dist-git conversion

Fix typo that causes a failure to update the common directory. (releng #2781 )
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15
2010-07-29 09:55:08 +00:00 · 2009-11-26 01:43:31 +00:00 · 2009-10-01 16:10:23 +00:00 · 2009-09-25 03:09:52 +00:00 · 2009-09-23 10:59:40 +00:00 · 2009-08-09 13:35:32 +00:00
11 changed files with 1631 additions and 698 deletions
--- a/.gitignore
+++ b/.gitignore
@ -197,3 +197,4 @@ policycoreutils-2.0.61.tgz
 sepolgen-1.0.15.tgz
 policycoreutils-2.0.62.tgz
 sepolgen-1.0.16.tgz
+policycoreutils_man_ru2.tar.bz2
--- a/2
+++ b/2
@ -4,7 +4,7 @@ NAME := policycoreutils
 SPECFILE = $(firstword $(wildcard *.spec))

 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef

 MAKEFILE_COMMON := $(shell $(find-makefile-common))
--- a/1
+++ b/1
@ -0,0 +1 @@
+F-11
--- a/policycoreutils-F11.patch
+++ b/policycoreutils-F11.patch
@ -0,0 +1,239 @@
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.62/restorecond/restorecond.c
+--- nsapolicycoreutils/restorecond/restorecond.c	2009-02-18 13:45:01.000000000 -0800
+++ policycoreutils-2.0.62/restorecond/restorecond.c	2009-09-24 20:03:16.000000000 -0700
+@@ -315,21 +315,24 @@
+ 			printf("wd=%d mask=%u cookie=%u len=%u\n",
+ 			       event->wd, event->mask,
+ 			       event->cookie, event->len);
+-		if (event->wd == master_wd)
+-			read_config(fd);
+-		else {
+-			switch (utmpwatcher_handle(fd, event->wd)) {
+-			case -1:	/* Message was not for utmpwatcher */
+-				if (event->len)
+-					watch_list_find(event->wd, event->name);
+-				break;
+ 
+-			case 1:	/* utmp has changed need to reload */
+		if (event->mask & ~IN_IGNORED) {
+			if (event->wd == master_wd)
+ 				read_config(fd);
+-				break;
+-
+-			default:	/* No users logged in or out */
+-				break;
+			else {
+				switch (utmpwatcher_handle(fd, event->wd)) {
+				case -1:	/* Message was not for utmpwatcher */
+					if (event->len)
+						watch_list_find(event->wd, event->name);
+					break;
+
+				case 1:	/* utmp has changed need to reload */
+					read_config(fd);
+					break;
+
+				default:	/* No users logged in or out */
+					break;
+				}
+ 			}
+ 		}
+ 
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
+--- nsapolicycoreutils/scripts/fixfiles	2009-05-22 11:10:01.000000000 -0700
+++ policycoreutils-2.0.62/scripts/fixfiles	2009-07-14 09:08:10.000000000 -0700
+@@ -129,7 +129,7 @@
+ if [ ! -z "$FILEPATH" ]; then
+     if [ -x /usr/bin/find ]; then
+ 	/usr/bin/find "$FILEPATH" \
+-	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune  -o -print0 | \
+	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune  -o -print0 | \
+ 	    ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+     else
+ 	${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.62/scripts/Makefile
+--- nsapolicycoreutils/scripts/Makefile	2009-02-18 13:45:01.000000000 -0800
+++ policycoreutils-2.0.62/scripts/Makefile	2009-07-14 09:08:10.000000000 -0700
+@@ -5,11 +5,12 @@
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+ 
+-all: fixfiles genhomedircon
+all: fixfiles genhomedircon sandbox chcat
+ 
+ install: all
+ 	-mkdir -p $(BINDIR)
+ 	install -m 755 chcat $(BINDIR)
+	install -m 755 sandbox $(BINDIR)
+ 	install -m 755 fixfiles $(DESTDIR)/sbin
+ 	install -m 755 genhomedircon  $(SBINDIR)
+ 	-mkdir -p $(MANDIR)/man8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox policycoreutils-2.0.62/scripts/sandbox
+--- nsapolicycoreutils/scripts/sandbox	1969-12-31 16:00:00.000000000 -0800
+++ policycoreutils-2.0.62/scripts/sandbox	2009-07-14 09:08:10.000000000 -0700
+@@ -0,0 +1,139 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl
+import selinux
+
+PROGNAME = "policycoreutils"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+
+try:
+       gettext.install(PROGNAME,
+                       localedir = "/usr/share/locale",
+                       unicode=False,
+                       codeset = 'utf-8')
+except IOError:
+       import __builtin__
+       __builtin__.__dict__['_'] = unicode
+
+
+random.seed(None)
+
+def error_exit(msg):
+    sys.stderr.write("%s: " % sys.argv[0])
+    sys.stderr.write("%s\n" % msg)
+    sys.stderr.flush()
+    sys.exit(1)
+
+def mount(context):
+    if os.getuid() != 0:
+        usage(_("Mount options require root privileges"))
+    destdir = "/mnt/%s" % context
+    os.mkdir(destdir)
+    rc = os.system('/bin/mount -t tmpfs tmpfs %s' % (destdir))
+    selinux.setfilecon(destdir, context)
+    if rc != 0:
+        sys.exit(rc)
+    os.chdir(destdir)
+
+def umount(dest):
+    os.chdir("/")
+    destdir = "/mnt/%s" % dest
+    os.system('/bin/umount %s' % (destdir))
+    os.rmdir(destdir)
+
+
+def reserve(mcs):
+    sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+    sock.bind("\0%s" % mcs)
+    fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
+
+def gen_context(setype):
+    while True:
+        i1 = random.randrange(0, 1024)
+        i2 = random.randrange(0, 1024)
+        if i1 == i2:
+            continue
+        if i1 > i2:
+            tmp = i1
+            i1 = i2
+            i2 = tmp
+        mcs = "s0:c%d,c%d" % (i1, i2)
+        reserve(mcs)
+        try:
+            reserve(mcs)
+        except:
+            continue
+        break
+    con = selinux.getcon()[1].split(":")
+
+    execcon = "%s:%s:%s:%s" % (con[0], con[1], setype, mcs)
+    
+    filecon = "%s:%s:%s:%s" % (con[0], 
+                               "object_r", 
+                               "%s_file_t" % setype[:-2], 
+                               mcs)
+    return execcon, filecon
+
+
+if __name__ == '__main__':
+    if selinux.is_selinux_enabled() != 1:
+        error_exit("Requires an SELinux enabled system")
+        
+    def usage(message = ""):
+        text = _("""
+sandbox [ -m ] [ -t type ] command
+""")
+        error_exit("%s\n%s" % (message, text))
+
+    setype = "sandbox_t"
+    mount_ind = False
+    try:
+           gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m", 
+                                       ["help",
+                                        "type=", 
+                                        "mount"])
+           for o, a in gopts:
+                  if o == "-t" or o == "--type":
+                         setype = a
+                         
+                  if o == "-m" or o == "--mount":
+                         mount_ind = True
+
+                  if o == "-h" or o == "--help":
+                         usage(_("Usage"));
+            
+           if len(cmds) == 0:
+                  usage(_("Command required"))
+
+           execcon, filecon = gen_context(setype)
+           rc = -1
+           if mount_ind:
+                  mount(filecon)
+
+           if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
+                  for i in  os.environ["PATH"].split(':'):
+                         f = "%s/%s" % (i, cmds[0])
+                         if os.access(f, os.X_OK):
+                                cmds[0] = f
+                                break
+
+           selinux.setexeccon(execcon)
+           rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
+           selinux.setexeccon(None)
+           
+           if mount_ind:
+                  umount(filecon)
+    except getopt.GetoptError, error:
+        usage(_("Options Error %s ") % error.msg)
+    except ValueError, error:
+        error_exit(error.args[0])
+    except KeyError, error:
+        error_exit(_("Invalid value %s") % error.args[0])
+    except IOError, error:
+        error_exit(error.args[1])
+    except OSError, error:
+        error_exit(error.args[1])
+        
+    sys.exit(rc)
+diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/sandbox.8 policycoreutils-2.0.62/scripts/sandbox.8
+--- nsapolicycoreutils/scripts/sandbox.8	1969-12-31 16:00:00.000000000 -0800
+++ policycoreutils-2.0.62/scripts/sandbox.8	2009-07-14 09:08:10.000000000 -0700
+@@ -0,0 +1,22 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
+sandbox \- Run cmd under an SELinux sandbox
+.SH SYNOPSIS
+.B sandbox
+[ -M ] [ -t type ] cmd
+.br
+.SH DESCRIPTION
+.PP
+Run application within a tightly confined SELinux domain,   This application can only read and write stdin and stdout along with files handled to it by the shell.  
+.PP
+.TP
+\fB\-m\fR
+Mount a temporary file system and change working directory to it, files will be removed when job completes.
+.TP
+\fB\-t type\fR
+Use alternate sandbox type, defaults to sandbox_t
+.TP
+.SH "SEE ALSO"
+.TP
+runcon(1)
+.PP
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.62/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.74/gui/booleansPage.py
 --- nsapolicycoreutils/gui/booleansPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/booleansPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/booleansPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,247 @@
 +#
 +# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@ -249,9 +249,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
 +        self.load(self.filter)
 +        return True
 +        
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.62/gui/domainsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.74/gui/domainsPage.py
 --- nsapolicycoreutils/gui/domainsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/domainsPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/domainsPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,154 @@
 +## domainsPage.py - show selinux domains
 +## Copyright (C) 2009 Red Hat, Inc.
@ -407,9 +407,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py polic
 +                
 +        except ValueError, e:
 +            self.error(e.args[0])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.62/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.74/gui/fcontextPage.py
 --- nsapolicycoreutils/gui/fcontextPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/fcontextPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/fcontextPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,223 @@
 +## fcontextPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -634,9 +634,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
 +        self.store.set_value(iter, SPEC_COL, fspec)
 +        self.store.set_value(iter, FTYPE_COL, ftype)
 +        self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.62/gui/html_util.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.74/gui/html_util.py
 --- nsapolicycoreutils/gui/html_util.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/html_util.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/html_util.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,164 @@
 +# Authors: John Dennis <jdennis@redhat.com>
 +#
@ -802,9 +802,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policyc
 +    doc += tail
 +    return doc
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.62/gui/lockdown.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.74/gui/lockdown.glade
 --- nsapolicycoreutils/gui/lockdown.glade	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/lockdown.glade	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/lockdown.glade	2009-09-28 09:13:55.000000000 -0400
@@ -0,0 +1,771 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -1577,9 +1577,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
 +</widget>
 +
 +</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.62/gui/lockdown.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.74/gui/lockdown.gladep
 --- nsapolicycoreutils/gui/lockdown.gladep	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/lockdown.gladep	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/lockdown.gladep	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@ -1588,9 +1588,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep poli
 +  <name></name>
 +  <program_name></program_name>
 +</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.62/gui/lockdown.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.74/gui/lockdown.py
 --- nsapolicycoreutils/gui/lockdown.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/lockdown.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/lockdown.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,382 @@
 +#!/usr/bin/python
 +#
@ -1974,9 +1974,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
 +
 +    app = booleanWindow()
 +    app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.62/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.74/gui/loginsPage.py
 --- nsapolicycoreutils/gui/loginsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/loginsPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/loginsPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,185 @@
 +## loginsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -2163,12 +2163,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
 +        self.store.set_value(iter, 1, seuser)
 +        self.store.set_value(iter, 2, seobject.translate(serange))
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.62/gui/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.74/gui/Makefile
 --- nsapolicycoreutils/gui/Makefile	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/Makefile	2009-02-18 16:52:27.000000000 -0500
-@@ -0,0 +1,38 @@
+++ policycoreutils-2.0.74/gui/Makefile	2009-09-20 21:26:37.000000000 -0400
+@@ -0,0 +1,41 @@
 +# Installation directories.
 +PREFIX ?= ${DESTDIR}/usr
+BINDIR ?= $(PREFIX)/bin
 +SHAREDIR ?= $(PREFIX)/share/system-config-selinux
 +
 +TARGETS= \
@ -2179,7 +2180,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
 +loginsPage.py \
 +mappingsPage.py \
 +modulesPage.py \
-+polgen.py \
 +polgen.glade \
 +portsPage.py \
 +lockdown.glade \
@ -2190,12 +2190,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
 +usersPage.py \
 +selinux.tbl
 +
-+all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py 
+all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py polgen.py 
 +
 +install: all
 +	-mkdir -p $(SHAREDIR)/templates
+	-mkdir -p $(BINDIR)
 +	install -m 755 system-config-selinux.py $(SHAREDIR)
 +	install -m 755 polgengui.py $(SHAREDIR)
+	install -m 755 polgen.py $(SHAREDIR)
+	(cd $(BINDIR); 	ln -fs ../share/system-config-selinux/polgen.py sepolgen)
 +	install -m 755 lockdown.py $(SHAREDIR)
 +	install -m 644 $(TARGETS) $(SHAREDIR)
 +	install -m 644 templates/*.py $(SHAREDIR)/templates/
@ -2205,9 +2208,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
 +indent:
 +
 +relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.62/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.74/gui/mappingsPage.py
 --- nsapolicycoreutils/gui/mappingsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/mappingsPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/mappingsPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,56 @@
 +## mappingsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -2265,9 +2268,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli
 +        for k in keys:
 +            print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.62/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.74/gui/modulesPage.py
 --- nsapolicycoreutils/gui/modulesPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/modulesPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/modulesPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,190 @@
 +## modulesPage.py - show selinux mappings
 +## Copyright (C) 2006-2009 Red Hat, Inc.
@ -2459,9 +2462,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
 +                
 +        except ValueError, e:
 +            self.error(e.args[0])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.62/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.74/gui/polgen.glade
 --- nsapolicycoreutils/gui/polgen.glade	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/polgen.glade	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/polgen.glade	2009-09-28 09:14:14.000000000 -0400
@@ -0,0 +1,3305 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -5768,9 +5771,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
 +</widget>
 +
 +</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.62/gui/polgen.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.74/gui/polgen.gladep
 --- nsapolicycoreutils/gui/polgen.gladep	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/polgen.gladep	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/polgen.gladep	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,7 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@ -5779,10 +5782,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policy
 +  <name></name>
 +  <program_name></program_name>
 +</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.62/gui/polgengui.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.74/gui/polgengui.py
 --- nsapolicycoreutils/gui/polgengui.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/polgengui.py	2009-02-18 16:52:27.000000000 -0500
-@@ -0,0 +1,626 @@
+++ policycoreutils-2.0.74/gui/polgengui.py	2009-09-20 21:26:37.000000000 -0400
+@@ -0,0 +1,627 @@
 +#!/usr/bin/python -E
 +#
 +# polgengui.py - GUI for SELinux Config tool in system-config-selinux
@ -6056,6 +6059,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +            
 +        if self.pages[type][self.current_page] in self.finish_page:
 +            self.generate_policy()
+            self.xml.get_widget ("cancel_button").set_label(gtk.STOCK_CLOSE)
 +        else:
 +            self.current_page = self.current_page + 1
 +            self.notebook.set_current_page(self.pages[type][self.current_page])
@ -6409,10 +6413,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +
 +    app = childWindow()
 +    app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.62/gui/polgen.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.74/gui/polgen.py
 --- nsapolicycoreutils/gui/polgen.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/polgen.py	2009-03-07 12:58:37.000000000 -0500
-@@ -0,0 +1,954 @@
+++ policycoreutils-2.0.74/gui/polgen.py	2009-10-01 11:36:54.000000000 -0400
+@@ -0,0 +1,1188 @@
 +#!/usr/bin/python
 +#
 +# Copyright (C) 2007, 2008, 2009 Red Hat 
@ -6557,6 +6561,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +EUSER = 9
 +RUSER = 10
 +
+poltype={} 
+poltype[DAEMON] = _("Standard Init Daemon")
+poltype[DBUS] = _("DBUS System Daemon")
+poltype[INETD] = _("Internet Services Daemon") 
+poltype[CGI] = _("Web Application/Script (CGI)")
+poltype[USER] = _("User Application")
+poltype[TUSER] = _("Minimal Terminal User Role")
+poltype[XUSER] = _("Minimal X Windows User Role")
+poltype[LUSER] = _("User Role")
+poltype[AUSER] = _("Admin User Role")
+poltype[RUSER] = _("Root Admin User Role")
+
+
 +APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ]
 +USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER]
 +
@ -6594,6 +6611,85 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                ports = seobject.portRecords()
 +                self.ports = ports.get_all()
 +
+                self.symbols = {} 
+                self.symbols["openlog"] = "set_use_kerberos(True)"
+                self.symbols["openlog"] = "set_use_kerb_rcache(True)"
+                self.symbols["openlog"] = "set_use_syslog(True)"
+                self.symbols["krb"] = "set_use_kerberos(True)"
+                self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
+                self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
+                self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)"
+                self.symbols["__syslog_chk"] = "set_use_syslog(True)"
+                self.symbols["getpwnam"] = "set_use_uid(True)"
+                self.symbols["getpwuid"] = "set_use_uid(True)"
+                self.symbols["dbus_"] = "set_use_dbus(True)"
+                self.symbols["pam_"] = "set_use_pam(True)"
+                self.symbols["pam_"] = "set_use_audit(True)"
+
+                self.symbols["fork"] = "add_process('fork')"
+                self.symbols["transition"] = "add_process('transition')"
+                self.symbols["sigchld"] = "add_process('sigchld')"
+                self.symbols["sigkill"] = "add_process('sigkill')"
+                self.symbols["sigstop"] = "add_process('sigstop')"
+                self.symbols["signull"] = "add_process('signull')"
+                self.symbols["signal"] = "add_process('signal')"
+                self.symbols["ptrace"] = "add_process('ptrace')"
+                self.symbols["getsched"] = "add_process('getsched')"
+                self.symbols["setsched"] = "add_process('setsched')"
+                self.symbols["getsession"] = "add_process('getsession')"
+                self.symbols["getpgid"] = "add_process('getpgid')"
+                self.symbols["setpgid"] = "add_process('setpgid')"
+                self.symbols["getcap"] = "add_process('getcap')"
+                self.symbols["setcap"] = "add_process('setcap')"
+                self.symbols["share"] = "add_process('share')"
+                self.symbols["getattr"] = "add_process('getattr')"
+                self.symbols["setexec"] = "add_process('setexec')"
+                self.symbols["setfscreate"] = "add_process('setfscreate')"
+                self.symbols["noatsecure"] = "add_process('noatsecure')"
+                self.symbols["siginh"] = "add_process('siginh')"
+                self.symbols["setrlimit"] = "add_process('setrlimit')"
+                self.symbols["rlimitinh"] = "add_process('rlimitinh')"
+                self.symbols["dyntransition"] = "add_process('dyntransition')"
+                self.symbols["setcurrent"] = "add_process('setcurrent')"
+                self.symbols["execmem"] = "add_process('execmem')"
+                self.symbols["execstack"] = "add_process('execstack')"
+                self.symbols["execheap"] = "add_process('execheap')"
+                self.symbols["setkeycreate"] = "add_process('setkeycreate')"
+                self.symbols["setsockcreate"] = "add_process('setsockcreate')"
+
+                self.symbols["chown"] = "add_capability('chown')"
+                self.symbols["dac_override"] = "add_capability('dac_override')"
+                self.symbols["dac_read_search"] = "add_capability('dac_read_search')"
+                self.symbols["fowner"] = "add_capability('fowner')"
+                self.symbols["fsetid"] = "add_capability('fsetid')"
+                self.symbols["kill"] = "add_capability('kill')"
+                self.symbols["setgid"] = "add_capability('setgid')"
+                self.symbols["setuid"] = "add_capability('setuid')"
+                self.symbols["setpcap"] = "add_capability('setpcap')"
+                self.symbols["linux_immutable"] = "add_capability('linux_immutable')"
+                self.symbols["net_bind_service"] = "add_capability('net_bind_service')"
+                self.symbols["net_broadcast"] = "add_capability('net_broadcast')"
+                self.symbols["net_admin"] = "add_capability('net_admin')"
+                self.symbols["net_raw"] = "add_capability('net_raw')"
+                self.symbols["ipc_lock"] = "add_capability('ipc_lock')"
+                self.symbols["ipc_owner"] = "add_capability('ipc_owner')"
+                self.symbols["sys_module"] = "add_capability('sys_module')"
+                self.symbols["sys_rawio"] = "add_capability('sys_rawio')"
+                self.symbols["sys_chroot"] = "add_capability('sys_chroot')"
+                self.symbols["sys_ptrace"] = "add_capability('sys_ptrace')"
+                self.symbols["sys_pacct"] = "add_capability('sys_pacct')"
+                self.symbols["sys_admin"] = "add_capability('sys_admin')"
+                self.symbols["sys_boot"] = "add_capability('sys_boot')"
+                self.symbols["sys_nice"] = "add_capability('sys_nice')"
+                self.symbols["sys_resource"] = "add_capability('sys_resource')"
+                self.symbols["sys_time"] = "add_capability('sys_time')"
+                self.symbols["sys_tty_config"] = "add_capability('sys_tty_config')"
+                self.symbols["mknod"] = "add_capability('mknod')"
+                self.symbols["lease"] = "add_capability('lease')"
+                self.symbols["audit_write"] = "add_capability('audit_write')"
+                self.symbols["audit_control"] = "add_capability('audit_control')"
+                self.symbols["setfcap"] = "add_capability('setfcap')"
+                
 +		self.DEFAULT_DIRS = {}
 +		self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
 +		self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
@ -6623,6 +6719,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +			self.name = name
 +		self.file_name = name
 +
+                self.capabilities = []
+                self.processes = []
 +		self.type = type
 +		self.initscript = ""
 +                self.program = ""
@ -6633,6 +6731,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +		self.use_tmp = False
 +		self.use_uid = False
 +		self.use_syslog = False
+		self.use_kerberos = False
+		self.manage_krb5_rcache = False
 +		self.use_pam = False
 +		self.use_dbus = False
 +		self.use_audit = False
@ -6647,6 +6747,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                self.need_udp_type=False
 +		self.admin_domains = []
 +		self.transition_domains = []
+		self.transition_users = []
 +                self.roles = []
 +                self.all_roles = get_all_roles()
 +
@ -6686,10 +6787,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +        def use_network(self):
 +            return self.use_tcp() or self.use_udp()
 +        
-+        def find_port(self, port):
-+            for begin,end in self.ports.keys():
-+                if port >= begin and port <= end:
-+                    return self.ports[begin,end]
+        def find_port(self, port, protocol="tcp"):
+            for begin,end,p in self.ports.keys():
+                if port >= begin and port <= end and protocol == p:
+                    return self.ports[begin,end, protocol]
 +            return  None
 +
 +	def set_program(self, program):
@ -6722,6 +6823,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +            
 +		self.use_syslog = val
 +		
+	def set_use_kerberos(self, val):
+		if val != True and val != False:
+			raise  ValueError(_("use_kerberos must be a boolean value "))
+            
+		self.use_kerberos = val
+		
+	def set_manage_krb5_rcache(self, val):
+		if val != True and val != False:
+			raise  ValueError(_("manage_krb5_rcache must be a boolean value "))
+            
+		self.manage_krb5_rcache = val
+		
 +	def set_use_pam(self, val):
 +		self.use_pam = val == True
 +		
@ -6761,6 +6874,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                else:
 +                    return ""
 +
+	def generate_kerberos_rules(self):
+                if self.use_kerberos:
+                    return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
+                else:
+                    return ""
+
+	def generate_manage_krb5_rcache_rules(self):
+                if self.manage_krb5_rcache:
+                    return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules)
+                else:
+                    return ""
+
 +	def generate_pam_rules(self):
 +                newte =""
 +                if self.use_pam:
@ -6801,7 +6926,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                
 +	def generate_network_types(self):
 +            for i in self.in_tcp[PORTS]:
-+                    rec = self.find_port(int(i))
+                rec = self.find_port(int(i), "tcp")
 +                if rec == None:
 +                    self.need_tcp_type = True;
 +                else:
@ -6812,7 +6937,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                        self.found_tcp_ports.append(line)
 +
 +            for i in self.out_tcp[PORTS]:
-+                    rec = self.find_port(int(i))
+                rec = self.find_port(int(i), "tcp")
 +                if rec == None:
 +                    self.need_tcp_type = True;
 +                else:
@ -6823,7 +6948,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                        self.found_tcp_ports.append(line)
 +                        
 +            for i in self.in_udp[PORTS]:
-+                    rec = self.find_port(int(i))
+                rec = self.find_port(int(i),"udp")
 +                if rec == None:
 +                    self.need_udp_type = True;
 +                else:
@ -6845,6 +6970,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +            self.DEFAULT_DIRS["rw"][1].append(file)
 +            return self.DEFAULT_DIRS["rw"]
 +	
+	def add_capability(self, capability):
+            self.capabilities.append(capability)
+
+	def add_process(self, process):
+            self.processes.append(process)
+
 +	def add_boolean(self, name, description):
 +                self.booleans[name] = description
 +
@ -6854,6 +6985,21 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +	def add_dir(self, file):
 +		self.dirs[file] = self.__find_path(file)
 +		
+	def generate_capabilities(self):
+            newte = ""
+            self.capabilities.sort()
+            if len(self.capabilities) > 0:
+                newte = "allow %s_t self:capability { %s };\n" % (self.name, " ".join(self.capabilities))
+            return newte
+
+	def generate_process(self):
+            newte = ""
+            self.processes.sort()
+            if len(self.processes) > 0:
+                newte = "allow %s_t self:process { %s };\n" % (self.name, " ".join(self.processes))
+            return newte
+
+
 +	def generate_network_rules(self):
 +		newte = ""
 +		if self.use_network():
@ -7111,6 +7257,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +				if self.type != CGI or d != "rw":
 +					newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
 +
+                newte +="""
+########################################
+#
+# %s local policy
+#
+
+""" % self.name
+                newte += self.generate_capabilities()
+                newte += self.generate_process()
 +		newte += self.generate_network_types()
 +		newte += self.generate_tmp_types()
 +		newte += self.generate_booleans()
@ -7136,6 +7291,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                newte += self.generate_roles_rules()
 +                newte += self.generate_transition_rules()
 +                newte += self.generate_admin_rules()
+		newte += self.generate_kerberos_rules()		
+		newte += self.generate_manage_krb5_rcache_rules()		
 +		return newte
 +		
 +	def generate_fc(self):
@ -7203,12 +7360,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +			newsh += re.sub("FILENAME", i, script.restorecon)
 +
 +                for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
-+                    if self.find_port(i) == None:
+                    if self.find_port(i,"tcp") == None:
 +                        t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
 +                        newsh += re.sub("TEMPLATETYPE", self.name, t1)
 +
 +                for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
-+                    if self.find_port(i) == None:
+                    if self.find_port(i,"udp") == None:
 +			t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
 +			newsh += re.sub("TEMPLATETYPE", self.name, t1)
 +
@ -7272,8 +7429,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +	sys.stderr.flush()
 +	sys.exit(1)
 +
-+
-+if __name__ == '__main__':
+def test():
 +    mypolicy = policy("mycgi", CGI)
 +    mypolicy.set_program("/var/www/cgi-bin/cgi")
 +    mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
@ -7364,12 +7520,94 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +    mypolicy.set_admin_domains(["postgresql", "mysql"])
 +    print mypolicy.generate("/var/tmp")
 +    
+
+import os, sys, getopt, socket, random, fcntl
+    
+def gen_writeable(cmd):
+    fd = os.popen("rpm -qlf %s" % cmd)
+    rec = fd.read().split()
+    fd.close()
+    return rec
+
+def gen_symbols(cmd):
+    fd = os.popen("nm -D %s | grep U" % cmd)
+    rec = fd.read().split()
+    fd.close()
+    return rec
+
+def usage(msg):
+    print _("""
+%s
+
+polgen [ -m ] [ -t type ] executable
+valid Types:
+""") % msg
+    keys=poltype.keys()
+    for i in keys:
+        print "\t%s\t%s" % (i, poltype[i])
+    sys.exit(-1)
+        
+if __name__ == '__main__':
+    setype = DAEMON
+    gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m", 
+                                ["type=", 
+                                 "mount",
+                                 "test",
+                                 "help"])
+    for o, a in gopts:
+        if o == "-t" or o == "--type":
+            try:
+                if int(a) not in poltype:
+                    usage ("invalid type %s" % a )
+            except:
+                usage ("invalid type %s" % a )
+
+            setype = int(a)
+
+        if o == "-m" or o == "--mount":
+            mount_ind = True
+                
+        if o == "-h" or o == "--help":
+            usage("")
+
+        if o == "--test":
+            test()
 +            sys.exit(0)
 +            
+    if len(cmds) == 0:
+           usage(_("Executable required"))
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.62/gui/portsPage.py
+    name = os.path.basename(cmds[0]).replace("-","_")
+    cmd = cmds[0]
+    mypolicy = policy(name, setype)
+    mypolicy.set_program(cmd)
+    for f in gen_writeable(cmd):
+        for b in mypolicy.DEFAULT_DIRS:
+            if b == "/etc":
+                continue
+            if f.startswith(b):
+                if os.path.isfile(f):
+                    mypolicy.add_file(f)
+                else:
+                    mypolicy.add_dir(f)
+
+    if os.path.isfile("/var/run/%s.pid"  % name):
+        mypolicy.add_file("/var/run/%s.pid"  % name)
+
+    if os.path.isfile("/etc/rc.d/init.d/%s"  % name):
+        mypolicy.set_init_script("/etc/rc\.d/init\.d/%s"  % name)
+
+    symbols = gen_symbols(cmd)
+    for s in symbols:
+        for b in mypolicy.symbols:
+            if s.startswith(b):
+                exec "mypolicy.%s" %  mypolicy.symbols[b]
+        
+    print mypolicy.generate()
+    sys.exit(0)
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.74/gui/portsPage.py
 --- nsapolicycoreutils/gui/portsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/portsPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/portsPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,259 @@
 +## portsPage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -7497,17 +7735,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
 +        keys.sort()
 +        self.store.clear()
 +        for k in keys:
-+            if not (self.match(str(k[0]), filter) or self.match(dict[k][0], filter) or self.match(dict[k][1], filter) or self.match(dict[k][2], filter)):
+            if not (self.match(str(k[0]), filter) or self.match(dict[k][0], filter) or self.match(k[2], filter) or self.match(dict[k][1], filter) or self.match(dict[k][1], filter)):
 +                continue
 +            iter = self.store.append()
 +            if k[0] == k[1]:
 +                self.store.set_value(iter, PORT_COL, k[0])
 +            else:
-+                rec = "%s-%s" % k
+                rec = "%s-%s" % k[:2]
 +                self.store.set_value(iter, PORT_COL, rec)
 +            self.store.set_value(iter, TYPE_COL, dict[k][0])
-+            self.store.set_value(iter, PROTOCOL_COL, dict[k][1])
-+            self.store.set_value(iter, MLS_COL, dict[k][2])
+            self.store.set_value(iter, PROTOCOL_COL, k[2])
+            self.store.set_value(iter, MLS_COL, dict[k][1])
 +        self.view.get_selection().select_path ((0,))
 +    
 +    def group_load(self, filter = ""):
@ -7630,9 +7868,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
 +
 +        return True
 +        
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.62/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.74/gui/selinux.tbl
 --- nsapolicycoreutils/gui/selinux.tbl	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/selinux.tbl	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/selinux.tbl	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,234 @@
 +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
 +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@ -7868,9 +8106,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
 +webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
 +webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.62/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.74/gui/semanagePage.py
 --- nsapolicycoreutils/gui/semanagePage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/semanagePage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/semanagePage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,168 @@
 +## semanagePage.py - show selinux mappings
 +## Copyright (C) 2006 Red Hat, Inc.
@ -8040,9 +8278,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
 +        self.load(self.filter)
 +        return True
 +        
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.62/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.74/gui/statusPage.py
 --- nsapolicycoreutils/gui/statusPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/statusPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/statusPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,190 @@
 +# statusPage.py - show selinux status
 +## Copyright (C) 2006-2009 Red Hat, Inc.
@ -8234,9 +8472,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
 +        return self.types[self.selinuxTypeOptionMenu.get_active()]
 +
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.62/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.74/gui/system-config-selinux.glade
 --- nsapolicycoreutils/gui/system-config-selinux.glade	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/system-config-selinux.glade	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/system-config-selinux.glade	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,3403 @@
 +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
 +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@ -11641,9 +11879,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
 +</widget>
 +
 +</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.62/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.74/gui/system-config-selinux.py
 --- nsapolicycoreutils/gui/system-config-selinux.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/system-config-selinux.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/system-config-selinux.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,189 @@
 +#!/usr/bin/python
 +#
@ -11834,9 +12072,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
 +
 +    app = childWindow()
 +    app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.62/gui/templates/boolean.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.74/gui/templates/boolean.py
 --- nsapolicycoreutils/gui/templates/boolean.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/boolean.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/boolean.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,40 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -11878,9 +12116,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py
 +')
 +"""
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.62/gui/templates/etc_rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.74/gui/templates/etc_rw.py
 --- nsapolicycoreutils/gui/templates/etc_rw.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/etc_rw.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/etc_rw.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,129 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -11911,8 +12149,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
 +files_type(TEMPLATETYPE_etc_rw_t)
 +"""
 +te_rules="""
-+allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:file manage_file_perms;
-+allow TEMPLATETYPE_t TEMPLATETYPE_etc_rw_t:dir manage_dir_perms;
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
 +files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { file dir })
 +"""
 +
@ -12011,9 +12249,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
 +fc_dir="""\
 +FILENAME(/.*)?			gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
 +"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.62/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.74/gui/templates/executable.py
 --- nsapolicycoreutils/gui/templates/executable.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/executable.py	2009-03-07 12:58:20.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/executable.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,368 @@
 +# Copyright (C) 2007-2009 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -12054,7 +12292,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +
 +te_initscript_types="""
 +type TEMPLATETYPE_initrc_exec_t;
-+init_script_type(TEMPLATETYPE_initrc_exec_t)
+init_script_file(TEMPLATETYPE_initrc_exec_t)
 +"""
 +
 +te_dbusd_types="""\
@ -12117,11 +12355,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +"""
 +
 +te_daemon_rules="""
-+########################################
-+#
-+# TEMPLATETYPE local policy
-+#
-+
 +# Init script handling
 +domain_use_interactive_fds(TEMPLATETYPE_t)
 +
@ -12132,7 +12365,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +files_read_etc_files(TEMPLATETYPE_t)
 +
 +miscfiles_read_localization(TEMPLATETYPE_t)
-+
 +"""
 +
 +te_inetd_rules="""
@ -12157,7 +12389,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +libs_use_shared_libs(TEMPLATETYPE_t)
 +
 +miscfiles_read_localization(TEMPLATETYPE_t)
-+
 +"""
 +
 +te_cgi_rules="""
@ -12186,6 +12417,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +')
 +"""
 +
+te_kerberos_rules="""
+optional_policy(`
+	kerberos_use(TEMPLATETYPE_t)
+')
+"""
+
+te_manage_krb5_rcache_rules="""
+optional_policy(`
+        kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
+        kerberos_manage_host_rcache(TEMPLATETYPE_t)
+')
+"""
+
 +te_audit_rules="""
 +logging_send_audit_msgs(TEMPLATETYPE_t)
 +"""
@ -12217,8 +12461,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +#
 +interface(`TEMPLATETYPE_domtrans',`
 +	gen_require(`
-+		type TEMPLATETYPE_t;
-+                type TEMPLATETYPE_exec_t;
+		type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
 +	')
 +
 +	domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
@ -12337,12 +12580,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +## </param>
 +## <param name="role">
 +##	<summary>
-+##	The role to be allowed to manage the TEMPLATETYPE domain.
-+##	</summary>
-+## </param>
-+## <param name="terminal">
-+##	<summary>
-+##	The type of the user terminal.
+##	Role allowed access.
 +##	</summary>
 +## </param>
 +## <rolecap/>
@ -12383,9 +12621,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
 +EXECUTABLE	--	gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
 +"""
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.62/gui/templates/__init__.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.74/gui/templates/__init__.py
 --- nsapolicycoreutils/gui/templates/__init__.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/__init__.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/__init__.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,18 @@
 +#
 +# Copyright (C) 2007 Red Hat, Inc.
@ -12405,9 +12643,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
 +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 +#
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.62/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.74/gui/templates/network.py
 --- nsapolicycoreutils/gui/templates/network.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/network.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/network.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,80 @@
 +te_port_types="""
 +type TEMPLATETYPE_port_t;
@ -12489,10 +12727,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
 +corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
 +"""
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.62/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.74/gui/templates/rw.py
 --- nsapolicycoreutils/gui/templates/rw.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/rw.py	2009-02-18 16:52:27.000000000 -0500
-@@ -0,0 +1,128 @@
+++ policycoreutils-2.0.74/gui/templates/rw.py	2009-10-01 12:03:05.000000000 -0400
+@@ -0,0 +1,127 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
 +#
@ -12522,8 +12760,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
 +"""
 +
 +te_rules="""
-+allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:file manage_file_perms;
-+allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:dir create_dir_perms;
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
 +"""
 +
 +########################### Interface File #############################
@ -12583,8 +12821,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
 +		type TEMPLATETYPE_rw_t;
 +	')
 +
-+	allow $1 TEMPLATETYPE_rw_t:file manage_file_perms;
-+	allow $1 TEMPLATETYPE_rw_t:dir rw_dir_perms;
+         manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
 +')
 +
 +########################################
@ -12621,9 +12858,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
 +fc_dir="""
 +FILENAME(/.*)?			gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
 +"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.62/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.74/gui/templates/script.py
 --- nsapolicycoreutils/gui/templates/script.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/script.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/script.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,99 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -12649,7 +12886,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
 +
 +########################### tmp Template File #############################
 +compile="""\
-+#!/bin/sh
+#!/bin/sh -e
 +
 +DIRNAME=`dirname $0`
 +cd $DIRNAME
@ -12724,9 +12961,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
 +# Adding roles to SELinux user USER
 +/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
 +"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.62/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.74/gui/templates/semodule.py
 --- nsapolicycoreutils/gui/templates/semodule.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/semodule.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/semodule.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,41 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -12769,9 +13006,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
 +semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
 +"""
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.62/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.74/gui/templates/tmp.py
 --- nsapolicycoreutils/gui/templates/tmp.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/tmp.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/tmp.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,97 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -12802,8 +13039,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
 +"""
 +
 +te_rules="""
-+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:file manage_file_perms;
-+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:dir create_dir_perms;
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
 +files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { file dir })
 +"""
 +
@ -12870,9 +13107,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
 +	TEMPLATETYPE_manage_tmp($1)
 +"""
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.62/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.74/gui/templates/user.py
 --- nsapolicycoreutils/gui/templates/user.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/user.py	2009-03-07 12:58:11.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/user.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,182 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -13056,9 +13293,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
 +te_newrole_rules="""
 +seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
 +"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.62/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.74/gui/templates/var_lib.py
 --- nsapolicycoreutils/gui/templates/var_lib.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/var_lib.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/var_lib.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,158 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -13218,9 +13455,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
 +fc_dir="""\
 +FILENAME(/.*)?			gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
 +"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.62/gui/templates/var_log.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.74/gui/templates/var_log.py
 --- nsapolicycoreutils/gui/templates/var_log.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/var_log.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/var_log.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,110 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -13332,9 +13569,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
 +fc_dir="""\
 +FILENAME(/.*)?			gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
 +"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.62/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.74/gui/templates/var_run.py
 --- nsapolicycoreutils/gui/templates/var_run.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/var_run.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/var_run.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,118 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -13454,9 +13691,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
 +FILENAME(/.*)?			gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
 +"""
 +
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.62/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.74/gui/templates/var_spool.py
 --- nsapolicycoreutils/gui/templates/var_spool.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/templates/var_spool.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/templates/var_spool.py	2009-10-01 12:03:05.000000000 -0400
@@ -0,0 +1,129 @@
 +# Copyright (C) 2007 Red Hat 
 +# see file 'COPYING' for use and warranty information
@ -13487,9 +13724,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
 +files_type(TEMPLATETYPE_spool_t)
 +"""
 +te_rules="""
-+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:dir manage_dir_perms;
-+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:file manage_file_perms;
-+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:sock_file manage_sock_file_perms;
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
 +files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { file dir sock_file })
 +"""
 +
@ -13587,9 +13824,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
 +fc_dir="""\
 +FILENAME(/.*)?			gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
 +"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.62/gui/translationsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.74/gui/translationsPage.py
 --- nsapolicycoreutils/gui/translationsPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/translationsPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/translationsPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,118 @@
 +## translationsPage.py - show selinux translations
 +## Copyright (C) 2006 Red Hat, Inc.
@ -13709,9 +13946,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py
 +        store, iter = self.view.get_selection().get_selected()
 +        self.store.set_value(iter, 0, level)
 +        self.store.set_value(iter, 1, translation)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.62/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.74/gui/usersPage.py
 --- nsapolicycoreutils/gui/usersPage.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/gui/usersPage.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.74/gui/usersPage.py	2009-09-20 21:26:37.000000000 -0400
@@ -0,0 +1,150 @@
 +## usersPage.py - show selinux mappings
 +## Copyright (C) 2006,2007,2008 Red Hat, Inc.
--- a/policycoreutils-po.patch
+++ b/policycoreutils-po.patch
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@ -1,6 +1,17 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debugfiles.list policycoreutils-2.0.62/debugfiles.list
--- nsapolicycoreutils/debugfiles.list	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/debugfiles.list	2009-04-03 14:13:23.000000000 -0400
+diff -up policycoreutils-2.0.62/audit2allow/audit2allow.rhat policycoreutils-2.0.62/audit2allow/audit2allow
+--- policycoreutils-2.0.62/audit2allow/audit2allow.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/audit2allow/audit2allow	2009-05-05 10:49:02.000000000 -0400
+@@ -126,6 +126,7 @@ class AuditToPolicy:
+         elif self.__options.audit:
+             try:
+                 messages = audit.get_audit_msgs()
+                messages += audit.get_log_msgs()
+             except OSError, e:
+                 sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
+                 sys.exit(1)
+diff -up /dev/null policycoreutils-2.0.62/debugfiles.list
+--- /dev/null	2009-05-04 15:46:32.150257971 -0400
+++ policycoreutils-2.0.62/debugfiles.list	2009-05-05 10:49:02.000000000 -0400
@@ -0,0 +1,64 @@
 +%dir /usr/lib/debug
 +%dir /usr/lib/debug/sbin
@ -66,9 +77,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +/usr/lib/debug/usr/bin/semodule_expand.debug
 +/usr/lib/debug/usr/bin/secon.debug
 +/usr/src/debug/policycoreutils-2.0.62
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/debuglinks.list policycoreutils-2.0.62/debuglinks.list
--- nsapolicycoreutils/debuglinks.list	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.62/debuglinks.list	2009-04-03 14:13:23.000000000 -0400
+diff -up /dev/null policycoreutils-2.0.62/debuglinks.list
+--- /dev/null	2009-05-04 15:46:32.150257971 -0400
+++ policycoreutils-2.0.62/debuglinks.list	2009-05-05 10:49:02.000000000 -0400
@@ -0,0 +1,29 @@
 +/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7 /sbin/setfiles
 +/usr/lib/debug/.build-id/f4/3cc2016abf9b6152b720b604ffc7b05ada92b7.debug /usr/lib/debug/sbin/setfiles.debug
@ -99,19 +110,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665 /usr/bin/semodule_deps
 +/usr/lib/debug/.build-id/9d/511790c5b6141b50c55b8fe8bc032d84827665.debug /usr/lib/debug/usr/bin/semodule_deps.debug
 +/usr/lib/debug/sbin/restorecon.debug /usr/lib/debug/sbin/setfiles.debug
-Binary files nsapolicycoreutils/debugsources.list and policycoreutils-2.0.62/debugsources.list differ
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.62/Makefile
--- nsapolicycoreutils/Makefile	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/Makefile	2009-04-03 14:12:56.000000000 -0400
+diff -up policycoreutils-2.0.62/Makefile.rhat policycoreutils-2.0.62/Makefile
+--- policycoreutils-2.0.62/Makefile.rhat	2009-02-18 16:45:00.000000000 -0500
+++ policycoreutils-2.0.62/Makefile	2009-05-05 10:49:02.000000000 -0400
@@ -1,4 +1,4 @@
 -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
 
 INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
 
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.62/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf	2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.62/restorecond/restorecond.conf	2009-04-03 14:12:56.000000000 -0400
+diff -up policycoreutils-2.0.62/restorecond/restorecond.conf.rhat policycoreutils-2.0.62/restorecond/restorecond.conf
+--- policycoreutils-2.0.62/restorecond/restorecond.conf.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/restorecond/restorecond.conf	2009-05-05 10:49:02.000000000 -0400
@@ -5,3 +5,7 @@
 /var/run/utmp
 /var/log/wtmp
@ -120,10 +130,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +/root/.ssh/*
 +
 +
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.62/scripts/chcat
--- nsapolicycoreutils/scripts/chcat	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.62/scripts/chcat	2009-04-09 12:28:34.000000000 -0400
-@@ -281,14 +281,14 @@
+diff -up policycoreutils-2.0.62/scripts/chcat.rhat policycoreutils-2.0.62/scripts/chcat
+--- policycoreutils-2.0.62/scripts/chcat.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/scripts/chcat	2009-05-05 10:49:02.000000000 -0400
+@@ -281,14 +281,14 @@ def isSensitivity(sensitivity):
 def expandCats(cats):
     newcats = []
     for c in cats:
@ -146,10 +156,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if i not in newcats:
                     newcats.append(i)
     if len(newcats) > 25:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.62/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles	2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.62/scripts/fixfiles	2009-04-03 14:12:56.000000000 -0400
-@@ -122,7 +122,7 @@
+diff -up policycoreutils-2.0.62/scripts/fixfiles.rhat policycoreutils-2.0.62/scripts/fixfiles
+--- policycoreutils-2.0.62/scripts/fixfiles.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/scripts/fixfiles	2009-05-05 10:49:24.000000000 -0400
+@@ -89,7 +89,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; 
+                fi; \
+             done | \
+ 	while read pattern ; do sh -c "find $pattern \
+-		      ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev  -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune  -o \
+		      ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev  -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune  -o \
+ 		      \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
+ 		      done 2> /dev/null | \
+ 	 ${RESTORECON} $* -0 -f - 
+@@ -122,14 +122,14 @@ if [ ! -z "$PREFC" ]; then
 fi
 if [ ! -z "$RPMFILES" ]; then
     for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
@ -158,10 +177,37 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
     done
     exit $?
 fi
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.62/semanage/semanage
--- nsapolicycoreutils/semanage/semanage	2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.62/semanage/semanage	2009-04-08 21:39:50.000000000 -0400
-@@ -50,7 +50,7 @@
+ if [ ! -z "$FILEPATH" ]; then
+     if [ -x /usr/bin/find ]; then
+ 	/usr/bin/find "$FILEPATH" \
+-	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs \) -prune  -o -print0 | \
+	    ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o fstype btrfs \) -prune  -o -print0 | \
+ 	    ${RESTORECON} ${OUTFILES} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+     else
+ 	${RESTORECON} ${OUTFILES} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+diff -up policycoreutils-2.0.62/semanage/semanage.8.rhat policycoreutils-2.0.62/semanage/semanage.8
+--- policycoreutils-2.0.62/semanage/semanage.8.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/semanage/semanage.8	2009-05-05 10:49:02.000000000 -0400
+@@ -21,6 +21,8 @@ semanage \- SELinux Policy Management to
+ .br
+ .B semanage permissive \-{a|d} type
+ .br
+.B semanage module \-{a|d} policy_package
+.br
+ .B semanage translation \-{a|d|m} [\-T] level
+ .P
+ 
+diff -up policycoreutils-2.0.62/semanage/semanage.rhat policycoreutils-2.0.62/semanage/semanage
+--- policycoreutils-2.0.62/semanage/semanage.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/semanage/semanage	2009-05-05 10:49:02.000000000 -0400
+@@ -44,16 +44,17 @@ if __name__ == '__main__':
+                text = _("""
+ semanage [ -S store ] -i [ input_file | - ]
+ 
+-semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
+semanage {module,boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n]
+ semanage login -{a|d|m} [-sr] login_name | %groupname
+ semanage user -{a|d|m} [-LrRP] selinux_name
 semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
 semanage interface -{a|d|m} [-tr] interface_spec
 semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
@ -169,8 +215,21 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
 semanage translation -{a|d|m} [-T] level
 semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
- semanage permissive -{d|a} type
-@@ -84,6 +84,7 @@
+-semanage permissive -{d|a} type
+semanage permissive -{a|d} type
+semanage module -{a|d|} module
+ 
+ Primary Options:
+ 
+@@ -68,6 +69,7 @@ Primary Options:
+ 	-h, --help       Display this message
+ 	-n, --noheading  Do not print heading when listing OBJECTS
+         -S, --store      Select and alternate SELinux store to manage
+        --dontaudit      Turn on or off dontaudit rules
+ 
+ Object-specific Options (see above):
+ 
+@@ -84,6 +86,7 @@ Object-specific Options (see above):
         -F, --file       Treat target as an input file for command, change multiple settings
 	-p, --proto      Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
 	-M, --mask       Netmask
@ -178,7 +237,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 	-P, --prefix     Prefix for home directory labeling
 	-L, --level      Default SELinux Level (MLS/MCS Systems only)
 	-R, --roles      SELinux Roles (ex: "sysadm_r staff_r")
-@@ -115,7 +116,7 @@
+@@ -115,11 +118,14 @@ Object-specific Options (see above):
 		valid_option["node"] = []
 		valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
 		valid_option["fcontext"] = []
@ -187,15 +246,25 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		valid_option["translation"] = []
 		valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] 
 		valid_option["boolean"] = []
-@@ -192,6 +193,7 @@
+ 		valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"] 
+		valid_option["module"] = []
+		valid_option["module"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '--dontaudit']
+
+ 		valid_option["permissive"] = []
+ 		valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
+ 		return valid_option
+@@ -192,7 +198,10 @@ Object-specific Options (see above):
 		locallist = False
 		use_file = False
                 store = ""
 +                equil=""
 			
+                dontaudit = ""
+
 		object = argv[0]
 		option_dict=get_options()
-@@ -201,10 +203,11 @@
+ 		if object not in option_dict.keys():
+@@ -201,10 +210,12 @@ Object-specific Options (see above):
 		args = argv[1:]
 
 		gopts, cmds = getopt.getopt(args,
@ -204,21 +273,69 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 					    ['add',
 					     'delete',
 					     'deleteall',
+					     'dontaudit=',
 +					     'equil=',
 					     'ftype=',
 					     'file',
 					     'help',
-@@ -248,6 +251,9 @@
+@@ -241,16 +252,24 @@ Object-specific Options (see above):
+ 				if modify or add:
+                                        raise ValueError(_("%s bad option") % o)
+ 				delete = True
+
+ 			if o == "-D"  or o == "--deleteall":
+ 				if modify:
+                                        raise ValueError(_("%s bad option") % o)
+ 				deleteall = True
+
 			if o == "-f"  or o == "--ftype":
- 				ftype=a
- 
+-				ftype=a
+				ftype = a
+
 +			if o == "-e"  or o == "--equil":
 +				equil = a
-+
+ 
 			if o == "-F"  or o == "--file":
 				use_file = True
 
-@@ -366,7 +372,10 @@
+			if o == "--dontaudit":
+                                dontaudit = a
+
+ 			if o == "-h" or o == "--help":
+                                raise ValueError(_("%s bad option") % o)
+ 
+@@ -323,6 +342,9 @@ Object-specific Options (see above):
+ 		
+ 		if object == "boolean":
+ 			OBJECT = seobject.booleanRecords(store)
+
+		if object == "module":
+			OBJECT = seobject.moduleRecords(store)
+ 		
+ 		if object == "translation":
+ 			OBJECT = seobject.setransRecords()
+@@ -341,6 +363,13 @@ Object-specific Options (see above):
+ 			OBJECT.deleteall()
+                         return
+ 			
+		if dontaudit != "":
+			if object == "module":
+                               OBJECT.dontaudit(dontaudit)
+                        else:
+                               raise ValueError(_("%s bad option") % o)
+                        return
+
+ 		if len(cmds) != 1:
+                        raise ValueError(_("%s bad option") % o)
+                         
+@@ -362,11 +391,17 @@ Object-specific Options (see above):
+ 			if object == "interface":
+ 				OBJECT.add(target, serange, setype)
+ 
+			if object == "module":
+				OBJECT.add(target)
+
+ 			if object == "node":
 				OBJECT.add(target, mask, proto, serange, setype)
 
 			if object == "fcontext":
@ -230,7 +347,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			if object == "permissive":
 				OBJECT.add(target)
 
-@@ -396,7 +405,10 @@
+@@ -386,6 +421,9 @@ Object-specific Options (see above):
+ 				rlist = roles.split()
+ 				OBJECT.modify(target, rlist, selevel, serange, prefix)
+ 
+			if object == "module":
+				OBJECT.modify(target)
+
+ 			if object == "port":
+ 				OBJECT.modify(target, proto, serange, setype)
+ 
+@@ -396,7 +434,10 @@ Object-specific Options (see above):
 				OBJECT.modify(target, mask, proto, serange, setype)
 
 			if object == "fcontext":
@ -242,7 +369,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
                         return
 
-@@ -405,7 +417,7 @@
+@@ -405,7 +446,7 @@ Object-specific Options (see above):
 				OBJECT.delete(target, proto)
 
 			elif object == "fcontext":
@ -251,7 +378,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 			elif object == "node":
 				OBJECT.delete(target, mask, proto)
-@@ -464,10 +476,10 @@
+@@ -464,10 +505,10 @@ Object-specific Options (see above):
                       else:
                              fd = open(input, 'r')
                       trans = seobject.semanageRecords(store)
@ -264,9 +391,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                else:
                       process_args(sys.argv[1:])
 			
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.62/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py	2008-11-14 17:10:15.000000000 -0500
-+++ policycoreutils-2.0.62/semanage/seobject.py	2009-04-11 08:13:02.000000000 -0400
+diff -up policycoreutils-2.0.62/semanage/seobject.py.rhat policycoreutils-2.0.62/semanage/seobject.py
+--- policycoreutils-2.0.62/semanage/seobject.py.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/semanage/seobject.py	2009-05-05 14:46:35.000000000 -0400
+@@ -1,5 +1,5 @@
+ #! /usr/bin/python -E
+-# Copyright (C) 2005, 2006, 2007, 2008 Red Hat 
+# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat 
+ # see file 'COPYING' for use and warranty information
+ #
+ # semanage is a tool for managing SELinux configuration files
@@ -21,16 +21,16 @@
 #
 #  
@ -287,7 +421,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 except IOError:
        import __builtin__
        __builtin__.__dict__['_'] = unicode
-@@ -96,7 +96,7 @@
+@@ -96,7 +96,7 @@ try:
 			self.audit_fd = audit.audit_open()
 
 		def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
@ -296,7 +430,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 except:
 	class logger:
 		def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
-@@ -104,7 +104,7 @@
+@@ -104,7 +104,7 @@ except:
 				message = "Successful: "
 			else:
 				message = "Failed: "
@ -305,7 +439,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			if sename != "":
 				message += " sename=" + sename
 			if old_sename != "":
-@@ -123,9 +123,9 @@
+@@ -123,9 +123,9 @@ mylog = logger()		
 
 import xml.etree.ElementTree
 
@ -317,7 +451,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
        for l in  tree.findall("layer"):
               for m in  l.findall("module"):
                      for b in  m.findall("tunable"):
-@@ -160,12 +160,12 @@
+@@ -160,12 +160,12 @@ def validate_level(raw):
 	cat_range = category + "(\." + category +")?"
 	categories = cat_range + "(\," + cat_range + ")*"
 	reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
@ -333,7 +467,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 	else:
 		context = raw
 	(rc, trans) = selinux.selinux_raw_to_trans_context(context)
-@@ -179,9 +179,9 @@
+@@ -179,9 +179,9 @@ def translate(raw, prepend = 1):
 		return trans
 	
 def untranslate(trans, prepend = 1):
@ -345,7 +479,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 	else:
 		context = trans
 
-@@ -234,7 +234,7 @@
+@@ -234,7 +234,7 @@ class setransRecords:
 			rec += "%s=%s\n" %  (k, self.ddict[k])
 		return rec
 	
@ -354,7 +488,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if heading:
 			print "\n%-25s %s\n" % (_("Level"), _("Translation"))
 		keys = self.ddict.keys()
-@@ -273,6 +273,7 @@
+@@ -273,6 +273,7 @@ class setransRecords:
 		(fd, newfilename) = tempfile.mkstemp('', self.filename)
 		os.write(fd, self.out())
 		os.close(fd)
@ -362,7 +496,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		os.rename(newfilename, self.filename)
                 os.system("/sbin/service mcstrans reload > /dev/null")
 
-@@ -281,15 +282,20 @@
+@@ -281,15 +282,20 @@ class semanageRecords:
                global handle
                       
                if handle != None:
@ -386,7 +520,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
         def begin(self):
                if self.transaction:
                       return
-@@ -303,6 +309,12 @@
+@@ -303,6 +309,55 @@ class semanageRecords:
                if rc < 0:
                       raise ValueError(_("Could not commit semanage transaction"))
 
@ -395,11 +529,54 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +                      raise ValueError(_("Semanage transaction not in progress"))
 +               self.transaction = False
 +               self.commit()
+
+class moduleRecords(semanageRecords):
+	def __init__(self, store):
+               semanageRecords.__init__(self, store)
+
+	def get_all(self):
+               l = []
+               (rc, mlist, number) = semanage_module_list(self.sh)
+               if rc < 0:
+                      raise ValueError(_("Could not list SELinux modules"))
+
+               for i in range(number):
+                      mod = semanage_module_list_nth(mlist, i)
+                      name = semanage_module_get_name(mod)
+                      l.append(name)
+               return l
+
+	def dontaudit(self, dontaudit = 0):
+               self.begin()
+               rc = semanage_set_disable_dontaudit(self.sh, int(dontaudit))
+               self.commit()
+               rc = semanage_reload_policy(self.sh)
+
+	def list(self, heading = 1, locallist = 0):
+		if heading:
+			print "\n%-25s\n" % (_("Modules"))
+                for t in self.get_all():
+                       print t
+
+	def add(self, modules):
+               import glob
+               for m in modules.split():
+                      rc = semanage_module_install_file(self.sh, m);
+               if rc >= 0:
+                      self.commit()
+
+	def delete(self, modules):
+               for m in modules.split():
+                      rc = semanage_module_remove(self.sh, m)
+                      if rc < 0:
+                             raise ValueError(_("Could not remove module %s (remove failed)") % name)
+                      
+               self.commit()
 +			
 class permissiveRecords(semanageRecords):
 	def __init__(self, store):
                semanageRecords.__init__(self, store)
-@@ -320,7 +332,7 @@
+@@ -320,7 +375,7 @@ class permissiveRecords(semanageRecords)
                              l.append(name.split("permissive_")[1])
                return l
 
@ -408,7 +585,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if heading:
 			print "\n%-25s\n" % (_("Permissive Types"))
                 for t in self.get_all():
-@@ -328,6 +340,7 @@
+@@ -328,6 +383,7 @@ class permissiveRecords(semanageRecords)
 
 
 	def add(self, type):
@ -416,7 +593,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                name = "permissive_%s" % type
                dirname = "/var/lib/selinux"
                os.chdir(dirname)
-@@ -341,7 +354,7 @@
+@@ -341,7 +397,7 @@ require {
 
 permissive %s;
 """ % (name, type, type)
@ -425,7 +602,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                fd.write(modtxt)
                fd.close()
                mc = module.ModuleCompiler()
-@@ -351,16 +364,19 @@
+@@ -351,16 +407,19 @@ permissive %s;
                fd.close()
 
                rc = semanage_module_install(self.sh, data, len(data));
@ -450,7 +627,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 	def delete(self, name):
                for n in name.split():
-@@ -390,11 +406,11 @@
+@@ -390,11 +449,11 @@ class loginRecords(semanageRecords):
 		if sename == "":
 			sename = "user_u"
 			
@ -464,7 +641,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if login mapping for %s is defined") % name)
 		if exists:
-@@ -410,7 +426,7 @@
+@@ -410,7 +469,7 @@ class loginRecords(semanageRecords):
                        except:
                               raise ValueError(_("Linux User %s does not exist") % name)
 
@ -473,7 +650,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not create login mapping for %s") % name)
 
-@@ -450,17 +466,17 @@
+@@ -450,17 +509,17 @@ class loginRecords(semanageRecords):
                if sename == "" and serange == "":
                       raise ValueError(_("Requires seuser or serange"))
 
@ -494,7 +671,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                       raise ValueError(_("Could not query seuser for %s") % name)
 
-@@ -483,7 +499,7 @@
+@@ -483,7 +542,7 @@ class loginRecords(semanageRecords):
                semanage_seuser_key_free(k)
                semanage_seuser_free(u)
 
@ -503,7 +680,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 	def modify(self, name, sename = "", serange = ""):
 		try:
-@@ -492,21 +508,21 @@
+@@ -492,21 +551,21 @@ class loginRecords(semanageRecords):
                         self.commit()
 
 		except ValueError, error:
@ -529,7 +706,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                       raise ValueError(_("Could not check if login mapping for %s is defined") % name)
                if not exists:
-@@ -525,10 +541,10 @@
+@@ -525,10 +584,10 @@ class loginRecords(semanageRecords):
                        self.commit()
 
 		except ValueError, error:
@ -542,7 +719,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
 	def get_all(self, locallist = 0):
 		ddict = {}
-@@ -578,17 +594,17 @@
+@@ -578,17 +637,17 @@ class seluserRecords(semanageRecords):
                 if len(roles) < 1:
                        raise ValueError(_("You must add at least one role for %s") % name)
                        
@ -563,7 +740,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not create SELinux user for %s") % name)
 
-@@ -612,7 +628,7 @@
+@@ -612,7 +671,7 @@ class seluserRecords(semanageRecords):
                 rc = semanage_user_set_prefix(self.sh, u, prefix)
                 if rc < 0:
                        raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
@ -572,7 +749,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not extract key for %s") % name)
 
-@@ -645,17 +661,17 @@
+@@ -645,17 +704,17 @@ class seluserRecords(semanageRecords):
                        else:
                               raise ValueError(_("Requires prefix or roles"))
 
@ -593,7 +770,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not query user for %s") % name)
 
-@@ -703,17 +719,17 @@
+@@ -703,17 +762,17 @@ class seluserRecords(semanageRecords):
 			raise error
 
 	def __delete(self, name):
@ -614,7 +791,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                       raise ValueError(_("Could not check if SELinux user %s is defined") % name)
                if not exists:
-@@ -795,7 +811,7 @@
+@@ -795,7 +854,7 @@ class portRecords(semanageRecords):
 			low = int(ports[0])
 			high = int(ports[1])
 
@ -623,7 +800,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
 		return ( k, proto_d, low, high )
-@@ -812,13 +828,13 @@
+@@ -812,13 +871,13 @@ class portRecords(semanageRecords):
 
 		( k, proto_d, low, high ) = self.__genkey(port, proto)			
 
@ -639,7 +816,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create port for %s/%s") % (proto, port))
 		
-@@ -871,13 +887,13 @@
+@@ -871,13 +930,13 @@ class portRecords(semanageRecords):
 
 		( k, proto_d, low, high ) = self.__genkey(port, proto)
 
@ -655,7 +832,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not query port %s/%s") % (proto, port))
 
-@@ -926,13 +942,13 @@
+@@ -926,13 +985,13 @@ class portRecords(semanageRecords):
 
 	def __delete(self, port, proto):
 		( k, proto_d, low, high ) = self.__genkey(port, proto)
@ -671,7 +848,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
 		if not exists:
-@@ -1038,17 +1054,17 @@
+@@ -1038,17 +1097,17 @@ class nodeRecords(semanageRecords):
                if ctype == "":
                        raise ValueError(_("SELinux Type is required"))
 
@ -692,7 +869,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                        raise ValueError(_("Could not create addr for %s") % addr)
 
-@@ -1113,17 +1129,17 @@
+@@ -1113,17 +1172,17 @@ class nodeRecords(semanageRecords):
                if serange == "" and setype == "":
                        raise ValueError(_("Requires setype or serange"))
 
@ -713,7 +890,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                        raise ValueError(_("Could not query addr %s") % addr)
 
-@@ -1160,17 +1176,17 @@
+@@ -1160,17 +1219,17 @@ class nodeRecords(semanageRecords):
                else:
                       raise ValueError(_("Unknown or missing protocol"))
 
@ -734,7 +911,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                if rc < 0:
                        raise ValueError(_("Could not check if addr %s is defined") % addr)
                if not exists:
-@@ -1240,17 +1256,17 @@
+@@ -1240,17 +1299,17 @@ class interfaceRecords(semanageRecords):
 		if ctype == "":
 			raise ValueError(_("SELinux Type is required"))
 
@ -755,7 +932,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create interface for %s") % interface)
 		
-@@ -1301,17 +1317,17 @@
+@@ -1301,17 +1360,17 @@ class interfaceRecords(semanageRecords):
 		if serange == "" and setype == "":
 			raise ValueError(_("Requires setype or serange"))
 
@ -776,7 +953,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not query interface %s") % interface)
 
-@@ -1335,17 +1351,17 @@
+@@ -1335,17 +1394,17 @@ class interfaceRecords(semanageRecords):
                 self.commit()
 
 	def __delete(self, interface):
@ -797,7 +974,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if interface %s is defined") % interface)
 		if not exists:
-@@ -1393,6 +1409,45 @@
+@@ -1393,6 +1452,48 @@ class interfaceRecords(semanageRecords):
 class fcontextRecords(semanageRecords):
 	def __init__(self, store = ""):
 		semanageRecords.__init__(self, store)
@ -820,7 +997,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 +                       for src in self.equiv.keys():
 +                              fd.write("%s %s\n" % (src, self.equiv[src]))
 +                       fd.close()
+                       try:
 +                              os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
+                       except:
+                              pass
 +                       os.rename(tmpfile,subs_file)
 +                       self.equil_ind = False
 +		semanageRecords.commit(self)
@ -843,7 +1023,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 
         def createcon(self, target, seuser = "system_u"):
                 (rc, con) = semanage_context_create(self.sh)
-@@ -1429,23 +1484,23 @@
+@@ -1429,23 +1530,23 @@ class fcontextRecords(semanageRecords):
 		if type == "":
 			raise ValueError(_("SELinux Type is required"))
 
@ -871,7 +1051,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not create file context for %s") % target)
 		
-@@ -1486,21 +1541,21 @@
+@@ -1486,21 +1587,21 @@ class fcontextRecords(semanageRecords):
 			raise ValueError(_("Requires setype, serange or seuser"))
                 self.validate(target)
 
@ -898,7 +1078,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                        if rc < 0:
                               raise ValueError(_("Could not query file context for %s") % target)
 
-@@ -1550,7 +1605,7 @@
+@@ -1550,7 +1651,7 @@ class fcontextRecords(semanageRecords):
                        target = semanage_fcontext_get_expr(fcontext)
                        ftype = semanage_fcontext_get_type(fcontext)
                        ftype_str = semanage_fcontext_get_type_str(ftype)
@ -907,7 +1087,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                        if rc < 0:
                               raise ValueError(_("Could not create a key for %s") % target)
 
-@@ -1558,19 +1613,26 @@
+@@ -1558,19 +1659,26 @@ class fcontextRecords(semanageRecords):
                        if rc < 0:
                               raise ValueError(_("Could not delete the file context %s") % target)
                        semanage_fcontext_key_free(k)
@ -938,7 +1118,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			if rc < 0:
 				raise ValueError(_("Could not check if file context for %s is defined") % target)
 			if exists:
-@@ -1617,11 +1679,11 @@
+@@ -1617,11 +1725,11 @@ class fcontextRecords(semanageRecords):
 		return ddict
 			
 	def list(self, heading = 1, locallist = 0 ):
@ -952,7 +1132,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		for k in keys:
 			if fcon_dict[k]:
 				if is_mls_enabled:
-@@ -1630,11 +1692,17 @@
+@@ -1630,11 +1738,17 @@ class fcontextRecords(semanageRecords):
 					print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
 			else:
 				print "%-50s %-18s <<None>>" % (k[0], k[1])
@ -971,7 +1151,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 self.dict["TRUE"] = 1
                 self.dict["FALSE"] = 0
                 self.dict["ON"] = 1
-@@ -1643,16 +1711,16 @@
+@@ -1643,16 +1757,16 @@ class booleanRecords(semanageRecords):
                 self.dict["0"] = 0
 
 	def __mod(self, name, value):
@ -991,7 +1171,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 if rc < 0:
                        raise ValueError(_("Could not query file context %s") % name)
 
-@@ -1670,7 +1738,7 @@
+@@ -1670,7 +1784,7 @@ class booleanRecords(semanageRecords):
 		semanage_bool_key_free(k)
 		semanage_bool_free(b)
 
@ -1000,7 +1180,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                 
                 self.begin()
 
-@@ -1694,16 +1762,16 @@
+@@ -1694,16 +1808,16 @@ class booleanRecords(semanageRecords):
 		
 	def __delete(self, name):
 
@ -1020,7 +1200,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if rc < 0:
 			raise ValueError(_("Could not check if boolean %s is defined") % name)
 		if not exists:
-@@ -1762,7 +1830,7 @@
+@@ -1762,7 +1876,7 @@ class booleanRecords(semanageRecords):
                       return _("unknown")
 
 	def list(self, heading = True, locallist = False, use_file = False):
@ -1029,11 +1209,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 		if use_file:
                        ddict = self.get_all(locallist)
                        keys = ddict.keys()
-Binary files nsapolicycoreutils/setfiles/restorecon and policycoreutils-2.0.62/setfiles/restorecon differ
-Binary files nsapolicycoreutils/setfiles/setfiles and policycoreutils-2.0.62/setfiles/setfiles differ
-diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.62/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/setfiles/setfiles.c	2009-04-14 09:38:55.000000000 -0400
+diff -up policycoreutils-2.0.62/setfiles/setfiles.c.rhat policycoreutils-2.0.62/setfiles/setfiles.c
+--- policycoreutils-2.0.62/setfiles/setfiles.c.rhat	2009-02-18 16:45:01.000000000 -0500
+++ policycoreutils-2.0.62/setfiles/setfiles.c	2009-05-05 10:49:02.000000000 -0400
@@ -29,6 +29,8 @@
 static int mass_relabel;
 static int mass_relabel_errs;
@ -1043,7 +1221,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 static FILE *outfile = NULL;
 static int force = 0;
 #define STAT_BLOCK_SIZE 1
-@@ -444,11 +446,11 @@
+@@ -444,11 +446,11 @@ static int restore(const char *file)
 
 	if (progress) {
 		count++;
@ -1057,7 +1235,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
 			fprintf(stdout, "*");
 			fflush(stdout);
 		}
-@@ -1017,7 +1019,7 @@
+@@ -1017,7 +1019,7 @@ int main(int argc, char **argv)
 		free(excludeArray[i].directory);
 	}
 
@ -1066,4 +1244,27 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.16 --exclude=gui --exclude=po
                printf("\n");
 	exit(errors);
 }
-Binary files nsapolicycoreutils/setfiles/setfiles.o and policycoreutils-2.0.62/setfiles/setfiles.o differ
+diff -up policycoreutils-2.0.62/semanage/seobject.py~ policycoreutils-2.0.62/semanage/seobject.py
+--- policycoreutils-2.0.62/semanage/seobject.py~	2009-05-14 09:02:13.000000000 -0400
+++ policycoreutils-2.0.62/semanage/seobject.py	2009-05-14 09:03:05.000000000 -0400
+@@ -1027,7 +1027,7 @@ class portRecords(semanageRecords):
+ 			proto_str = semanage_port_get_proto_str(proto)
+ 			low = semanage_port_get_low(port)
+ 			high = semanage_port_get_high(port)
+-			ddict[(low, high)] = (ctype, proto_str, level)
+			ddict[(low, high, proto_str)] = (ctype, level)
+ 		return ddict
+ 
+ 	def get_all_by_type(self, locallist = 0):
+diff -up policycoreutils-2.0.62/setfiles/setfiles.c~ policycoreutils-2.0.62/setfiles/setfiles.c
+--- policycoreutils-2.0.62/setfiles/setfiles.c~	2009-09-09 16:50:37.000000000 +0200
+++ policycoreutils-2.0.62/setfiles/setfiles.c	2009-09-09 16:51:23.000000000 +0200
+@@ -683,6 +683,8 @@ static int process_one(char *name)
+ 				progname, name, strerror(errno));
+ 			goto err;
+ 		}
+		close(pipe_fds[0]);
+		pipe_fds[0] = -1;
+ 	} else {
+ 		rc = restore(name);
+ 		if (rc)
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py
 --- nsasepolgen/src/sepolgen/access.py	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py	2009-04-01 10:03:43.000000000 -0400
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/access.py	2009-04-21 14:54:12.000000000 -0400
@@ -313,7 +313,7 @@
 
     def __len__(self):
@ -10,9 +10,30 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policyco
 
     def add(self, role, type):
         if self.role_types.has_key(role):
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py
+--- nsasepolgen/src/sepolgen/audit.py	2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/audit.py	2009-04-24 13:19:39.000000000 -0400
+@@ -47,6 +47,17 @@
+                               stdout=subprocess.PIPE).communicate()[0]
+     return output
+ 
+def get_log_msgs():
+    """Obtain all of the avc and policy load messages from /var/log/messages.
+
+    Returns:
+       string contain all of the audit messages returned by /var/log/messages.
+    """
+    import subprocess
+    output = subprocess.Popen(["/bin/grep", "avc",  "/var/log/messages"],
+                              stdout=subprocess.PIPE).communicate()[0]
+    return output
+
+ # Classes representing audit messages
+ 
+ class AuditMessage:
 diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py
 --- nsasepolgen/src/sepolgen/refparser.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py	2009-02-18 16:52:27.000000000 -0500
+++ policycoreutils-2.0.62/sepolgen-1.0.16/src/sepolgen/refparser.py	2009-04-21 14:54:12.000000000 -0400
@@ -919,7 +919,7 @@
 def list_headers(root):
     modules = []
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.62
-Release: 10%{?dist}
+Release: 12.15%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -23,6 +23,7 @@ Patch:	 policycoreutils-rhat.patch
 Patch1:	 policycoreutils-po.patch
 Patch3:	 policycoreutils-gui.patch
 Patch4:	 policycoreutils-sepolgen.patch
+Patch5:	 policycoreutils-F11.patch
 Obsoletes: policycoreutils < 2.0.61-2

 BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
@ -54,6 +55,7 @@ context.
 %patch1 -p1 -b .rhatpo
 %patch3 -p1 -b .gui
 %patch4 -p1 -b .sepolgen
+%patch5 -p1 

 %build
 make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all 
@ -111,6 +113,7 @@ The policycoreutils-python package contains the management tools use to manage a
 %{_sbindir}/semanage
 %{_bindir}/audit2allow
 %{_bindir}/audit2why
+%{_bindir}/sandbox
 %{_bindir}/chcat
 %{_bindir}/sepolgen-ifgen
 %{_libdir}/python?.?/site-packages/seobject.py*
@ -160,6 +163,7 @@ system-config-selinux is a utility for managing the SELinux environment
 %defattr(-,root,root)
 %{_bindir}/system-config-selinux
 %{_bindir}/selinux-polgengui
+%{_bindir}/sepolgen
 %{_datadir}/applications/fedora-system-config-selinux.desktop
 %{_datadir}/applications/fedora-selinux-polgengui.desktop
 %dir %{_datadir}/system-config-selinux
@ -221,6 +225,54 @@ else
 fi

 %changelog
+* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15
+- Update to Rawhides system-config-selinux/polgengui
+
+* Thu Sep 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.14
+- Fix tight loop in restorecond patch from Martin Orr
+
+* Wed Sep 23 2009 Miroslav Grepl <mgrepl@redhat.com> 2.0.62-12.13
+- Fix for setfiles leaks descriptors from Steve Grubb
+
+* Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.12
+- Fix polgen.py 
+
+* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11
+- Fix polgen.py 
+
+* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.10
+- Add sepolgen executable
+
+* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9
+- Fix mount options on sandbox
+
+* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.8
+- Allow polgen.py to generate policy for just the binary
+
+* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.7
+- Fix sandbox to be able to execute files in homedir
+
+* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6
+- Add sandbox script
+
+* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.5
+- More portspage fixes
+
+* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.4
+- Fix portspage and generation of init_script_file in templates
+
+* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.3
+- Fix handling of .subs file
+
+* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.2
+- Fix fixfiles to handle btrfs
+
+* Fri Apr 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.1
+- Fix audit2allow -a to read /var/log/messages
+
+* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12
+- Add semanage module support
+
 * Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-10
 - Do not print \n, if count < 1000;

--- a/policycoreutils_man_ru2.tar.bz2
+++ b/policycoreutils_man_ru2.tar.bz2
--- a/1
+++ b/1
@ -1,2 +1,3 @@
 7163e6b815bb45eb4f6a620cd8240690  policycoreutils-2.0.62.tgz
 e1b5416c3e0d76e5d702b3f54f4def45  sepolgen-1.0.16.tgz
+7915287c8377b768ccae7eb6dc736783  policycoreutils_man_ru2.tar.bz2
Author	SHA1	Message	Date
Fedora Release Engineering	a06c71a0d3	dist-git conversion	2010-07-29 09:55:08 +00:00
Bill Nottingham	403559f760	Fix typo that causes a failure to update the common directory. (releng #2781 )	2009-11-26 01:43:31 +00:00
Daniel J Walsh	9005b5b529	* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.15 - Update to Rawhides system-config-selinux/polgengui	2009-10-01 16:10:23 +00:00
Daniel J Walsh	531062f702	* Thu Sep 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.14 - Fix tight loop in restorecond patch from Martin Orr	2009-09-25 03:09:52 +00:00
Miroslav Grepl	b5aeeb75bc	- Fix for setfiles leaks descriptors from Steve Grubb	2009-09-23 10:59:40 +00:00
Ville Skyttä	d46f9204ff	Move man_ru2 tarballs from CVS to lookaside cache.	2009-08-09 13:35:32 +00:00
Daniel J Walsh	ed1c24c9e0	* Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.12 - Fix polgen.py	2009-06-26 18:45:39 +00:00
Daniel J Walsh	cee6334c7e	* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11 - Fix polgen.py	2009-06-12 20:20:28 +00:00
Daniel J Walsh	fd57d1a218	* Tue Jun 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.11 - Fix polgen.py	2009-06-09 20:53:42 +00:00
Daniel J Walsh	7bf7971a06	* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.10 - Add sepolgen executable	2009-06-04 19:31:10 +00:00
Daniel J Walsh	db27692fd6	* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9 - Fix mount options on sandbox	2009-06-01 10:36:30 +00:00
Daniel J Walsh	8c97448739	* Mon Jun 1 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.9 - Fix mount options on sandbox	2009-06-01 10:35:20 +00:00
Daniel J Walsh	15753a3a4a	* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.8 - Allow polgen.py to generate policy for just the binary	2009-05-26 21:04:17 +00:00
Daniel J Walsh	99f84b1b02	* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.7 - Fix sandbox to be able to execute files in homedir	2009-05-26 16:59:13 +00:00
Daniel J Walsh	a422c176e0	* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6 - Add sandbox script	2009-05-22 18:27:32 +00:00
Daniel J Walsh	2be6f439a9	* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.6 - Add sandbox script	2009-05-22 18:14:25 +00:00
Daniel J Walsh	5594809617	* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.5 - More portspage fixes	2009-05-14 13:04:57 +00:00
Daniel J Walsh	4c6238c984	* Tue May 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.4 - Fix portspage and generation of init_script_file in templates	2009-05-12 17:56:12 +00:00
Daniel J Walsh	6a5bb95dfd	* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.3 - Fix handling of .subs file	2009-05-05 18:49:56 +00:00
Daniel J Walsh	ae3cda5138	* Tue May 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.2 - Fix fixfiles to handle btrfs	2009-05-05 14:53:42 +00:00
Daniel J Walsh	1e7540b5b3	* Fri Apr 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12.1 - Fix audit2allow -a to read /var/log/messages	2009-04-24 17:57:46 +00:00
Daniel J Walsh	27d6dacdb9	* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12 - Add semanage module support	2009-04-16 19:06:07 +00:00
Daniel J Walsh	7fa79b350d	* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-11 - Add semanage module support	2009-04-16 18:56:02 +00:00
Jesse Keating	ae29830097	Initialize branch F-11 for policycoreutils	2009-04-15 05:25:17 +00:00