rpms/policycoreutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add Ryan Hallisey sepolicy gui.

Browse Source 
- Update Translations
This commit is contained in:
Dan Walsh 2013-06-28 12:50:17 -04:00
parent e396b39f10
commit 2ab6b02e3c
2 changed files with 9782 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9689
policycoreutils-rhat.patch
View File

File diff suppressed because it is too large Load Diff

236
policycoreutils.spec
View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.14
Release: 60%{?dist}
Release: 61%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@ -46,14 +46,14 @@ load_policy to load policies, setfiles to label filesystems, newrole
to switch roles.
%prep
%setup -q -a 1
%setup -q -a 1
%patch -p2 -b .rhat
%patch1 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
%build
cp %{SOURCE3} gui/
make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" SEMODULE_PATH="/usr/sbin" all
make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
make -C sepolgen-%{sepolgenver} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
%install
mkdir -p %{buildroot}/var/lib/selinux
@ -67,7 +67,7 @@ cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
make LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" SEMODULE_PATH="/usr/sbin" install
# Systemd
# Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" SBINDIR="%{buildroot}%{_sbindir}" LIBDIR="%{buildroot}%{_libdir}" install
@ -95,15 +95,15 @@ rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.deskto
%package python
Summary: SELinux policy core python utilities
Group: System Environment/Base
Requires:policycoreutils = %{version}-%{release}
Requires:policycoreutils = %{version}-%{release}
Requires:libsemanage-python >= %{libsemanagever} libselinux-python libcgroup
Requires:audit-libs-python >= %{libauditver}
Requires:audit-libs-python >= %{libauditver}
Requires(pre): python >= 2.6
Obsoletes: policycoreutils < 2.0.61-2
Requires: python-IPy yum
%description python
The policycoreutils-python package contains the management tools use to manage
The policycoreutils-python package contains the management tools use to manage
an SELinux environment.
%files python
@ -112,7 +112,18 @@ an SELinux environment.
%{_bindir}/sandbox
%{python_sitearch}/seobject.py*
%{python_sitearch}/sepolgen
%{python_sitearch}/sepolicy
%dir %{python_sitearch}/sepolicy
%{python_sitearch}/sepolicy/*so
%{python_sitearch}/sepolicy/templates
%{python_sitearch}/sepolicy/__init__.py*
%{python_sitearch}/sepolicy/booleans.py*
%{python_sitearch}/sepolicy/communicate.py*
%{python_sitearch}/sepolicy/generate.py*
%{python_sitearch}/sepolicy/interface.py*
%{python_sitearch}/sepolicy/manpage.py*
%{python_sitearch}/sepolicy/network.py*
%{python_sitearch}/sepolicy/transition.py*
%{python_sitearch}/%{name}*.egg-info
%{python_sitearch}/sepolicy*.egg-info
%{python_sitearch}/%{name}
@ -128,7 +139,7 @@ an SELinux environment.
%package devel
Summary: SELinux policy core policy devel utilities
Group: System Environment/Base
Requires: policycoreutils-python = %{version}-%{release}
Requires: policycoreutils-python = %{version}-%{release}
Requires: /usr/bin/make
Requires: checkpolicy
Requires: selinux-policy-devel
@ -148,21 +159,28 @@ The policycoreutils-devel package contains the management tools use to develop p
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
%{_bindir}/sepolicy
%{_mandir}/man8/sepolicy*.8*
%{_mandir}/man8/sepolgen.8*
%{_mandir}/man8/sepolicy-booleans.8*
%{_mandir}/man8/sepolicy-generate.8*
%{_mandir}/man8/sepolicy-interface.8*
%{_mandir}/man8/sepolicy-network.8*
%{_mandir}/man8/sepolicy.8*
%{_mandir}/man8/sepolicy-communicate.8*
%{_mandir}/man8/sepolicy-manpage.8*
%{_mandir}/man8/sepolicy-transition.8*
%{_usr}/share/bash-completion/completions/sepolicy
%package sandbox
Summary: SELinux sandbox utilities
Group: System Environment/Base
Requires: policycoreutils-python = %{version}-%{release}
Requires: policycoreutils-python = %{version}-%{release}
Requires: xorg-x11-server-Xephyr >= 1.14.1-2 /usr/bin/rsync /usr/bin/xmodmap
Requires: openbox
BuildRequires: openbox
BuildRequires: libcap-ng-devel
%description sandbox
The policycoreutils-sandbox package contains the scripts to create graphical
The policycoreutils-sandbox package contains the scripts to create graphical
sandboxes
%files sandbox
@ -174,12 +192,12 @@ sandboxes
%{_mandir}/man5/sandbox.5*
%package newrole
Summary: The newrole application for RBAC/MLS
Summary: The newrole application for RBAC/MLS
Group: System Environment/Base
Requires: policycoreutils = %{version}-%{release}
Requires: policycoreutils = %{version}-%{release}
%description newrole
RBAC/MLS policy machines require newrole as a way of changing the role
RBAC/MLS policy machines require newrole as a way of changing the role
or level of a logged in user.
%files newrole
@ -191,7 +209,7 @@ or level of a logged in user.
%package gui
Summary: SELinux configuration GUI
Group: System Environment/Base
Requires: policycoreutils-devel = %{version}-%{release}
Requires: policycoreutils-devel = %{version}-%{release}
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
Requires: usermode-gtk
Requires: python >= 2.6
@ -212,8 +230,11 @@ system-config-selinux is a utility for managing the SELinux environment
%{_datadir}/system-config-selinux/system-config-selinux.png
%{_datadir}/system-config-selinux/*.py*
%{_datadir}/system-config-selinux/*.glade
%{python_sitearch}/sepolicy/gui.py*
%{python_sitearch}/sepolicy/sepolicy.glade
%{_mandir}/man8/system-config-selinux.8*
%{_mandir}/man8/selinux-polgengui.8*
%{_mandir}/man8/sepolicy-gui.8*
%post gui
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@ -309,8 +330,12 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Fri Jun 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-61
- Add Ryan Hallisey sepolicy gui.
- Update Translations
* Mon Jun 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-60
- Fix semanage module error handling
-- Fix semanage module error handling
* Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59
- Add back default exception handling for errors, which argparse rewrite removed.
@ -326,7 +351,7 @@ The policycoreutils-restorecond package contains the restorecond service.
* Wed Jun 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-56
- Fix semanage export/import commands
- Fix semange module command
- Fix semange module command
- Remove --version option from sandbox
* Tue Jun 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-55
@ -370,7 +395,7 @@ The policycoreutils-restorecond package contains the restorecond service.
* Thu May 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-44
- Fix sepolicy-generate man page to clear up options/policy type
- Add Miroslav Grepl to not generate man page when doing
- Add Miroslav Grepl to not generate man page when doing
sepolicy generate --customize
- Add support for executing semanage user within spec file
- Fix generation of confined admin domains, to handle booleans properly.
@ -514,7 +539,7 @@ The policycoreutils-restorecond package contains the restorecond service.
- sepolgen-ifgen should use the current policy path if selinux is enabled
* Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-10
- Fix sepolicy to be able to work on an SELinux disabled system.
- Fix sepolicy to be able to work on an SELinux disabled system.
- Needed to be able to build man pages in selinux-policy package
* Thu Feb 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-9
@ -552,7 +577,7 @@ do not drop capabilities when run as root.
- Fix empty system-config-selinux.png
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-1
- Update to upstream
- Update to upstream
* setfiles: estimate percent progress
* load_policy: make link at the destination directory
* Rebuild polgen.glade with glade-3
@ -593,7 +618,7 @@ do not drop capabilities when run as root.
* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-57
- Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
- fixfiles onboot will write any flags handed to it to /.autorelabel.
- * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
- * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
@ -635,12 +660,12 @@ do not drop capabilities when run as root.
* Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-51
- Update translations
- Fix sepolicy booleans to handle autogenerated booleans descriptions
- Cleanups of sepolicy manpage
- Cleanups of sepolicy manpage
- Fix crash on git_shell man page generation
* Thu Jan 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-50
- Update translations
- update sepolicy manpage to generate fcontext equivalence data and to list
- update sepolicy manpage to generate fcontext equivalence data and to list
default file context paths.
- Add ability to generate policy for confined admins and domains like puppet.
@ -649,7 +674,7 @@ default file context paths.
- Update translations
* Wed Dec 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-48
- Fix semanage permissive
- Fix semanage permissive
- Change to use correct gtk forward button
- Update po
@ -662,7 +687,7 @@ default file context paths.
* Mon Dec 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-45
- Apply patch from Miroslav to display proper range description in man pages g
- Should print warning on missing default label when run in recusive mode iff
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44
@ -741,8 +766,8 @@ recusively
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
- Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
- Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
@ -794,7 +819,7 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir
- Patch initiated by Miroslav Grepl
* Wed Oct 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-9
- Fix semanage to verify that types are appropriate for commands.
- Fix semanage to verify that types are appropriate for commands.
* Patch initiated by mgrepl
* Fixes problem of specifying non file_types for fcontext, or not port_types for semanage port
@ -825,7 +850,7 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir
- Use systemd post install scriptlets
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
- Update to upstream
- Update to upstream
* genhomedircon: manual page improvements
* setfiles/restorecon minor improvements
* run_init: If open_init_pty is not available then just use exec
@ -875,7 +900,7 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir
* Thu Jul 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-4
- Fix restorecon to generate a better percentage of completion on restorecon -R /.
- Have audit2allow look at the constaint violation and tell the user whether it
- Have audit2allow look at the constaint violation and tell the user whether it
- is because of user,role or level
@ -886,7 +911,7 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir
- Remove load_policy symbolic link on usrmove systems this breaks the system
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
- Update to upstream
- Update to upstream
- policycoreutils
* restorecond: wrong options should exit with non-zero error code
* restorecond: Add -h option to get usage command
@ -919,7 +944,7 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir
- Fix semanage dontaudit off/on exception
* Tue May 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-12
- Add -N qualifier to semanage, setsebool and semodule to allow you to update
- Add -N qualifier to semanage, setsebool and semodule to allow you to update
- policy without reloading it into the kernel.
* Thu May 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-11
@ -957,7 +982,7 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir
- Change policycoreutils-python to require selinux-policy-devel package
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
- Update to upstream
- Update to upstream
- policycoreutils
* sandbox: do not propogate inside mounts outside
* sandbox: Removing sandbox init script, should no longer be necessary
@ -1012,7 +1037,7 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir
- Add systemd_passwd_agent_exec($1), and systemd_read_fifo_file_passwd_run($1) to templates for _admin interface
* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-21
- On full relabels we will now show a estimated percent complete rather then
- On full relabels we will now show a estimated percent complete rather then
just *s.
* Wed Feb 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-20
@ -1055,7 +1080,7 @@ just *s.
- Eliminate not needed Requires
* Wed Jan 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-9
- fix sepolgen to not crash on echo "" | audit2allow
- fix sepolgen to not crash on echo "" | audit2allow
* Mon Jan 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-8
- Remove sandbox init script, should no longer be necessary
@ -1068,7 +1093,7 @@ just *s.
* Fri Dec 23 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
- Fix the handling of namespaces in seunshare/sandbox.
- Currently mounting of directories within sandbox is propogating to the
- Currently mounting of directories within sandbox is propogating to the
- parent namesspace.
* Thu Dec 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3
@ -1116,13 +1141,13 @@ just *s.
- Fix semange fcontext -a to check for more conflicts on equivalency
* Tue Nov 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-7
- Fix dpi handling in sandbox
- Fix dpi handling in sandbox
- Make sure semanage fcontext -l -C prints if only local equiv have changed
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-6
- Add listing of distribution equivalence class from semanage fcontext -l
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
- Allow ~ as a valid part of a filename in sepolgen
@ -1161,7 +1186,7 @@ just *s.
* Return name field in avc data
* Mon Oct 31 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-6
- Rebuild versus newer libsepol
- Rebuild versus newer libsepol
* Fri Oct 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-5
- A couple of minor coverity fixes for a potential leaked file descriptor
@ -1225,14 +1250,14 @@ just *s.
* Wed Sep 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-4
- Maintain the LANG environment Variable into the sandbox
- Change restorecon/setfiles to only change type part of the context unless
- Change restorecon/setfiles to only change type part of the context unless
-f qualifier is given
* Tue Sep 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
- Remove lockdown wizard, since gtkhtml2 is no longer supported.
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
- Allow setfiles and restorecon to use labeledprefix to speed up processing
- Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
@ -1344,15 +1369,15 @@ and limit memory.
- Fix seunshare usage statement
* Thu Jul 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-18
- Change seunshare to send kill signals to the childs session.
- Change seunshare to send kill signals to the childs session.
- Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
* Wed Jul 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-17
- Add -k qualifier to seunshare to have it attempt to kill all processes with
- Add -k qualifier to seunshare to have it attempt to kill all processes with
the matching MCS label.
* Tue Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
the bounding set will be dropped.
- Change --cgroups short name -c rather then -C for consistancy
- Fix memory and fd leaks in seunshare
@ -1361,7 +1386,7 @@ the bounding set will be dropped.
- Introduce systemd unit file for restorecond drop SysV support
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14
- Do not drop capability bounding set in seunshare, this allows sandbox to
- Do not drop capability bounding set in seunshare, this allows sandbox to
- run setuid apps.
* Fri Jun 10 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-13
@ -1390,7 +1415,7 @@ the bounding set will be dropped.
* Fri Apr 22 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-6
- Apply patches from Christoph A.
* fix sandbox title
* fix sandbox title
* stop xephyr from li
- Also ignore errors on sandbox include of directory missing files
@ -1404,7 +1429,7 @@ the bounding set will be dropped.
- rebuild versus latest libsepol
* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-1
- Update to upstream
- Update to upstream
* Use correct color range in mcstrand by Richard Haines.
* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-30
@ -1437,7 +1462,7 @@ the bounding set will be dropped.
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-21
- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_*
- This will allow default sandboxes to work on NFS homedirs without allowing
- This will allow default sandboxes to work on NFS homedirs without allowing
access to homedir data
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-20
@ -1458,7 +1483,7 @@ the bounding set will be dropped.
* Mon Mar 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-16
- Require python-IPy for policycoreutils-python package
- Fixes for sepologen
- Fixes for sepologen
- Usage statement needs -n name
- Names with _ are being prevented
- dbus apps should get _chat interface
@ -1564,7 +1589,7 @@ the bounding set will be dropped.
- Stop polgengui from crashing if selinux policy is not installed
* Thu Sep 9 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-25
- Fix bug preventing sandbox from using -l
- Fix bug preventing sandbox from using -l
* Tue Sep 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-24
- Eliminate quotes fro desktop files
@ -1591,7 +1616,7 @@ the bounding set will be dropped.
- Fix sandbox error handling
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-17
- Apply patch to restorecond from Chris Adams, which will cause restorecond
- Apply patch to restorecond from Chris Adams, which will cause restorecond
- to watch first user that logs in.
* Thu Aug 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-16
@ -1649,13 +1674,13 @@ Resolves: #610473
Resolve: #603001
* Tue Jun 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-30
- Add cgroup support for sandbox
- Add cgroup support for sandbox
* Mon Jun 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-29
- Allow creation of /var/cache/DOMAIN from sepolgen
* Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-28
- Fix sandbox init script
- Fix sandbox init script
- Add dbus-launch to sandbox -X
Resolve: #599599
@ -1719,13 +1744,13 @@ Resolves: #588280
Resolves: #587263
* Wed Apr 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-11
- Make semanage boolean work on disabled machines
- Make semanage boolean work on disabled machines
* Tue Apr 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-10
- Make sepolgen-ifgen be quiet
* Wed Apr 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-8
- Make sepolgen report on more interfaces
- Make sepolgen report on more interfaces
- Fix system-config-selinux display of modules
* Thu Apr 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-7
@ -1744,16 +1769,16 @@ Resolves: #582533
- Fix sandbox to throw error on bad executable
* Tue Apr 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-4
- Fix spacing in templates
- Fix spacing in templates
* Wed Mar 31 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-3
- Fix semanage return codes
* Tue Mar 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-2
- Fix sepolgen to confirm to the "Reference Policy Style Guide"
- Fix sepolgen to confirm to the "Reference Policy Style Guide"
* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-1
- Update to upstream
- Update to upstream
* Add avc's since boot from Dan Walsh.
* Fix unit tests from Dan Walsh.
@ -1782,7 +1807,7 @@ Resolves: #582533
* Module enable/disable support from Dan Walsh.
* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-5
- Rewrite of sandbox script, add unit test for sandbox
- Rewrite of sandbox script, add unit test for sandbox
- Update translations
* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-4
@ -1820,7 +1845,7 @@ Resolves: 555835
- Add use_resolve to sepolgen
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
- Add session capability to sandbox
- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-13
@ -2031,7 +2056,7 @@ Resolves: 555835
- Update to upstream
* Modify restorecon to only call realpath() on user-supplied pathnames
from Stephen Smalley.
* Fix typo in fixfiles that prevented it from relabeling btrfs
* Fix typo in fixfiles that prevented it from relabeling btrfs
filesystems from Dan Walsh.
* Wed Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
@ -2183,7 +2208,7 @@ Resolves: 555835
* Tue Nov 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.59-1
- Update to upstream
* fcontext add checked local records twice, fix from Dan Walsh.
* fcontext add checked local records twice, fix from Dan Walsh.
* Mon Nov 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.58-1
- Update to upstream
@ -2283,7 +2308,7 @@ Resolves: 555835
- Allow semanage user to add group lists % groupname
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-2
- Fix help
- Fix help
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-1
- Update to upstream
@ -2357,7 +2382,7 @@ Resolves: 555835
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-1
- Make restorecond not start by default
- Fix polgengui to allow defining of confined roles.
- Add patches from Lubomir Rintel <lkundrak@v3.sk>
- Add patches from Lubomir Rintel <lkundrak@v3.sk>
* Add necessary runtime dependencies on setools-console for -gui
* separate stderr when run seinfo commands
- Update to upstream
@ -2365,7 +2390,7 @@ Resolves: 555835
* Add further error checking to seobject.py for setting booleans.
* Fri Apr 18 2008 Matthias Clasen <mclasen@redhat.com> - 2.0.46-5
- Uninvasive (ie no string or widget changes) HIG approximations
- Uninvasive (ie no string or widget changes) HIG approximations
in selinux-polgenui
* Fri Apr 18 2008 Matthias Clasen <mclasen@redhat.com> - 2.0.46-4
@ -2521,7 +2546,7 @@ Resolves: 555835
- Fix fixfiles argument parsing
* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-15
- Fix File Labeling add
- Fix File Labeling add
* Thu Nov 8 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-14
- Fix semanage to handle state where policy.xml is not installed
@ -2623,7 +2648,7 @@ Resolves: 555835
* Suppress generation of rules for non-denials from Karl MacMillan (take 3).
* Tue Sep 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-12
- Remove bogus import libxml2
- Remove bogus import libxml2
* Mon Sep 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-11
- Lots of fixes for polgengui
@ -2661,7 +2686,7 @@ Resolves: 555835
* Fix genhomedircon searching for USER from Todd Miller
* Install run_init with mode 0755 from Dan Walsh.
* Fix chcat from Dan Walsh.
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
* Optimize genhomedircon to compile regexes once from Dan Walsh.
* Fix semanage gettext call from Dan Walsh.
@ -2686,11 +2711,11 @@ Resolves: 555835
- rebuild for toolchain bug
* Tue Jul 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-8
- Add requires libselinux-python
- Add requires libselinux-python
* Mon Jul 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-7
- Fix fixfiles to report incorrect rpm
- Patch provided by Tony Nelson
- Patch provided by Tony Nelson
* Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-6
- Clean up spec file
@ -2808,7 +2833,7 @@ Resolves: 555835
- Updated version of sepolgen
* Merged updates to sepolgen-ifgen from Karl MacMillan.
* Merged updates to sepolgen parser and tools from Karl MacMillan.
This includes improved debugging support, handling of interface
This includes improved debugging support, handling of interface
calls with list parameters, support for role transition rules,
updated range transition rule support, and looser matching.
@ -2868,7 +2893,7 @@ Resolves: 555835
- Update to upstream
- policycoreutils
* Merged newrole O_NONBLOCK fix from Linda Knippers.
* Merged sepolgen and audit2allow patches to leave generated files
* Merged sepolgen and audit2allow patches to leave generated files
in the current directory from Karl MacMillan.
* Merged restorecond memory leak fix from Steve Grubb.
-sepolgen
@ -2913,7 +2938,7 @@ Resolves: 555835
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
the data needed by audit2allow to generate refpolicy.
* Fixed newrole non-pam build.
- Fix Changelog and spelling error in man page
@ -2958,7 +2983,7 @@ Resolves: #200110
* Tue Jan 9 2007 Dan Walsh <dwalsh@redhat.com> 1.33.11-1
- Update to upstream
* Merged fixfiles and seobject fixes from Dan Walsh.
* Merged semodule support for list of modules after -i from Karl MacMillan.
* Merged semodule support for list of modules after -i from Karl MacMillan.
* Tue Jan 9 2007 Dan Walsh <dwalsh@redhat.com> 1.33.10-1
- Update to upstream
@ -2982,7 +3007,7 @@ Resolves: #200110
* Patch from Dan Walsh to correctly suppress warnings in load_policy.
* Tue Jan 2 2007 Dan Walsh <dwalsh@redhat.com> 1.33.6-9
- Fix fixfiles script to use tty command correctly. If this command fails, it
- Fix fixfiles script to use tty command correctly. If this command fails, it
should set the LOGFILE to /dev/null
Resolves: #220879
@ -2995,7 +3020,7 @@ Resolves: #219421
* Mon Dec 18 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6
- Fix audit2allow generating reference policy
- Fix semanage to manage user roles properly
- Fix semanage to manage user roles properly
Resolves: #220071
* Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-5
@ -3021,7 +3046,7 @@ Resolves: #216920
* Patch from Dan Walsh to remove verbose flag from semanage man page
* Patch from Dan Walsh to make audit2allow use refpolicy Makefile
in /usr/share/selinux/<SELINUXTYPE>
* Wed Nov 29 2006 Dan Walsh <dwalsh@redhat.com> 1.33.5-4
- Fixing the Makefile line again to build with LSPP support
Resolves: #208838
@ -3045,7 +3070,7 @@ Resolves: #208838
* Wed Nov 22 2006 Dan Walsh <dwalsh@redhat.com> 1.33.4-1
- Upstream accepted my patches
* Merged setsebool patch from Karl MacMillan.
* Merged setsebool patch from Karl MacMillan.
This fixes a bug reported by Yuichi Nakamura with
always setting booleans persistently on an unmanaged system.
@ -3110,7 +3135,7 @@ Resolves: #208838
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-6
- Pass -i qualifier to restorecon for fixfiles -R
- Update translations
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
- Remove recursion from fixfiles -R calls
- Fix semanage to verify prefix
@ -3142,7 +3167,7 @@ Resolves: #208838
* Fri Sep 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-6
- Change setfiles and restorecon to use stderr except for -o flag
- Also -o flag will now output files
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-5
- Put back Erich's change
@ -3192,7 +3217,7 @@ Resolves: #208838
* newrole: run shell with - prefix to start a login shell
* po: po file updates
* restorecond: bail if SELinux not enabled
* fixfiles: omit -q
* fixfiles: omit -q
* genhomedircon: fix exit code if non-root
* semodule_deps: install man page
* Merged secon Makefile fix from Joshua Brindle.
@ -3240,7 +3265,7 @@ Resolves: #208838
* disable context translation for setfiles and restorecon.
* on/off values for setsebool.
* Merged setfiles and semodule_link fixes from Joshua Brindle.
* Thu Jun 22 2006 Dan Walsh <dwalsh@redhat.com> 1.30.14-5
- Add progress indicator on fixfiles/setfiles/restorecon
@ -3327,7 +3352,7 @@ Resolves: #208838
* Merged fix warnings patch from Karl MacMillan.
* Merged patch from Dan Walsh.
This includes audit2allow changes for analysis plugins,
internationalization support for several additional programs
internationalization support for several additional programs
and added po files, some fixes for semanage, and several cleanups.
It also adds a new secon utility.
@ -3441,7 +3466,7 @@ Resolves: #208838
* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> 1.29.20-1
- Update from upstream
* Merged seuser/user_extra support patch to semodule_package
* Merged seuser/user_extra support patch to semodule_package
from Joshua Brindle.
* Merged getopt type fix for semodule_link/expand and sestatus
from Chris PeBenito.
@ -3517,7 +3542,7 @@ Resolves: #208838
- Update chcat to manage user categories also
* Sat Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-3
- Add check for root for semanage, genhomedircon
- Add check for root for semanage, genhomedircon
* Sat Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-2
- Add ivans patch
@ -3578,7 +3603,7 @@ Resolves: #208838
* Tue Dec 20 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-4
- Add try catch for files that may not exists
* Mon Dec 19 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-3
- Remove commands from genhomedircon for installer
@ -3745,7 +3770,7 @@ Resolves: #208838
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.27.6-1
- Update to match NSA
* Updated for changes to libsepol.
* Updated for changes to libsepol.
Changed semodule and semodule_package to use the shared libsepol.
Disabled build of semodule_link and semodule_expand for now.
Updated audit2why for relocated policydb internal headers,
@ -3762,7 +3787,7 @@ Resolves: #208838
interface provided by libselinux.
* Wed Oct 5 2005 Dan Walsh <dwalsh@redhat.com> 1.27.3-2
- Rebuild with newer libararies
- Rebuild with newer libararies
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.3-1
- Update to match NSA
@ -3849,7 +3874,7 @@ Resolves: #208838
* Updated version for release.
* Tue Jun 14 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-4
- Fix Ivan's patch for user role changes
- Fix Ivan's patch for user role changes
* Sat May 28 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-3
- Add Ivan's patch for user role changes in genhomedircon
@ -3868,13 +3893,13 @@ Resolves: #208838
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1
- Update to match NSA
* Extended audit2why to incorporate booleans and local user
* Extended audit2why to incorporate booleans and local user
settings when analyzing audit messages.
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.23.9-1
- Update to match NSA
* Updated audit2why for sepol_ prefixes on Flask types to
avoid namespace collision with libselinux, and to
avoid namespace collision with libselinux, and to
include <selinux/selinux.h> now.
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.8-1
@ -3924,7 +3949,7 @@ Resolves: #208838
- Update to released version from NSA
* Merged rewrite of genhomedircon by Eric Paris.
* Changed fixfiles to relabel jfs since it now supports security xattrs
(as of 2.6.11). Removed reiserfs until 2.6.12 is released with
(as of 2.6.11). Removed reiserfs until 2.6.12 is released with
fixed support for reiserfs and selinux.
* Thu Mar 10 2005 Dan Walsh <dwalsh@redhat.com> 1.22-2
@ -3951,7 +3976,7 @@ Resolves: #208838
- Add call to libsepol
* Thu Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-4
- Fix genhomedircon to handle root
- Fix genhomedircon to handle root
- Fix fixfiles to better handle file system types
* Wed Feb 23 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-2
@ -3991,15 +4016,15 @@ written to. fails on 64-bit archs
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.21.15-9
- Remove Red Hat rhpl usage
- Add back in original syntax
- Add back in original syntax
- Update man page to match new syntax
* Fri Feb 11 2005 Dan Walsh <dwalsh@redhat.com> 1.21.15-8
- Fix genhomedircon regular expression
- Fix exclude in restorecon
- Fix exclude in restorecon
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.15-5
- Trap failure on write
- Trap failure on write
- Rewrite genhomedircon to generate file_context.homedirs
- several passes
@ -4023,7 +4048,7 @@ written to. fails on 64-bit archs
* Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.12-1
- More cleanup of fixfiles sed patch
* Merged further patches for restorecon/setfiles -e and fixfiles -C.
* Merged further patches for restorecon/setfiles -e and fixfiles -C.
* Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-2
- More cleanup of fixfiles sed patch
@ -4038,7 +4063,7 @@ written to. fails on 64-bit archs
- Upgrade to latest from NSA
* Merged updated fixfiles script from Dan Walsh.
* Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
* Reverted fixfiles patch for file_contexts.local;
* Reverted fixfiles patch for file_contexts.local;
obsoleted by setfiles rewrite.
* Merged error handling patch for restorecon from Dan Walsh.
* Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
@ -4096,7 +4121,7 @@ written to. fails on 64-bit archs
* Mon Jan 3 2005 Dan Walsh <dwalsh@redhat.com> 1.19.2-4
- Fix fixfiles handling of rpm
- Fix restorecon to not warn on symlinks unless -v -v
- Fix restorecon to not warn on symlinks unless -v -v
- Fix output of verbose to show old context as well as new context
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
@ -4134,7 +4159,7 @@ written to. fails on 64-bit archs
* Merged -e option to setfiles to exclude directories.
* Merged -R option to restorecon for recursive descent.
* Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-6
- Add -e (exclude directory) switch to setfiles
- Add -e (exclude directory) switch to setfiles
- Add syslog to setfiles
* Fri Sep 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-5
@ -4157,7 +4182,7 @@ written to. fails on 64-bit archs
- Add fix to get cdrom info from /proc/media in fixfiles.
* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-4
- Add Steve Grub patches for
- Add Steve Grub patches for
* Fix fixfiles.cron MAILTO
* Several problems in sestatus
@ -4206,7 +4231,7 @@ written to. fails on 64-bit archs
- Latest from NSA
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-2
- Add ro warnings
- Add ro warnings
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
- Latest from NSA
@ -4374,7 +4399,7 @@ written to. fails on 64-bit archs
- Fix minor bugs in restorecon
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6-2
- Add restorecon c program
- Add restorecon c program
* Tue Feb 24 2004 Dan Walsh <dwalsh@redhat.com> 1.6-1
- Update to latest tarball from NSA
@ -4389,7 +4414,7 @@ written to. fails on 64-bit archs
- remove mods to run_init since init scripts don't require it anymore
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 1.4-6
- fix genhomedircon not to return and error
- fix genhomedircon not to return and error
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
- add setfiles quiet patch
@ -4443,4 +4468,3 @@ written to. fails on 64-bit archs
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version