-diff -Nur a/include/selinux/label.h b/include/selinux/label.h
---- a/include/selinux/label.h 2011-11-04 13:57:24.000000000 +0100
-+++ b/include/selinux/label.h 2011-11-27 18:45:27.080551748 +0100
-@@ -46,8 +46,10 @@
+diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
+index 1a54307..f6eeb21 100644
+--- a/libselinux/include/selinux/label.h
++++ b/libselinux/include/selinux/label.h
+@@ -46,8 +46,10 @@ struct selabel_handle;
#define SELABEL_OPT_PATH 3
/* select a subset of the search space as an optimization (file backend) */
#define SELABEL_OPT_SUBSET 4
/*
* Label operations
-diff -Nur a/include/selinux/selinux.h b/include/selinux/selinux.h
---- a/include/selinux/selinux.h 2011-11-04 13:57:24.000000000 +0100
-+++ b/include/selinux/selinux.h 2011-11-27 18:45:27.081551748 +0100
-@@ -139,7 +139,10 @@
+diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
+index 2985f6f..826ed71 100644
+--- a/libselinux/include/selinux/selinux.h
++++ b/libselinux/include/selinux/selinux.h
+@@ -139,7 +139,10 @@ struct av_decision {
/* Structure for passing options, used by AVC and label subsystems */
struct selinux_opt {
int type;
};
/* Callback facilities */
-@@ -410,6 +413,11 @@
+@@ -410,6 +413,11 @@ extern int matchpathcon_init(const char *path);
regexes that have stems that are prefixes of 'prefix'. */
extern int matchpathcon_init_prefix(const char *path, const char *prefix);
/* Free the memory allocated by matchpathcon_init. */
extern void matchpathcon_fini(void);
-diff -Nur a/man/man3/matchpathcon.3 b/man/man3/matchpathcon.3
---- a/man/man3/matchpathcon.3 2011-11-04 13:57:24.000000000 +0100
-+++ b/man/man3/matchpathcon.3 2011-11-27 18:45:27.082551748 +0100
-@@ -8,7 +8,9 @@
+diff --git a/libselinux/man/man3/matchpathcon.3 b/libselinux/man/man3/matchpathcon.3
+index cdbb252..b6814ed 100644
+--- a/libselinux/man/man3/matchpathcon.3
++++ b/libselinux/man/man3/matchpathcon.3
+@@ -8,7 +8,9 @@ matchpathcon, matchpathcon_index \- get the default SELinux security context for
.BI "int matchpathcon_init(const char *" path ");"
.BI "int matchpathcon_fini(void);"
.sp
-@@ -50,6 +52,14 @@
+@@ -50,6 +52,14 @@ by
.I prefix.
.sp
.B matchpathcon_fini
frees the memory allocated by a prior call to
.B matchpathcon_init.
-diff -Nur a/man/man3/selabel_open.3 b/man/man3/selabel_open.3
---- a/man/man3/selabel_open.3 2011-11-04 13:57:24.000000000 +0100
-+++ b/man/man3/selabel_open.3 2011-11-27 18:45:27.082551748 +0100
-@@ -66,6 +66,13 @@
+diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3
+index 8674e37..89bb4d3 100644
+--- a/libselinux/man/man3/selabel_open.3
++++ b/libselinux/man/man3/selabel_open.3
+@@ -66,6 +66,13 @@ A non-null value for this option enables context validation. By default,
is used; a custom validation function can be provided via
.BR selinux_set_callback (3).
Note that an invalid context may not be treated as an error unless it is actually encountered during a lookup operation.
.SH "BACKENDS"
-@@ -99,4 +106,3 @@
+@@ -99,4 +106,3 @@ Eamon Walsh <ewalsh@tycho.nsa.gov>
.BR selabel_stats (3),
.BR selinux_set_callback (3),
.BR selinux (8)
-
-diff -Nur a/src/callbacks.c b/src/callbacks.c
---- a/src/callbacks.c 2011-11-04 13:57:23.000000000 +0100
-+++ b/src/callbacks.c 2011-11-27 18:45:27.083551748 +0100
-@@ -16,6 +16,7 @@
+diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c
+index b245364..7c47222 100644
+--- a/libselinux/src/callbacks.c
++++ b/libselinux/src/callbacks.c
+@@ -16,6 +16,7 @@ default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
{
int rc;
va_list ap;
va_start(ap, fmt);
rc = vfprintf(stderr, fmt, ap);
va_end(ap);
-diff -Nur a/src/label_file.c b/src/label_file.c
---- a/src/label_file.c 2011-11-04 13:57:23.000000000 +0100
-+++ b/src/label_file.c 2011-11-27 18:45:27.084551748 +0100
+diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
+index ac11b37..42889cf 100644
+--- a/libselinux/src/label_file.c
++++ b/libselinux/src/label_file.c
@@ -27,6 +27,7 @@
* Internals, mostly moved over from matchpathcon.c
*/
/* A file security context specification. */
typedef struct spec {
struct selabel_lookup_rec lr; /* holds contexts for lookup result */
-@@ -276,7 +277,7 @@
+@@ -276,7 +277,7 @@ static int compile_regex(struct saved_data *data, spec_t *spec, char **errbuf)
static int process_line(struct selabel_handle *rec,
char *line_buf, int pass, unsigned lineno)
{
int items, len;
-@@ -310,12 +311,24 @@
+@@ -310,12 +311,24 @@ static int process_line(struct selabel_handle *rec,
}
len = get_stem_from_spec(regex);
}
if (pass == 1) {
-@@ -397,7 +410,8 @@
+@@ -397,7 +410,8 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
{
struct saved_data *data = (struct saved_data *)rec->data;
const char *path = NULL;
FILE *fp;
FILE *localfp = NULL;
FILE *homedirfp = NULL;
-@@ -418,7 +432,10 @@
+@@ -418,7 +432,10 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
path = opts[n].value;
break;
case SELABEL_OPT_SUBSET:
break;
case SELABEL_OPT_BASEONLY:
baseonly = !!opts[n].value;
-@@ -480,7 +497,7 @@
+@@ -480,7 +497,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
while (getline(&line_buf, &line_len, fp) > 0) {
if (data->nspec >= maxnspec)
break;
if (status)
goto finish;
}
-@@ -496,7 +513,7 @@
+@@ -496,7 +513,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
while (getline(&line_buf, &line_len, homedirfp) > 0) {
if (data->nspec >= maxnspec)
break;
if (status)
goto finish;
}
-@@ -506,7 +523,7 @@
+@@ -506,7 +523,7 @@ static int init(struct selabel_handle *rec, struct selinux_opt *opts,
while (getline(&line_buf, &line_len, localfp) > 0) {
if (data->nspec >= maxnspec)
break;
if (status)
goto finish;
}
-diff -Nur a/src/matchpathcon.c b/src/matchpathcon.c
---- a/src/matchpathcon.c 2011-11-04 13:57:23.000000000 +0100
-+++ b/src/matchpathcon.c 2011-11-27 18:45:27.085551748 +0100
+diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
+index c396add..489ef3a 100644
+--- a/libselinux/src/matchpathcon.c
++++ b/libselinux/src/matchpathcon.c
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
#include "selinux_internal.h"
#include "label_internal.h"
#include "callbacks.h"
-@@ -62,7 +63,7 @@
+@@ -62,7 +63,7 @@ static void
{
va_list ap;
va_start(ap, fmt);
va_end(ap);
}
-@@ -304,7 +305,7 @@
+@@ -304,7 +305,7 @@ static void matchpathcon_init_once(void)
destructor_key_initialized = 1;
}
{
if (!mycanoncon)
mycanoncon = default_canoncon;
-@@ -312,15 +313,22 @@
+@@ -312,15 +313,22 @@ int matchpathcon_init_prefix(const char *path, const char *subset)
__selinux_once(once, matchpathcon_init_once);
__selinux_setspecific(destructor_key, (void *)1);
hidden_def(matchpathcon_init_prefix)
int matchpathcon_init(const char *path)
-diff -Nur a/src/selinux_internal.h b/src/selinux_internal.h
---- a/src/selinux_internal.h 2011-11-04 13:57:23.000000000 +0100
-+++ b/src/selinux_internal.h 2011-11-27 18:45:27.086551748 +0100
-@@ -80,6 +80,7 @@
+diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
+index 710396a..9a3fc14 100644
+--- a/libselinux/src/selinux_internal.h
++++ b/libselinux/src/selinux_internal.h
+@@ -80,6 +80,7 @@ hidden_proto(selinux_mkload_policy)
hidden_proto(selinux_path)
hidden_proto(selinux_check_passwd_access)
hidden_proto(selinux_check_securetty_context)