diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500
@@ -75,9 +75,6 @@
Generate reference policy using installed macros.
This attempts to match denials against interfaces and may be inaccurate.
.TP
-.B "\-t " | "\-\-tefile"
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
-.TP
.B "\-w" | "\-\-why"
Translates SELinux audit messages into a description of why the access was denied
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/Makefile 2008-12-15 15:34:54.000000000 -0500
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.60/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/restorecond/restorecond.c 2008-12-15 15:34:54.000000000 -0500
@@ -283,6 +283,8 @@
inotify_rm_watch(fd, master_wd);
master_wd =
inotify_add_watch(fd, watch_file_path, IN_MOVED_FROM | IN_MODIFY);
+ if (master_wd == -1)
+ exitApp("Error watching config file.");
}
/*
@@ -411,7 +413,14 @@
if (!ptr)
exitApp("Out of Memory");
+
ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+ if (ptr->wd == -1) {
+ free(ptr);
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
+ path, strerror(errno));
+ return;
+ }
ptr->dir = strdup(dir);
if (!ptr->dir)
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.60/restorecond/utmpwatcher.c
--- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.60/restorecond/utmpwatcher.c 2008-12-15 15:34:54.000000000 -0500
@@ -57,7 +57,7 @@
utmp_ptr = NULL;
FILE *cfg = fopen(utmp_path, "r");
if (!cfg)
- exitApp("Error reading config file.");
+ exitApp("Error reading utmp file.");
while (fread(&u, sizeof(struct utmp), 1, cfg) > 0) {
if (u.ut_type == USER_PROCESS)
@@ -69,6 +69,9 @@
utmp_wd =
inotify_add_watch(inotify_fd, utmp_path, IN_MOVED_FROM | IN_MODIFY);
+ if (utmp_wd == -1)
+ exitApp("Error watching utmp file.");
+
if (prev_utmp_ptr) {
changed = strings_list_diff(prev_utmp_ptr, utmp_ptr);
strings_list_free(prev_utmp_ptr);
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.60/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2008-11-14 17:10:15.000000000 -0500
+++ policycoreutils-2.0.60/semanage/semanage 2009-01-13 08:55:07.000000000 -0500
@@ -219,6 +219,7 @@
'seuser=',
'store=',
'range=',
+ 'locallist=',
'level=',
'roles=',
'type=',
diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c
--- nsapolicycoreutils/semodule/semodule.c 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.60/semodule/semodule.c 2009-01-06 08:56:37.000000000 -0500
@@ -359,6 +359,9 @@
mode_arg);
}
result = semanage_module_remove(sh, mode_arg);
+ if ( result == -2 ) {
+ continue;
+ }
break;
}
case LIST_M:{