- Update from NSA

Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
    allow variable MLS fields.

.cvsignore

@@ -35,3 +35,4 @@ libselinux-1.23.5.tgz
 libselinux-1.23.6.tgz
 libselinux-1.23.7.tgz
 libselinux-1.23.8.tgz
+libselinux-1.23.10.tgz

libselinux-rhat.patch

@@ -1,95 +1,33 @@
---- /dev/null	2005-04-20 05:34:52.522685192 -0400
+diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-1.23.10/man/man8/selinux.8
-+++ libselinux-1.23.7/man/man3/selinux_policy_root.3	2005-04-21 09:54:24.000000000 -0400
+--- nsalibselinux/man/man8/selinux.8	2004-11-02 14:26:19.000000000 -0500
-@@ -0,0 +1,17 @@
++++ libselinux-1.23.10/man/man8/selinux.8	2005-04-29 14:58:05.000000000 -0400
-+.TH "selinux_policy_root" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+@@ -1,4 +1,4 @@
-+.SH "NAME"
+-.TH  "selinux"  "8"  "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
-+selinux_policy_root \- return the path of the SELinux policy files for this machine.
++.TH  "selinux"  "8"  "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
-+.SH "SYNOPSIS"
-+.B #include <selinux/selinux.h>
-+.sp
-+.B char *selinux_policy_root();
-+.br
-+
-+.SH "DESCRIPTION"
-+.B selinux_policy_root
-+Reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine.
-+.SH "RETURN VALUE"
-+On success, returns a directory path containing the SELinux policy files.
-+On failure, NULL is returned.
-+
-+
---- libselinux-1.23.7/man/man8/matchpathcon.8.rhat	2005-04-21 10:05:45.000000000 -0400
-+++ libselinux-1.23.7/man/man8/matchpathcon.8	2005-04-21 10:12:24.000000000 -0400
-@@ -0,0 +1,20 @@
-+.TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SE Linux Command Line documentation"
-+.SH "NAME"
-+matchpathcon \- get the default security context for the specified path from the file contexts configuration.
-+
-+.SH "SYNOPSIS"
-+.B matchpathcon [-n] filepath...
-+
-+.SH "DESCRIPTION"
-+.B matchpathcon
-+Prints the file path and the default security context associated with it.
-+.br
-+If the -n option is given, do not display path.
-+
-+.SH AUTHOR	
-+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
-+.br
-+The program was written by NSA
-+
-+.SH "SEE ALSO"
-+.BR mathpathcon "(3), " 
---- libselinux-1.23.7/utils/matchpathcon.c.rhat	2005-04-13 11:34:19.000000000 -0400
-+++ libselinux-1.23.7/utils/matchpathcon.c	2005-04-21 10:02:04.000000000 -0400
-@@ -1,25 +1,43 @@
- #include <unistd.h>
- #include <stdio.h>
- #include <stdlib.h>
-+#include <getopt.h>
- #include <selinux/selinux.h>
  
-+void usage(const char *progname) 
+ .SH "NAME"
-+{
+ selinux \- NSA Security-Enhanced Linux (SELinux)
-+	fprintf(stderr, "usage:  %s [-n] path...\n", progname);
+@@ -62,11 +62,22 @@
-+	exit(1);
+ .B system-config-securitylevel
-+}
+ allows customization of these booleans and tunables.
-+
- int main(int argc, char **argv) 
- {
- 	char *buf;
- 	int rc, i;
-+	int header=1, opt;
  
--	if (argc < 2) {
++.br
--		fprintf(stderr, "usage:  %s path...\n", argv[0]);
++Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.  
--		return 1;
--	}
-+	if (argc < 2) usage(argv[0]);
- 
--	for (i = 1; i < argc; i++) {
-+	while ((opt = getopt(argc, argv, "n")) > 0) {
-+		switch (opt) {
-+		case 'n':
-+			header=0;
-+			break;
-+		default:
-+			usage(argv[0]);
-+		}
-+	}
-+	for (i = optind; i < argc; i++) {
- 		rc = matchpathcon(argv[i], 0, &buf);
- 		if (rc < 0) {
- 			fprintf(stderr, "%s:  matchpathcon(%s) failed\n", argv[0], argv[i]);
- 			return 2;
- 		}
--		printf("%s\t%s\n", argv[i], buf);
-+		if (header)
-+			printf("%s\t%s\n", argv[i], buf);
-+		else
-+			printf("%s\n", buf);
 +
- 		freecon(buf);
++.SH FILE LABELING
- 	}
++
- 	return 0;
++All files, directories, devices ... have a security context/label associated with them.  These context are stored in the extended attributes of the file system.
++Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel.  If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.  
++.br 
++The best way to relabel the file system is to create the flag file /.autorelabel and reboot.  system-config-securitylevel, also has this capability.  The restorcon/fixfiles commands are also available for relabeling files. 
++  
+ .SH AUTHOR	
+ This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+ 
+ .SH "SEE ALSO"
+-booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8)
++booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
++
+ 
+ .SH FILES
+ /etc/selinux/config

libselinux.spec

@@ -5,6 +5,7 @@ Release: 1
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: libselinux-rhat.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
 
@@ -34,6 +35,7 @@ needed for developing SELinux applications.
 
 %prep
 %setup -q
+%patch -p1 -b .rhat
 
 %build
 make CFLAGS="-g %{optflags}"

sources

@@ -1 +1 @@
-df37eb28e2ff559f399ce77ccbf64aa1  libselinux-1.23.8.tgz
+42f1e94a07c52e0c2bf685bacba42e39  libselinux-1.23.10.tgz