Summary: SELinux policy core utilities. Name: policycoreutils Version: 1.15.3 Release: 2 License: GPL Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Patch: policycoreutils-rhat.patch Prefix: %{_prefix} BuildRequires: libselinux-devel pam-devel BuildRoot: %{_tmppath}/%{name}-buildroot %description Security-enhanced Linux is a patch of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context. %prep %setup -q %patch -p1 -b .rhat %build make all %install rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}%{_bindir} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} mkdir -p ${RPM_BUILD_ROOT}/sbin mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d make DESTDIR="${RPM_BUILD_ROOT}" install %find_lang %{name} %clean rm -rf ${RPM_BUILD_ROOT} %files -f %{name}.lang %defattr(-,root,root) %{_sbindir}/setfiles /sbin/fixfiles /sbin/restorecon %{_mandir}/man8/restorecon.8.gz %{_sbindir}/genhomedircon %{_sbindir}/sestatus %{_mandir}/man8/sestatus.8.gz %{_mandir}/man8/setfiles.8.gz %{_mandir}/man8/fixfiles.8.gz %{_sbindir}/load_policy %{_bindir}/newrole %{_bindir}/audit2allow %{_mandir}/man1/newrole.1.gz %{_sysconfdir}/cron.daily/fixfiles.cron %config %{_sysconfdir}/pam.d/newrole %{_sbindir}/run_init %config %{_sysconfdir}/pam.d/run_init %{_mandir}/man8/run_init.8.gz %config(noreplace) %{_sysconfdir}/sestatus.conf %changelog * Mon Aug 2 2004 Dan Walsh 1.15.3-2 - Fix genhomedircon join command * Thu Jul 29 2004 Dan Walsh 1.15.3-1 - Latest from NSA * Mon Jul 26 2004 Dan Walsh 1.15.2-4 - Change fixfiles to not change when running a check * Tue Jul 20 2004 Dan Walsh 1.15.2-3 - Fix restorecon getopt call to stop hang on IBM Arches * Mon Jul 19 2004 Dan Walsh 1.15.2-2 - Only mail files less than 100 lines from fixfiles.cron - Add Russell's fix for genhomedircon * Fri Jul 16 2004 Dan Walsh 1.15.2-1 - Latest from NSA * Thu Jul 8 2004 Dan Walsh 1.15.1-2 - Add ro warnings * Thu Jul 8 2004 Dan Walsh 1.15.1-1 - Latest from NSA - Fix fixfiles.cron to delete outfile * Tue Jul 6 2004 Dan Walsh 1.14.1-2 - Fix fixfiles.cron to not run on non SELinux boxes - Fix several problems in fixfiles and fixfiles.cron * Wed Jun 30 2004 Dan Walsh 1.14.1-1 - Update from NSA - Add cron capability to fixfiles * Fri Jun 25 2004 Dan Walsh 1.13.4-1 - Update from NSA * Thu Jun 24 2004 Dan Walsh 1.13.3-2 - Fix fixfiles to handle no rpm file on relabel * Wed Jun 23 2004 Dan Walsh 1.13.3-1 - Update latest from NSA - Add -o option to setfiles to save output of any files with incorrect context. * Tue Jun 22 2004 Dan Walsh 1.13.2-2 - Add rpm support to fixfiles - Update restorecon to add file input support * Fri Jun 18 2004 Dan Walsh 1.13.2-1 - Update with NSA Latest * Tue Jun 15 2004 Elliot Lee - rebuilt * Sat Jun 12 2004 Dan Walsh 1.13.1-2 - Fix run_init to use policy formats * Wed Jun 2 2004 Dan Walsh 1.13.1-1 - Update from NSA * Tue May 25 2004 Dan Walsh 1.13-3 - Change location of file_context file * Tue May 25 2004 Dan Walsh 1.13-2 - Change to use /etc/sysconfig/selinux to determine location of policy files * Fri May 21 2004 Dan Walsh 1.13-1 - Update to latest from NSA - Change fixfiles to prompt before deleteing /tmp files * Tue May 18 2004 Dan Walsh 1.12-2 - have restorecon ingnore <> - Hand matchpathcon the file status * Thu May 14 2004 Dan Walsh 1.12-1 - Update to match NSA * Mon May 10 2004 Dan Walsh 1.11-4 - Move location of log file to /var/tmp * Mon May 10 2004 Dan Walsh 1.11-3 - Better grep command for bind * Fri May 7 2004 Dan Walsh 1.11-2 - Eliminate bind and context mounts * Wed May 5 2004 Dan Walsh 1.11-1 - update to match NSA * Wed Apr 28 2004 Dan Walsh 1.10-4 - Log fixfiles to the /tmp directory * Wed Apr 21 2004 Colin Walters 1.10-3 - Add patch to fall back to authenticating via uid if the current user's SELinux user identity is the default identity - Add BuildRequires pam-devel * Mon Apr 12 2004 Dan Walsh 1.10-2 - Add man page, thanks to Richard Halley * Thu Apr 8 2004 Dan Walsh 1.10-1 - Upgrade to latest from NSA * Fri Apr 2 2004 Dan Walsh 1.9.2-1 - Update with latest from gentoo and NSA * Thu Apr 1 2004 Dan Walsh 1.9.1-1 - Check return codes in sestatus.c * Mon Mar 29 2004 Dan Walsh 1.9-19 - Fix sestatus to not double free - Fix sestatus.conf to be unix format * Mon Mar 29 2004 Dan Walsh 1.9-18 - Warn on setfiles failure to relabel. * Mon Mar 29 2004 Dan Walsh 1.9-17 - Updated version of sestatus * Mon Mar 29 2004 Dan Walsh 1.9-16 - Fix fixfiles to checklabel properly * Fri Mar 26 2004 Dan Walsh 1.9-15 - add sestatus * Thu Mar 25 2004 Dan Walsh 1.9-14 - Change free call to freecon - Cleanup * Tue Mar 23 2004 Dan Walsh 1.9-12 - Remove setfiles-assoc patch - Fix restorecon to not crash on missing dir * Thu Mar 17 2004 Dan Walsh 1.9-11 - Eliminate trailing / in restorecon * Thu Mar 17 2004 Dan Walsh 1.9-10 - Add Verbosity check * Thu Mar 17 2004 Dan Walsh 1.9-9 - Change restorecon to not follow symlinks. It is too difficult and confusing - to figure out the file context for the file pointed to by a symlink. * Wed Mar 17 2004 Dan Walsh 1.9-8 - Fix restorecon * Wed Mar 17 2004 Dan Walsh 1.9-7 - Read restorecon patch * Wed Mar 17 2004 Dan Walsh 1.9-6 - Change genhomedircon to take POLICYSOURCEDIR from command line * Wed Mar 17 2004 Dan Walsh 1.9-5 - Add checkselinux - move fixfiles and restorecon to /sbin * Wed Mar 17 2004 Dan Walsh 1.9-4 - Restore patch of genhomedircon * Mon Mar 15 2004 Dan Walsh 1.9-3 - Add setfiles-assoc patch to try to freeup memory use * Mon Mar 15 2004 Dan Walsh 1.9-2 - Add fixlabels * Mon Mar 15 2004 Dan Walsh 1.9-1 - Update to latest from NSA * Wed Mar 10 2004 Dan Walsh 1.6-8 - Increase the size of buffer accepted by setfiles to BUFSIZ. * Tue Mar 9 2004 Dan Walsh 1.6-7 - genhomedircon should complete even if it can't read /etc/default/useradd * Tue Mar 9 2004 Dan Walsh 1.6-6 - fix restorecon to relabel unlabled files. * Fri Mar 5 2004 Dan Walsh 1.6-5 - Add genhomedircon from tresys - Fixed patch for restorecon * Thu Feb 26 2004 Dan Walsh 1.6-4 - exit out when selinux is not enabled * Thu Feb 26 2004 Dan Walsh 1.6-3 - Fix minor bugs in restorecon * Thu Feb 26 2004 Dan Walsh 1.6-2 - Add restorecon c program * Tue Feb 24 2004 Dan Walsh 1.6-1 - Update to latest tarball from NSA * Thu Feb 19 2004 Dan Walsh 1.4-9 - Add sort patch * Fri Feb 13 2004 Elliot Lee - rebuilt * Thu Jan 29 2004 Dan Walsh 1.4-7 - remove mods to run_init since init scripts don't require it anymore * Wed Jan 28 2004 Dan Walsh 1.4-6 - fix genhomedircon not to return and error * Wed Jan 28 2004 Dan Walsh 1.4-5 - add setfiles quiet patch * Tue Jan 27 2004 Dan Walsh 1.4-4 - add checkcon to verify context match file_context * Wed Jan 7 2004 Dan Walsh 1.4-3 - fix command parsing restorecon * Tue Jan 6 2004 Dan Walsh 1.4-2 - Add restorecon * Sat Dec 6 2003 Dan Walsh 1.4-1 - Update to latest NSA 1.4 * Tue Nov 25 2003 Dan Walsh 1.2-9 - Change run_init.console to run as run_init_t * Tue Oct 14 2003 Dan Walsh 1.2-8 - Remove dietcc since load_policy is not in mkinitrd - Change to use CONSOLEHELPER flag * Tue Oct 14 2003 Dan Walsh 1.2-7 - Don't authenticate run_init when used with consolehelper * Wed Oct 01 2003 Dan Walsh 1.2-6 - Add run_init consolehelper link * Wed Sep 24 2003 Dan Walsh 1.2-5 - Add russell spead up patch to deal with file path stems * Fri Sep 12 2003 Dan Walsh 1.2-4 - Build load_policy with diet gcc in order to save space on initrd * Fri Sep 12 2003 Dan Walsh 1.2-3 - Update with NSA latest * Thu Aug 7 2003 Dan Walsh 1.2-1 - remove i18n - Temp remove gtk support * Thu Aug 7 2003 Dan Walsh 1.1-4 - Remove wnck requirement * Thu Aug 7 2003 Dan Walsh 1.1-3 - Add gtk support to run_init * Tue Aug 5 2003 Dan Walsh 1.1-2 - Add internationalization * Mon Jun 2 2003 Dan Walsh 1.0-1 - Initial version