rpms/libselinux/FC-6 libselinux-rhat.patch, 1.96, 1.97 libselinux.spec, 1.233, 1.234
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 5 16:45:47 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/libselinux/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv11441
Modified Files:
libselinux-rhat.patch libselinux.spec
Log Message:
* Thu Apr 5 2007 Dan Walsh <dwalsh at redhat.com> - 1.33.4-3
- Fix rpm_execcon in python
libselinux-rhat.patch:
man/man3/avc_add_callback.3 | 3
man/man3/avc_cache_stats.3 | 3
man/man3/avc_context_to_sid.3 | 3
man/man3/avc_has_perm.3 | 1
man/man3/avc_init.3 | 4
man/man3/context_new.3 | 3
man/man3/freecon.3 | 6
man/man3/get_ordered_context_list.3 | 4
man/man3/getcon.3 | 4
man/man3/getexeccon.3 | 4
man/man3/getfilecon.3 | 4
man/man3/getfscreatecon.3 | 4
man/man3/getseuserbyname.3 | 3
man/man3/is_context_customizable.3 | 5
man/man3/is_selinux_enabled.3 | 6
man/man3/matchmediacon.3 | 4
man/man3/matchpathcon.3 | 4
man/man3/security_check_context.3 | 6
man/man3/security_compute_av.3 | 4
man/man3/security_getenforce.3 | 6
man/man3/security_load_booleans.3 | 2
man/man3/security_load_policy.3 | 6
man/man3/security_policyvers.3 | 6
man/man3/selinux_binary_policy_path.3 | 5
man/man3/selinux_check_securetty_context.3 | 6
man/man3/selinux_getenforcemode.3 | 5
man/man3/selinux_policy_root.3 | 3
man/man3/setfilecon.3 | 4
man/man8/avcstat.8 | 3
man/man8/getenforce.8 | 2
man/man8/getsebool.8 | 5
man/man8/matchpathcon.8 | 3
man/man8/selinuxenabled.8 | 2
man/man8/setenforce.8 | 2
man/man8/togglesebool.8 | 4
src/selinuxswig.i | 27 +++
src/selinuxswig_wrap.c | 216 ++++++++++++++++++-----------
utils/getdefaultcon.c | 80 ++++++++++
38 files changed, 339 insertions(+), 123 deletions(-)
Index: libselinux-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libselinux/FC-6/libselinux-rhat.patch,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- libselinux-rhat.patch 15 Jan 2007 15:34:10 -0000 1.96
+++ libselinux-rhat.patch 5 Apr 2007 16:45:45 -0000 1.97
@@ -1,129 +1,813 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-1.33.4/man/man3/avc_add_callback.3
---- nsalibselinux/man/man3/avc_add_callback.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/avc_add_callback.3 2007-01-12 10:52:13.000000000 -0500
-@@ -3,7 +3,7 @@
- .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
- .TH "avc_add_callback" "3" "9 June 2004" "" "SE Linux API documentation"
- .SH "NAME"
--avc_add_callback \- additional event notification for userspace object managers.
-+avc_add_callback \- additional event notification for SELinux userspace object managers.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .br
-@@ -181,3 +181,4 @@
- .BR avc_context_to_sid (3),
- .BR avc_cache_stats (3),
- .BR security_compute_av (3)
-+.BR selinux (8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-1.33.4/man/man3/avc_cache_stats.3
---- nsalibselinux/man/man3/avc_cache_stats.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/avc_cache_stats.3 2007-01-12 10:52:01.000000000 -0500
-@@ -3,7 +3,7 @@
- .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
- .TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation"
- .SH "NAME"
--avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace AVC statistics.
-+avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .br
-@@ -96,3 +96,4 @@
- .BR avc_has_perm (3),
- .BR avc_context_to_sid (3),
- .BR avc_add_callback (3)
-+.BR selinux (8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-1.33.4/man/man3/avc_context_to_sid.3
---- nsalibselinux/man/man3/avc_context_to_sid.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/avc_context_to_sid.3 2007-01-12 10:51:53.000000000 -0500
-@@ -3,7 +3,7 @@
- .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
- .TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation"
- .SH "NAME"
--avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate security ID's.
-+avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate SELinux security ID's.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .br
-@@ -88,3 +88,4 @@
- .BR avc_add_callback (3),
- .BR getcon (3),
- .BR freecon (3)
-+.BR selinux (8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-1.33.4/man/man3/avc_has_perm.3
---- nsalibselinux/man/man3/avc_has_perm.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/avc_has_perm.3 2007-01-12 10:16:17.000000000 -0500
-@@ -152,3 +152,4 @@
- .BR avc_cache_stats (3),
- .BR avc_add_callback (3),
- .BR security_compute_av (3)
-+.BR selinux(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-1.33.4/man/man3/avc_init.3
---- nsalibselinux/man/man3/avc_init.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/avc_init.3 2007-01-12 10:51:40.000000000 -0500
-@@ -3,7 +3,7 @@
- .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
- .TH "avc_init" "3" "27 May 2004" "" "SE Linux API documentation"
- .SH "NAME"
--avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace AVC setup and teardown.
-+avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .br
-@@ -209,3 +209,5 @@
- .BR avc_cache_stats (3),
- .BR avc_add_callback (3),
- .BR security_compute_av (3)
-+.BR selinux (8)
+--- libselinux-1.33.4/src/selinuxswig_wrap.c.rhat 2007-04-05 12:44:08.000000000 -0400
++++ libselinux-1.33.4/src/selinuxswig_wrap.c 2007-04-05 12:44:27.000000000 -0400
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+- * Version 1.3.29
++ * Version 1.3.31
+ *
+ * This file is not intended to be easily readable and contains a number of
+ * coding conventions designed to improve portability and efficiency. Do not make
+@@ -103,7 +103,7 @@
+ #endif
+
+ /* Deal with Microsoft's attempt at deprecating C standard runtime functions */
+-#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER)
++#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+ # define _CRT_SECURE_NO_DEPRECATE
+ #endif
+
+@@ -120,7 +120,7 @@
+
+ /* This should only be incremented when either the layout of swig_type_info changes,
+ or for whatever reason, the runtime changes incompatibly */
+-#define SWIG_RUNTIME_VERSION "2"
++#define SWIG_RUNTIME_VERSION "3"
+
+ /* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
+ #ifdef SWIG_TYPE_TABLE
+@@ -697,8 +697,6 @@
+
+
+
+-/* Python.h has to appear first */
+-#include <Python.h>
+
+ /* Add PyOS_snprintf for old Pythons */
+ #if PY_VERSION_HEX < 0x02020000
+@@ -779,6 +777,14 @@
+ }
+ #endif
+
++/* Py_ssize_t for old Pythons */
++/* This code is as recommended by: */
++/* http://www.python.org/dev/peps/pep-0353/#conversion-guidelines */
++#if PY_VERSION_HEX < 0x02050000 && !defined(PY_SSIZE_T_MIN)
++typedef int Py_ssize_t;
++# define PY_SSIZE_T_MAX INT_MAX
++# define PY_SSIZE_T_MIN INT_MIN
++#endif
+
+ /* -----------------------------------------------------------------------------
+ * error manipulation
+@@ -1172,7 +1178,7 @@
+ SWIGRUNTIMEINLINE PyObject *
+ _SWIG_Py_None(void)
+ {
+- PyObject *none = Py_BuildValue("");
++ PyObject *none = Py_BuildValue((char*)"");
+ Py_DECREF(none);
+ return none;
+ }
+@@ -2031,7 +2037,7 @@
+ void *vptr = 0;
+
+ /* here we get the method pointer for callbacks */
+- char *doc = (((PyCFunctionObject *)obj) -> m_ml -> ml_doc);
++ const char *doc = (((PyCFunctionObject *)obj) -> m_ml -> ml_doc);
+ const char *desc = doc ? strstr(doc, "swig_ptr: ") : 0;
+ if (desc) {
+ desc = ty ? SWIG_UnpackVoidPtr(desc + 10, &vptr, ty->name) : 0;
+@@ -2152,7 +2158,7 @@
+ return;
+ }
+ #endif
+- dict = PyObject_GetAttrString(inst, "__dict__");
++ dict = PyObject_GetAttrString(inst, (char*)"__dict__");
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ Py_DECREF(dict);
+ }
+@@ -2293,7 +2299,7 @@
+
+ /* The python cached type query */
+ SWIGRUNTIME PyObject *
+-SWIG_Python_TypeCache() {
++SWIG_Python_TypeCache(void) {
+ static PyObject *SWIG_STATIC_POINTER(cache) = PyDict_New();
+ return cache;
+ }
+@@ -2459,7 +2465,7 @@
+
+ #if (PY_VERSION_HEX <= 0x02000000)
+ # if !defined(SWIG_PYTHON_CLASSIC)
+-# error "This python version requires to use swig with the '-classic' option"
++# error "This python version requires swig to be run with the '-classic' option"
+ # endif
+ #endif
+
+@@ -2470,7 +2476,8 @@
+
+ #define SWIG_name "_selinux"
+
+-#define SWIGVERSION 0x010329
++#define SWIGVERSION 0x010331
++#define SWIG_VERSION SWIGVERSION
+
+
+ #define SWIG_as_voidptr(a) (void *)((const void *)(a))
+@@ -2638,7 +2645,7 @@
+
+
+ SWIGINTERN swig_type_info*
+-SWIG_pchar_descriptor()
++SWIG_pchar_descriptor(void)
+ {
+ static int init = 0;
+ static swig_type_info* info = 0;
+@@ -2654,7 +2661,7 @@
+ SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc)
+ {
+ if (PyString_Check(obj)) {
+- char *cstr; int len;
++ char *cstr; Py_ssize_t len;
+ PyString_AsStringAndSize(obj, &cstr, &len);
+ if (cptr) {
+ if (alloc) {
+@@ -3128,7 +3135,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)getfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+@@ -3166,7 +3173,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lgetfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)lgetfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+@@ -3235,7 +3242,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ {
+ arg2 = (security_context_t)PyString_AsString(obj1);
+ }
+@@ -3265,7 +3272,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lsetfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ {
+ arg2 = (security_context_t)PyString_AsString(obj1);
+ }
+@@ -3440,7 +3447,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_load_booleans" "', argument " "1"" of type '" "char *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)security_load_booleans(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+@@ -3594,7 +3601,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_pending" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)security_get_boolean_pending((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+@@ -3619,7 +3626,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_active" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)security_get_boolean_active((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+@@ -3648,7 +3655,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_set_boolean" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_set_boolean" "', argument " "2"" of type '" "int""'");
+@@ -3712,7 +3719,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)matchpathcon_init((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+@@ -3747,7 +3754,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon" "', argument " "2"" of type '" "mode_t""'");
+@@ -3790,7 +3797,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchmediacon" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)matchmediacon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+@@ -3837,7 +3844,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_policy_root")) SWIG_fail;
+ result = (char *)selinux_policy_root();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3850,7 +3857,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_binary_policy_path")) SWIG_fail;
+ result = (char *)selinux_binary_policy_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3863,7 +3870,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_failsafe_context_path")) SWIG_fail;
+ result = (char *)selinux_failsafe_context_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3876,7 +3883,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_removable_context_path")) SWIG_fail;
+ result = (char *)selinux_removable_context_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3889,7 +3896,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_default_context_path")) SWIG_fail;
+ result = (char *)selinux_default_context_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3902,7 +3909,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_user_contexts_path")) SWIG_fail;
+ result = (char *)selinux_user_contexts_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3915,7 +3922,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_path")) SWIG_fail;
+ result = (char *)selinux_file_context_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3928,7 +3935,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_homedir_path")) SWIG_fail;
+ result = (char *)selinux_file_context_homedir_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3941,7 +3948,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_local_path")) SWIG_fail;
+ result = (char *)selinux_file_context_local_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3954,7 +3961,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_homedir_context_path")) SWIG_fail;
+ result = (char *)selinux_homedir_context_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3967,7 +3974,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_media_context_path")) SWIG_fail;
+ result = (char *)selinux_media_context_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3980,7 +3987,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_contexts_path")) SWIG_fail;
+ result = (char *)selinux_contexts_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -3993,7 +4000,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_booleans_path")) SWIG_fail;
+ result = (char *)selinux_booleans_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -4006,7 +4013,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_customizable_types_path")) SWIG_fail;
+ result = (char *)selinux_customizable_types_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -4019,7 +4026,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_users_path")) SWIG_fail;
+ result = (char *)selinux_users_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -4032,7 +4039,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_usersconf_path")) SWIG_fail;
+ result = (char *)selinux_usersconf_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -4045,7 +4052,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_translations_path")) SWIG_fail;
+ result = (char *)selinux_translations_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -4058,7 +4065,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_netfilter_context_path")) SWIG_fail;
+ result = (char *)selinux_netfilter_context_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -4071,7 +4078,7 @@
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_path")) SWIG_fail;
+ result = (char *)selinux_path();
+- resultobj = SWIG_FromCharPtr(result);
++ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+ fail:
+ return NULL;
+@@ -4138,18 +4145,14 @@
+ PyObject *resultobj = 0;
+ unsigned int arg1 ;
+ char *arg2 = (char *) 0 ;
+- char **arg3 ;
+- char **arg4 ;
++ char **arg3 = (char **) 0 ;
++ char **arg4 = (char **) 0 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+- void *argp3 = 0 ;
+- int res3 = 0 ;
+- void *argp4 = 0 ;
+- int res4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+@@ -4165,18 +4168,52 @@
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'");
+ }
+- arg2 = buf2;
+- res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_char, 0 | 0 );
+- if (!SWIG_IsOK(res3)) {
+- SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "rpm_execcon" "', argument " "3"" of type '" "char *const []""'");
+- }
+- arg3 = (char **)(argp3);
+- res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_char, 0 | 0 );
+- if (!SWIG_IsOK(res4)) {
+- SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "rpm_execcon" "', argument " "4"" of type '" "char *const []""'");
+- }
+- arg4 = (char **)(argp4);
+- result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4);
++ arg2 = (char *)(buf2);
++ {
++ /* Check if is a list */
++ if (PyList_Check(obj2)) {
++ int size = PyList_Size(obj2);
++ int i = 0;
++ arg3 = (char **) malloc((size+1)*sizeof(char *));
++ for (i = 0; i < size; i++) {
++ PyObject *o = PyList_GetItem(obj2,i);
++ if (PyString_Check(o))
++ arg3[i] = PyString_AsString(PyList_GetItem(obj2,i));
++ else {
++ PyErr_SetString(PyExc_TypeError,"list must contain strings");
++ free(arg3);
++ return NULL;
++ }
++ }
++ arg3[i] = 0;
++ } else {
++ PyErr_SetString(PyExc_TypeError,"not a list");
++ return NULL;
++ }
++ }
++ {
++ /* Check if is a list */
++ if (PyList_Check(obj3)) {
++ int size = PyList_Size(obj3);
++ int i = 0;
++ arg4 = (char **) malloc((size+1)*sizeof(char *));
++ for (i = 0; i < size; i++) {
++ PyObject *o = PyList_GetItem(obj3,i);
++ if (PyString_Check(o))
++ arg4[i] = PyString_AsString(PyList_GetItem(obj3,i));
++ else {
++ PyErr_SetString(PyExc_TypeError,"list must contain strings");
++ free(arg4);
++ return NULL;
++ }
++ }
++ arg4[i] = 0;
++ } else {
++ PyErr_SetString(PyExc_TypeError,"not a list");
++ return NULL;
++ }
++ }
++ result = (int)rpm_execcon(arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+@@ -4224,7 +4261,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_trans_to_raw_context" "', argument " "1"" of type '" "char *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)selinux_trans_to_raw_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+@@ -4262,7 +4299,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_to_trans_context" "', argument " "1"" of type '" "char *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)selinux_raw_to_trans_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+@@ -4325,7 +4362,7 @@
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getseuserbyname" "', argument " "1"" of type '" "char const *""'");
+ }
+- arg1 = buf1;
++ arg1 = (char *)(buf1);
+ result = (int)getseuserbyname((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+@@ -4479,7 +4516,7 @@
+ * structures together.
+ *
+ * The generated swig_type_info structures are assigned staticly to an initial
+- * array. We just loop though that array, and handle each type individually.
++ * array. We just loop through that array, and handle each type individually.
+ * First we lookup if this type has been already loaded, and if so, use the
+ * loaded structure instead of the generated one. Then we have to fill in the
+ * cast linked list. The cast data is initially stored in something like a
+@@ -4517,30 +4554,47 @@
+ #define SWIGRUNTIME_DEBUG
+ #endif
+
++
+ SWIGRUNTIME void
+ SWIG_InitializeModule(void *clientdata) {
+ size_t i;
+- swig_module_info *module_head;
+- static int init_run = 0;
++ swig_module_info *module_head, *iter;
++ int found;
+
+ clientdata = clientdata;
+
+- if (init_run) return;
+- init_run = 1;
+-
+- /* Initialize the swig_module */
+- swig_module.type_initial = swig_type_initial;
+- swig_module.cast_initial = swig_cast_initial;
++ /* check to see if the circular list has been setup, if not, set it up */
++ if (swig_module.next==0) {
++ /* Initialize the swig_module */
++ swig_module.type_initial = swig_type_initial;
++ swig_module.cast_initial = swig_cast_initial;
++ swig_module.next = &swig_module;
++ }
+
+ /* Try and load any already created modules */
+ module_head = SWIG_GetModule(clientdata);
+- if (module_head) {
++ if (!module_head) {
++ /* This is the first module loaded for this interpreter */
++ /* so set the swig module into the interpreter */
++ SWIG_SetModule(clientdata, &swig_module);
++ module_head = &swig_module;
++ } else {
++ /* the interpreter has loaded a SWIG module, but has it loaded this one? */
++ found=0;
++ iter=module_head;
++ do {
++ if (iter==&swig_module) {
++ found=1;
++ break;
++ }
++ iter=iter->next;
++ } while (iter!= module_head);
++
++ /* if the is found in the list, then all is done and we may leave */
++ if (found) return;
++ /* otherwise we must add out module into the list */
+ swig_module.next = module_head->next;
+ module_head->next = &swig_module;
+- } else {
+- /* This is the first module loaded */
+- swig_module.next = &swig_module;
+- SWIG_SetModule(clientdata, &swig_module);
+ }
+
+ /* Now work on filling in swig_module.types */
+@@ -4853,7 +4907,7 @@
+ }
+
+ SWIGINTERN PyObject *
+- SWIG_globals() {
++ SWIG_globals(void) {
+ static PyObject *_SWIG_globals = 0;
+ if (!_SWIG_globals) _SWIG_globals = SWIG_newvarlink();
+ return _SWIG_globals;
+@@ -4898,11 +4952,11 @@
+ swig_type_info **types_initial) {
+ size_t i;
+ for (i = 0; methods[i].ml_name; ++i) {
+- char *c = methods[i].ml_doc;
++ const char *c = methods[i].ml_doc;
+ if (c && (c = strstr(c, "swig_ptr: "))) {
+ int j;
+ swig_const_info *ci = 0;
+- char *name = c + 10;
++ const char *name = c + 10;
+ for (j = 0; const_table[j].type; ++j) {
+ if (strncmp(const_table[j].name, name,
+ strlen(const_table[j].name)) == 0) {
+--- libselinux-1.33.4/src/selinuxswig.i.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/src/selinuxswig.i 2007-04-05 12:43:33.000000000 -0400
+@@ -115,9 +115,34 @@
+ extern const char *selinux_path(void);
+ extern int selinux_check_passwd_access(access_vector_t requested);
+ extern int checkPasswdAccess(access_vector_t requested);
++
++// This tells SWIG to treat char ** as a special case
++%typemap(in) char ** {
++ /* Check if is a list */
++ if (PyList_Check($input)) {
++ int size = PyList_Size($input);
++ int i = 0;
++ $1 = (char **) malloc((size+1)*sizeof(char *));
++ for (i = 0; i < size; i++) {
++ PyObject *o = PyList_GetItem($input,i);
++ if (PyString_Check(o))
++ $1[i] = PyString_AsString(PyList_GetItem($input,i));
++ else {
++ PyErr_SetString(PyExc_TypeError,"list must contain strings");
++ free($1);
++ return NULL;
++ }
++ }
++ $1[i] = 0;
++ } else {
++ PyErr_SetString(PyExc_TypeError,"not a list");
++ return NULL;
++ }
++}
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-1.33.4/man/man3/context_new.3
---- nsalibselinux/man/man3/context_new.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/context_new.3 2007-01-12 10:15:43.000000000 -0500
-@@ -56,3 +56,6 @@
- On success, zero is returned. On failure, -1 is returned and errno is
- set appropriately.
+ extern int rpm_execcon(unsigned int verified,
+ const char *filename,
+- char *const argv[], char *const envp[]);
++ char **, char **);
-+.SH "SEE ALSO"
-+.BR selinux "(8)"
+ extern int is_context_customizable (security_context_t scontext);
+
+--- /dev/null 2007-04-04 16:30:44.927190078 -0400
++++ libselinux-1.33.4/utils/getdefaultcon.c 2007-04-05 12:43:33.000000000 -0400
+@@ -0,0 +1,80 @@
++#include <unistd.h>
++#include <sys/types.h>
++#include <fcntl.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <errno.h>
++#include <string.h>
++#include <ctype.h>
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
++
++void usage(char *name, char *detail, int rc)
++{
++ fprintf(stderr, "usage: %s [-l level] user fromcon\n", name);
++ if (detail)
++ fprintf(stderr, "%s: %s\n", name, detail);
++ exit(rc);
++}
++
++int main(int argc, char **argv)
++{
++ security_context_t usercon = NULL, cur_context = NULL;
++ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
++ int ret, opt;
++
++ while ((opt = getopt(argc, argv, "l:r:")) > 0) {
++ switch (opt) {
++ case 'l':
++ level = strdup(optarg);
++ break;
++ case 'r':
++ role = strdup(optarg);
++ break;
++ default:
++ usage(argv[0], "invalid option", 1);
++ }
++ }
++
++ if (((argc - optind) < 1) || ((argc - optind) > 2))
++ usage(argv[0], "invalid number of arguments", 2);
++
++ /* If selinux isn't available, bail out. */
++ if (!is_selinux_enabled()) {
++ fprintf(stderr,
++ "%s may be used only on a SELinux kernel.\n", argv[0]);
++ return 1;
++ }
++
++ user = argv[optind];
++
++ /* If a context wasn't passed, use the current context. */
++ if (((argc - optind) < 2)) {
++ if (getcon(&cur_context) < 0) {
++ fprintf(stderr, "Couldn't get current context.\n");
++ return 2;
++ }
++ } else
++ cur_context = argv[optind + 1];
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-1.33.4/man/man3/freecon.3
---- nsalibselinux/man/man3/freecon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/freecon.3 2007-01-12 10:51:18.000000000 -0500
++ if (getseuserbyname(user, &seuser, &dlevel)==0) {
++ if (! level) level=dlevel;
++ if (role != NULL && role[0])
++ ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
++ else
++ ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
++ }
++ if (ret < 0)
++ perror(argv[0]);
++ else
++ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
++
++
++ free(role);
++ free(seuser);
++ if (level != dlevel) free(level);
++ free(dlevel);
++ free(usercon);
++
++ return 0;
++}
+--- libselinux-1.33.4/man/man8/togglesebool.8.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man8/togglesebool.8 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "freecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "togglesebool" "1" "26 Oct 2004" "sgrubb at redhat.com" "SELinux Command Line documentation"
.SH "NAME"
--freecon, freeconary \- free memory associated with SE Linux security contexts.
-+freecon, freeconary \- free memory associated with SELinux security contexts.
+-togglesebool \- flip the current value of a boolean
++togglesebool \- flip the current value of a SELinux boolean
.SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
- .sp
-@@ -14,3 +14,7 @@
+ .B togglesebool boolean...
+
+@@ -14,4 +14,4 @@
+ This man page was written by Steve Grubb <sgrubb at redhat.com>
+
+ .SH "SEE ALSO"
+-booleans(8), getsebool(8), setsebool(8)
++selinux(8), booleans(8), getsebool(8), setsebool(8)
+--- libselinux-1.33.4/man/man8/getenforce.8.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man8/getenforce.8 2007-04-05 12:43:33.000000000 -0400
+@@ -12,4 +12,4 @@
+ Dan Walsh, <dwalsh at redhat.com>
+
+ .SH "SEE ALSO"
+-setenforce(8), selinuxenabled(8)
++selinux(8), setenforce(8), selinuxenabled(8)
+--- libselinux-1.33.4/man/man8/getsebool.8.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man8/getsebool.8 2007-04-05 12:43:33.000000000 -0400
+@@ -26,9 +26,10 @@
+ .B \-a
+ Show all SELinux booleans.
- .B freeconary
- frees the memory allocated for a context array.
-+
+.SH "SEE ALSO"
-+.BR selinux "(8)"
++selinux(8), setsebool(8), booleans(8)
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-1.33.4/man/man3/getcon.3
---- nsalibselinux/man/man3/getcon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/getcon.3 2007-01-12 10:51:12.000000000 -0500
+ .SH AUTHOR
+ This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+ The program was written by Tresys Technology.
+
+-.SH "SEE ALSO"
+-setsebool(8), booleans(8)
+--- libselinux-1.33.4/man/man8/setenforce.8.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man8/setenforce.8 2007-04-05 12:43:33.000000000 -0400
+@@ -17,7 +17,7 @@
+ Dan Walsh, <dwalsh at redhat.com>
+
+ .SH "SEE ALSO"
+-getenforce(8), selinuxenabled(8)
++selinux(8), getenforce(8), selinuxenabled(8)
+
+ .SH FILES
+ /etc/grub.conf, /etc/selinux/config
+--- libselinux-1.33.4/man/man8/matchpathcon.8.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man8/matchpathcon.8 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "getcon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "matchpathcon" "8" "21 April 2005" "dwalsh at redhat.com" "SE Linux Command Line documentation"
.SH "NAME"
--getcon, getprevcon, getpidcon \- get SE Linux security context of a process.
-+getcon, getprevcon, getpidcon \- get SELinux security context of a process.
- .br
- getpeercon - get security context of a peer socket.
- .br
-@@ -59,4 +59,4 @@
- On error -1 is returned. On success 0 is returned.
+-matchpathcon \- get the default security context for the specified path from the file contexts configuration.
++matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
+
+ .SH "SYNOPSIS"
+ .B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
+@@ -27,4 +27,5 @@
+ This manual page was written by Dan Walsh <dwalsh at redhat.com>.
.SH "SEE ALSO"
--.BR freecon "(3), " setexeccon "(3)"
-+.BR selinux "(8), " freecon "(3), " setexeccon "(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-1.33.4/man/man3/getexeccon.3
---- nsalibselinux/man/man3/getexeccon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/getexeccon.3 2007-01-12 10:51:04.000000000 -0500
++.BR selinux "(8), "
+ .BR mathpathcon "(3), "
+--- libselinux-1.33.4/man/man8/selinuxenabled.8.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man8/selinuxenabled.8 2007-04-05 12:43:33.000000000 -0400
+@@ -13,4 +13,4 @@
+ Dan Walsh, <dwalsh at redhat.com>
+
+ .SH "SEE ALSO"
+-setenforce(8), getenforce(8)
++selinux(8), setenforce(8), getenforce(8)
+--- libselinux-1.33.4/man/man8/avcstat.8.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man8/avcstat.8 2007-04-05 12:43:33.000000000 -0400
+@@ -22,6 +22,9 @@
+ .B \-f
+ Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
+
++.SH "SEE ALSO"
++selinux(8)
++
+ .SH AUTHOR
+ This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+ The program was written by James Morris <jmorris at redhat.com>.
+--- libselinux-1.33.4/man/man3/getexeccon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/getexeccon.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
.TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
@@ -140,9 +824,8 @@
+.BR selinux "(8), " freecon "(3), " getcon "(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-1.33.4/man/man3/getfilecon.3
---- nsalibselinux/man/man3/getfilecon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/getfilecon.3 2007-01-12 10:50:59.000000000 -0500
+--- libselinux-1.33.4/man/man3/getfilecon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/getfilecon.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
.TH "getfilecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
@@ -157,90 +840,114 @@
.SH "SEE ALSO"
-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-1.33.4/man/man3/getfscreatecon.3
---- nsalibselinux/man/man3/getfscreatecon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/getfscreatecon.3 2007-01-12 10:50:55.000000000 -0500
+--- libselinux-1.33.4/man/man3/selinux_check_securetty_context.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/selinux_check_securetty_context.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "getfscreatecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh at redhat.com" "SE Linux API documentation"
.SH "NAME"
--getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object.
-+getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object.
-
+-selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context
++selinux_check_securetty_context \- check whether a SELinux tty security context is defined as a securetty context
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-@@ -35,4 +35,4 @@
- On success 0 is returned.
+ .sp
+@@ -10,3 +10,7 @@
+ .B selinux_check_securetty_context
+ returns 0 if tty_context is a securetty context
+ returns < 0 otherwise.
++
++.SH "SEE ALSO"
++.BR selinux "(8)"
++
+--- libselinux-1.33.4/man/man3/selinux_binary_policy_path.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/selinux_binary_policy_path.3 2007-04-05 12:43:33.000000000 -0400
+@@ -4,7 +4,7 @@
+ selinux_failsafe_context_path, selinux_removable_context_path,
+ selinux_default_context_path, selinux_user_contexts_path,
+ selinux_file_context_path, selinux_media_context_path,
+-selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active policy configuration
++selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration
+ directories and files.
- .SH "SEE ALSO"
--.BR freecon "(3), " getcon "(3), " getexeccon "(3)"
-+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-1.33.4/man/man3/get_ordered_context_list.3
---- nsalibselinux/man/man3/get_ordered_context_list.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/get_ordered_context_list.3 2007-01-12 10:50:48.000000000 -0500
+ .SH "SYNOPSIS"
+@@ -65,3 +65,6 @@
+ .SH AUTHOR
+ This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+
++.SH "SEE ALSO"
++.BR selinux "(8)"
++
+--- libselinux-1.33.4/man/man3/getfscreatecon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/getfscreatecon.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "get_ordered_context_list" "3" "1 January 2004" "russell at coker.com.au" "SE Linux"
+ .TH "getfscreatecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
-+get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions
+-getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object.
++getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-@@ -77,4 +77,4 @@
- The other functions return 0 for success or -1 for errors.
+@@ -35,4 +35,4 @@
+ On success 0 is returned.
.SH "SEE ALSO"
--.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
-+.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-1.33.4/man/man3/getseuserbyname.3
---- nsalibselinux/man/man3/getseuserbyname.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/getseuserbyname.3 2007-01-12 10:13:47.000000000 -0500
-@@ -23,3 +23,6 @@
- The errors documented for the stat(2) system call are also applicable
- here.
+-.BR freecon "(3), " getcon "(3), " getexeccon "(3)"
++.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
+--- libselinux-1.33.4/man/man3/freecon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/freecon.3 2007-04-05 12:43:33.000000000 -0400
+@@ -1,6 +1,6 @@
+ .TH "freecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .SH "NAME"
+-freecon, freeconary \- free memory associated with SE Linux security contexts.
++freecon, freeconary \- free memory associated with SELinux security contexts.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .sp
+@@ -14,3 +14,7 @@
+ .B freeconary
+ frees the memory allocated for a context array.
++
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-1.33.4/man/man3/is_context_customizable.3
---- nsalibselinux/man/man3/is_context_customizable.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/is_context_customizable.3 2007-01-12 10:50:33.000000000 -0500
+--- libselinux-1.33.4/man/man3/security_getenforce.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/security_getenforce.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "is_context_customizable" "3" "10 January 2005" "dwalsh at redhat.com" "SELinux API documentation"
+ .TH "security_getenforce" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--is_context_customizable \- check whether context type is customizable by the administrator.
-+is_context_customizable \- check whether SELinux context type is customizable by the administrator.
+-security_getenforce, security_setenforce \- get or set the enforcing state of SE Linux
++security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-@@ -20,3 +20,6 @@
- .SH "FILE"
- /etc/selinux/SELINUXTYPE/context/customizable_types
-
+@@ -17,3 +17,7 @@
+ sets SE Linux to enforcing mode if the value 1 is passed in, and sets it to
+ permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
+ returned.
++
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_enabled.3 libselinux-1.33.4/man/man3/is_selinux_enabled.3
---- nsalibselinux/man/man3/is_selinux_enabled.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/is_selinux_enabled.3 2007-01-12 10:50:24.000000000 -0500
+--- libselinux-1.33.4/man/man3/selinux_getenforcemode.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/selinux_getenforcemode.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "is_selinux_enabled" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh at redhat.com" "SE Linux API documentation"
.SH "NAME"
--is_selinux_enabled \- check whether SE Linux is enabled
-+is_selinux_enabled \- check whether SELinux is enabled
+-selinux_getenforcemode \- get the enforcing state of SE Linux
++selinux_getenforcemode \- get the enforcing state of SELinux
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-@@ -9,3 +9,7 @@
- .SH "DESCRIPTION"
- .B is_selinux_enabled
- returns 1 if SE Linux is running or 0 if it is not. May change soon.
-+
+@@ -19,4 +19,7 @@
+ On success, zero is returned.
+ On failure, -1 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-1.33.4/man/man3/matchmediacon.3
---- nsalibselinux/man/man3/matchmediacon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/matchmediacon.3 2007-01-12 10:50:18.000000000 -0500
+
+--- libselinux-1.33.4/man/man3/matchmediacon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/matchmediacon.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
.TH "matchmediacon" "3" "15 November 2004" "dwalsh at redhat.com" "SE Linux API documentation"
.SH "NAME"
@@ -255,45 +962,52 @@
.SH "SEE ALSO"
-.BR freecon "(3)
+.BR selinux "(8), " freecon "(3)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-1.33.4/man/man3/matchpathcon.3
---- nsalibselinux/man/man3/matchpathcon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/matchpathcon.3 2007-01-12 10:50:12.000000000 -0500
+--- libselinux-1.33.4/man/man3/getseuserbyname.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/getseuserbyname.3 2007-04-05 12:43:33.000000000 -0400
+@@ -23,3 +23,6 @@
+ The errors documented for the stat(2) system call are also applicable
+ here.
+
++.SH "SEE ALSO"
++.BR selinux "(8)"
++
+--- libselinux-1.33.4/man/man3/security_policyvers.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/security_policyvers.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "matchpathcon" "3" "16 March 2005" "sds at tycho.nsa.gov" "SE Linux API documentation"
+ .TH "security_policyvers" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--matchpathcon \- get the default security context for the specified path from the file contexts configuration.
-+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
-
+-security_policyvers \- get the version of the SE Linux policy
++security_policyvers \- get the version of the SELinux policy
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-@@ -117,4 +117,4 @@
- Returns 0 on success or -1 otherwise.
-
- .SH "SEE ALSO"
--.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
-+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_check_context.3 libselinux-1.33.4/man/man3/security_check_context.3
---- nsalibselinux/man/man3/security_check_context.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/security_check_context.3 2007-01-12 10:50:01.000000000 -0500
+ .sp
+@@ -10,3 +10,7 @@
+ .B security_policyvers
+ returns the version of the policy (a positive integer) on success, or -1 on
+ error.
++
++.SH "SEE ALSO"
++.BR selinux "(8)"
++
+--- libselinux-1.33.4/man/man3/is_context_customizable.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/is_context_customizable.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "security_check_context" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "is_context_customizable" "3" "10 January 2005" "dwalsh at redhat.com" "SELinux API documentation"
.SH "NAME"
--security_check_context \- check the validity of a context
-+security_check_context \- check the validity of a SELinux context
+-is_context_customizable \- check whether context type is customizable by the administrator.
++is_context_customizable \- check whether SELinux context type is customizable by the administrator.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-@@ -10,3 +10,7 @@
- .B security_check_context
- returns 0 if SE Linux is running and the context is valid, otherwise it
- returns -1.
-+
+@@ -20,3 +20,6 @@
+ .SH "FILE"
+ /etc/selinux/SELINUXTYPE/context/customizable_types
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-1.33.4/man/man3/security_compute_av.3
---- nsalibselinux/man/man3/security_compute_av.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/security_compute_av.3 2007-01-12 10:49:51.000000000 -0500
+--- libselinux-1.33.4/man/man3/security_compute_av.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/security_compute_av.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,7 +1,7 @@
.TH "security_compute_av" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
@@ -309,132 +1023,206 @@
.SH "SEE ALSO"
-.BR getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
+.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-1.33.4/man/man3/security_getenforce.3
---- nsalibselinux/man/man3/security_getenforce.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/security_getenforce.3 2007-01-12 10:49:38.000000000 -0500
+--- libselinux-1.33.4/man/man3/setfilecon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/setfilecon.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "security_getenforce" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "setfilecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--security_getenforce, security_setenforce \- get or set the enforcing state of SE Linux
-+security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
+-setfilecon, fsetfilecon, lsetfilecon \- set SE Linux security context of a file
++setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file
+
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
- .sp
-@@ -17,3 +17,7 @@
- sets SE Linux to enforcing mode if the value 1 is passed in, and sets it to
- permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
- returned.
-+
-+.SH "SEE ALSO"
-+.BR selinux "(8)"
+@@ -38,4 +38,4 @@
+ here.
+
+ .SH "SEE ALSO"
+-.BR freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
++.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
+--- libselinux-1.33.4/man/man3/matchpathcon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/matchpathcon.3 2007-04-05 12:43:33.000000000 -0400
+@@ -1,6 +1,6 @@
+ .TH "matchpathcon" "3" "16 March 2005" "sds at tycho.nsa.gov" "SE Linux API documentation"
+ .SH "NAME"
+-matchpathcon \- get the default security context for the specified path from the file contexts configuration.
++matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
+
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+@@ -117,4 +117,4 @@
+ Returns 0 on success or -1 otherwise.
+
+ .SH "SEE ALSO"
+-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
++.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+--- libselinux-1.33.4/man/man3/avc_init.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/avc_init.3 2007-04-05 12:43:33.000000000 -0400
+@@ -3,7 +3,7 @@
+ .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
+ .TH "avc_init" "3" "27 May 2004" "" "SE Linux API documentation"
+ .SH "NAME"
+-avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace AVC setup and teardown.
++avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .br
+@@ -209,3 +209,5 @@
+ .BR avc_cache_stats (3),
+ .BR avc_add_callback (3),
+ .BR security_compute_av (3)
++.BR selinux (8)
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-1.33.4/man/man3/security_load_booleans.3
---- nsalibselinux/man/man3/security_load_booleans.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/security_load_booleans.3 2007-01-12 10:12:30.000000000 -0500
+--- libselinux-1.33.4/man/man3/security_load_booleans.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/security_load_booleans.3 2007-04-05 12:43:33.000000000 -0400
@@ -56,4 +56,4 @@
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
.SH "SEE ALSO"
-getsebool(8), booleans(8), togglesebool(8)
+selinux(8), getsebool(8), booleans(8), togglesebool(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_policy.3 libselinux-1.33.4/man/man3/security_load_policy.3
---- nsalibselinux/man/man3/security_load_policy.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/security_load_policy.3 2007-01-12 10:49:30.000000000 -0500
+--- libselinux-1.33.4/man/man3/avc_add_callback.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/avc_add_callback.3 2007-04-05 12:43:33.000000000 -0400
+@@ -3,7 +3,7 @@
+ .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
+ .TH "avc_add_callback" "3" "9 June 2004" "" "SE Linux API documentation"
+ .SH "NAME"
+-avc_add_callback \- additional event notification for userspace object managers.
++avc_add_callback \- additional event notification for SELinux userspace object managers.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .br
+@@ -181,3 +181,4 @@
+ .BR avc_context_to_sid (3),
+ .BR avc_cache_stats (3),
+ .BR security_compute_av (3)
++.BR selinux (8)
+--- libselinux-1.33.4/man/man3/security_check_context.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/security_check_context.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "security_load_policy" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "security_check_context" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--security_load_policy \- load a new policy
-+security_load_policy \- load a new SELinux policy
+-security_check_context \- check the validity of a context
++security_check_context \- check the validity of a SELinux context
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-@@ -9,3 +9,7 @@
- .SH "DESCRIPTION"
- .B security_load_policy
- loads a new policy, returns 0 for success and -1 for error.
+@@ -10,3 +10,7 @@
+ .B security_check_context
+ returns 0 if SE Linux is running and the context is valid, otherwise it
+ returns -1.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_policyvers.3 libselinux-1.33.4/man/man3/security_policyvers.3
---- nsalibselinux/man/man3/security_policyvers.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/security_policyvers.3 2007-01-12 10:49:22.000000000 -0500
+--- libselinux-1.33.4/man/man3/security_load_policy.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/security_load_policy.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "security_policyvers" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
+ .TH "security_load_policy" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--security_policyvers \- get the version of the SE Linux policy
-+security_policyvers \- get the version of the SELinux policy
+-security_load_policy \- load a new policy
++security_load_policy \- load a new SELinux policy
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-@@ -10,3 +10,7 @@
- .B security_policyvers
- returns the version of the policy (a positive integer) on success, or -1 on
- error.
+@@ -9,3 +9,7 @@
+ .SH "DESCRIPTION"
+ .B security_load_policy
+ loads a new policy, returns 0 for success and -1 for error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.33.4/man/man3/selinux_binary_policy_path.3
---- nsalibselinux/man/man3/selinux_binary_policy_path.3 2007-01-11 14:01:22.000000000 -0500
-+++ libselinux-1.33.4/man/man3/selinux_binary_policy_path.3 2007-01-12 10:49:16.000000000 -0500
-@@ -4,7 +4,7 @@
- selinux_failsafe_context_path, selinux_removable_context_path,
- selinux_default_context_path, selinux_user_contexts_path,
- selinux_file_context_path, selinux_media_context_path,
--selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active policy configuration
-+selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration
- directories and files.
+--- libselinux-1.33.4/man/man3/avc_has_perm.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/avc_has_perm.3 2007-04-05 12:43:33.000000000 -0400
+@@ -152,3 +152,4 @@
+ .BR avc_cache_stats (3),
+ .BR avc_add_callback (3),
+ .BR security_compute_av (3)
++.BR selinux(8)
+--- libselinux-1.33.4/man/man3/get_ordered_context_list.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/get_ordered_context_list.3 2007-04-05 12:43:33.000000000 -0400
+@@ -1,6 +1,6 @@
+ .TH "get_ordered_context_list" "3" "1 January 2004" "russell at coker.com.au" "SE Linux"
+ .SH "NAME"
+-get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
++get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions
.SH "SYNOPSIS"
-@@ -65,3 +65,6 @@
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+ .B #include <selinux/selinux.h>
+@@ -77,4 +77,4 @@
+ The other functions return 0 for success or -1 for errors.
-+.SH "SEE ALSO"
-+.BR selinux "(8)"
-+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_check_securetty_context.3 libselinux-1.33.4/man/man3/selinux_check_securetty_context.3
---- nsalibselinux/man/man3/selinux_check_securetty_context.3 2007-01-11 14:01:22.000000000 -0500
-+++ libselinux-1.33.4/man/man3/selinux_check_securetty_context.3 2007-01-12 10:48:56.000000000 -0500
+ .SH "SEE ALSO"
+-.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
++.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
+--- libselinux-1.33.4/man/man3/getcon.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/getcon.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh at redhat.com" "SE Linux API documentation"
+ .TH "getcon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--selinux_check_securetty_context \- check whether a tty security context is defined as a securetty context
-+selinux_check_securetty_context \- check whether a SELinux tty security context is defined as a securetty context
+-getcon, getprevcon, getpidcon \- get SE Linux security context of a process.
++getcon, getprevcon, getpidcon \- get SELinux security context of a process.
+ .br
+ getpeercon - get security context of a peer socket.
+ .br
+@@ -59,4 +59,4 @@
+ On error -1 is returned. On success 0 is returned.
+
+ .SH "SEE ALSO"
+-.BR freecon "(3), " setexeccon "(3)"
++.BR selinux "(8), " freecon "(3), " setexeccon "(3)"
+--- libselinux-1.33.4/man/man3/avc_cache_stats.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/avc_cache_stats.3 2007-04-05 12:43:33.000000000 -0400
+@@ -3,7 +3,7 @@
+ .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
+ .TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation"
+ .SH "NAME"
+-avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace AVC statistics.
++avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
- .sp
-@@ -10,3 +10,7 @@
- .B selinux_check_securetty_context
- returns 0 if tty_context is a securetty context
- returns < 0 otherwise.
-+
-+.SH "SEE ALSO"
-+.BR selinux "(8)"
-+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-1.33.4/man/man3/selinux_getenforcemode.3
---- nsalibselinux/man/man3/selinux_getenforcemode.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/selinux_getenforcemode.3 2007-01-12 10:48:36.000000000 -0500
+ .br
+@@ -96,3 +96,4 @@
+ .BR avc_has_perm (3),
+ .BR avc_context_to_sid (3),
+ .BR avc_add_callback (3)
++.BR selinux (8)
+--- libselinux-1.33.4/man/man3/avc_context_to_sid.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/avc_context_to_sid.3 2007-04-05 12:43:33.000000000 -0400
+@@ -3,7 +3,7 @@
+ .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
+ .TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation"
+ .SH "NAME"
+-avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate security ID's.
++avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate SELinux security ID's.
+ .SH "SYNOPSIS"
+ .B #include <selinux/selinux.h>
+ .br
+@@ -88,3 +88,4 @@
+ .BR avc_add_callback (3),
+ .BR getcon (3),
+ .BR freecon (3)
++.BR selinux (8)
+--- libselinux-1.33.4/man/man3/is_selinux_enabled.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/is_selinux_enabled.3 2007-04-05 12:43:33.000000000 -0400
@@ -1,6 +1,6 @@
- .TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh at redhat.com" "SE Linux API documentation"
+ .TH "is_selinux_enabled" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
--selinux_getenforcemode \- get the enforcing state of SE Linux
-+selinux_getenforcemode \- get the enforcing state of SELinux
+-is_selinux_enabled \- check whether SE Linux is enabled
++is_selinux_enabled \- check whether SELinux is enabled
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-@@ -19,4 +19,7 @@
- On success, zero is returned.
- On failure, -1 is returned.
-
+@@ -9,3 +9,7 @@
+ .SH "DESCRIPTION"
+ .B is_selinux_enabled
+ returns 1 if SE Linux is running or 0 if it is not. May change soon.
++
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
-
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-1.33.4/man/man3/selinux_policy_root.3
---- nsalibselinux/man/man3/selinux_policy_root.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/selinux_policy_root.3 2007-01-12 10:11:54.000000000 -0500
+--- libselinux-1.33.4/man/man3/selinux_policy_root.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/selinux_policy_root.3 2007-04-05 12:43:33.000000000 -0400
@@ -14,4 +14,7 @@
On success, returns a directory path containing the SELinux policy files.
On failure, NULL is returned.
@@ -443,197 +1231,12 @@
+.BR selinux "(8)"
+
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-1.33.4/man/man3/setfilecon.3
---- nsalibselinux/man/man3/setfilecon.3 2006-11-16 17:15:30.000000000 -0500
-+++ libselinux-1.33.4/man/man3/setfilecon.3 2007-01-12 10:48:24.000000000 -0500
-@@ -1,6 +1,6 @@
- .TH "setfilecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
- .SH "NAME"
--setfilecon, fsetfilecon, lsetfilecon \- set SE Linux security context of a file
-+setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file
-
- .SH "SYNOPSIS"
- .B #include <selinux/selinux.h>
-@@ -38,4 +38,4 @@
- here.
-
- .SH "SEE ALSO"
--.BR freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
-+.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/avcstat.8 libselinux-1.33.4/man/man8/avcstat.8
---- nsalibselinux/man/man8/avcstat.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-1.33.4/man/man8/avcstat.8 2007-01-12 10:09:24.000000000 -0500
-@@ -22,6 +22,9 @@
- .B \-f
- Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
-
-+.SH "SEE ALSO"
-+selinux(8)
-+
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
- The program was written by James Morris <jmorris at redhat.com>.
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/getenforce.8 libselinux-1.33.4/man/man8/getenforce.8
---- nsalibselinux/man/man8/getenforce.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-1.33.4/man/man8/getenforce.8 2007-01-12 10:07:11.000000000 -0500
-@@ -12,4 +12,4 @@
- Dan Walsh, <dwalsh at redhat.com>
-
- .SH "SEE ALSO"
--setenforce(8), selinuxenabled(8)
-+selinux(8), setenforce(8), selinuxenabled(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/getsebool.8 libselinux-1.33.4/man/man8/getsebool.8
---- nsalibselinux/man/man8/getsebool.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-1.33.4/man/man8/getsebool.8 2007-01-12 10:11:15.000000000 -0500
-@@ -26,9 +26,10 @@
- .B \-a
- Show all SELinux booleans.
+--- libselinux-1.33.4/man/man3/context_new.3.rhat 2007-01-11 14:01:24.000000000 -0500
++++ libselinux-1.33.4/man/man3/context_new.3 2007-04-05 12:43:33.000000000 -0400
+@@ -56,3 +56,6 @@
+ On success, zero is returned. On failure, -1 is returned and errno is
+ set appropriately.
+.SH "SEE ALSO"
-+selinux(8), setsebool(8), booleans(8)
-+
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
- The program was written by Tresys Technology.
-
--.SH "SEE ALSO"
--setsebool(8), booleans(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-1.33.4/man/man8/matchpathcon.8
---- nsalibselinux/man/man8/matchpathcon.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-1.33.4/man/man8/matchpathcon.8 2007-01-12 10:47:15.000000000 -0500
-@@ -1,6 +1,6 @@
- .TH "matchpathcon" "8" "21 April 2005" "dwalsh at redhat.com" "SE Linux Command Line documentation"
- .SH "NAME"
--matchpathcon \- get the default security context for the specified path from the file contexts configuration.
-+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
-
- .SH "SYNOPSIS"
- .B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
-@@ -27,4 +27,5 @@
- This manual page was written by Dan Walsh <dwalsh at redhat.com>.
-
- .SH "SEE ALSO"
-+.BR selinux "(8), "
- .BR mathpathcon "(3), "
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxenabled.8 libselinux-1.33.4/man/man8/selinuxenabled.8
---- nsalibselinux/man/man8/selinuxenabled.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-1.33.4/man/man8/selinuxenabled.8 2007-01-12 10:07:35.000000000 -0500
-@@ -13,4 +13,4 @@
- Dan Walsh, <dwalsh at redhat.com>
-
- .SH "SEE ALSO"
--setenforce(8), getenforce(8)
-+selinux(8), setenforce(8), getenforce(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/setenforce.8 libselinux-1.33.4/man/man8/setenforce.8
---- nsalibselinux/man/man8/setenforce.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-1.33.4/man/man8/setenforce.8 2007-01-12 10:06:30.000000000 -0500
-@@ -17,7 +17,7 @@
- Dan Walsh, <dwalsh at redhat.com>
-
- .SH "SEE ALSO"
--getenforce(8), selinuxenabled(8)
-+selinux(8), getenforce(8), selinuxenabled(8)
-
- .SH FILES
- /etc/grub.conf, /etc/selinux/config
-diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/togglesebool.8 libselinux-1.33.4/man/man8/togglesebool.8
---- nsalibselinux/man/man8/togglesebool.8 2006-11-16 17:15:26.000000000 -0500
-+++ libselinux-1.33.4/man/man8/togglesebool.8 2007-01-12 10:46:55.000000000 -0500
-@@ -1,6 +1,6 @@
- .TH "togglesebool" "1" "26 Oct 2004" "sgrubb at redhat.com" "SELinux Command Line documentation"
- .SH "NAME"
--togglesebool \- flip the current value of a boolean
-+togglesebool \- flip the current value of a SELinux boolean
- .SH "SYNOPSIS"
- .B togglesebool boolean...
-
-@@ -14,4 +14,4 @@
- This man page was written by Steve Grubb <sgrubb at redhat.com>
-
- .SH "SEE ALSO"
--booleans(8), getsebool(8), setsebool(8)
-+selinux(8), booleans(8), getsebool(8), setsebool(8)
-diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getdefaultcon.c libselinux-1.33.4/utils/getdefaultcon.c
---- nsalibselinux/utils/getdefaultcon.c 1969-12-31 19:00:00.000000000 -0500
-+++ libselinux-1.33.4/utils/getdefaultcon.c 2007-01-12 11:28:22.000000000 -0500
-@@ -0,0 +1,80 @@
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <fcntl.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <errno.h>
-+#include <string.h>
-+#include <ctype.h>
-+#include <selinux/selinux.h>
-+#include <selinux/get_context_list.h>
-+
-+void usage(char *name, char *detail, int rc)
-+{
-+ fprintf(stderr, "usage: %s [-l level] user fromcon\n", name);
-+ if (detail)
-+ fprintf(stderr, "%s: %s\n", name, detail);
-+ exit(rc);
-+}
-+
-+int main(int argc, char **argv)
-+{
-+ security_context_t usercon = NULL, cur_context = NULL;
-+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
-+ int ret, opt;
-+
-+ while ((opt = getopt(argc, argv, "l:r:")) > 0) {
-+ switch (opt) {
-+ case 'l':
-+ level = strdup(optarg);
-+ break;
-+ case 'r':
-+ role = strdup(optarg);
-+ break;
-+ default:
-+ usage(argv[0], "invalid option", 1);
-+ }
-+ }
-+
-+ if (((argc - optind) < 1) || ((argc - optind) > 2))
-+ usage(argv[0], "invalid number of arguments", 2);
-+
-+ /* If selinux isn't available, bail out. */
-+ if (!is_selinux_enabled()) {
-+ fprintf(stderr,
-+ "%s may be used only on a SELinux kernel.\n", argv[0]);
-+ return 1;
-+ }
-+
-+ user = argv[optind];
-+
-+ /* If a context wasn't passed, use the current context. */
-+ if (((argc - optind) < 2)) {
-+ if (getcon(&cur_context) < 0) {
-+ fprintf(stderr, "Couldn't get current context.\n");
-+ return 2;
-+ }
-+ } else
-+ cur_context = argv[optind + 1];
-+
-+ if (getseuserbyname(user, &seuser, &dlevel)==0) {
-+ if (! level) level=dlevel;
-+ if (role != NULL && role[0])
-+ ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
-+ else
-+ ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
-+ }
-+ if (ret < 0)
-+ perror(argv[0]);
-+ else
-+ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
-+
-+
-+ free(role);
-+ free(seuser);
-+ if (level != dlevel) free(level);
-+ free(dlevel);
-+ free(usercon);
++.BR selinux "(8)"
+
-+ return 0;
-+}
Index: libselinux.spec
===================================================================
RCS file: /cvs/dist/rpms/libselinux/FC-6/libselinux.spec,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- libselinux.spec 15 Jan 2007 15:34:10 -0000 1.233
+++ libselinux.spec 5 Apr 2007 16:45:45 -0000 1.234
@@ -2,7 +2,7 @@
Summary: SELinux library and simple utilities
Name: libselinux
Version: 1.33.4
-Release: 2%{?dist}
+Release: 3%{?dist}
License: Public domain (uncopyrighted)
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -121,6 +121,9 @@
%{_libdir}/python*/site-packages/selinux.py*
%changelog
+* Thu Apr 5 2007 Dan Walsh <dwalsh at redhat.com> - 1.33.4-3
+- Fix rpm_execcon in python
+
* Fri Jan 12 2007 Dan Walsh <dwalsh at redhat.com> - 1.33.4-2
- Add reference to selinux man page in all man pages to make apropos work
Resolves: # 217881
More information about the fedora-cvs-commits
mailing list