dist-git conversion

Fix typo that causes a failure to update the common directory. (releng #2781 )
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15
2010-07-29 09:55:08 +00:00 · 2009-11-26 01:43:31 +00:00 · 2009-10-01 16:10:23 +00:00 · 2009-09-25 03:09:52 +00:00 · 2009-09-23 10:59:40 +00:00 · 2009-08-09 13:35:32 +00:00
11 changed files with 1631 additions and 698 deletions
--- a/.gitignore
+++ b/.gitignore
@ -197,3 +197,4 @@ policycoreutils-2.0.61.tgz
 sepolgen-1.0.15.tgz
 policycoreutils-2.0.62.tgz
 sepolgen-1.0.16.tgz
+policycoreutils_man_ru2.tar.bz2
--- a/2
+++ b/2
@ -4,7 +4,7 @@ NAME := policycoreutils
 SPECFILE = $(firstword $(wildcard *.spec))

 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef

 MAKEFILE_COMMON := $(shell $(find-makefile-common))
--- a/1
+++ b/1
@ -0,0 +1 @@
+F-11
--- a/policycoreutils-F11.patch
+++ b/policycoreutils-F11.patch
@ -0,0 +1,239 @@
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.62/restorecond/restorecond.c
+--- nsapolicycoreutils/restorecond/restorecond.c	2009-02-18 13:45:01.000000000 -0800
+++ policycoreutils-2.0.62/restorecond/restorecond.c	2009-09-24 20:03:16.000000000 -0700
+@@ -315,21 +315,24 @@
+ 			printf("wd=%d mask=%u cookie=%u len=%u\n",
+ 			       event->wd, event->mask,
+ 			       event->cookie, event->len);
+-		if (event->wd == master_wd)
+-			read_config(fd);
+-		else {
+-			switch (utmpwatcher_handle(fd, event->wd)) {
+-			case -1:	/* Message was not for utmpwatcher */
+-				if (event->len)
+-					watch_list_find(event->wd, event->name);
+-				break;
+ 
+-			case 1:	/* utmp has changed need to reload */
+		if (event->mask & ~IN_IGNORED) {
+			if (event->wd == master_wd)
+ 				read_config(fd);
+-				break;
+-
+-			default:	/* No users logged in or out */
+-				break;
+			else {
+				switch (utmpwatcher_handle(fd, event->wd)) {
+				case -1:	/* Message was not for utmpwatcher */
+					if (event->len)
+						watch_list_find(event->wd, event->name);
+					break;
+
+				case 1:	/* utmp has changed need to reload */
+					read_config(fd);
+					break;
+
+				default:	/* No users logged in or out */
+					break;
+				}
+ 			}
+ 		}
+ 
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
+--- nsapolicycoreutils/scripts/fixfiles	2009-05-22 11:10:01.000000000 -0700
+++ policycoreutils-2.0.62/scripts/fixfiles	2009-07-14 09:08:10.000000000 -0700
+@@ -129,7 +129,7 @@
+ if [ ! -z "$FILEPATH" ]; then
+     if [ -x /usr/bin/find ]; then
+ 	/usr/bin/find "$FILEPATH" \
+-	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune  -o -print0 | \
+	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune  -o -print0 | \
+ 	    ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+     else
+ 	${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.62/scripts/Makefile
+--- nsapolicycoreutils/scripts/Makefile	2009-02-18 13:45:01.000000000 -0800
+++ policycoreutils-2.0.62/scripts/Makefile	2009-07-14 09:08:10.000000000 -0700
+@@ -5,11 +5,12 @@
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+ 
+-all: fixfiles genhomedircon
+all: fixfiles genhomedircon sandbox chcat
+ 
+ install: all
+ 	-mkdir -p $(BINDIR)
+ 	install -m 755 chcat $(BINDIR)
+	install -m 755 sandbox $(BINDIR)
+ 	install -m 755 fixfiles $(DESTDIR)/sbin
+ 	install -m 755 genhomedircon  $(SBINDIR)
+ 	-mkdir -p $(MANDIR)/man8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.62/scripts/sandbox
+--- nsapolicycoreutils/scripts/sandbox	1969-12-31 16:00:00.000000000 -0800
+++ policycoreutils-2.0.62/scripts/sandbox	2009-07-14 09:08:10.000000000 -0700
+@@ -0,0 +1,139 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl
+import selinux
+
+PROGNAME = "policycoreutils"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+
+try:
+       gettext.install(PROGNAME,
+                       localedir = "/usr/share/locale",
+                       unicode=False,
+                       codeset = 'utf-8')
+except IOError:
+       import __builtin__
+       __builtin__.__dict__['_'] = unicode
+
+
+random.seed(None)
+
+def error_exit(msg):
+    sys.stderr.write("%s: " % sys.argv[0])
+    sys.stderr.write("%s\n" % msg)
+    sys.stderr.flush()
+    sys.exit(1)
+
+def mount(context):
+    if os.getuid() != 0:
+        usage(_("Mount options require root privileges"))
+    destdir = "/mnt/%s" % context
+    os.mkdir(destdir)
+    rc = os.system('/bin/mount -t tmpfs tmpfs %s' % (destdir))
+    selinux.setfilecon(destdir, context)
+    if rc != 0:
+        sys.exit(rc)
+    os.chdir(destdir)
+
+def umount(dest):
+    os.chdir("/")
+    destdir = "/mnt/%s" % dest
+    os.system('/bin/umount %s' % (destdir))
+    os.rmdir(destdir)
+
+
+def reserve(mcs):
+    sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+    sock.bind("\0%s" % mcs)
+    fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
+
+def gen_context(setype):
+    while True:
+        i1 = random.randrange(0, 1024)
+        i2 = random.randrange(0, 1024)
+        if i1 == i2:
+            continue
+        if i1 > i2:
+            tmp = i1
+            i1 = i2
+            i2 = tmp
+        mcs = "s0:c%d,c%d" % (i1, i2)
+        reserve(mcs)
+        try:
+            reserve(mcs)
+        except:
+            continue
+        break
+    con = selinux.getcon()[1].split(":")
+
+    execcon = "%s:%s:%s:%s" % (con[0], con[1], setype, mcs)
+    
+    filecon = "%s:%s:%s:%s" % (con[0], 
+                               "object_r", 
+                               "%s_file_t" % setype[:-2], 
+                               mcs)
+    return execcon, filecon
+
+
+if __name__ == '__main__':
+    if selinux.is_selinux_enabled() != 1:
+        error_exit("Requires an SELinux enabled system")
+        
+    def usage(message = ""):
+        text = _("""
+sandbox [ -m ] [ -t type ] command
+""")
+        error_exit("%s\n%s" % (message, text))
+
+    setype = "sandbox_t"
+    mount_ind = False
+    try:
+           gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m", 
+                                       ["help",
+                                        "type=", 
+                                        "mount"])
+           for o, a in gopts:
+                  if o == "-t" or o == "--type":
+                         setype = a
+                         
+                  if o == "-m" or o == "--mount":
+                         mount_ind = True
+
+                  if o == "-h" or o == "--help":
+                         usage(_("Usage"));
+            
+           if len(cmds) == 0:
+                  usage(_("Command required"))
+
+           execcon, filecon = gen_context(setype)
+           rc = -1
+           if mount_ind:
+                  mount(filecon)
+
+           if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
+                  for i in  os.environ["PATH"].split(':'):
+                         f = "%s/%s" % (i, cmds[0])
+                         if os.access(f, os.X_OK):
+                                cmds[0] = f
+                                break
+
+           selinux.setexeccon(execcon)
+           rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
+           selinux.setexeccon(None)
+           
+           if mount_ind:
+                  umount(filecon)
+    except getopt.GetoptError, error:
+        usage(_("Options Error %s ") % error.msg)
+    except ValueError, error:
+        error_exit(error.args[0])
+    except KeyError, error:
+        error_exit(_("Invalid value %s") % error.args[0])
+    except IOError, error:
+        error_exit(error.args[1])
+    except OSError, error:
+        error_exit(error.args[1])
+        
+    sys.exit(rc)
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.62/scripts/sandbox.8
+--- nsapolicycoreutils/scripts/sandbox.8	1969-12-31 16:00:00.000000000 -0800
+++ policycoreutils-2.0.62/scripts/sandbox.8	2009-07-14 09:08:10.000000000 -0700
+@@ -0,0 +1,22 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
+sandbox \- Run cmd under an SELinux sandbox
+.SH SYNOPSIS
+.B sandbox
+[ -M ] [ -t type ] cmd
+.br
+.SH DESCRIPTION
+.PP
+Run application within a tightly confined SELinux domain,   This application can only read and write stdin and stdout along with files handled to it by the shell.  
+.PP
+.TP
+\fB\-m\fR
+Mount a temporary file system and change working directory to it, files will be removed when job completes.
+.TP
+\fB\-t type\fR
+Use alternate sandbox type, defaults to sandbox_t
+.TP
+.SH "SEE ALSO"
+.TP
+runcon(1)
+.PP
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
--- a/policycoreutils-po.patch
+++ b/policycoreutils-po.patch
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,17 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-2.0.62/debugfiles.list
--- nsapolicycoreutils/debugfiles.list	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/debugfiles.list	2009-04-03 14:13:23.000000000 -0400
+diff -up policycoreutils-2.0.62/audit2allow/audit2allow.rhat policycoreutils-2.0.62/audit2allow/audit2allow
+--- policycoreutils-2.0.62/audit2allow/audit2allow.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/audit2allow/audit2allow	2009-05-05 10:49:02.000000000 -0400
+@@ -126,6 +126,7 @@ class AuditToPolicy:
+         elif self.__options.audit:
+             try:
+                 messages = audit.get_audit_msgs()
+                messages += audit.get_log_msgs()
+             except OSError, e:
+                 sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
+                 sys.exit(1)
+diff -up /dev/null policycoreutils-2.0.62/debugfiles.list
+--- /dev/null	2009-05-04 15:46:32.150257971 -0400
+++ policycoreutils-2.0.62/debugfiles.list	2009-05-05 10:49:02.000000000 -0400
@@ -0,0 +1,64 @@
 +%dir /usr/lib/debug
 +%dir /usr/lib/debug/sbin
@ -66,9 +77,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +/usr/lib/debug/usr/bin/semodule_expand.debug
 +/usr/lib/debug/usr/bin/secon.debug
 +/usr/src/debug/policycoreutils-2.0.62
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debuglinks.list policycoreutils-2.0.62/debuglinks.list
--- nsapolicycoreutils/debuglinks.list	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/debuglinks.list	2009-04-03 14:13:23.000000000 -0400
+diff -up /dev/null policycoreutils-2.0.62/debuglinks.list
+--- /dev/null	2009-05-04 15:46:32.150257971 -0400
+++ policycoreutils-2.0.62/debuglinks.list	2009-05-05 10:49:02.000000000 -0400
@@ -0,0 +1,29 @@
 +/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7 /sbin/setfiles
 +/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug /usr/lib/debug/sbin/setfiles.debug
@ -99,19 +110,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665 /usr/bin/semodule_deps
 +/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug /usr/lib/debug/usr/bin/semodule_deps.debug
 +/usr/lib/debug/sbin/restorecon.debug /usr/lib/debug/sbin/setfiles.debug
-Binary files nsapolicycoreutils/debugsources.list and policycoreutils-2.0.62/debugsources.list differ
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.62/Makefile
--- nsapolicycoreutils/Makefile	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/Makefile	2009-04-03 14:12:56.000000000 -0400
+diff -up policycoreutils-2.0.62/Makefile.rhat policycoreutils-2.0.62/Makefile
+--- policycoreutils-2.0.62/Makefile.rhat	2009-02-18 16:45:00.000000000 -0500
+++ policycoreutils-2.0.62/Makefile	2009-05-05 10:49:02.000000000 -0400
@@ -1,4 +1,4 @@
 -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
 
 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
 
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.62/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf	2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.62/restorecond/restorecond.conf	2009-04-03 14:12:56.000000000 -0400
+diff -up policycoreutils-2.0.62/restorecond/restorecond.conf.rhat policycoreutils-2.0.62/restorecond/restorecond.conf
+--- policycoreutils-2.0.62/restorecond/restorecond.conf.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/restorecond/restorecond.conf	2009-05-05 10:49:02.000000000 -0400
@@ -5,3 +5,7 @@
 /var/run/utmp
 /var/log/wtmp
@ -120,10 +130,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +/root/.ssh/*
 +
 +
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.62/scripts/chcat
--- nsapolicycoreutils/scripts/chcat	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.62/scripts/chcat	2009-04-09 12:28:34.000000000 -0400
-@@ -281,14 +281,14 @@
+diff -up policycoreutils-2.0.62/scripts/chcat.rhat policycoreutils-2.0.62/scripts/chcat
+--- policycoreutils-2.0.62/scripts/chcat.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/scripts/chcat	2009-05-05 10:49:02.000000000 -0400
+@@ -281,14 +281,14 @@ def isSensitivity(sensitivity):
 def expandCats(cats):
     newcats = []
     for c in cats:
@ -146,10 +156,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if i not in newcats:
                     newcats.append(i)
     if len(newcats) > 25:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.62/scripts/fixfiles	2009-04-03 14:12:56.000000000 -0400
-@@ -122,7 +122,7 @@
+diff -up policycoreutils-2.0.62/scripts/fixfiles.rhat policycoreutils-2.0.62/scripts/fixfiles
+--- policycoreutils-2.0.62/scripts/fixfiles.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/scripts/fixfiles	2009-05-05 10:49:24.000000000 -0400
+@@ -89,7 +89,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; 
+                fi; \
+             done | \
+ 	while read pattern ; do sh -c "find $pattern \
+-		      ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev  -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune  -o \
+		      ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev  -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune  -o \
+ 		      \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
+ 		      done 2> /dev/null | \
+ 	 ${RESTORECON} $* -0 -f - 
+@@ -122,14 +122,14 @@ if [ ! -z "$PREFC" ]; then
 fi
 if [ ! -z "$RPMFILES" ]; then
     for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
@ -158,10 +177,37 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
     done
     exit $?
 fi
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.62/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.62/semanage/semanage	2009-04-08 21:39:50.000000000 -0400
-@@ -50,7 +50,7 @@
+ if [ ! -z "$FILEPATH" ]; then
+     if [ -x /usr/bin/find ]; then
+ 	/usr/bin/find "$FILEPATH" \
+-	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune  -o -print0 | \
+	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune  -o -print0 | \
+ 	    ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+     else
+ 	${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+diff -up policycoreutils-2.0.62/semanage/semanage.8.rhat policycoreutils-2.0.62/semanage/semanage.8
+--- policycoreutils-2.0.62/semanage/semanage.8.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/semanage/semanage.8	2009-05-05 10:49:02.000000000 -0400
+@@ -21,6 +21,8 @@ semanage \- SELinux Policy Management to
+ .br
+ .B semanage permissive \-{a|d} type
+ .br
+.B semanage module \-{a|d} policy_package
+.br
+ .B semanage translation \-{a|d|m} [\-T] level
+ .P
+ 
+diff -up policycoreutils-2.0.62/semanage/semanage.rhat policycoreutils-2.0.62/semanage/semanage
+--- policycoreutils-2.0.62/semanage/semanage.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/semanage/semanage	2009-05-05 10:49:02.000000000 -0400
+@@ -44,16 +44,17 @@ if __name__ == '__main__':
+                text = _("""
+ semanage [ -S store ] -i [ input_file | - ]
+ 
+-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
+semanage {module,boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
+ semanage login -{a|d|m} [-sr] login_name | %groupname
+ semanage user -{a|d|m} [-LrRP] selinux_name
 semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
 semanage interface -{a|d|m} [-tr] interface_spec
 semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
@ -169,8 +215,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
 semanage translation -{a|d|m} [-T] level
 semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
- semanage permissive -{d|a} type
-@@ -84,6 +84,7 @@
+-semanage permissive -{d|a} type
+semanage permissive -{a|d} type
+semanage module -{a|d|} module
+ 
+ Primary Options:
+ 
+@@ -68,6 +69,7 @@ Primary Options:
+ 	-h, --help       Display this message
+ 	-n, --noheading  Do not print heading when listing OBJECTS
+         -S, --store      Select and alternate SELinux store to manage
+        --dontaudit      Turn on or off dontaudit rules
+ 
+ Object-specific Options (see above):
+ 
+@@ -84,6 +86,7 @@ Object-specific Options (see above):
         -F, --file       Treat target as an input file for command, change multiple settings
 	-p, --proto      Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
 	-M, --mask       Netmask
@ -178,7 +237,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 	-P, --prefix     Prefix for home directory labeling
 	-L, --level      Default SELinux Level (MLS/MCS Systems only)
 	-R, --roles      SELinux Roles (ex: "sysadm_r staff_r")
-@@ -115,7 +116,7 @@
+@@ -115,11 +118,14 @@ Object-specific Options (see above):
 		valid_option["node"] = []
 		valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
 		valid_option["fcontext"] = []
@ -187,15 +246,25 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		valid_option["translation"] = []
 		valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] 
 		valid_option["boolean"] = []
-@@ -192,6 +193,7 @@
+ 		valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"] 
+		valid_option["module"] = []
+		valid_option["module"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '--dontaudit']
+
+ 		valid_option["permissive"] = []
+ 		valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ 		return valid_option
+@@ -192,7 +198,10 @@ Object-specific Options (see above):
 		locallist = False
 		use_file = False
                 store = ""
 +                equil=""
 			
+                dontaudit = ""
+
 		object = argv[0]
 		option_dict=get_options()
-@@ -201,10 +203,11 @@
+ 		if object not in option_dict.keys():
+@@ -201,10 +210,12 @@ Object-specific Options (see above):
 		args = argv[1:]
 
 		gopts, cmds = getopt.getopt(args,
@ -204,21 +273,69 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 					    ['add',
 					     'delete',
 					     'deleteall',
+					     'dontaudit=',
 +					     'equil=',
 					     'ftype=',
 					     'file',
 					     'help',
-@@ -248,6 +251,9 @@
- 			if o == "-f"  or o == "--ftype":
- 				ftype=a
- 
-+			if o == "-e"  or o == "--equil":
-+				equil=a
+@@ -241,16 +252,24 @@ Object-specific Options (see above):
+ 				if modify or add:
+                                        raise ValueError(_("%s bad option") % o)
+ 				delete = True
 +
+ 			if o == "-D"  or o == "--deleteall":
+ 				if modify:
+                                        raise ValueError(_("%s bad option") % o)
+ 				deleteall = True
+
+ 			if o == "-f"  or o == "--ftype":
+-				ftype=a
+				ftype = a
+
+			if o == "-e"  or o == "--equil":
+				equil = a
+ 
 			if o == "-F"  or o == "--file":
 				use_file = True
 
-@@ -366,7 +372,10 @@
+			if o == "--dontaudit":
+                                dontaudit = a
+
+ 			if o == "-h" or o == "--help":
+                                raise ValueError(_("%s bad option") % o)
+ 
+@@ -323,6 +342,9 @@ Object-specific Options (see above):
+ 		
+ 		if object == "boolean":
+ 			OBJECT = seobject.booleanRecords(store)
+
+		if object == "module":
+			OBJECT = seobject.moduleRecords(store)
+ 		
+ 		if object == "translation":
+ 			OBJECT = seobject.setransRecords()
+@@ -341,6 +363,13 @@ Object-specific Options (see above):
+ 			OBJECT.deleteall()
+                         return
+ 			
+		if dontaudit != "":
+			if object == "module":
+                               OBJECT.dontaudit(dontaudit)
+                        else:
+                               raise ValueError(_("%s bad option") % o)
+                        return
+
+ 		if len(cmds) != 1:
+                        raise ValueError(_("%s bad option") % o)
+                         
+@@ -362,11 +391,17 @@ Object-specific Options (see above):
+ 			if object == "interface":
+ 				OBJECT.add(target, serange, setype)
+ 
+			if object == "module":
+				OBJECT.add(target)
+
+ 			if object == "node":
 				OBJECT.add(target, mask, proto, serange, setype)
 
 			if object == "fcontext":
@ -230,7 +347,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			if object == "permissive":
 				OBJECT.add(target)
 
-@@ -396,7 +405,10 @@
+@@ -386,6 +421,9 @@ Object-specific Options (see above):
+ 				rlist = roles.split()
+ 				OBJECT.modify(target, rlist, selevel, serange, prefix)
+ 
+			if object == "module":
+				OBJECT.modify(target)
+
+ 			if object == "port":
+ 				OBJECT.modify(target, proto, serange, setype)
+ 
+@@ -396,7 +434,10 @@ Object-specific Options (see above):
 				OBJECT.modify(target, mask, proto, serange, setype)
 
 			if object == "fcontext":
@ -242,7 +369,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
                         return
 
-@@ -405,7 +417,7 @@
+@@ -405,7 +446,7 @@ Object-specific Options (see above):
 				OBJECT.delete(target, proto)
 
 			elif object == "fcontext":
@ -251,7 +378,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 			elif object == "node":
 				OBJECT.delete(target, mask, proto)
-@@ -464,10 +476,10 @@
+@@ -464,10 +505,10 @@ Object-specific Options (see above):
                       else:
                              fd = open(input, 'r')
                       trans = seobject.semanageRecords(store)
@ -264,9 +391,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                else:
                       process_args(sys.argv[1:])
 			
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2008-11-14 17:10:15.000000000 -0500
-+++ policycoreutils-2.0.62/semanage/seobject.py	2009-04-11 08:13:02.000000000 -0400
+diff -up policycoreutils-2.0.62/semanage/seobject.py.rhat policycoreutils-2.0.62/semanage/seobject.py
+--- policycoreutils-2.0.62/semanage/seobject.py.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/semanage/seobject.py	2009-05-05 14:46:35.000000000 -0400
+@@ -1,5 +1,5 @@
+ #! /usr/bin/python -E
+-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat 
+# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat 
+ # see file 'COPYING' for use and warranty information
+ #
+ # semanage is a tool for managing SELinux configuration files
@@ -21,16 +21,16 @@
 #
 #  
@ -287,7 +421,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 except IOError:
        import __builtin__
        __builtin__.__dict__['_'] = unicode
-@@ -96,7 +96,7 @@
+@@ -96,7 +96,7 @@ try:
 			self.audit_fd = audit.audit_open()
 
 		def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
@ -296,7 +430,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 except:
 	class logger:
 		def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
-@@ -104,7 +104,7 @@
+@@ -104,7 +104,7 @@ except:
 				message = "Successful: "
 			else:
 				message = "Failed: "
@ -305,7 +439,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			if sename != "":
 				message += " sename=" + sename
 			if old_sename != "":
-@@ -123,9 +123,9 @@
+@@ -123,9 +123,9 @@ mylog = logger()		
 
 import xml.etree.ElementTree
 
@ -317,7 +451,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
        for l in  tree.findall("layer"):
               for m in  l.findall("module"):
                      for b in  m.findall("tunable"):
-@@ -160,12 +160,12 @@
+@@ -160,12 +160,12 @@ def validate_level(raw):
 	cat_range = category + "(\." + category +")?"
 	categories = cat_range + "(\," + cat_range + ")*"
 	reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
@ -333,7 +467,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 	else:
 		context = raw
 	(rc, trans) = selinux.selinux_raw_to_trans_context(context)
-@@ -179,9 +179,9 @@
+@@ -179,9 +179,9 @@ def translate(raw, prepend = 1):
 		return trans
 	
 def untranslate(trans, prepend = 1):
@ -345,7 +479,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 	else:
 		context = trans
 
-@@ -234,7 +234,7 @@
+@@ -234,7 +234,7 @@ class setransRecords:
 			rec += "%s=%s\n" %  (k, self.ddict[k])
 		return rec
 	
@ -354,7 +488,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if heading:
 			print "\n%-25s %s\n" % (_("Level"), _("Translation"))
 		keys = self.ddict.keys()
-@@ -273,6 +273,7 @@
+@@ -273,6 +273,7 @@ class setransRecords:
 		(fd, newfilename) = tempfile.mkstemp('', self.filename)
 		os.write(fd, self.out())
 		os.close(fd)
@ -362,7 +496,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		os.rename(newfilename, self.filename)
                 os.system("/sbin/service mcstrans reload > /dev/null")
 
-@@ -281,15 +282,20 @@
+@@ -281,15 +282,20 @@ class semanageRecords:
                global handle
                       
                if handle != None:
@ -386,7 +520,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
         def begin(self):
                if self.transaction:
                       return
-@@ -303,6 +309,12 @@
+@@ -303,6 +309,55 @@ class semanageRecords:
                if rc < 0:
                       raise ValueError(_("Could not commit semanage transaction"))
 
@ -396,10 +530,53 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +               self.transaction = False
 +               self.commit()
 +
+class moduleRecords(semanageRecords):
+	def __init__(self, store):
+               semanageRecords.__init__(self, store)
+
+	def get_all(self):
+               l = []
+               (rc, mlist, number) = semanage_module_list(self.sh)
+               if rc < 0:
+                      raise ValueError(_("Could not list SELinux modules"))
+
+               for i in range(number):
+                      mod = semanage_module_list_nth(mlist, i)
+                      name = semanage_module_get_name(mod)
+                      l.append(name)
+               return l
+
+	def dontaudit(self, dontaudit = 0):
+               self.begin()
+               rc = semanage_set_disable_dontaudit(self.sh, int(dontaudit))
+               self.commit()
+               rc = semanage_reload_policy(self.sh)
+
+	def list(self, heading = 1, locallist = 0):
+		if heading:
+			print "\n%-25s\n" % (_("Modules"))
+                for t in self.get_all():
+                       print t
+
+	def add(self, modules):
+               import glob
+               for m in modules.split():
+                      rc = semanage_module_install_file(self.sh, m);
+               if rc >= 0:
+                      self.commit()
+
+	def delete(self, modules):
+               for m in modules.split():
+                      rc = semanage_module_remove(self.sh, m)
+                      if rc < 0:
+                             raise ValueError(_("Could not remove module %s (remove failed)") % name)
+                      
+               self.commit()
+			
 class permissiveRecords(semanageRecords):
 	def __init__(self, store):
                semanageRecords.__init__(self, store)
-@@ -320,7 +332,7 @@
+@@ -320,7 +375,7 @@ class permissiveRecords(semanageRecords)
                              l.append(name.split("permissive_")[1])
                return l
 
@ -408,7 +585,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if heading:
 			print "\n%-25s\n" % (_("Permissive Types"))
                 for t in self.get_all():
-@@ -328,6 +340,7 @@
+@@ -328,6 +383,7 @@ class permissiveRecords(semanageRecords)
 
 
 	def add(self, type):
@ -416,7 +593,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                name = "permissive_%s" % type
                dirname = "/var/lib/selinux"
                os.chdir(dirname)
-@@ -341,7 +354,7 @@
+@@ -341,7 +397,7 @@ require {
 
 permissive %s;
 """ % (name, type, type)
@ -425,7 +602,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                fd.write(modtxt)
                fd.close()
                mc = module.ModuleCompiler()
-@@ -351,16 +364,19 @@
+@@ -351,16 +407,19 @@ permissive %s;
                fd.close()
 
                rc = semanage_module_install(self.sh, data, len(data));
@ -450,7 +627,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 	def delete(self, name):
                for n in name.split():
-@@ -390,11 +406,11 @@
+@@ -390,11 +449,11 @@ class loginRecords(semanageRecords):
 		if sename == "":
 			sename = "user_u"
 			
@ -464,7 +641,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if login mapping for %s is defined") % name)
 		if exists:
-@@ -410,7 +426,7 @@
+@@ -410,7 +469,7 @@ class loginRecords(semanageRecords):
                        except:
                               raise ValueError(_("Linux User %s does not exist") % name)
 
@ -473,7 +650,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not create login mapping for %s") % name)
 
-@@ -450,17 +466,17 @@
+@@ -450,17 +509,17 @@ class loginRecords(semanageRecords):
                if sename == "" and serange == "":
                       raise ValueError(_("Requires seuser or serange"))
 
@ -494,7 +671,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                       raise ValueError(_("Could not query seuser for %s") % name)
 
-@@ -483,7 +499,7 @@
+@@ -483,7 +542,7 @@ class loginRecords(semanageRecords):
                semanage_seuser_key_free(k)
                semanage_seuser_free(u)
 
@ -503,7 +680,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 	def modify(self, name, sename = "", serange = ""):
 		try:
-@@ -492,21 +508,21 @@
+@@ -492,21 +551,21 @@ class loginRecords(semanageRecords):
                         self.commit()
 
 		except ValueError, error:
@ -529,7 +706,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                       raise ValueError(_("Could not check if login mapping for %s is defined") % name)
                if not exists:
-@@ -525,10 +541,10 @@
+@@ -525,10 +584,10 @@ class loginRecords(semanageRecords):
                        self.commit()
 
 		except ValueError, error:
@ -542,7 +719,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 	def get_all(self, locallist = 0):
 		ddict = {}
-@@ -578,17 +594,17 @@
+@@ -578,17 +637,17 @@ class seluserRecords(semanageRecords):
                 if len(roles) < 1:
                        raise ValueError(_("You must add at least one role for %s") % name)
                        
@ -563,7 +740,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not create SELinux user for %s") % name)
 
-@@ -612,7 +628,7 @@
+@@ -612,7 +671,7 @@ class seluserRecords(semanageRecords):
                 rc = semanage_user_set_prefix(self.sh, u, prefix)
                 if rc < 0:
                        raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@ -572,7 +749,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not extract key for %s") % name)
 
-@@ -645,17 +661,17 @@
+@@ -645,17 +704,17 @@ class seluserRecords(semanageRecords):
                        else:
                               raise ValueError(_("Requires prefix or roles"))
 
@ -593,7 +770,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not query user for %s") % name)
 
-@@ -703,17 +719,17 @@
+@@ -703,17 +762,17 @@ class seluserRecords(semanageRecords):
 			raise error
 
 	def __delete(self, name):
@ -614,7 +791,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                       raise ValueError(_("Could not check if SELinux user %s is defined") % name)
                if not exists:
-@@ -795,7 +811,7 @@
+@@ -795,7 +854,7 @@ class portRecords(semanageRecords):
 			low = int(ports[0])
 			high = int(ports[1])
 
@ -623,7 +800,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
 		return ( k, proto_d, low, high )
-@@ -812,13 +828,13 @@
+@@ -812,13 +871,13 @@ class portRecords(semanageRecords):
 
 		( k, proto_d, low, high ) = self.__genkey(port, proto)			
 
@ -639,7 +816,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create port for %s/%s") % (proto, port))
 		
-@@ -871,13 +887,13 @@
+@@ -871,13 +930,13 @@ class portRecords(semanageRecords):
 
 		( k, proto_d, low, high ) = self.__genkey(port, proto)
 
@ -655,7 +832,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not query port %s/%s") % (proto, port))
 
-@@ -926,13 +942,13 @@
+@@ -926,13 +985,13 @@ class portRecords(semanageRecords):
 
 	def __delete(self, port, proto):
 		( k, proto_d, low, high ) = self.__genkey(port, proto)
@ -671,7 +848,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
 		if not exists:
-@@ -1038,17 +1054,17 @@
+@@ -1038,17 +1097,17 @@ class nodeRecords(semanageRecords):
                if ctype == "":
                        raise ValueError(_("SELinux Type is required"))
 
@ -692,7 +869,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                        raise ValueError(_("Could not create addr for %s") % addr)
 
-@@ -1113,17 +1129,17 @@
+@@ -1113,17 +1172,17 @@ class nodeRecords(semanageRecords):
                if serange == "" and setype == "":
                        raise ValueError(_("Requires setype or serange"))
 
@ -713,7 +890,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                        raise ValueError(_("Could not query addr %s") % addr)
 
-@@ -1160,17 +1176,17 @@
+@@ -1160,17 +1219,17 @@ class nodeRecords(semanageRecords):
                else:
                       raise ValueError(_("Unknown or missing protocol"))
 
@ -734,7 +911,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                        raise ValueError(_("Could not check if addr %s is defined") % addr)
                if not exists:
-@@ -1240,17 +1256,17 @@
+@@ -1240,17 +1299,17 @@ class interfaceRecords(semanageRecords):
 		if ctype == "":
 			raise ValueError(_("SELinux Type is required"))
 
@ -755,7 +932,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create interface for %s") % interface)
 		
-@@ -1301,17 +1317,17 @@
+@@ -1301,17 +1360,17 @@ class interfaceRecords(semanageRecords):
 		if serange == "" and setype == "":
 			raise ValueError(_("Requires setype or serange"))
 
@ -776,7 +953,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not query interface %s") % interface)
 
-@@ -1335,17 +1351,17 @@
+@@ -1335,17 +1394,17 @@ class interfaceRecords(semanageRecords):
                 self.commit()
 
 	def __delete(self, interface):
@ -797,7 +974,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if interface %s is defined") % interface)
 		if not exists:
-@@ -1393,6 +1409,45 @@
+@@ -1393,6 +1452,48 @@ class interfaceRecords(semanageRecords):
 class fcontextRecords(semanageRecords):
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
@ -820,7 +997,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +                       for src in self.equiv.keys():
 +                              fd.write("%s %s\n" % (src, self.equiv[src]))
 +                       fd.close()
-+                       os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
+                       try:
+                              os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
+                       except:
+                              pass
 +                       os.rename(tmpfile,subs_file)
 +                       self.equil_ind = False
 +		semanageRecords.commit(self)
@ -843,7 +1023,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
         def createcon(self, target, seuser = "system_u"):
                 (rc, con) = semanage_context_create(self.sh)
-@@ -1429,23 +1484,23 @@
+@@ -1429,23 +1530,23 @@ class fcontextRecords(semanageRecords):
 		if type == "":
 			raise ValueError(_("SELinux Type is required"))
 
@ -871,7 +1051,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create file context for %s") % target)
 		
-@@ -1486,21 +1541,21 @@
+@@ -1486,21 +1587,21 @@ class fcontextRecords(semanageRecords):
 			raise ValueError(_("Requires setype, serange or seuser"))
                 self.validate(target)
 
@ -898,7 +1078,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                        if rc < 0:
                               raise ValueError(_("Could not query file context for %s") % target)
 
-@@ -1550,7 +1605,7 @@
+@@ -1550,7 +1651,7 @@ class fcontextRecords(semanageRecords):
                        target = semanage_fcontext_get_expr(fcontext)
                        ftype = semanage_fcontext_get_type(fcontext)
                        ftype_str = semanage_fcontext_get_type_str(ftype)
@ -907,7 +1087,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                        if rc < 0:
                               raise ValueError(_("Could not create a key for %s") % target)
 
-@@ -1558,19 +1613,26 @@
+@@ -1558,19 +1659,26 @@ class fcontextRecords(semanageRecords):
                        if rc < 0:
                               raise ValueError(_("Could not delete the file context %s") % target)
                        semanage_fcontext_key_free(k)
@ -938,7 +1118,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			if rc < 0:
 				raise ValueError(_("Could not check if file context for %s is defined") % target)
 			if exists:
-@@ -1617,11 +1679,11 @@
+@@ -1617,11 +1725,11 @@ class fcontextRecords(semanageRecords):
 		return ddict
 			
 	def list(self, heading = 1, locallist = 0 ):
@ -952,7 +1132,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		for k in keys:
 			if fcon_dict[k]:
 				if is_mls_enabled:
-@@ -1630,11 +1692,17 @@
+@@ -1630,11 +1738,17 @@ class fcontextRecords(semanageRecords):
 					print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
 			else:
 				print "%-50s %-18s <<None>>" % (k[0], k[1])
@ -971,7 +1151,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 self.dict["TRUE"] = 1
                 self.dict["FALSE"] = 0
                 self.dict["ON"] = 1
-@@ -1643,16 +1711,16 @@
+@@ -1643,16 +1757,16 @@ class booleanRecords(semanageRecords):
                 self.dict["0"] = 0
 
 	def __mod(self, name, value):
@ -991,7 +1171,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not query file context %s") % name)
 
-@@ -1670,7 +1738,7 @@
+@@ -1670,7 +1784,7 @@ class booleanRecords(semanageRecords):
 		semanage_bool_key_free(k)
 		semanage_bool_free(b)
 
@ -1000,7 +1180,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 
                 self.begin()
 
-@@ -1694,16 +1762,16 @@
+@@ -1694,16 +1808,16 @@ class booleanRecords(semanageRecords):
 		
 	def __delete(self, name):
 
@ -1020,7 +1200,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if boolean %s is defined") % name)
 		if not exists:
-@@ -1762,7 +1830,7 @@
+@@ -1762,7 +1876,7 @@ class booleanRecords(semanageRecords):
                       return _("unknown")
 
 	def list(self, heading = True, locallist = False, use_file = False):
@ -1029,11 +1209,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if use_file:
                        ddict = self.get_all(locallist)
                        keys = ddict.keys()
-Binary files nsapolicycoreutils/setfiles/restorecon and policycoreutils-2.0.62/setfiles/restorecon differ
-Binary files nsapolicycoreutils/setfiles/setfiles and policycoreutils-2.0.62/setfiles/setfiles differ
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.62/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/setfiles/setfiles.c	2009-04-14 09:38:55.000000000 -0400
+diff -up policycoreutils-2.0.62/setfiles/setfiles.c.rhat policycoreutils-2.0.62/setfiles/setfiles.c
+--- policycoreutils-2.0.62/setfiles/setfiles.c.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/setfiles/setfiles.c	2009-05-05 10:49:02.000000000 -0400
@@ -29,6 +29,8 @@
 static int mass_relabel;
 static int mass_relabel_errs;
@ -1043,7 +1221,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 static FILE *outfile = NULL;
 static int force = 0;
 #define STAT_BLOCK_SIZE 1
-@@ -444,11 +446,11 @@
+@@ -444,11 +446,11 @@ static int restore(const char *file)
 
 	if (progress) {
 		count++;
@ -1057,7 +1235,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			fprintf(stdout, "*");
 			fflush(stdout);
 		}
-@@ -1017,7 +1019,7 @@
+@@ -1017,7 +1019,7 @@ int main(int argc, char **argv)
 		free(excludeArray[i].directory);
 	}
 
@ -1066,4 +1244,27 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                printf("\n");
 	exit(errors);
 }
-Binary files nsapolicycoreutils/setfiles/setfiles.o and policycoreutils-2.0.62/setfiles/setfiles.o differ
+diff -up policycoreutils-2.0.62/semanage/seobject.py~ policycoreutils-2.0.62/semanage/seobject.py
+--- policycoreutils-2.0.62/semanage/seobject.py~	2009-05-14 09:02:13.000000000 -0400
+++ policycoreutils-2.0.62/semanage/seobject.py	2009-05-14 09:03:05.000000000 -0400
+@@ -1027,7 +1027,7 @@ class portRecords(semanageRecords):
+ 			proto_str = semanage_port_get_proto_str(proto)
+ 			low = semanage_port_get_low(port)
+ 			high = semanage_port_get_high(port)
+-			ddict[(low, high)] = (ctype, proto_str, level)
+			ddict[(low, high, proto_str)] = (ctype, level)
+ 		return ddict
+ 
+ 	def get_all_by_type(self, locallist = 0):
+diff -up policycoreutils-2.0.62/setfiles/setfiles.c~ policycoreutils-2.0.62/setfiles/setfiles.c
+--- policycoreutils-2.0.62/setfiles/setfiles.c~	2009-09-09 16:50:37.000000000 +0200
+++ policycoreutils-2.0.62/setfiles/setfiles.c	2009-09-09 16:51:23.000000000 +0200
+@@ -683,6 +683,8 @@ static int process_one(char *name)
+ 				progname, name, strerror(errno));
+ 			goto err;
+ 		}
+		close(pipe_fds[0]);
+		pipe_fds[0] = -1;
+ 	} else {
+ 		rc = restore(name);
+ 		if (rc)
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py
 --- nsasepolgen/src/sepolgen/access.py	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py	2009-04-01 10:03:43.000000000 -0400
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py	2009-04-21 14:54:12.000000000 -0400
@@ -313,7 +313,7 @@
 
     def __len__(self):
@ -10,9 +10,30 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
 
     def add(self, role, type):
         if self.role_types.has_key(role):
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py
+--- nsasepolgen/src/sepolgen/audit.py	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py	2009-04-24 13:19:39.000000000 -0400
+@@ -47,6 +47,17 @@
+                               stdout=subprocess.PIPE).communicate()[0]
+     return output
+ 
+def get_log_msgs():
+    """Obtain all of the avc and policy load messages from /var/log/messages.
+
+    Returns:
+       string contain all of the audit messages returned by /var/log/messages.
+    """
+    import subprocess
+    output = subprocess.Popen(["/bin/grep", "avc",  "/var/log/messages"],
+                              stdout=subprocess.PIPE).communicate()[0]
+    return output
+
+ # Classes representing audit messages
+ 
+ class AuditMessage:
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
 --- nsasepolgen/src/sepolgen/refparser.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py	2009-04-21 14:54:12.000000000 -0400
@@ -919,7 +919,7 @@
 def list_headers(root):
     modules = []
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.62
-Release: 10%{?dist}
+Release: 12.15%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -23,6 +23,7 @@ Patch:	 policycoreutils-rhat.patch
 Patch1:	 policycoreutils-po.patch
 Patch3:	 policycoreutils-gui.patch
 Patch4:	 policycoreutils-sepolgen.patch
+Patch5:	 policycoreutils-F11.patch
 Obsoletes: policycoreutils < 2.0.61-2

 BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
@ -54,6 +55,7 @@ context.
 %patch1 -p1 -b .rhatpo
 %patch3 -p1 -b .gui
 %patch4 -p1 -b .sepolgen
+%patch5 -p1 

 %build
 make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all 
@ -111,6 +113,7 @@ The policycoreutils-python package contains the management tools use to manage a
 %{_sbindir}/semanage
 %{_bindir}/audit2allow
 %{_bindir}/audit2why
+%{_bindir}/sandbox
 %{_bindir}/chcat
 %{_bindir}/sepolgen-ifgen
 %{_libdir}/python?.?/site-packages/seobject.py*
@ -160,6 +163,7 @@ system-config-selinux is a utility for managing the SELinux environment
 %defattr(-,root,root)
 %{_bindir}/system-config-selinux
 %{_bindir}/selinux-polgengui
+%{_bindir}/sepolgen
 %{_datadir}/applications/fedora-system-config-selinux.desktop
 %{_datadir}/applications/fedora-selinux-polgengui.desktop
 %dir %{_datadir}/system-config-selinux
@ -221,6 +225,54 @@ else
 fi

 %changelog
+* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15
+- Update to Rawhides system-config-selinux/polgengui
+
+* Thu Sep 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.14
+- Fix tight loop in restorecond patch from Martin Orr
+
+* Wed Sep 23 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.62-12.13
+- Fix for setfiles leaks descriptors from Steve Grubb
+
+* Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.12
+- Fix polgen.py 
+
+* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11
+- Fix polgen.py 
+
+* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.10
+- Add sepolgen executable
+
+* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9
+- Fix mount options on sandbox
+
+* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.8
+- Allow polgen.py to generate policy for just the binary
+
+* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.7
+- Fix sandbox to be able to execute files in homedir
+
+* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6
+- Add sandbox script
+
+* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.5
+- More portspage fixes
+
+* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.4
+- Fix portspage and generation of init_script_file in templates
+
+* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.3
+- Fix handling of .subs file
+
+* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.2
+- Fix fixfiles to handle btrfs
+
+* Fri Apr 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.1
+- Fix audit2allow -a to read /var/log/messages
+
+* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12
+- Add semanage module support
+
 * Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-10
 - Do not print \n, if count < 1000;

--- a/policycoreutils_man_ru2.tar.bz2
+++ b/policycoreutils_man_ru2.tar.bz2
--- a/1
+++ b/1
@ -1,2 +1,3 @@
 7163e6b815bb45eb4f6a620cd8240690  policycoreutils-2.0.62.tgz
 e1b5416c3e0d76e5d702b3f54f4def45  sepolgen-1.0.16.tgz
+7915287c8377b768ccae7eb6dc736783  policycoreutils_man_ru2.tar.bz2
Author	SHA1	Message	Date
Fedora Release Engineering	a06c71a0d3	dist-git conversion	2010-07-29 09:55:08 +00:00
Bill Nottingham	403559f760	Fix typo that causes a failure to update the common directory. (releng #2781 )	2009-11-26 01:43:31 +00:00
Daniel J Walsh	9005b5b529	* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15 - Update to Rawhides system-config-selinux/polgengui	2009-10-01 16:10:23 +00:00
Daniel J Walsh	531062f702	* Thu Sep 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.14 - Fix tight loop in restorecond patch from Martin Orr	2009-09-25 03:09:52 +00:00
Miroslav Grepl	b5aeeb75bc	- Fix for setfiles leaks descriptors from Steve Grubb	2009-09-23 10:59:40 +00:00
Ville Skyttä	d46f9204ff	Move man_ru2 tarballs from CVS to lookaside cache.	2009-08-09 13:35:32 +00:00
Daniel J Walsh	ed1c24c9e0	* Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.12 - Fix polgen.py	2009-06-26 18:45:39 +00:00
Daniel J Walsh	cee6334c7e	* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11 - Fix polgen.py	2009-06-12 20:20:28 +00:00
Daniel J Walsh	fd57d1a218	* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11 - Fix polgen.py	2009-06-09 20:53:42 +00:00
Daniel J Walsh	7bf7971a06	* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.10 - Add sepolgen executable	2009-06-04 19:31:10 +00:00
Daniel J Walsh	db27692fd6	* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9 - Fix mount options on sandbox	2009-06-01 10:36:30 +00:00
Daniel J Walsh	8c97448739	* Mon Jun 1 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9 - Fix mount options on sandbox	2009-06-01 10:35:20 +00:00
Daniel J Walsh	15753a3a4a	* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.8 - Allow polgen.py to generate policy for just the binary	2009-05-26 21:04:17 +00:00
Daniel J Walsh	99f84b1b02	* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.7 - Fix sandbox to be able to execute files in homedir	2009-05-26 16:59:13 +00:00
Daniel J Walsh	a422c176e0	* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6 - Add sandbox script	2009-05-22 18:27:32 +00:00
Daniel J Walsh	2be6f439a9	* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6 - Add sandbox script	2009-05-22 18:14:25 +00:00
Daniel J Walsh	5594809617	* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.5 - More portspage fixes	2009-05-14 13:04:57 +00:00
Daniel J Walsh	4c6238c984	* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.4 - Fix portspage and generation of init_script_file in templates	2009-05-12 17:56:12 +00:00
Daniel J Walsh	6a5bb95dfd	* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.3 - Fix handling of .subs file	2009-05-05 18:49:56 +00:00
Daniel J Walsh	ae3cda5138	* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.2 - Fix fixfiles to handle btrfs	2009-05-05 14:53:42 +00:00
Daniel J Walsh	1e7540b5b3	* Fri Apr 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.1 - Fix audit2allow -a to read /var/log/messages	2009-04-24 17:57:46 +00:00
Daniel J Walsh	27d6dacdb9	* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12 - Add semanage module support	2009-04-16 19:06:07 +00:00
Daniel J Walsh	7fa79b350d	* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-11 - Add semanage module support	2009-04-16 18:56:02 +00:00
Jesse Keating	ae29830097	Initialize branch F-11 for policycoreutils	2009-04-15 05:25:17 +00:00