- semanage: Reset active value when deleting boolean customizations (RHEL-111421)
- setfiles: Add -A option to disable SELINUX_RESTORECON_ADD_ASSOC (RHEL-111505)
Resolves: RHEL-111421, RHEL-111505
When a file name in type transition rule used in an interface is same as
a keyword, it needs to be M4 escaped so that the keyword is not expanded
by M4, e.g.
- filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
+ filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")
But sepolgen-ifgen could not parse such string:
# sepolgen-ifgen
Illegal character '`'
This change allows M4 escaping inside quoted strings and fixed described
problem.
https://bugzilla.redhat.com/show_bug.cgi?id=2254206
Resolves: RHEL-45544
- use XWayland for X application if it's run in Wayland session
- run Wayland apps directly if it's run in Wayland session
- add sandbox -Y option to run run Wayland application
Resolves: RHEL-35984
- python: improve format strings for proper localization
- python: Drop hard formating from localized strings
- sepolicy: port to dnf4 python API (rhbz#2209404)
Fixes:
$ shellcheck -S warning selinux-autorelabel-generator.sh
In selinux-autorelabel-generator.sh line 22:
source /etc/selinux/config
^------------------------^ SC3046 (warning): In POSIX sh, 'source' in place of '.' is undefined.
For more information:
https://www.shellcheck.net/wiki/SC3046 -- In POSIX sh, 'source' in place of...
https://bugzilla.redhat.com/show_bug.cgi?id=2210593
The project has moved away from dbus-glib in version 3.2[0] and the BR
is not needed at all. Explicitly add the glib2-devel to BR to fix the
build after this change (it got there previously through
dbus-glib-devel).
[0] - 252925ccdf
selinux-autorelabel service can be configured to drop to a shell to allow
administrator to manually relabel a filesystem, see selinux_config(5). In
this case, the service needs to have a tty attached to stdin. Given that
tty should not be attached to the service by default, see
https://bugzilla.redhat.com/show_bug.cgi?id=1634661 , the
selinux-autorelabel-generator.sh will configure the service to attach
tty only if AUTORELABEL=0
Resolves: rhbz#2165508
