rpms/policycoreutils/devel .cvsignore, 1.201, 1.202 policycoreutils-po.patch, 1.54, 1.55 policycoreutils-rhat.patch, 1.437, 1.438 policycoreutils.spec, 1.637, 1.638 sources, 1.209, 1.210
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 8 14:16:03 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28026
Modified Files:
.cvsignore policycoreutils-po.patch policycoreutils-rhat.patch
policycoreutils.spec sources
Log Message:
* Tue Sep 8 2009 Dan Walsh <dwalsh at redhat.com> 2.0.73-1
- Update to upstream
* Add semanage dontaudit to turn off dontaudits from Dan Walsh.
* Fix semanage to set correct mode for setrans file from Dan Walsh.
* Fix malformed dictionary in portRecord from Dan Walsh.
* Restore symlink handling support to restorecon based on a patch by
Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
udev scripts that was broken by policycoreutils 2.0.70.
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.201
retrieving revision 1.202
diff -u -p -r1.201 -r1.202
--- .cvsignore 18 Aug 2009 19:25:04 -0000 1.201
+++ .cvsignore 8 Sep 2009 14:15:50 -0000 1.202
@@ -206,3 +206,4 @@ policycoreutils-2.0.70.tgz
policycoreutils_man_ru2.tar.bz2
policycoreutils-2.0.71.tgz
sepolgen-1.0.17.tgz
+policycoreutils-2.0.73.tgz
policycoreutils-po.patch:
Makefile | 28
POTFILES | 28
POTFILES.in | 1
af.po | 2449 +++++++++++++++++++++++--
am.po | 2449 +++++++++++++++++++++++--
ar.po | 2449 +++++++++++++++++++++++--
as.po | 3499 ++++++++++++++++++++++--------------
be.po | 2449 +++++++++++++++++++++++--
bg.po | 3605 ++++++++++++++++++++++---------------
bn.po | 2449 +++++++++++++++++++++++--
bn_IN.po | 4066 ++++++++++++++++++++++++------------------
bs.po | 2505 +++++++++++++++++++++++---
ca.po | 2906 +++++++++++++++++++++++++-----
cs.po | 2841 ++++++++++++++++++++++++-----
cy.po | 2449 +++++++++++++++++++++++--
da.po | 3128 +++++++++++++++++++++++++++-----
de.po | 3810 ++++++++++++++++++++++-----------------
el.po | 2512 +++++++++++++++++++++++---
en_GB.po | 2505 +++++++++++++++++++++++---
es.po | 4575 ++++++++++++++++++++++++++---------------------
et.po | 2447 +++++++++++++++++++++++--
eu_ES.po | 2449 +++++++++++++++++++++++--
fa.po | 2449 +++++++++++++++++++++++--
fi.po | 3158 ++++++++++++++++++++++++++++----
fr.po | 3856 +++++++++++++++++++++++-----------------
gl.po | 2447 +++++++++++++++++++++++--
gu.po | 4130 ++++++++++++++++++++++++------------------
he.po | 2449 +++++++++++++++++++++++--
hi.po | 4117 ++++++++++++++++++++++++------------------
hr.po | 2997 ++++++++++++++++++++-----------
hu.po | 3071 +++++++++++++++++++++++++++----
hy.po | 2449 +++++++++++++++++++++++--
id.po | 2447 +++++++++++++++++++++++--
is.po | 2449 +++++++++++++++++++++++--
it.po | 4531 ++++++++++++++++++++++++++---------------------
ja.po | 4183 ++++++++++++++++++++++++-------------------
ka.po | 2449 +++++++++++++++++++++++--
kn.po | 3841 ++++++++++-----------------------------
ko.po | 2793 ++++++++++++++++++++++++-----
ku.po | 2449 +++++++++++++++++++++++--
lo.po | 2449 +++++++++++++++++++++++--
lt.po | 2449 +++++++++++++++++++++++--
lv.po | 2449 +++++++++++++++++++++++--
mai.po | 3462 ++++++++++++++++++++++++++++++++++++
mk.po | 2505 +++++++++++++++++++++++---
ml.po | 4274 ++++++++++++++++++++++++--------------------
mr.po | 4156 ++++++++++++++++++++++++-------------------
ms.po | 2498 +++++++++++++++++++++++--
my.po | 2449 +++++++++++++++++++++++--
nb.po | 2485 +++++++++++++++++++++++--
nl.po | 2920 ++++++++++++++++++++++++------
nn.po | 2449 +++++++++++++++++++++++--
no.po | 1272 -------------
nso.po | 2449 +++++++++++++++++++++++--
or.po | 3984 +++++++++++++++++++++++------------------
pa.po | 4075 +++++++++++++++++++++++-------------------
pl.po | 4014 +++++++++++++++++++++++------------------
policycoreutils.pot | 2431 +++++++++++++++++++++++--
pt.po | 4999 ++++++++++++++++++++++++++++------------------------
pt_BR.po | 4979 ++++++++++++++++++++++++++++-----------------------
ro.po | 2449 +++++++++++++++++++++++--
ru.po | 3459 +++++++++++++++++++++++------------
si.po | 2449 +++++++++++++++++++++++--
sk.po | 2505 +++++++++++++++++++++++---
sl.po | 2449 +++++++++++++++++++++++--
sq.po | 2449 +++++++++++++++++++++++--
sr.po | 4125 ++++++++++++++++++++++++------------------
sr at latin.po | 4135 ++++++++++++++++++++++++-------------------
sv.po | 3165 ++++++++++++++++++++++----------
ta.po | 3935 ++++++++++++++++++++++++++--------------
te.po | 4069 +++++++++++++++++++++++-------------------
th.po | 2449 +++++++++++++++++++++++--
tr.po | 2449 +++++++++++++++++++++++--
uk.po | 2505 +++++++++++++++++++++++---
ur.po | 2449 +++++++++++++++++++++++--
vi.po | 2449 +++++++++++++++++++++++--
zh_CN.po | 3887 +++++++++++++++++++++++-----------------
zh_TW.po | 4174 ++++++++++++++++++++++++-------------------
zu.po | 2449 +++++++++++++++++++++++--
79 files changed, 173072 insertions(+), 59540 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.54 -r 1.55 policycoreutils-po.patchIndex: policycoreutils-po.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-po.patch,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -p -r1.54 -r1.55
--- policycoreutils-po.patch 29 Jul 2009 13:43:53 -0000 1.54
+++ policycoreutils-po.patch 8 Sep 2009 14:15:50 -0000 1.55
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.67/po/af.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.73/po/af.po
--- nsapolicycoreutils/po/af.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/af.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/af.po 2009-09-08 09:38:58.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -3045,9 +3045,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.67/po/am.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.73/po/am.po
--- nsapolicycoreutils/po/am.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/am.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/am.po 2009-09-08 09:38:58.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -6092,9 +6092,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.67/po/ar.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.73/po/ar.po
--- nsapolicycoreutils/po/ar.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/ar.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/ar.po 2009-09-08 09:38:58.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -9139,9 +9139,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.67/po/as.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.73/po/as.po
--- nsapolicycoreutils/po/as.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/as.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/as.po 2009-09-08 09:38:58.000000000 -0400
@@ -1,23 +1,23 @@
-# translation of as.po to Assamese
+# translation of policycoreutils.HEAD.po to Assamese
@@ -13726,9 +13726,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "MLS/\n"
-#~ "MCS Level"
-#~ msgstr "স্তৰ"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.67/po/be.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.73/po/be.po
--- nsapolicycoreutils/po/be.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/be.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/be.po 2009-09-08 09:38:58.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -16773,9 +16773,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.67/po/bg.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.73/po/bg.po
--- nsapolicycoreutils/po/bg.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/bg.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/bg.po 2009-09-08 09:38:58.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -21342,9 +21342,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Изисква стойност"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.67/po/bn_IN.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.73/po/bn_IN.po
--- nsapolicycoreutils/po/bn_IN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/bn_IN.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/bn_IN.po 2009-09-08 09:38:58.000000000 -0400
@@ -9,10 +9,10 @@
msgstr ""
"Project-Id-Version: policycoreutils.HEAD\n"
@@ -26103,9 +26103,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Enforcing\n"
-#~ "Permissive\n"
-#~ "Disabled\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.67/po/bn.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.73/po/bn.po
--- nsapolicycoreutils/po/bn.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/bn.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/bn.po 2009-09-08 09:38:58.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -29150,9 +29150,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.67/po/bs.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.73/po/bs.po
--- nsapolicycoreutils/po/bs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/bs.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/bs.po 2009-09-08 09:38:58.000000000 -0400
@@ -4,7 +4,7 @@
msgstr ""
"Project-Id-Version: bs\n"
@@ -32287,9 +32287,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Zahtijeva vrijednost"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.67/po/ca.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.73/po/ca.po
--- nsapolicycoreutils/po/ca.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/ca.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/ca.po 2009-09-08 09:38:58.000000000 -0400
@@ -5,6 +5,8 @@
#
# Josep Puigdemont Casamajó <josep.puigdemont at gmail.com>, 2006.
@@ -35811,9 +35811,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgid "Options Error: %s "
-#~ msgstr "Error en les opcions: %s "
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.67/po/cs.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.73/po/cs.po
--- nsapolicycoreutils/po/cs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/cs.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/cs.po 2009-09-08 09:38:58.000000000 -0400
@@ -9,7 +9,7 @@
msgstr ""
"Project-Id-Version: cs\n"
@@ -39433,9 +39433,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "<b>Device number:</b>"
#~ msgstr "<b>Číslo zařízení:</b>"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.67/po/cy.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.73/po/cy.po
--- nsapolicycoreutils/po/cy.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/cy.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/cy.po 2009-09-08 09:38:58.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -42480,9 +42480,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.67/po/da.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.73/po/da.po
--- nsapolicycoreutils/po/da.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/da.po 2009-07-07 16:48:10.000000000 -0400
++++ policycoreutils-2.0.73/po/da.po 2009-09-08 09:38:58.000000000 -0400
@@ -1,24 +1,25 @@
-# translation of da.po to
-# Danish messages for policycoreutils.
@@ -46376,15 +46376,15 @@ diff --exclude-from=exclude -N -u -r nsa
#~ "skal du køre \n"
#~ "\n"
#~ "semodule -i %s.pp\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.67/po/de.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.73/po/de.po
--- nsapolicycoreutils/po/de.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/de.po 2009-07-07 16:48:10.000000000 -0400
-@@ -1,26 +1,24 @@
++++ policycoreutils-2.0.73/po/de.po 2009-09-08 09:38:58.000000000 -0400
+@@ -1,4 +1,3 @@
-# translation of policycoreutils.HEAD.de.po to German
# German translation of policycoreutils.
# Copyright (C) 2006, 2007, 2008 Free Software Foundation, Inc.
#
--#
+@@ -6,23 +5,24 @@
# Holger Wansing <linux at wansing-online.de>, 2006.
# Timo Trinks <ttrinks at redhat.com>, 2006, 2007.
# Michael Schönitzer <michael at schoenitzer.de>, 2007.
@@ -46392,7 +46392,7 @@ diff --exclude-from=exclude -N -u -r nsa
+# Fabian Affolter <fab at fedoraproject.org>, 2008,2009.
# Timo Trinks <ttrinks at redhat.com>, 2008.
# Daniela Kugelmann <dkugelma at redhat.com >, 2008.
-+#
++# Michael Münch <micm at fedoraproject.org.org>, 2009.
msgid ""
msgstr ""
"Project-Id-Version: policycoreutils.HEAD.de\n"
@@ -46402,8 +46402,8 @@ diff --exclude-from=exclude -N -u -r nsa
-"Last-Translator: Daniela Kugelmann <dkugelma at redhat.com >\n"
-"Language-Team: German <i18 at redhat.com>\n"
+"POT-Creation-Date: 2008-09-09 13:24-0400\n"
-+"PO-Revision-Date: 2009-06-17 15:13+0100\n"
-+"Last-Translator: Fabian Affolter <fab at fedoraproject.org>\n"
++"PO-Revision-Date: 2009-07-11 10:02+0200\n"
++"Last-Translator: Michael Münch <micm at fedoraproject.org>\n"
+"Language-Team: German <fedora-trans-de at redhat.com>\n"
"MIME-Version: 1.0\n"
[...16868 lines suppressed...]
+msgid "Toggle between all and customized file context"
-+msgstr ""
-
--#~ msgid "FTP"
--#~ msgstr "FTP"
++msgstr "Toggle க்கும் திருத்தியமைக்கப்பட்ட அனைத்து மற்றும் கோப்பு உரைகளுக்கும் இடையே"
++
+#: ../gui/system-config-selinux.glade:2150
+msgid "label38"
+msgstr "label38"
--#~ msgid "Zebra"
--#~ msgstr "Zebra"
+-#~ msgid "Label Prefix"
+-#~ msgstr "முன்னொட்டு பெயர்"
+#: ../gui/system-config-selinux.glade:2187
+msgid "Add SELinux User Mapping"
+msgstr "SELinux பயனர் ஒப்பீட்டை சேர்த்தல்"
--#~ msgid "Disable SELinux protection for ftpd daemon"
--#~ msgstr "ftpd daemonக்கு SELinux பாதுகாப்பை செயல்நீக்கவும்"
+-#~ msgid "MLS/MCS Level"
+-#~ msgstr "MLS/MCS நிலை"
+#: ../gui/system-config-selinux.glade:2203
+msgid "Modify SELinux User Mapping"
+msgstr "SELinux பயனர் ஒப்பீட்டை மாற்றவும்"
@@ -249827,10 +251579,8 @@ diff --exclude-from=exclude -N -u -r nsa
+#: ../gui/system-config-selinux.glade:2816
+#: ../gui/system-config-selinux.glade:2834
+msgid "Toggle between Customized and All Ports"
-+msgstr ""
-
--#~ msgid "Disable SELinux protection for httpd daemon"
--#~ msgstr "httpd daemonக்கு SELinux பாதுகாப்பை செயல்நீக்கவும்"
++msgstr "Toggle க்கும் திருத்தியமைக்கப்பட்ட மற்றும் அனைத்து துறைகளுக்கும் இடையே"
++
+#: ../gui/system-config-selinux.glade:2954
+msgid "label42"
+msgstr "label42"
@@ -249846,41 +251596,27 @@ diff --exclude-from=exclude -N -u -r nsa
+#: ../gui/system-config-selinux.glade:3023
+msgid "Remove loadable policy module"
+msgstr "ஏற்றக்கூடிய கொள்கை தொகுதியை நீக்கவும்"
-
--#~ msgid "Disable SELinux protection for pppd daemon"
--#~ msgstr "pppd daemonக்கு SELinux பாதுகாப்பை செயல்நீக்கவும்"
++
+#: ../gui/system-config-selinux.glade:3059
-+msgid ""
-+"Enable/Disable additional audit rules, that are normally not reported in the "
-+"log files."
-+msgstr ""
-
--#~ msgid "Disable SELinux protection for the mozilla ppp daemon"
--#~ msgstr "mozilla ppp daemonக்கு SELinux பாதுகாப்பை செயல்நீக்கவும்"
++msgid "Enable/Disable additional audit rules, that are normally not reported in the log files."
++msgstr "கூடுதல் பரிசோதிக்கப்பட்ட விதிகளை செயல்படுத்து/செயல்நீக்கு, அடைவு கோப்புகளில் சாதாரணமாக குறிப்பிடவில்லை."
++
+#: ../gui/system-config-selinux.glade:3179
+msgid "label44"
+msgstr "label44"
-
--#~ msgid "Spam Assassin"
--#~ msgstr "Spam Assassin"
++
+#: ../gui/system-config-selinux.glade:3216
+msgid "Change process mode to permissive."
-+msgstr ""
-
--#~ msgid "Disable SELinux protection for zebra daemon"
--#~ msgstr "zebra daemonக்கு SELinux பாதுகாப்பை செயல்நீக்கவும்"
++msgstr "செயல் முறைமையை ஏற்கத்தக்கதாக மாற்றவும்."
++
+#: ../gui/system-config-selinux.glade:3234
+msgid "Change process mode to enforcing"
-+msgstr ""
-
--#~ msgid "Label Prefix"
--#~ msgstr "முன்னொட்டு பெயர்"
++msgstr "செயல் முறைமையை வலியுறுத்தி மாற்றவும்"
++
+#: ../gui/system-config-selinux.glade:3326
+msgid "Process Domain"
-+msgstr ""
-
--#~ msgid "MLS/MCS Level"
--#~ msgstr "MLS/MCS நிலை"
++msgstr "செயற்களத்தை செயல்படுத்துகிறது"
++
+#: ../gui/system-config-selinux.glade:3354
+msgid "label59"
+msgstr "label59"
@@ -249906,9 +251642,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr ""
-#~ "MLS/\n"
-#~ "MCS நிலை"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.67/po/te.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.73/po/te.po
--- nsapolicycoreutils/po/te.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/te.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/te.po 2009-09-08 09:38:59.000000000 -0400
@@ -1,21 +1,23 @@
-# translation of new_policycoreutils.HEAD.te.po to Telugu
+# translation of policycoreutils.HEAD.te.po to Telugu
@@ -254687,9 +256423,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "బలవంతపు\n"
-#~ "అనుమతిగల\n"
-#~ "అచేతనమైన\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.67/po/th.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.73/po/th.po
--- nsapolicycoreutils/po/th.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/th.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/th.po 2009-09-08 09:38:59.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -257734,9 +259470,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.67/po/tr.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.73/po/tr.po
--- nsapolicycoreutils/po/tr.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/tr.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/tr.po 2009-09-08 09:38:59.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -260781,9 +262517,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.67/po/uk.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.73/po/uk.po
--- nsapolicycoreutils/po/uk.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/uk.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/uk.po 2009-09-08 09:38:59.000000000 -0400
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -263918,9 +265654,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Потрібно вказати значення"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.67/po/ur.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.73/po/ur.po
--- nsapolicycoreutils/po/ur.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/ur.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/ur.po 2009-09-08 09:38:59.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -266965,9 +268701,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.67/po/vi.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.73/po/vi.po
--- nsapolicycoreutils/po/vi.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/vi.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/vi.po 2009-09-08 09:38:59.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -270012,9 +271748,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.67/po/zh_CN.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.73/po/zh_CN.po
--- nsapolicycoreutils/po/zh_CN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/zh_CN.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/zh_CN.po 2009-09-08 09:38:59.000000000 -0400
@@ -3,13 +3,13 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER, 2006.
#
@@ -274633,9 +276369,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgid "SELinux user '%s' is required"
-#~ msgstr "SELinux 用户 '%s' 是必需的"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.67/po/zh_TW.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.73/po/zh_TW.po
--- nsapolicycoreutils/po/zh_TW.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/zh_TW.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/zh_TW.po 2009-09-08 09:38:59.000000000 -0400
@@ -1,19 +1,19 @@
-# translation of policycoreutils.HEAD.po to Traditional Chinese
+# translation of policycoreutils.HEAD.po to
@@ -279551,9 +281287,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr ""
-#~ "tcp\n"
-#~ "udp"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.67/po/zu.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.73/po/zu.po
--- nsapolicycoreutils/po/zu.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.67/po/zu.po 2009-07-07 16:48:11.000000000 -0400
++++ policycoreutils-2.0.73/po/zu.po 2009-09-08 09:38:59.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 14
load_policy/Makefile | 2
restorecond/Makefile | 24 -
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.c | 422 +++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 18
restorecond/restorecond_user.conf | 2
restorecond/user.c | 237 ++++++++++
restorecond/watch.c | 254 +++++++++++
sandbox/Makefile | 31 +
sandbox/sandbox | 200 ++++++++
sandbox/sandbox.8 | 26 +
sandbox/sandboxX.sh | 13
sandbox/seunshare.c | 203 ++++++++
scripts/Makefile | 2
scripts/chcat | 2
semanage/semanage | 33 +
semanage/seobject.py | 15
semodule/semodule.8 | 6
semodule/semodule.c | 51 +-
setfiles/Makefile | 4
setfiles/restore.c | 519 ++++++++++++++++++++++
setfiles/restore.h | 49 ++
setfiles/setfiles.c | 643 +++-------------------------
27 files changed, 1837 insertions(+), 950 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.437
retrieving revision 1.438
diff -u -p -r1.437 -r1.438
--- policycoreutils-rhat.patch 28 Aug 2009 18:18:46 -0000 1.437
+++ policycoreutils-rhat.patch 8 Sep 2009 14:15:59 -0000 1.438
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.73/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/audit2allow/audit2allow 2009-09-08 09:21:08.000000000 -0400
@@ -42,6 +42,8 @@
from optparse import OptionParser
@@ -38,18 +38,29 @@ diff --exclude-from=exclude --exclude=se
else:
# This is the default if no input is specified
f = sys.stdin
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/Makefile policycoreutils-2.0.73/load_policy/Makefile
+--- nsapolicycoreutils/load_policy/Makefile 2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.73/load_policy/Makefile 2009-09-08 10:08:07.000000000 -0400
+@@ -1,6 +1,6 @@
+ # Installation directories.
+ PREFIX ?= ${DESTDIR}/usr
+-SBINDIR ?= $(PREFIX)/sbin
++SBINDIR ?= $(DESTDIR)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.73/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/Makefile 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/Makefile 2009-09-08 09:21:08.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.73/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/Makefile 2009-09-08 09:21:08.000000000 -0400
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@@ -96,16 +107,16 @@ diff --exclude-from=exclude --exclude=se
relabel: install
/sbin/restorecon $(SBINDIR)/restorecond
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.73/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/org.selinux.Restorecond.service 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.73/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/restorecond.c 2009-09-08 09:21:08.000000000 -0400
@@ -48,294 +48,38 @@
#include <signal.h>
#include <string.h>
@@ -596,9 +607,9 @@ diff --exclude-from=exclude --exclude=se
}
+
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.73/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/restorecond.conf 2009-09-08 09:21:08.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@@ -609,9 +620,9 @@ diff --exclude-from=exclude --exclude=se
/root/.ssh/*
-
-
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.73/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/restorecond.desktop 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@@ -620,9 +631,9 @@ diff --exclude-from=exclude --exclude=se
+Encoding=UTF-8
+Type=Application
+StartupNotify=false
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.73/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/restorecond.h 2009-09-08 09:21:08.000000000 -0400
@@ -24,7 +24,21 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@@ -647,15 +658,15 @@ diff --exclude-from=exclude --exclude=se
+extern void watch_list_free(int fd);
#endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.73/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/restorecond_user.conf 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.73/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/user.c 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,237 @@
+/*
+ * restorecond
@@ -894,9 +905,9 @@ diff --exclude-from=exclude --exclude=se
+ return 0;
+}
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.73/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/restorecond/watch.c 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,254 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@@ -1152,9 +1163,9 @@ diff --exclude-from=exclude --exclude=se
+ exitApp("Error watching config file.");
+}
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.73/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/sandbox/Makefile 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,31 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -1187,10 +1198,10 @@ diff --exclude-from=exclude --exclude=se
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.73/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-28 14:07:24.000000000 -0400
-@@ -0,0 +1,202 @@
++++ policycoreutils-2.0.73/sandbox/sandbox 2009-09-08 09:21:08.000000000 -0400
+@@ -0,0 +1,200 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
+import selinux
@@ -1347,8 +1358,6 @@ diff --exclude-from=exclude --exclude=se
+ if not os.path.exists("/usr/sbin/seunshare"):
+ raise ValueError("""/usr/sbin/seunshare required for sandbox -X, to install you need to execute
+#yum install /usr/sbin/seunshare""")
-+ else:
-+ print "exists"
+ import warnings
+ warnings.simplefilter("ignore")
+ newhomedir = os.tempnam(".", ".sandbox%s")
@@ -1393,9 +1402,9 @@ diff --exclude-from=exclude --exclude=se
+
+ sys.exit(rc)
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.73/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/sandbox/sandbox.8 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,26 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
@@ -1423,9 +1432,9 @@ diff --exclude-from=exclude --exclude=se
+.TP
+runcon(1)
+.PP
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.73/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/sandbox/sandboxX.sh 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,13 @@
+#!/bin/bash
+(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
@@ -1440,9 +1449,9 @@ diff --exclude-from=exclude --exclude=se
+exit $EXITCODE
+break
+done
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.73/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/sandbox/seunshare.c 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,203 @@
+#include <signal.h>
+#include <sys/types.h>
@@ -1479,7 +1488,7 @@ diff --exclude-from=exclude --exclude=se
+ if (capng_lock() < 0)
+ return -1;
+ } else {
-+ if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_SETPCAP, -1) < 0) {
++ if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1) < 0) {
+ return -1;
+ }
+ }
@@ -1647,9 +1656,9 @@ diff --exclude-from=exclude --exclude=se
+
+ return status;
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.73/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
-+++ policycoreutils-2.0.71/scripts/chcat 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/scripts/chcat 2009-09-08 09:21:08.000000000 -0400
@@ -435,6 +435,8 @@
continue
except ValueError, e:
@@ -1659,9 +1668,9 @@ diff --exclude-from=exclude --exclude=se
sys.exit(errors)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.73/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/scripts/Makefile 2009-09-08 09:21:08.000000000 -0400
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@@ -1671,18 +1680,10 @@ diff --exclude-from=exclude --exclude=se
install: all
-mkdir -p $(BINDIR)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
---- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400
-+++ policycoreutils-2.0.71/semanage/semanage 2009-08-28 14:07:24.000000000 -0400
-@@ -68,6 +68,7 @@
- -h, --help Display this message
- -n, --noheading Do not print heading when listing OBJECTS
- -S, --store Select and alternate SELinux store to manage
-+ --dontaudit Turn on or off dontaudit rules
-
- Object-specific Options (see above):
-
-@@ -84,6 +85,7 @@
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.73/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage 2009-09-08 09:03:10.000000000 -0400
++++ policycoreutils-2.0.73/semanage/semanage 2009-09-08 09:21:08.000000000 -0400
+@@ -85,6 +85,7 @@
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
@@ -1690,7 +1691,7 @@ diff --exclude-from=exclude --exclude=se
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
-@@ -192,6 +194,9 @@
+@@ -194,6 +195,9 @@
locallist = False
use_file = False
store = ""
@@ -1700,7 +1701,7 @@ diff --exclude-from=exclude --exclude=se
object = argv[0]
option_dict=get_options()
-@@ -201,10 +206,12 @@
+@@ -203,10 +207,12 @@
args = argv[1:]
gopts, cmds = getopt.getopt(args,
@@ -1714,7 +1715,7 @@ diff --exclude-from=exclude --exclude=se
'ftype=',
'file',
'help',
-@@ -248,9 +255,15 @@
+@@ -250,9 +256,15 @@
if o == "-f" or o == "--ftype":
ftype=a
@@ -1730,7 +1731,7 @@ diff --exclude-from=exclude --exclude=se
if o == "-h" or o == "--help":
raise ValueError(_("%s bad option") % o)
-@@ -324,6 +337,9 @@
+@@ -326,6 +338,9 @@
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
@@ -1740,7 +1741,7 @@ diff --exclude-from=exclude --exclude=se
if object == "translation":
OBJECT = seobject.setransRecords()
-@@ -362,11 +378,17 @@
+@@ -370,11 +385,17 @@
if object == "interface":
OBJECT.add(target, serange, setype)
@@ -1759,7 +1760,7 @@ diff --exclude-from=exclude --exclude=se
if object == "permissive":
OBJECT.add(target)
-@@ -386,6 +408,9 @@
+@@ -394,6 +415,9 @@
rlist = roles.split()
OBJECT.modify(target, rlist, selevel, serange, prefix)
@@ -1769,7 +1770,7 @@ diff --exclude-from=exclude --exclude=se
if object == "port":
OBJECT.modify(target, proto, serange, setype)
-@@ -396,7 +421,10 @@
+@@ -404,7 +428,10 @@
OBJECT.modify(target, mask, proto, serange, setype)
if object == "fcontext":
@@ -1781,92 +1782,10 @@ diff --exclude-from=exclude --exclude=se
return
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
---- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400
-+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-28 14:07:24.000000000 -0400
-@@ -1,5 +1,5 @@
- #! /usr/bin/python -E
--# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
-+# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
- # see file 'COPYING' for use and warranty information
- #
- # semanage is a tool for managing SELinux configuration files
-@@ -21,7 +21,7 @@
- #
- #
-
--import pwd, grp, string, selinux, tempfile, os, re, sys
-+import pwd, grp, string, selinux, tempfile, os, re, sys, stat
- from semanage import *;
- PROGNAME="policycoreutils"
- import sepolgen.module as module
-@@ -273,6 +273,7 @@
- (fd, newfilename) = tempfile.mkstemp('', self.filename)
- os.write(fd, self.out())
- os.close(fd)
-+ os.chmod(newfilename, os.stat(self.filename)[stat.ST_MODE])
- os.rename(newfilename, self.filename)
- os.system("/sbin/service mcstrans reload > /dev/null")
-
-@@ -983,7 +984,7 @@
- proto_str = semanage_port_get_proto_str(proto)
- low = semanage_port_get_low(port)
- high = semanage_port_get_high(port)
-- ddict[(low, high)] = (ctype, proto_str, level)
-+ ddict[(low, high, proto_str)] = (ctype, level)
- return ddict
-
- def get_all_by_type(self, locallist = 0):
-@@ -1408,6 +1409,48 @@
- class fcontextRecords(semanageRecords):
- def __init__(self, store = ""):
- semanageRecords.__init__(self, store)
-+ self.equiv = {}
-+ self.equal_ind = False
-+ try:
-+ fd = open(selinux.selinux_file_context_subs_path(), "r")
-+ for i in fd.readlines():
-+ src, dst = i.split()
-+ self.equiv[src] = dst
-+ fd.close()
-+ except IOError:
-+ pass
-+
-+ def commit(self):
-+ if self.equal_ind:
-+ subs_file = selinux.selinux_file_context_subs_path()
-+ tmpfile = "%s.tmp" % subs_file
-+ fd = open(tmpfile, "w")
-+ for src in self.equiv.keys():
-+ fd.write("%s %s\n" % (src, self.equiv[src]))
-+ fd.close()
-+ try:
-+ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
-+ except:
-+ pass
-+ os.rename(tmpfile,subs_file)
-+ self.equal_ind = False
-+ semanageRecords.commit(self)
-+
-+ def add_equal(self, src, dst):
-+ self.begin()
-+ if src in self.equiv.keys():
-+ raise ValueError(_("Equivalence class for %s already exists") % src)
-+ self.equiv[src] = dst
-+ self.equal_ind = True
-+ self.commit()
-+
-+ def modify_equal(self, src, dst):
-+ self.begin()
-+ if src not in self.equiv.keys():
-+ raise ValueError(_("Equivalence class for %s does not exists") % src)
-+ self.equiv[src] = dst
-+ self.equal_ind = True
-+ self.commit()
-
- def createcon(self, target, seuser = "system_u"):
- (rc, con) = semanage_context_create(self.sh)
-@@ -1574,9 +1617,16 @@
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.73/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py 2009-09-08 09:03:10.000000000 -0400
++++ policycoreutils-2.0.73/semanage/seobject.py 2009-09-08 09:21:08.000000000 -0400
+@@ -1586,18 +1586,25 @@
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -1883,7 +1802,18 @@ diff --exclude-from=exclude --exclude=se
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1632,11 +1682,11 @@
+
+- (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
++ (rc,exists) = semanage_fcontext_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
+ if not exists:
+- (rc, exists) = semanage_fcontext_exists(self.sh, k)
++ (rc,exists) = semanage_fcontext_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if file context for %s is defined") % target)
+ if exists:
+@@ -1644,11 +1651,11 @@
return ddict
def list(self, heading = 1, locallist = 0 ):
@@ -1897,22 +1827,9 @@ diff --exclude-from=exclude --exclude=se
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1645,6 +1695,12 @@
- print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
- else:
- print "%-50s %-18s <<None>>" % (k[0], k[1])
-+ if len(self.equiv.keys()) > 0:
-+ if heading:
-+ print _("\nSELinux fcontext Equivalence \n")
-+
-+ for src in self.equiv.keys():
-+ print "%s == %s" % (src, self.equiv[src])
-
- class booleanRecords(semanageRecords):
- def __init__(self, store = ""):
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.71/semodule/semodule.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.73/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/semodule/semodule.8 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/semodule/semodule.8 2009-09-08 09:21:08.000000000 -0400
@@ -35,6 +35,12 @@
.B \-b,\-\-base=MODULE_PKG
install/replace base module package
@@ -1926,92 +1843,9 @@ diff --exclude-from=exclude --exclude=se
.B \-r,\-\-remove=MODULE_NAME
remove existing module
.TP
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8.enable policycoreutils-2.0.71/semodule/semodule.8.enable
---- nsapolicycoreutils/semodule/semodule.8.enable 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/semodule/semodule.8.enable 2009-08-12 12:08:15.000000000 -0400
-@@ -0,0 +1,79 @@
-+.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
-+.SH NAME
-+semodule \- Manage SELinux policy modules.
-+
-+.SH SYNOPSIS
-+.B semodule [options]... MODE [MODES]...
-+.br
-+.SH DESCRIPTION
-+.PP
-+semodule is the tool used to manage SELinux policy modules,
-+including installing, upgrading, listing and removing modules.
-+semodule may also be used to force a rebuild of policy from the
-+module store and/or to force a reload of policy without performing
-+any other transaction. semodule acts on module packages created
-+by semodule_package. Conventionally, these files have a .pp suffix
-+(policy package), although this is not mandated in any way.
-+
-+.SH "OPTIONS"
-+.TP
-+.B \-R, \-\-reload
-+force a reload of policy
-+.TP
-+.B \-B, \-\-build
-+force a rebuild of policy (also reloads unless -n is used)
-+.TP
-+.B \-D, \-\-disable_dontaudit
-+Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt
-+.TP
-+.B \-i,\-\-install=MODULE_PKG
-+install/replace a module package
-+.TP
-+.B \-u,\-\-upgrade=MODULE_PKG
-+upgrade an existing module package
-+.TP
-+.B \-b,\-\-base=MODULE_PKG
-+install/replace base module package
-+.TP
-+.B \-r,\-\-remove=MODULE_NAME
-+remove existing module
-+.TP
-+.B \-l,\-\-list-modules
-+display list of installed modules (other than base)
-+.TP
-+.B \-s,\-\-store
-+name of the store to operate on
-+.TP
-+.B \-n,\-\-noreload
-+do not reload policy after commit
-+.TP
-+.B \-h,\-\-help
-+prints help message and quit
-+.TP
-+.B \-v,\-\-verbose
-+be verbose
-+
-+.SH EXAMPLE
-+.nf
-+# Install or replace a base policy package.
-+$ semodule -b base.pp
-+# Install or replace a non-base policy package.
-+$ semodule -i httpd.pp
-+# List non-base modules.
-+$ semodule -l
-+# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
-+$ semodule -DB
-+# Turn "dontaudit" rules back on.
-+$ semodule -B
-+# Install or replace all non-base modules in the current directory.
-+$ semodule -i *.pp
-+# Install or replace all modules in the current directory.
-+$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
-+.fi
-+
-+.SH SEE ALSO
-+.B checkmodule(8), semodule_package(8)
-+.SH AUTHORS
-+.nf
-+This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-+The program was written by Karl MacMillan <kmacmillan at tresys.com>, Joshua Brindle <jbrindle at tresys.com>, Jason Tang <jtang at tresys.com>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.71/semodule/semodule.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.73/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2009-07-07 15:32:32.000000000 -0400
-+++ policycoreutils-2.0.71/semodule/semodule.c 2009-08-28 14:08:55.000000000 -0400
++++ policycoreutils-2.0.73/semodule/semodule.c 2009-09-08 09:21:08.000000000 -0400
@@ -22,12 +22,12 @@
#include <semanage/modules.h>
@@ -2126,467 +1960,9 @@ diff --exclude-from=exclude --exclude=se
semanage_module_info_datum_destroy
(m);
}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c.enable policycoreutils-2.0.71/semodule/semodule.c.enable
---- nsapolicycoreutils/semodule/semodule.c.enable 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/semodule/semodule.c.enable 2009-08-12 12:08:15.000000000 -0400
-@@ -0,0 +1,454 @@
-+/* Authors: Karl MacMillan <kmacmillan at tresys.com>
-+ * Joshua Brindle <jbrindle at tresys.com>
-+ * Jason Tang <jtang at tresys.com>
-+ *
-+ * Copyright (C) 2004-2005 Tresys Technology, LLC
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU General Public License as
-+ * published by the Free Software Foundation, version 2.
-+ */
-+
-+#include <fcntl.h>
-+#include <getopt.h>
-+#include <signal.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/mman.h>
-+#include <sys/stat.h>
-+#include <sys/types.h>
-+
-+#include <semanage/modules.h>
-+
-+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
-+ LIST_M, RELOAD
-+};
-+/* list of modes in which one ought to commit afterwards */
-+static const int do_commit[] = {
-+ 0, 1, 1, 1, 1,
-+ 0, 0
-+};
-+
-+struct command {
-+ enum client_modes mode;
-+ char *arg;
-+};
-+static struct command *commands = NULL;
-+static int num_commands = 0;
-+
-+/* options given on command line */
-+static int verbose;
-+static int reload;
-+static int no_reload;
-+static int create_store;
-+static int build;
-+static int disable_dontaudit;
-+
-+static semanage_handle_t *sh = NULL;
-+static char *store;
-+
-+extern char *optarg;
-+extern int optind;
-+
-+static void cleanup(void)
-+{
-+ while (--num_commands >= 0) {
-+ free(commands[num_commands].arg);
-+ }
-+ free(commands);
-+}
-+
-+/* Signal handlers. */
-+static void handle_signal(int sig_num)
-+{
-+ if (sig_num == SIGINT || sig_num == SIGQUIT || sig_num == SIGTERM) {
-+ /* catch these signals, and then drop them */
-+ }
-+}
-+
-+static void set_store(char *storename)
-+{
-+ /* For now this only supports a store name, later on this
-+ * should support an address for a remote connection */
-+
-+ if ((store = strdup(storename)) == NULL) {
-+ fprintf(stderr, "Out of memory!\n");
-+ goto bad;
-+ }
-+
-+ return;
-+
-+ bad:
-+ cleanup();
-+ exit(1);
-+}
-+
-+/* Establish signal handlers for the process. */
-+static void create_signal_handlers(void)
-+{
-+ if (signal(SIGINT, handle_signal) == SIG_ERR ||
-+ signal(SIGQUIT, handle_signal) == SIG_ERR ||
-+ signal(SIGTERM, handle_signal) == SIG_ERR) {
-+ fprintf(stderr, "Could not set up signal handler.\n");
-+ exit(255);
-+ }
-+}
-+
-+static void usage(char *progname)
-+{
-+ printf("usage: %s [options]... MODE [MODES]...\n", progname);
-+ printf("Manage SELinux policy modules.\n");
-+ printf("MODES:\n");
-+ printf(" -R, --reload reload policy\n");
-+ printf(" -B, --build build and reload policy\n");
-+ printf(" -i,--install=MODULE_PKG install a new module\n");
-+ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
-+ printf(" -b,--base=MODULE_PKG install new base module\n");
-+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
-+ printf
-+ (" -l,--list-modules display list of installed modules\n");
-+ printf("Other options:\n");
-+ printf(" -s,--store name of the store to operate on\n");
-+ printf(" -n,--noreload do not reload policy after commit\n");
-+ printf(" -h,--help print this message and quit\n");
-+ printf(" -v,--verbose be verbose\n");
-+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
-+}
-+
-+/* Sets the global mode variable to new_mode, but only if no other
-+ * mode has been given. */
-+static void set_mode(enum client_modes new_mode, char *arg)
-+{
-+ struct command *c;
-+ char *s;
-+ if ((c = realloc(commands, sizeof(*c) * (num_commands + 1))) == NULL) {
-+ fprintf(stderr, "Out of memory!\n");
-+ cleanup();
-+ exit(1);
-+ }
-+ commands = c;
-+ commands[num_commands].mode = new_mode;
-+ commands[num_commands].arg = NULL;
-+ num_commands++;
-+ if (arg != NULL) {
-+ if ((s = strdup(arg)) == NULL) {
-+ fprintf(stderr, "Out of memory!\n");
-+ cleanup();
-+ exit(1);
-+ }
-+ commands[num_commands - 1].arg = s;
-+ }
-+}
-+
-+/* Parse command line and set global options. */
-+static void parse_command_line(int argc, char **argv)
-+{
-+ static struct option opts[] = {
-+ {"store", required_argument, NULL, 's'},
-+ {"base", required_argument, NULL, 'b'},
-+ {"help", 0, NULL, 'h'},
-+ {"install", required_argument, NULL, 'i'},
-+ {"list-modules", 0, NULL, 'l'},
-+ {"verbose", 0, NULL, 'v'},
-+ {"remove", required_argument, NULL, 'r'},
-+ {"upgrade", required_argument, NULL, 'u'},
-+ {"reload", 0, NULL, 'R'},
-+ {"noreload", 0, NULL, 'n'},
-+ {"build", 0, NULL, 'B'},
-+ {"disable_dontaudit", 0, NULL, 'D'},
-+ {NULL, 0, NULL, 0}
-+ };
-+ int i;
-+ verbose = 0;
-+ reload = 0;
-+ no_reload = 0;
-+ create_store = 0;
-+ while ((i =
-+ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
-+ NULL)) != -1) {
-+ switch (i) {
-+ case 'b':
-+ set_mode(BASE_M, optarg);
-+ create_store = 1;
-+ break;
-+ case 'h':
-+ usage(argv[0]);
-+ exit(0);
-+ case 'i':
-+ set_mode(INSTALL_M, optarg);
-+ break;
-+ case 'l':
-+ set_mode(LIST_M, NULL);
-+ break;
-+ case 'v':
-+ verbose = 1;
-+ break;
-+ case 'r':
-+ set_mode(REMOVE_M, optarg);
-+ break;
-+ case 'u':
-+ set_mode(UPGRADE_M, optarg);
-+ break;
-+ case 's':
-+ set_store(optarg);
-+ break;
-+ case 'R':
-+ reload = 1;
-+ break;
-+ case 'n':
-+ no_reload = 1;
-+ break;
-+ case 'B':
-+ build = 1;
-+ break;
-+ case 'D':
-+ disable_dontaudit = 1;
-+ break;
-+ case '?':
-+ default:{
-+ usage(argv[0]);
-+ exit(1);
-+ }
-+ }
-+ }
-+ if ((build || reload) && num_commands) {
-+ fprintf(stderr,
-+ "build or reload should not be used with other commands\n");
-+ usage(argv[0]);
-+ exit(1);
-+ }
-+ if (num_commands == 0 && reload == 0 && build == 0) {
-+ fprintf(stderr, "At least one mode must be specified.\n");
-+ usage(argv[0]);
-+ exit(1);
-+ }
-+
-+ if (optind < argc) {
-+ int mode;
-+ /* if -i/u/r was the last command treat any remaining
-+ * arguments as args. Will allow 'semodule -i *.pp' to
-+ * work as expected.
-+ */
-+
-+ if (commands && commands[num_commands - 1].mode == INSTALL_M) {
-+ mode = INSTALL_M;
-+ } else if (commands && commands[num_commands - 1].mode == UPGRADE_M) {
-+ mode = UPGRADE_M;
-+ } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
-+ mode = REMOVE_M;
-+ } else {
-+ fprintf(stderr, "unknown additional arguments:\n");
-+ while (optind < argc)
-+ fprintf(stderr, " %s", argv[optind++]);
-+ fprintf(stderr, "\n\n");
-+ usage(argv[0]);
-+ exit(1);
-+ }
-+ while (optind < argc)
-+ set_mode(mode, argv[optind++]);
-+ }
-+}
-+
-+int main(int argc, char *argv[])
-+{
-+ int i, commit = 0;
-+ int result;
-+ int status = EXIT_FAILURE;
-+
-+ create_signal_handlers();
-+ parse_command_line(argc, argv);
-+
-+ if (build)
-+ commit = 1;
-+
-+ sh = semanage_handle_create();
-+ if (!sh) {
-+ fprintf(stderr, "%s: Could not create semanage handle\n",
-+ argv[0]);
-+ goto cleanup_nohandle;
-+ }
-+
-+ if (store) {
-+ /* Set the store we want to connect to, before connecting.
-+ * this will always set a direct connection now, an additional
-+ * option will need to be used later to specify a policy server
-+ * location */
-+ semanage_select_store(sh, store, SEMANAGE_CON_DIRECT);
-+ }
-+
-+ /* if installing base module create store if necessary, for bootstrapping */
-+ semanage_set_create_store(sh, create_store);
-+
-+ if (!create_store) {
-+ if (!semanage_is_managed(sh)) {
-+ fprintf(stderr,
-+ "%s: SELinux policy is not managed or store cannot be accessed.\n",
-+ argv[0]);
-+ goto cleanup;
-+ }
-+
-+ if (semanage_access_check(sh) < SEMANAGE_CAN_READ) {
-+ fprintf(stderr, "%s: Cannot read policy store.\n",
-+ argv[0]);
-+ goto cleanup;
-+ }
-+ }
-+
-+ if ((result = semanage_connect(sh)) < 0) {
-+ fprintf(stderr, "%s: Could not connect to policy handler\n",
-+ argv[0]);
-+ goto cleanup;
-+ }
-+
-+ if (reload) {
-+ if ((result = semanage_reload_policy(sh)) < 0) {
-+ fprintf(stderr, "%s: Could not reload policy\n",
-+ argv[0]);
-+ goto cleanup;
-+ }
-+ }
-+
-+ if (build) {
-+ if ((result = semanage_begin_transaction(sh)) < 0) {
-+ fprintf(stderr, "%s: Could not begin transaction: %s\n",
-+ argv[0], errno ? strerror(errno) : "");
-+ goto cleanup;
-+ }
-+ }
-+
-+ for (i = 0; i < num_commands; i++) {
-+ enum client_modes mode = commands[i].mode;
-+ char *mode_arg = commands[i].arg;
-+ switch (mode) {
-+ case INSTALL_M:{
-+ if (verbose) {
-+ printf
-+ ("Attempting to install module '%s':\n",
-+ mode_arg);
-+ }
-+ result =
-+ semanage_module_install_file(sh, mode_arg);
-+ break;
-+ }
-+ case UPGRADE_M:{
-+ if (verbose) {
-+ printf
-+ ("Attempting to upgrade module '%s':\n",
-+ mode_arg);
-+ }
-+ result =
-+ semanage_module_upgrade_file(sh, mode_arg);
-+ break;
-+ }
-+ case BASE_M:{
-+ if (verbose) {
-+ printf
-+ ("Attempting to install base module '%s':\n",
-+ mode_arg);
-+ }
-+ result =
-+ semanage_module_install_base_file(sh, mode_arg);
-+ break;
-+ }
-+ case REMOVE_M:{
-+ if (verbose) {
-+ printf
-+ ("Attempting to remove module '%s':\n",
-+ mode_arg);
-+ }
-+ result = semanage_module_remove(sh, mode_arg);
-+ if ( result == -2 ) {
-+ continue;
-+ }
-+ break;
-+ }
-+ case LIST_M:{
-+ semanage_module_info_t *modinfo;
-+ int num_modules;
-+ if (verbose) {
-+ printf
-+ ("Attempting to list active modules:\n");
-+ }
-+ if ((result =
-+ semanage_module_list(sh, &modinfo,
-+ &num_modules)) >= 0) {
-+ int j;
-+ if (num_modules == 0) {
-+ printf("No modules.\n");
-+ }
-+ for (j = 0; j < num_modules; j++) {
-+ semanage_module_info_t *m =
-+ semanage_module_list_nth
-+ (modinfo, j);
-+ printf("%s\t%s\n",
-+ semanage_module_get_name
-+ (m),
-+ semanage_module_get_version
-+ (m));
-+ semanage_module_info_datum_destroy
-+ (m);
-+ }
-+ free(modinfo);
-+ }
-+ break;
-+ }
-+ default:{
-+ fprintf(stderr,
-+ "%s: Unknown mode specified.\n",
-+ argv[0]);
-+ usage(argv[0]);
-+ goto cleanup;
-+ }
-+ }
-+ commit += do_commit[mode];
-+ if (result < 0) {
-+ fprintf(stderr, "%s: Failed on %s!\n", argv[0],
-+ mode_arg ? : "list");
-+ goto cleanup;
-+ } else if (verbose) {
-+ printf("Ok: return value of %d.\n", result);
-+ }
-+ }
-+
-+ if (commit) {
-+ if (verbose)
-+ printf("Committing changes:\n");
-+ if (no_reload)
-+ semanage_set_reload(sh, 0);
-+ if (build)
-+ semanage_set_rebuild(sh, 1);
-+ if (disable_dontaudit)
-+ semanage_set_disable_dontaudit(sh, 1);
-+ else if (build)
-+ semanage_set_disable_dontaudit(sh, 0);
-+
-+ result = semanage_commit(sh);
-+ }
-+
-+ if (result < 0) {
-+ fprintf(stderr, "%s: Failed!\n", argv[0]);
-+ goto cleanup;
-+ } else if (commit && verbose) {
-+ printf("Ok: transaction number %d.\n", result);
-+ }
-+
-+ if (semanage_disconnect(sh) < 0) {
-+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
-+ goto cleanup;
-+ }
-+ status = EXIT_SUCCESS;
-+
-+ cleanup:
-+ if (semanage_is_connected(sh)) {
-+ if (semanage_disconnect(sh) < 0) {
-+ fprintf(stderr, "%s: Error disconnecting\n", argv[0]);
-+ }
-+ }
-+ semanage_handle_destroy(sh);
-+
-+ cleanup_nohandle:
-+ cleanup();
-+ exit(status);
-+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.73/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
-+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/setfiles/Makefile 2009-09-08 09:21:08.000000000 -0400
@@ -5,7 +5,7 @@
LIBDIR ?= $(PREFIX)/lib
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
@@ -2605,9 +1981,9 @@ diff --exclude-from=exclude --exclude=se
restorecon: setfiles
ln -sf setfiles restorecon
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.73/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/setfiles/restore.c 2009-09-08 09:27:33.000000000 -0400
@@ -0,0 +1,519 @@
+#include "restore.h"
+
@@ -2864,7 +2240,7 @@ diff --exclude-from=exclude --exclude=se
+ return rc;
+}
+
-+int process_one(char *name, int recurse)
++int process_one(char *name, int recurse_this_path)
+{
+ int rc = 0;
+ const char *namelist[2] = {name, NULL};
@@ -2913,7 +2289,7 @@ diff --exclude-from=exclude --exclude=se
+ fts_set(fts_handle, ftsent, FTS_SKIP);
+ if (rc == ERR)
+ goto err;
-+ if (!recurse)
++ if (!recurse_this_path)
+ break;
+ } while ((ftsent = fts_read(fts_handle)) != NULL);
+
@@ -3128,9 +2504,9 @@ diff --exclude-from=exclude --exclude=se
+
+
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.73/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-28 14:07:24.000000000 -0400
++++ policycoreutils-2.0.73/setfiles/restore.h 2009-09-08 09:21:08.000000000 -0400
@@ -0,0 +1,49 @@
+#ifndef RESTORE_H
+#define RESTORE_H
@@ -3181,9 +2557,9 @@ diff --exclude-from=exclude --exclude=se
+int process_one(char *name, int recurse);
+
+#endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
---- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
-+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-28 14:07:24.000000000 -0400
+diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.73/setfiles/setfiles.c
+--- nsapolicycoreutils/setfiles/setfiles.c 2009-09-08 09:03:10.000000000 -0400
++++ policycoreutils-2.0.73/setfiles/setfiles.c 2009-09-08 09:49:37.000000000 -0400
@@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
@@ -3212,7 +2588,7 @@ diff --exclude-from=exclude --exclude=se
#include <libgen.h>
#ifdef USE_AUDIT
#include <libaudit.h>
-@@ -32,287 +18,28 @@
+@@ -32,40 +18,22 @@
static int mass_relabel;
static int mass_relabel_errs;
@@ -3223,7 +2599,7 @@ diff --exclude-from=exclude --exclude=se
-#define STAT_BLOCK_SIZE 1
-static int progress = 0;
-static unsigned long long count = 0;
-
+-
-#define MAX_EXCLUDES 1000
-static int excludeCtr = 0;
-struct edir {
@@ -3231,11 +2607,11 @@ diff --exclude-from=exclude --exclude=se
- size_t size;
-};
-static struct edir excludeArray[MAX_EXCLUDES];
-+/* cmdline opts*/
--/*
-- * Command-line options.
-- */
+ /*
+ * Command-line options.
+ */
++
static char *policyfile = NULL;
-static int debug = 0;
-static int change = 1;
@@ -3247,7 +2623,7 @@ diff --exclude-from=exclude --exclude=se
static int null_terminated = 0;
-static char *rootpath = NULL;
-static int rootpathlen = 0;
--static int recurse; /* Recursive descent. */
+ static int recurse; /* Recursive descent. */
static int errors;
+static int ignore_enoent;
+static struct restore_opts r_opts;
@@ -3259,10 +2635,10 @@ diff --exclude-from=exclude --exclude=se
#define SETFILES "setfiles"
#define RESTORECON "restorecon"
- static int iamrestorecon;
+@@ -73,246 +41,9 @@
/* Behavior flags determined based on setfiles vs. restorecon */
--static int expand_realpath; /* Expand paths via realpath. */
+ static int expand_realpath; /* Expand paths via realpath. */
-static int abort_on_error; /* Abort the file tree walk upon an error. */
-static int add_assoc; /* Track inode associations for conflict detection. */
-static int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
@@ -3506,7 +2882,7 @@ diff --exclude-from=exclude --exclude=se
void usage(const char *const name)
{
if (iamrestorecon) {
-@@ -334,194 +61,30 @@
+@@ -334,194 +65,30 @@
void inc_err()
{
nerr++;
@@ -3635,7 +3011,7 @@ diff --exclude-from=exclude --exclude=se
-
- if (context)
- freecon(context);
--
+
- /*
- * Do not relabel the file if -n was used.
- */
@@ -3674,7 +3050,7 @@ diff --exclude-from=exclude --exclude=se
- progname, ftsent->fts_path);
- return SKIP;
- }
-
+-
- int rc = restore(ftsent);
- if (rc == ERR) {
- if (!abort_on_error)
@@ -3710,11 +3086,11 @@ diff --exclude-from=exclude --exclude=se
}
int canoncon(char **contextp)
-@@ -545,90 +108,7 @@
- return rc;
+@@ -585,77 +152,6 @@
+ return 0;
}
--static int process_one(char *name)
+-static int process_one(char *name, int recurse_this_path)
-{
- int rc = 0;
- const char *namelist[2];
@@ -3722,18 +3098,6 @@ diff --exclude-from=exclude --exclude=se
- FTS *fts_handle;
- FTSENT *ftsent;
-
-- if (expand_realpath) {
-- char *p;
-- p = realpath(name, NULL);
-- if (!p) {
-- fprintf(stderr, "realpath(%s) failed %s\n", name,
-- strerror(errno));
-- return -1;
-- }
-- name = p;
-- }
--
--
- if (!strcmp(name, "/"))
- mass_relabel = 1;
-
@@ -3773,7 +3137,7 @@ diff --exclude-from=exclude --exclude=se
- fts_set(fts_handle, ftsent, FTS_SKIP);
- if (rc == ERR)
- goto err;
-- if (!recurse)
+- if (!recurse_this_path)
- break;
- } while ((ftsent = fts_read(fts_handle)) != NULL);
-
@@ -3788,24 +3152,30 @@ diff --exclude-from=exclude --exclude=se
- }
- if (fts_handle)
- fts_close(fts_handle);
-- if (expand_realpath)
-- free(name);
- return rc;
-
+-
-err:
- if (!strcmp(name, "/"))
- mass_relabel_errs = 1;
- rc = -1;
- goto out;
-}
+-
+ static int process_one_realpath(char *name)
+ {
+ int rc = 0;
+@@ -668,7 +164,7 @@
+ rc = lstat(name, &sb);
+ if (rc < 0) {
+ fprintf(stderr, "%s: lstat(%s) failed: %s\n",
+- progname, name, strerror(errno));
++ r_opts.progname, name, strerror(errno));
+ return -1;
+ }
- #ifndef USE_AUDIT
- static void maybe_audit_mass_relabel(void)
-@@ -729,27 +209,37 @@
- int use_input_file = 0;
+@@ -802,20 +298,30 @@
char *buf = NULL;
size_t buf_len;
-+ int recurse; /* Recursive descent. */
char *base;
- struct selinux_opt opts[] = {
- { SELABEL_OPT_VALIDATE, NULL },
@@ -3842,17 +3212,10 @@ diff --exclude-from=exclude --exclude=se
if (!strcmp(base, SETFILES)) {
/*
- * setfiles:
- * Recursive descent,
-- * Does not expand paths via realpath,
- * Aborts on errors during the file tree walk,
- * Try to track inode associations for conflict detection,
- * Does not follow mounts,
-@@ -757,29 +247,26 @@
- */
+@@ -830,28 +336,28 @@
iamrestorecon = 0;
recurse = 1;
-- expand_realpath = 0;
+ expand_realpath = 0;
- abort_on_error = 1;
- add_assoc = 1;
- fts_flags = FTS_PHYSICAL | FTS_XDEV;
@@ -3866,6 +3229,7 @@ diff --exclude-from=exclude --exclude=se
* No recursive descent unless -r/-R,
- * Expands paths via realpath,
* Do not abort on errors during the file tree walk,
++ * Expands paths via realpath,
* Do not try to track inode associations for conflict detection,
* Follows mounts,
* Does lazy validation of contexts upon use.
@@ -3875,7 +3239,7 @@ diff --exclude-from=exclude --exclude=se
printf("Executed with an unrecognized name (%s), defaulting to %s behavior.\n", base, RESTORECON);
iamrestorecon = 1;
recurse = 0;
-- expand_realpath = 1;
+ expand_realpath = 1;
- abort_on_error = 0;
- add_assoc = 0;
- fts_flags = FTS_PHYSICAL;
@@ -3885,19 +3249,7 @@ diff --exclude-from=exclude --exclude=se
ctx_validate = 0;
/* restorecon only: silent exit if no SELinux.
-@@ -828,11 +315,6 @@
- }
- case 'e':
- remove_exclude(optarg);
-- if (lstat(optarg, &sb) < 0 && errno != EACCES) {
-- fprintf(stderr, "Can't stat exclude path \"%s\", %s - ignoring.\n",
-- optarg, strerror(errno));
-- break;
-- }
- if (add_exclude(optarg))
- exit(1);
- break;
-@@ -841,37 +323,37 @@
+@@ -913,37 +419,37 @@
input_filename = optarg;
break;
case 'd':
@@ -3944,12 +3296,7 @@ diff --exclude-from=exclude --exclude=se
break;
case 'R':
case 'r':
-@@ -880,11 +362,11 @@
- break;
- }
- if (optind + 1 >= argc) {
-- fprintf(stderr, "usage: %s -r rootpath\n",
-+ fprintf(stderr, "usage: %s -r r_opts.rootpath\n",
+@@ -956,7 +462,7 @@
argv[0]);
exit(1);
}
@@ -3958,7 +3305,7 @@ diff --exclude-from=exclude --exclude=se
fprintf(stderr,
"%s: only one -r can be specified\n",
argv[0]);
-@@ -895,23 +377,23 @@
+@@ -967,23 +473,23 @@
case 's':
use_input_file = 1;
input_filename = "-";
@@ -3987,7 +3334,7 @@ diff --exclude-from=exclude --exclude=se
break;
case 'W':
warn_no_match = 1;
-@@ -959,18 +441,13 @@
+@@ -1031,18 +537,13 @@
}
/* Load the file contexts configuration and check it. */
@@ -4009,38 +3356,18 @@ diff --exclude-from=exclude --exclude=se
if (use_input_file) {
FILE *f = stdin;
ssize_t len;
-@@ -987,31 +464,49 @@
+@@ -1059,6 +560,9 @@
delim = (null_terminated != 0) ? '\0' : '\n';
while ((len = getdelim(&buf, &buf_len, delim, f)) > 0) {
buf[len - 1] = 0;
-- errors |= process_one(buf);
+ if (!strcmp(buf, "/"))
+ mass_relabel = 1;
+
-+ char *filename = realpath(buf, NULL);
-+ if (!filename) {
-+ fprintf(stderr, "realpath(%s) failed %s\n", buf,
-+ strerror(errno));
-+ return -1;
-+ }
-+ errors |= process_one(filename, recurse) < 0;
-+ free(filename);
+ errors |= process_one_realpath(buf);
}
if (strcmp(input_filename, "-") != 0)
- fclose(f);
- } else {
- for (i = optind; i < argc; i++) {
-- errors |= process_one(argv[i]);
-+ if (!strcmp(argv[i], "/"))
-+ mass_relabel = 1;
-+ char *filename = realpath(argv[i], NULL);
-+ if (!filename) {
-+ fprintf(stderr, "realpath(%s) failed %s\n", argv[i],
-+ strerror(errno));
-+ return -1;
-+ }
-+ errors |= process_one(filename, recurse) < 0;
-+ free(filename);
+@@ -1068,22 +572,21 @@
+ errors |= process_one_realpath(argv[i]);
}
}
-
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.637
retrieving revision 1.638
diff -u -p -r1.637 -r1.638
--- policycoreutils.spec 2 Sep 2009 15:09:25 -0000 1.637
+++ policycoreutils.spec 8 Sep 2009 14:16:00 -0000 1.638
@@ -5,8 +5,8 @@
%define sepolgenver 1.0.17
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.71
-Release: 15%{?dist}
+Version: 2.0.73
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -226,11 +226,11 @@ rm -rf %{buildroot}
/sbin/restorecon
/sbin/fixfiles
/sbin/setfiles
+/sbin/load_policy
%{_sbindir}/genhomedircon
%{_sbindir}/restorecond
%{_sbindir}/setsebool
%{_sbindir}/semodule
-%{_sbindir}/load_policy
%{_sbindir}/sestatus
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
@@ -295,6 +295,18 @@ fi
exit 0
%changelog
+* Tue Sep 8 2009 Dan Walsh <dwalsh at redhat.com> 2.0.73-1
+- Update to upstream
+ * Add semanage dontaudit to turn off dontaudits from Dan Walsh.
+ * Fix semanage to set correct mode for setrans file from Dan Walsh.
+ * Fix malformed dictionary in portRecord from Dan Walsh.
+ * Restore symlink handling support to restorecon based on a patch by
+ Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
+ udev scripts that was broken by policycoreutils 2.0.70.
+
+* Thu Sep 3 2009 Dan Walsh <dwalsh at redhat.com> 2.0.71-15
+- Add DAC_OVERRIED to seunshare
+
* Wed Sep 2 2009 Bill Nottingham <notting at redhat.com> 2.0.71-15
- Fix typo
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/sources,v
retrieving revision 1.209
retrieving revision 1.210
diff -u -p -r1.209 -r1.210
--- sources 18 Aug 2009 19:25:06 -0000 1.209
+++ sources 8 Sep 2009 14:16:00 -0000 1.210
@@ -1,3 +1,2 @@
-00fd9d86bd6a8066da710d6fda910b01 policycoreutils-2.0.71.tgz
-59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
480cc64a050735fa1163a87dc89c4f49 sepolgen-1.0.17.tgz
+08fa7fe2f943b7776ee767824318f615 policycoreutils-2.0.73.tgz
More information about the fedora-extras-commits
mailing list