From d3e4c7a08ca6861e16e0f254d37a1d70f3612e9d3a4fdfc775707036550f45ca Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Tue, 2 Apr 2013 11:49:38 +0000
Subject: [PATCH] Accepting request 161740 from
 home:vitezslav_cizek:branches:security:SELinux

- update to 2.1.10
  * Add sefcontext_compile to compile regex everytime policy is rebuilt
  * Cleanup/fix enable/disable/remove module.
  * redo genhomedircon minuid
  * fixes from coverity
  * semanage_store: do not leak memory in semanage_exec_prog
  * genhomedircon: remove useless conditional in get_home_dirs
  * genhomedircon: double free in get_home_dirs
  * fcontext_record: do not leak on error in semanage_fcontext_key_create
  * genhomedircon: do not leak on failure in write_gen_home_dir_context
  * semanage_store: do not leak fd
  * genhomedircon: do not leak shells list
  * semanage_store: do not leak on strdup failure
  * semanage_store: rewrite for readability

OBS-URL: https://build.opensuse.org/request/show/161740
OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsemanage?expand=0&rev=42
---
 libsemanage-2.1.10.tgz |  3 +++
 libsemanage.changes    | 18 +++++++++++++++
 libsemanage.spec       |  4 ++--
 python-semanage.spec   |  4 ++--
 semanage.conf          | 51 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 76 insertions(+), 4 deletions(-)
 create mode 100644 libsemanage-2.1.10.tgz
 create mode 100644 semanage.conf

diff --git a/libsemanage-2.1.10.tgz b/libsemanage-2.1.10.tgz
new file mode 100644
index 0000000..3601694
--- /dev/null
+++ b/libsemanage-2.1.10.tgz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:87489a293225190df5e0eb7b130bcf042354f2e892b35c16d68131c644b61283
+size 139508
diff --git a/libsemanage.changes b/libsemanage.changes
index e38e113..d3b8a98 100644
--- a/libsemanage.changes
+++ b/libsemanage.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Mar 29 15:21:29 UTC 2013 - vcizek@suse.com
+
+- update to 2.1.10
+  * Add sefcontext_compile to compile regex everytime policy is rebuilt
+  * Cleanup/fix enable/disable/remove module.
+  * redo genhomedircon minuid
+  * fixes from coverity
+  * semanage_store: do not leak memory in semanage_exec_prog
+  * genhomedircon: remove useless conditional in get_home_dirs
+  * genhomedircon: double free in get_home_dirs
+  * fcontext_record: do not leak on error in semanage_fcontext_key_create
+  * genhomedircon: do not leak on failure in write_gen_home_dir_context
+  * semanage_store: do not leak fd
+  * genhomedircon: do not leak shells list
+  * semanage_store: do not leak on strdup failure
+  * semanage_store: rewrite for readability
+
 -------------------------------------------------------------------
 Wed Jan 30 12:00:30 UTC 2013 - vcizek@suse.com
 
diff --git a/libsemanage.spec b/libsemanage.spec
index 2dd056a..eeaca11 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -24,13 +24,13 @@ BuildRequires:  libsepol-devel
 BuildRequires:  libustr-devel
 
 Name:           libsemanage
-Version:        2.1.9
+Version:        2.1.10
 Release:        0
 Summary:        SELinux binary policy manipulation library
 License:        LGPL-2.1+
 Group:          System/Libraries
 Url:            http://userspace.selinuxproject.org/
-Source:         http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz
+Source:         http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tgz
 Source1:        baselibs.conf
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
diff --git a/python-semanage.spec b/python-semanage.spec
index 4352ccc..a74190b 100644
--- a/python-semanage.spec
+++ b/python-semanage.spec
@@ -26,13 +26,13 @@ BuildRequires:  python-devel
 BuildRequires:  swig
 
 Name:           python-semanage
-Version:        2.1.9
+Version:        2.1.10
 Release:        0
 Summary:        Python bindings for libsemanage
 License:        LGPL-2.1
 Group:          Development/Languages/Python
 Url:            http://www.nsa.gov/selinux/
-Source:         http://userspace.selinuxproject.org/releases/20120216/libsemanage-%{version}.tar.gz
+Source:         http://userspace.selinuxproject.org/releases/20120216/libsemanage-%{version}.tgz
 Source1:        baselibs.conf
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Requires:       libsemanage1 = %{version}
diff --git a/semanage.conf b/semanage.conf
new file mode 100644
index 0000000..5bae089
--- /dev/null
+++ b/semanage.conf
@@ -0,0 +1,51 @@
+# Authors: Jason Tang <jtang@tresys.com>
+#
+# Copyright (C) 2004-2005 Tresys Technology, LLC
+#
+#  This library is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU Lesser General Public
+#  License as published by the Free Software Foundation; either
+#  version 2.1 of the License, or (at your option) any later version.
+#
+#  This library is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  Lesser General Public License for more details.
+#
+#  You should have received a copy of the GNU Lesser General Public
+#  License along with this library; if not, write to the Free Software
+#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+# Specify how libsemanage will interact with a SELinux policy manager.
+# The four options are:
+#
+#  "source"     - libsemanage manipulates a source SELinux policy
+#  "direct"     - libsemanage will write directly to a module store.
+#  /foo/bar     - Write by way of a policy management server, whose
+#                 named socket is at /foo/bar.  The path must begin
+#                 with a '/'.
+#  foo.com:4242 - Establish a TCP connection to a remote policy
+#                 management server at foo.com.  If there is a colon
+#                 then the remainder is interpreted as a port number;
+#                 otherwise default to port 4242.
+module-store = direct
+
+# When generating the final linked and expanded policy, by default
+# semanage will set the policy version to POLICYDB_VERSION_MAX, as
+# given in <sepol/policydb.h>.  Change this setting if a different
+# version is necessary.
+#policy-version = 19
+
+# expand-check check neverallow rules when executing all semanage commands.
+# Large penalty in time if you turn this on.  
+expand-check=0
+
+# usepasswd check tells semanage to scan all pass word records for home directories
+# and setup the labeling correctly.  If this is turned off, SELinux will label /home 
+# correctly only.  You will need to use semanage fcontext command.  
+# For example, if you had home dirs in /althome directory you would have to execute
+# semanage fcontext -a -e /home /althome
+usepasswd=False
+bzip-small=true
+bzip-blocksize=5
+ignoredirs=/root