From fdaed91e49e841a05b1e10739bbba97693ae565e Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Fri, 30 Jan 2009 16:35:12 +0000
Subject: [PATCH] * Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-7 -
 Dont report errors on glob match and multiple links

---
 policycoreutils-rhat.patch | 144 +++++++++++++++++++++++++++++++++----
 policycoreutils.spec       |   5 +-
 2 files changed, 133 insertions(+), 16 deletions(-)

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 9166632..d1111fd 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.61/audit2allow/audit2allow.1
 --- nsapolicycoreutils/audit2allow/audit2allow.1	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.60/audit2allow/audit2allow.1	2008-12-15 15:35:46.000000000 -0500
++++ policycoreutils-2.0.61/audit2allow/audit2allow.1	2009-01-20 09:49:03.000000000 -0500
 @@ -75,9 +75,6 @@
  Generate reference policy using installed macros.
  This attempts to match denials against interfaces and may be inaccurate.
@@ -11,19 +11,89 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
  .B "\-w" | "\-\-why"
  Translates SELinux audit messages into a description of why the access was denied
  
-diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.61/Makefile
 --- nsapolicycoreutils/Makefile	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.60/Makefile	2008-12-15 15:34:54.000000000 -0500
++++ policycoreutils-2.0.61/Makefile	2009-01-20 09:49:03.000000000 -0500
 @@ -1,4 +1,4 @@
 -SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
 +SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
  
  INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
  
-diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.60/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.61/restorecond/Makefile
+--- nsapolicycoreutils/restorecond/Makefile	2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.61/restorecond/Makefile	2009-01-30 11:22:46.000000000 -0500
+@@ -20,7 +20,7 @@
+ 	install -m 755 restorecond $(SBINDIR)
+ 	install -m 644 restorecond.8 $(MANDIR)/man8
+ 	-mkdir -p $(INITDIR)
+-	install -m 644 restorecond.init $(INITDIR)/restorecond
++	install -m 755 restorecond.init $(INITDIR)/restorecond
+ 	-mkdir -p $(SELINUXDIR)
+ 	install -m 600 restorecond.conf $(SELINUXDIR)/restorecond.conf
+ 
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.61/restorecond/restorecond.c
 --- nsapolicycoreutils/restorecond/restorecond.c	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.60/restorecond/restorecond.c	2008-12-15 15:34:54.000000000 -0500
-@@ -283,6 +283,8 @@
++++ policycoreutils-2.0.61/restorecond/restorecond.c	2009-01-30 11:21:09.000000000 -0500
+@@ -1,7 +1,7 @@
+ /*
+  * restorecond
+  *
+- * Copyright (C) 2006 Red Hat 
++ * Copyright (C) 2006-2009 Red Hat 
+  * see file 'COPYING' for use and warranty information
+  *
+  * This program is free software; you can redistribute it and/or
+@@ -75,7 +75,7 @@
+ static int debug_mode = 0;
+ static int verbose_mode = 0;
+ 
+-static void restore(const char *filename);
++static void restore(const char *filename, int exact);
+ 
+ struct watchList {
+ 	struct watchList *next;
+@@ -113,12 +113,13 @@
+ 		printf("%d: File=%s\n", wd, file);
+ 	while (ptr != NULL) {
+ 		if (ptr->wd == wd) {
+-			if (strings_list_find(ptr->files, file) == 0) {
++			int exact=0;
++			if (strings_list_find(ptr->files, file, &exact) == 0) {
+ 				char *path = NULL;
+ 				if (asprintf(&path, "%s/%s", ptr->dir, file) <
+ 				    0)
+ 					exitApp("Error allocating memory.");
+-				restore(path);
++				restore(path, exact);
+ 				free(path);
+ 				return 0;
+ 			}
+@@ -155,7 +156,7 @@
+    Set the file context to the default file context for this system.
+    Same as restorecon.
+ */
+-static void restore(const char *filename)
++static void restore(const char *filename, int exact)
+ {
+ 	int retcontext = 0;
+ 	security_context_t scontext = NULL;
+@@ -181,9 +182,11 @@
+ 	}
+ 
+ 	if (!(st.st_mode & S_IFDIR) && st.st_nlink > 1) {
+-		syslog(LOG_ERR,
+-		       "Will not restore a file with more than one hard link (%s) %s\n",
+-		       filename, strerror(errno));
++		if (exact) { 
++			syslog(LOG_ERR,
++			       "Will not restore a file with more than one hard link (%s) %s\n",
++			       filename, strerror(errno));
++		}
+ 		close(fd);
+ 		return;
+ 	}
+@@ -283,6 +286,8 @@
  	inotify_rm_watch(fd, master_wd);
  	master_wd =
  	    inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
@@ -32,7 +102,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
  }
  
  /* 
-@@ -411,7 +413,14 @@
+@@ -396,7 +401,7 @@
+ 	char *file = basename(path);
+ 	ptr = firstDir;
+ 
+-	restore(path);
++	restore(path, 1);
+ 
+ 	while (ptr != NULL) {
+ 		if (strcmp(dir, ptr->dir) == 0) {
+@@ -411,7 +416,14 @@
  
  	if (!ptr)
  		exitApp("Out of Memory");
@@ -47,9 +126,44 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
  
  	ptr->dir = strdup(dir);
  	if (!ptr->dir)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.60/restorecond/utmpwatcher.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.61/restorecond/restorecond.conf
+--- nsapolicycoreutils/restorecond/restorecond.conf	2008-09-12 11:48:15.000000000 -0400
++++ policycoreutils-2.0.61/restorecond/restorecond.conf	2009-01-30 11:10:14.000000000 -0500
+@@ -5,4 +5,3 @@
+ /var/run/utmp
+ /var/log/wtmp
+ ~/*
+-~/.mozilla/plugins/libflashplayer.so
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.c policycoreutils-2.0.61/restorecond/stringslist.c
+--- nsapolicycoreutils/restorecond/stringslist.c	2008-09-12 11:48:15.000000000 -0400
++++ policycoreutils-2.0.61/restorecond/stringslist.c	2009-01-30 11:20:48.000000000 -0500
+@@ -55,9 +55,10 @@
+ 		*list = newptr;
+ }
+ 
+-int strings_list_find(struct stringsList *ptr, const char *string)
++int strings_list_find(struct stringsList *ptr, const char *string, int *exact)
+ {
+ 	while (ptr) {
++		*exact = strcmp(ptr->string, string) == 0;
+ 		int cmp = fnmatch(ptr->string, string, 0);
+ 		if (cmp == 0) 
+ 			return 0;	/* Match found */
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/stringslist.h policycoreutils-2.0.61/restorecond/stringslist.h
+--- nsapolicycoreutils/restorecond/stringslist.h	2008-08-28 09:34:24.000000000 -0400
++++ policycoreutils-2.0.61/restorecond/stringslist.h	2009-01-30 11:27:00.000000000 -0500
+@@ -31,7 +31,7 @@
+ void strings_list_free(struct stringsList *list);
+ void strings_list_add(struct stringsList **list, const char *string);
+ void strings_list_print(struct stringsList *list);
+-int strings_list_find(struct stringsList *list, const char *string);
++int strings_list_find(struct stringsList *list, const char *string, int *exact);
+ int strings_list_diff(struct stringsList *from, struct stringsList *to);
+ 
+ #endif
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.61/restorecond/utmpwatcher.c
 --- nsapolicycoreutils/restorecond/utmpwatcher.c	2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.60/restorecond/utmpwatcher.c	2008-12-15 15:34:54.000000000 -0500
++++ policycoreutils-2.0.61/restorecond/utmpwatcher.c	2009-01-20 09:49:03.000000000 -0500
 @@ -57,7 +57,7 @@
  	utmp_ptr = NULL;
  	FILE *cfg = fopen(utmp_path, "r");
@@ -69,9 +183,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
  	if (prev_utmp_ptr) {
  		changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
  		strings_list_free(prev_utmp_ptr);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.60/semanage/semanage
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.61/semanage/semanage
 --- nsapolicycoreutils/semanage/semanage	2008-11-14 17:10:15.000000000 -0500
-+++ policycoreutils-2.0.60/semanage/semanage	2009-01-13 08:55:07.000000000 -0500
++++ policycoreutils-2.0.61/semanage/semanage	2009-01-20 09:49:03.000000000 -0500
 @@ -219,6 +219,7 @@
  					     'seuser=',
  					     'store=',
@@ -80,10 +194,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po
  					     'level=',
  					     'roles=',
  					     'type=',
-diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.61/semodule/semodule.c
 --- nsapolicycoreutils/semodule/semodule.c	2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.60/semodule/semodule.c	2009-01-06 08:56:37.000000000 -0500
-@@ -359,6 +359,9 @@
++++ policycoreutils-2.0.61/semodule/semodule.c	2009-01-28 16:52:58.000000000 -0500
+@@ -359,6 +363,9 @@
  					     mode_arg);
  				}
  				result = semanage_module_remove(sh, mode_arg);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 0c8ee57..6014faa 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.0.61
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 Group:	 System Environment/Base
 Source:	 http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -219,6 +219,9 @@ else
 fi
 
 %changelog
+* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-7
+- Dont report errors on glob match and multiple links
+
 * Thu Jan 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-6
 - Move sepolgen-ifgen to post python