policycoreutils/policycoreutils-rhat.patch

diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.1/Makefile
--- nsapolicycoreutils/Makefile	2006-11-16 17:15:00.000000000 -0500
+++ policycoreutils-2.0.1/Makefile	2007-02-15 15:16:09.000000000 -0500
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
 
 all install relabel clean indent:
 	@for subdir in $(SUBDIRS); do \
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.1/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c	2006-11-16 17:14:28.000000000 -0500
+++ policycoreutils-2.0.1/restorecond/restorecond.c	2007-02-15 15:16:09.000000000 -0500
@@ -210,9 +210,10 @@
 			}
 
 			if (fsetfilecon(fd, scontext) < 0) {
-				syslog(LOG_ERR,
-				       "set context %s->%s failed:'%s'\n",
-				       filename, scontext, strerror(errno));
+				if (errno != EOPNOTSUPP) 
+					syslog(LOG_ERR,
+					       "set context %s->%s failed:'%s'\n",
+					       filename, scontext, strerror(errno));
 				if (retcontext >= 0)
 					free(prev_context);
 				free(scontext);
@@ -225,8 +226,9 @@
 		if (retcontext >= 0)
 			free(prev_context);
 	} else {
-		syslog(LOG_ERR, "get context on %s failed: '%s'\n",
-		       filename, strerror(errno));
+		if (errno != EOPNOTSUPP) 
+			syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+			       filename, strerror(errno));
 	}
 	free(scontext);
 	close(fd);
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.1/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf	2006-11-20 12:19:55.000000000 -0500
+++ policycoreutils-2.0.1/restorecond/restorecond.conf	2007-02-15 15:16:09.000000000 -0500
@@ -1,7 +1,9 @@
 /etc/resolv.conf
+/etc/localtime
 /etc/samba/secrets.tdb
 /etc/mtab
 /var/run/utmp
+/var/run/faillog
 /var/log/wtmp
 ~/public_html
 ~/.mozilla/plugins/libflashplayer.so
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.1/scripts/chcat
--- nsapolicycoreutils/scripts/chcat	2006-11-16 17:14:27.000000000 -0500
+++ policycoreutils-2.0.1/scripts/chcat	2007-02-15 15:16:09.000000000 -0500
@@ -25,11 +25,22 @@
 import commands, sys, os, pwd, string, getopt, selinux
 import seobject
 import gettext
+import codecs
+import locale
+sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace')
+sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
 
 try:
     gettext.install('policycoreutils')
-except:
-    pass
+except IOError:
+       import __builtin__
+       __builtin__.__dict__['_'] = unicode
+
+def errorExit(error):
+    sys.stderr.write("%s: " % sys.argv[0])
+    sys.stderr.write("%s\n" % error)
+    sys.stderr.flush()
+    sys.exit(1)
 
 def verify_users(users):
     for u in users:
@@ -62,12 +73,20 @@
         for i in newcat[1:]:
             if i not in cats:
                 cats.append(i)
+
         new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
-        
+        if new_serange[-1:] == ":":
+            new_serange = new_serange[:-1]
+            
         if add_ind:
-            logins.add(u, user[0], new_serange)
+            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
         else:
-            logins.modify(u, user[0], new_serange)
+            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+        rc = commands.getstatusoutput(cmd)
+        if rc[0] != 0:
+            print rc[1]
+            errors += 1
+
     return errors
         
 def chcat_add(orig, newcat, objects,login_ind):
@@ -133,11 +152,17 @@
                 cats.remove(i)
 
         new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ","))
+        if new_serange[-1:] == ":":
+            new_serange = new_serange[:-1]
         
         if add_ind:
-            logins.add(u, user[0], new_serange)
+            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
         else:
-            logins.modify(u, user[0], new_serange)
+            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+        rc = commands.getstatusoutput(cmd)
+        if rc[0] != 0:
+            print rc[1]
+            errors += 1
     return errors
         
 def chcat_remove(orig, newcat, objects, login_ind):
@@ -198,11 +223,17 @@
             user = seusers["__default__"]
         serange = user[1].split("-")
         new_serange = "%s-%s:%s" % (serange[0],newcat[0], string.join(newcat[1:], ","))
-        
+        if new_serange[-1:] == ":":
+            new_serange = new_serange[:-1]
+
         if add_ind:
-            logins.add(u, user[0], new_serange)
+            cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
         else:
-            logins.modify(u, user[0], new_serange)
+            cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
+        rc = commands.getstatusoutput(cmd)
+        if rc[0] != 0:
+            print rc[1]
+            errors += 1
     return errors
     
 def chcat_replace(newcat, objects, login_ind):
@@ -362,6 +393,10 @@
 
         if list_ind == 0 and len(cmds) < 1:
             usage()
+
+    except getopt.error, error:
+        errorExit(_("Options Error %s ") % error.msg)
+
     except ValueError, e:
         usage()
 
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat.8 policycoreutils-2.0.1/scripts/chcat.8
--- nsapolicycoreutils/scripts/chcat.8	2007-01-17 11:11:34.000000000 -0500
+++ policycoreutils-2.0.1/scripts/chcat.8	2007-02-15 15:16:09.000000000 -0500
@@ -3,30 +3,31 @@
 chcat \- change file SELinux security category
 .SH SYNOPSIS
 .B chcat
-\fICATEGORY FILE\fR...
+\fIcategory file\fR...
 .br
 .B chcat -l 
-\fICATEGORY USER\fR...
+\fIcategory user\fR...
 .br
 .B chcat
-\fI[[+|-]CATEGORY],...]  FILE\fR...
+\fI[[+|-]category...]  file\fR...
 .br
 .B chcat -l 
-\fI[[+|-]CATEGORY],...]  USER\fR...
+\fI[[+|-]category...]  user\fR...
 .br
 .B chcat
-[\fI-d\fR] \fIFILE\fR...
+[\fI-d\fR] \fIfile\fR...
 .br
 .B chcat -l 
-[\fI-d\fR] \fIUSER\fR...
+[\fI-d\fR] \fIuser\fR...
 .br
 .B chcat
-\fI-L\fR [-l] [ USER ... ] 
+\fI-L\fR [ -l ] [ user ... ] 
 .br
+.SH DESCRIPTION
 .PP
-Change/Remove the security CATEGORY for each FILE/USER.
+Change/Remove the security \fIcategory\fR for each \fIfile\fR or \fIuser\fR.
 .PP
-Use +/- to add/remove categories from a FILE/USER.
+Use +/- to add/remove categories from a \fIfile\fR or \fIuser\fR.
 .PP
 .B
 Note:
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.1/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8	2007-01-17 11:11:34.000000000 -0500
+++ policycoreutils-2.0.1/scripts/fixfiles.8	2007-02-15 15:16:09.000000000 -0500
@@ -54,7 +54,7 @@
 change any incorrect file context labels.
 .TP 
 .B relabel
-Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file.
+Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
 .TP 
 .B verify
 List out files with incorrect file context labels, but do not change them.
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.1/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2007-02-20 08:43:10.000000000 -0500
+++ policycoreutils-2.0.1/semanage/seobject.py	2007-02-15 15:16:09.000000000 -0500
@@ -139,7 +139,7 @@
 			translations = fd.readlines()
 			fd.close()
 		except IOError, e:
-			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename) )
+			raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename, e) )			
 			
 		self.ddict = {}
 		self.comments = []
@@ -209,7 +209,8 @@
 		os.write(fd, self.out())
 		os.close(fd)
 		os.rename(newfilename, self.filename)
-
+                os.system("/sbin/service mcstrans reload > /dev/null")
+                
 class semanageRecords:
 	def __init__(self):
 		self.sh = semanage_handle_create()
@@ -464,7 +465,8 @@
 				rc = semanage_user_set_mlslevel(self.sh, u, selevel)
 				if rc < 0:
 					raise ValueError(_("Could not set MLS level for %s") % name)
-
+                        if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0:
+                               raise ValueError(_("Invalid prefix %s") % prefix)
 			rc = semanage_user_set_prefix(self.sh, u, prefix)
 			if rc < 0:
 				raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@@ -530,7 +532,9 @@
 				semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
 
 			if prefix != "":
-				semanage_user_set_prefix(self.sh, u, prefix)
+                               if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
+                                      raise ValueError(_("Invalid prefix %s") % prefix)
+                               semanage_user_set_prefix(self.sh, u, prefix)
 
 			if len(roles) != 0:
                                for r in rlist:
diff --exclude-from=exclude --exclude=sepolgen-1.0.0 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.1/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c	2007-01-24 10:03:59.000000000 -0500
+++ policycoreutils-2.0.1/newrole/newrole.c	2007-02-15 15:16:09.000000000 -0500
@@ -636,11 +636,12 @@ static int relabel_tty(const char *ttyn,
 	}
 
 	/* Re-open TTY descriptor */
-	fd = open(ttyn, O_RDWR);
+	fd = open(ttyn, O_RDWR|O_NONBLOCK);
 	if (fd < 0) {
 		fprintf(stderr, _("Error!  Could not open %s.\n"), ttyn);
 		return fd;
 	}
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
 
 	if (fgetfilecon(fd, &tty_con) < 0) {
 		fprintf(stderr, _("%s!  Could not get current context "
@@ -1127,15 +1128,18 @@ int main(int argc, char *argv[])
 		fprintf(stderr, _("Could not close descriptors.\n"));
 		goto err_close_pam;
 	}
-	fd = open(ttyn, O_RDONLY);
+	fd = open(ttyn, O_RDONLY|O_NONBLOCK);
 	if (fd != 0)
 		goto err_close_pam;
-	fd = open(ttyn, O_RDWR);
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+	fd = open(ttyn, O_RDWR|O_NONBLOCK);
 	if (fd != 1)
 		goto err_close_pam;
-	fd = open(ttyn, O_RDWR);
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+	fd = open(ttyn, O_RDWR|O_NONBLOCK);
 	if (fd != 2)
 		goto err_close_pam;
+	fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
 
 	/*
 	 * Step 5:  Execute a new shell with the new context in `new_context'.