policycoreutils/policycoreutils-rhat.patch

diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.7/restorecon/restorecon.c
--- nsapolicycoreutils/restorecon/restorecon.c	2005-01-25 10:32:01.000000000 -0500
+++ policycoreutils-1.21.7/restorecon/restorecon.c	2005-01-28 15:37:27.000000000 -0500
@@ -188,7 +188,7 @@
 	  fprintf(stderr,
 		  "%s:  error while labeling files under %s\n",
 		  progname, buf);
-	  exit(1);
+	  errors++;
 	}
       }
       else
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.7/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2005-01-26 11:30:57.000000000 -0500
+++ policycoreutils-1.21.7/scripts/fixfiles	2005-01-28 16:05:01.000000000 -0500
@@ -37,19 +37,11 @@
 SELINUXTYPE="targeted"
 if [ -e /etc/selinux/config ]; then
     . /etc/selinux/config
-    FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX`
-    cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null
+    FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts 
 else
     FC=/etc/security/selinux/file_contexts
 fi
 
-cleanup() {
-    if [ -e /etc/selinux/config -a -f "$FC" ]; then
-	rm -f $FC
-    fi
-}
-trap "cleanup" 0 1 2 3 13 15
-
 #
 # Log to either syslog or a LOGFILE
 #
@@ -60,7 +52,24 @@
     echo $1 >> $LOGFILE
 fi
 }
-
+#
+# Compare PREVious File Context to currently installed File Context and 
+# run restorecon on all files affected by the differences.
+#
+diff_filecontext() {
+if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
+	TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
+	test -z "$TEMPFILE" && exit
+	/usr/bin/diff $PREFC $FC | egrep '^[<>]'|cut -c3-| grep ^/ | \
+	grep -v -e ^/root -e ^/home -e ^/tmp -e ^/var/tmp | \
+        sed -e 's,\\.*,*,g' -e 's,(.*,*,g' -e 's,\[.*,*,g' -e 's,\..*,*,g' \
+            -e 's,[[:blank:]].*,,g' -e 's,\?.*,*,g' | sort -u | \
+        while read pattern ; do if ! echo "$pattern" | grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in *"*") echo "$pattern" |sed 's,\*$,,g'>> ${TEMPFILE};;  esac; fi; done | \
+	while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null | \
+	${RESTORECON} -R $2 -v -f - 
+	rm -f ${TEMPFILE}
+fi
+}
 #
 # Log all Read Only file systems 
 #
@@ -80,6 +89,10 @@
 # if called with -n will only check file context
 #
 restore () {
+if [ ! -z "$PREFC" ]; then
+    diff_filecontext $1
+    exit $?
+fi
 if [ ! -z "$RPMFILES" ]; then
     for i in `echo $RPMFILES | sed 's/,/ /g'`; do
 	rpmlist $i | ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE
@@ -128,7 +141,7 @@
 usage() {
       	echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
 	echo or
-      	echo $"Usage: $0 -R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] { check | restore }"
+      	echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
 }
 
 if [ $# = 0 ]; then
@@ -137,7 +150,7 @@
 fi
 
 # See how we were called.
-while getopts "Fo:R:l:" i; do
+while getopts "C:Fo:R:l:" i; do
     case "$i" in
 	F)
 	fullFlag=1
@@ -151,6 +164,9 @@
         l)
 		LOGFILE=$OPTARG
 		;;
+        C)
+		PREFC=$OPTARG
+		;;
 	*)
 	    usage
 	    exit 1
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`diff --exclude-from=exclude -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.21.7/restorecon/restorecon.c`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-1 - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 16:21:25 +00:00			`--- nsapolicycoreutils/restorecon/restorecon.c 2005-01-25 10:32:01.000000000 -0500`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`+++ policycoreutils-1.21.7/restorecon/restorecon.c 2005-01-28 15:37:27.000000000 -0500`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-1 - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 16:21:25 +00:00			`@@ -188,7 +188,7 @@`
			`fprintf(stderr,`
			`"%s: error while labeling files under %s\n",`
			`progname, buf);`
			`- exit(1);`
			`+ errors++;`
			`}`
			`}`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`else`
			`diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.7/scripts/fixfiles`
			`--- nsapolicycoreutils/scripts/fixfiles 2005-01-26 11:30:57.000000000 -0500`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`+++ policycoreutils-1.21.7/scripts/fixfiles 2005-01-28 16:05:01.000000000 -0500`
			`@@ -37,19 +37,11 @@`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`SELINUXTYPE="targeted"`
			`if [ -e /etc/selinux/config ]; then`
			`. /etc/selinux/config`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			- FC=`mktemp /etc/selinux/${SELINUXTYPE}/contexts/files/file_context.XXXXXX`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`- cat /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts.local > $FC 2> /dev/null`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`+ FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`else`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`FC=/etc/security/selinux/file_contexts`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`fi`

* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`-cleanup() {`
			`- if [ -e /etc/selinux/config -a -f "$FC" ]; then`
			`- rm -f $FC`
			`- fi`
			`-}`
			`-trap "cleanup" 0 1 2 3 13 15`
			`-`
			`#`
			`# Log to either syslog or a LOGFILE`
			`#`
			`@@ -60,7 +52,24 @@`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`echo $1 >> $LOGFILE`
			`fi`
			`}`
			`-`
			`+#`
			`+# Compare PREVious File Context to currently installed File Context and`
			`+# run restorecon on all files affected by the differences.`
			`+#`
			`+diff_filecontext() {`
			`+if [ -f ${PREFC} -a -x /usr/bin/diff ]; then`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			+ TEMPFILE=`mktemp ${FC}.XXXXXXXXXX`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`+ test -z "$TEMPFILE" && exit`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`+ /usr/bin/diff $PREFC $FC \| egrep '^[<>]'\|cut -c3-\| grep ^/ \| \`
			`+ grep -v -e ^/root -e ^/home -e ^/tmp -e ^/var/tmp \| \`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`+ sed -e 's,\\.,,g' -e 's,(.,,g' -e 's,\[.,,g' -e 's,\..,,g' \`
			`+ -e 's,[[:blank:]].,,g' -e 's,\?.,*,g' \| sort -u \| \`
			`+ while read pattern ; do if ! echo "$pattern" \| grep -q -f ${TEMPFILE} 2>/dev/null ; then echo "$pattern"; case "$pattern" in "") echo "$pattern" \|sed 's,\*$,,g'>> ${TEMPFILE};; esac; fi; done \| \`
			`+ while read pattern ; do find $pattern -maxdepth 0 -print; done 2> /dev/null \| \`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`+ ${RESTORECON} -R $2 -v -f -`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`+ rm -f ${TEMPFILE}`
			`+fi`
			`+}`
			`#`
			`# Log all Read Only file systems`
			`#`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`@@ -80,6 +89,10 @@`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`# if called with -n will only check file context`
			`#`
			`restore () {`
			`+if [ ! -z "$PREFC" ]; then`
			`+ diff_filecontext $1`
			`+ exit $?`
			`+fi`
			`if [ ! -z "$RPMFILES" ]; then`
			for i in `echo $RPMFILES \| sed 's/,/ /g'`; do
			`rpmlist $i \| ${RESTORECON} ${OUTFILES} -R $1 -v -f - 2>&1 >> $LOGFILE`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`@@ -128,7 +141,7 @@`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`usage() {`
			`echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check \| restore\|[-F] relabel } [[dir] ... ] "`
			`echo or`
			`- echo $"Usage: $0 -R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] { check \| restore }"`
			`+ echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check \| restore }"`
			`}`

			`if [ $# = 0 ]; then`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`@@ -137,7 +150,7 @@`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`fi`

			`# See how we were called.`
			`-while getopts "Fo:R:l:" i; do`
			`+while getopts "C:Fo:R:l:" i; do`
			`case "$i" in`
			`F)`
			`fullFlag=1`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 21:07:49 +00:00			`@@ -151,6 +164,9 @@`
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-2 - Fix fixfiles patch - Upgrade to latest from NSA * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting 2005-01-28 20:43:44 +00:00			`l)`
			`LOGFILE=$OPTARG`
			`;;`
			`+ C)`
			`+ PREFC=$OPTARG`
			`+ ;;`
			`*)`
			`usage`
			`exit 1`