From 487de6f2514c3e445247618862ad5199b9ade8c1 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Mon, 8 Feb 2010 22:06:23 +0000
Subject: [PATCH] - Add icecast policy - Cleanup spec file

---
 config.tgz            | Bin 0 -> 3007 bytes
 customizable_types    |   1 +
 modules-minimum.conf  |   7 ++
 modules-mls.conf      |   9 ++-
 modules-targeted.conf |   7 ++
 policy-F13.patch      |  10 +--
 selinux-policy.spec   | 159 +++++++++++++++++++++++-------------------
 7 files changed, 114 insertions(+), 79 deletions(-)
 create mode 100644 config.tgz

diff --git a/config.tgz b/config.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..32fecce0605ae26257995d2fa5e6e5302fd0469f
GIT binary patch
literal 3007
zcmXX_c|6nqAD>%9`o>7PN}*ypsAMfy$~TM>xt4MygmR28K3J_oj;LJah*A-vM2@W-
zbCjv3k+g;77=1T3X134!=llJAUw^({kLTn0dOQ!EG<n1|#|wWVq~?6igpVKiqd!En
zv$2(`#jca~*IXE&v`f|>k~*=}e(t5IYFftNRxe+zhyKVFMlLNN|GHtP0;_{>Hqh{R
zi_y*JJL)_{b+=;KoTMavwyAteXKK>h2ER9$5byjatVSYhsOU;S-jn9q>VYx4n&;L<
zfk~+YZXBll^ih)v3*hi_#|q|_ds0+R#ew6La6(Ki`#>GMKdkSZkg>a}Q*BQdNmX0@
z2Y}qp9feE7Cq5owHD?<nA-kFj#{_i8yhqU*eyYsq#&)B5f^PYwSYEAWg9B$r8{--@
zh8RVch7w$acLVWht}VSerhi$l98hp~F1O~fO?KE_a8Z@T=icc(_99?TLLqh{YP6iB
z=*hnq9v(@gz2X-S__#PHi+I?I;(+7$+@QSEES>6<?_NZm`uXZML8YTnn_j@PQ^YYd
zhcWpt&qY<$Mcz72y_-f1xC#|UPREz8n~v;re8Nw(9Mzp~nPUCk1MZxj%1xKXt1Yum
z+WEzMdB2a2B*JeN-ZWk;fJx=*3n<l}ItLzQc2dhi&%h3%QFPo67gY@N>={_N<m`s=
z<1OKmY7|d(PD@pFRKB0y-d~33e5KPZe*9O90$neW6Jq<k)Xg%>J~bBhITb5+$s+4m
zIUM8sHc%_aUMsZSCohoKpLCa+DzCc4Z$02XItZ<IdB=~>AIQ)*=*|V=4%$8D$^*-?
z=h<}`x?PS+ykjoPAD?`EO25_%udF04&!MN&e3%CBZrG$I!Hfpu_Q<di{YB`fhPD9G
z%36Z{pbXcUo8F5{_`y8F0*-X_BDg=@WWIVdOq|@)<g<-y;t@z+uEwvAp%K0}B>AUD
zo7j>lu{>;WqnEvdO~L`w5KTj3UY}vxx>#Ff{)GzR<qJ<lp_)dA>xO3qQ3XrQX+^K=
z=eN2uV6)4EEOI)nb~KwS$7ec6I(^^2T-4c3t;hdqxp!K1jGcC=RO<2D^`4E>Z}*Mz
z63pU#ztO_cCB*M=jo8#dY*rlx7Dli`Q2W_Q=>AWW6ScsC9BeZ6%g(AAcx}E48-_jQ
zG4>1zGTC{^DUxzks{W7D>+c36ZDJ%+DsSfzq{GK`qOzTzATaOMwiErdI#<LeF~hni
zfXcDzcKbcPB?jvroy4T{5xv1QHjGe)-dOwafFxE3jRa0YU*AiK=_yC;{d6PlOx*zc
zPK#-4l089_AoHhY39uMoeS9a~lGx2B-TpqY^=h)4ki;2UCb2x2;PsKsMXhat<FO)6
ziP3STqr}H{L7^IvSXQ)$ut3pF$6q^meVeC?w};V&j%+U`flN=Joz(Sk>mL1?KlD{u
zOgaCUU?|3HoYkQMbbHJZ5M6?XQEeZl-ZG5E;SHgopl<E=$)Neql1FWpM3CxI4GkJ$
ziAbyzK$px1lSr%1Hs38@@$o&&U6p;gX(1KW9wu{^IH7N#Thxp}l5Z9pYE-QEj~31_
zu8cv%xp%^1WG#$odLh)>4%AbsxnPHL#C^1JeFge(fOg4e=t~F>@{2qD5)QY9bCH5L
zmB7y1ccY@}x7!PgFsJ*kWh%Sn3@^Tn@g4ZYeJ^gvJdwywt~3#osF4N1H^H#Ch;dmL
z*stsLb-L8&Y{3l7ke8ivy?Jp8tNh`y>xUCIJ1G5T<*6S-3HJ~i%C33?LbD~>`0r+-
zD^R*53O`c<JUKs6#gLfCFD4~gl{fdfBgBhy<0xq5>W|i9Dt%3tgcIl<6DPpS>>%E<
zm=aDZ%Z$5q_;oBnZ=oxXN)nBau5BIhABJNNLwI~+uo~%R&Pts4^5f1Cvx;j4f#IpU
z@JkD`HdmOF8?AL*H(zTOy%Zb{PfEypQ~o6BYK^8Am(+gbcZXH7!>T2IJccZ&S(BRe
zU|%0D=BP?*B|%<m@VJ~b+9ATPTidQ6tK8FEYs-l5`dK~3;ct~kHpt(*RrDEX!O-m&
zI2l!8xC!zBSlZPMK1n74^$mB_XSsibNrya>61xtXcldAiN+~NrzbU+di_^KZ@2!`{
z*=@c|*Doz?y&1F{y{5P6EfHHsYrl0atM<<M?d>sdE=^CXM@jdniyE3!9M>QVq%(!0
z{jEK7VElrF?x29WyHSuC(k`q)Ml6Dt%8x8#h_MzO8A@^2b<bxV(hoT~qUU<X#y9oQ
zmaP1@>Q4yqB71kpDa57;Zf8LnWKg!|qtN;CUmgn2>ClZaH$|%lApvOdr}yjjR^w$Z
zan8M)2IdZwK*G**mIMKAGX(+fH&$5$cp6IP)FJ~t0qAVNi<Vfak(d?yZEhw#JTqZ<
z$Y9HLeVfCcb_`AFll`UcWXDZ%Ze%BEIW_G<zX0s`IFEz{lrq?`<OA4BKyL?(=(BKz
z%%e9-#0$AnrEsRb*yYG$aKEPm?1V7`AlDv(*Im?*#U^99@Gjl6(c4r1!}o)ragx6+
zVjMEgT7Z%rd?h;;z^A7e1w%e#cas2h8}LhVfYb?c;r0Izw?R`CT&O$&W~}VxGZhbV
zgH`OU$m1;UNVVDQOB=bG-#)ukWji`sWG7Vh-qO6&r9GIvk72XpkfFX&&zU=&SbN52
z-LL=WphL#FETGR=ZE^BA&_!)bl)KOR+YwJXXqqbD&)uwNdI9g4)ek6Fz>Ekr!W3Y9
z)Ok3$2^biL*!-Mg)fw+csb5^VVh%jU`kQ*MD#j^1>q@_JS^fOGt3r%6-(G?xg5JFV
z!`c%dB;^6HVa`^xd61`6W<aKC&*d?tR6Kjb1~4xoDd&Lm1>2`cNRANbw0zX##Tre~
zKm?l+B3Qxv@&oocAV>maA~{^>+p-(=jU1!OmV0`3PpxXrrfdPjgNBo#Ekm;m!1b0I
z1D=Ri-nmNu`rx+eLqlf`7*+vaB#C<}ZxFeZj?%X#2TdLfZTldn+Fb6XXO}WWTgSU+
z^%RV|Kx)_-Odkk{?~qJ}*$58gW8T4r%Kq6;lP2RWfx!g0n1WYwYPeSzSY>FGnDHPw
z#H_UWM@Fd)>0GK?PZG;>=iOF?a)P4i%_Cxm-3IaZFTTi%>DezvErPNzv2h6xXm0@f
z(bTKUBxLs@xHZ(G>iHanD=DR9{~F{wY|Il57fb!C-${u8II~YI#?e<REn_X7l+U&`
zX^jjT{ruqJ6ml}m?oC3UZ<M0;Y%<m<3cJN3Iye266M!uECnZ=yoj%|nFUx^uBsdr!
zbG#Vm*b81oObLqfQe-%o>Ev1vy@1)MXad?-!!Of5jzKTq%t{cN8<H19i%tPSnwp$A
z_@2`cuolxl0{_BL5#_ZWTqaW&v32bi6DezPaS`ZQ)CD$*$zZxpj|Pp3oRycBaK;*d
zEkObVpIGVEggzB2sF;LOMb2mhT+v6w0{%QE-(Qye8<YnkcsQvaYeCM_^x&c5j>?JN
zc!qqbD$~s>6qqeQO&>(mD5WowD>YK*;2Je580=r8-o2Td9G&Kr*q4kf=jx=3aEcUv
z3iMU-7vvd%TyBwsQ7L!L=TXxd)%9KUeE(hle1+QuNYle5Aby|+ME^#inEvv7+##S|
z2m%UZtH1?`8W3#tx6}-@af$|oiE!GvAXpOQA~|e~kxH_Uiar<fLWJ{gr2c|TEQdga
z%ymahm~w6W2=&v;%XVW^*w+~Yhrc@M9JEljJwGX53bTKKc_bN_t@phJ(v%)bxDUly
zKLtT#5I`2-R@GwH>G^^$y{q)za4yTE7Os&YEJ2d5>8EJE-!J;RKda6`*>01?UsK5h
zQ46G|&7e?X5vLfxK;qIe$cQCbT^iWSga{<?T#gK6Md7ZX<|ar#v7`YTP?H6j+Lpy2
b{bt3yru5oK#D7E1{|W8}ho3-j5QzT)0kCRb

literal 0
HcmV?d00001

diff --git a/customizable_types b/customizable_types
index d5dc09ff..dbe706b3 100644
--- a/customizable_types
+++ b/customizable_types
@@ -5,3 +5,4 @@ httpd_user_script_exec_t
 httpd_user_content_ra_t
 httpd_user_content_rw_t
 httpd_user_content_t
+git_session_content_t
diff --git a/modules-minimum.conf b/modules-minimum.conf
index a5306a6b..9fde035a 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -733,6 +733,13 @@ irqbalance = base
 # 
 iscsi = module
 
+# Layer: services
+# Module: icecast 
+#
+#  ShoutCast compatible streaming media server
+# 
+icecast = module
+
 # Layer: services
 # Module: i18n_input
 #
diff --git a/modules-mls.conf b/modules-mls.conf
index 245ca34a..52b6dcb1 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -225,7 +225,7 @@ certmaster = module
 # 
 chronyd = module
 
-q# Layer: services
+# Layer: services
 # Module: cipe
 #
 # Encrypted tunnel daemon
@@ -239,6 +239,13 @@ cipe = module
 # 
 comsat = module
 
+# Layer: services
+# Module: corosync
+#
+# Corosync Cluster Engine Executive
+# 
+corosync = module
+
 # Layer: services
 # Module: clamav
 #
diff --git a/modules-targeted.conf b/modules-targeted.conf
index a5306a6b..9fde035a 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -733,6 +733,13 @@ irqbalance = base
 # 
 iscsi = module
 
+# Layer: services
+# Module: icecast 
+#
+#  ShoutCast compatible streaming media server
+# 
+icecast = module
+
 # Layer: services
 # Module: i18n_input
 #
diff --git a/policy-F13.patch b/policy-F13.patch
index 00b15aac..bf460c67 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -6190,7 +6190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.7.8/policy/modules/kernel/corenetwork.if.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.8/policy/modules/kernel/corenetwork.if.in	2010-02-03 16:54:15.000000000 -0500
++++ serefpolicy-3.7.8/policy/modules/kernel/corenetwork.if.in	2010-02-08 17:05:26.000000000 -0500
 @@ -1705,6 +1705,24 @@
  
  ########################################
@@ -31409,16 +31409,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.8/policy/modules/system/iptables.if
 --- nsaserefpolicy/policy/modules/system/iptables.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.8/policy/modules/system/iptables.if	2010-02-08 13:40:44.000000000 -0500
++++ serefpolicy-3.7.8/policy/modules/system/iptables.if	2010-02-08 17:05:51.000000000 -0500
 @@ -49,6 +49,13 @@
  	optional_policy(`
  		modutils_run_insmod(iptables_t, $2)
  	')
 +
 +ifdef(`hide_broken_symptoms', `
-+	dontaudit iptables_t $2:unix_stream_socket rw_socket_perms;
-+	dontaudit iptables_t $2:tcp_socket rw_socket_perms;
-+	dontaudit iptables_t $2:udp_socket rw_socket_perms;
++	dontaudit iptables_t $1:unix_stream_socket rw_socket_perms;
++	dontaudit iptables_t $1:tcp_socket rw_socket_perms;
++	dontaudit iptables_t $1:udp_socket rw_socket_perms;
 +')
 +
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6deb1f26..3e480c6b 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.8
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -30,10 +30,10 @@ Source2: booleans-targeted.conf
 Source3: Makefile.devel
 Source4: setrans-targeted.conf
 Source5: modules-mls.conf
-Source6: booleans-mls.conf	
+Source6: booleans-mls.conf
 Source8: setrans-mls.conf
 Source9: modules-olpc.conf
-Source10: booleans-olpc.conf	
+Source10: booleans-olpc.conf
 Source11: setrans-olpc.conf
 Source12: securetty_types-olpc
 Source13: policygentool
@@ -57,13 +57,14 @@ BuildRequires: python gawk checkpolicy >= %{CHECKPOLICYVER} m4 policycoreutils-p
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER} libsemanage >= 2.0.14-3
 Requires(post): /usr/bin/bunzip2 /bin/mktemp /bin/awk
 Requires: checkpolicy >= %{CHECKPOLICYVER} m4 
-Obsoletes: selinux-policy-devel
-Provides: selinux-policy-devel
+Obsoletes: selinux-policy-devel <= %{version}-%{release}
+Provides: selinux-policy-devel = %{version}-%{release}
 
 %description 
 SELinux Base package
 
 %files 
+%defattr(-,root,root,-)
 %{_mandir}/man*/*
 # policycoreutils owns these manpage directories, we only own the files within them
 %{_mandir}/ru/*/*
@@ -97,15 +98,12 @@ SELinux policy documentation package
 %check
 /usr/bin/sepolgen-ifgen -i %{buildroot}%{_usr}/share/selinux/devel/include -o /dev/null
 
-%define setupCmds() \
+%define makeCmds() \
 make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 bare \
 make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024  conf \
-cp -f $RPM_SOURCE_DIR/modules-%1.conf  ./policy/modules.conf \
-cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
-cp -f $RPM_SOURCE_DIR/users-%1 ./policy/users \
-
-%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
-awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' %{_sourcedir}/modules-%{1}.conf )
+cp -f selinux_config/modules-%1.conf  ./policy/modules.conf \
+cp -f selinux_config/booleans-%1.conf ./policy/booleans.conf \
+cp -f selinux_config/users-%1 ./policy/users \
 
 %define installCmds() \
 make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 base.pp \
@@ -123,16 +121,18 @@ touch %{buildroot}%{_sysconfdir}/selinux/%1/seusers \
 touch %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
 touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
 touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
-install -m0644 $RPM_SOURCE_DIR/securetty_types-%1 %{buildroot}%{_sysconfdir}/selinux/%1/contexts/securetty_types \
-install -m0644 $RPM_SOURCE_DIR/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \
-install -m0644 $RPM_SOURCE_DIR/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
-bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp
+install -m0644 selinux_config/securetty_types-%1 %{buildroot}%{_sysconfdir}/selinux/%1/contexts/securetty_types \
+install -m0644 selinux_config/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \
+install -m0644 selinux_config/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
+bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp \
+awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp.bz2 ", $1 }' ./policy/modules.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules.lst
 %nil
 
 %define fileList() \
 %defattr(-,root,root) \
 %dir %{_usr}/share/selinux/%1 \
 %{_usr}/share/selinux/%1/*.pp.bz2 \
+%{_usr}/share/selinux/%1/modules.lst \
 %dir %{_sysconfdir}/selinux/%1 \
 %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
 %ghost %{_sysconfdir}/selinux/%1/seusers \
@@ -149,8 +149,8 @@ bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \
 %config %{_sysconfdir}/selinux/%1/contexts/x_contexts \
 %config %{_sysconfdir}/selinux/%1/contexts/default_contexts \
-%config	%{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \
-%config	%{_sysconfdir}/selinux/%1/contexts/virtual_image_context \
+%config %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \
+%config %{_sysconfdir}/selinux/%1/contexts/virtual_image_context \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/failsafe_context \
 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \
@@ -169,11 +169,11 @@ bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp
 
 %define saveFileContext() \
 if [ -s /etc/selinux/config ]; then \
-	. %{_sysconfdir}/selinux/config; \
-	FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
-	if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \
-	   [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
-	fi \
+     . %{_sysconfdir}/selinux/config; \
+     FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
+     if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \
+        [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
+     fi \
 fi
 
 %define loadpolicy() \
@@ -186,9 +186,9 @@ semodule -b base.pp.bz2 -i %2 -s %1; \
 FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
 selinuxenabled; \
 if [ $? = 0  -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
-	fixfiles -C ${FILE_CONTEXT}.pre restore; \
-        restorecon -R /root /var/log /var/run /var/lib 2> /dev/null;\
-	rm -f ${FILE_CONTEXT}.pre; \
+     fixfiles -C ${FILE_CONTEXT}.pre restore; \
+     restorecon -R /root /var/log /var/run /var/lib 2> /dev/null; \
+     rm -f ${FILE_CONTEXT}.pre; \
 fi; 
 
 %description
@@ -200,9 +200,13 @@ Based off of reference policy: Checked out revision  2.20091117
 %prep 
 %setup -n serefpolicy-%{version} -q
 %patch -p1
+mkdir selinux_config
+for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE9} %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE24} %{SOURCE25};do
+ cp $i selinux_config
+done
+tar zxvf selinux_config/config.tgz
 
 %install
-tar zxvf $RPM_SOURCE_DIR/config.tgz
 # Build targeted policy
 %{__rm} -fR %{buildroot}
 mkdir -p %{buildroot}%{_mandir}
@@ -220,27 +224,27 @@ make clean
 %if %{BUILD_TARGETED}
 # Build targeted policy
 # Commented out because only targeted ref policy currently builds
-%setupCmds targeted mcs n y allow
+%makeCmds targeted mcs n y allow
 %installCmds targeted mcs n y allow
 %endif
 
 %if %{BUILD_MINIMUM}
 # Build minimum policy
 # Commented out because only minimum ref policy currently builds
-%setupCmds minimum mcs n y allow
+%makeCmds minimum mcs n y allow
 %installCmds minimum mcs n y allow
 %endif
 
 %if %{BUILD_MLS}
 # Build mls policy
-%setupCmds mls mls n y deny
+%makeCmds mls mls n y deny
 %installCmds mls mls n y deny
 %endif
 
 %if %{BUILD_OLPC}
 # Build olpc policy
 # Commented out because only olpc ref policy currently builds
-%setupCmds olpc mcs n y allow
+%makeCmds olpc mcs n y allow
 %installCmds olpc mcs n y allow
 %endif
 
@@ -248,60 +252,60 @@ make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITR
 mkdir %{buildroot}%{_usr}/share/selinux/devel/
 mkdir %{buildroot}%{_usr}/share/selinux/packages/
 mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
-install -m 755 $RPM_SOURCE_DIR/policygentool %{buildroot}%{_usr}/share/selinux/devel/
-install -m 644 $RPM_SOURCE_DIR/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
+install -m 755 selinux_config/policygentool %{buildroot}%{_usr}/share/selinux/devel/
+install -m 644 selinux_config/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
 install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
 install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
 echo  "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
 chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
-
+rm -rf selinux_config
 %clean
 %{__rm} -fR %{buildroot}
 
 %post
 if [ ! -s /etc/selinux/config ]; then
-	#
-	#	New install so we will default to targeted policy
-	#
-	echo "
+#
+#     New install so we will default to targeted policy
+#
+echo "
 # This file controls the state of SELinux on the system.
 # SELINUX= can take one of these three values:
-#	enforcing - SELinux security policy is enforced.
-#	permissive - SELinux prints warnings instead of enforcing.
-#	disabled - No SELinux policy is loaded.
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
 SELINUX=enforcing
 # SELINUXTYPE= can take one of these two values:
-#	targeted - Targeted processes are protected,
-#	mls - Multi Level Security protection.
+#     targeted - Targeted processes are protected,
+#     mls - Multi Level Security protection.
 SELINUXTYPE=targeted 
 
 " > /etc/selinux/config
 
-	ln -sf ../selinux/config /etc/sysconfig/selinux 
-	restorecon /etc/selinux/config 2> /dev/null || :
+     ln -sf ../selinux/config /etc/sysconfig/selinux 
+     restorecon /etc/selinux/config 2> /dev/null || :
 else
-	. /etc/selinux/config
-	# if first time update booleans.local needs to be copied to sandbox
-	[ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
-	[ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers
+     . /etc/selinux/config
+     # if first time update booleans.local needs to be copied to sandbox
+     [ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
+     [ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers
 fi
 exit 0
 
 %postun
 if [ $1 = 0 ]; then
-	setenforce 0 2> /dev/null
-	if [ ! -s /etc/selinux/config ]; then
-		echo "SELINUX=disabled" > /etc/selinux/config
-	else
-		sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
-	fi
+     setenforce 0 2> /dev/null
+     if [ ! -s /etc/selinux/config ]; then
+          echo "SELINUX=disabled" > /etc/selinux/config
+     else
+          sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
+     fi
 fi
 exit 0
 
 %if %{BUILD_TARGETED}
 %package targeted
 Summary: SELinux targeted base policy
-Provides: selinux-policy-base
+Provides: selinux-policy-base = %{version}-%{release}
 Group: System Environment/Base
 Obsoletes: selinux-policy-targeted-sources < 2
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@@ -309,7 +313,7 @@ Requires(pre): coreutils
 Requires(pre): selinux-policy = %{version}-%{release}
 Requires: selinux-policy = %{version}-%{release}
 Conflicts:  audispd-plugins <= 1.7.7-1
-Obsoletes: mod_fcgid-selinux
+Obsoletes: mod_fcgid-selinux <= %{version}-%{release}
 Conflicts:  seedit
 
 %description targeted
@@ -319,13 +323,12 @@ SELinux Reference policy targeted base module.
 %saveFileContext targeted
 
 %post targeted
+packages=`cat /usr/share/selinux/targeted/modules.lst`
 if [ $1 -eq 1 ]; then
-   packages="%{expand:%%moduleList targeted}"
    %loadpolicy targeted $packages
    restorecon -R /root /var/log /var/run /var/lib 2> /dev/null
 else
    semodule -n -s targeted -r moilscanner -r mailscanner -r gamin -r audio_entropy -r iscsid -r polkit_auth -r polkit -r rtkit_daemon -r ModemManager 2>/dev/null
-   packages="%{expand:%%moduleList targeted}"
    %loadpolicy targeted $packages
    %relabel targeted
 fi
@@ -350,6 +353,7 @@ semodule -r qmail 2> /dev/null
 exit 0
 
 %files targeted
+%defattr(-,root,root,-)
 %config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
 %fileList targeted
 %endif
@@ -357,7 +361,7 @@ exit 0
 %if %{BUILD_MINIMUM}
 %package minimum
 Summary: SELinux minimum base policy
-Provides: selinux-policy-base
+Provides: selinux-policy-base = %{version}-%{release}
 Group: System Environment/Base
 Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER}
 Requires(pre): coreutils
@@ -372,7 +376,7 @@ SELinux Reference policy minimum base module.
 %saveFileContext minimum
 
 %post minimum
-packages="unconfined.pp.bz2 unconfineduser.pp.bz2"
+packages="execmem.pp.bz2 unconfined.pp.bz2 unconfineduser.pp.bz2"
 %loadpolicy minimum $packages
 if [ $1 -eq 1 ]; then
 semanage -S minimum -i - << __eof
@@ -386,6 +390,7 @@ fi
 exit 0
 
 %files minimum
+%defattr(-,root,root,-)
 %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
 %fileList minimum
 %endif
@@ -394,7 +399,7 @@ exit 0
 %package olpc 
 Summary: SELinux olpc base policy
 Group: System Environment/Base
-Provides: selinux-policy-base
+Provides: selinux-policy-base = %{version}-%{release}
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
 Requires(pre): coreutils
 Requires(pre): selinux-policy = %{version}-%{release}
@@ -408,7 +413,7 @@ SELinux Reference policy olpc base module.
 %saveFileContext olpc
 
 %post olpc 
-packages="%{expand:%%moduleList olpc}"
+packages=`cat /usr/share/selinux/olpc/modules.lst`
 %loadpolicy olpc $packages
 
 if [ $1 -ne 1 ]; then
@@ -417,6 +422,7 @@ fi
 exit 0
 
 %files olpc
+%defattr(-,root,root,-)
 %fileList olpc
 
 %endif
@@ -425,7 +431,7 @@ exit 0
 %package mls 
 Summary: SELinux mls base policy
 Group: System Environment/Base
-Provides: selinux-policy-base
+Provides: selinux-policy-base = %{version}-%{release}
 Obsoletes: selinux-policy-mls-sources < 2
 Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
@@ -442,21 +448,28 @@ SELinux Reference policy mls base module.
 
 %post mls 
 semodule -n -s mls -r mailscanner -r polkit -r ModemManager 2>/dev/null
-packages="%{expand:%%moduleList mls}"
+packages=`cat /usr/share/selinux/mls/modules.lst`
 %loadpolicy mls $packages
 
-if [ $1 != 1 ]; then
+if [ $1 -eq 1 ]; then
+   restorecon -R /root /var/log /var/run /var/lib 2> /dev/null
+else
 %relabel mls
 fi
 exit 0
 
 %files mls
+%defattr(-,root,root,-)
 %config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u
 %fileList mls
 
 %endif
 
 %changelog
+* Thu Feb 4 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-8
+- Add icecast policy
+- Cleanup  spec file
+
 * Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-7
 - Add mcelog policy
 
@@ -472,7 +485,7 @@ exit 0
 
 * Mon Jan 25 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-3
 - Allow abrt_helper to getattr on all filesystems
-- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so	
+- Add label for /opt/real/RealPlayer/plugins/oggfformat\.so     
 
 * Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 3.7.8-2
 - Add gstreamer_home_t for ~/.gstreamer
@@ -1267,7 +1280,7 @@ exit 0
 
 * Wed Sep 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.6-1
 - Update to upstream
-- 	 New handling of init scripts
+-       New handling of init scripts
 
 * Fri Aug 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.5-4
 - Allow pcsd to dbus
@@ -2007,8 +2020,8 @@ directory)
 - More fixes for alsactl
 - Transition from hal and modutils
 - Fixes for suspend resume.  
-	- insmod domtrans to alsactl
-	- insmod writes to hal log
+     - insmod domtrans to alsactl
+     - insmod writes to hal log
 
 * Wed May 16 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-2
 - Allow unconfined_t to transition to NetworkManager_t
@@ -2932,7 +2945,7 @@ Resolves: #217725
 
 * Tue Mar 14 2006 Dan Walsh <dwalsh@redhat.com> 2.2.23-17
 - MLS Fixes
-	dmidecode needs mls_file_read_up
+     dmidecode needs mls_file_read_up
 - add ypxfr_t
 - run init needs access to nscd
 - udev needs setuid
@@ -3270,8 +3283,8 @@ Resolves: #217725
 
 * Fri Dec  8 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-3
 - Add two new httpd booleans, turned off by default
-	* httpd_can_network_relay
-	* httpd_can_network_connect_db
+     * httpd_can_network_relay
+     * httpd_can_network_connect_db
 
 * Fri Dec  8 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-2
 - Add ghost for policy.20