rpms/libselinux
6
0
Fork 0
Code Issues Pull Requests Releases Activity

libselinux-3.9-2

Browse Source 
- Ignore files removed during relabeling

Resolves: RHEL-110181
This commit is contained in:
Vit Mojzis 2025-10-22 14:37:03 +02:00
parent 75003eee07
commit c7f1cd8a0f
4 changed files with 100 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
0001-Use-SHA-2-instead-of-SHA-1.patch
View File

@ -1,8 +1,7 @@
From 4780b755bb1171f5aa4cd7545535839d451a2070 Mon Sep 17 00:00:00 2001 From 1a3fc195c6dc7fe51ef76e4484910f7b41161ccc Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com> From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 30 Jul 2021 14:14:37 +0200 Date: Fri, 30 Jul 2021 14:14:37 +0200
Subject: [PATCH] Use SHA-2 instead of SHA-1 Subject: [PATCH] Use SHA-2 instead of SHA-1
Content-type: text/plain
The use of SHA-1 in RHEL9 is deprecated The use of SHA-1 in RHEL9 is deprecated
--- ---
@ -30,7 +29,7 @@ The use of SHA-1 in RHEL9 is deprecated
create mode 100644 libselinux/src/sha256.h create mode 100644 libselinux/src/sha256.h
diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
index ce189a3ae2fe..ce77d32dfed1 100644 index ce189a3a..ce77d32d 100644
--- a/libselinux/include/selinux/label.h --- a/libselinux/include/selinux/label.h
+++ b/libselinux/include/selinux/label.h +++ b/libselinux/include/selinux/label.h
@@ -120,13 +120,13 @@ extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con, @@ -120,13 +120,13 @@ extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
@ -51,7 +50,7 @@ index ce189a3ae2fe..ce77d32dfed1 100644
* @num_specfiles: number of specfiles in the list. * @num_specfiles: number of specfiles in the list.
* *
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
index 5be6542c2a91..210f65fdb709 100644 index 0ccf73a6..8dcc831b 100644
--- a/libselinux/include/selinux/restorecon.h --- a/libselinux/include/selinux/restorecon.h
+++ b/libselinux/include/selinux/restorecon.h +++ b/libselinux/include/selinux/restorecon.h
@@ -43,8 +43,8 @@ extern int selinux_restorecon_parallel(const char *pathname, @@ -43,8 +43,8 @@ extern int selinux_restorecon_parallel(const char *pathname,
@ -66,7 +65,7 @@ index 5be6542c2a91..210f65fdb709 100644
#define SELINUX_RESTORECON_IGNORE_DIGEST 0x00001 #define SELINUX_RESTORECON_IGNORE_DIGEST 0x00001
/* /*
diff --git a/libselinux/man/man3/selabel_digest.3 b/libselinux/man/man3/selabel_digest.3 diff --git a/libselinux/man/man3/selabel_digest.3 b/libselinux/man/man3/selabel_digest.3
index 56a008f00df0..5f7c42533d0e 100644 index 56a008f0..5f7c4253 100644
--- a/libselinux/man/man3/selabel_digest.3 --- a/libselinux/man/man3/selabel_digest.3
+++ b/libselinux/man/man3/selabel_digest.3 +++ b/libselinux/man/man3/selabel_digest.3
@@ -20,11 +20,11 @@ selabel_digest \- Return digest of specfiles and list of files used @@ -20,11 +20,11 @@ selabel_digest \- Return digest of specfiles and list of files used
@ -84,7 +83,7 @@ index 56a008f00df0..5f7c42533d0e 100644
with the number of entries in with the number of entries in
.IR num_specfiles . .IR num_specfiles .
diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3 diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3
index 0e03e1be111e..14ab888d2e03 100644 index 0e03e1be..14ab888d 100644
--- a/libselinux/man/man3/selabel_open.3 --- a/libselinux/man/man3/selabel_open.3
+++ b/libselinux/man/man3/selabel_open.3 +++ b/libselinux/man/man3/selabel_open.3
@@ -69,7 +69,7 @@ is used; a custom validation function can be provided via @@ -69,7 +69,7 @@ is used; a custom validation function can be provided via
@ -97,7 +96,7 @@ index 0e03e1be111e..14ab888d2e03 100644
.BR selabel_digest (3) .BR selabel_digest (3)
. .
diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3 diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
index 218aaf6d2ae5..5f6d4b386429 100644 index 218aaf6d..5f6d4b38 100644
--- a/libselinux/man/man3/selinux_restorecon.3 --- a/libselinux/man/man3/selinux_restorecon.3
+++ b/libselinux/man/man3/selinux_restorecon.3 +++ b/libselinux/man/man3/selinux_restorecon.3
@@ -36,7 +36,7 @@ If this is a directory and the @@ -36,7 +36,7 @@ If this is a directory and the
@ -172,7 +171,7 @@ index 218aaf6d2ae5..5f6d4b386429 100644
.B SELINUX_RESTORECON_SET_SPECFILE_CTX .B SELINUX_RESTORECON_SET_SPECFILE_CTX
flag (provided flag (provided
diff --git a/libselinux/man/man3/selinux_restorecon_xattr.3 b/libselinux/man/man3/selinux_restorecon_xattr.3 diff --git a/libselinux/man/man3/selinux_restorecon_xattr.3 b/libselinux/man/man3/selinux_restorecon_xattr.3
index c56326814b94..098c840fc59b 100644 index c5632681..098c840f 100644
--- a/libselinux/man/man3/selinux_restorecon_xattr.3 --- a/libselinux/man/man3/selinux_restorecon_xattr.3
+++ b/libselinux/man/man3/selinux_restorecon_xattr.3 +++ b/libselinux/man/man3/selinux_restorecon_xattr.3
@@ -119,7 +119,7 @@ By default @@ -119,7 +119,7 @@ By default
@ -185,10 +184,10 @@ index c56326814b94..098c840fc59b 100644
.BR selabel_open (3) .BR selabel_open (3)
must be called specifying the required must be called specifying the required
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 41cfbdca490c..658a4c3d80e0 100644 index 261c22d4..3eea5341 100644
--- a/libselinux/src/Makefile --- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile +++ b/libselinux/src/Makefile
@@ -130,7 +130,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \ @@ -132,7 +132,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
-DBUILD_HOST -DBUILD_HOST
SRCS= callbacks.c freecon.c label.c label_file.c \ SRCS= callbacks.c freecon.c label.c label_file.c \
label_backends_android.c regex.c label_support.c \ label_backends_android.c regex.c label_support.c \
@ -198,10 +197,10 @@ index 41cfbdca490c..658a4c3d80e0 100644
endif endif
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 189a5ed26eb7..312bb584d6b4 100644 index b785eab6..4c87de15 100644
--- a/libselinux/src/label_file.c --- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c
@@ -1780,7 +1780,7 @@ static struct lookup_result *lookup_common(struct selabel_handle *rec, @@ -1958,7 +1958,7 @@ static struct lookup_result *lookup_common(struct selabel_handle *rec,
/* /*
* Returns true if the digest of all partial matched contexts is the same as * Returns true if the digest of all partial matched contexts is the same as
@ -210,7 +209,7 @@ index 189a5ed26eb7..312bb584d6b4 100644
* digest will always be returned. The caller must free any returned digests. * digest will always be returned. The caller must free any returned digests.
*/ */
static bool get_digests_all_partial_matches(struct selabel_handle *rec, static bool get_digests_all_partial_matches(struct selabel_handle *rec,
@@ -1789,39 +1789,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec, @@ -1967,39 +1967,39 @@ static bool get_digests_all_partial_matches(struct selabel_handle *rec,
uint8_t **xattr_digest, uint8_t **xattr_digest,
size_t *digest_len) size_t *digest_len)
{ {
@ -261,7 +260,7 @@ index 189a5ed26eb7..312bb584d6b4 100644
return true; return true;
return false; return false;
@@ -1840,22 +1840,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key @@ -2018,22 +2018,22 @@ static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key
return false; return false;
} }
@ -293,7 +292,7 @@ index 189a5ed26eb7..312bb584d6b4 100644
free_lookup_result(matches); free_lookup_result(matches);
return true; return true;
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index 743dbf9472cf..4180df92f405 100644 index 743dbf94..4180df92 100644
--- a/libselinux/src/label_internal.h --- a/libselinux/src/label_internal.h
+++ b/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h
@@ -13,7 +13,7 @@ @@ -13,7 +13,7 @@
@ -334,10 +333,10 @@ index 743dbf9472cf..4180df92f405 100644
}; };
diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c diff --git a/libselinux/src/label_support.c b/libselinux/src/label_support.c
index 978ba828c159..daba26941ae7 100644 index 57e191c8..1b6fabca 100644
--- a/libselinux/src/label_support.c --- a/libselinux/src/label_support.c
+++ b/libselinux/src/label_support.c +++ b/libselinux/src/label_support.c
@@ -120,7 +120,7 @@ int read_spec_entries(char *line_buf, size_t nread, const char **errbuf, int nu @@ -123,7 +123,7 @@ int read_spec_entries(char *line_buf, size_t nread, const char **errbuf, int nu
/* Once all the specfiles are in the hash_buf, generate the hash. */ /* Once all the specfiles are in the hash_buf, generate the hash. */
void digest_gen_hash(struct selabel_digest *digest) void digest_gen_hash(struct selabel_digest *digest)
{ {
@ -346,7 +345,7 @@ index 978ba828c159..daba26941ae7 100644
size_t remaining_size; size_t remaining_size;
const unsigned char *ptr; const unsigned char *ptr;
@@ -128,19 +128,19 @@ void digest_gen_hash(struct selabel_digest *digest) @@ -131,19 +131,19 @@ void digest_gen_hash(struct selabel_digest *digest)
if (!digest) if (!digest)
return; return;
@ -371,7 +370,7 @@ index 978ba828c159..daba26941ae7 100644
digest->hashbuf = NULL; digest->hashbuf = NULL;
} }
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index bc6ed935a4ad..93bd7779249b 100644 index 39eabeb9..702ad8d9 100644
--- a/libselinux/src/selinux_restorecon.c --- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c
@@ -37,7 +37,7 @@ @@ -37,7 +37,7 @@
@ -383,7 +382,7 @@ index bc6ed935a4ad..93bd7779249b 100644
#define STAR_COUNT 1024 #define STAR_COUNT 1024
@@ -306,7 +306,7 @@ static uint64_t exclude_non_seclabel_mounts(void) @@ -307,7 +307,7 @@ static uint64_t exclude_non_seclabel_mounts(void)
static int add_xattr_entry(const char *directory, bool delete_nonmatch, static int add_xattr_entry(const char *directory, bool delete_nonmatch,
bool delete_all) bool delete_all)
{ {
@ -392,7 +391,7 @@ index bc6ed935a4ad..93bd7779249b 100644
size_t i, digest_len = 0; size_t i, digest_len = 0;
int rc; int rc;
enum digest_result digest_result; enum digest_result digest_result;
@@ -330,15 +330,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, @@ -331,15 +331,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
} }
/* Convert entry to a hex encoded string. */ /* Convert entry to a hex encoded string. */
@ -411,7 +410,7 @@ index bc6ed935a4ad..93bd7779249b 100644
digest_result = match ? MATCH : NOMATCH; digest_result = match ? MATCH : NOMATCH;
@@ -358,7 +358,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, @@ -359,7 +359,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
/* Now add entries to link list. */ /* Now add entries to link list. */
new_entry = malloc(sizeof(struct dir_xattr)); new_entry = malloc(sizeof(struct dir_xattr));
if (!new_entry) { if (!new_entry) {
@ -420,7 +419,7 @@ index bc6ed935a4ad..93bd7779249b 100644
goto oom; goto oom;
} }
new_entry->next = NULL; new_entry->next = NULL;
@@ -366,15 +366,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, @@ -367,15 +367,15 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
new_entry->directory = strdup(directory); new_entry->directory = strdup(directory);
if (!new_entry->directory) { if (!new_entry->directory) {
free(new_entry); free(new_entry);
@ -439,7 +438,7 @@ index bc6ed935a4ad..93bd7779249b 100644
goto oom; goto oom;
} }
@@ -388,7 +388,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, @@ -389,7 +389,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
dir_xattr_last = new_entry; dir_xattr_last = new_entry;
} }
@ -448,7 +447,7 @@ index bc6ed935a4ad..93bd7779249b 100644
return 0; return 0;
oom: oom:
@@ -778,7 +778,7 @@ err: @@ -805,7 +805,7 @@ err:
struct dir_hash_node { struct dir_hash_node {
char *path; char *path;
@ -457,7 +456,7 @@ index bc6ed935a4ad..93bd7779249b 100644
struct dir_hash_node *next; struct dir_hash_node *next;
}; };
/* /*
@@ -1284,7 +1284,7 @@ static int selinux_restorecon_common(const char *pathname_orig, @@ -1313,7 +1313,7 @@ static int selinux_restorecon_common(const char *pathname_orig,
if (setxattr(current->path, if (setxattr(current->path,
RESTORECON_PARTIAL_MATCH_DIGEST, RESTORECON_PARTIAL_MATCH_DIGEST,
current->digest, current->digest,
@ -468,7 +467,7 @@ index bc6ed935a4ad..93bd7779249b 100644
current->path); current->path);
diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c
deleted file mode 100644 deleted file mode 100644
index 452b0cc2ad5a..000000000000 index 452b0cc2..00000000
--- a/libselinux/src/sha1.c --- a/libselinux/src/sha1.c
+++ /dev/null +++ /dev/null
@@ -1,223 +0,0 @@ @@ -1,223 +0,0 @@
@ -697,7 +696,7 @@ index 452b0cc2ad5a..000000000000
-} -}
diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h diff --git a/libselinux/src/sha1.h b/libselinux/src/sha1.h
deleted file mode 100644 deleted file mode 100644
index f83a6e7ed7ba..000000000000 index f83a6e7e..00000000
--- a/libselinux/src/sha1.h --- a/libselinux/src/sha1.h
+++ /dev/null +++ /dev/null
@@ -1,85 +0,0 @@ @@ -1,85 +0,0 @@
@ -788,7 +787,7 @@ index f83a6e7ed7ba..000000000000
-#endif //_sha1_h_ -#endif //_sha1_h_
diff --git a/libselinux/src/sha256.c b/libselinux/src/sha256.c diff --git a/libselinux/src/sha256.c b/libselinux/src/sha256.c
new file mode 100644 new file mode 100644
index 000000000000..fe2aeef07f53 index 00000000..fe2aeef0
--- /dev/null --- /dev/null
+++ b/libselinux/src/sha256.c +++ b/libselinux/src/sha256.c
@@ -0,0 +1,294 @@ @@ -0,0 +1,294 @@
@ -1088,7 +1087,7 @@ index 000000000000..fe2aeef07f53
+} +}
diff --git a/libselinux/src/sha256.h b/libselinux/src/sha256.h diff --git a/libselinux/src/sha256.h b/libselinux/src/sha256.h
new file mode 100644 new file mode 100644
index 000000000000..406ed869cd82 index 00000000..406ed869
--- /dev/null --- /dev/null
+++ b/libselinux/src/sha256.h +++ b/libselinux/src/sha256.h
@@ -0,0 +1,89 @@ @@ -0,0 +1,89 @@
@ -1182,7 +1181,7 @@ index 000000000000..406ed869cd82
+ SHA256_HASH* Digest // [in] + SHA256_HASH* Digest // [in]
+ ); + );
diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c diff --git a/libselinux/utils/selabel_digest.c b/libselinux/utils/selabel_digest.c
index 47aad21ff1fb..8bcd44a1dc73 100644 index 47aad21f..8bcd44a1 100644
--- a/libselinux/utils/selabel_digest.c --- a/libselinux/utils/selabel_digest.c
+++ b/libselinux/utils/selabel_digest.c +++ b/libselinux/utils/selabel_digest.c
@@ -13,8 +13,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) @@ -13,8 +13,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
@ -1269,7 +1268,7 @@ index 47aad21ff1fb..8bcd44a1dc73 100644
return rc; return rc;
} }
diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
index e2733b4195ff..98e533dc2692 100644 index e2733b41..98e533dc 100644
--- a/libselinux/utils/selabel_get_digests_all_partial_matches.c --- a/libselinux/utils/selabel_get_digests_all_partial_matches.c
+++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c +++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
@@ -16,8 +16,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) @@ -16,8 +16,8 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname)
@ -1358,5 +1357,5 @@ index e2733b4195ff..98e533dc2692 100644
} }
default: default:
-- --
2.47.0 2.51.0

63
0002-libselinux-Ignore-files-removed-during-relabeling.patch Normal file
View File

@ -0,0 +1,63 @@
From d12756eb12696962458d9c4dc727da248664286f Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 17 Oct 2025 17:08:34 +0200
Subject: [PATCH] libselinux: Ignore files removed during relabeling
In case ignore_noent is specified, ignore files removed during
relabeling (race condition between folder read, file read and label
set).
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
libselinux/src/selinux_restorecon.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 702ad8d9..23546cb0 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -726,6 +726,9 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
pathname, newcon);
if (lgetfilecon_raw(pathname, &curcon) < 0) {
+ /* Ignore files removed during relabeling if ignore_noent is set */
+ if (flags->ignore_noent && errno == ENOENT)
+ goto out;
if (errno != ENODATA)
goto err;
@@ -765,8 +768,14 @@ static int restorecon_sb(const char *pathname, const struct stat *sb,
}
if (!flags->nochange) {
- if (lsetfilecon(pathname, newcon) < 0)
- goto err;
+ if (lsetfilecon(pathname, newcon) < 0) {
+ /* Ignore files removed during relabeling if ignore_noent is set */
+ if (flags->ignore_noent && errno == ENOENT)
+ goto out;
+ else
+ goto err;
+ }
+
updated = true;
}
@@ -932,9 +941,10 @@ loop_body:
case FTS_NS:
error = errno;
errno = ftsent->fts_errno;
- selinux_log(SELINUX_ERROR,
- "Could not stat %s: %m.\n",
- ftsent->fts_path);
+ if (!state->flags.ignore_noent || errno != ENOENT)
+ selinux_log(SELINUX_ERROR,
+ "Could not stat %s: %m.\n",
+ ftsent->fts_path);
errno = error;
fts_set(fts, ftsent, FTS_SKIP);
continue;
--
2.51.0

3
changelog
View File

@ -1,3 +1,6 @@
* Wed Oct 22 2025 Vit Mojzis <vmojzis@redhat.com> - 3.9-2
- Ignore files removed during relabeling (RHEL-110181)
* Tue Jul 22 2025 Vit Mojzis <vmojzis@redhat.com> - 3.9-1 * Tue Jul 22 2025 Vit Mojzis <vmojzis@redhat.com> - 3.9-1
- SELinux userspace 3.9 release - SELinux userspace 3.9 release

3
libselinux.spec
View File

@ -4,7 +4,7 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 3.9 Version: 3.9
Release: 1%{?dist} Release: 2%{?dist}
License: LicenseRef-Fedora-Public-Domain License: LicenseRef-Fedora-Public-Domain
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/libselinux-%{version}.tar.gz
@ -20,6 +20,7 @@ Url: https://github.com/SELinuxProject/selinux/wiki
# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
# Patch list start # Patch list start
Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch Patch0001: 0001-Use-SHA-2-instead-of-SHA-1.patch
Patch0002: 0002-libselinux-Ignore-files-removed-during-relabeling.patch
# Patch list end # Patch list end
BuildRequires: gcc make BuildRequires: gcc make
BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel BuildRequires: ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre2-devel