changelog: Fix bogus date introduced by last commit

- seobject: Handle python error returns correctly
- sepolicy/gui: fix current selinux state radiobutton
- semodule_package: do not fail with an empty fc file

.gitignore

@@ -239,86 +239,3 @@ policycoreutils-2.0.83.tgz
 /policycoreutils-2.5-rc1.tar.gz
 /policycoreutils-2.5.tar.gz
 /sepolgen-1.2.3.tar.gz
-/policycoreutils-2.6.tar.gz
-/sepolgen-2.6.tar.gz
-/policycoreutils-2.7.tar.gz
-/selinux-python-2.7.tar.gz
-/selinux-gui-2.7.tar.gz
-/selinux-sandbox-2.7.tar.gz
-/selinux-dbus-2.7.tar.gz
-/semodule-utils-2.7.tar.gz
-/restorecond-2.7.tar.gz
-/policycoreutils-2.8-rc1.tar.gz
-/restorecond-2.8-rc1.tar.gz
-/selinux-dbus-2.8-rc1.tar.gz
-/selinux-gui-2.8-rc1.tar.gz
-/selinux-python-2.8-rc1.tar.gz
-/selinux-sandbox-2.8-rc1.tar.gz
-/semodule-utils-2.8-rc1.tar.gz
-/policycoreutils-2.8-rc2.tar.gz
-/restorecond-2.8-rc2.tar.gz
-/selinux-dbus-2.8-rc2.tar.gz
-/selinux-gui-2.8-rc2.tar.gz
-/selinux-python-2.8-rc2.tar.gz
-/selinux-sandbox-2.8-rc2.tar.gz
-/semodule-utils-2.8-rc2.tar.gz
-/policycoreutils-2.8-rc3.tar.gz
-/restorecond-2.8-rc3.tar.gz
-/selinux-dbus-2.8-rc3.tar.gz
-/selinux-gui-2.8-rc3.tar.gz
-/selinux-python-2.8-rc3.tar.gz
-/selinux-sandbox-2.8-rc3.tar.gz
-/semodule-utils-2.8-rc3.tar.gz
-/policycoreutils-2.8.tar.gz
-/restorecond-2.8.tar.gz
-/selinux-dbus-2.8.tar.gz
-/selinux-gui-2.8.tar.gz
-/selinux-python-2.8.tar.gz
-/selinux-sandbox-2.8.tar.gz
-/semodule-utils-2.8.tar.gz
-/gui-po.tgz
-/policycoreutils-po.tgz
-/python-po.tgz
-/sandbox-po.tgz
-/policycoreutils-2.9-rc1.tar.gz
-/selinux-python-2.9-rc1.tar.gz
-/selinux-gui-2.9-rc1.tar.gz
-/selinux-sandbox-2.9-rc1.tar.gz
-/selinux-dbus-2.9-rc1.tar.gz
-/semodule-utils-2.9-rc1.tar.gz
-/restorecond-2.9-rc1.tar.gz
-/policycoreutils-2.9-rc2.tar.gz
-/restorecond-2.9-rc2.tar.gz
-/selinux-dbus-2.9-rc2.tar.gz
-/selinux-gui-2.9-rc2.tar.gz
-/selinux-python-2.9-rc2.tar.gz
-/selinux-sandbox-2.9-rc2.tar.gz
-/semodule-utils-2.9-rc2.tar.gz
-/policycoreutils-2.9.tar.gz
-/restorecond-2.9.tar.gz
-/selinux-dbus-2.9.tar.gz
-/selinux-gui-2.9.tar.gz
-/selinux-python-2.9.tar.gz
-/selinux-sandbox-2.9.tar.gz
-/semodule-utils-2.9.tar.gz
-/policycoreutils-3.0-rc1.tar.gz
-/restorecond-3.0-rc1.tar.gz
-/selinux-dbus-3.0-rc1.tar.gz
-/selinux-gui-3.0-rc1.tar.gz
-/selinux-python-3.0-rc1.tar.gz
-/selinux-sandbox-3.0-rc1.tar.gz
-/semodule-utils-3.0-rc1.tar.gz
-/policycoreutils-3.0.tar.gz
-/restorecond-3.0.tar.gz
-/selinux-dbus-3.0.tar.gz
-/selinux-gui-3.0.tar.gz
-/selinux-python-3.0.tar.gz
-/selinux-sandbox-3.0.tar.gz
-/semodule-utils-3.0.tar.gz
-/policycoreutils-3.1.tar.gz
-/restorecond-3.1.tar.gz
-/selinux-dbus-3.1.tar.gz
-/selinux-gui-3.1.tar.gz
-/selinux-python-3.1.tar.gz
-/selinux-sandbox-3.1.tar.gz
-/semodule-utils-3.1.tar.gz

0001-python-audit2allow-add-include-limits.h-to-sepolgen-.patch

@@ -1,34 +0,0 @@
-From ccd973f721c48945fc706d8fef6b396580853a9f Mon Sep 17 00:00:00 2001
-From: "W. Michael Petullo" <mike@flyn.org>
-Date: Thu, 16 Jul 2020 15:29:20 -0500
-Subject: [PATCH] python/audit2allow: add #include <limits.h> to
- sepolgen-ifgen-attr-helper.c
-
-I found that building on OpenWrt/musl failed with:
-
-  sepolgen-ifgen-attr-helper.c:152:16: error: 'PATH_MAX' undeclared ...
-
-Musl is less "generous" than glibc in recursively including header
-files, and I suspect this is the reason for this error. Explicitly
-including limits.h fixes the problem.
-
-Signed-off-by: W. Michael Petullo <mike@flyn.org>
----
- python/audit2allow/sepolgen-ifgen-attr-helper.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/python/audit2allow/sepolgen-ifgen-attr-helper.c b/python/audit2allow/sepolgen-ifgen-attr-helper.c
-index 53f20818722a..f010c9584c1f 100644
---- a/python/audit2allow/sepolgen-ifgen-attr-helper.c
-+++ b/python/audit2allow/sepolgen-ifgen-attr-helper.c
-@@ -28,6 +28,7 @@
- 
- #include <selinux/selinux.h>
- 
-+#include <limits.h>
- #include <stdio.h>
- #include <sys/types.h>
- #include <sys/stat.h>
--- 
-2.29.0
-

0002-restorecond-Set-X-GNOME-HiddenUnderSystemd-true-in-r.patch

@@ -1,26 +0,0 @@
-From 9e2b8c61bfd275d0f007a736721c557755edf4a0 Mon Sep 17 00:00:00 2001
-From: Laurent Bigonville <bigon@bigon.be>
-Date: Thu, 16 Jul 2020 14:22:13 +0200
-Subject: [PATCH] restorecond: Set X-GNOME-HiddenUnderSystemd=true in
- restorecond.desktop file
-
-This completely inactivate the .desktop file incase the user session is
-managed by systemd as restorecond also provide a service file
-
-Signed-off-by: Laurent Bigonville <bigon@bigon.be>
----
- restorecond/restorecond.desktop | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/restorecond/restorecond.desktop b/restorecond/restorecond.desktop
-index af7286801c24..7df854727a3f 100644
---- a/restorecond/restorecond.desktop
-+++ b/restorecond/restorecond.desktop
-@@ -5,3 +5,4 @@ Comment=Fix file context in owned by the user
- Type=Application
- StartupNotify=false
- X-GNOME-Autostart-enabled=false
-+X-GNOME-HiddenUnderSystemd=true
--- 
-2.29.0
-

0003-fixfiles-correctly-restore-context-of-mountpoints.patch

@@ -1,136 +0,0 @@
-From ba2d6c10635a021d2b1a5fc2123fde13b04295a5 Mon Sep 17 00:00:00 2001
-From: bauen1 <j2468h@googlemail.com>
-Date: Thu, 6 Aug 2020 16:48:36 +0200
-Subject: [PATCH] fixfiles: correctly restore context of mountpoints
-
-By bind mounting every filesystem we want to relabel we can access all
-files without anything hidden due to active mounts.
-
-This comes at the cost of user experience, because setfiles only
-displays the percentage if no path is given or the path is /
-
-Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
-Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
----
- policycoreutils/scripts/fixfiles   | 29 +++++++++++++++++++++++++----
- policycoreutils/scripts/fixfiles.8 |  8 ++++++--
- 2 files changed, 31 insertions(+), 6 deletions(-)
-
-diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index 5d7770348349..30dadb4f4cb6 100755
---- a/policycoreutils/scripts/fixfiles
-+++ b/policycoreutils/scripts/fixfiles
-@@ -112,6 +112,7 @@ FORCEFLAG=""
- RPMFILES=""
- PREFC=""
- RESTORE_MODE=""
-+BIND_MOUNT_FILESYSTEMS=""
- SETFILES=/sbin/setfiles
- RESTORECON=/sbin/restorecon
- FILESYSTEMSRW=`get_rw_labeled_mounts`
-@@ -243,7 +244,23 @@ case "$RESTORE_MODE" in
- 	if [ -n "${FILESYSTEMSRW}" ]; then
- 	    LogReadOnly
- 	    echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
--	    ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
-+
-+	    if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then
-+	        ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW}
-+	    else
-+	        # we bind mount so we can fix the labels of files that have already been
-+	        # mounted over
-+	        for m in `echo $FILESYSTEMSRW`; do
-+	            TMP_MOUNT="$(mktemp -d)"
-+	            test -z ${TMP_MOUNT+x} && echo "Unable to find temporary directory!" && exit 1
-+
-+	            mkdir -p "${TMP_MOUNT}${m}" || exit 1
-+	            mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1
-+	            ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}"
-+	            umount "${TMP_MOUNT}${m}" || exit 1
-+	            rm -rf "${TMP_MOUNT}" || echo "Error cleaning up."
-+	        done;
-+	    fi
- 	else
- 	    echo >&2 "fixfiles: No suitable file systems found"
- 	fi
-@@ -313,6 +330,7 @@ case "$1" in
- 	> /.autorelabel || exit $?
- 	[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
- 	[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
-+	[ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M" >> /.autorelabel
- 	# Force full relabel if SELinux is not enabled
- 	selinuxenabled || echo -F > /.autorelabel
- 	echo "System will relabel on next boot"
-@@ -324,7 +342,7 @@ esac
- }
- usage() {
- 	echo $"""
--Usage: $0 [-v] [-F] [-f] relabel
-+Usage: $0 [-v] [-F] [-M] [-f] relabel
- or
- Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify }
- or
-@@ -334,7 +352,7 @@ Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify }
- or
- Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify }
- or
--Usage: $0 [-F] [-B] onboot
-+Usage: $0 [-F] [-M] [-B] onboot
- """
- }
- 
-@@ -353,7 +371,7 @@ set_restore_mode() {
- }
- 
- # See how we were called.
--while getopts "N:BC:FfR:l:v" i; do
-+while getopts "N:BC:FfR:l:vM" i; do
-     case "$i" in
- 	B)
- 		BOOTTIME=`/bin/who -b | awk '{print $3}'`
-@@ -379,6 +397,9 @@ while getopts "N:BC:FfR:l:v" i; do
- 		echo "Redirecting output to $OPTARG"
- 		exec >>"$OPTARG" 2>&1
- 		;;
-+	M)
-+		BIND_MOUNT_FILESYSTEMS="-M"
-+		;;
- 	F)
- 		FORCEFLAG="-F"
- 		;;
-diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
-index 9f447f03d444..123425308416 100644
---- a/policycoreutils/scripts/fixfiles.8
-+++ b/policycoreutils/scripts/fixfiles.8
-@@ -6,7 +6,7 @@ fixfiles \- fix file SELinux security contexts.
- .na
- 
- .B fixfiles
--.I [\-v] [\-F] [\-f] relabel
-+.I [\-v] [\-F] [-M] [\-f] relabel
- 
- .B fixfiles
- .I [\-v] [\-F] { check | restore | verify } dir/file ...
-@@ -21,7 +21,7 @@ fixfiles \- fix file SELinux security contexts.
- .I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT  { check | restore | verify }
- 
- .B fixfiles
--.I [-F] [-B] onboot
-+.I [-F] [-M] [-B] onboot
- 
- .ad
- 
-@@ -68,6 +68,10 @@ Run a diff on  the PREVIOUS_FILECONTEXT file to the currently installed one, and
- Only act on files created after the specified date.  Date must be specified in
- "YYYY\-MM\-DD HH:MM" format.  Date field will be passed to find \-\-newermt command.
- 
-+.TP
-+.B \-M
-+Bind mount filesystems before relabeling them, this allows fixing the context of files or directories that have been mounted over.
-+
- .TP
- .B -v
- Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p)
--- 
-2.29.0
-

0004-sepolgen-print-extended-permissions-in-hexadecimal.patch

@@ -1,112 +0,0 @@
-From 9e239e55692b578ba546b4dff2b07604a2ca6baa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
-Date: Wed, 19 Aug 2020 17:05:33 +0200
-Subject: [PATCH] sepolgen: print extended permissions in hexadecimal
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-All tools like ausearch(8) or sesearch(1) and online documentation[1]
-use hexadecimal values for extended permissions.
-Hence use them, e.g. for audit2allow output, as well.
-
-[1]: https://github.com/strace/strace/blob/master/linux/64/ioctls_inc.h
-
-Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
-Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
----
- python/sepolgen/src/sepolgen/refpolicy.py |  5 ++---
- python/sepolgen/tests/test_access.py      | 10 +++++-----
- python/sepolgen/tests/test_refpolicy.py   | 12 ++++++------
- 3 files changed, 13 insertions(+), 14 deletions(-)
-
-diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
-index 43cecfc77385..747636875ef7 100644
---- a/python/sepolgen/src/sepolgen/refpolicy.py
-+++ b/python/sepolgen/src/sepolgen/refpolicy.py
-@@ -407,10 +407,9 @@ class XpermSet():
- 
-         # print single value without braces
-         if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
--            return compl + str(self.ranges[0][0])
-+            return compl + hex(self.ranges[0][0])
- 
--        vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
--                   self.ranges)
-+        vals = map(lambda x: hex(x[0]) if x[0] == x[1] else "%s-%s" % (hex(x[0]), hex(x[1]), ), self.ranges)
- 
-         return "%s{ %s }" % (compl, " ".join(vals))
- 
-diff --git a/python/sepolgen/tests/test_access.py b/python/sepolgen/tests/test_access.py
-index 73a5407df617..623588e09aeb 100644
---- a/python/sepolgen/tests/test_access.py
-+++ b/python/sepolgen/tests/test_access.py
-@@ -171,7 +171,7 @@ class TestAccessVector(unittest.TestCase):
-         a.merge(b)
-         self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
-         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
--        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
-+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
- 
-     def text_merge_xperm2(self):
-         """Test merging AV that does not contain xperms with AV that does"""
-@@ -185,7 +185,7 @@ class TestAccessVector(unittest.TestCase):
-         a.merge(b)
-         self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
-         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
--        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
-+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
- 
-     def test_merge_xperm_diff_op(self):
-         """Test merging two AVs that contain xperms with different operation"""
-@@ -203,8 +203,8 @@ class TestAccessVector(unittest.TestCase):
-         a.merge(b)
-         self.assertEqual(list(a.perms), ["read"])
-         self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
--        self.assertEqual(a.xperms["asdf"].to_string(), "23")
--        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
-+        self.assertEqual(a.xperms["asdf"].to_string(), "0x17")
-+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x2a 0x3039 }")
-                          
-     def test_merge_xperm_same_op(self):
-         """Test merging two AVs that contain xperms with same operation"""
-@@ -222,7 +222,7 @@ class TestAccessVector(unittest.TestCase):
-         a.merge(b)
-         self.assertEqual(list(a.perms), ["read"])
-         self.assertEqual(list(a.xperms.keys()), ["ioctl"])
--        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
-+        self.assertEqual(a.xperms["ioctl"].to_string(), "{ 0x17 0x2a 0x3039 }")
- 
- class TestUtilFunctions(unittest.TestCase):
-     def test_is_idparam(self):
-diff --git a/python/sepolgen/tests/test_refpolicy.py b/python/sepolgen/tests/test_refpolicy.py
-index 4b50c8aada96..c7219fd568e9 100644
---- a/python/sepolgen/tests/test_refpolicy.py
-+++ b/python/sepolgen/tests/test_refpolicy.py
-@@ -90,17 +90,17 @@ class TestXpermSet(unittest.TestCase):
-         a.complement = True
-         self.assertEqual(a.to_string(), "")
-         a.add(1234)
--        self.assertEqual(a.to_string(), "~ 1234")
-+        self.assertEqual(a.to_string(), "~ 0x4d2")
-         a.complement = False
--        self.assertEqual(a.to_string(), "1234")
-+        self.assertEqual(a.to_string(), "0x4d2")
-         a.add(2345)
--        self.assertEqual(a.to_string(), "{ 1234 2345 }")
-+        self.assertEqual(a.to_string(), "{ 0x4d2 0x929 }")
-         a.complement = True
--        self.assertEqual(a.to_string(), "~ { 1234 2345 }")
-+        self.assertEqual(a.to_string(), "~ { 0x4d2 0x929 }")
-         a.add(42,64)
--        self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
-+        self.assertEqual(a.to_string(), "~ { 0x2a-0x40 0x4d2 0x929 }")
-         a.complement = False
--        self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
-+        self.assertEqual(a.to_string(), "{ 0x2a-0x40 0x4d2 0x929 }")
- 
- class TestSecurityContext(unittest.TestCase):
-     def test_init(self):
--- 
-2.29.0
-

0005-sepolgen-sort-extended-rules-like-normal-ones.patch

@@ -1,109 +0,0 @@
-From 2a60de8eca6bd91e276b60441a5dc72d85c6eda3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
-Date: Wed, 19 Aug 2020 17:05:34 +0200
-Subject: [PATCH] sepolgen: sort extended rules like normal ones
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently:
-
-    #============= sshd_t ==============
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow sshd_t ptmx_t:chr_file ioctl;
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow sshd_t sshd_devpts_t:chr_file ioctl;
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow sshd_t user_devpts_t:chr_file ioctl;
-
-    #============= user_t ==============
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow user_t devtty_t:chr_file ioctl;
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow user_t user_devpts_t:chr_file ioctl;
-    allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
-    allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
-    allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
-    allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
-    allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
-
-Changed:
-
-    #============= sshd_t ==============
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow sshd_t ptmx_t:chr_file ioctl;
-    allowxperm sshd_t ptmx_t:chr_file ioctl { 0x5430-0x5431 0x5441 };
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow sshd_t sshd_devpts_t:chr_file ioctl;
-    allowxperm sshd_t sshd_devpts_t:chr_file ioctl 0x5401;
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow sshd_t user_devpts_t:chr_file ioctl;
-    allowxperm sshd_t user_devpts_t:chr_file ioctl { 0x5401-0x5402 0x540e };
-
-    #============= user_t ==============
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow user_t devtty_t:chr_file ioctl;
-    allowxperm user_t devtty_t:chr_file ioctl 0x4b33;
-
-    #!!!! This avc is allowed in the current policy
-    #!!!! This av rule may have been overridden by an extended permission av rule
-    allow user_t user_devpts_t:chr_file ioctl;
-    allowxperm user_t user_devpts_t:chr_file ioctl { 0x4b33 0x5401 0x5403 0x540a 0x540f-0x5410 0x5413-0x5414 };
-
-Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
-Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
----
- python/sepolgen/src/sepolgen/output.py | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/python/sepolgen/src/sepolgen/output.py b/python/sepolgen/src/sepolgen/output.py
-index 3a21b64c19f7..aeeaafc889e7 100644
---- a/python/sepolgen/src/sepolgen/output.py
-+++ b/python/sepolgen/src/sepolgen/output.py
-@@ -84,7 +84,7 @@ def avrule_cmp(a, b):
-         return ret
- 
-     # At this point, who cares - just return something
--    return cmp(len(a.perms), len(b.perms))
-+    return 0
- 
- # Compare two interface calls
- def ifcall_cmp(a, b):
-@@ -100,7 +100,7 @@ def rule_cmp(a, b):
-         else:
-             return id_set_cmp([a.args[0]], b.src_types)
-     else:
--        if isinstance(b, refpolicy.AVRule):
-+        if isinstance(b, refpolicy.AVRule) or isinstance(b, refpolicy.AVExtRule):
-             return avrule_cmp(a,b)
-         else:
-             return id_set_cmp(a.src_types, [b.args[0]])
-@@ -130,6 +130,7 @@ def sort_filter(module):
-         # we assume is the first argument for interfaces).
-         rules = []
-         rules.extend(node.avrules())
-+        rules.extend(node.avextrules())
-         rules.extend(node.interface_calls())
-         rules.sort(key=util.cmp_to_key(rule_cmp))
- 
--- 
-2.29.0
-

0006-newrole-support-cross-compilation-with-PAM-and-audit.patch

@@ -1,32 +0,0 @@
-From 8bc865e1fe8f6f734b7306441ccbeec3b7c37f97 Mon Sep 17 00:00:00 2001
-From: Dominick Grift <dominick.grift@defensec.nl>
-Date: Tue, 1 Sep 2020 18:16:41 +0200
-Subject: [PATCH] newrole: support cross-compilation with PAM and audit
-
-Compilation of newrole with PAM and audit support currently requires that you have the respective headers installed on the host. Instead make the header location customizable to accomodate cross-compilation.
-
-Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
-Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
----
- policycoreutils/newrole/Makefile | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
-index 73ebd413da85..0e7ebce3dd56 100644
---- a/policycoreutils/newrole/Makefile
-+++ b/policycoreutils/newrole/Makefile
-@@ -5,8 +5,9 @@ BINDIR ?= $(PREFIX)/bin
- MANDIR ?= $(PREFIX)/share/man
- ETCDIR ?= /etc
- LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale
--PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
--AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
-+INCLUDEDIR ?= $(PREFIX)/include
-+PAMH ?= $(shell test -f $(INCLUDEDIR)/security/pam_appl.h && echo y)
-+AUDITH ?= $(shell test -f $(INCLUDEDIR)/libaudit.h && echo y)
- # Enable capabilities to permit newrole to generate audit records.
- # This will make newrole a setuid root program.
- # The capabilities used are: CAP_AUDIT_WRITE.
--- 
-2.29.0
-

0007-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch

@@ -1,26 +0,0 @@
-From ea624dcc70d93867f23b94c368b8cf102269c13b Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Thu, 20 Aug 2015 12:58:41 +0200
-Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
- recent Fedoras
-
----
- sandbox/sandboxX.sh | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
-index eaa500d08143..4774528027ef 100644
---- a/sandbox/sandboxX.sh
-+++ b/sandbox/sandboxX.sh
-@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
- </openbox_config>
- EOF
- 
--(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
-+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
-     export DISPLAY=:$D
-     cat > ~/seremote << __EOF
- #!/bin/sh
--- 
-2.29.0
-

0008-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch

@@ -1,46 +0,0 @@
-From 932c1244bc98d3a05a238f3f0b333cf8c429113b Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Mon, 21 Apr 2014 13:54:40 -0400
-Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
-
-Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
----
- python/sepolicy/sepolicy/manpage.py | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 3e8a3be907e3..a1d70623cff0 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -735,10 +735,13 @@ Default Defined Ports:""")
- 
-     def _file_context(self):
-         flist = []
-+        flist_non_exec = []
-         mpaths = []
-         for f in self.all_file_types:
-             if f.startswith(self.domainname):
-                 flist.append(f)
-+                if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
-+                    flist_non_exec.append(f)
-                 if f in self.fcdict:
-                     mpaths = mpaths + self.fcdict[f]["regex"]
-         if len(mpaths) == 0:
-@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
- SELinux defines the file context types for the %(domainname)s, if you wanted to
- store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
- 
--.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
-+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
- .br
- .B restorecon -R -v /srv/my%(domainname)s_content
- 
- Note: SELinux often uses regular expressions to specify labels that match multiple files.
--""" % {'domainname': self.domainname, "type": flist[0]})
-+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
- 
-         self.fd.write(r"""
- .I The following file types are defined for %(domainname)s:
--- 
-2.29.0
-

0009-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch

@@ -1,27 +0,0 @@
-From ae3780eb560fa5f00a3dd591c8233c2a9068a348 Mon Sep 17 00:00:00 2001
-From: Miroslav Grepl <mgrepl@redhat.com>
-Date: Mon, 12 May 2014 14:11:22 +0200
-Subject: [PATCH] If there is no executable we don't want to print a part of
- STANDARD FILE CONTEXT
-
----
- python/sepolicy/sepolicy/manpage.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index a1d70623cff0..2d33eabb2536 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
- .PP
- """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
- 
--        self.fd.write(r"""
-+        if flist_non_exec:
-+                self.fd.write(r"""
- .PP
- .B STANDARD FILE CONTEXT
- 
--- 
-2.29.0
-

0010-Simplication-of-sepolicy-manpage-web-functionality.-.patch

@@ -1,169 +0,0 @@
-From 7d21b9f41c4d00f1e0499a64089a5e13a8f636ab Mon Sep 17 00:00:00 2001
-From: Miroslav Grepl <mgrepl@redhat.com>
-Date: Thu, 19 Feb 2015 17:45:15 +0100
-Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
- system_release is no longer hardcoded and it creates only index.html and html
- man pages in the directory for the system release.
-
----
- python/sepolicy/sepolicy/__init__.py | 25 +++--------
- python/sepolicy/sepolicy/manpage.py  | 65 +++-------------------------
- 2 files changed, 13 insertions(+), 77 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
-index e4540977d042..ad718797ca68 100644
---- a/python/sepolicy/sepolicy/__init__.py
-+++ b/python/sepolicy/sepolicy/__init__.py
-@@ -1208,27 +1208,14 @@ def boolean_desc(boolean):
- 
- 
- def get_os_version():
--    os_version = ""
--    pkg_name = "selinux-policy"
-+    system_release = ""
-     try:
--        try:
--            from commands import getstatusoutput
--        except ImportError:
--            from subprocess import getstatusoutput
--        rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
--        if rc == 0:
--            os_version = output.split(".")[-2]
--    except:
--        os_version = ""
--
--    if os_version[0:2] == "fc":
--        os_version = "Fedora" + os_version[2:]
--    elif os_version[0:2] == "el":
--        os_version = "RHEL" + os_version[2:]
--    else:
--        os_version = ""
-+        with open('/etc/system-release') as f:
-+            system_release = f.readline()
-+    except IOError:
-+        system_release = "Misc"
- 
--    return os_version
-+    return system_release
- 
- 
- def reinit():
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 2d33eabb2536..acc77f368d95 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -149,10 +149,6 @@ def prettyprint(f, trim):
- manpage_domains = []
- manpage_roles = []
- 
--fedora_releases = ["Fedora17", "Fedora18"]
--rhel_releases = ["RHEL6", "RHEL7"]
--
--
- def get_alphabet_manpages(manpage_list):
-     alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
-     for i in string.ascii_letters:
-@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage):
- class HTMLManPages:
- 
-     """
--            Generate a HHTML Manpages on an given SELinux domains
-+            Generate a HTML Manpages on an given SELinux domains
-     """
- 
-     def __init__(self, manpage_roles, manpage_domains, path, os_version):
-@@ -190,9 +186,9 @@ class HTMLManPages:
-         self.manpage_domains = get_alphabet_manpages(manpage_domains)
-         self.os_version = os_version
-         self.old_path = path + "/"
--        self.new_path = self.old_path + self.os_version + "/"
-+        self.new_path = self.old_path
- 
--        if self.os_version in fedora_releases or self.os_version in rhel_releases:
-+        if self.os_version:
-             self.__gen_html_manpages()
-         else:
-             print("SELinux HTML man pages can not be generated for this %s" % os_version)
-@@ -201,7 +197,6 @@ class HTMLManPages:
-     def __gen_html_manpages(self):
-         self._write_html_manpage()
-         self._gen_index()
--        self._gen_body()
-         self._gen_css()
- 
-     def _write_html_manpage(self):
-@@ -219,67 +214,21 @@ class HTMLManPages:
-                     convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
- 
-     def _gen_index(self):
--        index = self.old_path + "index.html"
--        fd = open(index, 'w')
--        fd.write("""
--<html>
--<head>
--    <link rel=stylesheet type="text/css" href="style.css" title="style">
--    <title>SELinux man pages online</title>
--</head>
--<body>
--<h1>SELinux man pages</h1>
--<br></br>
--Fedora or Red Hat Enterprise Linux Man Pages.</h2>
--<br></br>
--<hr>
--<h3>Fedora</h3>
--<table><tr>
--<td valign="middle">
--</td>
--</tr></table>
--<pre>
--""")
--        for f in fedora_releases:
--            fd.write("""
--<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
--
--        fd.write("""
--</pre>
--<hr>
--<h3>RHEL</h3>
--<table><tr>
--<td valign="middle">
--</td>
--</tr></table>
--<pre>
--""")
--        for r in rhel_releases:
--            fd.write("""
--<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
--
--        fd.write("""
--</pre>
--	""")
--        fd.close()
--        print("%s has been created" % index)
--
--    def _gen_body(self):
-         html = self.new_path + self.os_version + ".html"
-         fd = open(html, 'w')
-         fd.write("""
- <html>
- <head>
--	<link rel=stylesheet type="text/css" href="../style.css" title="style">
--	<title>Linux man-pages online for Fedora18</title>
-+	<link rel=stylesheet type="text/css" href="style.css" title="style">
-+	<title>SELinux man pages online</title>
- </head>
- <body>
--<h1>SELinux man pages for Fedora18</h1>
-+<h1>SELinux man pages for %s</h1>
- <hr>
- <table><tr>
- <td valign="middle">
- <h3>SELinux roles</h3>
--""")
-+""" % self.os_version)
-         for letter in self.manpage_roles:
-             if len(self.manpage_roles[letter]):
-                 fd.write("""
--- 
-2.29.0
-

0011-We-want-to-remove-the-trailing-newline-for-etc-syste.patch

@@ -1,26 +0,0 @@
-From f0f030495dddb2e633403f360fdaaf6951da11ad Mon Sep 17 00:00:00 2001
-From: Miroslav Grepl <mgrepl@redhat.com>
-Date: Fri, 20 Feb 2015 16:42:01 +0100
-Subject: [PATCH] We want to remove the trailing newline for
- /etc/system_release.
-
----
- python/sepolicy/sepolicy/__init__.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
-index ad718797ca68..ea05d892bf3b 100644
---- a/python/sepolicy/sepolicy/__init__.py
-+++ b/python/sepolicy/sepolicy/__init__.py
-@@ -1211,7 +1211,7 @@ def get_os_version():
-     system_release = ""
-     try:
-         with open('/etc/system-release') as f:
--            system_release = f.readline()
-+            system_release = f.readline().rstrip()
-     except IOError:
-         system_release = "Misc"
- 
--- 
-2.29.0
-

0012-Fix-title-in-manpage.py-to-not-contain-online.patch

@@ -1,25 +0,0 @@
-From 4a18939d21c06d036f1063cbfd2d0b5ae9d0010f Mon Sep 17 00:00:00 2001
-From: Miroslav Grepl <mgrepl@redhat.com>
-Date: Fri, 20 Feb 2015 16:42:53 +0100
-Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
-
----
- python/sepolicy/sepolicy/manpage.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index acc77f368d95..4aeb3e2e51ba 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -220,7 +220,7 @@ class HTMLManPages:
- <html>
- <head>
- 	<link rel=stylesheet type="text/css" href="style.css" title="style">
--	<title>SELinux man pages online</title>
-+	<title>SELinux man pages</title>
- </head>
- <body>
- <h1>SELinux man pages for %s</h1>
--- 
-2.29.0
-

0013-Don-t-be-verbose-if-you-are-not-on-a-tty.patch

@@ -1,24 +0,0 @@
-From ffe429b49874175f5ec1156e9c89e75cc67a0ddd Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Fri, 14 Feb 2014 12:32:12 -0500
-Subject: [PATCH] Don't be verbose if you are not on a tty
-
----
- policycoreutils/scripts/fixfiles | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index 30dadb4f4cb6..e73bb81c3336 100755
---- a/policycoreutils/scripts/fixfiles
-+++ b/policycoreutils/scripts/fixfiles
-@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
- fullFlag=0
- BOOTTIME=""
- VERBOSE="-p"
-+[ -t 1 ] || VERBOSE=""
- FORCEFLAG=""
- RPMFILES=""
- PREFC=""
--- 
-2.29.0
-

0014-sepolicy-Drop-old-interface-file_type_is_executable-.patch

@@ -1,63 +0,0 @@
-From 4a337405da16857dc2a979e4b4963a6fd7b975c6 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Mon, 27 Feb 2017 17:12:39 +0100
-Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
- file_type_is_entrypoint(f)
-
-- use direct queries
-- load exec_types and entry_types only once
----
- python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
- 1 file changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 4aeb3e2e51ba..330b055af214 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -125,8 +125,24 @@ def gen_domains():
-     domains.sort()
-     return domains
- 
--types = None
- 
-+exec_types = None
-+
-+def _gen_exec_types():
-+    global exec_types
-+    if exec_types is None:
-+        exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
-+    return exec_types
-+
-+entry_types = None
-+
-+def _gen_entry_types():
-+    global entry_types
-+    if entry_types is None:
-+        entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
-+    return entry_types
-+
-+types = None
- 
- def _gen_types():
-     global types
-@@ -372,6 +388,8 @@ class ManPage:
-         self.all_file_types = sepolicy.get_all_file_types()
-         self.role_allows = sepolicy.get_all_role_allows()
-         self.types = _gen_types()
-+        self.exec_types = _gen_exec_types()
-+        self.entry_types = _gen_entry_types()
- 
-         if self.source_files:
-             self.fcpath = self.root + "file_contexts"
-@@ -689,7 +707,7 @@ Default Defined Ports:""")
-         for f in self.all_file_types:
-             if f.startswith(self.domainname):
-                 flist.append(f)
--                if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
-+                if not f in self.exec_types or not f in self.entry_types:
-                     flist_non_exec.append(f)
-                 if f in self.fcdict:
-                     mpaths = mpaths + self.fcdict[f]["regex"]
--- 
-2.29.0
-

0015-sepolicy-Another-small-optimization-for-mcs-types.patch

@@ -1,53 +0,0 @@
-From 7c315fff5e7ce74b0598b62d9aa0b21ca6b06b6d Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Tue, 28 Feb 2017 21:29:46 +0100
-Subject: [PATCH] sepolicy: Another small optimization for mcs types
-
----
- python/sepolicy/sepolicy/manpage.py | 16 +++++++++++-----
- 1 file changed, 11 insertions(+), 5 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 330b055af214..f8584436960d 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -142,6 +142,15 @@ def _gen_entry_types():
-         entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
-     return entry_types
- 
-+mcs_constrained_types = None
-+
-+def _gen_mcs_constrained_types():
-+    global mcs_constrained_types
-+    if mcs_constrained_types is None:
-+        mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
-+    return mcs_constrained_types
-+
-+
- types = None
- 
- def _gen_types():
-@@ -390,6 +399,7 @@ class ManPage:
-         self.types = _gen_types()
-         self.exec_types = _gen_exec_types()
-         self.entry_types = _gen_entry_types()
-+        self.mcs_constrained_types = _gen_mcs_constrained_types()
- 
-         if self.source_files:
-             self.fcpath = self.root + "file_contexts"
-@@ -944,11 +954,7 @@ All executables with the default executable label, usually stored in /usr/bin an
- %s""" % ", ".join(paths))
- 
-     def _mcs_types(self):
--        try:
--            mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
--        except StopIteration:
--            return
--        if self.type not in mcs_constrained_type['types']:
-+        if self.type not in self.mcs_constrained_types['types']:
-             return
-         self.fd.write ("""
- .SH "MCS Constrained"
--- 
-2.29.0
-

0016-Move-po-translation-files-into-the-right-sub-directo.patch

@@ -1,515 +0,0 @@
-From a07e9652785c6196d916dfca3d36c898959406b4 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Mon, 6 Aug 2018 13:23:00 +0200
-Subject: [PATCH] Move po/ translation files into the right sub-directories
-
-When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
-sub-directories, po/ translation files stayed in policycoreutils/.
-
-This commit split original policycoreutils/po directory into
-policycoreutils/po
-python/po
-gui/po
-sandbox/po
-
-See https://github.com/fedora-selinux/selinux/issues/43
----
- gui/Makefile                |  3 ++
- gui/po/Makefile             | 82 ++++++++++++++++++++++++++++++++++++
- gui/po/POTFILES             | 17 ++++++++
- policycoreutils/po/Makefile | 70 ++-----------------------------
- policycoreutils/po/POTFILES |  9 ++++
- python/Makefile             |  2 +-
- python/po/Makefile          | 83 +++++++++++++++++++++++++++++++++++++
- python/po/POTFILES          | 10 +++++
- sandbox/Makefile            |  2 +
- sandbox/po/Makefile         | 82 ++++++++++++++++++++++++++++++++++++
- sandbox/po/POTFILES         |  1 +
- 11 files changed, 293 insertions(+), 68 deletions(-)
- create mode 100644 gui/po/Makefile
- create mode 100644 gui/po/POTFILES
- create mode 100644 policycoreutils/po/POTFILES
- create mode 100644 python/po/Makefile
- create mode 100644 python/po/POTFILES
- create mode 100644 sandbox/po/Makefile
- create mode 100644 sandbox/po/POTFILES
-
-diff --git a/gui/Makefile b/gui/Makefile
-index ca965c942912..5a5bf6dcae19 100644
---- a/gui/Makefile
-+++ b/gui/Makefile
-@@ -22,6 +22,7 @@ system-config-selinux.ui \
- usersPage.py
- 
- all: $(TARGETS) system-config-selinux.py polgengui.py
-+	(cd po && $(MAKE) $@)
- 
- install: all
- 	-mkdir -p $(DESTDIR)$(MANDIR)/man8
-@@ -54,6 +55,8 @@ install: all
- 		install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
- 	done
- 	install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
-+	(cd po && $(MAKE) $@)
-+
- clean:
- 
- indent:
-diff --git a/gui/po/Makefile b/gui/po/Makefile
-new file mode 100644
-index 000000000000..a0f5439f2d1c
---- /dev/null
-+++ b/gui/po/Makefile
-@@ -0,0 +1,82 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE	= gui
-+POTFILE		= $(NLSPACKAGE).pot
-+INSTALL		= /usr/bin/install -c -p
-+INSTALL_DATA	= $(INSTALL) -m 644
-+INSTALL_DIR	= /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE	= msgmerge
-+MSGMERGE_FLAGS	= -q
-+XGETTEXT	= xgettext --default-domain=$(NLSPACKAGE)
-+MSGFMT		= msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES  = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all::  $(MOFILES)
-+
-+$(POTFILE): $(POTFILES)
-+	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
-+	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+	    rm -f $(NLSPACKAGE).po; \
-+	else \
-+	    mv -f $(NLSPACKAGE).po $(POTFILE); \
-+	fi; \
-+
-+
-+refresh-po: Makefile
-+	for cat in $(POFILES); do \
-+		lang=`basename $$cat .po`; \
-+		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+			mv -f $$lang.pot $$lang.po ; \
-+			echo "$(MSGMERGE) of $$lang succeeded" ; \
-+		else \
-+			echo "$(MSGMERGE) of $$lang failed" ; \
-+			rm -f $$lang.pot ; \
-+		fi \
-+	done
-+
-+clean:
-+	@rm -fv *mo *~ .depend
-+	@rm -rf tmp
-+
-+install: $(MOFILES)
-+	@for n in $(MOFILES); do \
-+	    l=`basename $$n .mo`; \
-+	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+	done
-+
-+%.mo: %.po
-+	$(MSGFMT) -o $@ $<
-+report:
-+	@for cat in $(wildcard *.po); do \
-+                echo -n "$$cat: "; \
-+                msgfmt -v --statistics -o /dev/null $$cat; \
-+        done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git a/gui/po/POTFILES b/gui/po/POTFILES
-new file mode 100644
-index 000000000000..1795c5c1951b
---- /dev/null
-+++ b/gui/po/POTFILES
-@@ -0,0 +1,17 @@
-+../booleansPage.py
-+../domainsPage.py
-+../fcontextPage.py
-+../loginsPage.py
-+../modulesPage.py
-+../org.selinux.config.policy
-+../polgengui.py
-+../polgen.ui
-+../portsPage.py
-+../selinux-polgengui.desktop
-+../semanagePage.py
-+../sepolicy.desktop
-+../statusPage.py
-+../system-config-selinux.desktop
-+../system-config-selinux.py
-+../system-config-selinux.ui
-+../usersPage.py
-diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
-index 575e143122e6..18bc1dff8d1f 100644
---- a/policycoreutils/po/Makefile
-+++ b/policycoreutils/po/Makefile
-@@ -3,7 +3,6 @@
- #
- 
- PREFIX ?= /usr
--TOP	 = ../..
- 
- # What is this package?
- NLSPACKAGE	= policycoreutils
-@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
- 
- POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
- MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
--POTFILES = \
--	../run_init/open_init_pty.c \
--	../run_init/run_init.c \
--	../semodule_link/semodule_link.c \
--	../audit2allow/audit2allow \
--	../semanage/seobject.py \
--	../setsebool/setsebool.c \
--	../newrole/newrole.c \
--	../load_policy/load_policy.c \
--	../sestatus/sestatus.c \
--	../semodule/semodule.c \
--	../setfiles/setfiles.c \
--	../semodule_package/semodule_package.c \
--	../semodule_deps/semodule_deps.c \
--	../semodule_expand/semodule_expand.c \
--	../scripts/chcat \
--	../scripts/fixfiles \
--	../restorecond/stringslist.c \
--	../restorecond/restorecond.h \
--	../restorecond/utmpwatcher.h \
--	../restorecond/stringslist.h \
--	../restorecond/restorecond.c \
--	../restorecond/utmpwatcher.c \
--	../gui/booleansPage.py \
--	../gui/fcontextPage.py \
--	../gui/loginsPage.py \
--	../gui/mappingsPage.py \
--	../gui/modulesPage.py \
--	../gui/polgen.glade \
--	../gui/polgengui.py \
--	../gui/portsPage.py \
--	../gui/semanagePage.py \
--	../gui/statusPage.py \
--	../gui/system-config-selinux.glade \
--	../gui/system-config-selinux.py \
--	../gui/usersPage.py \
--	../secon/secon.c \
--	booleans.py \
--	../sepolicy/sepolicy.py \
--	../sepolicy/sepolicy/communicate.py \
--	../sepolicy/sepolicy/__init__.py \
--	../sepolicy/sepolicy/network.py \
--	../sepolicy/sepolicy/generate.py \
--	../sepolicy/sepolicy/sepolicy.glade \
--	../sepolicy/sepolicy/gui.py \
--	../sepolicy/sepolicy/manpage.py \
--	../sepolicy/sepolicy/transition.py \
--	../sepolicy/sepolicy/templates/executable.py \
--	../sepolicy/sepolicy/templates/__init__.py \
--	../sepolicy/sepolicy/templates/network.py \
--	../sepolicy/sepolicy/templates/rw.py \
--	../sepolicy/sepolicy/templates/script.py \
--	../sepolicy/sepolicy/templates/semodule.py \
--	../sepolicy/sepolicy/templates/tmp.py \
--	../sepolicy/sepolicy/templates/user.py \
--	../sepolicy/sepolicy/templates/var_lib.py \
--	../sepolicy/sepolicy/templates/var_log.py \
--	../sepolicy/sepolicy/templates/var_run.py \
--	../sepolicy/sepolicy/templates/var_spool.py
-+POTFILES  = $(shell cat POTFILES)
- 
- #default:: clean
- 
--all::  $(MOFILES)
-+all:: $(POTFILE) $(MOFILES)
- 
--booleans.py:
--	sepolicy booleans -a > booleans.py
--
--$(POTFILE): $(POTFILES) booleans.py
-+$(POTFILE): $(POTFILES)
- 	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
- 	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
- 	    rm -f $(NLSPACKAGE).po; \
-@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
- 	    mv -f $(NLSPACKAGE).po $(POTFILE); \
- 	fi; \
- 
--update-po: Makefile $(POTFILE) refresh-po
--	@rm -f booleans.py
- 
- refresh-po: Makefile
- 	for cat in $(POFILES); do \
-diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
-new file mode 100644
-index 000000000000..12237dc61ee4
---- /dev/null
-+++ b/policycoreutils/po/POTFILES
-@@ -0,0 +1,9 @@
-+../run_init/open_init_pty.c
-+../run_init/run_init.c
-+../setsebool/setsebool.c
-+../newrole/newrole.c
-+../load_policy/load_policy.c
-+../sestatus/sestatus.c
-+../semodule/semodule.c
-+../setfiles/setfiles.c
-+../secon/secon.c
-diff --git a/python/Makefile b/python/Makefile
-index 9b66d52fbd4d..00312dbdb5c6 100644
---- a/python/Makefile
-+++ b/python/Makefile
-@@ -1,4 +1,4 @@
--SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
-+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
- 
- all install relabel clean indent test:
- 	@for subdir in $(SUBDIRS); do \
-diff --git a/python/po/Makefile b/python/po/Makefile
-new file mode 100644
-index 000000000000..4e052d5a2bd7
---- /dev/null
-+++ b/python/po/Makefile
-@@ -0,0 +1,83 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE	= python
-+POTFILE		= $(NLSPACKAGE).pot
-+INSTALL		= /usr/bin/install -c -p
-+INSTALL_DATA	= $(INSTALL) -m 644
-+INSTALL_DIR	= /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE	= msgmerge
-+MSGMERGE_FLAGS	= -q
-+XGETTEXT	= xgettext --default-domain=$(NLSPACKAGE)
-+MSGFMT		= msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES  = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all::  $(MOFILES)
-+
-+$(POTFILE): $(POTFILES) 
-+	$(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES)
-+	$(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade
-+	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+	    rm -f $(NLSPACKAGE).po; \
-+	else \
-+	    mv -f $(NLSPACKAGE).po $(POTFILE); \
-+	fi; \
-+
-+
-+refresh-po: Makefile
-+	for cat in $(POFILES); do \
-+		lang=`basename $$cat .po`; \
-+		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+			mv -f $$lang.pot $$lang.po ; \
-+			echo "$(MSGMERGE) of $$lang succeeded" ; \
-+		else \
-+			echo "$(MSGMERGE) of $$lang failed" ; \
-+			rm -f $$lang.pot ; \
-+		fi \
-+	done
-+
-+clean:
-+	@rm -fv *mo *~ .depend
-+	@rm -rf tmp
-+
-+install: $(MOFILES)
-+	@for n in $(MOFILES); do \
-+	    l=`basename $$n .mo`; \
-+	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+	done
-+
-+%.mo: %.po
-+	$(MSGFMT) -o $@ $<
-+report:
-+	@for cat in $(wildcard *.po); do \
-+                echo -n "$$cat: "; \
-+                msgfmt -v --statistics -o /dev/null $$cat; \
-+        done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git a/python/po/POTFILES b/python/po/POTFILES
-new file mode 100644
-index 000000000000..128eb870a69e
---- /dev/null
-+++ b/python/po/POTFILES
-@@ -0,0 +1,10 @@
-+../audit2allow/audit2allow
-+../chcat/chcat
-+../semanage/semanage
-+../semanage/seobject.py
-+../sepolgen/src/sepolgen/interfaces.py
-+../sepolicy/sepolicy/generate.py
-+../sepolicy/sepolicy/gui.py
-+../sepolicy/sepolicy/__init__.py
-+../sepolicy/sepolicy/interface.py
-+../sepolicy/sepolicy.py
-diff --git a/sandbox/Makefile b/sandbox/Makefile
-index 9da5e58db9e6..b817824e2102 100644
---- a/sandbox/Makefile
-+++ b/sandbox/Makefile
-@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
- SEUNSHARE_OBJS = seunshare.o
- 
- all: sandbox seunshare sandboxX.sh start
-+	(cd po && $(MAKE) $@)
- 
- seunshare: $(SEUNSHARE_OBJS)
- 
-@@ -39,6 +40,7 @@ install: all
- 	install -m 755 start $(DESTDIR)$(SHAREDIR)
- 	-mkdir -p $(DESTDIR)$(SYSCONFDIR)
- 	install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
-+	(cd po && $(MAKE) $@)
- 
- test:
- 	@$(PYTHON) test_sandbox.py -v
-diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
-new file mode 100644
-index 000000000000..0556bbe953f0
---- /dev/null
-+++ b/sandbox/po/Makefile
-@@ -0,0 +1,82 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE	= sandbox
-+POTFILE		= $(NLSPACKAGE).pot
-+INSTALL		= /usr/bin/install -c -p
-+INSTALL_DATA	= $(INSTALL) -m 644
-+INSTALL_DIR	= /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE	= msgmerge
-+MSGMERGE_FLAGS	= -q
-+XGETTEXT	= xgettext -L Python --default-domain=$(NLSPACKAGE)
-+MSGFMT		= msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES		= $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES		= $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES  = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all:: $(POTFILE) $(MOFILES)
-+
-+$(POTFILE): $(POTFILES)
-+	$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
-+	@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+	    rm -f $(NLSPACKAGE).po; \
-+	else \
-+	    mv -f $(NLSPACKAGE).po $(POTFILE); \
-+	fi; \
-+
-+
-+refresh-po: Makefile
-+	for cat in $(POFILES); do \
-+		lang=`basename $$cat .po`; \
-+		if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+			mv -f $$lang.pot $$lang.po ; \
-+			echo "$(MSGMERGE) of $$lang succeeded" ; \
-+		else \
-+			echo "$(MSGMERGE) of $$lang failed" ; \
-+			rm -f $$lang.pot ; \
-+		fi \
-+	done
-+
-+clean:
-+	@rm -fv *mo *~ .depend
-+	@rm -rf tmp
-+
-+install: $(MOFILES)
-+	@for n in $(MOFILES); do \
-+	    l=`basename $$n .mo`; \
-+	    $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+	    $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+	done
-+
-+%.mo: %.po
-+	$(MSGFMT) -o $@ $<
-+report:
-+	@for cat in $(wildcard *.po); do \
-+                echo -n "$$cat: "; \
-+                msgfmt -v --statistics -o /dev/null $$cat; \
-+        done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
-new file mode 100644
-index 000000000000..deff3f2f4656
---- /dev/null
-+++ b/sandbox/po/POTFILES
-@@ -0,0 +1 @@
-+../sandbox
--- 
-2.29.0
-

0017-Use-correct-gettext-domains-in-python-gui-sandbox.patch

@@ -1,306 +0,0 @@
-From eab0fc05a38ab2cd47b3e0ff69981850cc7cd538 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Mon, 6 Aug 2018 13:37:07 +0200
-Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
-
-https://github.com/fedora-selinux/selinux/issues/43
----
- gui/booleansPage.py                          | 2 +-
- gui/domainsPage.py                           | 2 +-
- gui/fcontextPage.py                          | 2 +-
- gui/loginsPage.py                            | 2 +-
- gui/modulesPage.py                           | 2 +-
- gui/polgengui.py                             | 2 +-
- gui/portsPage.py                             | 2 +-
- gui/semanagePage.py                          | 2 +-
- gui/statusPage.py                            | 2 +-
- gui/system-config-selinux.py                 | 2 +-
- gui/usersPage.py                             | 2 +-
- python/chcat/chcat                           | 2 +-
- python/semanage/semanage                     | 2 +-
- python/semanage/seobject.py                  | 2 +-
- python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +-
- python/sepolicy/sepolicy.py                  | 2 +-
- python/sepolicy/sepolicy/__init__.py         | 2 +-
- python/sepolicy/sepolicy/generate.py         | 2 +-
- python/sepolicy/sepolicy/gui.py              | 2 +-
- python/sepolicy/sepolicy/interface.py        | 2 +-
- sandbox/sandbox                              | 2 +-
- 21 files changed, 21 insertions(+), 21 deletions(-)
-
-diff --git a/gui/booleansPage.py b/gui/booleansPage.py
-index 7849bea26a06..dd12b6d6ab86 100644
---- a/gui/booleansPage.py
-+++ b/gui/booleansPage.py
-@@ -38,7 +38,7 @@ DISABLED = 2
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/domainsPage.py b/gui/domainsPage.py
-index bad5140d8c59..6bbe4de5884f 100644
---- a/gui/domainsPage.py
-+++ b/gui/domainsPage.py
-@@ -30,7 +30,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
-index 370bbee40786..e424366da26f 100644
---- a/gui/fcontextPage.py
-+++ b/gui/fcontextPage.py
-@@ -47,7 +47,7 @@ class context:
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/loginsPage.py b/gui/loginsPage.py
-index b67eb8bc42af..cbfb0cc23f65 100644
---- a/gui/loginsPage.py
-+++ b/gui/loginsPage.py
-@@ -29,7 +29,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/modulesPage.py b/gui/modulesPage.py
-index 0584acf9b3a4..35a0129bab9c 100644
---- a/gui/modulesPage.py
-+++ b/gui/modulesPage.py
-@@ -30,7 +30,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/polgengui.py b/gui/polgengui.py
-index d284ded65279..01f541bafae8 100644
---- a/gui/polgengui.py
-+++ b/gui/polgengui.py
-@@ -63,7 +63,7 @@ def get_all_modules():
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/portsPage.py b/gui/portsPage.py
-index 30f58383bc1d..a537ecc8c0a1 100644
---- a/gui/portsPage.py
-+++ b/gui/portsPage.py
-@@ -35,7 +35,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/semanagePage.py b/gui/semanagePage.py
-index 4127804fbbee..5361d69c1313 100644
---- a/gui/semanagePage.py
-+++ b/gui/semanagePage.py
-@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/statusPage.py b/gui/statusPage.py
-index 766854b19cba..a8f079b9b163 100644
---- a/gui/statusPage.py
-+++ b/gui/statusPage.py
-@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
-index 3f70122b87e8..8c46c987b974 100644
---- a/gui/system-config-selinux.py
-+++ b/gui/system-config-selinux.py
-@@ -45,7 +45,7 @@ import selinux
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/gui/usersPage.py b/gui/usersPage.py
-index 26794ed5c3f3..d15d4c5a71dd 100644
---- a/gui/usersPage.py
-+++ b/gui/usersPage.py
-@@ -29,7 +29,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/python/chcat/chcat b/python/chcat/chcat
-index fdd2e46ee3f9..839ddd3b54b6 100755
---- a/python/chcat/chcat
-+++ b/python/chcat/chcat
-@@ -30,7 +30,7 @@ import getopt
- import selinux
- import seobject
- 
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/python/semanage/semanage b/python/semanage/semanage
-index b2fabea67a87..3cc30a160a74 100644
---- a/python/semanage/semanage
-+++ b/python/semanage/semanage
-@@ -27,7 +27,7 @@ import traceback
- import argparse
- import seobject
- import sys
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
-index 6a14f7b47dd5..b51a7e3e7ca3 100644
---- a/python/semanage/seobject.py
-+++ b/python/semanage/seobject.py
-@@ -29,7 +29,7 @@ import sys
- import stat
- import socket
- from semanage import *
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- import sepolicy
- import setools
- import ipaddress
-diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
-index 998c4356415c..56ebd807c69c 100644
---- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
-+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
-@@ -19,7 +19,7 @@
- 
- try: 
-     import gettext
--    t = gettext.translation( 'yumex' )
-+    t = gettext.translation( 'selinux-python' )
-     _ = t.gettext
- except:
-     def _(str):
-diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
-index 7b2230651099..32956e58f52e 100755
---- a/python/sepolicy/sepolicy.py
-+++ b/python/sepolicy/sepolicy.py
-@@ -28,7 +28,7 @@ import sepolicy
- from multiprocessing import Pool
- from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
- import argparse
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
-index ea05d892bf3b..9a9c2ae9f237 100644
---- a/python/sepolicy/sepolicy/__init__.py
-+++ b/python/sepolicy/sepolicy/__init__.py
-@@ -13,7 +13,7 @@ import os
- import re
- import gzip
- 
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
-index 4e1ed4e9dc31..43180ca6fda4 100644
---- a/python/sepolicy/sepolicy/generate.py
-+++ b/python/sepolicy/sepolicy/generate.py
-@@ -48,7 +48,7 @@ import sepolgen.defaults as defaults
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
-index 1e86422b864a..c9ca158ddd09 100644
---- a/python/sepolicy/sepolicy/gui.py
-+++ b/python/sepolicy/sepolicy/gui.py
-@@ -41,7 +41,7 @@ import os
- import re
- import unicodedata
- 
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
-index bdffb770f364..9d40aea1498d 100644
---- a/python/sepolicy/sepolicy/interface.py
-+++ b/python/sepolicy/sepolicy/interface.py
-@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
-     import gettext
-     kwargs = {}
-diff --git a/sandbox/sandbox b/sandbox/sandbox
-index ca5f1e030a51..16c43b51eaaa 100644
---- a/sandbox/sandbox
-+++ b/sandbox/sandbox
-@@ -37,7 +37,7 @@ import sepolicy
- 
- SEUNSHARE = "/usr/sbin/seunshare"
- SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-sandbox"
- try:
-     import gettext
-     kwargs = {}
--- 
-2.29.0
-

0019-policycoreutils-setfiles-Improve-description-of-d-sw.patch

@@ -1,30 +0,0 @@
-From 4277ef04de699e1939c95c4813de6a78d1ea1656 Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Wed, 21 Mar 2018 08:51:31 +0100
-Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
-
-The "-q" switch is becoming obsolete (completely unused in fedora) and
-debug output ("-d" switch) makes sense in any scenario. Therefore both
-options can be specified at once.
-
-Resolves: rhbz#1271327
----
- policycoreutils/setfiles/setfiles.8 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
-index e328a5628682..02e0960289d3 100644
---- a/policycoreutils/setfiles/setfiles.8
-+++ b/policycoreutils/setfiles/setfiles.8
-@@ -58,7 +58,7 @@ check the validity of the contexts against the specified binary policy.
- .TP
- .B \-d
- show what specification matched each file (do not abort validation
--after ABORT_ON_ERRORS errors).
-+after ABORT_ON_ERRORS errors). Not affected by "\-q"
- .TP
- .BI \-e \ directory
- directory to exclude (repeat option for more than one directory).
--- 
-2.29.0
-

0020-sepolicy-generate-Handle-more-reserved-port-types.patch

@@ -1,71 +0,0 @@
-From fa94b0faf12a79158d971f363e8ec65227d67de3 Mon Sep 17 00:00:00 2001
-From: Masatake YAMATO <yamato@redhat.com>
-Date: Thu, 14 Dec 2017 15:57:58 +0900
-Subject: [PATCH] sepolicy-generate: Handle more reserved port types
-
-Currently only reserved_port_t, port_t and hi_reserved_port_t are
-handled as special when making a ports-dictionary.  However, as fas as
-corenetwork.te.in of serefpolicy, unreserved_port_t and
-ephemeral_port_t should be handled in the same way, too.
-
-(Details) I found the need of this change when I was using
-selinux-polgengui.  Though tcp port 12345, which my application may
-use, was given to the gui, selinux-polgengui generates expected te
-file and sh file which didn't utilize the tcp port.
-
-selinux-polgengui checks whether a port given via gui is already typed
-or not.
-
-If it is already typed, selinux-polgengui generates a te file having
-rules to allow the application to use the port. (A)
-
-If not, it seems for me that selinux-polgengui is designed to generate
-a te file having rules to allow the application to own(?) the port;
-and a sh file having a command line to assign the application own type
-to the port. (B)
-
-As we can see the output of `semanage port -l' some of ports for
-specified purpose have types already.  The important point is that the
-rest of ports also have types already:
-
-    hi_reserved_port_t tcp 512-1023
-    hi_reserved_port_t udp 512-1023
-    unreserved_port_t tcp 1024-32767, 61001-65535
-    unreserved_port_t udp 1024-32767, 61001-65535
-    ephemeral_port_t tcp 32768-61000
-    ephemeral_port_t udp 32768-61000
-
-As my patch shows, the original selinux-polgengui ignored
-hi_reserved_port_t; though hi_reserved_port_t is assigned,
-selinux-polgengui considered ports 512-1023 are not used. As the
-result selinux-polgengui generates file sets of (B).
-
-For the purpose of selinux-polgengui, I think unreserved_port_t and
-ephemeral_port_t are treated as the same as hi_reserved_port_t.
-
-Signed-off-by: Masatake YAMATO <yamato@redhat.com>
-
-Fedora only patch:
-https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redhat.com/
----
- python/sepolicy/sepolicy/generate.py | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
-index 43180ca6fda4..d60a08e1d72c 100644
---- a/python/sepolicy/sepolicy/generate.py
-+++ b/python/sepolicy/sepolicy/generate.py
-@@ -99,7 +99,9 @@ def get_all_ports():
-     for p in sepolicy.info(sepolicy.PORT):
-         if p['type'] == "reserved_port_t" or \
-                 p['type'] == "port_t" or \
--                p['type'] == "hi_reserved_port_t":
-+                p['type'] == "hi_reserved_port_t" or \
-+                p['type'] == "ephemeral_port_t" or \
-+                p['type'] == "unreserved_port_t":
-             continue
-         dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
-     return dict
--- 
-2.29.0
-

0021-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch

@@ -1,24 +0,0 @@
-From 122e35c4d11b5b623e8bc463f81c6792385523cb Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Thu, 8 Nov 2018 09:20:58 +0100
-Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
-
----
- semodule-utils/semodule_package/semodule_package.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
-index 3515234e36de..7b75b3fd9bb4 100644
---- a/semodule-utils/semodule_package/semodule_package.c
-+++ b/semodule-utils/semodule_package/semodule_package.c
-@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
- 	}
- 	if (!sb.st_size) {
- 		*len = 0;
-+		close(fd);
- 		return 0;
- 	}
- 
--- 
-2.29.0
-

0022-sandbox-Use-matchbox-window-manager-instead-of-openb.patch

@@ -1,74 +0,0 @@
-From e63814eb18bdbb48a7e6bf79b17d79d6a9ca56d6 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Wed, 18 Jul 2018 09:09:35 +0200
-Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
-
----
- sandbox/sandbox     |  4 ++--
- sandbox/sandbox.8   |  2 +-
- sandbox/sandboxX.sh | 14 --------------
- 3 files changed, 3 insertions(+), 17 deletions(-)
-
-diff --git a/sandbox/sandbox b/sandbox/sandbox
-index 16c43b51eaaa..7709a6585665 100644
---- a/sandbox/sandbox
-+++ b/sandbox/sandbox
-@@ -268,7 +268,7 @@ class Sandbox:
-             copyfile(f, "/tmp", self.__tmpdir)
-             copyfile(f, "/var/tmp", self.__tmpdir)
- 
--    def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
-+    def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
-         execfile = self.__homedir + "/.sandboxrc"
-         fd = open(execfile, "w+")
-         if self.__options.session:
-@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
- 
-         parser.add_option("-W", "--windowmanager", dest="wm",
-                           type="string",
--                          default="/usr/bin/openbox",
-+                          default="/usr/bin/matchbox-window-manager",
-                           help=_("alternate window manager"))
- 
-         parser.add_option("-l", "--level", dest="level",
-diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
-index d83fee76f335..90ef4951c8c2 100644
---- a/sandbox/sandbox.8
-+++ b/sandbox/sandbox.8
-@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
- \fB\-W\fR \fB\-\-windowmanager\fR
- Select alternative window manager to run within 
- .B sandbox \-X.
--Default to /usr/bin/openbox.
-+Default to /usr/bin/matchbox-window-manager.
- .TP
- \fB\-X\fR 
- Create an X based Sandbox for gui apps, temporary files for
-diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
-index 4774528027ef..c211ebc14549 100644
---- a/sandbox/sandboxX.sh
-+++ b/sandbox/sandboxX.sh
-@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
- [ -z $2 ] && export DPI="96" || export DPI="$2"
- trap "exit 0" HUP
- 
--mkdir -p ~/.config/openbox
--cat > ~/.config/openbox/rc.xml << EOF
--<openbox_config xmlns="http://openbox.org/3.4/rc"
--		xmlns:xi="http://www.w3.org/2001/XInclude">
--<applications>
--  <application class="*">
--    <decor>no</decor>
--    <desktop>all</desktop>
--    <maximized>yes</maximized>
--  </application>
--</applications>
--</openbox_config>
--EOF
--
- (/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
-     export DISPLAY=:$D
-     cat > ~/seremote << __EOF
--- 
-2.29.0
-

0023-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch

@@ -1,46 +0,0 @@
-From b1f380c75f8a4ea7a4062d3735d190a1dcbc3aaa Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Tue, 28 Jul 2020 14:37:13 +0200
-Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code
-
-Fixes:
-$ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8
-Analyzing 187 Python scripts
-./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
-./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:774:17: E117 over-indented
-./python/sepolicy/build/lib/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
-./python/sepolicy/build/lib/sepolicy/manpage.py:774:17: E117 over-indented
-./python/sepolicy/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in'
-./python/sepolicy/sepolicy/manpage.py:774:17: E117 over-indented
-The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1.
-
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
----
- python/sepolicy/sepolicy/manpage.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index f8584436960d..6a3e08fca58c 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -717,7 +717,7 @@ Default Defined Ports:""")
-         for f in self.all_file_types:
-             if f.startswith(self.domainname):
-                 flist.append(f)
--                if not f in self.exec_types or not f in self.entry_types:
-+                if f not in self.exec_types or f not in self.entry_types:
-                     flist_non_exec.append(f)
-                 if f in self.fcdict:
-                     mpaths = mpaths + self.fcdict[f]["regex"]
-@@ -771,7 +771,7 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
- """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
- 
-         if flist_non_exec:
--                self.fd.write(r"""
-+            self.fd.write(r"""
- .PP
- .B STANDARD FILE CONTEXT
- 
--- 
-2.29.0
-

0024-selinux_config-5-add-a-note-that-runtime-disable-is-.patch

@@ -1,29 +0,0 @@
-From 99450e5c391f0e5b7da9234588123edca0993794 Mon Sep 17 00:00:00 2001
-From: Ondrej Mosnacek <omosnace@redhat.com>
-Date: Wed, 11 Nov 2020 17:23:40 +0100
-Subject: [PATCH] selinux_config(5): add a note that runtime disable is
- deprecated
-
-...and refer to selinux(8), which explains it further.
-
-Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
----
- policycoreutils/man/man5/selinux_config.5 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
-index 1ffade150128..58b42a0e234d 100644
---- a/policycoreutils/man/man5/selinux_config.5
-+++ b/policycoreutils/man/man5/selinux_config.5
-@@ -48,7 +48,7 @@ SELinux security policy is enforced.
- .IP \fIpermissive\fR 4
- SELinux security policy is not enforced but logs the warnings (i.e. the action is allowed to proceed).
- .IP \fIdisabled\fR
--SELinux is disabled and no policy is loaded.
-+No SELinux policy is loaded.  This option was used to disable SELinux completely, which is now deprecated.  Use the \fBselinux=0\fR kernel boot option instead (see \fBselinux\fR(8)).
- .RE
- .sp
- The entry can be determined using the \fBsestatus\fR(8) command or \fBselinux_getenforcemode\fR(3).
--- 
-2.29.2
-

0025-python-sepolicy-allow-to-override-manpage-date.patch

@@ -1,51 +0,0 @@
-From 794dbdb6b1336cae872f45b5adaa594796e4806b Mon Sep 17 00:00:00 2001
-From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
-Date: Fri, 30 Oct 2020 22:53:09 +0100
-Subject: [PATCH] python/sepolicy: allow to override manpage date
-
-in order to make builds reproducible.
-See https://reproducible-builds.org/ for why this is good
-and https://reproducible-builds.org/specs/source-date-epoch/
-for the definition of this variable.
-
-This patch was done while working on reproducible builds for openSUSE.
-
-Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
----
- python/sepolicy/sepolicy/manpage.py | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
-index 6a3e08fca58c..c013c0d48502 100755
---- a/python/sepolicy/sepolicy/manpage.py
-+++ b/python/sepolicy/sepolicy/manpage.py
-@@ -39,6 +39,8 @@ typealias_types = {
- equiv_dict = {"smbd": ["samba"], "httpd": ["apache"], "virtd": ["virt", "libvirt"], "named": ["bind"], "fsdaemon": ["smartmon"], "mdadm": ["raid"]}
- 
- equiv_dirs = ["/var"]
-+man_date = time.strftime("%y-%m-%d", time.gmtime(
-+        int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
- modules_dict = None
- 
- 
-@@ -546,7 +548,7 @@ class ManPage:
- 
-     def _typealias(self,typealias):
-         self.fd.write('.TH  "%(typealias)s_selinux"  "8"  "%(date)s" "%(typealias)s" "SELinux Policy %(typealias)s"'
--                 % {'typealias':typealias, 'date': time.strftime("%y-%m-%d")})
-+                 % {'typealias':typealias, 'date': man_date})
-         self.fd.write(r"""
- .SH "NAME"
- %(typealias)s_selinux \- Security Enhanced Linux Policy for the %(typealias)s processes
-@@ -565,7 +567,7 @@ man page for more details.
- 
-     def _header(self):
-         self.fd.write('.TH  "%(domainname)s_selinux"  "8"  "%(date)s" "%(domainname)s" "SELinux Policy %(domainname)s"'
--                      % {'domainname': self.domainname, 'date': time.strftime("%y-%m-%d")})
-+                      % {'domainname': self.domainname, 'date': man_date})
-         self.fd.write(r"""
- .SH "NAME"
- %(domainname)s_selinux \- Security Enhanced Linux Policy for the %(domainname)s processes
--- 
-2.29.2
-

README.translations

@@ -1,41 +0,0 @@
-policycoreutils translations currently live in the following locations:
-
-- https://fedora.zanata.org/project/view/selinux
-  - contains translations for both stable (Red Hat Enterprise Linux) and master (Fedora) branches
-  - maintains large number of languages (several of which do not actually contain any translated strings)
-  - updated by community and partially by RH localization effort
-
-- selinux source repository (https://github.com/fedora-selinux/selinux)
-  - is kept up-to-date with fedora.zanata
-
-How to update source files on fedora.zanata:
-  $ git clone git@github.com:fedora-selinux/selinux.git
-  $ cd selinux
-
-  # generate new potfile
-  $ for p in policycoreutils python gui sandbox; do
-    cd $p/po
-    make $p.pot
-    cd -
-    done
-
-  # Push potfiles to zanata
-  $ zanata-cli push --push-type source
-
-How to pull new translations from zanata
-  $ git clone git@github.com:fedora-selinux/selinux.git
-  $ cd selinux
-  # Make sure "zanata.xml" file pointing to corresponding translations branch is present
-  # Optionally update source files on zanata
-  # Pull new translations from zanata
-  $ zanata-cli -e pull --pull-type trans
-
-How to update translations *-po.tgz files
-  $ mkdir zanata
-  $ cd zanata
-  $ zanata-cli -e pull --project-config ../zanata.xml  --pull-type both
-  $ for p in policycoreutils python gui sandbox; do
-    cd $p
-    tar -c -f ../../$p-po.tgz -z .
-    cd -
-    done

gating.yaml

@@ -1,16 +0,0 @@
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_testing
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
-
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_stable
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
-

selinux-autorelabel

@@ -1,73 +0,0 @@
-#!/bin/bash
-#
-# Do automatic relabelling
-#
-
-# . /etc/init.d/functions
-
-# If the user has this (or similar) UEFI boot order:
-#
-#             Windows | grub | Linux
-#
-# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
-# would cause the system to boot into Windows again, if the autorelabel was run.
-#
-# This function restores the UEFI boot order, so the user will boot into the
-# previously set (and expected) partition.
-efi_set_boot_next() {
-    # NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
-    #       succeed even on system which is not EFI-enabled...
-    if ! efibootmgr > /dev/null 2>&1; then
-        return
-    fi
-
-    # NOTE: It it possible that some other services might be setting the
-    #       'BootNext' item for any reasons, and we shouldn't override it if so.
-    if ! efibootmgr | grep --quiet -e 'BootNext'; then
-        CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
-        efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
-    fi
-}
-
-relabel_selinux() {
-    # if /sbin/init is not labeled correctly this process is running in the
-    # wrong context, so a reboot will be required after relabel
-    AUTORELABEL=
-    . /etc/selinux/config
-    echo "0" > /sys/fs/selinux/enforce
-    [ -x /bin/plymouth ] && plymouth --quit
-
-    if [ "$AUTORELABEL" = "0" ]; then
-	echo
-	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
-	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
-	echo $"*** problems. Dropping you to a shell; the system will reboot"
-	echo $"*** when you leave the shell."
-	sulogin
-
-    else
-	echo
-	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
-	echo $"*** Relabeling could take a very long time, depending on file"
-	echo $"*** system size and speed of hard drives."
-
-	FORCE=`cat /.autorelabel`
-        [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
-	/sbin/fixfiles $FORCE restore
-    fi
-
-    rm -f  /.autorelabel
-    /usr/lib/dracut/dracut-initramfs-restore
-    efi_set_boot_next
-    if [ -x /usr/bin/grub2-editenv ]; then
-        grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
-    fi
-    sync
-    systemctl --force reboot
-}
-
-# Check to see if a full relabel is needed
-if [ "$READONLY" != "yes" ]; then
-    restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
-    relabel_selinux
-fi

selinux-autorelabel-generator.sh

@@ -1,29 +0,0 @@
-#!/bin/sh
-
-# This systemd.generator(7) detects if SELinux is running and if the
-# user requested an autorelabel, and if so sets the default target to
-# selinux-autorelabel.target, which will cause the filesystem to be
-# relabelled and then the system will reboot again and boot into the
-# real default target.
-
-PATH=/usr/sbin:$PATH
-unitdir=/usr/lib/systemd/system
-
-# If invoked with no arguments (for testing) write to /tmp.
-earlydir="/tmp"
-if [ -n "$2" ]; then
-    earlydir="$2"
-fi
-
-set_target ()
-{
-    ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
-}
-
-if selinuxenabled; then
-    if test -f /.autorelabel; then
-        set_target
-    elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
-        set_target
-    fi
-fi

selinux-autorelabel-mark.service

@@ -1,18 +0,0 @@
-[Unit]
-Description=Mark the need to relabel after reboot
-DefaultDependencies=no
-Requires=local-fs.target
-Conflicts=shutdown.target
-After=local-fs.target
-Before=sysinit.target shutdown.target
-ConditionSecurity=!selinux
-ConditionPathIsDirectory=/etc/selinux
-ConditionPathExists=!/.autorelabel
-
-[Service]
-ExecStart=-/bin/touch /.autorelabel
-Type=oneshot
-RemainAfterExit=yes
-
-[Install]
-WantedBy=sysinit.target

selinux-autorelabel.service

@@ -1,14 +0,0 @@
-[Unit]
-Description=Relabel all filesystems
-DefaultDependencies=no
-Conflicts=shutdown.target
-After=sysinit.target
-Before=shutdown.target
-ConditionSecurity=selinux
-
-[Service]
-ExecStart=/usr/libexec/selinux/selinux-autorelabel
-Type=oneshot
-TimeoutSec=0
-RemainAfterExit=yes
-StandardOutput=journal+console

selinux-autorelabel.target

@@ -1,7 +0,0 @@
-[Unit]
-Description=Relabel all filesystems and reboot
-DefaultDependencies=no
-Requires=sysinit.target selinux-autorelabel.service
-Conflicts=shutdown.target
-After=sysinit.target selinux-autorelabel.service
-ConditionSecurity=selinux

sepolgen-fedora.patch

@@ -0,0 +1,394 @@
+diff --git sepolgen-1.2.3/ChangeLog sepolgen-1.2.3/ChangeLog
+index 7cc0a18..bda7a2e 100644
+--- sepolgen-1.2.3/ChangeLog
++++ sepolgen-1.2.3/ChangeLog
+@@ -1,3 +1,6 @@
++	* Remove additional files when cleaning, from Nicolas Iooss.
++	* Add support for TYPEBOUNDS statement in INTERFACE policy files, from Miroslav Grepl.
++
+ 1.2.3 2016-02-23
+ 	* Support latest refpolicy interfaces, from Nicolas Iooss.
+ 	* Make sepolgen-ifgen output deterministic with Python>=3.3, from Nicolas Iooss.
+diff --git sepolgen-1.2.3/src/sepolgen/Makefile sepolgen-1.2.3/src/sepolgen/Makefile
+index 9ac7651..d3aa771 100644
+--- sepolgen-1.2.3/src/sepolgen/Makefile
++++ sepolgen-1.2.3/src/sepolgen/Makefile
+@@ -11,5 +11,4 @@ install: all
+ clean:
+ 	rm -f parser.out parsetab.py
+ 	rm -f *~ *.pyc
+-
+-
++	rm -rf __pycache__
+diff --git sepolgen-1.2.3/src/sepolgen/access.py sepolgen-1.2.3/src/sepolgen/access.py
+index a5d8698..7606561 100644
+--- sepolgen-1.2.3/src/sepolgen/access.py
++++ sepolgen-1.2.3/src/sepolgen/access.py
+@@ -90,6 +90,8 @@ class AccessVector(util.Comparison):
+             self.audit_msgs = []
+             self.type = audit2why.TERULE
+             self.data = []
++            self.obj_path = None
++            self.base_type = None
+         # when implementing __eq__ also __hash__ is needed on py2
+         # if object is muttable __hash__ should be None
+         self.__hash__ = None
+@@ -138,6 +140,29 @@ class AccessVector(util.Comparison):
+         return "allow %s %s:%s %s;" % (self.src_type, self.tgt_type,
+                                         self.obj_class, self.perms.to_space_str())
+ 
++    def base_file_type(self):
++        base_type_array = []
++        base_type_array = [self.base_type, self.tgt_type, self.src_type]
++        return base_type_array
++
++    def __cmp__(self, other):
++        if self.src_type != other.src_type:
++            return cmp(self.src_type, other.src_type)
++        if self.tgt_type != other.tgt_type:
++            return cmp(self.tgt_type, other.tgt_type)
++        if self.obj_class != self.obj_class:
++            return cmp(self.obj_class, other.obj_class)
++        if len(self.perms) != len(other.perms):
++            return cmp(len(self.perms), len(other.perms))
++        x = list(self.perms)
++        x.sort()
++        y = list(other.perms)
++        y.sort()
++        for pa, pb in zip(x, y):
++            if pa != pb:
++                return cmp(pa, pb)
++        return 0
++
+     def _compare(self, other, method):
+         try:
+             x = list(self.perms)
+@@ -257,7 +282,8 @@ class AccessVectorSet:
+         for av in l:
+             self.add_av(AccessVector(av))
+ 
+-    def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, data=[]):
++    def add(self, src_type, tgt_type, obj_class, perms, obj_path=None,
++            base_type=None, audit_msg=None, avc_type=audit2why.TERULE, data=[]):
+         """Add an access vector to the set.
+         """
+         tgt = self.src.setdefault(src_type, { })
+@@ -270,7 +296,9 @@ class AccessVectorSet:
+             access.src_type = src_type
+             access.tgt_type = tgt_type
+             access.obj_class = obj_class
++            access.obj_path = obj_path
+             access.data = data
++            access.base_type = base_type
+             access.type = avc_type
+             cls[obj_class, avc_type] = access
+ 
+diff --git sepolgen-1.2.3/src/sepolgen/audit.py sepolgen-1.2.3/src/sepolgen/audit.py
+index 724d3ea..dad0724 100644
+--- sepolgen-1.2.3/src/sepolgen/audit.py
++++ sepolgen-1.2.3/src/sepolgen/audit.py
+@@ -176,6 +176,7 @@ class AVCMessage(AuditMessage):
+         self.exe = ""
+         self.path = ""
+         self.name = ""
++        self.ino = ""
+         self.accesses = []
+         self.denial = True
+         self.type = audit2why.TERULE
+@@ -237,6 +238,10 @@ class AVCMessage(AuditMessage):
+                 self.exe = fields[1][1:-1]
+             elif fields[0] == "name":
+                 self.name = fields[1][1:-1]
++            elif fields[0] == "path":
++                self.path = fields[1][1:-1]
++            elif fields[0] == "ino":
++                self.ino = fields[1]
+ 
+         if not found_src or not found_tgt or not found_class or not found_access:
+             raise ValueError("AVC message in invalid format [%s]\n" % self.message)
+@@ -361,7 +366,9 @@ class AuditParser:
+         self.path_msgs = []
+         self.by_header = { }
+         self.check_input_file = False
+-                
++        self.inode_dict = { }
++        self.__store_base_types()
++
+     # Low-level parsing function - tries to determine if this audit
+     # message is an SELinux related message and then parses it into
+     # the appropriate AuditMessage subclass. This function deliberately
+@@ -499,6 +506,61 @@ class AuditParser:
+         
+         return role_types
+ 
++    def __restore_path(self, name, inode):
++        import subprocess
++        import os
++        path = ""
++        # Optimizing
++        if name == "" or inode == "":
++            return path
++        for d in self.inode_dict:
++            if d == inode and self.inode_dict[d] == name:
++                return path
++            if d == inode and self.inode_dict[d] != name:
++                return self.inode_dict[d]
++        if inode not in self.inode_dict.keys():
++            self.inode_dict[inode] = name
++
++        command = "locate -b '\%s'" % name
++        try:
++            output = subprocess.check_output(command,
++                                             stderr=subprocess.STDOUT,
++                                             shell=True,
++                                             universal_newlines=True)
++            try:
++                ino = int(inode)
++            except ValueError:
++                pass
++            for file in output.split("\n"):
++                try:
++                    if int(os.lstat(file).st_ino) == ino:
++                        self.inode_dict[inode] = path = file
++                        return path
++                except:
++                    pass
++        except subprocess.CalledProcessError as e:
++            pass
++        return path
++
++    def __store_base_types(self):
++        import sepolicy
++        self.base_types = sepolicy.get_types_from_attribute("base_file_type")
++
++    def __get_base_type(self, tcontext, scontext):
++        import sepolicy
++        # Prevent unnecessary searching
++        if (self.old_scontext == scontext and
++            self.old_tcontext == tcontext):
++            return
++        self.old_scontext = scontext
++        self.old_tcontext = tcontext
++        for btype in self.base_types:
++            if btype == tcontext:
++                for writable in sepolicy.get_writable_files(scontext):
++                    if writable.endswith(tcontext) and writable.startswith(scontext.rstrip("_t")):
++                        return writable
++                return 0
++
+     def to_access(self, avc_filter=None, only_denials=True):
+         """Convert the audit logs access into a an access vector set.
+ 
+@@ -517,16 +579,23 @@ class AuditParser:
+            audit logs parsed by this object.
+         """
+         av_set = access.AccessVectorSet()
++        self.old_scontext = ""
++        self.old_tcontext = ""
+         for avc in self.avc_msgs:
+             if avc.denial != True and only_denials:
+                 continue
++            base_type = self.__get_base_type(avc.tcontext.type, avc.scontext.type)
++            if avc.path == "":
++                avc.path = self.__restore_path(avc.name, avc.ino)
+             if avc_filter:
+                 if avc_filter.filter(avc):
+                     av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
+-                               avc.accesses, avc, avc_type=avc.type, data=avc.data)
++                               avc.accesses, avc.path, base_type, avc,
++                               avc_type=avc.type, data=avc.data)
+             else:
+                 av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
+-                           avc.accesses, avc, avc_type=avc.type, data=avc.data)
++                           avc.accesses, avc.path, base_type, avc,
++                           avc_type=avc.type, data=avc.data)
+         return av_set
+ 
+ class AVCTypeFilter:
+diff --git sepolgen-1.2.3/src/sepolgen/policygen.py sepolgen-1.2.3/src/sepolgen/policygen.py
+index 34c8401..f374132 100644
+--- sepolgen-1.2.3/src/sepolgen/policygen.py
++++ sepolgen-1.2.3/src/sepolgen/policygen.py
+@@ -82,8 +82,9 @@ class PolicyGenerator:
+             self.module = refpolicy.Module()
+ 
+         self.dontaudit = False
+-
++        self.mislabled = None
+         self.domains = None
++
+     def set_gen_refpol(self, if_set=None, perm_maps=None):
+         """Set whether reference policy interfaces are generated.
+ 
+@@ -153,6 +154,18 @@ class PolicyGenerator:
+         """Return the generated module"""
+         return self.module
+ 
++    def __restore_label(self, av):
++        import selinux
++        try:
++            context = selinux.matchpathcon(av.obj_path, 0)
++            split = context[1].split(":")[2]
++            if split != av.tgt_type:
++                self.mislabled = split
++                return
++        except OSError:
++            pass
++        self.mislabled = None
++
+     def __add_allow_rules(self, avs):
+         for av in avs:
+             rule = refpolicy.AVRule(av)
+@@ -161,6 +174,34 @@ class PolicyGenerator:
+             rule.comment = ""
+             if self.explain:
+                 rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
++            # base_type[0] == 0 means there exists a base type but not the path
++            # base_type[0] == None means user isn't using base type
++            # base_type[1] contains the target context
++            # base_type[2] contains the source type
++            base_type = av.base_file_type()
++            if base_type[0] == 0 and av.type != audit2why.ALLOW:
++                  rule.comment += "\n#!!!! WARNING: '%s' is a base type." % "".join(base_type[1])
++            for perm in av.perms:
++                if perm == "write" or perm == "create":
++                    permission = True
++                    break
++                else:
++                    permission = False
++
++            # Catch perms 'write' and 'create' for base types
++            if (base_type[0] is not None and base_type[0] != 0
++                and permission and av.type != audit2why.ALLOW):
++                if av.obj_class == dir:
++                    comp = "(/.*?)"
++                else:
++                    comp = ""
++                rule.comment += "\n#!!!! WARNING '%s' is not allowed to write or create to %s.  Change the label to %s." % ("".join(base_type[2]), "".join(base_type[1]), "".join(base_type[0]))
++                if av.obj_path != "":
++                    rule.comment += "\n#!!!! $ semanage fcontext -a -t %s %s%s   \n#!!!! $ restorecon -R -v %s" % ("".join(base_type[0]), "".join(av.obj_path), "".join(comp) ,"".join(av.obj_path))
++
++            self.__restore_label(av)
++            if self.mislabled is not None and av.type != audit2why.ALLOW:
++                rule.comment += "\n#!!!! The file '%s' is mislabeled on your system.  \n#!!!! Fix with $ restorecon -R -v %s" % ("".join(av.obj_path), "".join(av.obj_path))
+             if av.type == audit2why.ALLOW:
+                 rule.comment += "\n#!!!! This avc is allowed in the current policy"
+             if av.type == audit2why.DONTAUDIT:
+diff --git sepolgen-1.2.3/src/sepolgen/refparser.py sepolgen-1.2.3/src/sepolgen/refparser.py
+index 9b1d0c8..2cef8e8 100644
+--- sepolgen-1.2.3/src/sepolgen/refparser.py
++++ sepolgen-1.2.3/src/sepolgen/refparser.py
+@@ -113,6 +113,7 @@ tokens = (
+     'AUDITALLOW',
+     'NEVERALLOW',
+     'PERMISSIVE',
++    'TYPEBOUNDS',
+     'TYPE_TRANSITION',
+     'TYPE_CHANGE',
+     'TYPE_MEMBER',
+@@ -178,6 +179,7 @@ reserved = {
+     'auditallow' : 'AUDITALLOW',
+     'neverallow' : 'NEVERALLOW',
+     'permissive' : 'PERMISSIVE',
++    'typebounds' : 'TYPEBOUNDS',
+     'type_transition' : 'TYPE_TRANSITION',
+     'type_change' : 'TYPE_CHANGE',
+     'type_member' : 'TYPE_MEMBER',
+@@ -502,6 +504,7 @@ def p_policy_stmt(p):
+     '''policy_stmt : gen_require
+                    | avrule_def
+                    | typerule_def
++                   | typebound_def
+                    | typeattribute_def
+                    | roleattribute_def
+                    | interface_call
+@@ -823,6 +826,13 @@ def p_typerule_def(p):
+     t.file_name = p[7]
+     p[0] = t
+ 
++def p_typebound_def(p):
++    '''typebound_def : TYPEBOUNDS IDENTIFIER comma_list SEMI'''
++    t = refpolicy.TypeBound()
++    t.type = p[2]
++    t.tgt_types.update(p[3])
++    p[0] = t
++
+ def p_bool(p):
+     '''bool : BOOL IDENTIFIER TRUE SEMI
+             | BOOL IDENTIFIER FALSE SEMI'''
+diff --git sepolgen-1.2.3/src/sepolgen/refpolicy.py sepolgen-1.2.3/src/sepolgen/refpolicy.py
+index 31b40d8..2ee029c 100644
+--- sepolgen-1.2.3/src/sepolgen/refpolicy.py
++++ sepolgen-1.2.3/src/sepolgen/refpolicy.py
+@@ -112,6 +112,9 @@ class Node(PolicyBase):
+     def typerules(self):
+         return filter(lambda x: isinstance(x, TypeRule), walktree(self))
+ 
++    def typebounds(self):
++        return filter(lambda x: isinstance(x, TypeBound), walktree(self))
++
+     def typeattributes(self):
+         """Iterate over all of the TypeAttribute children of this Interface."""
+         return filter(lambda x: isinstance(x, TypeAttribute), walktree(self))
+@@ -522,6 +525,19 @@ class TypeRule(Leaf):
+                                      self.tgt_types.to_space_str(),
+                                      self.obj_classes.to_space_str(),
+                                      self.dest_type)
++class TypeBound(Leaf):
++    """SElinux typebound statement.
++
++    This class represents a typebound statement.
++    """
++    def __init__(self, parent=None):
++        Leaf.__init__(self, parent)
++        self.type = ""
++        self.tgt_types = IdSet()
++
++    def to_string(self):
++        return "typebounds %s %s;" % (self.type, self.tgt_types.to_comma_str())
++
+ 
+ class RoleAllow(Leaf):
+     def __init__(self, parent=None):
+diff --git sepolgen-1.2.3/tests/.gitignore sepolgen-1.2.3/tests/.gitignore
+new file mode 100644
+index 0000000..c120af8
+--- /dev/null
++++ sepolgen-1.2.3/tests/.gitignore
+@@ -0,0 +1,4 @@
++module_compile_test.fc
++module_compile_test.if
++output
++tmp/
+diff --git sepolgen-1.2.3/tests/Makefile sepolgen-1.2.3/tests/Makefile
+index 924a9be..e17eef2 100644
+--- sepolgen-1.2.3/tests/Makefile
++++ sepolgen-1.2.3/tests/Makefile
+@@ -4,8 +4,11 @@ clean:
+ 	rm -f *~ *.pyc
+ 	rm -f parser.out parsetab.py
+ 	rm -f out.txt
++	rm -f module_compile_test.fc
++	rm -f module_compile_test.if
+ 	rm -f module_compile_test.pp
+ 	rm -f output
++	rm -rf __pycache__ tmp
+ 
+ test:
+ 	$(PYTHON) run-tests.py
+diff --git sepolgen-1.2.3/tests/module_compile_test.te sepolgen-1.2.3/tests/module_compile_test.te
+index 446c8dc..b365448 100644
+--- sepolgen-1.2.3/tests/module_compile_test.te
++++ sepolgen-1.2.3/tests/module_compile_test.te
+@@ -1,8 +1,8 @@
+-module foo 1.0;
++module module_compile_test 1.0;
+ 
+ require {
+ 	type foo, bar;
+ 	class file { read write };
+ }
+ 
+-allow foo bar : file { read write };
+\ No newline at end of file
++allow foo bar : file { read write };

sources

@@ -1,11 +1,3 @@
-SHA512 (policycoreutils-3.1.tar.gz) = 0592f218563a99ba95d2cfd07fdc3761b61c1cc3c01a17ab89ad840169e1a7d4083521d5cacc72d1b76911d516bf592db7a3f90d9ef0cc11ceed007e4580e140
-SHA512 (restorecond-3.1.tar.gz) = cdcf299f48b89a7c641ded9507b9b966bf648497394f8e988a9cb1ceb3224c86369706027f3416a4f9750836f7a8f4580a4b3df76673e03f897b383d7ed0e2c8
-SHA512 (selinux-dbus-3.1.tar.gz) = d5e1715539ec9aeef2285fc141617b7c25f39ddacc3968d2d19722553b97b873632545a2c7002faef44b671604b2cfca52e9624c57cedbae64d616a080cc955f
-SHA512 (selinux-gui-3.1.tar.gz) = c8bd618da3bd1dcc8aeb470e8410765ea7d38e861b0be78aaddaa5384ec3de12d364de1b63e2d9e3262e1179463f0ee78cb60f11ab72c996899bd72af137ae7c
-SHA512 (selinux-python-3.1.tar.gz) = 5dd98f77ae8ea8bac6a89ec7def76e12496b9a9f8c9612c4cc1dac7a8e8c60380a00c857426bfefbcb4273706addd2594e9b467f69408ef284f082a09d45bd49
-SHA512 (selinux-sandbox-3.1.tar.gz) = e9a772c720704de3fc33a70316780d5995442a1e25ba7df6dc68dd7b7a4eb59dfd2b68e4576051053fe81fbea207fcb1648baad3ea2d56d5b3005e9ca4b8ceb7
-SHA512 (semodule-utils-3.1.tar.gz) = b92794bbfbce5834ee7f62fddb40b5506e9291e8fa7c5d669b2e281089b8f8dc40c4522ea287ac5deffdaee751442ba8e691e2ac45fdd378b60d5d6b2527d157
-SHA512 (gui-po.tgz) = 8e0855256b825eea422b8e2b82cc0decf66b902c9930840905c5ad5dda7bef3679943a22db62709907d48f8a331d67edc5efed3e2638b53e379959b14077b4ea
-SHA512 (policycoreutils-po.tgz) = 66b908f7a167225bebded46f9cf92f42eb194daa2a083d48de43c2a5d33fa42724c5add0a9d029ac9d62c500f6f1c8d3bc138dd598b1fd97e609d7cc7160be72
-SHA512 (python-po.tgz) = 7f2a082b77c7b4417d5d3dac35d86dd635635a9c05a80e5f9284d03604e2f2a06ec879fb29b056d1a46d3fc448cd76e6fd25196834c18a161fd6677f2e11b2be
-SHA512 (sandbox-po.tgz) = 3d4b389b56bab1a6dddce9884dcebdefbefd1017fec6d987ac22a0705f409ed56722387aaca8fe7d9c468862136387bc703062e2b6de8fd102e13fed04ce811b
+59d33101d57378ce69889cc078addf90  policycoreutils_man_ru2.tar.bz2
+9ad9331b2133262fb3f774359a7f4761  policycoreutils-2.5.tar.gz
+d17b4072ed14d1f8d94ffd667ddc2864  sepolgen-1.2.3.tar.gz

tests/CIL-modules-without-compilation/Makefile

@@ -1,64 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
-#   Description: What the test does
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2016 Red Hat, Inc.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     What the test does" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/CIL-modules-without-compilation/PURPOSE

@@ -1,5 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
-Author: Milos Malik <mmalik@redhat.com>
-
-Is it possible to manage policy modules written in CIL without any compilation? Does semanage and semodule understand them?
-

tests/CIL-modules-without-compilation/runtest.sh

@@ -1,73 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Sanity/CIL-modules-without-compilation
-#   Description: What the test does
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2016 Red Hat, Inc.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-        rlRun "echo '()' > empty.cil"
-        rlRun "echo '(())' > invalid.cil"
-    rlPhaseEnd
-
-    rlPhaseStartTest "empty CIL module"
-        rlRun "semodule -lfull | grep '400.*empty.*cil'" 1
-        rlRun "semodule -i empty.cil"
-        rlRun "semodule -lfull | grep '400.*empty.*cil'"
-        rlRun "semodule -r empty"
-        rlRun "semodule -lfull | grep '400.*empty.*cil'" 1
-        rlRun "semanage module -l | grep 'empty.*400.*cil'" 1
-        rlRun "semanage module -a empty.cil"
-        rlRun "semanage module -l | grep 'empty.*400.*cil'"
-        rlRun "semanage module -r empty"
-        rlRun "semanage module -l | grep 'empty.*400.*cil'" 1
-    rlPhaseEnd
-
-    rlPhaseStartTest "invalid CIL module"
-        rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
-        rlRun "semodule -i invalid.cil" 1
-        rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
-        rlRun "semodule -r invalid" 1
-        rlRun "semodule -lfull | grep '400.*invalid.*cil'" 1
-        rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
-        rlRun "semanage module -a invalid.cil" 1
-        rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
-        rlRun "semanage module -r invalid" 1
-        rlRun "semanage module -l | grep 'invalid.*400.*cil'" 1
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "rm -f empty.cil invalid.cil"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/linux-system-roles.selinux-tests/Makefile

@@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of selinux-ansible-playbook
-#   Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests
-#   Author: Petr Lautrbach <plautrba@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2018 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=linux-system-roles.selinux-tests
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        10m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils ansible git" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2+" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/linux-system-roles.selinux-tests/PURPOSE

@@ -1,4 +0,0 @@
-PURPOSE of selinux-ansible-playbook
-Author: Petr Lautrbach <plautrba@redhat.com>
-
-Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests

tests/linux-system-roles.selinux-tests/runtest.sh

@@ -1,57 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Description: Run linux-system-roles.selinux (https://github.com/linux-system-roles/selinux.git) Ansible role tests
-#   Author: Petr Lautrbach <plautrba@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2018 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-        rlAssertRpm "git"
-        rlAssertRpm "ansible"
-
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "git clone https://github.com/linux-system-roles/selinux.git"
-	rlRun "cd selinux/test"
-
-	for ansible_test in test_*.yml; do
-            rlRun "ansible-playbook -i localhost, -c local -v $ansible_test"
-	done
-
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-	rlRun "cd ../../"
-        rlRun "rm -rf selinux"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/load_policy/Makefile

@@ -1,64 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Sanity/load_policy
-#   Description: Does load_policy work as expected? Does it produce correct audit messages?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2016 Red Hat, Inc.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Sanity/load_policy
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Does load_policy work as expected? Does it produce correct audit messages?" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        audit policycoreutils selinux-policy-targeted" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/load_policy/PURPOSE

@@ -1,5 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Sanity/load_policy
-Author: Milos Malik <mmalik@redhat.com>
-
-Does load_policy work as expected? Does it produce correct audit messages?
-

tests/load_policy/runtest.sh

@@ -1,79 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Sanity/load_policy
-#   Description: Does load_policy work as expected? Does it produce correct audit messages?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2016 Red Hat, Inc.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-if rlIsRHEL 6 ; then
-    SELINUX_FS_MOUNT="/selinux"
-else # RHEL-7 and above
-    SELINUX_FS_MOUNT="/sys/fs/selinux"
-fi
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-        rlRun "ls -l `which load_policy`"
-        BINARY_POLICY=`find /etc/selinux/targeted -type f -name policy.?? | sort -n | tail -n 1`
-        rlRun "ls -l ${BINARY_POLICY}"
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "load_policy --xyz 2>&1 | grep \"invalid option\""
-        rlRun "dmesg | grep -i selinux" 0,1
-        rlRun "grep -i selinux /proc/mounts"
-        START_DATE_TIME=`date "+%m/%d/%Y %T"`
-        sleep 1
-        rlRun "load_policy -q"
-        rlRun "grep -i selinux /proc/mounts"
-        sleep 1
-        if rlIsRHEL ; then
-            rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy"
-        fi
-        rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'"
-        rlRun "umount ${SELINUX_FS_MOUNT}"
-        rlRun "grep -i selinux /proc/mounts" 1
-        START_DATE_TIME=`date "+%m/%d/%Y %T"`
-        sleep 1
-        rlRun "load_policy -i ${BINARY_POLICY}"
-        rlRun "grep -i selinux /proc/mounts"
-        sleep 1
-        if rlIsRHEL ; then
-            rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep load_policy"
-        fi
-        rlRun "ausearch -m MAC_POLICY_LOAD -i -ts ${START_DATE_TIME} | grep 'policy loaded'"
-        rlRun "dmesg | grep -i selinux"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/restorecon/Makefile

@@ -1,70 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Sanity/restorecon
-#   Description: does restorecon work correctly ?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Sanity/restorecon
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te testpolicy.fc
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	chmod a+x runtest.sh
-	chcon -t bin_t runtest.sh;:
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     does restorecon work correctly ?" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        15m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils" >> $(METADATA)
-	@echo "Requires:        grep" >> $(METADATA)
-	@echo "Requires:        e2fsprogs" >> $(METADATA)
-	@echo "Requires:        libselinux" >> $(METADATA)
-	@echo "Requires:        selinux-policy-devel" >> $(METADATA)
-	@echo "Requires:        libselinux-utils" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/restorecon/PURPOSE

@@ -1,5 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Sanity/restorecon
-Author: Milos Malik <mmalik@redhat.com>
-
-Does restorecon work correctly?
-

tests/restorecon/runtest.sh

@@ -1,367 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Sanity/restorecon
-#   Description: does restorecon work correctly ?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include rhts environment
-. /usr/bin/rhts-environment.sh
-. /usr/share/beakerlib/beakerlib.sh
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-        rlServiceStop mcstrans mcstransd
-        rlRun "rpm -qf `which restorecon` | grep ${PACKAGE}"
-        rlRun "setenforce 1"
-        rlRun "sestatus"
-        rlRun "setsebool allow_domain_fd_use on"
-    rlPhaseEnd
-
-    rlPhaseStartTest "Functional test"
-
-        TESTDIR="/opt/restorecon_testdir"
-        DIRS="correct.dir incorrect1.dir incorrect2.dir customizable.dir"
-        FILES="correct.file incorrect.file customizable.file"
-
-        rlRun "make -f /usr/share/selinux/devel/Makefile"
-        rlRun "semodule -i testpolicy.pp"
-
-        rlFileBackup /etc/selinux/targeted/contexts/customizable_types
-        rlRun "echo 'customizable_t' >> /etc/selinux/targeted/contexts/customizable_types"
-
-        # Here is the testing dirs and files structure
-        # all the files have initial context corresponding to their names
-
-        # ./
-        # correct.file
-        # incorrect.file
-        # customizable.file
-
-        # correct.dir/
-        #     correct.file
-        #     incorrect.file
-        #     customizable.file
-
-        # incorrect1.dir/
-        #     correct.file
-        #     incorrect.file
-        #     customizable.file
-
-        # incorrect2.dir/
-        #     correct.file
-        #     incorrect.file
-        #     customizable.file
-
-        # customizable.dir/
-        #     correct.file
-        #     incorrect.file
-        #     customizable.file
-
-        # Function to set initial contexts
-        function set_contexts {
-            # Set the intended contexts
-            rlLog "Setting initial contexts of testing dirs..."
-            restorecon -R $TESTDIR
-            for ITEM in `find . -name 'incorrect*'`; do
-                chcon -t incorrect_t $ITEM
-            done
-            for ITEM in `find . -name 'customizable*'`; do
-                chcon -t customizable_t $ITEM
-            done
-        }
-
-        # Check that files in dir $1 have the initial contexts
-        function check_initial_contexts {
-            if echo $1 | grep -q 'incorrect.dir'; then 
-                rlRun "ls -ladZ $1 | grep :incorrect_t"
-            elif echo $1 | grep -q 'correct.dir'; then
-                rlRun "ls -ladZ $1 | grep :correct_t"
-            elif echo $1 | grep -q 'customizable.dir'; then
-                rlRun "ls -ladZ $1 | grep :customizable_t"
-            fi
-            rlRun "ls -ladZ $1/* | grep '\<correct.file' | grep ':correct_t'"
-            rlRun "ls -ladZ $1/* | grep '\<incorrect.file' | grep ':incorrect_t'"
-            rlRun "ls -ladZ $1/* | grep '\<customizable.file' | grep ':customizable_t'"
-        }
-
-        # Check that files matching with $2 in dir $1 have context $3
-        function check_contexts {
-            COMMAND="find $1 -name '$2'"
-            for ITEM in `eval $COMMAND`; do
-                rlRun "ls -ladZ $ITEM | grep :$3";
-            done
-        }
-
-        # Create the testing dirs and files
-        rlRun "mkdir -p $TESTDIR"
-        rlRun "pushd $TESTDIR"
-        rlRun "mkdir $DIRS"
-        rlRun "touch $FILES"
-        for DIR in $DIRS; do
-            rlRun "pushd $DIR"
-            rlRun "touch $FILES"
-            rlRun "popd"
-        done
-
-        set_contexts
-
-        echo
-        rlLog "Checking initial contexts of testing dirs..."
-        # Check the contexts are set properly
-        check_initial_contexts '.'
-        check_initial_contexts 'incorrect1.dir'
-        check_initial_contexts 'incorrect2.dir'
-        check_initial_contexts 'correct.dir'
-        check_initial_contexts 'customizable.dir'
-        check_contexts '.' 'incorrect*' 'incorrect_t'
-        check_contexts '.' 'correct*' 'correct_t'
-        check_contexts '.' 'customizable*' 'customizable_t'
-
-        # -e directory
-        #     exclude a directory (repeat the option to exclude more than one directory).
-
-        echo
-        rlLog "-e directory"
-        set_contexts
-        rlRun "restorecon -RF -e $TESTDIR/incorrect2.dir $TESTDIR"
-        for ITEM in `ls *.file`; do rlRun "ls -ladZ $ITEM | grep correct_t"; done
-        check_contexts 'incorrect1.dir' '*' 'correct_t'
-        check_contexts 'customizable.dir' '*' 'correct_t'
-        check_initial_contexts 'incorrect2.dir'
-        rlRun "ls -ladZ incorrect2.dir | grep incorrect_t"
-
-        # -f infilename
-        #     infilename contains a list of files to be processed. Use - for stdin.
-
-        echo
-        rlLog "-f filename"
-        set_contexts
-        rlRun "cat > ../file_list <<EOF
-./customizable.file
-./customizable.dir
-./correct.dir/customizable.file
-./incorrect1.dir/customizable.file
-./incorrect2.dir/customizable.file
-./customizable.dir/customizable.file
-EOF"
-        if rlIsRHEL 5; then chcon -t file_t ../file_list ;fi
-        rlRun "restorecon -F -f ../file_list"
-        check_contexts '.' 'incorrect*' 'incorrect_t'
-        check_contexts '.' 'correct*' 'correct_t'
-        check_contexts '.' 'customizable*' 'correct_t'
-        rlRun "rm -f ../file_list"
-
-
-        echo
-        rlLog "-f -       Input from stdin"
-        set_contexts
-        rlRun "echo -e 'incorrect2.dir\ncustomizable.file\nincorrect.file' | restorecon -f -"
-        check_initial_contexts 'incorrect1.dir'
-        check_initial_contexts 'correct.dir'
-        check_initial_contexts 'customizable.dir'
-        check_contexts 'incorrect2' '*' 'correct_t'
-        rlRun "ls -ladZ customizable.file | grep customizable_t"
-        rlRun "ls -ladZ incorrect.file | grep :correct_t"
-
-        # -F  Force reset of context to match file_context for customizable files, and
-        #     the default file context, changing the user, role, range portion as well
-        #     as the type.
-
-        echo
-        rlLog "-F     Force reset of customizable types"
-        set_contexts
-        rlRun "restorecon -RF $TESTDIR"
-        check_contexts '.' '*' 'correct_t'
-
-    # This feature is from RHEL6 further
-    if ! rlIsRHEL; then
-        echo
-        rlLog "-F     Force reset of the whole context"
-        set_contexts
-        chcon -u staff_u *.file
-        rlRun "ls -laZ correct.file | grep staff_u"
-        rlRun "ls -laZ incorrect.file | grep staff_u"
-        rlRun "ls -laZ customizable.file | grep staff_u"
-        rlRun "restorecon -R $TESTDIR"
-        rlRun "ls -laZ correct.file | grep staff_u"
-        rlRun "ls -laZ incorrect.file | grep staff_u"
-        rlRun "ls -laZ customizable.file | grep staff_u"
-        rlRun "restorecon -RF $TESTDIR"
-        rlRun "ls -laZ correct.file | grep system_u"
-        rlRun "ls -laZ incorrect.file | grep system_u"
-        rlRun "ls -laZ customizable.file | grep system_u"
-    fi
- 
-        # -i  ignore files that do not exist.
-
-        rlRun "restorecon non-existent-file" 1-255
-        rlRun "restorecon -i non-existent-file"
-
-        # -n  don't change any file labels (passive check).
-
-        echo
-        rlLog "-n      dry-run"
-        set_contexts
-        rlRun "restorecon -RF -n $TESTDIR"
-        check_contexts '.' 'incorrect*' 'incorrect_t'
-        check_contexts '.' 'correct*' 'correct_t'
-        check_contexts '.' 'customizable*' 'customizable_t'
-
-        # -o outfilename
-        #     Deprecated,  SELinux  policy will probably block this access.  Use shell
-        #     redirection to save list of files with incorrect context in filename.
-
-        #  ----not tested yet 
-
-        # -R, -r change  files  and directories file labels recursively (descend directo‐
-        #     ries).
-        #     Note: restorecon reports warnings on paths without default  labels  only
-        #     if called non-recursively or in verbose mode.
-
-        set_contexts
-        rlRun "restorecon -R $TESTDIR"
-        check_contexts '.' '*corr*' 'correct_t'
-        check_contexts '.' 'customizable*' 'customizable_t'
-
-        #     ...by default it does not operate recursively on directories
-
-        set_contexts
-        rlRun "restorecon $TESTDIR"
-        check_initial_contexts 'incorrect1.dir'
-        check_initial_contexts 'incorrect2.dir'
-        check_initial_contexts 'correct.dir'
-        check_initial_contexts 'customizable.dir'
-        rlRun "ls -ladZ customizable.file | grep customizable_t"
-        rlRun "ls -ladZ incorrect.file | grep :incorrect_t"
-        rlRun "ls -ladZ correct.file | grep :correct_t"
-
-        # -v show changes in file labels, if type or role are going to be changed.
-
-        #  ----not tested yet 
-
-    # -0 option is not present in RHEL5
-    if ! rlIsRHEL 5; then
-        # -0 the  separator  for  the input items is assumed to be the null character
-        #     (instead of the white space).  The quotes and the  backslash  characters
-        #     are  also  treated as normal characters that can form valid input.  This
-        #     option finally also disables the end of file string,  which  is  treated
-        #     like  any  other  argument.  Useful when input items might contain white
-        #     space, quote marks or backslashes.  The -print0 option of GNU find  pro‐
-        #     duces input suitable for this mode.
-
-        echo
-        rlLog "-0"
-        set_contexts
-        rlRun "find . -print0 | restorecon -f - -0"
-        check_contexts '.' '*corr*' 'correct_t'
-        check_contexts '.' 'customizable*' 'customizable_t'
-
-        echo
-        rlLog "-0   with  -F"
-        set_contexts
-        rlRun "find . -print0 | restorecon -F -f - -0"
-        check_contexts '.' '*' 'correct_t'
-
-    fi
-
-        # If a file object does not have a context, restorecon will write the default
-        # context to the file object's extended attributes.
-
-        #  ----not tested yet 
-
-
-        # Cleanup
-
-        rlRun "popd"
-        rlRun "rm -rf /opt/restorecon_testdir"
-        rlFileRestore
-        rlRun "semodule -r testpolicy"
-    rlPhaseEnd
-
-    # This is RFE from RHEL6 and further versions
-    if ! rlIsRHEL 5;then
-    rlPhaseStartTest
-        # META-Fixed-In: policycoreutils-2.0.83-19.14.el6
-        rlRun "pushd /root"
-        rlRun "touch test-file"
-        rlRun "mkdir test-dir"
-        for ITEM in "test-file" "test-dir" ; do
-            rlRun "chcon -u staff_u -t shadow_t -l s0:c1 ${ITEM}"
-            rlRun "ls -dZ ${ITEM} | grep staff_u:object_r:shadow_t:s0:c1"
-            rlRun "restorecon -v ${ITEM}" 0,1
-            rlRun "ls -dZ ${ITEM} | grep staff_u:object_r:admin_home_t:s0:c1"
-            rlRun "restorecon -F -v ${ITEM}" 0,1
-            rlRun "ls -dZ ${ITEM} | grep system_u:object_r:admin_home_t:s0"
-        done
-        rlRun "rm -rf test-dir"
-        rlRun "rm -f test-file"
-        rlRun "popd"
-    rlPhaseEnd
-    fi
-
-    rlPhaseStartTest
-        # META-Fixed-In: policycoreutils-2.0.83-19.16.el6
-        rlRun "pushd /root"
-        rlRun "touch test-file"
-        rlRun "mkdir test-dir"
-        for ITEM in "test-file" "test-dir" ; do
-            rlRun "chcon -t tmp_t ${ITEM}"
-            rlRun "ls -dZ ${ITEM}"
-            rlRun "chattr +i ${ITEM}"
-            rlRun "restorecon -v ${ITEM}" 1-255
-            rlRun "chattr -i ${ITEM}"
-            rlRun "ls -dZ ${ITEM}"
-            rlRun "restorecon -v ${ITEM}"
-            rlRun "ls -dZ ${ITEM}"
-        done
-        rlRun "rm -rf test-dir"
-        rlRun "rm -f test-file"
-        rlRun "popd"
-    rlPhaseEnd
-
-    # The bug was closed as NEXTRELEASE for RHEL5
-    if ! rlIsRHEL 5; then
-    rlPhaseStartTest
-        rlRun "touch ~/test-file"
-        rlRun "restorecon -vF ~/test-file"
-        rlRun "restorecon -vF ~/test-file | grep \"reset.*context\"" 1
-        rlRun "rm -f ~/test-file"
-
-        rlRun "mkdir ~/test-dir"
-        rlRun "restorecon -vF ~/test-dir"
-        rlRun "restorecon -vF ~/test-dir | grep \"reset.*context\"" 1
-        rlRun "rm -rf ~/test-dir"
-    rlPhaseEnd
-    fi
-
-    rlPhaseStartCleanup
-        rlServiceRestore mcstrans mcstransd
-    rlPhaseEnd
-    rlJournalPrintText
-rlJournalEnd
-

tests/restorecon/testpolicy.fc

@@ -1,2 +0,0 @@
-/opt/restorecon_testdir(/.*)?	system_u:object_r:correct_t:s0
-

tests/restorecon/testpolicy.te

@@ -1,19 +0,0 @@
-policy_module(testpolicy, 1.0)
-
-require {
-    attribute domain;
-    type fs_t;
-}
-
-type correct_t;
-files_type(correct_t)
-type incorrect_t;
-files_type(incorrect_t)
-type customizable_t;
-files_type(customizable_t)
-
-
-#allow domain correct_t:dir relabelto;
-#allow correct_t fs_t:filesystem associate;
-
-

tests/semanage-interface/Makefile

@@ -1,65 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Regression/semanage-interface
-#   Description: Does semanage interface ... work correctly?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Regression/semanage-interface
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-	test -x runtest.sh || chcon -t bin_t runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Does semanage interface ... work correctly?" >> $(METADATA)
-	@echo "Type:            Regression" >> $(METADATA)
-	@echo "TestTime:        20m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils policycoreutils-python-utils grep selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/semanage-interface/PURPOSE

@@ -1,4 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Regression/semanage-interface
-Description: Does semanage interface ... work correctly?
-Author: Milos Malik <mmalik@redhat.com>
-

tests/semanage-interface/runtest.sh

@@ -1,69 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Regression/semanage-interface
-#   Description: Does semanage interface ... work correctly?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "semanage interface --help" 0,1
-        for POLICY_TYPE in minimum mls targeted ; do
-            if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
-                continue
-            fi
-            rlRun "semanage interface -l -S ${POLICY_TYPE}"
-        done
-        if ! rlIsRHEL 5; then
-          rlRun "semanage interface -l -S unknown 2>&1 | grep \"store cannot be accessed\""
-        fi
-        rlRun "semanage interface -a -t xyz_t xyz 2>&1 | grep -i -e 'not defined' -e 'error' -e 'could not'"
-        rlRun "semanage interface -m xyz" 1,2
-        rlRun "semanage interface -d xyz" 1
-        rlRun "semanage interface -a -t netif_t xyz"
-        if rlIsRHEL 5 6; then
-            rlRun "semanage interface -m -r s0 xyz"
-        else
-            rlRun "semanage interface -m -t netif_t -r s0 xyz"
-        fi
-        rlRun "semanage interface -l | grep \"xyz.*:netif_t:s0\""
-        rlRun "semanage interface -d xyz"
-        rlRun "semanage interface -l | grep xyz" 1
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/semanage-login/Makefile

@@ -1,65 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Regression/semanage-login
-#   Description: Does semanage login ... work correctly?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Regression/semanage-login
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-	test -x runtest.sh || chcon -t bin_t runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Does semanage login ... work correctly?" >> $(METADATA)
-	@echo "Type:            Regression" >> $(METADATA)
-	@echo "TestTime:        10m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils policycoreutils-python-utils grep shadow-utils selinux-policy-minimum selinux-policy-mls selinux-policy-targeted" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/semanage-login/PURPOSE

@@ -1,4 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Regression/semanage-login
-Description: Does semanage login ... work correctly?
-Author: Milos Malik <mmalik@redhat.com>
-

tests/semanage-login/runtest.sh

@@ -1,67 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Regression/semanage-login
-#   Description: Does semanage login ... work correctly?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "semanage login --help" 0,1
-        for POLICY_TYPE in minimum mls targeted ; do
-            if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
-                continue
-            fi
-            rlRun "semanage login -l -S ${POLICY_TYPE}"
-        done
-        if ! rlIsRHEL 5; then
-          rlRun "semanage login -l -S unknown 2>&1 | grep \"store cannot be accessed\""
-        fi
-        rlRun "semanage login -a -s xyz_u xyz 2>&1 | grep -i -e 'does not exist' -e 'mapping.*invalid' -e 'could not query'"
-        rlRun "semanage login -m xyz" 1
-        rlRun "semanage login -d xyz" 1
-        rlRun "useradd xyz"
-        rlRun "semanage login -a -s user_u xyz"
-        rlRun "semanage login -m -r s0 xyz"
-        rlRun "semanage login -l | grep \"xyz.*user_u.*s0\""
-        rlRun "semanage login -d xyz"
-        rlRun "semanage login -l | grep xyz" 1
-        rlRun "userdel -rf xyz"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/semanage-permissive-d-problems/Makefile

@@ -1,70 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
-#   Description: semanage permissive -d accepts more than domain types, its behavior is not reliable
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	chmod a+x runtest.sh
-	chcon -t bin_t runtest.sh; :
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     semanage permissive -d accepts more than domain types, its behavior is not reliable" >> $(METADATA)
-	@echo "Type:            Regression" >> $(METADATA)
-	@echo "TestTime:        20m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils-python-utils" >> $(METADATA)
-	@echo "Requires:        policycoreutils-devel" >> $(METADATA)
-	@echo "Requires:        selinux-policy-devel" >> $(METADATA)
-	@echo "Requires:        grep" >> $(METADATA)
-	@echo "Requires:        coreutils" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHELServer5 -RHELClient5" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/semanage-permissive-d-problems/PURPOSE

@@ -1,5 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
-Author: Milos Malik <mmalik@redhat.com>
-
-Does semanage permissive work correctly?
-

tests/semanage-permissive-d-problems/runtest.sh

@@ -1,93 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Regression/semanage-permissive-d-problems
-#   Description: semanage permissive -d accepts more than domain types, its behavior is not reliable
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include rhts environment
-. /usr/bin/rhts-environment.sh
-. /usr/share/beakerlib/beakerlib.sh
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-        rlRun "rpm -qf /usr/sbin/semanage"
-        OUTPUT_FILE=`mktemp`
-        rlRun "sestatus"
-    rlPhaseEnd
-
-    if selinuxenabled ; then
-        rlPhaseStartTest
-            if rlIsRHEL 7 ; then
-                rlFileBackup /usr/share/selinux/default/Makefile
-                rlRun "rm -rf /usr/share/selinux/default/Makefile"
-            fi
-            rlRun "semanage permissive -l | grep fenced" 1
-            rlRun "semanage permissive -a fenced_t"
-            rlRun "semanage permissive -l | grep fenced"
-            rlRun "semanage permissive -d fenced_t"
-            rlRun "semanage permissive -l | grep fenced" 1
-            if rlIsRHEL 7 ; then
-                rlFileRestore
-            fi
-        rlPhaseEnd
-
-        rlPhaseStartTest
-            rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
-            rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$"
-            rlRun "semanage permissive -a ypbind_t"
-            rlRun "semanage permissive -a ypserv_t"
-            rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
-            rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$"
-            rlRun "semanage permissive -d yp" 1-255
-            rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
-            rlRun "wc -l < ${OUTPUT_FILE} | grep ^2$"
-            rlRun "semanage permissive -d ypbind_t"
-            rlRun "semanage permissive -d ypserv_t"
-            rlRun "semanage permissive -l 2>&1 | grep -e ypserv_t -e ypbind_t | tee ${OUTPUT_FILE}"
-            rlRun "wc -l < ${OUTPUT_FILE} | grep ^0$"
-        rlPhaseEnd
-
-        rlPhaseStartTest
-            rlRun -s "semanage permissive -d" 1
-            rlAssertNotGrep 'traceback' $rlRun_LOG -iEq
-            rlAssertGrep 'error: the following argument is required: type' $rlRun_LOG -iEq
-            rm -f $rlRun_LOG
-        rlPhaseEnd
-    else
-        rlPhaseStartTest
-            rlRun "semanage permissive -l >& ${OUTPUT_FILE}" 0,1
-            rlRun "grep -C 32 -i -e exception -e traceback -e error ${OUTPUT_FILE}" 1
-        rlPhaseEnd
-    fi
-
-    rlPhaseStartCleanup
-        rm -f ${OUTPUT_FILE}
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/semanage-port-add-delete-problems/Makefile

@@ -1,71 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
-#   Description: semanage accepts invalid port numbers and then cannot delete them
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	chmod a+x runtest.sh
-	chcon -t bin_t runtest.sh;:
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     semanage accepts invalid port numbers and then cannot delete them" >> $(METADATA)
-	@echo "Type:            Regression" >> $(METADATA)
-	@echo "TestTime:        15m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils-python-utils" >> $(METADATA)
-	@echo "Requires:        setools-console" >> $(METADATA)
-	@echo "Requires:        libselinux" >> $(METADATA)
-	@echo "Requires:        libselinux-utils" >> $(METADATA)
-	@echo "Requires:        coreutils" >> $(METADATA)
-	@echo "Requires:        grep" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/semanage-port-add-delete-problems/PURPOSE

@@ -1,5 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
-Author: Milos Malik <mmalik@redhat.com>
-
-semanage accepts invalid port numbers and then cannot delete them
-

tests/semanage-port-add-delete-problems/runtest.sh

@@ -1,137 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Regression/semanage-port-add-delete-problems
-#   Description: semanage accepts invalid port numbers and then cannot delete them
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2009 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-PORT_NAME="ldap_port_t"
-BAD_PORT_NUMBER="123456"
-GOOD_PORT_NUMBER="1389"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-        rlRun "rpm -qf /usr/sbin/semanage"
-        rlRun "rpm -qf /usr/bin/seinfo"
-        OUTPUT_FILE=`mktemp`
-        rlRun "setenforce 1"
-        rlRun "sestatus"
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "semanage port -l | grep ${PORT_NAME}"
-
-        rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
-        rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
-        rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
-        rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${BAD_PORT_NUMBER}" 1
-        rlRun "semanage port -l | grep ${PORT_NAME} | tee -a ${OUTPUT_FILE}"
-        #rlRun "sort ${OUTPUT_FILE} | uniq | wc -l | grep '^2$'"
-
-        rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
-        rlRun "semanage port -a -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
-        rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}"
-        rlRun "semanage port -d -t ${PORT_NAME} -p tcp ${GOOD_PORT_NUMBER}"
-        rlRun "semanage port -l | grep ${PORT_NAME} | grep ${GOOD_PORT_NUMBER}" 1
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "semanage port -a -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
-        rlRun "semanage port -l | grep syslogd_port_t"
-        rlRun "semanage port -d -t syslogd_port_t -p tcp 60514-60516 2>&1 | grep -i traceback" 1
-    rlPhaseEnd
-
-    if rlIsRHEL ; then
-    rlPhaseStartTest
-        rlRun "ps -efZ | grep -v grep | grep \"auditd_t.*auditd\""
-        if rlIsRHEL 5 6; then
-            PORT_TYPE="syslogd_port_t"
-        else
-            PORT_TYPE="commplex_link_port_t"
-        fi
-
-        # adding a port number to a type
-        START_DATE_TIME=`date "+%m/%d/%Y %T"`
-        sleep 1
-        rlRun "semanage port -a -p tcp -t $PORT_TYPE 5005"
-        sleep 2
-
-        # Check for user_avc
-        rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
-        LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
-        rlRun "cat ${OUTPUT_FILE}"
-        rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
-
-        # deleting a port number from a type
-        START_DATE_TIME=`date "+%m/%d/%Y %T"`
-        sleep 1
-        rlRun "semanage port -d -p tcp -t $PORT_TYPE 5005"
-        sleep 2
-
-        # Check for user_avc
-        rlRun "ausearch -m user_avc -ts ${START_DATE_TIME} > ${OUTPUT_FILE}" 0,1
-        LINE_COUNT=`wc -l < ${OUTPUT_FILE}`
-        rlRun "cat ${OUTPUT_FILE}"
-        rlAssert0 "number of lines in ${OUTPUT_FILE} should be 0" ${LINE_COUNT}
-    rlPhaseEnd
-    fi
-
-    if ! rlIsRHEL 5 ; then
-    rlPhaseStartTest
-        rlRun "seinfo --portcon | grep :hi_reserved_port_t:"
-        rlRun "seinfo --portcon | grep :reserved_port_t:"
-        rlRun "semanage port -l | grep ^hi_reserved_port_t"
-        rlRun "semanage port -l | grep ^reserved_port_t"
-        if ! rlIsRHEL 6 ; then
-            rlRun "seinfo --portcon | grep :unreserved_port_t:"
-            rlRun "semanage port -l | grep ^unreserved_port_t"
-        fi
-    rlPhaseEnd
-    fi
-
-    rlPhaseStartTest "manipulation with hard-wired ports"
-        rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
-        rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
-        rlRun "semanage port -a -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "port .* already defined" ${OUTPUT_FILE} -i
-        rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
-        rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
-        rlRun "semanage port -d -t smtp_port_t -p tcp 25 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "port .* is defined in policy.*cannot be deleted" ${OUTPUT_FILE} -i
-        rlRun "semanage port -l | grep 'smtp_port_t.*tcp.*25'"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rm -f ${OUTPUT_FILE}
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/semanage-user/Makefile

@@ -1,65 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Regression/semanage-user
-#   Description: Does semanage user ... work correctly?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Regression/semanage-user
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.te
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-	test -x runtest.sh || chcon -t bin_t runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Does semanage user ... work correctly?" >> $(METADATA)
-	@echo "Type:            Regression" >> $(METADATA)
-	@echo "TestTime:        20m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils policycoreutils-python-utils grep selinux-policy-devel selinux-policy-minimum selinux-policy-mls selinux-policy-targeted selinux-policy-devel" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/semanage-user/PURPOSE

@@ -1,4 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Regression/semanage-user
-Description: Does semanage user ... work correctly?
-Author: Milos Malik <mmalik@redhat.com>
-

tests/semanage-user/runtest.sh

@@ -1,76 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Regression/semanage-user
-#   Description: Does semanage user ... work correctly?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-        rlRun "make -f /usr/share/selinux/devel/Makefile"
-        rlRun "ls -l testpolicy.pp"
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        if rlIsRHEL 5 6; then
-            rlRun "semanage user --help" 1
-        else
-            rlRun "semanage user --help" 0
-            # semanage: list option can not be used with --level ("semanage user -l")
-            rlRun "semanage user --help | grep fcontext" 1
-        fi
-        for POLICY_TYPE in minimum mls targeted ; do
-            if [ ! -d /etc/selinux/${POLICY_TYPE} ] ; then
-                continue
-            fi
-            rlRun "semanage user -l -S ${POLICY_TYPE}"
-        done
-        if ! rlIsRHEL 5; then
-          rlRun "semanage user -l -S unknown 2>&1 | grep \"store cannot be accessed\""
-        fi
-        rlRun "semanage user -a -P user -R xyz_r xyz_u 2>&1 | grep -i -e 'undefined' -e 'error' -e 'could not'"
-        rlRun "semanage user -m xyz_u" 1
-        rlRun "semanage user -d xyz_u" 1
-        rlRun "semodule -i testpolicy.pp"
-        rlRun "semanage user -a -P user -R xyz_r xyz_u"
-        rlRun "semanage user -m -r s0 xyz_u"
-        rlRun "semanage user -l | grep \"xyz_u.*s0.*s0.*xyz_r\""
-        rlRun "semanage user -d xyz_u"
-        rlRun "semanage user -l | grep xyz_u" 1
-        rlRun "semodule -r testpolicy"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "rm -rf tmp testpolicy.{fc,if,pp}"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/semanage-user/testpolicy.te

@@ -1,11 +0,0 @@
-module testpolicy 1.0;
-
-type xyz_t;
-role xyz_r;
-
-require {
-  type xyz_t;
-}
-
-role xyz_r types xyz_t;
-

tests/sepolicy-generate/Makefile

@@ -1,64 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Sanity/sepolicy-generate
-#   Description: sepolicy generate sanity test
-#   Author: Michal Trunecka <mtruneck@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Sanity/sepolicy-generate
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Michal Trunecka <mtruneck@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     sepolicy generate sanity test" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        115m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils policycoreutils-devel rpm-build" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHEL5 -RHEL6" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/sepolicy-generate/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Sanity/sepolicy-generate
-Description: sepolicy generate sanity test
-Author: Michal Trunecka <mtruneck@redhat.com>

tests/sepolicy-generate/runtest.sh

@@ -1,115 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Sanity/sepolicy-generate
-#   Description: sepolicy generate sanity test
-#   Author: Michal Trunecka <mtruneck@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="policycoreutils"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlRun "rlCheckRequirements ${PACKAGES[*]}" || rlDie "cannot continue"
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "mkdir mypolicy"
-        rlRun "sepolicy generate --customize -p mypolicy -n testpolicy -d httpd_sys_script_t -w /home"
-        rlRun "grep 'manage_dirs_pattern(httpd_sys_script_t' mypolicy/testpolicy.te"
-        rlRun "rm -rf mypolicy"
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "mkdir mypolicy"
-        rlRun "touch /usr/bin/testpolicy"
-      for VARIANT in " -n testpolicy --admin_user -r webadm_r" \
-                     " --application /usr/bin/testpolicy " \
-                     " -n testpolicy --confined_admin -a firewalld " \
-                     " -n testpolicy --confined_admin " \
-                     " -n testpolicy --customize -d httpd_t -a firewalld " \
-                     " -n testpolicy --customize -d httpd_t" \
-                     " --dbus /usr/bin/testpolicy " \
-                     " -n testpolicy --desktop_user " \
-                     " --inetd /usr/bin/testpolicy " \
-                     " --init /usr/bin/testpolicy " \
-                     " -n testpolicy --newtype -t newtype_var_log_t " \
-                     " -n testpolicy --newtype -t newtype_unit_file_t " \
-                     " -n testpolicy --newtype -t newtype_var_run_t " \
-                     " -n testpolicy --newtype -t newtype_var_cache_t " \
-                     " -n testpolicy --newtype -t newtype_tmp_t " \
-                     " -n testpolicy --newtype -t newtype_port_t " \
-                     " -n testpolicy --newtype -t newtype_var_spool_t " \
-                     " -n testpolicy --newtype -t newtype_var_lib_t " \
-                     " -n testpolicy --sandbox " \
-                     " -n testpolicy --term_user " \
-                     " -n testpolicy --x_user "
-#                     " --cgi /usr/bin/testpolicy "
-        do
-            rlRun "sepolicy generate -p mypolicy $VARIANT"
-            rlRun "cat mypolicy/testpolicy.te"
-            rlRun "cat mypolicy/testpolicy.if"
-            rlRun "cat mypolicy/testpolicy.fc"
-          if echo "$VARIANT" | grep -q newtype; then
-            rlAssertNotExists "mypolicy/testpolicy.sh"
-            rlAssertNotExists "mypolicy/testpolicy.spec"
-          else
-            rlRun "mypolicy/testpolicy.sh"
-            rlRun "semodule -l | grep  testpolicy"
-            rlRun "semanage user -d testpolicy_u" 0-255
-            rlRun "semodule -r testpolicy"
-          fi
-
-            rlRun "rm -rf mypolicy/*"
-            rlRun "sleep 1"
-
-          if ! echo "$VARIANT" | grep -q newtype; then
-            rlRun "sepolicy generate -p mypolicy -w /home  $VARIANT"
-            rlRun "cat mypolicy/testpolicy.te"
-            rlRun "cat mypolicy/testpolicy.if"
-            rlRun "cat mypolicy/testpolicy.fc"
-
-            rlRun "mypolicy/testpolicy.sh"
-            rlRun "semodule -l | grep  testpolicy"
-            rlRun "semanage user -d testpolicy_u" 0-255
-            rlRun "semodule -r testpolicy"
-
-            rlRun "rm -rf mypolicy/*"
-            rlRun "sleep 1"
-          fi
-        done
-        rlRun "rm -rf mypolicy"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd

tests/sestatus/Makefile

@@ -1,67 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Sanity/sestatus
-#   Description: tests everything about sestatus
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Sanity/sestatus
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	chmod a+x runtest.sh
-	chcon -t bin_t runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     tests everything about sestatus" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        policycoreutils" >> $(METADATA)
-	@echo "Requires:        grep" >> $(METADATA)
-	@echo "Requires:        man" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/sestatus/PURPOSE

@@ -1,4 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Sanity/sestatus
-Description: tests everything about sestatus
-Author: Milos Malik <mmalik@redhat.com>
-

tests/sestatus/runtest.sh

@@ -1,114 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Sanity/sestatus
-#   Description: tests everything about sestatus
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include rhts environment
-. /usr/bin/rhts-environment.sh
-. /usr/share/beakerlib/beakerlib.sh
-
-PACKAGE="policycoreutils"
-if rlIsRHEL 5 6 ; then
-    SELINUX_FS_MOUNT="/selinux"
-else # RHEL-7 and above
-    SELINUX_FS_MOUNT="/sys/fs/selinux"
-fi
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-        rlFileBackup /etc/sestatus.conf
-        rlRun "mount | grep -i selinux" 0,1
-        OUTPUT_FILE=`mktemp`
-    rlPhaseEnd
-
-    rlPhaseStartTest "basic use"
-        rlRun "sestatus"
-        rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "policy booleans" ${OUTPUT_FILE} -i
-        rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "process contexts" ${OUTPUT_FILE} -i
-        rlAssertGrep "file contexts" ${OUTPUT_FILE} -i
-        rlAssertGrep "current context" ${OUTPUT_FILE} -i
-        rlAssertGrep "init context" ${OUTPUT_FILE} -i
-        rlAssertGrep "controlling term" ${OUTPUT_FILE} -i
-        rlRun "sestatus --xyz 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "invalid option" ${OUTPUT_FILE} -i
-    rlPhaseEnd
-
-    rlPhaseStartTest "extreme cases"
-        # pretend that the config file contains an invalid section
-        rlRun "sed -i 's/files/xyz/' /etc/sestatus.conf"
-        rlRun "sestatus -v 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "line not in a section" ${OUTPUT_FILE} -i
-        rlRun "rm -f /etc/sestatus.conf"
-        rlRun "mkdir /etc/sestatus.conf" # intentionally replaced a file with a directory
-        rlRun "sestatus -v"
-        # pretend that the config file is missing
-        rlRun "rm -rf /etc/sestatus.conf"
-        for OPTION in "-bv" "-v" ; do
-            rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}"
-            rlAssertGrep "unable to open /etc/sestatus.conf" ${OUTPUT_FILE} -i
-        done
-        rlFileRestore
-        # pretend that SELinux is disabled
-        rlRun "umount ${SELINUX_FS_MOUNT}"
-        for OPTION in "" "-b" "-v" "-bv" ; do
-            rlRun "sestatus ${OPTION} 2>&1 | tee ${OUTPUT_FILE}"
-            rlAssertGrep "selinux status.*disabled" ${OUTPUT_FILE} -i
-        done
-        rlRun "mount -t selinuxfs none ${SELINUX_FS_MOUNT}"
-        # pretend that no booleans are defined
-        rlRun "mkdir ./booleans"
-        rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"
-        rlRun "sestatus -b 2>&1 | tee ${OUTPUT_FILE}"
-        rlRun "umount ${SELINUX_FS_MOUNT}/booleans"
-        rlAssertNotGrep "booleans" ${OUTPUT_FILE} -i
-        rlRun "rmdir ./booleans"
-    rlPhaseEnd
-
-    # This bug is not worth fixing in RHEL-5
-    if ! rlIsRHEL 5 ; then
-    rlPhaseStartTest
-        rlRun "rpm -ql ${PACKAGE} | grep /usr/sbin/sestatus"
-        rlRun "rpm -ql ${PACKAGE} | grep /usr/share/man/man8/sestatus.8"
-        for OPTION in b v ; do
-            rlRun "sestatus --help 2>&1 | grep -- -${OPTION}"
-            rlRun "man sestatus | col -b | grep -- -${OPTION}"
-        done
-        if ! rlIsRHEL 6 ; then
-            rlRun "man -w sestatus.conf"
-        fi
-    rlPhaseEnd
-    fi
-
-    rlPhaseStartCleanup
-        rlFileRestore
-        rm -f ${OUTPUT_FILE}
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/setsebool/Makefile

@@ -1,65 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/policycoreutils/Sanity/setsebool
-#   Description: does setsebool work correctly ?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/policycoreutils/Sanity/setsebool
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	chmod a+x runtest.sh
-	chcon -t bin_t runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     does setsebool work correctly ?" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        45m" >> $(METADATA)
-	@echo "RunFor:          policycoreutils" >> $(METADATA)
-	@echo "Requires:        audit policycoreutils libselinux-utils shadow-utils grep" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/setsebool/PURPOSE

@@ -1,5 +0,0 @@
-PURPOSE of /CoreOS/policycoreutils/Sanity/setsebool
-Author: Milos Malik <mmalik@redhat.com>
-
-Does setsebool work as expected? Does it produce correct audit messages?
-

tests/setsebool/runtest.sh

@@ -1,151 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/policycoreutils/Sanity/setsebool
-#   Description: does setsebool work correctly ?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2011 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include rhts environment
-. /usr/bin/rhts-environment.sh
-. /usr/share/beakerlib/beakerlib.sh
-
-PACKAGE="policycoreutils"
-USER_NAME="user${RANDOM}"
-USER_SECRET="s3kr3t${RANDOM}"
-BOOLEAN="ftpd_connect_db"
-if rlIsRHEL 5 6 ; then
-    SELINUX_FS_MOUNT="/selinux"
-else # RHEL-7 and above
-    SELINUX_FS_MOUNT="/sys/fs/selinux"
-fi
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}
-        OUTPUT_FILE=`mktemp`
-        chcon -t tmp_t ${OUTPUT_FILE}
-
-        rlRun "useradd ${USER_NAME}"
-        rlRun "echo ${USER_SECRET} | passwd --stdin ${USER_NAME}"
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        for OPTION in "" "-P" ; do
-            for OPERATOR in " " "=" ; do
-                for VALUE in 0 1 false true off on ; do
-                    rlRun "setsebool ${OPTION} ${BOOLEAN}${OPERATOR}${VALUE} | grep -i -e illegal -e usage -e invalid" 1
-                    if [ ${VALUE} == "0" -o ${VALUE} == "false" ] ; then
-                        SHOWN_VALUE="off"
-                    elif [ ${VALUE} == "1" -o ${VALUE} == "true" ] ; then
-                        SHOWN_VALUE="on"
-                    else
-                        SHOWN_VALUE=${VALUE}
-                    fi
-                    rlRun "getsebool -a | grep \"^${BOOLEAN}.*${SHOWN_VALUE}\""
-                done
-            done
-        done
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        rlRun "setsebool" 1
-        rlRun "setsebool xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\""
-        rlRun "setsebool xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
-        rlRun "setsebool xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
-        if ! rlIsRHEL 5 6 ; then
-            rlRun "setsebool -N 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\""
-            rlRun "setsebool -P 2>&1 | tee /dev/stderr | grep -i \"boolean.*required\""
-        fi
-        rlRun "setsebool -P xyz=1 2>&1 | tee /dev/stderr | grep -i -e \"invalid boolean\" -e \"not found\" -e \"not defined\""
-        rlRun "setsebool -P xyz=-1 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
-        rlRun "setsebool -P xyz=2 2>&1 | tee /dev/stderr | grep -i \"illegal value\""
-    rlPhaseEnd
-
-    if ! rlIsRHEL 5 6 ; then
-    rlPhaseStartTest
-        rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "try as root" ${OUTPUT_FILE} -i
-        rlRun "su -l -c '/usr/sbin/setsebool allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "try as root" ${OUTPUT_FILE} -i
-        rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 0' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "try as root" ${OUTPUT_FILE} -i
-        rlRun "su -l -c '/usr/sbin/setsebool -P allow_ypbind 1' ${USER_NAME} 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "try as root" ${OUTPUT_FILE} -i
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        for OPTION in "" "-P" ; do
-            rlRun "getsebool allow_ypbind | grep nis_enabled"
-            rlRun "setsebool ${OPTION} allow_ypbind on"
-            rlRun "getsebool allow_ypbind | grep \"nis_enabled.*on\""
-            rlRun "setsebool ${OPTION} allow_ypbind off"
-            rlRun "getsebool allow_ypbind | grep \"nis_enabled.*off\""
-        done
-    rlPhaseEnd
-
-    rlPhaseStartTest
-        # https://fedoraproject.org/wiki/Features/SELinuxBooleansRename
-        for LINE in `cat /etc/selinux/*/booleans.subs_dist | sort | uniq | tr -s ' ' | tr ' ' ':'` ; do
-            OLD_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 1`
-            NEW_BOOLEAN_NAME=`echo ${LINE} | cut -d : -f 2`
-            rlRun "getsebool ${OLD_BOOLEAN_NAME} 2>&1 | tee ${OUTPUT_FILE}"
-            rlRun "getsebool ${NEW_BOOLEAN_NAME} 2>&1 | tee -a ${OUTPUT_FILE}"
-            rlRun "uniq -c ${OUTPUT_FILE} | grep '2 '"
-        done
-    rlPhaseEnd
-    fi
-
-    rlPhaseStartTest "audit messages"
-        START_DATE_TIME=`date "+%m/%d/%Y %T"`
-        sleep 1
-        rlRun "setsebool ${BOOLEAN} on"
-        rlRun "setsebool ${BOOLEAN} off"
-        rlRun "setsebool ${BOOLEAN} on"
-        sleep 1
-        rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=1 old_val=0\""
-        rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=MAC_CONFIG_CHANGE.*bool=${BOOLEAN} val=0 old_val=1\""
-        if rlIsRHEL ; then
-            rlRun "ausearch -m MAC_CONFIG_CHANGE -i -ts ${START_DATE_TIME} | grep \"type=SYSCALL.*comm=setsebool\""
-        fi
-    rlPhaseEnd
-
-    rlPhaseStartTest "extreme cases"
-        # pretend that no booleans are defined
-        rlRun "mkdir ./booleans"
-        rlRun "mount --bind ./booleans ${SELINUX_FS_MOUNT}/booleans"
-        rlRun "setsebool ${BOOLEAN} on 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i
-        rlRun "setsebool ${BOOLEAN} off 2>&1 | tee ${OUTPUT_FILE}"
-        rlAssertGrep "could not change active booleans" ${OUTPUT_FILE} -i
-        rlRun "umount ${SELINUX_FS_MOUNT}/booleans"
-        rlRun "rmdir ./booleans"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "userdel -rf ${USER_NAME}"
-        rm -f ${OUTPUT_FILE}
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/tests.yml

@@ -1,23 +0,0 @@
----
-# Tests to run in a classic environment
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    repositories:
-    - repo: "https://src.fedoraproject.org/tests/selinux.git"
-      dest: "selinux"
-      fmf_filter: "tier: 1 | component: policycoreutils & tags: generic, fedora"
-
-# Tests for atomic host
-- hosts: localhost
-  tags:
-  - atomic
-  # no compatible tests
-
-# Tests for docker container
-- hosts: localhost
-  tags:
-  - container
-  # no compatible tests

zanata.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<config xmlns="http://zanata.org/namespace/config/">
-  <url>https://fedora.zanata.org/</url>
-  <project>selinux</project>
-  <project-version>master</project-version>
-  <project-type>gettext</project-type>
-
-</config>