diff --git a/.gitignore b/.gitignore index 0d989de..bf1fee5 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,6 @@ SOURCES/gui-po.tgz SOURCES/policycoreutils-po.tgz SOURCES/python-po.tgz SOURCES/sandbox-po.tgz -SOURCES/selinux-3.4.tar.gz +SOURCES/selinux-3.5.tar.gz SOURCES/sepolicy-icons.tgz SOURCES/system-config-selinux.png diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata index 779bfae..298caa7 100644 --- a/.policycoreutils.metadata +++ b/.policycoreutils.metadata @@ -2,6 +2,6 @@ f9342645227d02f617924de0bb0dbfa9c67ebb43 SOURCES/gui-po.tgz 04e31eca7c25edb3a896637aba5b81b61d572995 SOURCES/policycoreutils-po.tgz 2395f9e7d3a01715f103a04fed37468ba0d3da5a SOURCES/python-po.tgz 65f89d944d50c59dd5a35453e9a94916db076b3d SOURCES/sandbox-po.tgz -3c789c6783738e17f74221efa475cbb878183379 SOURCES/selinux-3.4.tar.gz +28e8c0a58e01436b1c931559da3844d5774f8186 SOURCES/selinux-3.5.tar.gz d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz 611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png diff --git a/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch index 1b5b9c9..f14e1a2 100644 --- a/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch +++ b/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch @@ -1,4 +1,4 @@ -From f361ee407490bc74b43ec408b1edc70cd647d4e0 Mon Sep 17 00:00:00 2001 +From 31ccf6f0fc5e77870f496fac4bea94a6ba2e5c30 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 20 Aug 2015 12:58:41 +0200 Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in @@ -23,5 +23,5 @@ index eaa500d08143..4774528027ef 100644 cat > ~/seremote << __EOF #!/bin/sh -- -2.35.1 +2.39.1 diff --git a/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch index 998345e..35b81ac 100644 --- a/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch +++ b/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch @@ -1,4 +1,4 @@ -From 71a2f14767c0ec70c23ecce43d7cbc5404c95552 Mon Sep 17 00:00:00 2001 +From 837c347bbee5db90d11144363525113edc8baed3 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 21 Apr 2014 13:54:40 -0400 Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages @@ -10,10 +10,10 @@ Signed-off-by: Miroslav Grepl 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 3e61e333193f..82338aeeef32 100755 +index a488dcbf54f2..7d90ffb5a22f 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py -@@ -737,10 +737,13 @@ Default Defined Ports:""") +@@ -679,10 +679,13 @@ Default Defined Ports:""") def _file_context(self): flist = [] @@ -27,9 +27,9 @@ index 3e61e333193f..82338aeeef32 100755 if f in self.fcdict: mpaths = mpaths + self.fcdict[f]["regex"] if len(mpaths) == 0: -@@ -799,12 +802,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d +@@ -741,12 +744,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d SELinux defines the file context types for the %(domainname)s, if you wanted to - store files with these types in a diffent paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk. + store files with these types in a different paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk. -.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?' +.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?' @@ -43,5 +43,5 @@ index 3e61e333193f..82338aeeef32 100755 self.fd.write(r""" .I The following file types are defined for %(domainname)s: -- -2.35.1 +2.39.1 diff --git a/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch index aca9199..c31d159 100644 --- a/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch +++ b/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch @@ -1,4 +1,4 @@ -From d55a06c002641dce1301b9b5639bd8e206460724 Mon Sep 17 00:00:00 2001 +From f21d5f9316094015c81339d25d69d3dc7150bd8a Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Mon, 12 May 2014 14:11:22 +0200 Subject: [PATCH] If there is no executable we don't want to print a part of @@ -10,10 +10,10 @@ Content-type: text/plain 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 82338aeeef32..ec8aa1cb94a2 100755 +index 7d90ffb5a22f..11809dcede43 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py -@@ -795,7 +795,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d +@@ -737,7 +737,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d .PP """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) @@ -24,5 +24,5 @@ index 82338aeeef32..ec8aa1cb94a2 100755 .B STANDARD FILE CONTEXT -- -2.35.1 +2.39.1 diff --git a/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/SOURCES/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch similarity index 83% rename from SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch rename to SOURCES/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch index ba39b4d..5caf30f 100644 --- a/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch +++ b/SOURCES/0004-Don-t-be-verbose-if-you-are-not-on-a-tty.patch @@ -1,4 +1,4 @@ -From f204dd292340689c2d7ab75612b9fd81337fcbc3 Mon Sep 17 00:00:00 2001 +From 9e22ab3619d68277c89926f3f31e37a9101ca082 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 14 Feb 2014 12:32:12 -0500 Subject: [PATCH] Don't be verbose if you are not on a tty @@ -9,7 +9,7 @@ Content-type: text/plain 1 file changed, 1 insertion(+) diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index c72ca0eb9d61..163ebcd1f232 100755 +index 166af6f360a2..ebe64563c7d7 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() { @@ -21,5 +21,5 @@ index c72ca0eb9d61..163ebcd1f232 100755 THREADS="" RPMFILES="" -- -2.35.1 +2.39.1 diff --git a/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch deleted file mode 100644 index 045c033..0000000 --- a/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch +++ /dev/null @@ -1,170 +0,0 @@ -From b180f7679c5e09535416f47d48afd0c0738f5fa9 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Thu, 19 Feb 2015 17:45:15 +0100 -Subject: [PATCH] Simplication of sepolicy-manpage web functionality. - system_release is no longer hardcoded and it creates only index.html and html - man pages in the directory for the system release. -Content-type: text/plain - ---- - python/sepolicy/sepolicy/__init__.py | 25 +++-------- - python/sepolicy/sepolicy/manpage.py | 65 +++------------------------- - 2 files changed, 13 insertions(+), 77 deletions(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 203ca25f4210..9447812b7450 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -1225,27 +1225,14 @@ def boolean_desc(boolean): - - - def get_os_version(): -- os_version = "" -- pkg_name = "selinux-policy" -+ system_release = "" - try: -- try: -- from commands import getstatusoutput -- except ImportError: -- from subprocess import getstatusoutput -- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) -- if rc == 0: -- os_version = output.split(".")[-2] -- except: -- os_version = "" -- -- if os_version[0:2] == "fc": -- os_version = "Fedora" + os_version[2:] -- elif os_version[0:2] == "el": -- os_version = "RHEL" + os_version[2:] -- else: -- os_version = "" -+ with open('/etc/system-release') as f: -+ system_release = f.readline() -+ except IOError: -+ system_release = "Misc" - -- return os_version -+ return system_release - - - def reinit(): -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index ec8aa1cb94a2..c632d05dbb1b 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -151,10 +151,6 @@ def prettyprint(f, trim): - manpage_domains = [] - manpage_roles = [] - --fedora_releases = ["Fedora17", "Fedora18"] --rhel_releases = ["RHEL6", "RHEL7"] -- -- - def get_alphabet_manpages(manpage_list): - alphabet_manpages = dict.fromkeys(string.ascii_letters, []) - for i in string.ascii_letters: -@@ -184,7 +180,7 @@ def convert_manpage_to_html(html_manpage, manpage): - class HTMLManPages: - - """ -- Generate a HHTML Manpages on an given SELinux domains -+ Generate a HTML Manpages on an given SELinux domains - """ - - def __init__(self, manpage_roles, manpage_domains, path, os_version): -@@ -192,9 +188,9 @@ class HTMLManPages: - self.manpage_domains = get_alphabet_manpages(manpage_domains) - self.os_version = os_version - self.old_path = path + "/" -- self.new_path = self.old_path + self.os_version + "/" -+ self.new_path = self.old_path - -- if self.os_version in fedora_releases or self.os_version in rhel_releases: -+ if self.os_version: - self.__gen_html_manpages() - else: - print("SELinux HTML man pages can not be generated for this %s" % os_version) -@@ -203,7 +199,6 @@ class HTMLManPages: - def __gen_html_manpages(self): - self._write_html_manpage() - self._gen_index() -- self._gen_body() - self._gen_css() - - def _write_html_manpage(self): -@@ -221,67 +216,21 @@ class HTMLManPages: - convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) - - def _gen_index(self): -- index = self.old_path + "index.html" -- fd = open(index, 'w') -- fd.write(""" -- -- -- -- SELinux man pages online -- -- --

SELinux man pages

--

--Fedora or Red Hat Enterprise Linux Man Pages. --

--
--

Fedora

-- -- --
--
--
--""")
--        for f in fedora_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (f, f, f, f))
--
--        fd.write("""
--
--
--

RHEL

-- -- --
--
--
--""")
--        for r in rhel_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (r, r, r, r))
--
--        fd.write("""
--
-- """) -- fd.close() -- print("%s has been created" % index) -- -- def _gen_body(self): - html = self.new_path + self.os_version + ".html" - fd = open(html, 'w') - fd.write(""" - - -- -- Linux man-pages online for Fedora18 -+ -+ SELinux man pages online - - --

SELinux man pages for Fedora18

-+

SELinux man pages for %s

-
- -
-

SELinux roles

--""") -+""" % self.os_version) - for letter in self.manpage_roles: - if len(self.manpage_roles[letter]): - fd.write(""" --- -2.35.1 - diff --git a/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch deleted file mode 100644 index 948881f..0000000 --- a/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 1747f59fece8183772e5591ce5b5feb5f421f602 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 20 Feb 2015 16:42:01 +0100 -Subject: [PATCH] We want to remove the trailing newline for - /etc/system_release. -Content-type: text/plain - ---- - python/sepolicy/sepolicy/__init__.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 9447812b7450..aa8beda313c8 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -1228,7 +1228,7 @@ def get_os_version(): - system_release = "" - try: - with open('/etc/system-release') as f: -- system_release = f.readline() -+ system_release = f.readline().rstrip() - except IOError: - system_release = "Misc" - --- -2.35.1 - diff --git a/SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch b/SOURCES/0005-sepolicy-generate-Handle-more-reserved-port-types.patch similarity index 94% rename from SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch rename to SOURCES/0005-sepolicy-generate-Handle-more-reserved-port-types.patch index 0e45be3..361e47b 100644 --- a/SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch +++ b/SOURCES/0005-sepolicy-generate-Handle-more-reserved-port-types.patch @@ -1,4 +1,4 @@ -From d8f51aa7d299383247213b69ec7cbb68c1fa3bc4 Mon Sep 17 00:00:00 2001 +From be8bd714f37e6114661f02df4ddb7cb7b25cd0a1 Mon Sep 17 00:00:00 2001 From: Masatake YAMATO Date: Thu, 14 Dec 2017 15:57:58 +0900 Subject: [PATCH] sepolicy-generate: Handle more reserved port types @@ -53,10 +53,10 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 43180ca6fda4..d60a08e1d72c 100644 +index b6df3e91160b..36a3ea1196b1 100644 --- a/python/sepolicy/sepolicy/generate.py +++ b/python/sepolicy/sepolicy/generate.py -@@ -99,7 +99,9 @@ def get_all_ports(): +@@ -100,7 +100,9 @@ def get_all_ports(): for p in sepolicy.info(sepolicy.PORT): if p['type'] == "reserved_port_t" or \ p['type'] == "port_t" or \ @@ -68,5 +68,5 @@ index 43180ca6fda4..d60a08e1d72c 100644 dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) return dict -- -2.35.1 +2.39.1 diff --git a/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch b/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch deleted file mode 100644 index 9b31464..0000000 --- a/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0bd28bc715034c644405d3c03f160d69ae710500 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 20 Feb 2015 16:42:53 +0100 -Subject: [PATCH] Fix title in manpage.py to not contain 'online'. -Content-type: text/plain - ---- - python/sepolicy/sepolicy/manpage.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index c632d05dbb1b..3ae2f42b2fdf 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -222,7 +222,7 @@ class HTMLManPages: - - - -- SELinux man pages online -+ SELinux man pages - - -

SELinux man pages for %s

--- -2.35.1 - diff --git a/SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/SOURCES/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch similarity index 88% rename from SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch rename to SOURCES/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch index e8a52b2..f1c27fa 100644 --- a/SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +++ b/SOURCES/0006-sandbox-Use-matchbox-window-manager-instead-of-openb.patch @@ -1,4 +1,4 @@ -From 8054dc44cf105b959864a1424fe857fac3ba3d73 Mon Sep 17 00:00:00 2001 +From f4b78eeb59ae1ef4b5926c004debce04ee28dfe7 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 18 Jul 2018 09:09:35 +0200 Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox @@ -11,10 +11,10 @@ Content-type: text/plain 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/sandbox/sandbox b/sandbox/sandbox -index 16c43b51eaaa..7709a6585665 100644 +index a2762a7d215a..a32a33ea3cf6 100644 --- a/sandbox/sandbox +++ b/sandbox/sandbox -@@ -268,7 +268,7 @@ class Sandbox: +@@ -270,7 +270,7 @@ class Sandbox: copyfile(f, "/tmp", self.__tmpdir) copyfile(f, "/var/tmp", self.__tmpdir) @@ -23,7 +23,7 @@ index 16c43b51eaaa..7709a6585665 100644 execfile = self.__homedir + "/.sandboxrc" fd = open(execfile, "w+") if self.__options.session: -@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -369,7 +369,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- parser.add_option("-W", "--windowmanager", dest="wm", type="string", @@ -33,10 +33,10 @@ index 16c43b51eaaa..7709a6585665 100644 parser.add_option("-l", "--level", dest="level", diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8 -index d83fee76f335..90ef4951c8c2 100644 +index 1ee0ecea96d1..775e4b231204 100644 --- a/sandbox/sandbox.8 +++ b/sandbox/sandbox.8 -@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz +@@ -80,7 +80,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz \fB\-W\fR \fB\-\-windowmanager\fR Select alternative window manager to run within .B sandbox \-X. @@ -71,5 +71,5 @@ index 4774528027ef..c211ebc14549 100644 export DISPLAY=:$D cat > ~/seremote << __EOF -- -2.35.1 +2.39.1 diff --git a/SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch b/SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch similarity index 98% rename from SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch rename to SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch index 812028f..8c2398e 100644 --- a/SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch +++ b/SOURCES/0007-Use-SHA-2-instead-of-SHA-1.patch @@ -1,4 +1,4 @@ -From 53d085d8d6edc05886d473e412a8025b7f8d9ce4 Mon Sep 17 00:00:00 2001 +From 604a275f53750e4c1e1101bd53c4fd448cc0b5e3 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 30 Jul 2021 14:14:37 +0200 Subject: [PATCH] Use SHA-2 instead of SHA-1 @@ -254,10 +254,10 @@ index 910101452625..7f2daa09191b 100644 , и, при условии, что НЕ установлен параметр .B \-n diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index 19b59a2cc90d..bad9f37a9ac4 100644 +index bf26e161a71d..36fe6b369548 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 -@@ -87,14 +87,14 @@ display usage information and exit. +@@ -95,14 +95,14 @@ display usage information and exit. ignore files that do not exist. .TP .B \-I @@ -275,7 +275,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644 enable usage of the .IR security.sehash extended attribute. -@@ -239,7 +239,7 @@ the +@@ -261,7 +261,7 @@ the .B \-D option to .B setfiles @@ -284,7 +284,7 @@ index 19b59a2cc90d..bad9f37a9ac4 100644 .B spec_file set in an extended attribute named .IR security.sehash -@@ -260,7 +260,7 @@ for further details. +@@ -282,7 +282,7 @@ for further details. .sp The .B \-I @@ -294,5 +294,5 @@ index 19b59a2cc90d..bad9f37a9ac4 100644 and provided the .B \-n -- -2.35.1 +2.39.1 diff --git a/SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch similarity index 90% rename from SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch rename to SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch index c4e1fe1..cf694e9 100644 --- a/SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch +++ b/SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch @@ -1,4 +1,4 @@ -From 3748b7eab7434698998edfcf613fe738cf19d5c9 Mon Sep 17 00:00:00 2001 +From b9b94a3254905518f00c4746c0bd712921af31cb Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 27 Feb 2017 17:12:39 +0100 Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and @@ -12,7 +12,7 @@ Content-type: text/plain 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 3ae2f42b2fdf..5a434bd360ae 100755 +index 11809dcede43..543fef6c8d13 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -127,8 +127,24 @@ def gen_domains(): @@ -41,7 +41,7 @@ index 3ae2f42b2fdf..5a434bd360ae 100755 def _gen_types(): global types -@@ -374,6 +390,8 @@ class ManPage: +@@ -368,6 +384,8 @@ class ManPage: self.all_file_types = sepolicy.get_all_file_types() self.role_allows = sepolicy.get_all_role_allows() self.types = _gen_types() @@ -50,7 +50,7 @@ index 3ae2f42b2fdf..5a434bd360ae 100755 if self.source_files: self.fcpath = self.root + "file_contexts" -@@ -691,7 +709,7 @@ Default Defined Ports:""") +@@ -684,7 +702,7 @@ Default Defined Ports:""") for f in self.all_file_types: if f.startswith(self.domainname): flist.append(f) @@ -60,5 +60,5 @@ index 3ae2f42b2fdf..5a434bd360ae 100755 if f in self.fcdict: mpaths = mpaths + self.fcdict[f]["regex"] -- -2.35.1 +2.39.1 diff --git a/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch b/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch deleted file mode 100644 index 9f194b8..0000000 --- a/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch +++ /dev/null @@ -1,349 +0,0 @@ -From f62227788b28e3afd2016b47af248f8ecefa8155 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 24 Jun 2022 16:24:25 +0200 -Subject: [PATCH] gettext: handle unsupported languages properly -Content-type: text/plain - -With "fallback=True" gettext.translation behaves the same as -gettext.install and uses NullTranslations in case the -translation file for given language was not found (as opposed to -throwing an exception). - -Fixes: - # LANG is set to any "unsupported" language, e.g. en_US.UTF-8 - $ chcat --help - Traceback (most recent call last): - File "/usr/bin/chcat", line 39, in - t = gettext.translation(PROGNAME, - File "/usr/lib64/python3.9/gettext.py", line 592, in translation - raise FileNotFoundError(ENOENT, - FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python' - -Signed-off-by: Vit Mojzis -Reviewed-by: Daniel Burgener -Acked-by: Petr Lautrbach ---- - gui/booleansPage.py | 3 ++- - gui/domainsPage.py | 3 ++- - gui/fcontextPage.py | 3 ++- - gui/loginsPage.py | 3 ++- - gui/modulesPage.py | 3 ++- - gui/polgengui.py | 3 ++- - gui/portsPage.py | 3 ++- - gui/semanagePage.py | 3 ++- - gui/statusPage.py | 3 ++- - gui/system-config-selinux.py | 3 ++- - gui/usersPage.py | 3 ++- - python/chcat/chcat | 5 +++-- - python/semanage/semanage | 3 ++- - python/semanage/seobject.py | 3 ++- - python/sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++- - python/sepolicy/sepolicy.py | 3 ++- - python/sepolicy/sepolicy/__init__.py | 3 ++- - python/sepolicy/sepolicy/generate.py | 3 ++- - python/sepolicy/sepolicy/gui.py | 3 ++- - python/sepolicy/sepolicy/interface.py | 3 ++- - sandbox/sandbox | 3 ++- - 21 files changed, 44 insertions(+), 22 deletions(-) - -diff --git a/gui/booleansPage.py b/gui/booleansPage.py -index 5beec58bc360..ad11a9b24c79 100644 ---- a/gui/booleansPage.py -+++ b/gui/booleansPage.py -@@ -46,7 +46,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/domainsPage.py b/gui/domainsPage.py -index e08f34b4d3a9..e6eadd61c1bc 100644 ---- a/gui/domainsPage.py -+++ b/gui/domainsPage.py -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py -index bac2bec3ebbd..767664f26ec8 100644 ---- a/gui/fcontextPage.py -+++ b/gui/fcontextPage.py -@@ -55,7 +55,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/loginsPage.py b/gui/loginsPage.py -index 18b93d8c9756..7e08232a90b5 100644 ---- a/gui/loginsPage.py -+++ b/gui/loginsPage.py -@@ -37,7 +37,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/modulesPage.py b/gui/modulesPage.py -index c546d455d4cd..02b79f150a13 100644 ---- a/gui/modulesPage.py -+++ b/gui/modulesPage.py -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/polgengui.py b/gui/polgengui.py -index a18f1cba17b9..7a3ecd50c91c 100644 ---- a/gui/polgengui.py -+++ b/gui/polgengui.py -@@ -71,7 +71,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/portsPage.py b/gui/portsPage.py -index 54aa80ded327..bee2bdf17b99 100644 ---- a/gui/portsPage.py -+++ b/gui/portsPage.py -@@ -43,7 +43,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/semanagePage.py b/gui/semanagePage.py -index 1371d4e7dabe..efad14d9b375 100644 ---- a/gui/semanagePage.py -+++ b/gui/semanagePage.py -@@ -30,7 +30,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/statusPage.py b/gui/statusPage.py -index c241ef83dfa0..832849e60d60 100644 ---- a/gui/statusPage.py -+++ b/gui/statusPage.py -@@ -43,7 +43,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py -index 1b460c99363b..9f53b7fe9020 100644 ---- a/gui/system-config-selinux.py -+++ b/gui/system-config-selinux.py -@@ -53,7 +53,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/gui/usersPage.py b/gui/usersPage.py -index d51bd968b77e..9acd3b844056 100644 ---- a/gui/usersPage.py -+++ b/gui/usersPage.py -@@ -37,7 +37,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/chcat/chcat b/python/chcat/chcat -index e779fcc6ebd7..952cb8187599 100755 ---- a/python/chcat/chcat -+++ b/python/chcat/chcat -@@ -38,9 +38,10 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext --except ImportError: -+except: - try: - import builtins - builtins.__dict__['_'] = str -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 8f4e44a7a9cd..f45061a601f9 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index ff8f4e9c3008..0782c082dc0c 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -42,7 +42,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py -index 56ebd807c69c..1ff307d9b27d 100644 ---- a/python/sepolgen/src/sepolgen/sepolgeni18n.py -+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py -@@ -19,7 +19,9 @@ - - try: - import gettext -- t = gettext.translation( 'selinux-python' ) -+ t = gettext.translation("selinux-python", -+ localedir="/usr/share/locale", -+ fallback=True) - _ = t.gettext - except: - def _(str): -diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py -index 7ebe0efa88a1..c7a70e094b0c 100755 ---- a/python/sepolicy/sepolicy.py -+++ b/python/sepolicy/sepolicy.py -@@ -36,7 +36,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 95520f9bc35d..6bde1971fd7c 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -31,7 +31,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 3e8b9f9c291d..eff3a8973917 100644 ---- a/python/sepolicy/sepolicy/generate.py -+++ b/python/sepolicy/sepolicy/generate.py -@@ -56,7 +56,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py -index b0263740a79f..5bdbfebade1d 100644 ---- a/python/sepolicy/sepolicy/gui.py -+++ b/python/sepolicy/sepolicy/gui.py -@@ -49,7 +49,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py -index 599f97fdc6e7..43f86443f2c8 100644 ---- a/python/sepolicy/sepolicy/interface.py -+++ b/python/sepolicy/sepolicy/interface.py -@@ -38,7 +38,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: -diff --git a/sandbox/sandbox b/sandbox/sandbox -index 3ef444a12561..53cc504149c9 100644 ---- a/sandbox/sandbox -+++ b/sandbox/sandbox -@@ -45,7 +45,8 @@ try: - kwargs['unicode'] = True - t = gettext.translation(PROGNAME, - localedir="/usr/share/locale", -- **kwargs) -+ **kwargs, -+ fallback=True) - _ = t.gettext - except: - try: --- -2.36.1 - diff --git a/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch b/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch deleted file mode 100644 index 0db14f7..0000000 --- a/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch +++ /dev/null @@ -1,82 +0,0 @@ -From dc99f08e121ee21650a4179e3deaea8c04ae40c9 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 8 Jun 2022 19:09:54 +0200 -Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh -Content-type: text/plain - -After the last commit this option's name and description no longer -matches the semantic, so give it a new one and update the descriptions. -The old name is still recognized and aliased to the new one for -backwards compatibility. - -Signed-off-by: Ondrej Mosnacek -Acked-by: Nicolas Iooss ---- - policycoreutils/semodule/semodule.8 | 12 ++++++------ - policycoreutils/semodule/semodule.c | 13 ++++++++++--- - 2 files changed, 16 insertions(+), 9 deletions(-) - -diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 -index d1735d216276..c56e580f27b8 100644 ---- a/policycoreutils/semodule/semodule.8 -+++ b/policycoreutils/semodule/semodule.8 -@@ -23,12 +23,12 @@ force a reload of policy - .B \-B, \-\-build - force a rebuild of policy (also reloads unless \-n is used) - .TP --.B \-\-rebuild-if-modules-changed --Force a rebuild of the policy if any changes to module content are detected --(by comparing with checksum from the last transaction). One can use this --instead of \-B to ensure that any changes to the module store done by an --external tool (e.g. a package manager) are applied, while automatically --skipping the rebuild if there are no new changes. -+.B \-\-refresh -+Like \-\-build, but reuses existing linked policy if no changes to module -+files are detected (by comparing with checksum from the last transaction). -+One can use this instead of \-B to ensure that any changes to the module -+store done by an external tool (e.g. a package manager) are applied, while -+automatically skipping the module re-linking if there are no module changes. - .TP - .B \-D, \-\-disable_dontaudit - Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index 1ed8e69054e0..ec0794866daa 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -150,9 +150,12 @@ static void usage(char *progname) - printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); - printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); - printf(" -m, --checksum print module checksum (SHA256).\n"); -- printf(" --rebuild-if-modules-changed\n" -- " force policy rebuild if module content changed since\n" -- " last rebuild (based on checksum)\n"); -+ printf(" --refresh like --build, but reuses existing linked policy if no\n" -+ " changes to module files are detected (via checksum)\n"); -+ printf("Deprecated options:\n"); -+ printf(" -b,--base same as --install\n"); -+ printf(" --rebuild-if-modules-changed\n" -+ " same as --refresh\n"); - } - - /* Sets the global mode variable to new_mode, but only if no other -@@ -185,6 +188,7 @@ static void parse_command_line(int argc, char **argv) - { - static struct option opts[] = { - {"rebuild-if-modules-changed", 0, NULL, '\0'}, -+ {"refresh", 0, NULL, '\0'}, - {"store", required_argument, NULL, 's'}, - {"base", required_argument, NULL, 'b'}, - {"help", 0, NULL, 'h'}, -@@ -225,6 +229,9 @@ static void parse_command_line(int argc, char **argv) - case '\0': - switch(longind) { - case 0: /* --rebuild-if-modules-changed */ -+ fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n"); -+ /* fallthrough */ -+ case 1: /* --refresh */ - check_ext_changes = 1; - break; - default: --- -2.36.1 - diff --git a/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch b/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch deleted file mode 100644 index 6ef58aa..0000000 --- a/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 8abaf61849ce9688dddc3b27ef4df3cc23af0109 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 30 May 2022 14:20:21 +0200 -Subject: [PATCH] python: Split "semanage import" into two transactions -Content-type: text/plain - -First transaction applies all deletion operations, so that there are no -collisions when applying the rest of the changes. - -Fixes: - # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024 - # semanage export | semanage import - ValueError: Port tcp/3024 already defined - -Signed-off-by: Vit Mojzis ---- - python/semanage/semanage | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index f45061a601f9..4e8d64d6863a 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -853,10 +853,29 @@ def handleImport(args): - trans = seobject.semanageRecords(args) - trans.start() - -+ deleteCommands = [] -+ commands = [] -+ # separate commands for deletion from the rest so they can be -+ # applied in a separate transaction - for l in sys.stdin.readlines(): - if len(l.strip()) == 0: - continue -+ if "-d" in l or "-D" in l: -+ deleteCommands.append(l) -+ else: -+ commands.append(l) -+ -+ if deleteCommands: -+ importHelper(deleteCommands) -+ trans.finish() -+ trans.start() -+ -+ importHelper(commands) -+ trans.finish() - -+ -+def importHelper(commands): -+ for l in commands: - try: - commandParser = createCommandParser() - args = commandParser.parse_args(mkargv(l)) -@@ -870,8 +889,6 @@ def handleImport(args): - except KeyboardInterrupt: - sys.exit(0) - -- trans.finish() -- - - def setupImportParser(subparsers): - importParser = subparsers.add_parser('import', help=_('Import local customizations')) --- -2.36.1 - diff --git a/SOURCES/selinux-autorelabel-generator.sh b/SOURCES/selinux-autorelabel-generator.sh index be60487..d9380b8 100644 --- a/SOURCES/selinux-autorelabel-generator.sh +++ b/SOURCES/selinux-autorelabel-generator.sh @@ -18,6 +18,15 @@ fi set_target () { ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target" + AUTORELABEL="1" + source /etc/selinux/config + if [ "$AUTORELABEL" = "0" ]; then + mkdir -p "$earlydir/selinux-autorelabel.service.d" + cat > "$earlydir/selinux-autorelabel.service.d/tty.conf" <= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel -BuildRequires: python3-devel +BuildRequires: python3-devel python3-pip BuildRequires: systemd BuildRequires: git-core Requires: util-linux grep gawk diffutils rpm sed @@ -79,7 +73,7 @@ load_policy to load policies, setfiles to label filesystems, newrole to switch roles. %prep -p /usr/bin/bash -%autosetup -n selinux-%{version} -p 1 +%autosetup -p 1 -n selinux-%{version} cp %{SOURCE13} gui/ tar -xvf %{SOURCE14} -C python/sepolicy/ @@ -150,27 +144,6 @@ install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/ install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/ install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/ -# change /usr/bin/python to %%{__python3} in policycoreutils-python3 -pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib} - -# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils -pathfix.py -i "%{__python3} -Es" -p \ - %{buildroot}%{_sbindir}/semanage \ - %{buildroot}%{_bindir}/chcat \ - %{buildroot}%{_bindir}/sandbox \ - %{buildroot}%{_datadir}/sandbox/start \ - %{buildroot}%{_bindir}/audit2allow \ - %{buildroot}%{_bindir}/sepolicy \ - %{buildroot}%{_bindir}/sepolgen-ifgen \ - %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \ - %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \ - %nil - -# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990 -find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \ - %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \ - -type f -name '*~' | xargs rm -f - # Manually invoke the python byte compile macro for each path that needs byte # compilation. %py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux @@ -239,6 +212,7 @@ Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux Requires:audit-libs-python3 >= %{libauditver} Requires: checkpolicy Requires: python3-setools >= 4.4.0 +Requires: python3-distro BuildArch: noarch %description -n python3-policycoreutils @@ -430,7 +404,7 @@ system-config-selinux is a utility for managing the SELinux environment %dir %{_datadir}/bash-completion %{_datadir}/bash-completion/completions/setsebool %{!?_licensedir:%global license %%doc} -%license policycoreutils/COPYING +%license policycoreutils/LICENSE %doc %{_usr}/share/doc/%{name} %package restorecond @@ -452,7 +426,7 @@ The policycoreutils-restorecond package contains the restorecond service. %{_mandir}/ru/man8/restorecond.8* %{!?_licensedir:%global license %%doc} -%license policycoreutils/COPYING +%license policycoreutils/LICENSE %post %systemd_post selinux-autorelabel-mark.service @@ -470,6 +444,24 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Thu Feb 23 2023 Petr Lautrbach - 3.5-1 +- SELinux userspace 3.5 release + +* Tue Feb 14 2023 Petr Lautrbach - 3.5-0.rc3.1.1 +- SELinux userspace 3.5-rc3 release + +* Wed Feb 8 2023 Petr Lautrbach - 3.5-0.rc2.3 +- Attach tty to selinux-autorelabel.service when AUTORELABEL=0 + +* Thu Jan 26 2023 Vit Mojzis - 3.5-0.rc2.2 +- python/sepolicy: Cache conditional rule queries + +* Tue Jan 17 2023 Petr Lautrbach - 3.5-0.rc2.1 +- SELinux userspace 3.5-rc2 release + +* Mon Jan 2 2023 Petr Lautrbach - 3.5-0.rc1.2 +- SELinux userspace 3.5-rc1 release + * Tue Sep 06 2022 Vit Mojzis - 3.4-4 - Update translations (#2062630) @@ -489,7 +481,7 @@ The policycoreutils-restorecond package contains the restorecond service. * Tue Feb 15 2022 Petr Lautrbach - 3.3-4.2 - semodule: add command-line option to detect module changes -* Tue Feb 22 2022 Petr Lautrbach - 3.3-5 +* Tue Feb 15 2022 Petr Lautrbach - 3.3-5 - Improve error message when selabel_open fails * Mon Feb 14 2022 Petr Lautrbach - 3.3-3