policycoreutils-2.7-1

- Update to upstream release 2017-08-04 - Move DBUS API from -gui to -dbus package
2017-08-07 17:13:28 +02:00 · 2017-08-07 17:13:28 +02:00 · 0ea988e102
parent 19abd3c9a6
commit 0ea988e102
9 changed files with 525 additions and 2956 deletions
--- a/.gitignore
+++ b/.gitignore
@ -241,3 +241,10 @@ policycoreutils-2.0.83.tgz
 /sepolgen-1.2.3.tar.gz
 /policycoreutils-2.6.tar.gz
 /sepolgen-2.6.tar.gz
+/policycoreutils-2.7.tar.gz
+/selinux-python-2.7.tar.gz
+/selinux-gui-2.7.tar.gz
+/selinux-sandbox-2.7.tar.gz
+/selinux-dbus-2.7.tar.gz
+/semodule-utils-2.7.tar.gz
+/restorecond-2.7.tar.gz
--- a/policycoreutils-fedora.patch
+++ b/policycoreutils-fedora.patch
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -1,36 +1,46 @@
 %global	libauditver	2.1.3-4
-%global libsepolver	2.6-0
-%global	libsemanagever	2.6-0
-%global	libselinuxver	2.6-5
-%global	sepolgenver	2.6
+%global libsepolver	2.7-1
+%global	libsemanagever	2.7-1
+%global	libselinuxver	2.7-1
+%global	sepolgenver	2.7

 %global generatorsdir %{_prefix}/lib/systemd/system-generators

 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.6
-Release: 9%{?dist}
+Version: 2.7
+Release: 1%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/policycoreutils-2.6.tar.gz
-Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014/sepolgen-2.6.tar.gz
+Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/policycoreutils-2.7.tar.gz
+Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-python-2.7.tar.gz
+Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-gui-2.7.tar.gz
+Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-sandbox-2.7.tar.gz
+Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-dbus-2.7.tar.gz
+Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/semodule-utils-2.7.tar.gz
+Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/restorecond-2.7.tar.gz
 URL:	 http://www.selinuxproject.org
-Source2: policycoreutils_man_ru2.tar.bz2
-Source3: system-config-selinux.png
-Source4: sepolicy-icons.tgz
-Source5: selinux-autorelabel
-Source6: selinux-autorelabel.service
-Source7: selinux-autorelabel-mark.service
-Source8: selinux-autorelabel.target
-Source9: selinux-autorelabel-generator.sh
+Source12: policycoreutils_man_ru2.tar.bz2
+Source13: system-config-selinux.png
+Source14: sepolicy-icons.tgz
+Source15: selinux-autorelabel
+Source16: selinux-autorelabel.service
+Source17: selinux-autorelabel-mark.service
+Source18: selinux-autorelabel.target
+Source19: selinux-autorelabel-generator.sh
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
-# $ VERSION=2.6 ./make-fedora-selinux-patch.sh policycoreutils
-# HEAD https://github.com/fedora-selinux/selinux/commit/601a1d1363fe4137ff3a2991c546f7a0ccfec4cb
+# $ VERSION=2.7 ./make-fedora-selinux-patch.sh policycoreutils
+# HEAD https://github.com/fedora-selinux/selinux/commit/70a12c5e7b56a81223d67ce2469292826b84efe9
 Patch:	 policycoreutils-fedora.patch
-# $ VERSION=2.6 ./make-fedora-selinux-patch.sh sepolgen
-# Patch1:  sepolgen-fedora.patch
+# $ VERSION=2.7 ./make-fedora-selinux-patch.sh selinux-python
+Patch1:  selinux-python-fedora.patch
+Patch2:  selinux-gui-fedora.patch
+Patch3:  selinux-sandbox-fedora.patch
+Patch4:  selinux-dbus-fedora.patch
+# Patch5:  semodule-utils-fedora.patch
+# Patch6:  restorecond
 Obsoletes: policycoreutils < 2.0.61-2
 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
 # initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
@ -64,20 +74,34 @@ to switch roles.
 %prep
 # create selinux/ directory and extract %{SOURCE0} there
 %setup -q -c -n selinux
-%patch -p0 -b .policycoreutils-fedora
-pushd policycoreutils-%{version}
-popd
-
-cp %{SOURCE3} policycoreutils-%{version}/gui/
-tar -xvf %{SOURCE4} -C policycoreutils-%{version}/
-# extract {%SOURCE1} in selinux/ directory
 %setup -T -D -a 1 -n selinux
-# %patch1 -p0 -b .sepolgen-fedora
+%setup -T -D -a 2 -n selinux
+%setup -T -D -a 3 -n selinux
+%setup -T -D -a 4 -n selinux
+%setup -T -D -a 5 -n selinux
+%setup -T -D -a 6 -n selinux
+%patch -p0 -b .policycoreutils-fedora
+
+cp %{SOURCE13} selinux-gui-%{version}/
+tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
+# extract {%SOURCE1} in selinux/ directory
+# %setup -T -D -a 1 -n selinux
+%patch1 -p0 -b .selinux-python
+%patch2 -p0 -b .selinux-gui
+%patch3 -p0 -b .selinux-sandbox
+%patch4 -p0 -b .selinux-dbus
+# %patch5 -p0 -b .semodule-utils
+# %patch6 -p0 -b .restorecond


 %build
-make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" all
-make -C sepolgen-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
+make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-python-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" LIBSEPOLA="%{_libdir}/libsepol.a" all

 %install
 mkdir -p %{buildroot}%{_bindir}
@ -87,16 +111,27 @@ mkdir -p %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_mandir}/man8
 %{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/

-make -C policycoreutils-%{version} LSPP_PRIV=y  DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
-make -C policycoreutils-%{version} PYTHON=%{__python3} LSPP_PRIV=y  DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
+make -C policycoreutils-%{version} LSPP_PRIV=y  DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-python-%{version} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+# make -C policycoreutils-%{version} PYTHON=%{__python3} LSPP_PRIV=y  DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install

 # Systemd
 rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond

-make -C sepolgen-%{version} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
-make -C sepolgen-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
-
-tar -jxf %{SOURCE2} -C %{buildroot}/
+tar -jxf %{SOURCE12} -C %{buildroot}/
 rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
 rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
 rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
@ -126,11 +161,11 @@ rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.deskto
 # https://bugzilla.redhat.com/show_bug.cgi?id=1328825
 mkdir   -m 755 -p %{buildroot}/%{_unitdir}/basic.target.wants/
 mkdir   -m 755 -p %{buildroot}/%{generatorsdir}
-install -m 644 -p %{SOURCE6} %{buildroot}/%{_unitdir}/
-install -m 644 -p %{SOURCE7} %{buildroot}/%{_unitdir}/
-install -m 644 -p %{SOURCE8} %{buildroot}/%{_unitdir}/
-install -m 755 -p %{SOURCE9} %{buildroot}/%{generatorsdir}/
-install -m 755 -p %{SOURCE5} %{buildroot}/%{_libexecdir}/selinux/
+install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
+install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
+install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
+install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
+install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
 ln -s ../selinux-autorelabel-mark.service %{buildroot}/%{_unitdir}/basic.target.wants/

 # change /usr/bin/python3 to /usr/bin/python in policycoreutils-python
@ -150,6 +185,7 @@ sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%' \
 	%{buildroot}%{_bindir}/audit2why \
 	%{buildroot}%{_bindir}/sepolicy \
 	%{buildroot}%{_bindir}/sepolgen{,-ifgen} \
+	%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
 	%nil

 %find_lang %{name}
@ -184,6 +220,22 @@ an SELinux environment.
 %{_datadir}/bash-completion/completions/semanage
 %{_datadir}/bash-completion/completions/setsebool

+%package dbus
+Summary:    SELinux policy core DBUS api
+Requires:   policycoreutils-python3 = %{version}-%{release}
+Requires:   python3-slip-dbus
+
+%description dbus
+The policycoreutils-dbus package contains the management DBUS API use to manage
+an SELinux environment.
+
+%files dbus
+%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
+%{_datadir}/dbus-1/system-services/org.selinux.service
+%{_datadir}/polkit-1/actions/org.selinux.policy
+%{_datadir}/polkit-1/actions/org.selinux.config.policy
+%{_datadir}/system-config-selinux/selinux_server.py*
+
 %package python3
 Summary: SELinux policy core python3 interfaces
 Group:	 System Environment/Base
@ -326,7 +378,8 @@ Group: System Environment/Base
 Requires: policycoreutils-devel = %{version}-%{release}, policycoreutils-python = %{version}-%{release}
 Requires: gnome-python2 gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
 Requires: usermode-gtk
-Requires: python >= 2.6, python-slip-dbus
+Requires: python >= 2.6
+Requires: policycoreutils-dbus = %{version}-%{release}
 BuildRequires: desktop-file-utils

 %description gui
@ -342,7 +395,10 @@ system-config-selinux is a utility for managing the SELinux environment
 %{_datadir}/pixmaps/system-config-selinux.png
 %dir %{_datadir}/system-config-selinux
 %{_datadir}/system-config-selinux/system-config-selinux.png
-%{_datadir}/system-config-selinux/*.py*
+%{_datadir}/system-config-selinux/*Page.py*
+%{_datadir}/system-config-selinux/html_util.py*
+%{_datadir}/system-config-selinux/polgengui.py*
+%{_datadir}/system-config-selinux/system-config-selinux.py*
 %{_datadir}/system-config-selinux/*.glade
 %{python_sitelib}/sepolicy/gui.py*
 %{python_sitelib}/sepolicy/sepolicy.glade
@ -355,9 +411,6 @@ system-config-selinux is a utility for managing the SELinux environment
 %{_mandir}/man8/system-config-selinux.8*
 %{_mandir}/man8/selinux-polgengui.8*
 %{_mandir}/man8/sepolicy-gui.8*
-%{_datadir}/dbus-1/system-services/org.selinux.service
-%{_datadir}/polkit-1/actions/org.selinux.policy
-%{_datadir}/polkit-1/actions/org.selinux.config.policy

 %post gui
 /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@ -445,6 +498,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service

 %changelog
+* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
+- Update to upstream release 2017-08-04
+- Move DBUS API from -gui to -dbus package
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

--- a/selinux-dbus-fedora.patch
+++ b/selinux-dbus-fedora.patch
@ -0,0 +1,35 @@
+diff --git selinux-dbus-2.7/org.selinux.conf selinux-dbus-2.7/org.selinux.conf
+index a350978..1ae079d 100644
+--- selinux-dbus-2.7/org.selinux.conf
+++ selinux-dbus-2.7/org.selinux.conf
+@@ -12,12 +12,8 @@
+ 
+   <!-- Allow anyone to invoke methods on the interfaces,
+        authorization is performed by PolicyKit -->
+-  <policy at_console="true">
+-    <allow send_destination="org.selinux"/>
+-  </policy>
+   <policy context="default">
+-    <allow send_destination="org.selinux"
+-	   send_interface="org.freedesktop.DBus.Introspectable"/>
+    <allow send_destination="org.selinux"/>
+   </policy>
+ 
+ </busconfig>
+diff --git selinux-dbus-2.7/org.selinux.policy selinux-dbus-2.7/org.selinux.policy
+index 0126610..9772127 100644
+--- selinux-dbus-2.7/org.selinux.policy
+++ selinux-dbus-2.7/org.selinux.policy
+@@ -70,9 +70,9 @@
+ 	  <allow_active>auth_admin_keep</allow_active>
+         </defaults>
+     </action>
+-    <action id="org.selinux.change_policy_type">
+-        <description>SELinux write access</description>
+-        <message>System policy prevents change_policy_type access to SELinux</message>
+    <action id="org.selinux.change_default_mode">
+        <description>Change SELinux default enforcing mode</description>
+        <message>System policy prevents change_default_policy access to SELinux</message>
+         <defaults>
+           <allow_any>no</allow_any>
+           <allow_inactive>no</allow_inactive>
--- a/selinux-gui-fedora.patch
+++ b/selinux-gui-fedora.patch
@ -0,0 +1,52 @@
+diff --git selinux-gui-2.7/polgengui.py selinux-gui-2.7/polgengui.py
+index 7460cce..064001b 100644
+--- selinux-gui-2.7/polgengui.py
+++ selinux-gui-2.7/polgengui.py
+@@ -34,7 +34,9 @@ except ValueError as e:
+     sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
+     sys.exit(1)
+ 
+import sepolicy.generate
+ import sepolicy.interface
+
+ try:
+     from subprocess import getstatusoutput
+ except ImportError:
+@@ -696,16 +698,16 @@ class childWindow:
+ 
+     def on_in_net_page_next(self, *args):
+         try:
+-            generate.verify_ports(self.in_tcp_entry.get_text())
+-            generate.verify_ports(self.in_udp_entry.get_text())
+            sepolicy.generate.verify_ports(self.in_tcp_entry.get_text())
+            sepolicy.generate.verify_ports(self.in_udp_entry.get_text())
+         except ValueError as e:
+             self.error(e.message)
+             return True
+ 
+     def on_out_net_page_next(self, *args):
+         try:
+-            generate.verify_ports(self.out_tcp_entry.get_text())
+-            generate.verify_ports(self.out_udp_entry.get_text())
+            sepolicy.generate.verify_ports(self.out_tcp_entry.get_text())
+            sepolicy.generate.verify_ports(self.out_udp_entry.get_text())
+         except ValueError as e:
+             self.error(e.message)
+             return True
+diff --git selinux-gui-2.7/portsPage.py selinux-gui-2.7/portsPage.py
+index b8fdaad..f86d2d3 100644
+--- selinux-gui-2.7/portsPage.py
+++ selinux-gui-2.7/portsPage.py
+@@ -40,6 +40,12 @@ from semanagePage import *
+ ## I18N
+ ##
+ PROGNAME = "policycoreutils"
+
+TYPE_COL = 0
+PROTOCOL_COL = 1
+MLS_COL = 2
+PORT_COL = 3
+
+ try:
+     import gettext
+     kwargs = {}
--- a/selinux-python-fedora.patch
+++ b/selinux-python-fedora.patch
@ -0,0 +1,301 @@
+diff --git selinux-python-2.7/semanage/semanage.8 selinux-python-2.7/semanage/semanage.8
+index 0bdb90f..0cdcfcc 100644
+--- selinux-python-2.7/semanage/semanage.8
+++ selinux-python-2.7/semanage/semanage.8
+@@ -57,9 +57,8 @@ to SELinux user identities (which controls the initial security context
+ assigned to Linux users when they login and bounds their authorized role set)
+ as well as security context mappings for various kinds of objects, such
+ as network ports, interfaces, infiniband pkeys and endports, and nodes (hosts)
+-as well as the file context mapping. See the EXAMPLES section below for some
+-examples of common usage.  Note that the semanage login command deals with the
+-mapping from Linux usernames (logins) to SELinux user identities,
+as well as the file context mapping. Note that the semanage login command deals
+with the mapping from Linux usernames (logins) to SELinux user identities,
+ while the semanage user command deals with the mapping from SELinux
+ user identities to authorized role sets.  In most cases, only the
+ former mapping needs to be adjusted by the administrator; the latter
+diff --git selinux-python-2.7/semanage/seobject.py selinux-python-2.7/semanage/seobject.py
+index 70fd192..af88126 100644
+--- selinux-python-2.7/semanage/seobject.py
+++ selinux-python-2.7/semanage/seobject.py
+@@ -386,6 +386,8 @@ class moduleRecords(semanageRecords):
+             print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
+ 
+     def add(self, file, priority):
+        if not file:
+            raise ValueError(_("You did not define module."))
+         if not os.path.exists(file):
+             raise ValueError(_("Module does not exist: %s ") % file)
+ 
+@@ -398,6 +400,8 @@ class moduleRecords(semanageRecords):
+             self.commit()
+ 
+     def set_enabled(self, module, enable):
+        if not module:
+            raise ValueError(_("You did not define module name."))
+         for m in module.split():
+             rc, key = semanage_module_key_create(self.sh)
+             if rc < 0:
+@@ -416,11 +420,15 @@ class moduleRecords(semanageRecords):
+         self.commit()
+ 
+     def modify(self, file):
+        if not file:
+            raise ValueError(_("You did not define module."))
+         rc = semanage_module_update_file(self.sh, file)
+         if rc >= 0:
+             self.commit()
+ 
+     def delete(self, module, priority):
+        if not module:
+            raise ValueError(_("You did not define module name."))
+         rc = semanage_set_default_priority(self.sh, priority)
+         if rc < 0:
+             raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
+diff --git selinux-python-2.7/sepolicy/sepolicy/__init__.py selinux-python-2.7/sepolicy/sepolicy/__init__.py
+index 5cfc071..a10dbcd 100644
+--- selinux-python-2.7/sepolicy/sepolicy/__init__.py
+++ selinux-python-2.7/sepolicy/sepolicy/__init__.py
+@@ -1136,27 +1136,14 @@ def boolean_desc(boolean):
+ 
+ 
+ def get_os_version():
+-    os_version = ""
+-    pkg_name = "selinux-policy"
+    system_release = ""
+     try:
+-        try:
+-            from commands import getstatusoutput
+-        except ImportError:
+-            from subprocess import getstatusoutput
+-        rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
+-        if rc == 0:
+-            os_version = output.split(".")[-2]
+-    except:
+-        os_version = ""
+-
+-    if os_version[0:2] == "fc":
+-        os_version = "Fedora" + os_version[2:]
+-    elif os_version[0:2] == "el":
+-        os_version = "RHEL" + os_version[2:]
+-    else:
+-        os_version = ""
+        with open('/etc/system-release') as f:
+            system_release = f.readline().rstrip()
+    except IOError:
+        system_release = "Misc"
+ 
+-    return os_version
+    return system_release
+ 
+ 
+ def reinit():
+diff --git selinux-python-2.7/sepolicy/sepolicy/manpage.py selinux-python-2.7/sepolicy/sepolicy/manpage.py
+index 4d84636..4772b50 100755
+--- selinux-python-2.7/sepolicy/sepolicy/manpage.py
+++ selinux-python-2.7/sepolicy/sepolicy/manpage.py
+@@ -125,8 +125,33 @@ def gen_domains():
+     domains.sort()
+     return domains
+ 
+-types = None
+ 
+exec_types = None
+
+def _gen_exec_types():
+    global exec_types
+    if exec_types is None:
+        exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
+    return exec_types
+
+entry_types = None
+
+def _gen_entry_types():
+    global entry_types
+    if entry_types is None:
+        entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
+    return entry_types
+
+mcs_constrained_types = None
+
+def _gen_mcs_constrained_types():
+    global mcs_constrained_types
+    if mcs_constrained_types is None:
+        mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+    return mcs_constrained_types
+
+
+types = None
+ 
+ def _gen_types():
+     global types
+@@ -149,10 +174,6 @@ def prettyprint(f, trim):
+ manpage_domains = []
+ manpage_roles = []
+ 
+-fedora_releases = ["Fedora17", "Fedora18"]
+-rhel_releases = ["RHEL6", "RHEL7"]
+-
+-
+ def get_alphabet_manpages(manpage_list):
+     alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
+     for i in string.ascii_letters:
+@@ -182,7 +203,7 @@ def convert_manpage_to_html(html_manpage, manpage):
+ class HTMLManPages:
+ 
+     """
+-            Generate a HHTML Manpages on an given SELinux domains
+            Generate a HTML Manpages on an given SELinux domains
+     """
+ 
+     def __init__(self, manpage_roles, manpage_domains, path, os_version):
+@@ -190,9 +211,9 @@ class HTMLManPages:
+         self.manpage_domains = get_alphabet_manpages(manpage_domains)
+         self.os_version = os_version
+         self.old_path = path + "/"
+-        self.new_path = self.old_path + self.os_version + "/"
+        self.new_path = self.old_path
+ 
+-        if self.os_version in fedora_releases or rhel_releases:
+        if self.os_version:
+             self.__gen_html_manpages()
+         else:
+             print("SELinux HTML man pages can not be generated for this %s" % os_version)
+@@ -201,7 +222,6 @@ class HTMLManPages:
+     def __gen_html_manpages(self):
+         self._write_html_manpage()
+         self._gen_index()
+-        self._gen_body()
+         self._gen_css()
+ 
+     def _write_html_manpage(self):
+@@ -219,67 +239,21 @@ class HTMLManPages:
+                     convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
+ 
+     def _gen_index(self):
+-        index = self.old_path + "index.html"
+-        fd = open(index, 'w')
+-        fd.write("""
+-<html>
+-<head>
+-    <link rel=stylesheet type="text/css" href="style.css" title="style">
+-    <title>SELinux man pages online</title>
+-</head>
+-<body>
+-<h1>SELinux man pages</h1>
+-<br></br>
+-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
+-<br></br>
+-<hr>
+-<h3>Fedora</h3>
+-<table><tr>
+-<td valign="middle">
+-</td>
+-</tr></table>
+-<pre>
+-""")
+-        for f in fedora_releases:
+-            fd.write("""
+-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
+-
+-        fd.write("""
+-</pre>
+-<hr>
+-<h3>RHEL</h3>
+-<table><tr>
+-<td valign="middle">
+-</td>
+-</tr></table>
+-<pre>
+-""")
+-        for r in rhel_releases:
+-            fd.write("""
+-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
+-
+-        fd.write("""
+-</pre>
+-	""")
+-        fd.close()
+-        print("%s has been created") % index
+-
+-    def _gen_body(self):
+         html = self.new_path + self.os_version + ".html"
+         fd = open(html, 'w')
+         fd.write("""
+ <html>
+ <head>
+-	<link rel=stylesheet type="text/css" href="../style.css" title="style">
+-	<title>Linux man-pages online for Fedora18</title>
+	<link rel=stylesheet type="text/css" href="style.css" title="style">
+	<title>SELinux man pages</title>
+ </head>
+ <body>
+-<h1>SELinux man pages for Fedora18</h1>
+<h1>SELinux man pages for %s</h1>
+ <hr>
+ <table><tr>
+ <td valign="middle">
+ <h3>SELinux roles</h3>
+-""")
+""" % self.os_version)
+         for letter in self.manpage_roles:
+             if len(self.manpage_roles[letter]):
+                 fd.write("""
+@@ -423,6 +397,9 @@ class ManPage:
+         self.all_file_types = sepolicy.get_all_file_types()
+         self.role_allows = sepolicy.get_all_role_allows()
+         self.types = _gen_types()
+        self.exec_types = _gen_exec_types()
+        self.entry_types = _gen_entry_types()
+        self.mcs_constrained_types = _gen_mcs_constrained_types()
+ 
+         if self.source_files:
+             self.fcpath = self.root + "file_contexts"
+@@ -735,10 +712,13 @@ Default Defined Ports:""")
+ 
+     def _file_context(self):
+         flist = []
+        flist_non_exec = []
+         mpaths = []
+         for f in self.all_file_types:
+             if f.startswith(self.domainname):
+                 flist.append(f)
+                if not f in self.exec_types or not f in self.entry_types:
+                    flist_non_exec.append(f)
+                 if f in self.fcdict:
+                     mpaths = mpaths + self.fcdict[f]["regex"]
+         if len(mpaths) == 0:
+@@ -790,19 +770,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+ .PP
+ """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
+ 
+-        self.fd.write(r"""
+        if flist_non_exec:
+                self.fd.write(r"""
+ .PP
+ .B STANDARD FILE CONTEXT
+ 
+ SELinux defines the file context types for the %(domainname)s, if you wanted to
+ store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
+ 
+-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
+ .br
+ .B restorecon -R -v /srv/my%(domainname)s_content
+ 
+ Note: SELinux often uses regular expressions to specify labels that match multiple files.
+-""" % {'domainname': self.domainname, "type": flist[0]})
+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
+ 
+         self.fd.write(r"""
+ .I The following file types are defined for %(domainname)s:
+@@ -974,8 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
+ %s""" % ", ".join(paths))
+ 
+     def _mcs_types(self):
+-        mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+-        if self.type not in mcs_constrained_type['types']:
+        if self.type not in self.mcs_constrained_types['types']:
+             return
+         self.fd.write ("""
+ .SH "MCS Constrained"
--- a/selinux-sandbox-fedora.patch
+++ b/selinux-sandbox-fedora.patch
@ -0,0 +1,13 @@
+diff --git selinux-sandbox-2.7/sandboxX.sh selinux-sandbox-2.7/sandboxX.sh
+index eaa500d..4774528 100644
+--- selinux-sandbox-2.7/sandboxX.sh
+++ selinux-sandbox-2.7/sandboxX.sh
+@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
+ </openbox_config>
+ EOF
+ 
+-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+     export DISPLAY=:$D
+     cat > ~/seremote << __EOF
+ #!/bin/sh
--- a/sepolgen-fedora.patch
+++ b/sepolgen-fedora.patch
--- a/9
+++ b/9
@ -1,3 +1,8 @@
 SHA512 (policycoreutils_man_ru2.tar.bz2) = 7272801da169b8d7dd3f8b7e368a63a4fbb7ae94599f9384bc450d142e6b2a3805ab542d650cbe9c8978c2d8e5c56ef4c11f361abfefeaf184ec3a4b0d2afb4c
-SHA512 (policycoreutils-2.6.tar.gz) = ba289060bc348f9315bce84a5e5daf145600274289fdd2206edc10bb0ee03f9b02a9e40e9c118809961ddfe7844dee7d8952d8c9a239af7282f4fc1614c21e9d
-SHA512 (sepolgen-2.6.tar.gz) = b04d0b78416dde4857888f94bad1f6f83909cb4f9fb50519778ec8a50662be38ccac19f5fc6db269754cb63668c5324258ba4a4cb79440789b759ad5eb6148c0
+SHA512 (policycoreutils-2.7.tar.gz) = ce97d659f72058fd23d8dab8db98fc7c0003806a636c521fa15da465d7358d40ccc8e3eaa9675f00a9b0b8aaa1465d3fb650bc0ebbbf00164e121230673256fb
+SHA512 (selinux-python-2.7.tar.gz) = df8645e7ac9ca568f0c9d81c42b93d0abadc43c22f14d38451ab262b52132cfb7abd7742e3a00ab9c153f95dd5b23b3a496d84875debcd9787f75d940eb45c28
+SHA512 (selinux-gui-2.7.tar.gz) = 55bfa4216dabc1711324d03c6e0b2034ab04e72d32921adbeee89b08eea7b1f558a5eeaa14b8ad1bdcffcfe10efa9cb692dc783b4f0c21fe2e3e3063c20e0b7f
+SHA512 (selinux-sandbox-2.7.tar.gz) = 3f994dc296d150f3307d20e3295ad565fd86f78701ec4601493f2f4b1c91a8aa68a9ec8b6418fd9bacb9e9d32b6798cdc7e1eabc26f9b6c306affad3261ffb8a
+SHA512 (selinux-dbus-2.7.tar.gz) = 73f6731af302573cf7b20b93e7bc6da677dfd57342b097888537fd6383157c72b0fb047a4f586614fd968e8ed7f0f2b517f0abdf44dd6107aa428b7a39f93f9e
+SHA512 (semodule-utils-2.7.tar.gz) = 5c7c2a2224949f50c1119edba90d937363e22af52a38f06525e957b29f5310a3e3444d03980b2f808ce995de0f9fc0a9dca8b6167bbfde29c1a33b9bc786d3c8
+SHA512 (restorecond-2.7.tar.gz) = c81950e4f748a729c8951b13a4075ab1003530f8ada7a9d3fbe6428f76070df4819a37daaab557b63fc234aa8c8320ec41757fbdb24b76fa2c11747bde0038ad