- Drop "genhomedircon: check usepasswd" patch
- genhomedircon to ignore
/root;/bin;/boot;/dev;/etc;/lib;/lib64;/proc;/run;/sbin;/sys;/tmp;/usr;/var by default
- Fix usepasswd=False explanation in semanage.conf
It should prevent problems with wrong labels on directories in / after
commands like:
# useradd -Z unconfined_u -d /var test
# matchpathcon /var
/var unconfined_u:object_r:user_home_dir_t:s0
- Drop deprecated functions and duplicated symbols
- Change library version to libsemanage.so.2
- Temporary ship -compat with libsemanage.so.1
- Based on upstream db0f2f382e31
- Re-enable lto flags
- drop deprecated functions and duplicated symbols
- change library version to libsemanage.so.2
- temporary ship -compat with libsemanage.so.1
- based on upstream db0f2f382e31
- re-enable lto flags
The new v3.0 SELInux userspace added support for optimizing the binary
policy by pruning redundant rules from it. Enable it on Fedora by
default, since it brings noticeable space savings and only negligibly
increases policy build time.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
There is a feature in the Standard Test Roles which allows to use an FMF filter
instead of listing all tests manually. All tier one selinux tests are selected
as well.
${__python} and /usr/bin/python are not available anymore.
Fixes:
make[1]: /usr/bin/python: Command not found
Please specify at least one package name on the command line.
cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=zEC12 -mtune=z13 -fasynchronous-unwind-tables -fstack-clash-protection -I../include -D_GNU_SOURCE -Wno-error -Wno-unused-but-set-variable -Wno-unused-variable -Wno-shadow -Wno-unused-parameter -fPIC -DSHARED -c -o semanageswig_wrap.lo semanageswig_wrap.c
semanageswig_wrap.c:149:11: fatal error: Python.h: No such file or directory
# include <Python.h>
^~~~~~~~~~
compilation terminated.
