Your message dated Sat, 18 Oct 2025 10:49:26 +0000
with message-id <[email protected]>
and subject line Bug#950196: fixed in libsemanage 3.9-1
has caused the Debian Bug report #950196,
regarding semanage.conf.5: Fix some typographical and other mistakes in the
manual
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
950196: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950196
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libsemanage-common
Version: 3.0-1
Severity: minor
Tags: patch
Input file is semanage.conf.5
execute mandoc -T lint semanage.conf.5
mandoc: semanage.conf.5:20:17: STYLE: whitespace at end of input line
mandoc: semanage.conf.5:48:19: STYLE: whitespace at end of input line
mandoc: semanage.conf.5:81:82: STYLE: whitespace at end of input line
mandoc: semanage.conf.5:82:65: STYLE: whitespace at end of input line
mandoc: semanage.conf.5:85:14: STYLE: whitespace at end of input line
mandoc: semanage.conf.5:5:2: WARNING: skipping paragraph macro: PP after SH
mandoc: semanage.conf.5:133:1: WARNING: skipping paragraph macro: sp after PP
mandoc: semanage.conf.5:132:2: WARNING: skipping paragraph macro: PP empty
#######
Remove excessive indentation (one .RS macro).
an-end-check:<semanage.conf.5>: Warning: Different number of .RS and .RE calls,
an-RS-open=1 at end of file
######
Change empty lines to '.' lines to avoid an extra empty line in the output.
('.' lines to make a paragraph in the source file.)
#######
Test nr. 1:
Remove space characters at the end of lines.
Use "git apply ... --whitespace=fix" to fix extra space issues, or use
global configuration "core.whitespace".
20:.B module-store
48:.B policy-version
81:List, separated by ";", of directories to ignore when setting up users
homedirs.
82:Some distributions use this to stop labeling /root as a homedir.
85:.B usepasswd
#####
Test nr. 2:
Enable and fix warnings from 'test-groff'.
Output is from: test-groff -b -e -mandoc -T utf8 -rF0 -t -w w -z
[ "test-groff" is a developmental version of "groff" ]
Input file is ./semanage.conf.5
<semanage.conf.5>:7 (macro BR): only 1 argument, but more are expected
<semanage.conf.5>:50 (macro BR): only 1 argument, but more are expected
<semanage.conf.5>:61 (macro BR): only 1 argument, but more are expected
<semanage.conf.5>:92 (macro BR): only 1 argument, but more are expected
<semanage.conf.5>:115 (macro BR): only 1 argument, but more are expected
<semanage.conf.5>:117 (macro BR): only 1 argument, but more are expected
####
Test nr. 5:
Change '-' (\-) to '\(en' (en-dash) for a numeric range.
semanage.conf.5:103:It should be in the range 0-9. A value of 0 means no
compression. By default the bzip block size is set to 9 (actual block
#####
Test nr. 12:
Reduce space between words.
81:List, separated by ";", of directories to ignore when setting up users
homedirs.
#####
Test nr. 36:
Wrong distance between sentences or protect the indicator.
a) Separate the sentences and subordinate clauses; each begins on a new
line. See man-pages(7) and "info groff".
The amount of space between sentences in the output can then be
controlled with the ".ss" request.
(16 lines)
#####
Test nr. 37:
Split lines longer than 80 characters into two or more lines.
Appropriate break points are the end of a sentence and a subordinate
clause; after punctuation marks.
#####
Test nr. 48:
The name of a man page is set in bold and the section in roman (see
man-pages(7).
131:semanage(8)
#####
Patch:
--- semanage.conf.5 2019-12-12 10:47:10.000000000 +0000
+++ semanage.conf.5.new 2020-01-29 23:45:28.000000000 +0000
@@ -2,136 +2,191 @@
.SH NAME
semanage.conf \- global configuration file for the SELinux Management library
.SH DESCRIPTION
-.PP
The
-.BR semanage.conf
-file is usually located under the directory /etc/selinux and it is used for
run-time configuration of the
-behavior of the SELinux Management library.
-
+.B semanage.conf
+file is usually located under the directory /etc/selinux and
+it is used for run-time configuration of the behavior of the SELinux
+Management library.
+.
.PP
-Each line should contain a configuration parameter followed by the equal sign
("=") and then followed by the configuration value for that
-parameter. Anything after the "#" symbol is ignored similarly to empty lines.
-
+Each line should contain a configuration parameter followed by the
+equal sign ("=") and
+then followed by the configuration value for that parameter.
+Anything after the "#" symbol is ignored similarly to empty lines.
+.
.PP
The following parameters are allowed:
-
-.RS
+.
.TP
-.B module-store
-Specify how the SELinux Management library should interact with the SELinux
policy store. When set to "direct", the SELinux
-Management library writes to the SELinux policy module store directly (this is
the default setting).
-Otherwise a socket path or a server name can be used for the argument.
-If the argument begins with "/" (as in "/foo/bar"), it represents the path to
a named socket that should be used to connect the policy management
-server.
-If the argument does not begin with a "/" (as in "foo.com:4242"), it should be
interpreted as the name of a remote policy management server
-to be used through a TCP connection (default port is 4242 unless a different
one is specified after the server name using the colon to separate
-the two fields).
-
+.B module-store
+Specify how the SELinux Management library should interact with the
+SELinux policy store.
+When set to "direct",
+the SELinux Management library writes to the SELinux policy module
+store directly
+(this is the default setting).
+Otherwise a socket path or
+a server name can be used for the argument.
+If the argument begins with "/"
+(as in "/foo/bar"),
+it represents the path to a named socket
+that should be used to connect the policy management server.
+If the argument does not begin with a "/"
+(as in "foo.com:4242"),
+it should be interpreted as the name of a remote policy management
+server to be used through a TCP connection
+(default port is 4242 unless
+a different one is specified after the server name
+using the colon to separate the two fields).
+.
.TP
.B root
-Specify an alternative root path to use for the store. The default is "/"
-
+Specify an alternative root path to use for the store.
+The default is "/"
+.
.TP
.B store-root
-Specify an alternative store_root path to use. The default is
"/var/lib/selinux"
-
+Specify an alternative store_root path to use.
+The default is "/var/lib/selinux"
+.
.TP
.B compiler-directory
-Specify an alternative directory that contains HLL to CIL compilers. The
default value is "/usr/libexec/selinux/hll".
-
+Specify an alternative directory that contains HLL to CIL compilers.
+The default value is "/usr/libexec/selinux/hll".
+.
.TP
.B ignore-module-cache
-Whether or not to ignore the cache of CIL modules compiled from HLL. It can be
set to either "true" or "false" and is set to "false" by default.
-If the cache is ignored, then all CIL modules are recompiled from their HLL
modules.
-
+Whether or not to ignore the cache of CIL modules compiled from HLL.
+It can be set to either "true" or "false" and
+is set to "false" by default.
+If the cache is ignored,
+then all CIL modules are recompiled from their HLL modules.
+.
.TP
-.B policy-version
-When generating the policy, by default
-.BR semanage
-will set the policy version to POLICYDB_VERSION_MAX, as defined in
<sepol/policydb/policydb.h>. Change this setting if a different
-version needs to be set for the policy.
-
+.B policy-version
+When generating the policy,
+by default
+.B semanage
+will set the policy version to POLICYDB_VERSION_MAX,
+as defined in <sepol/policydb/policydb.h>.
+Change this setting if
+a different version needs to be set for the policy.
+.
.TP
.B target-platform
-The target platform to generate policies for. Valid values are "selinux" and
"xen", and is set to "selinux" by default.
-
+The target platform to generate policies for.
+Valid values are "selinux" and "xen",
+and is set to "selinux" by default.
+.
.TP
.B expand-check
Whether or not to check "neverallow" rules when executing all
-.BR semanage
-command. It can be set to either "0" (disabled) or "1" (enabled) and by
default it is enabled. There might be a large
-penalty in execution time if this option is enabled.
-
+.B semanage
+command.
+It can be set to either "0" (disabled) or
+"1" (enabled) and by default it is enabled.
+There might be a large penalty in execution time
+if this option is enabled.
+.
.TP
.B file-mode
-By default the permission mode for the run-time policy files is set to 0644.
-
+By default the permission mode for the run-time policy files is set to
+0644.
+.
.TP
.B save-previous
-It controls whether the previous module directory is saved after a successful
commit to the policy store and it can be set to
-either "true" or "false". By default it is set to "false" (the previous
version is deleted).
-
+It controls whether the previous module directory is saved after a
+successful commit to the policy store and
+it can be set to either "true" or "false".
+By default it is set to "false"
+(the previous version is deleted).
+.
.TP
.B save-linked
-It controls whether the previously linked module is saved (with name
"base.linked") after a successful commit to the policy store.
-It can be set to either "true" or "false" and by default it is set to "false"
(the previous module is deleted).
-
+It controls whether the previously linked module is saved
+(with name "base.linked")
+after a successful commit to the policy store.
+It can be set to either "true" or "false" and
+by default it is set to "false"
+(the previous module is deleted).
+.
.TP
.B ignoredirs
-List, separated by ";", of directories to ignore when setting up users
homedirs.
-Some distributions use this to stop labeling /root as a homedir.
-
+List, separated by ";",
+of directories to ignore when setting up users homedirs.
+Some distributions use this to stop labeling /root as a homedir.
+.
.TP
-.B usepasswd
-Whether or not to enable the use getpwent() to obtain a list of home
directories to label. It can be set to either "true" or "false".
+.B usepasswd
+Whether or not to enable the use of getpwent()
+to obtain a list of home directories to label.
+It can be set to either "true" or "false".
By default it is set to "true".
-
+.
.TP
.B disable-genhomedircon
-It controls whether or not the genhomedircon function is executed when using
the
-.BR semanage
-command and it can be set to either "false" or "true". By default the
genhomedircon functionality is enabled (equivalent
-to this option set to "false").
-
+It controls whether or not the genhomedircon function is executed when
+using the
+.B semanage
+command and
+it can be set to either "false" or "true".
+By default the genhomedircon functionality is enabled
+(equivalent to this option set to "false").
+.
.TP
.B handle-unknown
-This option controls the kernel behavior for handling permissions defined in
the kernel but missing from the actual policy.
+This option controls the kernel behavior for handling permissions
+defined in the kernel but
+missing from the actual policy.
It can be set to "deny", "reject" or "allow".
-
+.
.TP
.B bzip-blocksize
-It should be in the range 0-9. A value of 0 means no compression. By default
the bzip block size is set to 9 (actual block
-size value is obtained after multiplication by 100000).
-
+It should be in the range 0\(en9.
+A value of 0 means no compression.
+By default the bzip block size is set to 9
+(actual block size value is obtained after multiplication by 100000).
+.
.TP
.B bzip-small
-When set to "true", the bzip algorithm shall try to reduce its system memory
usage. It can be set to either "true" or "false" and
+When set to "true",
+the bzip algorithm shall try to reduce its system memory usage.
+It can be set to either "true" or "false" and
by default it is set to "false".
-
+.
.TP
.B remove-hll
-When set to "true", HLL files will be removed after compilation into CIL. In
order to delete HLL files already compiled into CIL,
+When set to "true",
+HLL files will be removed after compilation into CIL.
+In order to delete HLL files already compiled into CIL,
modules will need to be recompiled with the
-.BR ignore-module-cache
+.B ignore-module-cache
option set to 'true' or using the
-.BR ignore-module-cache
-option with semodule. The remove-hll option can be set to either "true" or
"false"
-and by default it is set to "false".
-
-Please note that since this option deletes all HLL files, an updated HLL
compiler will not be able to recompile the original HLL file into CIL.
-In order to compile the original HLL file into CIL, the same HLL file will
need to be reinstalled.
-
+.B ignore-module-cache
+option with semodule.
+The remove-hll option can be set to either "true" or "false" and
+by default it is set to "false".
+.sp 1
+Please note that since this option deletes all HLL files,
+an updated HLL compiler will not be able to recompile the original HLL
+file into CIL.
+In order to compile the original HLL file into CIL,
+the same HLL file will need to be reinstalled.
+.
.TP
.B optimize-policy
-When set to "true", the kernel policy will be optimized upon rebuilds.
-It can be set to either "true" or "false" and by default it is set to "false".
-
+When set to "true",
+the kernel policy will be optimized upon rebuilds.
+It can be set to either "true" or "false" and
+by default it is set to "false".
+.
.SH "SEE ALSO"
.TP
-semanage(8)
-.PP
-
+.BR semanagep (8)
+.
.SH AUTHOR
-This manual page was written by Guido Trentalancia <[email protected]>.
-
-The SELinux management library was written by Tresys Technology LLC and Red
Hat Inc.
+This manual page was written by Guido Trentalancia
+<[email protected]>.
+.sp 1
+The SELinux management library was written by Tresys Technology LLC
+and Red Hat Inc.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.13-1 (SMP w/2 CPU cores)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1),
LANGUAGE=is_IS.iso88591 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
-- no debconf information
--
Bjarni I. Gislason
--- End Message ---
--- Begin Message ---
Source: libsemanage
Source-Version: 3.9-1
Done: Russell Coker <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libsemanage, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russell Coker <[email protected]> (supplier of updated libsemanage package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Oct 2025 18:57:29 +1100
Source: libsemanage
Architecture: source
Version: 3.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <[email protected]>
Changed-By: Russell Coker <[email protected]>
Closes: 950196
Changes:
libsemanage (3.9-1) unstable; urgency=medium
.
* 3.9 upstream release
* Merged patch for semanage.conf.5 Closes: #950196
Checksums-Sha1:
e39c6be9a63b924f45ce6433f2f9d180efc0f888 2965 libsemanage_3.9-1.dsc
3bf6eb005b9e88b20a07dd376b3b1adb574085ef 185278 libsemanage_3.9.orig.tar.gz
9c0267c95ad21f66fdc8b4d0163085101354d957 833 libsemanage_3.9.orig.tar.gz.asc
d30347ba298ffaa17b2cba14a1e811eb5af888b4 38028 libsemanage_3.9-1.debian.tar.xz
20b906257053fc0a779028c691569a76fb0f6662 16054
libsemanage_3.9-1_amd64.buildinfo
Checksums-Sha256:
68069c6d39a80c09d3179d4ed69ba1bf9dc41fd4b635f548570836827b478752 2965
libsemanage_3.9-1.dsc
ec05850aef48bfb8e02135a7f4f3f7edba3670f63d5e67f2708d4bd80b9a4634 185278
libsemanage_3.9.orig.tar.gz
af7644b29d7ae1f69f89444900b2e2b0eb0b4e71f10a2667c7820d10d55fa53f 833
libsemanage_3.9.orig.tar.gz.asc
7982b2652b5a3b73b8dd6ec2cf901d02b1f78fc620861db437aea26f5a1b9654 38028
libsemanage_3.9-1.debian.tar.xz
ad70e2cbc9b0787182e95bb6f4f96e07a6c54e7c512e8f0d53b36509d7570b08 16054
libsemanage_3.9-1_amd64.buildinfo
Files:
991023c9632b0514cda699e09f7e54e4 2965 libdevel optional libsemanage_3.9-1.dsc
bea2f8f564536bba50a434ea3007eb50 185278 libdevel optional
libsemanage_3.9.orig.tar.gz
2451e3132ed9d358e8cebf1afa27b428 833 libdevel optional
libsemanage_3.9.orig.tar.gz.asc
10bd153bb87436d6f1e0ddc8bd0ccfb6 38028 libdevel optional
libsemanage_3.9-1.debian.tar.xz
427682b50f63172e0c19eb8e9f975d0a 16054 libdevel optional
libsemanage_3.9-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAmjzb6wACgkQ0UHNMPxL
j3nO3w//cXCLB3saIPgj6KqQhF7BRYJwqpwhqkPQ8xB9FiTf03qQfbG96Ql4XzOX
W7/dbMiuZr1uov+uWkshpg7W+WYlzgUVHzJlu2czt9zU9pON/elMeex+FQ8g1ZXZ
M6btQ0dKErATv6J4iH/D4qaITgla272CuOdIRUhjQK8WdnqfxuRzADP5ZZvyNk1/
7rj7rUq3z4aiaLasUWQOOPJwiXLCS/Hb+tJlyUc0EUGU5H+VzI7CP5BnTbj3eYLG
ShJJB+onpiP/NBwEWx3/AOP4eMHGrFe/OMWSM9KC7B2QgesbGpfkdng18H2gkM/6
KvynFRvRY5Aozbh9WZ2pIbhOU1oDD8XrevOo5OHzxQ+uOBFPp82ZV1vUpc7SjbCx
LlLWAmBSK0R1K4MLocK4zLPbVK6VkrwT59s4+j9/Orz2EQfwSRtCBJ0EBSj0zuQ2
3FMMKM5/v0U8qqULNirIT/TvOU9bVuZpBxbQU+4pO25JmUVq6QRj7gyv0P4iv6a5
iocQauanK4RLRo5N2Gj26rh9MlgVyMdKhb31EJ8hHldbCj3DoSE9wyNxnwtVCqsw
bcL1UaFpbGmsGR1l9vB2IWoGjoVOFiGRSq2cnj2NkUM3Onpz7isJhR3Cbjf5EUHf
hbMHtN3NxPKFO8+v+h7pThZjJH1trzZ0Sft8PLl7wajwoaKQu4o=
=TXaf
-----END PGP SIGNATURE-----
pgpIbmPHJujkl.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
SELinux-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel
