- Fix fcontext translation handling in system-config-selinux

- Fix sandbox command on HOMEDIR

.gitignore

@@ -208,3 +208,15 @@ policycoreutils-2.0.71.tgz
 sepolgen-1.0.17.tgz
 policycoreutils-2.0.73.tgz
 policycoreutils-2.0.74.tgz
+policycoreutils-2.0.75.tgz
+policycoreutils-2.0.76.tgz
+policycoreutils-2.0.77.tgz
+policycoreutils-2.0.78.tgz
+sepolgen-1.0.19.tgz
+policycoreutils-2.0.79.tgz
+policycoreutils-2.0.80.tgz
+policycoreutils-2.0.81.tgz
+sepolgen-1.0.20.tgz
+sepolgen-1.0.22.tgz
+policycoreutils-2.0.82.tgz
+sepolgen-1.0.23.tgz

Makefile

@@ -4,7 +4,7 @@ NAME := policycoreutils
 SPECFILE = $(firstword $(wildcard *.spec))
 
 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 
 MAKEFILE_COMMON := $(shell $(find-makefile-common))

branch

@@ -0,0 +1 @@
+F-12

policycoreutils-fcontext.patch

@@ -0,0 +1,21 @@
+diff -up policycoreutils-2.0.83/gui/fcontextPage.py.old policycoreutils-2.0.83/gui/fcontextPage.py
+--- policycoreutils-2.0.83/gui/fcontextPage.py.old	2010-08-23 11:23:31.000000000 -0400
++++ policycoreutils-2.0.83/gui/fcontextPage.py	2010-08-23 11:23:48.000000000 -0400
+@@ -185,14 +185,14 @@ class fcontextPage(semanagePage):
+             self.error(e.args[0])
+ 
+     def add(self):
++        ftype=["", "--", "-d", "-c", "-b", "-s", "-l", "-p" ]
+         fspec=self.fcontextEntry.get_text().strip()
+         type=self.fcontextTypeEntry.get_text().strip()
+         mls=self.fcontextMLSEntry.get_text().strip()
+         list_model=self.fcontextFileTypeCombo.get_model()
+-        iter = self.fcontextFileTypeCombo.get_active_iter()
+-        ftype=list_model.get_value(iter,0)
++        active = self.fcontextFileTypeCombo.get_active()
+         self.wait()
+-        (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec))
++        (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype[active], fspec))
+         self.ready()
+         if rc != 0:
+             self.error(out)

policycoreutils-sepolgen.patch

@@ -1,35 +1,54 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py
---- nsasepolgen/src/sepolgen/audit.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/audit.py	2009-08-18 15:21:13.000000000 -0400
-@@ -23,6 +23,27 @@
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py
+--- nsasepolgen/src/sepolgen/access.py	2010-03-22 14:08:29.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py	2010-03-24 16:11:37.000000000 -0400
+@@ -32,6 +32,7 @@
+ """
  
- # Convenience functions
+ import refpolicy
++from selinux import audit2why
  
-+def get_audit_boot_msgs():
-+    """Obtain all of the avc and policy load messages from the audit
-+    log. This function uses ausearch and requires that the current
-+    process have sufficient rights to run ausearch.
-+
-+    Returns:
-+       string contain all of the audit messages returned by ausearch.
-+    """
-+    import subprocess
-+    import time
-+    fd=open("/proc/uptime", "r")
-+    off=float(fd.read().split()[0])
-+    fd.close
-+    s = time.localtime(time.time() - off)
-+    date = time.strftime("%D/%Y", s).split("/")
-+    bootdate="%s/%s/%s" % (date[0], date[1], date[3])
-+    boottime = time.strftime("%X", s)
-+    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
-+                              stdout=subprocess.PIPE).communicate()[0]
-+    return output
-+
- def get_audit_msgs():
-     """Obtain all of the avc and policy load messages from the audit
-     log. This function uses ausearch and requires that the current
-@@ -47,6 +68,17 @@
+ def is_idparam(id):
+     """Determine if an id is a paramater in the form $N, where N is
+@@ -85,6 +86,8 @@
+             self.obj_class = None
+             self.perms = refpolicy.IdSet()
+             self.audit_msgs = []
++            self.type = audit2why.TERULE
++            self.bools = []
+ 
+         # The direction of the information flow represented by this
+         # access vector - used for matching
+@@ -253,20 +256,22 @@
+         for av in l:
+             self.add_av(AccessVector(av))
+ 
+-    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
++    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
+         """Add an access vector to the set.
+         """
+         tgt = self.src.setdefault(src_type, { })
+         cls = tgt.setdefault(tgt_type, { })
+         
+-        if cls.has_key(obj_class):
+-            access = cls[obj_class]
++        if cls.has_key((obj_class, avc_type)):
++            access = cls[obj_class, avc_type]
+         else:
+             access = AccessVector()
+             access.src_type = src_type
+             access.tgt_type = tgt_type
+             access.obj_class = obj_class
+-            cls[obj_class] = access
++            access.bools = bools
++            access.type = avc_type
++            cls[obj_class, avc_type] = access
+ 
+         access.perms.update(perms)
+         if audit_msg:
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py
+--- nsasepolgen/src/sepolgen/audit.py	2010-03-22 14:08:29.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py	2010-03-24 16:11:37.000000000 -0400
+@@ -68,6 +68,17 @@
                                stdout=subprocess.PIPE).communicate()[0]
      return output
  
@@ -47,15 +66,126 @@ diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycor
  # Classes representing audit messages
  
  class AuditMessage:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py
---- nsasepolgen/src/sepolgen/refparser.py	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.71/sepolgen-1.0.17/src/sepolgen/refparser.py	2009-08-13 17:57:55.000000000 -0400
-@@ -919,7 +919,7 @@
- def list_headers(root):
-     modules = []
-     support_macros = None
--    blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
-+    blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
+@@ -127,6 +138,9 @@
+             if fields[0] == "path":
+                 self.path = fields[1][1:-1]
+                 return
++import selinux.audit2why as audit2why
++
++avcdict = {}
+ 
+ class AVCMessage(AuditMessage):
+     """AVC message representing an access denial or granted message.
+@@ -167,6 +181,8 @@
+         self.path = ""
+         self.accesses = []
+         self.denial = True
++        self.type = audit2why.TERULE
++        self.bools = []
+ 
+     def __parse_access(self, recs, start):
+         # This is kind of sucky - the access that is in a space separated
+@@ -226,7 +242,31 @@
+ 
+         if not found_src or not found_tgt or not found_class or not found_access:
+             raise ValueError("AVC message in invalid format [%s]\n" % self.message)
+-                
++        self.analyze()
++
++    def analyze(self):
++        tcontext = self.tcontext.to_string()
++        scontext = self.scontext.to_string()
++        access_tuple = tuple( self.accesses)
++        if (scontext, tcontext, self.tclass, access_tuple) in avcdict.keys():
++            self.type, self.bools = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
++        else:
++            self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
++            if self.type == audit2why.NOPOLICY:
++                self.type = audit2why.TERULE
++            if self.type == audit2why.BADTCON:
++                raise ValueError("Invalid Target Context %s\n" % tcontext)
++            if self.type == audit2why.BADSCON:
++                raise ValueError("Invalid Source Context %s\n" % scontext)
++            if self.type == audit2why.BADSCON:
++                raise ValueError("Invalid Type Class %s\n" % self.tclass)
++            if self.type == audit2why.BADPERM:
++                raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
++            if self.type == audit2why.BADCOMPUTE:
++                raise ValueError("Error during access vector computation")
++            
++            avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
++
+ class PolicyLoadMessage(AuditMessage):
+     """Audit message indicating that the policy was reloaded."""
+     def __init__(self, message):
+@@ -469,10 +509,10 @@
+             if avc_filter:
+                 if avc_filter.filter(avc):
+                     av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
+-                               avc.accesses, avc)
++                               avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
+             else:
+                 av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
+-                           avc.accesses, avc)
++                           avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
+         return av_set
+ 
+ class AVCTypeFilter:
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
+--- nsasepolgen/src/sepolgen/policygen.py	2010-03-12 09:34:56.000000000 -0500
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py	2010-03-24 16:11:37.000000000 -0400
+@@ -29,6 +29,8 @@
+ import access
+ import interfaces
+ import matching
++import selinux.audit2why as audit2why
++from setools import *
+ 
+ # Constants for the level of explanation from the generation
+ # routines
+@@ -77,6 +79,7 @@
+ 
+         self.dontaudit = False
+ 
++        self.domains = None
+     def set_gen_refpol(self, if_set=None, perm_maps=None):
+         """Set whether reference policy interfaces are generated.
+ 
+@@ -151,8 +154,37 @@
+             rule = refpolicy.AVRule(av)
+             if self.dontaudit:
+                 rule.rule_type = rule.DONTAUDIT
++            rule.comment = ""
+             if self.explain:
+                 rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
++            if av.type == audit2why.ALLOW:
++                rule.comment += "#!!!! This avc is allowed in the current policy\n" 
++            if av.type == audit2why.DONTAUDIT:
++                rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n" 
++            if av.type == audit2why.BOOLEAN:
++                if len(av.bools) > 1:
++                    rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n#     %s\n" % ", ".join(map(lambda x: av.bools[0][0], av.bools))
++                else:
++                    rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
++
++            if av.type == audit2why.CONSTRAINT:
++                rule.comment += "#!!!! This avc is a constraint violation.  You will need to add an attribute to either the source or target type to make it work.\n" 
++                rule.comment += "#Contraint rule: "
++
++            if av.type == audit2why.TERULE:
++                if "write" in av.perms:
++                    if "dir" in av.obj_class or "open" in av.perms:
++                        if not self.domains:
++                            self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
++                        types=[]
++                        for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
++                            if i not in self.domains:
++                                types.append(i)
++                        if len(types) == 1:
++                            rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
++                        elif len(types) >= 1:
++                            rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
++                            
+             self.module.children.append(rule)
+ 
  
-     for dirpath, dirnames, filenames in os.walk(root):
-         for name in filenames:

policycoreutils.spec

@@ -1,15 +1,16 @@
 %define	libauditver	1.4.2-1
-%define	libsepolver	2.0.19-1
-%define	libsemanagever	2.0.36-2
-%define	libselinuxver	2.0.46-5
-%define	sepolgenver	1.0.17
+%define	libsepolver	2.0.41-3
+%define	libsemanagever	2.0.43-4
+%define	libselinuxver	2.0.90-3
+%define	sepolgenver	1.0.23
+
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.0.74
-Release: 4%{?dist}
+Version: 2.0.82
+Release: 6%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
-Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
+Source:  http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
 Source1: http://www.nsa.gov/selinux/archives/sepolgen-%{sepolgenver}.tgz
 URL:	 http://www.selinuxproject.org
 Source2: system-config-selinux.png
@@ -19,17 +20,22 @@ Source5: system-config-selinux.console
 Source6: selinux-polgengui.desktop
 Source7: selinux-polgengui.console
 Source8: policycoreutils_man_ru2.tar.bz2
-Source9: sandbox.init
 Patch:	 policycoreutils-rhat.patch
 Patch1:	 policycoreutils-po.patch
 Patch3:	 policycoreutils-gui.patch
 Patch4:	 policycoreutils-sepolgen.patch
+Patch5:	 policycoreutils-fcontext.patch
 Obsoletes: policycoreutils < 2.0.61-2
 
-BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
+%global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")
+
+%global pkgpythondir  %{python_sitelib}/%{name}
+
+BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
 BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
-Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed 
-Requires: libsepol >= %{libsepolver} coreutils checkpolicy  libselinux-utils >=  %{libselinuxver} 
+BuildRequires: python-devel
+Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
+Requires: libsepol >= %{libsepolver} coreutils checkpolicy  libselinux-utils >=  %{libselinuxver}
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/service  /sbin/chkconfig
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -57,6 +63,7 @@ context.
 %patch1 -p1 -b .rhatpo
 %patch3 -p1 -b .gui
 %patch4 -p1 -b .sepolgen
+%patch5 -p1 -b .fcontext
 
 %build
 make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all 
@@ -74,7 +81,6 @@ mkdir -p %{buildroot}%{_mandir}/man8
 mkdir -p %{buildroot}%{_sysconfdir}/pam.d
 mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
-install -m0755 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rc.d/init.d/sandbox
 
 make LSPP_PRIV=y  DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
 make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
@@ -88,7 +94,6 @@ tar -jxf %{SOURCE8} -C %{buildroot}/
 rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
 ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
 ln -sf consolehelper %{buildroot}%{_bindir}/selinux-polgengui
-ln -s /sbin/load_policy %{buildroot}%{_sbindir}/load_policy
 
 desktop-file-install	--vendor fedora \
 			--dir ${RPM_BUILD_ROOT}%{_datadir}/applications	\
@@ -109,6 +114,7 @@ Requires: audit-libs-python >=  %{libauditver}
 Requires: /usr/bin/make
 Requires(pre): python >= 2.6
 Obsoletes: policycoreutils < 2.0.61-2
+Requires: setools-libs-python
 
 %description python
 The policycoreutils-python package contains the management tools use to manage an SELinux environment.
@@ -121,9 +127,10 @@ The policycoreutils-python package contains the management tools use to manage a
 %{_bindir}/chcat
 %{_bindir}/sandbox
 %{_bindir}/sepolgen-ifgen
-%{_libdir}/python?.?/site-packages/seobject.py*
-%{_libdir}/python?.?/site-packages/sepolgen/*
-%dir %{_libdir}/python?.?/site-packages/sepolgen
+%{python_sitelib}/seobject.py*
+%{python_sitelib}/sepolgen
+%{python_sitelib}/%{name}*.egg-info
+%{pkgpythondir}
 %dir  /var/lib/sepolgen
 %dir  /var/lib/selinux
 /var/lib/sepolgen/perm_map
@@ -132,10 +139,9 @@ The policycoreutils-python package contains the management tools use to manage a
 %{_mandir}/man1/audit2why.1*
 %{_mandir}/man8/chcat.8*
 %{_mandir}/ru/man8/chcat.8*
+%{_mandir}/man8/sandbox.8*
 %{_mandir}/man8/semanage.8*
 %{_mandir}/ru/man8/semanage.8*
-%{_mandir}/man8/fixfiles.8*
-%{_mandir}/ru/man8/fixfiles.8*
 
 %post python
 [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 
@@ -154,8 +160,10 @@ BuildRequires: libcap-ng-devel
 The policycoreutils-python package contains the scripts to create graphical sandboxes
 
 %files sandbox
+%defattr(-,root,root,-)
 %{_sysconfdir}/rc.d/init.d/sandbox
-%{_mandir}/man8/sandbox.8*
+%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
+%{_sysconfdir}/sysconfig/sandbox
 %{_sbindir}/seunshare
 %{_datadir}/sandbox/sandboxX.sh
 
@@ -250,6 +258,8 @@ rm -rf %{buildroot}
 %{_sysconfdir}/xdg/autostart/restorecond.desktop
 %{_datadir}/dbus-1/services/org.selinux.Restorecond.service
 # selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
+%{_mandir}/man8/fixfiles.8*
+%{_mandir}/ru/man8/fixfiles.8*
 %{_mandir}/man8/load_policy.8*
 %{_mandir}/ru/man8/load_policy.8*
 %{_mandir}/man8/open_init_pty.8*
@@ -297,6 +307,201 @@ fi
 exit 0
 
 %changelog
+* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-6
+- Fix fcontext translation handling in system-config-selinux
+
+* Thu Jul 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-5
+- Fix sandbox command on HOMEDIR
+
+* Tue Apr 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-4
+- Fix spacing in templates 
+
+* Wed Mar 31 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-3
+- Fix semanage return codes
+
+* Tue Mar 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-2
+- Fix sepolgen to confirm to the "Reference Policy Style Guide" 
+
+* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-1
+- Update to upstream 
+	* Add avc's since boot from Dan Walsh.
+	* Fix unit tests from Dan Walsh.
+
+* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-4
+- Update to upstream - sepolgen
+	* Add since-last-boot option to audit2allow from Dan Walsh.
+	* Fix sepolgen output to match what Chris expects for upstream
+	  refpolicy from Dan Walsh.
+
+* Mon Mar 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-3
+- Allow restorecon on > 2 Gig files
+
+* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-2
+- Fix semanage handling of boolean options
+- Update translations
+
+* Fri Mar 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-1
+- Update to upstream
+	* Add dontaudit flag to audit2allow from Dan Walsh.
+
+* Thu Mar 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.80-2
+- Use --rbind in sandbox init scripts
+
+* Mon Mar 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.80-1
+- Update to upstream
+	* Module enable/disable support from Dan Walsh.
+
+* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-5
+- Rewrite of sandbox script, add unit test for sandbox 
+- Update translations
+
+* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-4
+- Fix patch for dontaudit rules from audit2allow for upstream acceptance
+
+* Fri Feb 26 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-3
+- Fixes for fixfiles
+
+* Wed Feb 17 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-2
+- Fix sandbox to complain if mount-shared has not been run
+- Fix to use /etc/sysconfig/sandbox
+
+* Tue Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
+- Update to upstream
+	* Fix double-free in newrole
+- Fix python language handling
+
+* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
+- Fix display of command in sandbox
+
+* Fri Feb 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-20
+- Catch OSError in semanage
+
+* Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-19
+- Fix seobject and fixfiles
+
+* Fri Jan 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-17
+- Change seobject to use translations properly
+
+* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-16
+- Cleanup spec file
+Resolves: 555835
+
+* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15
+- Add use_resolve to sepolgen
+
+* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
+- Add session capability to sandbox 
+- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
+
+* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-13
+- Fix executable template for fifo files
+
+* Tue Jan 19 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-12
+- Fix patch xod xmodmap
+- Exit 0 from script
+
+* Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
+- Run with the same xdmodmap in sandbox as outside
+- Patch from Josh Cogliati
+
+* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-10
+- Fix sepolgen to not generate user sh section on non user policy
+
+* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-9
+- Add -e to semanage man page
+- Add -D qualifier to audit2allow to generate dontaudit rules
+
+* Wed Jan 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-8
+- Speed up audit2allow processing of audit2why comments
+
+* Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-7
+- Fixes to sandbox man page
+
+* Thu Dec 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-6
+- Add setools-libs-python to requires for gui
+
+* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-5
+- If restorecond running as a user has no files to watch then it should exit.  (NFS Homedirs)
+
+* Thu Dec 10 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-4
+- Move sandbox man page to base package
+
+* Tue Dec 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-3
+- Fix audit2allow to report constraints, dontaudits, types, booleans
+
+* Fri Dec 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-2
+- Fix restorecon -i to ignore enoent
+
+* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-1
+- Update to upstream
+	* Remove non-working OUTFILE from fixfiles from Dan Walsh.
+	* Additional exception handling in chcat from Dan Walsh.
+
+	* fix sepolgen to read a "type 1403" msg as a policy load by Stephen
+	  Smalley <sds@tycho.nsa.gov>
+	* Add support for Xen ocontexts from Paul Nuzzi.
+
+* Tue Nov 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.77-1
+- Update to upstream
+	* Fixed bug preventing semanage node -a from working
+	  from Chad Sellers
+	* Fixed bug preventing semanage fcontext -l from working
+	  from Chad Sellers
+- Change semanage to use unicode
+
+* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1
+- Update to upstream
+	* Remove setrans management from semanage, as it does not work
+	  from Dan Walsh.
+	* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
+
+* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-3
+- Raise exception if user tries to add file context with an embedded space
+
+* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
+- Fix sandbox to setsid so it can run under mozilla without crashing the session
+
+* Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
+- Update to upstream
+	* Factor out restoring logic from setfiles.c into restore.c
+
+* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-15
+- Fix typo in seobject.py
+
+* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-14
+- Allow semanage -i and semanage -o to generate customization files.
+- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration
+
+* Tue Oct 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-13
+- Fix restorecond man page
+
+* Mon Oct 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-12
+- Add generation of the users context file to polgengui
+
+* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-11
+- Remove tabs from system-config-selinux glade file
+
+* Thu Oct 15 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-10
+- Remove translations screen from system-config-selinux
+
+* Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-9
+- Move fixfiles man pages into the correct package
+- Add genhomedircon to fixfiles restore
+
+* Thu Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
+- Add check to sandbox to verify save changes - Chris Pardy
+- Fix memory leak in restorecond - Steve Grubb
+
+* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-7
+- Fixes Templates
+
+* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-6
+- Fixes for polgengui to handle tcp ports correctly
+- Fix semanage node -a
+
+* Wed Sep 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-5
+- Fixes for semanage -equiv, readded modules, --enable, --disable
+
 * Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-4
 - Close sandbox when eclipse exits
 

sources

@@ -1,3 +1,3 @@
-480cc64a050735fa1163a87dc89c4f49  sepolgen-1.0.17.tgz
-60aa41df668a557892296ff02c7411aa  policycoreutils-2.0.74.tgz
+e4deacb4df1e2ec081a91fd59da1dcc5  policycoreutils-2.0.82.tgz
+49faa2e5f343317bcfcf34d7286f6037  sepolgen-1.0.23.tgz
 59d33101d57378ce69889cc078addf90  policycoreutils_man_ru2.tar.bz2