From 13a8a0f727d85014a026e0777f4bfb73aab00edc Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: May 17 2014 11:02:12 +0000
Subject: Update to upstream


	* Get rid of security_context_t and fix const declarations.
	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.

---

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 87baefe..3c2e965 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,6 +1,18 @@
-diff -up libselinux-2.3/golang/Makefile.rhat libselinux-2.3/golang/Makefile
---- libselinux-2.3/golang/Makefile.rhat	2014-05-06 14:23:28.320639312 -0400
-+++ libselinux-2.3/golang/Makefile	2014-05-06 14:23:28.320639312 -0400
+diff --git a/libselinux/Makefile b/libselinux/Makefile
+index 6142b60..bdf9de8 100644
+--- a/libselinux/Makefile
++++ b/libselinux/Makefile
+@@ -1,4 +1,4 @@
+-SUBDIRS = src include utils man
++SUBDIRS = src include utils man golang
+ 
+ DISABLE_AVC ?= n
+ DISABLE_SETRANS ?= n
+diff --git a/libselinux/golang/Makefile b/libselinux/golang/Makefile
+new file mode 100644
+index 0000000..b75677b
+--- /dev/null
++++ b/libselinux/golang/Makefile
 @@ -0,0 +1,22 @@
 +# Installation directories.
 +PREFIX ?= $(DESTDIR)/usr
@@ -24,9 +36,11 @@ diff -up libselinux-2.3/golang/Makefile.rhat libselinux-2.3/golang/Makefile
 +indent:
 +
 +relabel:
-diff -up libselinux-2.3/golang/selinux.go.rhat libselinux-2.3/golang/selinux.go
---- libselinux-2.3/golang/selinux.go.rhat	2014-05-06 14:23:28.321639313 -0400
-+++ libselinux-2.3/golang/selinux.go	2014-05-06 14:23:28.321639313 -0400
+diff --git a/libselinux/golang/selinux.go b/libselinux/golang/selinux.go
+new file mode 100644
+index 0000000..34bf6bb
+--- /dev/null
++++ b/libselinux/golang/selinux.go
 @@ -0,0 +1,412 @@
 +package selinux
 +
@@ -440,9 +454,11 @@ diff -up libselinux-2.3/golang/selinux.go.rhat libselinux-2.3/golang/selinux.go
 +	fmt.Println(Getfscreatecon())
 +	fmt.Println(Getpidcon(1))
 +}
-diff -up libselinux-2.3/golang/test.go.rhat libselinux-2.3/golang/test.go
---- libselinux-2.3/golang/test.go.rhat	2014-05-06 14:23:28.321639313 -0400
-+++ libselinux-2.3/golang/test.go	2014-05-06 14:23:28.321639313 -0400
+diff --git a/libselinux/golang/test.go b/libselinux/golang/test.go
+new file mode 100644
+index 0000000..fed6de8
+--- /dev/null
++++ b/libselinux/golang/test.go
 @@ -0,0 +1,9 @@
 +package main
 +
@@ -453,18 +469,10 @@ diff -up libselinux-2.3/golang/test.go.rhat libselinux-2.3/golang/test.go
 +func main() {
 +	selinux.Test()
 +}
-diff -up libselinux-2.3/Makefile.rhat libselinux-2.3/Makefile
---- libselinux-2.3/Makefile.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/Makefile	2014-05-06 14:23:28.319639311 -0400
-@@ -1,4 +1,4 @@
--SUBDIRS = src include utils man
-+SUBDIRS = src include utils man golang
- 
- DISABLE_AVC ?= n
- DISABLE_SETRANS ?= n
-diff -up libselinux-2.3/man/man3/getfscreatecon.3.rhat libselinux-2.3/man/man3/getfscreatecon.3
---- libselinux-2.3/man/man3/getfscreatecon.3.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/man/man3/getfscreatecon.3	2014-05-06 14:23:28.321639313 -0400
+diff --git a/libselinux/man/man3/getfscreatecon.3 b/libselinux/man/man3/getfscreatecon.3
+index e348d3b..8cc4df5 100644
+--- a/libselinux/man/man3/getfscreatecon.3
++++ b/libselinux/man/man3/getfscreatecon.3
 @@ -49,6 +49,11 @@ Signal handlers that perform a
  must take care to
  save, reset, and restore the fscreate context to avoid unexpected behavior.
@@ -477,9 +485,10 @@ diff -up libselinux-2.3/man/man3/getfscreatecon.3.rhat libselinux-2.3/man/man3/g
  .SH "RETURN VALUE"
  On error \-1 is returned.
  On success 0 is returned.
-diff -up libselinux-2.3/man/man3/getkeycreatecon.3.rhat libselinux-2.3/man/man3/getkeycreatecon.3
---- libselinux-2.3/man/man3/getkeycreatecon.3.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/man/man3/getkeycreatecon.3	2014-05-06 14:23:28.322639314 -0400
+diff --git a/libselinux/man/man3/getkeycreatecon.3 b/libselinux/man/man3/getkeycreatecon.3
+index 4d70f10..b51008d 100644
+--- a/libselinux/man/man3/getkeycreatecon.3
++++ b/libselinux/man/man3/getkeycreatecon.3
 @@ -48,6 +48,10 @@ Signal handlers that perform a
  .BR setkeycreatecon ()
  must take care to
@@ -491,9 +500,10 @@ diff -up libselinux-2.3/man/man3/getkeycreatecon.3.rhat libselinux-2.3/man/man3/
  .
  .SH "RETURN VALUE"
  On error \-1 is returned.
-diff -up libselinux-2.3/man/man3/getsockcreatecon.3.rhat libselinux-2.3/man/man3/getsockcreatecon.3
---- libselinux-2.3/man/man3/getsockcreatecon.3.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/man/man3/getsockcreatecon.3	2014-05-06 14:23:28.322639314 -0400
+diff --git a/libselinux/man/man3/getsockcreatecon.3 b/libselinux/man/man3/getsockcreatecon.3
+index 4dd8f30..26086d9 100644
+--- a/libselinux/man/man3/getsockcreatecon.3
++++ b/libselinux/man/man3/getsockcreatecon.3
 @@ -49,6 +49,11 @@ Signal handlers that perform a
  must take care to
  save, reset, and restore the sockcreate context to avoid unexpected behavior.
@@ -506,10 +516,11 @@ diff -up libselinux-2.3/man/man3/getsockcreatecon.3.rhat libselinux-2.3/man/man3
  .SH "RETURN VALUE"
  On error \-1 is returned.
  On success 0 is returned.
-diff -up libselinux-2.3/man/man8/selinux.8.rhat libselinux-2.3/man/man8/selinux.8
---- libselinux-2.3/man/man8/selinux.8.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/man/man8/selinux.8	2014-05-06 14:23:28.322639314 -0400
-@@ -74,7 +74,7 @@ The best way to relabel the file system
+diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
+index e89b1ef..9e3bdc4 100644
+--- a/libselinux/man/man8/selinux.8
++++ b/libselinux/man/man8/selinux.8
+@@ -74,7 +74,7 @@ The best way to relabel the file system is to create the flag file
  and reboot.
  .BR system\-config\-selinux ,
  also has this capability.  The
@@ -518,9 +529,23 @@ diff -up libselinux-2.3/man/man8/selinux.8.rhat libselinux-2.3/man/man8/selinux.
  commands are also available for relabeling files.
  .
  .SH AUTHOR	
-diff -up libselinux-2.3/src/avc_sidtab.c.rhat libselinux-2.3/src/avc_sidtab.c
---- libselinux-2.3/src/avc_sidtab.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/avc_sidtab.c	2014-05-06 14:23:28.323639315 -0400
+diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
+index 4d07ba6..62c8dad 100644
+--- a/libselinux/src/Makefile
++++ b/libselinux/src/Makefile
+@@ -111,7 +111,7 @@ $(LIBA): $(OBJS)
+ 	$(RANLIB) $@
+ 
+ $(LIBSO): $(LOBJS)
+-	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
++	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ 	ln -sf $@ $(TARGET) 
+ 
+ $(LIBPC): $(LIBPC).in ../VERSION
+diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
+index 52f21df..66ad9e1 100644
+--- a/libselinux/src/avc_sidtab.c
++++ b/libselinux/src/avc_sidtab.c
 @@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s,
  	int hvalue, rc = 0;
  	struct sidtab_node *cur;
@@ -533,10 +558,11 @@ diff -up libselinux-2.3/src/avc_sidtab.c.rhat libselinux-2.3/src/avc_sidtab.c
  	*sid = NULL;
  	hvalue = sidtab_hash(ctx);
  
-diff -up libselinux-2.3/src/canonicalize_context.c.rhat libselinux-2.3/src/canonicalize_context.c
---- libselinux-2.3/src/canonicalize_context.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/canonicalize_context.c	2014-05-06 14:23:28.323639315 -0400
-@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(co
+diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
+index 7cf3139..364a746 100644
+--- a/libselinux/src/canonicalize_context.c
++++ b/libselinux/src/canonicalize_context.c
+@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const char * con,
  	size_t size;
  	int fd, ret;
  
@@ -548,10 +574,11 @@ diff -up libselinux-2.3/src/canonicalize_context.c.rhat libselinux-2.3/src/canon
  	if (!selinux_mnt) {
  		errno = ENOENT;
  		return -1;
-diff -up libselinux-2.3/src/check_context.c.rhat libselinux-2.3/src/check_context.c
---- libselinux-2.3/src/check_context.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/check_context.c	2014-05-06 14:23:28.324639316 -0400
-@@ -14,6 +14,11 @@ int security_check_context_raw(const cha
+diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c
+index 52063fa..234749c 100644
+--- a/libselinux/src/check_context.c
++++ b/libselinux/src/check_context.c
+@@ -14,6 +14,11 @@ int security_check_context_raw(const char * con)
  	char path[PATH_MAX];
  	int fd, ret;
  
@@ -563,10 +590,11 @@ diff -up libselinux-2.3/src/check_context.c.rhat libselinux-2.3/src/check_contex
  	if (!selinux_mnt) {
  		errno = ENOENT;
  		return -1;
-diff -up libselinux-2.3/src/compute_av.c.rhat libselinux-2.3/src/compute_av.c
---- libselinux-2.3/src/compute_av.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/compute_av.c	2014-05-06 14:23:28.324639316 -0400
-@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const
+diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
+index 937e5c3..35ace7f 100644
+--- a/libselinux/src/compute_av.c
++++ b/libselinux/src/compute_av.c
+@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const char * scon,
  		return -1;
  	}
  
@@ -578,10 +606,11 @@ diff -up libselinux-2.3/src/compute_av.c.rhat libselinux-2.3/src/compute_av.c
  	snprintf(path, sizeof path, "%s/access", selinux_mnt);
  	fd = open(path, O_RDWR);
  	if (fd < 0)
-diff -up libselinux-2.3/src/compute_create.c.rhat libselinux-2.3/src/compute_create.c
---- libselinux-2.3/src/compute_create.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/compute_create.c	2014-05-06 14:23:28.324639316 -0400
-@@ -64,6 +64,11 @@ int security_compute_create_name_raw(con
+diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
+index 9559d42..14a65d1 100644
+--- a/libselinux/src/compute_create.c
++++ b/libselinux/src/compute_create.c
+@@ -64,6 +64,11 @@ int security_compute_create_name_raw(const char * scon,
  		return -1;
  	}
  
@@ -593,10 +622,11 @@ diff -up libselinux-2.3/src/compute_create.c.rhat libselinux-2.3/src/compute_cre
  	snprintf(path, sizeof path, "%s/create", selinux_mnt);
  	fd = open(path, O_RDWR);
  	if (fd < 0)
-diff -up libselinux-2.3/src/compute_member.c.rhat libselinux-2.3/src/compute_member.c
---- libselinux-2.3/src/compute_member.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/compute_member.c	2014-05-06 14:23:28.325639317 -0400
-@@ -25,6 +25,11 @@ int security_compute_member_raw(const ch
+diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
+index 1fc7e41..065d996 100644
+--- a/libselinux/src/compute_member.c
++++ b/libselinux/src/compute_member.c
+@@ -25,6 +25,11 @@ int security_compute_member_raw(const char * scon,
  		return -1;
  	}
  
@@ -608,10 +638,11 @@ diff -up libselinux-2.3/src/compute_member.c.rhat libselinux-2.3/src/compute_mem
  	snprintf(path, sizeof path, "%s/member", selinux_mnt);
  	fd = open(path, O_RDWR);
  	if (fd < 0)
-diff -up libselinux-2.3/src/compute_relabel.c.rhat libselinux-2.3/src/compute_relabel.c
---- libselinux-2.3/src/compute_relabel.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/compute_relabel.c	2014-05-06 14:23:28.325639317 -0400
-@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const c
+diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
+index 4615aee..cc77f36 100644
+--- a/libselinux/src/compute_relabel.c
++++ b/libselinux/src/compute_relabel.c
+@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const char * scon,
  		return -1;
  	}
  
@@ -623,10 +654,11 @@ diff -up libselinux-2.3/src/compute_relabel.c.rhat libselinux-2.3/src/compute_re
  	snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
  	fd = open(path, O_RDWR);
  	if (fd < 0)
-diff -up libselinux-2.3/src/compute_user.c.rhat libselinux-2.3/src/compute_user.c
---- libselinux-2.3/src/compute_user.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/compute_user.c	2014-05-06 14:23:28.325639317 -0400
-@@ -24,6 +24,11 @@ int security_compute_user_raw(const char
+diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
+index b37c5d3..7703c26 100644
+--- a/libselinux/src/compute_user.c
++++ b/libselinux/src/compute_user.c
+@@ -24,6 +24,11 @@ int security_compute_user_raw(const char * scon,
  		return -1;
  	}
  
@@ -638,9 +670,10 @@ diff -up libselinux-2.3/src/compute_user.c.rhat libselinux-2.3/src/compute_user.
  	snprintf(path, sizeof path, "%s/user", selinux_mnt);
  	fd = open(path, O_RDWR);
  	if (fd < 0)
-diff -up libselinux-2.3/src/fsetfilecon.c.rhat libselinux-2.3/src/fsetfilecon.c
---- libselinux-2.3/src/fsetfilecon.c.rhat	2014-05-06 14:23:28.326639318 -0400
-+++ libselinux-2.3/src/fsetfilecon.c	2014-05-06 14:26:40.740860532 -0400
+diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
+index 52707d0..0cbe12d 100644
+--- a/libselinux/src/fsetfilecon.c
++++ b/libselinux/src/fsetfilecon.c
 @@ -9,8 +9,12 @@
  
  int fsetfilecon_raw(int fd, const char * context)
@@ -656,9 +689,10 @@ diff -up libselinux-2.3/src/fsetfilecon.c.rhat libselinux-2.3/src/fsetfilecon.c
  	if (rc < 0 && errno == ENOTSUP) {
  		char * ccontext = NULL;
  		int err = errno;
-diff -up libselinux-2.3/src/load_policy.c.rhat libselinux-2.3/src/load_policy.c
---- libselinux-2.3/src/load_policy.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/load_policy.c	2014-05-06 14:23:28.327639319 -0400
+diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
+index e419f1a..275672d 100644
+--- a/libselinux/src/load_policy.c
++++ b/libselinux/src/load_policy.c
 @@ -16,6 +16,82 @@
  #include <dlfcn.h>
  #include "policy.h"
@@ -742,7 +776,7 @@ diff -up libselinux-2.3/src/load_policy.c.rhat libselinux-2.3/src/load_policy.c
  
  int security_load_policy(void *data, size_t len)
  {
-@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebo
+@@ -55,7 +131,7 @@ int selinux_mkload_policy(int preservebools)
  	struct stat sb;
  	struct utsname uts;
  	size_t size;
@@ -834,10 +868,11 @@ diff -up libselinux-2.3/src/load_policy.c.rhat libselinux-2.3/src/load_policy.c
        close:
  	close(fd);
        dlclose:
-diff -up libselinux-2.3/src/lsetfilecon.c.rhat libselinux-2.3/src/lsetfilecon.c
---- libselinux-2.3/src/lsetfilecon.c.rhat	2014-05-06 14:23:28.327639319 -0400
-+++ libselinux-2.3/src/lsetfilecon.c	2014-05-06 14:26:36.094854847 -0400
-@@ -9,8 +9,12 @@
+diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
+index 1d3b28a..ea6d70b 100644
+--- a/libselinux/src/lsetfilecon.c
++++ b/libselinux/src/lsetfilecon.c
+@@ -9,8 +9,13 @@
  
  int lsetfilecon_raw(const char *path, const char * context)
  {
@@ -848,25 +883,15 @@ diff -up libselinux-2.3/src/lsetfilecon.c.rhat libselinux-2.3/src/lsetfilecon.c
 +		errno=EINVAL;
 +		return -1;
 +	}
++
 +	rc = lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0);
  	if (rc < 0 && errno == ENOTSUP) {
  		char * ccontext = NULL;
  		int err = errno;
-diff -up libselinux-2.3/src/Makefile.rhat libselinux-2.3/src/Makefile
---- libselinux-2.3/src/Makefile.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/Makefile	2014-05-06 14:23:28.323639315 -0400
-@@ -111,7 +111,7 @@ $(LIBA): $(OBJS)
- 	$(RANLIB) $@
- 
- $(LIBSO): $(LOBJS)
--	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
-+	$(CC) $(CFLAGS) -shared -o $@ $^ -lpcre -llzma -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
- 	ln -sf $@ $(TARGET) 
- 
- $(LIBPC): $(LIBPC).in ../VERSION
-diff -up libselinux-2.3/src/matchpathcon.c.rhat libselinux-2.3/src/matchpathcon.c
---- libselinux-2.3/src/matchpathcon.c.rhat	2014-05-06 14:21:26.000000000 -0400
-+++ libselinux-2.3/src/matchpathcon.c	2014-05-06 14:23:28.328639320 -0400
+diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
+index 3b96b1d..d5c90f6 100644
+--- a/libselinux/src/matchpathcon.c
++++ b/libselinux/src/matchpathcon.c
 @@ -2,6 +2,7 @@
  #include <string.h>
  #include <errno.h>
@@ -884,9 +909,10 @@ diff -up libselinux-2.3/src/matchpathcon.c.rhat libselinux-2.3/src/matchpathcon.
  	va_end(ap);
  }
  
-diff -up libselinux-2.3/src/setfilecon.c.rhat libselinux-2.3/src/setfilecon.c
---- libselinux-2.3/src/setfilecon.c.rhat	2014-05-06 14:23:28.328639320 -0400
-+++ libselinux-2.3/src/setfilecon.c	2014-05-06 14:26:47.670869020 -0400
+diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c
+index d05969c..3f0200e 100644
+--- a/libselinux/src/setfilecon.c
++++ b/libselinux/src/setfilecon.c
 @@ -9,8 +9,12 @@
  
  int setfilecon_raw(const char *path, const char * context)
diff --git a/libselinux.spec b/libselinux.spec
index a8d6eab..d5a5144 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -248,6 +248,12 @@ rm -rf %{buildroot}
 	* Get rid of security_context_t and fix const declarations.
 	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
 
+* Tue May 6 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.2.2-8
+- Add selinux_openssh_contexts_path()
+
+* Thu Apr 24 2014 Vít Ondruch <vondruch@redhat.com> - 2.2.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1
+
 * Mon Feb 24 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-6
 - Fix spelling mistake in man page