Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package policycoreutils for openSUSE:Factory 
checked in at 2026-07-13 14:25:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
 and      /work/SRC/openSUSE:Factory/.policycoreutils.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "policycoreutils"

Mon Jul 13 14:25:33 2026 rev:91 rq:1364579 version:3.11

Changes:
--------
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes  
2026-06-11 17:26:20.003744573 +0200
+++ 
/work/SRC/openSUSE:Factory/.policycoreutils.new.1991/policycoreutils.changes    
    2026-07-13 14:25:45.042665435 +0200
@@ -1,0 +2,48 @@
+Tue Jul  7 11:47:35 UTC 2026 - Robert Frohl <[email protected]>
+
+- Move the sandbox subpackage to the separate selinux-sandbox package 
(bsc#1270534)
+  drop policycoreutils-sandbox-fix-cleanup.patch
+
+-------------------------------------------------------------------
+Mon Jul  6 13:37:11 UTC 2026 - Cathy Hu <[email protected]>
+
+- Update to version 3.11
+  https://github.com/SELinuxProject/selinux/releases/tag/3.11
+  - User-visible changes:
+    - Several security improvements in dbus and gui
+    - Dropped Python 2 support from audit2why
+    - Added `setfiles -A` option to disable SELINUX_RESTORECON_ADD_ASSOC
+    - restorecon only logs error on read-only filesystem instead of failing 
(allows
+      relabeling with read-only BTRFS subvolumes)
+    - Introduced a new SELINUX_RESTORECON_SKIP_MULTILINK flag to
+      selinux_restorecon(3); if set, then selinux_restorecon(3) will refuse to
+      relabel files with multiple hard links to prevent mislabeling them. 
Updated
+      restorecond(8) to always pass this flag when relabeling files to prevent
+      mislabeling hard links to files owned by others, e.g. when relabeling 
user
+      home directories or /tmp.
+    - Fixed semanage audit fd creation to avoid hitting RLIMIT_NOFILE on large
+      semanage import operations (#291).
+    - Improved semanage-fcontext(8) manpage
+    - Fixed dispol and dismod to show all options in the -h text.
+  - Development-relevant changes:
+    - Reformatted entire tree based on .clang-format and added new
+      check-format/format make targets to check and/or reformat code to match.
+      This is now a requirement for new patches.
+    - Updated pywrap build targets for modern python builds using the Python3 
build
+      module.
+    - Disabled build isolation for sepolicy python module.
+    - Fixed build errors with glibc 2.43.
+    - Updated pywrap build targets for modern python builds using the Python3 
build
+      module.
+- Packaging changes:
+  - Drop sepolicy-build-isolation.patch 
+    was accepted upstream
+  - Drop sandbox-sandbox-fix-saving-file-changes.patch
+    was accepted upstream
+  - Add python-build as new BuildRequires
+  - Rewrite policycoreutils-sandbox-fix-cleanup.patch
+    Code was rewritten upstream, dropped the part in seunshare.c
+  - Rewrite usr_etc.patch
+    Did not apply anymore due to code changes
+
+-------------------------------------------------------------------

Old:
----
  SANDBOX-README.md
  policycoreutils-3.10.tar.gz
  policycoreutils-3.10.tar.gz.asc
  policycoreutils-sandbox-fix-cleanup.patch
  sandbox-sandbox-fix-saving-file-changes.patch
  selinux-dbus-3.10.tar.gz
  selinux-dbus-3.10.tar.gz.asc
  selinux-gui-3.10.tar.gz
  selinux-gui-3.10.tar.gz.asc
  selinux-python-3.10.tar.gz
  selinux-python-3.10.tar.gz.asc
  selinux-sandbox-3.10.tar.gz
  selinux-sandbox-3.10.tar.gz.asc
  semodule-utils-3.10.tar.gz
  semodule-utils-3.10.tar.gz.asc
  sepolicy-build-isolation.patch

New:
----
  policycoreutils-3.11.tar.gz
  policycoreutils-3.11.tar.gz.asc
  selinux-dbus-3.11.tar.gz
  selinux-dbus-3.11.tar.gz.asc
  selinux-gui-3.11.tar.gz
  selinux-gui-3.11.tar.gz.asc
  selinux-python-3.11.tar.gz
  selinux-python-3.11.tar.gz.asc
  semodule-utils-3.11.tar.gz
  semodule-utils-3.11.tar.gz.asc

----------(Old B)----------
  Old:- Move the sandbox subpackage to the separate selinux-sandbox package 
(bsc#1270534)
  drop policycoreutils-sandbox-fix-cleanup.patch
  Old:    was accepted upstream
  - Drop sandbox-sandbox-fix-saving-file-changes.patch
    was accepted upstream
  Old:- Packaging changes:
  - Drop sepolicy-build-isolation.patch 
    was accepted upstream
----------(Old E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ policycoreutils.spec ++++++
--- /var/tmp/diff_new_pack.QzwsRV/_old  2026-07-13 14:25:49.482817247 +0200
+++ /var/tmp/diff_new_pack.QzwsRV/_new  2026-07-13 14:25:49.482817247 +0200
@@ -30,12 +30,12 @@
 %endif
 
 %define libaudit_ver     2.2
-%define libsepol_ver     3.10
-%define libsemanage_ver  3.10
-%define libselinux_ver   3.10
+%define libsepol_ver     3.11
+%define libsemanage_ver  3.11
+%define libselinux_ver   3.11
 %define setools_ver      4.1.1
 Name:           policycoreutils
-Version:        3.10
+Version:        3.11
 Release:        0
 Summary:        SELinux policy core utilities
 License:        GPL-2.0-or-later
@@ -53,18 +53,12 @@
 Source15:       
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-gui-%{version}.tar.gz.asc
 Source16:       
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-dbus-%{version}.tar.gz
 Source17:       
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-dbus-%{version}.tar.gz.asc
-Source18:       
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-sandbox-%{version}.tar.gz
-Source19:       
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-sandbox-%{version}.tar.gz.asc
 Source20:       policycoreutils-rpmlintrc
 Source21:       sepolgen.conf
-Source22:       SANDBOX-README.md
 Patch0:         make_targets.patch
 Patch2:         get_os_version.patch
 Patch3:         run_init.pamd.patch
 Patch4:         usr_etc.patch
-Patch5:         sepolicy-build-isolation.patch
-Patch6:         policycoreutils-sandbox-fix-cleanup.patch
-Patch7:         sandbox-sandbox-fix-saving-file-changes.patch
 BuildRequires:  audit-devel >= %{libaudit_ver}
 BuildRequires:  bison
 BuildRequires:  dbus-1-glib-devel
@@ -82,6 +76,7 @@
 BuildRequires:  pam-devel
 # needed only for dir /usr/share/polkit-1 from policycoreutils-gui
 BuildRequires:  polkit
+BuildRequires:  %{python_module build}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
@@ -208,29 +203,16 @@
 The policycoreutils-dbus package contains the management DBUS API use to manage
 an SELinux environment.
 
-%package sandbox
-Summary:        SELinux sandbox utilities
-Group:          Productivity/Security
-Requires:       %{python_for_executables}-%{name} = %{version}
-Requires:       (xwayland or xorg-x11-server-extra)
-Requires:       selinux-policy-sandbox
-
-%description sandbox
-The sandbox package contains the scripts to create graphical sandboxes.
-
 %prep
-%setup -q -a3 -a5 -a14 -a16 -a18
+%setup -q -a3 -a5 -a14 -a16
 setools_python_pwd="$PWD/selinux-python-%{version}"
 semodule_utils_pwd="$PWD/semodule-utils-%{version}"
 %patch -P0 -p1
-%patch -P2 -p1
+%patch -P2 -p2 -d selinux-python-%{version}
 %patch -P3 -p1
-%patch -P4 -p2
+%patch -P4 -p1
 mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat 
${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen 
${setools_python_pwd}/sepolicy .
 mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link 
${semodule_utils_pwd}/semodule_package .
-%patch -P5 -p1
-%patch -P6 -p1
-%patch -P7 -p2
 
 %build
 export PYTHON="%{python_binary_for_executables}" LIBDIR="%{_libdir}" 
CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro"
@@ -276,11 +258,6 @@
 mkdir -p %{buildroot}%{_datadir}/dbus-1/system.d
 mv %{buildroot}%{_sysconfdir}/dbus-1/system.d/org.selinux.conf 
%{buildroot}%{_datadir}/dbus-1/system.d/org.selinux.conf
 
-# Sandbox
-(cd selinux-sandbox-%{version} && make DESTDIR=%{buildroot} 
SYSCONFDIR=%{_fillupdir} install)
-mv %{buildroot}%{_fillupdir}/sandbox 
%{buildroot}%{_fillupdir}/sysconfig.sandbox
-cp -a %{SOURCE22} .
-
 # GUI apps
 (cd selinux-gui-%{version} && make DESTDIR=%{buildroot} install)
 %if 0%{?suse_version} > 1500
@@ -353,9 +330,6 @@
 %verifyscript newrole
 %verify_permissions -e %{_bindir}/newrole
 
-%post sandbox
-%{fillup_only -n sandbox}
-
 %files
 %{_bindir}/semodule_expand
 %{_bindir}/semodule_link
@@ -519,16 +493,3 @@
 %{_datadir}/polkit-1/actions/org.selinux.config.policy
 %{_datadir}/system-config-selinux/selinux_server.py
 
-%files sandbox
-%dir %{_datadir}/sandbox
-%doc SANDBOX-README.md
-%{_datadir}/locale/*/LC_MESSAGES/selinux-sandbox.mo
-%{_datadir}/sandbox/start
-%{_datadir}/sandbox/sandboxX.sh
-%{_mandir}/man5/sandbox.5%{?ext_man}
-%{_mandir}/man8/sandbox.8%{?ext_man}
-%{_mandir}/man8/seunshare.8%{?ext_man}
-%{_fillupdir}/sysconfig.sandbox
-%{_sbindir}/seunshare
-%{_bindir}/sandbox
-

++++++ policycoreutils-3.10.tar.gz -> policycoreutils-3.11.tar.gz ++++++
++++ 3968 lines of diff (skipped)


++++++ selinux-dbus-3.10.tar.gz -> selinux-dbus-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-dbus-3.10/VERSION 
new/selinux-dbus-3.11/VERSION
--- old/selinux-dbus-3.10/VERSION       2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-dbus-3.11/VERSION       2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-dbus-3.10/selinux_server.py 
new/selinux-dbus-3.11/selinux_server.py
--- old/selinux-dbus-3.10/selinux_server.py     2026-02-02 03:01:16.000000000 
+0100
+++ new/selinux-dbus-3.11/selinux_server.py     2026-07-01 18:51:05.000000000 
+0200
@@ -6,6 +6,7 @@
 from gi.repository import GObject
 from gi.repository import GLib
 import os
+import re
 import selinux
 from subprocess import Popen, PIPE, STDOUT
 
@@ -33,8 +34,7 @@
         if not self.is_authorized(sender, "org.selinux.semanage"):
             raise dbus.exceptions.DBusException("Not authorized")
         p = Popen(["/usr/sbin/semanage", "import"], stdout=PIPE, stderr=PIPE, 
stdin=PIPE, universal_newlines=True)
-        p.stdin.write(buf)
-        output = p.communicate()
+        output = p.communicate(input=buf)
         if p.returncode and p.returncode != 0:
             raise dbus.exceptions.DBusException(output[1])
 
@@ -48,10 +48,9 @@
         if not self.is_authorized(sender, "org.selinux.customized"):
             raise dbus.exceptions.DBusException("Not authorized")
         p = Popen(["/usr/sbin/semanage", "export"], stdout=PIPE, stderr=PIPE, 
universal_newlines=True)
-        buf = p.stdout.read()
-        output = p.communicate()
+        buf, err = p.communicate()
         if p.returncode and p.returncode != 0:
-            raise OSError("Failed to read SELinux configuration: %s", output)
+            raise OSError("Failed to read SELinux configuration: %s" % err)
         return buf
 
     #
@@ -63,10 +62,9 @@
         if not self.is_authorized(sender, "org.selinux.semodule_list"):
             raise dbus.exceptions.DBusException("Not authorized")
         p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE, 
stderr=PIPE, universal_newlines=True)
-        buf = p.stdout.read()
-        output = p.communicate()
+        buf, err = p.communicate()
         if p.returncode and p.returncode != 0:
-            raise OSError("Failed to list SELinux modules: %s", output)
+            raise OSError("Failed to list SELinux modules: %s" % err)
         return buf
 
     #
@@ -140,6 +138,8 @@
     def change_default_policy(self, value, sender):
         if not self.is_authorized(sender, "org.selinux.change_default_policy"):
             raise dbus.exceptions.DBusException("Not authorized")
+        if not re.fullmatch(r'[A-Za-z0-9_.]+', str(value)):
+            raise ValueError("Invalid policy name: %s" % value)
         path = selinux.selinux_path() + value
         if os.path.isdir(path):
             return self.write_selinux_config(policy=value)

++++++ selinux-gui-3.10.tar.gz -> selinux-gui-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-gui-3.10/VERSION new/selinux-gui-3.11/VERSION
--- old/selinux-gui-3.10/VERSION        2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/VERSION        2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-gui-3.10/modulesPage.py 
new/selinux-gui-3.11/modulesPage.py
--- old/selinux-gui-3.10/modulesPage.py 2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/modulesPage.py 2026-07-01 18:51:05.000000000 +0200
@@ -194,7 +194,10 @@
     def add(self, file):
         try:
             self.wait()
-            status, output = getstatusoutput("semodule -i %s" % file)
+            p = Popen(["semodule", "-i", file], stdout=PIPE, stderr=PIPE,
+                      universal_newlines=True)
+            out, err = p.communicate()
+            status, output = p.returncode, (out or "") + (err or "")
             self.ready()
             if status != 0:
                 self.error(output)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-gui-3.10/polgengui.py 
new/selinux-gui-3.11/polgengui.py
--- old/selinux-gui-3.10/polgengui.py   2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/polgengui.py   2026-07-01 18:51:05.000000000 +0200
@@ -85,7 +85,6 @@
 version = "1.0"
 
 sys.path.append('/usr/share/system-config-selinux')
-sys.path.append('.')
 
 # From John Hunter 
http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
 
@@ -98,10 +97,7 @@
 ##
 xml = Gtk.Builder()
 xml.set_translation_domain(PROGNAME)
-if os.access("polgen.ui", os.F_OK):
-    xml.add_from_file("polgen.ui")
-else:
-    xml.add_from_file("/usr/share/system-config-selinux/polgen.ui")
+xml.add_from_file("/usr/share/system-config-selinux/polgen.ui")
 
 FILE = 1
 DIR = 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-gui-3.10/sepolgen 
new/selinux-gui-3.11/sepolgen
--- old/selinux-gui-3.10/sepolgen       2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/sepolgen       2026-07-01 18:51:05.000000000 +0200
@@ -1,2 +1,2 @@
 #!/bin/sh
-sepolicy generate $*
+exec sepolicy generate "$@"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-gui-3.10/system-config-selinux.py 
new/selinux-gui-3.11/system-config-selinux.py
--- old/selinux-gui-3.10/system-config-selinux.py       2026-02-02 
03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/system-config-selinux.py       2026-07-01 
18:51:05.000000000 +0200
@@ -74,10 +74,7 @@
 ##
 xml = Gtk.Builder()
 xml.set_translation_domain(PROGNAME)
-if os.access("system-config-selinux.ui", os.F_OK):
-    xml.add_from_file("system-config-selinux.ui")
-else:
-    
xml.add_from_file("/usr/share/system-config-selinux/system-config-selinux.ui")
+xml.add_from_file("/usr/share/system-config-selinux/system-config-selinux.ui")
 
 
 class childWindow:

++++++ selinux-python-3.10.tar.gz -> selinux-python-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/VERSION 
new/selinux-python-3.11/VERSION
--- old/selinux-python-3.10/VERSION     2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-python-3.11/VERSION     2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/selinux-python-3.10/audit2allow/sepolgen-ifgen-attr-helper.c 
new/selinux-python-3.11/audit2allow/sepolgen-ifgen-attr-helper.c
--- old/selinux-python-3.10/audit2allow/sepolgen-ifgen-attr-helper.c    
2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-python-3.11/audit2allow/sepolgen-ifgen-attr-helper.c    
2026-07-01 18:51:05.000000000 +0200
@@ -46,7 +46,7 @@
        struct val_to_name *v = data;
        perm_datum_t *perdatum;
 
-       perdatum = (perm_datum_t *) datum;
+       perdatum = (perm_datum_t *)datum;
 
        if (v->val == perdatum->s.value) {
                v->name = key;
@@ -56,8 +56,8 @@
        return 0;
 }
 
-static int render_access_mask(uint32_t av, avtab_key_t *key, policydb_t 
*policydbp,
-                      FILE *fp)
+static int render_access_mask(uint32_t av, avtab_key_t *key,
+                             policydb_t *policydbp, FILE *fp)
 {
        struct val_to_name v;
        class_datum_t *cladatum;
@@ -70,12 +70,12 @@
        for (i = 0; i < cladatum->permissions.nprim; i++) {
                if (av & (1 << i)) {
                        v.val = i + 1;
-                       rc = hashtab_map(cladatum->permissions.table,
-                                        perm_name, &v);
+                       rc = hashtab_map(cladatum->permissions.table, perm_name,
+                                        &v);
                        if (!rc && cladatum->comdatum) {
-                               rc = hashtab_map(cladatum->comdatum->
-                                                permissions.table, perm_name,
-                                                &v);
+                               rc = hashtab_map(
+                                       cladatum->comdatum->permissions.table,
+                                       perm_name, &v);
                        }
                        if (rc)
                                perm = v.name;
@@ -104,8 +104,7 @@
        return 0;
 }
 
-struct callback_data
-{
+struct callback_data {
        uint32_t attr;
        policydb_t *policy;
        FILE *fp;
@@ -128,7 +127,8 @@
        return 0;
 }
 
-static int attribute_callback(hashtab_key_t key, hashtab_datum_t datum, void 
*datap)
+static int attribute_callback(hashtab_key_t key, hashtab_datum_t datum,
+                             void *datap)
 {
        struct callback_data *cb_data = (struct callback_data *)datap;
        type_datum_t *t = (type_datum_t *)datum;
@@ -136,9 +136,11 @@
        if (t->flavor == TYPE_ATTRIB) {
                fprintf(cb_data->fp, "[Attribute %s]\n", key);
                cb_data->attr = t->s.value;
-               if (avtab_map(&cb_data->policy->te_avtab, output_avrule, 
cb_data) < 0)
+               if (avtab_map(&cb_data->policy->te_avtab, output_avrule,
+                             cb_data) < 0)
                        return -1;
-               if (avtab_map(&cb_data->policy->te_cond_avtab, output_avrule, 
cb_data) < 0)
+               if (avtab_map(&cb_data->policy->te_cond_avtab, output_avrule,
+                             cb_data) < 0)
                        return -1;
        }
 
@@ -164,8 +166,10 @@
         * starting from the maximum supported policy version.
         */
        if (!filename) {
-               for (suffix_ver = sepol_policy_kern_vers_max(); suffix_ver > 0; 
suffix_ver--) {
-                       snprintf(pathname, sizeof(pathname), "%s.%d", 
selinux_binary_policy_path(), suffix_ver);
+               for (suffix_ver = sepol_policy_kern_vers_max(); suffix_ver > 0;
+                    suffix_ver--) {
+                       snprintf(pathname, sizeof(pathname), "%s.%d",
+                                selinux_binary_policy_path(), suffix_ver);
 
                        if (access(pathname, F_OK) == 0) {
                                filename = pathname;
@@ -182,8 +186,8 @@
 
        fp = fopen(filename, "r");
        if (fp == NULL) {
-               fprintf(stderr, "Can't open '%s':  %s\n",
-                       filename, strerror(errno));
+               fprintf(stderr, "Can't open '%s':  %s\n", filename,
+                       strerror(errno));
                return NULL;
        }
 
@@ -208,7 +212,8 @@
        ret = policydb_read(policydb, &pf, 1);
        if (ret) {
                fprintf(stderr,
-                       "error(s) encountered while parsing configuration\n");
+                       "error(s) encountered while parsing configuration %s\n",
+                       filename);
                free(policydb);
                fclose(fp);
                return NULL;
@@ -217,7 +222,6 @@
        fclose(fp);
 
        return policydb;
-
 }
 
 static void usage(char *progname)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/semanage/semanage-fcontext.8 
new/selinux-python-3.11/semanage/semanage-fcontext.8
--- old/selinux-python-3.10/semanage/semanage-fcontext.8        2026-02-02 
03:01:16.000000000 +0100
+++ new/selinux-python-3.11/semanage/semanage-fcontext.8        2026-07-01 
18:51:05.000000000 +0200
@@ -67,7 +67,7 @@
 Remove all local customizations
 .TP
 .I   \-e TARGET_PATH, \-\-equal TARGET_PATH
-Substitute FILE_SPEC with TARGET_PATH for file label lookup. This is used with 
fcontext. Requires source and target path arguments to be path prefixes and 
does not support regular expressions. The context labeling for the target 
subtree is made equivalent to that defined for the source.
+Substitute FILE_SPEC with TARGET_PATH for file label lookup. This is used with 
fcontext. Requires source and target path arguments to be path prefixes and 
does not support regular expressions. The context labeling for the target 
subtree is made equivalent to that defined for the source. Note that 
substitution based on another substitution does not work.
 .TP
 .I   \-f [{a,f,d,c,b,s,l,p}], \-\-ftype [{a,f,d,c,b,s,l,p}]
 File Type. This is used with fcontext. Requires a file type as shown in the 
mode field by ls, e.g. use 'd' to match only directories or 'f' to match only 
regular files. The following file type options can be passed: f (regular 
file),d (directory),c (character device), b (block device),s (socket),l 
(symbolic link),p (named pipe).  If you do not specify a file type, the file 
type will default to "all files".
@@ -94,6 +94,10 @@
 # semanage fcontext \-a \-e /home /home1
 # restorecon \-R \-v /home1
 
+If you substitute /home2 with /home1 from the example above it will not work. 
You must use direct substitution
+# semanage fcontext \-a \-e /home /home2
+# restorecon \-R \-v /home2
+
 For home directories under top level directory, for example /disk6/home,
 execute the following commands.
 # semanage fcontext \-a \-t home_root_t "/disk6"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/semanage/seobject.py 
new/selinux-python-3.11/semanage/seobject.py
--- old/selinux-python-3.10/semanage/seobject.py        2026-02-02 
03:01:16.000000000 +0100
+++ new/selinux-python-3.11/semanage/seobject.py        2026-07-01 
18:51:05.000000000 +0200
@@ -106,9 +106,12 @@
     audit.audit_close(audit.audit_open())
 
     class logger:
+        audit_fd = None
 
         def __init__(self):
-            self.audit_fd = audit.audit_open()
+            if logger.audit_fd is None:
+                logger.audit_fd = audit.audit_open()
+
             self.log_list = []
             self.log_change_list = []
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/sepolgen/VERSION 
new/selinux-python-3.11/sepolgen/VERSION
--- old/selinux-python-3.10/sepolgen/VERSION    2026-02-02 03:01:16.000000000 
+0100
+++ new/selinux-python-3.11/sepolgen/VERSION    2026-07-01 18:51:05.000000000 
+0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/.gitignore 
new/selinux-python-3.11/sepolicy/.gitignore
--- old/selinux-python-3.10/sepolicy/.gitignore 2026-02-02 03:01:16.000000000 
+0100
+++ new/selinux-python-3.11/sepolicy/.gitignore 2026-07-01 18:51:05.000000000 
+0200
@@ -2,3 +2,4 @@
 tmp
 *.bak
 sepolicy.egg-info/
+dist/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/Makefile 
new/selinux-python-3.11/sepolicy/Makefile
--- old/selinux-python-3.10/sepolicy/Makefile   2026-02-02 03:01:16.000000000 
+0100
+++ new/selinux-python-3.11/sepolicy/Makefile   2026-07-01 18:51:05.000000000 
+0200
@@ -14,11 +14,10 @@
 all: python-build
 
 python-build:
-       $(PYTHON) setup.py build
+       $(PYTHON) -m build --no-isolation --wheel .
 
 clean:
-       $(PYTHON) setup.py clean
-       -rm -rf build *~ \#* *pyc .#* sepolicy.egg-info/
+       -rm -rf build dist *.egg-info *~ \#* *pyc .#*
 
 sepolgen:
        ln -sf sepolicy sepolgen
@@ -26,8 +25,8 @@
 test:
        @$(PYTHON) test_sepolicy.py -v
 
-install:
-       $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && 
echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
+install: python-build
+       $(PYTHON) -m pip install --no-build-isolation --force-reinstall 
--prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) 
--ignore-installed --no-deps` dist/*.whl
        [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
        install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
        (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/sepolicy/generate.py 
new/selinux-python-3.11/sepolicy/sepolicy/generate.py
--- old/selinux-python-3.10/sepolicy/sepolicy/generate.py       2026-02-02 
03:01:16.000000000 +0100
+++ new/selinux-python-3.11/sepolicy/sepolicy/generate.py       2026-07-01 
18:51:05.000000000 +0200
@@ -1322,6 +1322,9 @@
         import dnf
 
         with dnf.Base() as base:
+            if base.conf.substitutions.get('releasever') is None:
+                base.conf.substitutions['releasever'] = ''
+
             base.read_all_repos()
             base.fill_sack(load_system_repo=True)
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/setup.py 
new/selinux-python-3.11/sepolicy/setup.py
--- old/selinux-python-3.10/sepolicy/setup.py   2026-02-02 03:01:16.000000000 
+0100
+++ new/selinux-python-3.11/sepolicy/setup.py   2026-07-01 18:51:05.000000000 
+0200
@@ -6,7 +6,7 @@
 
 setup(
     name="sepolicy",
-    version="3.10",
+    version="3.11",
     description="Python SELinux Policy Analyses bindings",
     author="Daniel Walsh",
     author_email="[email protected]",

++++++ semodule-utils-3.10.tar.gz -> semodule-utils-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/semodule-utils-3.10/VERSION 
new/semodule-utils-3.11/VERSION
--- old/semodule-utils-3.10/VERSION     2026-02-02 03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/VERSION     2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/semodule-utils-3.10/semodule_expand/semodule_expand.c 
new/semodule-utils-3.11/semodule_expand/semodule_expand.c
--- old/semodule-utils-3.10/semodule_expand/semodule_expand.c   2026-02-02 
03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_expand/semodule_expand.c   2026-07-01 
18:51:05.000000000 +0200
@@ -32,7 +32,8 @@
 int main(int argc, char **argv)
 {
        const char *basename, *outname;
-       int ch, ret, show_version = 0, verbose = 0, policyvers = 0, 
check_assertions = 1;
+       int ch, ret, show_version = 0, verbose = 0, policyvers = 0,
+                    check_assertions = 1;
        struct sepol_policy_file *pf = NULL;
        sepol_module_package_t *base = NULL;
        sepol_policydb_t *out = NULL, *p;
@@ -50,35 +51,35 @@
                case 'h':
                        usage(argv[0]);
                        return EXIT_SUCCESS;
-               case 'c':{
-                               long int n;
+               case 'c': {
+                       long int n;
 
-                               errno = 0;
-                               n = strtol(optarg, NULL, 10);
-                               if (errno) {
-                                       fprintf(stderr,
-                                               "%s:  Invalid policyvers 
specified: %s\n",
-                                               argv[0], optarg);
-                                       usage(argv[0]);
-                                       return EXIT_FAILURE;
-                               }
-                               if (n < sepol_policy_kern_vers_min()
-                                   || n > sepol_policy_kern_vers_max()) {
-                                       fprintf(stderr,
-                                               "%s:  policyvers value %ld not 
in range %d-%d\n",
-                                               argv[0], n,
-                                               sepol_policy_kern_vers_min(),
-                                               sepol_policy_kern_vers_max());
-                                       usage(argv[0]);
-                                       return EXIT_FAILURE;
-                               }
-                               policyvers = n;
-                               break;
+                       errno = 0;
+                       n = strtol(optarg, NULL, 10);
+                       if (errno) {
+                               fprintf(stderr,
+                                       "%s:  Invalid policyvers specified: 
%s\n",
+                                       argv[0], optarg);
+                               usage(argv[0]);
+                               return EXIT_FAILURE;
                        }
-               case 'a':{
-                               check_assertions = 0;
-                               break;
+                       if (n < sepol_policy_kern_vers_min() ||
+                           n > sepol_policy_kern_vers_max()) {
+                               fprintf(stderr,
+                                       "%s:  policyvers value %ld not in range 
%d-%d\n",
+                                       argv[0], n,
+                                       sepol_policy_kern_vers_min(),
+                                       sepol_policy_kern_vers_max());
+                               usage(argv[0]);
+                               return EXIT_FAILURE;
                        }
+                       policyvers = n;
+                       break;
+               }
+               case 'a': {
+                       check_assertions = 0;
+                       break;
+               }
                default:
                        usage(argv[0]);
                        return EXIT_FAILURE;
@@ -126,8 +127,8 @@
 
        fp = fopen(basename, "re");
        if (!fp) {
-               fprintf(stderr, "%s:  Can't open '%s':  %s\n",
-                       argv[0], basename, strerror(errno));
+               fprintf(stderr, "%s:  Can't open '%s':  %s\n", argv[0],
+                       basename, strerror(errno));
                goto failure;
        }
 
@@ -173,8 +174,8 @@
 
        outfile = fopen(outname, "we");
        if (!outfile) {
-               fprintf(stderr, "%s:  Can't open '%s':  %s\n",
-                       argv[0], outname, strerror(errno));
+               fprintf(stderr, "%s:  Can't open '%s':  %s\n", argv[0], outname,
+                       strerror(errno));
                goto failure;
        }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/semodule-utils-3.10/semodule_link/semodule_link.c 
new/semodule-utils-3.11/semodule_link/semodule_link.c
--- old/semodule-utils-3.10/semodule_link/semodule_link.c       2026-02-02 
03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_link/semodule_link.c       2026-07-01 
18:51:05.000000000 +0200
@@ -27,7 +27,8 @@
               program_name);
 }
 
-static sepol_module_package_t *load_module(const char *filename, const char 
*progname)
+static sepol_module_package_t *load_module(const char *filename,
+                                          const char *progname)
 {
        int ret;
        FILE *fp = NULL;
@@ -44,8 +45,8 @@
        }
        fp = fopen(filename, "re");
        if (!fp) {
-               fprintf(stderr, "%s:  Could not open package %s:  %s\n", 
progname,
-                       filename, strerror(errno));
+               fprintf(stderr, "%s:  Could not open package %s:  %s\n",
+                       progname, filename, strerror(errno));
                goto bad;
        }
        sepol_policy_file_set_fp(pf, fp);
@@ -61,7 +62,7 @@
        fclose(fp);
        sepol_policy_file_free(pf);
        return p;
-      bad:
+bad:
        sepol_module_package_free(p);
        sepol_policy_file_free(pf);
        if (fp)
@@ -144,7 +145,8 @@
        if (outname) {
                FILE *outfile = fopen(outname, "we");
                if (!outfile) {
-                       fprintf(stderr, "%s:  Could not open output file %s:  
%s\n",
+                       fprintf(stderr,
+                               "%s:  Could not open output file %s:  %s\n",
                                argv[0], outname, strerror(errno));
                        goto failure;
                }
@@ -165,7 +167,8 @@
                sepol_policy_file_free(pf);
 
                if (fclose(outfile)) {
-                       fprintf(stderr, "%s:  Error closing linked package:  
%s\n",
+                       fprintf(stderr,
+                               "%s:  Error closing linked package:  %s\n",
                                argv[0], strerror(errno));
                        goto failure;
                }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/semodule-utils-3.10/semodule_package/semodule_package.c 
new/semodule-utils-3.11/semodule_package/semodule_package.c
--- old/semodule-utils-3.10/semodule_package/semodule_package.c 2026-02-02 
03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_package/semodule_package.c 2026-07-01 
18:51:05.000000000 +0200
@@ -28,13 +28,13 @@
        printf("  -m --module           Module file (required)\n");
        printf("  -f --fc               File contexts file\n");
        printf("  -s --seuser           Seusers file (only valid in base)\n");
-       printf
-           ("  -u --user_extra user_extra file (only valid in base)\n");
+       printf("  -u --user_extra       user_extra file (only valid in 
base)\n");
        printf("  -n --nc               Netfilter contexts file\n");
        printf("  -h --help             Show this help message\n");
 }
 
-static int file_to_data(const char *path, char **data, size_t * len, const 
char *progname)
+static int file_to_data(const char *path, char **data, size_t *len,
+                       const char *progname)
 {
        int fd;
        struct stat sb;
@@ -64,7 +64,7 @@
        *len = sb.st_size;
        close(fd);
        return 0;
-      err:
+err:
        close(fd);
        return -1;
 }
@@ -74,26 +74,27 @@
        struct sepol_module_package *pkg = NULL;
        struct sepol_policy_file *mod = NULL, *out = NULL;
        FILE *fp = NULL;
-       char *module = NULL, *file_contexts = NULL, *seusers =
-           NULL, *user_extra = NULL;
-       char *fcdata = NULL, *outfile = NULL, *seusersdata =
-           NULL, *user_extradata = NULL;
+       char *module = NULL, *file_contexts = NULL, *seusers = NULL,
+            *user_extra = NULL;
+       char *fcdata = NULL, *outfile = NULL, *seusersdata = NULL,
+            *user_extradata = NULL;
        char *netfilter_contexts = NULL, *ncdata = NULL;
        size_t fclen = 0, seuserslen = 0, user_extralen = 0, nclen = 0;
        int i, ret;
 
        const struct option opts[] = {
-               {"module", required_argument, NULL, 'm'},
-               {"fc", required_argument, NULL, 'f'},
-               {"seuser", required_argument, NULL, 's'},
-               {"user_extra", required_argument, NULL, 'u'},
-               {"nc", required_argument, NULL, 'n'},
-               {"outfile", required_argument, NULL, 'o'},
-               {"help", 0, NULL, 'h'},
-               {NULL, 0, NULL, 0}
+               { "module", required_argument, NULL, 'm' },
+               { "fc", required_argument, NULL, 'f' },
+               { "seuser", required_argument, NULL, 's' },
+               { "user_extra", required_argument, NULL, 'u' },
+               { "nc", required_argument, NULL, 'n' },
+               { "outfile", required_argument, NULL, 'o' },
+               { "help", 0, NULL, 'h' },
+               { NULL, 0, NULL, 0 }
        };
 
-       while ((i = getopt_long(argc, argv, "m:f:s:u:o:n:h", opts, NULL)) != 
-1) {
+       while ((i = getopt_long(argc, argv, "m:f:s:u:o:n:h", opts, NULL)) !=
+              -1) {
                switch (i) {
                case 'h':
                        usage(argv[0]);
@@ -106,7 +107,8 @@
                        }
                        module = strdup(optarg);
                        if (!module) {
-                               fprintf(stderr, "%s:  Out of memory\n", 
argv[0]);
+                               fprintf(stderr, "%s:  Out of memory\n",
+                                       argv[0]);
                                return EXIT_FAILURE;
                        }
                        break;
@@ -118,7 +120,8 @@
                        }
                        file_contexts = strdup(optarg);
                        if (!file_contexts) {
-                               fprintf(stderr, "%s:  Out of memory\n", 
argv[0]);
+                               fprintf(stderr, "%s:  Out of memory\n",
+                                       argv[0]);
                                return EXIT_FAILURE;
                        }
                        break;
@@ -130,7 +133,8 @@
                        }
                        outfile = strdup(optarg);
                        if (!outfile) {
-                               fprintf(stderr, "%s:  Out of memory\n", 
argv[0]);
+                               fprintf(stderr, "%s:  Out of memory\n",
+                                       argv[0]);
                                return EXIT_FAILURE;
                        }
                        break;
@@ -142,7 +146,8 @@
                        }
                        seusers = strdup(optarg);
                        if (!seusers) {
-                               fprintf(stderr, "%s:  Out of memory\n", 
argv[0]);
+                               fprintf(stderr, "%s:  Out of memory\n",
+                                       argv[0]);
                                return EXIT_FAILURE;
                        }
                        break;
@@ -154,7 +159,8 @@
                        }
                        user_extra = strdup(optarg);
                        if (!user_extra) {
-                               fprintf(stderr, "%s:  Out of memory\n", 
argv[0]);
+                               fprintf(stderr, "%s:  Out of memory\n",
+                                       argv[0]);
                                return EXIT_FAILURE;
                        }
                        break;
@@ -166,7 +172,8 @@
                        }
                        netfilter_contexts = strdup(optarg);
                        if (!netfilter_contexts) {
-                               fprintf(stderr, "%s:  Out of memory\n", 
argv[0]);
+                               fprintf(stderr, "%s:  Out of memory\n",
+                                       argv[0]);
                                return EXIT_FAILURE;
                        }
                        break;
@@ -177,9 +184,10 @@
        }
 
        if (optind < argc) {
-               fprintf(stderr, "%s:  Superfluous command line arguments: ", 
argv[0]);
+               fprintf(stderr,
+                       "%s:  Superfluous command line arguments: ", argv[0]);
                while (optind < argc)
-                        fprintf(stderr, "%s ", argv[optind++]);
+                       fprintf(stderr, "%s ", argv[optind++]);
                fprintf(stderr, "\n");
                usage(argv[0]);
                return EXIT_FAILURE;
@@ -190,16 +198,20 @@
                return EXIT_FAILURE;
        }
 
-       if (file_contexts && file_to_data(file_contexts, &fcdata, &fclen, 
argv[0]))
+       if (file_contexts &&
+           file_to_data(file_contexts, &fcdata, &fclen, argv[0]))
                goto failure;
 
-       if (seusers && file_to_data(seusers, &seusersdata, &seuserslen, 
argv[0]))
+       if (seusers &&
+           file_to_data(seusers, &seusersdata, &seuserslen, argv[0]))
                goto failure;
 
-       if (user_extra && file_to_data(user_extra, &user_extradata, 
&user_extralen, argv[0]))
+       if (user_extra &&
+           file_to_data(user_extra, &user_extradata, &user_extralen, argv[0]))
                goto failure;
 
-       if (netfilter_contexts && file_to_data(netfilter_contexts, &ncdata, 
&nclen, argv[0]))
+       if (netfilter_contexts &&
+           file_to_data(netfilter_contexts, &ncdata, &nclen, argv[0]))
                goto failure;
 
        if (sepol_policy_file_create(&mod)) {
@@ -230,23 +242,30 @@
        fclose(fp);
        fp = NULL;
 
-       if (fclen && sepol_module_package_set_file_contexts(pkg, fcdata, 
fclen)) {
-               fprintf(stderr, "%s:  Error while setting file contexts\n", 
argv[0]);
+       if (fclen &&
+           sepol_module_package_set_file_contexts(pkg, fcdata, fclen)) {
+               fprintf(stderr, "%s:  Error while setting file contexts\n",
+                       argv[0]);
                goto failure;
        }
 
-       if (seuserslen && sepol_module_package_set_seusers(pkg, seusersdata, 
seuserslen)) {
+       if (seuserslen &&
+           sepol_module_package_set_seusers(pkg, seusersdata, seuserslen)) {
                fprintf(stderr, "%s:  Error while setting seusers\n", argv[0]);
                goto failure;
        }
 
-       if (user_extra && sepol_module_package_set_user_extra(pkg, 
user_extradata, user_extralen)) {
-               fprintf(stderr, "%s:  Error while setting extra users\n", 
argv[0]);
+       if (user_extra && sepol_module_package_set_user_extra(
+                                 pkg, user_extradata, user_extralen)) {
+               fprintf(stderr, "%s:  Error while setting extra users\n",
+                       argv[0]);
                goto failure;
        }
 
-       if (nclen && sepol_module_package_set_netfilter_contexts(pkg, ncdata, 
nclen)) {
-               fprintf(stderr, "%s:  Error while setting netfilter 
contexts\n", argv[0]);
+       if (nclen &&
+           sepol_module_package_set_netfilter_contexts(pkg, ncdata, nclen)) {
+               fprintf(stderr, "%s:  Error while setting netfilter contexts\n",
+                       argv[0]);
                goto failure;
        }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/semodule-utils-3.10/semodule_package/semodule_unpackage.c 
new/semodule-utils-3.11/semodule_package/semodule_unpackage.c
--- old/semodule-utils-3.10/semodule_package/semodule_unpackage.c       
2026-02-02 03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_package/semodule_unpackage.c       
2026-07-01 18:51:05.000000000 +0200
@@ -47,13 +47,15 @@
 
        fp = fopen(ppfile, "r");
        if (!fp) {
-               fprintf(stderr, "%s:  Could not open file %s:  %s\n", argv[0], 
ppfile, strerror(errno));
+               fprintf(stderr, "%s:  Could not open file %s:  %s\n", argv[0],
+                       ppfile, strerror(errno));
                goto failure;
        }
        sepol_policy_file_set_fp(in, fp);
 
        if (sepol_module_package_read(pkg, in, 0) == -1) {
-               fprintf(stderr, "%s:  Error while reading policy module from 
%s\n",
+               fprintf(stderr,
+                       "%s:  Error while reading policy module from %s\n",
                        argv[0], ppfile);
                goto failure;
        }
@@ -70,20 +72,23 @@
 
        fp = fopen(modfile, "w");
        if (!fp) {
-               fprintf(stderr, "%s:  Could not open file %s:  %s\n", argv[0], 
modfile, strerror(errno));
+               fprintf(stderr, "%s:  Could not open file %s:  %s\n", argv[0],
+                       modfile, strerror(errno));
                goto failure;
        }
        sepol_policy_file_set_fp(out, fp);
 
        if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) {
-               fprintf(stderr, "%s:  Error while writing module to %s\n", 
argv[0], modfile);
+               fprintf(stderr, "%s:  Error while writing module to %s\n",
+                       argv[0], modfile);
                goto failure;
        }
 
        ret = fclose(fp);
        fp = NULL;
        if (ret) {
-               fprintf(stderr, "%s:  Error while closing file %s:  %s\n", 
argv[0], modfile, strerror(errno));
+               fprintf(stderr, "%s:  Error while closing file %s:  %s\n",
+                       argv[0], modfile, strerror(errno));
                goto failure;
        }
 
@@ -94,19 +99,22 @@
        if (fcfile && len) {
                fp = fopen(fcfile, "w");
                if (!fp) {
-                       fprintf(stderr, "%s:  Could not open file %s:  %s\n", 
argv[0], fcfile, strerror(errno));
+                       fprintf(stderr, "%s:  Could not open file %s:  %s\n",
+                               argv[0], fcfile, strerror(errno));
                        goto failure;
                }
                fcdata = sepol_module_package_get_file_contexts(pkg);
                if (fwrite(fcdata, 1, len, fp) != len) {
-                       fprintf(stderr, "%s:  Could not write file %s:  %s\n", 
argv[0], fcfile, strerror(errno));
+                       fprintf(stderr, "%s:  Could not write file %s:  %s\n",
+                               argv[0], fcfile, strerror(errno));
                        goto failure;
                }
 
                ret = fclose(fp);
                fp = NULL;
                if (ret) {
-                       fprintf(stderr, "%s:  Could not close file %s:  %s\n", 
argv[0], fcfile, strerror(errno));
+                       fprintf(stderr, "%s:  Could not close file %s:  %s\n",
+                               argv[0], fcfile, strerror(errno));
                        goto failure;
                }
        }

++++++ usr_etc.patch ++++++
--- /var/tmp/diff_new_pack.QzwsRV/_old  2026-07-13 14:25:51.110872913 +0200
+++ /var/tmp/diff_new_pack.QzwsRV/_new  2026-07-13 14:25:51.122873323 +0200
@@ -11,10 +11,10 @@
  policycoreutils/sestatus/sestatus.conf.5 |  2 +-
  4 files changed, 90 insertions(+), 5 deletions(-)
 
-diff --git a/policycoreutils/sestatus/Makefile 
b/policycoreutils/sestatus/Makefile
-index aebf050c2..bb1f6bda0 100644
---- a/policycoreutils/sestatus/Makefile
-+++ b/policycoreutils/sestatus/Makefile
+Index: policycoreutils/sestatus/Makefile
+===================================================================
+--- policycoreutils.orig/sestatus/Makefile
++++ policycoreutils/sestatus/Makefile
 @@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR = $(PREFIX)/share/man
@@ -23,7 +23,7 @@
  
  CFLAGS ?= -Werror -Wall -W
  override CFLAGS += -I../../libselinux/include -D_FILE_OFFSET_BITS=64
-@@ -13,6 +14,13 @@ override LDLIBS += -lselinux
+@@ -14,6 +15,13 @@ override LDLIBS += $(LIBSELINUX_LDLIBS)
  all: sestatus
  
  sestatus: sestatus.o
@@ -37,10 +37,10 @@
  
  install: all
        [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
-diff --git a/policycoreutils/sestatus/sestatus.c 
b/policycoreutils/sestatus/sestatus.c
-index 6c95828ed..f80612dcd 100644
---- a/policycoreutils/sestatus/sestatus.c
-+++ b/policycoreutils/sestatus/sestatus.c
+Index: policycoreutils/sestatus/sestatus.c
+===================================================================
+--- policycoreutils.orig/sestatus/sestatus.c
++++ policycoreutils/sestatus/sestatus.c
 @@ -21,11 +21,16 @@
  
  #define PROC_BASE "/proc"
@@ -61,16 +61,15 @@
  
  /* buffer size for cmp_cmdline */
  #define BUFSIZE 255
-@@ -92,9 +97,75 @@ static int pidof(const char *command)
+@@ -91,8 +96,75 @@ static int pidof(const char *command)
        return ret;
  }
  
--static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
 +#ifdef VENDORDIR
 +#include <libeconf.h>
 +
 +static void load_checks_with_vendor_settings(char *pc[], int *npc, char 
*fc[], int *nfc)
- {
++{
 +      econf_file *key_file = NULL;
 +      econf_err error;
 +      char **keys;
@@ -123,14 +122,14 @@
 +              }
 +              econf_free (keys);
 +      }
- 
++
 +      econf_free (key_file);
 +      return;
 +}
 +#endif
 +
-+static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
-+{
+ static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
+ {
 +#ifdef VENDORDIR
 +      load_checks_with_vendor_settings(pc, npc, fc, nfc);
 +      return;
@@ -138,11 +137,11 @@
        FILE *fp = fopen(CONF, "r");
        char buf[255], *bufp;
        int buf_len, section = -1;
-diff --git a/policycoreutils/sestatus/sestatus.conf.5 
b/policycoreutils/sestatus/sestatus.conf.5
-index acfedf6f5..01f8051d2 100644
---- a/policycoreutils/sestatus/sestatus.conf.5
-+++ b/policycoreutils/sestatus/sestatus.conf.5
-@@ -8,7 +8,7 @@ The \fIsestatus.conf\fR file is used by the \fBsestatus\fR(8) 
command with the \
+Index: policycoreutils/sestatus/sestatus.conf.5
+===================================================================
+--- policycoreutils.orig/sestatus/sestatus.conf.5
++++ policycoreutils/sestatus/sestatus.conf.5
+@@ -8,7 +8,7 @@ The \fIsestatus.conf\fR file is used by
  .sp
  The fully qualified path name of the configuration file is:
  .RS

Reply via email to