import policycoreutils-2.8-16.1.el8

.gitignore

@@ -0,0 +1,14 @@
+SOURCES/gui-po.tgz
+SOURCES/policycoreutils-2.8.tar.gz
+SOURCES/policycoreutils-po.tgz
+SOURCES/policycoreutils_man_ru2.tar.bz2
+SOURCES/python-po.tgz
+SOURCES/restorecond-2.8.tar.gz
+SOURCES/sandbox-po.tgz
+SOURCES/selinux-dbus-2.8.tar.gz
+SOURCES/selinux-gui-2.8.tar.gz
+SOURCES/selinux-python-2.8.tar.gz
+SOURCES/selinux-sandbox-2.8.tar.gz
+SOURCES/semodule-utils-2.8.tar.gz
+SOURCES/sepolicy-icons.tgz
+SOURCES/system-config-selinux.png

.policycoreutils.metadata

@@ -0,0 +1,14 @@
+b65686d84acd60d522c8721d38f938a75e25a4cc SOURCES/gui-po.tgz
+fed6a10a3205f8dbc12fd1ae40821e7f7b1d92b0 SOURCES/policycoreutils-2.8.tar.gz
+7288a10d135a7b1d72e4fdb1a7d757b56ec33975 SOURCES/policycoreutils-po.tgz
+be6e4cb77bb89b98ecb246f03780389b30646198 SOURCES/policycoreutils_man_ru2.tar.bz2
+ea880063f39c78e6d1c8262392a16493b3f20a04 SOURCES/python-po.tgz
+3b73350c485a5a9d2a1a133c8b6b180f6a792b37 SOURCES/restorecond-2.8.tar.gz
+14c9fff2633cf4a73e37909a8c3be08e323b61a8 SOURCES/sandbox-po.tgz
+20b0df570e1a83946068652eb6ebda07e9d58795 SOURCES/selinux-dbus-2.8.tar.gz
+4ea6ec0827feafe752d8af30db256fe25eff757e SOURCES/selinux-gui-2.8.tar.gz
+977e0f569970cb243851381b6fbe9efad60eeee4 SOURCES/selinux-python-2.8.tar.gz
+f782ccff747552ea0baec1cd4e8f4a2ae12a7488 SOURCES/selinux-sandbox-2.8.tar.gz
+62cc0f1d4a6f61260d5ec5015d31d12b44aa522b SOURCES/semodule-utils-2.8.tar.gz
+d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz
+611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png

SOURCES/policycoreutils-fedora.patch

@@ -0,0 +1,152 @@
+diff --git policycoreutils-2.8/newrole/newrole.1 policycoreutils-2.8/newrole/newrole.1
+index 0d9738a..893c42f 100644
+--- policycoreutils-2.8/newrole/newrole.1
++++ policycoreutils-2.8/newrole/newrole.1
+@@ -44,7 +44,7 @@ specified by that range.  If the
+ or
+ .B --preserve-environment
+ option is specified, the shell with the new SELinux context will preserve environment variables,
+-otherwise a new minimal enviroment is created.
++otherwise a new minimal environment is created.
+ .PP
+ Additional arguments
+ .I ARGS
+diff --git policycoreutils-2.8/po/Makefile policycoreutils-2.8/po/Makefile
+index 575e143..18bc1df 100644
+--- policycoreutils-2.8/po/Makefile
++++ policycoreutils-2.8/po/Makefile
+@@ -3,7 +3,6 @@
+ #
+ 
+ PREFIX ?= /usr
+-TOP	 = ../..
+ 
+ # What is this package?
+ NLSPACKAGE	= policycoreutils
+@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+ 
+ POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
+ MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
+-POTFILES = \
+-	../run_init/open_init_pty.c \
+-	../run_init/run_init.c \
+-	../semodule_link/semodule_link.c \
+-	../audit2allow/audit2allow \
+-	../semanage/seobject.py \
+-	../setsebool/setsebool.c \
+-	../newrole/newrole.c \
+-	../load_policy/load_policy.c \
+-	../sestatus/sestatus.c \
+-	../semodule/semodule.c \
+-	../setfiles/setfiles.c \
+-	../semodule_package/semodule_package.c \
+-	../semodule_deps/semodule_deps.c \
+-	../semodule_expand/semodule_expand.c \
+-	../scripts/chcat \
+-	../scripts/fixfiles \
+-	../restorecond/stringslist.c \
+-	../restorecond/restorecond.h \
+-	../restorecond/utmpwatcher.h \
+-	../restorecond/stringslist.h \
+-	../restorecond/restorecond.c \
+-	../restorecond/utmpwatcher.c \
+-	../gui/booleansPage.py \
+-	../gui/fcontextPage.py \
+-	../gui/loginsPage.py \
+-	../gui/mappingsPage.py \
+-	../gui/modulesPage.py \
+-	../gui/polgen.glade \
+-	../gui/polgengui.py \
+-	../gui/portsPage.py \
+-	../gui/semanagePage.py \
+-	../gui/statusPage.py \
+-	../gui/system-config-selinux.glade \
+-	../gui/system-config-selinux.py \
+-	../gui/usersPage.py \
+-	../secon/secon.c \
+-	booleans.py \
+-	../sepolicy/sepolicy.py \
+-	../sepolicy/sepolicy/communicate.py \
+-	../sepolicy/sepolicy/__init__.py \
+-	../sepolicy/sepolicy/network.py \
+-	../sepolicy/sepolicy/generate.py \
+-	../sepolicy/sepolicy/sepolicy.glade \
+-	../sepolicy/sepolicy/gui.py \
+-	../sepolicy/sepolicy/manpage.py \
+-	../sepolicy/sepolicy/transition.py \
+-	../sepolicy/sepolicy/templates/executable.py \
+-	../sepolicy/sepolicy/templates/__init__.py \
+-	../sepolicy/sepolicy/templates/network.py \
+-	../sepolicy/sepolicy/templates/rw.py \
+-	../sepolicy/sepolicy/templates/script.py \
+-	../sepolicy/sepolicy/templates/semodule.py \
+-	../sepolicy/sepolicy/templates/tmp.py \
+-	../sepolicy/sepolicy/templates/user.py \
+-	../sepolicy/sepolicy/templates/var_lib.py \
+-	../sepolicy/sepolicy/templates/var_log.py \
+-	../sepolicy/sepolicy/templates/var_run.py \
+-	../sepolicy/sepolicy/templates/var_spool.py
++POTFILES  = $(shell cat POTFILES)
+ 
+ #default:: clean
+ 
+-all::  $(MOFILES)
++all:: $(POTFILE) $(MOFILES)
+ 
+-booleans.py:
+-	sepolicy booleans -a > booleans.py
+-
+-$(POTFILE): $(POTFILES) booleans.py
++$(POTFILE): $(POTFILES)
+ 	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ 	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ 	    rm -f $(NLSPACKAGE).po; \
+@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
+ 	    mv -f $(NLSPACKAGE).po $(POTFILE); \
+ 	fi; \
+ 
+-update-po: Makefile $(POTFILE) refresh-po
+-	@rm -f booleans.py
+ 
+ refresh-po: Makefile
+ 	for cat in $(POFILES); do \
+diff --git policycoreutils-2.8/po/POTFILES policycoreutils-2.8/po/POTFILES
+new file mode 100644
+index 0000000..12237dc
+--- /dev/null
++++ policycoreutils-2.8/po/POTFILES
+@@ -0,0 +1,9 @@
++../run_init/open_init_pty.c
++../run_init/run_init.c
++../setsebool/setsebool.c
++../newrole/newrole.c
++../load_policy/load_policy.c
++../sestatus/sestatus.c
++../semodule/semodule.c
++../setfiles/setfiles.c
++../secon/secon.c
+diff --git policycoreutils-2.8/scripts/fixfiles policycoreutils-2.8/scripts/fixfiles
+index b277958..53d28c7 100755
+--- policycoreutils-2.8/scripts/fixfiles
++++ policycoreutils-2.8/scripts/fixfiles
+@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
+ fullFlag=0
+ BOOTTIME=""
+ VERBOSE="-p"
++[ -t 1 ] || VERBOSE=""
+ FORCEFLAG=""
+ RPMFILES=""
+ PREFC=""
+diff --git policycoreutils-2.8/setfiles/setfiles.8 policycoreutils-2.8/setfiles/setfiles.8
+index ccaaf4d..a8a76c8 100644
+--- policycoreutils-2.8/setfiles/setfiles.8
++++ policycoreutils-2.8/setfiles/setfiles.8
+@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
+ .TP
+ .B \-d
+ show what specification matched each file (do not abort validation
+-after ABORT_ON_ERRORS errors).
++after ABORT_ON_ERRORS errors). Not affected by "\-q"
+ .TP
+ .BI \-e \ directory
+ directory to exclude (repeat option for more than one directory).

SOURCES/restorecond-fedora.patch

@@ -0,0 +1,12 @@
+diff --git restorecond-2.8/restorecond.c restorecond-2.8/restorecond.c
+index 6fbbd35..e1d26cb 100644
+--- restorecond-2.8/restorecond.c
++++ restorecond-2.8/restorecond.c
+@@ -105,6 +105,7 @@ static int write_pid_file(void)
+ 	}
+ 	if (write(pidfd, val, (unsigned int)len) != len) {
+ 		syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
++		close(pidfd);
+ 		return 1;
+ 	}
+ 	close(pidfd);

SOURCES/selinux-autorelabel

@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# Do automatic relabelling
+#
+
+# . /etc/init.d/functions
+
+# If the user has this (or similar) UEFI boot order:
+#
+#             Windows | grub | Linux
+#
+# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
+# would cause the system to boot into Windows again, if the autorelabel was run.
+#
+# This function restores the UEFI boot order, so the user will boot into the
+# previously set (and expected) partition.
+efi_set_boot_next() {
+    # NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
+    #       succeed even on system which is not EFI-enabled...
+    if ! efibootmgr > /dev/null 2>&1; then
+        return
+    fi
+
+    # NOTE: It it possible that some other services might be setting the
+    #       'BootNext' item for any reasons, and we shouldn't override it if so.
+    if ! efibootmgr | grep --quiet -e 'BootNext'; then
+        CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
+        efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
+    fi
+}
+
+relabel_selinux() {
+    # if /sbin/init is not labeled correctly this process is running in the
+    # wrong context, so a reboot will be required after relabel
+    AUTORELABEL=
+    . /etc/selinux/config
+    echo "0" > /sys/fs/selinux/enforce
+    [ -x /bin/plymouth ] && plymouth --quit
+
+    if [ "$AUTORELABEL" = "0" ]; then
+	echo
+	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
+	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
+	echo $"*** problems. Dropping you to a shell; the system will reboot"
+	echo $"*** when you leave the shell."
+	sulogin
+
+    else
+	echo
+	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
+	echo $"*** Relabeling could take a very long time, depending on file"
+	echo $"*** system size and speed of hard drives."
+
+	FORCE=`cat /.autorelabel`
+        [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
+	/sbin/fixfiles $FORCE restore
+    fi
+
+    rm -f  /.autorelabel
+    /usr/lib/dracut/dracut-initramfs-restore
+    efi_set_boot_next
+    if [ -x /usr/bin/grub2-editenv ]; then
+        grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
+    fi
+    sync
+    systemctl --force reboot
+}
+
+# Check to see if a full relabel is needed
+if [ "$READONLY" != "yes" ]; then
+    restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
+    relabel_selinux
+fi

SOURCES/selinux-autorelabel-generator.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# This systemd.generator(7) detects if SELinux is running and if the
+# user requested an autorelabel, and if so sets the default target to
+# selinux-autorelabel.target, which will cause the filesystem to be
+# relabelled and then the system will reboot again and boot into the
+# real default target.
+
+PATH=/usr/sbin:$PATH
+unitdir=/usr/lib/systemd/system
+
+# If invoked with no arguments (for testing) write to /tmp.
+earlydir="/tmp"
+if [ -n "$2" ]; then
+    earlydir="$2"
+fi
+
+set_target ()
+{
+    ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
+}
+
+if selinuxenabled; then
+    if test -f /.autorelabel; then
+        set_target
+    elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
+        set_target
+    fi
+fi

SOURCES/selinux-autorelabel-mark.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Mark the need to relabel after reboot
+DefaultDependencies=no
+Requires=local-fs.target
+Conflicts=shutdown.target
+After=local-fs.target
+Before=sysinit.target shutdown.target
+ConditionSecurity=!selinux
+ConditionPathIsDirectory=/etc/selinux
+ConditionPathExists=!/.autorelabel
+
+[Service]
+ExecStart=-/bin/touch /.autorelabel
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=sysinit.target

SOURCES/selinux-autorelabel.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Relabel all filesystems
+DefaultDependencies=no
+Conflicts=shutdown.target
+After=sysinit.target
+Before=shutdown.target
+ConditionSecurity=selinux
+
+[Service]
+ExecStart=/usr/libexec/selinux/selinux-autorelabel
+Type=oneshot
+TimeoutSec=0
+RemainAfterExit=yes
+StandardInput=tty

SOURCES/selinux-autorelabel.target

@@ -0,0 +1,7 @@
+[Unit]
+Description=Relabel all filesystems and reboot
+DefaultDependencies=no
+Requires=sysinit.target selinux-autorelabel.service
+Conflicts=shutdown.target
+After=sysinit.target selinux-autorelabel.service
+ConditionSecurity=selinux

SOURCES/selinux-dbus-fedora.patch

@@ -0,0 +1,35 @@
+diff --git selinux-dbus-2.8/org.selinux.conf selinux-dbus-2.8/org.selinux.conf
+index a350978..1ae079d 100644
+--- selinux-dbus-2.8/org.selinux.conf
++++ selinux-dbus-2.8/org.selinux.conf
+@@ -12,12 +12,8 @@
+ 
+   <!-- Allow anyone to invoke methods on the interfaces,
+        authorization is performed by PolicyKit -->
+-  <policy at_console="true">
+-    <allow send_destination="org.selinux"/>
+-  </policy>
+   <policy context="default">
+-    <allow send_destination="org.selinux"
+-	   send_interface="org.freedesktop.DBus.Introspectable"/>
++    <allow send_destination="org.selinux"/>
+   </policy>
+ 
+ </busconfig>
+diff --git selinux-dbus-2.8/org.selinux.policy selinux-dbus-2.8/org.selinux.policy
+index 0126610..9772127 100644
+--- selinux-dbus-2.8/org.selinux.policy
++++ selinux-dbus-2.8/org.selinux.policy
+@@ -70,9 +70,9 @@
+ 	  <allow_active>auth_admin_keep</allow_active>
+         </defaults>
+     </action>
+-    <action id="org.selinux.change_policy_type">
+-        <description>SELinux write access</description>
+-        <message>System policy prevents change_policy_type access to SELinux</message>
++    <action id="org.selinux.change_default_mode">
++        <description>Change SELinux default enforcing mode</description>
++        <message>System policy prevents change_default_policy access to SELinux</message>
+         <defaults>
+           <allow_any>no</allow_any>
+           <allow_inactive>no</allow_inactive>

SOURCES/selinux-gui-fedora.patch

@@ -0,0 +1,306 @@
+diff --git selinux-gui-2.8/Makefile selinux-gui-2.8/Makefile
+index a72e58c..ffe8b97 100644
+--- selinux-gui-2.8/Makefile
++++ selinux-gui-2.8/Makefile
+@@ -21,6 +21,7 @@ system-config-selinux.ui \
+ usersPage.py
+ 
+ all: $(TARGETS) system-config-selinux.py polgengui.py
++	(cd po && $(MAKE) $@)
+ 
+ install: all
+ 	-mkdir -p $(DESTDIR)$(MANDIR)/man8
+@@ -46,6 +47,8 @@ install: all
+ 		install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ 	done
+ 	install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
++	(cd po && $(MAKE) $@)
++
+ clean:
+ 
+ indent:
+diff --git selinux-gui-2.8/booleansPage.py selinux-gui-2.8/booleansPage.py
+index 7849bea..dd12b6d 100644
+--- selinux-gui-2.8/booleansPage.py
++++ selinux-gui-2.8/booleansPage.py
+@@ -38,7 +38,7 @@ DISABLED = 2
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/domainsPage.py selinux-gui-2.8/domainsPage.py
+index bad5140..6bbe4de 100644
+--- selinux-gui-2.8/domainsPage.py
++++ selinux-gui-2.8/domainsPage.py
+@@ -30,7 +30,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/fcontextPage.py selinux-gui-2.8/fcontextPage.py
+index 370bbee..e424366 100644
+--- selinux-gui-2.8/fcontextPage.py
++++ selinux-gui-2.8/fcontextPage.py
+@@ -47,7 +47,7 @@ class context:
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/loginsPage.py selinux-gui-2.8/loginsPage.py
+index b67eb8b..cbfb0cc 100644
+--- selinux-gui-2.8/loginsPage.py
++++ selinux-gui-2.8/loginsPage.py
+@@ -29,7 +29,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/modulesPage.py selinux-gui-2.8/modulesPage.py
+index 34c5d9e..627ad95 100644
+--- selinux-gui-2.8/modulesPage.py
++++ selinux-gui-2.8/modulesPage.py
+@@ -30,7 +30,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/po/Makefile selinux-gui-2.8/po/Makefile
+new file mode 100644
+index 0000000..a0f5439
+--- /dev/null
++++ selinux-gui-2.8/po/Makefile
+@@ -0,0 +1,82 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE	= gui
++POTFILE		= $(NLSPACKAGE).pot
++INSTALL		= /usr/bin/install -c -p
++INSTALL_DATA	= $(INSTALL) -m 644
++INSTALL_DIR	= /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE	= msgmerge
++MSGMERGE_FLAGS	= -q
++XGETTEXT	= xgettext --default-domain=$(NLSPACKAGE)
++MSGFMT		= msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
++POTFILES  = $(shell cat POTFILES)
++
++#default:: clean
++
++all::  $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
++	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++	    rm -f $(NLSPACKAGE).po; \
++	else \
++	    mv -f $(NLSPACKAGE).po $(POTFILE); \
++	fi; \
++
++
++refresh-po: Makefile
++	for cat in $(POFILES); do \
++		lang=`basename $$cat .po`; \
++		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++			mv -f $$lang.pot $$lang.po ; \
++			echo "$(MSGMERGE) of $$lang succeeded" ; \
++		else \
++			echo "$(MSGMERGE) of $$lang failed" ; \
++			rm -f $$lang.pot ; \
++		fi \
++	done
++
++clean:
++	@rm -fv *mo *~ .depend
++	@rm -rf tmp
++
++install: $(MOFILES)
++	@for n in $(MOFILES); do \
++	    l=`basename $$n .mo`; \
++	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++	done
++
++%.mo: %.po
++	$(MSGFMT) -o $@ $<
++report:
++	@for cat in $(wildcard *.po); do \
++                echo -n "$$cat: "; \
++                msgfmt -v --statistics -o /dev/null $$cat; \
++        done
++
++.PHONY: missing depend
++
++relabel:
+diff --git selinux-gui-2.8/po/POTFILES selinux-gui-2.8/po/POTFILES
+new file mode 100644
+index 0000000..1795c5c
+--- /dev/null
++++ selinux-gui-2.8/po/POTFILES
+@@ -0,0 +1,17 @@
++../booleansPage.py
++../domainsPage.py
++../fcontextPage.py
++../loginsPage.py
++../modulesPage.py
++../org.selinux.config.policy
++../polgengui.py
++../polgen.ui
++../portsPage.py
++../selinux-polgengui.desktop
++../semanagePage.py
++../sepolicy.desktop
++../statusPage.py
++../system-config-selinux.desktop
++../system-config-selinux.py
++../system-config-selinux.ui
++../usersPage.py
+diff --git selinux-gui-2.8/polgen.ui selinux-gui-2.8/polgen.ui
+index aa4c70a..6a8c067 100644
+--- selinux-gui-2.8/polgen.ui
++++ selinux-gui-2.8/polgen.ui
+@@ -1975,7 +1975,7 @@ Tab</property>
+                                       <object class="GtkLabel" id="label17">
+                                         <property name="visible">True</property>
+                                         <property name="can_focus">False</property>
+-                                        <property name="label">Add File</property>
++                                        <property name="label" translatable="yes">Add File</property>
+                                         <property name="use_underline">True</property>
+                                       </object>
+                                       <packing>
+@@ -2028,7 +2028,7 @@ Tab</property>
+                                       <object class="GtkLabel" id="label16">
+                                         <property name="visible">True</property>
+                                         <property name="can_focus">False</property>
+-                                        <property name="label">Add Directory</property>
++                                        <property name="label" translatable="yes">Add Directory</property>
+                                         <property name="use_underline">True</property>
+                                       </object>
+                                       <packing>
+@@ -2176,7 +2176,7 @@ Tab</property>
+                                       <object class="GtkLabel" id="label3">
+                                         <property name="visible">True</property>
+                                         <property name="can_focus">False</property>
+-                                        <property name="label">Add Boolean</property>
++                                        <property name="label" translatable="yes">Add Boolean</property>
+                                         <property name="use_underline">True</property>
+                                       </object>
+                                       <packing>
+diff --git selinux-gui-2.8/polgengui.py selinux-gui-2.8/polgengui.py
+index 1601dbe..7e0d9d0 100644
+--- selinux-gui-2.8/polgengui.py
++++ selinux-gui-2.8/polgengui.py
+@@ -63,7 +63,7 @@ def get_all_modules():
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/portsPage.py selinux-gui-2.8/portsPage.py
+index 30f5838..a537ecc 100644
+--- selinux-gui-2.8/portsPage.py
++++ selinux-gui-2.8/portsPage.py
+@@ -35,7 +35,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/semanagePage.py selinux-gui-2.8/semanagePage.py
+index 4127804..5361d69 100644
+--- selinux-gui-2.8/semanagePage.py
++++ selinux-gui-2.8/semanagePage.py
+@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/statusPage.py selinux-gui-2.8/statusPage.py
+index 766854b..a8f079b 100644
+--- selinux-gui-2.8/statusPage.py
++++ selinux-gui-2.8/statusPage.py
+@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/system-config-selinux.py selinux-gui-2.8/system-config-selinux.py
+index ce7c74b..a81e9dd 100644
+--- selinux-gui-2.8/system-config-selinux.py
++++ selinux-gui-2.8/system-config-selinux.py
+@@ -45,7 +45,7 @@ import selinux
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git selinux-gui-2.8/usersPage.py selinux-gui-2.8/usersPage.py
+index 26794ed..d15d4c5 100644
+--- selinux-gui-2.8/usersPage.py
++++ selinux-gui-2.8/usersPage.py
+@@ -29,7 +29,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}

SOURCES/selinux-sandbox-fedora.patch

@@ -0,0 +1,186 @@
+diff --git selinux-sandbox-2.8/Makefile selinux-sandbox-2.8/Makefile
+index 49c1d3f..9e45329 100644
+--- selinux-sandbox-2.8/Makefile
++++ selinux-sandbox-2.8/Makefile
+@@ -12,6 +12,7 @@ override LDLIBS += -lselinux -lcap-ng
+ SEUNSHARE_OBJS = seunshare.o
+ 
+ all: sandbox seunshare sandboxX.sh start
++	(cd po && $(MAKE) $@)
+ 
+ seunshare: $(SEUNSHARE_OBJS)
+ 
+@@ -30,6 +31,7 @@ install: all
+ 	install -m 755 start $(DESTDIR)$(SHAREDIR)
+ 	-mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ 	install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
++	(cd po && $(MAKE) $@)
+ 
+ test:
+ 	@$(PYTHON) test_sandbox.py -v
+diff --git selinux-sandbox-2.8/po/Makefile selinux-sandbox-2.8/po/Makefile
+new file mode 100644
+index 0000000..0556bbe
+--- /dev/null
++++ selinux-sandbox-2.8/po/Makefile
+@@ -0,0 +1,82 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE	= sandbox
++POTFILE		= $(NLSPACKAGE).pot
++INSTALL		= /usr/bin/install -c -p
++INSTALL_DATA	= $(INSTALL) -m 644
++INSTALL_DIR	= /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE	= msgmerge
++MSGMERGE_FLAGS	= -q
++XGETTEXT	= xgettext -L Python --default-domain=$(NLSPACKAGE)
++MSGFMT		= msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
++POTFILES  = $(shell cat POTFILES)
++
++#default:: clean
++
++all:: $(POTFILE) $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
++	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++	    rm -f $(NLSPACKAGE).po; \
++	else \
++	    mv -f $(NLSPACKAGE).po $(POTFILE); \
++	fi; \
++
++
++refresh-po: Makefile
++	for cat in $(POFILES); do \
++		lang=`basename $$cat .po`; \
++		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++			mv -f $$lang.pot $$lang.po ; \
++			echo "$(MSGMERGE) of $$lang succeeded" ; \
++		else \
++			echo "$(MSGMERGE) of $$lang failed" ; \
++			rm -f $$lang.pot ; \
++		fi \
++	done
++
++clean:
++	@rm -fv *mo *~ .depend
++	@rm -rf tmp
++
++install: $(MOFILES)
++	@for n in $(MOFILES); do \
++	    l=`basename $$n .mo`; \
++	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++	done
++
++%.mo: %.po
++	$(MSGFMT) -o $@ $<
++report:
++	@for cat in $(wildcard *.po); do \
++                echo -n "$$cat: "; \
++                msgfmt -v --statistics -o /dev/null $$cat; \
++        done
++
++.PHONY: missing depend
++
++relabel:
+diff --git selinux-sandbox-2.8/po/POTFILES selinux-sandbox-2.8/po/POTFILES
+new file mode 100644
+index 0000000..deff3f2
+--- /dev/null
++++ selinux-sandbox-2.8/po/POTFILES
+@@ -0,0 +1 @@
++../sandbox
+diff --git selinux-sandbox-2.8/sandbox selinux-sandbox-2.8/sandbox
+index c07a1d8..948496d 100644
+--- selinux-sandbox-2.8/sandbox
++++ selinux-sandbox-2.8/sandbox
+@@ -37,7 +37,7 @@ import sepolicy
+ 
+ SEUNSHARE = "/usr/sbin/seunshare"
+ SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-sandbox"
+ try:
+     import gettext
+     kwargs = {}
+@@ -268,7 +268,7 @@ class Sandbox:
+             copyfile(f, "/tmp", self.__tmpdir)
+             copyfile(f, "/var/tmp", self.__tmpdir)
+ 
+-    def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
++    def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
+         execfile = self.__homedir + "/.sandboxrc"
+         fd = open(execfile, "w+")
+         if self.__options.session:
+@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
+ 
+         parser.add_option("-W", "--windowmanager", dest="wm",
+                           type="string",
+-                          default="/usr/bin/openbox",
++                          default="/usr/bin/matchbox-window-manager",
+                           help=_("alternate window manager"))
+ 
+         parser.add_option("-l", "--level", dest="level",
+diff --git selinux-sandbox-2.8/sandbox.8 selinux-sandbox-2.8/sandbox.8
+index d83fee7..90ef495 100644
+--- selinux-sandbox-2.8/sandbox.8
++++ selinux-sandbox-2.8/sandbox.8
+@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
+ \fB\-W\fR \fB\-\-windowmanager\fR
+ Select alternative window manager to run within 
+ .B sandbox \-X.
+-Default to /usr/bin/openbox.
++Default to /usr/bin/matchbox-window-manager.
+ .TP
+ \fB\-X\fR 
+ Create an X based Sandbox for gui apps, temporary files for
+diff --git selinux-sandbox-2.8/sandboxX.sh selinux-sandbox-2.8/sandboxX.sh
+index eaa500d..c211ebc 100644
+--- selinux-sandbox-2.8/sandboxX.sh
++++ selinux-sandbox-2.8/sandboxX.sh
+@@ -6,21 +6,7 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
+ [ -z $2 ] && export DPI="96" || export DPI="$2"
+ trap "exit 0" HUP
+ 
+-mkdir -p ~/.config/openbox
+-cat > ~/.config/openbox/rc.xml << EOF
+-<openbox_config xmlns="http://openbox.org/3.4/rc"
+-		xmlns:xi="http://www.w3.org/2001/XInclude">
+-<applications>
+-  <application class="*">
+-    <decor>no</decor>
+-    <desktop>all</desktop>
+-    <maximized>yes</maximized>
+-  </application>
+-</applications>
+-</openbox_config>
+-EOF
+-
+-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
++(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+     export DISPLAY=:$D
+     cat > ~/seremote << __EOF
+ #!/bin/sh

SOURCES/semodule-utils-fedora.patch

@@ -0,0 +1,12 @@
+diff --git semodule-utils-2.8/semodule_package/semodule_package.c semodule-utils-2.8/semodule_package/semodule_package.c
+index 3515234..7b75b3f 100644
+--- semodule-utils-2.8/semodule_package/semodule_package.c
++++ semodule-utils-2.8/semodule_package/semodule_package.c
+@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
+ 	}
+ 	if (!sb.st_size) {
+ 		*len = 0;
++		close(fd);
+ 		return 0;
+ 	}
+