vi does not maintain contexts on symlinks

Tom London selinux at comcast.net
Wed Jul 7 18:23:02 UTC 2004


After accidentally editing '/etc/rc.sysinit' (a symlink to
'/etc/rc.d/rc.sysinit') and getting a system that didn't
boot in enforcing mode, I poked around a bit.

It appears that the selinix patch to vi (emacs, ... ?) to
maintain contexts across edits doesn't work if
you point at the symlink instead of the 'real' file.

[More precisely there is a function
'mch_copy_sec()' that calls get-/set-filecon(), but
it appears that in the 'backup file' case, from_file
and to_file are 'reversed'.]

In my case, editing '/etc/rc.sysinit' changed the
context of '/etc/rc.d/rc.sysinit' from
'system_u:object_r:initrc_exec_t' to
'root:object_r:etc_t'.

I've bugzilla'ed this against vim here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127361
but this may affect more than vim (e.g., emacs, ...)

Is this patch Fedora based, or is there an upstream
source? Am I breaking something else?

tom



More information about the selinux mailing list