SELinux userspace 3.6-rc1 release

2023-11-14 20:02:27 +01:00 · 2023-11-14 20:02:27 +01:00 · 95eddbc54e
commit 95eddbc54e
parent f6db99ad44
5 changed files with 56 additions and 170 deletions
--- a/.gitignore
+++ b/.gitignore
@ -229,3 +229,4 @@ libselinux-2.0.96.tgz
 /libselinux-3.5-rc2.tar.gz
 /libselinux-3.5-rc3.tar.gz
 /libselinux-3.5.tar.gz
+/libselinux-3.6-rc1.tar.gz
--- a/0001-Use-SHA-2-instead-of-SHA-1.patch
+++ b/0001-Use-SHA-2-instead-of-SHA-1.patch
@ -1,7 +1,8 @@
-From 3a9bb0000dd9386b80ec54ecb64a99dd07b2f93a Mon Sep 17 00:00:00 2001
+From 94859162dbf9d2ccd4ffb923720c654a4cb9150a Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
+Content-type: text/plain

 The use of SHA-1 in RHEL9 is deprecated
 ---
@ -29,7 +30,7 @@ The use of SHA-1 in RHEL9 is deprecated
 create mode 100644 libselinux/src/sha256.h

 diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
-index e8983606..a35d84d6 100644
+index ce189a3ae2fe..ce77d32dfed1 100644
 --- a/libselinux/include/selinux/label.h
 +++ b/libselinux/include/selinux/label.h
@@ -120,13 +120,13 @@ extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
@ -50,7 +51,7 @@ index e8983606..a35d84d6 100644
  * @num_specfiles: number of specfiles in the list.
  *
 diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
-index b10fe684..8df47445 100644
+index b10fe684eff9..8df4744505b3 100644
 --- a/libselinux/include/selinux/restorecon.h
 +++ b/libselinux/include/selinux/restorecon.h
@@ -41,8 +41,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
@ -65,7 +66,7 @@ index b10fe684..8df47445 100644
 #define SELINUX_RESTORECON_IGNORE_DIGEST		0x00001
 /*
 diff --git a/libselinux/man/man3/selabel_digest.3 b/libselinux/man/man3/selabel_digest.3
-index 56a008f0..5f7c4253 100644
+index 56a008f00df0..5f7c42533d0e 100644
 --- a/libselinux/man/man3/selabel_digest.3
 +++ b/libselinux/man/man3/selabel_digest.3
@@ -20,11 +20,11 @@ selabel_digest \- Return digest of specfiles and list of files used
@ -83,7 +84,7 @@ index 56a008f0..5f7c4253 100644
 with the number of entries in
 .IR num_specfiles .
 diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3
-index 0e03e1be..14ab888d 100644
+index 0e03e1be111e..14ab888d2e03 100644
 --- a/libselinux/man/man3/selabel_open.3
 +++ b/libselinux/man/man3/selabel_open.3
@@ -69,7 +69,7 @@ is used; a custom validation function can be provided via
@ -96,7 +97,7 @@ index 0e03e1be..14ab888d 100644
 .BR selabel_digest (3)
 .
 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
-index 218aaf6d..5f6d4b38 100644
+index 218aaf6d2ae5..5f6d4b386429 100644
 --- a/libselinux/man/man3/selinux_restorecon.3
 +++ b/libselinux/man/man3/selinux_restorecon.3
@@ -36,7 +36,7 @@ If this is a directory and the
@ -171,7 +172,7 @@ index 218aaf6d..5f6d4b38 100644
 .B SELINUX_RESTORECON_SET_SPECFILE_CTX
 flag (provided
 diff --git a/libselinux/man/man3/selinux_restorecon_xattr.3 b/libselinux/man/man3/selinux_restorecon_xattr.3
-index c5632681..098c840f 100644
+index c56326814b94..098c840fc59b 100644
 --- a/libselinux/man/man3/selinux_restorecon_xattr.3
 +++ b/libselinux/man/man3/selinux_restorecon_xattr.3
@@ -119,7 +119,7 @@ By default
@ -184,23 +185,23 @@ index c5632681..098c840f 100644
 .BR selabel_open (3)
 must be called specifying the required
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
-index 36d57122..8eafced9 100644
+index 7aadb822afb0..d906c8811017 100644
 --- a/libselinux/src/Makefile
 +++ b/libselinux/src/Makefile
-@@ -125,7 +125,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
+@@ -130,7 +130,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
 	-DBUILD_HOST
 SRCS= callbacks.c freecon.c label.c label_file.c \
 	label_backends_android.c regex.c label_support.c \
 -	matchpathcon.c setrans_client.c sha1.c booleans.c
 +	matchpathcon.c setrans_client.c sha256.c booleans.c
- else
 LABEL_BACKEND_ANDROID=y
 endif
+ 
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index 74ae9b9f..33d395e4 100644
+index 4778f8f8cd4a..b902ff06a502 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
-@@ -1010,7 +1010,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
+@@ -1093,7 +1093,7 @@ static struct spec *lookup_common(struct selabel_handle *rec,
 
 /*
  * Returns true if the digest of all partial matched contexts is the same as
@ -209,7 +210,7 @@ index 74ae9b9f..33d395e4 100644
  * digest will always be returned. The caller must free any returned digests.
  */
 static bool get_digests_all_partial_matches(struct selabel_handle *rec,
-@@ -1019,39 +1019,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
+@@ -1102,39 +1102,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
 					    uint8_t **xattr_digest,
 					    size_t *digest_len)
 {
@ -260,7 +261,7 @@ index 74ae9b9f..33d395e4 100644
 		return true;
 
 	return false;
-@@ -1071,22 +1071,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
+@@ -1154,22 +1154,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
 		return false;
 	}
 
@ -292,7 +293,7 @@ index 74ae9b9f..33d395e4 100644
 	free(matches);
 	return true;
 diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
-index 782c6aa8..304e8d96 100644
+index ea60cd9a058f..77ac8173c7a9 100644
 --- a/libselinux/src/label_internal.h
 +++ b/libselinux/src/label_internal.h
@@ -13,7 +13,7 @@
@ -333,10 +334,10 @@ index 782c6aa8..304e8d96 100644
 };
 
 diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
-index 54fd49a5..4003eb8d 100644
+index f7ab9292562e..1c3c1728f6ba 100644
 --- a/libselinux/src/label_support.c
 +++ b/libselinux/src/label_support.c
-@@ -115,7 +115,7 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
+@@ -114,7 +114,7 @@ int  read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...)
 /* Once all the specfiles are in the hash_buf, generate the hash. */
 void  digest_gen_hash(struct selabel_digest *digest)
 {
@ -345,7 +346,7 @@ index 54fd49a5..4003eb8d 100644
 	size_t remaining_size;
 	const unsigned char *ptr;
 
-@@ -123,19 +123,19 @@ void  digest_gen_hash(struct selabel_digest *digest)
+@@ -122,19 +122,19 @@ void  digest_gen_hash(struct selabel_digest *digest)
 	if (!digest)
 		return;
 
@ -368,9 +369,9 @@ index 54fd49a5..4003eb8d 100644
 +	Sha256Finalise(&context, (SHA256_HASH *)digest->digest);
 	free(digest->hashbuf);
 	digest->hashbuf = NULL;
- 	return;
+ }
 diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
-index 7ef2d45d..0f7d9bc3 100644
+index 38f10f1c7edd..111b89aa8dc9 100644
 --- a/libselinux/src/selinux_restorecon.c
 +++ b/libselinux/src/selinux_restorecon.c
@@ -37,7 +37,7 @@
@ -382,7 +383,7 @@ index 7ef2d45d..0f7d9bc3 100644
 
 #define STAR_COUNT 1024
 
-@@ -305,7 +305,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
+@@ -304,7 +304,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
 static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 			   bool delete_all)
 {
@ -391,7 +392,7 @@ index 7ef2d45d..0f7d9bc3 100644
 	size_t i, digest_len = 0;
 	int rc;
 	enum digest_result digest_result;
-@@ -329,15 +329,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -328,15 +328,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	}
 
 	/* Convert entry to a hex encoded string. */
@ -410,7 +411,7 @@ index 7ef2d45d..0f7d9bc3 100644
 
 	digest_result = match ? MATCH : NOMATCH;
 
-@@ -357,7 +357,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -356,7 +356,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	/* Now add entries to link list. */
 	new_entry = malloc(sizeof(struct dir_xattr));
 	if (!new_entry) {
@ -419,7 +420,7 @@ index 7ef2d45d..0f7d9bc3 100644
 		goto oom;
 	}
 	new_entry->next = NULL;
-@@ -365,15 +365,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -364,15 +364,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 	new_entry->directory = strdup(directory);
 	if (!new_entry->directory) {
 		free(new_entry);
@ -438,7 +439,7 @@ index 7ef2d45d..0f7d9bc3 100644
 		goto oom;
 	}
 
-@@ -387,7 +387,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
+@@ -386,7 +386,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 		dir_xattr_last = new_entry;
 	}
 
@ -447,7 +448,7 @@ index 7ef2d45d..0f7d9bc3 100644
 	return 0;
 
 oom:
-@@ -777,7 +777,7 @@ err:
+@@ -776,7 +776,7 @@ err:
 
 struct dir_hash_node {
 	char *path;
@ -456,7 +457,7 @@ index 7ef2d45d..0f7d9bc3 100644
 	struct dir_hash_node *next;
 };
 /*
-@@ -1283,7 +1283,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
+@@ -1282,7 +1282,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
 			if (setxattr(current->path,
 			    RESTORECON_PARTIAL_MATCH_DIGEST,
 			    current->digest,
@ -467,7 +468,7 @@ index 7ef2d45d..0f7d9bc3 100644
 					    current->path);
 diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c
 deleted file mode 100644
-index 9d51e04a..00000000
+index 9d51e04ac331..000000000000
 --- a/libselinux/src/sha1.c
 +++ /dev/null
@@ -1,220 +0,0 @@
@ -693,7 +694,7 @@ index 9d51e04a..00000000
 -}
 diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h
 deleted file mode 100644
-index f83a6e7e..00000000
+index f83a6e7ed7ba..000000000000
 --- a/libselinux/src/sha1.h
 +++ /dev/null
@@ -1,85 +0,0 @@
@ -784,7 +785,7 @@ index f83a6e7e..00000000
 -#endif //_sha1_h_
 diff --git a/libselinux/src/sha256.c b/libselinux/src/sha256.c
 new file mode 100644
-index 00000000..fe2aeef0
+index 000000000000..fe2aeef07f53
 --- /dev/null
 +++ b/libselinux/src/sha256.c
@@ -0,0 +1,294 @@
@ -1084,7 +1085,7 @@ index 00000000..fe2aeef0
 +}
 diff --git a/libselinux/src/sha256.h b/libselinux/src/sha256.h
 new file mode 100644
-index 00000000..406ed869
+index 000000000000..406ed869cd82
 --- /dev/null
 +++ b/libselinux/src/sha256.h
@@ -0,0 +1,89 @@
@ -1178,7 +1179,7 @@ index 00000000..406ed869
 +        SHA256_HASH*        Digest          // [in]
 +    );
 diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
-index 6a8313a2..a69331f1 100644
+index bf22b472856c..b992d4230eb3 100644
 --- a/libselinux/utils/selabel_digest.c
 +++ b/libselinux/utils/selabel_digest.c
@@ -15,8 +15,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
@ -1192,8 +1193,8 @@ index 6a8313a2..a69331f1 100644
 		"-B  Use base specfiles only (valid for \"-b file\" only).\n\t"
 		"-i  Do not request a digest.\n\t"
 		"-f  Optional file containing the specs (defaults to\n\t"
-@@ -62,12 +62,12 @@ int main(int argc, char **argv)
- 	int backend = 0, rc, opt, validate = 0;
+@@ -63,12 +63,12 @@ int main(int argc, char **argv)
+ 	int rc, opt, validate = 0;
 	char *baseonly = NULL, *file = NULL, *digest = (char *)1;
 	char **specfiles = NULL;
 -	unsigned char *sha1_digest = NULL;
@ -1207,7 +1208,7 @@ index 6a8313a2..a69331f1 100644
 
 	struct selabel_handle *hnd;
 	struct selinux_opt selabel_option[] = {
-@@ -137,7 +137,7 @@ int main(int argc, char **argv)
+@@ -138,7 +138,7 @@ int main(int argc, char **argv)
 		return -1;
 	}
 
@ -1216,7 +1217,7 @@ index 6a8313a2..a69331f1 100644
 							    &num_specfiles);
 
 	if (rc) {
-@@ -152,19 +152,19 @@ int main(int argc, char **argv)
+@@ -153,19 +153,19 @@ int main(int argc, char **argv)
 		goto err;
 	}
 
@ -1241,7 +1242,7 @@ index 6a8313a2..a69331f1 100644
 	printf("calculated using the following specfile(s):\n");
 
 	if (specfiles) {
-@@ -177,13 +177,13 @@ int main(int argc, char **argv)
+@@ -178,13 +178,13 @@ int main(int argc, char **argv)
 			cmd_ptr += strlen(specfiles[i]) + 1;
 			printf("%s\n", specfiles[i]);
 		}
@ -1259,10 +1260,10 @@ index 6a8313a2..a69331f1 100644
 	selabel_close(hnd);
 	return rc;
 diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
-index c4e0f836..80723f71 100644
+index e2733b4195ff..98e533dc2692 100644
 --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
 +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
-@@ -18,8 +18,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
+@@ -16,8 +16,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
 		"-v  Validate file_contxts entries against loaded policy.\n\t"
 		"-r  Recursively descend directories.\n\t"
 		"-f  Optional file_contexts file (defaults to current policy).\n\t"
@ -1273,7 +1274,7 @@ index c4e0f836..80723f71 100644
 		"<path> against\na newly generated digest based on the "
 		"file_context entries for that node\n(using the regx, mode "
 		"and path entries).\n", progname);
-@@ -37,7 +37,7 @@ int main(int argc, char **argv)
+@@ -35,7 +35,7 @@ int main(int argc, char **argv)
 	char *paths[2] = { NULL, NULL };
 	uint8_t *xattr_digest = NULL;
 	uint8_t *calculated_digest = NULL;
@ -1282,7 +1283,7 @@ index c4e0f836..80723f71 100644
 
 	struct selabel_handle *hnd;
 	struct selinux_opt selabel_option[] = {
-@@ -106,27 +106,27 @@ int main(int argc, char **argv)
+@@ -104,27 +104,27 @@ int main(int argc, char **argv)
 							 &xattr_digest,
 							 &digest_len);
 
@ -1316,7 +1317,7 @@ index c4e0f836..80723f71 100644
 					       ftsent->fts_path);
 					printf("as file_context entry is \"<<none>>\"\n");
 					goto cleanup;
-@@ -136,25 +136,25 @@ int main(int argc, char **argv)
+@@ -134,25 +134,25 @@ int main(int argc, char **argv)
 				       ftsent->fts_path);
 
 				for (i = 0; i < digest_len; i++)
@ -1348,5 +1349,5 @@ index c4e0f836..80723f71 100644
 		}
 		default:
 -- 
-2.40.0
+2.41.0

--- a/0002-libselinux-Add-examples-to-man-pages.patch
+++ b/0002-libselinux-Add-examples-to-man-pages.patch
@ -1,117 +0,0 @@
-From 1540d4dd89af42b6a6c66e517142a2f5bade0974 Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Thu, 1 Jun 2023 16:39:15 +0200
-Subject: [PATCH] libselinux: Add examples to man pages
-
-Also fix some typos and remove trailing whitespaces.
-
-Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
-Acked-by: Petr Lautrbach <lautrbach@redhat.com>
---
- libselinux/man/man8/getsebool.8    | 18 +++++++++++-------
- libselinux/man/man8/matchpathcon.8 | 19 +++++++++++++------
- 2 files changed, 24 insertions(+), 13 deletions(-)
-
-diff --git a/libselinux/man/man8/getsebool.8 b/libselinux/man/man8/getsebool.8
-index d70bf1e4..9e36f04f 100644
--- a/libselinux/man/man8/getsebool.8
-+++ b/libselinux/man/man8/getsebool.8
-@@ -1,6 +1,6 @@
- .TH "getsebool" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
- .SH "NAME"
-getsebool \- get SELinux boolean value(s) 
-+getsebool \- get SELinux boolean value(s)
- .
- .SH "SYNOPSIS"
- .B getsebool
-@@ -8,17 +8,16 @@ getsebool \- get SELinux boolean value(s)
- .RI [ boolean ]
- .
- .SH "DESCRIPTION"
-.B getsebool 
-reports where a particular SELinux boolean or
-all SELinux booleans are on or off
-In certain situations a boolean can be in one state with a pending 
-change to the other state.  getsebool will report this as a pending change.
-+.B getsebool
-+reports whether a particular SELinux boolean, or all SELinux booleans, are on or off.
-+In certain situations a boolean can be in one state with a pending
-+change to the other state. getsebool will report this as a pending change.
- The pending value indicates
- the value that will be applied upon the next boolean commit.
- 
- The setting of boolean values occurs in two stages; first the pending
- value is changed, then the booleans are committed, causing their
-active values to become their pending values.  This allows a group of
-+active values to become their pending values. This allows a group of
- booleans to be changed in a single transaction, by setting all of
- their pending values as desired and then committing once.
- .
-@@ -27,6 +26,11 @@ their pending values as desired and then committing once.
- .B \-a
- Show all SELinux booleans.
- .
-+.SH EXAMPLE
-+.nf
-+Show current state of httpd_can_connect_ftp
-+# getsebool httpd_can_connect_ftp
-+.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh@redhat.com>.
- The program was written by Tresys Technology.
-diff --git a/libselinux/man/man8/matchpathcon.8 b/libselinux/man/man8/matchpathcon.8
-index 50c0d392..6d848f43 100644
--- a/libselinux/man/man8/matchpathcon.8
-+++ b/libselinux/man/man8/matchpathcon.8
-@@ -25,8 +25,8 @@ queries the system policy and outputs the default security context associated wi
- Identical paths can have different security contexts, depending on the file
- type (regular file, directory, link file, char file ...).
- 
-.B matchpathcon 
-will also take the file type into consideration in determining the default security context if the file exists.  If the file does not exist, no file type matching will occur.
-+.B matchpathcon
-+will also take the file type into consideration in determining the default security context if the file exists. If the file does not exist, no file type matching will occur.
- .
- .SH OPTIONS
- .TP
-@@ -34,19 +34,19 @@ will also take the file type into consideration in determining the default secur
- Force file type for the lookup.
- Valid types are
- .BR file ", " dir ", "pipe ", " chr_file ", " blk_file ", "
-.BR lnk_file ", " sock_file .
-+.BR lnk_file ", " sock_file
- .TP
- .B \-n
-Do not display path.
-+Do not display path
- .TP
- .B \-N
-Do not use translations.
-+Do not use translations
- .TP
- .BI \-f " file_context_file"
- Use alternate file_context file
- .TP
- .BI \-p " prefix"
-Use prefix to speed translations
-+Use prefix to speed up translations
- .TP
- .BI \-P " policy_root_path"
- Use alternate policy root path
-@@ -54,6 +54,13 @@ Use alternate policy root path
- .B \-V
- Verify file context on disk matches defaults
- .
-+.SH EXAMPLE
-+.nf
-+Show the default label of sock_file cups.sock
-+# matchpathcon -m sock_file /var/run/cups/cups.sock
-+Verify that /var/www/html directory is labeled correctly (the content of the folder is not checked)
-+# matchpathcon -V /var/www/html
-+.
- .SH AUTHOR
- This manual page was written by Dan Walsh <dwalsh@redhat.com>.
- .
-- 
-2.40.0
-
--- a/libselinux.spec
+++ b/libselinux.spec
@ -1,23 +1,22 @@
 %define ruby_inc %(pkg-config --cflags ruby)
-%define libsepolver 3.5-1
+%define libsepolver 3.6-0

 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 3.5
-Release: 5%{?dist}
+Version: 3.6
+Release: 0.rc1.1%{?dist}
 License: LicenseRef-Fedora-Public-Domain
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/3.5/libselinux-3.5.tar.gz
+Source0: https://github.com/SELinuxProject/selinux/releases/download/3.6-rc1/libselinux-3.6-rc1.tar.gz
 Source1: selinuxconlist.8
 Source2: selinuxdefcon.8
 Url: https://github.com/SELinuxProject/selinux/wiki
 # $ git clone https://github.com/fedora-selinux/selinux.git
 # $ cd selinux
-# $ git format-patch -N 3.5 -- libselinux
+# $ git format-patch -N 3.6-rc1 -- libselinux
 # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 # Patch list start
 Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
-Patch0002: 0002-libselinux-Add-examples-to-man-pages.patch
 # Patch list end
 BuildRequires: gcc make
 BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel xz-devel
@ -88,7 +87,7 @@ The libselinux-static package contains the static libraries
 needed for developing SELinux applications. 

 %prep
-%autosetup -p 2 -n libselinux-%{version}
+%autosetup -p 2 -n libselinux-%{version}-rc1

 %build
 export DISABLE_RPM="y"
@ -177,6 +176,7 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{_sbindir}/avcstat
 %{_sbindir}/getenforce
 %{_sbindir}/getpidprevcon
+%{_sbindir}/getpolicyload
 %{_sbindir}/getsebool
 %{_sbindir}/matchpathcon
 %{_sbindir}/sefcontext_compile
@ -194,8 +194,6 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{_sbindir}/validatetrans
 %{_mandir}/man5/*
 %{_mandir}/man8/*
-%{_mandir}/ru/man5/*
-%{_mandir}/ru/man8/*

 %files devel
 %{_libdir}/libselinux.so
@ -215,6 +213,9 @@ rm -f %{buildroot}%{_mandir}/man8/togglesebool*
 %{ruby_vendorarchdir}/selinux.so

 %changelog
+* Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1
+- SELinux userspace 3.6-rc1 release
+
 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (libselinux-3.5.tar.gz) = 4e13261a5821018a5f3cdce676f180bb62e5bc225981ca8a498ece0d1c88d9ba8eaa0ce4099dd0849309a8a7c5a9a0953df841a9922f2c284e5a109e5d937ba7
+SHA512 (libselinux-3.6-rc1.tar.gz) = a7a8dc9c95cfbe96700b5508ba63214d75c817f0ca90076c3171c1dc809786b9d2fd6f5b6cef458b4a0ae5969a0472c0781f84d0b330f54e6603a896665b3adb