%global with_python3 0

%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}

%define libsepolver 2.1.9-1

%define libselinuxver 2.1.13-1

Summary: SELinux binary policy manipulation library 

Name: libsemanage

Version: 2.1.10

Release: 14%{?dist}

License: LGPLv2+

Group: System Environment/Libraries

Source: libsemanage-%{version}.tgz

Patch: libsemanage-rhat.patch

URL: http://oss.tresys.com/git/selinux.git

Source1: semanage.conf

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel

BuildRequires: libsepol-devel >= %{libsepolver} 

BuildRequires: audit-libs-devel

BuildRequires: python-devel bison flex bzip2-devel

%if 0%{?with_python3}

BuildRequires: python3-devel

%endif # if with_python3

Requires: bzip2-libs audit-libs

%description

Security-enhanced Linux is a feature of the Linux® kernel and a number

of utilities with enhanced security functionality designed to add

mandatory access controls to Linux.  The Security-enhanced Linux

kernel contains new architectural components originally developed to

improve the security of the Flask operating system. These

architectural components provide general support for the enforcement

of many kinds of mandatory access control policies, including those

based on the concepts of Type Enforcement®, Role-based Access

Control, and Multi-level Security.

libsemanage provides an API for the manipulation of SELinux binary policies.

It is used by checkpolicy (the policy compiler) and similar tools, as well

as by programs like load_policy that need to perform specific transformations

on binary policies such as customizing policy boolean settings.

%package static

Summary: Static library used to build policy manipulation tools

Group: Development/Libraries

Requires: libsemanage-devel = %{version}-%{release}

%description static

The semanage-static package contains the static libraries 

needed for developing applications that manipulate binary policies. 

%package devel

Summary: Header files and libraries used to build policy manipulation tools

Group: Development/Libraries

Requires: libsemanage = %{version}-%{release} ustr

%description devel

The semanage-devel package contains the libraries and header files

needed for developing applications that manipulate binary policies. 

%package python

Summary: semanage python bindings for libsemanage

Group: Development/Libraries

Requires: libsemanage = %{version}-%{release} 

%description python

The libsemanage-python package contains the python bindings for developing 

SELinux management applications. 

%if 0%{?with_python3}

%package python3

Summary: semanage python 3 bindings for libsemanage

Group: Development/Libraries

Requires: libsemanage = %{version}-%{release} 

%description python3

The libsemanage-python3 package contains the python 3 bindings for developing

SELinux management applications.

%endif # if with_python3

%prep

%setup -q

%patch -p2 -b .rhat

%build

# To support building the Python wrapper against multiple Python runtimes

# Define a function, for how to perform a "build" of the python wrapper against

# a specific runtime:

BuildPythonWrapper() {

  BinaryName=$1

  # Perform the build from the upstream Makefile:

  make \

    PYTHON=$BinaryName \

    CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \

    pywrap

}

make clean

make CFLAGS="%{optflags}" swigify

make CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all

BuildPythonWrapper \

  %{__python}

%if 0%{?with_python3}

BuildPythonWrapper \

  %{__python3}

%endif # with_python3

%install

InstallPythonWrapper() {

  BinaryName=$1

  make \

    PYTHON=$BinaryName \

    DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" \

    install-pywrap

}

rm -rf ${RPM_BUILD_ROOT}

mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} 

mkdir -p ${RPM_BUILD_ROOT}%{_includedir} 

make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install

InstallPythonWrapper \

  %{__python} \

  .so

%if 0%{?with_python3}

InstallPythonWrapper \

  %{__python3} \

  $(python3-config --extension-suffix)

%endif # with_python3

cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf

ln -sf  %{_libdir}/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so

%clean

rm -rf ${RPM_BUILD_ROOT}

%files

%defattr(-,root,root)

%dir %{_sysconfdir}/selinux

%config(noreplace) %{_sysconfdir}/selinux/semanage.conf

/%{_libdir}/libsemanage.so.1

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files static

%defattr(-,root,root)

%{_libdir}/libsemanage.a

%files devel

%defattr(-,root,root)

%{_libdir}/libsemanage.so

%{_libdir}/pkgconfig/libsemanage.pc

%dir %{_includedir}/semanage

%{_includedir}/semanage/*.h

%{_mandir}/man3/*

%{_mandir}/man5/*

%files python

%defattr(-,root,root)

%{python_sitearch}/_semanage.so

%{python_sitearch}/semanage.py*

%if 0%{?with_python3}

%files python3

%defattr(-,root,root)

%{python3_sitearch}/*.so

%{python3_sitearch}/semanage.py*

%{python3_sitearch}/__pycache__/semanage*

%endif # if with_python3

%changelog

* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-14

- Cleanup handling of missing mls_range to fix problems with useradd -Z

- Fix auditing of login record changes, roles were not working correctly.

Resolves: #1018840

* Fri Oct 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-13

- Fix errors found by coverity

Resolves: #952237

* Wed Sep 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-12

- Do not fail on missing SELinux User Record when adding login record

* Mon Sep 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-11

- Add msg to audit records

* Thu Sep 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-10

- Do not write error message to screen when looking for previous record for auditing.

- Add mls_range from user record if the MLS range is not specified by the seuser add record.

- Error out if seuser or mls range is not specified when adding user records

* Mon Sep 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-9

- Create symlink from policy.kern to active kernel.

* Fri Sep 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-8

- Unlink policy.kern when done to save space.

* Fri Jul 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-7

- Move handling of role audit records into the library

- Patch stops semanage from removing user record while in use

* Tue Jul 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-6

- Remove dependance on selinux-policy, /etc/selinux should be owned by libsemanage, and selinux-policy can require it.

* Fri Jun 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5

- Allways build python3 version

* Mon Apr 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4

- 

* Thu Apr 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3

- Fix test suite to build

* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-2

- Revert some changes which are causing the wrong policy version file to be created

* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1

- Update to upstream 

	* Add sefcontext_compile to compile regex everytime policy is rebuilt

	* Cleanup/fix enable/disable/remove module.

	* redo genhomedircon minuid

	* fixes from coverity

	* semanage_store: do not leak memory in semanage_exec_prog

	* genhomedircon: remove useless conditional in get_home_dirs

	* genhomedircon: double free in get_home_dirs

	* fcontext_record: do not leak on error in semanage_fcontext_key_create

	* genhomedircon: do not leak on failure in write_gen_home_dir_context

	* semanage_store: do not leak fd 

	* genhomedircon: do not leak shells list

	* semanage_store: do not leak on strdup failure 

	* semanage_store: rewrite for readability

* Wed Jan 16 2013 Dan Walsh <dwalsh@redhat.com> 2.1.9-4

- Add selinux-policy as a requires to get /etc/selinux owned

* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> 2.1.9-3

- Update to latest patches from eparis/Upstream

-    libsemanage: fixes from coverity

-    libsemange: redo genhomedircon minuid

* Wed Nov 21 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2

- Fix handling of missing semanage permissive -d foo, not failing correctly

- Previous to this fix the first module beginning with foo would get deleted.

* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1

- Update to upstream 

	* libsemanage: do not set soname needlessly

	* libsemanage: remove PYTHONLIBDIR and ruby equivalent

	* do boolean name substitution

	* Fix segfault for building standard policies.

* Fri Aug 03 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.8-6

- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3

* Wed Aug  1 2012 David Malcolm <dmalcolm@redhat.com> - 2.1.8-5

- remove rhel logic from with_python3 conditional

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.8-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Fri Jul 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3

- Attempt to allocate memory for selinux_binary_policy_path and free memory 

- allocated by asprintf.

* Thu Jul 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2

- Fix asprintf within an asprintf call

* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1

- Update to upstream 

	* remove build warning when build swig c files

	* additional makefile support for rubywrap

	* ignore 80 column limit for readability

	* semanage_store: fix snprintf length argument by using asprintf

	* Use default semanage.conf as a fallback

	* use after free in python bindings

* Tue May 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2

- Apply patch from Sven Vermeulen to fix problem with python3 bindings.

* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1

- Update to upstream 

	* Alternate path for semanage.conf

	* do not link against libpython, this is considered bad in Debian

	* Allow to build for several ruby version

	* fallback-user-level

* Wed Feb 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.6-3

- Check in correct patch.

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.6-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Fri Jan 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2

- Add patch form Xin Ouyang to make library use private semanage.conf 

* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1

-Update to upstream

	* add ignoredirs config for genhomedircon

	* Fallback_user_level can be NULL if you are not using MLS

* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-4

- Rebuild with latest libsepol

* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3

- Rebuild with latest libsepol

* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2

- Add support for ignoredirs param in /etc/selinux/semanage.conf

* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1

- Upgrade to upstream

	* regenerate .pc on VERSION change

	* maintain mode even if umask is tighter

	* semanage.conf man page

	* create man5dir if not exist

* Wed Oct 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2

-    Fix handling of umask, so files get created with the correct label.

* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2

-    Add Guido Trentalancia semanage.conf man page

* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1

-Update to upstream

	* Create a new preserve_tunables flag

	* tree: default make target to all not

	* fix semanage_store_access_check calling arguments

* Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-2

- Add support for preserving tunables

* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.3-1

-Update to upstream

	* python wrapper makefile changes

* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-1

-Update to upstream

2.1.2 2011-08-17

	* print error debug info for buggy fc

	* introduce semanage_set_root and friends

	* throw exceptions in python rather than return

	* python3 support.

	* patch for MCS/MLS in user files

2.1.1 2011-08-01

	* Remove generated files, expand .gitignore

	* Use -Werror and change a few prototypes to support it

* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.0-1

- Update to upstream

	* Release, minor version bump

* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6

- More fixes for disabled modules

* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5

- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module 

indicating the module is disabled.  MODULE.pp.disabled, it will no longer rename the module.  This way we can

ship active modules in rpm.

* Wed Jun 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-4

- Add semanage_set_selinux_path, to allow semodule to work on alternate selinux pools

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.46-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Thu Dec 30 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.46-2

- big reworking of the support-multiple-python-builds patch to deal with

PEP 3149: the latest Python 3.2 onwards uses include paths and library names

that don't fit prior naming patterns, and so we must query python3-config for

this information.  To complicate things further, python 2's python-config

doesn't understand all of the options needed ("--extension-suffix").  I've

thus added new Makefile variables as needed, to be supplied by the specfile by

invoking the appropriate config tool (or by hardcoding the old value for

"--extension-suffix" i.e. ".so")

- rework python3 manifest for PEP 3149, and rebuild for newer python3

* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1

- Update to upstream

  * Fix compliation under GCC 4.6 by Justin Mattock

* Wed Aug 25 2010 Thomas Spura <tomspur@fedoraproject.org> - 2.0.45-6

- rebuild with python3.2

  http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html

* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-5

- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

* Tue Apr 27 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-4

- add python3 subpackage

* Wed Apr 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-3

- Fix -devel package to point at the correct shared library

* Fri Mar 26 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-2

- Move shared library to /usr/lib

* Mon Mar 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-1

- Update to upstream

	* Add enable/disable patch support from Dan Walsh.

	* Add usepasswd flag to semanage.conf to disable genhomedircon using

	  passwd from Dan Walsh.

	* regenerate swig wrappers

* Thu Feb 25 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-2

- Allow disable of usepasswd

* Wed Feb 17 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-1

- Update to upstream

	* Replace usage of fmemopen() with sepol_policy_file_set_mem() since

	  glibc < 2.9 does not support binary mode ('b') for fmemopen'd

	  streams.

* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-4

- Cleanup spec file

* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-3

- Splect libsemanage.a into a static subpackage to keep fedora packaging guidelines happy

* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-2

- Rebuild all c programs with -fPIC

* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-1

- Update to upstream

  * Move libsemanage.so to /usr/lib

  * Add NAME lines to man pages from Manoj Srivastava<srivasta@debian.org>

* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.42-1

- Update to upstream

  * Move load_policy from /usr/sbin to /sbin from Dan Walsh.

* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.41-1

- Update to upstream

  * Add pkgconfig file from Eamon Walsh.

  * Add semanage_set_check_contexts() function to disable calling

  setfiles

* Mon Sep 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.39-1

- Update to upstream

  * make swigify

* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-2

- Dont relabel /root with genhomedircon

* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-1

- Update to upstream

  * Change semodule upgrade behavior to install even if the module

    is not present from Dan Walsh.

  * Make genhomedircon trim excess '/' from homedirs from Dan Walsh.

* Wed Sep 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.37-1

- Update to upstream

  * Fix persistent dontaudit support to rebuild policy if the 

        dontaudit state is changed from Chad Sellers.

- Move load_policy to /sbin

* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-2

- Add enable/disable modules

* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-1

- Update to upstream

  * Changed bzip-blocksize=0 handling to support existing compressed

  modules in the store.

* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-2

- Make sure /root is not used in genhomedircon

* Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1

- Revert hard linking of files between tmp/active/previous.

- Enable configuration of bzip behavior from Stephen Smalley.

-   bzip-blocksize=0 to disable compression and decompression support.

-   bzip-blocksize=1..9 to set the blocksize for compression.

-   bzip-small=true to reduce memory usage for decompression.

* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.33-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Fri Jul 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-2

- Put check for /root back into genhomedircon

* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-1

- Update to upstream

* Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.32-1

- Update to upstream

  * Ruby bindings from David Quigley.

* Thu Apr 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-5

- Return error on invalid file

* Wed Mar 11 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-4

- Fix typo

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.31-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Jan 15 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-2

- Fix link to only link on sandbox

* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-1

- Update to upstream

  * Policy module compression (bzip) support from Dan Walsh.

  * Hard link files between tmp/active/previous from Dan Walsh.

* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.30-3

- Fix up patch to get it upstreamed

* Thu Dec 04 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.30-2

- Rebuild for Python 2.6

* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1

- Add semanage_mls_enabled() interface from Stephen Smalley.

* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.29-2

- Rebuild for Python 2.6

* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1

- Update to upstream

  * Add USER to lines to homedir_template context file from Chris PeBenito.

* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-2

- Add compression support

* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1

- Update to upstream

  * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh

* Wed Sep 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-3

- Additional fixes for Don't rebuild on fcontext or seuser modifications

* Tue Sep 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-2

- Don't rebuild on fcontext or seuser modifications

* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-1

- Update to upstream

  * Modify genhomedircon to skip groupname entries.

  Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the groupname syntax.

* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1

- Update to upstream

  * Fix bug in genhomedircon fcontext matches logic from Dan Walsh.

  Strip any trailing slash before appending /*$.

* Tue Jun 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-3

- Another fix for genhomedircon

* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.25-2

- fix license tag

* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-1

- Update to upstream

  * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.

    Fixes semanage boolean -D seg fault (bug 441379).

* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.24-1

- Update to upstream

  * make swigify

* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1

- Update to upstream

  * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.

* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1

- Update to upstream

  * Free policydb before fork from Joshua Brindle.

  * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.

* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.20-1

- Update to upstream

  * Use sepol_set_expand_consume_base to reduce peak memory usage when

  using semodule

* Fri Feb 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.19-1

- Update to upstream

  * Fix genhomedircon to not override a file context with a homedir context from Todd Miller.

* Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1

- Update to upstream

  * Fix spurious out of memory error reports.

  * Merged second version of fix for genhomedircon handling from Caleb Case.

* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-1

- Update to upstream

  * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.

* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-2

- Stop differentiating on user for homedir labeling

* Thu Dec 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1

- Update to upstream

  * Fix genhomedircon handling of shells and missing user context template from Dan Walsh.

  * Copy the store path in semanage_select_store from Dan Walsh.

- Add expand-check=0 to semanage.conf

* Mon Dec 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-5

- Fix handling of /etc/shells so genhomedircon will work

* Thu Nov 29 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-3

- Allow semanage_genhomedircon to work with out a USER int homedir.template

* Sat Nov 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2

- Fix semanage_select_store to allocate memory, fixes crash on invalid store

* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1

- Upgrade to latest from NSA

  * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.

  * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.

* Fri Oct 5 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.12-1

- Upgrade to latest from NSA

  * ustr cleanups from James Antill.

  * Ensure that /root gets labeled even if using the default context from Dan Walsh.

* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.11-1

- Upgrade to latest from NSA

  * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.

* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-2

- Fix sort order on generated homedir context

* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-1

- Upgrade to latest from NSA

  * Fix error checking on getpw*_r functions from Todd Miller.

  * Make genhomedircon skip invalid homedir contexts from Todd Miller.

  * Set default user and prefix from seusers from Dan Walsh.

  * Add swigify Makefile target from Dan Walsh.

* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1

- Upgrade to latest from NSA

  * Pass CFLAGS to CC even on link command, per Dennis Gilmore.

  * Clear errno on non-fatal errors to avoid reporting them upon a

    later error that does not set errno.

  * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.

- Fix segfault in genhomedircon when using bad user names

* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-2

- Fix genhomedircon code to only generate valid context

- Fixes autorelabel problem

* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-1

- Upgrade to latest from NSA

  * Change to use getpw* function calls to the _r versions from Todd Miller.

* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.5-1

- Upgrade to latest from NSA

* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.4-1

- Upgrade to latest from NSA

  * Allow dontaudits to be turned off via semanage interface when

    updating policy

* Sat Aug 11 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-5

- Add ability to load a policy without dontaudit rules

-

* Tue Jun 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-4

- Rebuild to fix segfault on x86 platforms, swigify on each build

* Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-3

- Rebuild for rawhide

* Thu May 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2

- Apply patch to fix dependencies in spec file from Robert Scheck

* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1

- Upgrade to latest from NSA

  * Fix to libsemanage man patches so whatis will work better from Dan Walsh

* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.2-1

- Upgrade to latest from NSA

- Merged optimizations from Stephen Smalley.

-    do not set all booleans upon commit, only those whose values have changed

-    only install the sandbox upon commit if something was rebuilt

* Sat Mar 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2

- Add SELinux to Man page Names so man -k will work

* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1

- Merged dbase_file_flush patch from Dan Walsh.

- This removes any mention of specific tools (e.g. semanage)

- from the comment header of the auto-generated files,

- since there are multiple front-end tools.

* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1

- Upgrade to latest from NSA

  * Merged Makefile test target patch from Caleb Case.

  * Merged get_commit_number function rename patch from Caleb Case.

  * Merged strnlen -> strlen patch from Todd Miller.

* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.10.1-1

- Upgrade to latest from NSA

  * Merged python binding fix from Dan Walsh.

  * Updated version for stable branch.

* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.2-1

- Upgrade to latest from NSA

  * Merged patch to optionally reduce disk usage by removing 

    the backup module store and linked policy from Karl MacMillan

  * Merged patch to correctly propagate return values in libsemanage

* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-3

- Apply Karl MacMillan patch to get proper error codes.

* Thu Dec  7 2006 Jeremy Katz <katzj@redhat.com> - 1.9.1-2

- rebuild against python 2.5

* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-1

- Upgrade to latest from NSA