After accidentally editing '/etc/rc.sysinit' (a symlink to '/etc/rc.d/rc.sysinit') and getting a system that didn't boot in enforcing mode, I poked around a bit.
It appears that the selinix patch to vi (emacs, ... ?) to maintain contexts across edits doesn't work if you point at the symlink instead of the 'real' file.
[More precisely there is a function 'mch_copy_sec()' that calls get-/set-filecon(), but it appears that in the 'backup file' case, from_file and to_file are 'reversed'.]
In my case, editing '/etc/rc.sysinit' changed the context of '/etc/rc.d/rc.sysinit' from 'system_u:object_r:initrc_exec_t' to 'root:object_r:etc_t'.
I've bugzilla'ed this against vim here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127361 but this may affect more than vim (e.g., emacs, ...)
Is this patch Fedora based, or is there an upstream source? Am I breaking something else?
tom
