From 1041e3917e9392d22b4d7118a87f4be38b9ca5e4 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Mon, 9 Apr 2007 20:49:19 +0000
Subject: [PATCH] * Mon Apr 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-11 -
 Don't generate invalid context with genhomedircon

---
 policycoreutils-rhat.patch | 23 +++++++++++++++++++++++
 policycoreutils.spec       |  5 ++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 7a593d0..0f11d97 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -132,6 +132,29 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.7 --exclude=gui --exclude=po
  exit $?
  }
  
+diff --exclude-from=exclude --exclude=sepolgen-1.0.7 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.7/scripts/genhomedircon
+--- nsapolicycoreutils/scripts/genhomedircon	2006-11-28 09:24:33.000000000 -0500
++++ policycoreutils-2.0.7/scripts/genhomedircon	2007-04-09 15:44:47.000000000 -0400
+@@ -26,6 +26,7 @@
+ 
+ import sys, os, pwd, string, getopt, re
+ from semanage import *;
++import selinux
+ import gettext
+ gettext.install('policycoreutils')
+ 
+@@ -249,7 +250,10 @@
+ 				i = i.replace("HOME_DIR", home)
+ 				i = i.replace("ROLE", prefix)
+ 				i = i.replace("system_u", seuser)
+-				ret = ret+i
++				# Validate if the generated context exists.  Some user types may not exist
++				scon = i.split()[-1]
++				if selinux.security_check_context(scon) == 0:
++					ret = ret+i
+ 		fd.close()
+ 		return ret
+ 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.7 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.7/semanage/seobject.py
 --- nsapolicycoreutils/semanage/seobject.py	2007-02-22 08:53:22.000000000 -0500
 +++ policycoreutils-2.0.7/semanage/seobject.py	2007-03-23 09:03:56.000000000 -0400
diff --git a/policycoreutils.spec b/policycoreutils.spec
index c66d174..5b4e395 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 2.0.7
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -186,6 +186,9 @@ if [ "$1" -ge "1" ]; then
 fi
 
 %changelog
+* Mon Apr 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-11
+- Don't generate invalid context with genhomedircon
+
 * Mon Apr 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-10
 - Add filter to booleans page