From 83bf5a4efec8539ed3ee1fb102f0d49c7de4fecc Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Sat, 23 Sep 2006 23:35:08 +0000
Subject: [PATCH] * Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5 -
 Remove recursion from fixfiles -R calls - Fix semanage to verify prefix

---
 policycoreutils-rhat.patch | 50 ++++++++++++++++++++++++++++++++------
 policycoreutils.spec       |  6 ++++-
 2 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index d95e3e4..2815af4 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.30.29/audit2allow/avc.py
 --- nsapolicycoreutils/audit2allow/avc.py	2006-09-14 08:07:24.000000000 -0400
-+++ policycoreutils-1.30.29/audit2allow/avc.py	2006-09-21 17:14:25.000000000 -0400
++++ policycoreutils-1.30.29/audit2allow/avc.py	2006-09-21 17:16:48.000000000 -0400
 @@ -357,6 +357,15 @@
                                  break
                              else:
@@ -19,7 +19,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/audit2a
                          found = 0
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.8 policycoreutils-1.30.29/restorecon/restorecon.8
 --- nsapolicycoreutils/restorecon/restorecon.8	2006-08-28 16:58:19.000000000 -0400
-+++ policycoreutils-1.30.29/restorecon/restorecon.8	2006-09-21 17:14:25.000000000 -0400
++++ policycoreutils-1.30.29/restorecon/restorecon.8	2006-09-21 17:16:48.000000000 -0400
 @@ -23,6 +23,9 @@
  
  .SH "OPTIONS"
@@ -32,7 +32,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
  .TP 
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecon/restorecon.c policycoreutils-1.30.29/restorecon/restorecon.c
 --- nsapolicycoreutils/restorecon/restorecon.c	2006-09-01 22:32:11.000000000 -0400
-+++ policycoreutils-1.30.29/restorecon/restorecon.c	2006-09-21 17:14:25.000000000 -0400
++++ policycoreutils-1.30.29/restorecon/restorecon.c	2006-09-21 17:16:49.000000000 -0400
 @@ -11,9 +11,10 @@
   * restorecon [-Rnv] pathname...
   * 
@@ -189,7 +189,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
  }
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-1.30.29/restorecond/Makefile
 --- nsapolicycoreutils/restorecond/Makefile	2006-08-28 16:58:19.000000000 -0400
-+++ policycoreutils-1.30.29/restorecond/Makefile	2006-09-21 17:16:12.000000000 -0400
++++ policycoreutils-1.30.29/restorecond/Makefile	2006-09-21 17:16:49.000000000 -0400
 @@ -5,14 +5,14 @@
  INITDIR = $(DESTDIR)/etc/rc.d/init.d
  SELINUXDIR = $(DESTDIR)/etc/selinux
@@ -210,16 +210,18 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/restore
  	[ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.30.29/scripts/fixfiles
 --- nsapolicycoreutils/scripts/fixfiles	2006-09-01 22:32:11.000000000 -0400
-+++ policycoreutils-1.30.29/scripts/fixfiles	2006-09-21 17:14:25.000000000 -0400
-@@ -117,7 +117,7 @@
++++ policycoreutils-1.30.29/scripts/fixfiles	2006-09-23 19:31:23.000000000 -0400
+@@ -117,8 +117,8 @@
      exit $?
  fi
  if [ ! -z "$RPMFILES" ]; then
 -    for i in `echo $RPMFILES | sed 's/,/ /g'`; do
+-	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
 +    for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
- 	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* -f - 2>&1 >> $LOGFILE
++	rpmlist $i | ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -f - 2>&1 >> $LOGFILE
      done
      exit $?
+ fi
 @@ -219,7 +219,7 @@
  # check if they specified both DIRS and RPMFILES
  #
@@ -239,7 +241,7 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts
      usage
 diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-1.30.29/scripts/fixfiles.8
 --- nsapolicycoreutils/scripts/fixfiles.8	2006-08-28 16:58:19.000000000 -0400
-+++ policycoreutils-1.30.29/scripts/fixfiles.8	2006-09-21 17:14:25.000000000 -0400
++++ policycoreutils-1.30.29/scripts/fixfiles.8	2006-09-21 17:16:49.000000000 -0400
 @@ -3,9 +3,9 @@
  fixfiles \- fix file security contexts.
  
@@ -271,3 +273,35 @@ diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/scripts
  .B [[dir/file] ... ] 
  List of files or directories trees that you wish to check file context on.
  
+diff --exclude-from=exclude --exclude='*.po' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.30.29/semanage/seobject.py
+--- nsapolicycoreutils/semanage/seobject.py	2006-09-14 08:07:24.000000000 -0400
++++ policycoreutils-1.30.29/semanage/seobject.py	2006-09-22 11:24:59.000000000 -0400
+@@ -456,7 +456,9 @@
+ 				rc = semanage_user_set_mlslevel(self.sh, u, selevel)
+ 				if rc < 0:
+ 					raise ValueError(_("Could not set MLS level for %s") % name)
+-
++                        if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
++                               raise ValueError(_("Invalid prefix %s") % prefix)
+ 			rc = semanage_user_set_prefix(self.sh, u, prefix)
+ 			if rc < 0:
+ 				raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
+@@ -486,6 +488,7 @@
+ 
+ 	def modify(self, name, roles = [], selevel = "", serange = "", prefix = ""):
+ 		oldroles = ""
++		oldserange = ""
+ 		newroles = string.join(roles, ' ');
+ 		try:
+ 			if prefix == "" and len(roles) == 0  and serange == "" and selevel == "":
+@@ -521,7 +524,9 @@
+ 				semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
+ 
+ 			if prefix != "":
+-				semanage_user_set_prefix(self.sh, u, prefix)
++                               if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0:
++                                      raise ValueError(_("Invalid prefix %s") % prefix)
++                               semanage_user_set_prefix(self.sh, u, prefix)
+ 
+ 			if len(roles) != 0:
+ 				for r in roles:
diff --git a/policycoreutils.spec b/policycoreutils.spec
index e3cde97..d32f204 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -5,7 +5,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.30.29
-Release: 4
+Release: 5
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -122,6 +122,10 @@ fi
 [ -x /sbin/service ] && /sbin/service restorecond condrestart
 
 %changelog
+* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
+- Remove recursion from fixfiles -R calls
+- Fix semanage to verify prefix
+
 * Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
 - More translations
 - Compile with -pie