The policycoreutils-devel package is used not only for working with an
installed policy, but also for building the policy from sources. In the
latter case, there is no need to install selinux-policy-devel (and
selinux-policy along with it), so make the dependency conditional on
selinux-policy.
Since policy is often built from source in a mock chroot or a container,
this will avoid the awkward and unnecessary cyclic build dependency of
selinux-policy on itself.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
The following translation files (without any translated strings) will no
longer be part of the package (only policycoreutils.... python, gui and
sandbox are not affected): aln.po ast.po az.po bn_BD.po bo.po brx.po
dz.po eo.po es_MX.po hy.po ks.po ku.po ky.po la.po lo.po lt_LT.po
lv_LV.po mg.po mn.po my.po si_LK.po tl.po vi_VN.po wo.po xh.po
zh_CN.GB2312.po zh_HK.po zh_TW.Big5.po
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1578148
- Build with libsepol.so.1 and libsemanage.so.2
- Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file
- fixfiles: correctly restore context of mountpoints
- sepolgen: print extended permissions in hexadecimal
- Build with libsepol.so.1 and libsemanage.so.2
- Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file
- fixfiles: correctly restore context of mountpoints
- sepolgen: print extended permissions in hexadecimal
When a user tried to remove a policy module with priority other than 400 via
GUI, it failed with a message:
libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
"semodule -r NAME".
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1740936
Using patches from git makes it clean which changes are included in Fedora
New workflow:
1. clone https://github.com/fedora-selinux/selinux
2. create patchset
$ git format-patch 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
3. update spec file
$ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
# deleted: restorecond-fedora.patch
- setsebool: support use of -P on SELinux-disabled hosts
- sepolicy: initialize mislabeled_files in __init__()
- audit2allow: use local sepolgen-ifgen-attr-helper for tests
- audit2allow: allow using audit2why as non-root user
- audit2allow/sepolgen-ifgen: show errors on stderr
- audit2allow/sepolgen-ifgen: add missing \n to error message
- sepolgen: close /etc/selinux/sepolgen.conf after parsing it
- sepolicy: Make policy files sorting more robust
- semanage: Load a store policy and set the store SELinux policy root
- chcat: fix removing categories on users with Fedora default setup
- semanage: Include MCS/MLS range when exporting local customizations
- semanage: Start exporting "ibendport" and "ibpkey" entries
- semanage: do not show "None" levels when using a non-MLS policy
- sepolicy: Add sepolicy.load_store_policy(store)
- semanage: import sepolicy only when it's needed
- semanage: move valid_types initialisations to class constructors
- chcat: use check_call instead of getstatusoutput
- Use matchbox-window-manager instead of openbox
- Use ipaddress python module instead of IPy
- semanage: Fix handling of -a/-e/-d/-r options
- semanage: Use standard argparse.error() method
- semanage: "semanage user" does not use -s, fix documentation
- semanage: add a missing space in ibendport help
- sepolicy: Update to work with setools-4.2.0
- Fix typo in newrole.1 manpage
- sepolgen: print all AV rules correctly
- sepolgen: fix access vector initialization
- Add xperms support to audit2allow
- semanage: Stop logging loginRecords changes
- semanage: Fix logger class definition
- semanage: Replace bare except with specific one
- semanage: fix Python syntax of catching several exceptions
- sepolgen: return NotImplemented instead of raising it
- sepolgen: fix refpolicy parsing of "permissive"
- sepolicy: Fix translated strings with parameters
- sepolicy: Support non-MLS policy
- sepolicy: Initialize policy.ports as a dict in generate.py
- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
- Minor update for bash completion
- semodule_package: fix semodule_unpackage man page
- gui/semanagePage: Close "edit" and "add" dialogues when successfull
- gui/fcontextPage: Set default object class in addDialog\
- sepolgen: fix typo in PolicyGenerator
- build: follow standard semantics for DESTDIR and PREFIX
- use pathfix.py instead of sed
- clean up '*~' files
Fixes:
policycoreutils has broken dependencies in the rawhide tree:
On i386:
python2-policycoreutils-2.7-11.fc28.i686 requires /usr/bin/python22
On armhfp:
python2-policycoreutils-2.7-11.fc28.armv7hl requires /usr/bin/python22
- gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
- gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
- python/sepolicy: Use list instead of map
- python/sepolicy: Do not use types.BooleanType
