREETYPE_CFLAGS@ @FON= TCONFIG_CFLAGS@ @LIBOTF_CFLAGS@ @M17N_FLT_CFLAGS@ ${DEPFLAGS} ALL_OBJC_CFLAGS=3D$(ALL_CFLAGS) @GNU_OBJC_CFLAGS@ =20 .SUFFIXES: .m @@ -911,7 +916,7 @@ SOME_MACHINE_LISP =3D ../lisp/mouse.elc \ =20 LIBES =3D $(LOADLIBES) $(LIBS) $(LIBX) $(LIBSOUND) $(RSVG_LIBS) $(DBUS_L= IBS) \ LIBGPM LIBRESOLV LIBS_SYSTEM LIBS_MACHINE LIBS_TERMCAP \ - LIBS_DEBUG $(GETLOADAVG_LIBS) ${GCONF_LIBS} \ + LIBS_DEBUG $(GETLOADAVG_LIBS) ${GCONF_LIBS} ${LIBSELINUX_LIBS} \ @FREETYPE_LIBS@ @FONTCONFIG_LIBS@ @LIBOTF_LIBS@ @M17N_FLT_LIBS@ \ $(GNULIB_VAR) LIB_MATH LIB_STANDARD $(GNULIB_VAR) =20 --------------080704040809020909030704 Content-Type: text/x-patch; name="emacs-2-selinux-get-set-context-fun.patch" Content-Disposition: attachment; filename="emacs-2-selinux-get-set-context-fun.patch" Content-Transfer-Encoding: 7bit diff -U0 emacs-23.1.92/src/ChangeLog.selinux-get-set-context-fun emacs-23.1.92/src/ChangeLog --- emacs-23.1.92/src/ChangeLog.selinux-get-set-context-fun 2010-02-23 17:20:22.866024852 +0100 +++ emacs-23.1.92/src/ChangeLog 2010-02-23 17:22:35.408149531 +0100 @@ -2,0 +3,3 @@ + * fileio.c (Ffile_selinux_context): New function. + (Fset_file_selinux_context): New function. + diff -up emacs-23.1.92/src/fileio.c.selinux-get-set-context-fun emacs-23.1.92/src/fileio.c --- emacs-23.1.92/src/fileio.c.selinux-get-set-context-fun 2010-01-28 18:45:49.000000000 +0100 +++ emacs-23.1.92/src/fileio.c 2010-02-23 16:27:53.899149817 +0100 @@ -59,6 +59,11 @@ extern int errno; #endif #endif +#ifdef HAVE_LIBSELINUX +#include +#include +#endif + #include "lisp.h" #include "intervals.h" #include "buffer.h" @@ -339,6 +344,8 @@ Lisp_Object Qfile_accessible_directory_p Lisp_Object Qfile_modes; Lisp_Object Qset_file_modes; Lisp_Object Qset_file_times; +Lisp_Object Qfile_selinux_context; +Lisp_Object Qset_file_selinux_context; Lisp_Object Qfile_newer_than_file_p; Lisp_Object Qinsert_file_contents; Lisp_Object Qwrite_region; @@ -2857,6 +2864,136 @@ See `file-symlink-p' to distinguish syml #endif } +DEFUN ("file-selinux-context", Ffile_selinux_context, + Sfile_selinux_context, 1, 1, 0, + doc: /* Return SELinux context of file named FILENAME, +as a list ("user", "role", "type", "range"). Return (nil, nil, nil, nil) +if file does not exist, is not accessible, or SELinux is disabled */) + (filename) + Lisp_Object filename; +{ + Lisp_Object absname; + Lisp_Object values[4]; + Lisp_Object handler; +#if HAVE_LIBSELINUX + security_context_t con; + int conlength; + context_t context; +#endif + + absname = expand_and_dir_to_file (filename, current_buffer->directory); + + /* If the file name has special constructs in it, + call the corresponding file handler. */ + handler = Ffind_file_name_handler (absname, Qfile_selinux_context); + if (!NILP (handler)) + return call2 (handler, Qfile_selinux_context, absname); + + absname = ENCODE_FILE (absname); + + values[0] = Qnil; + values[1] = Qnil; + values[2] = Qnil; + values[3] = Qnil; +#if HAVE_LIBSELINUX + if (is_selinux_enabled ()) + { + conlength = lgetfilecon (SDATA (absname), &con); + if (conlength > 0) + { + context = context_new (con); + values[0] = build_string (context_user_get (context)); + values[1] = build_string (context_role_get (context)); + values[2] = build_string (context_type_get (context)); + values[3] = build_string (context_range_get (context)); + context_free (context); + } + if (con) + freecon (con); + } +#endif + + return Flist (sizeof(values) / sizeof(values[0]), values); +} + +DEFUN ("set-file-selinux-context", Fset_file_selinux_context, + Sset_file_selinux_context, 2, 2, 0, + doc: /* Set SELinux context of file named FILENAME to CONTEXT +as a list ("user", "role", "type", "range"). Has no effect if SELinux +is disabled. */) + (filename, context) + Lisp_Object filename, context; +{ + Lisp_Object absname, encoded_absname; + Lisp_Object handler; + Lisp_Object user = CAR_SAFE (context); + Lisp_Object role = CAR_SAFE (CDR_SAFE (context)); + Lisp_Object type = CAR_SAFE (CDR_SAFE (CDR_SAFE (context))); + Lisp_Object range = CAR_SAFE (CDR_SAFE (CDR_SAFE (CDR_SAFE (context)))); +#if HAVE_LIBSELINUX + security_context_t con; + int fail, conlength; + context_t parsed_con; +#endif + + absname = Fexpand_file_name (filename, current_buffer->directory); + + /* If the file name has special constructs in it, + call the corresponding file handler. */ + handler = Ffind_file_name_handler (absname, Qset_file_selinux_context); + if (!NILP (handler)) + return call3 (handler, Qset_file_selinux_context, absname, context); + + encoded_absname = ENCODE_FILE (absname); + +#if HAVE_LIBSELINUX + if (is_selinux_enabled ()) + { + /* Get current file context. */ + conlength = lgetfilecon (SDATA (encoded_absname), &con); + if (conlength > 0) + { + parsed_con = context_new (con); + /* Change the parts defined in the parameter.*/ + if (STRINGP (user)) + { + if (context_user_set (parsed_con, SDATA (user))) + error ("Doing context_user_set"); + } + if (STRINGP (role)) + { + if (context_role_set (parsed_con, SDATA (role))) + error ("Doing context_role_set"); + } + if (STRINGP (type)) + { + if (context_type_set (parsed_con, SDATA (type))) + error ("Doing context_type_set"); + } + if (STRINGP (range)) + { + if (context_range_set (parsed_con, SDATA (range))) + error ("Doing context_range_set"); + } + + /* Set the modified context back to the file. */ + fail = lsetfilecon (SDATA (encoded_absname), context_str (parsed_con)); + if (fail) + report_file_error ("Doing lsetfilecon", Fcons (absname, Qnil)); + + context_free (parsed_con); + } + else + report_file_error("Doing lgetfilecon", Fcons (absname, Qnil)); + + if (con) + freecon (con); + } +#endif + + return Qnil; +} + DEFUN ("file-modes", Ffile_modes, Sfile_modes, 1, 1, 0, doc: /* Return mode bits of file named FILENAME, as an integer. Return nil, if file does not exist or is not accessible. */) @@ -5509,6 +5646,8 @@ syms_of_fileio () Qfile_modes = intern_c_string ("file-modes"); Qset_file_modes = intern_c_string ("set-file-modes"); Qset_file_times = intern_c_string ("set-file-times"); + Qfile_selinux_context = intern_c_string("file-selinux-context"); + Qset_file_selinux_context = intern_c_string("set-file-selinux-context"); Qfile_newer_than_file_p = intern_c_string ("file-newer-than-file-p"); Qinsert_file_contents = intern_c_string ("insert-file-contents"); Qwrite_region = intern_c_string ("write-region"); @@ -5544,6 +5683,8 @@ syms_of_fileio () staticpro (&Qfile_modes); staticpro (&Qset_file_modes); staticpro (&Qset_file_times); + staticpro (&Qfile_selinux_context); + staticpro (&Qset_file_selinux_context); staticpro (&Qfile_newer_than_file_p); staticpro (&Qinsert_file_contents); staticpro (&Qwrite_region); @@ -5777,6 +5918,8 @@ When non-nil, the function `move-file-to defsubr (&Sfile_modes); defsubr (&Sset_file_modes); defsubr (&Sset_file_times); + defsubr (&Sfile_selinux_context); + defsubr (&Sset_file_selinux_context); defsubr (&Sset_default_file_modes); defsubr (&Sdefault_file_modes); defsubr (&Sfile_newer_than_file_p); --------------080704040809020909030704 Content-Type: text/x-patch; name="emacs-3-selinux-backups-on-save.patch" Content-Disposition: attachment; filename="emacs-3-selinux-backups-on-save.patch" Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mx1.redhat.com id o22Ja9WB004671 diff -U0 emacs-23.1.92/lisp/ChangeLog.selinux-backups-on-save emacs-23.1.= 92/lisp/ChangeLog --- emacs-23.1.92/lisp/ChangeLog.selinux-backups-on-save 2010-02-24 11:22= :02.961149752 +0100 +++ emacs-23.1.92/lisp/ChangeLog 2010-02-24 11:34:23.555149599 +0100 @@ -0,0 +1,9 @@ +2010-02-24 Karel Kl=C3=AD=C4=8D + + * files.el (backup-buffer): Handle SELinux context, and return it + if a backup was made by renaming. + (backup-buffer-copy): Set SELinux context to the target file. + (basic-save-buffer): Set SELinux context of the newly written file. + (basic-save-buffer-1): Mention it also returns SELinux context. + (basic-save-buffer-2): Set SELinux context of the newly created file. + diff -up emacs-23.1.92/lisp/files.el.selinux-backups-on-save emacs-23.1.9= 2/lisp/files.el --- emacs-23.1.92/lisp/files.el.selinux-backups-on-save 2010-01-27 04:35:= 37.000000000 +0100 +++ emacs-23.1.92/lisp/files.el 2010-02-23 16:35:56.598149543 +0100 @@ -3616,10 +3616,13 @@ variable `make-backup-files'. If it's d no longer accessible under its old name. =20 The value is non-nil after a backup was made by renaming. -It has the form (MODES . BACKUPNAME). +It has the form (MODES SELINUXCONTEXT BACKUPNAME). MODES is the result of `file-modes' on the original file; this means that the caller, after saving the buffer, should change the modes of the new file to agree with the old modes. +SELINUXCONTEXT is the result of `file-selinux-context' on the original=20 +file; this means that the caller, after saving the buffer, should change +the SELinux context of the new file to agree with the old context. BACKUPNAME is the backup file name, which is the old file renamed." (if (and make-backup-files (not backup-inhibited) (not buffer-backed-up) @@ -3647,7 +3650,8 @@ BACKUPNAME is the backup file name, whic (or delete-old-versions (y-or-n-p (format "Delete excess backup versions of %s? " real-file-name))))) - (modes (file-modes buffer-file-name))) + (modes (file-modes buffer-file-name)) + (context (file-selinux-context buffer-file-name))) ;; Actually write the back up file. (condition-case () (if (or file-precious-flag @@ -3667,10 +3671,10 @@ BACKUPNAME is the backup file name, whic (<=3D (nth 2 attr) backup-by-copying-when-privileged-mismatch))= ) (or (nth 9 attr) (not (file-ownership-preserved-p real-file-name))))))) - (backup-buffer-copy real-file-name backupname modes) + (backup-buffer-copy real-file-name backupname modes context) ;; rename-file should delete old backup. (rename-file real-file-name backupname t) - (setq setmodes (cons modes backupname))) + (setq setmodes (list modes context backupname))) (file-error ;; If trouble writing the backup, write it in ~. (setq backupname (expand-file-name @@ -3679,7 +3683,7 @@ BACKUPNAME is the backup file name, whic (message "Cannot write backup file; backing up in %s" backupname) (sleep-for 1) - (backup-buffer-copy real-file-name backupname modes))) + (backup-buffer-copy real-file-name backupname modes context))) (setq buffer-backed-up t) ;; Now delete the old versions, if desired. (if delete-old-versions @@ -3691,7 +3695,7 @@ BACKUPNAME is the backup file name, whic setmodes) (file-error nil)))))) =20 -(defun backup-buffer-copy (from-name to-name modes) +(defun backup-buffer-copy (from-name to-name modes context) (let ((umask (default-file-modes))) (unwind-protect (progn @@ -3718,7 +3722,9 @@ BACKUPNAME is the backup file name, whic ;; Reset the umask. (set-default-file-modes umask))) (and modes - (set-file-modes to-name (logand modes #o1777)))) + (set-file-modes to-name (logand modes #o1777))) + (and context + (set-file-selinux-context to-name context))) =20 (defun file-name-sans-versions (name &optional keep-backup-version) "Return file NAME sans backup versions or strings. @@ -4248,7 +4254,9 @@ Before and after saving the buffer, this (nthcdr 10 (file-attributes buffer-file-name))) (if setmodes (condition-case () - (set-file-modes buffer-file-name (car setmodes)) + (progn + (set-file-modes buffer-file-name (car setmodes)) + (set-file-selinux-context buffer-file-name (nth 1 setmodes))) (error nil)))) ;; If the auto-save file was recent before this command, ;; delete it now. @@ -4261,7 +4269,7 @@ Before and after saving the buffer, this ;; This does the "real job" of writing a buffer into its visited file ;; and making a backup file. This is what is normally done ;; but inhibited if one of write-file-functions returns non-nil. -;; It returns a value (MODES . BACKUPNAME), like backup-buffer. +;; It returns a value (MODES SELINUXCONTEXT BACKUPNAME), like backup-buf= fer. (defun basic-save-buffer-1 () (prog1 (if save-buffer-coding-system @@ -4273,7 +4281,7 @@ Before and after saving the buffer, this (setq buffer-file-coding-system-explicit (cons last-coding-system-used nil))))) =20 -;; This returns a value (MODES . BACKUPNAME), like backup-buffer. +;; This returns a value (MODES SELINUXCONTEXT BACKUPNAME), like backup-b= uffer. (defun basic-save-buffer-2 () (let (tempsetmodes setmodes) (if (not (file-writable-p buffer-file-name)) @@ -4344,8 +4352,9 @@ Before and after saving the buffer, this ;; Since we have created an entirely new file, ;; make sure it gets the right permission bits set. (setq setmodes (or setmodes - (cons (or (file-modes buffer-file-name) + (list (or (file-modes buffer-file-name) (logand ?\666 umask)) + (file-selinux-context buffer-file-name) buffer-file-name))) ;; We succeeded in writing the temp file, ;; so rename it. @@ -4356,8 +4365,11 @@ Before and after saving the buffer, this ;; (setmodes is set) because that says we're superseding. (cond ((and tempsetmodes (not setmodes)) ;; Change the mode back, after writing. - (setq setmodes (cons (file-modes buffer-file-name) buffer-file-n= ame)) - (set-file-modes buffer-file-name (logior (car setmodes) 128)))) + (setq setmodes (list (file-modes buffer-file-name)=20 + (file-selinux-context buffer-file-name)=20 + buffer-file-name)) + (set-file-modes buffer-file-name (logior (car setmodes) 128)) + (set-file-selinux-context buffer-file-name (nth 1 setmodes))))) (let (success) (unwind-protect (progn @@ -4371,8 +4383,8 @@ Before and after saving the buffer, this ;; the backup by renaming, undo the backing-up. (and setmodes (not success) (progn - (rename-file (cdr setmodes) buffer-file-name t) - (setq buffer-backed-up nil))))))) + (rename-file (nth 2 setmodes) buffer-file-name t) + (setq buffer-backed-up nil)))))) setmodes)) =20 (defun diff-buffer-with-file (&optional buffer) --------------080704040809020909030704--