From a710a4e711fd9a52b54f33034590e6fffdfd4c75 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Thu, 3 Feb 2011 17:05:41 -0500
Subject: [PATCH] - Fix sandbox policy creation with udp connect ports

---
 policycoreutils-gui.patch | 20 +++++++-------------
 policycoreutils.spec      |  7 +++++--
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 32d9ca1..51b6629 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -6664,8 +6664,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
 +    app.stand_alone()
 diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.85/gui/polgen.py
 --- nsapolicycoreutils/gui/polgen.py	1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/polgen.py	2011-02-03 16:12:28.000000000 -0500
-@@ -0,0 +1,1349 @@
++++ policycoreutils-2.0.85/gui/polgen.py	2011-02-03 17:03:56.000000000 -0500
+@@ -0,0 +1,1343 @@
 +#!/usr/bin/python -Es
 +#
 +# Copyright (C) 2007-2010 Red Hat 
@@ -7734,7 +7734,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +                        t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
 +                        newsh += re.sub("TEMPLATETYPE", self.name, t1)
 +
-+                for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
++                for i in self.in_udp[PORTS]:
 +                    if self.find_port(i,"udp") == None:
 +			t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
 +			newsh += re.sub("TEMPLATETYPE", self.name, t1)
@@ -7874,16 +7874,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +    mypolicy.set_out_tcp(0,"8000")
 +    print mypolicy.generate(tmpdir)
 +
-+    mypolicy = policy("mycgi", SANDBOX)
-+    mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
-+    mypolicy.set_in_udp(1, 0, 0, "1513")
-+    mypolicy.set_use_uid(True)
-+    mypolicy.set_use_tmp(False)
-+    mypolicy.set_use_syslog(True)
-+    mypolicy.set_use_pam(True)
-+    mypolicy.set_out_tcp(0,"8000")
-+    print mypolicy.generate(tmpdir)
-+
 +    mypolicy = policy("myinetd", INETD)
 +    mypolicy.set_program("/usr/bin/mytest")
 +    mypolicy.set_in_tcp(1, 0, 0, "513")
@@ -7939,6 +7929,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
 +    mypolicy.set_transition_users(["unconfined_u", "staff_u"])
 +    print mypolicy.generate(tmpdir)
 +    
++    mypolicy = policy("mysandbox", SANDBOX)
++    mypolicy.set_out_udp(0, "993")
++    print mypolicy.generate("/tmp")
++
 +    mypolicy = policy("mydbadm", RUSER)
 +    mypolicy.set_admin_domains(["postgresql", "mysql"])
 +    print mypolicy.generate(tmpdir)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 88e38a6..244b612 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.85
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -329,7 +329,10 @@ fi
 exit 0
 
 %changelog
-* Wed Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
+* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
+- Fix sandbox policy creation with udp connect ports
+
+* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
 - Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
 - Cleanup chcat man page