SELinux userspace 3.9-rc2 release

Related: RHEL-104006

.gitignore

@@ -363,3 +363,5 @@ policycoreutils-2.0.83.tgz
 /selinux-3.8-rc3.tar.gz.asc
 /selinux-3.8.tar.gz
 /selinux-3.8.tar.gz.asc
+/selinux-3.9-rc2.tar.gz
+/selinux-3.9-rc2.tar.gz.asc

0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch

@@ -1,15 +1,14 @@
-From 12f57453e8b53a8aab6d3581fd1a4c921fe36918 Mon Sep 17 00:00:00 2001
+From 8bbb7a654825223fccf5839d208cfc091a78d979 Mon Sep 17 00:00:00 2001
 From: Dan Walsh <dwalsh@redhat.com>
 Date: Fri, 14 Feb 2014 12:32:12 -0500
 Subject: [PATCH] Don't be verbose if you are not on a tty
-Content-type: text/plain
 
 ---
  policycoreutils/scripts/fixfiles | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index b7cd765c15e4..f2518e96e34c 100755
+index b7cd765c..f2518e96 100755
 --- a/policycoreutils/scripts/fixfiles
 +++ b/policycoreutils/scripts/fixfiles
 @@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
@@ -21,5 +20,5 @@ index b7cd765c15e4..f2518e96e34c 100755
  THREADS=""
  RPMFILES=""
 -- 
-2.47.0
+2.49.0
 

0002-sepolicy-generate-Handle-more-reserved-port-types.patch

@@ -1,8 +1,7 @@
-From fb7357cd097801fcdfa21ed49a17a3875db05e42 Mon Sep 17 00:00:00 2001
+From 0acd95264dadf06ad93591c949f6e8aebb559c11 Mon Sep 17 00:00:00 2001
 From: Masatake YAMATO <yamato@redhat.com>
 Date: Thu, 14 Dec 2017 15:57:58 +0900
 Subject: [PATCH] sepolicy-generate: Handle more reserved port types
-Content-type: text/plain
 
 Currently only reserved_port_t, port_t and hi_reserved_port_t are
 handled as special when making a ports-dictionary.  However, as fas as
@@ -53,7 +52,7 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
-index adf65f27a822..f726ad51b775 100644
+index adf65f27..f726ad51 100644
 --- a/python/sepolicy/sepolicy/generate.py
 +++ b/python/sepolicy/sepolicy/generate.py
 @@ -100,7 +100,9 @@ def get_all_ports():
@@ -68,5 +67,5 @@ index adf65f27a822..f726ad51b775 100644
          dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
      return dict
 -- 
-2.47.0
+2.49.0
 

0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch

@@ -1,8 +1,7 @@
-From f2092a1b859a028f2c5c79b41c70b135ba3ad0fa Mon Sep 17 00:00:00 2001
+From af70b132b985fd7fe7bf4e085082f7e821d54452 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Wed, 18 Jul 2018 09:09:35 +0200
 Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
-Content-type: text/plain
 
 ---
  sandbox/sandbox     |  4 ++--
@@ -11,7 +10,7 @@ Content-type: text/plain
  3 files changed, 3 insertions(+), 17 deletions(-)
 
 diff --git a/sandbox/sandbox b/sandbox/sandbox
-index e3fd6119ed4d..e01425f0c637 100644
+index e3fd6119..e01425f0 100644
 --- a/sandbox/sandbox
 +++ b/sandbox/sandbox
 @@ -270,7 +270,7 @@ class Sandbox:
@@ -33,7 +32,7 @@ index e3fd6119ed4d..e01425f0c637 100644
  
          parser.add_option("-l", "--level", dest="level",
 diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
-index 095b9e27042d..1c1870190e51 100644
+index 095b9e27..1c187019 100644
 --- a/sandbox/sandbox.8
 +++ b/sandbox/sandbox.8
 @@ -80,7 +80,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
@@ -46,7 +45,7 @@ index 095b9e27042d..1c1870190e51 100644
  \fB\-X\fR
  Create an X based Sandbox for gui apps, temporary files for
 diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
-index 28169182ce42..e2a7ad9b2ac7 100644
+index 28169182..e2a7ad9b 100644
 --- a/sandbox/sandboxX.sh
 +++ b/sandbox/sandboxX.sh
 @@ -7,20 +7,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
@@ -71,5 +70,5 @@ index 28169182ce42..e2a7ad9b2ac7 100644
      if [ -z "$WAYLAND_DISPLAY" ]; then
          DISPLAY_COMMAND='/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null'
 -- 
-2.47.0
+2.49.0
 

0004-Use-SHA-2-instead-of-SHA-1.patch

@@ -1,8 +1,7 @@
-From 4780b755bb1171f5aa4cd7545535839d451a2070 Mon Sep 17 00:00:00 2001
+From 661202f1fadb8b233df5ec92f620c866390304f6 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Fri, 30 Jul 2021 14:14:37 +0200
 Subject: [PATCH] Use SHA-2 instead of SHA-1
-Content-type: text/plain
 
 The use of SHA-1 in RHEL9 is deprecated
 ---
@@ -13,10 +12,10 @@ The use of SHA-1 in RHEL9 is deprecated
  4 files changed, 20 insertions(+), 20 deletions(-)
 
 diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
-index c3cc5c9b0e52..6160aced5922 100644
+index 1134420e..77dd0542 100644
 --- a/policycoreutils/setfiles/restorecon.8
 +++ b/policycoreutils/setfiles/restorecon.8
-@@ -95,14 +95,14 @@ display usage information and exit.
+@@ -103,14 +103,14 @@ display usage information and exit.
  ignore files that do not exist.
  .TP
  .B \-I
@@ -34,7 +33,7 @@ index c3cc5c9b0e52..6160aced5922 100644
  enable usage of the
  .IR security.sehash
  extended attribute.
-@@ -200,7 +200,7 @@ the
+@@ -208,7 +208,7 @@ the
  .B \-D
  option to
  .B restorecon
@@ -43,7 +42,7 @@ index c3cc5c9b0e52..6160aced5922 100644
  attribute named
  .IR security.sehash
  on each directory specified in
-@@ -217,7 +217,7 @@ for further details.
+@@ -225,7 +225,7 @@ for further details.
  .sp
  The
  .B \-I
@@ -53,7 +52,7 @@ index c3cc5c9b0e52..6160aced5922 100644
  and provided the
  .B \-n
 diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
-index 51d12a4dbb80..09bfd8c40ab4 100644
+index 51d12a4d..09bfd8c4 100644
 --- a/policycoreutils/setfiles/restorecon_xattr.8
 +++ b/policycoreutils/setfiles/restorecon_xattr.8
 @@ -23,7 +23,7 @@ or
@@ -90,7 +89,7 @@ index 51d12a4dbb80..09bfd8c40ab4 100644
  .I security.sehash
  directory digest entries, and is shown for reference only).
 diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
-index 31fb82fd2099..bc22d3fd4560 100644
+index 31fb82fd..bc22d3fd 100644
 --- a/policycoreutils/setfiles/restorecon_xattr.c
 +++ b/policycoreutils/setfiles/restorecon_xattr.c
 @@ -38,7 +38,7 @@ int main(int argc, char **argv)
@@ -134,10 +133,10 @@ index 31fb82fd2099..bc22d3fd4560 100644
  	}
  
 diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
-index ee01725050bb..57c663a99d67 100644
+index eabf0a1c..187f4513 100644
 --- a/policycoreutils/setfiles/setfiles.8
 +++ b/policycoreutils/setfiles/setfiles.8
-@@ -95,14 +95,14 @@ display usage information and exit.
+@@ -104,14 +104,14 @@ display usage information and exit.
  ignore files that do not exist.
  .TP
  .B \-I
@@ -155,7 +154,7 @@ index ee01725050bb..57c663a99d67 100644
  enable usage of the
  .IR security.sehash
  extended attribute.
-@@ -261,7 +261,7 @@ the
+@@ -270,7 +270,7 @@ the
  .B \-D
  option to
  .B setfiles
@@ -164,7 +163,7 @@ index ee01725050bb..57c663a99d67 100644
  .B spec_file
  set in an extended attribute named
  .IR security.sehash
-@@ -282,7 +282,7 @@ for further details.
+@@ -291,7 +291,7 @@ for further details.
  .sp
  The
  .B \-I
@@ -174,5 +173,5 @@ index ee01725050bb..57c663a99d67 100644
  and provided the
  .B \-n
 -- 
-2.47.0
+2.49.0
 

0005-python-sepolicy-Fix-spec-file-dependencies.patch

@@ -1,8 +1,7 @@
-From 7e8d67e63daebd675284afaf98aa07530659272f Mon Sep 17 00:00:00 2001
+From 38e0ac0e99462a6e792e57fffa7b32498715f7f4 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Tue, 30 May 2023 09:07:28 +0200
 Subject: [PATCH] python/sepolicy: Fix spec file dependencies
-Content-type: text/plain
 
 semanage is part of policycoreutils-python-utils package, selinuxenabled
 is part of libselinux-utils (required by ^^^) and restorecon/load_policy
@@ -14,7 +13,7 @@ Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
  1 file changed, 7 insertions(+), 5 deletions(-)
 
 diff --git a/python/sepolicy/sepolicy/templates/spec.py b/python/sepolicy/sepolicy/templates/spec.py
-index 433c298a17e0..a6d4508bb670 100644
+index 433c298a..a6d4508b 100644
 --- a/python/sepolicy/sepolicy/templates/spec.py
 +++ b/python/sepolicy/sepolicy/templates/spec.py
 @@ -11,18 +11,20 @@ Version:	1.0
@@ -44,5 +43,5 @@ index 433c298a17e0..a6d4508bb670 100644
  
  mid_section="""\
 -- 
-2.47.0
+2.49.0
 

0006-sepolicy-Fix-detection-of-writeable-locations.patch

@@ -1,8 +1,7 @@
-From f6630f61e5f4e7771eda0c1a1c5c95afc7f497f8 Mon Sep 17 00:00:00 2001
+From 6773c49ffa8091d67452f4831defbe84e47bbd5b Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <lautrbach@redhat.com>
 Date: Mon, 5 May 2025 18:28:40 +0200
 Subject: [PATCH] sepolicy: Fix detection of writeable locations
-Content-type: text/plain
 
 - update substitutions from /etc/dnf/var
 
@@ -30,7 +29,7 @@ Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
  1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
-index f726ad51b775..a0314a7060cc 100644
+index f726ad51..a0314a70 100644
 --- a/python/sepolicy/sepolicy/generate.py
 +++ b/python/sepolicy/sepolicy/generate.py
 @@ -1267,15 +1267,15 @@ allow %s_t %s_t:%s_socket name_%s;

0007-sepolicy-use-multiprocessing-fork-method.patch

@@ -0,0 +1,58 @@
+From cfec5c81d6513791a170d101cf2f27773f3052f1 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <lautrbach@redhat.com>
+Date: Mon, 30 Jun 2025 11:20:56 +0200
+Subject: [PATCH] sepolicy: use multiprocessing 'fork' method
+
+'fork' was the default starting method in Python before 3.14 and it's
+necessary for this code to work correctly
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2374569
+
+    sh-5.2# sepolicy manpage -a -p /builddir/build/BUILD/selinux-policy-41.43-build/BUILDROOT/usr/share/man/man8/ -w -r /builddir/build/BUILD/selinux-policy-41.43-build/BUILDROOT
+    ValueError: No SELinux Policy installed
+    Exception ignored while calling deallocator <function Pool.__del__ at 0x7f36f9d333d0>:
+    Traceback (most recent call last):
+      File "/usr/lib64/python3.14/multiprocessing/pool.py", line 271, in __del__
+        self._change_notifier.put(None)
+      File "/usr/lib64/python3.14/multiprocessing/queues.py", line 397, in put
+        self._writer.send_bytes(obj)
+      File "/usr/lib64/python3.14/multiprocessing/connection.py", line 206, in send_bytes
+        self._send_bytes(m[offset:offset + size])
+      File "/usr/lib64/python3.14/multiprocessing/connection.py", line 444, in _send_bytes
+        self._send(header + buf)
+      File "/usr/lib64/python3.14/multiprocessing/connection.py", line 400, in _send
+        n = write(self._handle, buf)
+    BrokenPipeError: [Errno 32] Broken pipe
+
+Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ python/sepolicy/sepolicy.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
+index 82ff6af2..febb2fc1 100755
+--- a/python/sepolicy/sepolicy.py
++++ b/python/sepolicy/sepolicy.py
+@@ -25,7 +25,7 @@ import os
+ import sys
+ import selinux
+ import sepolicy
+-from multiprocessing import Pool
++import multiprocessing
+ from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
+ import argparse
+ PROGNAME = "selinux-python"
+@@ -350,7 +350,8 @@ def manpage(args):
+ 
+     manpage_domains = set()
+     manpage_roles = set()
+-    p = Pool()
++    multiprocessing.set_start_method('fork')
++    p = multiprocessing.Pool()
+     async_results = []
+     for domain in test_domains:
+         async_results.append(p.apply_async(manpage_work, [domain, path, args.root, args.source_files, args.web]))
+-- 
+2.49.0
+

0008-policycoreutils-use-pkg-config-for-libsemanage.patch

@@ -0,0 +1,76 @@
+From 21955dcb5a201b0ec0487b3f1aa1da052afd9b97 Mon Sep 17 00:00:00 2001
+From: Alyssa Ross <hi@alyssa.is>
+Date: Wed, 25 Jun 2025 12:41:03 +0200
+Subject: [PATCH] policycoreutils: use pkg-config for libsemanage
+
+libaudit and libbz2 are only required to be in the linker path for
+static builds.  For dynamic builds, they'll be discovered through ELF
+metadata.  pkg-config knows how to do the right thing in both cases,
+so just use it rather than listing libsemanage's dependencies
+manually.
+
+Fixes: da6cd3d8 ("Support static-only builds")
+Closes: https://lore.kernel.org/r/87bjqebpre.fsf@redhat.com
+Signed-off-by: Alyssa Ross <hi@alyssa.is>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ policycoreutils/Makefile           | 3 ++-
+ policycoreutils/semodule/Makefile  | 3 +--
+ policycoreutils/setsebool/Makefile | 3 +--
+ 3 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
+index 7acd51dd..0f3d62f2 100644
+--- a/policycoreutils/Makefile
++++ b/policycoreutils/Makefile
+@@ -3,7 +3,8 @@ SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule setseboo
+ PKG_CONFIG ?= pkg-config
+ 
+ LIBSELINUX_LDLIBS := $(shell $(PKG_CONFIG) --libs libselinux)
+-export LIBSELINUX_LDLIBS
++LIBSEMANAGE_LDLIBS := $(shell $(PKG_CONFIG) --libs libsemanage)
++export LIBSELINUX_LDLIBS LIBSEMANAGE_LDLIBS
+ 
+ all install relabel clean indent:
+ 	@for subdir in $(SUBDIRS); do \
+diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
+index 7c45831f..018ee2ca 100644
+--- a/policycoreutils/semodule/Makefile
++++ b/policycoreutils/semodule/Makefile
+@@ -7,12 +7,11 @@ MANDIR = $(PREFIX)/share/man
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I../../libselinux/include -I../../libsemanage/include
+ override LDFLAGS+= -L../../libselinux/src     -L../../libsemanage/src
+-override LDLIBS += -lsemanage -lsepol $(LIBSELINUX_LDLIBS)
++override LDLIBS += $(LIBSEMANAGE_LDLIBS) -lsepol $(LIBSELINUX_LDLIBS)
+ SEMODULE_OBJS = semodule.o
+ 
+ all: semodule genhomedircon
+ 
+-semodule: LDLIBS += -laudit -lbz2
+ semodule: $(SEMODULE_OBJS)
+ 
+ genhomedircon:
+diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile
+index 1d514846..87494c55 100644
+--- a/policycoreutils/setsebool/Makefile
++++ b/policycoreutils/setsebool/Makefile
+@@ -8,14 +8,13 @@ BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
+ CFLAGS ?= -Werror -Wall -W
+ override CFLAGS += -I../../libselinux/include -I../../libsemanage/include
+ override LDFLAGS+= -L../../libselinux/src     -L../../libsemanage/src
+-override LDLIBS += -lsemanage $(LIBSELINUX_LDLIBS)
++override LDLIBS += $(LIBSEMANAGE_LDLIBS) $(LIBSELINUX_LDLIBS)
+ SETSEBOOL_OBJS = setsebool.o
+ 
+ BASHCOMPLETIONS=setsebool-bash-completion.sh 
+ 
+ all: setsebool
+ 
+-setsebool: LDLIBS += -laudit -lbz2
+ setsebool: $(SETSEBOOL_OBJS)
+ 
+ install: all
+-- 
+2.49.0
+

0009-Policycoreutils-Make-pkg-config-work-for-more-types-.patch

@@ -0,0 +1,40 @@
+From 0ca24e16ece36e6c45a50be350f82495abc742ec Mon Sep 17 00:00:00 2001
+From: James Carter <jwcart2@gmail.com>
+Date: Tue, 1 Jul 2025 09:01:43 -0400
+Subject: [PATCH] Policycoreutils: Make pkg-config work for more types of
+ builds
+
+To support static builds, pkg-config is used to add the libraries
+needed for libselinux and libsemanage during the build. Unforunately,
+pkg-config will always use the installed pc files for libselinux and
+libsemanage.
+
+Instead set PKG_CONFIG_PATH when invoking pkg-config so that
+it searches in order:
+1) The directory specified by PKG_CONFIG_PATH, if already set.
+2) The local src directories of libselinux and libsemaange.
+3) The default directories specified by the system.
+
+Signed-off-by: James Carter <jwcart2@gmail.com>
+---
+ policycoreutils/Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
+index 0f3d62f2..7c9706e3 100644
+--- a/policycoreutils/Makefile
++++ b/policycoreutils/Makefile
+@@ -2,8 +2,8 @@ SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule setseboo
+ 
+ PKG_CONFIG ?= pkg-config
+ 
+-LIBSELINUX_LDLIBS := $(shell $(PKG_CONFIG) --libs libselinux)
+-LIBSEMANAGE_LDLIBS := $(shell $(PKG_CONFIG) --libs libsemanage)
++LIBSELINUX_LDLIBS := $(shell PKG_CONFIG_PATH="$(PKG_CONFIG_PATH):../libselinux/src" $(PKG_CONFIG) --libs libselinux)
++LIBSEMANAGE_LDLIBS := $(shell PKG_CONFIG_PATH="$(PKG_CONFIG_PATH):../libsemanage/src" $(PKG_CONFIG) --libs libsemanage)
+ export LIBSELINUX_LDLIBS LIBSEMANAGE_LDLIBS
+ 
+ all install relabel clean indent:
+-- 
+2.49.0
+

changelog

@@ -1,3 +1,6 @@
+* Fri Jul 04 2025 Petr Lautrbach <lautrbach@redhat.com> - 3.9-0.rc2.1
+- SELinux userspace 3.9-rc2 release
+
 * Sat May 10 2025 Petr Lautrbach <lautrbach@redhat.com> - 3.8-2
 - sepolicy: Fix detection of writeable locations
 

policycoreutils.spec

@@ -1,7 +1,7 @@
 %global libauditver     3.0
-%global libsepolver     3.8-1
-%global libsemanagever  3.8-1
-%global libselinuxver   3.8-1
+%global libsepolver     3.9-0
+%global libsemanagever  3.9-0
+%global libselinuxver   3.9-0
 
 %global generatorsdir %{_prefix}/lib/systemd/system-generators
 
@@ -10,12 +10,12 @@
 
 Summary: SELinux policy core utilities
 Name:    policycoreutils
-Version: 3.8
-Release: 2%{?dist}
+Version: 3.9
+Release: 0.rc2.1%{?dist}
 License: GPL-2.0-or-later
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-%{version}.tar.gz
-Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-%{version}.tar.gz.asc
+Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc2/selinux-%{version}-rc2.tar.gz
+Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}-rc2/selinux-%{version}-rc2.tar.gz.asc
 Source2: https://github.com/bachradsusi.gpg
 URL:     https://github.com/SELinuxProject/selinux
 Source13: system-config-selinux.png
@@ -35,7 +35,7 @@ Source22: selinux-gui.zip
 # wlc --key <apikey> --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./
 Source23: selinux-sandbox.zip
 # https://github.com/fedora-selinux/selinux
-# $ git format-patch -N 3.8 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
+# $ git format-patch -N 3.9-rc2 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
 # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
 # Patch list start
 Patch0001: 0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
@@ -44,6 +44,9 @@ Patch0003: 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
 Patch0004: 0004-Use-SHA-2-instead-of-SHA-1.patch
 Patch0005: 0005-python-sepolicy-Fix-spec-file-dependencies.patch
 Patch0006: 0006-sepolicy-Fix-detection-of-writeable-locations.patch
+Patch0007: 0007-sepolicy-use-multiprocessing-fork-method.patch
+Patch0008: 0008-policycoreutils-use-pkg-config-for-libsemanage.patch
+Patch0009: 0009-Policycoreutils-Make-pkg-config-work-for-more-types-.patch
 # Patch list end
 
 Obsoletes: policycoreutils < 2.0.61-2
@@ -81,7 +84,7 @@ to switch roles.
 
 %prep -p /usr/bin/bash
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%autosetup -p 1 -n selinux-%{version}
+%autosetup -p 1 -n selinux-%{version}-rc2
 
 cp %{SOURCE13} gui/
 tar -xvf %{SOURCE14} -C python/sepolicy/

sources

@@ -2,5 +2,5 @@ SHA512 (selinux-policycoreutils.zip) = 0df9dc274e0d1a2e4e2467f95a18a5bf7b6de2428
 SHA512 (selinux-python.zip) = 35d209f8bcff498f66465499fcc4cef0780781276a4ba060b2d1d56eed1dd72d253f6b0eae5f679d46cf426b967a7aadac909363513be5d483c95a31249eacdd
 SHA512 (selinux-sandbox.zip) = ecbc0c8280eb6c013b039a2e63ee5a361cd84807613962a012ac0a98092357e9809bea23c3c71bd8ae4745b1dd12a4fce43db5e1cab31614f386a2a8db88b733
 SHA512 (selinux-gui.zip) = 3ae41eba5dd6d34e10dfdb97f4194d170ace2f3044e984077db7d26d05bdaad86625e48e5694e3e8680487ad99a50861d4bea30c4bf08e2820e3b7a8671270c7
-SHA512 (selinux-3.8.tar.gz) = 58d05cd17ebcb4975e49573d2019304e6bbe0692f0ec230d79dfbcd144c2ff695c137b83318cc5e04c618031db7764e697162a3a8ff753ecfa314e552ccb8b81
-SHA512 (selinux-3.8.tar.gz.asc) = b4cd45bd66b7ae716123efde2ba0acddabc25cf3728e30ef101c7c001b6114c2b37fdc5e1cb09d75dc87f4d544da2f4a2e5803091334685c69c4c52e004e8434
+SHA512 (selinux-3.9-rc2.tar.gz) = d05d7633826154007117fc17a22de5dfb5f929fa124123341e98039ecf68a133b9ca70c575ca5e4aaa390daa930ffb6dda43b016b9cfcda8d8a901fb5204ba89
+SHA512 (selinux-3.9-rc2.tar.gz.asc) = 0fec5c55f48978829bbb61ac9e3330fbd42be08ecc89b9abb318ccd86feda41f7a5dea58aef73979c471b95b539202336a7336feb8c9014e32c7d7684ed081f1