%if 0%{?fedora} > 12

%global with_python3 1

%endif

%define ruby_inc %(pkg-config --cflags ruby)

%define libsepolver 2.5

%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}

Summary: SELinux library and simple utilities

Name: libselinux

Version: 2.5

Release: 2%{?dist}

License: Public Domain

Group: System Environment/Libraries

# https://github.com/SELinuxProject/selinux/wiki/Releases

Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libselinux-2.5.tar.gz

Source1: selinuxconlist.8

Source2: selinuxdefcon.8

Url: https://github.com/SELinuxProject/selinux/wiki

# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh

# run:

# $ VERSION=2.5 ./make-fedora-selinux-patch.sh libselinux

# HEAD https://github.com/fedora-selinux/selinux/commit/51852c78f110223be57cd9776069f14703ab49f9

Patch1: libselinux-fedora.patch

BuildRequires: pkgconfig python python-devel ruby-devel ruby libsepol-static >= %{libsepolver} swig pcre-devel xz-devel

%if 0%{?with_python3}

BuildRequires: python3 python3-devel

%endif # if with_python3

Requires: libsepol%{?_isa} >= %{libsepolver} pcre

Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

%description

Security-enhanced Linux is a feature of the Linux® kernel and a number

of utilities with enhanced security functionality designed to add

mandatory access controls to Linux.  The Security-enhanced Linux

kernel contains new architectural components originally developed to

improve the security of the Flask operating system. These

architectural components provide general support for the enforcement

of many kinds of mandatory access control policies, including those

based on the concepts of Type Enforcement®, Role-based Access

Control, and Multi-level Security.

libselinux provides an API for SELinux applications to get and set

process and file security contexts and to obtain security policy

decisions.  Required for any applications that use the SELinux API.

%package utils

Summary: SELinux libselinux utilies

Group: Development/Libraries

Requires: %{name}%{?_isa} = %{version}-%{release}

%description utils

The libselinux-utils package contains the utilities

%package python

Summary: SELinux python bindings for libselinux

Group: Development/Libraries

Requires: %{name}%{?_isa} = %{version}-%{release}

%description python

The libselinux-python package contains the python bindings for developing 

SELinux applications. 

%if 0%{?with_python3}

%package python3

Summary: SELinux python 3 bindings for libselinux

Group: Development/Libraries

Requires: %{name}%{?_isa} = %{version}-%{release}

%description python3

The libselinux-python3 package contains python 3 bindings for developing

SELinux applications. 

%endif # with_python3

%package ruby

Summary: SELinux ruby bindings for libselinux

Group: Development/Libraries

Requires: %{name}%{?_isa} = %{version}-%{release}

Provides: ruby(selinux)

%description ruby

The libselinux-ruby package contains the ruby bindings for developing 

SELinux applications. 

%package devel

Summary: Header files and libraries used to build SELinux

Group: Development/Libraries

Requires: %{name}%{?_isa} = %{version}-%{release}

Requires: libsepol-devel%{?_isa} >= %{libsepolver}

%description devel

The libselinux-devel package contains the libraries and header files

needed for developing SELinux applications. 

%package static

Summary: Static libraries used to build SELinux

Group: Development/Libraries

Requires: %{name}-devel%{?_isa} = %{version}-%{release}

%description static

The libselinux-static package contains the static libraries

needed for developing SELinux applications. 

%prep

%setup -q -n libselinux-2.5

%patch1 -p1 -b .fedora

%build

export LDFLAGS="%{?__global_ldflags}"

export DISABLE_RPM="y"

# To support building the Python wrapper against multiple Python runtimes

# Define a function, for how to perform a "build" of the python wrapper against

# a specific runtime:

BuildPythonWrapper() {

  BinaryName=$1

  # Perform the build from the upstream Makefile:

  make \

    PYTHON=$BinaryName \

    LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} \

    pywrap

}

make clean

make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} swigify

make LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} all

BuildPythonWrapper %{__python}

%if 0%{?with_python3}

BuildPythonWrapper %{__python3}

%endif # with_python3

make RUBYINC="%{ruby_inc}" SHLIBDIR="%{_libdir}" LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} rubywrap

%install

InstallPythonWrapper() {

  BinaryName=$1

  make \

    PYTHON=$BinaryName \

    LIBDIR="%{_libdir}" CFLAGS="-g %{optflags}" %{?_smp_mflags} \

    pywrap

  make \

    PYTHON=$BinaryName \

    DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" \

    SHLIBDIR="%{buildroot}/%{_lib}" BINDIR="%{buildroot}%{_bindir}" \

    SBINDIR="%{buildroot}%{_sbindir}" \

    install-pywrap

}

rm -rf %{buildroot}

mkdir -p %{buildroot}/%{_prefix}/lib/tmpfiles.d

mkdir -p %{buildroot}/%{_libdir} 

mkdir -p %{buildroot}%{_includedir} 

mkdir -p %{buildroot}%{_sbindir}

mkdir -p %{buildroot}/var/run/setrans

echo "d /var/run/setrans 0755 root root" > %{buildroot}/%{_prefix}/lib/tmpfiles.d/libselinux.conf

InstallPythonWrapper %{__python}

%if 0%{?with_python3}

InstallPythonWrapper %{__python3}

%endif # with_python3

make DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" SHLIBDIR="%{buildroot}%{_libdir}" BINDIR="%{buildroot}%{_bindir}" SBINDIR="%{buildroot}%{_sbindir}" RUBYINSTALL=%{buildroot}%{ruby_vendorarchdir} install install-rubywrap

# Nuke the files we don't want to distribute

rm -f %{buildroot}%{_sbindir}/compute_*

rm -f %{buildroot}%{_sbindir}/deftype

rm -f %{buildroot}%{_sbindir}/execcon

rm -f %{buildroot}%{_sbindir}/getenforcemode

rm -f %{buildroot}%{_sbindir}/getfilecon

rm -f %{buildroot}%{_sbindir}/getpidcon

rm -f %{buildroot}%{_sbindir}/mkdircon

rm -f %{buildroot}%{_sbindir}/policyvers

rm -f %{buildroot}%{_sbindir}/setfilecon

rm -f %{buildroot}%{_sbindir}/selinuxconfig

rm -f %{buildroot}%{_sbindir}/selinuxdisable

rm -f %{buildroot}%{_sbindir}/getseuser

rm -f %{buildroot}%{_sbindir}/togglesebool

rm -f %{buildroot}%{_sbindir}/selinux_check_securetty_context

mv %{buildroot}%{_sbindir}/getdefaultcon %{buildroot}%{_sbindir}/selinuxdefcon

mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist

install -d %{buildroot}%{_mandir}/man8/

install -m 644 %{SOURCE1} %{buildroot}%{_mandir}/man8/

install -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8/

rm -f %{buildroot}%{_mandir}/man8/togglesebool*

%clean

rm -rf %{buildroot}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files

%defattr(-,root,root,-)

%{_libdir}/libselinux.so.*

%ghost /var/run/setrans

%{_sbindir}/sefcontext_compile

%{_prefix}/lib/tmpfiles.d/libselinux.conf

%files utils

%defattr(-,root,root,-)

%{_sbindir}/avcstat

%{_sbindir}/getenforce

%{_sbindir}/getsebool

%{_sbindir}/matchpathcon

%{_sbindir}/selinuxconlist

%{_sbindir}/selinuxdefcon

%{_sbindir}/selinuxexeccon

%{_sbindir}/selinuxenabled

%{_sbindir}/setenforce

%{_sbindir}/selabel_digest

%{_sbindir}/selabel_lookup

%{_sbindir}/selabel_lookup_best_match

%{_sbindir}/selabel_partial_match

%{_sbindir}/selinux_restorecon

%{_mandir}/man5/*

%{_mandir}/man8/*

%files devel

%defattr(-,root,root,-)

%{_libdir}/libselinux.so

%{_libdir}/pkgconfig/libselinux.pc

%dir %{_libdir}/golang/src/pkg/github.com/selinux

%{_libdir}/golang/src/pkg/github.com/selinux/selinux.go

%dir %{_includedir}/selinux

%{_includedir}/selinux/*

%{_mandir}/man3/*

%files static

%defattr(-,root,root,-)

%{_libdir}/libselinux.a

%files python

%defattr(-,root,root,-)

%dir %{python_sitearch}/selinux

%{python_sitearch}/selinux/*

%if 0%{?with_python3}

%files python3

%defattr(-,root,root,-)

%dir %{python3_sitearch}/selinux

%dir %{python3_sitearch}/selinux/__pycache__

%{python3_sitearch}/selinux/*.py*

%{python3_sitearch}/selinux/*.so

%{python3_sitearch}/selinux/__pycache__/*

%endif with_python3

%files ruby

%defattr(-,root,root,-)

%{ruby_vendorarchdir}/selinux.so

%changelog

* Sat Feb 27 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-2

- Use fully versioned arch-specific requires

* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1

- Update to upstream release 2016-02-23

* Sun Feb 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-0.1.rc1

- Update to upstream rc1 release 2016-01-07

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-8

- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Tue Jan 12 2016 Vít Ondruch <vondruch@redhat.com> - 2.4-7

- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3

* Thu Dec 10 2015 Petr Lautrbach <plautrba@redhat.com> - 2.4-6

- Build libselinux without rpm_execcon() (#1284019)

* Thu Oct 15 2015 Robert Kuska <rkuska@redhat.com> - 2.4-5

- Rebuilt for Python3.5 rebuild

* Wed Sep 30 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-4

- Flush the class/perm string mapping cache on policy reload (#1264051)

- Fix restorecon when path has no context

* Wed Sep 02 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-3

- Simplify procattr cache (#1257157,#1232371)

* Fri Aug 14 2015 Adam Jackson <ajax@redhat.com> 2.4-2

- Export ldflags into the build so hardening works

* Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-1.1

- Update to 2.4 release

* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-11

- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Tue May 12 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-10

- is_selinux_enabled: Add /etc/selinux/config test (#1219045)

- matchpathcon/selabel_file: Fix man pages (#1219718)

* Thu Apr 23 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-9

- revert support for policy compressed with xv (#1185266)

* Tue Apr 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-8

- selinux.py - use os.walk() instead of os.path.walk() (#1195004)

- is_selinux_enabled(): drop no-policy-loaded test (#1195074)

- fix -Wformat errors and remove deprecated mudflap option

* Mon Mar 16 2015 Than Ngo <than@redhat.com> - 2.3-7

- bump release and rebuild so that koji-shadow can rebuild it

  against new gcc on secondary arch

* Mon Jan 19 2015 Vít Ondruch <vondruch@redhat.com> - 2.3-6

- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.2

* Thu Aug 21 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-5

- Compiled file context files and the original should have the same permissions from dwalsh@redhat.com

- Add selinux_openssh_contexts_path() to get a path to /contexts/openssh_contexts

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Wed May 28 2014 Kalev Lember <kalevlember@gmail.com> - 2.3-2

- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4

* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1

- Update to upstream 

	* Get rid of security_context_t and fix const declarations.

	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.

* Tue May 6 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.2.2-8

- Add selinux_openssh_contexts_path()

* Thu Apr 24 2014 Vít Ondruch <vondruch@redhat.com> - 2.2.2-7

- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1

* Mon Feb 24 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-6

- Fix spelling mistake in man page

* Thu Feb 20 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-5

- More go bindings

-   restorecon, getpidcon, setexeccon

* Fri Feb 14 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-4

- Add additional go bindings for get*con calls

- Add go bindings test command

- Modify man pages of set*con calls to mention that they are thread specific

* Fri Jan 24 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-3

- Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go

- Add Int_to_mcs function to generate MCS labels from integers.

* Tue Jan 14 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-2

- Add ghost flag for /var/run/setrans

* Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-1

- Update to upstream 

      * Fix userspace AVC handling of per-domain permissive mode.

- Verify context is not null when passed into *setfilecon_raw

* Fri Dec 27 2013 Adam Williamson <awilliam@redhat.com> - 2.2.1-6

- revert unexplained change to rhat.patch which broke SELinux disablement

* Mon Dec 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-5

- Verify context is not null when passed into lsetfilecon_raw

* Wed Dec 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-4

- Mv selinux.go to /usr/share/gocode/src/selinux

* Tue Dec 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-3

- Add golang support to selinux.

* Thu Dec 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-2

- Remove togglesebool man page

* Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1

- Update to upstream 

	* Remove -lpthread from pkg-config file; it is not required.

- Add support for policy compressed with xv

* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1

- Update to upstream 

	* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.

	* Support overriding Makefile RANLIB from Sven Vermeulen.

	* Update pkgconfig definition from Sven Vermeulen.

	* Mount sysfs before trying to mount selinuxfs from Sven Vermeulen.

	* Fix man pages from Laurent Bigonville.

	* Support overriding PATH  and LIBBASE in Makefiles from Laurent Bigonville.

	* Fix LDFLAGS usage from Laurent Bigonville

	* Avoid shadowing stat in load_mmap from Joe MacDonald.

	* Support building on older PCRE libraries from Joe MacDonald.

	* Fix handling of temporary file in sefcontext_compile from Dan Walsh.

	* Fix procattr cache from Dan Walsh.

	* Define python constants for getenforce result from Dan Walsh.

	* Fix label substitution handling of / from Dan Walsh.

	* Add selinux_current_policy_path from Dan Walsh.

	* Change get_context_list to only return good matches from Dan Walsh.

	* Support udev-197 and higher from Sven Vermeulen and Dan Walsh.

	* Add support for local substitutions from Dan Walsh.

	* Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh.

	* Python wrapper leak fixes from Dan Walsh.

	* Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh.

	* Add selinux_systemd_contexts_path from Dan Walsh.

	* Add selinux_set_policy_root from Dan Walsh.

	* Add man page for sefcontext_compile from Dan Walsh.

* Fri Oct 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-21

- Add systemd_contexts support

- Do substitutions on a local sub followed by a dist sub

* Thu Oct 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-20

- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek 

Resolves #1013801

* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-19

- Fix handling of libselinux getconlist with only one entry

* Tue Sep 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-17

- Add Python constants for SELinux enforcing modes

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.13-17

- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Fri Jun 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-16

- Add sefcontext_compile.8  man page

- Add Russell Coker  patch to fix man pages

- Add patches from Laurent Bigonville to fix Makefiles for debian.

- modify spec file to use %{_prefix}/lib

* Mon May 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-15

- Fix patch that Handles substitutions for /

* Wed Apr 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-14

- Handle substitutions for /

- semanage fcontext -a -e  / /opt/rh/devtoolset-2/root

* Tue Apr 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-13

- Add Eric Paris patch to fix procattr calls after a fork.

* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12

- Move secolor.conf.5 into mcstrans package and out of libselinux 

* Wed Mar 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-11

- Fix python bindings for selinux_check_access

* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-10

- Fix reseting the policy root in matchpathcon

* Wed Mar 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-9

- Cleanup setfcontext_compile atomic patch

- Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root

- Make sure we set exit codes from selinux_label calls to ENOENT or SUCCESS

* Wed Mar 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-8

- Make setfcontext_compile atomic

* Wed Mar 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-7

- Fix memory leak in set*con calls.

* Thu Feb 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-6

- Move matchpathcon to -utils package

- Remove togglesebool

* Thu Feb 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-5

- Fix selinux man page to reflect what current selinux policy is.

* Fri Feb 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-4

- Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files.

* Fri Feb 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-3

- Bring back selinux_current_policy_path

* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-2

- Revert some changes which are causing the wrong policy version file to be created

* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-1

- Update to upstream 

        * audit2why: make sure path is nul terminated

        * utils: new file context regex compiler

        * label_file: use precompiled filecontext when possible

        * do not leak mmapfd

        * sefcontontext_compile: Add error handling to help debug problems in libsemanage.

        * man: make selinux.8 mention service man pages

        * audit2why: Fix segfault if finish() called twice

        * audit2why: do not leak on multiple init() calls

        * mode_to_security_class: interface to translate a mode_t in to a security class

        * audit2why: Cleanup audit2why analysys function

        * man: Fix program synopsis and function prototypes in man pages

        * man: Fix man pages formatting

        * man: Fix typo in man page

        * man: Add references and man page links to _raw function variants

        * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions

        * man: context_new(3): fix the return value description

        * selinux_status_open: handle error from sysconf

        * selinux_status_open: do not leak statusfd on exec

        * Fix errors found by coverity

        * Change boooleans.subs to booleans.subs_dist.

        * optimize set*con functions

        * pkg-config do not specifc ruby version

        * unmap file contexts on selabel_close()

        * do not leak file contexts with mmap'd backend

        * sefcontext_compile: do not leak fd on error

        * matchmediacon: do not leak fd 

        * src/label_android_property: do not leak fd on error

* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20

- Update to latest patches from eparis/Upstream

* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-19

- Update to latest patches from eparis/Upstream

* Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18

- Try procatt speedup patch again

* Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17

- Roll back procattr speedups since it seems to be screwing up systemd labeling.

* Tue Jan 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-16

- Fix tid handling for setfscreatecon, old patch still broken in libvirt

* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15

- Fix tid handling for setfscreatecon, old patch still broken in libvirt

* Mon Jan 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14

- setfscreatecon after fork was broken by the Set*con patch.

- We needed to reset the thread variables after a fork.

* Thu Jan 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13

- Fix setfscreatecon call to handle failure mode, which was breaking udev

* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-12

- Ondrej Oprala patch to optimize set*con functions

-    Set*con now caches the security context and only re-sets it if it changes.

* Tue Jan 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-11

- Rebuild against latest libsepol

* Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-10

- Update to latest patches from eparis/Upstream

-    Fix errors found by coverity

-    set the sepol_compute_av_reason_buffer flag to 0.  This means calculate denials only?

-    audit2why: remove a useless policy vers variable

-    audit2why: use the new constraint information

* Mon Nov 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-9

- Rebuild with latest libsepol

* Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8

- Return EPERM if login program can not reach default label for user

- Attempt to return container info from audit2why

* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-7

- Apply patch from eparis to fix leaked file descriptor in new labeling code

* Fri Oct 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-6

- Add new function mode_to_security_class which takes mode instead of a string.

- Possibly will be used with coreutils.

* Mon Oct 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-5

- Add back selinuxconlist and selinuxdefcon man pages

* Mon Oct 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-4

- Fix segfault from calling audit2why.finish() multiple times

* Fri Oct 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-3

- Fix up selinux man page to reference service man pages

* Wed Sep 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-2

- Rebuild with fixed libsepol

* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1

- Update to upstream 

	* Add support for lxc_contexts_path

	* utils: add service to getdefaultcon

	* libsemanage: do not set soname needlessly

	* libsemanage: remove PYTHONLIBDIR and ruby equivalent

	* boolean name equivalency

	* getsebool: support boolean name substitution

	* Add man page for new selinux_boolean_sub function.

	* expose selinux_boolean_sub

	* matchpathcon: add -m option to force file type check

	* utils: avcstat: clear sa_mask set

	* seusers: Check for strchr failure

	* booleans: initialize pointer to silence coveriety

	* stop messages when SELinux disabled

	* label_file: use PCRE instead of glibc regex functions

	* label_file: remove all typedefs

	* label_file: move definitions to include file

	* label_file: do string to mode_t conversion in a helper function

	* label_file: move error reporting back into caller

	* label_file: move stem/spec handling to header

	* label_file: drop useless ncomp field from label_file data

	* label_file: move spec_hasMetaChars to header

	* label_file: fix potential read past buffer in spec_hasMetaChars

	* label_file: move regex sorting to the header

	* label_file: add accessors for the pcre extra data

	* label_file: only run regex files one time

	* label_file: new process_file function

	* label_file: break up find_stem_from_spec

	* label_file: struct reorg

	* label_file: only run array once when sorting

	* Ensure that we only close the selinux netlink socket once.

	* improve the file_contexts.5 manual page

* Fri Aug 03 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.11-6

- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3

* Wed Aug  1 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.11-5

- make with_python3 be conditional on fedora

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.11-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Mon Jul 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-3

- Move the tmpfiles.d content from /etc/tmpfiles.d to /usr/lib/tmpfiles.d

* Fri Jul 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-2

- Revert Eric Paris Patch for selinux_binary_policy_path

* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1

- Update to upstream 

	* Fortify source now requires all code to be compiled with -O flag

	* asprintf return code must be checked

	* avc_netlink_recieve handle EINTR

	* audit2why: silence -Wmissing-prototypes warning

	* libsemanage: remove build warning when build swig c files

	* matchpathcon: bad handling of symlinks in /

	* seusers: remove unused lineno

	* seusers: getseuser: gracefully handle NULL service

	* New Android property labeling backend

	* label_android_property whitespace cleanups

	* additional makefile support for rubywrap

* Mon Jun 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5

- Fix booleans.subs name, change function name to selinux_boolean_sub, 

  add man page, minor fixes to the function

* Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4

- Fix to compile with Fortify source

      * Add -O compiler flag

      * Check return code from asprintf

- Fix handling of symbolic links in / by realpath_not_final

* Tue Apr 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3

- Add support for lxc contexts file

* Fri Mar 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-2

- Add support fot boolean subs file

* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1

- Update to upstream 

	* Fix dead links to www.nsa.gov/selinux

	* Remove jump over variable declaration

	* Fix old style function definitions

	* Fix const-correctness

	* Remove unused flush_class_cache method

	* Add prototype decl for destructor

	* Add more printf format annotations

	* Add printf format attribute annotation to die() method

	* Fix const-ness of parameters & make usage() methods static

	* Enable many more gcc warnings for libselinux/src/ builds

	* utils: Enable many more gcc warnings for libselinux/utils builds

	* Change annotation on include/selinux/avc.h to avoid upsetting SWIG

	* Ensure there is a prototype for 'matchpathcon_lib_destructor'

	* Update Makefiles to handle /usrmove

	* utils: Stop separating out matchpathcon as something special

	* pkg-config to figure out where ruby include files are located

	* build with either ruby 1.9 or ruby 1.8

	* assert if avc_init() not called

	* take security_deny_unknown into account

	* security_compute_create_name(3)

	* Do not link against python library, this is considered

	* bad practice in debian

	* Hide unnecessarily-exported library destructors

* Thu Feb 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-9

- Add selinux_current_policy_path to return /sys/fs/selinux/policy if it exists

- Otherwise search for policy on disk

* Wed Feb 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-8

- Change selinux_binary_policy_path to return /sys/fs/selinux/policy

- Add selinux_installed_policy_path to return what selinux_binary_policy_path used to return

- avc_has_perm will now return yes if the machine is in permissive mode

- Make work with ruby-1.9

* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-7

- avc_netlink_recieve should continue to poll if it receinves an EINTR rather 

* Sun Jan 29 2012 Kay Sievers <kay@redhat.com> - 2.1.9-6

- use /sbin/ldconfig, glibc does not provide

  /usr/sbin/ldconfig in the RPM database for now

* Fri Jan 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-5

- Rebuild with cleaned up upstream to work in /usr

* Wed Jan 25 2012 Harald Hoyer <harald@redhat.com> 2.1.9-4

- install everything in /usr

  https://fedoraproject.org/wiki/Features/UsrMove

* Mon Jan 23 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-3

- Add Dan Berrange code cleanup patches.

* Wed Jan 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2

- Fix selabal_open man page to refer to proper selinux_opt structure

* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1

-Update to upstream

	* Fix setenforce man page to refer to selinux man page

	* Cleanup Man pages

	* merge freecon with getcon man page

* Mon Dec 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5

- Add patch from Richard Haines

      When selabel_lookup found an invalid context with validation enabled, it

      always stated it was 'file_contexts' whether media, x, db or file.

      The fix is to store the spec file name in the selabel_lookup_rec on

      selabel_open and use this as output for logs. Also a minor fix if key is

      NULL to stop seg faults.

- Fix setenforce manage page.

* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4

- Rebuild with new libsepol

* Tue Dec 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2