Emacs and SELinux contexts

Emacs and SELinux contexts

[Suvayu Ali]

Hi everyone,

I have noticed something with emacs on GNU/Linux systems. When you edit 
something with Emacs, the SELinux  context of the file doesn't stay 
preserved. This could be an issue when you edit configuration or policy 
files as root. A system setting file usually has a context like this,

system_u:object_r:usr_t:s0

but upon editing with Emacs it changes to

unconfined_u:object_r:usr_t:s0

I don't know how severe this is but maybe its worth looking at? 
Specially when this problem is absent for other editors. I tried this 
with nano, vim and  mousepad. None of them had this issue. Can this be 
filed as a bug? Where would be the appropriate place to file this? The 
Emacs bugzilla or the bugzilla for my distribution?

Thanks for any suggestions.

-- 
Suvayu

Open source is the future. It sets us free.

Re: Emacs and SELinux contexts

[Glenn Morris]

Suvayu Ali wrote:

> I have noticed something with emacs on GNU/Linux systems. When you
> edit something with Emacs, the SELinux  context of the file doesn't
> stay preserved.

This feature is present in the Emacs Bzr trunk, ie will be in Emacs 24.1.
See etc/NEWS for more details.

Re: Emacs and SELinux contexts

[Juanma Barranquero]

On Mon, Jun 7, 2010 at 08:39, Suvayu Ali <fatkasuvayu+linux@gmail.com> wrote:

> I have noticed something with emacs on GNU/Linux systems. When you edit
> something with Emacs, the SELinux  context of the file doesn't stay
> preserved. This could be an issue when you edit configuration or policy
> files as root. A system setting file usually has a context like this,

The etc/NEWS currently on the Emacs repository has this:

  ** Basic SELinux support has been added.
  This requires Emacs to be linked with libselinux at build time.

  *** Emacs preserves the SELinux file context when backing up, and
  optionally when copying files. To this end, copy-file has an extra
  optional argument, and backup-buffer and friends include the SELinux
  context in their return values.

  *** The new functions file-selinux-context and set-file-selinux-context
  get and set the SELinux context of a file.

  *** Tramp offers handlers for file-selinux-context and
set-file-selinux-context
  for remote machines which support SELinux.

so (some) SELinux support will be included on 24.1. Unfortunately,
that will likely be many months from now.

If you need that support now you can try building Emacs directly from
the current development sources.

    Juanma

Re: Emacs and SELinux contexts

[Suvayu Ali]

On Monday 07 June 2010 02:58 AM, Juanma Barranquero wrote:
> On Mon, Jun 7, 2010 at 08:39, Suvayu Ali<fatkasuvayu+linux@gmail.com>  wrote:
>
>> I have noticed something with emacs on GNU/Linux systems. When you edit
>> something with Emacs, the SELinux  context of the file doesn't stay
>> preserved. This could be an issue when you edit configuration or policy
>> files as root. A system setting file usually has a context like this,
>
> The etc/NEWS currently on the Emacs repository has this:
>
>    ** Basic SELinux support has been added.
>    This requires Emacs to be linked with libselinux at build time.
>
>    *** Emacs preserves the SELinux file context when backing up, and
>    optionally when copying files. To this end, copy-file has an extra
>    optional argument, and backup-buffer and friends include the SELinux
>    context in their return values.
>
>    *** The new functions file-selinux-context and set-file-selinux-context
>    get and set the SELinux context of a file.
>
>    *** Tramp offers handlers for file-selinux-context and
> set-file-selinux-context
>    for remote machines which support SELinux.
>
> so (some) SELinux support will be included on 24.1. Unfortunately,
> that will likely be many months from now.
>
> If you need that support now you can try building Emacs directly from
> the current development sources.
>

Thank you very much, Juanma. :)

>      Juanma


-- 
Suvayu

Open source is the future. It sets us free.

Re: Emacs and SELinux contexts

[Stefan Monnier]

> I have noticed something with emacs on GNU/Linux systems. When you edit
> something with Emacs, the SELinux  context of the file doesn't stay
> preserved. This could be an issue when you edit configuration or policy

As mentioned, there is improved support in the trunk (i.e. for
Emacs-24), but since this won't be released in the near future, maybe
playing around with backup-by-copying and some of its friends will let
you work around the problem in the mean time.


        Stefan


PS: I say "maybe" because I know nothing about SELinux.