Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2026-02-09 11:42:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.1670 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "policycoreutils"
Mon Feb 9 11:42:56 2026 rev:86 rq:1331579 version:3.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2025-07-24 18:34:35.926493226 +0200
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.1670/policycoreutils.changes
2026-02-09 11:43:19.765669847 +0100
@@ -1,0 +2,18 @@
+Thu Feb 5 16:30:31 UTC 2026 - Cathy Hu <[email protected]>
+
+- Update to version 3.10
+ https://github.com/SELinuxProject/selinux/releases/tag/3.10
+ * setfiles: Add -A option to disable SELINUX_RESTORECON_ADD_ASSOC
+ * semanage: Reset active value when deleting boolean customizations
+ * python/sepolicy: Add support for DNF5
+ * Man page improvments
+- keyring: Add key of Jason Zaman <[email protected]>
+ * added 63191CE94183098689CAB8DB7EF137EC935B0EAF [expires: 2026-02-08]
+
+-------------------------------------------------------------------
+Wed Jul 30 13:59:48 UTC 2025 - Ignaz Forster <[email protected]>
+
+- Move /var/lib/sepolgen/perm_map to /usr/share/sepolgen and create
+ a symlink instead (boo#1233024)
+
+-------------------------------------------------------------------
Old:
----
policycoreutils-3.9.tar.gz
policycoreutils-3.9.tar.gz.asc
selinux-dbus-3.9.tar.gz
selinux-dbus-3.9.tar.gz.asc
selinux-gui-3.9.tar.gz
selinux-gui-3.9.tar.gz.asc
selinux-python-3.9.tar.gz
selinux-python-3.9.tar.gz.asc
semodule-utils-3.9.tar.gz
semodule-utils-3.9.tar.gz.asc
New:
----
policycoreutils-3.10.tar.gz
policycoreutils-3.10.tar.gz.asc
selinux-dbus-3.10.tar.gz
selinux-dbus-3.10.tar.gz.asc
selinux-gui-3.10.tar.gz
selinux-gui-3.10.tar.gz.asc
selinux-python-3.10.tar.gz
selinux-python-3.10.tar.gz.asc
semodule-utils-3.10.tar.gz
semodule-utils-3.10.tar.gz.asc
sepolgen.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ policycoreutils.spec ++++++
--- /var/tmp/diff_new_pack.yy0B9h/_old 2026-02-09 11:43:22.005764088 +0100
+++ /var/tmp/diff_new_pack.yy0B9h/_new 2026-02-09 11:43:22.005764088 +0100
@@ -30,12 +30,12 @@
%endif
%define libaudit_ver 2.2
-%define libsepol_ver 3.9
-%define libsemanage_ver 3.9
-%define libselinux_ver 3.9
+%define libsepol_ver 3.10
+%define libsemanage_ver 3.10
+%define libselinux_ver 3.10
%define setools_ver 4.1.1
Name: policycoreutils
-Version: 3.9
+Version: 3.10
Release: 0
Summary: SELinux policy core utilities
License: GPL-2.0-or-later
@@ -54,6 +54,7 @@
Source16:
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-dbus-%{version}.tar.gz
Source17:
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-dbus-%{version}.tar.gz.asc
Source18: policycoreutils-rpmlintrc
+Source19: sepolgen.conf
Patch0: make_targets.patch
Patch2: get_os_version.patch
Patch3: run_init.pamd.patch
@@ -280,8 +281,11 @@
mkdir -p %{buildroot}%{_libexecdir}/selinux/hll/
mkdir -p %{buildroot}%{_localstatedir}/lib/sepolgen
+mkdir -p %{buildroot}%{_tmpfilesdir}
(cd selinux-python-%{version}/po && make DESTDIR=%{buildroot} install)
+cp -a %{buildroot}%{_localstatedir}/lib/sepolgen
%{buildroot}%{_datadir}/sepolgen
+install -m 644 %{SOURCE19} %{buildroot}%{_tmpfilesdir}
%find_lang %{name}
%find_lang selinux-python
%find_lang selinux-gui
@@ -441,7 +445,10 @@
%{_mandir}/man8/sepolicy.8%{?ext_man}
%{_mandir}/man8/sepolgen.8%{?ext_man}
%dir %{_localstatedir}/lib/sepolgen
-%{_localstatedir}/lib/sepolgen/perm_map
+%ghost %{_localstatedir}/lib/sepolgen/perm_map
+%dir %{_datadir}/sepolgen
+%{_datadir}/sepolgen/perm_map
+%{_tmpfilesdir}/sepolgen.conf
%{_datadir}/bash-completion/completions/sepolicy
%files newrole
++++++ get_os_version.patch ++++++
--- /var/tmp/diff_new_pack.yy0B9h/_old 2026-02-09 11:43:22.049765939 +0100
+++ /var/tmp/diff_new_pack.yy0B9h/_new 2026-02-09 11:43:22.053766107 +0100
@@ -1,7 +1,7 @@
-Index: policycoreutils-3.9/selinux-python-3.9/sepolicy/sepolicy/__init__.py
+Index: policycoreutils-3.10/selinux-python-3.10/sepolicy/sepolicy/__init__.py
===================================================================
---- policycoreutils-3.9.orig/selinux-python-3.9/sepolicy/sepolicy/__init__.py
-+++ policycoreutils-3.9/selinux-python-3.9/sepolicy/sepolicy/__init__.py
+--- policycoreutils-3.10.orig/selinux-python-3.10/sepolicy/sepolicy/__init__.py
++++ policycoreutils-3.10/selinux-python-3.10/sepolicy/sepolicy/__init__.py
@@ -1246,7 +1246,8 @@ def get_os_version():
import distro
system_release = distro.name(pretty=True)
++++++ policycoreutils-3.9.tar.gz -> policycoreutils-3.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/Makefile
new/policycoreutils-3.10/Makefile
--- old/policycoreutils-3.9/Makefile 2025-07-16 12:55:13.000000000 +0200
+++ new/policycoreutils-3.10/Makefile 2026-02-02 03:01:16.000000000 +0100
@@ -6,7 +6,7 @@
LIBSEMANAGE_LDLIBS := $(shell
PKG_CONFIG_PATH="$(PKG_CONFIG_PATH):../libsemanage/src" $(PKG_CONFIG) --libs
libsemanage)
export LIBSELINUX_LDLIBS LIBSEMANAGE_LDLIBS
-all install relabel clean indent:
+all install relabel clean:
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/VERSION
new/policycoreutils-3.10/VERSION
--- old/policycoreutils-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
+++ new/policycoreutils-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
@@ -1 +1 @@
-3.9
+3.10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/hll/Makefile
new/policycoreutils-3.10/hll/Makefile
--- old/policycoreutils-3.9/hll/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/hll/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -1,6 +1,6 @@
SUBDIRS = pp
-all install relabel clean indent:
+all install relabel clean:
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/hll/pp/Makefile
new/policycoreutils-3.10/hll/pp/Makefile
--- old/policycoreutils-3.9/hll/pp/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/hll/pp/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -25,6 +25,3 @@
clean:
-rm -f pp $(PP_OBJS)
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/load_policy/Makefile
new/policycoreutils-3.10/load_policy/Makefile
--- old/policycoreutils-3.9/load_policy/Makefile 2025-07-16
12:55:13.000000000 +0200
+++ new/policycoreutils-3.10/load_policy/Makefile 2026-02-02
03:01:16.000000000 +0100
@@ -28,8 +28,5 @@
clean:
-rm -f $(TARGETS) *.o
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
relabel:
/sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/newrole/Makefile
new/policycoreutils-3.10/newrole/Makefile
--- old/policycoreutils-3.9/newrole/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/newrole/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -87,9 +87,6 @@
clean:
rm -f newrole *.o
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
relabel: install
/sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/run_init/Makefile
new/policycoreutils-3.10/run_init/Makefile
--- old/policycoreutils-3.9/run_init/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/run_init/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -53,8 +53,5 @@
clean:
-rm -f $(TARGETS) *.o
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
relabel: install
/sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init
$(DESTDIR)$(SBINDIR)/open_init_pty
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/scripts/Makefile
new/policycoreutils-3.10/scripts/Makefile
--- old/policycoreutils-3.9/scripts/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/scripts/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -21,6 +21,4 @@
clean:
-indent:
-
relabel:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/secon/Makefile
new/policycoreutils-3.10/secon/Makefile
--- old/policycoreutils-3.9/secon/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/secon/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -35,9 +35,6 @@
clean:
rm -f *.o core* secon *~ *.bak
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
bare: clean
.PHONY: clean bare
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/semodule/Makefile
new/policycoreutils-3.10/semodule/Makefile
--- old/policycoreutils-3.9/semodule/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/semodule/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -35,7 +35,3 @@
clean:
-rm -f semodule *.o genhomedircon
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/sestatus/Makefile
new/policycoreutils-3.10/sestatus/Makefile
--- old/policycoreutils-3.9/sestatus/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/sestatus/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -41,7 +41,4 @@
clean:
rm -f sestatus *.o
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
relabel:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/setfiles/Makefile
new/policycoreutils-3.10/setfiles/Makefile
--- old/policycoreutils-3.9/setfiles/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/setfiles/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -43,8 +43,5 @@
clean:
rm -f setfiles restorecon restorecon_xattr *.o
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
relabel: install
$(DESTDIR)$(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles
$(DESTDIR)$(SBINDIR)/restorecon_xattr
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/setfiles/restore.c
new/policycoreutils-3.10/setfiles/restore.c
--- old/policycoreutils-3.9/setfiles/restore.c 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/setfiles/restore.c 2026-02-02 03:01:16.000000000
+0100
@@ -43,7 +43,7 @@
opts->syslog_changes | opts->log_matches |
opts->ignore_noent | opts->ignore_mounts |
opts->mass_relabel | opts->conflict_error |
- opts->count_errors;
+ opts->count_errors | opts->count_relabeled;
/* Use setfiles, restorecon and restorecond own handles */
selinux_restorecon_set_sehandle(opts->hnd);
@@ -75,7 +75,7 @@
}
int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
- long unsigned *skipped_errors)
+ long unsigned *skipped_errors, long unsigned *relabeled_files)
{
glob_t globbuf;
size_t i, len;
@@ -99,8 +99,12 @@
nthreads);
if (rc < 0)
errors = rc;
- else if (opts->restorecon_flags &
SELINUX_RESTORECON_COUNT_ERRORS)
- *skipped_errors +=
selinux_restorecon_get_skipped_errors();
+ else {
+ if (opts->restorecon_flags &
SELINUX_RESTORECON_COUNT_ERRORS)
+ *skipped_errors +=
selinux_restorecon_get_skipped_errors();
+ if (opts->restorecon_flags &
SELINUX_RESTORECON_COUNT_RELABELED)
+ *relabeled_files +=
selinux_restorecon_get_relabeled_files();
+ }
}
globfree(&globbuf);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/setfiles/restore.h
new/policycoreutils-3.10/setfiles/restore.h
--- old/policycoreutils-3.9/setfiles/restore.h 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/setfiles/restore.h 2026-02-02 03:01:16.000000000
+0100
@@ -37,6 +37,7 @@
unsigned int ignore_mounts;
unsigned int conflict_error;
unsigned int count_errors;
+ unsigned int count_relabeled;
/* restorecon_flags holds | of above for restore_init() */
unsigned int restorecon_flags;
char *rootpath;
@@ -52,7 +53,7 @@
void restore_finish(void);
void add_exclude(const char *directory);
int process_glob(char *name, struct restore_opts *opts, size_t nthreads,
- long unsigned *skipped_errors);
+ long unsigned *skipped_errors, long unsigned *relabeled_files);
extern char **exclude_list;
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/setfiles/restorecon.8
new/policycoreutils-3.10/setfiles/restorecon.8
--- old/policycoreutils-3.9/setfiles/restorecon.8 2025-07-16
12:55:13.000000000 +0200
+++ new/policycoreutils-3.10/setfiles/restorecon.8 2026-02-02
03:01:16.000000000 +0100
@@ -153,6 +153,9 @@
.BR selabel_stats (3)
results.
.TP
+.B \-c
+count and display the number of (would be) relabeled files. The exit code will
be set to 0 only if at least one file is relabeled.
+.TP
.B \-0
the separator for the input items is assumed to be the null character
(instead of the white space). The quotes and the backslash characters are
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/setfiles/setfiles.8
new/policycoreutils-3.10/setfiles/setfiles.8
--- old/policycoreutils-3.9/setfiles/setfiles.8 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/setfiles/setfiles.8 2026-02-02
03:01:16.000000000 +0100
@@ -23,6 +23,7 @@
.RB [ \-I | \-D ]
.RB [ \-T
.IR nthreads ]
+.RB [ \-A ]
.I spec_file
.IR pathname \ ...
@@ -187,6 +188,10 @@
threads. Specify 0 to create as many threads as there are available
CPU cores; 1 to use only a single thread (default); or any positive
number to use the given number of threads (if possible).
+.TP
+.B \-A
+do not track inodes with multiple hard links or bind mounts that would
+match different contexts (saves memory)
.SH "ARGUMENTS"
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/setfiles/setfiles.c
new/policycoreutils-3.10/setfiles/setfiles.c
--- old/policycoreutils-3.9/setfiles/setfiles.c 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/setfiles/setfiles.c 2026-02-02
03:01:16.000000000 +0100
@@ -35,14 +35,14 @@
{
if (iamrestorecon) {
fprintf(stderr,
- "usage: %s [-iIDFUmnprRv0xT] [-e excludedir]
pathname...\n"
- "usage: %s [-iIDFUmnprRv0xT] [-e excludedir] -f
filename\n",
+ "usage: %s [-ciIDFUmnprRv0xT] [-e excludedir]
pathname...\n"
+ "usage: %s [-ciIDFUmnprRv0xT] [-e excludedir] -f
filename\n",
name, name);
} else {
fprintf(stderr,
- "usage: %s [-diIDlmnpqvCEFUWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file pathname...\n"
- "usage: %s [-diIDlmnpqvCEFUWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file -f filename\n"
- "usage: %s -s [-diIDlmnpqvFUWT] spec_file\n",
+ "usage: %s [-diIDlmnpqvACEFUWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file pathname...\n"
+ "usage: %s [-diIDlmnpqvACEFUWT] [-e excludedir] [-r
alt_root_path] [-c policyfile] spec_file -f filename\n"
+ "usage: %s -s [-diIDlmnpqvAFUWT] spec_file\n",
name, name, name);
}
exit(-1);
@@ -146,11 +146,12 @@
size_t buf_len, nthreads = 1;
const char *base;
int errors = 0;
- const char *ropts = "e:f:hiIDlmno:pqrsvFURW0xT:";
- const char *sopts = "c:de:f:hiIDlmno:pqr:svCEFUR:W0T:";
+ const char *ropts = "ce:f:hiIDlmno:pqrsvFURW0xT:";
+ const char *sopts = "c:de:f:hiIDlmno:pqr:svACEFUR:W0T:";
const char *opts;
union selinux_callback cb;
long unsigned skipped_errors;
+ long unsigned relabeled_files;
/* Initialize variables */
memset(&r_opts, 0, sizeof(r_opts));
@@ -160,6 +161,7 @@
request_digest = 0;
policyfile = NULL;
skipped_errors = 0;
+ relabeled_files = 0;
if (!argv[0]) {
fprintf(stderr, "Called without required program name!\n");
@@ -223,7 +225,10 @@
while ((opt = getopt(argc, argv, opts)) > 0) {
switch (opt) {
case 'c':
- {
+ if (iamrestorecon) {
+ r_opts.count_relabeled =
SELINUX_RESTORECON_COUNT_RELABELED;
+ break;
+ } else {
FILE *policystream;
policyfile = optarg;
@@ -375,6 +380,9 @@
if (*optarg == '\0' || *endptr != '\0')
usage(argv[0]);
break;
+ case 'A':
+ r_opts.add_assoc = 0;
+ break;
case 'h':
case '?':
usage(argv[0]);
@@ -454,14 +462,14 @@
if (!strcmp(buf, "/"))
r_opts.mass_relabel =
SELINUX_RESTORECON_MASS_RELABEL;
errors |= process_glob(buf, &r_opts, nthreads,
- &skipped_errors) < 0;
+ &skipped_errors,
&relabeled_files) < 0;
}
if (strcmp(input_filename, "-") != 0)
fclose(f);
} else {
for (i = optind; i < argc; i++)
errors |= process_glob(argv[i], &r_opts, nthreads,
- &skipped_errors) < 0;
+ &skipped_errors,
&relabeled_files) < 0;
}
if (r_opts.mass_relabel && !r_opts.nochange)
@@ -476,5 +484,14 @@
if (r_opts.progress)
fprintf(stdout, "\n");
+ /* Output relabeled file count if requested */
+ if (r_opts.count_relabeled) {
+ long unsigned relabeled_count =
selinux_restorecon_get_relabeled_files();
+ printf("Relabeled %lu files\n", relabeled_count);
+
+ /* Set exit code to 0 if at least one file was relabeled */
+ exit(errors ? -1 : relabeled_count ? 0 : 1);
+ }
+
exit(errors ? -1 : skipped_errors ? 1 : 0);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/setsebool/Makefile
new/policycoreutils-3.10/setsebool/Makefile
--- old/policycoreutils-3.9/setsebool/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/setsebool/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -35,7 +35,3 @@
clean:
-rm -f setsebool *.o
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/policycoreutils-3.9/unsetfiles/Makefile
new/policycoreutils-3.10/unsetfiles/Makefile
--- old/policycoreutils-3.9/unsetfiles/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/policycoreutils-3.10/unsetfiles/Makefile 2026-02-02
03:01:16.000000000 +0100
@@ -20,8 +20,5 @@
clean:
-rm -f unsetfiles *.o
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
relabel: install
/sbin/restorecon $(DESTDIR)$(SBINDIR)/unsetfiles
++++++ policycoreutils.keyring ++++++
++++ 1396 lines (skipped)
++++ between policycoreutils.keyring
++++ and
/work/SRC/openSUSE:Factory/.policycoreutils.new.1670/policycoreutils.keyring
++++++ selinux-dbus-3.9.tar.gz -> selinux-dbus-3.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-dbus-3.9/VERSION
new/selinux-dbus-3.10/VERSION
--- old/selinux-dbus-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
+++ new/selinux-dbus-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
@@ -1 +1 @@
-3.9
+3.10
++++++ selinux-gui-3.9.tar.gz -> selinux-gui-3.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.9/Makefile
new/selinux-gui-3.10/Makefile
--- old/selinux-gui-3.9/Makefile 2025-07-16 12:55:13.000000000 +0200
+++ new/selinux-gui-3.10/Makefile 2026-02-02 03:01:16.000000000 +0100
@@ -60,8 +60,6 @@
clean:
(cd po && $(MAKE) $@)
-indent:
-
relabel:
test:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.9/VERSION new/selinux-gui-3.10/VERSION
--- old/selinux-gui-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
+++ new/selinux-gui-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
@@ -1 +1 @@
-3.9
+3.10
++++++ selinux-python-3.9.tar.gz -> selinux-python-3.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/Makefile
new/selinux-python-3.10/Makefile
--- old/selinux-python-3.9/Makefile 2025-07-16 12:55:13.000000000 +0200
+++ new/selinux-python-3.10/Makefile 2026-02-02 03:01:16.000000000 +0100
@@ -1,6 +1,6 @@
SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
-all install relabel clean indent test:
+all install relabel clean format test:
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/VERSION
new/selinux-python-3.10/VERSION
--- old/selinux-python-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
+++ new/selinux-python-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
@@ -1 +1 @@
-3.9
+3.10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/audit2allow/Makefile
new/selinux-python-3.10/audit2allow/Makefile
--- old/selinux-python-3.9/audit2allow/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/selinux-python-3.10/audit2allow/Makefile 2026-02-02
03:01:16.000000000 +0100
@@ -51,7 +51,4 @@
clean:
rm -f *~ *.o sepolgen-ifgen-attr-helper test_dummy_policy
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
relabel: ;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/chcat/Makefile
new/selinux-python-3.10/chcat/Makefile
--- old/selinux-python-3.9/chcat/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/selinux-python-3.10/chcat/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -21,8 +21,6 @@
clean:
-indent:
-
relabel:
test:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/semanage/Makefile
new/selinux-python-3.10/semanage/Makefile
--- old/selinux-python-3.9/semanage/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/selinux-python-3.10/semanage/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -35,6 +35,4 @@
@$(PYTHON) test-semanage.py -a
clean:
-indent:
-
relabel:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/semanage/semanage-fcontext.8
new/selinux-python-3.10/semanage/semanage-fcontext.8
--- old/selinux-python-3.9/semanage/semanage-fcontext.8 2025-07-16
12:55:13.000000000 +0200
+++ new/selinux-python-3.10/semanage/semanage-fcontext.8 2026-02-02
03:01:16.000000000 +0100
@@ -100,6 +100,10 @@
# semanage fcontext \-a \-e /home /disk6/home
# restorecon \-R \-v /disk6
+Add file-context with MLS range s0:c0.c255 for /secure directory (MLS/MCS
systems only)
+# semanage fcontext \-a \-t admin_home_t \-r s0:c0.c255 "/secure(/.*)?"
+# restorecon \-R \-F \-v /secure
+
.SH "SEE ALSO"
.BR selinux (8),
.BR semanage (8),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/semanage/semanage-port.8
new/selinux-python-3.10/semanage/semanage-port.8
--- old/selinux-python-3.9/semanage/semanage-port.8 2025-07-16
12:55:13.000000000 +0200
+++ new/selinux-python-3.10/semanage/semanage-port.8 2026-02-02
03:01:16.000000000 +0100
@@ -61,6 +61,9 @@
# semanage port \-a \-t http_port_t \-p tcp 81
Allow sshd to listen on tcp port 8991 (i.e. assign tcp port 8991 label
ssh_port_t, which sshd is allowed to listen on)
# semanage port \-a \-t ssh_port_t \-p tcp 8991
+Add a custom port 9999 with MLS range s0:c0.c255 (MLS/MCS systems only).
Verify with seinfo.
+# semanage port \-a \-t http_port_t \-p tcp \-r s0:c0.c255 9999
+# seinfo \-\-portcon \-x | grep 9999
.SH "SEE ALSO"
.BR selinux (8),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/semanage/seobject.py
new/selinux-python-3.10/semanage/seobject.py
--- old/selinux-python-3.9/semanage/seobject.py 2025-07-16 12:55:13.000000000
+0200
+++ new/selinux-python-3.10/semanage/seobject.py 2026-02-02
03:01:16.000000000 +0100
@@ -244,7 +244,6 @@
args = None
def __init__(self, args = None):
- global handle
if args:
# legacy code - args was store originally
if isinstance(args, str):
@@ -2886,7 +2885,15 @@
self.__delete(name)
self.commit()
+ # New transaction to reset the boolean to its default value.
+ # Calling __reset_value in the same transaction as the removal of
+ # local customizations does nothing
+ self.begin()
+ self.__reset_value(name)
+ self.commit()
+
def deleteall(self):
+ deleted = []
(rc, self.blist) = semanage_bool_list_local(self.sh)
if rc < 0:
raise ValueError(_("Could not list booleans"))
@@ -2895,10 +2902,45 @@
for boolean in self.blist:
name = semanage_bool_get_name(boolean)
+ deleted.append(name)
self.__delete(name)
self.commit()
+ # New transaction to reset all affected booleans to their default
values.
+ # Calling __reset_value in the same transaction as the removal of
+ # local customizations does nothing
+ self.begin()
+
+ for boolean in deleted:
+ self.__reset_value(boolean)
+
+ self.commit()
+
+ # Set active value to default
+ # Note: this needs to be called in a new transaction after removing local
customizations
+ # in order for semanage_bool_query to fetch the default value
+ # (as opposed to the current one -- set by the local customizations)
+ def __reset_value(self, name):
+ name = selinux.selinux_boolean_sub(name)
+
+ (rc, k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") % name)
+
+ (rc, b) = semanage_bool_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query boolean %s") % name)
+
+ semanage_bool_set_value(b, semanage_bool_get_value(b))
+
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not set active value of boolean %s") %
name)
+
+ semanage_bool_key_free(k)
+ semanage_bool_free(b)
+
def get_all(self, locallist=0):
ddict = {}
if locallist:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/sepolgen/Makefile
new/selinux-python-3.10/sepolgen/Makefile
--- old/selinux-python-3.9/sepolgen/Makefile 2025-07-16 12:55:13.000000000
+0200
+++ new/selinux-python-3.10/sepolgen/Makefile 2026-02-02 03:01:16.000000000
+0100
@@ -11,10 +11,5 @@
rm -f *~ *.pyc
rm -f parser.out parsetab.py
-indent: ;
-
test:
$(MAKE) -C tests $@
-
-
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/sepolgen/VERSION
new/selinux-python-3.10/sepolgen/VERSION
--- old/selinux-python-3.9/sepolgen/VERSION 2025-07-16 12:55:13.000000000
+0200
+++ new/selinux-python-3.10/sepolgen/VERSION 2026-02-02 03:01:16.000000000
+0100
@@ -1 +1 @@
-3.9
+3.10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/sepolgen/src/Makefile
new/selinux-python-3.10/sepolgen/src/Makefile
--- old/selinux-python-3.9/sepolgen/src/Makefile 2025-07-16
12:55:13.000000000 +0200
+++ new/selinux-python-3.10/sepolgen/src/Makefile 2026-02-02
03:01:16.000000000 +0100
@@ -12,10 +12,4 @@
rm -f *~ *.pyc
rm -f parser.out parsetab.py
-indent: ;
-
-
test: ;
-
-
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-python-3.9/sepolgen/src/sepolgen/refparser.py
new/selinux-python-3.10/sepolgen/src/sepolgen/refparser.py
--- old/selinux-python-3.9/sepolgen/src/sepolgen/refparser.py 2025-07-16
12:55:13.000000000 +0200
+++ new/selinux-python-3.10/sepolgen/src/sepolgen/refparser.py 2026-02-02
03:01:16.000000000 +0100
@@ -1038,7 +1038,7 @@
#
def p_error(tok):
- global error, parse_file, success, parser
+ global error, success
error = "%s: Syntax error on line %d %s [type=%s]" % (parse_file,
tok.lineno, tok.value, tok.type)
print(error)
success = False
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/sepolicy/sepolicy/__init__.py
new/selinux-python-3.10/sepolicy/sepolicy/__init__.py
--- old/selinux-python-3.9/sepolicy/sepolicy/__init__.py 2025-07-16
12:55:13.000000000 +0200
+++ new/selinux-python-3.10/sepolicy/sepolicy/__init__.py 2026-02-02
03:01:16.000000000 +0100
@@ -195,7 +195,6 @@
policy(policy_file)
def info(setype, name=None):
- global _pol
if not _pol:
init_policy()
@@ -354,7 +353,6 @@
def search(types, seinfo=None):
- global _pol
if not _pol:
init_policy()
if not seinfo:
@@ -936,7 +934,6 @@
if roles:
return roles
- global _pol
if not _pol:
init_policy()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/sepolicy/sepolicy/generate.py
new/selinux-python-3.10/sepolicy/sepolicy/generate.py
--- old/selinux-python-3.9/sepolicy/sepolicy/generate.py 2025-07-16
12:55:13.000000000 +0200
+++ new/selinux-python-3.10/sepolicy/sepolicy/generate.py 2026-02-02
03:01:16.000000000 +0100
@@ -1262,6 +1262,63 @@
return fcfile
def __extract_rpms(self):
+ # Try dnf5 first, fall back to dnf4
+ try:
+ import libdnf5
+ self.__extract_rpms_dnf5()
+ except ImportError:
+ try:
+ import dnf
+ self.__extract_rpms_dnf4()
+ except ImportError:
+ pass
+
+ def __extract_rpms_dnf5(self):
+ import libdnf5
+
+ base = libdnf5.base.Base()
+ base.load_config()
+ base.setup()
+
+ repo_sack = base.get_repo_sack()
+ repo_sack.create_repos_from_system_configuration()
+
+ repo_sack.load_repos()
+
+ query = libdnf5.rpm.PackageQuery(base)
+ query.filter_file([self.program])
+ query.filter_available()
+
+ for pkg in query:
+ self.rpms.append(pkg.get_name())
+ files = pkg.get_files()
+ for fname in files:
+ for b in self.DEFAULT_DIRS:
+ if b == "/etc":
+ continue
+ if fname.startswith(b):
+ if os.path.isfile(fname):
+ self.add_file(fname)
+ else:
+ self.add_dir(fname)
+
+ # Query for source package
+ src_query = libdnf5.rpm.PackageQuery(base)
+ src_query.filter_provides([pkg.get_source_name()])
+ src_query.filter_available()
+ for bpkg in src_query:
+ files = bpkg.get_files()
+ for fname in files:
+ for b in self.DEFAULT_DIRS:
+ if b == "/etc":
+ continue
+ if fname.startswith(b):
+ if os.path.isfile(fname):
+ self.add_file(fname)
+ else:
+ self.add_dir(fname)
+
+ def __extract_rpms_dnf4(self):
import dnf
with dnf.Base() as base:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.9/sepolicy/setup.py
new/selinux-python-3.10/sepolicy/setup.py
--- old/selinux-python-3.9/sepolicy/setup.py 2025-07-16 12:55:13.000000000
+0200
+++ new/selinux-python-3.10/sepolicy/setup.py 2026-02-02 03:01:16.000000000
+0100
@@ -6,7 +6,7 @@
setup(
name="sepolicy",
- version="3.9",
+ version="3.10",
description="Python SELinux Policy Analyses bindings",
author="Daniel Walsh",
author_email="[email protected]",
++++++ semodule-utils-3.9.tar.gz -> semodule-utils-3.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.9/Makefile
new/semodule-utils-3.10/Makefile
--- old/semodule-utils-3.9/Makefile 2025-07-16 12:55:13.000000000 +0200
+++ new/semodule-utils-3.10/Makefile 2026-02-02 03:01:16.000000000 +0100
@@ -1,6 +1,6 @@
SUBDIRS = semodule_package semodule_link semodule_expand
-all install relabel clean indent:
+all install relabel clean:
@for subdir in $(SUBDIRS); do \
(cd $$subdir && $(MAKE) $@) || exit 1; \
done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.9/VERSION
new/semodule-utils-3.10/VERSION
--- old/semodule-utils-3.9/VERSION 2025-07-16 12:55:13.000000000 +0200
+++ new/semodule-utils-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
@@ -1 +1 @@
-3.9
+3.10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.9/semodule_expand/Makefile
new/semodule-utils-3.10/semodule_expand/Makefile
--- old/semodule-utils-3.9/semodule_expand/Makefile 2025-07-16
12:55:13.000000000 +0200
+++ new/semodule-utils-3.10/semodule_expand/Makefile 2026-02-02
03:01:16.000000000 +0100
@@ -27,7 +27,3 @@
clean:
-rm -f semodule_expand *.o
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.9/semodule_link/Makefile
new/semodule-utils-3.10/semodule_link/Makefile
--- old/semodule-utils-3.9/semodule_link/Makefile 2025-07-16
12:55:13.000000000 +0200
+++ new/semodule-utils-3.10/semodule_link/Makefile 2026-02-02
03:01:16.000000000 +0100
@@ -27,7 +27,3 @@
clean:
-rm -f semodule_link *.o
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.9/semodule_package/Makefile
new/semodule-utils-3.10/semodule_package/Makefile
--- old/semodule-utils-3.9/semodule_package/Makefile 2025-07-16
12:55:13.000000000 +0200
+++ new/semodule-utils-3.10/semodule_package/Makefile 2026-02-02
03:01:16.000000000 +0100
@@ -29,7 +29,3 @@
clean:
-rm -f semodule_package semodule_unpackage *.o
-
-indent:
- ../../scripts/Lindent $(wildcard *.[ch])
-
++++++ sepolgen.conf ++++++
L /var/lib/sepolgen/perm_map - - - - ../../../usr/share/sepolgen/perm_map
(No newline at EOF)
