Allow semodule to pick alternate root for selinux files

Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.

policycoreutils-rhat.patch

@@ -1027,7 +1027,7 @@ index b966db6..775c52b 100644
 -
 diff --git a/policycoreutils/restorecond/restorecond_user.conf b/policycoreutils/restorecond/restorecond_user.conf
 new file mode 100644
-index 0000000..f88a29a
+index 0000000..e0c2871
 --- /dev/null
 +++ b/policycoreutils/restorecond/restorecond_user.conf
 @@ -0,0 +1,7 @@
@@ -1037,7 +1037,7 @@ index 0000000..f88a29a
 +~/local/*
 +~/.fonts/*
 +~/.cache/*
-+
++~/.config/*
 diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
 new file mode 100644
 index 0000000..8cf2f20
@@ -1642,7 +1642,7 @@ index ff0ee7c..0c8a085 100644
  test:
  	@python test_sandbox.py -v
 diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 48a26c2..5fa1d72 100644
+index 48a26c2..29c99ed 100644
 --- a/policycoreutils/sandbox/sandbox
 +++ b/policycoreutils/sandbox/sandbox
 @@ -1,5 +1,6 @@
@@ -1702,7 +1702,7 @@ index 48a26c2..5fa1d72 100644
                       if not os.path.exists(newdir):
                              os.makedirs(newdir)
                       dest = newdir + "/" + bname
-@@ -81,9 +85,12 @@ def copyfile(file, dir, dest):
+@@ -81,9 +85,10 @@ def copyfile(file, dir, dest):
                              shutil.copytree(file, dest)
                       else:
                              shutil.copy2(file, dest)
@@ -1711,13 +1711,11 @@ index 48a26c2..5fa1d72 100644
 -                     for e in elist:
 -                            sys.stderr.write(e[1])
 +                     for e in elist.message:
-+                            # ignore files that are missing 
++                            sys.stderr.write(e[2])
-+                            if not e[2].startswith("[Errno 2]"):
-+                                   sys.stderr.write(e[2])
                       
                SAVE_FILES[file] = (dest, os.path.getmtime(dest))
  
-@@ -161,10 +168,10 @@ class Sandbox:
+@@ -161,10 +166,10 @@ class Sandbox:
                    if not self.__options.homedir or not self.__options.tmpdir:
                           self.usage(_("Homedir and tempdir required for level mounts"))
  
@@ -1731,7 +1729,7 @@ index 48a26c2..5fa1d72 100644
  
      def __mount_callback(self, option, opt, value, parser):
             self.__mount = True
-@@ -172,6 +179,15 @@ class Sandbox:
+@@ -172,6 +177,15 @@ class Sandbox:
      def __x_callback(self, option, opt, value, parser):
             self.__mount = True
             setattr(parser.values, option.dest, True)
@@ -1747,7 +1745,7 @@ index 48a26c2..5fa1d72 100644
  
      def __validdir(self, option, opt, value, parser):
             if not os.path.isdir(value):
-@@ -194,6 +210,8 @@ class Sandbox:
+@@ -194,6 +208,8 @@ class Sandbox:
                           self.__include(option, opt, i[:-1], parser)
                    except IOError, e:
                           sys.stderr.write(str(e))
@@ -1756,7 +1754,7 @@ index 48a26c2..5fa1d72 100644
             fd.close()
  
      def __copyfiles(self):
-@@ -212,13 +230,15 @@ class Sandbox:
+@@ -212,13 +228,15 @@ class Sandbox:
  /etc/gdm/Xsession
  """)
             else:
@@ -1774,7 +1772,7 @@ index 48a26c2..5fa1d72 100644
  kill -TERM $WM_PID  2> /dev/null
  """ % (command, wm, command))
             fd.close()
-@@ -226,14 +246,25 @@ kill -TERM $WM_PID  2> /dev/null
+@@ -226,14 +244,25 @@ kill -TERM $WM_PID  2> /dev/null
  
      def usage(self, message = ""):
             error_exit("%s\n%s" % (self.__parser.usage, message))
@@ -1804,7 +1802,7 @@ index 48a26c2..5fa1d72 100644
          
          parser = OptionParser(version=self.VERSION, usage=usage)
          parser.disable_interspersed_args()
-@@ -268,6 +299,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -268,6 +297,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
                            action="callback", callback=self.__validdir,
                            help=_("alternate /tmp directory to use for mounting"))
  
@@ -1815,7 +1813,7 @@ index 48a26c2..5fa1d72 100644
          parser.add_option("-W", "--windowmanager", dest="wm",  
                            type="string",
                            default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +311,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -276,13 +309,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
          parser.add_option("-l", "--level", dest="level", 
                            help=_("MCS/MLS level for the sandbox"))
  
@@ -1834,7 +1832,7 @@ index 48a26c2..5fa1d72 100644
          if self.__options.setype:
                 self.setype = self.__options.setype
  
-@@ -300,6 +339,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -300,6 +337,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
                 self.__homedir = self.__options.homedir
                 self.__tmpdir = self.__options.tmpdir
          else:
@@ -1845,7 +1843,7 @@ index 48a26c2..5fa1d72 100644
                 if len(cmds) == 0:
                        self.usage(_("Command required"))
                 cmds[0] = fullpath(cmds[0])
-@@ -329,44 +372,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -329,44 +370,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
      def __setup_dir(self):
             if self.__options.level or self.__options.session:
                    return
@@ -1909,7 +1907,7 @@ index 48a26c2..5fa1d72 100644
  
                    selinux.setexeccon(self.__execcon)
                    rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +446,7 @@ if __name__ == '__main__':
+@@ -404,7 +444,7 @@ if __name__ == '__main__':
             sandbox = Sandbox()
             rc = sandbox.main()
      except OSError, error:
@@ -2059,22 +2057,19 @@ index ff8b3ef..8508647 100644
  
  # Source function library.
 diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh
-index 8338203..f9e23ec 100644
+index 8338203..e501b03 100644
 --- a/policycoreutils/sandbox/sandboxX.sh
 +++ b/policycoreutils/sandbox/sandboxX.sh
 @@ -1,13 +1,17 @@
  #!/bin/bash 
--context=`id -Z | secon -t -l -P`
+ context=`id -Z | secon -t -l -P`
--export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
+ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
 -export SCREENSIZE="1000x700"
 -#export SCREENSIZE=`xdpyinfo | awk  '/dimensions/ {  print $2 }'`
-+context=`id -Z | secon -t `
-+export TITLE="`grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` ($context)"
 +[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700"
  trap "exit 0" HUP
  
--(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do 
+ (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do 
-+(/usr/bin/Xephyr -nolisten tcp -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do 
      export DISPLAY=:$D
 -    python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])'
 +    cat > ~/seremote << __EOF
@@ -5056,6 +5051,37 @@ index b7d257b..4462c9e 100644
  	def list(self, heading = True, locallist = False, use_file = False):
                  on_off = (_("off"), _("on")) 
  		if use_file:
+diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
+index 059f629..81d6a3c 100644
+--- a/policycoreutils/semodule/semodule.c
++++ b/policycoreutils/semodule/semodule.c
+@@ -162,6 +162,7 @@ static void parse_command_line(int argc, char **argv)
+ 		{"noreload", 0, NULL, 'n'},
+ 		{"build", 0, NULL, 'B'},
+ 		{"disable_dontaudit", 0, NULL, 'D'},
++		{"path", required_argument, NULL, 'p'},
+ 		{NULL, 0, NULL, 0}
+ 	};
+ 	int i;
+@@ -170,7 +171,7 @@ static void parse_command_line(int argc, char **argv)
+ 	no_reload = 0;
+ 	create_store = 0;
+ 	while ((i =
+-		getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
++		getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBD", opts,
+ 			    NULL)) != -1) {
+ 		switch (i) {
+ 		case 'b':
+@@ -198,6 +199,9 @@ static void parse_command_line(int argc, char **argv)
+ 		case 'r':
+ 			set_mode(REMOVE_M, optarg);
+ 			break;
++		case 'p':
++			semanage_set_root(optarg);
++			break;
+ 		case 'u':
+ 			set_mode(UPGRADE_M, optarg);
+ 			break;
 diff --git a/policycoreutils/sepolgen-ifgen/Makefile b/policycoreutils/sepolgen-ifgen/Makefile
 new file mode 100644
 index 0000000..211580d

policycoreutils.spec

@@ -1,13 +1,13 @@
 %define	libauditver	1.4.2-1
 %define libsepolver 	2.0.44-2
-%define	libsemanagever	2.0.44-1
+%define	libsemanagever	2.0.46-4
 %define	libselinuxver	2.0.90-3
 %define	sepolgenver	1.0.23
 
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.86
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -331,6 +331,10 @@ fi
 exit 0
 
 %changelog
+* Mon Jun 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-10
+- Allow semodule to pick alternate root for selinux files
+- Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
+
 * Wed May 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-9
 - Fix var_spool template read_spool_files
 - Fix sepolgen to handle filename transitions