From 63093bd54009b225de060cfe2fb94392f0bb7145 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Fri, 26 Sep 2008 13:59:44 +0000
Subject: [PATCH] - Fix matchpathcon -V call

---
 libselinux-rhat.patch | 336 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 324 insertions(+), 12 deletions(-)

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 0c383e0..21fd3f9 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.71/include/selinux/av_permissions.h
 --- nsalibselinux/include/selinux/av_permissions.h	2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/include/selinux/av_permissions.h	2008-09-22 13:27:27.000000000 -0400
++++ libselinux-2.0.71/include/selinux/av_permissions.h	2008-09-24 07:41:57.000000000 -0400
 @@ -85,6 +85,7 @@
  #define DIR__REPARENT                             0x00080000UL
  #define DIR__SEARCH                               0x00100000UL
@@ -246,7 +246,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permission
 +#define X_APPLICATION_DATA__COPY                  0x00000004UL
 diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.71/include/selinux/flask.h
 --- nsalibselinux/include/selinux/flask.h	2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/include/selinux/flask.h	2008-09-22 13:28:05.000000000 -0400
++++ libselinux-2.0.71/include/selinux/flask.h	2008-09-24 07:41:57.000000000 -0400
 @@ -35,18 +35,18 @@
  #define SECCLASS_SHM                                     28
  #define SECCLASS_IPC                                     29
@@ -289,14 +289,24 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libse
  
  /*
   * Security identifier indices for initial entities
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_get_initial_sid.3 libselinux-2.0.71/man/man3/avc_get_initial_sid.3
+--- nsalibselinux/man/man3/avc_get_initial_sid.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/avc_get_initial_sid.3	2008-09-24 08:44:16.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/avc_context_to_sid.3
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/fgetfilecon.3 libselinux-2.0.71/man/man3/fgetfilecon.3
 --- nsalibselinux/man/man3/fgetfilecon.3	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man3/fgetfilecon.3	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/man/man3/fgetfilecon.3	2008-09-24 07:41:57.000000000 -0400
 @@ -0,0 +1 @@
 +.so man3/getfilecon.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_type.3 libselinux-2.0.71/man/man3/get_default_type.3
+--- nsalibselinux/man/man3/get_default_type.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/get_default_type.3	2008-09-24 08:40:51.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/get_ordered_context_list.3
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getkeycreatecon.3 libselinux-2.0.71/man/man3/getkeycreatecon.3
 --- nsalibselinux/man/man3/getkeycreatecon.3	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man3/getkeycreatecon.3	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/man/man3/getkeycreatecon.3	2008-09-24 07:41:57.000000000 -0400
 @@ -0,0 +1,38 @@
 +.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation"
 +.SH "NAME"
@@ -336,19 +346,286 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getkeycreatecon.3 li
 +
 +.SH "SEE ALSO"
 +.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getsockcreatecon.3 libselinux-2.0.71/man/man3/getsockcreatecon.3
+--- nsalibselinux/man/man3/getsockcreatecon.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/getsockcreatecon.3	2008-09-24 08:49:48.000000000 -0400
+@@ -0,0 +1,38 @@
++.TH "getsockcreatecon" "3" "24 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation"
++.SH "NAME"
++getsockcreatecon, setsockcreatecon \- get or set the SELinux security context used for creating a new labeled sockets.
++
++.SH "SYNOPSIS"
++.B #include <selinux/selinux.h>
++.sp
++.BI "int getsockcreatecon(security_context_t *" con );
++
++.BI "int setsockcreatecon(security_context_t "context );
++
++.SH "DESCRIPTION"
++.B getsockcreatecon
++retrieves the context used for creating a new labeled network socket.
++This returned context should be freed with freecon if non-NULL.  
++getsockcreatecon sets *con to NULL if no sockcreate context has been explicitly 
++set by the program (i.e. using the default policy behavior).
++
++.B setsockcreatecon
++sets the context used for creating a new labeled network sockets
++NULL can be passed to
++setsockcreatecon to reset to the default policy behavior.  
++The sockcreate context is automatically reset after the next execve, so a
++program doesn't need to explicitly sanitize it upon startup.  
++
++setsockcreatecon can be applied prior to library
++functions that internally perform an file creation,
++in order to set an file context on the objects.
++
++
++Note: Signal handlers that perform an setsockcreate must take care to
++save, reset, and restore the sockcreate context to avoid unexpected behavior.
++.SH "RETURN VALUE"
++On error -1 is returned.
++On success 0 is returned.
++
++.SH "SEE ALSO"
++.BR selinux "(8), " freecon "(3), " getcon "(3)
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_enabled.3 libselinux-2.0.71/man/man3/is_selinux_enabled.3
+--- nsalibselinux/man/man3/is_selinux_enabled.3	2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.71/man/man3/is_selinux_enabled.3	2008-09-24 07:48:20.000000000 -0400
+@@ -1,14 +1,22 @@
+ .TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+ .SH "NAME"
+ is_selinux_enabled \- check whether SELinux is enabled
++
++.SH "NAME"
++is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Securty) MLS 
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .sp
+ .B int is_selinux_enabled();
+ 
++.B int is_selinux_mls_enabled();
++
+ .SH "DESCRIPTION"
+ .B is_selinux_enabled
+-returns 1 if SELinux is running or 0 if it is not.  May change soon.
++returns 1 if SELinux is running or 0 if it is not. 
++
++.B is_selinux_mls_enabled
++returns 1 if SELinux is running in MLS mode or 0 if it is not. 
+ 
+ .SH "SEE ALSO"
+ .BR selinux "(8)"
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_mls_enabled.3 libselinux-2.0.71/man/man3/is_selinux_mls_enabled.3
+--- nsalibselinux/man/man3/is_selinux_mls_enabled.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/is_selinux_mls_enabled.3	2008-09-24 07:47:56.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/is_selinux_enabled.3
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/lgetfilecon.3 libselinux-2.0.71/man/man3/lgetfilecon.3
 --- nsalibselinux/man/man3/lgetfilecon.3	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man3/lgetfilecon.3	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/man/man3/lgetfilecon.3	2008-09-24 07:41:57.000000000 -0400
 @@ -0,0 +1 @@
 +.so man3/getfilecon.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.71/man/man3/matchpathcon.3
+--- nsalibselinux/man/man3/matchpathcon.3	2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.71/man/man3/matchpathcon.3	2008-09-26 09:56:50.000000000 -0400
+@@ -18,6 +18,11 @@
+ 
+ .BI "void set_matchpathcon_flags(unsigned int " flags ");"
+ 
++.BI "int selinux_file_context_cmp(const security_context_t a,
++				     const security_context_t b);"
++
++.BI "int selinux_file_context_verify(const char *path, mode_t mode);"
++
+ .SH "DESCRIPTION"
+ .B matchpathcon_init
+ loads the file contexts configuration specified by
+@@ -111,6 +116,12 @@
+ .B MATCHPATHCON_BASEONLY
+ flag is set, then only the base file contexts configuration file
+ will be processed, not any dynamically generated entries or local customizations.
++.sp
++.B selinux_file_context_cmp
++compares two file contexts to see if their differences are "significant", the function runs the strcmp function ignoring the user componant of the file context.  
++.sp
++.B selinux_file_context_verify
++compares the file context on disk to the system default.
+ 
+ .sp
+ .SH "RETURN VALUE"
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon_fini.3 libselinux-2.0.71/man/man3/matchpathcon_fini.3
+--- nsalibselinux/man/man3/matchpathcon_fini.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/matchpathcon_fini.3	2008-09-24 08:38:17.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/matchpathcon.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon_init.3 libselinux-2.0.71/man/man3/matchpathcon_init.3
+--- nsalibselinux/man/man3/matchpathcon_init.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/matchpathcon_init.3	2008-09-24 08:38:00.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/matchpathcon.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.71/man/man3/selinux_binary_policy_path.3
+--- nsalibselinux/man/man3/selinux_binary_policy_path.3	2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.71/man/man3/selinux_binary_policy_path.3	2008-09-24 08:18:47.000000000 -0400
+@@ -1,6 +1,6 @@
+ .TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+ .SH "NAME"
+-selinux_policy_root, selinux_binary_policy_path,
++selinux_path, selinux_policy_root, selinux_binary_policy_path,
+ selinux_failsafe_context_path, selinux_removable_context_path,
+ selinux_default_context_path, selinux_user_contexts_path,
+ selinux_file_context_path, selinux_media_context_path,
+@@ -11,6 +11,8 @@
+ .B #include <selinux/selinux.h>
+ .sp
+ 
++extern const char *selinux_path(void);
++
+ extern const char *selinux_policy_root(void);
+ 
+ extern const char *selinux_binary_policy_path(void);
+@@ -23,6 +25,10 @@
+ 
+ extern const char *selinux_user_contexts_path(void);
+ 
++extern const char *selinux_usersconf_path(void);
++
++extern const char *selinux_x_context_path(void);
++
+ extern const char *selinux_file_context_path(void);
+ 
+ extern const char *selinux_media_context_path(void);
+@@ -40,10 +46,14 @@
+ directories and files based on the settings in /etc/selinux/config.
+ 
+ .sp
++selinux_path() - top-level SELinux configuration directory
++.sp
+ selinux_policy_root() - top-level policy directory 
+ .sp
+ selinux_binary_policy_path() - binary policy file loaded into kernel
+ .sp
++selinux_default_type_path - context file mapping roles to default types.
++.sp
+ selinux_failsafe_context_path() - failsafe context for emergency logins
+ .sp
+ selinux_removable_context_path() - filesystem context for removable media
+@@ -52,7 +62,17 @@
+ .sp
+ selinux_user_contexts_path() - directory containing per-user default contexts
+ .sp
+-selinux_file_context_path() - file contexts configuration
++selinux_usersconf_path() - file containing mapping between Linux Users and SELinux users
++.sp
++selinux_x_context_path() - file containing configuration for XSELinux extension
++.sp
++selinux_netfilter_context_path - default netfilter context 
++.sp
++selinux_file_context_path() - default sysstem file contexts configuration
++.sp
++selinux_file_context_local_path() - local customization file contexts configuration
++.sp
++selinux_file_context_homedir_path() - home directory file contexts configuration
+ .sp
+ selinux_media_context_path() - file contexts for media device nodes
+ .sp
+@@ -67,4 +87,3 @@
+ 
+ .SH "SEE ALSO"
+ .BR selinux "(8)"
+-
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_default_type_path.3 libselinux-2.0.71/man/man3/selinux_default_type_path.3
+--- nsalibselinux/man/man3/selinux_default_type_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_default_type_path.3	2008-09-24 08:19:09.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_cmp.3 libselinux-2.0.71/man/man3/selinux_file_context_cmp.3
+--- nsalibselinux/man/man3/selinux_file_context_cmp.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_file_context_cmp.3	2008-09-26 09:57:51.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/matchpathcon.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_homedir_path.3 libselinux-2.0.71/man/man3/selinux_file_context_homedir_path.3
+--- nsalibselinux/man/man3/selinux_file_context_homedir_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_file_context_homedir_path.3	2008-09-24 08:17:07.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_local_path.3 libselinux-2.0.71/man/man3/selinux_file_context_local_path.3
+--- nsalibselinux/man/man3/selinux_file_context_local_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_file_context_local_path.3	2008-09-24 08:17:14.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_verify.3 libselinux-2.0.71/man/man3/selinux_file_context_verify.3
+--- nsalibselinux/man/man3/selinux_file_context_verify.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_file_context_verify.3	2008-09-26 09:57:30.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/matchpathcon.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getpolicytype.3 libselinux-2.0.71/man/man3/selinux_getpolicytype.3
+--- nsalibselinux/man/man3/selinux_getpolicytype.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_getpolicytype.3	2008-09-24 07:42:23.000000000 -0400
+@@ -0,0 +1,21 @@
++.TH "selinux_getpolicytype" "3" "24 Sep 2008" "dwalsh@redhat.com" "SELinux API documentation"
++.SH "NAME"
++selinux_getpolicytype \- get the type of SELinux policy running on the system
++.SH "SYNOPSIS"
++.B #include <selinux/selinux.h>
++.sp
++.B int selinux_getpolicytype();
++
++
++.SH "DESCRIPTION"
++.B selinux_getpolicytype
++Reads the contents of the /etc/selinux/config file to determine the SELinux policy used on the system.
++
++.SH "RETURN VALUE"
++On success, zero is returned.
++On failure, -1 is returned.
++
++.SH "SEE ALSO"
++.BR selinux "(8)"
++
++
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_homedir_context_path.3 libselinux-2.0.71/man/man3/selinux_homedir_context_path.3
+--- nsalibselinux/man/man3/selinux_homedir_context_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_homedir_context_path.3	2008-09-24 08:36:35.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_netfilter_context_path.3 libselinux-2.0.71/man/man3/selinux_netfilter_context_path.3
+--- nsalibselinux/man/man3/selinux_netfilter_context_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_netfilter_context_path.3	2008-09-24 08:36:44.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_path.3 libselinux-2.0.71/man/man3/selinux_path.3
+--- nsalibselinux/man/man3/selinux_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_path.3	2008-09-24 08:02:28.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_usersconf_path.3 libselinux-2.0.71/man/man3/selinux_usersconf_path.3
+--- nsalibselinux/man/man3/selinux_usersconf_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_usersconf_path.3	2008-09-24 08:36:00.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_x_context_path.3 libselinux-2.0.71/man/man3/selinux_x_context_path.3
+--- nsalibselinux/man/man3/selinux_x_context_path.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/selinux_x_context_path.3	2008-09-24 08:36:08.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/selinux_binary_policy_path.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/set_matchpathcon_flags.3 libselinux-2.0.71/man/man3/set_matchpathcon_flags.3
+--- nsalibselinux/man/man3/set_matchpathcon_flags.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/set_matchpathcon_flags.3	2008-09-24 08:42:03.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/matchpathcon.3
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setkeycreatecon.3 libselinux-2.0.71/man/man3/setkeycreatecon.3
 --- nsalibselinux/man/man3/setkeycreatecon.3	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man3/setkeycreatecon.3	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/man/man3/setkeycreatecon.3	2008-09-24 07:41:57.000000000 -0400
 @@ -0,0 +1 @@
 +.so man3/getkeycreatecon.3
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setsockcreatecon.3 libselinux-2.0.71/man/man3/setsockcreatecon.3
+--- nsalibselinux/man/man3/setsockcreatecon.3	1969-12-31 19:00:00.000000000 -0500
++++ libselinux-2.0.71/man/man3/setsockcreatecon.3	2008-09-24 08:46:55.000000000 -0400
+@@ -0,0 +1 @@
++.so man3/getsockcreatecon.3
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8
 --- nsalibselinux/man/man8/selinuxconlist.8	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man8/selinuxconlist.8	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/man/man8/selinuxconlist.8	2008-09-24 07:41:57.000000000 -0400
 @@ -0,0 +1,18 @@
 +.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
 +.SH "NAME"
@@ -370,7 +647,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 lib
 +secon(8), selinuxdefcon(8)
 diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8
 --- nsalibselinux/man/man8/selinuxdefcon.8	1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-2.0.71/man/man8/selinuxdefcon.8	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/man/man8/selinuxdefcon.8	2008-09-24 07:41:57.000000000 -0400
 @@ -0,0 +1,19 @@
 +.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
 +.SH "NAME"
@@ -393,7 +670,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libs
 +secon(8), selinuxconlist(8)
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_perm_to_string.h libselinux-2.0.71/src/av_perm_to_string.h
 --- nsalibselinux/src/av_perm_to_string.h	2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/src/av_perm_to_string.h	2008-09-22 13:42:50.000000000 -0400
++++ libselinux-2.0.71/src/av_perm_to_string.h	2008-09-24 07:41:57.000000000 -0400
 @@ -14,12 +14,17 @@
     S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
     S_(SECCLASS_DIR, DIR__SEARCH, "search")
@@ -617,7 +894,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_perm_to_string.h libse
 +   S_(SECCLASS_X_APPLICATION_DATA, X_APPLICATION_DATA__COPY, "copy")
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c
 --- nsalibselinux/src/callbacks.c	2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/src/callbacks.c	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/src/callbacks.c	2008-09-24 07:41:57.000000000 -0400
 @@ -16,6 +16,7 @@
  {
  	int rc;
@@ -628,7 +905,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.
  	va_end(ap);
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/class_to_string.h libselinux-2.0.71/src/class_to_string.h
 --- nsalibselinux/src/class_to_string.h	2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/src/class_to_string.h	2008-09-22 13:43:02.000000000 -0400
++++ libselinux-2.0.71/src/class_to_string.h	2008-09-24 07:41:57.000000000 -0400
 @@ -33,18 +33,18 @@
      S_("shm")
      S_("ipc")
@@ -670,7 +947,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/class_to_string.h libseli
 +    S_("x_application_data")
 diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c
 --- nsalibselinux/src/matchpathcon.c	2008-08-28 09:34:24.000000000 -0400
-+++ libselinux-2.0.71/src/matchpathcon.c	2008-09-22 13:25:36.000000000 -0400
++++ libselinux-2.0.71/src/matchpathcon.c	2008-09-24 07:41:57.000000000 -0400
 @@ -2,6 +2,7 @@
  #include <string.h>
  #include <errno.h>
@@ -688,3 +965,38 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
  	va_end(ap);
  }
  
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-2.0.71/src/selinux_config.c
+--- nsalibselinux/src/selinux_config.c	2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.71/src/selinux_config.c	2008-09-24 08:06:37.000000000 -0400
+@@ -335,13 +335,6 @@
+ 
+ hidden_def(selinux_booleans_path)
+ 
+-const char *selinux_users_path()
+-{
+-	return get_path(USERS_DIR);
+-}
+-
+-hidden_def(selinux_users_path)
+-
+ const char *selinux_usersconf_path()
+ {
+ 	return get_path(SEUSERS);
+diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.71/utils/matchpathcon.c
+--- nsalibselinux/utils/matchpathcon.c	2008-08-28 09:34:24.000000000 -0400
++++ libselinux-2.0.71/utils/matchpathcon.c	2008-09-26 09:42:51.000000000 -0400
+@@ -106,12 +106,12 @@
+ 
+ 		if (verify) {
+ 			if (quiet) {
+-				if (selinux_file_context_verify(argv[i], 0))
++				if (selinux_file_context_verify(argv[i], mode))
+ 					continue;
+ 				else
+ 					exit(1);
+ 			}
+-			if (selinux_file_context_verify(argv[i], 0)) {
++			if (selinux_file_context_verify(argv[i], mode)) {
+ 				printf("%s verified.\n", argv[i]);
+ 			} else {
+ 				security_context_t con;