* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2

- Fix sandbox to setsid so it can run under mozilla without crashing the session

policycoreutils-rhat.patch

@@ -1875,27 +1875,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +.PP
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.75/sandbox/sandboxX.sh
 --- nsapolicycoreutils/sandbox/sandboxX.sh	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.75/sandbox/sandboxX.sh	2009-11-03 09:44:56.000000000 -0500
++++ policycoreutils-2.0.75/sandbox/sandboxX.sh	2009-11-11 16:02:16.000000000 -0500
 @@ -0,0 +1,16 @@
 +#!/bin/bash 
 +export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
 +export SCREEN=`/usr/bin/xdpyinfo -display $DISPLAY | /bin/awk '/dimensions/ { print $2 }'`
 +
 +(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do 
-+export DISPLAY=:$D
++    export DISPLAY=:$D
-+/usr/bin/matchbox-window-manager -use_titlebar no &
++    /usr/bin/matchbox-window-manager -use_titlebar no &
-+WM_PID=$!
++    WM_PID=$!
-+~/.sandboxrc &
++    ~/.sandboxrc &
-+CLIENT_PID=$!
++    CLIENT_PID=$!
-+wait $CLIENT_PID
++    wait $CLIENT_PID
-+export EXITCODE=$?
++    export EXITCODE=$?
-+kill -TERM $WM_PID
++    kill -TERM $WM_PID
-+kill -HUP 0
++    kill -HUP 0
-+break
++    break
 +done
+Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.75/sandbox/seunshare differ
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.75/sandbox/seunshare.c
 --- nsapolicycoreutils/sandbox/seunshare.c	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.75/sandbox/seunshare.c	2009-11-03 09:44:56.000000000 -0500
++++ policycoreutils-2.0.75/sandbox/seunshare.c	2009-11-11 16:00:27.000000000 -0500
 @@ -0,0 +1,265 @@
 +#include <signal.h>
 +#include <sys/types.h>
@@ -2151,7 +2152,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +			perror("Failed to change dir to homedir");
 +			exit(-1);
 +		}
-+		
++		setsid();
 +		execv(argv[optind], argv + optind);
 +		free(display);
 +		perror("execv");
@@ -2162,6 +2163,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po
 +
 +	return status;
 +}
+Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.75/sandbox/seunshare.o differ
 diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.75/scripts/chcat
 --- nsapolicycoreutils/scripts/chcat	2009-06-23 15:36:07.000000000 -0400
 +++ policycoreutils-2.0.75/scripts/chcat	2009-11-03 09:44:56.000000000 -0500

policycoreutils.spec

@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.75
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -296,6 +296,9 @@ fi
 exit 0
 
 %changelog
+* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
+- Fix sandbox to setsid so it can run under mozilla without crashing the session
+
 * Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
 - Update to upstream
 	* Factor out restoring logic from setfiles.c into restore.c