From a2b2c59f7704e562836d27f881de1ac8138b84ca Mon Sep 17 00:00:00 2001
From: cvsdist <cvsdist@fedoraproject.org>
Date: Thu, 9 Sep 2004 10:35:33 +0000
Subject: [PATCH] auto-import changelog data from
 policycoreutils-1.14.1-1.src.rpm * Wed Jun 30 2004 Dan Walsh
 <dwalsh@redhat.com> 1.14.1-1 - Update from NSA - Add cron capability to
 fixfiles

* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
- Update from NSA
---
 .cvsignore                 |   2 +-
 policycoreutils-rhat.patch | 371 +++++++++++++------------------------
 policycoreutils.spec       |  13 +-
 sources                    |   2 +-
 4 files changed, 145 insertions(+), 243 deletions(-)

diff --git a/.cvsignore b/.cvsignore
index cd2646a..6f387d2 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-policycoreutils-1.13.3.tgz
+policycoreutils-1.14.1.tgz
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 067e2bb..fed3db7 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,254 +1,147 @@
---- policycoreutils-1.13.3/setfiles/setfiles.c.rhat	2004-06-23 09:21:44.000000000 -0400
-+++ policycoreutils-1.13.3/setfiles/setfiles.c	2004-06-23 09:49:12.000000000 -0400
-@@ -12,7 +12,7 @@
-  * the user.  The program does not cross file system boundaries.
-  *
-  * USAGE:
-- * setfiles [-dnpqsvW] spec_file pathname...
-+ * setfiles [-dnpqsvW] [-o filename ] spec_file pathname...
-  * 
-  * -d   Show what specification matched each file.
-  * -n	Do not change any file labels.
-@@ -21,6 +21,7 @@
-  * -s   Use stdin for a list of files instead of searching a partition.
-  * -v	Show changes in file labels.  
-  * -W   Warn about entries that have no matching file.
-+ * -o filename write out file names with wrong context.
-  *
-  * spec_file	The specification file.
-  * pathname...	The file systems to label (omit if using -s).	
-@@ -68,6 +69,7 @@
- #include <selinux/selinux.h>
+--- policycoreutils-1.14.1/scripts/Makefile.rhat	2004-06-30 12:03:27.000000000 -0400
++++ policycoreutils-1.14.1/scripts/Makefile	2004-06-30 13:14:42.776075168 -0400
+@@ -12,6 +12,7 @@
+ 	-mkdir -p $(BINDIR)
+ 	install -m 755 $(TARGETS) $(BINDIR)
+ 	install -m 755 fixfiles $(DESTDIR)/sbin
++	install -D -m 755 fixfiles.cron $(DESTDIR)/etc/cron.daily/fixfiles.cron
+ 	-mkdir -p $(MANDIR)/man8
+ 	install -m 644 fixfiles.8.gz $(MANDIR)/man8/
  
- static int add_assoc = 1;
-+static FILE *outfile=NULL;
- 
- /*
-  * Command-line options.
-@@ -480,8 +482,8 @@
- void usage(const char * const name)
- {
- 	fprintf(stderr,
--		"usage:  %s [-dnqvW] spec_file pathname...\n"
--		"usage:  %s -s [-dnqvW] spec_file\n", name, name);
-+		"usage:  %s [-dnqvW] [-o filename] spec_file pathname...\n"
-+		"usage:  %s -s [-dnqvW] [-o filename ] spec_file\n", name, name);
- 	exit(1);
- }
- 
-@@ -652,6 +654,9 @@
- 
- 	freecon(context);
- 
-+	if (outfile) 
-+		fprintf(outfile, "%s\n", my_file);
+--- policycoreutils-1.14.1/scripts/fixfiles.cron.rhat	2004-06-30 13:12:42.062426432 -0400
++++ policycoreutils-1.14.1/scripts/fixfiles.cron	2004-06-30 13:28:28.507544904 -0400
+@@ -0,0 +1,15 @@
++#!/bin/sh
 +
- 	/*
- 	 * Do not relabel the file if -n was used.
- 	 */
-@@ -705,7 +710,7 @@
- 	spec_t *spec_copy;
- 
- 	/* Process any options. */
--	while ((opt = getopt(argc, argv, "dnqrsvW")) > 0) {
-+	while ((opt = getopt(argc, argv, "dnqrsvWo:")) > 0) {
- 		switch (opt) {
- 		case 'd':
- 			debug = 1;
-@@ -713,6 +718,15 @@
- 		case 'n':
- 			change = 0;
- 			break;
-+		case 'o':
-+			outfile = fopen(optarg,"w");
-+			if (!outfile) {
-+				fprintf(stderr, "Error opening %s: %s\n", 
-+					optarg, strerror(errno));
++CRONTYPE="check"
++INVALIDFILE=/var/tmp/badcontext
++CRONMAILTO="root"
 +
-+				usage(argv[0]);
-+			}
-+			break;
- 		case 'q':
- 			quiet = 1;
- 			break;
-@@ -1039,6 +1053,8 @@
- 			}
- 		}
- 	}
-+	if (outfile) 
-+		fclose(outfile);
- 
- 	QPRINTF("%s:  Done.\n", argv[0]);
- 
---- policycoreutils-1.13.3/setfiles/setfiles.8.rhat	2004-06-23 09:21:44.000000000 -0400
-+++ policycoreutils-1.13.3/setfiles/setfiles.8	2004-06-23 09:46:15.000000000 -0400
-@@ -4,8 +4,7 @@
- 
- .SH "SYNOPSIS"
- .B setfiles
--.I [\-d] [\-n] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
--
-+.I [\-d] [\-n] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] spec_file pathname...
- .SH "DESCRIPTION"
- This manual page describes the
- .BR setfiles
-@@ -30,6 +29,9 @@
- .B \-q
- suppress non-error output.
- .TP 
-+.B \-o filename
-+save list of files with incorrect context in filename.
-+.TP 
- .B \-s
- take a list of files from standard input instead of using a pathname on the
- command line.
---- policycoreutils-1.13.3/scripts/fixfiles.rhat	2004-06-23 09:21:44.000000000 -0400
-+++ policycoreutils-1.13.3/scripts/fixfiles	2004-06-24 13:11:07.359579384 -0400
-@@ -32,7 +32,7 @@
++. /etc/selinux/config
++
++renice +19 -p $$ >/dev/null 2>&1
++OUTFILE=`mktemp ${INVALIDFILE}.XXXXXXXXXX`  || exit 1
++/sbin/fixfiles -o $OUTFILE $CRONTYPE
++mv -f $OUTFILE $INVALIDFILE
++if [ -s $INVALIDFILE ]; then
++    mail ${MAILTO} -s "Invalid File Contexts" < $INVALIDFILE
++fi
+--- policycoreutils-1.14.1/scripts/fixfiles.rhat	2004-06-30 13:10:21.630775288 -0400
++++ policycoreutils-1.14.1/scripts/fixfiles	2004-06-30 13:11:46.932807408 -0400
+@@ -19,25 +19,37 @@
+ # You should have received a copy of the GNU General Public License
+ # along with this program; if not, write to the Free Software
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
++#
++# Set global Variables
++#
++checkFlag=0
++restoreFlag=0
++relabelFlag=0
++fullFlag=0
++rpmFlag=0
++rpmFiles=""
++outfileFlag=0
++OUTFILES=""
++LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX`  || exit 1
++SETFILES=/usr/sbin/setfiles
++FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
+ SELINUXTYPE="targeted"
++
+ if [ -e /etc/selinux/config ]; then
+     . /etc/selinux/config
+     FC=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
+ else
+     FC=/etc/security/selinux/file_contexts
+ fi
+-LOGFILE=`mktemp /var/tmp/fixfiles.XXXXXXXXXX`  || exit 1
+-SETFILES=/usr/sbin/setfiles
+-FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs | reiserfs ).*rw/{print $3}';`
  
  checkLabels () {
  echo "logging to $LOGFILE"
--if [ $1 != "" ]; then
-+if [ "x$1" != "x" ]; then
+ if [ ! -z "$1" ]; then
      for i in `echo $1 | sed 's/,/ /g'`; do
- 	rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE
+-	rpm -q -l $i | restorecon -n -v -f - 2>&1 | tee $LOGFILE
++	rpm -q -l $i | restorecon ${OUTFILES} -n -v -f - 2>&1 | tee $LOGFILE
      done
-@@ -43,7 +43,7 @@
- 
- restoreLabels () {
- echo "logging to $LOGFILE"
--if [ $1 != "" ]; then
-+if [ "x$1" != "x" ]; then
-     for i in `echo $1 | sed 's/,/ /g'`; do
- 	rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
-     done
-@@ -56,7 +56,7 @@
- echo "logging to $LOGFILE"
- echo "Cleaning out /tmp"
- rm -rf /tmp/.??* /tmp/*
--if [ $1 != "" ]; then
-+if [ "x$1" != "x" ]; then
-     for i in `echo $1 | sed 's/,/ /g'`; do
- 	rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
-     done
-@@ -73,9 +73,9 @@
- Do you wish to clean out the /tmp directory [N]? "
- read answer
- if [ "$answer" = y -o  "$answer" = Y ]; then 
--    relabel $1
-+    relabel "$1"
  else
--    restoreLabels $1
-+    restoreLabels "$1"
+-    ${SETFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
++    ${SETFILES} ${OUTFILES} -v -n ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
  fi
- 
  }
---- policycoreutils-1.13.3/restorecon/restorecon.8.rhat	2004-06-23 09:21:44.000000000 -0400
-+++ policycoreutils-1.13.3/restorecon/restorecon.8	2004-06-23 09:46:48.000000000 -0400
-@@ -4,7 +4,10 @@
  
- .SH "SYNOPSIS"
- .B restorecon
--.I [\-n] [\-v] pathname...
-+.I [\-o outfilename ] [\-n] [\-v] pathname...
-+.P
-+.B restorecon
-+.I \-f infilename [\-o outfilename ] [\-n] [\-v] 
- 
- .SH "DESCRIPTION"
- This manual page describes the
-@@ -20,9 +23,15 @@
- 
- .SH "OPTIONS"
- .TP 
-+.B \-f infilename
-+infilename contains a list of files to be processed by application. Use \- for stdin.
-+.TP 
- .B \-n
- don't change any file labels.
- .TP 
-+.B \-o outfilename
-+save list of files with incorrect context in outfilename.
-+.TP 
- .B \-v
- show changes in file labels.
- .TP 
---- policycoreutils-1.13.3/restorecon/restorecon.c.rhat	2004-06-23 09:21:44.000000000 -0400
-+++ policycoreutils-1.13.3/restorecon/restorecon.c	2004-06-23 09:48:44.000000000 -0400
-@@ -12,6 +12,7 @@
-  * 
-  * -n	Do not change any file labels.
-  * -v	Show changes in file labels.  
-+ * -o filename save list of files with incorrect context
-  *
-  * pathname...	The file(s) to label 
-  *
-@@ -41,7 +42,7 @@
- 	  "usage:  %s [-nv] [-f filename | pathname... ]\n",  name);
-   exit(1);
+@@ -45,10 +57,10 @@
+ echo "logging to $LOGFILE"
+ if [ ! -z "$1" ]; then
+     for i in `echo $1 | sed 's/,/ /g'`; do
+-	rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
++	rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
+     done
+ else
+-    ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
++    ${SETFILES} ${OUTFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ fi
  }
--int restore(char *filename, int change, int verbose) {
-+int restore(char *filename, int change, int verbose, FILE *outfile) {
-   int retcontext=0;
-   int retval=0;
-   int errors=0;
-@@ -72,6 +73,9 @@
-   
-   if (retcontext >= 0 || errno == ENODATA) {
-     if (retcontext < 0 || strcmp(prev_context,scontext) != 0) {
-+      if (outfile) {
-+	fprintf(outfile, "%s\n", filename);
-+      }
-       if (change) {
- 	retval=lsetfilecon(filename,scontext);
-       }
-@@ -106,6 +110,7 @@
-   int verbose=0;
-   int file=0;
-   char opt;
-+  FILE *outfile=NULL;
-   char buf[PATH_MAX];
  
-   progname=argv[0];
-@@ -114,11 +119,19 @@
- 
-   memset(buf,0, sizeof(buf));
- 
--  while ((opt = getopt(argc, argv, "nvf:")) > 0) {
-+  while ((opt = getopt(argc, argv, "nvf:o:")) > 0) {
-     switch (opt) {
-     case 'n':
-       change = 0;
-       break;
-+    case 'o':
-+      outfile = fopen(optarg,"w");
-+      if (!outfile) {
-+	 fprintf(stderr, "Error opening %s: %s\n", 
-+		 optarg, strerror(errno));
-+	 usage(argv[0]);
-+      }
-+      break;
-     case 'v':
-       verbose = 1;
-       break;
-@@ -141,15 +154,18 @@
-     }
-     while(fgets(buf,PATH_MAX,f)) {
-       buf[strlen(buf)-1]=0;
--      errors=errors+restore(buf,change, verbose);
-+      errors=errors+restore(buf, change, verbose, outfile);
-     }
-     if (strcmp(file_name,"-")!=0) 
-       fclose(f);
-   } 
-   else {
-     for (i=optind; i< argc; i++) {
--      errors=errors+restore(argv[i],change, verbose);
-+      errors=errors+restore(argv[i], change, verbose, outfile);
-     }
-   }
-+  if (outfile) 
-+    fclose(outfile);
-+  
-   return errors;
+@@ -58,10 +70,10 @@
+ rm -rf /tmp/.??* /tmp/*
+ if [ ! -z "$1" ]; then
+     for i in `echo $1 | sed 's/,/ /g'`; do
+-	rpm -q -l $i | restorecon -v -f - 2>&1 | tee $LOGFILE
++	rpm -q -l $i | restorecon ${OUTFILES} -v -f - 2>&1 | tee $LOGFILE
+     done
+ else
+-    ${SETFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
++    ${SETFILES} ${OUTFILES} -v ${FC} ${FILESYSTEMS} 2>&1 | tee $LOGFILE
+ fi
  }
+ relabelCheck() {
+@@ -81,16 +93,9 @@
+ }
+ 
+ usage() {
+-      	echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] |check|restore|[-F] relabel}"
++      	echo $"Usage: $0 {-R rpmpackage[,rpmpackage...] [-l logfile ] [-o outputfile ] |check|restore|[-F] relabel}"
+ }
+ 
+-checkFlag=0
+-restoreFlag=0
+-relabelFlag=0
+-fullFlag=0
+-rpmFlag=0
+-rpmFiles=""
+-
+ # See how we were called.
+ for i in $@; do
+ if [ $rpmFlag = 2 ]; then
+@@ -98,6 +103,16 @@
+     rpmFlag=1
+     continue
+ fi
++if [ $outfileFlag = 2 ]; then
++    OUTFILES="-o $i"
++    outfileFlag=1
++    continue
++fi
++if [ $logfileFlag = 2 ]; then
++    LOGFILE="$i"
++    logfileFlag=1
++    continue
++fi
+ case "$i" in
+ 	check)
+ 		checkFlag=1
+@@ -114,6 +129,12 @@
+         -R)
+ 		rpmFlag=2
+ 		;;
++        -o)
++		outfileFlag=2
++		;;
++        -l)
++		logfileFlag=2
++		;;
+ 	*)
+ 	    usage
+ 	    exit 1
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 3e8a954..298486b 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,7 +1,7 @@
 Summary: SELinux policy core utilities.
 Name: policycoreutils
-Version: 1.13.3
-Release: 2
+Version: 1.14.1
+Release: 1
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -66,13 +66,22 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/newrole
 %{_bindir}/audit2allow
 %{_mandir}/man1/newrole.1.gz
+%{_sysconfdir}/cron.daily/fixfiles.cron
 %config %{_sysconfdir}/pam.d/newrole
 %{_sbindir}/run_init
 %config %{_sysconfdir}/pam.d/run_init
 %{_mandir}/man8/run_init.8.gz
 %config(noreplace) %{_sysconfdir}/sestatus.conf
 
+
 %changelog
+* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
+- Update from NSA
+- Add cron capability to fixfiles
+
+* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
+- Update from NSA
+
 * Thu Jun 24 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
 - Fix fixfiles to handle no rpm file on relabel
 
diff --git a/sources b/sources
index 25ed1a8..189ca76 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1a6794d323aed0b2277e88fdcdd0bd4b  policycoreutils-1.13.3.tgz
+82646a87e75a879802709d3ea1ffcbff  policycoreutils-1.14.1.tgz