rpms
/
policycoreutils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-12 

- Tighten up controls on seunshare.c
This commit is contained in:
Daniel J Walsh 2009-08-26 21:52:30 +00:00
parent 0a51336809
commit a39af4db38
2 changed files with 53 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
policycoreutils-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.71/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/audit2allow/audit2allow 2009-08-26 17:34:50.000000000 -0400
@@ -42,6 +42,8 @@
from optparse import OptionParser
@ -40,7 +40,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
f = sys.stdin
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.71/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/Makefile 2009-08-26 10:04:47.000000000 -0400
+++ policycoreutils-2.0.71/Makefile 2009-08-26 17:34:50.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -49,7 +49,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.71/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-20 15:30:42.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/Makefile 2009-08-26 17:34:50.000000000 -0400
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@ -98,14 +98,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/org.selinux.Restorecond.service 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.71/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-22 08:03:13.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.c 2009-08-26 17:34:50.000000000 -0400
@@ -48,294 +48,38 @@
#include <signal.h>
#include <string.h>
@ -598,7 +598,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.71/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-20 15:30:45.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.conf 2009-08-26 17:34:50.000000000 -0400
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@ -611,7 +611,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.71/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.desktop 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@ -622,7 +622,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.71/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-20 15:30:47.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond.h 2009-08-26 17:34:50.000000000 -0400
@@ -24,7 +24,21 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@ -649,13 +649,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.71/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/restorecond_user.conf 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.71/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-20 13:08:42.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/user.c 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,237 @@
+/*
+ * restorecond
@ -896,7 +896,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.71/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-20 13:08:19.000000000 -0400
+++ policycoreutils-2.0.71/restorecond/watch.c 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,254 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@ -1154,7 +1154,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.71/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-26 10:50:50.000000000 -0400
+++ policycoreutils-2.0.71/sandbox/Makefile 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,31 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@ -1189,7 +1189,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.71/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-26 10:03:24.000000000 -0400
+++ policycoreutils-2.0.71/sandbox/sandbox 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,193 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
@ -1386,7 +1386,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.71/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-26 10:03:24.000000000 -0400
+++ policycoreutils-2.0.71/sandbox/sandbox.8 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,26 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
@ -1416,7 +1416,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.71/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-26 10:03:24.000000000 -0400
+++ policycoreutils-2.0.71/sandbox/sandboxX.sh 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,13 @@
+#!/bin/bash
+(Xephyr -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
@ -1434,8 +1434,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.71/sandbox/seunshare differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.71/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-26 10:06:05.000000000 -0400
@@ -0,0 +1,188 @@
+++ policycoreutils-2.0.71/sandbox/seunshare.c 2009-08-26 17:50:31.000000000 -0400
@@ -0,0 +1,203 @@
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/wait.h>
@ -1456,8 +1456,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+/**
+ * This function will drop the capabilities so that we are left
+ * only with access to the audit system and the ability to raise
+ * CAP_SYS_ADMIN, CAP_DAC_OVERRIDE, CAP_FOWNER and CAP_CHOWN,
+ * before invoking unshare and mounting a couple of directories.
+ * CAP_SYS_ADMIN before invoking unshare and mounting a couple of directories.
+ * These capabilities are needed for performing bind mounts/unmounts
+ * and to create potential new instance directories with appropriate
+ * DAC attributes.
@ -1469,12 +1468,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ capng_clear(CAPNG_SELECT_BOTH);
+
+ if (all) {
+ if ((getuid() == 0) && (capng_lock() < 0))
+ if (capng_lock() < 0)
+ return -1;
+ } else {
+ if (capng_updatev(CAPNG_ADD, CAP_DAC_OVERRIDE|CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, -1) < 0)
+ if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN, CAP_SETPCAP, -1) < 0) {
+ return -1;
+
+ }
+ }
+
+ return capng_apply(CAPNG_SELECT_BOTH);
@ -1487,7 +1486,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+/**
+ * Take care of any signal setup
+ */
+static int set_signal_handles()
+static int set_signal_handles(void)
+{
+ sigset_t empty;
+
@ -1513,7 +1512,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ int rc;
+ int status = -1;
+
+ struct passwd *pwd=getpwuid(getuid());
+ security_context_t scontext;
+
+ int flag_index; /* flag index in argv[] */
@ -1526,6 +1524,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ {"tmpdir", 1, 0, 't'},
+ {NULL, 0, 0, 0}
+ };
+ capng_print_caps_text(CAPNG_PRINT_STDOUT, CAPNG_EFFECTIVE);
+
+ struct passwd *pwd=getpwuid(getuid());
+ if (!pwd) {
+ perror("getpwduid failed");
+ return -1;
+ }
+
+ if (drop_capabilities(FALSE)) {
+ perror("Failed to drop capabilities");
@ -1591,7 +1596,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ int child = fork();
+ if (!child) {
+ /* Construct a new environment */
+ char *display = strdup(getenv("DISPLAY"));
+ char *d = getenv("DISPLAY");
+ if (!d) {
+ perror("DISPLAY Not set");
+ exit(-1);
+ }
+
+ char *display = strdup(d);
+ if (!display) {
+ perror("Out of memory");
+ exit(-1);
@ -1614,7 +1625,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+ rc |= setenv("LOGNAME", pwd->pw_name, 1);
+ rc |= setenv("PATH", DEFAULT_PATH, 1);
+
+ chdir(pwd->pw_dir);
+ if (chdir(pwd->pw_dir)) {
+ perror("Failed to change dir to homedir");
+ exit(-1);
+ }
+
+ execv(argv[optind], argv + optind);
+ perror("execv");
+ exit(-1);
@ -1627,7 +1642,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.71/sandbox/seunshare.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.71/scripts/chcat
--- nsapolicycoreutils/scripts/chcat 2009-06-23 15:36:07.000000000 -0400
+++ policycoreutils-2.0.71/scripts/chcat 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/scripts/chcat 2009-08-26 17:34:50.000000000 -0400
@@ -435,6 +435,8 @@
continue
except ValueError, e:
@ -1639,7 +1654,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.71/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-26 10:04:11.000000000 -0400
+++ policycoreutils-2.0.71/scripts/Makefile 2009-08-26 17:34:50.000000000 -0400
@@ -5,7 +5,7 @@
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
@ -1651,7 +1666,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
-mkdir -p $(BINDIR)
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.71/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-08-19 16:35:03.000000000 -0400
+++ policycoreutils-2.0.71/semanage/semanage 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/semanage/semanage 2009-08-26 17:34:50.000000000 -0400
@@ -68,6 +68,7 @@
-h, --help Display this message
-n, --noheading Do not print heading when listing OBJECTS
@ -1761,7 +1776,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.71/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-08-19 16:35:03.000000000 -0400
+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/semanage/seobject.py 2009-08-26 17:34:50.000000000 -0400
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
@ -1890,7 +1905,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
def __init__(self, store = ""):
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.71/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile 2009-07-07 15:32:32.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-20 12:53:16.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/Makefile 2009-08-26 17:34:50.000000000 -0400
@@ -5,7 +5,7 @@
LIBDIR ?= $(PREFIX)/lib
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
@ -1911,7 +1926,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
ln -sf setfiles restorecon
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.71/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-22 07:59:20.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/restore.c 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,519 @@
+#include "restore.h"
+
@ -2434,7 +2449,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.71/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-22 08:02:45.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/restore.h 2009-08-26 17:34:50.000000000 -0400
@@ -0,0 +1,49 @@
+#ifndef RESTORE_H
+#define RESTORE_H
@ -2487,7 +2502,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
+#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.71/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-08-12 12:08:15.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-22 08:06:25.000000000 -0400
+++ policycoreutils-2.0.71/setfiles/setfiles.c 2009-08-26 17:34:50.000000000 -0400
@@ -1,26 +1,12 @@
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE

5
policycoreutils.spec
View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.71
Release: 11%{?dist}
Release: 12%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -295,6 +295,9 @@ fi
exit 0
%changelog
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-12
- Tighten up controls on seunshare.c
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-11
- Add sandboxX