* Fri Jul 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-11

- Fixfiles update required to match new regex
2007-07-31 19:39:20 +00:00 · 2007-07-31 19:39:20 +00:00 · 27013450e0
parent a389a8568f
commit 27013450e0
3 changed files with 126 additions and 51 deletions
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@ -3059,50 +3059,50 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.22/gui/selinux.tbl
 --- nsapolicycoreutils/gui/selinux.tbl	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.22/gui/selinux.tbl	2007-07-27 14:57:41.000000000 -0400
-@@ -0,0 +1,295 @@
+++ policycoreutils-2.0.22/gui/selinux.tbl	2007-07-28 11:01:13.000000000 -0400
+@@ -0,0 +1,296 @@
 +allow_console_login _("Login") _("Allow direct login to the console device. Requiered for System 390")
 +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
 +allow_cvs_read_shadow  _("CVS") _("Allow cvs daemon to read shadow")
-+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /.")
-+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys.")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys")
 +allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
 +allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
 +allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
 +allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable.  This should never, ever be neessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
 +allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system")
 +allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t")
-+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services.")
-+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services.")
+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services")
+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services")
 +allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack")
-+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his homedirectory or /tmp")
-+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory.")
-+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his homedirectory or /tmp")
+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his home directory or /tmp")
+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory")
+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his home directory or /tmp")
 +allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t")
-+allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service.")
-+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam.")
+allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service")
+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam")
 +allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t")
 +allow_java_execstack _("Memory Protection") _("Allow java executable stack")
 +allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files")
 +allow_mount_anyfile _("Mount") _("Allow mount to mount any file")
-+allow_mounton_anydir  _("Mount") _("Allow mount to mount any dir")
+allow_mounton_anydir  _("Mount") _("Allow mount to mount any directory")
 +allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack")
-+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services.")
-+allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support.")
-+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications)
+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services")
+allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support")
+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications")
 +allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t")
 +allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t")
 +allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign")
-+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his homedirectory or /tmp")
-+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his homedirectory or /tmp")
-+allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user accounts to execute files in his homedirectory or /tmp")
+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his home directory or /tmp")
+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his home directory or /tmp")
+allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user accounts to execute files in his home directory or /tmp")
 +allow_unlabeled_packets _("Network Configuration") _("Allow unlabeled packets to flow on the network")
-+allow_user_exec_content _("User Privs") _("Allow user SELinux user accounts to execute files in his homedirectory or /tmp")
+allow_user_exec_content _("User Privs") _("Allow user SELinux user accounts to execute files in his home directory or /tmp")
 +allow_unconfined_execmem_dyntrans _("Memory Protection") _("Allow unconfined to dyntrans to unconfined_execmem")
 +allow_user_mysql_connect _("Databases") _("Allow user to connect to mysql socket")
 +allow_user_postgresql_connect _("Databases") _("Allow user to connect to postgres socket")
 +allow_write_xshm _("XServer") _("Allow clients to write to X shared memory")
-+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his homedirectory or /tmp")
+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his home directory or /tmp")
 +allow_ypbind _("NIS") _("Allow daemons to run with NIS")
 +allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files")
 +browser_confine_staff _("Web Applications") _("Transition staff SELinux user to Web Browser Domain")
@ -3137,7 +3137,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
 +cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon")
 +cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon")
-+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts.")
+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts")
 +crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon")
 +cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd backend server")
 +cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon")
@ -3164,7 +3164,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon")
 +dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon")
 +entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon")
-+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron.")
+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron")
 +fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail")
 +fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon")
 +freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon")
@ -3172,7 +3172,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon")
 +ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd")
 +ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories")
-+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection.  All domains will be allowed to read from /dev/urandom.")
+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection.  All domains will be allowed to read from /dev/urandom")
 +gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon")
 +gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon")
 +hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hal daemon")
@ -3183,18 +3183,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon")
 +httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting")
 +httpd_can_sendmail _("HTTPD Service") _("Allow HTTPD to send mail")
-+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases.")
-+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network.")
-+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay.")
+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases")
+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network")
+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay")
 +httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon")
 +httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support")
 +httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server")
 +httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories")
 +httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs")
-+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts.")
+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts")
 +httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec")
-+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal.  Needed for handling certificates.")
-+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files.")
+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal.  Needed for handling certificates")
+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files")
 +hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon")
 +i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon")
 +imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon")
@ -3249,7 +3249,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel")
 +pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon")
 +pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon")
-+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user.")
+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user")
 +pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp")
 +prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon")
 +privoxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for privoxy daemon")
@ -3275,6 +3275,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories")
 +samba_share_nfs _("Samba") _("Allow Samba to share nfs directories")
 +allow_saslauthd_read_shadow _("SASL authentication server") _("Allow sasl authentication server to read /etc/shadow")
+allow_xserver_execmem _("XServer") _("Allow X-Windows server to map a memory region as both executable and writable")
 +saslauthd_disable_trans _("SASL authentication server") _("Disable SELinux protection for saslauthd daemon")
 +scannerdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for scannerdaemon daemon")
 +secure_mode  _("Admin") _("Do not allow transition to sysadm_t, sudo and su effected")
@ -3312,15 +3313,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +transproxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for transproxy daemon")
 +udev_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for udev daemon")
 +uml_switch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uml daemon")
-+unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined.")
-+unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined.")
-+unlimitedRPM _("Admin") _("Allow rpm to run unconfined.")
-+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined.")
+unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined")
+unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined")
+unlimitedRPM _("Admin") _("Allow rpm to run unconfined")
+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined")
 +updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon")
 +uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon")
 +use_lpd_server _("Printing") _("Use lpd server instead of cups")
 +use_nfs_home_dirs _("NFS") _("Support NFS home directories")
-+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so.")
+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so")
 +user_can_mount _("Mount") _("Allow users to execute the mount command")
 +user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)")
 +user_dmesg _("User Privs") _("Allow users to run the dmesg command")
@ -3347,14 +3348,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
 +ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
 +zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
-+httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems.")
-+httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems.")
+httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems")
+httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems")
 +samba_domain_controller _("Samba") _("Allow samba to act as the domain controller, add users, groups and change passwords")
 +samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only")
 +samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write")
 +samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory")
-+webadm_manage_users_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories.")
-+webadm_read_users_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories.")
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories")
 +
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.22/gui/semanagePage.py
 --- nsapolicycoreutils/gui/semanagePage.py	1969-12-31 19:00:00.000000000 -0500
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.22/audit2allow/Makefile
 --- nsapolicycoreutils/audit2allow/Makefile	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/audit2allow/Makefile	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/audit2allow/Makefile	2007-07-23 10:40:06.000000000 -0400
@@ -1,6 +1,7 @@
 # Installation directories.
 PREFIX ?= ${DESTDIR}/usr
@ -18,9 +18,20 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
 	-mkdir -p $(MANDIR)/man1
 	install -m 644 audit2allow.1 $(MANDIR)/man1/
 
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/ChangeLog policycoreutils-2.0.22/ChangeLog
+--- nsapolicycoreutils/ChangeLog	2007-07-16 14:20:43.000000000 -0400
+++ policycoreutils-2.0.22/ChangeLog	2007-06-21 05:17:13.000000000 -0400
+@@ -91,7 +91,6 @@
+ 1.33.15 2007-01-17
+ 	* Merged unicode-to-string fix for seobject audit from Dan Walsh.
+ 	* Merged man page updates to make "apropos selinux" work from Dan Walsh.
+-
+ 1.33.14 2007-01-16
+ 	* Merged newrole man page patch from Michael Thompson.
+ 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.22/Makefile
 --- nsapolicycoreutils/Makefile	2007-07-16 14:20:43.000000000 -0400
-+++ policycoreutils-2.0.22/Makefile	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/Makefile	2007-07-23 10:40:06.000000000 -0400
@@ -1,4 +1,4 @@
 -SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -29,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
 	@for subdir in $(SUBDIRS); do \
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.22/restorecond/Makefile
 --- nsapolicycoreutils/restorecond/Makefile	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/restorecond/Makefile	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/restorecond/Makefile	2007-07-23 10:40:06.000000000 -0400
@@ -22,7 +22,7 @@
 	-mkdir -p $(INITDIR)
 	install -m 644 restorecond.init $(INITDIR)/restorecond
@ -41,7 +52,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
 	/sbin/restorecon $(SBINDIR)/restorecond 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.22/restorecond/restorecond.c
 --- nsapolicycoreutils/restorecond/restorecond.c	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/restorecond/restorecond.c	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/restorecond/restorecond.c	2007-07-23 10:40:06.000000000 -0400
@@ -210,9 +210,10 @@
 			}
 
@ -70,7 +81,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
 	close(fd);
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/run_init/Makefile policycoreutils-2.0.22/run_init/Makefile
 --- nsapolicycoreutils/run_init/Makefile	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/run_init/Makefile	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/run_init/Makefile	2007-07-23 10:40:06.000000000 -0400
@@ -34,8 +34,8 @@
 install: all
 	test -d $(SBINDIR)      || install -m 755 -d $(SBINDIR)
@ -84,7 +95,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
 ifeq (${PAMH}, /usr/include/security/pam_appl.h)
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.22/scripts/chcat
 --- nsapolicycoreutils/scripts/chcat	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/scripts/chcat	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/scripts/chcat	2007-07-23 10:40:06.000000000 -0400
@@ -77,7 +77,7 @@
             
         if len(cats) > 0:
@ -105,7 +116,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
         if add_ind:
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.22/scripts/fixfiles
 --- nsapolicycoreutils/scripts/fixfiles	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/scripts/fixfiles	2007-07-23 10:25:32.000000000 -0400
+++ policycoreutils-2.0.22/scripts/fixfiles	2007-07-31 15:36:53.000000000 -0400
+@@ -88,7 +88,7 @@
+                   esac; \
+                fi; \
+             done | \
+-	while read pattern ; do find $pattern \
+	while read pattern ; do sh -c "find $pattern" \
+ 		      ! \( -fstype ext2 -o -fstype ext3 -o -fstype jfs -o -fstype xfs \) -prune  -o \
+ 		      \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print; \
+ 		      done 2> /dev/null | \
@@ -108,6 +108,7 @@
 
 rpmlist() {
@ -116,7 +136,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
 # 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.22/scripts/genhomedircon
 --- nsapolicycoreutils/scripts/genhomedircon	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/scripts/genhomedircon	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/scripts/genhomedircon	2007-07-23 10:40:06.000000000 -0400
@@ -302,7 +302,7 @@
 			    
 			    regex = re.sub("\(\/\.\*\)\?", "", regex)
@ -128,7 +148,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
 			    continue
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.22/semanage/semanage
 --- nsapolicycoreutils/semanage/semanage	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/semanage/semanage	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/semanage/semanage	2007-07-23 10:40:06.000000000 -0400
@@ -34,7 +34,10 @@
 sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
 
@ -143,7 +163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
        __builtin__.__dict__['_'] = unicode
 diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.22/semanage/seobject.py
 --- nsapolicycoreutils/semanage/seobject.py	2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.22/semanage/seobject.py	2007-07-20 12:07:46.000000000 -0400
+++ policycoreutils-2.0.22/semanage/seobject.py	2007-07-31 09:55:36.000000000 -0400
@@ -210,6 +210,7 @@
 		os.write(fd, self.out())
 		os.close(fd)
@ -152,7 +172,58 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po
                 
 class semanageRecords:
 	def __init__(self):
-@@ -1283,9 +1284,12 @@
+@@ -1051,26 +1052,30 @@
+ 			raise ValueError(_("Could not create file context for %s") % target)
+ 		
+ 		rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+-		(rc, con) = semanage_context_create(self.sh)
+-		if rc < 0:
+-			raise ValueError(_("Could not create context for %s") % target)
+-
+-		rc = semanage_context_set_user(self.sh, con, seuser)
+-		if rc < 0:
+-			raise ValueError(_("Could not set user in file context for %s") % target)
+-		
+-		rc = semanage_context_set_role(self.sh, con, "object_r")
+-		if rc < 0:
+-			raise ValueError(_("Could not set role in file context for %s") % target)
+-
+-		rc = semanage_context_set_type(self.sh, con, type)
+-		if rc < 0:
+-			raise ValueError(_("Could not set type in file context for %s") % target)
+-
+-		if serange != "":
+-			rc = semanage_context_set_mls(self.sh, con, serange)
+-			if rc < 0:
+-				raise ValueError(_("Could not set mls fields in file context for %s") % target)
+                if type == "<<none>>":
+                       rc, con = semanage_context_from_string(self.sh, type)
+                       if rc < 0:
+                              raise ValueError(_("Could not set context from string %s for %s") % (type, target))
+                else:
+                       (rc, con) = semanage_context_create(self.sh)
+                       if rc < 0:
+                              raise ValueError(_("Could not create context for %s") % target)
+                       rc = semanage_context_set_user(self.sh, con, seuser)
+                       if rc < 0:
+                              raise ValueError(_("Could not set user in file context for %s") % target)
+		
+                       rc = semanage_context_set_role(self.sh, con, "object_r")
+                       if rc < 0:
+                              raise ValueError(_("Could not set role in file context for %s") % target)
+
+                       rc = semanage_context_set_type(self.sh, con, type)
+                       if rc < 0:
+                              raise ValueError(_("Could not set type in file context for %s") % target)
+
+                       if serange != "":
+                              rc = semanage_context_set_mls(self.sh, con, serange)
+                              if rc < 0:
+                                     raise ValueError(_("Could not set mls fields in file context for %s") % target)
+ 
+ 		semanage_fcontext_set_type(fcontext, file_types[ftype])
+ 
+@@ -1283,9 +1288,12 @@
 			raise ValueError(_("Could not list booleans"))
 
 		for boolean in self.blist:
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name: policycoreutils
 Version: 2.0.22
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then
 fi

 %changelog
+* Fri Jul 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-11
+- Fixfiles update required to match new regex
+
 * Fri Jul 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-10
 - Update booleans translations