From f5c1b2817f115f789ed3f0338904b85494c3de36 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 19 Mar 2013 17:00:22 -0400
Subject: [PATCH] sepolicy manpage:

-   use nroff instead of man2html
-   Remove checking for name of person who created the man page
- audit2allow
-   Fix output to show the level that is different.
---
 policycoreutils-rhat.patch | 69 +++++++++++++++++++++++++++++++-------
 policycoreutils.spec       | 14 +++++++-
 2 files changed, 70 insertions(+), 13 deletions(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 880fb3b..43b2bc2 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -2897,7 +2897,7 @@ index 8b063ca..c9036c3 100644
                  trans_list.append(m[0])
      return trans_list
 diff --git a/policycoreutils/sepolicy/sepolicy/manpage.py b/policycoreutils/sepolicy/sepolicy/manpage.py
-index 25062da..757ae2b 100755
+index 25062da..f184b0c 100755
 --- a/policycoreutils/sepolicy/sepolicy/manpage.py
 +++ b/policycoreutils/sepolicy/sepolicy/manpage.py
 @@ -28,12 +28,12 @@ import string
@@ -2915,7 +2915,26 @@ index 25062da..757ae2b 100755
  
  equiv_dirs=[ "/var" ]
  modules_dict = None
-@@ -416,40 +416,33 @@ class ManPage:
+@@ -184,14 +184,12 @@ def get_alphabet_manpages(manpage_list):
+ 	return alphabet_manpages
+ 
+ def convert_manpage_to_html(html_manpage,manpage):
+-	fd = open(html_manpage,'w')
+-	rc, output = commands.getstatusoutput("man2html -r %s" % manpage)
++	rc, output = commands.getstatusoutput("/usr/bin/groff -man -Thtml %s 2>/dev/null" % manpage)
+ 	if rc == 0:
++		print html_manpage, " has been created"
++		fd = open(html_manpage,'w')
+ 		fd.write(output)
+-	else:
+-		fd.write("Man page does not exist")
+-
+-	fd.close()
++		fd.close()
+ 
+ class HTMLManPages:
+ 	"""
+@@ -416,40 +414,33 @@ class ManPage:
      """
  	Generate a Manpage on an SELinux domain in the specified path
      """
@@ -2974,7 +2993,7 @@ index 25062da..757ae2b 100755
  	self.booleans_dict = gen_bool_dict(self.xmlpath)
  
  	if domainname.endswith("_t"):
-@@ -459,7 +452,10 @@ class ManPage:
+@@ -459,7 +450,10 @@ class ManPage:
  
  	if self.domainname + "_t" not in self.all_domains:
  		raise  ValueError("domain %s_t does not exist" % self.domainname)
@@ -2986,7 +3005,7 @@ index 25062da..757ae2b 100755
  
  	self.type = self.domainname + "_t"
  	self._gen_bools()
-@@ -483,16 +479,23 @@ class ManPage:
+@@ -483,16 +477,23 @@ class ManPage:
      def _gen_bools(self):
  	    self.bools=[]
  	    self.domainbools=[]
@@ -3020,7 +3039,7 @@ index 25062da..757ae2b 100755
  
  	    self.bools.sort()
  	    self.domainbools.sort()
-@@ -538,9 +541,6 @@ class ManPage:
+@@ -538,9 +539,6 @@ class ManPage:
  	    print path
  
      def __gen_man_page(self):
@@ -3030,18 +3049,29 @@ index 25062da..757ae2b 100755
  	self.anon_list = []
  
  	self.attributes = {}
-@@ -563,8 +563,8 @@ class ManPage:
+@@ -563,19 +561,8 @@ class ManPage:
  
      def _get_ptypes(self):
  	for f in self.all_domains:
 -	    if f.startswith(self.short_name):
 -		self.ptypes.append(f)
+-
+-    def __whoami(self):
+-	    import pwd
+-	    fd = open("/proc/self/loginuid", "r")
+-	    uid = int(fd.read())
+-	    fd.close()
+-	    pw = pwd.getpwuid(uid)
+-	    if len(pw.pw_gecos) > 0:
+-		    return pw.pw_gecos
+-	    else:
+-		    return pw.pw_name
 +		if f.startswith(self.short_name) or f.startswith(self.domainname):
 +			self.ptypes.append(f)
  
-     def __whoami(self):
- 	    import pwd
-@@ -774,7 +774,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
+     def _header(self):
+ 	self.fd.write('.TH  "%(domainname)s_selinux"  "8"  "%(date)s" "%(domainname)s" "SELinux Policy documentation for %(domainname)s"'
+@@ -774,7 +761,7 @@ can be used to make the process type %(domainname)s_t permissive. SELinux does n
      def _port_types(self):
  	self.ports = []
  	for f in self.all_port_types:
@@ -3050,7 +3080,7 @@ index 25062da..757ae2b 100755
  		self.ports.append(f)
  
  	if len(self.ports) == 0:
-@@ -923,13 +923,12 @@ to apply the labels.
+@@ -923,13 +910,12 @@ to apply the labels.
  
      def _see_also(self):
  	    ret = ""
@@ -3066,7 +3096,7 @@ index 25062da..757ae2b 100755
  			    ret += ", %s_selinux(8)" % d
  	    self.fd.write(ret)
  
-@@ -947,13 +946,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
+@@ -947,13 +933,14 @@ semanage fcontext -a -t public_content_t "/var/%(domainname)s(/.*)?"
  .B restorecon -F -R -v /var/%(domainname)s
  .pp
  .TP
@@ -3083,7 +3113,22 @@ index 25062da..757ae2b 100755
  """  % {'domainname':self.domainname})
  	    for b in self.anon_list:
  		desc = self.booleans_dict[b][2][0].lower() + self.booleans_dict[b][2][1:]
-@@ -1230,6 +1230,7 @@ The SELinux user %s_u is not able to terminal login.
+@@ -998,12 +985,11 @@ is a GUI tool available to customize SELinux policy settings.
+ 
+ .SH AUTHOR
+ This manual page was auto-generated using
+-.B "sepolicy manpage"
+-by %s.
++.B "sepolicy manpage".
+ 
+ .SH "SEE ALSO"
+ selinux(8), %s(8), semanage(8), restorecon(8), chcon(1), sepolicy(8)
+-""" % (self.__whoami(), self.domainname))
++""" % (self.domainname))
+ 
+ 	if self.booltext != "":
+ 	    self.fd.write(", setsebool(8)")
+@@ -1230,6 +1216,7 @@ The SELinux user %s_u is not able to terminal login.
  """ % self.domainname)
  
      def _network(self):
diff --git a/policycoreutils.spec b/policycoreutils.spec
index b759f05..2252080 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.14
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -309,6 +309,13 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-23
+- sepolicy manpage:
+-   use nroff instead of man2html
+-   Remove checking for name of person who created the man page
+- audit2allow
+-   Fix output to show the level that is different.
+
 * Thu Mar 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-22
 - Fix newrole to not drop capabilities from the bounding set.
 - Stop dropping capabilities from its children.
@@ -318,6 +325,11 @@ The policycoreutils-restorecond package contains the restorecond service.
 * Mon Mar 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-21
 - sepolicy generate should look for booleans that effect equivalence names, and add them to the man page
 
+* Thu Mar 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-20
+- Mention creation of permissive domains in sepolicy generate man page
+- Change sepolicy manpage to use shortname with an "_" to stop accidently grabbing unrelated types for a domain.
+- Fix audit2allow to show better information on constraint violations.
+
 * Wed Mar 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-19
 - Have restorecon exit -1 on errors for consistancy.