Add FILENAME support to sepolgen

- Add back support for '<<none>>' in semanage fcontext.

policycoreutils-sepolgen.patch

@@ -1,191 +1,142 @@
-diff --git a/sepolgen/src/sepolgen/access.py b/sepolgen/src/sepolgen/access.py
-index 649735f..cf13210 100644
---- a/sepolgen/src/sepolgen/access.py
-+++ b/sepolgen/src/sepolgen/access.py
-@@ -87,7 +87,7 @@ class AccessVector:
-             self.perms = refpolicy.IdSet()
-             self.audit_msgs = []
-             self.type = audit2why.TERULE
--            self.bools = []
-+            self.data = []
- 
-         # The direction of the information flow represented by this
-         # access vector - used for matching
-@@ -256,7 +256,7 @@ class AccessVectorSet:
-         for av in l:
-             self.add_av(AccessVector(av))
- 
--    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
-+    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, data=[]):
-         """Add an access vector to the set.
-         """
-         tgt = self.src.setdefault(src_type, { })
-@@ -269,7 +269,7 @@ class AccessVectorSet:
-             access.src_type = src_type
-             access.tgt_type = tgt_type
-             access.obj_class = obj_class
--            access.bools = bools
-+            access.data = data
-             access.type = avc_type
-             cls[obj_class, avc_type] = access
- 
 diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
-index 9e2ccee..73c60f6 100644
+index 73c60f6..d636091 100644
 --- a/sepolgen/src/sepolgen/audit.py
 +++ b/sepolgen/src/sepolgen/audit.py
-@@ -173,7 +173,6 @@ class AVCMessage(AuditMessage):
-         self.accesses = []
-         self.denial = True
-         self.type = audit2why.TERULE
--        self.bools = []
+@@ -38,8 +38,7 @@ def get_audit_boot_msgs():
+     off=float(fd.read().split()[0])
+     fd.close
+     s = time.localtime(time.time() - off)
+-    date = time.strftime("%D/%Y", s).split("/")
+-    bootdate="%s/%s/%s" % (date[0], date[1], date[3])
++    bootdate = time.strftime("%x", s)
+     boottime = time.strftime("%X", s)
+     output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+                               stdout=subprocess.PIPE).communicate()[0]
+diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
+index a4adbd8..7b76261 100644
+--- a/sepolgen/src/sepolgen/refparser.py
++++ b/sepolgen/src/sepolgen/refparser.py
+@@ -91,8 +91,10 @@ tokens = (
+     'CLASS',
+     #   types and attributes
+     'TYPEATTRIBUTE',
++    'ROLEATTRIBUTE',
+     'TYPE',
+     'ATTRIBUTE',
++    'ATTRIBUTE_ROLE',
+     'ALIAS',
+     'TYPEALIAS',
+     #   conditional policy
+@@ -153,8 +155,10 @@ reserved = {
+     'class' : 'CLASS',
+     # types and attributes
+     'typeattribute' : 'TYPEATTRIBUTE',
++    'roleattribute' : 'ROLEATTRIBUTE',
+     'type' : 'TYPE',
+     'attribute' : 'ATTRIBUTE',
++    'attribute_role' : 'ATTRIBUTE_ROLE',
+     'alias' : 'ALIAS',
+     'typealias' : 'TYPEALIAS',
+     # conditional policy
+@@ -489,6 +493,7 @@ def p_policy_stmt(p):
+                    | avrule_def
+                    | typerule_def
+                    | typeattribute_def
++                   | roleattribute_def
+                    | interface_call
+                    | role_def
+                    | role_allow
+@@ -496,6 +501,7 @@ def p_policy_stmt(p):
+                    | type_def
+                    | typealias_def
+                    | attribute_def
++                   | attribute_role_def
+                    | range_transition_def
+                    | role_transition_def
+                    | bool
+@@ -542,6 +548,7 @@ def p_require(p):
+     '''require : TYPE comma_list SEMI
+                | ROLE comma_list SEMI
+                | ATTRIBUTE comma_list SEMI
++               | ATTRIBUTE_ROLE comma_list SEMI
+                | CLASS comma_list SEMI
+                | BOOL comma_list SEMI
+     '''
+@@ -727,6 +734,11 @@ def p_attribute_def(p):
+     a = refpolicy.Attribute(p[2])
+     p[0] = a
  
-     def __parse_access(self, recs, start):
-         # This is kind of sucky - the access that is in a space separated
-@@ -241,10 +240,12 @@ class AVCMessage(AuditMessage):
-         tcontext = self.tcontext.to_string()
-         scontext = self.scontext.to_string()
-         access_tuple = tuple( self.accesses)
-+        self.data = []
++def p_attribute_role_def(p):
++	'attribute_role_def : ATTRIBUTE_ROLE IDENTIFIER SEMI'
++	a = refpolicy.Attribute_Role(p[2])
++	p[0] = a
 +
-         if (scontext, tcontext, self.tclass, access_tuple) in avcdict.keys():
--            self.type, self.bools = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
-+            self.type, self.data = avcdict[(scontext, tcontext, self.tclass, access_tuple)]
-         else:
--            self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
-+            self.type, self.data = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
-             if self.type == audit2why.NOPOLICY:
-                 self.type = audit2why.TERULE
-             if self.type == audit2why.BADTCON:
-@@ -258,7 +259,16 @@ class AVCMessage(AuditMessage):
-             if self.type == audit2why.BADCOMPUTE:
-                 raise ValueError("Error during access vector computation")
+ def p_typealias_def(p):
+     'typealias_def : TYPEALIAS IDENTIFIER ALIAS names SEMI'
+     t = refpolicy.TypeAlias()
+@@ -819,6 +831,13 @@ def p_typeattribute_def(p):
+     t.attributes.update(p[3])
+     p[0] = t
  
--            avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
-+            if self.type == audit2why.CONSTRAINT:
-+                self.data = []
-+                if self.scontext.user != self.tcontext.user:
-+                    self.data.append("user")
-+                if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":
-+                    self.data.append("role")
-+                if self.scontext.level != self.tcontext.level:
-+                    self.data.append("level")
++def p_roleattribute_def(p):
++    '''roleattribute_def : ROLEATTRIBUTE IDENTIFIER comma_list SEMI'''
++    t = refpolicy.RoleAttribute()
++    t.role = p[2]
++    t.roleattributes.update(p[3])
++    p[0] = t
 +
-+            avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)
- 
- class PolicyLoadMessage(AuditMessage):
-     """Audit message indicating that the policy was reloaded."""
-@@ -507,10 +517,10 @@ class AuditParser:
-             if avc_filter:
-                 if avc_filter.filter(avc):
-                     av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
--                               avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
-+                               avc.accesses, avc, avc_type=avc.type, data=avc.data)
-             else:
-                 av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
--                           avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
-+                           avc.accesses, avc, avc_type=avc.type, data=avc.data)
-         return av_set
- 
- class AVCTypeFilter:
-diff --git a/sepolgen/src/sepolgen/matching.py b/sepolgen/src/sepolgen/matching.py
-index 1a9a3e5..d56dd92 100644
---- a/sepolgen/src/sepolgen/matching.py
-+++ b/sepolgen/src/sepolgen/matching.py
-@@ -50,7 +50,7 @@ class Match:
-                 return 1
- 
- class MatchList:
--    DEFAULT_THRESHOLD = 120
-+    DEFAULT_THRESHOLD = 150
-     def __init__(self):
-         # Match objects that pass the threshold
-         self.children = []
-@@ -63,14 +63,15 @@ class MatchList:
-     def best(self):
-         if len(self.children):
-             return self.children[0]
--        else:
--            return None
-+        if len(self.bastards):
-+            return self.bastards[0]
-+        return None
- 
-     def __len__(self):
-         # Only return the length of the matches so
-         # that this can be used to test if there is
-         # a match.
--        return len(self.children)
-+        return len(self.children) + len(self.bastards)
- 
-     def __iter__(self):
-         return iter(self.children)
-diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
-index c3d665c..cc9f8ea 100644
---- a/sepolgen/src/sepolgen/policygen.py
-+++ b/sepolgen/src/sepolgen/policygen.py
-@@ -166,14 +166,16 @@ class PolicyGenerator:
-                 rule.comment += "#!!!! This avc has a dontaudit rule in the current policy\n"
- 
-             if av.type == audit2why.BOOLEAN:
--                if len(av.bools) > 1:
--                    rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n#     %s\n" % ", ".join(map(lambda x: x[0], av.bools))
-+                if len(av.data) > 1:
-+                    rule.comment += "#!!!! This avc can be allowed using one of the these booleans:\n#     %s\n" % ", ".join(map(lambda x: x[0], av.data))
-                 else:
--                    rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.bools[0][0]
-+                    rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]
- 
-             if av.type == audit2why.CONSTRAINT:
-                 rule.comment += "#!!!! This avc is a constraint violation.  You will need to add an attribute to either the source or target type to make it work.\n"
-                 rule.comment += "#Constraint rule: "
-+                for reason in av.data:
-+                    rule.comment += "\n#\tPossible cause source context and target context '%s' differ\b" % reason
- 
-             try:
-                 if ( av.type == audit2why.TERULE and
+ def p_range_transition_def(p):
+     '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI
+                             | RANGE_TRANSITION names names names SEMI'''
 diff --git a/sepolgen/src/sepolgen/refpolicy.py b/sepolgen/src/sepolgen/refpolicy.py
-index b138e3d..1399225 100644
+index 1399225..b07550a 100644
 --- a/sepolgen/src/sepolgen/refpolicy.py
 +++ b/sepolgen/src/sepolgen/refpolicy.py
-@@ -363,7 +363,10 @@ class Role(Leaf):
-         self.types = IdSet()
+@@ -117,6 +117,10 @@ class Node(PolicyBase):
+         """Iterate over all of the TypeAttribute children of this Interface."""
+         return itertools.ifilter(lambda x: isinstance(x, TypeAttribute), walktree(self))
  
++    def roleattributes(self):
++        """Iterate over all of the RoleAttribute children of this Interface."""
++        return itertools.ifilter(lambda x: isinstance(x, RoleAttribute), walktree(self))
++
+     def requires(self):
+         return itertools.ifilter(lambda x: isinstance(x, Require), walktree(self))
+ 
+@@ -356,6 +360,20 @@ class TypeAttribute(Leaf):
      def to_string(self):
--        return "role %s types %s;" % (self.role, self.types.to_comma_str())
-+        s = ""
-+        for t in self.types:
-+            s += "role %s types %s;\n" % (self.role, t)
-+        return s
+         return "typeattribute %s %s;" % (self.type, self.attributes.to_comma_str())
  
- class Type(Leaf):
-     def __init__(self, name="", parent=None):
-@@ -511,7 +514,10 @@ class RoleType(Leaf):
-         self.types = IdSet()
- 
-     def to_string(self):
--        return "role %s types %s;" % (self.role, self.types.to_comma_str())
-+        s = ""
-+        for t in self.types:
-+            s += "role %s types %s;\n" % (self.role, t)
-+        return s
- 
- class ModuleDeclaration(Leaf):
++class RoleAttribute(Leaf):
++    """SElinux typeattribute statement.
++
++    This class represents a typeattribute statement.
++    """
++    def __init__(self, parent=None):
++        Leaf.__init__(self, parent)
++        self.role = ""
++        self.roleattributes = IdSet()
++
++    def to_string(self):
++        return "roleattribute %s %s;" % (self.role, self.roleattributes.to_comma_str())
++
++
+ class Role(Leaf):
      def __init__(self, parent=None):
-@@ -799,7 +805,7 @@ class Require(Leaf):
-         self.types = IdSet()
-         self.obj_classes = { }
-         self.roles = IdSet()
--        self.bools = IdSet()
-+        self.data = IdSet()
-         self.users = IdSet()
+         Leaf.__init__(self, parent)
+@@ -400,6 +418,15 @@ class Attribute(Leaf):
+     def to_string(self):
+         return "attribute %s;" % self.name
  
-     def add_obj_class(self, obj_class, perms):
-@@ -816,7 +822,7 @@ class Require(Leaf):
-             s.append("\tclass %s %s;" % (obj_class, perms.to_space_str()))
-         for role in self.roles:
-             s.append("\trole %s;" % role)
--        for bool in self.bools:
-+        for bool in self.data:
-             s.append("\tbool %s;" % bool)
-         for user in self.users:
-             s.append("\tuser %s;" % user)
++class Attribute_Role(Leaf):
++    def __init__(self, name="", parent=None):
++        Leaf.__init__(self, parent)
++        self.name = name
++
++    def to_string(self):
++        return "attribute_role %s;" % self.name
++
++
+ # Classes representing rules
+ 
+ class AVRule(Leaf):

policycoreutils.spec

@@ -1,13 +1,13 @@
 %define	libauditver	2.1.3-4
-%define libsepolver 	2.1.5-3
-%define	libsemanagever	2.1.7-1
-%define	libselinuxver	2.1.10-1
-%define	sepolgenver	1.1.7
+%define libsepolver 	2.1.8-2
+%define	libsemanagever	2.1.9-1
+%define	libselinuxver	2.1.12-7
+%define	sepolgenver	1.1.8
 
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
-Version: 2.1.12
-Release: 5%{?dist}
+Version: 2.1.13
+Release: 60%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -19,11 +19,11 @@ Source3: system-config-selinux.desktop
 Source4: system-config-selinux.pam
 Source5: system-config-selinux.console
 Source6: selinux-polgengui.desktop
-Source7: selinux-polgengui.console
 Source8: policycoreutils_man_ru2.tar.bz2
 Source10: restorecond.service
 Patch:	 policycoreutils-rhat.patch
-Patch4:	 policycoreutils-sepolgen.patch
+Patch1:	 policycoreutils-sepolgen.patch
+Patch2:	 policycoreutils-f19.patch
 Obsoletes: policycoreutils < 2.0.61-2
 Conflicts: filesystem < 3
 Provides: /sbin/fixfiles
@@ -35,7 +35,7 @@ Provides: /sbin/restorecon
 
 BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver}  libcap-devel audit-libs-devel >=  %{libauditver} gettext
 BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
-BuildRequires: python-devel
+BuildRequires: python-devel setools-devel >= 3.3.7-14
 Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
 BuildRequires:  systemd-units
 Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >=  %{libselinuxver}
@@ -58,13 +58,13 @@ Control, and Multi-level Security.
 policycoreutils contains the policy core utilities that are required
 for basic operation of a SELinux system.  These utilities include
 load_policy to load policies, setfiles to label filesystems, newrole
-to switch roles, and run_init to run /etc/init.d scripts in the proper
-context.
+to switch roles.
 
 %prep
 %setup -q -a 1 
 %patch -p2 -b .rhat
-%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
+%patch1 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
+%patch2 -p1 -b .f19
 
 %build
 make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all 
@@ -98,13 +98,16 @@ install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
 install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
 install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux
 install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
-install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
 install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
 tar -jxf %{SOURCE8} -C %{buildroot}/
 rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
 rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
 rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
 rm -f %{buildroot}/usr/sbin/open_init_pty
+rm -f %{buildroot}/usr/sbin/run_init
+rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
+rm -f %{buildroot}/usr/share/man/man8/run_init.8*
+rm -f %{buildroot}/etc/pam.d/run_init*
 
 ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
 ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
@@ -125,12 +128,9 @@ Group:	 System Environment/Base
 Requires: policycoreutils = %{version}-%{release} 
 Requires: libsemanage-python >= %{libsemanagever} libselinux-python libcgroup
 Requires: audit-libs-python >=  %{libauditver} 
-Requires: /usr/bin/make
 Requires(pre): python >= 2.6
 Obsoletes: policycoreutils < 2.0.61-2
-Requires: setools-libs-python >= 3.3.7-14
-Requires: python-IPy checkpolicy
-Requires: selinux-policy-devel
+Requires: python-IPy
 
 %description python
 The policycoreutils-python package contains the management tools use to manage an SELinux environment.
@@ -138,35 +138,59 @@ The policycoreutils-python package contains the management tools use to manage a
 %files python
 %defattr(-,root,root,-)
 %{_sbindir}/semanage
-%{_bindir}/audit2allow
-%{_bindir}/audit2why
 %{_bindir}/chcat
 %{_bindir}/sandbox
-%{_bindir}/sepolgen-ifgen
-%{_bindir}/sepolgen-ifgen-attr-helper
+%{_bindir}/sepolicy
 %{python_sitelib}/seobject.py*
 %{python_sitelib}/sepolgen
+%{python_sitelib}/sepolicy
 %{python_sitelib}/%{name}*.egg-info
+%{python_sitelib}/sepolicy*.egg-info
 %{pkgpythondir}
-%dir  /var/lib/sepolgen
 %dir  /var/lib/selinux
-/var/lib/sepolgen/perm_map
-%{_mandir}/man1/audit2allow.1*
-%{_mandir}/ru/man1/audit2allow.1*
 %{_mandir}/man1/audit2why.1*
 %{_mandir}/man8/chcat.8*
 %{_mandir}/ru/man8/chcat.8*
 %{_mandir}/man8/sandbox.8*
 %{_mandir}/man8/semanage.8*
+%{_mandir}/man8/sepolicy*.8*
 %{_mandir}/ru/man8/semanage.8*
 %dir %{_sysconfdir}/bash_completion.d
 %{_sysconfdir}/bash_completion.d/semanage-bash-completion.sh
+%{_sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh
 %{_sysconfdir}/bash_completion.d/setsebool-bash-completion.sh
 
-%post python
+%package devel
+Summary: SELinux policy core policy devel utilities
+Group:	 System Environment/Base
+Requires: policycoreutils-python = %{version}-%{release} 
+Requires: /usr/bin/make
+Requires: checkpolicy
+Requires: selinux-policy-devel selinux-policy-doc
+
+%description devel
+The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
+
+%files devel
+%defattr(-,root,root,-)
+%{_bindir}/audit2allow
+%{_bindir}/audit2why
+%{_bindir}/sepolgen
+%{_bindir}/sepolgen-ifgen
+%{_bindir}/sepolgen-ifgen-attr-helper
+%dir  /var/lib/sepolgen
+/var/lib/sepolgen/perm_map
+%{_mandir}/man1/audit2allow.1*
+%{_mandir}/ru/man1/audit2allow.1*
+
+%post devel
 selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null 
 exit 0
 
+%triggerin devel -- selinux-policy-devel
+selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
+exit 0
+
 %package sandbox
 Summary: SELinux sandbox utilities
 Group:	 System Environment/Base
@@ -188,10 +212,6 @@ The policycoreutils-sandbox package contains the scripts to create graphical san
 %{_mandir}/man8/seunshare.8*
 %{_mandir}/man5/sandbox.5*
 
-%triggerin python -- selinux-policy-devel
-selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
-exit 0
-
 %package newrole
 Summary: The newrole application for RBAC/MLS 
 Group: System Environment/Base
@@ -211,11 +231,9 @@ or level of a logged in user.
 %package gui
 Summary: SELinux configuration GUI
 Group: System Environment/Base
-Requires: policycoreutils-python = %{version}-%{release} 
+Requires: policycoreutils-devel = %{version}-%{release} 
 Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
 Requires: usermode-gtk
-Requires: setools-console
-Requires: selinux-policy-doc
 Requires: python >= 2.6
 BuildRequires: desktop-file-utils
 
@@ -226,20 +244,15 @@ system-config-selinux is a utility for managing the SELinux environment
 %defattr(-,root,root)
 %{_bindir}/system-config-selinux
 %{_bindir}/selinux-polgengui
-%{_bindir}/sepolgen
 %{_datadir}/applications/fedora-system-config-selinux.desktop
 %{_datadir}/applications/fedora-selinux-polgengui.desktop
 %{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
 %{_datadir}/pixmaps/system-config-selinux.png
 %dir %{_datadir}/system-config-selinux
-%dir %{_datadir}/system-config-selinux/templates
 %{_datadir}/system-config-selinux/system-config-selinux.png
 %{_datadir}/system-config-selinux/*.py*
-%{_datadir}/system-config-selinux/selinux.tbl
 %{_datadir}/system-config-selinux/*.glade
-%{_datadir}/system-config-selinux/templates/*.py*
 %config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
-%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
 %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
 
 %clean
@@ -255,15 +268,12 @@ rm -rf %{buildroot}
 %{_sbindir}/setsebool
 %{_sbindir}/semodule
 %{_sbindir}/sestatus
-%{_sbindir}/run_init
-%{_sbindir}/restorecon
 %{_bindir}/secon
 %{_bindir}/semodule_deps
 %{_bindir}/semodule_expand
 %{_bindir}/semodule_link
 %{_bindir}/semodule_package
 %{_bindir}/semodule_unpackage
-%config(noreplace) %{_sysconfdir}/pam.d/run_init
 %config(noreplace) %{_sysconfdir}/sestatus.conf
 # selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
 %{_mandir}/man5/selinux_config.5.gz
@@ -274,8 +284,6 @@ rm -rf %{buildroot}
 %{_mandir}/ru/man8/load_policy.8*
 %{_mandir}/man8/restorecon.8*
 %{_mandir}/ru/man8/restorecon.8*
-%{_mandir}/man8/run_init.8*
-%{_mandir}/ru/man8/run_init.8*
 %{_mandir}/man8/semodule.8*
 %{_mandir}/ru/man8/semodule.8*
 %{_mandir}/man8/semodule_deps.8*
@@ -317,21 +325,13 @@ The policycoreutils-restorecond package contains the restorecond service.
 %{_mandir}/ru/man8/restorecond.8*
 
 %post restorecond
-if [ $1 -eq 1 ] ; then
-   /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-fi
+%systemd_post restorecond.service
 
 %preun restorecond
-if [ $1 = 0 ]; then
-   /usr/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
-  /usr/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
-fi
+%systemd_preun restorecond.service
 
 %postun restorecond
-/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
-if [ $1 -ge 1 ] ; then
-    /usr/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
-fi
+%systemd_postun_with_restart restorecond.service
 
 %triggerun -- restorecond < 2.0.86-13
 %{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
@@ -340,6 +340,293 @@ fi
 %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Tue Apr 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-60
+- Add FILENAME support to sepolgen
+- Add back support for '<<none>>' in semanage fcontext.
+
+* Mon Mar 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-59
+- Can not unshare IPC in sandbox, since it blows up Xephyr
+- Remove bogus error message sandbox about reseting setfsuid
+- Allow sandbox to mount on symboliclinked homedirs
+
+* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-58
+- Fix handling of semanage boolean missing booleans
+- Back more sepolicy fixes from Rawhide
+
+* Fri Feb 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-57
+- Back more sepolicy fixes from Rawhide
+
+* Fri Feb 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-56
+- Back port lots of fixes from Rawhide
+        * Cleanup python problems
+	* setfiles: estimate percent progress
+	* sandbox: use sepolicy to look for sandbox_t
+	* gui: switch to use sepolicy
+	* gui: sepolgen: use sepolicy to generate
+	* semanage: use sepolicy for boolean dictionary
+	* semanage: seobject verify policy types before allowing you to assign them.
+	* semanage: good error message is sepolgen python module missing
+	* restorecond: remove /etc/mtab from default list
+	* restorecond: Add /etc/udpatedb.conf to restorecond.conf
+	* sandbox: seunshare: do not reassign realloc value
+	* seunshare: do checking on setfsuid
+
+* Tue Jan 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-55
+- Update Translations
+- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
+-   This fixes the spec file and script file getting wrong names for modules and types.
+
+* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-54
+- Additional patch from Miroslav to handle role attributes
+
+* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-53
+- Update with Miroslav patch to handle role attributes
+- Update Translations
+- import sepolicy will only throw exception on missing policy iff selinux is enabled
+
+* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-52
+- Update to latest patches from eparis/Upstream
+-    secon: add support for setrans color information in prompt output
+- Update translations
+
+* Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-51
+- Update translations
+- Fix sepolicy booleans to handle autogenerated booleans descriptions
+- Cleanups of sepolicy manpage 
+- Fix crash on git_shell man page generation
+
+* Thu Jan 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-50
+- Update translations
+- update sepolicy manpage to generate fcontext equivalence data and to list 
+default file context paths.
+- Add ability to generate policy for confined admins and domains like puppet.
+
+* Thu Dec 20 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-49
+- Fix semanage permissive , this time with the patch.
+- Update translations
+
+* Wed Dec 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-48
+- Fix semanage permissive 
+- Change to use correct gtk forward button
+- Update po
+
+* Mon Dec 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-47
+- Move audit2why to -devel package
+
+* Mon Dec 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-46
+- sepolicy transition was blowing up. Also cleanup output when only source is specified.
+- sepolicy generate should allow policy modules names that include - or _
+
+* Mon Dec 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-45
+- Apply patch from Miroslav to display proper range description in man pages g
+- Should print warning on missing default label when run in recusive mode iff 
+- Remove extra -R description, and fix recursive description
+
+* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44
+- Additional fixes for disabled SELinux Box
+- system-config-selinux no longer relies on lokkit for /etc/selinux/config
+
+* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-43
+- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
+
+* Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42
+- Update Translations
+- sepolicy network -d needs to accept multiple domains
+
+* Fri Nov 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-41
+- Add --path as a parameter to sepolicy generate
+- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
+- Fix sepolicy generate -T to not take an argument, and supress the help message
+- Since this is really just a testing tool
+
+* Fri Nov 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-40
+- Fix sepolicy communicate to handle invalid input
+
+* Thu Nov 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-39
+- Fix sepolicy network -p to handle high ports
+
+* Thu Nov 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-38
+- Fix handling of manpages without entrypoints, nsswitch domains
+- Update Translations
+
+* Wed Nov 28 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-37
+- Move sepogen python bindings back into policycoreutils-python out of -devel, since sepolicy is using the
+
+* Tue Nov 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-36
+- Fix sepolicy/__init__.py to handle _()
+
+* Wed Nov 21 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-35
+- Add Miroslav Grepl patch to create etc_rw_t sock files policy
+
+* Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-34
+- Fix semanage to work without policycoreutils-devel installed
+- Update translations
+
+* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-33
+- Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
+
+* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-32
+- Fix booleansPage not showing booleans
+- Fix audit2allow -b
+
+* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-31
+- Fix sepolicy booleans again
+- Fix man page
+
+* Mon Nov 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-30
+- Move policy generation tools into policycoreutils-devel
+
+* Mon Nov 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-29
+- Document and fix sepolicy booleans
+- Update Translations
+- Fix several spelling mistakes
+
+* Wed Nov 7 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-27
+- Only report restorecon warning for missing default label, if not running
+recusively
+- Update translations
+
+* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-26
+- Fix semanage booleans -l, move more boolean_dict handling into sepolicy
+- Update translations
+- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
+- Fix kill function call should indicate signal_perms not kill capability
+- Error out cleanly in system-config-selinux, if it can not contact XServer
+
+* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-25
+- Remove run_init, no longer needed with systemd.
+- Fix sepolicy generate to not include subdirs in generated fcontext file.  (mgrepl patch)
+
+* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
+- Fix manpage to generate proper man pages for alternate policy,  
+basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as 
+I pull the policy, policy.xml and file_contexts and file_contexts.homedir
+
+* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
+- Fix some build problems in sepolicy manpage and sepolicy transition
+
+* Tue Oct 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-22
+- Add alias man pages to sepolicy manpage
+
+* Mon Oct 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-21
+- Redesign sepolicy to only read the policy file once, not for every call
+
+* Mon Oct 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20
+- Fixes to sepolicy transition, allow it to list all transitions from a domain
+
+* Sat Oct 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-19
+- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
+
+* Fri Oct 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
+- Allow sepolicy to specify the policy to generate content from
+
+* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17
+- Fix semanage boolean -F to handle boolean subs
+
+* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-16
+- Add Miroslav Grepl patch to generate html man pages
+- Update Translations
+- Add option to sandbox to shred files before deleting
+
+* Mon Oct 22 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15
+- Add Requires(post) PKGNAME to sepolicy generate /usr/bin/pkg
+
+* Fri Oct 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14
+- Add role_allow to sepolicy.search python bindings, this allows us to remove last requirement for setools-cmdline in gui tools.
+- Fix man page generator.
+
+* Wed Oct 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13
+- Remove dwalsh@redhat.com from man pages
+- Fix spec file for sepolicy generate
+
+* Wed Oct 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-12
+- Add missing spec.py from templates directory needed for sepolicy generate
+- Add /var/tmp as collection point for sandbox apps.
+
+* Tue Oct 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-11
+- Handle audit2allow -b in foreign locales
+
+* Tue Oct 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-10
+- Update sepolicy generate with patch to create spec file and man page.
+- Patch initiated by Miroslav Grepl
+
+* Wed Oct 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-9
+- Fix semanage to verify that types are appropriate for commands. 
+  * Patch initiated by mgrepl
+  * Fixes problem of specifying non file_types for fcontext, or not port_types for semanage port
+
+* Tue Oct 9 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8
+- Fix typo in preunstall line for restorecond
+- Add mgrepl patch to consolidate file context generated by sepolicy generate
+
+* Mon Oct 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-7
+- Fix manpage generation, missing import
+- Add equiv_dict to get samba booleans into smbd_selinux
+- Add proper translations for booleans and remove selinux.tbl
+
+* Sat Oct 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-6
+- Fix system-config-selinux to use sepolicy.generate instead of sepolgen
+
+* Thu Oct 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-5
+- Add sepolicy commands, and change tools to use them.
+
+* Tue Sep 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-4
+- Rebuild without bogus prebuild 64 bit seunshare app
+
+* Sun Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-3
+- Allow fixfiles to specify -v, so they can get verbosity rather then progress.
+- Fix load_file Makefile to use SBINDIR rather then real OS.
+- Fix man pages in setfiles and restorecon to reflect what happens when you relabel the entire OS.
+
+* Sun Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-2
+- Use systemd post install scriptlets
+
+* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
+- Update to upstream 
+	* genhomedircon: manual page improvements
+	* setfiles/restorecon minor improvements
+	* run_init: If open_init_pty is not available then just use exec
+	* newrole: do not drop capabilities when newrole is run as
+	* restorecon: only update type by default
+	* scripts: Don't syslog setfiles changes on a fixfiles restore
+	* setfiles: do not syslog if no changes
+	* Disable user restorecond by default
+	* Make restorecon return 0 when a file has changed context
+	* setfiles: Fix process_glob error handling
+	* semanage: allow enable/disable under -m
+	* add .tx to gitignore
+	* translations: commit translations from Fedora community
+	* po: silence build process
+	* gui: Checking in policy to support polgengui and sepolgen.
+	* gui: polgen: search for systemd subpackage when generating policy
+	* gui: for exploring booleans
+	* gui: system-config-selinux gui
+	* Add Makefiles to support new gui code
+	* gui: remove lockdown wizard
+	* return equivalency records in fcontext customized
+	* semanage: option to not load new policy into kernel after
+	* sandbox: manpage update to describe standard types
+	* setsebool: -N should not reload policy on changes
+	* semodule: Add -N qualifier to no reload kernel policy
+	* gui: polgen: sort selinux types of user controls
+	* gui: polgen: follow symlinks and get the real path to
+	* gui: Fix missing error function
+	* setfiles: return errors when bad paths are given
+	* fixfiles: tell restorecon to ignore missing paths
+	* setsebool: error when setting multiple options
+	* semanage: use boolean subs.
+	* sandbox: Make sure Xephyr never listens on tcp ports
+	* sepolgen: return and output constraint violation information
+	* semanage: skip comments while reading external configuration files
+	* restorecond: relabel all mount runtime files in the restorecond example
+	* genhomedircon: dynamically create genhomedircon
+	* Allow returning of bastard matches
+	* sepolgen: return and output constraint violation information
+	* audit2allow: one role/type pair per line
+
+* Wed Aug 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-6
+- Change polgen to generate dbus apps as optional so they can compile on minimal policy system, patch from Miroslav Grepl
+
 * Fri Jul 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-5
 - Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
 
@@ -395,13 +682,13 @@ fi
 * Thu May 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-11
 - add some definition to the standard types available for sandboxes
 
-* Mon May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
+* Tue May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
 - Remove lockdown wizard
 
 * Mon Apr 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-9
 - Fix semanage fcontext -E to extract the equivalance customizations.
 
-* Tue Apr 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-8
+* Thu Apr 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-8
 - Add mgrepl patch to have sepolgen search for -systemd rpm packages
 
 * Tue Apr 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-7
@@ -495,7 +782,7 @@ just *s.
 - Stop syslogging on full restore
 - Stop syslogging when restorecon is not changing values
 
-* Fri Jan 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
+* Fri Jan 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
 - Change semanage to produce proper audit records for Common Criteria
 - Cleanup packaging for usrmove
 
@@ -955,7 +1242,7 @@ the bounding set will be dropped.
 * Wed Feb 2 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-9
 - Report full errors on OSError on Sandbox
 
-* Wed Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8
+* Fri Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8
 - Fix newrole hanlding of pcap
 
 * Wed Jan 19 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-7
@@ -1361,7 +1648,7 @@ Resolves: 555835
 * Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
 - Fix sandbox to setsid so it can run under mozilla without crashing the session
 
-* Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
+* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
 - Update to upstream
 	* Factor out restoring logic from setfiles.c into restore.c
 
@@ -1388,7 +1675,7 @@ Resolves: 555835
 - Move fixfiles man pages into the correct package
 - Add genhomedircon to fixfiles restore
 
-* Thu Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
+* Tue Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
 - Add check to sandbox to verify save changes - Chris Pardy
 - Fix memory leak in restorecond - Steve Grubb
 
@@ -1504,7 +1791,7 @@ Resolves: 555835
 	* Fix typo in fixfiles that prevented it from relabeling btrfs 
 	  filesystems from Dan Walsh.
 
-* Sun Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
+* Wed Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
 - Fix location of man pages
 - Update to upstream
 	* Modify setfiles to exclude mounts without seclabel option in
@@ -1677,14 +1964,14 @@ Resolves: 555835
 * Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-8
 - Fix typo in man page
 
-* Mon Oct 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-7
+* Tue Oct 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-7
 - Handle selinux disabled correctly
 - Handle manipulation of fcontext file correctly
 
 * Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-6
 - Add usermode-gtk requires
 
-* Tue Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-5
+* Thu Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-5
 - Allow addition of local modifications of fcontext policy.
 
 * Mon Oct 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-4
@@ -1921,7 +2208,7 @@ Resolves: 555835
 - Update to upstream
 	* Merged support for non-interactive newrole command invocation from Tim Reed.
 
-* Thu Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-8
+* Thu Jan 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-8
 - Change to use selinux bindings to audit2why
 
 * Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-7
@@ -2087,7 +2374,7 @@ Resolves: 555835
 * Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-14
 - Fix calls to _admin interfaces
 
-* Tue Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-13
+* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-13
 - Upgrade version of sepolgen from NSA
 	* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.
 	* Suppress generation of rules for non-denials from Karl MacMillan (take 3).
@@ -2165,10 +2452,10 @@ Resolves: 555835
 * Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-6
 - Clean up spec file
 
-* Thu Jul 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-5
+* Fri Jul 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-5
 - Require newer libselinux version
 
-* Fri Jul 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-4
+* Sat Jul 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-4
 - Fix checking for conflicting directory specification in genhomedircon
 
 * Mon Jun 25 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-3
@@ -2207,13 +2494,13 @@ Resolves: 555835
 * Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-2
 - Fix genhomedircon to work in stage2 builds of anaconda
 
-* Fri May 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
+* Sat May 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
 - Update to match NSA
 
 * Thu May 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-2
 - Fixes for polgentool templates file
 
-* Tue May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
+* Fri May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
 - Updated version of policycoreutils
 	* Merged support for modifying the prefix via semanage from Dan Walsh.
 - Fixed genhomedircon to find homedirs correctly.
@@ -2258,7 +2545,7 @@ Resolves: 555835
 * Wed Apr 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-6
 - Change polgengui to a druid
 
-* Tue Apr 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-5
+* Tue Apr 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-5
 - Fully path script.py
 
 * Mon Apr 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-4
@@ -2558,10 +2845,10 @@ Resolves: #208838
 * Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-3
 - No longer requires rhpl
 
-* Fri Nov 6 2006 Dan Walsh <dwalsh@redhat.com> 1.32-2
+* Mon Nov 6 2006 Dan Walsh <dwalsh@redhat.com> 1.32-2
 - Fix genhomedircon man page
 
-* Fri Oct 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-1
+* Mon Oct 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-1
 - Add newrole audit patch from sgrubb
 - Update to upstream
 	* Merged audit2allow -l fix from Yuichi Nakamura.
@@ -2577,15 +2864,15 @@ Resolves: #208838
 	* Merged newrole auditing of failures due to user actions from
 	  Michael Thompson.
 
-* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-6
+* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-6
 - Pass -i qualifier to restorecon  for fixfiles -R
 - Update translations
  
-* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
+* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
 - Remove recursion from fixfiles -R calls
 - Fix semanage to verify prefix
 
-* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
+* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
 - More translations
 - Compile with -pie
 
@@ -2769,7 +3056,7 @@ Resolves: #208838
 - secon change from level => sensitivity, add clearance.
 - Add mass relabel AUDIT patch, but disable it until kernel problem solved.
 
-* Tue May 24 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-1
+* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-1
 - Update to upstream
 	* Merged patch with updates to audit2allow, secon, genhomedircon,
 	  and semanage from Dan Walsh.
@@ -2883,7 +3170,7 @@ Resolves: #208838
 * Fri Mar 3 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-4
 - Minor fixes to chcat and semanage
 
-* Sat Feb 24 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-3
+* Fri Feb 24 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-3
 - Add missing setsebool man page
 
 * Thu Feb 23 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-2
@@ -2983,7 +3270,7 @@ Resolves: #208838
 	* Merged semanage fixes from Russell Coker.
 	* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
 
-* Tue Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-4
+* Tue Jan 17 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-4
 - Update chcat to manage user categories also
 
 * Sat Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-3
@@ -3221,7 +3508,7 @@ Resolves: #208838
 	Updated audit2why for relocated policydb internal headers,
 	still needs to be converted to a shared lib interface.
 
-* Fri Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-3
+* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-3
 - Update newrole pam file to remove pam-stack
 - Update run_init pam file to remove pam-stack
 
@@ -3413,14 +3700,14 @@ Resolves: #208838
 * Mon Feb 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-3
 - Fix genhomedircon to add extr "\n"
 
-* Fri Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-2
+* Fri Feb 25 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-2
 - Fix genhomedircon to handle blank users
 
-* Fri Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-1
+* Fri Feb 25 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-1
 - Update to latest from NSA
 - Add call to libsepol
 
-* Thu Feb 23 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-4
+* Thu Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-4
 - Fix genhomedircon to handle root 
 - Fix fixfiles to better handle file system types
 
@@ -3532,10 +3819,10 @@ written to.  fails on 64-bit archs
 - Upgrade to latest from NSA
 	* Merged fixfiles patch for file_contexts.local from Dan Walsh.
 
-* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-2
+* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-2
 - Temp file needs to be created in /etc/selinux/POLICYTYPE/contexts/files/ directory.
 
-* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-1
+* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-1
 - Upgrade to latest from NSA
 	* Fixed restorecon to not treat errors from is_context_customizable()
 	  as a customizable context.
@@ -3544,7 +3831,7 @@ written to.  fails on 64-bit archs
 	* Merged open_init_pty helper for run_init from Manoj Srivastava.
 	* Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
 
-* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
+* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
 - Don't change user componant if it is all that changed unless forced.
 - Change fixfiles to concatinate file_context.local for setfiles
 
@@ -3569,7 +3856,7 @@ written to.  fails on 64-bit archs
 - Fix restorecon to not warn on symlinks unless -v -v 
 - Fix output of verbose to show old context as well as new context
 
-* Mon Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
+* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
 - Update to latest from NSA
 	* Changed restorecon to ignore ENOENT errors from matchpathcon.
 	* Merged nonls patch from Chris PeBenito.
@@ -3616,22 +3903,22 @@ written to.  fails on 64-bit archs
 * Tue Sep 21 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-3
 - Only display to stdout if logfile not specified
 
-* Mon Sep 9 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-2
+* Thu Sep 9 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-2
 - Add Steve Grubb patch to cleanup log files.
 
 * Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-1
 - Add optargs
 - Update to match NSA
 
-* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
+* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
 - Add fix to get cdrom info from /proc/media in fixfiles.
 
-* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-4
+* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-4
 - Add Steve Grub patches for 
 	* Fix fixfiles.cron MAILTO
 	* Several problems in sestatus
 
-* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-3
+* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-3
 - Add -q (quiet) qualifier to load_policy to not report warnings
 
 * Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-2
@@ -3730,7 +4017,7 @@ written to.  fails on 64-bit archs
 - have restorecon ingnore <<none>>
 - Hand matchpathcon the file status
 
-* Thu May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
+* Thu May 13 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
 - Update to match NSA
 
 * Mon May 10 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
@@ -3790,13 +4077,13 @@ written to.  fails on 64-bit archs
 - Remove setfiles-assoc patch
 - Fix restorecon to not crash on missing dir
 
-* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-11
+* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-11
 - Eliminate trailing / in restorecon
 
-* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-10
+* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-10
 - Add Verbosity check
 
-* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-9
+* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-9
 - Change restorecon to not follow symlinks.  It is too difficult and confusing
 - to figure out the file context for the file pointed to by a symlink.
 

policycoreutils_po_makefile.patch

@@ -0,0 +1,73 @@
+diff -up policycoreutils-2.1.13/po/Makefile~ policycoreutils-2.1.13/po/Makefile
+--- policycoreutils-2.1.13/po/Makefile~	2012-10-16 11:59:08.989472832 -0400
++++ policycoreutils-2.1.13/po/Makefile	2012-10-16 11:59:18.868476822 -0400
+@@ -53,33 +53,44 @@ POTFILES = \
+ 	../gui/modulesPage.py \
+ 	../gui/polgen.glade \
+ 	../gui/polgengui.py \
+-	../gui/polgen.py \
+ 	../gui/portsPage.py \
+-	../gui/selinux.tbl \
+ 	../gui/semanagePage.py \
+ 	../gui/statusPage.py \
+ 	../gui/system-config-selinux.glade \
+ 	../gui/system-config-selinux.py \
+ 	../gui/usersPage.py \
+-	../gui/templates/executable.py \
+-	../gui/templates/__init__.py \
+-	../gui/templates/network.py \
+-	../gui/templates/rw.py \
+-	../gui/templates/script.py \
+-	../gui/templates/semodule.py \
+-	../gui/templates/tmp.py \
+-	../gui/templates/user.py \
+-	../gui/templates/var_lib.py \
+-	../gui/templates/var_log.py \
+-	../gui/templates/var_run.py \
+-	../gui/templates/var_spool.py \
+-	../secon/secon.c
++	../secon/secon.c \
++	../sepolicy/info.c \
++	../sepolicy/search.c \
++	../sepolicy/sepolicy.py \
++	../sepolicy/sepolicy/communicate.py \
++	../sepolicy/sepolicy/__init__.py \
++	../sepolicy/sepolicy/network.py \
++	../sepolicy/sepolicy/generate.py \
++	../sepolicy/sepolicy/manpage.py \
++	../sepolicy/sepolicy/transition.py \
++	../sepolicy/sepolicy/templates/executable.py \
++	../sepolicy/sepolicy/templates/__init__.py \
++	../sepolicy/sepolicy/templates/network.py \
++	../sepolicy/sepolicy/templates/rw.py \
++	../sepolicy/sepolicy/templates/script.py \
++	../sepolicy/sepolicy/templates/semodule.py \
++	../sepolicy/sepolicy/templates/tmp.py \
++	../sepolicy/sepolicy/templates/user.py \
++	../sepolicy/sepolicy/templates/var_lib.py \
++	../sepolicy/sepolicy/templates/var_log.py \
++	../sepolicy/sepolicy/templates/var_run.py \
++	../sepolicy/sepolicy/templates/var_spool.py \
++	booleans.py
+ 
+ #default:: clean
+ 
+-all::  update-po $(MOFILES)
++all::  $(MOFILES)
+ 
+-$(POTFILE): $(POTFILES) 
++booleans.py:
++	sepolicy booleans -a > booleans.py
++
++$(POTFILE): $(POTFILES) booleans.py
+ 	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ 	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ 	    rm -f $(NLSPACKAGE).po; \
+@@ -88,6 +99,7 @@ $(POTFILE): $(POTFILES)
+ 	fi; \
+ 
+ update-po: Makefile $(POTFILE) refresh-po
++	@rm -f booleans.py
+ 
+ refresh-po: Makefile
+ 	for cat in $(POFILES); do \

selinux-polgengui.desktop

@@ -64,3 +64,4 @@ Type=Application
 Terminal=false
 Categories=System;Security;
 X-Desktop-File-Install-Version=0.2
+Keywords=policy;security;selinux;avc;permission;mac;

sources

@@ -1,3 +1,3 @@
 59d33101d57378ce69889cc078addf90  policycoreutils_man_ru2.tar.bz2
-3c815de58ad31221802931cb9aa1ab28  policycoreutils-2.1.12.tgz
-ee3b0481920390f1fee7e2ec2c424b02  sepolgen-1.1.7.tgz
+381607ecf76bcb9397286143c93071cb  sepolgen-1.1.8.tgz
+98f13937f6723d7eb85b3adaf6b477e6  policycoreutils-2.1.13.tgz

system-config-selinux.desktop

@@ -64,3 +64,4 @@ Type=Application
 Terminal=false
 Categories=System;Security;
 X-Desktop-File-Install-Version=0.2
+Keywords=policy;security;selinux;avc;permission;mac;