It should prevent problems with wrong labels on directories in / after
commands like:
# useradd -Z unconfined_u -d /var test
# matchpathcon /var
/var unconfined_u:object_r:user_home_dir_t:s0
The new v3.0 SELInux userspace added support for optimizing the binary
policy by pruning redundant rules from it. Enable it on Fedora by
default, since it brings noticeable space savings and only negligibly
increases policy build time.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
libsepol was fixed before release 2.4 and expand-check=1 doesn't make a
big time penalty. On the other hand, it's helpful to make it enabled by
default.
Resolves: rhbz#1319652
Add enable/disable patch support from Dan Walsh.
Add usepasswd flag to semanage.conf to disable genhomedircon using passwd
from Dan Walsh.
regenerate swig wrappers