diff -urN selinux.orig/devfsd/Makefile selinux/devfsd/Makefile
--- selinux.orig/devfsd/Makefile	2002-04-19 15:32:37.000000000 -0500
+++ selinux/devfsd/Makefile	2003-06-06 21:21:20.000000000 -0500
@@ -3,7 +3,7 @@
 LDFLAGS= -L/usr/local/selinux/lib
 
 devfsd-se.so: devfsd-se.c
-	gcc -O2 -fPIC $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -lsecure
+	$(CC) -O2 -fPIC $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -lsecure
 
 clean:
 	rm -f $(LIB)
diff -urN selinux.orig/devfsd/devfsd-conflet selinux/devfsd/devfsd-conflet
--- selinux.orig/devfsd/devfsd-conflet	2002-07-17 17:00:40.000000000 -0500
+++ selinux/devfsd/devfsd-conflet	2003-06-06 21:21:20.000000000 -0500
@@ -4,6 +4,7 @@
 REGISTER /disc$		CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t
 REGISTER /part[0-9]+$	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t
 REGISTER ^[mr]d/[0-9]+$	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t
+REGISTER ^nb[^/]+$	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:fixed_disk_device_t
 REGISTER [0-9]/cd$	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:removable_device_t
 REGISTER ^floppy/	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:removable_device_t
 REGISTER ^misc/rtc	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:clock_device_t
@@ -19,5 +20,5 @@
 REGISTER ^misc/apm_bios	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:apm_bios_t
 REGISTER ^ppp$		CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:ppp_device_t
 REGISTER ^fb/.*$	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:framebuf_device_t
-
-
+REGISTER ^sound/.*	CFUNCTION devfsd-se.so set_sid $devname system_u:object_r:sound_device_t
+REGISTER ^pts/.*	IGNORE
diff -urN selinux.orig/devfsd/devfsd-se.c selinux/devfsd/devfsd-se.c
--- selinux.orig/devfsd/devfsd-se.c	2002-04-19 15:32:37.000000000 -0500
+++ selinux/devfsd/devfsd-se.c	2003-06-06 21:21:20.000000000 -0500
@@ -19,7 +19,7 @@
 {
   security_id_t sid;
   struct stat buf;
-  const char * const initial_context = "system_u:object_r:devfs_t";
+  const char * const initial_context = "system_u:object_r:device_t";
   const char * const no_context = "system_u:object_r:unlabeled_t";
 
   if(is_flask_enabled())
diff -urN selinux.orig/libsecure/Makefile selinux/libsecure/Makefile
--- selinux.orig/libsecure/Makefile	2002-10-28 14:16:20.000000000 -0600
+++ selinux/libsecure/Makefile	2003-06-06 21:33:31.000000000 -0500
@@ -1,6 +1,6 @@
 all: 
-	$(MAKE) -C src 
-	$(MAKE) -C test 
+	$(MAKE) -C src SE_INC=$(SE_INC) EXTRA_CFLAGS="$(EXTRA_CFLAGS)"
+	$(MAKE) -C test SE_INC=$(SE_INC) EXTRA_CFLAGS="$(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)"
 
 install: 
 	$(MAKE) -C include install
diff -urN selinux.orig/libsecure/src/Makefile selinux/libsecure/src/Makefile
--- selinux.orig/libsecure/src/Makefile	2002-03-13 13:39:19.000000000 -0600
+++ selinux/libsecure/src/Makefile	2003-06-06 21:21:20.000000000 -0500
@@ -1,7 +1,7 @@
 TARGET=libsecure.a
 LIBDIR=/usr/local/selinux/lib
 OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
-CFLAGS = -I../include -I/usr/local/selinux/include
+CFLAGS = -I../include -I$(SE_INC) $(EXTRA_CFLAGS)
 
 ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)
 OBJS+= $(patsubst %.c,%.o,$(wildcard arch/$(ARCH)/*.c))
diff -urN selinux.orig/libsecure/test/Makefile selinux/libsecure/test/Makefile
--- selinux.orig/libsecure/test/Makefile	2002-09-23 11:10:02.000000000 -0500
+++ selinux/libsecure/test/Makefile	2003-06-06 21:33:12.000000000 -0500
@@ -1,15 +1,15 @@
 TARGETS=$(patsubst %.c,%,$(wildcard *.c))
 BINDIR=/usr/local/selinux/bin
 LDFLAGS=-L../src 
 LDLIBS=-lsecure
-CFLAGS=-I../include -I/usr/local/selinux/include
+CFLAGS=-I../include -I$(SE_INC) $(EXTRA_CFLAGS)
 
 ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)
 TARGETS+= $(patsubst %.c,%,$(wildcard arch/$(ARCH)/*.c))
 
 # Only install the programs that are useful to users
 # and that are not redundant with the modified utilities.
-UTILS=avc_enforcing avc_toggle load_policy context_to_sid sid_to_context list_sids chsid lchsid chsidfs
+UTILS=avc_enforcing avc_toggle load_policy context_to_sid sid_to_context list_sids chsid lchsid chsidfs get_user_sids
 # Add 'exec_s' if you do not have 'runas'.
 # Add 'getsecsid' if you do not have the modified 'id'.
 # Add 'lstat_s' and 'stat_s' if you do not have the modified 'stat'.
diff -urN selinux.orig/libsecure/test/arch/i386/stat64_s.c selinux/libsecure/test/arch/i386/stat64_s.c
--- selinux.orig/libsecure/test/arch/i386/stat64_s.c	2002-03-13 13:39:21.000000000 -0600
+++ selinux/libsecure/test/arch/i386/stat64_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -49,6 +49,7 @@
 		}
 
 		printf("Context:  %s\n", context);
+		free(context);
 	}
 
 	exit(0);
diff -urN selinux.orig/libsecure/test/getsecsid.c selinux/libsecure/test/getsecsid.c
--- selinux.orig/libsecure/test/getsecsid.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/getsecsid.c	2003-06-06 21:21:20.000000000 -0500
@@ -51,6 +51,6 @@
 	}
 
 	printf("Context:  %s\n", scontext);
-
+	free(scontext);
 	exit(0);
 }
diff -urN selinux.orig/libsecure/test/lstat_s.c selinux/libsecure/test/lstat_s.c
--- selinux.orig/libsecure/test/lstat_s.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/lstat_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -48,6 +48,7 @@
 		}
 
 		printf("Context:  %s\n", context);
+		free(context);
 	}
 
 	exit(0);
diff -urN selinux.orig/libsecure/test/msgget_s.c selinux/libsecure/test/msgget_s.c
--- selinux.orig/libsecure/test/msgget_s.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/msgget_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -31,11 +31,11 @@
   key_t ipc_key;
   int ret;
   security_id_t sid = SECSID_NULL;
-  char c;
+  int c_int;
   int id;
 
-  while ( (c = getopt(argc, argv, "k:c:s:")) != EOF) {
-    switch (c) {
+  while ( (c_int = getopt(argc, argv, "k:c:s:")) != EOF) {
+    switch ((char)c_int) {
     case 'k':
       ipc_key = atoi(optarg);
       valid_ipc_key = 1;
diff -urN selinux.orig/libsecure/test/msgsnd_s.c selinux/libsecure/test/msgsnd_s.c
--- selinux.orig/libsecure/test/msgsnd_s.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/msgsnd_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -42,10 +42,10 @@
   int valid_msg_sid = 0;
   char *word, *first_words;
   int ret;
-  char c;
+  int c_int;
 
-  while ( (c = getopt(argc, argv, "c:i:s:t:")) != EOF) {
-    switch (c) {
+  while ( (c_int = getopt(argc, argv, "c:i:s:t:")) != EOF) {
+    switch ((char)c_int) {
     case 's':
       if (valid_msg_sid) {
 	fprintf (stderr, "Only a sid or a context may be given, not both\n");
diff -urN selinux.orig/libsecure/test/semget_s.c selinux/libsecure/test/semget_s.c
--- selinux.orig/libsecure/test/semget_s.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/semget_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -32,11 +32,11 @@
   key_t ipc_key;
   int ret;
   security_id_t sid;
-  char c;
+  int c_int;
   int id;
 
-  while ( (c = getopt(argc, argv, "k:c:s:n:")) != EOF) {
-    switch (c) {
+  while ( (c_int = getopt(argc, argv, "k:c:s:n:")) != EOF) {
+    switch ((char)c_int) {
     case 'k':
       ipc_key = atoi(optarg);
       valid_ipc_key = 1;
diff -urN selinux.orig/libsecure/test/shmget_s.c selinux/libsecure/test/shmget_s.c
--- selinux.orig/libsecure/test/shmget_s.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/shmget_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -32,11 +32,11 @@
   key_t ipc_key;
   int err, ret;
   security_id_t sid = SECSID_NULL;
-  char c;
+  int c_int;
   int id;
 
-  while ( (c = getopt(argc, argv, "k:c:s:b:")) != EOF) {
-    switch (c) {
+  while ( (c_int = getopt(argc, argv, "k:c:s:b:")) != EOF) {
+    switch ((char)c_int) {
     case 'k':
       ipc_key = atoi(optarg);
       valid_ipc_key = 1;
diff -urN selinux.orig/libsecure/test/sid_to_context.c selinux/libsecure/test/sid_to_context.c
--- selinux.orig/libsecure/test/sid_to_context.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/sid_to_context.c	2003-06-06 21:21:20.000000000 -0500
@@ -43,5 +43,6 @@
 	}
 
 	printf("%s\n", buf);
+	free(buf);
 	exit(0);
 }
diff -urN selinux.orig/libsecure/test/stat_s.c selinux/libsecure/test/stat_s.c
--- selinux.orig/libsecure/test/stat_s.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/stat_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -48,6 +48,7 @@
 		}
 
 		printf("Context:  %s\n", context);
+		free(context);
 	}
 
 	exit(0);
diff -urN selinux.orig/libsecure/test/statfs_s.c selinux/libsecure/test/statfs_s.c
--- selinux.orig/libsecure/test/statfs_s.c	2001-07-18 15:38:06.000000000 -0500
+++ selinux/libsecure/test/statfs_s.c	2003-06-06 21:21:20.000000000 -0500
@@ -48,6 +48,7 @@
 		}
 
 		printf("Context:  %s\n", context);
+		free(context);
 	}
 
 	exit(0);
diff -urN selinux.orig/module/checkpolicy/Makefile selinux/module/checkpolicy/Makefile
--- selinux.orig/module/checkpolicy/Makefile	2002-09-23 11:10:02.000000000 -0500
+++ selinux/module/checkpolicy/Makefile	2003-06-06 21:21:20.000000000 -0500
@@ -17,7 +17,9 @@
 OPTIONS = 
 endif
 
-CFLAGS = -g $(OPTIONS) -I$(LSMDIR)/include -Wall -O2 -pipe -include $(MODDIR)/ss/global.h -I$(MODDIR)/include -I$(MODDIR)/ss 
+YACC = bison -y
+
+CFLAGS = $(OPTIONS) -I$(LSMDIR)/include -Wall -O2 -pipe -include $(MODDIR)/ss/global.h -I$(MODDIR)/include -I$(MODDIR)/ss 
 
 OBJS = ebitmap.o queue.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o y.tab.o lex.yy.o checkpolicy.o 
 
@@ -28,7 +30,7 @@
 LIBS=-lfl
 
 checkpolicy: $(OBJS)
-	$(CC) -o $@ $^ $(LIBS)
+	$(CC) -o $@ $^ $(LIBS) $(LDFLAGS)
 
 %.o: $(MODDIR)/ss/%.c 
 	$(CC) $(CFLAGS) -o $@ -c $<
diff -urN selinux.orig/setfiles/setfiles.c selinux/setfiles/setfiles.c
--- selinux.orig/setfiles/setfiles.c	2003-04-04 07:29:44.000000000 -0600
+++ selinux/setfiles/setfiles.c	2003-06-06 21:21:20.000000000 -0500
@@ -89,6 +89,10 @@
 static int use_inum = 0;
 
 static int quiet = 0;
+
+static char *rootpath = NULL;
+static int rootpathlen = 0;
+
 #define QPRINTF(args...) do { if (!quiet) printf(args); } while (0)
 
 /*
@@ -283,15 +287,27 @@
 int match(const char *name, struct stat *sb, security_id_t *out_sid) 
 {
 	int i, ret;
+	const char *fullname = name;
+
+	/* fullname will be the real file that gets labeled
+	 * name will be what is matched in the policy */
+	if (NULL != rootpath) {
+		if (0 != strncmp(rootpath, name, rootpathlen)) {
+			fprintf(stderr, "%s:  %s is not located in %s\n", 
+				progname, name, rootpath);
+			return -1;
+		}
+		name += rootpathlen;
+	}
 
 	if (flask_enabled) {
-		ret = lstat_secure(name, sb, out_sid);
+		ret = lstat_secure(fullname, sb, out_sid);
 	} else {
-		ret = lstat(name, sb);
+		ret = lstat(fullname, sb);
 	} 
 	if (ret) {
 		fprintf(stderr, "%s:  unable to stat file %s\n", progname,
-			name);
+			fullname);
 		return -1;
 	}
 
@@ -564,6 +580,23 @@
 	return 0;
 }
 
+void set_rootpath(const char *arg)
+{
+	int len;
+
+	rootpath = strdup(arg);
+	if (NULL == rootpath) {
+		fprintf(stderr, "%s:  insufficient memory for rootpath\n", 
+			progname);
+		exit(1);
+	}
+
+	/* trim trailing /, if present */
+	len = strlen(rootpath);
+	while ('/' == rootpath[len - 1])
+		rootpath[--len] = 0;
+	rootpathlen = len;
+}
 
 int main(int argc, char **argv)
 {
@@ -577,7 +610,7 @@
 	struct stat sb;
 
 	/* Process any options. */
-	while ((opt = getopt(argc, argv, "dinqsvRW")) > 0) {
+	while ((opt = getopt(argc, argv, "dinqsvrRW")) > 0) {
 		switch (opt) {
 		case 'd':
 			debug = 1;
@@ -604,6 +637,20 @@
 		case 'i':
 			use_inum = 1;
 			break;
+		case 'r':
+			if (optind + 1 >= argc) {
+				fprintf(stderr, "usage:  %s -r rootpath\n", 
+					argv[0]);
+				exit(1);
+			}
+			if (NULL != rootpath) {
+				fprintf(stderr, 
+					"%s: only one -r can be specified\n", 
+					argv[0]);
+				exit(1);
+			}
+			set_rootpath(argv[optind++]);
+			break;
 		}
 	}
 
@@ -675,7 +722,7 @@
 	} else {
 		if (optind > (argc - 2)) {
 			fprintf(stderr,
-				"usage:  %s [-dnqvRW] spec_file pathname...\n",
+				"usage:  %s [-dnqvrRW] spec_file pathname...\n",
 				argv[0]);
 			exit(1);
 		}
@@ -919,7 +966,11 @@
 	}
 	else for (; optind < argc; optind++)
 	{
-
+		if (NULL != rootpath) {
+			QPRINTF("%s:  labeling files, pretending %s is /\n",
+				argv[0], rootpath);
+		}
+		
 		if (flask_enabled) {
 			QPRINTF("%s:  labeling files under %s\n", argv[0],
 			       argv[optind]);
diff -urN selinux.orig/utils/newrole/Makefile selinux/utils/newrole/Makefile
--- selinux.orig/utils/newrole/Makefile	2001-12-06 11:11:18.000000000 -0600
+++ selinux/utils/newrole/Makefile	2003-06-06 21:21:20.000000000 -0500
@@ -29,9 +29,6 @@
 CFLAGS += -O3
 # End Release flags
 
-LDFLAGS += -L/usr/local/selinux/lib
-LIBS += /usr/local/selinux/lib/libsecure.a
-
 PROGS = newrole
 DESTDIR = /usr/local/selinux/bin
 MANDIR = /usr/local/selinux/man
diff -urN selinux.orig/utils/run_init/Makefile selinux/utils/run_init/Makefile
--- selinux.orig/utils/run_init/Makefile	2003-03-18 08:45:49.000000000 -0600
+++ selinux/utils/run_init/Makefile	2003-06-06 21:21:20.000000000 -0500
@@ -29,9 +29,6 @@
 CFLAGS += -O3
 # End Release flags
 
-LDFLAGS += -L/usr/local/selinux/lib
-LIBS += /usr/local/selinux/lib/libsecure.a
-
 PROGS = run_init
 DESTDIR = /usr/local/selinux/sbin
 MANDIR = /usr/local/selinux/man
diff -urN selinux.orig/utils/run_init/run_init.c selinux/utils/run_init/run_init.c
--- selinux.orig/utils/run_init/run_init.c	2002-11-26 11:32:36.000000000 -0600
+++ selinux/utils/run_init/run_init.c	2003-06-06 21:21:20.000000000 -0500
@@ -386,7 +386,7 @@
 	  exit(-1);
   }
 
-  if ( execvp_secure(argv[1], sid, argv + 1) ) {
+  if ( execvp_secure("/usr/sbin/open_init_pty", sid, argv) ) {
     perror("execvp_secure");
     exit(-1);
   }