* Mon Nov 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-16

- Fix sandbox to use chcon - Fix semanage to report duplicate ports
2009-11-09 21:11:53 +00:00 · 2009-11-09 21:11:53 +00:00 · ffb6e9312b
commit ffb6e9312b
parent 846a1ff81e
2 changed files with 83 additions and 89 deletions
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.74/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.74/audit2allow/audit2allow	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/audit2allow/audit2allow	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/audit2allow/audit2allow	2009-11-09 16:05:58.000000000 -0500
@@ -42,6 +42,8 @@
         from optparse import OptionParser
 
@ -39,8 +39,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
             # This is the default if no input is specified
             f = sys.stdin
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/Makefile policycoreutils-2.0.74/load_policy/Makefile
--- nsapolicycoreutils/load_policy/Makefile	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/load_policy/Makefile	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/load_policy/Makefile	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/load_policy/Makefile	2009-11-09 16:05:58.000000000 -0500
@@ -1,6 +1,7 @@
 # Installation directories.
 PREFIX ?= ${DESTDIR}/usr
@ -60,8 +60,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 clean:
 	-rm -f $(TARGETS) *.o 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.74/Makefile
--- nsapolicycoreutils/Makefile	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/Makefile	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/Makefile	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/Makefile	2009-11-09 16:05:58.000000000 -0500
@@ -1,4 +1,4 @@
 -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@ -69,8 +69,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.74/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile	2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/Makefile	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/restorecond/Makefile	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/Makefile	2009-11-09 16:05:58.000000000 -0500
@@ -1,17 +1,28 @@
 # Installation directories.
 PREFIX ?= ${DESTDIR}/usr
@ -119,14 +119,14 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 	/sbin/restorecon $(SBINDIR)/restorecond 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service
 --- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/org.selinux.Restorecond.service	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,3 @@
 +[D-BUS Service]
 +Name=org.selinux.Restorecond
 +Exec=/usr/sbin/restorecond -u
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.74/restorecond/restorecond.8
--- nsapolicycoreutils/restorecond/restorecond.8	2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.8	2009-10-20 09:32:14.000000000 -0400
+--- nsapolicycoreutils/restorecond/restorecond.8	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/restorecond.8	2009-11-09 16:05:58.000000000 -0500
@@ -3,7 +3,7 @@
 restorecond \- daemon that watches for file creation and then sets the default SELinux file context
 
@ -162,8 +162,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 .SH "SEE ALSO"
 .BR restorecon (8),
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.74/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c	2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.c	2009-10-20 09:29:06.000000000 -0400
+--- nsapolicycoreutils/restorecond/restorecond.c	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/restorecond.c	2009-11-09 16:05:58.000000000 -0500
@@ -30,9 +30,11 @@
  * and makes sure that there security context matches the systems defaults
  *
@ -668,8 +668,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 +
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.74/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf	2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.conf	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/restorecond/restorecond.conf	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/restorecond.conf	2009-11-09 16:05:58.000000000 -0500
@@ -4,8 +4,5 @@
 /etc/mtab
 /var/run/utmp
@ -682,7 +682,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 -
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.74/restorecond/restorecond.desktop
 --- nsapolicycoreutils/restorecond/restorecond.desktop	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/restorecond.desktop	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/restorecond.desktop	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,7 @@
 +[Desktop Entry]
 +Name=File Context maintainer
@ -692,8 +692,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +Type=Application
 +StartupNotify=false
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.74/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h	2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.h	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/restorecond/restorecond.h	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/restorecond.h	2009-11-09 16:05:58.000000000 -0500
@@ -24,7 +24,21 @@
 #ifndef RESTORED_CONFIG_H
 #define RESTORED_CONFIG_H
@ -719,8 +719,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 
 #endif
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.74/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init	2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.74/restorecond/restorecond.init	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/restorecond/restorecond.init	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/restorecond.init	2009-11-09 16:05:58.000000000 -0500
@@ -75,16 +75,15 @@
 	status restorecond
 	RETVAL=$?
@ -742,13 +742,13 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 -
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.74/restorecond/restorecond_user.conf
 --- nsapolicycoreutils/restorecond/restorecond_user.conf	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/restorecond_user.conf	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/restorecond_user.conf	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,2 @@
 +~/*
 +~/public_html/*
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.74/restorecond/user.c
 --- nsapolicycoreutils/restorecond/user.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/user.c	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/user.c	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,237 @@
 +/*
 + * restorecond
@ -989,7 +989,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.74/restorecond/watch.c
 --- nsapolicycoreutils/restorecond/watch.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/restorecond/watch.c	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/restorecond/watch.c	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,253 @@
 +#define _GNU_SOURCE
 +#include <sys/inotify.h>
@ -1246,7 +1246,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.74/sandbox/deliverables/basicwrapper
 --- nsapolicycoreutils/sandbox/deliverables/basicwrapper	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/basicwrapper	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/deliverables/basicwrapper	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,4 @@
 +import os, sys
 +SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
@ -1254,7 +1254,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.74/sandbox/deliverables/README
 --- nsapolicycoreutils/sandbox/deliverables/README	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/README	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/deliverables/README	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,32 @@
 +Files:
 +run-in-sandbox.py:
@ -1290,7 +1290,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +Chris Pardy
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py
 --- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/deliverables/run-in-sandbox.py	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,49 @@
 +import os
 +import os.path
@ -1343,7 +1343,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.74/sandbox/deliverables/sandbox
 --- nsapolicycoreutils/sandbox/deliverables/sandbox	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/deliverables/sandbox	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/deliverables/sandbox	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,216 @@
 +#!/usr/bin/python -E
 +import os, sys, getopt, socket, random, fcntl, shutil
@ -1563,7 +1563,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.74/sandbox/Makefile
 --- nsapolicycoreutils/sandbox/Makefile	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/Makefile	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/Makefile	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,31 @@
 +# Installation directories.
 +PREFIX ?= ${DESTDIR}/usr
@ -1598,7 +1598,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +relabel:
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.74/sandbox/sandbox
 --- nsapolicycoreutils/sandbox/sandbox	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandbox	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/sandbox	2009-11-09 16:10:07.000000000 -0500
@@ -0,0 +1,242 @@
 +#!/usr/bin/python -E
 +import os, sys, getopt, socket, random, fcntl, shutil
@ -1786,10 +1786,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +                         warnings.simplefilter("ignore")
 +                         newhomedir = os.tempnam(".", ".sandbox%s")
 +                         os.mkdir(newhomedir)
-+                         selinux.setfilecon(newhomedir, filecon) 
 +                         newtmpdir = os.tempnam("/tmp", ".sandbox")
 +                         os.mkdir(newtmpdir)
-+                         selinux.setfilecon(newtmpdir, filecon)
+                         chcon =  ("/usr/bin/chcon %s %s %s" % (filecon, newhomedir, newtmpdir)).split()
+                         rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
 +                         warnings.resetwarnings()
 +                         paths = []
 +                         for i in cmds:
@ -1844,7 +1844,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.74/sandbox/sandbox.8
 --- nsapolicycoreutils/sandbox/sandbox.8	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandbox.8	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/sandbox.8	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,26 @@
 +.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
 +.SH NAME
@ -1874,7 +1874,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +.PP
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.74/sandbox/sandboxX.sh
 --- nsapolicycoreutils/sandbox/sandboxX.sh	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/sandboxX.sh	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/sandboxX.sh	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,16 @@
 +#!/bin/bash 
 +export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
@ -1894,7 +1894,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +done
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.74/sandbox/seunshare.c
 --- nsapolicycoreutils/sandbox/seunshare.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/sandbox/seunshare.c	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/sandbox/seunshare.c	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,265 @@
 +#include <signal.h>
 +#include <sys/types.h>
@ -2162,8 +2162,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +	return status;
 +}
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.74/scripts/chcat
--- nsapolicycoreutils/scripts/chcat	2009-06-23 15:36:07.000000000 -0400
-+++ policycoreutils-2.0.74/scripts/chcat	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/scripts/chcat	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/scripts/chcat	2009-11-09 16:05:58.000000000 -0500
@@ -435,6 +435,8 @@
                     continue
     except ValueError, e:
@ -2174,8 +2174,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
     sys.exit(errors)
     
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.74/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2009-08-05 15:10:56.000000000 -0400
-+++ policycoreutils-2.0.74/scripts/fixfiles	2009-10-22 08:49:41.000000000 -0400
+--- nsapolicycoreutils/scripts/fixfiles	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/scripts/fixfiles	2009-11-09 16:05:58.000000000 -0500
@@ -27,7 +27,6 @@
 FORCEFLAG=""
 DIRS=""
@ -2252,8 +2252,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 		LOGFILE=$OPTARG
 		;;
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.74/scripts/fixfiles.8
--- nsapolicycoreutils/scripts/fixfiles.8	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/scripts/fixfiles.8	2009-10-22 08:55:09.000000000 -0400
+--- nsapolicycoreutils/scripts/fixfiles.8	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/scripts/fixfiles.8	2009-11-09 16:05:58.000000000 -0500
@@ -3,11 +3,18 @@
 fixfiles \- fix file SELinux security contexts.
 
@ -2288,8 +2288,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 Force  reset  of  context to match file_context for customizable files
 
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.74/scripts/Makefile
--- nsapolicycoreutils/scripts/Makefile	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/scripts/Makefile	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/scripts/Makefile	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/scripts/Makefile	2009-11-09 16:05:58.000000000 -0500
@@ -5,7 +5,7 @@
 MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
@ -2300,8 +2300,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 install: all
 	-mkdir -p $(BINDIR)
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.74/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2009-09-08 09:03:10.000000000 -0400
-+++ policycoreutils-2.0.74/semanage/semanage	2009-10-30 16:31:40.000000000 -0400
+--- nsapolicycoreutils/semanage/semanage	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/semanage/semanage	2009-11-09 16:05:58.000000000 -0500
@@ -39,19 +39,27 @@
        __builtin__.__dict__['_'] = unicode
 
@ -2666,8 +2666,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
                       trans.finish()
                else:
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.74/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2009-09-08 09:03:10.000000000 -0400
-+++ policycoreutils-2.0.74/semanage/seobject.py	2009-11-02 11:39:02.000000000 -0500
+--- nsapolicycoreutils/semanage/seobject.py	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/semanage/seobject.py	2009-11-09 16:07:13.000000000 -0500
@@ -37,40 +37,6 @@
 
 import syslog
@ -3067,17 +3067,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 		if is_mls_enabled == 1:
 			if serange == "":
 				serange = "s0"
-@@ -843,7 +880,8 @@
- 		if rc < 0:
- 			raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
- 		if exists:
-			raise ValueError(_("Port %s/%s already defined") % (proto, port))
-+                       semanage_port_key_free(k)
-+                       return self.__modify(port, proto, serange, type)
- 
- 		(rc, p) = semanage_port_create(self.sh)
- 		if rc < 0:
-@@ -890,6 +928,7 @@
+@@ -890,6 +927,7 @@
                 self.commit()
 
 	def __modify(self, port, proto, serange, setype):
@ -3085,7 +3075,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 		if serange == "" and setype == "":
 			if is_mls_enabled == 1:
 				raise ValueError(_("Requires setype or serange"))
-@@ -1024,6 +1063,18 @@
+@@ -1024,6 +1062,18 @@
 				ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
 		return ddict
 
@ -3104,7 +3094,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 	def list(self, heading = 1, locallist = 0):
 		if heading:
 			print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
-@@ -1040,7 +1091,8 @@
+@@ -1040,7 +1090,8 @@
 class nodeRecords(semanageRecords):
        def __init__(self, store = ""):
                semanageRecords.__init__(self,store)
@ -3114,7 +3104,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
        def __add(self, addr, mask, proto, serange, ctype):
                if addr == "":
                        raise ValueError(_("Node Address is required"))
-@@ -1048,14 +1100,11 @@
+@@ -1048,14 +1099,11 @@
                if mask == "":
                        raise ValueError(_("Node Netmask is required"))
 
@ -3132,7 +3122,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
                if is_mls_enabled == 1:
                        if serange == "":
                                serange = "s0"
-@@ -1073,7 +1122,8 @@
+@@ -1073,7 +1121,8 @@
 
                (rc, exists) = semanage_node_exists(self.sh, k)
                if exists:
@ -3142,7 +3132,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 
                (rc, node) = semanage_node_create(self.sh)
                if rc < 0:
-@@ -1120,7 +1170,7 @@
+@@ -1120,7 +1169,7 @@
 
        def add(self, addr, mask, proto, serange, ctype):
                 self.begin()
@ -3151,7 +3141,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
                 self.commit()
 
        def __modify(self, addr, mask, proto, serange, setype):
-@@ -1129,13 +1179,10 @@
+@@ -1129,13 +1178,10 @@
 
                if mask == "":
                        raise ValueError(_("Node Netmask is required"))
@ -3169,7 +3159,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 
                if serange == "" and setype == "":
                        raise ValueError(_("Requires setype or serange"))
-@@ -1180,11 +1227,9 @@
+@@ -1180,11 +1226,9 @@
                if mask == "":
                        raise ValueError(_("Node Netmask is required"))
 
@ -3184,7 +3174,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
                       raise ValueError(_("Unknown or missing protocol"))
 
                (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
-@@ -1214,6 +1259,16 @@
+@@ -1214,6 +1258,16 @@
               self.__delete(addr, mask, proto)
               self.commit()
 		
@ -3201,7 +3191,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
        def get_all(self, locallist = 0):
                ddict = {}
 	       if locallist :
-@@ -1227,15 +1282,20 @@
+@@ -1227,15 +1281,20 @@
                        con = semanage_node_get_con(node)
                        addr = semanage_node_get_addr(self.sh, node)
                        mask = semanage_node_get_mask(self.sh, node)
@ -3227,7 +3217,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
        def list(self, heading = 1, locallist = 0):
                if heading:
                        print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
-@@ -1275,7 +1335,8 @@
+@@ -1275,7 +1334,8 @@
 		if rc < 0:
 			raise ValueError(_("Could not check if interface %s is defined") % interface)
 		if exists:
@ -3237,7 +3227,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 
 		(rc, iface) = semanage_iface_create(self.sh)
 		if rc < 0:
-@@ -1389,6 +1450,16 @@
+@@ -1389,6 +1449,16 @@
                 self.__delete(interface)
                 self.commit()
 		
@ -3254,7 +3244,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 	def get_all(self, locallist = 0):
 		ddict = {}
                 if locallist:
-@@ -1404,6 +1475,15 @@
+@@ -1404,6 +1474,15 @@
 
 		return ddict
 			
@ -3270,7 +3260,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 	def list(self, heading = 1, locallist = 0):
 		if heading:
 			print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
-@@ -1420,6 +1500,48 @@
+@@ -1420,6 +1499,48 @@
 class fcontextRecords(semanageRecords):
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
@ -3319,7 +3309,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 
         def createcon(self, target, seuser = "system_u"):
                 (rc, con) = semanage_context_create(self.sh)
-@@ -1470,7 +1592,8 @@
+@@ -1470,7 +1591,8 @@
                               raise ValueError(_("Could not check if file context for %s is defined") % target)
 
                 if exists:
@ -3329,7 +3319,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 
 		(rc, fcontext) = semanage_fcontext_create(self.sh)
 		if rc < 0:
-@@ -1586,9 +1709,16 @@
+@@ -1586,9 +1708,16 @@
                               raise ValueError(_("Could not delete the file context %s") % target)
                        semanage_fcontext_key_free(k)
 	
@ -3346,7 +3336,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 		(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
 		if rc < 0:
 			raise ValueError(_("Could not create a key for %s") % target)
-@@ -1643,12 +1773,22 @@
+@@ -1643,12 +1772,22 @@
 
 		return ddict
 			
@ -3371,7 +3361,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 		for k in keys:
 			if fcon_dict[k]:
 				if is_mls_enabled:
-@@ -1794,6 +1934,16 @@
+@@ -1794,6 +1933,16 @@
                else:
                       return _("unknown")
 
@ -3389,8 +3379,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
                 on_off = (_("off"), _("on")) 
 		if use_file:
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.74/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8	2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.74/semodule/semodule.8	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/semodule/semodule.8	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/semodule/semodule.8	2009-11-09 16:05:58.000000000 -0500
@@ -35,6 +35,12 @@
 .B  \-b,\-\-base=MODULE_PKG   
 install/replace base module package
@ -3405,8 +3395,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 remove existing module
 .TP
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.74/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c	2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.74/semodule/semodule.c	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/semodule/semodule.c	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/semodule/semodule.c	2009-11-09 16:05:58.000000000 -0500
@@ -22,12 +22,12 @@
 
 #include <semanage/modules.h>
@ -3525,8 +3515,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 						    (m);
 					}
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/Makefile policycoreutils-2.0.74/setfiles/Makefile
--- nsapolicycoreutils/setfiles/Makefile	2009-07-07 15:32:32.000000000 -0400
-+++ policycoreutils-2.0.74/setfiles/Makefile	2009-10-15 10:37:41.000000000 -0400
+--- nsapolicycoreutils/setfiles/Makefile	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/setfiles/Makefile	2009-11-09 16:05:58.000000000 -0500
@@ -16,7 +16,7 @@
 
 all: setfiles restorecon
@ -3538,7 +3528,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 	ln -sf setfiles restorecon
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.74/setfiles/restore.c
 --- nsapolicycoreutils/setfiles/restore.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/setfiles/restore.c	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/setfiles/restore.c	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,519 @@
 +#include "restore.h"
 +
@ -4060,8 +4050,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 +
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.74/setfiles/restorecon.8
--- nsapolicycoreutils/setfiles/restorecon.8	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/setfiles/restorecon.8	2009-10-22 08:41:15.000000000 -0400
+--- nsapolicycoreutils/setfiles/restorecon.8	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/setfiles/restorecon.8	2009-11-09 16:05:58.000000000 -0500
@@ -4,10 +4,10 @@
 
 .SH "SYNOPSIS"
@ -4087,7 +4077,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 show changes in file labels.
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.74/setfiles/restore.h
 --- nsapolicycoreutils/setfiles/restore.h	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.74/setfiles/restore.h	2009-10-15 10:37:41.000000000 -0400
+++ policycoreutils-2.0.74/setfiles/restore.h	2009-11-09 16:05:58.000000000 -0500
@@ -0,0 +1,49 @@
 +#ifndef RESTORE_H
 +#define RESTORE_H
@ -4139,8 +4129,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 +#endif
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.74/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.74/setfiles/setfiles.8	2009-10-22 08:37:16.000000000 -0400
+--- nsapolicycoreutils/setfiles/setfiles.8	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/setfiles/setfiles.8	2009-11-09 16:05:58.000000000 -0500
@@ -31,6 +31,9 @@
 .TP
 .B \-n
@ -4152,8 +4142,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 .B \-q
 suppress non-error output.
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.74/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c	2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.74/setfiles/setfiles.c	2009-10-22 08:42:29.000000000 -0400
+--- nsapolicycoreutils/setfiles/setfiles.c	2009-09-17 08:59:51.000000000 -0400
+++ policycoreutils-2.0.74/setfiles/setfiles.c	2009-11-09 16:05:58.000000000 -0500
@@ -1,26 +1,12 @@
 -#ifndef _GNU_SOURCE
 -#define _GNU_SOURCE
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.74
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -296,6 +296,10 @@ fi
 exit 0

 %changelog
+* Mon Nov 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-16
+- Fix sandbox to use chcon
+- Fix semanage to report duplicate ports
+
 * Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-15
 - Fix typo in seobject.py