From 8672af3e7faa8d8b608c3ab0439e98de60c08335 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Mon, 18 Dec 2006 19:00:41 +0000
Subject: [PATCH] * Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6 - Fix
 audit2allow generating reference policy

---
 policycoreutils-po.patch   | 12 ------
 policycoreutils-rhat.patch | 85 ++++++++++++++++++++++++++++----------
 policycoreutils.spec       |  5 ++-
 3 files changed, 68 insertions(+), 34 deletions(-)

diff --git a/policycoreutils-po.patch b/policycoreutils-po.patch
index 32193ff..9e02707 100644
--- a/policycoreutils-po.patch
+++ b/policycoreutils-po.patch
@@ -44561,18 +44561,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/lv.po policycoreutils
  #, c-format
  msgid "Options Error: %s "
  msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/Makefile policycoreutils-1.33.6/po/Makefile
---- nsapolicycoreutils/po/Makefile	2006-11-16 17:15:00.000000000 -0500
-+++ policycoreutils-1.33.6/po/Makefile	2006-12-06 15:51:32.000000000 -0500
-@@ -64,8 +64,6 @@
- 	@rm -fv *mo *~ .depend
- 	@rm -rf tmp
- 
--indent:
--
- install: $(MOFILES)
- 	@for n in $(MOFILES); do \
- 	    l=`basename $$n .mo`; \
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/mk.po policycoreutils-1.33.6/po/mk.po
 --- nsapolicycoreutils/po/mk.po	2006-11-22 13:53:51.000000000 -0500
 +++ policycoreutils-1.33.6/po/mk.po	2006-12-08 09:11:53.000000000 -0500
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index a142407..02139f7 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,6 +1,18 @@
+diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/audit2allow/avc.py policycoreutils-1.33.6/audit2allow/avc.py
+--- nsapolicycoreutils/audit2allow/avc.py	2006-11-16 17:14:29.000000000 -0500
++++ policycoreutils-1.33.6/audit2allow/avc.py	2006-12-08 16:09:54.000000000 -0500
+@@ -231,7 +231,7 @@
+ 		else:
+ 			file = m[0][1]
+ 			ret = "\n#%s\n"% self.out()
+-			ret += "optional_policy(`%s', `\n" % m[0][1]
++			ret += "optional_policy(`\n" 
+ 			first = True
+ 			for i in m:
+ 				if file != i[1]:
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-1.33.6/gui/booleansPage.py
 --- nsapolicycoreutils/gui/booleansPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/booleansPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/booleansPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,199 @@
 +#
 +# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -203,7 +215,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +        commands.getstatusoutput(setsebool)
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-1.33.6/gui/fcontextPage.py
 --- nsapolicycoreutils/gui/fcontextPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/fcontextPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/fcontextPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,158 @@
 +## fcontextPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -365,7 +377,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +        self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls))
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-1.33.6/gui/loginsPage.py
 --- nsapolicycoreutils/gui/loginsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/loginsPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/loginsPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,161 @@
 +## loginsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -530,7 +542,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-1.33.6/gui/Makefile
 --- nsapolicycoreutils/gui/Makefile	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/Makefile	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/Makefile	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,30 @@
 +# Installation directories.
 +PREFIX ?= ${DESTDIR}/usr
@@ -564,7 +576,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +relabel:
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-1.33.6/gui/mappingsPage.py
 --- nsapolicycoreutils/gui/mappingsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/mappingsPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/mappingsPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,54 @@
 +## mappingsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -622,7 +634,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-1.33.6/gui/modulesPage.py
 --- nsapolicycoreutils/gui/modulesPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/modulesPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/modulesPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,161 @@
 +## modulesPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -787,7 +799,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-1.33.6/gui/portsPage.py
 --- nsapolicycoreutils/gui/portsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/portsPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/portsPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,214 @@
 +## portsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -1005,7 +1017,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-1.33.6/gui/selinux.tbl
 --- nsapolicycoreutils/gui/selinux.tbl	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/selinux.tbl	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/selinux.tbl	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,265 @@
 +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
 +allow_cvs_read_shadow  _("CVS") _("Allow cvs daemon to read shadow")
@@ -1274,7 +1286,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-1.33.6/gui/semanagePage.py
 --- nsapolicycoreutils/gui/semanagePage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/semanagePage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/semanagePage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,109 @@
 +## semanagePage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -1387,7 +1399,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +    
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-1.33.6/gui/statusPage.py
 --- nsapolicycoreutils/gui/statusPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/statusPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/statusPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,213 @@
 +## statusPage.py - show selinux status
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -1604,7 +1616,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-1.33.6/gui/system-config-selinux.glade
 --- nsapolicycoreutils/gui/system-config-selinux.glade	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/system-config-selinux.glade	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/system-config-selinux.glade	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,2803 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -4411,7 +4423,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +</glade-interface>
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-1.33.6/gui/system-config-selinux.py
 --- nsapolicycoreutils/gui/system-config-selinux.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/system-config-selinux.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/system-config-selinux.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,156 @@
 +#!/usr/bin/python
 +#
@@ -4571,7 +4583,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +    app.stand_alone()
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-1.33.6/gui/translationsPage.py
 --- nsapolicycoreutils/gui/translationsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/translationsPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/translationsPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,109 @@
 +## translationsPage.py - show selinux translations
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -4684,7 +4696,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +        self.store.set_value(iter, 1, translation)
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-1.33.6/gui/usersPage.py
 --- nsapolicycoreutils/gui/usersPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-1.33.6/gui/usersPage.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/gui/usersPage.py	2006-12-08 10:34:48.000000000 -0500
 @@ -0,0 +1,155 @@
 +## usersPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -4843,7 +4855,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-1.33.6/load_policy/load_policy.c
 --- nsapolicycoreutils/load_policy/load_policy.c	2006-11-16 17:14:31.000000000 -0500
-+++ policycoreutils-1.33.6/load_policy/load_policy.c	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/load_policy/load_policy.c	2006-12-08 10:34:48.000000000 -0500
 @@ -50,12 +50,12 @@
  	nargs = argc - optind;
  	if (nargs > 2)
@@ -4864,7 +4876,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
  			argv[0], argv[optind++]);
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/Makefile policycoreutils-1.33.6/Makefile
 --- nsapolicycoreutils/Makefile	2006-11-16 17:15:00.000000000 -0500
-+++ policycoreutils-1.33.6/Makefile	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/Makefile	2006-12-08 10:34:48.000000000 -0500
 @@ -1,4 +1,4 @@
 -SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@@ -4873,7 +4885,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
  	@for subdir in $(SUBDIRS); do \
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-1.33.6/newrole/newrole.c
 --- nsapolicycoreutils/newrole/newrole.c	2006-11-29 17:11:18.000000000 -0500
-+++ policycoreutils-1.33.6/newrole/newrole.c	2006-12-08 10:34:08.000000000 -0500
++++ policycoreutils-1.33.6/newrole/newrole.c	2006-12-08 10:34:48.000000000 -0500
 @@ -1120,10 +1120,10 @@
  	fd = open(ttyn, O_RDONLY);
  	if (fd != 0)
@@ -4887,9 +4899,21 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
  	if (fd != 2)
  		goto err_close_pam;
  
+diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/po/Makefile policycoreutils-1.33.6/po/Makefile
+--- nsapolicycoreutils/po/Makefile	2006-11-16 17:15:00.000000000 -0500
++++ policycoreutils-1.33.6/po/Makefile	2006-12-08 10:34:48.000000000 -0500
+@@ -64,8 +64,6 @@
+ 	@rm -fv *mo *~ .depend
+ 	@rm -rf tmp
+ 
+-indent:
+-
+ install: $(MOFILES)
+ 	@for n in $(MOFILES); do \
+ 	    l=`basename $$n .mo`; \
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-1.33.6/restorecond/restorecond.c
 --- nsapolicycoreutils/restorecond/restorecond.c	2006-11-16 17:14:28.000000000 -0500
-+++ policycoreutils-1.33.6/restorecond/restorecond.c	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/restorecond/restorecond.c	2006-12-08 10:34:48.000000000 -0500
 @@ -210,9 +210,10 @@
  			}
  
@@ -4916,9 +4940,18 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
  	}
  	free(scontext);
  	close(fd);
+diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-1.33.6/restorecond/restorecond.conf
+--- nsapolicycoreutils/restorecond/restorecond.conf	2006-11-20 12:19:55.000000000 -0500
++++ policycoreutils-1.33.6/restorecond/restorecond.conf	2006-12-12 08:27:15.000000000 -0500
+@@ -1,4 +1,5 @@
+ /etc/resolv.conf
++/etc/localtime
+ /etc/samba/secrets.tdb
+ /etc/mtab
+ /var/run/utmp
 diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-1.33.6/semanage/seobject.py
 --- nsapolicycoreutils/semanage/seobject.py	2006-11-16 17:14:26.000000000 -0500
-+++ policycoreutils-1.33.6/semanage/seobject.py	2006-12-08 09:12:28.000000000 -0500
++++ policycoreutils-1.33.6/semanage/seobject.py	2006-12-18 13:59:38.000000000 -0500
 @@ -94,23 +94,25 @@
  	return re.search("^" + reg +"$",raw)
  
@@ -4988,7 +5021,7 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
  			rc = semanage_user_set_prefix(self.sh, u, prefix)
  			if rc < 0:
  				raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
-@@ -522,7 +526,9 @@
+@@ -522,11 +526,17 @@
  				semanage_user_set_mlslevel(self.sh, u, untranslate(selevel))
  
  			if prefix != "":
@@ -4998,4 +5031,14 @@ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.
 +                               semanage_user_set_prefix(self.sh, u, prefix)
  
  			if len(roles) != 0:
- 				for r in roles:
+-				for r in roles:
+-					semanage_user_add_role(self.sh, u, r)
++                               for r in rlist:
++                                      if r not in roles:
++                                             semanage_user_del_role(u, r)
++                               for r in roles:
++                                      if r not in rlist:
++                                             semanage_user_add_role(self.sh, u, r)
+ 
+ 			rc = semanage_begin_transaction(self.sh)
+ 			if rc < 0:
diff --git a/policycoreutils.spec b/policycoreutils.spec
index c19253f..17429d8 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -5,7 +5,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
 Version: 1.33.6
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -168,6 +168,9 @@ fi
 [ -x /sbin/service ] && /sbin/service restorecond condrestart
 
 %changelog
+* Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6
+- Fix audit2allow generating reference policy
+
 * Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-5
 - Update po files
 - Fix newrole to open stdout and stderr rdrw so more will work on MLS machines