rpms
/
policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import policycoreutils-3.3-1.el9

This commit is contained in:
CentOS Sources 2021-12-07 14:03:11 -05:00 committed by Stepan Oksanichenko
parent 80450ec647
commit c130880c3a
30 changed files with 69 additions and 658 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -2,6 +2,6 @@ SOURCES/gui-po.tgz
SOURCES/policycoreutils-po.tgz
SOURCES/python-po.tgz
SOURCES/sandbox-po.tgz
SOURCES/selinux-3.2.tar.gz
SOURCES/selinux-3.3.tar.gz
SOURCES/sepolicy-icons.tgz
SOURCES/system-config-selinux.png

2
.policycoreutils.metadata
View File

@ -2,6 +2,6 @@ e0c82a8693936806c4289f865712ba0e8fc94f91 SOURCES/gui-po.tgz
c8279f87160e2ff16eb775287d529e5c49b19ae3 SOURCES/policycoreutils-po.tgz
606f854b945f4deae897770692707013b753b277 SOURCES/python-po.tgz
413495010fcab556e8ea9f226c67557a23cc1498 SOURCES/sandbox-po.tgz
a195626d0cf709f128cf2d1247079e6a075fa399 SOURCES/selinux-3.2.tar.gz
cdde8ef04ac354b2499fd2822acbd11fc27843c8 SOURCES/selinux-3.3.tar.gz
d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz
611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png

67
SOURCES/0001-policycoreutils-setfiles-do-not-create-useless-setfi.patch
View File

@ -1,67 +0,0 @@
From 6cfebe787e258c4c62dbf2018d0a08bc8b70e445 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Fri, 19 Mar 2021 22:30:59 +0100
Subject: [PATCH] policycoreutils/setfiles: do not create useless
setfiles.8.man file
Seems to have been there to allow for some sed substitution over the
text. Now that this is gone, the redundant intermediate file can be
removed, too.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
policycoreutils/setfiles/.gitignore | 1 -
policycoreutils/setfiles/Makefile | 9 +++------
2 files changed, 3 insertions(+), 7 deletions(-)
delete mode 100644 policycoreutils/setfiles/.gitignore
diff --git a/policycoreutils/setfiles/.gitignore b/policycoreutils/setfiles/.gitignore
deleted file mode 100644
index 5e899c95af23..000000000000
--- a/policycoreutils/setfiles/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-setfiles.8.man
diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
index a3bbbe116b7f..63d818509791 100644
--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
@@ -13,7 +13,7 @@ ifeq ($(AUDITH), y)
override LDLIBS += -laudit
endif
-all: setfiles restorecon restorecon_xattr man
+all: setfiles restorecon restorecon_xattr
setfiles: setfiles.o restore.o
@@ -22,16 +22,13 @@ restorecon: setfiles
restorecon_xattr: restorecon_xattr.o restore.o
-man:
- @cp -af setfiles.8 setfiles.8.man
-
install: all
[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
-mkdir -p $(DESTDIR)$(SBINDIR)
install -m 755 setfiles $(DESTDIR)$(SBINDIR)
(cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
- install -m 644 setfiles.8.man $(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 setfiles.8 $(DESTDIR)$(MANDIR)/man8/setfiles.8
install -m 644 restorecon.8 $(DESTDIR)$(MANDIR)/man8/restorecon.8
install -m 644 restorecon_xattr.8 $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
for lang in $(LINGUAS) ; do \
@@ -42,7 +39,7 @@ install: all
done
clean:
- rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man
+ rm -f setfiles restorecon restorecon_xattr *.o
indent:
../../scripts/Lindent $(wildcard *.[ch])
--
2.32.0

2
SOURCES/0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch → SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
View File

@ -1,4 +1,4 @@
From 6f2adee92a62777aa1a7371a23b4cb08b9a8ac7e Mon Sep 17 00:00:00 2001
From ec3bf6f3e5468ba7b5164cc588ef5746454808a5 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 20 Aug 2015 12:58:41 +0200
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in

4
SOURCES/0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch → SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
View File

@ -1,4 +1,4 @@
From 31e28c2217b5ac4c12d60c97d08f0c062f0fce37 Mon Sep 17 00:00:00 2001
From 7a548cae4303f8429040ba6be67be182b7f9a943 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 21 Apr 2014 13:54:40 -0400
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
@ -28,7 +28,7 @@ index 2f847abb87e2..dccd778ed4be 100755
if len(mpaths) == 0:
@@ -799,12 +802,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
SELinux defines the file context types for the %(domainname)s, if you wanted to
store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
store files with these types in a diffent paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk.
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'

50
SOURCES/0002-fixfiles-do-not-exclude-dev-and-run-in-C-mode.patch
View File

@ -1,50 +0,0 @@
From 26a4c19ecff545324aa21eb0afbc3d10d3356313 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 1 Mar 2021 18:19:22 +0100
Subject: [PATCH] fixfiles: do not exclude /dev and /run in -C mode
I can't think of a good reason why they should be excluded. On the
contrary, excluding them can cause trouble very easily if some labeling
rules for these directories change. For example, we changed the label
for /dev/nvme* from nvme_device_t to fixed_disk_device_t in Fedora
(updating the allow rules accordingly) and after policy update they
ended up with an invalid context, causing denials.
Thus, remove /dev and /run from the excludes. While there, also add
/root to the basic excludes to match the regex that excludes fc rules
(that should be effectively no functional change).
I did a sanity check on my system by running `restorecon -nv /dev /run`
and it didn't report any label differences.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
---
policycoreutils/scripts/fixfiles | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 30dadb4f4cb6..6fb12e0451a9 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -162,7 +162,7 @@ newer() {
#
diff_filecontext() {
EXCLUDEDIRS="`exclude_dirs_from_relabelling`"
-for i in /sys /proc /dev /run /mnt /var/tmp /var/lib/BackupPC /home /tmp /dev; do
+for i in /sys /proc /mnt /var/tmp /var/lib/BackupPC /home /root /tmp; do
[ -e $i ] && EXCLUDEDIRS="${EXCLUDEDIRS} -e $i";
done
LogExcluded
@@ -175,7 +175,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
sed -r -e 's,:s0, ,g' $FC | sort -u | \
/usr/bin/diff -b ${PREFCTEMPFILE} - | \
grep '^[<>]'|cut -c3-| grep ^/ | \
- egrep -v '(^/home|^/root|^/tmp|^/dev)' |\
+ egrep -v '(^/home|^/root|^/tmp)' |\
sed -r -e 's,[[:blank:]].*,,g' \
-e 's|\(([/[:alnum:]]+)\)\?|{\1,}|g' \
-e 's|([/[:alnum:]])\?|{\1,}|g' \
--
2.32.0

2
SOURCES/0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch → SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
View File

@ -1,4 +1,4 @@
From 8fafb8215dbd7affd299f7eb31a1677d7f367ee8 Mon Sep 17 00:00:00 2001
From b3cb362afe86278c600d6e97cc7abf9c0b102071 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 12 May 2014 14:11:22 +0200
Subject: [PATCH] If there is no executable we don't want to print a part of

49
SOURCES/0003-policycoreutils-silence-Wextra-semi-stmt-warning.patch
View File

@ -1,49 +0,0 @@
From e45bc870946ad3c984595a679df86b424f24d09d Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sat, 3 Jul 2021 16:31:21 +0200
Subject: [PATCH] policycoreutils: silence -Wextra-semi-stmt warning
On Ubuntu 20.04, when building with clang -Werror -Wextra-semi-stmt
(which is not the default build configuration), the compiler reports:
secon.c:686:3: error: empty expression statement has no effect;
remove unnecessary ';' to silence this warning
[-Werror,-Wextra-semi-stmt]
};
^
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
policycoreutils/newrole/newrole.c | 2 +-
policycoreutils/secon/secon.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 36e2ba9c25d9..0264531acef4 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -96,7 +96,7 @@
#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
#ifdef USE_PAM
-#define PAM_SERVICE_CONFIG "/etc/selinux/newrole_pam.conf";
+#define PAM_SERVICE_CONFIG "/etc/selinux/newrole_pam.conf"
#endif
#define DEFAULT_PATH "/usr/bin:/bin"
diff --git a/policycoreutils/secon/secon.c b/policycoreutils/secon/secon.c
index d257a9a1ca6c..a0957d0914e1 100644
--- a/policycoreutils/secon/secon.c
+++ b/policycoreutils/secon/secon.c
@@ -683,7 +683,7 @@ static void disp_con(const char *scon_raw)
color.range_bg = strtok(NULL, " ");
color.valid = 1;
- };
+ }
if (!(con = context_new(scon)))
errx(EXIT_FAILURE, "Couldn't create context from: %s", scon);
--
2.32.0

6
SOURCES/0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch → SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
View File

@ -1,4 +1,4 @@
From 4492465658c7a81237cc753351b3c7bfe095e8f6 Mon Sep 17 00:00:00 2001
From b954ff8379e03714f707daa85111f6bf2f265772 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 19 Feb 2015 17:45:15 +0100
Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
@ -11,10 +11,10 @@ Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
2 files changed, 13 insertions(+), 77 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 7309875c7e27..37abc7b83a37 100644
index e8654abbceb3..a2475d22547a 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1215,27 +1215,14 @@ def boolean_desc(boolean):
@@ -1225,27 +1225,14 @@ def boolean_desc(boolean):
def get_os_version():

33
SOURCES/0004-policycoreutils-free-memory-on-lstat-failure-in-sest.patch
View File

@ -1,33 +0,0 @@
From d8b9bd5c2a90d6855478f05c8fb38bd5df2733a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 14 Jul 2021 20:13:41 +0200
Subject: [PATCH] policycoreutils: free memory on lstat failure in sestatus
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In case lstat(3) fails the memory is not free'd at the end of the for
loop, due to the control flow change by continue.
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/sestatus/sestatus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c
index b37f03533afd..ceee0d523f9a 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -461,6 +461,7 @@ int main(int argc, char **argv)
("%s (could not check link status (%s)!)\n",
context, strerror(errno));
freecon(context);
+ free(fc[i]);
continue;
}
if (S_ISLNK(m.st_mode)) {
--
2.32.0

6
SOURCES/0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch → SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
View File

@ -1,4 +1,4 @@
From 18d06e7f84adad94efe1823a2fdccf62b04bf396 Mon Sep 17 00:00:00 2001
From 7572bbec8b6a422e722864348a53d5e0f855e7f6 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:01 +0100
Subject: [PATCH] We want to remove the trailing newline for
@ -9,10 +9,10 @@ Subject: [PATCH] We want to remove the trailing newline for
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 37abc7b83a37..481c5d86232f 100644
index a2475d22547a..8055a12f6020 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1218,7 +1218,7 @@ def get_os_version():
@@ -1228,7 +1228,7 @@ def get_os_version():
system_release = ""
try:
with open('/etc/system-release') as f:

42
SOURCES/0005-policycoreutils-free-memory-of-allocated-context-in-.patch
View File

@ -1,42 +0,0 @@
From f0c354afc07419cfe4f61b72f604a648c995943e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 14 Jul 2021 20:13:42 +0200
Subject: [PATCH] policycoreutils: free memory of allocated context in run_init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/run_init/run_init.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
index 1c5eb68e7e73..545490a25918 100644
--- a/policycoreutils/run_init/run_init.c
+++ b/policycoreutils/run_init/run_init.c
@@ -406,14 +406,19 @@ int main(int argc, char *argv[])
if (chdir("/")) {
perror("chdir");
+ free(new_context);
exit(-1);
}
if (setexeccon(new_context) < 0) {
fprintf(stderr, _("Could not set exec context to %s.\n"),
new_context);
+ free(new_context);
exit(-1);
}
+
+ free(new_context);
+
if (access("/usr/sbin/open_init_pty", X_OK) != 0) {
if (execvp(argv[1], argv + 1)) {
perror("execvp");
--
2.32.0

2
SOURCES/0012-Fix-title-in-manpage.py-to-not-contain-online.patch → SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch
View File

@ -1,4 +1,4 @@
From ddf7238fa3579a64145ed092b3a023d60cd2847c Mon Sep 17 00:00:00 2001
From a4d59dcce863a02895fe40e487176149f3a4ad5b Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:53 +0100
Subject: [PATCH] Fix title in manpage.py to not contain 'online'.

30
SOURCES/0006-policycoreutils-free-memory-of-allocated-context-in-.patch
View File

@ -1,30 +0,0 @@
From 32611aea6543e3a8f32635857e37b4332b0b5c99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 14 Jul 2021 20:13:43 +0200
Subject: [PATCH] policycoreutils: free memory of allocated context in newrole
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
policycoreutils/newrole/newrole.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 0264531acef4..7c1f062f5a2a 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -1239,6 +1239,7 @@ int main(int argc, char *argv[])
free(pw.pw_dir);
free(pw.pw_shell);
free(shell_argv0);
+ free(new_context);
return exit_code;
}
--
2.32.0

2
SOURCES/0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch → SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
View File

@ -1,4 +1,4 @@
From fb7fb754e2c4d8931a5834e34ef88dfaf764bb8f Mon Sep 17 00:00:00 2001
From f183dd36c66069c95726e1dab47639e76077d86a Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Fri, 14 Feb 2014 12:32:12 -0500
Subject: [PATCH] Don't be verbose if you are not on a tty

2
SOURCES/0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch → SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
View File

@ -1,4 +1,4 @@
From 7d68ca4cc7ab8bcdf65194a58b7db63914228494 Mon Sep 17 00:00:00 2001
From fae31a306e7b6084710c02b658ace668766fc004 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 27 Feb 2017 17:12:39 +0100
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and

2
SOURCES/0015-sepolicy-Another-small-optimization-for-mcs-types.patch → SOURCES/0009-sepolicy-Another-small-optimization-for-mcs-types.patch
View File

@ -1,4 +1,4 @@
From 54d85eb009defdf93b24cf0131b88179490b56a2 Mon Sep 17 00:00:00 2001
From afe686ec783ccf442c8e2bbcb9dbdb7650328253 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 28 Feb 2017 21:29:46 +0100
Subject: [PATCH] sepolicy: Another small optimization for mcs types

2
SOURCES/0016-Move-po-translation-files-into-the-right-sub-directo.patch → SOURCES/0010-Move-po-translation-files-into-the-right-sub-directo.patch
View File

@ -1,4 +1,4 @@
From a8c4ac47f370e319c434fe1e6afcfae83d7390e9 Mon Sep 17 00:00:00 2001
From 28879b771a804242d00a8a978bdbc4b85210814d Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:23:00 +0200
Subject: [PATCH] Move po/ translation files into the right sub-directories

16
SOURCES/0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch → SOURCES/0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch
View File

@ -1,4 +1,4 @@
From ea70711fce9127c7dd3146bc8161086f97745d11 Mon Sep 17 00:00:00 2001
From a8cacf2944ddd803909d2111bdf2d43ab90e1111 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:37:07 +0200
Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
@ -198,7 +198,7 @@ index 18a2710531ca..0980aecb6311 100644
import gettext
kwargs = {}
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 6a14f7b47dd5..b51a7e3e7ca3 100644
index 21adbf6eb74f..69e60db80060 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -29,7 +29,7 @@ import sys
@ -208,8 +208,8 @@ index 6a14f7b47dd5..b51a7e3e7ca3 100644
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
import sepolicy
import setools
import ipaddress
from setools.policyrep import SELinuxPolicy
from setools.typequery import TypeQuery
diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
index 998c4356415c..56ebd807c69c 100644
--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
@ -237,12 +237,12 @@ index 7b2230651099..32956e58f52e 100755
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 481c5d86232f..df773a6b314e 100644
index 8055a12f6020..aa8beda313c8 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -13,7 +13,7 @@ import os
import re
import gzip
@@ -23,7 +23,7 @@ from setools.typeattrquery import TypeAttributeQuery
from setools.typequery import TypeQuery
from setools.userquery import UserQuery
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"

2
SOURCES/0018-Initial-.pot-files-for-gui-python-sandbox.patch → SOURCES/0012-Initial-.pot-files-for-gui-python-sandbox.patch
View File

@ -1,4 +1,4 @@
From b30964691f11946791c0b852c1b7eebf59a6dcf6 Mon Sep 17 00:00:00 2001
From a4183d4c2d335fca940f741bec1f1839394ea783 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 14:23:19 +0200
Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/

2
SOURCES/0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch → SOURCES/0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch
View File

@ -1,4 +1,4 @@
From 4ee71fa678b4a9ce85d2ec2f9ebf561c8c183124 Mon Sep 17 00:00:00 2001
From f5045f645cfa10fed01b4225d26d98ea9f81f085 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Mar 2018 08:51:31 +0100
Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch

2
SOURCES/0020-sepolicy-generate-Handle-more-reserved-port-types.patch → SOURCES/0014-sepolicy-generate-Handle-more-reserved-port-types.patch
View File

@ -1,4 +1,4 @@
From c0137252dd3ce52f006162d7b1cb4677c45bea21 Mon Sep 17 00:00:00 2001
From 53c27e891b9053a9bbbbca5a854deb4fc526a8a2 Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com>
Date: Thu, 14 Dec 2017 15:57:58 +0900
Subject: [PATCH] sepolicy-generate: Handle more reserved port types

2
SOURCES/0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch → SOURCES/0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
View File

@ -1,4 +1,4 @@
From d6476f30ddaf384ed7f563ca4ad31cbfc7ad6bbd Mon Sep 17 00:00:00 2001
From f1acc9a3057e199d62c6b8ec6e77fc33ca3db1d1 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 8 Nov 2018 09:20:58 +0100
Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects

2
SOURCES/0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch → SOURCES/0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
View File

@ -1,4 +1,4 @@
From d61a3517017921d6b6f4618e1de0c4f4a33fe951 Mon Sep 17 00:00:00 2001
From be804ecd456a52803067e1aa11e20ef69788221c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 18 Jul 2018 09:09:35 +0200
Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox

2
SOURCES/0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch → SOURCES/0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
View File

@ -1,4 +1,4 @@
From 257d7d95f541bd4b85c518562278cdc4f928f8af Mon Sep 17 00:00:00 2001
From 0e40b5541773c6daf58bba7048fae6918d74de74 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Tue, 28 Jul 2020 14:37:13 +0200
Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code

2
SOURCES/0026-Use-SHA-2-instead-of-SHA-1.patch → SOURCES/0018-Use-SHA-2-instead-of-SHA-1.patch
View File

@ -1,4 +1,4 @@
From 23337de69ad667d909964ba82f47f5166903ff50 Mon Sep 17 00:00:00 2001
From ec1b147076345478636de763ce5d4e8daa69afd6 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 30 Jul 2021 14:14:37 +0200
Subject: [PATCH] Use SHA-2 instead of SHA-1

217
SOURCES/0024-Do-not-use-Python-slip.patch
View File

@ -1,217 +0,0 @@
From 10a970733c5b31c237abd7357421384597fe0510 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 15 Apr 2021 17:39:39 +0200
Subject: [PATCH] Do not use Python slip
Python slip is not actively maintained anymore and it was use just as
polkit proxy. It looks like polkit dbus interface is quite simple to use
it directly via python dbus module.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
dbus/selinux_server.py | 69 ++++++++++++++++++------------
python/sepolicy/sepolicy/sedbus.py | 9 ----
2 files changed, 41 insertions(+), 37 deletions(-)
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
index be4f4557a9fa..b7c9378bcb5d 100644
--- a/dbus/selinux_server.py
+++ b/dbus/selinux_server.py
@@ -4,26 +4,33 @@ import dbus
import dbus.service
import dbus.mainloop.glib
from gi.repository import GObject
-import slip.dbus.service
-from slip.dbus import polkit
import os
import selinux
from subprocess import Popen, PIPE, STDOUT
-class selinux_server(slip.dbus.service.Object):
+class selinux_server(dbus.service.Object):
default_polkit_auth_required = "org.selinux.semanage"
def __init__(self, *p, **k):
super(selinux_server, self).__init__(*p, **k)
+ def is_authorized(self, sender, action_id):
+ bus = dbus.SystemBus()
+ proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
+ authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')
+ subject = ('system-bus-name', {'name': sender})
+ result = authority.CheckAuthorization(subject, action_id, {}, 1, '')
+ return result[0]
+
#
# The semanage method runs a transaction on a series of semanage commands,
# these commands can take the output of customized
#
- @slip.dbus.polkit.require_auth("org.selinux.semanage")
- @dbus.service.method("org.selinux", in_signature='s')
- def semanage(self, buf):
+ @dbus.service.method("org.selinux", in_signature='s', sender_keyword="sender")
+ def semanage(self, buf, sender):
+ if not self.is_authorized(sender, "org.selinux.semanage"):
+ raise dbus.exceptions.DBusException("Not authorized")
p = Popen(["/usr/sbin/semanage", "import"], stdout=PIPE, stderr=PIPE, stdin=PIPE, universal_newlines=True)
p.stdin.write(buf)
output = p.communicate()
@@ -35,9 +42,10 @@ class selinux_server(slip.dbus.service.Object):
# on the server. This output can be used with the semanage method on
# another server to make the two systems have duplicate policy.
#
- @slip.dbus.polkit.require_auth("org.selinux.customized")
- @dbus.service.method("org.selinux", in_signature='', out_signature='s')
- def customized(self):
+ @dbus.service.method("org.selinux", in_signature='', out_signature='s', sender_keyword="sender")
+ def customized(self, sender):
+ if not self.is_authorized(sender, "org.selinux.customized"):
+ raise dbus.exceptions.DBusException("Not authorized")
p = Popen(["/usr/sbin/semanage", "export"], stdout=PIPE, stderr=PIPE, universal_newlines=True)
buf = p.stdout.read()
output = p.communicate()
@@ -49,9 +57,10 @@ class selinux_server(slip.dbus.service.Object):
# The semodule_list method will return the output of semodule --list=full, using the customized polkit,
# since this is a readonly behaviour
#
- @slip.dbus.polkit.require_auth("org.selinux.semodule_list")
- @dbus.service.method("org.selinux", in_signature='', out_signature='s')
- def semodule_list(self):
+ @dbus.service.method("org.selinux", in_signature='', out_signature='s', sender_keyword="sender")
+ def semodule_list(self, sender):
+ if not self.is_authorized(sender, "org.selinux.semodule_list"):
+ raise dbus.exceptions.DBusException("Not authorized")
p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, stderr=PIPE, universal_newlines=True)
buf = p.stdout.read()
output = p.communicate()
@@ -62,25 +71,28 @@ class selinux_server(slip.dbus.service.Object):
#
# The restorecon method modifies any file path to the default system label
#
- @slip.dbus.polkit.require_auth("org.selinux.restorecon")
- @dbus.service.method("org.selinux", in_signature='s')
- def restorecon(self, path):
+ @dbus.service.method("org.selinux", in_signature='s', sender_keyword="sender")
+ def restorecon(self, path, sender):
+ if not self.is_authorized(sender, "org.selinux.restorecon"):
+ raise dbus.exceptions.DBusException("Not authorized")
selinux.restorecon(str(path), recursive=1)
#
# The setenforce method turns off the current enforcement of SELinux
#
- @slip.dbus.polkit.require_auth("org.selinux.setenforce")
- @dbus.service.method("org.selinux", in_signature='i')
- def setenforce(self, value):
+ @dbus.service.method("org.selinux", in_signature='i', sender_keyword="sender")
+ def setenforce(self, value, sender):
+ if not self.is_authorized(sender, "org.selinux.setenforce"):
+ raise dbus.exceptions.DBusException("Not authorized")
selinux.security_setenforce(value)
#
# The setenforce method turns off the current enforcement of SELinux
#
- @slip.dbus.polkit.require_auth("org.selinux.relabel_on_boot")
- @dbus.service.method("org.selinux", in_signature='i')
- def relabel_on_boot(self, value):
+ @dbus.service.method("org.selinux", in_signature='i', sender_keyword="sender")
+ def relabel_on_boot(self, value, sender):
+ if not self.is_authorized(sender, "org.selinux.relabel_on_boot"):
+ raise dbus.exceptions.DBusException("Not authorized")
if value == 1:
fd = open("/.autorelabel", "w")
fd.close()
@@ -111,9 +123,10 @@ class selinux_server(slip.dbus.service.Object):
#
# The change_default_enforcement modifies the current enforcement mode
#
- @slip.dbus.polkit.require_auth("org.selinux.change_default_mode")
- @dbus.service.method("org.selinux", in_signature='s')
- def change_default_mode(self, value):
+ @dbus.service.method("org.selinux", in_signature='s', sender_keyword="sender")
+ def change_default_mode(self, value, sender):
+ if not self.is_authorized(sender, "org.selinux.change_default_mode"):
+ raise dbus.exceptions.DBusException("Not authorized")
values = ["enforcing", "permissive", "disabled"]
if value not in values:
raise ValueError("Enforcement mode must be %s" % ", ".join(values))
@@ -122,9 +135,10 @@ class selinux_server(slip.dbus.service.Object):
#
# The change_default_policy method modifies the policy type
#
- @slip.dbus.polkit.require_auth("org.selinux.change_default_policy")
- @dbus.service.method("org.selinux", in_signature='s')
- def change_default_policy(self, value):
+ @dbus.service.method("org.selinux", in_signature='s', sender_keyword="sender")
+ def change_default_policy(self, value, sender):
+ if not self.is_authorized(sender, "org.selinux.change_default_policy"):
+ raise dbus.exceptions.DBusException("Not authorized")
path = selinux.selinux_path() + value
if os.path.isdir(path):
return self.write_selinux_config(policy=value)
@@ -136,5 +150,4 @@ if __name__ == "__main__":
system_bus = dbus.SystemBus()
name = dbus.service.BusName("org.selinux", system_bus)
object = selinux_server(system_bus, "/org/selinux/object")
- slip.dbus.service.set_mainloop(mainloop)
mainloop.run()
diff --git a/python/sepolicy/sepolicy/sedbus.py b/python/sepolicy/sepolicy/sedbus.py
index 76b259ae27e8..39b53d47753a 100644
--- a/python/sepolicy/sepolicy/sedbus.py
+++ b/python/sepolicy/sepolicy/sedbus.py
@@ -2,7 +2,6 @@ import sys
import dbus
import dbus.service
import dbus.mainloop.glib
-from slip.dbus import polkit
class SELinuxDBus (object):
@@ -11,42 +10,34 @@ class SELinuxDBus (object):
self.bus = dbus.SystemBus()
self.dbus_object = self.bus.get_object("org.selinux", "/org/selinux/object")
- @polkit.enable_proxy
def semanage(self, buf):
ret = self.dbus_object.semanage(buf, dbus_interface="org.selinux")
return ret
- @polkit.enable_proxy
def restorecon(self, path):
ret = self.dbus_object.restorecon(path, dbus_interface="org.selinux")
return ret
- @polkit.enable_proxy
def setenforce(self, value):
ret = self.dbus_object.setenforce(value, dbus_interface="org.selinux")
return ret
- @polkit.enable_proxy
def customized(self):
ret = self.dbus_object.customized(dbus_interface="org.selinux")
return ret
- @polkit.enable_proxy
def semodule_list(self):
ret = self.dbus_object.semodule_list(dbus_interface="org.selinux")
return ret
- @polkit.enable_proxy
def relabel_on_boot(self, value):
ret = self.dbus_object.relabel_on_boot(value, dbus_interface="org.selinux")
return ret
- @polkit.enable_proxy
def change_default_mode(self, value):
ret = self.dbus_object.change_default_mode(value, dbus_interface="org.selinux")
return ret
- @polkit.enable_proxy
def change_default_policy(self, value):
ret = self.dbus_object.change_default_policy(value, dbus_interface="org.selinux")
return ret
--
2.32.0

45
SOURCES/0025-dbus-Use-GLib.MainLoop.patch
View File

@ -1,45 +0,0 @@
From 86be303a7c5ed5057d0357a85e27cdb6885122fe Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 12 May 2021 19:19:29 +0200
Subject: [PATCH] dbus: Use GLib.MainLoop()
Fixes:
PyGIDeprecationWarning: GObject.MainLoop is deprecated; use GLib.MainLoop instead
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
dbus/selinux_server.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
index b7c9378bcb5d..a969f2268ceb 100644
--- a/dbus/selinux_server.py
+++ b/dbus/selinux_server.py
@@ -2,8 +2,9 @@
import dbus
import dbus.service
-import dbus.mainloop.glib
+from dbus.mainloop.glib import DBusGMainLoop
from gi.repository import GObject
+from gi.repository import GLib
import os
import selinux
from subprocess import Popen, PIPE, STDOUT
@@ -145,9 +146,10 @@ class selinux_server(dbus.service.Object):
raise ValueError("%s does not exist" % path)
if __name__ == "__main__":
- mainloop = GObject.MainLoop()
- dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
+ DBusGMainLoop(set_as_default=True)
+ mainloop = GLib.MainLoop()
+
system_bus = dbus.SystemBus()
name = dbus.service.BusName("org.selinux", system_bus)
- object = selinux_server(system_bus, "/org/selinux/object")
+ server = selinux_server(system_bus, "/org/selinux/object")
mainloop.run()
--
2.32.0

56
SOURCES/0027-python-sepolicy-Fix-COPY_PASTE_ERROR-CWE-398.patch
View File

@ -1,56 +0,0 @@
From d39dacc352feb35c89b41225e142dd08e932c0c0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Fri, 30 Jul 2021 13:48:18 +0200
Subject: [PATCH] python/sepolicy: Fix COPY_PASTE_ERROR (CWE-398)
Fixes:
Error: COPY_PASTE_ERROR (CWE-398): [#def3]
selinux/python/sepolicy/sepolicy/__init__.py:1032: original: ""_key_t"" looks like the original copy.
selinux/python/sepolicy/sepolicy/__init__.py:1035: copy_paste_error: ""_key_t"" looks like a copy-paste error.
selinux/python/sepolicy/sepolicy/__init__.py:1035: remediation: Should it say ""_secret_t"" instead?
# 1033|
# 1034| if f.endswith("_secret_t"):
# 1035|-> return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
# 1036|
# 1037| if f.endswith("_ra_t"):
Error: COPY_PASTE_ERROR (CWE-398): [#def4]
selinux/python/sepolicy/sepolicy/__init__.py:1065: original: ""_tmp_t"" looks like the original copy.
selinux/python/sepolicy/sepolicy/__init__.py:1067: copy_paste_error: ""_tmp_t"" looks like a copy-paste error.
selinux/python/sepolicy/sepolicy/__init__.py:1067: remediation: Should it say ""_etc_t"" instead?
# 1065| return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
# 1066| if f.endswith("_etc_t"):
# 1067|-> return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
# 1068| if f.endswith("_home_t"):
# 1069| return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/sepolicy/sepolicy/__init__.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index df773a6b314e..6b6160a449df 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1039,7 +1039,7 @@ def get_description(f, markup=markup):
return txt + "treat the files as %s key data." % prettyprint(f, "_key_t")
if f.endswith("_secret_t"):
- return txt + "treat the files as %s secret data." % prettyprint(f, "_key_t")
+ return txt + "treat the files as %s secret data." % prettyprint(f, "_secret_t")
if f.endswith("_ra_t"):
return txt + "treat the files as %s read/append content." % prettyprint(f, "_ra_t")
@@ -1071,7 +1071,7 @@ def get_description(f, markup=markup):
if f.endswith("_tmp_t"):
return txt + "store %s temporary files in the /tmp directories." % prettyprint(f, "_tmp_t")
if f.endswith("_etc_t"):
- return txt + "store %s files in the /etc directories." % prettyprint(f, "_tmp_t")
+ return txt + "store %s files in the /etc directories." % prettyprint(f, "_etc_t")
if f.endswith("_home_t"):
return txt + "store %s files in the users home directory." % prettyprint(f, "_home_t")
if f.endswith("_tmpfs_t"):
--
2.32.0

74
SPECS/policycoreutils.spec
View File

@ -1,7 +1,7 @@
%global libauditver 3.0
%global libsepolver 3.2-3
%global libsemanagever 3.2-3
%global libselinuxver 3.2-5
%global libsepolver 3.3-1
%global libsemanagever 3.3-1
%global libselinuxver 3.3-1
%global generatorsdir %{_prefix}/lib/systemd/system-generators
@ -10,11 +10,11 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 3.2
Release: 8%{?dist}
Version: 3.3
Release: 1%{?dist}
License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.2/selinux-3.2.tar.gz
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/selinux-3.3.tar.gz
URL: https://github.com/SELinuxProject/selinux
Source13: system-config-selinux.png
Source14: sepolicy-icons.tgz
@ -28,36 +28,27 @@ Source21: python-po.tgz
Source22: gui-po.tgz
Source23: sandbox-po.tgz
# https://github.com/fedora-selinux/selinux
# $ git format-patch -N 3.2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ git format-patch -N 3.3 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
# Patch list start
Patch0001: 0001-policycoreutils-setfiles-do-not-create-useless-setfi.patch
Patch0002: 0002-fixfiles-do-not-exclude-dev-and-run-in-C-mode.patch
Patch0003: 0003-policycoreutils-silence-Wextra-semi-stmt-warning.patch
Patch0004: 0004-policycoreutils-free-memory-on-lstat-failure-in-sest.patch
Patch0005: 0005-policycoreutils-free-memory-of-allocated-context-in-.patch
Patch0006: 0006-policycoreutils-free-memory-of-allocated-context-in-.patch
Patch0007: 0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
Patch0008: 0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
Patch0009: 0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
Patch0010: 0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch
Patch0011: 0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
Patch0012: 0012-Fix-title-in-manpage.py-to-not-contain-online.patch
Patch0013: 0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
Patch0014: 0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch
Patch0015: 0015-sepolicy-Another-small-optimization-for-mcs-types.patch
Patch0016: 0016-Move-po-translation-files-into-the-right-sub-directo.patch
Patch0017: 0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch
Patch0018: 0018-Initial-.pot-files-for-gui-python-sandbox.patch
Patch0019: 0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch
Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
Patch0024: 0024-Do-not-use-Python-slip.patch
Patch0025: 0025-dbus-Use-GLib.MainLoop.patch
Patch0026: 0026-Use-SHA-2-instead-of-SHA-1.patch
Patch0027: 0027-python-sepolicy-Fix-COPY_PASTE_ERROR-CWE-398.patch
Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
Patch0002: 0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
Patch0003: 0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch
Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch
Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch
Patch0009: 0009-sepolicy-Another-small-optimization-for-mcs-types.patch
Patch0010: 0010-Move-po-translation-files-into-the-right-sub-directo.patch
Patch0011: 0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch
Patch0012: 0012-Initial-.pot-files-for-gui-python-sandbox.patch
Patch0013: 0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch
Patch0014: 0014-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0015: 0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
Patch0016: 0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0017: 0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
Patch0018: 0018-Use-SHA-2-instead-of-SHA-1.patch
# Patch list end
Obsoletes: policycoreutils < 2.0.61-2
@ -283,7 +274,7 @@ by python 3 in an SELinux environment.
Summary: SELinux policy core policy devel utilities
Requires: policycoreutils-python-utils = %{version}-%{release}
Requires: /usr/bin/make dnf
Requires: selinux-policy-devel
Requires: (selinux-policy-devel if selinux-policy)
%description devel
The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
@ -484,8 +475,17 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Wed Sep 29 2021 Vit Mojzis <vmojzis@redhat.com> - 3.2-8
- Update translations (#1962114)
* Fri Oct 22 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-1
- SELinux userspace 3.3 release
* Mon Oct 11 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc3.1
- SELinux userspace 3.3-rc3 release
* Wed Sep 29 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3-0.rc2.2
- Update translations (#2003127)
* Wed Sep 29 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3-0.rc2.1
- SELinux userspace 3.3-rc2 release
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.2-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags