From b6d72dd04b49524465b2d64915c61d989d460ea6 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 9 Mar 2011 16:16:13 -0500
Subject: [PATCH] Fix portspage in system-config-selinux to not crash More
 fixes for seunshare from Tomas Hoger

---
 policycoreutils-gui.patch  | 156 ++++++++++++++++++-------------------
 policycoreutils-rhat.patch | 123 +++++++++++++++--------------
 policycoreutils.spec       |   6 +-
 3 files changed, 147 insertions(+), 138 deletions(-)

diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 9610237..544ddd1 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -1,6 +1,6 @@
 diff -up policycoreutils-2.0.85/gui/booleansPage.py.gui policycoreutils-2.0.85/gui/booleansPage.py
---- policycoreutils-2.0.85/gui/booleansPage.py.gui	2011-02-23 14:55:19.198081540 -0500
-+++ policycoreutils-2.0.85/gui/booleansPage.py	2011-02-23 14:55:19.198081540 -0500
+--- policycoreutils-2.0.85/gui/booleansPage.py.gui	2011-03-08 17:50:01.451191417 -0500
++++ policycoreutils-2.0.85/gui/booleansPage.py	2011-03-08 17:50:01.451191417 -0500
 @@ -0,0 +1,247 @@
 +#
 +# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -250,8 +250,8 @@ diff -up policycoreutils-2.0.85/gui/booleansPage.py.gui policycoreutils-2.0.85/g
 +        return True
 +        
 diff -up policycoreutils-2.0.85/gui/domainsPage.py.gui policycoreutils-2.0.85/gui/domainsPage.py
---- policycoreutils-2.0.85/gui/domainsPage.py.gui	2011-02-23 14:55:19.198081540 -0500
-+++ policycoreutils-2.0.85/gui/domainsPage.py	2011-02-23 14:55:19.198081540 -0500
+--- policycoreutils-2.0.85/gui/domainsPage.py.gui	2011-03-08 17:50:01.451191417 -0500
++++ policycoreutils-2.0.85/gui/domainsPage.py	2011-03-08 17:50:01.451191417 -0500
 @@ -0,0 +1,154 @@
 +## domainsPage.py - show selinux domains
 +## Copyright (C) 2009 Red Hat, Inc.
@@ -408,8 +408,8 @@ diff -up policycoreutils-2.0.85/gui/domainsPage.py.gui policycoreutils-2.0.85/gu
 +        except ValueError, e:
 +            self.error(e.args[0])
 diff -up policycoreutils-2.0.85/gui/fcontextPage.py.gui policycoreutils-2.0.85/gui/fcontextPage.py
---- policycoreutils-2.0.85/gui/fcontextPage.py.gui	2011-02-23 14:55:19.199081547 -0500
-+++ policycoreutils-2.0.85/gui/fcontextPage.py	2011-02-23 14:55:19.199081547 -0500
+--- policycoreutils-2.0.85/gui/fcontextPage.py.gui	2011-03-08 17:50:01.452191430 -0500
++++ policycoreutils-2.0.85/gui/fcontextPage.py	2011-03-08 17:50:01.452191430 -0500
 @@ -0,0 +1,223 @@
 +## fcontextPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -635,8 +635,8 @@ diff -up policycoreutils-2.0.85/gui/fcontextPage.py.gui policycoreutils-2.0.85/g
 +        self.store.set_value(iter, FTYPE_COL, ftype)
 +        self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
 diff -up policycoreutils-2.0.85/gui/html_util.py.gui policycoreutils-2.0.85/gui/html_util.py
---- policycoreutils-2.0.85/gui/html_util.py.gui	2011-02-23 14:55:19.200081554 -0500
-+++ policycoreutils-2.0.85/gui/html_util.py	2011-02-23 14:55:19.200081554 -0500
+--- policycoreutils-2.0.85/gui/html_util.py.gui	2011-03-08 17:50:01.453191443 -0500
++++ policycoreutils-2.0.85/gui/html_util.py	2011-03-08 17:50:01.453191443 -0500
 @@ -0,0 +1,164 @@
 +# Authors: John Dennis <jdennis@redhat.com>
 +#
@@ -803,8 +803,8 @@ diff -up policycoreutils-2.0.85/gui/html_util.py.gui policycoreutils-2.0.85/gui/
 +    return doc
 +
 diff -up policycoreutils-2.0.85/gui/lockdown.glade.gui policycoreutils-2.0.85/gui/lockdown.glade
---- policycoreutils-2.0.85/gui/lockdown.glade.gui	2011-02-23 14:55:19.202081568 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.glade	2011-02-23 14:55:19.202081568 -0500
+--- policycoreutils-2.0.85/gui/lockdown.glade.gui	2011-03-08 17:50:01.455191469 -0500
++++ policycoreutils-2.0.85/gui/lockdown.glade	2011-03-08 17:50:01.455191469 -0500
 @@ -0,0 +1,771 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -1578,8 +1578,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.glade.gui policycoreutils-2.0.85/gu
 +
 +</glade-interface>
 diff -up policycoreutils-2.0.85/gui/lockdown.gladep.gui policycoreutils-2.0.85/gui/lockdown.gladep
---- policycoreutils-2.0.85/gui/lockdown.gladep.gui	2011-02-23 14:55:19.203081575 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.gladep	2011-02-23 14:55:19.203081575 -0500
+--- policycoreutils-2.0.85/gui/lockdown.gladep.gui	2011-03-08 17:50:01.455191469 -0500
++++ policycoreutils-2.0.85/gui/lockdown.gladep	2011-03-08 17:50:01.455191469 -0500
 @@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -1589,8 +1589,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.gladep.gui policycoreutils-2.0.85/g
 +  <program_name></program_name>
 +</glade-project>
 diff -up policycoreutils-2.0.85/gui/lockdown.py.gui policycoreutils-2.0.85/gui/lockdown.py
---- policycoreutils-2.0.85/gui/lockdown.py.gui	2011-02-23 14:55:19.204081582 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.py	2011-02-23 14:55:19.204081582 -0500
+--- policycoreutils-2.0.85/gui/lockdown.py.gui	2011-03-08 17:50:01.457191494 -0500
++++ policycoreutils-2.0.85/gui/lockdown.py	2011-03-08 17:50:01.457191494 -0500
 @@ -0,0 +1,382 @@
 +#!/usr/bin/python -Es
 +#
@@ -1975,8 +1975,8 @@ diff -up policycoreutils-2.0.85/gui/lockdown.py.gui policycoreutils-2.0.85/gui/l
 +    app = booleanWindow()
 +    app.stand_alone()
 diff -up policycoreutils-2.0.85/gui/loginsPage.py.gui policycoreutils-2.0.85/gui/loginsPage.py
---- policycoreutils-2.0.85/gui/loginsPage.py.gui	2011-02-23 14:55:19.205081589 -0500
-+++ policycoreutils-2.0.85/gui/loginsPage.py	2011-02-23 14:55:19.205081589 -0500
+--- policycoreutils-2.0.85/gui/loginsPage.py.gui	2011-03-08 17:50:01.458191506 -0500
++++ policycoreutils-2.0.85/gui/loginsPage.py	2011-03-08 17:50:01.458191506 -0500
 @@ -0,0 +1,185 @@
 +## loginsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -2164,8 +2164,8 @@ diff -up policycoreutils-2.0.85/gui/loginsPage.py.gui policycoreutils-2.0.85/gui
 +        self.store.set_value(iter, 2, seobject.translate(serange))
 +
 diff -up policycoreutils-2.0.85/gui/Makefile.gui policycoreutils-2.0.85/gui/Makefile
---- policycoreutils-2.0.85/gui/Makefile.gui	2011-02-23 14:55:19.205081589 -0500
-+++ policycoreutils-2.0.85/gui/Makefile	2011-02-23 14:55:19.205081589 -0500
+--- policycoreutils-2.0.85/gui/Makefile.gui	2011-03-08 17:50:01.458191506 -0500
++++ policycoreutils-2.0.85/gui/Makefile	2011-03-08 17:50:01.458191506 -0500
 @@ -0,0 +1,40 @@
 +# Installation directories.
 +PREFIX ?= ${DESTDIR}/usr
@@ -2208,8 +2208,8 @@ diff -up policycoreutils-2.0.85/gui/Makefile.gui policycoreutils-2.0.85/gui/Make
 +
 +relabel:
 diff -up policycoreutils-2.0.85/gui/mappingsPage.py.gui policycoreutils-2.0.85/gui/mappingsPage.py
---- policycoreutils-2.0.85/gui/mappingsPage.py.gui	2011-02-23 14:55:19.206081596 -0500
-+++ policycoreutils-2.0.85/gui/mappingsPage.py	2011-02-23 14:55:19.206081596 -0500
+--- policycoreutils-2.0.85/gui/mappingsPage.py.gui	2011-03-08 17:50:01.459191518 -0500
++++ policycoreutils-2.0.85/gui/mappingsPage.py	2011-03-08 17:50:01.459191518 -0500
 @@ -0,0 +1,56 @@
 +## mappingsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -2268,8 +2268,8 @@ diff -up policycoreutils-2.0.85/gui/mappingsPage.py.gui policycoreutils-2.0.85/g
 +            print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
 +
 diff -up policycoreutils-2.0.85/gui/modulesPage.py.gui policycoreutils-2.0.85/gui/modulesPage.py
---- policycoreutils-2.0.85/gui/modulesPage.py.gui	2011-02-23 14:55:19.207081603 -0500
-+++ policycoreutils-2.0.85/gui/modulesPage.py	2011-02-23 14:55:19.207081603 -0500
+--- policycoreutils-2.0.85/gui/modulesPage.py.gui	2011-03-08 17:50:01.460191530 -0500
++++ policycoreutils-2.0.85/gui/modulesPage.py	2011-03-08 17:50:01.460191530 -0500
 @@ -0,0 +1,190 @@
 +## modulesPage.py - show selinux mappings
 +## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -2462,8 +2462,8 @@ diff -up policycoreutils-2.0.85/gui/modulesPage.py.gui policycoreutils-2.0.85/gu
 +        except ValueError, e:
 +            self.error(e.args[0])
 diff -up policycoreutils-2.0.85/gui/polgen.glade.gui policycoreutils-2.0.85/gui/polgen.glade
---- policycoreutils-2.0.85/gui/polgen.glade.gui	2011-02-23 14:55:19.213081645 -0500
-+++ policycoreutils-2.0.85/gui/polgen.glade	2011-02-23 14:55:19.214081651 -0500
+--- policycoreutils-2.0.85/gui/polgen.glade.gui	2011-03-08 17:50:01.466191608 -0500
++++ policycoreutils-2.0.85/gui/polgen.glade	2011-03-08 17:50:01.466191608 -0500
 @@ -0,0 +1,3432 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -5898,8 +5898,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.glade.gui policycoreutils-2.0.85/gui/
 +
 +</glade-interface>
 diff -up policycoreutils-2.0.85/gui/polgen.gladep.gui policycoreutils-2.0.85/gui/polgen.gladep
---- policycoreutils-2.0.85/gui/polgen.gladep.gui	2011-02-23 14:55:19.216081664 -0500
-+++ policycoreutils-2.0.85/gui/polgen.gladep	2011-02-23 14:55:19.216081664 -0500
+--- policycoreutils-2.0.85/gui/polgen.gladep.gui	2011-03-08 17:50:01.468191632 -0500
++++ policycoreutils-2.0.85/gui/polgen.gladep	2011-03-08 17:50:01.468191632 -0500
 @@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -5909,8 +5909,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.gladep.gui policycoreutils-2.0.85/gui
 +  <program_name></program_name>
 +</glade-project>
 diff -up policycoreutils-2.0.85/gui/polgengui.py.gui policycoreutils-2.0.85/gui/polgengui.py
---- policycoreutils-2.0.85/gui/polgengui.py.gui	2011-02-23 14:55:19.217081671 -0500
-+++ policycoreutils-2.0.85/gui/polgengui.py	2011-02-23 14:55:19.218081678 -0500
+--- policycoreutils-2.0.85/gui/polgengui.py.gui	2011-03-08 17:50:01.469191644 -0500
++++ policycoreutils-2.0.85/gui/polgengui.py	2011-03-08 17:50:01.470191656 -0500
 @@ -0,0 +1,750 @@
 +#!/usr/bin/python -Es
 +#
@@ -6663,8 +6663,8 @@ diff -up policycoreutils-2.0.85/gui/polgengui.py.gui policycoreutils-2.0.85/gui/
 +    app = childWindow()
 +    app.stand_alone()
 diff -up policycoreutils-2.0.85/gui/polgen.py.gui policycoreutils-2.0.85/gui/polgen.py
---- policycoreutils-2.0.85/gui/polgen.py.gui	2011-02-23 14:55:19.220081692 -0500
-+++ policycoreutils-2.0.85/gui/polgen.py	2011-03-07 16:55:17.688869261 -0500
+--- policycoreutils-2.0.85/gui/polgen.py.gui	2011-03-08 17:50:01.472191682 -0500
++++ policycoreutils-2.0.85/gui/polgen.py	2011-03-08 17:50:01.472191682 -0500
 @@ -0,0 +1,1347 @@
 +#!/usr/bin/python -Es
 +#
@@ -8014,8 +8014,8 @@ diff -up policycoreutils-2.0.85/gui/polgen.py.gui policycoreutils-2.0.85/gui/pol
 +    except ValueError, e:
 +        usage(e)
 diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/portsPage.py
---- policycoreutils-2.0.85/gui/portsPage.py.gui	2011-02-23 14:55:19.221081699 -0500
-+++ policycoreutils-2.0.85/gui/portsPage.py	2011-02-23 14:55:19.221081699 -0500
+--- policycoreutils-2.0.85/gui/portsPage.py.gui	2011-03-08 17:50:01.473191695 -0500
++++ policycoreutils-2.0.85/gui/portsPage.py	2011-03-09 15:55:17.719020699 -0500
 @@ -0,0 +1,259 @@
 +## portsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -8147,9 +8147,9 @@ diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/
 +                continue
 +            iter = self.store.append()
 +            if k[0] == k[1]:
-+                self.store.set_value(iter, PORT_COL, k[0])
++                self.store.set_value(iter, PORT_COL, str(k[0]))
 +            else:
-+                rec = "%s-%s" % k[:2]
++                rec = "%d-%d" % k[:2]
 +                self.store.set_value(iter, PORT_COL, rec)
 +            self.store.set_value(iter, TYPE_COL, dict[k][0])
 +            self.store.set_value(iter, PROTOCOL_COL, k[2])
@@ -8277,8 +8277,8 @@ diff -up policycoreutils-2.0.85/gui/portsPage.py.gui policycoreutils-2.0.85/gui/
 +        return True
 +        
 diff -up policycoreutils-2.0.85/gui/selinux.tbl.gui policycoreutils-2.0.85/gui/selinux.tbl
---- policycoreutils-2.0.85/gui/selinux.tbl.gui	2011-02-23 14:55:19.223081713 -0500
-+++ policycoreutils-2.0.85/gui/selinux.tbl	2011-02-23 14:55:19.223081713 -0500
+--- policycoreutils-2.0.85/gui/selinux.tbl.gui	2011-03-08 17:50:01.475191721 -0500
++++ policycoreutils-2.0.85/gui/selinux.tbl	2011-03-08 17:50:01.475191721 -0500
 @@ -0,0 +1,234 @@
 +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
 +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -8515,8 +8515,8 @@ diff -up policycoreutils-2.0.85/gui/selinux.tbl.gui policycoreutils-2.0.85/gui/s
 +webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
 +
 diff -up policycoreutils-2.0.85/gui/semanagePage.py.gui policycoreutils-2.0.85/gui/semanagePage.py
---- policycoreutils-2.0.85/gui/semanagePage.py.gui	2011-02-23 14:55:19.224081720 -0500
-+++ policycoreutils-2.0.85/gui/semanagePage.py	2011-02-23 14:55:19.224081720 -0500
+--- policycoreutils-2.0.85/gui/semanagePage.py.gui	2011-03-08 17:50:01.476191734 -0500
++++ policycoreutils-2.0.85/gui/semanagePage.py	2011-03-08 17:50:01.476191734 -0500
 @@ -0,0 +1,168 @@
 +## semanagePage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@@ -8687,8 +8687,8 @@ diff -up policycoreutils-2.0.85/gui/semanagePage.py.gui policycoreutils-2.0.85/g
 +        return True
 +        
 diff -up policycoreutils-2.0.85/gui/statusPage.py.gui policycoreutils-2.0.85/gui/statusPage.py
---- policycoreutils-2.0.85/gui/statusPage.py.gui	2011-02-23 14:55:19.225081727 -0500
-+++ policycoreutils-2.0.85/gui/statusPage.py	2011-02-23 14:55:19.225081727 -0500
+--- policycoreutils-2.0.85/gui/statusPage.py.gui	2011-03-08 17:50:01.477191746 -0500
++++ policycoreutils-2.0.85/gui/statusPage.py	2011-03-08 17:50:01.477191746 -0500
 @@ -0,0 +1,190 @@
 +# statusPage.py - show selinux status
 +## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -8881,8 +8881,8 @@ diff -up policycoreutils-2.0.85/gui/statusPage.py.gui policycoreutils-2.0.85/gui
 +
 +
 diff -up policycoreutils-2.0.85/gui/system-config-selinux.glade.gui policycoreutils-2.0.85/gui/system-config-selinux.glade
---- policycoreutils-2.0.85/gui/system-config-selinux.glade.gui	2011-02-23 14:55:19.229081755 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.glade	2011-02-23 14:55:19.229081755 -0500
+--- policycoreutils-2.0.85/gui/system-config-selinux.glade.gui	2011-03-08 17:50:01.481191795 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.glade	2011-03-08 17:50:01.481191795 -0500
 @@ -0,0 +1,3024 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -11909,8 +11909,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.glade.gui policycoreut
 +
 +</glade-interface>
 diff -up policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui policycoreutils-2.0.85/gui/system-config-selinux.gladep
---- policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui	2011-02-23 14:55:19.231081769 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.gladep	2011-02-23 14:55:19.231081769 -0500
+--- policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui	2011-03-08 17:50:01.483191821 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.gladep	2011-03-08 17:50:01.483191821 -0500
 @@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -11920,8 +11920,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.gladep.gui policycoreu
 +  <program_name></program_name>
 +</glade-project>
 diff -up policycoreutils-2.0.85/gui/system-config-selinux.py.gui policycoreutils-2.0.85/gui/system-config-selinux.py
---- policycoreutils-2.0.85/gui/system-config-selinux.py.gui	2011-02-23 14:55:19.232081776 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.py	2011-02-23 14:55:19.232081776 -0500
+--- policycoreutils-2.0.85/gui/system-config-selinux.py.gui	2011-03-08 17:50:01.484191834 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.py	2011-03-08 17:50:01.484191834 -0500
 @@ -0,0 +1,187 @@
 +#!/usr/bin/python -Es
 +#
@@ -12111,8 +12111,8 @@ diff -up policycoreutils-2.0.85/gui/system-config-selinux.py.gui policycoreutils
 +    app = childWindow()
 +    app.stand_alone()
 diff -up policycoreutils-2.0.85/gui/templates/boolean.py.gui policycoreutils-2.0.85/gui/templates/boolean.py
---- policycoreutils-2.0.85/gui/templates/boolean.py.gui	2011-02-23 14:55:19.233081783 -0500
-+++ policycoreutils-2.0.85/gui/templates/boolean.py	2011-02-23 14:55:19.233081783 -0500
+--- policycoreutils-2.0.85/gui/templates/boolean.py.gui	2011-03-08 17:50:01.485191847 -0500
++++ policycoreutils-2.0.85/gui/templates/boolean.py	2011-03-08 17:50:01.485191847 -0500
 @@ -0,0 +1,40 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -12155,8 +12155,8 @@ diff -up policycoreutils-2.0.85/gui/templates/boolean.py.gui policycoreutils-2.0
 +"""
 +
 diff -up policycoreutils-2.0.85/gui/templates/etc_rw.py.gui policycoreutils-2.0.85/gui/templates/etc_rw.py
---- policycoreutils-2.0.85/gui/templates/etc_rw.py.gui	2011-02-23 14:55:19.234081790 -0500
-+++ policycoreutils-2.0.85/gui/templates/etc_rw.py	2011-02-23 14:55:19.234081790 -0500
+--- policycoreutils-2.0.85/gui/templates/etc_rw.py.gui	2011-03-08 17:50:01.485191847 -0500
++++ policycoreutils-2.0.85/gui/templates/etc_rw.py	2011-03-08 17:50:01.485191847 -0500
 @@ -0,0 +1,113 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -12272,8 +12272,8 @@ diff -up policycoreutils-2.0.85/gui/templates/etc_rw.py.gui policycoreutils-2.0.
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/executable.py.gui policycoreutils-2.0.85/gui/templates/executable.py
---- policycoreutils-2.0.85/gui/templates/executable.py.gui	2011-02-23 14:55:19.235081797 -0500
-+++ policycoreutils-2.0.85/gui/templates/executable.py	2011-03-07 16:56:00.542178604 -0500
+--- policycoreutils-2.0.85/gui/templates/executable.py.gui	2011-03-08 17:50:01.486191860 -0500
++++ policycoreutils-2.0.85/gui/templates/executable.py	2011-03-08 17:50:01.486191860 -0500
 @@ -0,0 +1,444 @@
 +# Copyright (C) 2007-2009 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -12720,8 +12720,8 @@ diff -up policycoreutils-2.0.85/gui/templates/executable.py.gui policycoreutils-
 +EXECUTABLE	--	gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/__init__.py.gui policycoreutils-2.0.85/gui/templates/__init__.py
---- policycoreutils-2.0.85/gui/templates/__init__.py.gui	2011-02-23 14:55:19.236081804 -0500
-+++ policycoreutils-2.0.85/gui/templates/__init__.py	2011-02-23 14:55:19.236081804 -0500
+--- policycoreutils-2.0.85/gui/templates/__init__.py.gui	2011-03-08 17:50:01.487191872 -0500
++++ policycoreutils-2.0.85/gui/templates/__init__.py	2011-03-08 17:50:01.487191872 -0500
 @@ -0,0 +1,18 @@
 +#
 +# Copyright (C) 2007 Red Hat, Inc.
@@ -12742,8 +12742,8 @@ diff -up policycoreutils-2.0.85/gui/templates/__init__.py.gui policycoreutils-2.
 +#
 +
 diff -up policycoreutils-2.0.85/gui/templates/network.py.gui policycoreutils-2.0.85/gui/templates/network.py
---- policycoreutils-2.0.85/gui/templates/network.py.gui	2011-02-23 14:55:19.237081810 -0500
-+++ policycoreutils-2.0.85/gui/templates/network.py	2011-02-23 14:55:19.237081810 -0500
+--- policycoreutils-2.0.85/gui/templates/network.py.gui	2011-03-08 17:50:01.487191872 -0500
++++ policycoreutils-2.0.85/gui/templates/network.py	2011-03-08 17:50:01.488191884 -0500
 @@ -0,0 +1,80 @@
 +te_port_types="""
 +type TEMPLATETYPE_port_t;
@@ -12826,8 +12826,8 @@ diff -up policycoreutils-2.0.85/gui/templates/network.py.gui policycoreutils-2.0
 +"""
 +
 diff -up policycoreutils-2.0.85/gui/templates/rw.py.gui policycoreutils-2.0.85/gui/templates/rw.py
---- policycoreutils-2.0.85/gui/templates/rw.py.gui	2011-02-23 14:55:19.238081816 -0500
-+++ policycoreutils-2.0.85/gui/templates/rw.py	2011-02-23 14:55:19.238081816 -0500
+--- policycoreutils-2.0.85/gui/templates/rw.py.gui	2011-03-08 17:50:01.488191884 -0500
++++ policycoreutils-2.0.85/gui/templates/rw.py	2011-03-08 17:50:01.488191884 -0500
 @@ -0,0 +1,131 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -12961,8 +12961,8 @@ diff -up policycoreutils-2.0.85/gui/templates/rw.py.gui policycoreutils-2.0.85/g
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/script.py.gui policycoreutils-2.0.85/gui/templates/script.py
---- policycoreutils-2.0.85/gui/templates/script.py.gui	2011-02-23 14:55:19.238081816 -0500
-+++ policycoreutils-2.0.85/gui/templates/script.py	2011-02-23 14:55:19.238081816 -0500
+--- policycoreutils-2.0.85/gui/templates/script.py.gui	2011-03-08 17:50:01.489191896 -0500
++++ policycoreutils-2.0.85/gui/templates/script.py	2011-03-08 17:50:01.489191896 -0500
 @@ -0,0 +1,126 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13091,8 +13091,8 @@ diff -up policycoreutils-2.0.85/gui/templates/script.py.gui policycoreutils-2.0.
 +fi
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/semodule.py.gui policycoreutils-2.0.85/gui/templates/semodule.py
---- policycoreutils-2.0.85/gui/templates/semodule.py.gui	2011-02-23 14:55:19.239081823 -0500
-+++ policycoreutils-2.0.85/gui/templates/semodule.py	2011-02-23 14:55:19.239081823 -0500
+--- policycoreutils-2.0.85/gui/templates/semodule.py.gui	2011-03-08 17:50:01.489191896 -0500
++++ policycoreutils-2.0.85/gui/templates/semodule.py	2011-03-08 17:50:01.489191896 -0500
 @@ -0,0 +1,41 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13136,8 +13136,8 @@ diff -up policycoreutils-2.0.85/gui/templates/semodule.py.gui policycoreutils-2.
 +"""
 +
 diff -up policycoreutils-2.0.85/gui/templates/tmp.py.gui policycoreutils-2.0.85/gui/templates/tmp.py
---- policycoreutils-2.0.85/gui/templates/tmp.py.gui	2011-02-23 14:55:19.240081830 -0500
-+++ policycoreutils-2.0.85/gui/templates/tmp.py	2011-02-23 14:55:19.240081830 -0500
+--- policycoreutils-2.0.85/gui/templates/tmp.py.gui	2011-03-08 17:50:01.490191908 -0500
++++ policycoreutils-2.0.85/gui/templates/tmp.py	2011-03-08 17:50:01.490191908 -0500
 @@ -0,0 +1,102 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13242,8 +13242,8 @@ diff -up policycoreutils-2.0.85/gui/templates/tmp.py.gui policycoreutils-2.0.85/
 +	admin_pattern($1, TEMPLATETYPE_tmp_t)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/user.py.gui policycoreutils-2.0.85/gui/templates/user.py
---- policycoreutils-2.0.85/gui/templates/user.py.gui	2011-02-23 14:55:19.240081830 -0500
-+++ policycoreutils-2.0.85/gui/templates/user.py	2011-02-23 14:55:19.240081830 -0500
+--- policycoreutils-2.0.85/gui/templates/user.py.gui	2011-03-08 17:50:01.491191921 -0500
++++ policycoreutils-2.0.85/gui/templates/user.py	2011-03-08 17:50:01.491191921 -0500
 @@ -0,0 +1,205 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13451,8 +13451,8 @@ diff -up policycoreutils-2.0.85/gui/templates/user.py.gui policycoreutils-2.0.85
 +seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/var_cache.py.gui policycoreutils-2.0.85/gui/templates/var_cache.py
---- policycoreutils-2.0.85/gui/templates/var_cache.py.gui	2011-02-23 14:55:19.241081837 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_cache.py	2011-02-23 14:55:19.241081837 -0500
+--- policycoreutils-2.0.85/gui/templates/var_cache.py.gui	2011-03-08 17:50:01.492191934 -0500
++++ policycoreutils-2.0.85/gui/templates/var_cache.py	2011-03-08 17:50:01.492191934 -0500
 @@ -0,0 +1,133 @@
 +# Copyright (C) 2010 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13588,8 +13588,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_cache.py.gui policycoreutils-2
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/var_lib.py.gui policycoreutils-2.0.85/gui/templates/var_lib.py
---- policycoreutils-2.0.85/gui/templates/var_lib.py.gui	2011-02-23 14:55:19.242081844 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_lib.py	2011-02-23 14:55:19.242081844 -0500
+--- policycoreutils-2.0.85/gui/templates/var_lib.py.gui	2011-03-08 17:50:01.493191947 -0500
++++ policycoreutils-2.0.85/gui/templates/var_lib.py	2011-03-08 17:50:01.493191947 -0500
 @@ -0,0 +1,161 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13753,8 +13753,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_lib.py.gui policycoreutils-2.0
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/var_log.py.gui policycoreutils-2.0.85/gui/templates/var_log.py
---- policycoreutils-2.0.85/gui/templates/var_log.py.gui	2011-02-23 14:55:19.243081851 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_log.py	2011-02-23 14:55:19.243081851 -0500
+--- policycoreutils-2.0.85/gui/templates/var_log.py.gui	2011-03-08 17:50:01.493191947 -0500
++++ policycoreutils-2.0.85/gui/templates/var_log.py	2011-03-08 17:50:01.493191947 -0500
 @@ -0,0 +1,116 @@
 +# Copyright (C) 2007,2010 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13873,8 +13873,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_log.py.gui policycoreutils-2.0
 +"""
 +
 diff -up policycoreutils-2.0.85/gui/templates/var_run.py.gui policycoreutils-2.0.85/gui/templates/var_run.py
---- policycoreutils-2.0.85/gui/templates/var_run.py.gui	2011-02-23 14:55:19.243081851 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_run.py	2011-02-23 14:55:19.243081851 -0500
+--- policycoreutils-2.0.85/gui/templates/var_run.py.gui	2011-03-08 17:50:01.494191960 -0500
++++ policycoreutils-2.0.85/gui/templates/var_run.py	2011-03-08 17:50:01.494191960 -0500
 @@ -0,0 +1,101 @@
 +# Copyright (C) 2007,2010 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -13978,8 +13978,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_run.py.gui policycoreutils-2.0
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
 +"""
 diff -up policycoreutils-2.0.85/gui/templates/var_spool.py.gui policycoreutils-2.0.85/gui/templates/var_spool.py
---- policycoreutils-2.0.85/gui/templates/var_spool.py.gui	2011-02-23 14:55:19.244081858 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_spool.py	2011-02-23 14:55:19.244081858 -0500
+--- policycoreutils-2.0.85/gui/templates/var_spool.py.gui	2011-03-08 17:50:01.495191973 -0500
++++ policycoreutils-2.0.85/gui/templates/var_spool.py	2011-03-08 17:50:01.495191973 -0500
 @@ -0,0 +1,133 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@@ -14115,8 +14115,8 @@ diff -up policycoreutils-2.0.85/gui/templates/var_spool.py.gui policycoreutils-2
 +FILENAME(/.*)?		gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
 +"""
 diff -up policycoreutils-2.0.85/gui/usersPage.py.gui policycoreutils-2.0.85/gui/usersPage.py
---- policycoreutils-2.0.85/gui/usersPage.py.gui	2011-02-23 14:55:19.245081865 -0500
-+++ policycoreutils-2.0.85/gui/usersPage.py	2011-02-23 14:55:19.245081865 -0500
+--- policycoreutils-2.0.85/gui/usersPage.py.gui	2011-03-08 17:50:01.495191973 -0500
++++ policycoreutils-2.0.85/gui/usersPage.py	2011-03-08 17:50:01.495191973 -0500
 @@ -0,0 +1,150 @@
 +## usersPage.py - show selinux mappings
 +## Copyright (C) 2006,2007,2008 Red Hat, Inc.
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 70b776a..ed69325 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -2079,7 +2079,7 @@ index 0000000..6063d6a
 +and
 +.I Thomas Liu <tliu@fedoraproject.org>
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..b79e781 100644
+index ec692e7..7df3167 100644
 --- a/policycoreutils/sandbox/seunshare.c
 +++ b/policycoreutils/sandbox/seunshare.c
 @@ -1,28 +1,34 @@
@@ -2122,7 +2122,7 @@ index ec692e7..b79e781 100644
  #ifdef USE_NLS
  #include <locale.h>		/* for setlocale() */
  #include <libintl.h>		/* for gettext() */
-@@ -39,29 +45,45 @@
+@@ -39,29 +45,47 @@
  #define MS_PRIVATE 1<<18
  #endif
  
@@ -2146,6 +2146,8 @@ index ec692e7..b79e781 100644
 -static int drop_capabilities(uid_t uid)
 +static int drop_caps()
  {
++	if (capng_have_capabilities(CAPNG_SELECT_BOTH) == CAPNG_NONE)
++		return 0;
  	capng_clear(CAPNG_SELECT_BOTH);
 -
 -	if (capng_lock() < 0) 
@@ -2181,7 +2183,7 @@ index ec692e7..b79e781 100644
   */
  static int set_signal_handles(void)
  {
-@@ -75,8 +97,8 @@ static int set_signal_handles(void)
+@@ -75,8 +99,8 @@ static int set_signal_handles(void)
  
  	(void)sigprocmask(SIG_SETMASK, &empty, NULL);
  
@@ -2192,7 +2194,7 @@ index ec692e7..b79e781 100644
  		perror("Unable to set SIGHUP handler");
  		return -1;
  	}
-@@ -84,23 +106,100 @@ static int set_signal_handles(void)
+@@ -84,23 +108,103 @@ static int set_signal_handles(void)
  	return 0;
  }
  
@@ -2207,14 +2209,10 @@ index ec692e7..b79e781 100644
 +		retval = -1; \
 +	} while(0)
 +
- /**
-- * This function makes sure the mounted directory is owned by the user executing
-- * seunshare.
-- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
++/**
 + * Spawn external command using system() with dropped privileges.
 + * TODO: avoid system() and use exec*() instead
-  */
--static int verify_mount(const char *mntdir, struct passwd *pwd) {
++ */
 +static int spawn_command(const char *cmd, uid_t uid){
 +	int child;
 +	int status = -1;
@@ -2245,25 +2243,28 @@ index ec692e7..b79e781 100644
 + * Check file/directory ownership, struct stat * must be passed to the
 + * functions.
 + */
-+#define check_owner_common(f,st) do { \
-+	if (lstat(f, st) == -1) { \
-+		fprintf(stderr, _("Failed to stat %s: %s\n"), f, strerror(errno)); \
-+		return -1; \
-+	} \
-+	if (S_ISLNK(st->st_mode)) { \
-+		fprintf(stderr, _("Error: %s must not be a symbolic link\n"), f); \
-+		return -1; \
-+	} \
-+	} while(0)
-+
 +static int check_owner_uid(uid_t uid, const char *file, struct stat *st) {
-+	check_owner_common(file, st);
-+	return (st->st_uid == uid ? 0 : -1);
++	if (S_ISLNK(st->st_mode)) {
++		fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++		return -1;
++	}
++	if (st->st_uid != uid) {
++		fprintf(stderr, _("Error: %s not owned by UID %d\n"), file, uid);
++		return -1;
++	}
++	return 0;
 +}
 +
 +static int check_owner_gid(gid_t gid, const char *file, struct stat *st) {
-+	check_owner_common(file, st);
-+	return (st->st_gid == gid ? 0 : -1);
++	if (S_ISLNK(st->st_mode)) {
++		fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++		return -1;
++	}
++	if (st->st_gid != gid) {
++		fprintf(stderr, _("Error: %s not owned by GID %d\n"), file, gid);
++		return -1;
++	}
++	return 0;
 +}
 +
 +#define equal_stats(one,two) \
@@ -2271,11 +2272,15 @@ index ec692e7..b79e781 100644
 +	 (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \
 +	 (one)->st_mode == (two)->st_mode)
 +
-+/**
+ /**
+- * This function makes sure the mounted directory is owned by the user executing
+- * seunshare.
+- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
 + * Sanity check specified directory.  Store stat info for future comparison, or
 + * compare with previously saved info to detect replaced directories.
 + * Note: This function does not perform owner checks.
-+ */
+  */
+-static int verify_mount(const char *mntdir, struct passwd *pwd) {
 +static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) {
  	struct stat sb;
 -	if (stat(mntdir, &sb) == -1) {
@@ -2285,25 +2290,25 @@ index ec692e7..b79e781 100644
 +	
 +	if (lstat(dir, st_out) == -1) {
 +		fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
-+		return -1;
-+	}
-+	if (! S_ISDIR(st_out->st_mode)) {
-+		fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
  		return -1;
  	}
 -	if (sb.st_uid != pwd->pw_uid) {
 -		errno = EPERM;
 -		syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
 -		perror(_("Invalid mount point, reporting to administrator"));
-+	if (st_in && !equal_stats(st_in, st_out)) {
-+		fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
++	if (! S_ISDIR(st_out->st_mode)) {
++		fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
  		return -1;
  	}
++	if (st_in && !equal_stats(st_in, st_out)) {
++		fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
++		return -1;
++	}
 +
  	return 0;
  }
  
-@@ -123,7 +222,7 @@ static int verify_shell(const char *shell_name)
+@@ -123,7 +227,7 @@ static int verify_shell(const char *shell_name)
  
  		/* check the shell skipping newline char */
  		if (!strcmp(shell_name, buf)) {
@@ -2312,7 +2317,7 @@ index ec692e7..b79e781 100644
  			break;
  		}
  	}
-@@ -131,45 +230,443 @@ static int verify_shell(const char *shell_name)
+@@ -131,45 +235,439 @@ static int verify_shell(const char *shell_name)
  	return rc;
  }
  
@@ -2642,8 +2647,9 @@ index ec692e7..b79e781 100644
 +	struct stat tmp_st;
 +	security_context_t con = NULL;
 +
-+	/* copy selinux context */
++	/* get selinux context */
 +	if (execcon) {
++		setfsuid(pwd->pw_uid);
 +		if ((fd_s = open(src, O_RDONLY)) < 0) {
 +			fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
 +			goto err;
@@ -2660,9 +2666,10 @@ index ec692e7..b79e781 100644
 +			fprintf(stderr, _("Failed to get context of the directory %s: %s\n"), src, strerror(errno));
 +			goto err;
 +		}
++		/* ok to not reach this if there is an error */
++		setfsuid(0);
 +	}
 +
-+	setfsuid(0);
 +	if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
 +		fprintf(stderr, _("Out of memory\n"));
 +		tmpdir = NULL;
@@ -2677,14 +2684,8 @@ index ec692e7..b79e781 100644
 +	if (verify_directory(tmpdir, NULL, out_st) < 0) {
 +		goto err;
 +	}
-+	if (check_owner_uid(0, tmpdir, out_st) < 0) {
-+		fprintf(stderr, _("Error: %s not owned by UID %d\n"), tmpdir, 0);
-+		goto err;
-+	}
-+	if (check_owner_gid(getgid(), tmpdir, out_st) < 0) {
-+		fprintf(stderr, _("Error: %s not owned by GID %d\n"), tmpdir, getgid());
-+		goto err;
-+	}
++	if (check_owner_uid(0, tmpdir, out_st) < 0) goto err;
++	if (check_owner_gid(getgid(), tmpdir, out_st) < 0) goto err;
 +
 +	/* change permissions of the temporary directory */
 +	if ((fd_t = open(tmpdir, O_RDONLY)) < 0) {
@@ -2709,6 +2710,7 @@ index ec692e7..b79e781 100644
 +		goto err;
 +	}
 +
++	/* copy selinux context */
 +	if (execcon) {
 +		if (fsetfilecon(fd_t, con) == -1) {	
 +			fprintf(stderr, _("Failed to set context of the directory %s: %s\n"), tmpdir, strerror(errno));
@@ -2732,11 +2734,10 @@ index ec692e7..b79e781 100644
 +
 +	goto good;
 +err:
-+	free(tmpdir);
-+	tmpdir = NULL;
++	free(tmpdir); tmpdir = NULL;
 +good:
 +	free(cmdbuf); cmdbuf = NULL;
-+	freecon(con);
++	freecon(con); con = NULL;
 +	if (fd_t >= 0) close(fd_t);
 +	if (fd_s >= 0) close(fd_s);
 +	return tmpdir;
@@ -2771,7 +2772,7 @@ index ec692e7..b79e781 100644
  		{NULL, 0, 0, 0}
  	};
  
-@@ -180,6 +677,12 @@ int main(int argc, char **argv) {
+@@ -180,6 +678,12 @@ int main(int argc, char **argv) {
  		return -1;
  	}
  
@@ -2784,7 +2785,7 @@ index ec692e7..b79e781 100644
  	struct passwd *pwd=getpwuid(uid);
  	if (!pwd) {
  		perror(_("getpwduid failed"));
-@@ -187,34 +690,30 @@ int main(int argc, char **argv) {
+@@ -187,34 +691,30 @@ int main(int argc, char **argv) {
  	}
  
  	if (verify_shell(pwd->pw_shell) < 0) {
@@ -2830,7 +2831,7 @@ index ec692e7..b79e781 100644
  			break;
  		default:
  			fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,76 +722,81 @@ int main(int argc, char **argv) {
+@@ -223,76 +723,84 @@ int main(int argc, char **argv) {
  	}
  
  	if (! homedir_s && ! tmpdir_s) {
@@ -2872,15 +2873,17 @@ index ec692e7..b79e781 100644
 -		if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
 -				return -1;
 -	}
+-
+-	if (drop_capabilities(uid)) {
+-		perror(_("Failed to drop all capabilities"));
 +	if (set_signal_handles()) return -1;
 +
 +	if (usecgroups && setup_cgroups() < 0) return  -1;
- 
--	if (drop_capabilities(uid)) {
--		perror(_("Failed to drop all capabilities"));
-+	/* On NFS machines you need to setfsuid to be able to access files 
-+	   on homedir, if this fails on a non NFS machine, we don't care, 
-+	   if it fails on an NFS machine, the code below will fail. */
++
++	/* set fsuid to ruid */
++	/* Changing fsuid is usually required when user-specified directory is
++	 * on an NFS mount.  It's also desired to avoid leaking info about
++	 * existence of the files not accessible to the user. */
 +	setfsuid(uid);
 +
 +	/* verify homedir and tmpdir */
@@ -2890,6 +2893,7 @@ index ec692e7..b79e781 100644
 +	if (tmpdir_s && (
 +		verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
 +		check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
++	setfsuid(0);
 +
 +	/* create runtime tmpdir */
 +	if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s,
@@ -2929,6 +2933,7 @@ index ec692e7..b79e781 100644
 -			perror(_("Unable to clear environment"));
 -			free(display);
 -			exit(-1);
++		/* assume fsuid==ruid after this point */
 +		setfsuid(uid);
 +
 +		/* mount homedir and tmpdir, in this order */
@@ -2960,7 +2965,7 @@ index ec692e7..b79e781 100644
  		if (display) 
  			rc |= setenv("DISPLAY", display, 1);
  		rc |= setenv("HOME", pwd->pw_dir, 1);
-@@ -300,22 +804,41 @@ int main(int argc, char **argv) {
+@@ -300,22 +808,41 @@ int main(int argc, char **argv) {
  		rc |= setenv("USER", pwd->pw_name, 1);
  		rc |= setenv("LOGNAME", pwd->pw_name, 1);
  		rc |= setenv("PATH", DEFAULT_PATH, 1);
@@ -2995,7 +3000,7 @@ index ec692e7..b79e781 100644
  
 -	free(tmpdir_s);
 -	free(homedir_s);
-+	// XXX: drop some caps here?
++	drop_caps();
  
 +	/* parent waits for child exit to do the cleanup */
 +	waitpid(child, &status, 0);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index fa7822d..aa77d14 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.85
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -331,6 +331,10 @@ fi
 exit 0
 
 %changelog
+* Wed Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
+- Fix portspage in system-config-selinux to not crash
+- More fixes for seunshare from Tomas Hoger
+
 * Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
 - put back in old handling of -T in sandbox command
 - Put back setsid in seunshare