Add FILENAME support to sepolgen

- Add back support for '<<none>>' in semanage fcontext.
2013-04-23 13:27:29 -04:00 · 2013-04-23 13:27:29 -04:00 · f4d9a59205
parent b017084e09
commit f4d9a59205
2 changed files with 199 additions and 49 deletions
--- a/policycoreutils-rawhide.patch
+++ b/policycoreutils-rawhide.patch
@ -1,6 +1,6 @@
 diff -up policycoreutils-2.1.13/gui/domainsPage.py.f19 policycoreutils-2.1.13/gui/domainsPage.py
--- policycoreutils-2.1.13/gui/domainsPage.py.f19	2013-03-19 20:06:36.341223283 -0400
-+++ policycoreutils-2.1.13/gui/domainsPage.py	2013-03-19 20:06:36.515223688 -0400
+--- policycoreutils-2.1.13/gui/domainsPage.py.f19	2013-04-17 11:46:20.547725750 -0400
+++ policycoreutils-2.1.13/gui/domainsPage.py	2013-04-17 11:46:20.727726444 -0400
@@ -26,7 +26,7 @@ import sys
 import seobject
 import selinux
@ -20,8 +20,8 @@ diff -up policycoreutils-2.1.13/gui/domainsPage.py.f19 policycoreutils-2.1.13/gu
 
     def get_modules(self):
 diff -up policycoreutils-2.1.13/gui/statusPage.py.f19 policycoreutils-2.1.13/gui/statusPage.py
--- policycoreutils-2.1.13/gui/statusPage.py.f19	2013-03-19 20:06:36.346223294 -0400
-+++ policycoreutils-2.1.13/gui/statusPage.py	2013-03-19 20:06:36.515223688 -0400
+--- policycoreutils-2.1.13/gui/statusPage.py.f19	2013-04-17 11:46:20.555725781 -0400
+++ policycoreutils-2.1.13/gui/statusPage.py	2013-04-17 11:46:20.727726444 -0400
@@ -177,7 +177,11 @@ class statusPage:
 
     def read_selinux_config(self):
@ -36,8 +36,8 @@ diff -up policycoreutils-2.1.13/gui/statusPage.py.f19 policycoreutils-2.1.13/gui
         self.enabledOptionMenu.set_active(self.enabled + 1 )
 
 diff -up policycoreutils-2.1.13/restorecond/restorecond.conf.f19 policycoreutils-2.1.13/restorecond/restorecond.conf
--- policycoreutils-2.1.13/restorecond/restorecond.conf.f19	2013-03-19 20:06:36.492223634 -0400
-+++ policycoreutils-2.1.13/restorecond/restorecond.conf	2013-03-19 20:06:36.515223688 -0400
+--- policycoreutils-2.1.13/restorecond/restorecond.conf.f19	2013-04-17 11:46:20.706726363 -0400
+++ policycoreutils-2.1.13/restorecond/restorecond.conf	2013-04-17 11:46:20.727726444 -0400
@@ -1,6 +1,7 @@
 /etc/services
 /etc/resolv.conf
@ -48,7 +48,7 @@ diff -up policycoreutils-2.1.13/restorecond/restorecond.conf.f19 policycoreutils
 /root/*
 diff -up policycoreutils-2.1.13/restorecond/user.c.f19 policycoreutils-2.1.13/restorecond/user.c
 --- policycoreutils-2.1.13/restorecond/user.c.f19	2012-09-25 16:17:37.000000000 -0400
-+++ policycoreutils-2.1.13/restorecond/user.c	2013-03-19 20:06:36.516223690 -0400
+++ policycoreutils-2.1.13/restorecond/user.c	2013-04-17 11:46:20.727726444 -0400
@@ -54,6 +54,7 @@ static const char *PATH="/org/selinux/Re
 static const char *INTERFACE="org.selinux.RestorecondIface";
 static const char *RULE="type='signal',interface='org.selinux.RestorecondIface'";
@ -101,8 +101,8 @@ diff -up policycoreutils-2.1.13/restorecond/user.c.f19 policycoreutils-2.1.13/re
     return 0;
 }
 diff -up policycoreutils-2.1.13/sandbox/seunshare.c.f19 policycoreutils-2.1.13/sandbox/seunshare.c
--- policycoreutils-2.1.13/sandbox/seunshare.c.f19	2013-03-19 20:06:36.492223634 -0400
-+++ policycoreutils-2.1.13/sandbox/seunshare.c	2013-03-25 09:23:39.404480393 -0400
+--- policycoreutils-2.1.13/sandbox/seunshare.c.f19	2013-04-17 11:46:20.706726363 -0400
+++ policycoreutils-2.1.13/sandbox/seunshare.c	2013-04-17 11:46:20.727726444 -0400
@@ -31,12 +31,6 @@
 #include <selinux/context.h>	/* for context-mangling functions */
 #include <dirent.h>
@ -262,9 +262,68 @@ diff -up policycoreutils-2.1.13/sandbox/seunshare.c.f19 policycoreutils-2.1.13/s
 		free(display);
 		free(LANG);
 		exit(-1);
+diff -up policycoreutils-2.1.13/semanage/semanage.8.f19 policycoreutils-2.1.13/semanage/semanage.8
+--- policycoreutils-2.1.13/semanage/semanage.8.f19	2013-04-23 13:20:31.640489842 -0400
+++ policycoreutils-2.1.13/semanage/semanage.8	2013-04-23 13:20:37.522515873 -0400
+@@ -14,15 +14,15 @@ Input local customizations
+ Manage booleans.  Booleans allow the administrator to modify the confinement of
+ processes based on his configuration.
+ .br
+-.B semanage boolean [\-S store] \-{d|m|l|D} [\-nN] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
+.B semanage boolean [\-S store] \-{d|m|l|D|E} [\-nN] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
+ 
+ Manage SELinux confined users (Roles and levels for an SELinux user)
+ .br
+-.B semanage user [\-S store] \-{a|d|m|l|D} [\-LnNPrR] selinux_name
+.B semanage user [\-S store] \-{a|d|m|l|D|E} [\-LnNPrR] selinux_name
+ 
+ Manage login mappings between linux users and SELinux confined users.
+ .br
+-.B semanage login [\-S store] \-{a|d|m|l|D} [\-nNrs] login_name | %groupname
+.B semanage login [\-S store] \-{a|d|m|l|D|E} [\-nNrs] login_name | %groupname
+ 
+ Manage policy modules.
+ .br
+@@ -30,16 +30,16 @@ Manage policy modules.
+ 
+ Manage network port type definitions
+ .br
+-.B semanage port [\-S store] \-{a|d|m|l|D} [\-nNrt] [\-p proto] port | port_range
+.B semanage port [\-S store] \-{a|d|m|l|D|E} [\-nNrt] [\-p proto] port | port_range
+ .br
+ 
+ Manage network interface type definitions
+ .br
+-.B semanage interface [\-S store] \-{a|d|m|l|D} [\-nNrt] interface_spec
+.B semanage interface [\-S store] \-{a|d|m|l|D|E} [\-nNrt] interface_spec
+ 
+ Manage network node type definitions
+ .br
+-.B semanage node [\-S store] -{a|d|m|l|D} [-nNrt] [ -p protocol ] [-M netmask] address
+.B semanage node [\-S store] -{a|d|m|l|D|E} [-nNrt] [ -p protocol ] [-M netmask] address
+ .br
+ 
+ Manage file context mapping definitions
+@@ -123,11 +123,15 @@ Currently booleans only.
+ 
+ .TP
+ .I                \-h, \-\-help       
+-display this message
+display usage message
+ .TP
+ .I                \-l, \-\-list       
+ List the OBJECTS
+ .TP
+.I                \-E, \-\-extract
+Extract custommizable commands, which could then be used on another machine.
+Command output is suitable for a transaction.  See also --output
+.TP
+ .I                \-C, \-\-locallist
+ List only locally defined settings, not base policy settings.
+ .TP
 diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/semanage/semanage
--- policycoreutils-2.1.13/semanage/semanage.f19	2013-03-19 20:06:36.494223639 -0400
-+++ policycoreutils-2.1.13/semanage/semanage	2013-03-19 20:06:36.516223690 -0400
+--- policycoreutils-2.1.13/semanage/semanage.f19	2013-04-17 11:46:20.708726371 -0400
+++ policycoreutils-2.1.13/semanage/semanage	2013-04-23 13:20:11.522400405 -0400
@@ -61,7 +61,7 @@ semanage interface -{a|d|m|l|D|E} [-Nntr
 semanage module -{a|d|m} [--enable|--disable] [-N] module
 semanage node -{a|d|m|l|D|E} [-Nntr] [ -p protocol ] [-M netmask] addr
@ -274,6 +333,15 @@ diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/sem
 semanage permissive -{d|a|l} [-Nn] type
 semanage dontaudit [ on | off ] [-N]
 
+@@ -73,7 +73,7 @@ Primary Options:
+         -i, --input      Input multiple semange commands in a transaction 
+ 	-o, --output     Output current customizations as semange commands
+ 	-l, --list       List the OBJECTS
+-	-E, --extract    extract customizable commands
+	-E, --extract    Extract customizable commands, for use within a transaction
+ 	-C, --locallist  List OBJECTS local customizations
+ 	-D, --deleteall  Remove all OBJECTS local customizations
+ 
@@ -376,11 +376,8 @@ Object-specific Options (see above):
 			OBJECT = seobject.moduleRecords(store)
 
@ -298,8 +366,8 @@ diff -up policycoreutils-2.1.13/semanage/semanage.f19 policycoreutils-2.1.13/sem
 				return
 
 diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/semanage/seobject.py
--- policycoreutils-2.1.13/semanage/seobject.py.f19	2013-03-19 20:06:36.494223639 -0400
-+++ policycoreutils-2.1.13/semanage/seobject.py	2013-03-19 20:06:36.517223693 -0400
+--- policycoreutils-2.1.13/semanage/seobject.py.f19	2013-04-17 11:46:20.709726374 -0400
+++ policycoreutils-2.1.13/semanage/seobject.py	2013-04-23 13:19:12.826140783 -0400
@@ -373,7 +373,11 @@ class permissiveRecords(semanageRecords)
 
 	def add(self, type):
@ -337,21 +405,22 @@ diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/
 
        def __init__(self, store = ""):
                semanageRecords.__init__(self,store)
-@@ -1634,8 +1644,11 @@ class interfaceRecords(semanageRecords):
+@@ -1634,8 +1644,12 @@ class interfaceRecords(semanageRecords):
 				print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
 			
 class fcontextRecords(semanageRecords):
 -	valid_types =  sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
 -	valid_types +=  sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
+	valid_types = ["<<none>>"]
 +	try:
-+		valid_types =  sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
+		valid_types +=  sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
 +		valid_types +=  sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
 +	except RuntimeError:
-+		valid_types = []
+		pass
 
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
-@@ -2018,6 +2031,9 @@ class booleanRecords(semanageRecords):
+@@ -2018,6 +2032,9 @@ class booleanRecords(semanageRecords):
 			self.modify_local = False
 
 	def __mod(self, name, value):
@ -361,9 +430,86 @@ diff -up policycoreutils-2.1.13/semanage/seobject.py.f19 policycoreutils-2.1.13/
                 name = selinux.selinux_boolean_sub(name)
 
                 (rc, k) = semanage_bool_key_create(self.sh, name)
+diff -up policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py.f19 policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py
+--- policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py.f19	2013-04-23 13:23:29.135260349 -0400
+++ policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refparser.py	2013-04-23 13:23:39.420304400 -0400
+@@ -65,6 +65,7 @@ tokens = (
+     'BAR',
+     'EXPL',
+     'EQUAL',
+    'FILENAME',
+     'IDENTIFIER',
+     'NUMBER',
+     'PATH',
+@@ -249,11 +250,17 @@ def t_refpolicywarn(t):
+     t.lexer.lineno += 1
+ 
+ def t_IDENTIFIER(t):
+-    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\+\.\$\*\"~]*'
+    r'[a-zA-Z_\$][a-zA-Z0-9_\-\+\.\$\*~]*'
+     # Handle any keywords
+     t.type = reserved.get(t.value,'IDENTIFIER')
+     return t
+ 
+def t_FILENAME(t):
+    r'\"[a-zA-Z0-9_\-\+\.\$\*~ :]+\"'
+    # Handle any keywords
+    t.type = reserved.get(t.value,'FILENAME')
+    return t
+
+ def t_comment(t):
+     r'\#.*\n'
+     # Ignore all comments
+@@ -450,6 +457,7 @@ def p_interface_call_param(p):
+                             | nested_id_set
+                             | TRUE
+                             | FALSE
+                            | FILENAME
+     '''
+     # Intentionally let single identifiers pass through
+     # List means set, non-list identifier
+@@ -461,6 +469,7 @@ def p_interface_call_param(p):
+ def p_interface_call_param_list(p):
+     '''interface_call_param_list : interface_call_param
+                                  | interface_call_param_list COMMA interface_call_param
+                                 | interface_call_param_list COMMA interface_call_param COMMA interface_call_param_list
+     '''
+     if len(p) == 2:
+         p[0] = [p[1]]
+@@ -787,6 +796,7 @@ def p_avrule_def(p):
+ 
+ def p_typerule_def(p):
+     '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
+                    | TYPE_TRANSITION names names COLON names IDENTIFIER FILENAME SEMI
+                     | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
+                     | TYPE_CHANGE names names COLON names IDENTIFIER SEMI
+                     | TYPE_MEMBER names names COLON names IDENTIFIER SEMI
+@@ -800,6 +810,7 @@ def p_typerule_def(p):
+     t.tgt_types = p[3]
+     t.obj_classes = p[5]
+     t.dest_type = p[6]
+    t.file_name = p[7]
+     p[0] = t
+ 
+ def p_bool(p):
+diff -up policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py.f19 policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py
+--- policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py.f19	2013-04-23 13:23:01.751142859 -0400
+++ policycoreutils-2.1.13/sepolgen-1.1.8/src/sepolgen/refpolicy.py	2013-04-23 13:23:08.986173931 -0400
+@@ -361,9 +361,9 @@ class TypeAttribute(Leaf):
+         return "typeattribute %s %s;" % (self.type, self.attributes.to_comma_str())
+ 
+ class RoleAttribute(Leaf):
+-    """SElinux typeattribute statement.
+    """SElinux roleattribute statement.
+ 
+-    This class represents a typeattribute statement.
+    This class represents a roleattribute statement.
+     """
+     def __init__(self, parent=None):
+         Leaf.__init__(self, parent)
 diff -up policycoreutils-2.1.13/sepolicy/info.c.f19 policycoreutils-2.1.13/sepolicy/info.c
--- policycoreutils-2.1.13/sepolicy/info.c.f19	2013-03-19 20:06:36.495223641 -0400
-+++ policycoreutils-2.1.13/sepolicy/info.c	2013-03-19 20:06:36.518223695 -0400
+--- policycoreutils-2.1.13/sepolicy/info.c.f19	2013-04-17 11:46:20.710726378 -0400
+++ policycoreutils-2.1.13/sepolicy/info.c	2013-04-17 11:46:20.728726447 -0400
@@ -988,39 +988,51 @@ PyObject* info( int type, const char *na
 {
 	PyObject* output = NULL;
@ -433,8 +579,8 @@ diff -up policycoreutils-2.1.13/sepolicy/info.c.f19 policycoreutils-2.1.13/sepol
 
 void init_info (PyObject *m) {
 diff -up policycoreutils-2.1.13/sepolicy/Makefile.f19 policycoreutils-2.1.13/sepolicy/Makefile
--- policycoreutils-2.1.13/sepolicy/Makefile.f19	2013-03-19 20:06:36.495223641 -0400
-+++ policycoreutils-2.1.13/sepolicy/Makefile	2013-03-19 20:06:36.518223695 -0400
+--- policycoreutils-2.1.13/sepolicy/Makefile.f19	2013-04-17 11:46:20.709726374 -0400
+++ policycoreutils-2.1.13/sepolicy/Makefile	2013-04-17 11:46:20.728726447 -0400
@@ -23,10 +23,10 @@ clean:
 	-rm -rf build *~ \#* *pyc .#*
 
@ -449,8 +595,8 @@ diff -up policycoreutils-2.1.13/sepolicy/Makefile.f19 policycoreutils-2.1.13/sep
 	install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)
 -	install -m 644 *.8 $(MANDIR)/man8
 diff -up policycoreutils-2.1.13/sepolicy/policy.c.f19 policycoreutils-2.1.13/sepolicy/policy.c
--- policycoreutils-2.1.13/sepolicy/policy.c.f19	2013-03-19 20:06:36.495223641 -0400
-+++ policycoreutils-2.1.13/sepolicy/policy.c	2013-03-19 20:06:36.518223695 -0400
+--- policycoreutils-2.1.13/sepolicy/policy.c.f19	2013-04-17 11:46:20.710726378 -0400
+++ policycoreutils-2.1.13/sepolicy/policy.c	2013-04-17 11:46:20.729726451 -0400
@@ -66,7 +66,6 @@ PyObject *wrap_policy(PyObject *UNUSED(s
     }
     apol_vector_destroy(&mod_paths);
@ -460,8 +606,8 @@ diff -up policycoreutils-2.1.13/sepolicy/policy.c.f19 policycoreutils-2.1.13/sep
     apol_policy_path_destroy(&pol_path);
     if (!policy) {
 diff -up policycoreutils-2.1.13/sepolicy/search.c.f19 policycoreutils-2.1.13/sepolicy/search.c
--- policycoreutils-2.1.13/sepolicy/search.c.f19	2013-03-19 20:06:36.496223644 -0400
-+++ policycoreutils-2.1.13/sepolicy/search.c	2013-03-19 20:06:36.519223697 -0400
+--- policycoreutils-2.1.13/sepolicy/search.c.f19	2013-04-17 11:46:20.710726378 -0400
+++ policycoreutils-2.1.13/sepolicy/search.c	2013-04-17 11:46:20.729726451 -0400
@@ -204,14 +204,14 @@ static PyObject* get_ra_results(const ap
 			goto err;
 
@ -600,8 +746,8 @@ diff -up policycoreutils-2.1.13/sepolicy/search.c.f19 policycoreutils-2.1.13/sep
 +    return search(allow, neverallow, auditallow, dontaudit, transition, role_allow, src_name, tgt_name, class_name, permlist);
 }
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh
--- policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19	2013-03-19 20:06:36.496223644 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh	2013-03-19 20:06:36.519223697 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19	2013-04-17 11:46:20.711726382 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh	2013-04-17 11:46:20.729726451 -0400
@@ -45,6 +45,9 @@ __get_all_user_role_interaces () {
 __get_all_user_domains () {
     seinfo -auserdomain -x 2> /dev/null | tail -n +2
@ -666,8 +812,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-bash-completion.sh.f19 policyc
                 return 0
             elif test "$prev" = "-p" || test "$prev" = "--path" ; then
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 policycoreutils-2.1.13/sepolicy/sepolicy-generate.8
--- policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19	2013-03-19 20:06:36.497223646 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy-generate.8	2013-03-19 20:06:36.519223697 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19	2013-04-17 11:46:20.711726382 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy-generate.8	2013-04-17 11:46:20.729726451 -0400
@@ -5,15 +5,21 @@ sepolicy-generate \- Generate an initial
 .SH "SYNOPSIS"
 
@ -728,8 +874,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-generate.8.f19 policycoreutils
 Generate Policy for Sandbox
 .TP
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/generate.py
--- policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19	2013-03-19 20:06:36.499223651 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/generate.py	2013-03-19 20:06:36.520223699 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19	2013-04-17 11:46:20.713726390 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy/generate.py	2013-04-17 11:46:20.730726455 -0400
@@ -24,6 +24,7 @@
 import os, sys, stat
 import re
@ -1024,8 +1170,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/generate.py.f19 policycoreutil
 			if self.initscript != "":
 				newspec += re.sub("FILENAME", self.initscript, spec.define_relabel_files_end)
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py
--- policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19	2013-03-19 20:06:36.498223648 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py	2013-03-19 20:06:36.521223702 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19	2013-04-17 11:46:20.712726386 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py	2013-04-17 11:46:20.730726455 -0400
@@ -7,6 +7,9 @@ import _policy
 import selinux, glob
 PROGNAME="policycoreutils"
@ -1288,8 +1434,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/__init__.py.f19 policycoreutil
 booleans_dict = None
 def gen_bool_dict(path="/usr/share/selinux/devel/policy.xml"):
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/interface.py
--- policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19	2013-03-19 20:06:36.499223651 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/interface.py	2013-03-19 20:06:36.521223702 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19	2013-04-17 11:46:20.713726390 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy/interface.py	2013-04-17 11:46:20.730726455 -0400
@@ -22,14 +22,12 @@
 #
 #
@ -1347,8 +1493,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/interface.py.f19 policycoreuti
                 trans_list.append(m[0])
     return trans_list
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8
--- policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19	2013-03-19 20:06:36.497223646 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8	2013-03-19 20:06:36.521223702 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19	2013-04-17 11:46:20.711726382 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8	2013-04-17 11:46:20.730726455 -0400
@@ -5,7 +5,7 @@ sepolicy-manpage \- Generate a man page
 .SH "SYNOPSIS"
 
@ -1369,8 +1515,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy-manpage.8.f19 policycoreutils-
 Generate an additional HTML man pages for the specified domain(s).
 
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py
--- policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19	2013-03-19 20:06:36.500223653 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py	2013-03-19 20:06:36.522223704 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19	2013-04-17 11:46:20.714726394 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py	2013-04-17 11:46:20.731726459 -0400
@@ -28,12 +28,12 @@ import string
 import argparse
 import selinux
@ -1774,8 +1920,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/manpage.py.f19 policycoreutils
 .SH NETWORK
 """)
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/network.py
--- policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19	2013-03-19 20:06:36.500223653 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/network.py	2013-03-19 20:06:36.522223704 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19	2013-04-17 11:46:20.714726394 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy/network.py	2013-04-17 11:46:20.731726459 -0400
@@ -25,27 +25,6 @@ import sepolicy
 search=sepolicy.search
 info=sepolicy.info
@ -1813,8 +1959,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/network.py.f19 policycoreutils
     tlist = get_types(src, "%s_socket" % protocol, [perm])
     if len(tlist) > 0:
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy.py
--- policycoreutils-2.1.13/sepolicy/sepolicy.py.f19	2013-03-19 20:06:36.498223648 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy.py	2013-03-19 20:06:36.523223706 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy.py.f19	2013-04-17 11:46:20.712726386 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy.py	2013-04-17 11:46:20.731726459 -0400
@@ -22,6 +22,8 @@
 #
 #
@ -2202,8 +2348,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy.py.f19 policycoreutils-2.1.13/
         sys.exit(0)
     except ValueError,e:
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py
--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19	2013-03-19 20:06:36.501223655 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py	2013-03-19 20:06:36.523223706 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19	2013-04-17 11:46:20.715726397 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py	2013-04-17 11:46:20.731726459 -0400
@@ -446,7 +446,7 @@ EXECUTABLE		--	gen_context(system_u:obje
 """
 
@ -2214,8 +2360,8 @@ diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/executable.py.f19 po
 
 fc_initscript="""\
 diff -up policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19 policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py
--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19	2013-03-19 20:06:36.501223655 -0400
-+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py	2013-03-19 20:06:36.523223706 -0400
+--- policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py.f19	2013-04-17 11:46:20.715726397 -0400
+++ policycoreutils-2.1.13/sepolicy/sepolicy/templates/network.py	2013-04-17 11:46:20.732726463 -0400
@@ -20,7 +20,7 @@
 #
 #
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.13
-Release: 59%{?dist}
+Release: 60%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@ -23,7 +23,7 @@ Source8: policycoreutils_man_ru2.tar.bz2
 Source10: restorecond.service
 Patch:	 policycoreutils-rhat.patch
 Patch1:	 policycoreutils-sepolgen.patch
-Patch2:	 policycoreutils-rawhide.patch
+Patch2:	 policycoreutils-f19.patch
 Obsoletes: policycoreutils < 2.0.61-2
 Conflicts: filesystem < 3
 Provides: /sbin/fixfiles
@ -340,6 +340,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :

 %changelog
+* Tue Apr 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-60
+- Add FILENAME support to sepolgen
+- Add back support for '<<none>>' in semanage fcontext.
+
 * Mon Mar 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-59
 - Can not unshare IPC in sandbox, since it blows up Xephyr
 - Remove bogus error message sandbox about reseting setfsuid