Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package policycoreutils for openSUSE:Factory
checked in at 2026-07-13 14:25:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/policycoreutils (Old)
and /work/SRC/openSUSE:Factory/.policycoreutils.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "policycoreutils"
Mon Jul 13 14:25:33 2026 rev:91 rq:1364579 version:3.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/policycoreutils/policycoreutils.changes
2026-06-11 17:26:20.003744573 +0200
+++
/work/SRC/openSUSE:Factory/.policycoreutils.new.1991/policycoreutils.changes
2026-07-13 14:25:45.042665435 +0200
@@ -1,0 +2,48 @@
+Tue Jul 7 11:47:35 UTC 2026 - Robert Frohl <[email protected]>
+
+- Move the sandbox subpackage to the separate selinux-sandbox package
(bsc#1270534)
+ drop policycoreutils-sandbox-fix-cleanup.patch
+
+-------------------------------------------------------------------
+Mon Jul 6 13:37:11 UTC 2026 - Cathy Hu <[email protected]>
+
+- Update to version 3.11
+ https://github.com/SELinuxProject/selinux/releases/tag/3.11
+ - User-visible changes:
+ - Several security improvements in dbus and gui
+ - Dropped Python 2 support from audit2why
+ - Added `setfiles -A` option to disable SELINUX_RESTORECON_ADD_ASSOC
+ - restorecon only logs error on read-only filesystem instead of failing
(allows
+ relabeling with read-only BTRFS subvolumes)
+ - Introduced a new SELINUX_RESTORECON_SKIP_MULTILINK flag to
+ selinux_restorecon(3); if set, then selinux_restorecon(3) will refuse to
+ relabel files with multiple hard links to prevent mislabeling them.
Updated
+ restorecond(8) to always pass this flag when relabeling files to prevent
+ mislabeling hard links to files owned by others, e.g. when relabeling
user
+ home directories or /tmp.
+ - Fixed semanage audit fd creation to avoid hitting RLIMIT_NOFILE on large
+ semanage import operations (#291).
+ - Improved semanage-fcontext(8) manpage
+ - Fixed dispol and dismod to show all options in the -h text.
+ - Development-relevant changes:
+ - Reformatted entire tree based on .clang-format and added new
+ check-format/format make targets to check and/or reformat code to match.
+ This is now a requirement for new patches.
+ - Updated pywrap build targets for modern python builds using the Python3
build
+ module.
+ - Disabled build isolation for sepolicy python module.
+ - Fixed build errors with glibc 2.43.
+ - Updated pywrap build targets for modern python builds using the Python3
build
+ module.
+- Packaging changes:
+ - Drop sepolicy-build-isolation.patch
+ was accepted upstream
+ - Drop sandbox-sandbox-fix-saving-file-changes.patch
+ was accepted upstream
+ - Add python-build as new BuildRequires
+ - Rewrite policycoreutils-sandbox-fix-cleanup.patch
+ Code was rewritten upstream, dropped the part in seunshare.c
+ - Rewrite usr_etc.patch
+ Did not apply anymore due to code changes
+
+-------------------------------------------------------------------
Old:
----
SANDBOX-README.md
policycoreutils-3.10.tar.gz
policycoreutils-3.10.tar.gz.asc
policycoreutils-sandbox-fix-cleanup.patch
sandbox-sandbox-fix-saving-file-changes.patch
selinux-dbus-3.10.tar.gz
selinux-dbus-3.10.tar.gz.asc
selinux-gui-3.10.tar.gz
selinux-gui-3.10.tar.gz.asc
selinux-python-3.10.tar.gz
selinux-python-3.10.tar.gz.asc
selinux-sandbox-3.10.tar.gz
selinux-sandbox-3.10.tar.gz.asc
semodule-utils-3.10.tar.gz
semodule-utils-3.10.tar.gz.asc
sepolicy-build-isolation.patch
New:
----
policycoreutils-3.11.tar.gz
policycoreutils-3.11.tar.gz.asc
selinux-dbus-3.11.tar.gz
selinux-dbus-3.11.tar.gz.asc
selinux-gui-3.11.tar.gz
selinux-gui-3.11.tar.gz.asc
selinux-python-3.11.tar.gz
selinux-python-3.11.tar.gz.asc
semodule-utils-3.11.tar.gz
semodule-utils-3.11.tar.gz.asc
----------(Old B)----------
Old:- Move the sandbox subpackage to the separate selinux-sandbox package
(bsc#1270534)
drop policycoreutils-sandbox-fix-cleanup.patch
Old: was accepted upstream
- Drop sandbox-sandbox-fix-saving-file-changes.patch
was accepted upstream
Old:- Packaging changes:
- Drop sepolicy-build-isolation.patch
was accepted upstream
----------(Old E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ policycoreutils.spec ++++++
--- /var/tmp/diff_new_pack.QzwsRV/_old 2026-07-13 14:25:49.482817247 +0200
+++ /var/tmp/diff_new_pack.QzwsRV/_new 2026-07-13 14:25:49.482817247 +0200
@@ -30,12 +30,12 @@
%endif
%define libaudit_ver 2.2
-%define libsepol_ver 3.10
-%define libsemanage_ver 3.10
-%define libselinux_ver 3.10
+%define libsepol_ver 3.11
+%define libsemanage_ver 3.11
+%define libselinux_ver 3.11
%define setools_ver 4.1.1
Name: policycoreutils
-Version: 3.10
+Version: 3.11
Release: 0
Summary: SELinux policy core utilities
License: GPL-2.0-or-later
@@ -53,18 +53,12 @@
Source15:
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-gui-%{version}.tar.gz.asc
Source16:
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-dbus-%{version}.tar.gz
Source17:
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-dbus-%{version}.tar.gz.asc
-Source18:
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-sandbox-%{version}.tar.gz
-Source19:
https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-sandbox-%{version}.tar.gz.asc
Source20: policycoreutils-rpmlintrc
Source21: sepolgen.conf
-Source22: SANDBOX-README.md
Patch0: make_targets.patch
Patch2: get_os_version.patch
Patch3: run_init.pamd.patch
Patch4: usr_etc.patch
-Patch5: sepolicy-build-isolation.patch
-Patch6: policycoreutils-sandbox-fix-cleanup.patch
-Patch7: sandbox-sandbox-fix-saving-file-changes.patch
BuildRequires: audit-devel >= %{libaudit_ver}
BuildRequires: bison
BuildRequires: dbus-1-glib-devel
@@ -82,6 +76,7 @@
BuildRequires: pam-devel
# needed only for dir /usr/share/polkit-1 from policycoreutils-gui
BuildRequires: polkit
+BuildRequires: %{python_module build}
BuildRequires: %{python_module devel}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
@@ -208,29 +203,16 @@
The policycoreutils-dbus package contains the management DBUS API use to manage
an SELinux environment.
-%package sandbox
-Summary: SELinux sandbox utilities
-Group: Productivity/Security
-Requires: %{python_for_executables}-%{name} = %{version}
-Requires: (xwayland or xorg-x11-server-extra)
-Requires: selinux-policy-sandbox
-
-%description sandbox
-The sandbox package contains the scripts to create graphical sandboxes.
-
%prep
-%setup -q -a3 -a5 -a14 -a16 -a18
+%setup -q -a3 -a5 -a14 -a16
setools_python_pwd="$PWD/selinux-python-%{version}"
semodule_utils_pwd="$PWD/semodule-utils-%{version}"
%patch -P0 -p1
-%patch -P2 -p1
+%patch -P2 -p2 -d selinux-python-%{version}
%patch -P3 -p1
-%patch -P4 -p2
+%patch -P4 -p1
mv ${setools_python_pwd}/audit2allow ${setools_python_pwd}/chcat
${setools_python_pwd}/semanage ${setools_python_pwd}/sepolgen
${setools_python_pwd}/sepolicy .
mv ${semodule_utils_pwd}/semodule_expand ${semodule_utils_pwd}/semodule_link
${semodule_utils_pwd}/semodule_package .
-%patch -P5 -p1
-%patch -P6 -p1
-%patch -P7 -p2
%build
export PYTHON="%{python_binary_for_executables}" LIBDIR="%{_libdir}"
CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro"
@@ -276,11 +258,6 @@
mkdir -p %{buildroot}%{_datadir}/dbus-1/system.d
mv %{buildroot}%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%{buildroot}%{_datadir}/dbus-1/system.d/org.selinux.conf
-# Sandbox
-(cd selinux-sandbox-%{version} && make DESTDIR=%{buildroot}
SYSCONFDIR=%{_fillupdir} install)
-mv %{buildroot}%{_fillupdir}/sandbox
%{buildroot}%{_fillupdir}/sysconfig.sandbox
-cp -a %{SOURCE22} .
-
# GUI apps
(cd selinux-gui-%{version} && make DESTDIR=%{buildroot} install)
%if 0%{?suse_version} > 1500
@@ -353,9 +330,6 @@
%verifyscript newrole
%verify_permissions -e %{_bindir}/newrole
-%post sandbox
-%{fillup_only -n sandbox}
-
%files
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
@@ -519,16 +493,3 @@
%{_datadir}/polkit-1/actions/org.selinux.config.policy
%{_datadir}/system-config-selinux/selinux_server.py
-%files sandbox
-%dir %{_datadir}/sandbox
-%doc SANDBOX-README.md
-%{_datadir}/locale/*/LC_MESSAGES/selinux-sandbox.mo
-%{_datadir}/sandbox/start
-%{_datadir}/sandbox/sandboxX.sh
-%{_mandir}/man5/sandbox.5%{?ext_man}
-%{_mandir}/man8/sandbox.8%{?ext_man}
-%{_mandir}/man8/seunshare.8%{?ext_man}
-%{_fillupdir}/sysconfig.sandbox
-%{_sbindir}/seunshare
-%{_bindir}/sandbox
-
++++++ policycoreutils-3.10.tar.gz -> policycoreutils-3.11.tar.gz ++++++
++++ 3968 lines of diff (skipped)
++++++ selinux-dbus-3.10.tar.gz -> selinux-dbus-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-dbus-3.10/VERSION
new/selinux-dbus-3.11/VERSION
--- old/selinux-dbus-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-dbus-3.11/VERSION 2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-dbus-3.10/selinux_server.py
new/selinux-dbus-3.11/selinux_server.py
--- old/selinux-dbus-3.10/selinux_server.py 2026-02-02 03:01:16.000000000
+0100
+++ new/selinux-dbus-3.11/selinux_server.py 2026-07-01 18:51:05.000000000
+0200
@@ -6,6 +6,7 @@
from gi.repository import GObject
from gi.repository import GLib
import os
+import re
import selinux
from subprocess import Popen, PIPE, STDOUT
@@ -33,8 +34,7 @@
if not self.is_authorized(sender, "org.selinux.semanage"):
raise dbus.exceptions.DBusException("Not authorized")
p = Popen(["/usr/sbin/semanage", "import"], stdout=PIPE, stderr=PIPE,
stdin=PIPE, universal_newlines=True)
- p.stdin.write(buf)
- output = p.communicate()
+ output = p.communicate(input=buf)
if p.returncode and p.returncode != 0:
raise dbus.exceptions.DBusException(output[1])
@@ -48,10 +48,9 @@
if not self.is_authorized(sender, "org.selinux.customized"):
raise dbus.exceptions.DBusException("Not authorized")
p = Popen(["/usr/sbin/semanage", "export"], stdout=PIPE, stderr=PIPE,
universal_newlines=True)
- buf = p.stdout.read()
- output = p.communicate()
+ buf, err = p.communicate()
if p.returncode and p.returncode != 0:
- raise OSError("Failed to read SELinux configuration: %s", output)
+ raise OSError("Failed to read SELinux configuration: %s" % err)
return buf
#
@@ -63,10 +62,9 @@
if not self.is_authorized(sender, "org.selinux.semodule_list"):
raise dbus.exceptions.DBusException("Not authorized")
p = Popen(["/usr/sbin/semodule", "--list=full"], stdout=PIPE,
stderr=PIPE, universal_newlines=True)
- buf = p.stdout.read()
- output = p.communicate()
+ buf, err = p.communicate()
if p.returncode and p.returncode != 0:
- raise OSError("Failed to list SELinux modules: %s", output)
+ raise OSError("Failed to list SELinux modules: %s" % err)
return buf
#
@@ -140,6 +138,8 @@
def change_default_policy(self, value, sender):
if not self.is_authorized(sender, "org.selinux.change_default_policy"):
raise dbus.exceptions.DBusException("Not authorized")
+ if not re.fullmatch(r'[A-Za-z0-9_.]+', str(value)):
+ raise ValueError("Invalid policy name: %s" % value)
path = selinux.selinux_path() + value
if os.path.isdir(path):
return self.write_selinux_config(policy=value)
++++++ selinux-gui-3.10.tar.gz -> selinux-gui-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.10/VERSION new/selinux-gui-3.11/VERSION
--- old/selinux-gui-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/VERSION 2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.10/modulesPage.py
new/selinux-gui-3.11/modulesPage.py
--- old/selinux-gui-3.10/modulesPage.py 2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/modulesPage.py 2026-07-01 18:51:05.000000000 +0200
@@ -194,7 +194,10 @@
def add(self, file):
try:
self.wait()
- status, output = getstatusoutput("semodule -i %s" % file)
+ p = Popen(["semodule", "-i", file], stdout=PIPE, stderr=PIPE,
+ universal_newlines=True)
+ out, err = p.communicate()
+ status, output = p.returncode, (out or "") + (err or "")
self.ready()
if status != 0:
self.error(output)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.10/polgengui.py
new/selinux-gui-3.11/polgengui.py
--- old/selinux-gui-3.10/polgengui.py 2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/polgengui.py 2026-07-01 18:51:05.000000000 +0200
@@ -85,7 +85,6 @@
version = "1.0"
sys.path.append('/usr/share/system-config-selinux')
-sys.path.append('.')
# From John Hunter
http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
@@ -98,10 +97,7 @@
##
xml = Gtk.Builder()
xml.set_translation_domain(PROGNAME)
-if os.access("polgen.ui", os.F_OK):
- xml.add_from_file("polgen.ui")
-else:
- xml.add_from_file("/usr/share/system-config-selinux/polgen.ui")
+xml.add_from_file("/usr/share/system-config-selinux/polgen.ui")
FILE = 1
DIR = 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.10/sepolgen
new/selinux-gui-3.11/sepolgen
--- old/selinux-gui-3.10/sepolgen 2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/sepolgen 2026-07-01 18:51:05.000000000 +0200
@@ -1,2 +1,2 @@
#!/bin/sh
-sepolicy generate $*
+exec sepolicy generate "$@"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-gui-3.10/system-config-selinux.py
new/selinux-gui-3.11/system-config-selinux.py
--- old/selinux-gui-3.10/system-config-selinux.py 2026-02-02
03:01:16.000000000 +0100
+++ new/selinux-gui-3.11/system-config-selinux.py 2026-07-01
18:51:05.000000000 +0200
@@ -74,10 +74,7 @@
##
xml = Gtk.Builder()
xml.set_translation_domain(PROGNAME)
-if os.access("system-config-selinux.ui", os.F_OK):
- xml.add_from_file("system-config-selinux.ui")
-else:
-
xml.add_from_file("/usr/share/system-config-selinux/system-config-selinux.ui")
+xml.add_from_file("/usr/share/system-config-selinux/system-config-selinux.ui")
class childWindow:
++++++ selinux-python-3.10.tar.gz -> selinux-python-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/VERSION
new/selinux-python-3.11/VERSION
--- old/selinux-python-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-python-3.11/VERSION 2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/selinux-python-3.10/audit2allow/sepolgen-ifgen-attr-helper.c
new/selinux-python-3.11/audit2allow/sepolgen-ifgen-attr-helper.c
--- old/selinux-python-3.10/audit2allow/sepolgen-ifgen-attr-helper.c
2026-02-02 03:01:16.000000000 +0100
+++ new/selinux-python-3.11/audit2allow/sepolgen-ifgen-attr-helper.c
2026-07-01 18:51:05.000000000 +0200
@@ -46,7 +46,7 @@
struct val_to_name *v = data;
perm_datum_t *perdatum;
- perdatum = (perm_datum_t *) datum;
+ perdatum = (perm_datum_t *)datum;
if (v->val == perdatum->s.value) {
v->name = key;
@@ -56,8 +56,8 @@
return 0;
}
-static int render_access_mask(uint32_t av, avtab_key_t *key, policydb_t
*policydbp,
- FILE *fp)
+static int render_access_mask(uint32_t av, avtab_key_t *key,
+ policydb_t *policydbp, FILE *fp)
{
struct val_to_name v;
class_datum_t *cladatum;
@@ -70,12 +70,12 @@
for (i = 0; i < cladatum->permissions.nprim; i++) {
if (av & (1 << i)) {
v.val = i + 1;
- rc = hashtab_map(cladatum->permissions.table,
- perm_name, &v);
+ rc = hashtab_map(cladatum->permissions.table, perm_name,
+ &v);
if (!rc && cladatum->comdatum) {
- rc = hashtab_map(cladatum->comdatum->
- permissions.table, perm_name,
- &v);
+ rc = hashtab_map(
+ cladatum->comdatum->permissions.table,
+ perm_name, &v);
}
if (rc)
perm = v.name;
@@ -104,8 +104,7 @@
return 0;
}
-struct callback_data
-{
+struct callback_data {
uint32_t attr;
policydb_t *policy;
FILE *fp;
@@ -128,7 +127,8 @@
return 0;
}
-static int attribute_callback(hashtab_key_t key, hashtab_datum_t datum, void
*datap)
+static int attribute_callback(hashtab_key_t key, hashtab_datum_t datum,
+ void *datap)
{
struct callback_data *cb_data = (struct callback_data *)datap;
type_datum_t *t = (type_datum_t *)datum;
@@ -136,9 +136,11 @@
if (t->flavor == TYPE_ATTRIB) {
fprintf(cb_data->fp, "[Attribute %s]\n", key);
cb_data->attr = t->s.value;
- if (avtab_map(&cb_data->policy->te_avtab, output_avrule,
cb_data) < 0)
+ if (avtab_map(&cb_data->policy->te_avtab, output_avrule,
+ cb_data) < 0)
return -1;
- if (avtab_map(&cb_data->policy->te_cond_avtab, output_avrule,
cb_data) < 0)
+ if (avtab_map(&cb_data->policy->te_cond_avtab, output_avrule,
+ cb_data) < 0)
return -1;
}
@@ -164,8 +166,10 @@
* starting from the maximum supported policy version.
*/
if (!filename) {
- for (suffix_ver = sepol_policy_kern_vers_max(); suffix_ver > 0;
suffix_ver--) {
- snprintf(pathname, sizeof(pathname), "%s.%d",
selinux_binary_policy_path(), suffix_ver);
+ for (suffix_ver = sepol_policy_kern_vers_max(); suffix_ver > 0;
+ suffix_ver--) {
+ snprintf(pathname, sizeof(pathname), "%s.%d",
+ selinux_binary_policy_path(), suffix_ver);
if (access(pathname, F_OK) == 0) {
filename = pathname;
@@ -182,8 +186,8 @@
fp = fopen(filename, "r");
if (fp == NULL) {
- fprintf(stderr, "Can't open '%s': %s\n",
- filename, strerror(errno));
+ fprintf(stderr, "Can't open '%s': %s\n", filename,
+ strerror(errno));
return NULL;
}
@@ -208,7 +212,8 @@
ret = policydb_read(policydb, &pf, 1);
if (ret) {
fprintf(stderr,
- "error(s) encountered while parsing configuration\n");
+ "error(s) encountered while parsing configuration %s\n",
+ filename);
free(policydb);
fclose(fp);
return NULL;
@@ -217,7 +222,6 @@
fclose(fp);
return policydb;
-
}
static void usage(char *progname)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/semanage/semanage-fcontext.8
new/selinux-python-3.11/semanage/semanage-fcontext.8
--- old/selinux-python-3.10/semanage/semanage-fcontext.8 2026-02-02
03:01:16.000000000 +0100
+++ new/selinux-python-3.11/semanage/semanage-fcontext.8 2026-07-01
18:51:05.000000000 +0200
@@ -67,7 +67,7 @@
Remove all local customizations
.TP
.I \-e TARGET_PATH, \-\-equal TARGET_PATH
-Substitute FILE_SPEC with TARGET_PATH for file label lookup. This is used with
fcontext. Requires source and target path arguments to be path prefixes and
does not support regular expressions. The context labeling for the target
subtree is made equivalent to that defined for the source.
+Substitute FILE_SPEC with TARGET_PATH for file label lookup. This is used with
fcontext. Requires source and target path arguments to be path prefixes and
does not support regular expressions. The context labeling for the target
subtree is made equivalent to that defined for the source. Note that
substitution based on another substitution does not work.
.TP
.I \-f [{a,f,d,c,b,s,l,p}], \-\-ftype [{a,f,d,c,b,s,l,p}]
File Type. This is used with fcontext. Requires a file type as shown in the
mode field by ls, e.g. use 'd' to match only directories or 'f' to match only
regular files. The following file type options can be passed: f (regular
file),d (directory),c (character device), b (block device),s (socket),l
(symbolic link),p (named pipe). If you do not specify a file type, the file
type will default to "all files".
@@ -94,6 +94,10 @@
# semanage fcontext \-a \-e /home /home1
# restorecon \-R \-v /home1
+If you substitute /home2 with /home1 from the example above it will not work.
You must use direct substitution
+# semanage fcontext \-a \-e /home /home2
+# restorecon \-R \-v /home2
+
For home directories under top level directory, for example /disk6/home,
execute the following commands.
# semanage fcontext \-a \-t home_root_t "/disk6"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/semanage/seobject.py
new/selinux-python-3.11/semanage/seobject.py
--- old/selinux-python-3.10/semanage/seobject.py 2026-02-02
03:01:16.000000000 +0100
+++ new/selinux-python-3.11/semanage/seobject.py 2026-07-01
18:51:05.000000000 +0200
@@ -106,9 +106,12 @@
audit.audit_close(audit.audit_open())
class logger:
+ audit_fd = None
def __init__(self):
- self.audit_fd = audit.audit_open()
+ if logger.audit_fd is None:
+ logger.audit_fd = audit.audit_open()
+
self.log_list = []
self.log_change_list = []
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/sepolgen/VERSION
new/selinux-python-3.11/sepolgen/VERSION
--- old/selinux-python-3.10/sepolgen/VERSION 2026-02-02 03:01:16.000000000
+0100
+++ new/selinux-python-3.11/sepolgen/VERSION 2026-07-01 18:51:05.000000000
+0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/.gitignore
new/selinux-python-3.11/sepolicy/.gitignore
--- old/selinux-python-3.10/sepolicy/.gitignore 2026-02-02 03:01:16.000000000
+0100
+++ new/selinux-python-3.11/sepolicy/.gitignore 2026-07-01 18:51:05.000000000
+0200
@@ -2,3 +2,4 @@
tmp
*.bak
sepolicy.egg-info/
+dist/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/Makefile
new/selinux-python-3.11/sepolicy/Makefile
--- old/selinux-python-3.10/sepolicy/Makefile 2026-02-02 03:01:16.000000000
+0100
+++ new/selinux-python-3.11/sepolicy/Makefile 2026-07-01 18:51:05.000000000
+0200
@@ -14,11 +14,10 @@
all: python-build
python-build:
- $(PYTHON) setup.py build
+ $(PYTHON) -m build --no-isolation --wheel .
clean:
- $(PYTHON) setup.py clean
- -rm -rf build *~ \#* *pyc .#* sepolicy.egg-info/
+ -rm -rf build dist *.egg-info *~ \#* *pyc .#*
sepolgen:
ln -sf sepolicy sepolgen
@@ -26,8 +25,8 @@
test:
@$(PYTHON) test_sepolicy.py -v
-install:
- $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" &&
echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
+install: python-build
+ $(PYTHON) -m pip install --no-build-isolation --force-reinstall
--prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)
--ignore-installed --no-deps` dist/*.whl
[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
(cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/sepolicy/generate.py
new/selinux-python-3.11/sepolicy/sepolicy/generate.py
--- old/selinux-python-3.10/sepolicy/sepolicy/generate.py 2026-02-02
03:01:16.000000000 +0100
+++ new/selinux-python-3.11/sepolicy/sepolicy/generate.py 2026-07-01
18:51:05.000000000 +0200
@@ -1322,6 +1322,9 @@
import dnf
with dnf.Base() as base:
+ if base.conf.substitutions.get('releasever') is None:
+ base.conf.substitutions['releasever'] = ''
+
base.read_all_repos()
base.fill_sack(load_system_repo=True)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/selinux-python-3.10/sepolicy/setup.py
new/selinux-python-3.11/sepolicy/setup.py
--- old/selinux-python-3.10/sepolicy/setup.py 2026-02-02 03:01:16.000000000
+0100
+++ new/selinux-python-3.11/sepolicy/setup.py 2026-07-01 18:51:05.000000000
+0200
@@ -6,7 +6,7 @@
setup(
name="sepolicy",
- version="3.10",
+ version="3.11",
description="Python SELinux Policy Analyses bindings",
author="Daniel Walsh",
author_email="[email protected]",
++++++ semodule-utils-3.10.tar.gz -> semodule-utils-3.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.10/VERSION
new/semodule-utils-3.11/VERSION
--- old/semodule-utils-3.10/VERSION 2026-02-02 03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/VERSION 2026-07-01 18:51:05.000000000 +0200
@@ -1 +1 @@
-3.10
+3.11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/semodule-utils-3.10/semodule_expand/semodule_expand.c
new/semodule-utils-3.11/semodule_expand/semodule_expand.c
--- old/semodule-utils-3.10/semodule_expand/semodule_expand.c 2026-02-02
03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_expand/semodule_expand.c 2026-07-01
18:51:05.000000000 +0200
@@ -32,7 +32,8 @@
int main(int argc, char **argv)
{
const char *basename, *outname;
- int ch, ret, show_version = 0, verbose = 0, policyvers = 0,
check_assertions = 1;
+ int ch, ret, show_version = 0, verbose = 0, policyvers = 0,
+ check_assertions = 1;
struct sepol_policy_file *pf = NULL;
sepol_module_package_t *base = NULL;
sepol_policydb_t *out = NULL, *p;
@@ -50,35 +51,35 @@
case 'h':
usage(argv[0]);
return EXIT_SUCCESS;
- case 'c':{
- long int n;
+ case 'c': {
+ long int n;
- errno = 0;
- n = strtol(optarg, NULL, 10);
- if (errno) {
- fprintf(stderr,
- "%s: Invalid policyvers
specified: %s\n",
- argv[0], optarg);
- usage(argv[0]);
- return EXIT_FAILURE;
- }
- if (n < sepol_policy_kern_vers_min()
- || n > sepol_policy_kern_vers_max()) {
- fprintf(stderr,
- "%s: policyvers value %ld not
in range %d-%d\n",
- argv[0], n,
- sepol_policy_kern_vers_min(),
- sepol_policy_kern_vers_max());
- usage(argv[0]);
- return EXIT_FAILURE;
- }
- policyvers = n;
- break;
+ errno = 0;
+ n = strtol(optarg, NULL, 10);
+ if (errno) {
+ fprintf(stderr,
+ "%s: Invalid policyvers specified:
%s\n",
+ argv[0], optarg);
+ usage(argv[0]);
+ return EXIT_FAILURE;
}
- case 'a':{
- check_assertions = 0;
- break;
+ if (n < sepol_policy_kern_vers_min() ||
+ n > sepol_policy_kern_vers_max()) {
+ fprintf(stderr,
+ "%s: policyvers value %ld not in range
%d-%d\n",
+ argv[0], n,
+ sepol_policy_kern_vers_min(),
+ sepol_policy_kern_vers_max());
+ usage(argv[0]);
+ return EXIT_FAILURE;
}
+ policyvers = n;
+ break;
+ }
+ case 'a': {
+ check_assertions = 0;
+ break;
+ }
default:
usage(argv[0]);
return EXIT_FAILURE;
@@ -126,8 +127,8 @@
fp = fopen(basename, "re");
if (!fp) {
- fprintf(stderr, "%s: Can't open '%s': %s\n",
- argv[0], basename, strerror(errno));
+ fprintf(stderr, "%s: Can't open '%s': %s\n", argv[0],
+ basename, strerror(errno));
goto failure;
}
@@ -173,8 +174,8 @@
outfile = fopen(outname, "we");
if (!outfile) {
- fprintf(stderr, "%s: Can't open '%s': %s\n",
- argv[0], outname, strerror(errno));
+ fprintf(stderr, "%s: Can't open '%s': %s\n", argv[0], outname,
+ strerror(errno));
goto failure;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/semodule-utils-3.10/semodule_link/semodule_link.c
new/semodule-utils-3.11/semodule_link/semodule_link.c
--- old/semodule-utils-3.10/semodule_link/semodule_link.c 2026-02-02
03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_link/semodule_link.c 2026-07-01
18:51:05.000000000 +0200
@@ -27,7 +27,8 @@
program_name);
}
-static sepol_module_package_t *load_module(const char *filename, const char
*progname)
+static sepol_module_package_t *load_module(const char *filename,
+ const char *progname)
{
int ret;
FILE *fp = NULL;
@@ -44,8 +45,8 @@
}
fp = fopen(filename, "re");
if (!fp) {
- fprintf(stderr, "%s: Could not open package %s: %s\n",
progname,
- filename, strerror(errno));
+ fprintf(stderr, "%s: Could not open package %s: %s\n",
+ progname, filename, strerror(errno));
goto bad;
}
sepol_policy_file_set_fp(pf, fp);
@@ -61,7 +62,7 @@
fclose(fp);
sepol_policy_file_free(pf);
return p;
- bad:
+bad:
sepol_module_package_free(p);
sepol_policy_file_free(pf);
if (fp)
@@ -144,7 +145,8 @@
if (outname) {
FILE *outfile = fopen(outname, "we");
if (!outfile) {
- fprintf(stderr, "%s: Could not open output file %s:
%s\n",
+ fprintf(stderr,
+ "%s: Could not open output file %s: %s\n",
argv[0], outname, strerror(errno));
goto failure;
}
@@ -165,7 +167,8 @@
sepol_policy_file_free(pf);
if (fclose(outfile)) {
- fprintf(stderr, "%s: Error closing linked package:
%s\n",
+ fprintf(stderr,
+ "%s: Error closing linked package: %s\n",
argv[0], strerror(errno));
goto failure;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/semodule-utils-3.10/semodule_package/semodule_package.c
new/semodule-utils-3.11/semodule_package/semodule_package.c
--- old/semodule-utils-3.10/semodule_package/semodule_package.c 2026-02-02
03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_package/semodule_package.c 2026-07-01
18:51:05.000000000 +0200
@@ -28,13 +28,13 @@
printf(" -m --module Module file (required)\n");
printf(" -f --fc File contexts file\n");
printf(" -s --seuser Seusers file (only valid in base)\n");
- printf
- (" -u --user_extra user_extra file (only valid in base)\n");
+ printf(" -u --user_extra user_extra file (only valid in
base)\n");
printf(" -n --nc Netfilter contexts file\n");
printf(" -h --help Show this help message\n");
}
-static int file_to_data(const char *path, char **data, size_t * len, const
char *progname)
+static int file_to_data(const char *path, char **data, size_t *len,
+ const char *progname)
{
int fd;
struct stat sb;
@@ -64,7 +64,7 @@
*len = sb.st_size;
close(fd);
return 0;
- err:
+err:
close(fd);
return -1;
}
@@ -74,26 +74,27 @@
struct sepol_module_package *pkg = NULL;
struct sepol_policy_file *mod = NULL, *out = NULL;
FILE *fp = NULL;
- char *module = NULL, *file_contexts = NULL, *seusers =
- NULL, *user_extra = NULL;
- char *fcdata = NULL, *outfile = NULL, *seusersdata =
- NULL, *user_extradata = NULL;
+ char *module = NULL, *file_contexts = NULL, *seusers = NULL,
+ *user_extra = NULL;
+ char *fcdata = NULL, *outfile = NULL, *seusersdata = NULL,
+ *user_extradata = NULL;
char *netfilter_contexts = NULL, *ncdata = NULL;
size_t fclen = 0, seuserslen = 0, user_extralen = 0, nclen = 0;
int i, ret;
const struct option opts[] = {
- {"module", required_argument, NULL, 'm'},
- {"fc", required_argument, NULL, 'f'},
- {"seuser", required_argument, NULL, 's'},
- {"user_extra", required_argument, NULL, 'u'},
- {"nc", required_argument, NULL, 'n'},
- {"outfile", required_argument, NULL, 'o'},
- {"help", 0, NULL, 'h'},
- {NULL, 0, NULL, 0}
+ { "module", required_argument, NULL, 'm' },
+ { "fc", required_argument, NULL, 'f' },
+ { "seuser", required_argument, NULL, 's' },
+ { "user_extra", required_argument, NULL, 'u' },
+ { "nc", required_argument, NULL, 'n' },
+ { "outfile", required_argument, NULL, 'o' },
+ { "help", 0, NULL, 'h' },
+ { NULL, 0, NULL, 0 }
};
- while ((i = getopt_long(argc, argv, "m:f:s:u:o:n:h", opts, NULL)) !=
-1) {
+ while ((i = getopt_long(argc, argv, "m:f:s:u:o:n:h", opts, NULL)) !=
+ -1) {
switch (i) {
case 'h':
usage(argv[0]);
@@ -106,7 +107,8 @@
}
module = strdup(optarg);
if (!module) {
- fprintf(stderr, "%s: Out of memory\n",
argv[0]);
+ fprintf(stderr, "%s: Out of memory\n",
+ argv[0]);
return EXIT_FAILURE;
}
break;
@@ -118,7 +120,8 @@
}
file_contexts = strdup(optarg);
if (!file_contexts) {
- fprintf(stderr, "%s: Out of memory\n",
argv[0]);
+ fprintf(stderr, "%s: Out of memory\n",
+ argv[0]);
return EXIT_FAILURE;
}
break;
@@ -130,7 +133,8 @@
}
outfile = strdup(optarg);
if (!outfile) {
- fprintf(stderr, "%s: Out of memory\n",
argv[0]);
+ fprintf(stderr, "%s: Out of memory\n",
+ argv[0]);
return EXIT_FAILURE;
}
break;
@@ -142,7 +146,8 @@
}
seusers = strdup(optarg);
if (!seusers) {
- fprintf(stderr, "%s: Out of memory\n",
argv[0]);
+ fprintf(stderr, "%s: Out of memory\n",
+ argv[0]);
return EXIT_FAILURE;
}
break;
@@ -154,7 +159,8 @@
}
user_extra = strdup(optarg);
if (!user_extra) {
- fprintf(stderr, "%s: Out of memory\n",
argv[0]);
+ fprintf(stderr, "%s: Out of memory\n",
+ argv[0]);
return EXIT_FAILURE;
}
break;
@@ -166,7 +172,8 @@
}
netfilter_contexts = strdup(optarg);
if (!netfilter_contexts) {
- fprintf(stderr, "%s: Out of memory\n",
argv[0]);
+ fprintf(stderr, "%s: Out of memory\n",
+ argv[0]);
return EXIT_FAILURE;
}
break;
@@ -177,9 +184,10 @@
}
if (optind < argc) {
- fprintf(stderr, "%s: Superfluous command line arguments: ",
argv[0]);
+ fprintf(stderr,
+ "%s: Superfluous command line arguments: ", argv[0]);
while (optind < argc)
- fprintf(stderr, "%s ", argv[optind++]);
+ fprintf(stderr, "%s ", argv[optind++]);
fprintf(stderr, "\n");
usage(argv[0]);
return EXIT_FAILURE;
@@ -190,16 +198,20 @@
return EXIT_FAILURE;
}
- if (file_contexts && file_to_data(file_contexts, &fcdata, &fclen,
argv[0]))
+ if (file_contexts &&
+ file_to_data(file_contexts, &fcdata, &fclen, argv[0]))
goto failure;
- if (seusers && file_to_data(seusers, &seusersdata, &seuserslen,
argv[0]))
+ if (seusers &&
+ file_to_data(seusers, &seusersdata, &seuserslen, argv[0]))
goto failure;
- if (user_extra && file_to_data(user_extra, &user_extradata,
&user_extralen, argv[0]))
+ if (user_extra &&
+ file_to_data(user_extra, &user_extradata, &user_extralen, argv[0]))
goto failure;
- if (netfilter_contexts && file_to_data(netfilter_contexts, &ncdata,
&nclen, argv[0]))
+ if (netfilter_contexts &&
+ file_to_data(netfilter_contexts, &ncdata, &nclen, argv[0]))
goto failure;
if (sepol_policy_file_create(&mod)) {
@@ -230,23 +242,30 @@
fclose(fp);
fp = NULL;
- if (fclen && sepol_module_package_set_file_contexts(pkg, fcdata,
fclen)) {
- fprintf(stderr, "%s: Error while setting file contexts\n",
argv[0]);
+ if (fclen &&
+ sepol_module_package_set_file_contexts(pkg, fcdata, fclen)) {
+ fprintf(stderr, "%s: Error while setting file contexts\n",
+ argv[0]);
goto failure;
}
- if (seuserslen && sepol_module_package_set_seusers(pkg, seusersdata,
seuserslen)) {
+ if (seuserslen &&
+ sepol_module_package_set_seusers(pkg, seusersdata, seuserslen)) {
fprintf(stderr, "%s: Error while setting seusers\n", argv[0]);
goto failure;
}
- if (user_extra && sepol_module_package_set_user_extra(pkg,
user_extradata, user_extralen)) {
- fprintf(stderr, "%s: Error while setting extra users\n",
argv[0]);
+ if (user_extra && sepol_module_package_set_user_extra(
+ pkg, user_extradata, user_extralen)) {
+ fprintf(stderr, "%s: Error while setting extra users\n",
+ argv[0]);
goto failure;
}
- if (nclen && sepol_module_package_set_netfilter_contexts(pkg, ncdata,
nclen)) {
- fprintf(stderr, "%s: Error while setting netfilter
contexts\n", argv[0]);
+ if (nclen &&
+ sepol_module_package_set_netfilter_contexts(pkg, ncdata, nclen)) {
+ fprintf(stderr, "%s: Error while setting netfilter contexts\n",
+ argv[0]);
goto failure;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/semodule-utils-3.10/semodule_package/semodule_unpackage.c
new/semodule-utils-3.11/semodule_package/semodule_unpackage.c
--- old/semodule-utils-3.10/semodule_package/semodule_unpackage.c
2026-02-02 03:01:16.000000000 +0100
+++ new/semodule-utils-3.11/semodule_package/semodule_unpackage.c
2026-07-01 18:51:05.000000000 +0200
@@ -47,13 +47,15 @@
fp = fopen(ppfile, "r");
if (!fp) {
- fprintf(stderr, "%s: Could not open file %s: %s\n", argv[0],
ppfile, strerror(errno));
+ fprintf(stderr, "%s: Could not open file %s: %s\n", argv[0],
+ ppfile, strerror(errno));
goto failure;
}
sepol_policy_file_set_fp(in, fp);
if (sepol_module_package_read(pkg, in, 0) == -1) {
- fprintf(stderr, "%s: Error while reading policy module from
%s\n",
+ fprintf(stderr,
+ "%s: Error while reading policy module from %s\n",
argv[0], ppfile);
goto failure;
}
@@ -70,20 +72,23 @@
fp = fopen(modfile, "w");
if (!fp) {
- fprintf(stderr, "%s: Could not open file %s: %s\n", argv[0],
modfile, strerror(errno));
+ fprintf(stderr, "%s: Could not open file %s: %s\n", argv[0],
+ modfile, strerror(errno));
goto failure;
}
sepol_policy_file_set_fp(out, fp);
if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) {
- fprintf(stderr, "%s: Error while writing module to %s\n",
argv[0], modfile);
+ fprintf(stderr, "%s: Error while writing module to %s\n",
+ argv[0], modfile);
goto failure;
}
ret = fclose(fp);
fp = NULL;
if (ret) {
- fprintf(stderr, "%s: Error while closing file %s: %s\n",
argv[0], modfile, strerror(errno));
+ fprintf(stderr, "%s: Error while closing file %s: %s\n",
+ argv[0], modfile, strerror(errno));
goto failure;
}
@@ -94,19 +99,22 @@
if (fcfile && len) {
fp = fopen(fcfile, "w");
if (!fp) {
- fprintf(stderr, "%s: Could not open file %s: %s\n",
argv[0], fcfile, strerror(errno));
+ fprintf(stderr, "%s: Could not open file %s: %s\n",
+ argv[0], fcfile, strerror(errno));
goto failure;
}
fcdata = sepol_module_package_get_file_contexts(pkg);
if (fwrite(fcdata, 1, len, fp) != len) {
- fprintf(stderr, "%s: Could not write file %s: %s\n",
argv[0], fcfile, strerror(errno));
+ fprintf(stderr, "%s: Could not write file %s: %s\n",
+ argv[0], fcfile, strerror(errno));
goto failure;
}
ret = fclose(fp);
fp = NULL;
if (ret) {
- fprintf(stderr, "%s: Could not close file %s: %s\n",
argv[0], fcfile, strerror(errno));
+ fprintf(stderr, "%s: Could not close file %s: %s\n",
+ argv[0], fcfile, strerror(errno));
goto failure;
}
}
++++++ usr_etc.patch ++++++
--- /var/tmp/diff_new_pack.QzwsRV/_old 2026-07-13 14:25:51.110872913 +0200
+++ /var/tmp/diff_new_pack.QzwsRV/_new 2026-07-13 14:25:51.122873323 +0200
@@ -11,10 +11,10 @@
policycoreutils/sestatus/sestatus.conf.5 | 2 +-
4 files changed, 90 insertions(+), 5 deletions(-)
-diff --git a/policycoreutils/sestatus/Makefile
b/policycoreutils/sestatus/Makefile
-index aebf050c2..bb1f6bda0 100644
---- a/policycoreutils/sestatus/Makefile
-+++ b/policycoreutils/sestatus/Makefile
+Index: policycoreutils/sestatus/Makefile
+===================================================================
+--- policycoreutils.orig/sestatus/Makefile
++++ policycoreutils/sestatus/Makefile
@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
@@ -23,7 +23,7 @@
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -I../../libselinux/include -D_FILE_OFFSET_BITS=64
-@@ -13,6 +14,13 @@ override LDLIBS += -lselinux
+@@ -14,6 +15,13 @@ override LDLIBS += $(LIBSELINUX_LDLIBS)
all: sestatus
sestatus: sestatus.o
@@ -37,10 +37,10 @@
install: all
[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
-diff --git a/policycoreutils/sestatus/sestatus.c
b/policycoreutils/sestatus/sestatus.c
-index 6c95828ed..f80612dcd 100644
---- a/policycoreutils/sestatus/sestatus.c
-+++ b/policycoreutils/sestatus/sestatus.c
+Index: policycoreutils/sestatus/sestatus.c
+===================================================================
+--- policycoreutils.orig/sestatus/sestatus.c
++++ policycoreutils/sestatus/sestatus.c
@@ -21,11 +21,16 @@
#define PROC_BASE "/proc"
@@ -61,16 +61,15 @@
/* buffer size for cmp_cmdline */
#define BUFSIZE 255
-@@ -92,9 +97,75 @@ static int pidof(const char *command)
+@@ -91,8 +96,75 @@ static int pidof(const char *command)
return ret;
}
--static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
+#ifdef VENDORDIR
+#include <libeconf.h>
+
+static void load_checks_with_vendor_settings(char *pc[], int *npc, char
*fc[], int *nfc)
- {
++{
+ econf_file *key_file = NULL;
+ econf_err error;
+ char **keys;
@@ -123,14 +122,14 @@
+ }
+ econf_free (keys);
+ }
-
++
+ econf_free (key_file);
+ return;
+}
+#endif
+
-+static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
-+{
+ static void load_checks(char *pc[], int *npc, char *fc[], int *nfc)
+ {
+#ifdef VENDORDIR
+ load_checks_with_vendor_settings(pc, npc, fc, nfc);
+ return;
@@ -138,11 +137,11 @@
FILE *fp = fopen(CONF, "r");
char buf[255], *bufp;
int buf_len, section = -1;
-diff --git a/policycoreutils/sestatus/sestatus.conf.5
b/policycoreutils/sestatus/sestatus.conf.5
-index acfedf6f5..01f8051d2 100644
---- a/policycoreutils/sestatus/sestatus.conf.5
-+++ b/policycoreutils/sestatus/sestatus.conf.5
-@@ -8,7 +8,7 @@ The \fIsestatus.conf\fR file is used by the \fBsestatus\fR(8)
command with the \
+Index: policycoreutils/sestatus/sestatus.conf.5
+===================================================================
+--- policycoreutils.orig/sestatus/sestatus.conf.5
++++ policycoreutils/sestatus/sestatus.conf.5
+@@ -8,7 +8,7 @@ The \fIsestatus.conf\fR file is used by
.sp
The fully qualified path name of the configuration file is:
.RS