policycoreutils-3.1-8

- Fix BuildRequires to libsemanage-devel

.gitignore

@@ -280,3 +280,45 @@ policycoreutils-2.0.83.tgz
 /policycoreutils-po.tgz
 /python-po.tgz
 /sandbox-po.tgz
+/policycoreutils-2.9-rc1.tar.gz
+/selinux-python-2.9-rc1.tar.gz
+/selinux-gui-2.9-rc1.tar.gz
+/selinux-sandbox-2.9-rc1.tar.gz
+/selinux-dbus-2.9-rc1.tar.gz
+/semodule-utils-2.9-rc1.tar.gz
+/restorecond-2.9-rc1.tar.gz
+/policycoreutils-2.9-rc2.tar.gz
+/restorecond-2.9-rc2.tar.gz
+/selinux-dbus-2.9-rc2.tar.gz
+/selinux-gui-2.9-rc2.tar.gz
+/selinux-python-2.9-rc2.tar.gz
+/selinux-sandbox-2.9-rc2.tar.gz
+/semodule-utils-2.9-rc2.tar.gz
+/policycoreutils-2.9.tar.gz
+/restorecond-2.9.tar.gz
+/selinux-dbus-2.9.tar.gz
+/selinux-gui-2.9.tar.gz
+/selinux-python-2.9.tar.gz
+/selinux-sandbox-2.9.tar.gz
+/semodule-utils-2.9.tar.gz
+/policycoreutils-3.0-rc1.tar.gz
+/restorecond-3.0-rc1.tar.gz
+/selinux-dbus-3.0-rc1.tar.gz
+/selinux-gui-3.0-rc1.tar.gz
+/selinux-python-3.0-rc1.tar.gz
+/selinux-sandbox-3.0-rc1.tar.gz
+/semodule-utils-3.0-rc1.tar.gz
+/policycoreutils-3.0.tar.gz
+/restorecond-3.0.tar.gz
+/selinux-dbus-3.0.tar.gz
+/selinux-gui-3.0.tar.gz
+/selinux-python-3.0.tar.gz
+/selinux-sandbox-3.0.tar.gz
+/semodule-utils-3.0.tar.gz
+/policycoreutils-3.1.tar.gz
+/restorecond-3.1.tar.gz
+/selinux-dbus-3.1.tar.gz
+/selinux-gui-3.1.tar.gz
+/selinux-python-3.1.tar.gz
+/selinux-sandbox-3.1.tar.gz
+/semodule-utils-3.1.tar.gz

0001-python-audit2allow-add-include-limits.h-to-sepolgen-.patch

@@ -0,0 +1,34 @@
+From ccd973f721c48945fc706d8fef6b396580853a9f Mon Sep 17 00:00:00 2001
+From: "W. Michael Petullo" <mike@flyn.org>
+Date: Thu, 16 Jul 2020 15:29:20 -0500
+Subject: [PATCH] python/audit2allow: add #include <limits.h> to
+ sepolgen-ifgen-attr-helper.c
+
+I found that building on OpenWrt/musl failed with:
+
+  sepolgen-ifgen-attr-helper.c:152:16: error: 'PATH_MAX' undeclared ...
+
+Musl is less "generous" than glibc in recursively including header
+files, and I suspect this is the reason for this error. Explicitly
+including limits.h fixes the problem.
+
+Signed-off-by: W. Michael Petullo <mike@flyn.org>
+---
+ python/audit2allow/sepolgen-ifgen-attr-helper.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/python/audit2allow/sepolgen-ifgen-attr-helper.c b/python/audit2allow/sepolgen-ifgen-attr-helper.c
+index 53f20818722a..f010c9584c1f 100644
+--- a/python/audit2allow/sepolgen-ifgen-attr-helper.c
++++ b/python/audit2allow/sepolgen-ifgen-attr-helper.c
+@@ -28,6 +28,7 @@
+ 
+ #include <selinux/selinux.h>
+ 
++#include <limits.h>
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+-- 
+2.29.0
+

0002-restorecond-Set-X-GNOME-HiddenUnderSystemd-true-in-r.patch

@@ -0,0 +1,26 @@
+From 9e2b8c61bfd275d0f007a736721c557755edf4a0 Mon Sep 17 00:00:00 2001
+From: Laurent Bigonville <bigon@bigon.be>
+Date: Thu, 16 Jul 2020 14:22:13 +0200
+Subject: [PATCH] restorecond: Set X-GNOME-HiddenUnderSystemd=true in
+ restorecond.desktop file
+
+This completely inactivate the .desktop file incase the user session is
+managed by systemd as restorecond also provide a service file
+
+Signed-off-by: Laurent Bigonville <bigon@bigon.be>
+---
+ restorecond/restorecond.desktop | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/restorecond/restorecond.desktop b/restorecond/restorecond.desktop
+index af7286801c24..7df854727a3f 100644
+--- a/restorecond/restorecond.desktop
++++ b/restorecond/restorecond.desktop
+@@ -5,3 +5,4 @@ Comment=Fix file context in owned by the user
+ Type=Application
+ StartupNotify=false
+ X-GNOME-Autostart-enabled=false
++X-GNOME-HiddenUnderSystemd=true
+-- 
+2.29.0
+

0003-fixfiles-correctly-restore-context-of-mountpoints.patch

@@ -0,0 +1,136 @@
+From ba2d6c10635a021d2b1a5fc2123fde13b04295a5 Mon Sep 17 00:00:00 2001
+From: bauen1 <j2468h@googlemail.com>
+Date: Thu, 6 Aug 2020 16:48:36 +0200
+Subject: [PATCH] fixfiles: correctly restore context of mountpoints
+
+By bind mounting every filesystem we want to relabel we can access all
+files without anything hidden due to active mounts.
+
+This comes at the cost of user experience, because setfiles only
+displays the percentage if no path is given or the path is /
+
+Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+---
+ policycoreutils/scripts/fixfiles   | 29 +++++++++++++++++++++++++----
+ policycoreutils/scripts/fixfiles.8 |  8 ++++++--
+ 2 files changed, 31 insertions(+), 6 deletions(-)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index 5d7770348349..30dadb4f4cb6 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -112,6 +112,7 @@ FORCEFLAG=""
+ RPMFILES=""
+ PREFC=""
+ RESTORE_MODE=""
++BIND_MOUNT_FILESYSTEMS=""
+ SETFILES=/sbin/setfiles
+ RESTORECON=/sbin/restorecon
+ FILESYSTEMSRW=`get_rw_labeled_mounts`
+@@ -243,7 +244,23 @@ case "$RESTORE_MODE" in
+ 	if [ -n "${FILESYSTEMSRW}" ]; then
+ 	    LogReadOnly
+ 	    echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
+-	    ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
++
++	    if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then
++	        ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
++	    else
++	        # we bind mount so we can fix the labels of files that have already been
++	        # mounted over
++	        for m in `echo $FILESYSTEMSRW`; do
++	            TMP_MOUNT="$(mktemp -d)"
++	            test -z ${TMP_MOUNT+x} && echo "Unable to find temporary directory!" && exit 1
++
++	            mkdir -p "${TMP_MOUNT}${m}" || exit 1
++	            mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1
++	            ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}"
++	            umount "${TMP_MOUNT}${m}" || exit 1
++	            rm -rf "${TMP_MOUNT}" || echo "Error cleaning up."
++	        done;
++	    fi
+ 	else
+ 	    echo >&2 "fixfiles: No suitable file systems found"
+ 	fi
+@@ -313,6 +330,7 @@ case "$1" in
+ 	> /.autorelabel || exit $?
+ 	[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
+ 	[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
++	[ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M" >> /.autorelabel
+ 	# Force full relabel if SELinux is not enabled
+ 	selinuxenabled || echo -F > /.autorelabel
+ 	echo "System will relabel on next boot"
+@@ -324,7 +342,7 @@ esac
+ }
+ usage() {
+ 	echo $"""
+-Usage: $0 [-v] [-F] [-f] relabel
++Usage: $0 [-v] [-F] [-M] [-f] relabel
+ or
+ Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify }
+ or
+@@ -334,7 +352,7 @@ Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify }
+ or
+ Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
+ or
+-Usage: $0 [-F] [-B] onboot
++Usage: $0 [-F] [-M] [-B] onboot
+ """
+ }
+ 
+@@ -353,7 +371,7 @@ set_restore_mode() {
+ }
+ 
+ # See how we were called.
+-while getopts "N:BC:FfR:l:v" i; do
++while getopts "N:BC:FfR:l:vM" i; do
+     case "$i" in
+ 	B)
+ 		BOOTTIME=`/bin/who -b | awk '{print $3}'`
+@@ -379,6 +397,9 @@ while getopts "N:BC:FfR:l:v" i; do
+ 		echo "Redirecting output to $OPTARG"
+ 		exec >>"$OPTARG" 2>&1
+ 		;;
++	M)
++		BIND_MOUNT_FILESYSTEMS="-M"
++		;;
+ 	F)
+ 		FORCEFLAG="-F"
+ 		;;
+diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
+index 9f447f03d444..123425308416 100644
+--- a/policycoreutils/scripts/fixfiles.8
++++ b/policycoreutils/scripts/fixfiles.8
+@@ -6,7 +6,7 @@ fixfiles \- fix file SELinux security contexts.
+ .na
+ 
+ .B fixfiles
+-.I [\-v] [\-F] [\-f] relabel
++.I [\-v] [\-F] [-M] [\-f] relabel
+ 
+ .B fixfiles
+ .I [\-v] [\-F] { check | restore | verify } dir/file ...
+@@ -21,7 +21,7 @@ fixfiles \- fix file SELinux security contexts.
+ .I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT  { check | restore | verify }
+ 
+ .B fixfiles
+-.I [-F] [-B] onboot
++.I [-F] [-M] [-B] onboot
+ 
+ .ad
+ 
+@@ -68,6 +68,10 @@ Run a diff on  the PREVIOUS_FILECONTEXT file to the currently installed one, and
+ Only act on files created after the specified date.  Date must be specified in
+ "YYYY\-MM\-DD HH:MM" format.  Date field will be passed to find \-\-newermt command.
+ 
++.TP
++.B \-M
++Bind mount filesystems before relabeling them, this allows fixing the context of files or directories that have been mounted over.
++
+ .TP
+ .B -v
+ Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)
+-- 
+2.29.0
+

0004-sepolgen-print-extended-permissions-in-hexadecimal.patch

@@ -0,0 +1,112 @@
+From 9e239e55692b578ba546b4dff2b07604a2ca6baa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Wed, 19 Aug 2020 17:05:33 +0200
+Subject: [PATCH] sepolgen: print extended permissions in hexadecimal
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+All tools like ausearch(8) or sesearch(1) and online documentation[1]
+use hexadecimal values for extended permissions.
+Hence use them, e.g. for audit2allow output, as well.
+
+[1]: https://github.com/strace/strace/blob/master/linux/64/ioctls_inc.h
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+---
+ python/sepolgen/src/sepolgen/refpolicy.py |  5 ++---
+ python/sepolgen/tests/test_access.py      | 10 +++++-----
+ python/sepolgen/tests/test_refpolicy.py   | 12 ++++++------
+ 3 files changed, 13 insertions(+), 14 deletions(-)
+
+diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
+index 43cecfc77385..747636875ef7 100644
+--- a/python/sepolgen/src/sepolgen/refpolicy.py
++++ b/python/sepolgen/src/sepolgen/refpolicy.py
+@@ -407,10 +407,9 @@ class XpermSet():
+ 
+         # print single value without braces
+         if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
+-            return compl + str(self.ranges[0][0])
++            return compl + hex(self.ranges[0][0])
+ 
+-        vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
+-                   self.ranges)
++        vals = map(lambda x: hex(x[0]) if x[0] == x[1] else "%s-%s" % (hex(x[0]), hex(x[1]), ), self.ranges)
+ 
+         return "%s{ %s }" % (compl, " ".join(vals))
+ 
+diff --git a/python/sepolgen/tests/test_access.py b/python/sepolgen/tests/test_access.py
+index 73a5407df617..623588e09aeb 100644
+--- a/python/sepolgen/tests/test_access.py
++++ b/python/sepolgen/tests/test_access.py
+@@ -171,7 +171,7 @@ class TestAccessVector(unittest.TestCase):
+         a.merge(b)
+         self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
+         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
+-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
++        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
+ 
+     def text_merge_xperm2(self):
+         """Test merging AV that does not contain xperms with AV that does"""
+@@ -185,7 +185,7 @@ class TestAccessVector(unittest.TestCase):
+         a.merge(b)
+         self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
+         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
+-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
++        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
+ 
+     def test_merge_xperm_diff_op(self):
+         """Test merging two AVs that contain xperms with different operation"""
+@@ -203,8 +203,8 @@ class TestAccessVector(unittest.TestCase):
+         a.merge(b)
+         self.assertEqual(list(a.perms), ["read"])
+         self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
+-        self.assertEqual(a.xperms["asdf"].to_string(), "23")
+-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
++        self.assertEqual(a.xperms["asdf"].to_string(), "0x17")
++        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
+                          
+     def test_merge_xperm_same_op(self):
+         """Test merging two AVs that contain xperms with same operation"""
+@@ -222,7 +222,7 @@ class TestAccessVector(unittest.TestCase):
+         a.merge(b)
+         self.assertEqual(list(a.perms), ["read"])
+         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
+-        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
++        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x17 0x2a 0x3039 }")
+ 
+ class TestUtilFunctions(unittest.TestCase):
+     def test_is_idparam(self):
+diff --git a/python/sepolgen/tests/test_refpolicy.py b/python/sepolgen/tests/test_refpolicy.py
+index 4b50c8aada96..c7219fd568e9 100644
+--- a/python/sepolgen/tests/test_refpolicy.py
++++ b/python/sepolgen/tests/test_refpolicy.py
+@@ -90,17 +90,17 @@ class TestXpermSet(unittest.TestCase):
+         a.complement = True
+         self.assertEqual(a.to_string(), "")
+         a.add(1234)
+-        self.assertEqual(a.to_string(), "~ 1234")
++        self.assertEqual(a.to_string(), "~ 0x4d2")
+         a.complement = False
+-        self.assertEqual(a.to_string(), "1234")
++        self.assertEqual(a.to_string(), "0x4d2")
+         a.add(2345)
+-        self.assertEqual(a.to_string(), "{ 1234 2345 }")
++        self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }")
+         a.complement = True
+-        self.assertEqual(a.to_string(), "~ { 1234 2345 }")
++        self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }")
+         a.add(42,64)
+-        self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
++        self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }")
+         a.complement = False
+-        self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
++        self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
+ 
+ class TestSecurityContext(unittest.TestCase):
+     def test_init(self):
+-- 
+2.29.0
+

0005-sepolgen-sort-extended-rules-like-normal-ones.patch

@@ -0,0 +1,109 @@
+From 2a60de8eca6bd91e276b60441a5dc72d85c6eda3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Wed, 19 Aug 2020 17:05:34 +0200
+Subject: [PATCH] sepolgen: sort extended rules like normal ones
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently:
+
+    #============= sshd_t ==============
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow sshd_t ptmx_t:chr_file ioctl;
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow sshd_t sshd_devpts_t:chr_file ioctl;
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow sshd_t user_devpts_t:chr_file ioctl;
+
+    #============= user_t ==============
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow user_t devtty_t:chr_file ioctl;
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow user_t user_devpts_t:chr_file ioctl;
+    allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
+    allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
+    allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
+    allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
+    allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
+
+Changed:
+
+    #============= sshd_t ==============
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow sshd_t ptmx_t:chr_file ioctl;
+    allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow sshd_t sshd_devpts_t:chr_file ioctl;
+    allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow sshd_t user_devpts_t:chr_file ioctl;
+    allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
+
+    #============= user_t ==============
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow user_t devtty_t:chr_file ioctl;
+    allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
+
+    #!!!! This avc is allowed in the current policy
+    #!!!! This av rule may have been overridden by an extended permission av rule
+    allow user_t user_devpts_t:chr_file ioctl;
+    allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+---
+ python/sepolgen/src/sepolgen/output.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolgen/src/sepolgen/output.py b/python/sepolgen/src/sepolgen/output.py
+index 3a21b64c19f7..aeeaafc889e7 100644
+--- a/python/sepolgen/src/sepolgen/output.py
++++ b/python/sepolgen/src/sepolgen/output.py
+@@ -84,7 +84,7 @@ def avrule_cmp(a, b):
+         return ret
+ 
+     # At this point, who cares - just return something
+-    return cmp(len(a.perms), len(b.perms))
++    return 0
+ 
+ # Compare two interface calls
+ def ifcall_cmp(a, b):
+@@ -100,7 +100,7 @@ def rule_cmp(a, b):
+         else:
+             return id_set_cmp([a.args[0]], b.src_types)
+     else:
+-        if isinstance(b, refpolicy.AVRule):
++        if isinstance(b, refpolicy.AVRule) or isinstance(b, refpolicy.AVExtRule):
+             return avrule_cmp(a,b)
+         else:
+             return id_set_cmp(a.src_types, [b.args[0]])
+@@ -130,6 +130,7 @@ def sort_filter(module):
+         # we assume is the first argument for interfaces).
+         rules = []
+         rules.extend(node.avrules())
++        rules.extend(node.avextrules())
+         rules.extend(node.interface_calls())
+         rules.sort(key=util.cmp_to_key(rule_cmp))
+ 
+-- 
+2.29.0
+

0006-newrole-support-cross-compilation-with-PAM-and-audit.patch

@@ -0,0 +1,32 @@
+From 8bc865e1fe8f6f734b7306441ccbeec3b7c37f97 Mon Sep 17 00:00:00 2001
+From: Dominick Grift <dominick.grift@defensec.nl>
+Date: Tue, 1 Sep 2020 18:16:41 +0200
+Subject: [PATCH] newrole: support cross-compilation with PAM and audit
+
+Compilation of newrole with PAM and audit support currently requires that you have the respective headers installed on the host. Instead make the header location customizable to accomodate cross-compilation.
+
+Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
+Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
+---
+ policycoreutils/newrole/Makefile | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
+index 73ebd413da85..0e7ebce3dd56 100644
+--- a/policycoreutils/newrole/Makefile
++++ b/policycoreutils/newrole/Makefile
+@@ -5,8 +5,9 @@ BINDIR ?= $(PREFIX)/bin
+ MANDIR ?= $(PREFIX)/share/man
+ ETCDIR ?= /etc
+ LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale
+-PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
+-AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
++INCLUDEDIR ?= $(PREFIX)/include
++PAMH ?= $(shell test -f $(INCLUDEDIR)/security/pam_appl.h && echo y)
++AUDITH ?= $(shell test -f $(INCLUDEDIR)/libaudit.h && echo y)
+ # Enable capabilities to permit newrole to generate audit records.
+ # This will make newrole a setuid root program.
+ # The capabilities used are: CAP_AUDIT_WRITE.
+-- 
+2.29.0
+

0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch

@@ -0,0 +1,26 @@
+From ea624dcc70d93867f23b94c368b8cf102269c13b Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 20 Aug 2015 12:58:41 +0200
+Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
+ recent Fedoras
+
+---
+ sandbox/sandboxX.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
+index eaa500d08143..4774528027ef 100644
+--- a/sandbox/sandboxX.sh
++++ b/sandbox/sandboxX.sh
+@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
+ </openbox_config>
+ EOF
+ 
+-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
++(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+     export DISPLAY=:$D
+     cat > ~/seremote << __EOF
+ #!/bin/sh
+-- 
+2.29.0
+

0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch

@@ -0,0 +1,46 @@
+From 932c1244bc98d3a05a238f3f0b333cf8c429113b Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Mon, 21 Apr 2014 13:54:40 -0400
+Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
+
+Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
+---
+ python/sepolicy/sepolicy/manpage.py | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 3e8a3be907e3..a1d70623cff0 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -735,10 +735,13 @@ Default Defined Ports:""")
+ 
+     def _file_context(self):
+         flist = []
++        flist_non_exec = []
+         mpaths = []
+         for f in self.all_file_types:
+             if f.startswith(self.domainname):
+                 flist.append(f)
++                if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
++                    flist_non_exec.append(f)
+                 if f in self.fcdict:
+                     mpaths = mpaths + self.fcdict[f]["regex"]
+         if len(mpaths) == 0:
+@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+ SELinux defines the file context types for the %(domainname)s, if you wanted to
+ store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
+ 
+-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
++.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
+ .br
+ .B restorecon -R -v /srv/my%(domainname)s_content
+ 
+ Note: SELinux often uses regular expressions to specify labels that match multiple files.
+-""" % {'domainname': self.domainname, "type": flist[0]})
++""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
+ 
+         self.fd.write(r"""
+ .I The following file types are defined for %(domainname)s:
+-- 
+2.29.0
+

0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch

@@ -0,0 +1,27 @@
+From ae3780eb560fa5f00a3dd591c8233c2a9068a348 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Mon, 12 May 2014 14:11:22 +0200
+Subject: [PATCH] If there is no executable we don't want to print a part of
+ STANDARD FILE CONTEXT
+
+---
+ python/sepolicy/sepolicy/manpage.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index a1d70623cff0..2d33eabb2536 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+ .PP
+ """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
+ 
+-        self.fd.write(r"""
++        if flist_non_exec:
++                self.fd.write(r"""
+ .PP
+ .B STANDARD FILE CONTEXT
+ 
+-- 
+2.29.0
+

0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch

@@ -0,0 +1,169 @@
+From 7d21b9f41c4d00f1e0499a64089a5e13a8f636ab Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Thu, 19 Feb 2015 17:45:15 +0100
+Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
+ system_release is no longer hardcoded and it creates only index.html and html
+ man pages in the directory for the system release.
+
+---
+ python/sepolicy/sepolicy/__init__.py | 25 +++--------
+ python/sepolicy/sepolicy/manpage.py  | 65 +++-------------------------
+ 2 files changed, 13 insertions(+), 77 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
+index e4540977d042..ad718797ca68 100644
+--- a/python/sepolicy/sepolicy/__init__.py
++++ b/python/sepolicy/sepolicy/__init__.py
+@@ -1208,27 +1208,14 @@ def boolean_desc(boolean):
+ 
+ 
+ def get_os_version():
+-    os_version = ""
+-    pkg_name = "selinux-policy"
++    system_release = ""
+     try:
+-        try:
+-            from commands import getstatusoutput
+-        except ImportError:
+-            from subprocess import getstatusoutput
+-        rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
+-        if rc == 0:
+-            os_version = output.split(".")[-2]
+-    except:
+-        os_version = ""
+-
+-    if os_version[0:2] == "fc":
+-        os_version = "Fedora" + os_version[2:]
+-    elif os_version[0:2] == "el":
+-        os_version = "RHEL" + os_version[2:]
+-    else:
+-        os_version = ""
++        with open('/etc/system-release') as f:
++            system_release = f.readline()
++    except IOError:
++        system_release = "Misc"
+ 
+-    return os_version
++    return system_release
+ 
+ 
+ def reinit():
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 2d33eabb2536..acc77f368d95 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -149,10 +149,6 @@ def prettyprint(f, trim):
+ manpage_domains = []
+ manpage_roles = []
+ 
+-fedora_releases = ["Fedora17", "Fedora18"]
+-rhel_releases = ["RHEL6", "RHEL7"]
+-
+-
+ def get_alphabet_manpages(manpage_list):
+     alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
+     for i in string.ascii_letters:
+@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage):
+ class HTMLManPages:
+ 
+     """
+-            Generate a HHTML Manpages on an given SELinux domains
++            Generate a HTML Manpages on an given SELinux domains
+     """
+ 
+     def __init__(self, manpage_roles, manpage_domains, path, os_version):
+@@ -190,9 +186,9 @@ class HTMLManPages:
+         self.manpage_domains = get_alphabet_manpages(manpage_domains)
+         self.os_version = os_version
+         self.old_path = path + "/"
+-        self.new_path = self.old_path + self.os_version + "/"
++        self.new_path = self.old_path
+ 
+-        if self.os_version in fedora_releases or self.os_version in rhel_releases:
++        if self.os_version:
+             self.__gen_html_manpages()
+         else:
+             print("SELinux HTML man pages can not be generated for this %s" % os_version)
+@@ -201,7 +197,6 @@ class HTMLManPages:
+     def __gen_html_manpages(self):
+         self._write_html_manpage()
+         self._gen_index()
+-        self._gen_body()
+         self._gen_css()
+ 
+     def _write_html_manpage(self):
+@@ -219,67 +214,21 @@ class HTMLManPages:
+                     convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
+ 
+     def _gen_index(self):
+-        index = self.old_path + "index.html"
+-        fd = open(index, 'w')
+-        fd.write("""
+-<html>
+-<head>
+-    <link rel=stylesheet type="text/css" href="style.css" title="style">
+-    <title>SELinux man pages online</title>
+-</head>
+-<body>
+-<h1>SELinux man pages</h1>
+-<br></br>
+-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
+-<br></br>
+-<hr>
+-<h3>Fedora</h3>
+-<table><tr>
+-<td valign="middle">
+-</td>
+-</tr></table>
+-<pre>
+-""")
+-        for f in fedora_releases:
+-            fd.write("""
+-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
+-
+-        fd.write("""
+-</pre>
+-<hr>
+-<h3>RHEL</h3>
+-<table><tr>
+-<td valign="middle">
+-</td>
+-</tr></table>
+-<pre>
+-""")
+-        for r in rhel_releases:
+-            fd.write("""
+-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
+-
+-        fd.write("""
+-</pre>
+-	""")
+-        fd.close()
+-        print("%s has been created" % index)
+-
+-    def _gen_body(self):
+         html = self.new_path + self.os_version + ".html"
+         fd = open(html, 'w')
+         fd.write("""
+ <html>
+ <head>
+-	<link rel=stylesheet type="text/css" href="../style.css" title="style">
+-	<title>Linux man-pages online for Fedora18</title>
++	<link rel=stylesheet type="text/css" href="style.css" title="style">
++	<title>SELinux man pages online</title>
+ </head>
+ <body>
+-<h1>SELinux man pages for Fedora18</h1>
++<h1>SELinux man pages for %s</h1>
+ <hr>
+ <table><tr>
+ <td valign="middle">
+ <h3>SELinux roles</h3>
+-""")
++""" % self.os_version)
+         for letter in self.manpage_roles:
+             if len(self.manpage_roles[letter]):
+                 fd.write("""
+-- 
+2.29.0
+

0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch

@@ -0,0 +1,26 @@
+From f0f030495dddb2e633403f360fdaaf6951da11ad Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 20 Feb 2015 16:42:01 +0100
+Subject: [PATCH] We want to remove the trailing newline for
+ /etc/system_release.
+
+---
+ python/sepolicy/sepolicy/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
+index ad718797ca68..ea05d892bf3b 100644
+--- a/python/sepolicy/sepolicy/__init__.py
++++ b/python/sepolicy/sepolicy/__init__.py
+@@ -1211,7 +1211,7 @@ def get_os_version():
+     system_release = ""
+     try:
+         with open('/etc/system-release') as f:
+-            system_release = f.readline()
++            system_release = f.readline().rstrip()
+     except IOError:
+         system_release = "Misc"
+ 
+-- 
+2.29.0
+

0012-Fix-title-in-manpage.py-to-not-contain-online.patch

@@ -0,0 +1,25 @@
+From 4a18939d21c06d036f1063cbfd2d0b5ae9d0010f Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 20 Feb 2015 16:42:53 +0100
+Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
+
+---
+ python/sepolicy/sepolicy/manpage.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index acc77f368d95..4aeb3e2e51ba 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -220,7 +220,7 @@ class HTMLManPages:
+ <html>
+ <head>
+ 	<link rel=stylesheet type="text/css" href="style.css" title="style">
+-	<title>SELinux man pages online</title>
++	<title>SELinux man pages</title>
+ </head>
+ <body>
+ <h1>SELinux man pages for %s</h1>
+-- 
+2.29.0
+

0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch

@@ -0,0 +1,24 @@
+From ffe429b49874175f5ec1156e9c89e75cc67a0ddd Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Fri, 14 Feb 2014 12:32:12 -0500
+Subject: [PATCH] Don't be verbose if you are not on a tty
+
+---
+ policycoreutils/scripts/fixfiles | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index 30dadb4f4cb6..e73bb81c3336 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
+ fullFlag=0
+ BOOTTIME=""
+ VERBOSE="-p"
++[ -t 1 ] || VERBOSE=""
+ FORCEFLAG=""
+ RPMFILES=""
+ PREFC=""
+-- 
+2.29.0
+

0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch

@@ -0,0 +1,63 @@
+From 4a337405da16857dc2a979e4b4963a6fd7b975c6 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 27 Feb 2017 17:12:39 +0100
+Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
+ file_type_is_entrypoint(f)
+
+- use direct queries
+- load exec_types and entry_types only once
+---
+ python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 4aeb3e2e51ba..330b055af214 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -125,8 +125,24 @@ def gen_domains():
+     domains.sort()
+     return domains
+ 
+-types = None
+ 
++exec_types = None
++
++def _gen_exec_types():
++    global exec_types
++    if exec_types is None:
++        exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
++    return exec_types
++
++entry_types = None
++
++def _gen_entry_types():
++    global entry_types
++    if entry_types is None:
++        entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
++    return entry_types
++
++types = None
+ 
+ def _gen_types():
+     global types
+@@ -372,6 +388,8 @@ class ManPage:
+         self.all_file_types = sepolicy.get_all_file_types()
+         self.role_allows = sepolicy.get_all_role_allows()
+         self.types = _gen_types()
++        self.exec_types = _gen_exec_types()
++        self.entry_types = _gen_entry_types()
+ 
+         if self.source_files:
+             self.fcpath = self.root + "file_contexts"
+@@ -689,7 +707,7 @@ Default Defined Ports:""")
+         for f in self.all_file_types:
+             if f.startswith(self.domainname):
+                 flist.append(f)
+-                if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
++                if not f in self.exec_types or not f in self.entry_types:
+                     flist_non_exec.append(f)
+                 if f in self.fcdict:
+                     mpaths = mpaths + self.fcdict[f]["regex"]
+-- 
+2.29.0
+

0015-sepolicy-Another-small-optimization-for-mcs-types.patch

@@ -0,0 +1,53 @@
+From 7c315fff5e7ce74b0598b62d9aa0b21ca6b06b6d Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 28 Feb 2017 21:29:46 +0100
+Subject: [PATCH] sepolicy: Another small optimization for mcs types
+
+---
+ python/sepolicy/sepolicy/manpage.py | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 330b055af214..f8584436960d 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -142,6 +142,15 @@ def _gen_entry_types():
+         entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
+     return entry_types
+ 
++mcs_constrained_types = None
++
++def _gen_mcs_constrained_types():
++    global mcs_constrained_types
++    if mcs_constrained_types is None:
++        mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
++    return mcs_constrained_types
++
++
+ types = None
+ 
+ def _gen_types():
+@@ -390,6 +399,7 @@ class ManPage:
+         self.types = _gen_types()
+         self.exec_types = _gen_exec_types()
+         self.entry_types = _gen_entry_types()
++        self.mcs_constrained_types = _gen_mcs_constrained_types()
+ 
+         if self.source_files:
+             self.fcpath = self.root + "file_contexts"
+@@ -944,11 +954,7 @@ All executables with the default executable label, usually stored in /usr/bin an
+ %s""" % ", ".join(paths))
+ 
+     def _mcs_types(self):
+-        try:
+-            mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+-        except StopIteration:
+-            return
+-        if self.type not in mcs_constrained_type['types']:
++        if self.type not in self.mcs_constrained_types['types']:
+             return
+         self.fd.write ("""
+ .SH "MCS Constrained"
+-- 
+2.29.0
+

0016-Move-po-translation-files-into-the-right-sub-directo.patch

@@ -0,0 +1,515 @@
+From a07e9652785c6196d916dfca3d36c898959406b4 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 6 Aug 2018 13:23:00 +0200
+Subject: [PATCH] Move po/ translation files into the right sub-directories
+
+When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
+sub-directories, po/ translation files stayed in policycoreutils/.
+
+This commit split original policycoreutils/po directory into
+policycoreutils/po
+python/po
+gui/po
+sandbox/po
+
+See https://github.com/fedora-selinux/selinux/issues/43
+---
+ gui/Makefile                |  3 ++
+ gui/po/Makefile             | 82 ++++++++++++++++++++++++++++++++++++
+ gui/po/POTFILES             | 17 ++++++++
+ policycoreutils/po/Makefile | 70 ++-----------------------------
+ policycoreutils/po/POTFILES |  9 ++++
+ python/Makefile             |  2 +-
+ python/po/Makefile          | 83 +++++++++++++++++++++++++++++++++++++
+ python/po/POTFILES          | 10 +++++
+ sandbox/Makefile            |  2 +
+ sandbox/po/Makefile         | 82 ++++++++++++++++++++++++++++++++++++
+ sandbox/po/POTFILES         |  1 +
+ 11 files changed, 293 insertions(+), 68 deletions(-)
+ create mode 100644 gui/po/Makefile
+ create mode 100644 gui/po/POTFILES
+ create mode 100644 policycoreutils/po/POTFILES
+ create mode 100644 python/po/Makefile
+ create mode 100644 python/po/POTFILES
+ create mode 100644 sandbox/po/Makefile
+ create mode 100644 sandbox/po/POTFILES
+
+diff --git a/gui/Makefile b/gui/Makefile
+index ca965c942912..5a5bf6dcae19 100644
+--- a/gui/Makefile
++++ b/gui/Makefile
+@@ -22,6 +22,7 @@ system-config-selinux.ui \
+ usersPage.py
+ 
+ all: $(TARGETS) system-config-selinux.py polgengui.py
++	(cd po && $(MAKE) $@)
+ 
+ install: all
+ 	-mkdir -p $(DESTDIR)$(MANDIR)/man8
+@@ -54,6 +55,8 @@ install: all
+ 		install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ 	done
+ 	install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
++	(cd po && $(MAKE) $@)
++
+ clean:
+ 
+ indent:
+diff --git a/gui/po/Makefile b/gui/po/Makefile
+new file mode 100644
+index 000000000000..a0f5439f2d1c
+--- /dev/null
++++ b/gui/po/Makefile
+@@ -0,0 +1,82 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE	= gui
++POTFILE		= $(NLSPACKAGE).pot
++INSTALL		= /usr/bin/install -c -p
++INSTALL_DATA	= $(INSTALL) -m 644
++INSTALL_DIR	= /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE	= msgmerge
++MSGMERGE_FLAGS	= -q
++XGETTEXT	= xgettext --default-domain=$(NLSPACKAGE)
++MSGFMT		= msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
++POTFILES  = $(shell cat POTFILES)
++
++#default:: clean
++
++all::  $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
++	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++	    rm -f $(NLSPACKAGE).po; \
++	else \
++	    mv -f $(NLSPACKAGE).po $(POTFILE); \
++	fi; \
++
++
++refresh-po: Makefile
++	for cat in $(POFILES); do \
++		lang=`basename $$cat .po`; \
++		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++			mv -f $$lang.pot $$lang.po ; \
++			echo "$(MSGMERGE) of $$lang succeeded" ; \
++		else \
++			echo "$(MSGMERGE) of $$lang failed" ; \
++			rm -f $$lang.pot ; \
++		fi \
++	done
++
++clean:
++	@rm -fv *mo *~ .depend
++	@rm -rf tmp
++
++install: $(MOFILES)
++	@for n in $(MOFILES); do \
++	    l=`basename $$n .mo`; \
++	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++	done
++
++%.mo: %.po
++	$(MSGFMT) -o $@ $<
++report:
++	@for cat in $(wildcard *.po); do \
++                echo -n "$$cat: "; \
++                msgfmt -v --statistics -o /dev/null $$cat; \
++        done
++
++.PHONY: missing depend
++
++relabel:
+diff --git a/gui/po/POTFILES b/gui/po/POTFILES
+new file mode 100644
+index 000000000000..1795c5c1951b
+--- /dev/null
++++ b/gui/po/POTFILES
+@@ -0,0 +1,17 @@
++../booleansPage.py
++../domainsPage.py
++../fcontextPage.py
++../loginsPage.py
++../modulesPage.py
++../org.selinux.config.policy
++../polgengui.py
++../polgen.ui
++../portsPage.py
++../selinux-polgengui.desktop
++../semanagePage.py
++../sepolicy.desktop
++../statusPage.py
++../system-config-selinux.desktop
++../system-config-selinux.py
++../system-config-selinux.ui
++../usersPage.py
+diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
+index 575e143122e6..18bc1dff8d1f 100644
+--- a/policycoreutils/po/Makefile
++++ b/policycoreutils/po/Makefile
+@@ -3,7 +3,6 @@
+ #
+ 
+ PREFIX ?= /usr
+-TOP	 = ../..
+ 
+ # What is this package?
+ NLSPACKAGE	= policycoreutils
+@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+ 
+ POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
+ MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
+-POTFILES = \
+-	../run_init/open_init_pty.c \
+-	../run_init/run_init.c \
+-	../semodule_link/semodule_link.c \
+-	../audit2allow/audit2allow \
+-	../semanage/seobject.py \
+-	../setsebool/setsebool.c \
+-	../newrole/newrole.c \
+-	../load_policy/load_policy.c \
+-	../sestatus/sestatus.c \
+-	../semodule/semodule.c \
+-	../setfiles/setfiles.c \
+-	../semodule_package/semodule_package.c \
+-	../semodule_deps/semodule_deps.c \
+-	../semodule_expand/semodule_expand.c \
+-	../scripts/chcat \
+-	../scripts/fixfiles \
+-	../restorecond/stringslist.c \
+-	../restorecond/restorecond.h \
+-	../restorecond/utmpwatcher.h \
+-	../restorecond/stringslist.h \
+-	../restorecond/restorecond.c \
+-	../restorecond/utmpwatcher.c \
+-	../gui/booleansPage.py \
+-	../gui/fcontextPage.py \
+-	../gui/loginsPage.py \
+-	../gui/mappingsPage.py \
+-	../gui/modulesPage.py \
+-	../gui/polgen.glade \
+-	../gui/polgengui.py \
+-	../gui/portsPage.py \
+-	../gui/semanagePage.py \
+-	../gui/statusPage.py \
+-	../gui/system-config-selinux.glade \
+-	../gui/system-config-selinux.py \
+-	../gui/usersPage.py \
+-	../secon/secon.c \
+-	booleans.py \
+-	../sepolicy/sepolicy.py \
+-	../sepolicy/sepolicy/communicate.py \
+-	../sepolicy/sepolicy/__init__.py \
+-	../sepolicy/sepolicy/network.py \
+-	../sepolicy/sepolicy/generate.py \
+-	../sepolicy/sepolicy/sepolicy.glade \
+-	../sepolicy/sepolicy/gui.py \
+-	../sepolicy/sepolicy/manpage.py \
+-	../sepolicy/sepolicy/transition.py \
+-	../sepolicy/sepolicy/templates/executable.py \
+-	../sepolicy/sepolicy/templates/__init__.py \
+-	../sepolicy/sepolicy/templates/network.py \
+-	../sepolicy/sepolicy/templates/rw.py \
+-	../sepolicy/sepolicy/templates/script.py \
+-	../sepolicy/sepolicy/templates/semodule.py \
+-	../sepolicy/sepolicy/templates/tmp.py \
+-	../sepolicy/sepolicy/templates/user.py \
+-	../sepolicy/sepolicy/templates/var_lib.py \
+-	../sepolicy/sepolicy/templates/var_log.py \
+-	../sepolicy/sepolicy/templates/var_run.py \
+-	../sepolicy/sepolicy/templates/var_spool.py
++POTFILES  = $(shell cat POTFILES)
+ 
+ #default:: clean
+ 
+-all::  $(MOFILES)
++all:: $(POTFILE) $(MOFILES)
+ 
+-booleans.py:
+-	sepolicy booleans -a > booleans.py
+-
+-$(POTFILE): $(POTFILES) booleans.py
++$(POTFILE): $(POTFILES)
+ 	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ 	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ 	    rm -f $(NLSPACKAGE).po; \
+@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
+ 	    mv -f $(NLSPACKAGE).po $(POTFILE); \
+ 	fi; \
+ 
+-update-po: Makefile $(POTFILE) refresh-po
+-	@rm -f booleans.py
+ 
+ refresh-po: Makefile
+ 	for cat in $(POFILES); do \
+diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
+new file mode 100644
+index 000000000000..12237dc61ee4
+--- /dev/null
++++ b/policycoreutils/po/POTFILES
+@@ -0,0 +1,9 @@
++../run_init/open_init_pty.c
++../run_init/run_init.c
++../setsebool/setsebool.c
++../newrole/newrole.c
++../load_policy/load_policy.c
++../sestatus/sestatus.c
++../semodule/semodule.c
++../setfiles/setfiles.c
++../secon/secon.c
+diff --git a/python/Makefile b/python/Makefile
+index 9b66d52fbd4d..00312dbdb5c6 100644
+--- a/python/Makefile
++++ b/python/Makefile
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
++SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
+ 
+ all install relabel clean indent test:
+ 	@for subdir in $(SUBDIRS); do \
+diff --git a/python/po/Makefile b/python/po/Makefile
+new file mode 100644
+index 000000000000..4e052d5a2bd7
+--- /dev/null
++++ b/python/po/Makefile
+@@ -0,0 +1,83 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE	= python
++POTFILE		= $(NLSPACKAGE).pot
++INSTALL		= /usr/bin/install -c -p
++INSTALL_DATA	= $(INSTALL) -m 644
++INSTALL_DIR	= /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE	= msgmerge
++MSGMERGE_FLAGS	= -q
++XGETTEXT	= xgettext --default-domain=$(NLSPACKAGE)
++MSGFMT		= msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
++POTFILES  = $(shell cat POTFILES)
++
++#default:: clean
++
++all::  $(MOFILES)
++
++$(POTFILE): $(POTFILES) 
++	$(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES)
++	$(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade
++	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++	    rm -f $(NLSPACKAGE).po; \
++	else \
++	    mv -f $(NLSPACKAGE).po $(POTFILE); \
++	fi; \
++
++
++refresh-po: Makefile
++	for cat in $(POFILES); do \
++		lang=`basename $$cat .po`; \
++		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++			mv -f $$lang.pot $$lang.po ; \
++			echo "$(MSGMERGE) of $$lang succeeded" ; \
++		else \
++			echo "$(MSGMERGE) of $$lang failed" ; \
++			rm -f $$lang.pot ; \
++		fi \
++	done
++
++clean:
++	@rm -fv *mo *~ .depend
++	@rm -rf tmp
++
++install: $(MOFILES)
++	@for n in $(MOFILES); do \
++	    l=`basename $$n .mo`; \
++	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++	done
++
++%.mo: %.po
++	$(MSGFMT) -o $@ $<
++report:
++	@for cat in $(wildcard *.po); do \
++                echo -n "$$cat: "; \
++                msgfmt -v --statistics -o /dev/null $$cat; \
++        done
++
++.PHONY: missing depend
++
++relabel:
+diff --git a/python/po/POTFILES b/python/po/POTFILES
+new file mode 100644
+index 000000000000..128eb870a69e
+--- /dev/null
++++ b/python/po/POTFILES
+@@ -0,0 +1,10 @@
++../audit2allow/audit2allow
++../chcat/chcat
++../semanage/semanage
++../semanage/seobject.py
++../sepolgen/src/sepolgen/interfaces.py
++../sepolicy/sepolicy/generate.py
++../sepolicy/sepolicy/gui.py
++../sepolicy/sepolicy/__init__.py
++../sepolicy/sepolicy/interface.py
++../sepolicy/sepolicy.py
+diff --git a/sandbox/Makefile b/sandbox/Makefile
+index 9da5e58db9e6..b817824e2102 100644
+--- a/sandbox/Makefile
++++ b/sandbox/Makefile
+@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
+ SEUNSHARE_OBJS = seunshare.o
+ 
+ all: sandbox seunshare sandboxX.sh start
++	(cd po && $(MAKE) $@)
+ 
+ seunshare: $(SEUNSHARE_OBJS)
+ 
+@@ -39,6 +40,7 @@ install: all
+ 	install -m 755 start $(DESTDIR)$(SHAREDIR)
+ 	-mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ 	install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
++	(cd po && $(MAKE) $@)
+ 
+ test:
+ 	@$(PYTHON) test_sandbox.py -v
+diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
+new file mode 100644
+index 000000000000..0556bbe953f0
+--- /dev/null
++++ b/sandbox/po/Makefile
+@@ -0,0 +1,82 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE	= sandbox
++POTFILE		= $(NLSPACKAGE).pot
++INSTALL		= /usr/bin/install -c -p
++INSTALL_DATA	= $(INSTALL) -m 644
++INSTALL_DIR	= /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE	= msgmerge
++MSGMERGE_FLAGS	= -q
++XGETTEXT	= xgettext -L Python --default-domain=$(NLSPACKAGE)
++MSGFMT		= msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
++POTFILES  = $(shell cat POTFILES)
++
++#default:: clean
++
++all:: $(POTFILE) $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
++	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++	    rm -f $(NLSPACKAGE).po; \
++	else \
++	    mv -f $(NLSPACKAGE).po $(POTFILE); \
++	fi; \
++
++
++refresh-po: Makefile
++	for cat in $(POFILES); do \
++		lang=`basename $$cat .po`; \
++		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++			mv -f $$lang.pot $$lang.po ; \
++			echo "$(MSGMERGE) of $$lang succeeded" ; \
++		else \
++			echo "$(MSGMERGE) of $$lang failed" ; \
++			rm -f $$lang.pot ; \
++		fi \
++	done
++
++clean:
++	@rm -fv *mo *~ .depend
++	@rm -rf tmp
++
++install: $(MOFILES)
++	@for n in $(MOFILES); do \
++	    l=`basename $$n .mo`; \
++	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++	done
++
++%.mo: %.po
++	$(MSGFMT) -o $@ $<
++report:
++	@for cat in $(wildcard *.po); do \
++                echo -n "$$cat: "; \
++                msgfmt -v --statistics -o /dev/null $$cat; \
++        done
++
++.PHONY: missing depend
++
++relabel:
+diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
+new file mode 100644
+index 000000000000..deff3f2f4656
+--- /dev/null
++++ b/sandbox/po/POTFILES
+@@ -0,0 +1 @@
++../sandbox
+-- 
+2.29.0
+

0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch

@@ -0,0 +1,306 @@
+From eab0fc05a38ab2cd47b3e0ff69981850cc7cd538 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 6 Aug 2018 13:37:07 +0200
+Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
+
+https://github.com/fedora-selinux/selinux/issues/43
+---
+ gui/booleansPage.py                          | 2 +-
+ gui/domainsPage.py                           | 2 +-
+ gui/fcontextPage.py                          | 2 +-
+ gui/loginsPage.py                            | 2 +-
+ gui/modulesPage.py                           | 2 +-
+ gui/polgengui.py                             | 2 +-
+ gui/portsPage.py                             | 2 +-
+ gui/semanagePage.py                          | 2 +-
+ gui/statusPage.py                            | 2 +-
+ gui/system-config-selinux.py                 | 2 +-
+ gui/usersPage.py                             | 2 +-
+ python/chcat/chcat                           | 2 +-
+ python/semanage/semanage                     | 2 +-
+ python/semanage/seobject.py                  | 2 +-
+ python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +-
+ python/sepolicy/sepolicy.py                  | 2 +-
+ python/sepolicy/sepolicy/__init__.py         | 2 +-
+ python/sepolicy/sepolicy/generate.py         | 2 +-
+ python/sepolicy/sepolicy/gui.py              | 2 +-
+ python/sepolicy/sepolicy/interface.py        | 2 +-
+ sandbox/sandbox                              | 2 +-
+ 21 files changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/gui/booleansPage.py b/gui/booleansPage.py
+index 7849bea26a06..dd12b6d6ab86 100644
+--- a/gui/booleansPage.py
++++ b/gui/booleansPage.py
+@@ -38,7 +38,7 @@ DISABLED = 2
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/domainsPage.py b/gui/domainsPage.py
+index bad5140d8c59..6bbe4de5884f 100644
+--- a/gui/domainsPage.py
++++ b/gui/domainsPage.py
+@@ -30,7 +30,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
+index 370bbee40786..e424366da26f 100644
+--- a/gui/fcontextPage.py
++++ b/gui/fcontextPage.py
+@@ -47,7 +47,7 @@ class context:
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/loginsPage.py b/gui/loginsPage.py
+index b67eb8bc42af..cbfb0cc23f65 100644
+--- a/gui/loginsPage.py
++++ b/gui/loginsPage.py
+@@ -29,7 +29,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/modulesPage.py b/gui/modulesPage.py
+index 0584acf9b3a4..35a0129bab9c 100644
+--- a/gui/modulesPage.py
++++ b/gui/modulesPage.py
+@@ -30,7 +30,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/polgengui.py b/gui/polgengui.py
+index d284ded65279..01f541bafae8 100644
+--- a/gui/polgengui.py
++++ b/gui/polgengui.py
+@@ -63,7 +63,7 @@ def get_all_modules():
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/portsPage.py b/gui/portsPage.py
+index 30f58383bc1d..a537ecc8c0a1 100644
+--- a/gui/portsPage.py
++++ b/gui/portsPage.py
+@@ -35,7 +35,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/semanagePage.py b/gui/semanagePage.py
+index 4127804fbbee..5361d69c1313 100644
+--- a/gui/semanagePage.py
++++ b/gui/semanagePage.py
+@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/statusPage.py b/gui/statusPage.py
+index 766854b19cba..a8f079b9b163 100644
+--- a/gui/statusPage.py
++++ b/gui/statusPage.py
+@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
+index 3f70122b87e8..8c46c987b974 100644
+--- a/gui/system-config-selinux.py
++++ b/gui/system-config-selinux.py
+@@ -45,7 +45,7 @@ import selinux
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/gui/usersPage.py b/gui/usersPage.py
+index 26794ed5c3f3..d15d4c5a71dd 100644
+--- a/gui/usersPage.py
++++ b/gui/usersPage.py
+@@ -29,7 +29,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/python/chcat/chcat b/python/chcat/chcat
+index fdd2e46ee3f9..839ddd3b54b6 100755
+--- a/python/chcat/chcat
++++ b/python/chcat/chcat
+@@ -30,7 +30,7 @@ import getopt
+ import selinux
+ import seobject
+ 
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/python/semanage/semanage b/python/semanage/semanage
+index b2fabea67a87..3cc30a160a74 100644
+--- a/python/semanage/semanage
++++ b/python/semanage/semanage
+@@ -27,7 +27,7 @@ import traceback
+ import argparse
+ import seobject
+ import sys
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
+index 6a14f7b47dd5..b51a7e3e7ca3 100644
+--- a/python/semanage/seobject.py
++++ b/python/semanage/seobject.py
+@@ -29,7 +29,7 @@ import sys
+ import stat
+ import socket
+ from semanage import *
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ import sepolicy
+ import setools
+ import ipaddress
+diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
+index 998c4356415c..56ebd807c69c 100644
+--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
++++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
+@@ -19,7 +19,7 @@
+ 
+ try: 
+     import gettext
+-    t = gettext.translation( 'yumex' )
++    t = gettext.translation( 'selinux-python' )
+     _ = t.gettext
+ except:
+     def _(str):
+diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
+index 7b2230651099..32956e58f52e 100755
+--- a/python/sepolicy/sepolicy.py
++++ b/python/sepolicy/sepolicy.py
+@@ -28,7 +28,7 @@ import sepolicy
+ from multiprocessing import Pool
+ from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
+ import argparse
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
+index ea05d892bf3b..9a9c2ae9f237 100644
+--- a/python/sepolicy/sepolicy/__init__.py
++++ b/python/sepolicy/sepolicy/__init__.py
+@@ -13,7 +13,7 @@ import os
+ import re
+ import gzip
+ 
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
+index 4e1ed4e9dc31..43180ca6fda4 100644
+--- a/python/sepolicy/sepolicy/generate.py
++++ b/python/sepolicy/sepolicy/generate.py
+@@ -48,7 +48,7 @@ import sepolgen.defaults as defaults
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
+index 1e86422b864a..c9ca158ddd09 100644
+--- a/python/sepolicy/sepolicy/gui.py
++++ b/python/sepolicy/sepolicy/gui.py
+@@ -41,7 +41,7 @@ import os
+ import re
+ import unicodedata
+ 
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
+index bdffb770f364..9d40aea1498d 100644
+--- a/python/sepolicy/sepolicy/interface.py
++++ b/python/sepolicy/sepolicy/interface.py
+@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+     import gettext
+     kwargs = {}
+diff --git a/sandbox/sandbox b/sandbox/sandbox
+index ca5f1e030a51..16c43b51eaaa 100644
+--- a/sandbox/sandbox
++++ b/sandbox/sandbox
+@@ -37,7 +37,7 @@ import sepolicy
+ 
+ SEUNSHARE = "/usr/sbin/seunshare"
+ SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-sandbox"
+ try:
+     import gettext
+     kwargs = {}
+-- 
+2.29.0
+

0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch

@@ -0,0 +1,30 @@
+From 4277ef04de699e1939c95c4813de6a78d1ea1656 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Wed, 21 Mar 2018 08:51:31 +0100
+Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
+
+The "-q" switch is becoming obsolete (completely unused in fedora) and
+debug output ("-d" switch) makes sense in any scenario. Therefore both
+options can be specified at once.
+
+Resolves: rhbz#1271327
+---
+ policycoreutils/setfiles/setfiles.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
+index e328a5628682..02e0960289d3 100644
+--- a/policycoreutils/setfiles/setfiles.8
++++ b/policycoreutils/setfiles/setfiles.8
+@@ -58,7 +58,7 @@ check the validity of the contexts against the specified binary policy.
+ .TP
+ .B \-d
+ show what specification matched each file (do not abort validation
+-after ABORT_ON_ERRORS errors).
++after ABORT_ON_ERRORS errors). Not affected by "\-q"
+ .TP
+ .BI \-e \ directory
+ directory to exclude (repeat option for more than one directory).
+-- 
+2.29.0
+

0020-sepolicy-generate-Handle-more-reserved-port-types.patch

@@ -0,0 +1,71 @@
+From fa94b0faf12a79158d971f363e8ec65227d67de3 Mon Sep 17 00:00:00 2001
+From: Masatake YAMATO <yamato@redhat.com>
+Date: Thu, 14 Dec 2017 15:57:58 +0900
+Subject: [PATCH] sepolicy-generate: Handle more reserved port types
+
+Currently only reserved_port_t, port_t and hi_reserved_port_t are
+handled as special when making a ports-dictionary.  However, as fas as
+corenetwork.te.in of serefpolicy, unreserved_port_t and
+ephemeral_port_t should be handled in the same way, too.
+
+(Details) I found the need of this change when I was using
+selinux-polgengui.  Though tcp port 12345, which my application may
+use, was given to the gui, selinux-polgengui generates expected te
+file and sh file which didn't utilize the tcp port.
+
+selinux-polgengui checks whether a port given via gui is already typed
+or not.
+
+If it is already typed, selinux-polgengui generates a te file having
+rules to allow the application to use the port. (A)
+
+If not, it seems for me that selinux-polgengui is designed to generate
+a te file having rules to allow the application to own(?) the port;
+and a sh file having a command line to assign the application own type
+to the port. (B)
+
+As we can see the output of `semanage port -l' some of ports for
+specified purpose have types already.  The important point is that the
+rest of ports also have types already:
+
+    hi_reserved_port_t tcp 512-1023
+    hi_reserved_port_t udp 512-1023
+    unreserved_port_t tcp 1024-32767, 61001-65535
+    unreserved_port_t udp 1024-32767, 61001-65535
+    ephemeral_port_t tcp 32768-61000
+    ephemeral_port_t udp 32768-61000
+
+As my patch shows, the original selinux-polgengui ignored
+hi_reserved_port_t; though hi_reserved_port_t is assigned,
+selinux-polgengui considered ports 512-1023 are not used. As the
+result selinux-polgengui generates file sets of (B).
+
+For the purpose of selinux-polgengui, I think unreserved_port_t and
+ephemeral_port_t are treated as the same as hi_reserved_port_t.
+
+Signed-off-by: Masatake YAMATO <yamato@redhat.com>
+
+Fedora only patch:
+https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redhat.com/
+---
+ python/sepolicy/sepolicy/generate.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
+index 43180ca6fda4..d60a08e1d72c 100644
+--- a/python/sepolicy/sepolicy/generate.py
++++ b/python/sepolicy/sepolicy/generate.py
+@@ -99,7 +99,9 @@ def get_all_ports():
+     for p in sepolicy.info(sepolicy.PORT):
+         if p['type'] == "reserved_port_t" or \
+                 p['type'] == "port_t" or \
+-                p['type'] == "hi_reserved_port_t":
++                p['type'] == "hi_reserved_port_t" or \
++                p['type'] == "ephemeral_port_t" or \
++                p['type'] == "unreserved_port_t":
+             continue
+         dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
+     return dict
+-- 
+2.29.0
+

0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch

@@ -0,0 +1,24 @@
+From 122e35c4d11b5b623e8bc463f81c6792385523cb Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 8 Nov 2018 09:20:58 +0100
+Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
+
+---
+ semodule-utils/semodule_package/semodule_package.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
+index 3515234e36de..7b75b3fd9bb4 100644
+--- a/semodule-utils/semodule_package/semodule_package.c
++++ b/semodule-utils/semodule_package/semodule_package.c
+@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
+ 	}
+ 	if (!sb.st_size) {
+ 		*len = 0;
++		close(fd);
+ 		return 0;
+ 	}
+ 
+-- 
+2.29.0
+

0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch

@@ -0,0 +1,74 @@
+From e63814eb18bdbb48a7e6bf79b17d79d6a9ca56d6 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Wed, 18 Jul 2018 09:09:35 +0200
+Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
+
+---
+ sandbox/sandbox     |  4 ++--
+ sandbox/sandbox.8   |  2 +-
+ sandbox/sandboxX.sh | 14 --------------
+ 3 files changed, 3 insertions(+), 17 deletions(-)
+
+diff --git a/sandbox/sandbox b/sandbox/sandbox
+index 16c43b51eaaa..7709a6585665 100644
+--- a/sandbox/sandbox
++++ b/sandbox/sandbox
+@@ -268,7 +268,7 @@ class Sandbox:
+             copyfile(f, "/tmp", self.__tmpdir)
+             copyfile(f, "/var/tmp", self.__tmpdir)
+ 
+-    def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
++    def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
+         execfile = self.__homedir + "/.sandboxrc"
+         fd = open(execfile, "w+")
+         if self.__options.session:
+@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
+ 
+         parser.add_option("-W", "--windowmanager", dest="wm",
+                           type="string",
+-                          default="/usr/bin/openbox",
++                          default="/usr/bin/matchbox-window-manager",
+                           help=_("alternate window manager"))
+ 
+         parser.add_option("-l", "--level", dest="level",
+diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
+index d83fee76f335..90ef4951c8c2 100644
+--- a/sandbox/sandbox.8
++++ b/sandbox/sandbox.8
+@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
+ \fB\-W\fR \fB\-\-windowmanager\fR
+ Select alternative window manager to run within 
+ .B sandbox \-X.
+-Default to /usr/bin/openbox.
++Default to /usr/bin/matchbox-window-manager.
+ .TP
+ \fB\-X\fR 
+ Create an X based Sandbox for gui apps, temporary files for
+diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
+index 4774528027ef..c211ebc14549 100644
+--- a/sandbox/sandboxX.sh
++++ b/sandbox/sandboxX.sh
+@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
+ [ -z $2 ] && export DPI="96" || export DPI="$2"
+ trap "exit 0" HUP
+ 
+-mkdir -p ~/.config/openbox
+-cat > ~/.config/openbox/rc.xml << EOF
+-<openbox_config xmlns="http://openbox.org/3.4/rc"
+-		xmlns:xi="http://www.w3.org/2001/XInclude">
+-<applications>
+-  <application class="*">
+-    <decor>no</decor>
+-    <desktop>all</desktop>
+-    <maximized>yes</maximized>
+-  </application>
+-</applications>
+-</openbox_config>
+-EOF
+-
+ (/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+     export DISPLAY=:$D
+     cat > ~/seremote << __EOF
+-- 
+2.29.0
+

0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch

@@ -0,0 +1,46 @@
+From b1f380c75f8a4ea7a4062d3735d190a1dcbc3aaa Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Tue, 28 Jul 2020 14:37:13 +0200
+Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code
+
+Fixes:
+$ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
+Analyzing 187 Python scripts
+./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
+./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:774:17: E117 over-indented
+./python/sepolicy/build/lib/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
+./python/sepolicy/build/lib/sepolicy/manpage.py:774:17: E117 over-indented
+./python/sepolicy/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
+./python/sepolicy/sepolicy/manpage.py:774:17: E117 over-indented
+The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ python/sepolicy/sepolicy/manpage.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index f8584436960d..6a3e08fca58c 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -717,7 +717,7 @@ Default Defined Ports:""")
+         for f in self.all_file_types:
+             if f.startswith(self.domainname):
+                 flist.append(f)
+-                if not f in self.exec_types or not f in self.entry_types:
++                if f not in self.exec_types or f not in self.entry_types:
+                     flist_non_exec.append(f)
+                 if f in self.fcdict:
+                     mpaths = mpaths + self.fcdict[f]["regex"]
+@@ -771,7 +771,7 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+ """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
+ 
+         if flist_non_exec:
+-                self.fd.write(r"""
++            self.fd.write(r"""
+ .PP
+ .B STANDARD FILE CONTEXT
+ 
+-- 
+2.29.0
+

0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch

@@ -0,0 +1,29 @@
+From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Wed, 11 Nov 2020 17:23:40 +0100
+Subject: [PATCH] selinux_config(5): add a note that runtime disable is
+ deprecated
+
+...and refer to selinux(8), which explains it further.
+
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+---
+ policycoreutils/man/man5/selinux_config.5 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
+index 1ffade150128..58b42a0e234d 100644
+--- a/policycoreutils/man/man5/selinux_config.5
++++ b/policycoreutils/man/man5/selinux_config.5
+@@ -48,7 +48,7 @@ SELinux security policy is enforced.
+ .IP \fIpermissive\fR 4
+ SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
+ .IP \fIdisabled\fR
+-SELinux is disabled and no policy is loaded.
++No SELinux policy is loaded.  This option was used to disable SELinux completely, which is now deprecated.  Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
+ .RE
+ .sp
+ The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
+-- 
+2.29.2
+

0025-python-sepolicy-allow-to-override-manpage-date.patch

@@ -0,0 +1,51 @@
+From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
+From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
+Date: Fri, 30 Oct 2020 22:53:09 +0100
+Subject: [PATCH] python/sepolicy: allow to override manpage date
+
+in order to make builds reproducible.
+See https://reproducible-builds.org/ for why this is good
+and https://reproducible-builds.org/specs/source-date-epoch/
+for the definition of this variable.
+
+This patch was done while working on reproducible builds for openSUSE.
+
+Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
+---
+ python/sepolicy/sepolicy/manpage.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 6a3e08fca58c..c013c0d48502 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -39,6 +39,8 @@ typealias_types = {
+ equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
+ 
+ equiv_dirs = ["/var"]
++man_date = time.strftime("%y-%m-%d", time.gmtime(
++        int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
+ modules_dict = None
+ 
+ 
+@@ -546,7 +548,7 @@ class ManPage:
+ 
+     def _typealias(self,typealias):
+         self.fd.write('.TH  "%(typealias)s_selinux"  "8"  "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
+-                 % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
++                 % {'typealias':typealias, 'date': man_date})
+         self.fd.write(r"""
+ .SH "NAME"
+ %(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
+@@ -565,7 +567,7 @@ man page for more details.
+ 
+     def _header(self):
+         self.fd.write('.TH  "%(domainname)s_selinux"  "8"  "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
+-                      % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
++                      % {'domainname': self.domainname, 'date': man_date})
+         self.fd.write(r"""
+ .SH "NAME"
+ %(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
+-- 
+2.29.2
+

gating.yaml

@@ -0,0 +1,16 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - fedora-*
+decision_context: bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+

policycoreutils-fedora.patch

@@ -1,152 +0,0 @@
-diff --git policycoreutils-2.8/newrole/newrole.1 policycoreutils-2.8/newrole/newrole.1
-index 0d9738a..893c42f 100644
---- policycoreutils-2.8/newrole/newrole.1
-+++ policycoreutils-2.8/newrole/newrole.1
-@@ -44,7 +44,7 @@ specified by that range.  If the
- or
- .B --preserve-environment
- option is specified, the shell with the new SELinux context will preserve environment variables,
--otherwise a new minimal enviroment is created.
-+otherwise a new minimal environment is created.
- .PP
- Additional arguments
- .I ARGS
-diff --git policycoreutils-2.8/po/Makefile policycoreutils-2.8/po/Makefile
-index 575e143..18bc1df 100644
---- policycoreutils-2.8/po/Makefile
-+++ policycoreutils-2.8/po/Makefile
-@@ -3,7 +3,6 @@
- #
- 
- PREFIX ?= /usr
--TOP	 = ../..
- 
- # What is this package?
- NLSPACKAGE	= policycoreutils
-@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
- 
- POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
- MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
--POTFILES = \
--	../run_init/open_init_pty.c \
--	../run_init/run_init.c \
--	../semodule_link/semodule_link.c \
--	../audit2allow/audit2allow \
--	../semanage/seobject.py \
--	../setsebool/setsebool.c \
--	../newrole/newrole.c \
--	../load_policy/load_policy.c \
--	../sestatus/sestatus.c \
--	../semodule/semodule.c \
--	../setfiles/setfiles.c \
--	../semodule_package/semodule_package.c \
--	../semodule_deps/semodule_deps.c \
--	../semodule_expand/semodule_expand.c \
--	../scripts/chcat \
--	../scripts/fixfiles \
--	../restorecond/stringslist.c \
--	../restorecond/restorecond.h \
--	../restorecond/utmpwatcher.h \
--	../restorecond/stringslist.h \
--	../restorecond/restorecond.c \
--	../restorecond/utmpwatcher.c \
--	../gui/booleansPage.py \
--	../gui/fcontextPage.py \
--	../gui/loginsPage.py \
--	../gui/mappingsPage.py \
--	../gui/modulesPage.py \
--	../gui/polgen.glade \
--	../gui/polgengui.py \
--	../gui/portsPage.py \
--	../gui/semanagePage.py \
--	../gui/statusPage.py \
--	../gui/system-config-selinux.glade \
--	../gui/system-config-selinux.py \
--	../gui/usersPage.py \
--	../secon/secon.c \
--	booleans.py \
--	../sepolicy/sepolicy.py \
--	../sepolicy/sepolicy/communicate.py \
--	../sepolicy/sepolicy/__init__.py \
--	../sepolicy/sepolicy/network.py \
--	../sepolicy/sepolicy/generate.py \
--	../sepolicy/sepolicy/sepolicy.glade \
--	../sepolicy/sepolicy/gui.py \
--	../sepolicy/sepolicy/manpage.py \
--	../sepolicy/sepolicy/transition.py \
--	../sepolicy/sepolicy/templates/executable.py \
--	../sepolicy/sepolicy/templates/__init__.py \
--	../sepolicy/sepolicy/templates/network.py \
--	../sepolicy/sepolicy/templates/rw.py \
--	../sepolicy/sepolicy/templates/script.py \
--	../sepolicy/sepolicy/templates/semodule.py \
--	../sepolicy/sepolicy/templates/tmp.py \
--	../sepolicy/sepolicy/templates/user.py \
--	../sepolicy/sepolicy/templates/var_lib.py \
--	../sepolicy/sepolicy/templates/var_log.py \
--	../sepolicy/sepolicy/templates/var_run.py \
--	../sepolicy/sepolicy/templates/var_spool.py
-+POTFILES  = $(shell cat POTFILES)
- 
- #default:: clean
- 
--all::  $(MOFILES)
-+all:: $(POTFILE) $(MOFILES)
- 
--booleans.py:
--	sepolicy booleans -a > booleans.py
--
--$(POTFILE): $(POTFILES) booleans.py
-+$(POTFILE): $(POTFILES)
- 	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
- 	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
- 	    rm -f $(NLSPACKAGE).po; \
-@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
- 	    mv -f $(NLSPACKAGE).po $(POTFILE); \
- 	fi; \
- 
--update-po: Makefile $(POTFILE) refresh-po
--	@rm -f booleans.py
- 
- refresh-po: Makefile
- 	for cat in $(POFILES); do \
-diff --git policycoreutils-2.8/po/POTFILES policycoreutils-2.8/po/POTFILES
-new file mode 100644
-index 0000000..12237dc
---- /dev/null
-+++ policycoreutils-2.8/po/POTFILES
-@@ -0,0 +1,9 @@
-+../run_init/open_init_pty.c
-+../run_init/run_init.c
-+../setsebool/setsebool.c
-+../newrole/newrole.c
-+../load_policy/load_policy.c
-+../sestatus/sestatus.c
-+../semodule/semodule.c
-+../setfiles/setfiles.c
-+../secon/secon.c
-diff --git policycoreutils-2.8/scripts/fixfiles policycoreutils-2.8/scripts/fixfiles
-index b277958..53d28c7 100755
---- policycoreutils-2.8/scripts/fixfiles
-+++ policycoreutils-2.8/scripts/fixfiles
-@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
- fullFlag=0
- BOOTTIME=""
- VERBOSE="-p"
-+[ -t 1 ] || VERBOSE=""
- FORCEFLAG=""
- RPMFILES=""
- PREFC=""
-diff --git policycoreutils-2.8/setfiles/setfiles.8 policycoreutils-2.8/setfiles/setfiles.8
-index ccaaf4d..a8a76c8 100644
---- policycoreutils-2.8/setfiles/setfiles.8
-+++ policycoreutils-2.8/setfiles/setfiles.8
-@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
- .TP
- .B \-d
- show what specification matched each file (do not abort validation
--after ABORT_ON_ERRORS errors).
-+after ABORT_ON_ERRORS errors). Not affected by "\-q"
- .TP
- .BI \-e \ directory
- directory to exclude (repeat option for more than one directory).

policycoreutils.spec

@@ -1,8 +1,7 @@
-%global libauditver     2.1.3-4
-%global libsepolver     2.8-3
-%global libsemanagever  2.8-6
-%global libselinuxver   2.8-5
-%global sepolgenver     2.8
+%global libauditver     3.0
+%global libsepolver     3.1-5
+%global libsemanagever  3.1-5
+%global libselinuxver   3.1-5
 
 %global generatorsdir %{_prefix}/lib/systemd/system-generators
 
@@ -11,19 +10,18 @@
 
 Summary: SELinux policy core utilities
 Name:    policycoreutils
-Version: 2.8
-Release: 14%{?dist}
+Version: 3.1
+Release: 8%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
-Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-python-2.8.tar.gz
-Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-gui-2.8.tar.gz
-Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-sandbox-2.8.tar.gz
-Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-dbus-2.8.tar.gz
-Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/semodule-utils-2.8.tar.gz
-Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/restorecond-2.8.tar.gz
-URL:     https://github.com/SELinuxProject
-Source12: policycoreutils_man_ru2.tar.bz2
+Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/policycoreutils-3.1.tar.gz
+Source1: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-python-3.1.tar.gz
+Source2: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-gui-3.1.tar.gz
+Source3: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-sandbox-3.1.tar.gz
+Source4: https://github.com/SELinuxProject/selinux/releases/download/20200710/selinux-dbus-3.1.tar.gz
+Source5: https://github.com/SELinuxProject/selinux/releases/download/20200710/semodule-utils-3.1.tar.gz
+Source6: https://github.com/SELinuxProject/selinux/releases/download/20200710/restorecond-3.1.tar.gz
+URL:     https://github.com/SELinuxProject/selinux
 Source13: system-config-selinux.png
 Source14: sepolicy-icons.tgz
 Source15: selinux-autorelabel
@@ -35,19 +33,37 @@ Source20: policycoreutils-po.tgz
 Source21: python-po.tgz
 Source22: gui-po.tgz
 Source23: sandbox-po.tgz
-# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
-# run:
-# HEAD https://github.com/fedora-selinux/selinux/commit/15b521e6d24b1cb3a004d49f630f1d33f3e11466
-# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
-#   VERSION=2.8 ./make-fedora-selinux-patch.sh $i
-# done
-Patch:   policycoreutils-fedora.patch
-Patch1:  selinux-python-fedora.patch
-Patch2:  selinux-gui-fedora.patch
-Patch3:  selinux-sandbox-fedora.patch
-Patch4:  selinux-dbus-fedora.patch
-Patch5:  semodule-utils-fedora.patch
-Patch6:  restorecond-fedora.patch
+# https://github.com/fedora-selinux/selinux
+# $ git format-patch -N 20200710 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
+# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
+# Patch list start
+Patch0001: 0001-python-audit2allow-add-include-limits.h-to-sepolgen-.patch
+Patch0002: 0002-restorecond-Set-X-GNOME-HiddenUnderSystemd-true-in-r.patch
+Patch0003: 0003-fixfiles-correctly-restore-context-of-mountpoints.patch
+Patch0004: 0004-sepolgen-print-extended-permissions-in-hexadecimal.patch
+Patch0005: 0005-sepolgen-sort-extended-rules-like-normal-ones.patch
+Patch0006: 0006-newrole-support-cross-compilation-with-PAM-and-audit.patch
+Patch0007: 0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
+Patch0008: 0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
+Patch0009: 0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
+Patch0010: 0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch
+Patch0011: 0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
+Patch0012: 0012-Fix-title-in-manpage.py-to-not-contain-online.patch
+Patch0013: 0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
+Patch0014: 0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch
+Patch0015: 0015-sepolicy-Another-small-optimization-for-mcs-types.patch
+Patch0016: 0016-Move-po-translation-files-into-the-right-sub-directo.patch
+Patch0017: 0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch
+Patch0018: 0018-Initial-.pot-files-for-gui-python-sandbox.patch
+Patch0019: 0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch
+Patch0020: 0020-sepolicy-generate-Handle-more-reserved-port-types.patch
+Patch0021: 0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
+Patch0022: 0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
+Patch0023: 0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch
+Patch0024: 0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch
+Patch0025: 0025-python-sepolicy-allow-to-override-manpage-date.patch
+# Patch list end
+
 Obsoletes: policycoreutils < 2.0.61-2
 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
 # initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
@@ -55,11 +71,12 @@ Conflicts: initscripts < 9.66
 Provides: /sbin/fixfiles
 Provides: /sbin/restorecon
 
-BuildRequires: gcc
-BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
+BuildRequires: gcc make
+BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
 BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
-BuildRequires: python2-devel python3-devel
+BuildRequires: python3-devel
 BuildRequires: systemd
+BuildRequires: git-core
 Requires: util-linux grep gawk diffutils rpm sed
 Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >=  %{libselinuxver}
 
@@ -79,44 +96,49 @@ for basic operation of a SELinux system.  These utilities include
 load_policy to load policies, setfiles to label filesystems, newrole
 to switch roles.
 
-%prep
+%prep -p /usr/bin/bash
 # create selinux/ directory and extract sources
-%setup -q -c -n selinux
-%setup -q -T -D -a 1 -n selinux
-%setup -q -T -D -a 2 -n selinux
-%setup -q -T -D -a 3 -n selinux
-%setup -q -T -D -a 4 -n selinux
-%setup -q -T -D -a 5 -n selinux
-%setup -q -T -D -a 6 -n selinux
-%patch -p0 -b .policycoreutils-fedora
+%autosetup -S git -N -c -n selinux
+%autosetup -S git -N -T -D -a 1 -n selinux
+%autosetup -S git -N -T -D -a 2 -n selinux
+%autosetup -S git -N -T -D -a 3 -n selinux
+%autosetup -S git -N -T -D -a 4 -n selinux
+%autosetup -S git -N -T -D -a 5 -n selinux
+%autosetup -S git -N -T -D -a 6 -n selinux
 
-cp %{SOURCE13} selinux-gui-%{version}/
-tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
-%patch1 -p0 -b .selinux-python
-%patch2 -p0 -b .selinux-gui
-%patch3 -p0 -b .selinux-sandbox
-%patch4 -p0 -b .selinux-dbus
-#%%patch5 -p0 -b .semodule-utils
-#%%patch6 -p0 -b .restorecond
+for i in *; do
+    git mv $i ${i/-%{version}/}
+    git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}/}"
+done
+
+for i in selinux-*; do
+    git mv $i ${i#selinux-}
+    git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i#selinux-}"
+done
+
+git am %{_sourcedir}/[0-9]*.patch
+
+cp %{SOURCE13} gui/
+tar -xvf %{SOURCE14} -C python/sepolicy/
 
 # Since patches containing translation changes were too big, translations were moved to separate tarballs
 # For more information see README.translations
-tar -x -f %{SOURCE20} -C policycoreutils-%{version} -z
-tar -x -f %{SOURCE21} -C selinux-python-%{version} -z
-tar -x -f %{SOURCE22} -C selinux-gui-%{version} -z
-tar -x -f %{SOURCE23} -C selinux-sandbox-%{version} -z
+tar -x -f %{SOURCE20} -C policycoreutils -z
+tar -x -f %{SOURCE21} -C python -z
+tar -x -f %{SOURCE22} -C gui -z
+tar -x -f %{SOURCE23} -C sandbox -z
 
 %build
 %set_build_flags
 export PYTHON=%{__python3}
 
-make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-python-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
 
 %install
 mkdir -p %{buildroot}%{_bindir}
@@ -126,28 +148,28 @@ mkdir -p %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_mandir}/man8
 %{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
 
-make -C policycoreutils-%{version} LSPP_PRIV=y  DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
+%make_install -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a"
 
-make -C selinux-python-%{version} PYTHON=%{__python2} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
-make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+%make_install -C python PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
 
-make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+%make_install -C gui PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
 
-make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+%make_install -C sandbox PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
 
-make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+%make_install -C dbus PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
 
-make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+%make_install -C semodule-utils PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
 
-make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+%make_install -C restorecond PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a"
 
+# Fix perms on newrole so that objcopy can process it
+chmod 0755 %{buildroot}%{_bindir}/newrole
 
 # Systemd
 rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
 
-tar -jxf %{SOURCE12} -C %{buildroot}/
 rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
-rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
+rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8*
 rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
 rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
 rm -f %{buildroot}/usr/sbin/open_init_pty
@@ -156,27 +178,6 @@ rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
 rm -f %{buildroot}/usr/share/man/man8/run_init.8*
 rm -f %{buildroot}/etc/pam.d/run_init*
 
-ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
-
-desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
-    %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
-
-desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
-    %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
-
-desktop-file-install --dir %{buildroot}%{_datadir}/applications \
-    %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
-
-rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
-rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
-rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1566618
-# we don't need python2 sepolicy gui files anymore
-rm -f %{buildroot}%{python2_sitelib}/sepolicy/gui.*
-rm -f %{buildroot}%{python2_sitelib}/sepolicy/sepolicy.glade
-rm -rf %{buildroot}%{python2_sitelib}/sepolicy/help
-
 mkdir   -m 755 -p %{buildroot}/%{generatorsdir}
 install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
 install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
@@ -184,9 +185,6 @@ install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
 install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
 install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
 
-# change /usr/bin/python3? to /usr/bin/python2 in policycoreutils-python/python2-policycoreutils
-pathfix.py -i "%{__python2} -Es" -p %{buildroot}%{python2_sitelib}
-
 # change /usr/bin/python to %%{__python3} in policycoreutils-python3
 pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
 
@@ -201,12 +199,10 @@ pathfix.py -i "%{__python3} -Es" -p \
     %{buildroot}%{_bindir}/sepolgen-ifgen \
     %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
     %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
-    %{buildroot}%{_datadir}/system-config-selinux/polgengui.py \
     %nil
 
 # clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
-find %{buildroot}%{python2_sitelib} %{buildroot}%{python2_sitearch} \
-     %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
+find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
      %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
      -type f -name '*~' | xargs rm -f
 
@@ -232,24 +228,24 @@ an SELinux environment.
 %files python-utils
 %{_sbindir}/semanage
 %{_bindir}/chcat
-%{_bindir}/sandbox
 %{_bindir}/audit2allow
 %{_bindir}/audit2why
 %{_mandir}/man1/audit2allow.1*
 %{_mandir}/ru/man1/audit2allow.1*
 %{_mandir}/man1/audit2why.1*
+%{_mandir}/ru/man1/audit2why.1*
 %{_sysconfdir}/dbus-1/system.d/org.selinux.conf
 %{_mandir}/man8/chcat.8*
 %{_mandir}/ru/man8/chcat.8*
-%{_mandir}/man8/sandbox.8*
 %{_mandir}/man8/semanage*.8*
-%{_mandir}/ru/man8/semanage.8*
+%{_mandir}/ru/man8/semanage*.8*
 %{_datadir}/bash-completion/completions/semanage
 
 %package dbus
 Summary:    SELinux policy core DBUS api
 Requires:   python3-policycoreutils = %{version}-%{release}
 Requires:   python3-slip-dbus
+Requires:   python3-gobject-base
 BuildArch:  noarch
 
 %description dbus
@@ -277,7 +273,7 @@ Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
 # no python3-audit-libs yet
 Requires:audit-libs-python3 >=  %{libauditver}
 Requires: checkpolicy
-Requires: python3-setools >= 4.1.1
+Requires: python3-setools >= 4.4.0
 BuildArch: noarch
 
 %description -n python3-policycoreutils
@@ -304,43 +300,6 @@ by python 3 in an SELinux environment.
 %{python3_sitelib}/sepolicy*.egg-info
 %{python3_sitelib}/sepolicy/__pycache__
 
-%package -n python2-policycoreutils
-%{?python_provide:%python_provide python2-policycoreutils}
-# Remove before F30
-Provides: %{name}-python = %{version}-%{release}
-Provides: %{name}-python = %{version}-%{release}
-Obsoletes: %{name}-python < %{version}-%{release}
-Summary: SELinux policy core python2 utilities
-Requires:policycoreutils = %{version}-%{release}
-Requires:python2-libsemanage >= %{libsemanagever} python2-libselinux
-# no python2-audit-libs yet
-Requires:audit-libs-python2 >=  %{libauditver}
-Obsoletes: policycoreutils < 2.0.61-2
-Requires: python2-IPy
-Requires: checkpolicy
-Requires: python2-setools >= 4.1.1
-BuildArch: noarch
-
-%description -n python2-policycoreutils
-The policycoreutils-python package contains the management tools use to manage
-an SELinux environment.
-
-%files -n python2-policycoreutils
-%{python2_sitelib}/seobject.py*
-%{python2_sitelib}/sepolgen
-%dir %{python2_sitelib}/sepolicy
-%{python2_sitelib}/sepolicy/templates
-%{python2_sitelib}/sepolicy/__init__.py*
-%{python2_sitelib}/sepolicy/booleans.py*
-%{python2_sitelib}/sepolicy/communicate.py*
-%{python2_sitelib}/sepolicy/generate.py*
-%{python2_sitelib}/sepolicy/interface.py*
-%{python2_sitelib}/sepolicy/manpage.py*
-%{python2_sitelib}/sepolicy/network.py*
-%{python2_sitelib}/sepolicy/transition.py*
-%{python2_sitelib}/sepolicy/sedbus.py*
-%{python2_sitelib}/sepolicy*.egg-info
-
 %package devel
 Summary: SELinux policy core policy devel utilities
 Requires: policycoreutils-python-utils = %{version}-%{release}
@@ -358,6 +317,7 @@ The policycoreutils-devel package contains the management tools use to develop p
 /var/lib/sepolgen/perm_map
 %{_bindir}/sepolicy
 %{_mandir}/man8/sepolgen.8*
+%{_mandir}/ru/man8/sepolgen.8*
 %{_mandir}/man8/sepolicy-booleans.8*
 %{_mandir}/man8/sepolicy-generate.8*
 %{_mandir}/man8/sepolicy-interface.8*
@@ -366,6 +326,7 @@ The policycoreutils-devel package contains the management tools use to develop p
 %{_mandir}/man8/sepolicy-communicate.8*
 %{_mandir}/man8/sepolicy-manpage.8*
 %{_mandir}/man8/sepolicy-transition.8*
+%{_mandir}/ru/man8/sepolicy*.8*
 %{_usr}/share/bash-completion/completions/sepolicy
 
 
@@ -386,7 +347,12 @@ sandboxes
 %{_datadir}/sandbox/start
 %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
 %{_mandir}/man8/seunshare.8*
+%{_mandir}/ru/man8/seunshare.8*
+%{_bindir}/sandbox
 %{_mandir}/man5/sandbox.5*
+%{_mandir}/ru/man5/sandbox.5*
+%{_mandir}/man8/sandbox.8*
+%{_mandir}/ru/man8/sandbox.8*
 
 %package newrole
 Summary: The newrole application for RBAC/MLS
@@ -399,6 +365,7 @@ or level of a logged in user.
 %files newrole
 %attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
 %{_mandir}/man1/newrole.1.gz
+%{_mandir}/ru/man1/newrole.1.gz
 %config(noreplace) %{_sysconfdir}/pam.d/newrole
 
 %package gui
@@ -425,10 +392,6 @@ system-config-selinux is a utility for managing the SELinux environment
 %{_datadir}/system-config-selinux/system-config-selinux.png
 %{_datadir}/system-config-selinux/*Page.py
 %{_datadir}/system-config-selinux/__pycache__/*Page.*
-%{_datadir}/system-config-selinux/html_util.py
-%{_datadir}/system-config-selinux/__pycache__/html_util.*
-%{_datadir}/system-config-selinux/polgengui.py
-%{_datadir}/system-config-selinux/__pycache__/polgengui.*
 %{_datadir}/system-config-selinux/system-config-selinux.py
 %{_datadir}/system-config-selinux/__pycache__/system-config-selinux.*
 %{_datadir}/system-config-selinux/*.ui
@@ -437,8 +400,11 @@ system-config-selinux is a utility for managing the SELinux environment
 %{_datadir}/icons/hicolor/*/apps/sepolicy.png
 %{_datadir}/pixmaps/sepolicy.png
 %{_mandir}/man8/system-config-selinux.8*
+%{_mandir}/ru/man8/system-config-selinux.8*
 %{_mandir}/man8/selinux-polgengui.8*
+%{_mandir}/ru/man8/selinux-polgengui.8*
 %{_mandir}/man8/sepolicy-gui.8*
+%{_mandir}/ru/man8/sepolicy-gui.8*
 
 %files -f %{name}.lang
 %{_sbindir}/restorecon
@@ -463,7 +429,9 @@ system-config-selinux is a utility for managing the SELinux environment
 %{generatorsdir}/selinux-autorelabel-generator.sh
 %config(noreplace) %{_sysconfdir}/sestatus.conf
 %{_mandir}/man5/selinux_config.5.gz
+%{_mandir}/ru/man5/selinux_config.5.gz
 %{_mandir}/man5/sestatus.conf.5.gz
+%{_mandir}/ru/man5/sestatus.conf.5.gz
 %{_mandir}/man8/fixfiles.8*
 %{_mandir}/ru/man8/fixfiles.8*
 %{_mandir}/man8/load_policy.8*
@@ -471,6 +439,7 @@ system-config-selinux is a utility for managing the SELinux environment
 %{_mandir}/man8/restorecon.8*
 %{_mandir}/ru/man8/restorecon.8*
 %{_mandir}/man8/restorecon_xattr.8*
+%{_mandir}/ru/man8/restorecon_xattr.8*
 %{_mandir}/man8/semodule.8*
 %{_mandir}/ru/man8/semodule.8*
 %{_mandir}/man8/sestatus.8*
@@ -482,17 +451,19 @@ system-config-selinux is a utility for managing the SELinux environment
 %{_mandir}/man1/secon.1*
 %{_mandir}/ru/man1/secon.1*
 %{_mandir}/man8/genhomedircon.8*
+%{_mandir}/ru/man8/genhomedircon.8*
 %{_mandir}/man8/semodule_expand.8*
 %{_mandir}/ru/man8/semodule_expand.8*
 %{_mandir}/man8/semodule_link.8*
 %{_mandir}/ru/man8/semodule_link.8*
 %{_mandir}/man8/semodule_unpackage.8*
+%{_mandir}/ru/man8/semodule_unpackage.8*
 %{_mandir}/man8/semodule_package.8*
 %{_mandir}/ru/man8/semodule_package.8*
 %dir %{_datadir}/bash-completion
 %{_datadir}/bash-completion/completions/setsebool
 %{!?_licensedir:%global license %%doc}
-%license policycoreutils-%{version}/COPYING
+%license policycoreutils/COPYING
 %doc %{_usr}/share/doc/%{name}
 
 %package restorecond
@@ -505,14 +476,52 @@ The policycoreutils-restorecond package contains the restorecond service.
 %files restorecond
 %{_sbindir}/restorecond
 %{_unitdir}/restorecond.service
+%{_userunitdir}/restorecond_user.service
 %config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
 %config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
 %{_sysconfdir}/xdg/autostart/restorecond.desktop
 %{_datadir}/dbus-1/services/org.selinux.Restorecond.service
 %{_mandir}/man8/restorecond.8*
 %{_mandir}/ru/man8/restorecond.8*
+/usr/share/man/ru/man1/audit2why.1.gz
+/usr/share/man/ru/man1/newrole.1.gz
+/usr/share/man/ru/man5/sandbox.5.gz
+/usr/share/man/ru/man5/selinux_config.5.gz
+/usr/share/man/ru/man5/sestatus.conf.5.gz
+/usr/share/man/ru/man8/genhomedircon.8.gz
+/usr/share/man/ru/man8/restorecon_xattr.8.gz
+/usr/share/man/ru/man8/sandbox.8.gz
+/usr/share/man/ru/man8/selinux-polgengui.8.gz
+/usr/share/man/ru/man8/semanage-boolean.8.gz
+/usr/share/man/ru/man8/semanage-dontaudit.8.gz
+/usr/share/man/ru/man8/semanage-export.8.gz
+/usr/share/man/ru/man8/semanage-fcontext.8.gz
+/usr/share/man/ru/man8/semanage-ibendport.8.gz
+/usr/share/man/ru/man8/semanage-ibpkey.8.gz
+/usr/share/man/ru/man8/semanage-import.8.gz
+/usr/share/man/ru/man8/semanage-interface.8.gz
+/usr/share/man/ru/man8/semanage-login.8.gz
+/usr/share/man/ru/man8/semanage-module.8.gz
+/usr/share/man/ru/man8/semanage-node.8.gz
+/usr/share/man/ru/man8/semanage-permissive.8.gz
+/usr/share/man/ru/man8/semanage-port.8.gz
+/usr/share/man/ru/man8/semanage-user.8.gz
+/usr/share/man/ru/man8/semodule_unpackage.8.gz
+/usr/share/man/ru/man8/sepolgen.8.gz
+/usr/share/man/ru/man8/sepolicy-booleans.8.gz
+/usr/share/man/ru/man8/sepolicy-communicate.8.gz
+/usr/share/man/ru/man8/sepolicy-generate.8.gz
+/usr/share/man/ru/man8/sepolicy-gui.8.gz
+/usr/share/man/ru/man8/sepolicy-interface.8.gz
+/usr/share/man/ru/man8/sepolicy-manpage.8.gz
+/usr/share/man/ru/man8/sepolicy-network.8.gz
+/usr/share/man/ru/man8/sepolicy-transition.8.gz
+/usr/share/man/ru/man8/sepolicy.8.gz
+/usr/share/man/ru/man8/seunshare.8.gz
+/usr/share/man/ru/man8/system-config-selinux.8.gz
+
 %{!?_licensedir:%global license %%doc}
-%license policycoreutils-%{version}/COPYING
+%license policycoreutils/COPYING
 
 %post
 %systemd_post selinux-autorelabel-mark.service
@@ -530,6 +539,97 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Tue Nov 24 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-8
+- Fix BuildRequires to libsemanage-devel
+
+* Fri Nov 20 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-7
+- python/sepolicy: allow to override manpage date
+- selinux_config(5): add a note that runtime disable is deprecated
+
+* Mon Nov  9 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-6
+- Require latest setools
+
+* Fri Oct 30 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-5
+- Build with libsepol.so.1 and libsemanage.so.2
+- Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file
+- fixfiles: correctly restore context of mountpoints
+- sepolgen: print extended permissions in hexadecimal
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-4
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.1-2
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Fri Jul 10 2020 Petr Lautrbach <plautrba@redhat.com> - 3.1-1
+- SELinux userspace 3.1 release
+
+* Mon Jun  1 2020 Petr Lautrbach <plautrba@redhat.com> - 3.0-4
+- policycoreutils-dbus requires python3-gobject-base
+
+* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 3.0-3
+- Rebuilt for Python 3.9
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Dec  6 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-1
+- SELinux userspace 3.0 release
+
+* Wed Sep  4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-7
+- semanage: Do not use default s0 range in "semanage login -a" (#1312283)
+
+* Thu Aug 29 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
+- gui: Fix remove module in system-config-selinux (#1740936)
+
+* Fri Aug 23 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-5
+- fixfiles: Fix unbound variable problem
+
+* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 2.9-4
+- Rebuilt for Python 3.8
+
+* Mon Aug  5 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3
+- Drop python2-policycoreutils
+- Update ru man page translations
+- fixfiles: Fix [-B] [-F] onboot
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
+- SELinux userspace 2.9 release
+
+* Mon Mar 11 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc2.1
+- SELinux userspace 2.9-rc2 release
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-0.rc1.1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-0.rc1.1
+- SELinux userspace 2.9-rc1 release candidate
+
+* Fri Jan 25 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-17
+- python2-policycoreutils requires python2-ipaddress (#1669230)
+
+* Tue Jan 22 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-16
+- restorecond: Install DBUS service file with 644 permissions
+
+* Mon Jan 21 2019 Petr Lautrbach <plautrba@redhat.com> - 2.8-15
+- setsebool: support use of -P on SELinux-disabled hosts
+- sepolicy: initialize mislabeled_files in __init__()
+- audit2allow: use local sepolgen-ifgen-attr-helper for tests
+- audit2allow: allow using audit2why as non-root user
+- audit2allow/sepolgen-ifgen: show errors on stderr
+- audit2allow/sepolgen-ifgen: add missing \n to error message
+- sepolgen: close /etc/selinux/sepolgen.conf after parsing it
+- sepolicy: Make policy files sorting more robust
+- semanage: Load a store policy and set the store SELinux policy root
+
 * Thu Dec 20 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-14
 - chcat: fix removing categories on users with Fedora default setup
 - semanage: Include MCS/MLS range when exporting local customizations

restorecond-fedora.patch

@@ -1,12 +0,0 @@
-diff --git restorecond-2.8/restorecond.c restorecond-2.8/restorecond.c
-index 6fbbd35..e1d26cb 100644
---- restorecond-2.8/restorecond.c
-+++ restorecond-2.8/restorecond.c
-@@ -105,6 +105,7 @@ static int write_pid_file(void)
- 	}
- 	if (write(pidfd, val, (unsigned int)len) != len) {
- 		syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
-+		close(pidfd);
- 		return 1;
- 	}
- 	close(pidfd);

selinux-autorelabel.service

@@ -11,4 +11,4 @@ ExecStart=/usr/libexec/selinux/selinux-autorelabel
 Type=oneshot
 TimeoutSec=0
 RemainAfterExit=yes
-StandardInput=tty
+StandardOutput=journal+console

selinux-dbus-fedora.patch

@@ -1,35 +0,0 @@
-diff --git selinux-dbus-2.8/org.selinux.conf selinux-dbus-2.8/org.selinux.conf
-index a350978..1ae079d 100644
---- selinux-dbus-2.8/org.selinux.conf
-+++ selinux-dbus-2.8/org.selinux.conf
-@@ -12,12 +12,8 @@
- 
-   <!-- Allow anyone to invoke methods on the interfaces,
-        authorization is performed by PolicyKit -->
--  <policy at_console="true">
--    <allow send_destination="org.selinux"/>
--  </policy>
-   <policy context="default">
--    <allow send_destination="org.selinux"
--	   send_interface="org.freedesktop.DBus.Introspectable"/>
-+    <allow send_destination="org.selinux"/>
-   </policy>
- 
- </busconfig>
-diff --git selinux-dbus-2.8/org.selinux.policy selinux-dbus-2.8/org.selinux.policy
-index 0126610..9772127 100644
---- selinux-dbus-2.8/org.selinux.policy
-+++ selinux-dbus-2.8/org.selinux.policy
-@@ -70,9 +70,9 @@
- 	  <allow_active>auth_admin_keep</allow_active>
-         </defaults>
-     </action>
--    <action id="org.selinux.change_policy_type">
--        <description>SELinux write access</description>
--        <message>System policy prevents change_policy_type access to SELinux</message>
-+    <action id="org.selinux.change_default_mode">
-+        <description>Change SELinux default enforcing mode</description>
-+        <message>System policy prevents change_default_policy access to SELinux</message>
-         <defaults>
-           <allow_any>no</allow_any>
-           <allow_inactive>no</allow_inactive>

selinux-gui-fedora.patch

@@ -1,306 +0,0 @@
-diff --git selinux-gui-2.8/Makefile selinux-gui-2.8/Makefile
-index a72e58c..ffe8b97 100644
---- selinux-gui-2.8/Makefile
-+++ selinux-gui-2.8/Makefile
-@@ -21,6 +21,7 @@ system-config-selinux.ui \
- usersPage.py
- 
- all: $(TARGETS) system-config-selinux.py polgengui.py
-+	(cd po && $(MAKE) $@)
- 
- install: all
- 	-mkdir -p $(DESTDIR)$(MANDIR)/man8
-@@ -46,6 +47,8 @@ install: all
- 		install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
- 	done
- 	install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
-+	(cd po && $(MAKE) $@)
-+
- clean:
- 
- indent:
-diff --git selinux-gui-2.8/booleansPage.py selinux-gui-2.8/booleansPage.py
-index 7849bea..dd12b6d 100644
---- selinux-gui-2.8/booleansPage.py
-+++ selinux-gui-2.8/booleansPage.py
-@@ -38,7 +38,7 @@ DISABLED = 2
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/domainsPage.py selinux-gui-2.8/domainsPage.py
-index bad5140..6bbe4de 100644
---- selinux-gui-2.8/domainsPage.py
-+++ selinux-gui-2.8/domainsPage.py
-@@ -30,7 +30,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/fcontextPage.py selinux-gui-2.8/fcontextPage.py
-index 370bbee..e424366 100644
---- selinux-gui-2.8/fcontextPage.py
-+++ selinux-gui-2.8/fcontextPage.py
-@@ -47,7 +47,7 @@ class context:
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/loginsPage.py selinux-gui-2.8/loginsPage.py
-index b67eb8b..cbfb0cc 100644
---- selinux-gui-2.8/loginsPage.py
-+++ selinux-gui-2.8/loginsPage.py
-@@ -29,7 +29,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/modulesPage.py selinux-gui-2.8/modulesPage.py
-index 34c5d9e..627ad95 100644
---- selinux-gui-2.8/modulesPage.py
-+++ selinux-gui-2.8/modulesPage.py
-@@ -30,7 +30,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/po/Makefile selinux-gui-2.8/po/Makefile
-new file mode 100644
-index 0000000..a0f5439
---- /dev/null
-+++ selinux-gui-2.8/po/Makefile
-@@ -0,0 +1,82 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE	= gui
-+POTFILE		= $(NLSPACKAGE).pot
-+INSTALL		= /usr/bin/install -c -p
-+INSTALL_DATA	= $(INSTALL) -m 644
-+INSTALL_DIR	= /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE	= msgmerge
-+MSGMERGE_FLAGS	= -q
-+XGETTEXT	= xgettext --default-domain=$(NLSPACKAGE)
-+MSGFMT		= msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES  = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all::  $(MOFILES)
-+
-+$(POTFILE): $(POTFILES)
-+	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
-+	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+	    rm -f $(NLSPACKAGE).po; \
-+	else \
-+	    mv -f $(NLSPACKAGE).po $(POTFILE); \
-+	fi; \
-+
-+
-+refresh-po: Makefile
-+	for cat in $(POFILES); do \
-+		lang=`basename $$cat .po`; \
-+		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+			mv -f $$lang.pot $$lang.po ; \
-+			echo "$(MSGMERGE) of $$lang succeeded" ; \
-+		else \
-+			echo "$(MSGMERGE) of $$lang failed" ; \
-+			rm -f $$lang.pot ; \
-+		fi \
-+	done
-+
-+clean:
-+	@rm -fv *mo *~ .depend
-+	@rm -rf tmp
-+
-+install: $(MOFILES)
-+	@for n in $(MOFILES); do \
-+	    l=`basename $$n .mo`; \
-+	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+	done
-+
-+%.mo: %.po
-+	$(MSGFMT) -o $@ $<
-+report:
-+	@for cat in $(wildcard *.po); do \
-+                echo -n "$$cat: "; \
-+                msgfmt -v --statistics -o /dev/null $$cat; \
-+        done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git selinux-gui-2.8/po/POTFILES selinux-gui-2.8/po/POTFILES
-new file mode 100644
-index 0000000..1795c5c
---- /dev/null
-+++ selinux-gui-2.8/po/POTFILES
-@@ -0,0 +1,17 @@
-+../booleansPage.py
-+../domainsPage.py
-+../fcontextPage.py
-+../loginsPage.py
-+../modulesPage.py
-+../org.selinux.config.policy
-+../polgengui.py
-+../polgen.ui
-+../portsPage.py
-+../selinux-polgengui.desktop
-+../semanagePage.py
-+../sepolicy.desktop
-+../statusPage.py
-+../system-config-selinux.desktop
-+../system-config-selinux.py
-+../system-config-selinux.ui
-+../usersPage.py
-diff --git selinux-gui-2.8/polgen.ui selinux-gui-2.8/polgen.ui
-index aa4c70a..6a8c067 100644
---- selinux-gui-2.8/polgen.ui
-+++ selinux-gui-2.8/polgen.ui
-@@ -1975,7 +1975,7 @@ Tab</property>
-                                       <object class="GtkLabel" id="label17">
-                                         <property name="visible">True</property>
-                                         <property name="can_focus">False</property>
--                                        <property name="label">Add File</property>
-+                                        <property name="label" translatable="yes">Add File</property>
-                                         <property name="use_underline">True</property>
-                                       </object>
-                                       <packing>
-@@ -2028,7 +2028,7 @@ Tab</property>
-                                       <object class="GtkLabel" id="label16">
-                                         <property name="visible">True</property>
-                                         <property name="can_focus">False</property>
--                                        <property name="label">Add Directory</property>
-+                                        <property name="label" translatable="yes">Add Directory</property>
-                                         <property name="use_underline">True</property>
-                                       </object>
-                                       <packing>
-@@ -2176,7 +2176,7 @@ Tab</property>
-                                       <object class="GtkLabel" id="label3">
-                                         <property name="visible">True</property>
-                                         <property name="can_focus">False</property>
--                                        <property name="label">Add Boolean</property>
-+                                        <property name="label" translatable="yes">Add Boolean</property>
-                                         <property name="use_underline">True</property>
-                                       </object>
-                                       <packing>
-diff --git selinux-gui-2.8/polgengui.py selinux-gui-2.8/polgengui.py
-index 1601dbe..7e0d9d0 100644
---- selinux-gui-2.8/polgengui.py
-+++ selinux-gui-2.8/polgengui.py
-@@ -63,7 +63,7 @@ def get_all_modules():
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/portsPage.py selinux-gui-2.8/portsPage.py
-index 30f5838..a537ecc 100644
---- selinux-gui-2.8/portsPage.py
-+++ selinux-gui-2.8/portsPage.py
-@@ -35,7 +35,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/semanagePage.py selinux-gui-2.8/semanagePage.py
-index 4127804..5361d69 100644
---- selinux-gui-2.8/semanagePage.py
-+++ selinux-gui-2.8/semanagePage.py
-@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/statusPage.py selinux-gui-2.8/statusPage.py
-index 766854b..a8f079b 100644
---- selinux-gui-2.8/statusPage.py
-+++ selinux-gui-2.8/statusPage.py
-@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/system-config-selinux.py selinux-gui-2.8/system-config-selinux.py
-index ce7c74b..a81e9dd 100644
---- selinux-gui-2.8/system-config-selinux.py
-+++ selinux-gui-2.8/system-config-selinux.py
-@@ -45,7 +45,7 @@ import selinux
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git selinux-gui-2.8/usersPage.py selinux-gui-2.8/usersPage.py
-index 26794ed..d15d4c5 100644
---- selinux-gui-2.8/usersPage.py
-+++ selinux-gui-2.8/usersPage.py
-@@ -29,7 +29,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}

selinux-sandbox-fedora.patch

@@ -1,186 +0,0 @@
-diff --git selinux-sandbox-2.8/Makefile selinux-sandbox-2.8/Makefile
-index 49c1d3f..9e45329 100644
---- selinux-sandbox-2.8/Makefile
-+++ selinux-sandbox-2.8/Makefile
-@@ -12,6 +12,7 @@ override LDLIBS += -lselinux -lcap-ng
- SEUNSHARE_OBJS = seunshare.o
- 
- all: sandbox seunshare sandboxX.sh start
-+	(cd po && $(MAKE) $@)
- 
- seunshare: $(SEUNSHARE_OBJS)
- 
-@@ -30,6 +31,7 @@ install: all
- 	install -m 755 start $(DESTDIR)$(SHAREDIR)
- 	-mkdir -p $(DESTDIR)$(SYSCONFDIR)
- 	install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
-+	(cd po && $(MAKE) $@)
- 
- test:
- 	@$(PYTHON) test_sandbox.py -v
-diff --git selinux-sandbox-2.8/po/Makefile selinux-sandbox-2.8/po/Makefile
-new file mode 100644
-index 0000000..0556bbe
---- /dev/null
-+++ selinux-sandbox-2.8/po/Makefile
-@@ -0,0 +1,82 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE	= sandbox
-+POTFILE		= $(NLSPACKAGE).pot
-+INSTALL		= /usr/bin/install -c -p
-+INSTALL_DATA	= $(INSTALL) -m 644
-+INSTALL_DIR	= /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE	= msgmerge
-+MSGMERGE_FLAGS	= -q
-+XGETTEXT	= xgettext -L Python --default-domain=$(NLSPACKAGE)
-+MSGFMT		= msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES  = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all:: $(POTFILE) $(MOFILES)
-+
-+$(POTFILE): $(POTFILES)
-+	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
-+	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+	    rm -f $(NLSPACKAGE).po; \
-+	else \
-+	    mv -f $(NLSPACKAGE).po $(POTFILE); \
-+	fi; \
-+
-+
-+refresh-po: Makefile
-+	for cat in $(POFILES); do \
-+		lang=`basename $$cat .po`; \
-+		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+			mv -f $$lang.pot $$lang.po ; \
-+			echo "$(MSGMERGE) of $$lang succeeded" ; \
-+		else \
-+			echo "$(MSGMERGE) of $$lang failed" ; \
-+			rm -f $$lang.pot ; \
-+		fi \
-+	done
-+
-+clean:
-+	@rm -fv *mo *~ .depend
-+	@rm -rf tmp
-+
-+install: $(MOFILES)
-+	@for n in $(MOFILES); do \
-+	    l=`basename $$n .mo`; \
-+	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+	done
-+
-+%.mo: %.po
-+	$(MSGFMT) -o $@ $<
-+report:
-+	@for cat in $(wildcard *.po); do \
-+                echo -n "$$cat: "; \
-+                msgfmt -v --statistics -o /dev/null $$cat; \
-+        done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git selinux-sandbox-2.8/po/POTFILES selinux-sandbox-2.8/po/POTFILES
-new file mode 100644
-index 0000000..deff3f2
---- /dev/null
-+++ selinux-sandbox-2.8/po/POTFILES
-@@ -0,0 +1 @@
-+../sandbox
-diff --git selinux-sandbox-2.8/sandbox selinux-sandbox-2.8/sandbox
-index c07a1d8..948496d 100644
---- selinux-sandbox-2.8/sandbox
-+++ selinux-sandbox-2.8/sandbox
-@@ -37,7 +37,7 @@ import sepolicy
- 
- SEUNSHARE = "/usr/sbin/seunshare"
- SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-sandbox"
- try:
-     import gettext
-     kwargs = {}
-@@ -268,7 +268,7 @@ class Sandbox:
-             copyfile(f, "/tmp", self.__tmpdir)
-             copyfile(f, "/var/tmp", self.__tmpdir)
- 
--    def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
-+    def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
-         execfile = self.__homedir + "/.sandboxrc"
-         fd = open(execfile, "w+")
-         if self.__options.session:
-@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
- 
-         parser.add_option("-W", "--windowmanager", dest="wm",
-                           type="string",
--                          default="/usr/bin/openbox",
-+                          default="/usr/bin/matchbox-window-manager",
-                           help=_("alternate window manager"))
- 
-         parser.add_option("-l", "--level", dest="level",
-diff --git selinux-sandbox-2.8/sandbox.8 selinux-sandbox-2.8/sandbox.8
-index d83fee7..90ef495 100644
---- selinux-sandbox-2.8/sandbox.8
-+++ selinux-sandbox-2.8/sandbox.8
-@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
- \fB\-W\fR \fB\-\-windowmanager\fR
- Select alternative window manager to run within 
- .B sandbox \-X.
--Default to /usr/bin/openbox.
-+Default to /usr/bin/matchbox-window-manager.
- .TP
- \fB\-X\fR 
- Create an X based Sandbox for gui apps, temporary files for
-diff --git selinux-sandbox-2.8/sandboxX.sh selinux-sandbox-2.8/sandboxX.sh
-index eaa500d..c211ebc 100644
---- selinux-sandbox-2.8/sandboxX.sh
-+++ selinux-sandbox-2.8/sandboxX.sh
-@@ -6,21 +6,7 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
- [ -z $2 ] && export DPI="96" || export DPI="$2"
- trap "exit 0" HUP
- 
--mkdir -p ~/.config/openbox
--cat > ~/.config/openbox/rc.xml << EOF
--<openbox_config xmlns="http://openbox.org/3.4/rc"
--		xmlns:xi="http://www.w3.org/2001/XInclude">
--<applications>
--  <application class="*">
--    <decor>no</decor>
--    <desktop>all</desktop>
--    <maximized>yes</maximized>
--  </application>
--</applications>
--</openbox_config>
--EOF
--
--(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
-+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
-     export DISPLAY=:$D
-     cat > ~/seremote << __EOF
- #!/bin/sh

semodule-utils-fedora.patch

@@ -1,12 +0,0 @@
-diff --git semodule-utils-2.8/semodule_package/semodule_package.c semodule-utils-2.8/semodule_package/semodule_package.c
-index 3515234..7b75b3f 100644
---- semodule-utils-2.8/semodule_package/semodule_package.c
-+++ semodule-utils-2.8/semodule_package/semodule_package.c
-@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
- 	}
- 	if (!sb.st_size) {
- 		*len = 0;
-+		close(fd);
- 		return 0;
- 	}
- 

sources

@@ -1,12 +1,11 @@
-SHA512 (policycoreutils_man_ru2.tar.bz2) = 7272801da169b8d7dd3f8b7e368a63a4fbb7ae94599f9384bc450d142e6b2a3805ab542d650cbe9c8978c2d8e5c56ef4c11f361abfefeaf184ec3a4b0d2afb4c
-SHA512 (policycoreutils-2.8.tar.gz) = 2b4a70836fd8727a16b8f8d4afcc39c9461ab6f5bc1ba5ce5833d41150da921ebb3c9bdbd1cfa7dd31fd382ba18b5433ca9b63bce58bd290db81fa9bedfe29f3
-SHA512 (restorecond-2.8.tar.gz) = 5d72336782c3ad095746f8e6fa67e36448e5e76ca29586d8fe4962c64e505fa95c1458e8fc8f7d5bd589fff71b4be3758fb0cee3dacd2ccd0bc8476423e2540e
-SHA512 (selinux-dbus-2.8.tar.gz) = 241b308a4754fdc618466fc0f60234c1a80583eaeca22fab96f2d2779ac91ae03437cdfa8320fcfe5f142cdab543f025425c90eded5ff55d06960f55704a99f2
-SHA512 (selinux-gui-2.8.tar.gz) = 616323d0516cda80cdc13b8e66890b2c872695c276587304dd88a0948420011f5967ef46053f769f39863a9a9194f6e203102308c89f938ed66331f37c8a8d25
-SHA512 (selinux-python-2.8.tar.gz) = e695c11122f7f8105b75d1ef98355fd2b82b40d93c2fd9e733dcd95d4d7c392f60b646df81203c43ad2a0e8447f9901083007e1572b78e17368ad2764ffa1aad
-SHA512 (selinux-sandbox-2.8.tar.gz) = d86582639d1afc532998c2e94e0cc1fe9f7ce1daaa912a39b1b5dddf52c33965c063abe0cdcbcbe4017d5cbcabe351dcd9861323753dffc755de355b87c821b2
-SHA512 (semodule-utils-2.8.tar.gz) = 13d79a22115f5448dafc5202dc3dec66b9ad826051d61d7c126defe823407959511db35713d97c7dfe9e79de96193fec91a10b98c13743e06a1213f5734f4ae7
-SHA512 (gui-po.tgz) = 8b4a2ed5f246ea3d6086e2f8b7df37b0e43318b1a1d4dc5aae7cfa32ee6b4e0a39fc0b8f08ff062fd776d54a4c9b88f641d3109f7d8b5ec11b44383c902fefa5
-SHA512 (policycoreutils-po.tgz) = 8dd151bc67345106fec5daae1a133e74202484509357883e21e1eaccb8283098dc153a8f77e2d4dd0e899995eb07dedf0f7fca68507df35593a7f95482a4cb28
-SHA512 (python-po.tgz) = c9d88b9523f41b13f53403c0a98fe2fd6ba67afa51d41b56a856340e387eee00d6bd5416cd595a4bf657eaa02797ac3fe25a2a5de17b5f6bb6a2566d14c6c63f
-SHA512 (sandbox-po.tgz) = 5843f85fb30f802857e5b5914ab8f99ece4e2639b54c8663a3994e612801b6a55a996907c1050965dd3e6b6169d6ec468cc2ae9f65dafbba24ae1dea72a9573b
+SHA512 (policycoreutils-3.1.tar.gz) = 0592f218563a99ba95d2cfd07fdc3761b61c1cc3c01a17ab89ad840169e1a7d4083521d5cacc72d1b76911d516bf592db7a3f90d9ef0cc11ceed007e4580e140
+SHA512 (restorecond-3.1.tar.gz) = cdcf299f48b89a7c641ded9507b9b966bf648497394f8e988a9cb1ceb3224c86369706027f3416a4f9750836f7a8f4580a4b3df76673e03f897b383d7ed0e2c8
+SHA512 (selinux-dbus-3.1.tar.gz) = d5e1715539ec9aeef2285fc141617b7c25f39ddacc3968d2d19722553b97b873632545a2c7002faef44b671604b2cfca52e9624c57cedbae64d616a080cc955f
+SHA512 (selinux-gui-3.1.tar.gz) = c8bd618da3bd1dcc8aeb470e8410765ea7d38e861b0be78aaddaa5384ec3de12d364de1b63e2d9e3262e1179463f0ee78cb60f11ab72c996899bd72af137ae7c
+SHA512 (selinux-python-3.1.tar.gz) = 5dd98f77ae8ea8bac6a89ec7def76e12496b9a9f8c9612c4cc1dac7a8e8c60380a00c857426bfefbcb4273706addd2594e9b467f69408ef284f082a09d45bd49
+SHA512 (selinux-sandbox-3.1.tar.gz) = e9a772c720704de3fc33a70316780d5995442a1e25ba7df6dc68dd7b7a4eb59dfd2b68e4576051053fe81fbea207fcb1648baad3ea2d56d5b3005e9ca4b8ceb7
+SHA512 (semodule-utils-3.1.tar.gz) = b92794bbfbce5834ee7f62fddb40b5506e9291e8fa7c5d669b2e281089b8f8dc40c4522ea287ac5deffdaee751442ba8e691e2ac45fdd378b60d5d6b2527d157
+SHA512 (gui-po.tgz) = 8e0855256b825eea422b8e2b82cc0decf66b902c9930840905c5ad5dda7bef3679943a22db62709907d48f8a331d67edc5efed3e2638b53e379959b14077b4ea
+SHA512 (policycoreutils-po.tgz) = 66b908f7a167225bebded46f9cf92f42eb194daa2a083d48de43c2a5d33fa42724c5add0a9d029ac9d62c500f6f1c8d3bc138dd598b1fd97e609d7cc7160be72
+SHA512 (python-po.tgz) = 7f2a082b77c7b4417d5d3dac35d86dd635635a9c05a80e5f9284d03604e2f2a06ec879fb29b056d1a46d3fc448cd76e6fd25196834c18a161fd6677f2e11b2be
+SHA512 (sandbox-po.tgz) = 3d4b389b56bab1a6dddce9884dcebdefbefd1017fec6d987ac22a0705f409ed56722387aaca8fe7d9c468862136387bc703062e2b6de8fd102e13fed04ce811b

tests/tests.yml

@@ -8,7 +8,7 @@
     repositories:
     - repo: "https://src.fedoraproject.org/tests/selinux.git"
       dest: "selinux"
-      fmf_filter: "tier: 1 | component: policycoreutils"
+      fmf_filter: "tier: 1 | component: policycoreutils & tags: generic, fedora"
 
 # Tests for atomic host
 - hosts: localhost