A couple of minor coverity fixes for a potential leaked file descriptor

An an unchecked return code.
Add ~/.local/share/* to restorecond_user watches

policycoreutils-rhat.patch

@@ -221,7 +221,7 @@ index 4952632..89f5d97 100644
 -#define EVENT_SIZE  (sizeof (struct inotify_event))
 -/* reasonable guess as to size of 1024 events */
 -#define BUF_LEN        (1024 * (EVENT_SIZE + 16))
- 
+-
 -static int debug_mode = 0;
 -static int verbose_mode = 0;
 -
@@ -248,11 +248,7 @@ index 4952632..89f5d97 100644
 -		return 0;
 -	return (strcmp(rest_a, rest_b) == 0);
 -}
-+static char *server_watch_file  = "/etc/selinux/restorecond.conf";
+-
-+static char *user_watch_file  = "/etc/selinux/restorecond_user.conf";
-+static char *watch_file;
-+static struct restore_opts r_opts;
- 
 -/* 
 -   A file was in a direcroty has been created. This function checks to 
 -   see if it is one that we are watching.
@@ -428,9 +424,13 @@ index 4952632..89f5d97 100644
 -	FILE *cfg = NULL;
 -	if (debug_mode)
 -		printf("Read Config\n");
--
+ 
 -	watch_list_free(fd);
--
++static char *server_watch_file  = "/etc/selinux/restorecond.conf";
++static char *user_watch_file  = "/etc/selinux/restorecond_user.conf";
++static char *watch_file;
++static struct restore_opts r_opts;
+ 
 -	cfg = fopen(watch_file_path, "r");
 -	if (!cfg)
 -		exitApp("Error reading config file.");
@@ -479,22 +479,22 @@ index 4952632..89f5d97 100644
 -					if (event->len)
 -						watch_list_find(event->wd, event->name);
 -					break;
--
++#include <selinux/selinux.h>
+ 
 -				case 1:	/* utmp has changed need to reload */
 -					read_config(fd);
 -					break;
-+#include <selinux/selinux.h>
++int debug_mode = 0;
++int terminate = 0;
++int master_wd = -1;
++int run_as_user = 0;
  
 -				default:	/* No users logged in or out */
 -					break;
 -				}
 -			}
 -		}
-+int debug_mode = 0;
+-
-+int terminate = 0;
-+int master_wd = -1;
-+int run_as_user = 0;
- 
 -		i += EVENT_SIZE + event->len;
 -	}
 -	return 0;
@@ -773,10 +773,10 @@ index b966db6..775c52b 100644
 -
 diff --git a/policycoreutils/restorecond/restorecond_user.conf b/policycoreutils/restorecond/restorecond_user.conf
 new file mode 100644
-index 0000000..e0c2871
+index 0000000..b4debed
 --- /dev/null
 +++ b/policycoreutils/restorecond/restorecond_user.conf
-@@ -0,0 +1,7 @@
+@@ -0,0 +1,8 @@
 +~/*
 +~/public_html/*
 +~/.gnome2/*
@@ -784,6 +784,7 @@ index 0000000..e0c2871
 +~/.fonts/*
 +~/.cache/*
 +~/.config/*
++~/.local/share/*
 diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
 new file mode 100644
 index 0000000..4257058
@@ -1362,6 +1363,18 @@ index 4764987..924999d 100644
  	-mkdir -p $(SBINDIR)
  	install -m 4755 seunshare $(SBINDIR)/
  	-mkdir -p $(SHAREDIR)
+diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
+index d1ccdc2..11c391c 100644
+--- a/policycoreutils/sandbox/sandbox.init
++++ b/policycoreutils/sandbox/sandbox.init
+@@ -19,6 +19,7 @@
+ #
+ 
+ # Source function library.
++. /etc/init.d/functions
+ 
+ LOCKFILE=/var/lock/subsys/sandbox
+ 
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
 index a52b6f1..c493e98 100644
 --- a/policycoreutils/sandbox/seunshare.c
@@ -1468,10 +1481,10 @@ index 0000000..e15a877
 +	rm -rf build *~
 diff --git a/policycoreutils/semanage/default_encoding/default_encoding.c b/policycoreutils/semanage/default_encoding/default_encoding.c
 new file mode 100644
-index 0000000..2ba4870
+index 0000000..023b8f4
 --- /dev/null
 +++ b/policycoreutils/semanage/default_encoding/default_encoding.c
-@@ -0,0 +1,59 @@
+@@ -0,0 +1,57 @@
 +/*
 + * Authors:
 + *   John Dennis <jdennis@redhat.com>
@@ -1526,10 +1539,8 @@ index 0000000..2ba4870
 +PyMODINIT_FUNC
 +initdefault_encoding_utf8(void)
 +{
-+    PyObject* m;
-+
 +    PyUnicode_SetDefaultEncoding("utf-8");
-+    m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
++    Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
 +}
 diff --git a/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py
 new file mode 100644
@@ -1949,7 +1960,7 @@ index f84cd7e..3565f5e 100644
  indent:
  	../../scripts/Lindent $(wildcard *.[ch])
 diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index ce44c04..f08f8e5 100644
+index ce44c04..373c9b9 100644
 --- a/policycoreutils/setfiles/restore.c
 +++ b/policycoreutils/setfiles/restore.c
 @@ -1,5 +1,6 @@
@@ -1982,12 +1993,14 @@ index ce44c04..f08f8e5 100644
  	if (!r_opts->hnd) {
  		perror(r_opts->selabel_opt_path);
  		exit(1);
-@@ -104,8 +105,7 @@ static int restore(FTSENT *ftsent)
+@@ -103,9 +104,8 @@ static int match(const char *name, struct stat *sb, char **con)
+ static int restore(FTSENT *ftsent)
  {
  	char *my_file = strdupa(ftsent->fts_path);
- 	int ret;
+-	int ret;
 -	char *context, *newcon;
 -	int user_only_changed = 0;
++	int ret = -1;
 +	security_context_t curcon = NULL, newcon = NULL;
  
  	if (match(my_file, ftsent->fts_statp, &newcon) < 0)

policycoreutils.spec

@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.7
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -352,6 +352,11 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Fri Oct 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-5
+- A couple of minor coverity fixes for a potential leaked file descriptor
+- An an unchecked return code.
+- Add ~/.local/share/* to restorecond_user watches
+
 * Thu Oct 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-4
 - Have sepolgen return name field in AVC