diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch index 0d673e9..e5759bf 100644 --- a/checkpolicy-rhat.patch +++ b/checkpolicy-rhat.patch @@ -1,3 +1,69 @@ +diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8 +index 40f73c5..2a7ab5c 100644 +--- a/checkpolicy/checkmodule.8 ++++ b/checkpolicy/checkmodule.8 +@@ -3,7 +3,7 @@ + checkmodule \- SELinux policy module compiler + .SH SYNOPSIS + .B checkmodule +-.I "[-h] [-b] [-m] [-M] [-U handle_unknown ] [-V] [-o output_file] [input_file]" ++.I "[\-h] [\-b] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]" + .SH "DESCRIPTION" + This manual page describes the + .BR checkmodule +@@ -12,7 +12,7 @@ command. + .B checkmodule + is a program that checks and compiles a SELinux security policy module + into a binary representation. It can generate either a base policy +-module (default) or a non-base policy module (-m option); typically, ++module (default) or a non-base policy module (\-m option); typically, + you would build a non-base policy module to add to an existing module + store that already has a base module provided by the base policy. Use + semodule_package to combine this module with its optional file +@@ -48,7 +48,7 @@ Specify how the kernel should handle unknown classes or permissions (deny, allow + .SH EXAMPLE + .nf + # Build a MLS/MCS-enabled non-base policy module. +-$ checkmodule -M -m httpd.te -o httpd.mod ++$ checkmodule \-M \-m httpd.te \-o httpd.mod + .fi + + .SH "SEE ALSO" +diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 +index 6826938..0086bdc 100644 +--- a/checkpolicy/checkpolicy.8 ++++ b/checkpolicy/checkpolicy.8 +@@ -3,7 +3,7 @@ + checkpolicy \- SELinux policy compiler + .SH SYNOPSIS + .B checkpolicy +-.I "[-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]" ++.I "[\-b] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]" + .br + .SH "DESCRIPTION" + This manual page describes the +@@ -14,7 +14,7 @@ command. + is a program that checks and compiles a SELinux security policy configuration + into a binary representation that can be loaded into the kernel. If no + input file name is specified, checkpolicy will attempt to read from +-policy.conf or policy, depending on whether the -b flag is specified. ++policy.conf or policy, depending on whether the \-b flag is specified. + + .SH OPTIONS + .TP +diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c +index 544f235..292f568 100644 +--- a/checkpolicy/checkpolicy.c ++++ b/checkpolicy/checkpolicy.c +@@ -402,7 +402,7 @@ int main(int argc, char **argv) + {"binary", no_argument, NULL, 'b'}, + {"debug", no_argument, NULL, 'd'}, + {"version", no_argument, NULL, 'V'}, +- {"handle-unknown", optional_argument, NULL, 'U'}, ++ {"handle-unknown", required_argument, NULL, 'U'}, + {"mls", no_argument, NULL, 'M'}, + {"help", no_argument, NULL, 'h'}, + {NULL, 0, NULL, 0} diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index bba7667..ab046cc 100644 --- a/checkpolicy/policy_scan.l @@ -11,3 +77,16 @@ index bba7667..ab046cc 100644 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {alnum}*{letter}{alnum}* { return(FILESYSTEM); } {digit}+|0x{hexval}+ { return(NUMBER); } +diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile +index 0731e89..63b4d24 100644 +--- a/checkpolicy/test/Makefile ++++ b/checkpolicy/test/Makefile +@@ -3,7 +3,7 @@ + # + PREFIX ?= $(DESTDIR)/usr + BINDIR=$(PREFIX)/bin +-LIBDIR=$(PREFIX)/lib ++LIBDIR ?= $(PREFIX)/lib + INCLUDEDIR ?= $(PREFIX)/include + + CFLAGS ?= -g -Wall -W -Werror -O2 -pipe diff --git a/checkpolicy.spec b/checkpolicy.spec index f7872a0..fcc1110 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -3,7 +3,7 @@ Summary: SELinux policy compiler Name: checkpolicy Version: 2.1.12 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 Group: Development/System Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz