%define libsepolver 1.9.14-1 Summary: SELinux binary policy manipulation library Name: libsemanage Version: 1.3.11 Release: 1 License: GPL Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz BuildRoot: %{_tmppath}/%{name}-buildroot BuildRequires: libsepol-devel >= %{libsepolver} %description Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. libsemanage provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies such as customizing policy boolean settings. %package devel Summary: Header files and libraries used to build policy manipulation tools Group: Development/Libraries Requires: libsemanage = %{version} %description devel The semanage-devel package contains the static libraries and header files needed for developing applications that manipulate binary policies. %prep %setup -q %build make CFLAGS="%{optflags}" %install rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}/%{_lib} mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir} make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install %clean rm -rf ${RPM_BUILD_ROOT} %files %defattr(-,root,root) %config(noreplace) /usr/share/semanage/semanage.conf /%{_lib}/libsemanage.so.1 %{_libdir}/libsemanage.so %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files devel %defattr(-,root,root) %{_libdir}/libsemanage.a %{_includedir}/semanage/*.h %changelog * Mon Oct 12 2005 Dan Walsh 1.3.11-1 - Update from NSA * Fixed semanage_install_active() to use the same logic for selecting a policy version as semanage_expand_sandbox(). Dropped dead code from semanage_install_sandbox(). * Mon Oct 10 2005 Dan Walsh 1.3.10-1 - Update from NSA * Updated for changes to libsepol, and to only use types and interfaces provided by the shared libsepol. * Fri Oct 7 2005 Dan Walsh 1.3.9-1 - Update from NSA * Merged further database work from Ivan Gyurdiev. * Tue Oct 4 2005 Dan Walsh 1.3.8-1 - Update from NSA * Merged iterate, redistribute, and dbase split patches from Ivan Gyurdiev. * Mon Oct 3 2005 Dan Walsh 1.3.7-1 - Update from NSA * Merged patch series from Ivan Gyurdiev. (pointer typedef elimination, file renames, dbase work, backend separation) * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. * Separated handle create from connect interface. * Added a constructor for initialization. * Moved up src/include/*.h to src. * Created a symbol map file; dropped dso.h and hidden markings. * Wed Sep 28 2005 Dan Walsh 1.3.5-1 - Update from NSA * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. * Separated handle create from connect interface. * Added a constructor for initialization. * Moved up src/include/*.h to src. * Created a symbol map file; dropped dso.h and hidden markings. * Fri Sep 23 2005 Dan Walsh 1.3.4-1 - Update from NSA * Merged dbase redesign patch from Ivan Gyurdiev. * Wed Sep 21 2005 Dan Walsh 1.3.3-1 - Update from NSA * Merged boolean record, stub record handler, and status codes patches from Ivan Gyurdiev. * Tue Sep 20 2005 Dan Walsh 1.3.2-1 - Update from NSA * Merged stub iterator functionality from Ivan Gyurdiev. * Merged interface record patch from Ivan Gyurdiev. * Wed Sep 14 2005 Dan Walsh 1.3.1-1 - Update from NSA * Merged stub functionality for managing user and port records, and record table code from Ivan Gyurdiev. * Updated version for release. * Thu Sep 1 2005 Dan Walsh 1.1.6-1 - Update from NSA * Merged semod.conf template patch from Dan Walsh (Red Hat), but restored location to /usr/share/semod/semod.conf. * Fixed several bugs found by valgrind. * Fixed bug in prior patch for the semod_build_module_list leak. * Merged errno fix from Joshua Brindle (Tresys). * Merged fix for semod_build_modules_list leak on error path from Serge Hallyn (IBM). Bug found by Coverity. * Thu Aug 25 2005 Dan Walsh 1.1.3-1 - Update from NSA * Merged errno fix from Joshua Brindle (Tresys). * Merged fix for semod_build_modules_list leak on error path from Serge Hallyn (IBM). Bug found by Coverity. * Merged several fixes from Serge Hallyn (IBM). Bugs found by Coverity. * Fixed several other bugs and warnings. * Merged patch to move module read/write code from libsemanage to libsepol from Jason Tang (Tresys). * Merged relay records patch from Ivan Gyurdiev. * Merged key extract patch from Ivan Gyurdiev. - Initial version - Created by Stephen Smalley