Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2025-07-20 15:27:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.8875 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "policycoreutils"
Sun Jul 20 15:27:55 2025 rev:83 rq:1294371 version:3.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2025-05-30 17:24:59.062410974 +0200
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.8875/policycoreutils.changes
2025-07-20 15:28:02.065493220 +0200
@@ -1,0 +2,15 @@
+Thu Jul 17 15:53:34 UTC 2025 - Johannes Segitz <jseg...@suse.com>
+
+- Update to version 3.9
+ * setfiles: Add -U option to modify user and role portions
+ * semodule: Add [-g PATH |--config=PATH] for an alternate path for the
semanage config
+ * Updated usr_etc.patch
+
+-------------------------------------------------------------------
+Wed Jun 11 09:04:57 UTC 2025 - Stefan Schubert <sch...@suse.com>
+
+- Moved /etc/sestatus.conf to /usr/etc.
+- This patch is upstream:
+ https://github.com/SELinuxProject/selinux/pull/415
+
+-------------------------------------------------------------------
Old:
----
policycoreutils-3.8.1.tar.gz
policycoreutils-3.8.1.tar.gz.asc
selinux-dbus-3.8.1.tar.gz
selinux-dbus-3.8.1.tar.gz.asc
selinux-gui-3.8.1.tar.gz
selinux-gui-3.8.1.tar.gz.asc
selinux-python-3.8.1.tar.gz
selinux-python-3.8.1.tar.gz.asc
semodule-utils-3.8.1.tar.gz
semodule-utils-3.8.1.tar.gz.asc
New:
----
policycoreutils-3.9.tar.gz
policycoreutils-3.9.tar.gz.asc
selinux-dbus-3.9.tar.gz
selinux-dbus-3.9.tar.gz.asc
selinux-gui-3.9.tar.gz
selinux-gui-3.9.tar.gz.asc
selinux-python-3.9.tar.gz
selinux-python-3.9.tar.gz.asc
semodule-utils-3.9.tar.gz
semodule-utils-3.9.tar.gz.asc
usr_etc.patch
----------(New B)----------
New: * semodule: Add [-g PATH |--config=PATH] for an alternate path for the
semanage config
* Updated usr_etc.patch
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ policycoreutils.spec ++++++
--- /var/tmp/diff_new_pack.P9yyGV/_old 2025-07-20 15:28:04.165580123 +0200
+++ /var/tmp/diff_new_pack.P9yyGV/_new 2025-07-20 15:28:04.169580289 +0200
@@ -30,12 +30,12 @@
%endif
%define libaudit_ver 2.2
-%define libsepol_ver 3.8.1
-%define libsemanage_ver 3.8.1
-%define libselinux_ver 3.8.1
+%define libsepol_ver 3.9
+%define libsemanage_ver 3.9
+%define libselinux_ver 3.9
%define setools_ver 4.1.1
Name: policycoreutils
-Version: 3.8.1
+Version: 3.9
Release: 0
Summary: SELinux policy core utilities
License: GPL-2.0-or-later
@@ -57,6 +57,7 @@
Patch0: make_targets.patch
Patch2: get_os_version.patch
Patch3: run_init.pamd.patch
+Patch4: usr_etc.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: bison
BuildRequires: dbus-1-glib-devel
@@ -208,12 +209,17 @@
%patch -P0 -p1
%patch -P2 -p1
%patch -P3 -p1
+%patch -P4 -p2
mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat
${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen
${setools_python_pwd}/sepolicy .
mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link
${semodule_utils_pwd}/semodule_package .
%build
export PYTHON="%{python_binary_for_executables}" LIBDIR="%{_libdir}"
CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro"
+%if 0%{?suse_version} > 1500
+make %{?_smp_mflags} LIBEXECDIR="%{_libexecdir}" VENDORDIR=%{_distconfdir}
+%else
make %{?_smp_mflags} LIBEXECDIR="%{_libexecdir}"
+%endif
(cd selinux-python-%{version}/po && make)
%install
@@ -228,6 +234,7 @@
mkdir -p %{buildroot}%{_mandir}/man8
%if 0%{?suse_version} > 1500
mkdir -p %{buildroot}%{_pam_vendordir}
+mkdir -p %{buildroot}%{_distconfdir}
%else
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
%endif
@@ -239,6 +246,7 @@
cp -f %{SOURCE13} %{buildroot}%{_pam_vendordir}/newrole
rm %{buildroot}%{_sysconfdir}/pam.d/newrole
mv %{buildroot}%{_sysconfdir}/pam.d/run_init
%{buildroot}%{_pam_vendordir}/run_init
+mv %{buildroot}%{_sysconfdir}/sestatus.conf
%{buildroot}%{_distconfdir}/sestatus.conf
%else
cp -f %{SOURCE13} %{buildroot}%{_sysconfdir}/pam.d/newrole
%endif
@@ -292,7 +300,7 @@
%if 0%{?suse_version} > 1500
%pre
# Prepare for migration to /usr/etc; save any old .rpmsave
-for i in pam.d/run_init ; do
+for i in pam.d/run_init sestatus.conf ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i}.rpmsave.old ||:
done
@@ -304,7 +312,7 @@
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
-for i in pam.d/run_init ; do
+for i in pam.d/run_init sestatus.conf; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i} ||:
done
@@ -364,7 +372,11 @@
%else
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%endif
+%if 0%{?suse_version} > 1500
+%{_distconfdir}/sestatus.conf
+%else
%config(noreplace) %{_sysconfdir}/sestatus.conf
+%endif
%{_mandir}/man8/fixfiles.8%{?ext_man}
%{_mandir}/man8/genhomedircon.8%{?ext_man}
%{_mandir}/man8/load_policy.8%{?ext_man}
++++++ get_os_version.patch ++++++
--- /var/tmp/diff_new_pack.P9yyGV/_old 2025-07-20 15:28:04.217582275 +0200
+++ /var/tmp/diff_new_pack.P9yyGV/_new 2025-07-20 15:28:04.221582441 +0200
@@ -1,7 +1,7 @@
-Index: policycoreutils-3.8.1/selinux-python-3.8.1/sepolicy/sepolicy/__init__.py
+Index: policycoreutils-3.9/selinux-python-3.9/sepolicy/sepolicy/__init__.py
===================================================================
----
policycoreutils-3.8.1.orig/selinux-python-3.8.1/sepolicy/sepolicy/__init__.py
-+++ policycoreutils-3.8.1/selinux-python-3.8.1/sepolicy/sepolicy/__init__.py
+--- policycoreutils-3.9.orig/selinux-python-3.9/sepolicy/sepolicy/__init__.py
++++ policycoreutils-3.9/selinux-python-3.9/sepolicy/sepolicy/__init__.py
@@ -1246,7 +1246,8 @@ def get_os_version():
import distro
system_release = distro.name(pretty=True)
++++++ make_targets.patch ++++++
--- /var/tmp/diff_new_pack.P9yyGV/_old 2025-07-20 15:28:04.237583103 +0200
+++ /var/tmp/diff_new_pack.P9yyGV/_new 2025-07-20 15:28:04.237583103 +0200
@@ -6,6 +6,6 @@
-SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule
setsebool scripts po man hll unsetfiles
+SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule
setsebool scripts po man hll unsetfiles sepolicy audit2allow semanage sepolgen
chcat semodule_expand semodule_link semodule_package
- all install relabel clean indent:
- @for subdir in $(SUBDIRS); do \
+ PKG_CONFIG ?= pkg-config
+
++++++ policycoreutils-3.8.1.tar.gz -> policycoreutils-3.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/Makefile
new/policycoreutils-3.9/Makefile
--- old/policycoreutils-3.8.1/Makefile 2025-03-05 19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/Makefile 2025-07-16 12:55:13.000000000 +0200
@@ -1,5 +1,11 @@
SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule
setsebool scripts po man hll unsetfiles
+PKG_CONFIG ?= pkg-config
+
+LIBSELINUX_LDLIBS := $(shell
PKG_CONFIG_PATH="$(PKG_CONFIG_PATH):../libselinux/src" $(PKG_CONFIG) --libs
libselinux)
+LIBSEMANAGE_LDLIBS := $(shell
PKG_CONFIG_PATH="$(PKG_CONFIG_PATH):../libsemanage/src" $(PKG_CONFIG) --libs
libsemanage)
+export LIBSELINUX_LDLIBS LIBSEMANAGE_LDLIBS
+
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/VERSION
new/policycoreutils-3.9/VERSION
--- old/policycoreutils-3.8.1/VERSION 2025-03-05 19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
@@ -1 +1 @@
-3.8.1
+3.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/load_policy/Makefile
new/policycoreutils-3.9/load_policy/Makefile
--- old/policycoreutils-3.8.1/load_policy/Makefile 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/load_policy/Makefile 2025-07-16
12:55:13.000000000 +0200
@@ -6,8 +6,8 @@
LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale
CFLAGS ?= -Werror -Wall -W
-override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\""
-DPACKAGE="\"policycoreutils\""
-override LDLIBS += -lsepol -lselinux
+override CFLAGS += $(LDFLAGS) -I../../libselinux/include
-L../../libselinux/src -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\""
-DPACKAGE="\"policycoreutils\""
+override LDLIBS += $(LIBSELINUX_LDLIBS) -lsepol
TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/newrole/Makefile
new/policycoreutils-3.9/newrole/Makefile
--- old/policycoreutils-3.8.1/newrole/Makefile 2025-03-05 19:59:06.000000000
+0100
+++ new/policycoreutils-3.9/newrole/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -24,8 +24,9 @@
CFLAGS ?= -Werror -Wall -W
EXTRA_OBJS =
-override CFLAGS += -DVERSION=\"$(VERSION)\" -DUSE_NLS
-DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
-override LDLIBS += -lselinux
+override CFLAGS += -I../../libselinux/include -DVERSION=\"$(VERSION)\"
-DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+override LDFLAGS+= -L../../libselinux/src
+override LDLIBS += $(LIBSELINUX_LDLIBS)
ifeq ($(PAMH), y)
override CFLAGS += -DUSE_PAM
EXTRA_OBJS += hashtab.o
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/run_init/Makefile
new/policycoreutils-3.9/run_init/Makefile
--- old/policycoreutils-3.8.1/run_init/Makefile 2025-03-05 19:59:06.000000000
+0100
+++ new/policycoreutils-3.9/run_init/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -10,8 +10,9 @@
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\""
-DPACKAGE="\"policycoreutils\""
-override LDLIBS += -lselinux
+override CFLAGS += -I../../libselinux/include -DUSE_NLS
-DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
+override LDFLAGS+= -L../../libselinux/src
+override LDLIBS += $(LIBSELINUX_LDLIBS)
ifeq ($(PAMH), y)
override CFLAGS += -DUSE_PAM
override LDLIBS += -lpam -lpam_misc
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/run_init/run_init.c
new/policycoreutils-3.9/run_init/run_init.c
--- old/policycoreutils-3.8.1/run_init/run_init.c 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/run_init/run_init.c 2025-07-16 12:55:13.000000000
+0200
@@ -37,6 +37,8 @@
*
*************************************************************************/
+#define _GNU_SOURCE
+
#include <stdio.h>
#include <stdlib.h> /* for malloc(), realloc(), free() */
#include <pwd.h> /* for getpwuid() */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/secon/Makefile
new/policycoreutils-3.9/secon/Makefile
--- old/policycoreutils-3.8.1/secon/Makefile 2025-03-05 19:59:06.000000000
+0100
+++ new/policycoreutils-3.9/secon/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -7,8 +7,9 @@
WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast
-Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs
-Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
CFLAGS ?= $(WARNS) -O1
-override CFLAGS += -DVERSION=\"$(VERSION)\"
-override LDLIBS += -lselinux
+override CFLAGS += -I../../libselinux/include -DVERSION=\"$(VERSION)\"
+override LDFLAGS+= -L../../libselinux/src
+override LDLIBS += $(LIBSELINUX_LDLIBS)
all: secon
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/semodule/Makefile
new/policycoreutils-3.9/semodule/Makefile
--- old/policycoreutils-3.8.1/semodule/Makefile 2025-03-05 19:59:06.000000000
+0100
+++ new/policycoreutils-3.9/semodule/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -5,7 +5,9 @@
MANDIR = $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
-override LDLIBS += -lsepol -lselinux -lsemanage
+override CFLAGS += -I../../libselinux/include -I../../libsemanage/include
+override LDFLAGS+= -L../../libselinux/src -L../../libsemanage/src
+override LDLIBS += $(LIBSEMANAGE_LDLIBS) -lsepol $(LIBSELINUX_LDLIBS)
SEMODULE_OBJS = semodule.o
all: semodule genhomedircon
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/semodule/semodule.8
new/policycoreutils-3.9/semodule/semodule.8
--- old/policycoreutils-3.8.1/semodule/semodule.8 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/semodule/semodule.8 2025-07-16 12:55:13.000000000
+0200
@@ -86,6 +86,9 @@
.B \-C,\-\-ignore-module-cache
Recompile CIL modules built from HLL files
.TP
+.B \-g,\-\-config=PATH
+use an alternate path for the semanage config
+.TP
.B \-p,\-\-path
Use an alternate path for the policy root
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/semodule/semodule.c
new/policycoreutils-3.9/semodule/semodule.c
--- old/policycoreutils-3.8.1/semodule/semodule.c 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/semodule/semodule.c 2025-07-16 12:55:13.000000000
+0200
@@ -145,6 +145,7 @@
printf(" -v,--verbose be verbose\n");
printf(" -P,--preserve_tunables Preserve tunables in policy\n");
printf(" -C,--ignore-module-cache Rebuild CIL modules compiled
from HLL files\n");
+ printf(" -g,--config=PATH use an alternate path for the semanage
config\n");
printf(" -p,--path use an alternate path for the policy
root\n");
printf(" -S,--store-path use an alternate path for the policy store
root\n");
printf(" -c, --cil extract module as cil. This only affects module
extraction.\n");
@@ -210,6 +211,7 @@
{"enable", required_argument, NULL, 'e'},
{"disable", required_argument, NULL, 'd'},
{"path", required_argument, NULL, 'p'},
+ {"config", required_argument, NULL, 'g'},
{"store-path", required_argument, NULL, 'S'},
{"checksum", 0, NULL, 'm'},
{NULL, 0, NULL, 0}
@@ -223,7 +225,7 @@
check_ext_changes = 0;
priority = 400;
while ((i =
- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm",
+ getopt_long(argc, argv,
"s:b:hi:l::vr:u:RnNBDCPX:e:d:p:g:S:E:cHm",
opts, &longind)) != -1) {
switch (i) {
case '\0':
@@ -304,6 +306,14 @@
case 'C':
ignore_module_cache = 1;
break;
+ case 'g':
+ sh = semanage_handle_create_with_path(optarg);
+ if (!sh) {
+ fprintf(stderr, "%s: Could not create semanage
handle\n",
+ argv[0]);
+ exit(1);
+ }
+ break;
case 'X':
set_mode(PRIORITY_M, optarg);
break;
@@ -421,11 +431,13 @@
if (build || check_ext_changes)
commit = 1;
- sh = semanage_handle_create();
if (!sh) {
- fprintf(stderr, "%s: Could not create semanage handle\n",
- argv[0]);
- goto cleanup_nohandle;
+ sh = semanage_handle_create();
+ if (!sh) {
+ fprintf(stderr, "%s: Could not create semanage
handle\n",
+ argv[0]);
+ goto cleanup_nohandle;
+ }
}
if (store) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/sestatus/Makefile
new/policycoreutils-3.9/sestatus/Makefile
--- old/policycoreutils-3.8.1/sestatus/Makefile 2025-03-05 19:59:06.000000000
+0100
+++ new/policycoreutils-3.9/sestatus/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -7,8 +7,9 @@
ETCDIR ?= /etc
CFLAGS ?= -Werror -Wall -W
-override CFLAGS += -D_FILE_OFFSET_BITS=64
-override LDLIBS += -lselinux
+override CFLAGS += -I../../libselinux/include -D_FILE_OFFSET_BITS=64
+override LDFLAGS+= -L../../libselinux/src
+override LDLIBS += $(LIBSELINUX_LDLIBS)
all: sestatus
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/setfiles/Makefile
new/policycoreutils-3.9/setfiles/Makefile
--- old/policycoreutils-3.8.1/setfiles/Makefile 2025-03-05 19:59:06.000000000
+0100
+++ new/policycoreutils-3.9/setfiles/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -6,7 +6,9 @@
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
CFLAGS ?= -g -Werror -Wall -W
-override LDLIBS += -lselinux -lsepol -lpthread
+override CFLAGS += -I../../libselinux/include
+override LDFLAGS+= -L../../libselinux/src
+override LDLIBS += $(LIBSELINUX_LDLIBS) -lsepol -lpthread
ifeq ($(AUDITH), y)
override CFLAGS += -DUSE_AUDIT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/setfiles/restore.c
new/policycoreutils-3.9/setfiles/restore.c
--- old/policycoreutils-3.8.1/setfiles/restore.c 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/setfiles/restore.c 2025-07-16 12:55:13.000000000
+0200
@@ -36,6 +36,7 @@
opts->restorecon_flags = 0;
opts->restorecon_flags = opts->nochange | opts->verbose |
opts->progress | opts->set_specctx |
+ opts->set_user_role |
opts->add_assoc | opts->ignore_digest |
opts->recurse | opts->userealpath |
opts->xdev | opts->abort_on_error |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/setfiles/restore.h
new/policycoreutils-3.9/setfiles/restore.h
--- old/policycoreutils-3.8.1/setfiles/restore.h 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/setfiles/restore.h 2025-07-16 12:55:13.000000000
+0200
@@ -24,6 +24,7 @@
unsigned int progress;
unsigned int mass_relabel;
unsigned int set_specctx;
+ unsigned int set_user_role;
unsigned int add_assoc;
unsigned int ignore_digest;
unsigned int recurse;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/setfiles/restorecon.8
new/policycoreutils-3.9/setfiles/restorecon.8
--- old/policycoreutils-3.8.1/setfiles/restorecon.8 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/setfiles/restorecon.8 2025-07-16
12:55:13.000000000 +0200
@@ -11,6 +11,7 @@
.RB [ \-v ]
.RB [ \-i ]
.RB [ \-F ]
+.RB [ \-U ]
.RB [ \-W ]
.RB [ \-I | \-D ]
.RB [ \-x ]
@@ -30,6 +31,7 @@
.RB [ \-v ]
.RB [ \-i ]
.RB [ \-F ]
+.RB [ \-U ]
.RB [ \-W ]
.RB [ \-I | \-D ]
.RB [ \-x ]
@@ -60,7 +62,9 @@
will only modify the type portion of the security context.
The
.B \-F
-option will force a replacement of the entire context.
+and
+.B \-U
+options will force a replacement of the entire context.
.P
If a file is labeled with
.BR customizable
@@ -88,6 +92,10 @@
Force reset of context to match file_context for customizable files, and the
default file context, changing the user, role, range portion as well as the
type.
.TP
+.B \-U
+In addition to the type portion also change the user and role portions, but
+not the range portion.
+.TP
.B \-h, \-?
display usage information and exit.
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/setfiles/setfiles.8
new/policycoreutils-3.9/setfiles/setfiles.8
--- old/policycoreutils-3.8.1/setfiles/setfiles.8 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/setfiles/setfiles.8 2025-07-16 12:55:13.000000000
+0200
@@ -19,6 +19,7 @@
.RB [ \-v ]
.RB [ \-W ]
.RB [ \-F ]
+.RB [ \-U ]
.RB [ \-I | \-D ]
.RB [ \-T
.IR nthreads ]
@@ -52,8 +53,12 @@
.B setfiles
will only modify the type portion of the security context.
The
+.B \-U
+option will also modify the user and role portions of the security context.
+The
.B \-F
-option will force a replacement of the entire context.
+option will force a replacement of the entire context, including the range
+portion of the security context and modify customizable files.
.SH "OPTIONS"
.TP
.B \-c
@@ -88,6 +93,10 @@
default file context, changing the user, role, range portion as well as the
type.
.TP
+.B \-U
+In addition to the type portion also change the user and role portions, but
+not the range portion.
+.TP
.B \-h, \-?
display usage information and exit.
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/setfiles/setfiles.c
new/policycoreutils-3.9/setfiles/setfiles.c
--- old/policycoreutils-3.8.1/setfiles/setfiles.c 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/setfiles/setfiles.c 2025-07-16 12:55:13.000000000
+0200
@@ -35,14 +35,14 @@
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iIDFmnprRv0xT] [-e excludedir]
pathname...\n"
- "usage: %s [-iIDFmnprRv0xT] [-e excludedir] -f
filename\n",
+ "usage: %s [-iIDFUmnprRv0xT] [-e excludedir]
pathname...\n"
+ "usage: %s [-iIDFUmnprRv0xT] [-e excludedir] -f
filename\n",
name, name);
} else {
fprintf(stderr,
- "usage: %s [-diIDlmnpqvCEFWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file pathname...\n"
- "usage: %s [-diIDlmnpqvCEFWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file -f filename\n"
- "usage: %s -s [-diIDlmnpqvFWT] spec_file\n",
+ "usage: %s [-diIDlmnpqvCEFUWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file pathname...\n"
+ "usage: %s [-diIDlmnpqvCEFUWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file -f filename\n"
+ "usage: %s -s [-diIDlmnpqvFUWT] spec_file\n",
name, name, name);
}
exit(-1);
@@ -146,8 +146,8 @@
size_t buf_len, nthreads = 1;
const char *base;
int errors = 0;
- const char *ropts = "e:f:hiIDlmno:pqrsvFRW0xT:";
- const char *sopts = "c:de:f:hiIDlmno:pqr:svCEFR:W0T:";
+ const char *ropts = "e:f:hiIDlmno:pqrsvFURW0xT:";
+ const char *sopts = "c:de:f:hiIDlmno:pqr:svCEFUR:W0T:";
const char *opts;
union selinux_callback cb;
long unsigned skipped_errors;
@@ -298,6 +298,10 @@
r_opts.set_specctx =
SELINUX_RESTORECON_SET_SPECFILE_CTX;
break;
+ case 'U':
+ r_opts.set_user_role =
+ SELINUX_RESTORECON_SET_USER_ROLE;
+ break;
case 'm':
r_opts.ignore_mounts =
SELINUX_RESTORECON_IGNORE_MOUNTS;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/setsebool/Makefile
new/policycoreutils-3.9/setsebool/Makefile
--- old/policycoreutils-3.8.1/setsebool/Makefile 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/setsebool/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -6,7 +6,9 @@
BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
CFLAGS ?= -Werror -Wall -W
-override LDLIBS += -lselinux -lsemanage
+override CFLAGS += -I../../libselinux/include -I../../libsemanage/include
+override LDFLAGS+= -L../../libselinux/src -L../../libsemanage/src
+override LDLIBS += $(LIBSEMANAGE_LDLIBS) $(LIBSELINUX_LDLIBS)
SETSEBOOL_OBJS = setsebool.o
BASHCOMPLETIONS=setsebool-bash-completion.sh
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.8.1/unsetfiles/Makefile
new/policycoreutils-3.9/unsetfiles/Makefile
--- old/policycoreutils-3.8.1/unsetfiles/Makefile 2025-03-05
19:59:06.000000000 +0100
+++ new/policycoreutils-3.9/unsetfiles/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -2,8 +2,9 @@
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-override CFLAGS += -D_GNU_SOURCE
-override LDLIBS += -lselinux
+override CFLAGS += -I../../libselinux/include -D_GNU_SOURCE
+override LDFLAGS+= -L../../libselinux/src
+override LDLIBS += $(LIBSELINUX_LDLIBS)
all: unsetfiles
++++++ selinux-dbus-3.8.1.tar.gz -> selinux-dbus-3.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-dbus-3.8.1/VERSION
new/selinux-dbus-3.9/VERSION
--- old/selinux-dbus-3.8.1/VERSION 2025-03-05 19:59:06.000000000 +0100
+++ new/selinux-dbus-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
@@ -1 +1 @@
-3.8.1
+3.9
++++++ selinux-gui-3.8.1.tar.gz -> selinux-gui-3.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.8.1/VERSION new/selinux-gui-3.9/VERSION
--- old/selinux-gui-3.8.1/VERSION 2025-03-05 19:59:06.000000000 +0100
+++ new/selinux-gui-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
@@ -1 +1 @@
-3.8.1
+3.9
++++++ selinux-python-3.8.1.tar.gz -> selinux-python-3.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.8.1/VERSION
new/selinux-python-3.9/VERSION
--- old/selinux-python-3.8.1/VERSION 2025-03-05 19:59:06.000000000 +0100
+++ new/selinux-python-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
@@ -1 +1 @@
-3.8.1
+3.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.8.1/audit2allow/Makefile
new/selinux-python-3.9/audit2allow/Makefile
--- old/selinux-python-3.8.1/audit2allow/Makefile 2025-03-05
19:59:06.000000000 +0100
+++ new/selinux-python-3.9/audit2allow/Makefile 2025-07-16 12:55:13.000000000
+0200
@@ -8,6 +8,8 @@
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
+override CFLAGS += -I../../libselinux/include
+override LDFLAGS+= -L../../libselinux/src
# If no specific libsepol.a is specified, fall back on LDFLAGS search path
# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.8.1/semanage/semanage
new/selinux-python-3.9/semanage/semanage
--- old/selinux-python-3.8.1/semanage/semanage 2025-03-05 19:59:06.000000000
+0100
+++ new/selinux-python-3.9/semanage/semanage 2025-07-16 12:55:13.000000000
+0200
@@ -54,7 +54,7 @@
usage_login_dict = {' --add': ('-s SEUSER', '-r RANGE', 'LOGIN',), '
--modify': ('-s SEUSER', '-r RANGE', 'LOGIN',), ' --delete': ('LOGIN',), '
--list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
-usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s
SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f
FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f
FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), '
--list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
+usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s
SEUSER', '|', '-e TARGET_PATH', ')', 'FILE_SPEC',), ' --delete': ('(', '-t
TYPE', '-f FTYPE', '|', '-e TARGET_PATH', ')', 'FILE_SPEC',), ' --modify':
('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e TARGET_PATH',
')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall':
('',)}
usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE',
'SEUSER', ')'), ' --delete': ('SEUSER',), ' --modify': ('(', '-L LEVEL', '-R
ROLES', '-r RANGE', '-s SEUSER', 'SEUSER', ')'), ' --list': ('-C',), '
--extract': ('',), ' --deleteall': ('',)}
@@ -306,7 +306,7 @@
def handleFcontext(args):
fcontext_args = {'list': [('equal', 'ftype', 'seuser', 'type'), ('')],
'add': [('locallist'), ('type', 'file_spec')], 'modify': [('locallist'),
('type', 'file_spec')], 'delete': [('locallist'), ('file_spec')], 'extract':
[('locallist', 'equal', 'ftype', 'seuser', 'type'), ('')], 'deleteall':
[('locallist'), ('')]}
# we can not use mutually for equal because we can define some actions
together with equal
- fcontext_equal_args = {'equal': [('list', 'locallist', 'type', 'ftype',
'seuser', 'deleteall', 'extract'), ()]}
+ fcontext_equal_args = {'equal': [('list', 'locallist', 'type', 'ftype',
'seuser', 'deleteall', 'extract'), ('file_spec')]}
if args.action and args.equal:
handle_opts(args, fcontext_equal_args, "equal")
@@ -355,9 +355,10 @@
parser_add_extract(fcontext_action, "fcontext")
parser_add_deleteall(fcontext_action, "fcontext")
- fcontextParser.add_argument('-e', '--equal', help=_(
- 'Substitute target path with sourcepath when generating default label.
This is used with fcontext. Requires source and target \
-path arguments. The context labeling for the target subtree is made equivalent
to that defined for the source.'
+ fcontextParser.add_argument('-e', '--equal', metavar='TARGET_PATH', help=_(
+ 'Substitute FILE_SPEC with TARGET_PATH for file label lookup. This is
used with fcontext. Requires source and target \
+path arguments to be path prefixes and does not support regular expressions. \
+The context labeling for the target subtree is made equivalent to that defined
for the source.'
))
fcontextParser.add_argument('-f', '--ftype', default="", choices=["a",
"f", "d", "c", "b", "s", "l", "p"], help=_(
'File Type. This is used with fcontext. Requires a file type as shown
in the mode field by ls, e.g. use d to match only \
@@ -368,7 +369,7 @@
parser_add_seuser(fcontextParser, "fcontext")
parser_add_type(fcontextParser, "fcontext")
parser_add_range(fcontextParser, "fcontext")
- fcontextParser.add_argument('file_spec', nargs='?', default=None,
help=_('Path to be labeled (may be in the form of a Perl compatible regular
expression)'))
+ fcontextParser.add_argument('file_spec', nargs='?', default=None,
metavar='FILE_SPEC', help=_('Path to be labeled (may be in the form of a Perl
compatible regular expression)'))
fcontextParser.set_defaults(func=handleFcontext)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.8.1/semanage/semanage-fcontext.8
new/selinux-python-3.9/semanage/semanage-fcontext.8
--- old/selinux-python-3.8.1/semanage/semanage-fcontext.8 2025-03-05
19:59:06.000000000 +0100
+++ new/selinux-python-3.9/semanage/semanage-fcontext.8 2025-07-16
12:55:13.000000000 +0200
@@ -3,7 +3,7 @@
semanage\-fcontext \- SELinux Policy Management file context tool
.SH "SYNOPSIS"
-.B semanage fcontext [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-t TYPE \-f
FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC | \-\-delete ( \-t TYPE \-f
FTYPE | \-e EQUAL ) FILE_SPEC | \-\-deleteall | \-\-extract | \-\-list [\-C]
| \-\-modify ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ]
+.B semanage fcontext [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-t TYPE \-f
FTYPE \-r RANGE \-s SEUSER | \-e TARGET_PATH ) FILE_SPEC | \-\-delete ( \-t
TYPE \-f FTYPE | \-e TARGET_PATH ) FILE_SPEC | \-\-deleteall | \-\-extract |
\-\-list [\-C] | \-\-modify ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e
TARGET_PATH ) FILE_SPEC ]
.SH "DESCRIPTION"
semanage is used to configure certain elements of
@@ -66,8 +66,8 @@
.I \-D, \-\-deleteall
Remove all local customizations
.TP
-.I \-e EQUAL, \-\-equal EQUAL
-Substitute target path with sourcepath when generating default label. This is
used with fcontext. Requires source and target path arguments. The context
labeling for the target subtree is made equivalent to that defined for the
source.
+.I \-e TARGET_PATH, \-\-equal TARGET_PATH
+Substitute FILE_SPEC with TARGET_PATH for file label lookup. This is used with
fcontext. Requires source and target path arguments to be path prefixes and
does not support regular expressions. The context labeling for the target
subtree is made equivalent to that defined for the source.
.TP
.I \-f [{a,f,d,c,b,s,l,p}], \-\-ftype [{a,f,d,c,b,s,l,p}]
File Type. This is used with fcontext. Requires a file type as shown in the
mode field by ls, e.g. use 'd' to match only directories or 'f' to match only
regular files. The following file type options can be passed: f (regular
file),d (directory),c (character device), b (block device),s (socket),l
(symbolic link),p (named pipe). If you do not specify a file type, the file
type will default to "all files".
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.8.1/sepolgen/VERSION
new/selinux-python-3.9/sepolgen/VERSION
--- old/selinux-python-3.8.1/sepolgen/VERSION 2025-03-05 19:59:06.000000000
+0100
+++ new/selinux-python-3.9/sepolgen/VERSION 2025-07-16 12:55:13.000000000
+0200
@@ -1 +1 @@
-3.8.1
+3.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.8.1/sepolicy/sepolicy.py
new/selinux-python-3.9/sepolicy/sepolicy.py
--- old/selinux-python-3.8.1/sepolicy/sepolicy.py 2025-03-05
19:59:06.000000000 +0100
+++ new/selinux-python-3.9/sepolicy/sepolicy.py 2025-07-16 12:55:13.000000000
+0200
@@ -25,7 +25,7 @@
import sys
import selinux
import sepolicy
-from multiprocessing import Pool
+import multiprocessing
from sepolicy import get_os_version, get_conditionals,
get_conditionals_format_text
import argparse
PROGNAME = "selinux-python"
@@ -350,7 +350,8 @@
manpage_domains = set()
manpage_roles = set()
- p = Pool()
+ multiprocessing.set_start_method('fork')
+ p = multiprocessing.Pool()
async_results = []
for domain in test_domains:
async_results.append(p.apply_async(manpage_work, [domain, path,
args.root, args.source_files, args.web]))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.8.1/sepolicy/setup.py
new/selinux-python-3.9/sepolicy/setup.py
--- old/selinux-python-3.8.1/sepolicy/setup.py 2025-03-05 19:59:06.000000000
+0100
+++ new/selinux-python-3.9/sepolicy/setup.py 2025-07-16 12:55:13.000000000
+0200
@@ -6,7 +6,7 @@
setup(
name="sepolicy",
- version="3.8.1",
+ version="3.9",
description="Python SELinux Policy Analyses bindings",
author="Daniel Walsh",
author_email="dwa...@redhat.com",
++++++ semodule-utils-3.8.1.tar.gz -> semodule-utils-3.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.8.1/VERSION
new/semodule-utils-3.9/VERSION
--- old/semodule-utils-3.8.1/VERSION 2025-03-05 19:59:06.000000000 +0100
+++ new/semodule-utils-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
@@ -1 +1 @@
-3.8.1
+3.9
++++++ usr_etc.patch ++++++
>From 6941162cd2a2375df8d2095abcba86a53aff7418 Mon Sep 17 00:00:00 2001
From: Stefan Schubert <sch...@suse.de>
Date: Fri, 15 Dec 2023 13:22:31 +0100
Subject: [PATCH] Using vendor defined directories for configuration files
besides user/admin defined configuration files.
Signed-off-by: Stefan Schubert <sch...@suse.de>
---
policycoreutils/sestatus/Makefile | 8 +++
policycoreutils/sestatus/sestatus.c | 79 ++++++++++++++++++++++--
policycoreutils/sestatus/sestatus.conf.5 | 2 +-
4 files changed, 90 insertions(+), 5 deletions(-)
diff --git a/policycoreutils/sestatus/Makefile
b/policycoreutils/sestatus/Makefile
index aebf050c2..bb1f6bda0 100644
--- a/policycoreutils/sestatus/Makefile
+++ b/policycoreutils/sestatus/Makefile
@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
ETCDIR ?= /etc
+LIBECONFH ?= $(shell test -f /usr/include/libeconf.h && echo y)
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I../../libselinux/include -D_FILE_OFFSET_BITS=64
@@ -13,6 +14,13 @@ override LDLIBS += -lselinux
all: sestatus
sestatus: sestatus.o
+ifdef VENDORDIR
+ifneq ($(LIBECONFH), y)
+ (echo "VENDORDIR defined but libeconf not available."; exit 1)
+endif
+override CFLAGS += -DVENDORDIR='"${VENDORDIR}"'
+override LDLIBS += -leconf
+endif
install: all
[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
diff --git a/policycoreutils/sestatus/sestatus.c
b/policycoreutils/sestatus/sestatus.c
index 6c95828ed..f80612dcd 100644
--- a/policycoreutils/sestatus/sestatus.c
+++ b/policycoreutils/sestatus/sestatus.c
@@ -21,11 +21,16 @@
#define PROC_BASE "/proc"
#define MAX_CHECK 50
-#define CONF "/etc/sestatus.conf"
+#define CONFDIR "/etc"
+#define CONFNAME "sestatus"
+#define CONFPOST "conf"
+#define CONF CONFDIR "/" CONFNAME "." CONFPOST
/* conf file sections */
-#define PROCS "[process]"
-#define FILES "[files]"
+#define SECTIONPROCS "process"
+#define SECTIONFILES "files"
+#define PROCS "[" SECTIONPROCS "]"
+#define FILES "[" SECTIONFILES "]"
/* buffer size for cmp_cmdline */
#define BUFSIZE 255
@@ -92,9 +97,75 @@ static int pidof(const char *command)
return ret;
}
-static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
+#ifdef VENDORDIR
+#include <libeconf.h>
+
+static void load_checks_with_vendor_settings(char *pc[], int *npc, char *fc[],
int *nfc)
{
+ econf_file *key_file = NULL;
+ econf_err error;
+ char **keys;
+ size_t key_number;
+
+ error = econf_readDirs (&key_file,
+ VENDORDIR,
+ CONFDIR,
+ CONFNAME,
+ CONFPOST,
+ "", "#");
+ if (error != ECONF_SUCCESS) {
+ printf("\nCannot read settings %s.%s: %s\n",
+ CONFNAME,
+ CONFPOST,
+ econf_errString( error ));
+ return;
+ }
+
+ error = econf_getKeys(key_file, SECTIONPROCS, &key_number, &keys);
+ if (error != ECONF_SUCCESS) {
+ printf("\nCannot read group %s: %s\n",
+ SECTIONPROCS,
+ econf_errString( error ));
+ } else {
+ for (size_t i = 0; i < key_number; i++) {
+ if (*npc >= MAX_CHECK)
+ break;
+ pc[*npc] = strdup(keys[i]);
+ if (!pc[*npc])
+ break;
+ (*npc)++;
+ }
+ econf_free (keys);
+ }
+
+ error = econf_getKeys(key_file, SECTIONFILES, &key_number, &keys);
+ if (error != ECONF_SUCCESS) {
+ printf("\nCannot read group %s: %s\n",
+ SECTIONFILES,
+ econf_errString( error ));
+ } else {
+ for (size_t i = 0; i < key_number; i++) {
+ if (*nfc >= MAX_CHECK)
+ break;
+ fc[*nfc] = strdup(keys[i]);
+ if (!fc[*nfc])
+ break;
+ (*nfc)++;
+ }
+ econf_free (keys);
+ }
+ econf_free (key_file);
+ return;
+}
+#endif
+
+static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
+{
+#ifdef VENDORDIR
+ load_checks_with_vendor_settings(pc, npc, fc, nfc);
+ return;
+#endif
FILE *fp = fopen(CONF, "r");
char buf[255], *bufp;
int buf_len, section = -1;
diff --git a/policycoreutils/sestatus/sestatus.conf.5
b/policycoreutils/sestatus/sestatus.conf.5
index acfedf6f5..01f8051d2 100644
--- a/policycoreutils/sestatus/sestatus.conf.5
+++ b/policycoreutils/sestatus/sestatus.conf.5
@@ -8,7 +8,7 @@ The \fIsestatus.conf\fR file is used by the \fBsestatus\fR(8)
command with the \
.sp
The fully qualified path name of the configuration file is:
.RS
-\fI/etc/sestatus.conf\fR
+\fI/etc/sestatus.conf\fR or \fI<vendordir>/sestatus.conf\fR if it is not
available
.RE
.RE
.sp
