From 16cc0136dd84eca290d695c1388bd242bc02afb2 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mar 18 2011 21:53:12 +0000
Subject: Fix rsync command to work if the directory is old.

Fix all tests

---

diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 506acb0..6e09801 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1639,7 +1639,7 @@ index ff0ee7c..0c8a085 100644
  test:
  	@python test_sandbox.py -v
 diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 48a26c2..b815af2 100644
+index 48a26c2..29c99ed 100644
 --- a/policycoreutils/sandbox/sandbox
 +++ b/policycoreutils/sandbox/sandbox
 @@ -1,5 +1,6 @@
@@ -1829,17 +1829,18 @@ index 48a26c2..b815af2 100644
          if self.__options.setype:
                 self.setype = self.__options.setype
  
-@@ -299,6 +336,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
-                self.__options.X_ind = True
+@@ -300,6 +337,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
                 self.__homedir = self.__options.homedir
                 self.__tmpdir = self.__options.tmpdir
-+        elif self.__options.level:
-+               self.__homedir = self.__options.homedir
-+               self.__tmpdir = self.__options.tmpdir
          else:
++               if self.__options.level:
++                      self.__homedir = self.__options.homedir
++                      self.__tmpdir = self.__options.tmpdir
++
                 if len(cmds) == 0:
                        self.usage(_("Command required"))
-@@ -329,44 +369,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+                cmds[0] = fullpath(cmds[0])
+@@ -329,44 +370,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
      def __setup_dir(self):
             if self.__options.level or self.__options.session:
                    return
@@ -1903,7 +1904,7 @@ index 48a26c2..b815af2 100644
  
                    selinux.setexeccon(self.__execcon)
                    rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +443,7 @@ if __name__ == '__main__':
+@@ -404,7 +444,7 @@ if __name__ == '__main__':
             sandbox = Sandbox()
             rc = sandbox.main()
      except OSError, error:
@@ -2121,10 +2122,10 @@ index 0000000..e7b8991
 +and
 +.I Thomas Liu <tliu@fedoraproject.org>
 diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..7df3167 100644
+index ec692e7..629a2d3 100644
 --- a/policycoreutils/sandbox/seunshare.c
 +++ b/policycoreutils/sandbox/seunshare.c
-@@ -1,28 +1,34 @@
+@@ -1,28 +1,35 @@
 +/*
 + * Authors: Dan Walsh <dwalsh@redhat.com>
 + * Authors: Thomas Liu <tliu@fedoraproject.org>
@@ -2137,6 +2138,7 @@ index ec692e7..7df3167 100644
  #include <sys/wait.h>
  #include <syslog.h>
  #include <sys/mount.h>
++#include <glob.h>
  #include <pwd.h>
 -#define _GNU_SOURCE
  #include <sched.h>
@@ -2164,7 +2166,7 @@ index ec692e7..7df3167 100644
  #ifdef USE_NLS
  #include <locale.h>		/* for setlocale() */
  #include <libintl.h>		/* for gettext() */
-@@ -39,29 +45,47 @@
+@@ -39,29 +46,47 @@
  #define MS_PRIVATE 1<<18
  #endif
  
@@ -2225,7 +2227,7 @@ index ec692e7..7df3167 100644
   */
  static int set_signal_handles(void)
  {
-@@ -75,8 +99,8 @@ static int set_signal_handles(void)
+@@ -75,8 +100,8 @@ static int set_signal_handles(void)
  
  	(void)sigprocmask(SIG_SETMASK, &empty, NULL);
  
@@ -2236,7 +2238,7 @@ index ec692e7..7df3167 100644
  		perror("Unable to set SIGHUP handler");
  		return -1;
  	}
-@@ -84,23 +108,103 @@ static int set_signal_handles(void)
+@@ -84,23 +109,103 @@ static int set_signal_handles(void)
  	return 0;
  }
  
@@ -2350,7 +2352,7 @@ index ec692e7..7df3167 100644
  	return 0;
  }
  
-@@ -123,7 +227,7 @@ static int verify_shell(const char *shell_name)
+@@ -123,7 +228,7 @@ static int verify_shell(const char *shell_name)
  
  		/* check the shell skipping newline char */
  		if (!strcmp(shell_name, buf)) {
@@ -2359,7 +2361,7 @@ index ec692e7..7df3167 100644
  			break;
  		}
  	}
-@@ -131,45 +235,439 @@ static int verify_shell(const char *shell_name)
+@@ -131,45 +236,509 @@ static int verify_shell(const char *shell_name)
  	return rc;
  }
  
@@ -2401,7 +2403,6 @@ index ec692e7..7df3167 100644
  	}
  
 -	if (verify_mount(dst, pwd) < 0) 
--		return -1;
 +	/* verify whether we mounted what we expected to mount */
 +	if (verify_directory(dst, src_st, NULL) < 0) return -1;
 +
@@ -2426,9 +2427,8 @@ index ec692e7..7df3167 100644
 +
 +	return 0;
 +
- }
- 
--#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++}
++
 +/**
 + * Error logging used by cgroups code.
 + */
@@ -2630,6 +2630,80 @@ index ec692e7..7df3167 100644
 +	return rc;
 +}
 +
++/*
++  This function returns 0 on success and -1 on failure.
++  The cmdbuf will contain the rsync command string to copy all files from 
++  src dir to tmp. cmdbuf can be NULL if no files need to be compied;
++*/
++static int rsynccmd(const char * src, const char *dst, char **cmdbuf) 
++{
++	char *buf = NULL;
++	char *newbuf = NULL;
++	glob_t fglob;
++	fglob.gl_offs = 0;
++	int flags = GLOB_DOOFFS | GLOB_TILDE;
++	unsigned int i = 0;
++	int rc = -1;
++
++	/* match glob for all files in src dir */
++	if (asprintf(&buf, "%s/*", src) == -1) {
++		fprintf(stderr, "Out of memory\n");
+ 		return -1;
++	}
++
++	if (glob(buf, flags, NULL, &fglob) < 0) {
++		free(buf); buf = NULL;
++		return -1;
++	}
++
++	free(buf); buf = NULL;
++
++	/* append match glob for all hidden files in src dir exclude . and .. */
++	if (asprintf(&buf, "%s/.[^.]*", src) == -1) {
++		fprintf(stderr, "Out of memory\n");
++		goto err;
++	}
++
++	if (glob(buf, flags | GLOB_APPEND ,NULL, &fglob) < 0) {
++		goto err;
++	}
++
++	free(buf); buf = NULL;
++
++	for ( i=0; i < fglob.gl_pathc; i++) {
++		if (!buf) {
++			if (asprintf(&newbuf, "%s", fglob.gl_pathv[i]) == -1) {
++				fprintf(stderr, "Out of memory\n");
++				goto err;
++			}
++		} else {
++			if (asprintf(&newbuf, "%s %s", buf, fglob.gl_pathv[i]) == -1) {
++				fprintf(stderr, "Out of memory\n");
++				goto err;
++			}
++		}
++		free(buf); buf = newbuf;
++		newbuf = NULL;
++	}
++
++	if (buf) { 
++		if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s/'", buf, dst) == -1) {
++			fprintf(stderr, "Out of memory\n");
++			goto err;
++		}
++		*cmdbuf=newbuf;
++	}
++	else {
++		*cmdbuf=NULL;
++	}
++	rc = 0;
++
++err:
++	free(buf); buf = NULL;
++	globfree(&fglob);
++	return rc;
++}
++
 +/**
 + * Clean up runtime temporary directory.  Returns 0 if no problem was detected,
 + * >0 if some error was detected, but errors here are treated as non-fatal and
@@ -2672,8 +2746,9 @@ index ec692e7..7df3167 100644
 +	setfsuid(pwd->pw_uid);
 +
 +	return 0;
-+}
-+
+ }
+ 
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
 +/**
 + * seunshare will create a tmpdir in /tmp, with root ownership.  The parent
 + * process waits for it child to exit to attempt to remove the directory.  If
@@ -2760,15 +2835,11 @@ index ec692e7..7df3167 100644
 +		}
 +	}
 +
-+	/* copy files to the new temporary directory */
-+	/* XXX: when using -aHAXq args here, rsync tries to chmod/chown/...
-+	 * /tmp/.sandbox-$USER-XXXXXX, --ignore-existing does not help */
-+	if (asprintf(&cmdbuf, "/usr/bin/rsync -trlHDq '%s/' '%s/'", src, tmpdir) == -1) {
-+		fprintf(stderr, _("Out of memory\n"));
-+		cmdbuf = NULL;
++	if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
 +		goto err;
 +	}
-+	if (spawn_command(cmdbuf, pwd->pw_uid) != 0) {
++
++	if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
 +		fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
 +		cleanup_tmpdir(tmpdir, src, pwd, 0);
 +		goto err;
@@ -2814,7 +2885,7 @@ index ec692e7..7df3167 100644
  		{NULL, 0, 0, 0}
  	};
  
-@@ -180,6 +678,12 @@ int main(int argc, char **argv) {
+@@ -180,6 +749,12 @@ int main(int argc, char **argv) {
  		return -1;
  	}
  
@@ -2827,7 +2898,7 @@ index ec692e7..7df3167 100644
  	struct passwd *pwd=getpwuid(uid);
  	if (!pwd) {
  		perror(_("getpwduid failed"));
-@@ -187,34 +691,30 @@ int main(int argc, char **argv) {
+@@ -187,34 +762,30 @@ int main(int argc, char **argv) {
  	}
  
  	if (verify_shell(pwd->pw_shell) < 0) {
@@ -2873,7 +2944,7 @@ index ec692e7..7df3167 100644
  			break;
  		default:
  			fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,76 +723,84 @@ int main(int argc, char **argv) {
+@@ -223,76 +794,84 @@ int main(int argc, char **argv) {
  	}
  
  	if (! homedir_s && ! tmpdir_s) {
@@ -3007,7 +3078,7 @@ index ec692e7..7df3167 100644
  		if (display) 
  			rc |= setenv("DISPLAY", display, 1);
  		rc |= setenv("HOME", pwd->pw_dir, 1);
-@@ -300,22 +808,41 @@ int main(int argc, char **argv) {
+@@ -300,22 +879,41 @@ int main(int argc, char **argv) {
  		rc |= setenv("USER", pwd->pw_name, 1);
  		rc |= setenv("LOGNAME", pwd->pw_name, 1);
  		rc |= setenv("PATH", DEFAULT_PATH, 1);
diff --git a/policycoreutils.spec b/policycoreutils.spec
index fea9a0e..4454323 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -318,6 +318,10 @@ fi
 exit 0
 
 %changelog
+* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
+- Fix rsync command to work if the directory is old.
+- Fix all tests
+
 * Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-23
 - Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node