From 7959ef108b5eefa988877d22ad9a4eb0e9388d45 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Dec 21 2011 18:09:52 +0000
Subject: Update to upstream

	* Fix setenforce man page to refer to selinux man page
	* Cleanup Man pages
	* merge freecon with getcon man page

---

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 5e11a60..54defd3 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -95,33 +95,6 @@ index 8674e37..89bb4d3 100644
  .BR selinux_set_callback (3),
  .BR selinux (8)
 -
-diff --git a/libselinux/man/man8/setenforce.8 b/libselinux/man/man8/setenforce.8
-index 8a010d6..639883e 100644
---- a/libselinux/man/man8/setenforce.8
-+++ b/libselinux/man/man8/setenforce.8
-@@ -6,18 +6,14 @@ setenforce \- modify the mode SELinux is running in.
- 
- .SH "DESCRIPTION"
- Use Enforcing or 1 to put SELinux in enforcing mode.
-+.br
- Use Permissive or 0 to put SELinux in permissive mode.
--You need to modify 
--.I /etc/grub.conf
--or
--.I /etc/selinux/config
--to disable SELinux.
-+
-+If SELinux is disabled and you want to enable it, or SELinux is enabled and you want to disable it, please see 
-+.B selinux(8).
- 
- .SH AUTHOR	
- Dan Walsh, <dwalsh@redhat.com>
- 
- .SH "SEE ALSO"
- selinux(8), getenforce(8), selinuxenabled(8)
--
--.SH FILES
--/etc/grub.conf, /etc/selinux/config
 diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c
 index b245364..7c47222 100644
 --- a/libselinux/src/callbacks.c
@@ -134,72 +107,8 @@ index b245364..7c47222 100644
  	va_start(ap, fmt);
  	rc = vfprintf(stderr, fmt, ap);
  	va_end(ap);
-diff --git a/libselinux/src/label.c b/libselinux/src/label.c
-index f1c9a25..a9e0853 100644
---- a/libselinux/src/label.c
-+++ b/libselinux/src/label.c
-@@ -184,6 +184,12 @@ selabel_lookup_common(struct selabel_handle *rec, int translating,
- 		      const char *key, int type)
- {
- 	struct selabel_lookup_rec *lr;
-+
-+	if (key == NULL) {
-+		errno = EINVAL;
-+		return NULL;
-+	}
-+
- 	char *ptr = selabel_sub(rec->subs, key);
- 	if (ptr) {
- 		lr = rec->func_lookup(rec, ptr, type); 
-@@ -194,7 +200,7 @@ selabel_lookup_common(struct selabel_handle *rec, int translating,
- 	if (!lr)
- 		return NULL;
- 
--	if (compat_validate(rec, lr, "file_contexts", 0))
-+	if (compat_validate(rec, lr, rec->spec_file, 0))
- 		return NULL;
- 
- 	if (translating && !lr->ctx_trans &&
-@@ -234,6 +240,7 @@ void selabel_close(struct selabel_handle *rec)
- {
- 	selabel_subs_fini(rec->subs);
- 	rec->func_close(rec);
-+	free(rec->spec_file);
- 	free(rec);
- }
- 
-diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
-index 7afacf0..ab0696a 100644
---- a/libselinux/src/label_db.c
-+++ b/libselinux/src/label_db.c
-@@ -230,7 +230,7 @@ db_stats(struct selabel_handle *rec)
-  * selabel_open() handler
-  */
- static catalog_t *
--db_init(struct selinux_opt *opts, unsigned nopts)
-+db_init(struct selinux_opt *opts, unsigned nopts, struct selabel_handle *rec)
- {
- 	catalog_t      *catalog;
- 	FILE	       *filp;
-@@ -275,6 +275,7 @@ db_init(struct selinux_opt *opts, unsigned nopts)
- 		free(catalog);
- 		return NULL;
- 	}
-+	rec->spec_file = strdup(path);
- 
- 	/*
- 	 * Parse for each lines
-@@ -332,7 +333,7 @@ int selabel_db_init(struct selabel_handle *rec,
- 	rec->func_close = &db_close;
- 	rec->func_lookup = &db_lookup;
- 	rec->func_stats = &db_stats;
--	rec->data = db_init(opts, nopts);
-+	rec->data = db_init(opts, nopts, rec);
- 
- 	return !rec->data ? -1 : 0;
- }
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index ac11b37..82a608c 100644
+index 7bc46cc..82a608c 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
 @@ -27,6 +27,7 @@
@@ -272,15 +181,7 @@ index ac11b37..82a608c 100644
  			break;
  		case SELABEL_OPT_BASEONLY:
  			baseonly = !!opts[n].value;
-@@ -462,6 +479,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
- 		if (localfp != NULL)
- 			__fsetlocking(localfp, FSETLOCKING_BYCALLER);
- 	}
-+	rec->spec_file = strdup(path);
- 
- 	/* 
- 	 * Perform two passes over the specification file.
-@@ -480,7 +498,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+@@ -481,7 +498,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
  		while (getline(&line_buf, &line_len, fp) > 0) {
  			if (data->nspec >= maxnspec)
  				break;
@@ -289,7 +190,7 @@ index ac11b37..82a608c 100644
  			if (status)
  				goto finish;
  		}
-@@ -496,7 +514,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+@@ -497,7 +514,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
  			while (getline(&line_buf, &line_len, homedirfp) > 0) {
  				if (data->nspec >= maxnspec)
  					break;
@@ -298,7 +199,7 @@ index ac11b37..82a608c 100644
  				if (status)
  					goto finish;
  			}
-@@ -506,7 +524,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+@@ -507,7 +524,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
  			while (getline(&line_buf, &line_len, localfp) > 0) {
  				if (data->nspec >= maxnspec)
  					break;
@@ -307,49 +208,8 @@ index ac11b37..82a608c 100644
  				if (status)
  					goto finish;
  			}
-diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
-index 02dbe73..79d5495 100644
---- a/libselinux/src/label_internal.h
-+++ b/libselinux/src/label_internal.h
-@@ -59,6 +59,12 @@ struct selabel_handle {
- 	/* supports backend-specific state information */
- 	void *data;
- 
-+	/*
-+	 * The main spec file used. Note for file contexts the local and/or
-+	 * homedirs could also have been used to resolve a context.
-+	 */
-+	char *spec_file;
-+
- 	/* substitution support */
- 	struct selabel_sub *subs;
- };
-diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
-index f8986e4..227785f 100644
---- a/libselinux/src/label_media.c
-+++ b/libselinux/src/label_media.c
-@@ -100,6 +100,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
- 		errno = EINVAL;
- 		return -1;
- 	}
-+	rec->spec_file = strdup(path);
- 
- 	/* 
- 	 * Perform two passes over the specification file.
-diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
-index a9bfaa5..896ef02 100644
---- a/libselinux/src/label_x.c
-+++ b/libselinux/src/label_x.c
-@@ -127,6 +127,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
- 		errno = EINVAL;
- 		return -1;
- 	}
-+	rec->spec_file = strdup(path);
- 
- 	/* 
- 	 * Perform two passes over the specification file.
 diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
-index c396add..c625f55 100644
+index 48f7a11..c625f55 100644
 --- a/libselinux/src/matchpathcon.c
 +++ b/libselinux/src/matchpathcon.c
 @@ -2,6 +2,7 @@
@@ -403,24 +263,6 @@ index c396add..c625f55 100644
  hidden_def(matchpathcon_init_prefix)
  
  int matchpathcon_init(const char *path)
-@@ -531,9 +539,14 @@ int compat_validate(struct selabel_handle *rec,
- 	else {
- 		rc = selabel_validate(rec, contexts);
- 		if (rc < 0) {
--			COMPAT_LOG(SELINUX_WARNING,
--				    "%s:  line %d has invalid context %s\n",
--				    path, lineno, *ctx);
-+			if (lineno) {
-+				COMPAT_LOG(SELINUX_WARNING,
-+					    "%s: line %d has invalid context %s\n",
-+						path, lineno, *ctx);
-+			} else {
-+				COMPAT_LOG(SELINUX_WARNING,
-+					    "%s: has invalid context %s\n", path, *ctx);
-+			}
- 		}
- 	}
- 
 diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
 index 710396a..9a3fc14 100644
 --- a/libselinux/src/selinux_internal.h