diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-1.9.1/src/direct_api.c --- nsalibsemanage/src/direct_api.c 2006-11-16 17:14:02.000000000 -0500 +++ libsemanage-1.9.1/src/direct_api.c 2006-12-22 11:36:55.000000000 -0500 @@ -603,7 +603,8 @@ /* Create new policy object, then attach to policy databases * that work with a policydb */ - if (semanage_expand_sandbox(sh, base, &out) < 0) + retval = semanage_expand_sandbox(sh, base, &out); + if (retval < 0) goto cleanup; dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, @@ -615,13 +616,16 @@ /* ============= Apply changes, and verify =============== */ - if (semanage_base_merge_components(sh) < 0) + retval = semanage_base_merge_components(sh); + if (retval < 0) goto cleanup; - - if (semanage_write_policydb(sh, out) < 0) + + retval = semanage_write_policydb(sh, out); + if (retval < 0) goto cleanup; - - if (semanage_verify_kernel(sh) != 0) + + retval = semanage_verify_kernel(sh); + if (retval < 0) goto cleanup; } @@ -635,26 +639,30 @@ * merged into the main file_contexts. We won't check the * large file_contexts - checked at compile time */ if (sh->do_rebuild || modified || fcontexts_modified) { - if (semanage_fcontext_validate_local(sh, out) < 0) + retval = semanage_fcontext_validate_local(sh, out); + if (retval < 0) goto cleanup; } /* Validate local seusers against policy */ if (sh->do_rebuild || modified || seusers_modified) { - if (semanage_seuser_validate_local(sh, out) < 0) + retval = semanage_seuser_validate_local(sh, out); + if (retval < 0) goto cleanup; } /* Validate local ports for overlap */ if (sh->do_rebuild || ports_modified) { - if (semanage_port_validate_local(sh) < 0) + retval = semanage_port_validate_local(sh); + if (retval < 0) goto cleanup; } /* ================== Write non-policydb components ========= */ /* Commit changes to components */ - if (semanage_commit_components(sh) < 0) + retval = semanage_commit_components(sh); + if (retval < 0) goto cleanup; retval = semanage_install_sandbox(sh);