--- libselinux-1.19.1/include/selinux/selinux.h.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/include/selinux/selinux.h	2004-11-19 11:21:37.514236820 -0500
@@ -176,7 +176,7 @@
 /* Match the specified media and against the media contexts 
    configuration and set *con to refer to the resulting context.
    Caller must free con via freecon. */
-extern int matchmediacon(const char *path,
+extern int matchmediacon(const char *media,
 		 security_context_t *con);
 
 /*
--- libselinux-1.19.1/utils/setsebool.c.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/utils/setsebool.c	2004-11-19 11:21:37.560231630 -0500
@@ -35,6 +35,8 @@
 
 	if (strcmp(argv[1], "-P") == 0) {
 		permanent = 1;
+		if (argc < 3) 
+			usage();
 		start = 2;
 	}
 	else
--- libselinux-1.19.1/utils/getsebool.c.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/utils/getsebool.c	2004-11-19 11:21:37.559231743 -0500
@@ -83,8 +83,14 @@
 			rc = -1;
 			goto out;
 		}
-		printf("%s --> active: %d pending: %d\n", names[i],
-		       active, pending);
+		if (pending != active) {
+			printf("%s --> %s pending: %s\n", names[i],
+			       ( active ? "active" : "inactive"),
+			       ( pending ? "active" : "inactive"));
+		} else {
+			printf("%s --> %s\n", names[i],
+			       ( active ? "active" : "inactive"));
+		}
 	}
 
 out:
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/utils/avcstat.c	2004-11-19 11:21:37.558231856 -0500
@@ -0,0 +1,224 @@
+/*
+ * avcstat - Display SELinux avc statistics.
+ *
+ * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <linux/limits.h>
+
+#define DEF_STAT_FILE	"/avc/cache_stats"
+#define DEF_BUF_SIZE	8192
+#define HEADERS		"lookups hits misses allocations reclaims frees"
+
+struct avc_cache_stats {
+	unsigned int lookups;
+	unsigned int hits;
+	unsigned int misses;
+	unsigned int allocations;
+	unsigned int reclaims;
+	unsigned int frees;
+};
+
+static int interval;
+static int rows;
+static char *progname;
+static char buf[DEF_BUF_SIZE];
+
+/* selinuxfs mount point */
+extern char *selinux_mnt;
+
+
+static void die(const char *msg, ...)
+{
+	va_list args;
+	
+	fputs("ERROR: ", stderr);
+	
+	va_start(args, msg);
+	vfprintf(stderr, msg, args);
+	va_end(args);
+	
+	if (errno)
+		fprintf(stderr, ": %s", strerror(errno));
+		
+	fputc('\n', stderr);
+	exit(1);
+}
+
+static void usage(void)
+{
+	printf("\nUsage: %s [-c] [-f status_file] [interval]\n\n", progname);
+	printf("Display SELinux AVC statistics.  If the interval parameter is specified, the\n");
+	printf("program will loop, displaying updated statistics every \'interval\' seconds.\n");
+	printf("Relative values are displayed by default. Use the -c option to specify the\n");
+	printf("display of cumulative values.  The -f option specifies the location of the\n");
+	printf("AVC statistics file, defaulting to \'%s\%s\'.\n\n", selinux_mnt, DEF_STAT_FILE);
+}
+
+static void set_window_rows(void)
+{
+	int ret;
+	struct winsize ws;
+	
+	ret = ioctl(fileno(stdout), TIOCGWINSZ, &ws);
+	if (ret < 0 || ws.ws_row < 3)
+		ws.ws_row = 24;
+	rows = ws.ws_row;
+}
+
+static void sighandler(int num)
+{
+	if (num == SIGWINCH)
+		set_window_rows();
+}
+
+int main(int argc, char **argv)
+{
+	int fd, i, cumulative = 0;
+	struct sigaction sa;
+	char avcstatfile[PATH_MAX];
+	snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);
+	progname = basename(argv[0]);
+	
+	while((i = getopt(argc, argv, "cf:h?-")) != -1) {
+		switch (i) {
+		case 'c':
+			cumulative = 1;
+			break;
+		case 'f':
+			strncpy(avcstatfile, optarg, sizeof avcstatfile);
+			break;
+		case 'h':
+		case '-':
+			usage();
+			exit(0);
+		default:
+			usage();
+			die("unrecognized parameter", i);
+		}
+	}
+
+	if (optind < argc) {
+		char *arg = argv[optind];
+		unsigned int n = strtoul(arg, NULL, 10);
+		
+		if (errno == ERANGE) {
+			usage();
+			die("invalid interval \'%s\'", arg);
+		}
+		if (n == 0) {
+			usage();
+			exit (0);
+		}
+		interval = n;
+	}
+	
+	sa.sa_handler = sighandler;
+	sa.sa_flags = SA_RESTART;
+
+	i = sigaction(SIGWINCH, &sa, NULL);
+	if (i < 0)
+		die("sigaction");
+	
+	set_window_rows();
+	fd = open(avcstatfile, O_RDONLY);
+	if (fd < 0)
+		die("open: \'%s\'", avcstatfile);
+	
+	for (i = 0;; i++) {
+		char *line;
+		ssize_t ret, parsed = 0;
+		struct avc_cache_stats tot, rel, last;
+		
+		memset(buf, 0, DEF_BUF_SIZE);
+		ret = read(fd, buf, DEF_BUF_SIZE);
+		if (ret < 0)
+			die("read");
+			
+		if (ret == 0)
+			die("read: \'%s\': unexpected end of file", avcstatfile);
+
+		line = strtok(buf, "\n");
+		if (!line)
+			die("unable to parse \'%s\': end of line not found", avcstatfile); 
+
+		if (strcmp(line, HEADERS))
+			die("unable to parse \'%s\': invalid headers", avcstatfile);
+
+		if (!i || !(i % (rows - 2)))
+			printf("%10s %10s %10s %10s %10s %10s\n", "lookups",
+			       "hits", "misses", "allocs", "reclaims", "frees");
+
+		memset(&tot, 0, sizeof(tot));
+		
+		while ((line = strtok(NULL, "\n"))) {
+			struct avc_cache_stats tmp;
+			
+			ret = sscanf(line, "%u %u %u %u %u %u",
+				     &tmp.lookups,
+				     &tmp.hits,
+				     &tmp.misses,
+				     &tmp.allocations,
+				     &tmp.reclaims,
+				     &tmp.frees);
+			if (ret != 6)
+				die("unable to parse \'%s\': scan error", avcstatfile);
+			
+			tot.lookups += tmp.lookups;
+			tot.hits += tmp.hits;
+			tot.misses += tmp.misses;
+			tot.allocations += tmp.allocations;
+			tot.reclaims += tmp.reclaims;
+			tot.frees += tmp.frees;
+			parsed = 1;
+		}
+
+		if (!parsed)
+			die("unable to parse \'%s\': no data", avcstatfile);
+
+		if (cumulative || (!cumulative && !i))
+			printf("%10u %10u %10u %10u %10u %10u\n",
+			       tot.lookups, tot.hits, tot.misses,
+			       tot.allocations, tot.reclaims, tot.frees);
+		else {
+			rel.lookups = tot.lookups - last.lookups;
+			rel.hits = tot.hits - last.hits;
+			rel.misses = tot.misses - last.misses;
+			rel.allocations = tot.allocations - last.allocations;
+			rel.reclaims = tot.reclaims - last.reclaims;
+			rel.frees = tot.frees - last.frees;
+			printf("%10u %10u %10u %10u %10u %10u\n",
+			       rel.lookups, rel.hits, rel.misses,
+			       rel.allocations, rel.reclaims, rel.frees);
+		}
+		
+		if (!interval)
+			break;
+
+		memcpy(&last, &tot, sizeof(last));
+		sleep(interval);
+
+		ret = lseek(fd, 0, 0);
+		if (ret < 0)
+			die("lseek");
+	}
+
+	close(fd);
+	return 0;
+}
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/rpm_execcon.3	2004-11-19 11:21:37.534234563 -0500
@@ -0,0 +1 @@
+.so man3/getexeccon.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_media_context_path.3	2004-11-19 11:21:37.551232645 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_user_get.3	2004-11-19 11:21:37.524235691 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- libselinux-1.19.1/man/man3/getcon.3.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/getcon.3	2004-11-19 11:21:37.526235466 -0500
@@ -8,7 +8,9 @@
 .br 
 .BI "int getprevcon(security_context_t *" context );
 .br
-.BI "int getpidcon(pid_t pid, security_context_t *" context );
+.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
+.br
+.BI "int getpeercon(int " fd ", security_context_t *" context);
 
 .SH "DESCRIPTION"
 .B getcon
@@ -21,6 +23,9 @@
 .B getpidcon
 returns the process context for the specified PID.
 
+.B getpeercon
+retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.
+
 .SH "RETURN VALUE"
 On error -1 is returned.  On success 0 is returned.
 
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_user_set.3	2004-11-19 11:21:37.525235579 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/getpeercon.3	2004-11-19 11:21:37.530235014 -0500
@@ -0,0 +1 @@
+.so man3/getcon.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_type_set.3	2004-11-19 11:21:37.523235804 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- libselinux-1.19.1/man/man3/get_ordered_context_list.3.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/get_ordered_context_list.3	2004-11-19 11:29:45.211209677 -0500
@@ -1,6 +1,6 @@
 .TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-get_ordered_context_list, get_default_context, query_user_context \- determine context(s) for user login sessions
+get_ordered_context_list, get_default_context, get_default_context_with_role, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user login sessions
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -11,10 +11,13 @@
 .sp
 .BI "int get_default_context(const char *" user ", security_context_t "fromcon ", security_context_t *" newcon );
 .sp
+.BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
+.sp
 .BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );
 .sp
 .BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );
-
+.sp
+.BI "int get_default_type(const char *" role ", char **" type );
 
 .SH "DESCRIPTION"
 .B get_ordered_context_list
@@ -31,14 +34,26 @@
 is the same as get_ordered_context_list but only returns a single context
 which has to be freed with freecon.
 
+.B get_default_context_with_role
+Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.
+
+NOTE get_default_context_with_role is the same as get_default_context
+except that it only returns a context with the specified role, returning
+-1 if no such context is reachable for that user.
+
 .B query_user_context
 takes a list of contexts, queries the user via stdin/stdout as to which context
 they want, and returns a new context as selected by the user (which has to be
 freed with freecon).
 
 .B manual_user_enter_context
-allows the user to manually enter a context as a fallback if a list of
-authorized contexts could not be obtained. Caller must free via freecon.
+allows the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon.
+
+.B get_default_type
+Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.
+
+.B get_default_context_with_role
+Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.
 
 .SH "RETURN VALUE"
 0 for success and on error -1 is returned.
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_free.3	2004-11-19 11:21:37.515236707 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- libselinux-1.19.1/man/man3/getexeccon.3.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/getexeccon.3	2004-11-19 11:21:37.528235240 -0500
@@ -8,6 +8,8 @@
 .BI "int getexeccon(security_context_t *" context );
 .br 
 .BI "int setexeccon(security_context_t "context );
+.br 
+.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
 
 .SH "DESCRIPTION"
 .B getexeccon
@@ -31,6 +33,11 @@
 
 Note: Signal handlers that perform an execve must take care to
 save, reset, and restore the exec context to avoid unexpected behaviors.
+.br
+
+.B rpm_execcon
+Execute a helper for rpm in an appropriate security context.
+
 .SH "RETURN VALUE"
 On error -1 is returned.
 
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_range_set.3	2004-11-19 11:21:37.519236255 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_commit_booleans.3	2004-11-19 11:21:37.535234450 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_set_boolean.3	2004-11-19 11:21:37.542233661 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_failsafe_context_path.3	2004-11-19 11:21:37.549232871 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_pending.3	2004-11-19 11:21:37.540233886 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_role_set.3	2004-11-19 11:21:37.521236030 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_range_get.3	2004-11-19 11:21:37.518236368 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_role_get.3	2004-11-19 11:21:37.520236143 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_active.3	2004-11-19 11:21:37.537234225 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_removable_context_path.3	2004-11-19 11:21:37.552232532 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/set_matchpathcon_printf.3	2004-11-19 11:21:37.555232194 -0500
@@ -0,0 +1 @@
+.so man3/matchpathcon.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_new.3	2004-11-19 11:23:54.697758320 -0500
@@ -0,0 +1,56 @@
+.TH "context_new" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+context_new, context_str, context_free, context_type_get, context_type_set, context_range_get, context_range_set,context_role_get, context_role_set, context_user_get, context_user_set \- Routines to manipulate SELinux security contexts
+
+.SH "SYNOPSIS"
+.B #include <selinux/context.h>
+.br 
+.B "context_t context_new(const char *" context_str );
+.br 
+.B "const char * context_str(context_t " con );
+.br 
+.B "void context_free(context_t " con );
+.br 
+.B "const char * context_type_get(context_t " con );
+.br 
+.B "const char * context_range_get(context_t " con );
+.br 
+.B "const char * context_role_get(context_t " con );
+.br 
+.B "const char * context_user_get(context_t " con );
+.br 
+.B "const char * context_type_set(context_t " con ", const char* " type);
+.br 
+.B "const char * context_range_set(context_t " con ", const char* " range);
+.br 
+.B "const char * context_role_set(context_t " con ", const char* " role );
+.br 
+.B "const char * context_user_set(context_t " con ", const char* " user );
+
+.SH "DESCRIPTION"
+ Functions to deal with security contexts in user space.
+
+context_new
+ Return a new context initialized to a context string 
+
+context_str
+Return a pointer to the string value of the context_t
+Valid until the next call to context_str or context_free 
+for the same context_t*
+
+context_free
+Free the storage used by a context
+
+context_type_get, context_range_get, context_role_get, context_user_get
+Get a pointer to the string value of a context component
+
+NOTE: Values returned by the get functions are only valid until the next call 
+to a set function or context_free() for the same context_t structure.
+
+context_type_set, context_range_set, context_role_set, context_user_set
+Set a context component
+
+.SH "RETURN VALUE"
+On success, zero is returned. On failure, -1 is returned and errno is
+set appropriately.
+
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_type_get.3	2004-11-19 11:21:37.522235917 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_names.3	2004-11-19 11:21:37.539233999 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_booleans_path.3	2004-11-19 11:21:37.545233322 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/checkPasswdAccess.3	2004-11-19 11:21:37.514236820 -0500
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
--- libselinux-1.19.1/man/man3/security_compute_av.3.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_compute_av.3	2004-11-19 11:32:59.943237946 -0500
@@ -15,6 +15,8 @@
 .BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
 .sp
 .BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
+.sp
+.BI "int checkPasswdAccess(access_vector_t " requested );
 
 .SH "DESCRIPTION"
 .B security_compute_av
@@ -42,6 +44,9 @@
 source context. Is mainly used by
 .B get_ordered_context_list.
 
+.B checkPasswdAccess
+This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
+
 .SH "RETURN VALUE"
 0 for success and on error -1 is returned.
 
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_binary_policy_path.3	2004-11-19 11:21:37.544233435 -0500
@@ -0,0 +1,75 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+selinux_binary_policy_path,selinux_failsafe_context_path,selinux_removable_context_path,selinux_default_context_path, selinux_user_contexts_path, selinux_file_context_path, selinux_media_context_path, selinux_contexts_path, selinux_booleans_path
+.sp
+These functions return the paths to specific files under the 
+   policy root directory.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.br
+extern const char *selinux_binary_policy_path(void);
+.br
+extern const char *selinux_failsafe_context_path(void);
+.br
+extern const char *selinux_removable_context_path(void);
+.br
+extern const char *selinux_default_context_path(void);
+.br
+extern const char *selinux_user_contexts_path(void);
+.br
+extern const char *selinux_file_context_path(void);
+.br
+extern const char *selinux_media_context_path(void);
+.br
+extern const char *selinux_contexts_path(void);
+.br
+extern const char *selinux_booleans_path(void);
+
+
+.SH "DESCRIPTION"
+
+These functions return the paths to specific files under the 
+   policy root directory.
+
+.br
+selinux_binary_policy_path
+.br
+Default Binary Policy
+.sp
+selinux_failsafe_context_path
+.br
+Default failsafe context file
+.sp
+selinux_removable_context_path
+.br
+Default removeable context file
+.sp
+selinux_default_context_path
+.br
+Default context used by login programs and daemons that assume user roles.
+.sp
+selinux_user_contexts_path
+.br
+Default user context file; used by login programs for default login context
+.sp
+selinux_file_context_path
+.br
+Default file context file used restorecon
+.sp
+selinux_media_context_path
+.br
+Default media context file use to set contexts on media devices (cdrom, floppies)
+.sp
+selinux_contexts_path 
+.br 
+Parent directory of context files
+.sp
+selinux_booleans_path
+.br 
+Boolean file path, used by boolean manipulation tools
+
+.SH AUTHOR	
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_contexts_path.3	2004-11-19 11:21:37.546233209 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_file_context_path.3	2004-11-19 11:21:37.550232758 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/matchmediacon.3	2004-11-19 11:32:02.685698348 -0500
@@ -0,0 +1,26 @@
+.TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
+matchmediacon \- get the default security context for the specified mediatype from the policy.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
+.br 
+
+.SH "DESCRIPTION"
+.br
+.B matchmediacon 
+matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context. 
+.sp
+.br
+.B Note: 
+   Caller must free returned security context "con" using freecon.
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise.
+
+.SH Files
+/etc/selinux/POLICYTYPE/contexts/files/media
+
+.SH "SEE ALSO"
+.BR freecon "(3)
--- libselinux-1.19.1/man/man3/matchpathcon.3.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/matchpathcon.3	2004-11-19 11:21:37.533234676 -0500
@@ -5,17 +5,22 @@
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
-.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);"
+.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
 .br 
+.BI "void set_matchpathcon_printf(void (*f)(const char *fmt, ...));"
 
 .SH "DESCRIPTION"
 .br
 .B matchpathcon 
 matches the specified pathname and mode against the file contexts configuration and sets the security context "con" to refer to the resulting context. "mode" can be 0 to disable mode matching, but should be provided whenever possible, as it may affect the matching.
-.sp
-.br
 .B Note: 
    Caller must free returned security context "con" using freecon.
+
+.B set_matchpathcon_printf
+
+Set the function used by matchpathcon when displaying errors about the file_contexts configuration.  If not set, then this defaults to fprintf(stderr, fmt, ...).
+.sp
+.br
 .SH "RETURN VALUE"
 Returns 0 on success or -1 otherwise.
 
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_load_booleans.3	2004-11-19 11:35:47.204365772 -0500
@@ -0,0 +1,61 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+security_load_booleans, security_set_boolean, security_commit_booleans, 
+security_get_boolean_names, security_get_boolean_active, security_get_boolean_pending 
+.sp
+routines for manipulating SELinux boolean values
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+extern int security_load_booleans(char *path);
+.br
+extern int security_get_boolean_names(char ***names, int *len);
+.br
+extern int security_get_boolean_pending(const char *name);
+.br
+extern int security_get_boolean_active(const char *name);
+.br
+extern int security_set_boolean(const char *name, int value);
+.br
+extern int security_commit_booleans(void);
+
+
+.SH "DESCRIPTION"
+
+The SELinux policy can include conditional rules that are enabled or
+disabled based on the current values of a set of policy booleans.
+These policy booleans allow runtime modification of the security
+policy without having to load a new policy.  
+
+The SELinux API allows for a transaction based update.  So you can set several boolean values and the commit them all at once.
+
+security_load_booleans
+.br
+Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
+
+security_get_boolean_names
+.br
+Returns a list of boolean names, currently supported by the loaded policy.
+
+security_set_boolean 
+.br
+Sets the pending value for boolean 
+
+security_get_boolean_pending
+.br
+Return pending value for boolean
+
+security_get_boolean_active
+.br
+Return active value for boolean
+
+security_commit_booleans
+.br
+Commit all pending values for the booleans.
+
+.SH AUTHOR	
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+getsebool(8), booleans(8), togglesebool(8)
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_default_context_path.3	2004-11-19 11:21:37.547233097 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/get_default_context_with_role.3	2004-11-19 11:21:37.527235353 -0500
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_user_contexts_path.3	2004-11-19 11:21:37.554232307 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- libselinux-1.19.1/man/man8/getsebool.8.rhat	2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man8/getsebool.8	2004-11-19 11:21:37.557231968 -0500
@@ -8,13 +8,12 @@
 
 .SH "DESCRIPTION"
 .B getsebool 
-reports the current state of either a particular SELinux boolean or
-all SELinux booleans.  The state consists of two values, the active
-value and the pending value.  The active value indicates the value
-that is presently applied to the policy.  The pending value indicates
+reports where a particular SELinux boolean or
+all SELinux booleans are active or inactive.  
+In certain situations a boolean can be in one state with a pending 
+change to the other state.  getsebool will report this as a pending change.
+The pending value indicates
 the value that will be applied upon the next boolean commit.
-Typically, these values will be the same; they only differ when in the
-middle of a boolean change transaction.
 
 The setting of boolean values occurs in two stages; first the pending
 value is changed, then the booleans are committed, causing their
--- /dev/null	2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man8/avcstat.8	2004-11-19 11:21:37.556232081 -0500
@@ -0,0 +1,28 @@
+.TH "avcstat" "8" "18 Nov 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+avcstat \- Display SELinux AVC statistics
+
+.SH "SYNOPSIS"
+.B avcstat
+.I [-c] [-f status_file] [interval]
+
+.SH "DESCRIPTION"
+.B avcstat 
+
+Display SELinux AVC statistics.  If the interval parameter is specified, the
+program will loop, displaying updated statistics every 'interval' seconds.
+Relative values are displayed by default. 
+
+.SH OPTIONS
+.TP
+.B \-c
+Display the cumulative values.
+
+.TP
+.B \-f
+Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
+
+.SH AUTHOR	
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by James Morris <jmorris@redhat.com>.
+