synchronize SELinux code with GNU sed

2012-03-16  Paolo Bonzini  <bonzini@gnu.org>

	* execute.c (open_next_file): Save/restore file creation context.

2 files changed, 20 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index c12d516..424f4ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2012-03-16  Paolo Bonzini  <bonzini@gnu.org>
+
+	* execute.c (open_next_file): Save/restore file creation context.
+
 2010-11-03  Eric Blake  <eblake@redhat.com>
 
 	* basicdefs.h (ISDIGIT): Avoid compiler warning on cygwin.
diff --git a/sed/execute.c b/sed/execute.c
index 34ce920..9367a34 100644
--- a/sed/execute.c
+++ b/sed/execute.c
@@ -727,6 +727,11 @@ open_next_file(name, input)
     {
       int input_fd;
       char *tmpdir, *p;
+#ifndef BOOTSTRAP
+      security_context_t old_fscreatecon;
+      int reset_fscreatecon = 0;
+      memset (&old_fscreatecon, 0, sizeof (old_fscreatecon));
+#endif
 
       /* get the base name */
       tmpdir = ck_strdup(input->in_file_name);
@@ -749,6 +754,9 @@ open_next_file(name, input)
           security_context_t con;
 	  if (getfilecon (input->in_file_name, &con) != -1)
 	    {
+	      /* Save and restore the old context for the sake of w and W
+		 commands.  */
+	      reset_fscreatecon = getfscreatecon (&old_fscreatecon) >= 0;
 	      if (setfscreatecon (con) < 0)
 		fprintf (stderr, _("%s: warning: failed to set default file creation context to %s: %s"),
 			 myname, con, strerror (errno));
@@ -768,6 +776,14 @@ open_next_file(name, input)
       output_file.missing_newline = false;
       free (tmpdir);
 
+#ifndef BOOTSTRAP
+      if (reset_fscreatecon)
+	{
+	  setfscreatecon (old_fscreatecon);
+	  freecon (old_fscreatecon);
+	}
+#endif
+
       if (!output_file.fp)
         panic(_("couldn't open temporary file %s: %s"), input->out_file_name, strerror(errno));
     }