%global libauditver 3.0 %global libsepolver 3.7-1 %global libsemanagever 3.7-1 %global libselinuxver 3.7-1 %global generatorsdir %{_prefix}/lib/systemd/system-generators # Disable automatic compilation of Python files in extra directories %global _python_bytecompile_extra 0 Summary: SELinux policy core utilities Name: policycoreutils Version: 3.7 Release: 3%{?dist} License: GPL-2.0-or-later # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/selinux-3.7.tar.gz Source1: https://github.com/SELinuxProject/selinux/releases/download/3.7/selinux-3.7.tar.gz.asc Source2: https://github.com/bachradsusi.gpg URL: https://github.com/SELinuxProject/selinux Source13: system-config-selinux.png Source14: sepolicy-icons.tgz Source15: selinux-autorelabel Source16: selinux-autorelabel.service Source17: selinux-autorelabel-mark.service Source18: selinux-autorelabel.target Source19: selinux-autorelabel-generator.sh # Drop this when upstream updates translations and the package is rebased # wlc --key --url https://translate.fedoraproject.org/api/ download selinux/policycoreutils --output ./ Source20: selinux-policycoreutils.zip # wlc --key --url https://translate.fedoraproject.org/api/ download selinux/python --output ./ Source21: selinux-python.zip # wlc --key --url https://translate.fedoraproject.org/api/ download selinux/gui --output ./ Source22: selinux-gui.zip # wlc --key --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./ Source23: selinux-sandbox.zip # https://github.com/fedora-selinux/selinux # $ git format-patch -N 3.7 -- policycoreutils python gui sandbox dbus semodule-utils restorecond # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done # Patch list start Patch0001: 0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch Patch0002: 0002-sepolicy-generate-Handle-more-reserved-port-types.patch Patch0003: 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Patch0004: 0004-Use-SHA-2-instead-of-SHA-1.patch Patch0005: 0005-python-sepolicy-Fix-spec-file-dependencies.patch Patch0006: 0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch # Patch list end Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 # initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel Conflicts: initscripts < 9.66 Provides: /sbin/fixfiles Provides: /sbin/restorecon BuildRequires: gcc make BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext BuildRequires: desktop-file-utils dbus-devel glib2-devel BuildRequires: python3-devel python3-setuptools python3-wheel python3-pip BuildRequires: systemd BuildRequires: git-core BuildRequires: gnupg2 Requires: util-linux grep gawk diffutils rpm sed Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver} %description Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles. %prep -p /usr/bin/bash %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p 1 -n selinux-%{version} cp %{SOURCE13} gui/ tar -xvf %{SOURCE14} -C python/sepolicy/ # Temporary disabled since upstream updated translations in this release # Since patches containing translation changes were too big, translations were moved to separate tarballs # For more information see README.translations # First remove old translation files # rm -f policycoreutils/po/*.po python/po/*.po gui/po/*.po sandbox/po/*.po # unzip %{SOURCE20} # cp -r selinux/policycoreutils/po policycoreutils # unzip %{SOURCE21} # cp -r selinux/python/po python # unzip %{SOURCE22} # cp -r selinux/gui/po gui # unzip %{SOURCE23} # cp -r selinux/sandbox/po sandbox %build %set_build_flags export PYTHON=%{__python3} make -C policycoreutils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all %install mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_mandir}/man1 mkdir -p %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_mandir}/man8 %{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/ %make_install -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" %make_install -C python PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" %make_install -C gui PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" %make_install -C sandbox PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" %make_install -C dbus PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" %make_install -C semodule-utils PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" %make_install -C restorecond PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" # Fix perms on newrole so that objcopy can process it chmod 0755 %{buildroot}%{_bindir}/newrole # Systemd rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8 rm -f %{buildroot}/usr/sbin/open_init_pty rm -f %{buildroot}/usr/sbin/run_init rm -f %{buildroot}/usr/share/man/man8/run_init.8* rm -f %{buildroot}/etc/pam.d/run_init* mkdir -m 755 -p %{buildroot}/%{generatorsdir} install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/ install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/ install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/ install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/ install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/ # Manually invoke the python byte compile macro for each path that needs byte # compilation. %py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux %find_lang policycoreutils %find_lang selinux-python %find_lang selinux-gui %find_lang selinux-sandbox %package python-utils Summary: SELinux policy core python utilities Requires: python3-policycoreutils = %{version}-%{release} Obsoletes: policycoreutils-python <= 2.4-4 BuildArch: noarch %description python-utils The policycoreutils-python-utils package contains the management tools use to manage an SELinux environment. %files python-utils %{_sbindir}/semanage %{_bindir}/chcat %{_bindir}/audit2allow %{_bindir}/audit2why %{_mandir}/man1/audit2allow.1* %{_mandir}/man1/audit2why.1* %{_sysconfdir}/dbus-1/system.d/org.selinux.conf %{_mandir}/man8/chcat.8* %{_mandir}/man8/semanage*.8* %{_datadir}/bash-completion/completions/semanage %package dbus Summary: SELinux policy core DBUS api Requires: python3-policycoreutils = %{version}-%{release} Requires: python3-gobject-base Requires: polkit BuildArch: noarch %description dbus The policycoreutils-dbus package contains the management DBUS API use to manage an SELinux environment. %files dbus %{_sysconfdir}/dbus-1/system.d/org.selinux.conf %{_datadir}/dbus-1/system-services/org.selinux.service %{_datadir}/polkit-1/actions/org.selinux.policy %{_datadir}/polkit-1/actions/org.selinux.config.policy %{_datadir}/system-config-selinux/selinux_server.py %dir %{_datadir}/system-config-selinux/__pycache__ %{_datadir}/system-config-selinux/__pycache__/selinux_server.* %package -n python3-policycoreutils %{?python_provide:%python_provide python3-policycoreutils} # Remove before F31 Provides: %{name}-python3 = %{version}-%{release} Provides: %{name}-python3 = %{version}-%{release} Obsoletes: %{name}-python3 < %{version}-%{release} Summary: SELinux policy core python3 interfaces Requires:policycoreutils = %{version}-%{release} Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux # no python3-audit-libs yet Requires:audit-libs-python3 >= %{libauditver} Requires: checkpolicy Requires: python3-setools >= 4.4.0 Requires: python3-distro BuildArch: noarch %description -n python3-policycoreutils The python3-policycoreutils package contains the interfaces that can be used by python 3 in an SELinux environment. %files -f selinux-python.lang -n python3-policycoreutils %{python3_sitelib}/seobject.py* %{python3_sitelib}/__pycache__ %{python3_sitelib}/sepolgen %dir %{python3_sitelib}/sepolicy %{python3_sitelib}/sepolicy/templates %dir %{python3_sitelib}/sepolicy/help %{python3_sitelib}/sepolicy/help/* %{python3_sitelib}/sepolicy/__init__.py* %{python3_sitelib}/sepolicy/booleans.py* %{python3_sitelib}/sepolicy/communicate.py* %{python3_sitelib}/sepolicy/generate.py* %{python3_sitelib}/sepolicy/interface.py* %{python3_sitelib}/sepolicy/manpage.py* %{python3_sitelib}/sepolicy/network.py* %{python3_sitelib}/sepolicy/transition.py* %{python3_sitelib}/sepolicy/sedbus.py* %{python3_sitelib}/sepolicy*.dist-info/ %{python3_sitelib}/sepolicy/__pycache__ %package devel Summary: SELinux policy core policy devel utilities Requires: policycoreutils-python-utils = %{version}-%{release} Requires: /usr/bin/make python3-dnf Requires: (selinux-policy-devel if selinux-policy) %description devel The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment. %files devel %{_bindir}/sepolgen %{_bindir}/sepolgen-ifgen %{_bindir}/sepolgen-ifgen-attr-helper %dir /var/lib/sepolgen /var/lib/sepolgen/perm_map %{_bindir}/sepolicy %{_mandir}/man8/sepolgen.8* %{_mandir}/man8/sepolicy-booleans.8* %{_mandir}/man8/sepolicy-generate.8* %{_mandir}/man8/sepolicy-interface.8* %{_mandir}/man8/sepolicy-network.8* %{_mandir}/man8/sepolicy.8* %{_mandir}/man8/sepolicy-communicate.8* %{_mandir}/man8/sepolicy-manpage.8* %{_mandir}/man8/sepolicy-transition.8* %{_usr}/share/bash-completion/completions/sepolicy %package sandbox Summary: SELinux sandbox utilities Requires: python3-policycoreutils = %{version}-%{release} %if 0%{?fedora} || 0%{?rhel} <= 9 Requires: xorg-x11-server-Xephyr >= 1.14.1-2 Requires: xmodmap Requires: matchbox-window-manager %endif Requires: rsync BuildRequires: libcap-ng-devel %description sandbox The policycoreutils-sandbox package contains the scripts to create graphical sandboxes %files -f selinux-sandbox.lang sandbox %config(noreplace) %{_sysconfdir}/sysconfig/sandbox %{_datadir}/sandbox/sandboxX.sh %{_datadir}/sandbox/start %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare %{_mandir}/man8/seunshare.8* %{_bindir}/sandbox %{_mandir}/man5/sandbox.5* %{_mandir}/man8/sandbox.8* %package newrole Summary: The newrole application for RBAC/MLS Requires: policycoreutils = %{version}-%{release} %description newrole RBAC/MLS policy machines require newrole as a way of changing the role or level of a logged in user. %files newrole %attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole %{_mandir}/man1/newrole.1.gz %config(noreplace) %{_sysconfdir}/pam.d/newrole %package gui Summary: SELinux configuration GUI Requires: policycoreutils-devel = %{version}-%{release}, python3-policycoreutils = %{version}-%{release} Requires: policycoreutils-dbus = %{version}-%{release} Requires: gtk3, python3-gobject BuildRequires: desktop-file-utils BuildArch: noarch %description gui system-config-selinux is a utility for managing the SELinux environment %files -f selinux-gui.lang gui %{_bindir}/system-config-selinux %{_bindir}/selinux-polgengui %{_datadir}/applications/sepolicy.desktop %{_datadir}/applications/system-config-selinux.desktop %{_datadir}/applications/selinux-polgengui.desktop %{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png %{_datadir}/pixmaps/system-config-selinux.png %dir %{_datadir}/system-config-selinux %dir %{_datadir}/system-config-selinux/__pycache__ %{_datadir}/system-config-selinux/system-config-selinux.png %{_datadir}/system-config-selinux/*Page.py %{_datadir}/system-config-selinux/__pycache__/*Page.* %{_datadir}/system-config-selinux/system-config-selinux.py %{_datadir}/system-config-selinux/__pycache__/system-config-selinux.* %{_datadir}/system-config-selinux/*.ui %{python3_sitelib}/sepolicy/gui.py* %{python3_sitelib}/sepolicy/sepolicy.glade %{_datadir}/icons/hicolor/*/apps/sepolicy.png %{_datadir}/pixmaps/sepolicy.png %{_mandir}/man8/system-config-selinux.8* %{_mandir}/man8/selinux-polgengui.8* %{_mandir}/man8/sepolicy-gui.8* %files -f %{name}.lang %{_sbindir}/restorecon %{_sbindir}/restorecon_xattr %{_sbindir}/fixfiles %{_sbindir}/setfiles %{_sbindir}/load_policy %{_sbindir}/genhomedircon %{_sbindir}/setsebool %{_sbindir}/semodule # symlink to %%{_bindir}/sestatus %{_sbindir}/sestatus %{_bindir}/secon %{_bindir}/semodule_expand %{_bindir}/semodule_link %{_bindir}/semodule_package %{_bindir}/semodule_unpackage %{_bindir}/sestatus %{_libexecdir}/selinux/hll %{_libexecdir}/selinux/selinux-autorelabel %{_unitdir}/selinux-autorelabel-mark.service %{_unitdir}/selinux-autorelabel.service %{_unitdir}/selinux-autorelabel.target %{generatorsdir}/selinux-autorelabel-generator.sh %config(noreplace) %{_sysconfdir}/sestatus.conf %{_mandir}/man5/selinux_config.5.gz %{_mandir}/man5/sestatus.conf.5.gz %{_mandir}/man8/fixfiles.8* %{_mandir}/man8/load_policy.8* %{_mandir}/man8/restorecon.8* %{_mandir}/man8/restorecon_xattr.8* %{_mandir}/man8/semodule.8* %{_mandir}/man8/sestatus.8* %{_mandir}/man8/setfiles.8* %{_mandir}/man8/setsebool.8* %{_mandir}/man1/secon.1* %{_mandir}/man8/genhomedircon.8* %{_mandir}/man8/semodule_expand.8* %{_mandir}/man8/semodule_link.8* %{_mandir}/man8/semodule_unpackage.8* %{_mandir}/man8/semodule_package.8* %dir %{_datadir}/bash-completion %{_datadir}/bash-completion/completions/setsebool %{!?_licensedir:%global license %%doc} %license policycoreutils/LICENSE %doc %{_usr}/share/doc/%{name} %package restorecond Summary: SELinux restorecond utilities BuildRequires: systemd-units %description restorecond The policycoreutils-restorecond package contains the restorecond service. %files restorecond %{_sbindir}/restorecond %{_unitdir}/restorecond.service %{_userunitdir}/restorecond_user.service %config(noreplace) %{_sysconfdir}/selinux/restorecond.conf %config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf %{_sysconfdir}/xdg/autostart/restorecond.desktop %{_datadir}/dbus-1/services/org.selinux.Restorecond.service %{_mandir}/man8/restorecond.8* %{!?_licensedir:%global license %%doc} %license policycoreutils/LICENSE %post %systemd_post selinux-autorelabel-mark.service %preun %systemd_preun selinux-autorelabel-mark.service %post restorecond %systemd_post restorecond.service %preun restorecond %systemd_preun restorecond.service %postun restorecond %systemd_postun_with_restart restorecond.service %changelog * Tue Oct 29 2024 Troy Dawson - 3.7-3 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 %autochangelog