+
+ SELinux roles
+-""")
++""" % self.os_version)
+ for letter in self.manpage_roles:
+ if len(self.manpage_roles[letter]):
+ fd.write("""
+@@ -424,6 +398,9 @@ class ManPage:
+ self.all_file_types = sepolicy.get_all_file_types()
+ self.role_allows = sepolicy.get_all_role_allows()
+ self.types = _gen_types()
++ self.exec_types = _gen_exec_types()
++ self.entry_types = _gen_entry_types()
++ self.mcs_constrained_types = _gen_mcs_constrained_types()
+
+ if self.source_files:
+ self.fcpath = self.root + "file_contexts"
+@@ -736,10 +713,13 @@ Default Defined Ports:""")
+
+ def _file_context(self):
+ flist = []
++ flist_non_exec = []
+ mpaths = []
+ for f in self.all_file_types:
+ if f.startswith(self.domainname):
+ flist.append(f)
++ if not f in self.exec_types or not f in self.entry_types:
++ flist_non_exec.append(f)
+ if f in self.fcdict:
+ mpaths = mpaths + self.fcdict[f]["regex"]
+ if len(mpaths) == 0:
+@@ -791,19 +771,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+ .PP
+ """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
+
+- self.fd.write(r"""
++ if flist_non_exec:
++ self.fd.write(r"""
+ .PP
+ .B STANDARD FILE CONTEXT
+
+ SELinux defines the file context types for the %(domainname)s, if you wanted to
+ store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
+
+-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
++.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
+ .br
+ .B restorecon -R -v /srv/my%(domainname)s_content
+
+ Note: SELinux often uses regular expressions to specify labels that match multiple files.
+-""" % {'domainname': self.domainname, "type": flist[0]})
++""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
+
+ self.fd.write(r"""
+ .I The following file types are defined for %(domainname)s:
+@@ -974,11 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
+ %s""" % ", ".join(paths))
+
+ def _mcs_types(self):
+- try:
+- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+- except StopIteration:
+- return
+- if self.type not in mcs_constrained_type['types']:
++ if self.type not in self.mcs_constrained_types['types']:
+ return
+ self.fd.write ("""
+ .SH "MCS Constrained"
diff --git a/SOURCES/selinux-sandbox-fedora.patch b/SOURCES/selinux-sandbox-fedora.patch
new file mode 100644
index 0000000..4986b98
--- /dev/null
+++ b/SOURCES/selinux-sandbox-fedora.patch
@@ -0,0 +1,186 @@
+diff --git selinux-sandbox-2.8/Makefile selinux-sandbox-2.8/Makefile
+index 49c1d3f..9e45329 100644
+--- selinux-sandbox-2.8/Makefile
++++ selinux-sandbox-2.8/Makefile
+@@ -12,6 +12,7 @@ override LDLIBS += -lselinux -lcap-ng
+ SEUNSHARE_OBJS = seunshare.o
+
+ all: sandbox seunshare sandboxX.sh start
++ (cd po && $(MAKE) $@)
+
+ seunshare: $(SEUNSHARE_OBJS)
+
+@@ -30,6 +31,7 @@ install: all
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
++ (cd po && $(MAKE) $@)
+
+ test:
+ @$(PYTHON) test_sandbox.py -v
+diff --git selinux-sandbox-2.8/po/Makefile selinux-sandbox-2.8/po/Makefile
+new file mode 100644
+index 0000000..0556bbe
+--- /dev/null
++++ selinux-sandbox-2.8/po/Makefile
+@@ -0,0 +1,82 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE = sandbox
++POTFILE = $(NLSPACKAGE).pot
++INSTALL = /usr/bin/install -c -p
++INSTALL_DATA = $(INSTALL) -m 644
++INSTALL_DIR = /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE = msgmerge
++MSGMERGE_FLAGS = -q
++XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
++MSGFMT = msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES = $(patsubst %.po,%.mo,$(POFILES))
++POTFILES = $(shell cat POTFILES)
++
++#default:: clean
++
++all:: $(POTFILE) $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
++ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++ rm -f $(NLSPACKAGE).po; \
++ else \
++ mv -f $(NLSPACKAGE).po $(POTFILE); \
++ fi; \
++
++
++refresh-po: Makefile
++ for cat in $(POFILES); do \
++ lang=`basename $$cat .po`; \
++ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++ mv -f $$lang.pot $$lang.po ; \
++ echo "$(MSGMERGE) of $$lang succeeded" ; \
++ else \
++ echo "$(MSGMERGE) of $$lang failed" ; \
++ rm -f $$lang.pot ; \
++ fi \
++ done
++
++clean:
++ @rm -fv *mo *~ .depend
++ @rm -rf tmp
++
++install: $(MOFILES)
++ @for n in $(MOFILES); do \
++ l=`basename $$n .mo`; \
++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++ done
++
++%.mo: %.po
++ $(MSGFMT) -o $@ $<
++report:
++ @for cat in $(wildcard *.po); do \
++ echo -n "$$cat: "; \
++ msgfmt -v --statistics -o /dev/null $$cat; \
++ done
++
++.PHONY: missing depend
++
++relabel:
+diff --git selinux-sandbox-2.8/po/POTFILES selinux-sandbox-2.8/po/POTFILES
+new file mode 100644
+index 0000000..deff3f2
+--- /dev/null
++++ selinux-sandbox-2.8/po/POTFILES
+@@ -0,0 +1 @@
++../sandbox
+diff --git selinux-sandbox-2.8/sandbox selinux-sandbox-2.8/sandbox
+index c07a1d8..948496d 100644
+--- selinux-sandbox-2.8/sandbox
++++ selinux-sandbox-2.8/sandbox
+@@ -37,7 +37,7 @@ import sepolicy
+
+ SEUNSHARE = "/usr/sbin/seunshare"
+ SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-sandbox"
+ try:
+ import gettext
+ kwargs = {}
+@@ -268,7 +268,7 @@ class Sandbox:
+ copyfile(f, "/tmp", self.__tmpdir)
+ copyfile(f, "/var/tmp", self.__tmpdir)
+
+- def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
++ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
+ execfile = self.__homedir + "/.sandboxrc"
+ fd = open(execfile, "w+")
+ if self.__options.session:
+@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
+
+ parser.add_option("-W", "--windowmanager", dest="wm",
+ type="string",
+- default="/usr/bin/openbox",
++ default="/usr/bin/matchbox-window-manager",
+ help=_("alternate window manager"))
+
+ parser.add_option("-l", "--level", dest="level",
+diff --git selinux-sandbox-2.8/sandbox.8 selinux-sandbox-2.8/sandbox.8
+index d83fee7..90ef495 100644
+--- selinux-sandbox-2.8/sandbox.8
++++ selinux-sandbox-2.8/sandbox.8
+@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
+ \fB\-W\fR \fB\-\-windowmanager\fR
+ Select alternative window manager to run within
+ .B sandbox \-X.
+-Default to /usr/bin/openbox.
++Default to /usr/bin/matchbox-window-manager.
+ .TP
+ \fB\-X\fR
+ Create an X based Sandbox for gui apps, temporary files for
+diff --git selinux-sandbox-2.8/sandboxX.sh selinux-sandbox-2.8/sandboxX.sh
+index eaa500d..c211ebc 100644
+--- selinux-sandbox-2.8/sandboxX.sh
++++ selinux-sandbox-2.8/sandboxX.sh
+@@ -6,21 +6,7 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
+ [ -z $2 ] && export DPI="96" || export DPI="$2"
+ trap "exit 0" HUP
+
+-mkdir -p ~/.config/openbox
+-cat > ~/.config/openbox/rc.xml << EOF
+-
+-
+-
+- no
+- all
+- yes
+-
+-
+-
+-EOF
+-
+-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
++(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
+ cat > ~/seremote << __EOF
+ #!/bin/sh
diff --git a/SOURCES/semodule-utils-fedora.patch b/SOURCES/semodule-utils-fedora.patch
new file mode 100644
index 0000000..cde0b2d
--- /dev/null
+++ b/SOURCES/semodule-utils-fedora.patch
@@ -0,0 +1,12 @@
+diff --git semodule-utils-2.8/semodule_package/semodule_package.c semodule-utils-2.8/semodule_package/semodule_package.c
+index 3515234..7b75b3f 100644
+--- semodule-utils-2.8/semodule_package/semodule_package.c
++++ semodule-utils-2.8/semodule_package/semodule_package.c
+@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
+ }
+ if (!sb.st_size) {
+ *len = 0;
++ close(fd);
+ return 0;
+ }
+
diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec
new file mode 100644
index 0000000..75b6dc1
--- /dev/null
+++ b/SPECS/policycoreutils.spec
@@ -0,0 +1,5378 @@
+%global libauditver 2.1.3-4
+%global libsepolver 2.8-2
+%global libsemanagever 2.8-4
+%global libselinuxver 2.8-6
+%global sepolgenver 2.8
+
+%global generatorsdir %{_prefix}/lib/systemd/system-generators
+
+Summary: SELinux policy core utilities
+Name: policycoreutils
+Version: 2.8
+Release: 16.1%{?dist}
+License: GPLv2
+# https://github.com/SELinuxProject/selinux/wiki/Releases
+Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
+Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-python-2.8.tar.gz
+Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-gui-2.8.tar.gz
+Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-sandbox-2.8.tar.gz
+Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-dbus-2.8.tar.gz
+Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/semodule-utils-2.8.tar.gz
+Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/restorecond-2.8.tar.gz
+URL: https://github.com/SELinuxProject
+Source12: policycoreutils_man_ru2.tar.bz2
+Source13: system-config-selinux.png
+Source14: sepolicy-icons.tgz
+Source15: selinux-autorelabel
+Source16: selinux-autorelabel.service
+Source17: selinux-autorelabel-mark.service
+Source18: selinux-autorelabel.target
+Source19: selinux-autorelabel-generator.sh
+Source20: policycoreutils-po.tgz
+Source21: python-po.tgz
+Source22: gui-po.tgz
+Source23: sandbox-po.tgz
+# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
+# run:
+# HEAD 15b521e6d24b1cb3a004d49f630f1d33f3e11466
+# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
+# VERSION=2.8 ./make-fedora-selinux-patch.sh $i
+# done
+Patch: policycoreutils-fedora.patch
+Patch1: selinux-python-fedora.patch
+Patch2: selinux-gui-fedora.patch
+Patch3: selinux-sandbox-fedora.patch
+Patch4: selinux-dbus-fedora.patch
+Patch5: semodule-utils-fedora.patch
+Patch6: restorecond-fedora.patch
+Obsoletes: policycoreutils < 2.0.61-2
+Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
+# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
+Conflicts: initscripts < 9.66
+Provides: /sbin/fixfiles
+Provides: /sbin/restorecon
+
+BuildRequires: gcc
+BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
+BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
+BuildRequires: python3-devel
+BuildRequires: systemd
+Requires: util-linux grep gawk diffutils rpm sed
+Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
+
+%description
+Security-enhanced Linux is a feature of the Linux® kernel and a number
+of utilities with enhanced security functionality designed to add
+mandatory access controls to Linux. The Security-enhanced Linux
+kernel contains new architectural components originally developed to
+improve the security of the Flask operating system. These
+architectural components provide general support for the enforcement
+of many kinds of mandatory access control policies, including those
+based on the concepts of Type Enforcement®, Role-based Access
+Control, and Multi-level Security.
+
+policycoreutils contains the policy core utilities that are required
+for basic operation of a SELinux system. These utilities include
+load_policy to load policies, setfiles to label filesystems, newrole
+to switch roles.
+
+%prep
+# create selinux/ directory and extract sources
+%setup -q -c -n selinux
+%setup -q -T -D -a 1 -n selinux
+%setup -q -T -D -a 2 -n selinux
+%setup -q -T -D -a 3 -n selinux
+%setup -q -T -D -a 4 -n selinux
+%setup -q -T -D -a 5 -n selinux
+%setup -q -T -D -a 6 -n selinux
+%patch -p0 -b .policycoreutils-fedora
+
+cp %{SOURCE13} selinux-gui-%{version}/
+tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
+%patch1 -p0 -b .selinux-python
+%patch2 -p0 -b .selinux-gui
+%patch3 -p0 -b .selinux-sandbox
+%patch4 -p0 -b .selinux-dbus
+%patch5 -p0 -b .semodule-utils
+%patch6 -p0 -b .restorecond
+
+# Since patches containing translation changes were too big, translations were moved to separate tarballs
+# For more information see README.translations
+tar -x -f %{SOURCE20} -C policycoreutils-%{version} -z
+tar -x -f %{SOURCE21} -C selinux-python-%{version} -z
+tar -x -f %{SOURCE22} -C selinux-gui-%{version} -z
+tar -x -f %{SOURCE23} -C selinux-sandbox-%{version} -z
+
+%build
+%set_build_flags
+export PYTHON=%{__python3}
+
+make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-python-%{version} PYTHON=%{__python3} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+
+%install
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_sbindir}
+mkdir -p %{buildroot}%{_mandir}/man1
+mkdir -p %{buildroot}%{_mandir}/man5
+mkdir -p %{buildroot}%{_mandir}/man8
+%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
+
+make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+
+# Fix perms on newrole so that objcopy can process it
+chmod 0755 %{buildroot}%{_bindir}/newrole
+
+# Systemd
+rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
+
+tar -jxf %{SOURCE12} -C %{buildroot}/
+rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
+rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
+rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
+rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
+rm -f %{buildroot}/usr/sbin/open_init_pty
+rm -f %{buildroot}/usr/sbin/run_init
+rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
+rm -f %{buildroot}/usr/share/man/man8/run_init.8*
+rm -f %{buildroot}/etc/pam.d/run_init*
+
+ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
+
+desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
+ %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
+
+desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
+ %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
+
+desktop-file-install --dir %{buildroot}%{_datadir}/applications \
+ %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
+
+rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
+rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
+rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
+
+mkdir -m 755 -p %{buildroot}/%{generatorsdir}
+install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
+install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
+install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
+install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
+install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
+
+# change /usr/bin/python to %%{__python3} in policycoreutils-python3
+pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
+
+# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils
+pathfix.py -i "%{__python3} -Es" -p \
+ %{buildroot}%{_sbindir}/semanage \
+ %{buildroot}%{_bindir}/chcat \
+ %{buildroot}%{_bindir}/sandbox \
+ %{buildroot}%{_datadir}/sandbox/start \
+ %{buildroot}%{_bindir}/audit2allow \
+ %{buildroot}%{_bindir}/sepolicy \
+ %{buildroot}%{_bindir}/sepolgen-ifgen \
+ %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
+ %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
+ %{buildroot}%{_datadir}/system-config-selinux/polgengui.py \
+ %nil
+
+# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
+find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
+ %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
+ -type f -name '*~' | xargs rm -f
+
+%find_lang policycoreutils
+%find_lang selinux-python
+%find_lang selinux-gui
+%find_lang selinux-sandbox
+
+%package python-utils
+Summary: SELinux policy core python utilities
+Requires: python3-policycoreutils = %{version}-%{release}
+Obsoletes: policycoreutils-python <= 2.4-4
+BuildArch: noarch
+
+%description python-utils
+The policycoreutils-python-utils package contains the management tools use to manage
+an SELinux environment.
+
+%files python-utils
+%{_sbindir}/semanage
+%{_bindir}/chcat
+%{_bindir}/sandbox
+%{_bindir}/audit2allow
+%{_bindir}/audit2why
+%{_mandir}/man1/audit2allow.1*
+%{_mandir}/ru/man1/audit2allow.1*
+%{_mandir}/man1/audit2why.1*
+%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
+%{_mandir}/man8/chcat.8*
+%{_mandir}/ru/man8/chcat.8*
+%{_mandir}/man8/sandbox.8*
+%{_mandir}/man8/semanage*.8*
+%{_mandir}/ru/man8/semanage.8*
+%{_datadir}/bash-completion/completions/semanage
+
+%package dbus
+Summary: SELinux policy core DBUS api
+Requires: python3-policycoreutils = %{version}-%{release}
+Requires: python3-slip-dbus
+BuildArch: noarch
+
+%description dbus
+The policycoreutils-dbus package contains the management DBUS API use to manage
+an SELinux environment.
+
+%files dbus
+%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
+%{_datadir}/dbus-1/system-services/org.selinux.service
+%{_datadir}/polkit-1/actions/org.selinux.policy
+%{_datadir}/polkit-1/actions/org.selinux.config.policy
+%{_datadir}/system-config-selinux/selinux_server.py*
+
+%package -n python3-policycoreutils
+%{?python_provide:%python_provide python3-policycoreutils}
+# Remove before F31
+Provides: %{name}-python3 = %{version}-%{release}
+Provides: %{name}-python3 = %{version}-%{release}
+Obsoletes: %{name}-python3 < %{version}-%{release}
+Summary: SELinux policy core python3 interfaces
+Requires:policycoreutils = %{version}-%{release}
+Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
+# no python3-audit-libs yet
+Requires:audit-libs-python3 >= %{libauditver}
+Requires: checkpolicy
+Requires: python3-setools >= 4.1.1
+BuildArch: noarch
+
+%description -n python3-policycoreutils
+The python3-policycoreutils package contains the interfaces that can be used
+by python 3 in an SELinux environment.
+
+%files -f selinux-python.lang -n python3-policycoreutils
+%{python3_sitelib}/seobject.py*
+%{python3_sitelib}/__pycache__
+%{python3_sitelib}/sepolgen
+%dir %{python3_sitelib}/sepolicy
+%{python3_sitelib}/sepolicy/templates
+%dir %{python3_sitelib}/sepolicy/help
+%{python3_sitelib}/sepolicy/help/*
+%{python3_sitelib}/sepolicy/__init__.py*
+%{python3_sitelib}/sepolicy/booleans.py*
+%{python3_sitelib}/sepolicy/communicate.py*
+%{python3_sitelib}/sepolicy/generate.py*
+%{python3_sitelib}/sepolicy/interface.py*
+%{python3_sitelib}/sepolicy/manpage.py*
+%{python3_sitelib}/sepolicy/network.py*
+%{python3_sitelib}/sepolicy/transition.py*
+%{python3_sitelib}/sepolicy/sedbus.py*
+%{python3_sitelib}/sepolicy*.egg-info
+%{python3_sitelib}/sepolicy/__pycache__
+
+%package devel
+Summary: SELinux policy core policy devel utilities
+Requires: policycoreutils-python-utils = %{version}-%{release}
+Requires: /usr/bin/make dnf
+Requires: selinux-policy-devel
+
+%description devel
+The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
+
+%files devel
+%{_bindir}/sepolgen
+%{_bindir}/sepolgen-ifgen
+%{_bindir}/sepolgen-ifgen-attr-helper
+%dir /var/lib/sepolgen
+/var/lib/sepolgen/perm_map
+%{_bindir}/sepolicy
+%{_mandir}/man8/sepolgen.8*
+%{_mandir}/man8/sepolicy-booleans.8*
+%{_mandir}/man8/sepolicy-generate.8*
+%{_mandir}/man8/sepolicy-interface.8*
+%{_mandir}/man8/sepolicy-network.8*
+%{_mandir}/man8/sepolicy.8*
+%{_mandir}/man8/sepolicy-communicate.8*
+%{_mandir}/man8/sepolicy-manpage.8*
+%{_mandir}/man8/sepolicy-transition.8*
+%{_usr}/share/bash-completion/completions/sepolicy
+
+
+%package sandbox
+Summary: SELinux sandbox utilities
+Requires: python3-policycoreutils = %{version}-%{release}
+Requires: xorg-x11-server-Xephyr >= 1.14.1-2 /usr/bin/rsync /usr/bin/xmodmap
+Requires: matchbox-window-manager
+BuildRequires: libcap-ng-devel
+
+%description sandbox
+The policycoreutils-sandbox package contains the scripts to create graphical
+sandboxes
+
+%files -f selinux-sandbox.lang sandbox
+%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
+%{_datadir}/sandbox/sandboxX.sh
+%{_datadir}/sandbox/start
+%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
+%{_mandir}/man8/seunshare.8*
+%{_mandir}/man5/sandbox.5*
+
+%package newrole
+Summary: The newrole application for RBAC/MLS
+Requires: policycoreutils = %{version}-%{release}
+
+%description newrole
+RBAC/MLS policy machines require newrole as a way of changing the role
+or level of a logged in user.
+
+%files newrole
+%attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
+%{_mandir}/man1/newrole.1.gz
+%config(noreplace) %{_sysconfdir}/pam.d/newrole
+
+%package gui
+Summary: SELinux configuration GUI
+Requires: policycoreutils-devel = %{version}-%{release}, python3-policycoreutils = %{version}-%{release}
+Requires: policycoreutils-dbus = %{version}-%{release}
+Requires: gtk3, python3-gobject
+BuildRequires: desktop-file-utils
+BuildArch: noarch
+
+%description gui
+system-config-selinux is a utility for managing the SELinux environment
+
+%files -f selinux-gui.lang gui
+%{_bindir}/system-config-selinux
+%{_bindir}/selinux-polgengui
+%{_datadir}/applications/sepolicy.desktop
+%{_datadir}/applications/system-config-selinux.desktop
+%{_datadir}/applications/selinux-polgengui.desktop
+%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
+%{_datadir}/pixmaps/system-config-selinux.png
+%dir %{_datadir}/system-config-selinux
+%{_datadir}/system-config-selinux/system-config-selinux.png
+%{_datadir}/system-config-selinux/*Page.py*
+%{_datadir}/system-config-selinux/html_util.py*
+%{_datadir}/system-config-selinux/polgengui.py*
+%{_datadir}/system-config-selinux/system-config-selinux.py*
+%{_datadir}/system-config-selinux/*.ui
+%{python3_sitelib}/sepolicy/gui.py*
+%{python3_sitelib}/sepolicy/sepolicy.glade
+%{_datadir}/icons/hicolor/*/apps/sepolicy.png
+%{_datadir}/pixmaps/sepolicy.png
+%{_mandir}/man8/system-config-selinux.8*
+%{_mandir}/man8/selinux-polgengui.8*
+%{_mandir}/man8/sepolicy-gui.8*
+
+%files -f %{name}.lang
+%{_sbindir}/restorecon
+%{_sbindir}/restorecon_xattr
+%{_sbindir}/fixfiles
+%{_sbindir}/setfiles
+%{_sbindir}/load_policy
+%{_sbindir}/genhomedircon
+%{_sbindir}/setsebool
+%{_sbindir}/semodule
+%{_sbindir}/sestatus
+%{_bindir}/secon
+%{_bindir}/semodule_expand
+%{_bindir}/semodule_link
+%{_bindir}/semodule_package
+%{_bindir}/semodule_unpackage
+%{_libexecdir}/selinux/hll
+%{_libexecdir}/selinux/selinux-autorelabel
+%{_unitdir}/selinux-autorelabel-mark.service
+%{_unitdir}/selinux-autorelabel.service
+%{_unitdir}/selinux-autorelabel.target
+%{generatorsdir}/selinux-autorelabel-generator.sh
+%config(noreplace) %{_sysconfdir}/sestatus.conf
+# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
+%{_mandir}/man5/selinux_config.5.gz
+%{_mandir}/man5/sestatus.conf.5.gz
+%{_mandir}/man8/fixfiles.8*
+%{_mandir}/ru/man8/fixfiles.8*
+%{_mandir}/man8/load_policy.8*
+%{_mandir}/ru/man8/load_policy.8*
+%{_mandir}/man8/restorecon.8*
+%{_mandir}/ru/man8/restorecon.8*
+%{_mandir}/man8/restorecon_xattr.8*
+%{_mandir}/man8/semodule.8*
+%{_mandir}/ru/man8/semodule.8*
+%{_mandir}/man8/sestatus.8*
+%{_mandir}/ru/man8/sestatus.8*
+%{_mandir}/man8/setfiles.8*
+%{_mandir}/ru/man8/setfiles.8*
+%{_mandir}/man8/setsebool.8*
+%{_mandir}/ru/man8/setsebool.8*
+%{_mandir}/man1/secon.1*
+%{_mandir}/ru/man1/secon.1*
+%{_mandir}/man8/genhomedircon.8*
+%{_mandir}/man8/semodule_expand.8*
+%{_mandir}/ru/man8/semodule_expand.8*
+%{_mandir}/man8/semodule_link.8*
+%{_mandir}/ru/man8/semodule_link.8*
+%{_mandir}/man8/semodule_unpackage.8*
+%{_mandir}/man8/semodule_package.8*
+%{_mandir}/ru/man8/semodule_package.8*
+%dir %{_datadir}/bash-completion
+%{_datadir}/bash-completion/completions/setsebool
+%{!?_licensedir:%global license %%doc}
+%license policycoreutils-%{version}/COPYING
+%doc %{_usr}/share/doc/%{name}
+
+%package restorecond
+Summary: SELinux restorecond utilities
+BuildRequires: systemd-units
+
+%description restorecond
+The policycoreutils-restorecond package contains the restorecond service.
+
+%files restorecond
+%{_sbindir}/restorecond
+%{_unitdir}/restorecond.service
+%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
+%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
+%{_sysconfdir}/xdg/autostart/restorecond.desktop
+%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
+%{_mandir}/man8/restorecond.8*
+%{_mandir}/ru/man8/restorecond.8*
+%{!?_licensedir:%global license %%doc}
+%license policycoreutils-%{version}/COPYING
+
+%post
+%systemd_post selinux-autorelabel-mark.service
+
+%preun
+%systemd_preun selinux-autorelabel-mark.service
+
+%post restorecond
+%systemd_post restorecond.service
+
+%preun restorecond
+%systemd_preun restorecond.service
+
+%postun restorecond
+%systemd_postun_with_restart restorecond.service
+
+%changelog
+* Fri Dec 14 2018 Petr Lautrbach - 2.8-16.1
+- semanage: move valid_types initialisations to class constructors
+- semanage: import sepolicy only when it's needed
+- sepolicy: Add sepolicy.load_store_policy(store)
+- semanage: Start exporting "ibendport" and "ibpkey" entries
+
+* Wed Dec 5 2018 Petr Lautrbach - 2.8-15
+- chcat: use check_call instead of getstatusoutput
+- semanage: Use standard argparse.error() method
+- semanage: Fix handling of -a/-e/-d/-r options
+
+* Tue Dec 4 2018 Petr Lautrbach - 2.8-14
+- Update translations
+
+* Mon Dec 3 2018 Petr Lautrbach - 2.8-13
+- Use ipaddress module instead of IPy
+
+* Tue Nov 13 2018 Petr Lautrbach - 2.8-12
+- Handle more reserved port types
+- Replace aliases with corresponding type names
+
+* Thu Nov 8 2018 Petr Lautrbach - 2.8-11.1
+- Fix RESOURCE_LEAK coverity scan defects
+
+* Thu Oct 25 2018 Petr Lautrbach - 2.8-10
+- sepolicy: Update to work with setools-4.2.0
+- gui: Make all polgen button labels translatable
+
+* Tue Oct 16 2018 Petr Lautrbach - 2.8-9
+- sepolicy: Fix get_real_type_name to handle query failure properly
+
+* Mon Oct 15 2018 Petr Lautrbach - 2.8-8
+- sepolicy: search() for dontaudit rules as well
+
+* Fri Sep 14 2018 Petr Lautrbach - 2.8-7
+- setfiles: Improve description of -d switch
+- Fix typo in newrole.1 manpage
+- semanage: Stop rejecting aliases in semanage commands
+- sepolicy: Stop rejecting aliases in sepolicy commands
+- sepolicy: Fix "info" to search aliases as well
+- sepolgen: fix refpolicy parsing of "permissive"
+- sepolgen: return NotImplemented instead of raising it
+- semanage: fix Python syntax of catching several exceptions
+- semanage: Replace bare except with specific one
+- semanage: Fix logger class definition
+- semanage: Stop logging loginRecords changes
+- add xperms support to audit2allow
+- sepolgen: fix access vector initialization
+- sepolgen: print all AV rules correctly
+
+* Thu Sep 13 2018 Petr Lautrbach - 2.8-6.1
+- Update translations
+
+* Tue Jul 24 2018 Petr Lautrbach - 2.8-5
+- sandbox: Use matchbox-window-manager instead of openbox (#1568295)
+
+* Thu Jul 19 2018 Petr Lautrbach - 2.8-4
+- selinux-autorelabel: Use plymouth --quit rather then --hide-splash (#1592221)
+- selinux-autorelabel: Increment boot_indeterminate grub environment variable (#1592221)
+- Do not require libcgroup - it's not used anymore
+
+* Tue Jun 26 2018 Petr Lautrbach - 2.8-3
+- Do not use symlinks to enable selinux-autorelabel-mark.service (#1589720)
+
+* Wed Jun 6 2018 Petr Lautrbach - 2.8-2
+- Don't build the Python 2 subpackages (#1567354)
+
+* Fri May 25 2018 Petr Lautrbach - 2.8-1.1
+- SELinux userspace 2.8 release
+
+* Tue May 22 2018 Petr Lautrbach - 2.7-19
+- selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
+- selinux-autorelabel: synchronize cached writes before reboot (#1385272)
+
+* Tue Apr 3 2018 Petr Lautrbach - 2.7-18
+- Move semodule_* utilities to policycoreutils package (#1562549)
+
+* Thu Mar 22 2018 Petr Lautrbach - 2.7-17
+- semanage/seobject.py: Fix undefined store check (#1559174)
+
+* Fri Mar 16 2018 Petr Lautrbach - 2.7-16
+- Build python only subpackages as noarch
+- Move semodule_package to policycoreutils-devel
+
+* Tue Mar 13 2018 Petr Lautrbach - 2.7-15
+- sepolicy: Fix translated strings with parameters
+- sepolicy: Support non-MLS policy
+- sepolicy: Initialize policy.ports as a dict in generate.py
+- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
+- Minor update for bash completion
+- semodule_package: fix semodule_unpackage man page
+- gui/semanagePage: Close "edit" and "add" dialogues when successfull
+- gui/fcontextPage: Set default object class in addDialog\
+- sepolgen: fix typo in PolicyGenerator
+- build: follow standard semantics for DESTDIR and PREFIX
+
+* Mon Feb 26 2018 Petr Lautrbach - 2.7-14
+- Use Fedora RPM build flags (#1548740)
+
+* Tue Feb 20 2018 Petr Lautrbach - 2.7-13
+- Fix mangling of python shebangs
+
+* Mon Feb 19 2018 Miro Hrončok - 2.7-12
+- Rename the python3 subpackage to have prefix, not suffix
+- Use python3 prefixes in requires where possible
+
+* Thu Feb 15 2018 Petr Lautrbach - 2.7-11
+- Rewrite selinux-polgengui to use Gtk3
+- Drop python2 and gnome-python2 from gui Requires
+
+* Fri Feb 09 2018 Fedora Release Engineering - 2.7-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Jan 31 2018 Petr Lautrbach - 2.7-9
+- Require audit-libs-python2
+
+* Thu Jan 18 2018 Igor Gnatenko - 2.7-8
+- Remove obsolete scriptlets
+
+* Wed Dec 20 2017 Petr Lautrbach - 2.7-7
+- semanage: bring semanageRecords.set_reload back to seobject.py (#1527745)
+
+* Wed Dec 13 2017 Petr Lautrbach - 2.7-6
+- semanage: make seobject.py backward compatible
+- Own %%{pythonX_sitelib}/site-packages/sepolicy directories (#1522942)
+
+* Wed Nov 22 2017 Petr Lautrbach - 2.7-5
+- sepolicy: Fix sepolicy manpage
+- semanage: Update Infiniband code to work on python3
+- semanage: Fix export of ibendport entries
+- semanage: Enforce noreload only if it's requested by -N option
+
+* Fri Oct 20 2017 Petr Lautrbach - 2.7-4
+- restorecond: check write() and daemon() results
+- sepolicy: do not fail when file_contexts.local or .subs do not exist
+- sepolicy: remove stray space in section "SEE ALSO"
+- sepolicy: fix misspelling of _ra_content_t suffix
+- gui: port to Python 3 by migrating to PyGI
+- gui: remove the status bar
+- gui: fix parsing of "semodule -lfull" in tab Modules
+- gui: delete overridden definition of usersPage.delete()
+- Enable listing file_contexts.homedirs (#1409813)
+- remove semodule_deps
+
+* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.7-3
+- Also add Provides for the old name without %%_isa
+
+* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.7-2
+- Python 2 binary package renamed to python2-policycoreutils
+ See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
+
+* Mon Aug 07 2017 Petr Lautrbach - 2.7-1
+- Update to upstream release 2017-08-04
+- Move DBUS API from -gui to -dbus package
+
+* Thu Aug 03 2017 Fedora Release Engineering - 2.6-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Sun Jul 30 2017 Florian Weimer - 2.6-8
+- Rebuild with binutils fix for ppc64le (#1475636)
+
+* Fri Jul 28 2017 Petr Lautrbach - 2.6-7
+- Make 'sepolicy manpage' and 'sepolicy transition' faster
+- open_init_pty: restore stdin/stdout to blocking upon exit
+- fixfiles: do not dereference link files in tmp
+- fixfiles: use a consistent order for options to restorecon
+- fixfiles: don't ignore `-F` when run in `-C` mode
+- fixfiles: remove bad modes of "relabel" command
+- fixfiles: refactor into the `set -u` dialect
+- fixfiles: if restorecon aborts, we should too
+- fixfiles: usage errors are fatal
+- fixfiles: syntax error
+- fixfiles: remove two unused variables
+- fixfiles: tidy up usage(), manpage synopsis
+- fixfiles: deprecate -l option
+- fixfiles: move logit call outside of redirected function
+- fixfiles: fix logging about R/O filesystems
+- fixfiles: clarify exclude_dirs()
+- fixfiles: remove (broken) redundant code
+
+
+* Thu Jul 27 2017 Fedora Release Engineering - 2.6-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Thu Apr 06 2017 Petr Lautrbach - 2.6-5
+- semanage: Unify argument handling (#1398987)
+- setfiles: set up a logging callback for libselinux
+- setfiles: Fix setfiles progress indicator
+- setfiles: stdout messages don't need program prefix
+- setfiles: don't scramble stdout and stderr together (#1435894)
+- restorecond: Decrease loglevel of termination message (#1264505)
+- fixfiles should handle path arguments more robustly
+- fixfiles: handle unexpected spaces in command
+- fixfiles: remove useless use of cat (#1435894)
+- semanage: Add checks if a module name is passed in (#1420707)
+- semanage: fix export of fcontext socket entries (#1435127)
+- selinux-autorelabel: remove incorrect redirection to /dev/null (#1415674)
+
+* Fri Mar 17 2017 Petr Lautrbach - 2.6-4
+- Fix selinux-polgengui (#1432337)
+- sepolicy - fix obtaining domain name in HTMLManPages
+
+* Tue Feb 28 2017 Petr Lautrbach - 2.6-3
+- Fix several issues in gui and 'sepolicy manpage' (#1416372)
+
+* Thu Feb 23 2017 Petr Lautrbach - 2.6-2
+- Use %%{__python3} instead of python3
+
+* Mon Feb 20 2017 Petr Lautrbach - 2.6-1.1
+- Fix pp crash when processing base module (#1417200)
+- Update to upstream release 2016-10-14
+
+* Wed Feb 15 2017 Igor Gnatenko - 2.5-22
+- Rebuild for brp-python-bytecompile
+
+* Sat Feb 11 2017 Fedora Release Engineering - 2.5-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Dec 21 2016 Kevin Fenzi - 2.5-20
+- Rebuild for python 3.6
+
+* Thu Dec 01 2016 Petr Lautrbach - 2.5-19
+- seobject: Handle python error returns correctly
+- policycoreutils/sepolicy/gui: fix current selinux state radiobutton
+- policycoreutils: semodule_package: do not fail with an empty fc file
+
+* Tue Nov 22 2016 Petr Lautrbach - 2.5-18
+- Update translations
+- Fix fcontextPage editing features (#1344842)
+
+* Mon Oct 03 2016 Petr Lautrbach 2.5-17
+- sandbox: Use dbus-run-session instead of dbus-launch when available
+- hll/pp: Change warning for module name not matching filename to match new behavior
+- Remove LDFLAGS from CFLAGS
+- sandbox: create a new session for sandboxed processes
+- sandbox: do not try to setup directories without -X or -M
+- sandbox: do not run xmodmap in a new X session
+- sandbox: Use GObject introspection binding instead of pygtk2
+- sandbox: fix file labels on copied files
+- sandbox: tests - close stdout of p
+- sandbox: tests - use sandbox from cwd
+- audit2allow: tests should use local copy not system
+- audit2allow: fix audit2why import from seobject
+- audit2allow: remove audit2why so that it gets symlinked
+- semanage: fix man page and help message for import option
+- semanage: fix error message for fcontext -m
+- semanage: Fix semanage fcontext -D
+- semanage: Correct fcontext auditing
+- semanage: Default serange to "s0" for port modify
+- semanage: Use socket.getprotobyname for protocol
+- semanage: fix modify action in node and interface
+- fixfiles: Pass -n to restorecon for fixfiles check
+- sepolicy: Check get_rpm_nvr_list() return value
+- Don't use subprocess.getstatusoutput() in Python 2 code
+- semanage: Add auditing of changes in records
+- Remove unused 'q' from semodule getopt string
+
+* Mon Aug 01 2016 Petr Lautrbach 2.5-16
+- Remove unused autoconf files from po/
+- Remove duplicate, empty translation files
+- Rebuilt with libsepol-2.5-9, libselinux-2.5-11, libsemanage-2.5-7
+
+* Thu Jul 21 2016 Petr Lautrbach 2.5-15
+- Fix sandbox -X issue related to python3 (#1358138)
+
+* Wed Jul 20 2016 Richard W.M. Jones - 2.5-14
+- Use generator approach to fix autorelabel
+
+* Tue Jul 19 2016 Fedora Release Engineering - 2.5-13
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Thu Jul 14 2016 Petr Lautrbach - 2.5-12
+- open_init_pty: Do not error on EINTR
+- Fix [-s STORE] typos in semanage
+- Update sandbox types in sandbox manual
+- Update translations
+
+* Mon Jun 27 2016 Petr Lautrbach - 2.5-11
+- Convert sandbox to gtk-3 using pygi-convert.sh (#1343166)
+
+* Thu Jun 23 2016 Petr Lautrbach - 2.5-10
+- Fix typos in semanage manpages
+- Fix the documentation of -l,--list for semodule
+- Minor fix in a French translation
+- Fix the extract example in semodule.8
+- Update sandbox.8 man page
+- Remove typos from chcat --help
+- sepolgen: Remove additional files when cleaning
+
+* Wed May 11 2016 Petr Lautrbach - 2.5-9
+- Fix multiple spelling errors
+- Rebuild with libsepol-2.5-6
+
+* Mon May 02 2016 Petr Lautrbach - 2.5-8
+- Rebuilt with libsepol-2.5-5
+
+* Fri Apr 29 2016 Petr Lautrbach - 2.5-7
+- hll/pp: Warn if module name different than output filename
+
+* Mon Apr 25 2016 Petr Lautrbach - 2.5-6
+- Ship selinux-autorelabel utility and systemd unit files (#1328825)
+
+* Fri Apr 08 2016 Petr Lautrbach - 2.5-5
+- sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files (#1319338)
+
+* Fri Mar 18 2016 Petr Lautrbach - 2.5-4
+- Add documentation for MCS separated domains
+- Move svirt man page out of libvirt into its own
+
+* Thu Mar 17 2016 Petr Lautrbach - 2.5-3
+- policycoreutils: use python3 in chcat(#1318408)
+
+* Sat Mar 05 2016 Petr Lautrbach 2.5-2
+- policycoreutils/sepolicy: selinux_server.py to use GLib instead of gobject
+- policycoreutils-gui requires python-slip-dbus (#1314685)
+
+* Tue Feb 23 2016 Petr Lautrbach 2.5-1
+- Update to upstream release 2016-02-23
+
+* Thu Feb 04 2016 Fedora Release Engineering - 2.4-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Dec 14 2015 Petr Lautrbach - 2.4-20
+- Fix 'semanage permissive -l' subcommand (#1286325)
+- Several 'sepolicy gui' fixes (#1281309,#1281309,#1282382)
+
+* Tue Nov 17 2015 Petr Lautrbach 2.4-19
+- Require at least one argument for 'semanage permissive -d' (#1255676)
+
+* Mon Nov 16 2015 Petr Lautrbach 2.4-18
+- Improve sepolicy command line interface
+- Fix sandbox to propagate specified MCS/MLS Security Level. (#1279006)
+- Fix 'audit2allow -R' (#1280418)
+
+* Thu Nov 12 2015 Fedora Release Engineering - 2.4-17
+- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
+
+* Mon Nov 09 2015 Petr Lautrbach 2.4-16
+- policycoreutils-gui needs policycoreutils-python (#1279046)
+
+* Wed Nov 04 2015 Robert Kuska - 2.4-15
+- Rebuilt for Python3.5 rebuild
+
+* Thu Oct 08 2015 Petr Lautrbach 2.4-14
+- Revert the attempt to port -gui to GTK 3 (#1269328, #1266059)
+
+* Fri Oct 02 2015 Petr Lautrbach 2.4-13
+- newrole: Set keepcaps around setresuid calls
+- newrole: Open stdin as read/write
+
+* Fri Sep 04 2015 Petr Lautrbach 2.4-12
+- Fix several semanage issue (#1247714)
+- Decode output from subprocess, if error occurred (#1247039)
+
+* Wed Sep 02 2015 Petr Lautrbach 2.4-11
+- audit2allow, audit2why - ignore setlocale errors (#1208529)
+
+* Fri Aug 21 2015 Petr Lautrbach 2.4-10
+- Port sandbox to GTK 3 and fix issue with Xephyr
+
+* Thu Aug 13 2015 Petr Lautrbach 2.4-9
+- Fix another python3 issues mainly in sepolicy (#1247039,#1247575,#1251713)
+
+* Thu Aug 06 2015 Petr Lautrbach 2.4-8
+- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)
+
+* Mon Jul 27 2015 Petr Lautrbach 2.4-7
+- policycoreutils-python3 depends on python-IPy-python3
+
+* Mon Jul 27 2015 Petr Lautrbach 2.4-6
+- policycoreutils-devel depends on policycoreutils-python-utils (#1246818)
+
+* Fri Jul 24 2015 Petr Lautrbach 2.4-5
+- Move python utilities from -python to -python-utilities
+- All scripts originally from policycoreutils-python use python 3 now
+
+* Fri Jul 24 2015 Petr Lautrbach 2.4-4
+- policycoreutils: semanage: fix moduleRecords deleteall method
+
+* Thu Jul 23 2015 Petr Lautrbach 2.4-3
+- Improve compatibility with python 3
+- Add sepolgen module to python3 package
+
+* Tue Jul 21 2015 Petr Lautrbach 2.4-2
+- Add Python3 support for sepolgen module (#1125208,#1125209)
+
+* Tue Jul 21 2015 Petr Lautrbach 2.4-1.1
+- Update to 2.4 release
+
+* Wed Jul 15 2015 Petr Lautrbach 2.4-0.7
+- Fix typo in semanage args for minimum policy store
+
+* Fri Jul 03 2015 Petr Lautrbach 2.4-0.6
+- policycoreutils: semanage: update to new source policy infrastructure
+- semanage: move permissive module creation to /tmp
+
+* Thu Jun 18 2015 Fedora Release Engineering - 2.3-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Wed May 06 2015 Petr Lautrbach 2.3-17
+- setfiles/restorecon: fix -r/-R option (#1211721)
+
+* Mon Apr 13 2015 Petr Lautrbach 2.4-0.4
+- Update to upstream 2.4
+
+* Tue Feb 24 2015 Petr Lautrbach 2.3-16
+- Temporary removed Requires:audit-libs-python from policycoreutils-python3 subpackage (#1195139)
+- Simplication of sepolicy-manpage web functionality (#1193552)
+
+* Mon Feb 02 2015 Petr Lautrbach 2.3-15
+- We need to cover file_context.XXX.homedir to have fixfiles with exclude_dirs working correctly
+- Use dnf instead of yum (#1156547)
+
+* Tue Nov 18 2014 Dan Walsh - 2.3-14
+- Audit2allow will check for mislabeled files, and tells user to fix the label.
+- Also checks for basefiles and suggests creating a different label.
+- Patch from Ryan Hallisey
+
+* Wed Nov 5 2014 Miroslav Grepl - 2.3-13
+- Switch back to yum. Need additional fixes to make it working correctly.
+
+* Wed Nov 5 2014 Miroslav Grepl - 2.3-12
+- Switch over to dnf from yum
+
+* Tue Sep 23 2014 Miroslav Grepl - 2.3-11
+- Improvements to audit2allow from rhallise@redhat.com
+ * Check for mislabeled files.
+ * Check for base file use and
+ * Suggest writable files as alternatives
+
+* Sun Aug 17 2014 Fedora Release Engineering - 2.3-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Mon Aug 4 2014 Dan Walsh - 2.3-9
+- Remove build requires for openbox, not needed
+
+* Thu Jul 31 2014 Tom Callaway - 2.3-8
+- fix license handling
+
+* Wed Jul 23 2014 Miroslav Grepl - 2.3-7
+- Examples are no longer in the main semanage man page (#1084390)
+- Add support for Fedora22 man pages. We need to fix it to not using hardcoding.
+- Print usage for all mutually exclusive options.
+- Fix selinux man page to refer seinfo and sesearch tools.
+
+* Sat Jun 07 2014 Fedora Release Engineering - 2.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed May 28 2014 Kalev Lember - 2.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
+
+* Tue May 20 2014 Miroslav Grepl - 2.3-4
+- Fix setfiles to work correctly if -r option is defined
+
+* Fri May 16 2014 Dan Walsh - 2.3-3
+- Update Miroslav Grepl Patches
+ * If there is no executable we don't want to print a part of STANDARD FILE CON
+ * Add-manpages-for-typealiased-types
+ * Make fixfiles_exclude_dirs working if there is a substituion for the given d
+
+* Mon May 12 2014 Miroslav Grepl - 2.3-2
+- If there is no executable we don't want to print a part of STANDARD FILE CONTEXT
+
+* Tue May 6 2014 Dan Walsh - 2.3-1
+- Update to upstream
+ * Add -P semodule option to man page from Dan Walsh.
+ * selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
+ * Add new icons for sepolicy gui from Dan Walsh.
+ * Only return writeable files that are enabled from Dan Walsh.
+ * Add domain to short list of domains, when -t and -d from Dan Walsh.
+ * Fix up desktop files to match current standards from Dan Walsh.
+ * Add support to return sensitivities and categories for python from Dan Walsh.
+ * Cleanup whitespace from Dan Walsh.
+ * Add message to tell user to install sandbox policy from Dan Walsh.
+ * Add systemd unit file for mcstrans from Laurent Bigonville.
+ * Improve restorecond systemd unit file from Laurent Bigonville.
+ * Minor man pages improvements from Laurent Bigonville.
+
+* Tue May 6 2014 Miroslav Grepl - 2.2.5-15
+- Apply patch to use setcon in seunshare from luto@mit.edu
+
+* Wed Apr 30 2014 Dan Walsh - 2.2.5-14
+- Remove requirement for systemd-units
+
+* Fri Apr 25 2014 Miroslav Grepl - 2.2.5-13
+- Fix previous Fix-STANDARD_FILE_CONTEXT patch to exclude if non_exec does not exist
+
+* Thu Apr 24 2014 Miroslav Grepl - 2.2.5-12
+- Add policycoreutils-rhat-revert.patch to revert the last two commits to make build working
+- Add 0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages patch
+
+* Tue Apr 1 2014 Dan Walsh - 2.2.5-11
+- Update Translations
+
+* Thu Mar 27 2014 Miroslav Grepl - 2.2.5-10
+- Add support for Fedora21 html manpage structure
+- Fix broken dependencies to require only usermode-gtk
+
+* Wed Mar 26 2014 Dan Walsh - 2.2.5-9
+- mgrepl [PATCH] Deleteall user customization fails if there is a user used
+- for the default login. We do not want to fail on it and continue to delete
+- customizations for users which are not used for default login.
+
+* Mon Mar 24 2014 Dan Walsh - 2.2.5-8
+- Update Translations
+- Make selinux-policy build working also on another architectures related to s
+- Miroslav grepl patch to fix the creation of man pages on different architectures.
+- Add ability to list the actual active modules
+- Fix spelling mistake on sesearch in generate man pages.
+
+* Fri Feb 14 2014 Dan Walsh - 2.2.5-7
+- Allow manpages to be built on aarch64
+
+* Fri Feb 14 2014 Dan Walsh - 2.2.5-6
+- Don't be verbose in fixfiles if there is not tty
+
+* Thu Feb 13 2014 Dan Walsh - 2.2.5-5
+- Yum should only be required for policycoreutils-devel
+
+* Tue Jan 21 2014 Dan Walsh - 2.2.5-4
+- Update translations
+
+* Thu Jan 16 2014 Dan Walsh - 2.2.5-3
+- Add Miroslav patch to
+- Fix previously_modified_initialize() to show modified changes properly for all selections
+
+* Wed Jan 8 2014 Dan Walsh - 2.2.5-2
+- Do not require /usr/share/selinux/devel/Makefile to build permissive domains
+
+* Mon Jan 6 2014 Dan Walsh - 2.2.5-1
+- Update to upstream
+ * Ignore selevel/serange if MLS is disabled from Sven Vermeulen.
+
+* Fri Jan 3 2014 Dan Walsh - 2.2.4-8
+- Update Tranlations
+- Patch from Yuri Chornoivan to fix typos
+
+* Fri Jan 3 2014 Dan Walsh - 2.2.4-7
+- Fixes Customized booleans causing a crash of the sepolicy gui
+
+* Fri Dec 20 2013 Dan Walsh - 2.2.4-6
+- Fix sepolicy gui selection for advanced screen
+- Update Translations
+- Move requires checkpolicy requirement into policycoreutils-python
+
+* Mon Dec 16 2013 Dan Walsh - 2.2.4-5
+- Fix semanage man page description of import command
+- Fix policy kit file to allow changing to permissive mode
+
+* Mon Dec 16 2013 Dan Walsh - 2.2.4-4
+- Fix broken dependencies.
+
+* Fri Dec 13 2013 Dan Walsh - 2.2.4-3
+- Break out python3 code into separate package
+
+* Fri Dec 6 2013 Dan Walsh - 2.2.4-2
+- Add mgrepl patch
+- ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin
+
+* Tue Dec 3 2013 Dan Walsh - 2.2.4-1
+- Update to upstream
+ * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
+- Add patches for sepolicy gui from mgrepl to
+ Fix advanced_item_button_push() to allow to select an application in advanced search menu
+ Fix previously_modified_initialize() to show modified changes properly for all selections
+
+
+* Fri Nov 22 2013 Dan Walsh - 2.2.3-1
+- Update to upstream
+ * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
+ * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
+- Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate
+
+* Wed Nov 20 2013 Dan Walsh - 2.2.2-2
+- Fix selinux-polgengui, get_all_modules call
+
+* Fri Nov 15 2013 Dan Walsh - 2.2.2-1
+- Speed up startup time of sepolicy gui
+- Clean up ports screen to only show enabled ports.
+- Update to upstream
+ * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
+ * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
+ * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
+
+* Thu Oct 31 2013 Dan Walsh - 2.2-2
+- Shift around some of the files to more appropriate packages.
+ * semodule_* packages are required for devel.
+* Thu Oct 31 2013 Dan Walsh - 2.2-1
+- Update to upstream
+ * Properly build the swig exception file from Laurent Bigonville.
+ * Fix man pages from Laurent Bigonville.
+ * Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
+ * Fix LDFLAGS usage from Laurent Bigonville.
+ * Fix init_policy warning from Laurent Bigonville.
+ * Fix semanage logging from Laurent Bigonville.
+ * Open newrole stdin as read/write from Sven Vermeulen.
+ * Fix sepolicy transition from Sven Vermeulen.
+ * Support overriding CFLAGS from Simon Ruderich.
+ * Create correct man directory for run_init from Russell Coker.
+ * restorecon GLOB_BRACE change from Michal Trunecka.
+ * Extend audit2why to report additional constraint information.
+ * Catch IOError errors within audit2allow from Dan Walsh.
+ * semanage export/import fixes from Dan Walsh.
+ * Improve setfiles progress reporting from Dan Walsh.
+ * Document setfiles -o option in usage from Dan Walsh.
+ * Change setfiles to always return -1 on failure from Dan Walsh.
+ * Improve setsebool error r eporting from Dan Walsh.
+ * Major overhaul of gui from Dan Walsh.
+ * Fix sepolicy handling of non-MLS policy from Dan Walsh.
+ * Support returning type aliases from Dan Walsh.
+ * Add sepolicy tests from Dan Walsh.
+ * Add org.selinux.config.policy from Dan Walsh.
+ * Improve range and user input checking by semanage from Dan Walsh.
+ * Prevent source or target arguments that end with / for substitutions from Dan Walsh.
+ * Allow use of <> for semanage fcontext from Dan Walsh.
+ * Report customized user levels from Dan Walsh.
+ * Support deleteall for restoring disabled modules from Dan Walsh.
+ * Improve semanage error reporting from Dan Walsh.
+ * Only list disabled modules for module locallist from Dan Walsh.
+ * Fix logging from Dan Walsh.
+ * Define new constants for file type character codes from Dan Walsh.
+ * Improve bash completions from Dan Walsh.
+ * Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
+ * Add semanage tests from Dan Walsh.
+ * Split semanage man pages from Dan Walsh.
+ * Move bash completion scripts from Dan Walsh.
+ * Replace genhomedircon script with a link to semodule from Dan Walsh.
+ * Fix fixfiles from Dan Walsh.
+ * Add support for systemd service for restorecon from Dan Walsh.
+ * Spelling corrections from Dan Walsh.
+ * Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
+ * Switch sandbox to openbox window manager from Dan Walsh.
+ * Coalesce audit2why and audit2allow from Dan Walsh.
+ * Change audit2allow to append to output file from Dan Walsh.
+ * Update translations from Dan Walsh.
+ * Change audit2why to use selinux_current_policy_path from Dan Walsh.
+
+* Fri Oct 25 2013 Dan Walsh - 2.1.14-89
+- Fix handling of man pages.
+
+* Wed Oct 16 2013 Dan Walsh - 2.1.14-88
+- Cleanup errors found by pychecker
+- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
+
+* Fri Oct 11 2013 Dan Walsh - 2.1.14-87
+- sepolicy gui
+ - mgrepl fixes for users and login
+- Update Translations.
+
+* Fri Oct 11 2013 Dan Walsh - 2.1.14-86
+- sepolicy gui
+ - mgrepl added delete screens for users and login
+ - Fix lots of bugs.
+- Update Translations.
+
+
+* Fri Oct 4 2013 Dan Walsh - 2.1.14-85
+- Fixes for fixfiles
+ * exclude_from_dirs should apply to all types of restorecon calls
+ * fixfiles check now works
+ * exit with the correct status
+
+- semanage no longer import selinux
+
+* Wed Oct 2 2013 Dan Walsh - 2.1.14-84
+- Fixes for sepolicy gui
+- Fix setsebool to return 0 on success
+- Update Po
+
+* Mon Sep 30 2013 Dan Walsh - 2.1.14-83
+- Fix sizes of help screens in sepolicy gui
+
+* Sat Sep 28 2013 Dan Walsh - 2.1.14-82
+- Improvements to sepolicy gui
+ - Add more help information
+ - Cleanup code
+ - Add deny_ptrace on lockdown screen
+ - Make unconfined/permissivedomains lockdown work
+ - Add more support for file equivalency
+
+* Wed Sep 18 2013 Dan Walsh - 2.1.14-81
+- Add back in the help png files
+- Begin Adding support for file equivalency.
+
+* Wed Sep 4 2013 Dan Walsh - 2.1.14-80
+- Random fixes for sepolicy gui
+ * Do not prompt for password until you make a change
+ * Add user mappings and selinux users page
+ * lots of code cleanup
+
+- Verify homedir is owned by user before mounting over it with seunshare
+- Fix fixfiles to handle Relabel properly
+- Fix semanage fcontext -e / command to allow "/"
+
+* Wed Sep 4 2013 Dan Walsh - 2.1.14-79
+- Add Miroslav Grepl setsebool patch to give better error message on bad boolean names
+- Additional help screens for sepolicy gui
+
+* Tue Sep 3 2013 Dan Walsh - 2.1.14-78
+- Random fixes for sepolicy gui
+- Update Translations
+
+* Fri Aug 30 2013 Dan Walsh - 2.1.14-77
+- Add help screens for each page
+- Fixes for system page
+
+* Mon Aug 26 2013 Dan Walsh - 2.1.14-76
+- Add Miroslav Grepl Patch to handle semanage -i and semanage -o better
+- Update Translations
+
+* Thu Aug 15 2013 Dan Walsh - 2.1.14-75
+- Update sepolicy gui code, cleanups and add file transition tab
+- Fix semanage fcontext -a --ftype code to work.
+
+* Wed Aug 7 2013 Dan Walsh - 2.1.14-74
+- If policy is not installed get_bools should not crash
+
+* Wed Aug 7 2013 Dan Walsh - 2.1.14-73
+- Fix doc versioning
+
+* Tue Aug 6 2013 Dan Walsh - 2.1.14-72
+- Update sepolicy gui code, cleanups and add file transition tab
+- Fix semanage argparse problems
+
+* Fri Aug 2 2013 Dan Walsh - 2.1.14-71
+- Update sepolicy gui code, adding dbus calls
+- Update Translations
+
+* Fri Jul 26 2013 Dan Walsh - 2.1.14-70
+- Fix semanage argparse bugs
+- Update Translations
+- Add test suite for semanage command lines
+
+* Wed Jul 24 2013 Dan Walsh - 2.1.14-69
+- Fix semanage argparse bugs
+
+* Tue Jul 23 2013 Dan Walsh - 2.1.14-68
+- Fix bugs introduced by previous patch. semanage port
+- Update Translations
+- Add test suite for sepolicy command lines
+
+* Fri Jul 19 2013 Dan Walsh - 2.1.14-67
+- Fix bugs introduced by previous patch. semanage port
+- Update Translations
+
+* Wed Jul 17 2013 Dan Walsh - 2.1.14-66
+- Rewrite argparse code in semanage and fix reload problem.
+
+* Tue Jul 16 2013 Dan Walsh - 2.1.14-65
+- Do not generate shell script or spec file for sepolicy generate --newtype
+- Update translations
+- Fix sepolicy generate --admin_user man page again
+- Fix setsebool to print less verbose error messages by default, add -V for ve
+
+* Mon Jul 15 2013 Dan Walsh - 2.1.14-64
+- Move audit2allow and audit2why back into -python package
+
+* Wed Jul 10 2013 Dan Walsh - 2.1.14-63
+- Update sepolicy gui.
+- Error out of you call sepolicy gui without policycoreutils-gui package installed
+- Fix semanage login -d command
+- Update Translations
+
+* Wed Jul 10 2013 Dan Walsh - 2.1.14-62
+- Update sepolicy gui.
+
+* Fri Jul 5 2013 Dan Walsh - 2.1.14-61
+- Add Ryan Hallisey sepolicy gui.
+- Update Translations
+
+* Mon Jun 24 2013 Dan Walsh - 2.1.14-60
+- Fix semanage module error handling
+
+* Sun Jun 23 2013 Dan Walsh - 2.1.14-59
+- Add back default exception handling for errors, which argparse rewrite removed.
+
+* Fri Jun 21 2013 Dan Walsh - 2.1.14-58
+- Fix generation of booleans in man pages
+
+* Fri Jun 21 2013 Dan Walsh - 2.1.14-57
+- Remove requires for systemd-sysv
+- Move systemd-units require to restorecond section
+- Update Tranlasions
+- More sepolicy interfaces for gui
+- Cleanup man pages for sepolicy generate
+
+* Wed Jun 19 2013 Dan Walsh - 2.1.14-56
+- Fix semanage export/import commands
+- Fix semange module command
+- Remove --version option from sandbox
+
+* Tue Jun 18 2013 Dan Walsh - 2.1.14-55
+- Add man page doc for --role and bash complestion support for sepolicy --role
+
+* Tue Jun 18 2013 Dan Walsh - 2.1.14-54
+- Make fcdict return a dictionary of dictionaries
+- Fix for sepolicy manpage
+
+* Mon Jun 17 2013 Dan Walsh - 2.1.14-53
+- Add new man pages for each semanage subsection
+
+* Mon Jun 17 2013 Dan Walsh - 2.1.14-52
+- Fix handling of sepolicy network sorting.
+- Additional interfaces needed for sepolicy gui
+
+* Thu Jun 6 2013 Dan Walsh - 2.1.14-51
+- Fix handling of semanage args
+
+* Thu Jun 6 2013 Dan Walsh - 2.1.14-50
+- Fix sepolicy generate --confined_admin to generate tunables
+- Add new interface to generate entrypoints for use with new gui
+
+* Wed Jun 5 2013 Dan Walsh - 2.1.14-49
+- Fix handing of semanage with no args
+
+* Tue Jun 4 2013 Dan Walsh - 2.1.14-48
+- Fix audit2allow -o to open file for append
+- Fix the name of the spec file generated in the build script
+
+* Fri May 31 2013 Dan Walsh - 2.1.14-47
+- Fix mgrepl patch to support all semanage command parsing
+
+* Sun May 26 2013 Dan Walsh - 2.1.14-46
+- Fix the name of the spec file generated in the build script
+- Add mgrepl patch to support argparse for semanage command parsing
+
+* Tue May 21 2013 Dan Walsh - 2.1.14-45
+- Fix sandbox to always use sandbox_file_t, so generated policy will work.
+- Update Translations
+
+* Thu May 16 2013 Dan Walsh - 2.1.14-44
+- Fix sepolicy-generate man page to clear up options/policy type
+- Add Miroslav Grepl to not generate man page when doing
+ sepolicy generate --customize
+- Add support for executing semanage user within spec file
+- Fix generation of confined admin domains, to handle booleans properly.
+
+* Tue May 14 2013 Dan Walsh - 2.1.14-43
+- Need to handle gziped policy.xml as well as not compressed.
+
+* Tue May 14 2013 Dan Walsh - 2.1.14-42
+- Add support for Xephyr -resizable, so sandbox can now resize window
+- Add support for compressed policy.xml
+- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
+- Also add capability to test interfaces for correctness.
+
+* Mon May 13 2013 Dan Walsh - 2.1.14-41
+- Apply patches from Sven Vermeulen for sepolgen to fix typos.
+
+* Mon May 13 2013 Dan Walsh - 2.1.14-40
+- Only require selinux-policy-devel for policycoreutils-devel, this will shrink the size of the livecd.
+
+* Sun May 12 2013 Dan Walsh - 2.1.14-39
+- Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed, first time
+- Add Sven Vermeulen patches to cleanup man pages
+
+* Fri May 10 2013 Dan Walsh - 2.1.14-38
+- No longer run sepolgen-ifgen at install time.
+- Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed.
+- Update Translations
+
+* Mon Apr 22 2013 Dan Walsh - 2.1.14-37
+- Fix exceptionion hanling in audit2allow -o
+- Generate Man pages for everydomain, not just ones with exec_t entrypoints
+- sepolicy comunicate should return ValueError not TypeError
+- Trim header line in sepolicy manpage to use less space
+- Add missing options to restorecon man page
+
+* Thu Apr 11 2013 Dan Walsh - 2.1.14-36
+- Raise proper Exception on sepolicy communicate with invalid value
+
+* Wed Apr 10 2013 Dan Walsh - 2.1.14-35
+- Update translations
+- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
+
+* Tue Apr 9 2013 Dan Walsh - 2.1.14-34
+- Update translations
+- Add patch inspired by Miroslav Grepl to add extended information for sepolicy interface command.
+
+* Mon Apr 8 2013 Dan Walsh - 2.1.14-33
+- Update translations
+- Add missing man pages and fixup existing man pages
+
+* Wed Apr 3 2013 Dan Walsh - 2.1.14-32
+- Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel
+- Apply Miroslav Grepl Patches for sepolicy
+-- Fix generate mutually groups option handling
+-- EUSER is used for existing policy
+-- customize options can be used together with admin_domain option
+-- Fix manpage.py to generate correct man pages for SELinux users
+-- Fix policy *.te file generated by customize+writepaths options
+-- Fix install script for confined_admin option
+
+* Mon Apr 1 2013 Dan Walsh - 2.1.14-31
+- Add post install scripts for gui to make sure Icon Cache is refreshed.
+- Fix grammar issue in secon man page
+- Update Translations
+
+* Thu Mar 28 2013 Dan Walsh - 2.1.14-30
+- Add buildrequires for OpenBox to prevent me from accidently building into RHEL7
+- Add support for returning alias data to sepolicy.info python bindings
+
+* Wed Mar 27 2013 Dan Walsh - 2.1.14-28
+- Fix audit2allow output to better align analysys with the allow rules
+- Apply Miroslav Grepl patch to clean up sepolicy generate usage
+- Apply Miroslav Grepl patch to fixupt handing of admin_user generation
+- Update Tranlslations
+
+* Wed Mar 27 2013 Dan Walsh - 2.1.14-27
+- Allow semanage fcontext -a -t "<>" ... to work
+
+* Mon Mar 25 2013 Dan Walsh - 2.1.14-26
+- Can not unshare IPC in sandbox, since it blows up Xephyr
+- Remove bogus error message sandbox about reseting setfsuid
+
+* Thu Mar 21 2013 Dan Walsh - 2.1.14-25
+- Fix sepolicy generate --customize to generate policy with -w commands
+
+* Thu Mar 21 2013 Dan Walsh - 2.1.14-24
+- sepolgen-ifgen needs to handle filename transition rules containing ":"
+
+* Tue Mar 19 2013 Dan Walsh - 2.1.14-23
+- sepolicy manpage:
+- use nroff instead of man2html
+- Remove checking for name of person who created the man page
+- audit2allow
+- Fix output to show the level that is different.
+
+* Thu Mar 14 2013 Dan Walsh - 2.1.14-22
+- Fix newrole to not drop capabilities from the bounding set.
+- Stop dropping capabilities from its children.
+- Add better error messages.
+- Change location of bash_completion files to /usr/share/bash-completion/compl
+
+* Mon Mar 11 2013 Dan Walsh - 2.1.14-21
+- sepolicy generate should look for booleans that effect equivalence names, and add them to the man page
+
+* Thu Mar 7 2013 Dan Walsh - 2.1.14-20
+- Mention creation of permissive domains in sepolicy generate man page
+- Change sepolicy manpage to use shortname with an "_" to stop accidently grabbing unrelated types for a domain.
+- Fix audit2allow to show better information on constraint violations.
+
+* Wed Mar 6 2013 Dan Walsh - 2.1.14-19
+- Have restorecon exit -1 on errors for consistancy.
+
+* Tue Mar 5 2013 Dan Walsh - 2.1.14-18
+- Need to provide a value to semanage boolean -m
+
+* Mon Mar 4 2013 Dan Walsh - 2.1.14-17
+- Fix cut and paste errors for sepolicy network command
+
+* Fri Mar 1 2013 Dan Walsh - 2.1.14-16
+- Fix sepoicy interface to work properly
+
+* Thu Feb 28 2013 Dan Walsh - 2.1.14-15
+- Fix fixfiles to use exclude_dirs on fixfiles restore
+
+* Thu Feb 28 2013 Dan Walsh - 2.1.14-14
+- Allow users with symlinked homedirs to work. call realpath on homedir
+- Fix sepolicy reorganization of helper functions.
+
+* Sun Feb 24 2013 Dan Walsh - 2.1.14-13
+- Update trans
+- Fix sepolicy reorganization of helper functions.
+
+* Sun Feb 24 2013 Rahul Sundaram - 2.1.14-13
+- remove vendor tag from desktop file. https://fedorahosted.org/fpc/ticket/247
+- clean up spec to follow current guidelines
+
+* Fri Feb 22 2013 Dan Walsh - 2.1.14-12
+- Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package
+
+* Fri Feb 22 2013 Dan Walsh - 2.1.14-11
+- sepolgen-ifgen should use the current policy path if selinux is enabled
+
+* Fri Feb 22 2013 Dan Walsh - 2.1.14-10
+- Fix sepolicy to be able to work on an SELinux disabled system.
+- Needed to be able to build man pages in selinux-policy package
+
+* Thu Feb 21 2013 Dan Walsh - 2.1.14-9
+- Add yum to requires of policycoreutils-python since sepolicy requires it.
+
+* Thu Feb 21 2013 Dan Walsh - 2.1.14-8
+- Sepolixy should not throw an exception on an SELinux disabled machine
+- Switch from using console app to using pkexec, so we will work better
+with policykit.
+- Add missing import to fix system-config-selinux startup
+- Add comment to pamd files about pam_rootok.so
+- Fix sepolicy generate to not comment out the first line
+
+* Wed Feb 20 2013 Dan Walsh - 2.1.14-7
+- Add --root/-r flag to sepolicy manpage,
+- This allows us to generate man pages on the fly in the selinux-policy build
+
+* Mon Feb 18 2013 Dan Walsh - 2.1.14-6
+- Fix newrole to retain cap_audit_write when compiled with namespace, also
+do not drop capabilities when run as root.
+
+* Thu Feb 14 2013 Dan Walsh - 2.1.14-5
+- Fix man page generation and public_content description
+
+* Thu Feb 14 2013 Dan Walsh - 2.1.14-4
+- Revert some changes which are causing the wrong policy version file to be created
+- Switch sandbox to start using openbox rather then matchbox
+- Make sepolgen a symlink to sepolicy
+- update translations
+
+* Wed Feb 13 2013 Dan Walsh - 2.1.14-3
+- Fix empty system-config-selinux.png, again
+
+* Tue Feb 12 2013 Dan Walsh - 2.1.14-2
+- Fix empty system-config-selinux.png
+
+* Thu Feb 7 2013 Dan Walsh - 2.1.14-1
+- Update to upstream
+ * setfiles: estimate percent progress
+ * load_policy: make link at the destination directory
+ * Rebuild polgen.glade with glade-3
+ * sepolicy: new command to unite small utilities
+ * sepolicy: Update Makefiles and po files
+ * sandbox: use sepolicy to look for sandbox_t
+ * gui: switch to use sepolicy
+ * gui: sepolgen: use sepolicy to generate
+ * semanage: use sepolicy for boolean dictionary
+ * add po file configuration information
+ * po: stop running update-po on all
+ * semanage: seobject verify policy types before allowing you to assign them.
+ * gui: Start using Popen, instead of os.spawnl
+ * sandbox: Copy /var/tmp to /tmp as they are the same inside
+ * qualifier to shred content
+ * semanage: Fix handling of boolean_sub names when using the -F flag
+ * semanage: man: roles instead of role
+ * gui: system-config-selinux: Catch no DISPLAY= error
+ * setfiles: print error if no default label found
+ * semanage: list logins file entries in semanage login -l
+ * semanage: good error message is sepolgen python module missing
+ * gui: system-config-selinux: do not use lokkit
+ * secon: add support for setrans color information in prompt output
+ * restorecond: remove /etc/mtab from default list
+ * gui: If you are not able to read enforcemode set it to False
+ * genhomedircon: regenerate genhomedircon more often
+ * restorecond: Add /etc/udpatedb.conf to restorecond.conf
+ * genhomedircon generation to allow spec file to pass in SEMODULE_PATH
+ * fixfiles: relabel only after specific date
+ * po: update translations
+ * sandbox: seunshare: do not reassign realloc value
+ * seunshare: do checking on setfsuid
+ * sestatus: rewrite to shut up coverity
+
+* Thu Jan 31 2013 Dan Walsh - 2.1.12-58
+- Reorginize sepolicy so all get_all functions are in main module
+- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
+
+* Fri Jan 25 2013 Dan Walsh - 2.1.12-57
+- Update to latest patches from eparis/Upstream
+- fixfiles onboot will write any flags handed to it to /.autorelabel.
+- * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
+- * This should allow fixfiles -F onboot, to force a hard relabel.
+- Add -p to show progress on full relabel.
+
+* Tue Jan 15 2013 Dan Walsh - 2.1.12-56
+- Additional changes for bash completsion and generate man page to match the w
+- Add newtype as a new qualifier to sepolicy generate. This new mechanism wil
+- a policy write to generate types after the initial policy has been written a
+- will autogenerate all of the interfaces.
+- I also added a -w options to allow policy writers from the command line to s
+- the writable directories of files.
+-
+- Modify network.py to include interface definitions for newly created port type
+- Standardize of te_types just like all of the other templates.
+
+- Change permissive domains creation to raise exception if sepolgen is not ins
+- get_te_results no longer needs or uses the opts parameter.
+- The compliler was complaining so I just removed the option.
+- Start returning analysis data for audit2allow
+
+* Tue Jan 15 2013 Dan Walsh - 2.1.12-55
+- Update Translations
+- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
+- This fixes the spec file and script file getting wrong names for modules and types.
+
+* Wed Jan 9 2013 Dan Walsh - 2.1.12-54
+- Additional patch from Miroslav to handle role attributes
+
+* Wed Jan 9 2013 Dan Walsh - 2.1.12-53
+- Update with Miroslav patch to handle role attributes
+- Update Translations
+- import sepolicy will only throw exception on missing policy iff selinux is enabled
+
+* Sat Jan 5 2013 Dan Walsh - 2.1.12-52
+- Update to latest patches from eparis/Upstream
+- secon: add support for setrans color information in prompt output
+- Update translations
+
+* Fri Jan 4 2013 Dan Walsh - 2.1.12-51
+- Update translations
+- Fix sepolicy booleans to handle autogenerated booleans descriptions
+- Cleanups of sepolicy manpage
+- Fix crash on git_shell man page generation
+
+* Thu Jan 3 2013 Dan Walsh - 2.1.12-50
+- Update translations
+- update sepolicy manpage to generate fcontext equivalence data and to list
+default file context paths.
+- Add ability to generate policy for confined admins and domains like puppet.
+
+* Thu Dec 20 2012 Dan Walsh - 2.1.12-49
+- Fix semanage permissive , this time with the patch.
+- Update translations
+
+* Wed Dec 19 2012 Dan Walsh - 2.1.12-48
+- Fix semanage permissive
+- Change to use correct gtk forward button
+- Update po
+
+* Mon Dec 17 2012 Dan Walsh - 2.1.12-47
+- Move audit2why to -devel package
+
+* Mon Dec 17 2012 Dan Walsh - 2.1.12-46
+- sepolicy transition was blowing up. Also cleanup output when only source is specified.
+- sepolicy generate should allow policy modules names that include - or _
+
+* Mon Dec 10 2012 Dan Walsh |