rpms/libselinux/F-7 libselinux-rhat.patch, 1.120, 1.121 libselinux.spec, 1.266, 1.267
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Jul 11 16:05:42 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/libselinux/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22843
Modified Files:
libselinux-rhat.patch libselinux.spec
Log Message:
* Wed Jul 11 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.14-4
- Second try to add nscd permissions
libselinux-rhat.patch:
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/libselinux/F-7/libselinux-rhat.patch,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- libselinux-rhat.patch 11 Jul 2007 15:21:48 -0000 1.120
+++ libselinux-rhat.patch 11 Jul 2007 16:05:02 -0000 1.121
@@ -1,145 +1,7 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.13/src/selinux.py
---- nsalibselinux/src/selinux.py 2007-02-22 08:53:23.000000000 -0500
-+++ libselinux-2.0.13/src/selinux.py 2007-04-23 10:26:41.000000000 -0400
-@@ -48,8 +48,19 @@
- del types
-
-
-+SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
-+get_ordered_context_list = _selinux.get_ordered_context_list
-+get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level
-+get_default_context = _selinux.get_default_context
-+get_default_context_with_level = _selinux.get_default_context_with_level
-+get_default_context_with_role = _selinux.get_default_context_with_role
-+get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel
-+query_user_context = _selinux.query_user_context
-+manual_user_enter_context = _selinux.manual_user_enter_context
- is_selinux_enabled = _selinux.is_selinux_enabled
- is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
-+freecon = _selinux.freecon
-+freeconary = _selinux.freeconary
- getcon = _selinux.getcon
- setcon = _selinux.setcon
- getpidcon = _selinux.getpidcon
-@@ -88,6 +99,8 @@
- set_matchpathcon_flags = _selinux.set_matchpathcon_flags
- matchpathcon_init = _selinux.matchpathcon_init
- matchpathcon = _selinux.matchpathcon
-+matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix
-+matchpathcon_fini = _selinux.matchpathcon_fini
- matchmediacon = _selinux.matchmediacon
- selinux_getenforcemode = _selinux.selinux_getenforcemode
- selinux_policy_root = _selinux.selinux_policy_root
-@@ -102,6 +115,7 @@
- selinux_homedir_context_path = _selinux.selinux_homedir_context_path
- selinux_media_context_path = _selinux.selinux_media_context_path
- selinux_contexts_path = _selinux.selinux_contexts_path
-+selinux_securetty_types_path = _selinux.selinux_securetty_types_path
- selinux_booleans_path = _selinux.selinux_booleans_path
- selinux_customizable_types_path = _selinux.selinux_customizable_types_path
- selinux_users_path = _selinux.selinux_users_path
-@@ -109,13 +123,16 @@
- selinux_translations_path = _selinux.selinux_translations_path
- selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path
- selinux_path = _selinux.selinux_path
--selinux_check_passwd_access = _selinux.selinux_check_passwd_access
--checkPasswdAccess = _selinux.checkPasswdAccess
-+selinux_check_securetty_context = _selinux.selinux_check_securetty_context
-+set_selinuxmnt = _selinux.set_selinuxmnt
- rpm_execcon = _selinux.rpm_execcon
- is_context_customizable = _selinux.is_context_customizable
- selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
- selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
- selinux_getpolicytype = _selinux.selinux_getpolicytype
- getseuserbyname = _selinux.getseuserbyname
-+selinux_file_context_cmp = _selinux.selinux_file_context_cmp
-+selinux_file_context_verify = _selinux.selinux_file_context_verify
-+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
-
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.13/src/selinuxswig.i
---- nsalibselinux/src/selinuxswig.i 2007-04-12 16:02:48.000000000 -0400
-+++ libselinux-2.0.13/src/selinuxswig.i 2007-04-23 10:26:21.000000000 -0400
-@@ -21,6 +21,7 @@
- %module selinux
- %{
- #include "selinux/selinux.h"
-+ #include "selinux/get_context_list.h"
- %}
- %apply int *OUTPUT { int * };
- %apply int *OUTPUT { size_t * };
-@@ -42,8 +43,12 @@
-
- %typedef unsigned mode_t;
-
-+%include "../include/selinux/get_context_list.h"
-+
- extern int is_selinux_enabled(void);
- extern int is_selinux_mls_enabled(void);
-+extern void freecon(security_context_t con);
-+extern void freeconary(security_context_t * con);
- extern int getcon(security_context_t *con);
- extern int setcon(security_context_t con);
- extern int getpidcon(int pid, security_context_t *con);
-@@ -90,6 +95,11 @@
- mode_t mode,
- security_context_t *con);
-
-+extern int matchpathcon_init_prefix(const char *path,
-+ const char *prefix);
-+extern void matchpathcon_fini(void);
-+
-+
- extern int matchmediacon(const char *media,
- security_context_t *con);
-
-@@ -106,6 +116,7 @@
- extern const char *selinux_homedir_context_path(void);
- extern const char *selinux_media_context_path(void);
- extern const char *selinux_contexts_path(void);
-+extern const char *selinux_securetty_types_path(void);
- extern const char *selinux_booleans_path(void);
- extern const char *selinux_customizable_types_path(void);
- extern const char *selinux_users_path(void);
-@@ -113,11 +124,15 @@
- extern const char *selinux_translations_path(void);
- extern const char *selinux_netfilter_context_path(void);
- extern const char *selinux_path(void);
--extern int selinux_check_passwd_access(access_vector_t requested);
--extern int checkPasswdAccess(access_vector_t requested);
-+#extern int selinux_check_passwd_access(access_vector_t requested);
-+#extern int checkPasswdAccess(access_vector_t requested);
-
-+extern int selinux_check_securetty_context(security_context_t tty_context);
-+void set_selinuxmnt(char *mnt);
-+
-+#ifdef SWIGpython
- // This tells SWIG to treat char ** as a special case
--%typemap(python,in) char ** {
-+%typemap(in) char ** {
- /* Check if is a list */
- if (PyList_Check($input)) {
- int size = PyList_Size($input);
-@@ -143,6 +158,7 @@
- return NULL;
- }
- }
-+#endif
-
- extern int rpm_execcon(unsigned int verified,
- const char *filename,
-@@ -164,3 +180,7 @@
- }
- extern int selinux_getpolicytype(char **enforce);
- extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
-+
-+int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
-+int selinux_file_context_verify(const char *path, mode_t mode);
-+int selinux_lsetfilecon_default(const char *path);
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.13/src/selinuxswig_wrap.c
---- nsalibselinux/src/selinuxswig_wrap.c 2007-04-12 16:02:48.000000000 -0400
-+++ libselinux-2.0.13/src/selinuxswig_wrap.c 2007-04-23 10:26:41.000000000 -0400
-@@ -2449,11 +2449,11 @@
+diff -up libselinux-2.0.14/src/selinuxswig_wrap.c.rhat libselinux-2.0.14/src/selinuxswig_wrap.c
+--- libselinux-2.0.14/src/selinuxswig_wrap.c.rhat 2007-04-24 10:36:20.000000000 -0400
++++ libselinux-2.0.14/src/selinuxswig_wrap.c 2007-07-11 12:00:41.000000000 -0400
+@@ -2449,11 +2449,11 @@ SWIG_Python_MustGetPtr(PyObject *obj, sw
/* -------- TYPES TABLE (BEGIN) -------- */
#define SWIGTYPE_p_SELboolean swig_types[0]
@@ -156,7 +18,7 @@
#define SWIGTYPE_p_security_context_t swig_types[6]
#define SWIGTYPE_p_unsigned_int swig_types[7]
static swig_type_info *swig_types[9];
-@@ -2485,6 +2485,99 @@
+@@ -2485,6 +2485,99 @@ static swig_module_info swig_module = {s
#include "selinux/selinux.h"
@@ -256,7 +118,7 @@
#define SWIG_From_long PyInt_FromLong
-@@ -2644,74 +2737,6 @@
+@@ -2644,74 +2737,6 @@ SWIG_AsVal_int (PyObject * obj, int *val
}
@@ -331,7 +193,7 @@
SWIGINTERN int
SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val)
{
-@@ -2781,33 +2806,396 @@
+@@ -2781,33 +2806,396 @@ SWIG_AsVal_unsigned_SS_int (PyObject * o
return res;
}
@@ -750,7 +612,7 @@
SWIGINTERN PyObject *_wrap_is_selinux_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
int result;
-@@ -2834,6 +3222,48 @@
+@@ -2834,6 +3222,48 @@ fail:
}
@@ -799,7 +661,7 @@
SWIGINTERN PyObject *_wrap_getcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
security_context_t *arg1 = (security_context_t *) 0 ;
-@@ -3777,6 +4207,55 @@
+@@ -3777,6 +4207,55 @@ fail:
}
@@ -855,7 +717,7 @@
SWIGINTERN PyObject *_wrap_matchmediacon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *arg1 = (char *) 0 ;
-@@ -3994,6 +4473,19 @@
+@@ -3994,6 +4473,19 @@ fail:
}
@@ -875,7 +737,7 @@
SWIGINTERN PyObject *_wrap_selinux_booleans_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
PyObject *resultobj = 0;
char *result = 0 ;
-@@ -4085,27 +4577,17 @@
+@@ -4085,27 +4577,17 @@ fail:
}
@@ -908,7 +770,7 @@
resultobj = SWIG_From_int((int)(result));
return resultobj;
fail:
-@@ -4113,30 +4595,26 @@
+@@ -4113,30 +4595,26 @@ fail:
}
@@ -953,7 +815,7 @@
return NULL;
}
-@@ -4153,6 +4631,10 @@
+@@ -4153,6 +4631,10 @@ SWIGINTERN PyObject *_wrap_rpm_execcon(P
int res2 ;
char *buf2 = 0 ;
int alloc2 = 0 ;
@@ -964,7 +826,7 @@
PyObject * obj0 = 0 ;
PyObject * obj1 = 0 ;
PyObject * obj2 = 0 ;
-@@ -4169,58 +4651,16 @@
+@@ -4169,58 +4651,16 @@ SWIGINTERN PyObject *_wrap_rpm_execcon(P
SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'");
}
arg2 = (char *)(buf2);
@@ -1032,7 +894,7 @@
result = (int)rpm_execcon(arg1,(char const *)arg2,arg3,arg4);
resultobj = SWIG_From_int((int)(result));
if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
-@@ -4387,9 +4827,101 @@
+@@ -4387,9 +4827,101 @@ fail:
}
@@ -1134,7 +996,7 @@
{ (char *)"getcon", _wrap_getcon, METH_VARARGS, NULL},
{ (char *)"setcon", _wrap_setcon, METH_VARARGS, NULL},
{ (char *)"getpidcon", _wrap_getpidcon, METH_VARARGS, NULL},
-@@ -4426,6 +4958,8 @@
+@@ -4426,6 +4958,8 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"set_matchpathcon_flags", _wrap_set_matchpathcon_flags, METH_VARARGS, NULL},
{ (char *)"matchpathcon_init", _wrap_matchpathcon_init, METH_VARARGS, NULL},
{ (char *)"matchpathcon", _wrap_matchpathcon, METH_VARARGS, NULL},
@@ -1143,7 +1005,7 @@
{ (char *)"matchmediacon", _wrap_matchmediacon, METH_VARARGS, NULL},
{ (char *)"selinux_getenforcemode", _wrap_selinux_getenforcemode, METH_VARARGS, NULL},
{ (char *)"selinux_policy_root", _wrap_selinux_policy_root, METH_VARARGS, NULL},
-@@ -4440,6 +4974,7 @@
+@@ -4440,6 +4974,7 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"selinux_homedir_context_path", _wrap_selinux_homedir_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_media_context_path", _wrap_selinux_media_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL},
@@ -1151,7 +1013,7 @@
{ (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL},
{ (char *)"selinux_customizable_types_path", _wrap_selinux_customizable_types_path, METH_VARARGS, NULL},
{ (char *)"selinux_users_path", _wrap_selinux_users_path, METH_VARARGS, NULL},
-@@ -4447,14 +4982,17 @@
+@@ -4447,14 +4982,17 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"selinux_translations_path", _wrap_selinux_translations_path, METH_VARARGS, NULL},
{ (char *)"selinux_netfilter_context_path", _wrap_selinux_netfilter_context_path, METH_VARARGS, NULL},
{ (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL},
@@ -1171,7 +1033,7 @@
{ NULL, NULL, 0, NULL }
};
-@@ -4462,41 +5000,41 @@
+@@ -4462,41 +5000,41 @@ static PyMethodDef SwigMethods[] = {
/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
static swig_type_info _swigt__p_SELboolean = {"_p_SELboolean", "SELboolean *", 0, 0, (void*)0, 0};
@@ -1217,7 +1079,7 @@
_swigc__p_security_context_t,
_swigc__p_unsigned_int,
};
-@@ -5019,6 +5557,7 @@
+@@ -5019,6 +5557,7 @@ SWIGEXPORT void SWIG_init(void) {
SWIG_InstallConstants(d,swig_const_table);
@@ -1225,244 +1087,274 @@
SWIG_Python_SetConstant(d, "MATCHPATHCON_BASEONLY",SWIG_From_int((int)(1)));
SWIG_Python_SetConstant(d, "MATCHPATHCON_NOTRANS",SWIG_From_int((int)(2)));
}
-diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.13/Makefile
---- nsalibselinux/Makefile 2007-06-01 10:44:08.000000000 -0400
-+++ libselinux-2.0.13/Makefile 2007-06-26 05:11:37.000000000 -0400
-@@ -20,6 +20,9 @@
- $(MAKE) -C src
- $(MAKE) -C utils
+diff -up libselinux-2.0.14/src/selinuxswig.i.rhat libselinux-2.0.14/src/selinuxswig.i
+--- libselinux-2.0.14/src/selinuxswig.i.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/src/selinuxswig.i 2007-07-11 12:00:41.000000000 -0400
+@@ -21,6 +21,7 @@
+ %module selinux
+ %{
+ #include "selinux/selinux.h"
++ #include "selinux/get_context_list.h"
+ %}
+ %apply int *OUTPUT { int * };
+ %apply int *OUTPUT { size_t * };
+@@ -42,8 +43,12 @@
-+swigify:
-+ $(MAKE) -C src swigify
-+
- pywrap:
- $(MAKE) -C src pywrap
+ %typedef unsigned mode_t;
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-2.0.13/man/man3/avc_add_callback.3
---- nsalibselinux/man/man3/avc_add_callback.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/avc_add_callback.3 2007-07-10 12:17:08.000000000 -0400
-@@ -6,26 +6,26 @@
- avc_add_callback \- additional event notification for SELinux userspace object managers.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
-+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
- .in +\w'int avc_add_callback(int (*callback)('u
- .BI "security_id_t " ssid ,
--.br
-+
- .BI "security_id_t " tsid ,
--.br
-+
- .BI "security_class_t " tclass ,
--.br
-+
- .BI "access_vector_t " perms ,
--.br
-+
- .BI "access_vector_t *" out_retained "),"
- .in
- .in +\w'int avc_add_callback('u
- .BI "uint32_t " events ", security_id_t " ssid ,
--.br
-+
- .BI "security_id_t " tsid ", security_class_t " tclass ,
--.br
++%include "../include/selinux/get_context_list.h"
+
- .BI "access_vector_t " perms ");"
- .in
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-2.0.13/man/man3/avc_cache_stats.3
---- nsalibselinux/man/man3/avc_cache_stats.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/avc_cache_stats.3 2007-07-10 12:17:08.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
+ extern int is_selinux_enabled(void);
+ extern int is_selinux_mls_enabled(void);
++extern void freecon(security_context_t con);
++extern void freeconary(security_context_t * con);
+ extern int getcon(security_context_t *con);
+ extern int setcon(security_context_t con);
+ extern int getpidcon(int pid, security_context_t *con);
+@@ -90,6 +95,11 @@ extern int matchpathcon(const char *path
+ mode_t mode,
+ security_context_t *con);
+
++extern int matchpathcon_init_prefix(const char *path,
++ const char *prefix);
++extern void matchpathcon_fini(void);
+
- .B #include <selinux/avc.h>
- .sp
- .BI "void avc_av_stats(void);"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_compute_create.3 libselinux-2.0.13/man/man3/avc_compute_create.3
---- nsalibselinux/man/man3/avc_compute_create.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/avc_compute_create.3 2007-07-10 12:17:07.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_compute_create \- obtain SELinux label for new object.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-2.0.13/man/man3/avc_context_to_sid.3
---- nsalibselinux/man/man3/avc_context_to_sid.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/avc_context_to_sid.3 2007-07-10 12:17:07.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
+ extern int matchmediacon(const char *media,
+ security_context_t *con);
+
+@@ -106,6 +116,7 @@ extern const char *selinux_file_context_
+ extern const char *selinux_homedir_context_path(void);
+ extern const char *selinux_media_context_path(void);
+ extern const char *selinux_contexts_path(void);
++extern const char *selinux_securetty_types_path(void);
+ extern const char *selinux_booleans_path(void);
+ extern const char *selinux_customizable_types_path(void);
+ extern const char *selinux_users_path(void);
+@@ -113,11 +124,15 @@ extern const char *selinux_usersconf_pat
+ extern const char *selinux_translations_path(void);
+ extern const char *selinux_netfilter_context_path(void);
+ extern const char *selinux_path(void);
+-extern int selinux_check_passwd_access(access_vector_t requested);
+-extern int checkPasswdAccess(access_vector_t requested);
++#extern int selinux_check_passwd_access(access_vector_t requested);
++#extern int checkPasswdAccess(access_vector_t requested);
+
++extern int selinux_check_securetty_context(security_context_t tty_context);
++void set_selinuxmnt(char *mnt);
+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-2.0.13/man/man3/avc_has_perm.3
---- nsalibselinux/man/man3/avc_has_perm.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/avc_has_perm.3 2007-07-10 12:13:47.000000000 -0400
-@@ -6,7 +6,7 @@
- avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
--.br
++#ifdef SWIGpython
+ // This tells SWIG to treat char ** as a special case
+-%typemap(python,in) char ** {
++%typemap(in) char ** {
+ /* Check if is a list */
+ if (PyList_Check($input)) {
+ int size = PyList_Size($input);
+@@ -143,6 +158,7 @@ extern int checkPasswdAccess(access_vect
+ return NULL;
+ }
+ }
++#endif
+
+ extern int rpm_execcon(unsigned int verified,
+ const char *filename,
+@@ -164,3 +180,7 @@ extern int selinux_raw_to_trans_context(
+ }
+ extern int selinux_getpolicytype(char **enforce);
+ extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+
- .B #include <selinux/avc.h>
- .sp
- .BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
-@@ -14,21 +14,21 @@
- .BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
- .in +\w'int avc_has_perm('u
- .BI "security_class_t " tclass ", access_vector_t " requested ,
--.br
-+
- .BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
- .in
- .sp
- .BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
- .in +\w'int avc_has_perm('u
- .BI "security_class_t " tclass ", access_vector_t " requested ,
--.br
-+
- .BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
- .in
- .sp
- .BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
- .in +\w'void avc_audit('u
- .BI "security_class_t " tclass ", access_vector_t " requested ,
++int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
++int selinux_file_context_verify(const char *path, mode_t mode);
++int selinux_lsetfilecon_default(const char *path);
+diff -up libselinux-2.0.14/src/selinux.py.rhat libselinux-2.0.14/src/selinux.py
+--- libselinux-2.0.14/src/selinux.py.rhat 2007-04-24 10:36:20.000000000 -0400
++++ libselinux-2.0.14/src/selinux.py 2007-07-11 12:00:41.000000000 -0400
+@@ -48,8 +48,19 @@ except AttributeError:
+ del types
+
+
++SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
++get_ordered_context_list = _selinux.get_ordered_context_list
++get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level
++get_default_context = _selinux.get_default_context
++get_default_context_with_level = _selinux.get_default_context_with_level
++get_default_context_with_role = _selinux.get_default_context_with_role
++get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel
++query_user_context = _selinux.query_user_context
++manual_user_enter_context = _selinux.manual_user_enter_context
+ is_selinux_enabled = _selinux.is_selinux_enabled
+ is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
++freecon = _selinux.freecon
++freeconary = _selinux.freeconary
+ getcon = _selinux.getcon
+ setcon = _selinux.setcon
+ getpidcon = _selinux.getpidcon
+@@ -88,6 +99,8 @@ MATCHPATHCON_NOTRANS = _selinux.MATCHPAT
+ set_matchpathcon_flags = _selinux.set_matchpathcon_flags
+ matchpathcon_init = _selinux.matchpathcon_init
+ matchpathcon = _selinux.matchpathcon
++matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix
++matchpathcon_fini = _selinux.matchpathcon_fini
+ matchmediacon = _selinux.matchmediacon
+ selinux_getenforcemode = _selinux.selinux_getenforcemode
+ selinux_policy_root = _selinux.selinux_policy_root
+@@ -102,6 +115,7 @@ selinux_file_context_local_path = _selin
+ selinux_homedir_context_path = _selinux.selinux_homedir_context_path
+ selinux_media_context_path = _selinux.selinux_media_context_path
+ selinux_contexts_path = _selinux.selinux_contexts_path
++selinux_securetty_types_path = _selinux.selinux_securetty_types_path
+ selinux_booleans_path = _selinux.selinux_booleans_path
+ selinux_customizable_types_path = _selinux.selinux_customizable_types_path
+ selinux_users_path = _selinux.selinux_users_path
+@@ -109,13 +123,16 @@ selinux_usersconf_path = _selinux.selinu
+ selinux_translations_path = _selinux.selinux_translations_path
+ selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path
+ selinux_path = _selinux.selinux_path
+-selinux_check_passwd_access = _selinux.selinux_check_passwd_access
+-checkPasswdAccess = _selinux.checkPasswdAccess
++selinux_check_securetty_context = _selinux.selinux_check_securetty_context
++set_selinuxmnt = _selinux.set_selinuxmnt
+ rpm_execcon = _selinux.rpm_execcon
+ is_context_customizable = _selinux.is_context_customizable
+ selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
+ selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
+ selinux_getpolicytype = _selinux.selinux_getpolicytype
+ getseuserbyname = _selinux.getseuserbyname
++selinux_file_context_cmp = _selinux.selinux_file_context_cmp
++selinux_file_context_verify = _selinux.selinux_file_context_verify
++selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
+
+
+diff -up libselinux-2.0.14/include/selinux/flask.h.rhat libselinux-2.0.14/include/selinux/flask.h
+--- libselinux-2.0.14/include/selinux/flask.h.rhat 2007-07-11 12:02:16.000000000 -0400
++++ libselinux-2.0.14/include/selinux/flask.h 2007-07-11 12:02:23.000000000 -0400
+@@ -64,6 +64,8 @@
+ #define SECCLASS_PACKET 57
+ #define SECCLASS_KEY 58
+ #define SECCLASS_CONTEXT 59
++#define SECCLASS_DCCP_SOCKET 60
++#define SECCLASS_MEMPROTECT 61
+
+ /*
+ * Security identifier indices for initial entities
+diff -up libselinux-2.0.14/include/selinux/av_permissions.h.rhat libselinux-2.0.14/include/selinux/av_permissions.h
+--- libselinux-2.0.14/include/selinux/av_permissions.h.rhat 2007-07-11 12:02:07.000000000 -0400
++++ libselinux-2.0.14/include/selinux/av_permissions.h 2007-07-11 12:02:09.000000000 -0400
+@@ -290,12 +290,16 @@
+ #define NODE__RAWIP_RECV 0x00000010UL
+ #define NODE__RAWIP_SEND 0x00000020UL
+ #define NODE__ENFORCE_DEST 0x00000040UL
++#define NODE__DCCP_RECV 0x00000080UL
++#define NODE__DCCP_SEND 0x00000100UL
+ #define NETIF__TCP_RECV 0x00000001UL
+ #define NETIF__TCP_SEND 0x00000002UL
+ #define NETIF__UDP_RECV 0x00000004UL
+ #define NETIF__UDP_SEND 0x00000008UL
+ #define NETIF__RAWIP_RECV 0x00000010UL
+ #define NETIF__RAWIP_SEND 0x00000020UL
++#define NETIF__DCCP_RECV 0x00000040UL
++#define NETIF__DCCP_SEND 0x00000080UL
+ #define NETLINK_SOCKET__IOCTL 0x00000001UL
+ #define NETLINK_SOCKET__READ 0x00000002UL
+ #define NETLINK_SOCKET__WRITE 0x00000004UL
+@@ -837,6 +841,8 @@
+ #define NSCD__SHMEMPWD 0x00000020UL
+ #define NSCD__SHMEMGRP 0x00000040UL
+ #define NSCD__SHMEMHOST 0x00000080UL
++#define NSCD__GETSERV 0x00000100UL
++#define NSCD__SHMEMSERV 0x00000200UL
+ #define ASSOCIATION__SENDTO 0x00000001UL
+ #define ASSOCIATION__RECVFROM 0x00000002UL
+ #define ASSOCIATION__SETCONTEXT 0x00000004UL
+@@ -897,3 +903,28 @@
+ #define KEY__CREATE 0x00000040UL
+ #define CONTEXT__TRANSLATE 0x00000001UL
+ #define CONTEXT__CONTAINS 0x00000002UL
++#define DCCP_SOCKET__IOCTL 0x00000001UL
++#define DCCP_SOCKET__READ 0x00000002UL
++#define DCCP_SOCKET__WRITE 0x00000004UL
++#define DCCP_SOCKET__CREATE 0x00000008UL
++#define DCCP_SOCKET__GETATTR 0x00000010UL
++#define DCCP_SOCKET__SETATTR 0x00000020UL
++#define DCCP_SOCKET__LOCK 0x00000040UL
++#define DCCP_SOCKET__RELABELFROM 0x00000080UL
++#define DCCP_SOCKET__RELABELTO 0x00000100UL
++#define DCCP_SOCKET__APPEND 0x00000200UL
++#define DCCP_SOCKET__BIND 0x00000400UL
++#define DCCP_SOCKET__CONNECT 0x00000800UL
++#define DCCP_SOCKET__LISTEN 0x00001000UL
++#define DCCP_SOCKET__ACCEPT 0x00002000UL
++#define DCCP_SOCKET__GETOPT 0x00004000UL
++#define DCCP_SOCKET__SETOPT 0x00008000UL
++#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
++#define DCCP_SOCKET__RECVFROM 0x00020000UL
++#define DCCP_SOCKET__SENDTO 0x00040000UL
++#define DCCP_SOCKET__RECV_MSG 0x00080000UL
++#define DCCP_SOCKET__SEND_MSG 0x00100000UL
++#define DCCP_SOCKET__NAME_BIND 0x00200000UL
++#define DCCP_SOCKET__NODE_BIND 0x00400000UL
++#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
++#define MEMPROTECT__MMAP_ZERO 0x00000001UL
+diff -up libselinux-2.0.14/man/man8/selinux.8.rhat libselinux-2.0.14/man/man8/selinux.8
+--- libselinux-2.0.14/man/man8/selinux.8.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man8/selinux.8 2007-07-11 12:00:41.000000000 -0400
+@@ -62,14 +62,13 @@ compile-time tunable options and a set o
+ .B system-config-securitylevel
+ allows customization of these booleans and tunables.
+
-.br
+ Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
+
+ .SH FILE LABELING
+
+ All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
+ Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
+-.br
+
- .BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
- .in
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-2.0.13/man/man3/avc_init.3
---- nsalibselinux/man/man3/avc_init.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/avc_init.3 2007-07-10 12:13:43.000000000 -0400
-@@ -6,17 +6,17 @@
- avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
+ The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
+
+ .SH AUTHOR
+diff -up libselinux-2.0.14/man/man8/matchpathcon.8.rhat libselinux-2.0.14/man/man8/matchpathcon.8
+--- libselinux-2.0.14/man/man8/matchpathcon.8.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man8/matchpathcon.8 2007-07-11 12:00:41.000000000 -0400
+@@ -10,16 +10,16 @@ Prints the file path and the default sec
+ .SH OPTIONS
+ .B \-n
+ Do not display path.
-.br
+
- .B #include <selinux/avc.h>
- .sp
- .BI "int avc_init(const char *" msgprefix ,
- .in +\w'int avc_init('u
- .BI "const struct avc_memory_callback *" mem_callbacks ,
+ .B \-N
+ Do not use translations.
-.br
+
- .BI "const struct avc_log_callback *" log_callbacks ,
+ .B \-f file_context_file
+ Use alternate file_context file
-.br
+
- .BI "const struct avc_thread_callback *" thread_callbacks ,
+ .B \-p prefix
+ Use prefix to speed translations
-.br
+
- .BI "const struct avc_lock_callback *" lock_callbacks ");"
- .in
- .sp
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-2.0.13/man/man3/context_new.3
---- nsalibselinux/man/man3/context_new.3 2007-01-17 11:11:35.000000000 -0500
-+++ libselinux-2.0.13/man/man3/context_new.3 2007-07-10 12:13:40.000000000 -0400
-@@ -4,27 +4,27 @@
+ .B \-V
+ Verify file context on disk matches defaults
+diff -up libselinux-2.0.14/man/man3/avc_compute_create.3.rhat libselinux-2.0.14/man/man3/avc_compute_create.3
+--- libselinux-2.0.14/man/man3/avc_compute_create.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/avc_compute_create.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,7 +6,7 @@
+ avc_compute_create \- obtain SELinux label for new object.
.SH "SYNOPSIS"
- .B #include <selinux/context.h>
--.br
-+
- .B "context_t context_new(const char *" context_str );
--.br
-+
- .B "const char * context_str(context_t " con );
--.br
-+
- .B "void context_free(context_t " con );
--.br
-+
- .B "const char * context_type_get(context_t " con );
--.br
-+
- .B "const char * context_range_get(context_t " con );
--.br
-+
- .B "const char * context_role_get(context_t " con );
--.br
-+
- .B "const char * context_user_get(context_t " con );
--.br
-+
- .B "const char * context_type_set(context_t " con ", const char* " type);
--.br
-+
- .B "const char * context_range_set(context_t " con ", const char* " range);
--.br
-+
- .B "const char * context_role_set(context_t " con ", const char* " role );
--.br
-+
- .B "const char * context_user_set(context_t " con ", const char* " user );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.13/man/man3/freecon.3
---- nsalibselinux/man/man3/freecon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/freecon.3 2007-07-10 12:13:55.000000000 -0400
-@@ -5,7 +5,7 @@
.B #include <selinux/selinux.h>
- .sp
- .BI "void freecon(security_context_t "con );
--.br
-+
- .BI "void freeconary(security_context_t *" con );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-2.0.13/man/man3/getcon.3
---- nsalibselinux/man/man3/getcon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/getcon.3 2007-07-10 12:14:08.000000000 -0400
-@@ -1,21 +1,21 @@
- .TH "getcon" "3" "1 January 2004" "russell at coker.com.au" "SELinux API documentation"
- .SH "NAME"
- getcon, getprevcon, getpidcon \- get SELinux security context of a process.
-.br
+
- getpeercon - get security context of a peer socket.
--.br
-+
- setcon - set current security context of a process.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
+ .B #include <selinux/avc.h>
.sp
- .BI "int getcon(security_context_t *" context );
--.br
-+
- .BI "int getprevcon(security_context_t *" context );
--.br
-+
- .BI "int getpidcon(pid_t " pid ", security_context_t *" context );
--.br
-+
- .BI "int getpeercon(int " fd ", security_context_t *" context);
--.br
-+
- .BI "int setcon(security_context_t " context);
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-2.0.13/man/man3/getexeccon.3
---- nsalibselinux/man/man3/getexeccon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/getexeccon.3 2007-07-10 12:14:24.000000000 -0400
+ .BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
+diff -up libselinux-2.0.14/man/man3/getexeccon.3.rhat libselinux-2.0.14/man/man3/getexeccon.3
+--- libselinux-2.0.14/man/man3/getexeccon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/getexeccon.3 2007-07-11 12:00:41.000000000 -0400
@@ -1,16 +1,16 @@
- .TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SELinux API documentation"
+ .TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
-.br
@@ -1481,7 +1373,7 @@
.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
.SH "DESCRIPTION"
-@@ -26,16 +26,16 @@
+@@ -26,16 +26,16 @@ NULL can be passed to
setexeccon to reset to the default policy behavior.
The exec context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
@@ -1501,10 +1393,10 @@
.B rpm_execcon
runs a helper for rpm in an appropriate security context. The
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-2.0.13/man/man3/getfilecon.3
---- nsalibselinux/man/man3/getfilecon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/getfilecon.3 2007-07-10 12:17:06.000000000 -0400
-@@ -5,9 +5,9 @@
+diff -up libselinux-2.0.14/man/man3/getfilecon.3.rhat libselinux-2.0.14/man/man3/getfilecon.3
+--- libselinux-2.0.14/man/man3/getfilecon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/getfilecon.3 2007-07-11 12:00:41.000000000 -0400
+@@ -5,9 +5,9 @@ getfilecon, fgetfilecon, lgetfilecon \-
.B #include <selinux/selinux.h>
.sp
.BI "int getfilecon(const char *" path ", security_context_t *" con );
@@ -1516,7 +1408,7 @@
.BI "int fgetfilecon(int "fd ", security_context_t *" con );
.SH "DESCRIPTION"
.B getfilecon
-@@ -22,7 +22,6 @@
+@@ -22,7 +22,6 @@ link itself is interrogated, not the fil
is identical to getfilecon, only the open file pointed to by filedes (as
returned by open(2)) is interrogated in place of path.
@@ -1524,10 +1416,64 @@
The returned context should be freed with freecon if non-NULL.
.SH "RETURN VALUE"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-2.0.13/man/man3/getfscreatecon.3
---- nsalibselinux/man/man3/getfscreatecon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/getfscreatecon.3 2007-07-10 12:17:06.000000000 -0400
-@@ -6,7 +6,7 @@
+diff -up libselinux-2.0.14/man/man3/selinux_binary_policy_path.3.rhat libselinux-2.0.14/man/man3/selinux_binary_policy_path.3
+--- libselinux-2.0.14/man/man3/selinux_binary_policy_path.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/selinux_binary_policy_path.3 2007-07-11 12:00:41.000000000 -0400
+@@ -10,27 +10,27 @@ directories and files.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .sp
+-.br
++
+ extern const char *selinux_policy_root(void);
+-.br
++
+ extern const char *selinux_binary_policy_path(void);
+-.br
++
+ extern const char *selinux_failsafe_context_path(void);
+-.br
++
+ extern const char *selinux_removable_context_path(void);
+-.br
++
+ extern const char *selinux_default_context_path(void);
+-.br
++
+ extern const char *selinux_user_contexts_path(void);
+-.br
++
+ extern const char *selinux_file_context_path(void);
+-.br
++
+ extern const char *selinux_media_context_path(void);
+-.br
++
+ extern const char *selinux_securetty_types_path(void);
+-.br
++
+ extern const char *selinux_contexts_path(void);
+-.br
++
+ extern const char *selinux_booleans_path(void);
+
+
+diff -up libselinux-2.0.14/man/man3/security_class_to_string.3.rhat libselinux-2.0.14/man/man3/security_class_to_string.3
+--- libselinux-2.0.14/man/man3/security_class_to_string.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/security_class_to_string.3 2007-07-11 12:00:41.000000000 -0400
+@@ -8,7 +8,7 @@ between SELinux class and permission val
+
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+-.br
++
+ .B #include <selinux/flask.h>
+ .sp
+ .BI "const char * security_class_to_string(security_class_t " tclass ");"
+diff -up libselinux-2.0.14/man/man3/getfscreatecon.3.rhat libselinux-2.0.14/man/man3/getfscreatecon.3
+--- libselinux-2.0.14/man/man3/getfscreatecon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/getfscreatecon.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,7 +6,7 @@ getfscreatecon, setfscreatecon \- get or
.B #include <selinux/selinux.h>
.sp
.BI "int getfscreatecon(security_context_t *" con );
@@ -1536,7 +1482,7 @@
.BI "int setfscreatecon(security_context_t "context );
.SH "DESCRIPTION"
-@@ -22,11 +22,11 @@
+@@ -22,11 +22,11 @@ NULL can be passed to
setfscreatecon to reset to the default policy behavior.
The fscreate context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
@@ -1550,46 +1496,53 @@
Note: Signal handlers that perform an setfscreate must take care to
save, reset, and restore the fscreate context to avoid unexpected behaviors.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-2.0.13/man/man3/get_ordered_context_list.3
---- nsalibselinux/man/man3/get_ordered_context_list.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/get_ordered_context_list.3 2007-07-10 12:17:05.000000000 -0400
-@@ -4,7 +4,7 @@
+diff -up libselinux-2.0.14/man/man3/freecon.3.rhat libselinux-2.0.14/man/man3/freecon.3
+--- libselinux-2.0.14/man/man3/freecon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/freecon.3 2007-07-11 12:00:41.000000000 -0400
+@@ -5,7 +5,7 @@ freecon, freeconary \- free memory assoc
+ .B #include <selinux/selinux.h>
+ .sp
+ .BI "void freecon(security_context_t "con );
+-.br
++
+ .BI "void freeconary(security_context_t *" con );
- .SH "SYNOPSIS"
+ .SH "DESCRIPTION"
+diff -up libselinux-2.0.14/man/man3/security_getenforce.3.rhat libselinux-2.0.14/man/man3/security_getenforce.3
+--- libselinux-2.0.14/man/man3/security_getenforce.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/security_getenforce.3 2007-07-11 12:00:41.000000000 -0400
+@@ -5,7 +5,7 @@ security_getenforce, security_setenforce
.B #include <selinux/selinux.h>
+ .sp
+ .B int security_getenforce();
-.br
+
- .B #include <selinux/get_context_list.h>
- .sp
- .BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-2.0.13/man/man3/getseuserbyname.3
---- nsalibselinux/man/man3/getseuserbyname.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/getseuserbyname.3 2007-07-10 12:17:04.000000000 -0400
-@@ -12,7 +12,7 @@
- then be passed to other libselinux functions such as
- get_ordered_context_list_with_level and get_default_context_with_level.
+ .BI "int security_setenforce(int "value );
+ .SH "DESCRIPTION"
+diff -up libselinux-2.0.14/man/man3/selinux_getenforcemode.3.rhat libselinux-2.0.14/man/man3/selinux_getenforcemode.3
+--- libselinux-2.0.14/man/man3/selinux_getenforcemode.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/selinux_getenforcemode.3 2007-07-11 12:00:41.000000000 -0400
+@@ -5,13 +5,13 @@ selinux_getenforcemode \- get the enforc
+ .B #include <selinux/selinux.h>
+ .sp
+ .B int selinux_getenforcemode(int *enforce);
-.br
+
- The returned SELinux username and level should be freed by the caller
- using free.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-2.0.13/man/man3/is_context_customizable.3
---- nsalibselinux/man/man3/is_context_customizable.3 2007-01-17 11:11:35.000000000 -0500
-+++ libselinux-2.0.13/man/man3/is_context_customizable.3 2007-07-10 12:17:04.000000000 -0400
-@@ -8,7 +8,7 @@
-
.SH "DESCRIPTION"
- .B is_context_customizable
+ .B selinux_getenforcemode
+ Reads the contents of the /etc/selinux/config file to determine how the
+ system was setup to run SELinux.
-.br
+
- This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
- administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-2.0.13/man/man3/matchmediacon.3
---- nsalibselinux/man/man3/matchmediacon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/matchmediacon.3 2007-07-10 12:17:03.000000000 -0400
-@@ -6,14 +6,14 @@
+ Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
+ Sets the value of enforce to 0 if SELinux should be run in permissive mode.
+ Sets the value of enforce to -1 if SELinux should be disabled.
+diff -up libselinux-2.0.14/man/man3/matchmediacon.3.rhat libselinux-2.0.14/man/man3/matchmediacon.3
+--- libselinux-2.0.14/man/man3/matchmediacon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/matchmediacon.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,14 +6,14 @@ matchmediacon \- get the default SELinux
.B #include <selinux/selinux.h>
.sp
.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
@@ -1607,10 +1560,61 @@
.B Note:
Caller must free returned security context "con" using freecon.
.SH "RETURN VALUE"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.13/man/man3/matchpathcon.3
---- nsalibselinux/man/man3/matchpathcon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/matchpathcon.3 2007-07-10 12:15:33.000000000 -0400
-@@ -6,18 +6,18 @@
+diff -up libselinux-2.0.14/man/man3/getseuserbyname.3.rhat libselinux-2.0.14/man/man3/getseuserbyname.3
+--- libselinux-2.0.14/man/man3/getseuserbyname.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/getseuserbyname.3 2007-07-11 12:00:41.000000000 -0400
+@@ -12,7 +12,7 @@ a given Linux username. The SELinux use
+ then be passed to other libselinux functions such as
+ get_ordered_context_list_with_level and get_default_context_with_level.
+
+-.br
++
+
+ The returned SELinux username and level should be freed by the caller
+ using free.
+diff -up libselinux-2.0.14/man/man3/is_context_customizable.3.rhat libselinux-2.0.14/man/man3/is_context_customizable.3
+--- libselinux-2.0.14/man/man3/is_context_customizable.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/is_context_customizable.3 2007-07-11 12:00:41.000000000 -0400
+@@ -8,7 +8,7 @@ is_context_customizable \- check whether
+
+ .SH "DESCRIPTION"
+ .B is_context_customizable
+-.br
++
+ This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
+ administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
+
+diff -up libselinux-2.0.14/man/man3/security_compute_av.3.rhat libselinux-2.0.14/man/man3/security_compute_av.3
+--- libselinux-2.0.14/man/man3/security_compute_av.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/security_compute_av.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,7 +6,7 @@ the SELinux policy database in the kerne
+
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+-.br
++
+ .B #include <selinux/flask.h>
+ .sp
+ .BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
+diff -up libselinux-2.0.14/man/man3/setfilecon.3.rhat libselinux-2.0.14/man/man3/setfilecon.3
+--- libselinux-2.0.14/man/man3/setfilecon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/setfilecon.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,9 +6,9 @@ setfilecon, fsetfilecon, lsetfilecon \-
+ .B #include <selinux/selinux.h>
+ .sp
+ .BI "int setfilecon(const char *" path ", security_context_t "con );
+-.br
++
+ .BI "int lsetfilecon(const char *" path ", security_context_t "con );
+-.br
++
+ .BI "int fsetfilecon(int "fd ", security_context_t "con );
+
+ .SH "DESCRIPTION"
+diff -up libselinux-2.0.14/man/man3/matchpathcon.3.rhat libselinux-2.0.14/man/man3/matchpathcon.3
+--- libselinux-2.0.14/man/man3/matchpathcon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/matchpathcon.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,18 +6,18 @@ matchpathcon \- get the default SELinux
.B #include <selinux/selinux.h>
.sp
.BI "int matchpathcon_init(const char *" path ");"
@@ -1635,7 +1639,7 @@
.SH "DESCRIPTION"
.B matchpathcon_init
loads the file contexts configuration specified by
-@@ -40,7 +40,7 @@
+@@ -40,7 +40,7 @@ and
suffix are also looked up and loaded if present. These files provide
dynamically generated entries for user home directories and for local
customizations.
@@ -1644,7 +1648,7 @@
.sp
.B matchpathcon_fini
frees the memory allocated by a prior call to
-@@ -49,7 +49,7 @@
+@@ -49,7 +49,7 @@ This function can be used to free and re
.B matchpathcon_init
calls, or to free memory when finished using
.B matchpathcon.
@@ -1653,7 +1657,7 @@
.sp
.B matchpathcon
matches the specified pathname and mode against the file contexts
-@@ -72,14 +72,14 @@
+@@ -72,14 +72,14 @@ its first invocation with a NULL
.I path,
defaulting to the active file contexts configuration.
.sp
@@ -1670,7 +1674,7 @@
.sp
.B set_matchpathcon_invalidcon
sets the function used by
-@@ -100,7 +100,7 @@
+@@ -100,7 +100,7 @@ may include the
and
.I lineno
in such error messages.
@@ -1679,7 +1683,7 @@
.sp
.B set_matchpathcon_flags
sets flags controlling the operation of
-@@ -111,7 +111,7 @@
+@@ -111,7 +111,7 @@ If the
.B MATCHPATHCON_BASEONLY
flag is set, then only the base file contexts configuration file
will be processed, not any dynamically generated entries or local customizations.
@@ -1688,46 +1692,35 @@
.sp
.SH "RETURN VALUE"
Returns 0 on success or -1 otherwise.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_class_to_string.3 libselinux-2.0.13/man/man3/security_class_to_string.3
---- nsalibselinux/man/man3/security_class_to_string.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/security_class_to_string.3 2007-07-10 12:15:16.000000000 -0400
-@@ -8,7 +8,7 @@
-
+diff -up libselinux-2.0.14/man/man3/avc_init.3.rhat libselinux-2.0.14/man/man3/avc_init.3
+--- libselinux-2.0.14/man/man3/avc_init.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/avc_init.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,17 +6,17 @@
+ avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
- .B #include <selinux/flask.h>
+ .B #include <selinux/avc.h>
.sp
- .BI "const char * security_class_to_string(security_class_t " tclass ");"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-2.0.13/man/man3/security_compute_av.3
---- nsalibselinux/man/man3/security_compute_av.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/security_compute_av.3 2007-07-10 12:15:12.000000000 -0400
-@@ -6,7 +6,7 @@
-
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
+ .BI "int avc_init(const char *" msgprefix ,
+ .in +\w'int avc_init('u
+ .BI "const struct avc_memory_callback *" mem_callbacks ,
-.br
+
- .B #include <selinux/flask.h>
- .sp
- .BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-2.0.13/man/man3/security_getenforce.3
---- nsalibselinux/man/man3/security_getenforce.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/security_getenforce.3 2007-07-10 12:15:08.000000000 -0400
-@@ -5,7 +5,7 @@
- .B #include <selinux/selinux.h>
- .sp
- .B int security_getenforce();
+ .BI "const struct avc_log_callback *" log_callbacks ,
-.br
+
- .BI "int security_setenforce(int "value );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-2.0.13/man/man3/security_load_booleans.3
---- nsalibselinux/man/man3/security_load_booleans.3 2007-01-17 11:11:35.000000000 -0500
-+++ libselinux-2.0.13/man/man3/security_load_booleans.3 2007-07-10 12:17:02.000000000 -0400
-@@ -7,15 +7,15 @@
+ .BI "const struct avc_thread_callback *" thread_callbacks ,
+-.br
++
+ .BI "const struct avc_lock_callback *" lock_callbacks ");"
+ .in
+ .sp
+diff -up libselinux-2.0.14/man/man3/security_load_booleans.3.rhat libselinux-2.0.14/man/man3/security_load_booleans.3
+--- libselinux-2.0.14/man/man3/security_load_booleans.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/security_load_booleans.3 2007-07-11 12:00:41.000000000 -0400
+@@ -7,15 +7,15 @@ security_get_boolean_pending \- routines
.B #include <selinux/selinux.h>
.sp
extern int security_load_booleans(char *path);
@@ -1748,7 +1741,7 @@
extern int security_commit_booleans(void);
-@@ -29,27 +29,27 @@
+@@ -29,27 +29,27 @@ policy without having to load a new poli
The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
security_load_booleans
@@ -1782,71 +1775,151 @@
Commit all pending values for the booleans.
.SH AUTHOR
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.13/man/man3/selinux_binary_policy_path.3
---- nsalibselinux/man/man3/selinux_binary_policy_path.3 2007-01-17 11:11:35.000000000 -0500
-+++ libselinux-2.0.13/man/man3/selinux_binary_policy_path.3 2007-07-10 12:16:08.000000000 -0400
-@@ -10,27 +10,27 @@
+diff -up libselinux-2.0.14/man/man3/avc_add_callback.3.rhat libselinux-2.0.14/man/man3/avc_add_callback.3
+--- libselinux-2.0.14/man/man3/avc_add_callback.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/avc_add_callback.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,26 +6,26 @@
+ avc_add_callback \- additional event notification for SELinux userspace object managers.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
- .sp
-.br
+
- extern const char *selinux_policy_root(void);
+ .B #include <selinux/avc.h>
+ .sp
+ .BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
+ .in +\w'int avc_add_callback(int (*callback)('u
+ .BI "security_id_t " ssid ,
-.br
+
- extern const char *selinux_binary_policy_path(void);
+ .BI "security_id_t " tsid ,
-.br
+
- extern const char *selinux_failsafe_context_path(void);
+ .BI "security_class_t " tclass ,
-.br
+
- extern const char *selinux_removable_context_path(void);
+ .BI "access_vector_t " perms ,
-.br
+
- extern const char *selinux_default_context_path(void);
+ .BI "access_vector_t *" out_retained "),"
+ .in
+ .in +\w'int avc_add_callback('u
+ .BI "uint32_t " events ", security_id_t " ssid ,
-.br
+
- extern const char *selinux_user_contexts_path(void);
+ .BI "security_id_t " tsid ", security_class_t " tclass ,
-.br
+
- extern const char *selinux_file_context_path(void);
+ .BI "access_vector_t " perms ");"
+ .in
+ .SH "DESCRIPTION"
+diff -up libselinux-2.0.14/man/man3/avc_has_perm.3.rhat libselinux-2.0.14/man/man3/avc_has_perm.3
+--- libselinux-2.0.14/man/man3/avc_has_perm.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/avc_has_perm.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,7 +6,7 @@
+ avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
-.br
+
- extern const char *selinux_media_context_path(void);
+ .B #include <selinux/avc.h>
+ .sp
+ .BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
+@@ -14,21 +14,21 @@ avc_has_perm, avc_has_perm_noaudit, avc_
+ .BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
+ .in +\w'int avc_has_perm('u
+ .BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
- extern const char *selinux_securetty_types_path(void);
+ .BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
+ .in
+ .sp
+ .BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
+ .in +\w'int avc_has_perm('u
+ .BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
- extern const char *selinux_contexts_path(void);
+ .BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
+ .in
+ .sp
+ .BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
+ .in +\w'void avc_audit('u
+ .BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
- extern const char *selinux_booleans_path(void);
-
+ .BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
+ .in
+ .SH "DESCRIPTION"
+diff -up libselinux-2.0.14/man/man3/get_ordered_context_list.3.rhat libselinux-2.0.14/man/man3/get_ordered_context_list.3
+--- libselinux-2.0.14/man/man3/get_ordered_context_list.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/get_ordered_context_list.3 2007-07-11 12:00:41.000000000 -0400
+@@ -4,7 +4,7 @@ get_ordered_context_list, get_ordered_co
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-2.0.13/man/man3/selinux_getenforcemode.3
---- nsalibselinux/man/man3/selinux_getenforcemode.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/selinux_getenforcemode.3 2007-07-10 12:16:51.000000000 -0400
-@@ -5,13 +5,13 @@
+ .SH "SYNOPSIS"
.B #include <selinux/selinux.h>
+-.br
++
+ .B #include <selinux/get_context_list.h>
.sp
- .B int selinux_getenforcemode(int *enforce);
+ .BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
+diff -up libselinux-2.0.14/man/man3/getcon.3.rhat libselinux-2.0.14/man/man3/getcon.3
+--- libselinux-2.0.14/man/man3/getcon.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/getcon.3 2007-07-11 12:00:41.000000000 -0400
+@@ -1,21 +1,21 @@
+ .TH "getcon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .SH "NAME"
+ getcon, getprevcon, getpidcon \- get SELinux security context of a process.
+-.br
++
+ getpeercon - get security context of a peer socket.
+-.br
++
+ setcon - set current security context of a process.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .sp
+ .BI "int getcon(security_context_t *" context );
+-.br
++
+ .BI "int getprevcon(security_context_t *" context );
+-.br
++
+ .BI "int getpidcon(pid_t " pid ", security_context_t *" context );
+-.br
++
+ .BI "int getpeercon(int " fd ", security_context_t *" context);
-.br
+
+ .BI "int setcon(security_context_t " context);
.SH "DESCRIPTION"
- .B selinux_getenforcemode
- Reads the contents of the /etc/selinux/config file to determine how the
- system was setup to run SELinux.
+diff -up libselinux-2.0.14/man/man3/avc_cache_stats.3.rhat libselinux-2.0.14/man/man3/avc_cache_stats.3
+--- libselinux-2.0.14/man/man3/avc_cache_stats.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/avc_cache_stats.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,7 +6,7 @@
+ avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
-.br
+
- Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
- Sets the value of enforce to 0 if SELinux should be run in permissive mode.
- Sets the value of enforce to -1 if SELinux should be disabled.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-2.0.13/man/man3/selinux_policy_root.3
---- nsalibselinux/man/man3/selinux_policy_root.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/selinux_policy_root.3 2007-07-10 12:16:49.000000000 -0400
-@@ -5,7 +5,7 @@
+ .B #include <selinux/avc.h>
+ .sp
+ .BI "void avc_av_stats(void);"
+diff -up libselinux-2.0.14/man/man3/avc_context_to_sid.3.rhat libselinux-2.0.14/man/man3/avc_context_to_sid.3
+--- libselinux-2.0.14/man/man3/avc_context_to_sid.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/avc_context_to_sid.3 2007-07-11 12:00:41.000000000 -0400
+@@ -6,7 +6,7 @@
+ avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+-.br
++
+ .B #include <selinux/avc.h>
+ .sp
+ .BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
+diff -up libselinux-2.0.14/man/man3/selinux_policy_root.3.rhat libselinux-2.0.14/man/man3/selinux_policy_root.3
+--- libselinux-2.0.14/man/man3/selinux_policy_root.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/selinux_policy_root.3 2007-07-11 12:00:41.000000000 -0400
+@@ -5,7 +5,7 @@ selinux_policy_root \- return the path o
.B #include <selinux/selinux.h>
.sp
.B char *selinux_policy_root();
@@ -1855,61 +1928,58 @@
.SH "DESCRIPTION"
.B selinux_policy_root
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-2.0.13/man/man3/setfilecon.3
---- nsalibselinux/man/man3/setfilecon.3 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man3/setfilecon.3 2007-07-10 12:12:18.000000000 -0400
-@@ -6,9 +6,9 @@
- .B #include <selinux/selinux.h>
- .sp
- .BI "int setfilecon(const char *" path ", security_context_t "con );
+diff -up libselinux-2.0.14/man/man3/context_new.3.rhat libselinux-2.0.14/man/man3/context_new.3
+--- libselinux-2.0.14/man/man3/context_new.3.rhat 2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14/man/man3/context_new.3 2007-07-11 12:00:41.000000000 -0400
+@@ -4,27 +4,27 @@ context_new, context_str, context_free,
+
+ .SH "SYNOPSIS"
+ .B #include <selinux/context.h>
-.br
+
- .BI "int lsetfilecon(const char *" path ", security_context_t "con );
+ .B "context_t context_new(const char *" context_str );
-.br
+
- .BI "int fsetfilecon(int "fd ", security_context_t "con );
-
- .SH "DESCRIPTION"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.13/man/man8/matchpathcon.8
---- nsalibselinux/man/man8/matchpathcon.8 2007-06-21 05:16:39.000000000 -0400
-+++ libselinux-2.0.13/man/man8/matchpathcon.8 2007-07-10 11:38:39.000000000 -0400
-@@ -10,16 +10,16 @@
- .SH OPTIONS
- .B \-n
- Do not display path.
--.br
+ .B "const char * context_str(context_t " con );
+-.br
+
- .B \-N
- Do not use translations.
--.br
+ .B "void context_free(context_t " con );
+-.br
+
- .B \-f file_context_file
- Use alternate file_context file
--.br
+ .B "const char * context_type_get(context_t " con );
+-.br
+
- .B \-p prefix
- Use prefix to speed translations
--.br
+ .B "const char * context_range_get(context_t " con );
+-.br
+
- .B \-V
- Verify file context on disk matches defaults
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-2.0.13/man/man8/selinux.8
---- nsalibselinux/man/man8/selinux.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-2.0.13/man/man8/selinux.8 2007-07-10 11:38:21.000000000 -0400
-@@ -62,14 +62,13 @@
- .B system-config-securitylevel
- allows customization of these booleans and tunables.
-
--.br
- Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
+ .B "const char * context_role_get(context_t " con );
+-.br
++
+ .B "const char * context_user_get(context_t " con );
+-.br
++
+ .B "const char * context_type_set(context_t " con ", const char* " type);
+-.br
++
+ .B "const char * context_range_set(context_t " con ", const char* " range);
+-.br
++
+ .B "const char * context_role_set(context_t " con ", const char* " role );
+-.br
++
+ .B "const char * context_user_set(context_t " con ", const char* " user );
- .SH FILE LABELING
+ .SH "DESCRIPTION"
+diff -up libselinux-2.0.14/Makefile.rhat libselinux-2.0.14/Makefile
+--- libselinux-2.0.14/Makefile.rhat 2007-04-24 10:36:19.000000000 -0400
++++ libselinux-2.0.14/Makefile 2007-07-11 12:00:41.000000000 -0400
+@@ -2,6 +2,9 @@ all:
+ $(MAKE) -C src
+ $(MAKE) -C utils
- All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
- Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
--.br
++swigify:
++ $(MAKE) -C src swigify
+
- The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
-
- .SH AUTHOR
+ pywrap:
+ $(MAKE) -C src pywrap
+
Index: libselinux.spec
===================================================================
RCS file: /cvs/extras/rpms/libselinux/F-7/libselinux.spec,v
retrieving revision 1.266
retrieving revision 1.267
diff -u -r1.266 -r1.267
--- libselinux.spec 11 Jul 2007 15:21:48 -0000 1.266
+++ libselinux.spec 11 Jul 2007 16:05:02 -0000 1.267
@@ -2,7 +2,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.0.14
-Release: 3%{?dist}
+Release: 4%{?dist}
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -122,6 +122,9 @@
%{_libdir}/python*/site-packages/selinux.py*
%changelog
+* Wed Jul 11 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.14-4
+- Second try to add nscd permissions
+
* Wed Jul 11 2007 Dan Walsh <dwalsh at redhat.com> - 2.0.14-3
- Fix man pages
- Add new nscd permissions
More information about the fedora-extras-commits
mailing list