Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/libsemanage.git#67ade76bde05e7f18186b1417d1a9fc7de25608a

0005-libsemanage-genhomedircon-check-usepasswd.patch

@@ -1,35 +0,0 @@
-From 511f8bbf779e10152d5af491e8b6a408b8ad666c Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Fri, 30 Oct 2020 17:42:17 +0100
-Subject: [PATCH] libsemanage/genhomedircon: check usepasswd
-
-Only add user homedir contexts when usepasswd = True
-
-Resolves:
-   # grep usepasswd /etc/selinux/semanage.conf
-   usepasswd=False
-   # useradd -Z unconfined_u -d /tmp test
-   # matchpathcon /tmp
-   /tmp	unconfined_u:object_r:user_home_dir_t:s0
-
-Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
----
- libsemanage/src/genhomedircon.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
-index d08c88de99a7..18d3d99a1254 100644
---- a/libsemanage/src/genhomedircon.c
-+++ b/libsemanage/src/genhomedircon.c
-@@ -1332,7 +1332,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out)
- 			s->fallback->home = NULL;
- 		}
- 	}
--	if (user_context_tpl || username_context_tpl) {
-+	if ((s->usepasswd) && (user_context_tpl || username_context_tpl)) {
- 		if (write_username_context(s, out, username_context_tpl,
- 					   s->fallback) != STATUS_SUCCESS) {
- 			retval = STATUS_ERR;
--- 
-2.29.2
-

libsemanage.spec

@@ -4,7 +4,7 @@
 Summary: SELinux binary policy manipulation library
 Name: libsemanage
 Version: 3.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: LGPLv2+
 Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/libsemanage-3.1.tar.gz
 # fedora-selinux/selinux: git format-patch -N libsemanage-3.1 -- libsemanage
@@ -14,7 +14,6 @@ Patch0001: 0001-libsemanage-Remove-legacy-and-duplicate-symbols.patch
 Patch0002: 0002-libsemanage-Drop-deprecated-functions.patch
 Patch0003: 0003-libsemanage-Bump-libsemanage.so-version.patch
 Patch0004: 0004-libsemanage-Fix-RESOURCE_LEAK-and-USE_AFTER_FREE-cov.patch
-Patch0005: 0005-libsemanage-genhomedircon-check-usepasswd.patch
 # Patch list end
 URL: https://github.com/SELinuxProject/selinux/wiki
 Source1: semanage.conf
@@ -159,6 +158,12 @@ cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf
 %{_libexecdir}/selinux/semanage_migrate_store
 
 %changelog
+* Fri Dec 18 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
+- Drop "genhomedircon: check usepasswd" patch
+- genhomedircon to ignore
+  /root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var by default
+- Fix usepasswd=False explanation in semanage.conf
+
 * Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
 - Drop and obsolete libsemanage-compat
 - genhomedircon: check usepasswd

semanage.conf

@@ -42,14 +42,16 @@ module-store = direct
 expand-check=0
 
 # usepasswd check tells semanage to scan all pass word records for home directories
-# and setup the labeling correctly.  If this is turned off, SELinux will label /home 
-# correctly only.  You will need to use semanage fcontext command.  
+# and setup the labeling correctly. If this is turned off, SELinux will label only /home
+# and home directories of users with SELinux login mappings defined, see
+# semanage login -l for the list of such users.
+# If you want to use a different home directory, you will need to use semanage fcontext command.
 # For example, if you had home dirs in /althome directory you would have to execute
 # semanage fcontext -a -e /home /althome
 usepasswd=False
 bzip-small=true
 bzip-blocksize=5
-ignoredirs=/root
+ignoredirs=/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var
 optimize-policy=true
 
 [sefcontext_compile]