diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata
index e3c572c..9830082 100644
--- a/.policycoreutils.metadata
+++ b/.policycoreutils.metadata
@@ -1,9 +1,9 @@
-1774f04937a737c415273ee118b0d295e01864f3 SOURCES/gui-po.tgz
+2acf5c696e1e60cf405b0cadcc090b79269f8812 SOURCES/gui-po.tgz
6e64d9a38fb516738023eb429eef29af5383f443 SOURCES/policycoreutils-2.9.tar.gz
-136d495d4ad657aab34727edad0de2fc6a3c6553 SOURCES/policycoreutils-po.tgz
-2218891a934c10bea73fd017a8aa5ce9417a78c4 SOURCES/python-po.tgz
+af5375db35a33f9daf4b06e61566c92d0d4f6792 SOURCES/policycoreutils-po.tgz
+aac18d02363be7c03fad4ed35f5367f9ca0e397f SOURCES/python-po.tgz
0a34ef54394972870203832c8ce52d4405bd5330 SOURCES/restorecond-2.9.tar.gz
-36c396e7151f3f6d55cbf4983d3d73a79be41899 SOURCES/sandbox-po.tgz
+76d7357f34e062dce330d2a97031b1b64dea775f SOURCES/sandbox-po.tgz
8645509cdfc433278c2e4d29ee8f511625c7edcc SOURCES/selinux-dbus-2.9.tar.gz
5c155ae47692389d9fabaa154195e7f978f2a3f0 SOURCES/selinux-gui-2.9.tar.gz
660e1ab824ef80f7a69f0b70f61e231957fd398e SOURCES/selinux-python-2.9.tar.gz
diff --git a/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch b/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
index 61dfcc7..6fb92fb 100644
--- a/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
+++ b/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
@@ -1,7 +1,7 @@
From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 5 Mar 2019 17:38:55 +0100
-Subject: [PATCH 01/20] gui: Install polgengui.py to /usr/bin/selinux-polgengui
+Subject: [PATCH] gui: Install polgengui.py to /usr/bin/selinux-polgengui
polgengui.py is a standalone gui tool which should be in /usr/bin with other
tools.
diff --git a/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch b/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch
index 84eeb22..26a16bf 100644
--- a/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch
+++ b/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch
@@ -1,8 +1,8 @@
From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 5 Mar 2019 17:25:00 +0100
-Subject: [PATCH 02/20] gui: Install .desktop files to /usr/share/applications
- by default
+Subject: [PATCH] gui: Install .desktop files to /usr/share/applications by
+ default
/usr/share/applications is a standard directory for .desktop files.
Installation path can be changed using DESKTOPDIR variable in installation
diff --git a/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
index deed0f4..8802042 100644
--- a/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
+++ b/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
@@ -1,8 +1,8 @@
From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 20 Aug 2015 12:58:41 +0200
-Subject: [PATCH 03/20] sandbox: add -reset to Xephyr as it works better with
- it in recent Fedoras
+Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
+ recent Fedoras
---
sandbox/sandboxX.sh | 2 +-
diff --git a/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
index 72c1043..0973405 100644
--- a/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
+++ b/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
@@ -1,7 +1,7 @@
From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 21 Apr 2014 13:54:40 -0400
-Subject: [PATCH 04/20] Fix STANDARD_FILE_CONTEXT section in man pages
+Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
---
diff --git a/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
index da1c1a2..9e7d54f 100644
--- a/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
+++ b/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
@@ -1,8 +1,8 @@
From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 12 May 2014 14:11:22 +0200
-Subject: [PATCH 05/20] If there is no executable we don't want to print a part
- of STANDARD FILE CONTEXT
+Subject: [PATCH] If there is no executable we don't want to print a part of
+ STANDARD FILE CONTEXT
---
python/sepolicy/sepolicy/manpage.py | 3 ++-
diff --git a/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
index a2a2dd9..f87058c 100644
--- a/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
+++ b/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
@@ -1,7 +1,7 @@
From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 19 Feb 2015 17:45:15 +0100
-Subject: [PATCH 06/20] Simplication of sepolicy-manpage web functionality.
+Subject: [PATCH] Simplication of sepolicy-manpage web functionality.
system_release is no longer hardcoded and it creates only index.html and html
man pages in the directory for the system release.
diff --git a/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
index 9680bf2..a96bab9 100644
--- a/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
+++ b/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
@@ -1,7 +1,7 @@
From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:01 +0100
-Subject: [PATCH 07/20] We want to remove the trailing newline for
+Subject: [PATCH] We want to remove the trailing newline for
/etc/system_release.
---
diff --git a/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch b/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch
index eb9315b..a896dfc 100644
--- a/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch
+++ b/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch
@@ -1,7 +1,7 @@
From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:53 +0100
-Subject: [PATCH 08/20] Fix title in manpage.py to not contain 'online'.
+Subject: [PATCH] Fix title in manpage.py to not contain 'online'.
---
python/sepolicy/sepolicy/manpage.py | 2 +-
diff --git a/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
index 7e332bf..8fbfb11 100644
--- a/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
+++ b/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
@@ -1,7 +1,7 @@
From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Fri, 14 Feb 2014 12:32:12 -0500
-Subject: [PATCH 09/20] Don't be verbose if you are not on a tty
+Subject: [PATCH] Don't be verbose if you are not on a tty
---
policycoreutils/scripts/fixfiles | 1 +
diff --git a/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
index acf85da..749a2c4 100644
--- a/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
+++ b/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
@@ -1,8 +1,8 @@
From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 27 Feb 2017 17:12:39 +0100
-Subject: [PATCH 10/20] sepolicy: Drop old interface file_type_is_executable(f)
- and file_type_is_entrypoint(f)
+Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
+ file_type_is_entrypoint(f)
- use direct queries
- load exec_types and entry_types only once
diff --git a/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch b/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch
index 98d30be..bea01d5 100644
--- a/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch
+++ b/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch
@@ -1,7 +1,7 @@
From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 28 Feb 2017 21:29:46 +0100
-Subject: [PATCH 11/20] sepolicy: Another small optimization for mcs types
+Subject: [PATCH] sepolicy: Another small optimization for mcs types
---
python/sepolicy/sepolicy/manpage.py | 16 +++++++++++-----
diff --git a/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch b/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch
index 38a569e..f3524b7 100644
--- a/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch
+++ b/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch
@@ -1,8 +1,7 @@
From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:23:00 +0200
-Subject: [PATCH 12/20] Move po/ translation files into the right
- sub-directories
+Subject: [PATCH] Move po/ translation files into the right sub-directories
When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
sub-directories, po/ translation files stayed in policycoreutils/.
diff --git a/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch b/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
index 895077e..c214ee4 100644
--- a/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
+++ b/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
@@ -1,7 +1,7 @@
From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:37:07 +0200
-Subject: [PATCH 13/20] Use correct gettext domains in python/ gui/ sandbox/
+Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/
https://github.com/fedora-selinux/selinux/issues/43
---
diff --git a/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch b/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch
index c3d65d2..7b7d340 100644
--- a/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch
+++ b/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch
@@ -1,7 +1,7 @@
From c8c59758d2fb7f6cbe368c9ff8f356ea7acebb4b Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 14:23:19 +0200
-Subject: [PATCH 14/20] Initial .pot files for gui/ python/ sandbox/
+Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/
https://github.com/fedora-selinux/selinux/issues/43
---
diff --git a/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch b/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
index 1149a84..4120fce 100644
--- a/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
+++ b/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
@@ -1,8 +1,7 @@
From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Mar 2018 08:51:31 +0100
-Subject: [PATCH 16/20] policycoreutils/setfiles: Improve description of -d
- switch
+Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch
The "-q" switch is becoming obsolete (completely unused in fedora) and
debug output ("-d" switch) makes sense in any scenario. Therefore both
diff --git a/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch b/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch
index 382e4ea..b4a9fd4 100644
--- a/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch
+++ b/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch
@@ -1,7 +1,7 @@
From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com>
Date: Thu, 14 Dec 2017 15:57:58 +0900
-Subject: [PATCH 17/20] sepolicy-generate: Handle more reserved port types
+Subject: [PATCH] sepolicy-generate: Handle more reserved port types
Currently only reserved_port_t, port_t and hi_reserved_port_t are
handled as special when making a ports-dictionary. However, as fas as
diff --git a/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch b/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
index a3771a0..73b9c7a 100644
--- a/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
+++ b/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
@@ -1,7 +1,7 @@
From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 8 Nov 2018 09:20:58 +0100
-Subject: [PATCH 18/20] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
+Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
---
semodule-utils/semodule_package/semodule_package.c | 1 +
diff --git a/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
index 84d6a67..b9674eb 100644
--- a/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
+++ b/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
@@ -1,7 +1,7 @@
From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 18 Jul 2018 09:09:35 +0200
-Subject: [PATCH 19/20] sandbox: Use matchbox-window-manager instead of openbox
+Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox
---
sandbox/sandbox | 4 ++--
diff --git a/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch b/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch
index 6f2d075..6ba17e2 100644
--- a/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch
+++ b/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch
@@ -1,7 +1,7 @@
From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 3 Dec 2018 14:40:09 +0100
-Subject: [PATCH 20/20] python: Use ipaddress instead of IPy
+Subject: [PATCH] python: Use ipaddress instead of IPy
ipaddress module was added in python 3.3 and this allows us to drop python3-IPy
---
diff --git a/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch b/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch
index f4a0800..8aa249f 100644
--- a/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch
+++ b/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch
@@ -1,4 +1,4 @@
-From 6051f6a56d0ad63fc8aa7c806d43b0594652a0b9 Mon Sep 17 00:00:00 2001
+From 5938d18536f4c0a76521d1f0721e981e6570b012 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 4 Apr 2019 23:02:56 +0200
Subject: [PATCH] python/semanage: Do not traceback when the default policy is
diff --git a/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch b/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
index 7fb0ec5..eca127b 100644
--- a/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
+++ b/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
@@ -1,7 +1,7 @@
From 99582e3bf63475b7af5793bb9230e88d847dc7c8 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 2 Jul 2019 17:11:32 +0200
-Subject: [PATCH 22/23] policycoreutils/fixfiles: Fix [-B] [-F] onboot
+Subject: [PATCH] policycoreutils/fixfiles: Fix [-B] [-F] onboot
Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel"
command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes
@@ -104,5 +104,5 @@ index 53d28c7b..9dd44213 100755
N)
BOOTTIME=$OPTARG
--
-2.22.0
+2.21.0
diff --git a/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch b/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
index e0b7e1b..4d30a77 100644
--- a/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
+++ b/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
@@ -1,8 +1,8 @@
From 9bcf8ad7b9b6d8d761f7d097196b2b9bc114fa0a Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 2 Jul 2019 17:12:07 +0200
-Subject: [PATCH 23/23] policycoreutils/fixfiles: Force full relabel when
- SELinux is disabled
+Subject: [PATCH] policycoreutils/fixfiles: Force full relabel when SELinux is
+ disabled
The previous check used getfilecon to check whether / slash contains a label,
but getfilecon fails only when SELinux is disabled. Therefore it's better to
@@ -29,5 +29,5 @@ index 9dd44213..a9d27d13 100755
;;
*)
--
-2.22.0
+2.21.0
diff --git a/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch b/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
index b05c325..c5ae9ba 100644
--- a/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
+++ b/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
@@ -28,5 +28,5 @@ index a9d27d13..df0042aa 100755
return
fi
--
-2.17.2
+2.21.0
diff --git a/SOURCES/0025-gui-Fix-remove-module-in-system-config-selinux.patch b/SOURCES/0025-gui-Fix-remove-module-in-system-config-selinux.patch
new file mode 100644
index 0000000..660e5bb
--- /dev/null
+++ b/SOURCES/0025-gui-Fix-remove-module-in-system-config-selinux.patch
@@ -0,0 +1,38 @@
+From f6c67c02f25d3a8971dcc5667121236fab85dd65 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 29 Aug 2019 08:58:20 +0200
+Subject: [PATCH] gui: Fix remove module in system-config-selinux
+
+When a user tried to remove a policy module with priority other than 400 via
+GUI, it failed with a message:
+
+libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory).
+
+This is fixed by calling "semodule -x PRIORITY -r NAME" instead of
+"semodule -r NAME".
+
+From Jono Hein <fredwacko40@hotmail.com>
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ gui/modulesPage.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gui/modulesPage.py b/gui/modulesPage.py
+index 26ac5404..35a0129b 100644
+--- a/gui/modulesPage.py
++++ b/gui/modulesPage.py
+@@ -125,9 +125,10 @@ class modulesPage(semanagePage):
+ def delete(self):
+ store, iter = self.view.get_selection().get_selected()
+ module = store.get_value(iter, 0)
++ priority = store.get_value(iter, 1)
+ try:
+ self.wait()
+- status, output = getstatusoutput("semodule -r %s" % module)
++ status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module))
+ self.ready()
+ if status != 0:
+ self.error(output)
+--
+2.21.0
+
diff --git a/SOURCES/0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch b/SOURCES/0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
new file mode 100644
index 0000000..df5bf20
--- /dev/null
+++ b/SOURCES/0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
@@ -0,0 +1,30 @@
+From c2e942fc452bff06cc5ed9017afe169c6941f4e4 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 3 Sep 2019 15:17:27 +0200
+Subject: [PATCH] python/semanage: Do not use default s0 range in "semanage
+ login -a"
+
+Using the "s0" default means that new login mappings are always added with "s0"
+range instead of the range of SELinux user.
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ python/semanage/semanage | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/semanage/semanage b/python/semanage/semanage
+index 4c766ae3..fa78afce 100644
+--- a/python/semanage/semanage
++++ b/python/semanage/semanage
+@@ -221,7 +221,7 @@ def parser_add_level(parser, name):
+
+
+ def parser_add_range(parser, name):
+- parser.add_argument('-r', '--range', default="s0",
++ parser.add_argument('-r', '--range', default='',
+ help=_('''
+ MLS/MCS Security Range (MLS/MCS Systems only)
+ SELinux Range for SELinux login mapping
+--
+2.21.0
+
diff --git a/SOURCES/0027-policycoreutils-fixfiles-Fix-verify-option.patch b/SOURCES/0027-policycoreutils-fixfiles-Fix-verify-option.patch
new file mode 100644
index 0000000..df5bd65
--- /dev/null
+++ b/SOURCES/0027-policycoreutils-fixfiles-Fix-verify-option.patch
@@ -0,0 +1,33 @@
+From 4733a594c5df14f64293d19f16498e68dc5e3a98 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Tue, 24 Sep 2019 08:41:30 +0200
+Subject: [PATCH] policycoreutils/fixfiles: Fix "verify" option
+
+"restorecon -n" (used in the "restore" function) has to be used with
+"-v" to display the files whose labels would be changed.
+
+Fixes:
+ Fixfiles verify does not report misslabelled files unless "-v" option is
+ used.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ policycoreutils/scripts/fixfiles | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index df0042aa..be19e56c 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -304,7 +304,7 @@ process() {
+ case "$1" in
+ restore) restore Relabel;;
+ check) VERBOSE="-v"; restore Check -n;;
+- verify) restore Verify -n;;
++ verify) VERBOSE="-v"; restore Verify -n;;
+ relabel) relabel;;
+ onboot)
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
+--
+2.21.0
+
diff --git a/SOURCES/0028-python-semanage-Improve-handling-of-permissive-state.patch b/SOURCES/0028-python-semanage-Improve-handling-of-permissive-state.patch
new file mode 100644
index 0000000..0965a9a
--- /dev/null
+++ b/SOURCES/0028-python-semanage-Improve-handling-of-permissive-state.patch
@@ -0,0 +1,102 @@
+From 0803fcb2c014b2cedf8f4d92b80fc382916477ee Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 27 Sep 2019 16:13:47 +0200
+Subject: [PATCH] python/semanage: Improve handling of "permissive" statements
+
+- Add "customized" method to permissiveRecords which is than used for
+ "semanage permissive --extract" and "semanage export"
+- Enable "semanage permissive --deleteall" (already implemented)
+- Add "permissive" to the list of modules exported using
+ "semanage export"
+- Update "semanage permissive" man page
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ python/semanage/semanage | 11 ++++++++---
+ python/semanage/semanage-permissive.8 | 8 +++++++-
+ python/semanage/seobject.py | 3 +++
+ 3 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/python/semanage/semanage b/python/semanage/semanage
+index fa78afce..b2bd9df9 100644
+--- a/python/semanage/semanage
++++ b/python/semanage/semanage
+@@ -722,6 +722,11 @@ def handlePermissive(args):
+
+ if args.action == "list":
+ OBJECT.list(args.noheading)
++ elif args.action == "deleteall":
++ OBJECT.deleteall()
++ elif args.action == "extract":
++ for i in OBJECT.customized():
++ print("permissive %s" % str(i))
+ elif args.type is not None:
+ if args.action == "add":
+ OBJECT.add(args.type)
+@@ -737,9 +742,9 @@ def setupPermissiveParser(subparsers):
+ pgroup = permissiveParser.add_mutually_exclusive_group(required=True)
+ parser_add_add(pgroup, "permissive")
+ parser_add_delete(pgroup, "permissive")
++ parser_add_deleteall(pgroup, "permissive")
++ parser_add_extract(pgroup, "permissive")
+ parser_add_list(pgroup, "permissive")
+- #TODO: probably should be also added => need to implement own option handling
+- #parser_add_deleteall(pgroup)
+
+ parser_add_noheading(permissiveParser, "permissive")
+ parser_add_noreload(permissiveParser, "permissive")
+@@ -763,7 +768,7 @@ def setupDontauditParser(subparsers):
+
+
+ def handleExport(args):
+- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"]
++ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey", "permissive"]
+ for i in manageditems:
+ print("%s -D" % i)
+ for i in manageditems:
+diff --git a/python/semanage/semanage-permissive.8 b/python/semanage/semanage-permissive.8
+index 1999a451..5c3364fa 100644
+--- a/python/semanage/semanage-permissive.8
++++ b/python/semanage/semanage-permissive.8
+@@ -2,7 +2,7 @@
+ .SH "NAME"
+ .B semanage\-permissive \- SELinux Policy Management permissive mapping tool
+ .SH "SYNOPSIS"
+-.B semanage permissive [\-h] (\-a | \-d | \-l) [\-n] [\-N] [\-S STORE] [type]
++.B semanage permissive [\-h] [\-n] [\-N] [\-S STORE] (\-\-add TYPE | \-\-delete TYPE | \-\-deleteall | \-\-extract | \-\-list)
+
+ .SH "DESCRIPTION"
+ semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage permissive adds or removes a SELinux Policy permissive module.
+@@ -18,9 +18,15 @@ Add a record of the specified object type
+ .I \-d, \-\-delete
+ Delete a record of the specified object type
+ .TP
++.I \-D, \-\-deleteall
++Remove all local customizations of permissive domains
++.TP
+ .I \-l, \-\-list
+ List records of the specified object type
+ .TP
++.I \-E, \-\-extract
++Extract customizable commands, for use within a transaction
++.TP
+ .I \-n, \-\-noheading
+ Do not print heading when listing the specified object type
+ .TP
+diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
+index 58497e3b..3959abc8 100644
+--- a/python/semanage/seobject.py
++++ b/python/semanage/seobject.py
+@@ -478,6 +478,9 @@ class permissiveRecords(semanageRecords):
+ l.append(name.split("permissive_")[1])
+ return l
+
++ def customized(self):
++ return ["-a %s" % x for x in sorted(self.get_all())]
++
+ def list(self, heading=1, locallist=0):
+ all = [y["name"] for y in [x for x in sepolicy.info(sepolicy.TYPE) if x["permissive"]]]
+ if len(all) == 0:
+--
+2.21.0
+
diff --git a/SOURCES/0029-python-semanage-fix-moduleRecords.customized.patch b/SOURCES/0029-python-semanage-fix-moduleRecords.customized.patch
new file mode 100644
index 0000000..37ed550
--- /dev/null
+++ b/SOURCES/0029-python-semanage-fix-moduleRecords.customized.patch
@@ -0,0 +1,41 @@
+From 7cc31c4799dd94ed516a39d853744bd1ffb6dc69 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Mon, 30 Sep 2019 09:49:04 +0200
+Subject: [PATCH] python/semanage: fix moduleRecords.customized()
+
+Return value of "customized" has to be iterable.
+
+Fixes:
+ "semanage export" with no modules in the system (eg. monolithic policy)
+ crashes:
+
+ Traceback (most recent call last):
+ File "/usr/sbin/semanage", line 970, in <module>
+ do_parser()
+ File "/usr/sbin/semanage", line 949, in do_parser
+ args.func(args)
+ File "/usr/sbin/semanage", line 771, in handleExport
+ for c in OBJECT.customized():
+ TypeError: 'NoneType' object is not iterable
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ python/semanage/seobject.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
+index 3959abc8..16edacaa 100644
+--- a/python/semanage/seobject.py
++++ b/python/semanage/seobject.py
+@@ -380,7 +380,7 @@ class moduleRecords(semanageRecords):
+ def customized(self):
+ all = self.get_all()
+ if len(all) == 0:
+- return
++ return []
+ return ["-d %s" % x[0] for x in [t for t in all if t[1] == 0]]
+
+ def list(self, heading=1, locallist=0):
+--
+2.21.0
+
diff --git a/SOURCES/0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch b/SOURCES/0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch
new file mode 100644
index 0000000..16dbfb3
--- /dev/null
+++ b/SOURCES/0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch
@@ -0,0 +1,45 @@
+From 7cbfcec89a6972f9c700687ed3cef25ff0846461 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Tue, 8 Oct 2019 14:22:13 +0200
+Subject: [PATCH] python/semanage: Add support for DCCP and SCTP protocols
+
+Fixes:
+ # semanage port -a -p sctp -t port_t 1234
+ ValueError: Protocol udp or tcp is required
+ # semanage port -d -p sctp -t port_t 1234
+ ValueError: Protocol udp or tcp is required
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+---
+ python/semanage/seobject.py | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
+index 16edacaa..70ebfd08 100644
+--- a/python/semanage/seobject.py
++++ b/python/semanage/seobject.py
+@@ -1058,13 +1058,15 @@ class portRecords(semanageRecords):
+ pass
+
+ def __genkey(self, port, proto):
+- if proto == "tcp":
+- proto_d = SEMANAGE_PROTO_TCP
++ protocols = {"tcp": SEMANAGE_PROTO_TCP,
++ "udp": SEMANAGE_PROTO_UDP,
++ "sctp": SEMANAGE_PROTO_SCTP,
++ "dccp": SEMANAGE_PROTO_DCCP}
++
++ if proto in protocols.keys():
++ proto_d = protocols[proto]
+ else:
+- if proto == "udp":
+- proto_d = SEMANAGE_PROTO_UDP
+- else:
+- raise ValueError(_("Protocol udp or tcp is required"))
++ raise ValueError(_("Protocol has to be one of udp, tcp, dccp or sctp"))
+ if port == "":
+ raise ValueError(_("Port is required"))
+
+--
+2.21.0
+
diff --git a/SOURCES/0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch b/SOURCES/0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch
new file mode 100644
index 0000000..ef5f2b6
--- /dev/null
+++ b/SOURCES/0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch
@@ -0,0 +1,40 @@
+From 6e5ccf2dd3329b400b70b7806b9c6128c5c50995 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Fri, 15 Nov 2019 09:15:49 +0100
+Subject: [PATCH] dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot
+
+When org.selinux.relabel_on_boot(0) was called twice, it failed with
+FileNotFoundError.
+
+Fixes:
+ $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1
+ method return sender=:1.53 -> dest=:1.54 reply_serial=2
+ $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
+ method return sender=:1.53 -> dest=:1.55 reply_serial=2
+ $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0
+ Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel'
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ dbus/selinux_server.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
+index b9debc071485..be4f4557a9fa 100644
+--- a/dbus/selinux_server.py
++++ b/dbus/selinux_server.py
+@@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object):
+ fd = open("/.autorelabel", "w")
+ fd.close()
+ else:
+- os.unlink("/.autorelabel")
++ try:
++ os.unlink("/.autorelabel")
++ except FileNotFoundError:
++ pass
+
+ def write_selinux_config(self, enforcing=None, policy=None):
+ path = selinux.selinux_path() + "config"
+--
+2.23.0
+
diff --git a/SOURCES/0032-restorecond-Fix-redundant-console-log-output-error.patch b/SOURCES/0032-restorecond-Fix-redundant-console-log-output-error.patch
new file mode 100644
index 0000000..166c6bd
--- /dev/null
+++ b/SOURCES/0032-restorecond-Fix-redundant-console-log-output-error.patch
@@ -0,0 +1,200 @@
+From 76371721bafed56efcb7a83b3fa3285383ede5b7 Mon Sep 17 00:00:00 2001
+From: Baichuan Kong <kongbaichuan@huawei.com>
+Date: Thu, 14 Nov 2019 10:48:07 +0800
+Subject: [PATCH] restorecond: Fix redundant console log output error
+
+When starting restorecond without any option the following redundant
+console log is outputed:
+
+/dev/log 100.0%
+/var/volatile/run/syslogd.pid 100.0%
+...
+
+This is caused by two global variables of same name r_opts. When
+executes r_opts = opts in restore_init(), it originally intends
+to assign the address of struct r_opts in "restorecond.c" to the
+pointer *r_opts in "restore.c".
+
+However, the address is assigned to the struct r_opts and covers
+the value of low eight bytes in it. That causes unexpected value
+of member varibale 'nochange' and 'verbose' in struct r_opts, thus
+affects value of 'restorecon_flags' and executes unexpected operations
+when restorecon the files such as the redundant console log output or
+file label nochange.
+
+Cause restorecond/restore.c is copied from policycoreutils/setfiles,
+which share the same pattern. It also has potential risk to generate
+same problems, So fix it in case.
+
+Signed-off-by: Baichuan Kong <kongbaichuan@huawei.com>
+
+(cherry-picked from SElinuxProject
+commit ad2208ec220f55877a4d31084be2b4d6413ee082)
+
+Resolves: rhbz#1626468
+---
+ policycoreutils/setfiles/restore.c | 42 ++++++++++++++----------------
+ restorecond/restore.c | 40 +++++++++++++---------------
+ 2 files changed, 37 insertions(+), 45 deletions(-)
+
+diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
+index 9dea5656..d3335d1a 100644
+--- a/policycoreutils/setfiles/restore.c
++++ b/policycoreutils/setfiles/restore.c
+@@ -17,40 +17,37 @@
+ char **exclude_list;
+ int exclude_count;
+
+-struct restore_opts *r_opts;
+-
+ void restore_init(struct restore_opts *opts)
+ {
+ int rc;
+
+- r_opts = opts;
+ struct selinux_opt selinux_opts[] = {
+- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
+- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
+- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
++ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
++ { SELABEL_OPT_PATH, opts->selabel_opt_path },
++ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
+ };
+
+- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
+- if (!r_opts->hnd) {
+- perror(r_opts->selabel_opt_path);
++ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
++ if (!opts->hnd) {
++ perror(opts->selabel_opt_path);
+ exit(1);
+ }
+
+- r_opts->restorecon_flags = 0;
+- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
+- r_opts->progress | r_opts->set_specctx |
+- r_opts->add_assoc | r_opts->ignore_digest |
+- r_opts->recurse | r_opts->userealpath |
+- r_opts->xdev | r_opts->abort_on_error |
+- r_opts->syslog_changes | r_opts->log_matches |
+- r_opts->ignore_noent | r_opts->ignore_mounts |
+- r_opts->mass_relabel;
++ opts->restorecon_flags = 0;
++ opts->restorecon_flags = opts->nochange | opts->verbose |
++ opts->progress | opts->set_specctx |
++ opts->add_assoc | opts->ignore_digest |
++ opts->recurse | opts->userealpath |
++ opts->xdev | opts->abort_on_error |
++ opts->syslog_changes | opts->log_matches |
++ opts->ignore_noent | opts->ignore_mounts |
++ opts->mass_relabel;
+
+ /* Use setfiles, restorecon and restorecond own handles */
+- selinux_restorecon_set_sehandle(r_opts->hnd);
++ selinux_restorecon_set_sehandle(opts->hnd);
+
+- if (r_opts->rootpath) {
+- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
++ if (opts->rootpath) {
++ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
+ if (rc) {
+ fprintf(stderr,
+ "selinux_restorecon_set_alt_rootpath error: %s.\n",
+@@ -81,7 +78,6 @@ int process_glob(char *name, struct restore_opts *opts)
+ size_t i = 0;
+ int len, rc, errors;
+
+- r_opts = opts;
+ memset(&globbuf, 0, sizeof(globbuf));
+
+ errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
+@@ -96,7 +92,7 @@ int process_glob(char *name, struct restore_opts *opts)
+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+ continue;
+ rc = selinux_restorecon(globbuf.gl_pathv[i],
+- r_opts->restorecon_flags);
++ opts->restorecon_flags);
+ if (rc < 0)
+ errors = rc;
+ }
+diff --git a/restorecond/restore.c b/restorecond/restore.c
+index f6e30001..b93b5fdb 100644
+--- a/restorecond/restore.c
++++ b/restorecond/restore.c
+@@ -12,39 +12,36 @@
+ char **exclude_list;
+ int exclude_count;
+
+-struct restore_opts *r_opts;
+-
+ void restore_init(struct restore_opts *opts)
+ {
+ int rc;
+
+- r_opts = opts;
+ struct selinux_opt selinux_opts[] = {
+- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
+- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
+- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
++ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
++ { SELABEL_OPT_PATH, opts->selabel_opt_path },
++ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
+ };
+
+- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
+- if (!r_opts->hnd) {
+- perror(r_opts->selabel_opt_path);
++ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
++ if (!opts->hnd) {
++ perror(opts->selabel_opt_path);
+ exit(1);
+ }
+
+- r_opts->restorecon_flags = 0;
+- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
+- r_opts->progress | r_opts->set_specctx |
+- r_opts->add_assoc | r_opts->ignore_digest |
+- r_opts->recurse | r_opts->userealpath |
+- r_opts->xdev | r_opts->abort_on_error |
+- r_opts->syslog_changes | r_opts->log_matches |
+- r_opts->ignore_noent | r_opts->ignore_mounts;
++ opts->restorecon_flags = 0;
++ opts->restorecon_flags = opts->nochange | opts->verbose |
++ opts->progress | opts->set_specctx |
++ opts->add_assoc | opts->ignore_digest |
++ opts->recurse | opts->userealpath |
++ opts->xdev | opts->abort_on_error |
++ opts->syslog_changes | opts->log_matches |
++ opts->ignore_noent | opts->ignore_mounts;
+
+ /* Use setfiles, restorecon and restorecond own handles */
+- selinux_restorecon_set_sehandle(r_opts->hnd);
++ selinux_restorecon_set_sehandle(opts->hnd);
+
+- if (r_opts->rootpath) {
+- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
++ if (opts->rootpath) {
++ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
+ if (rc) {
+ fprintf(stderr,
+ "selinux_restorecon_set_alt_rootpath error: %s.\n",
+@@ -75,7 +72,6 @@ int process_glob(char *name, struct restore_opts *opts)
+ size_t i = 0;
+ int len, rc, errors;
+
+- r_opts = opts;
+ memset(&globbuf, 0, sizeof(globbuf));
+
+ errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
+@@ -90,7 +86,7 @@ int process_glob(char *name, struct restore_opts *opts)
+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
+ continue;
+ rc = selinux_restorecon(globbuf.gl_pathv[i],
+- r_opts->restorecon_flags);
++ opts->restorecon_flags);
+ if (rc < 0)
+ errors = rc;
+ }
+--
+2.21.0
+
diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec
index efbd06c..24ffe1c 100644
--- a/SPECS/policycoreutils.spec
+++ b/SPECS/policycoreutils.spec
@@ -1,6 +1,6 @@
%global libauditver 3.0
%global libsepolver 2.9-1
-%global libsemanagever 2.9-1
+%global libsemanagever 2.9-2
%global libselinuxver 2.9-1
%global sepolgenver 2.9
@@ -12,7 +12,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.9
-Release: 3%{?dist}.1
+Release: 9%{?dist}
License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
@@ -62,6 +62,14 @@ Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
+Patch0025: 0025-gui-Fix-remove-module-in-system-config-selinux.patch
+Patch0026: 0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
+Patch0027: 0027-policycoreutils-fixfiles-Fix-verify-option.patch
+Patch0028: 0028-python-semanage-Improve-handling-of-permissive-state.patch
+Patch0029: 0029-python-semanage-fix-moduleRecords.customized.patch
+Patch0030: 0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch
+Patch0031: 0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch
+Patch0032: 0032-restorecond-Fix-redundant-console-log-output-error.patch
Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
@@ -499,9 +507,28 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
-* Fri Nov 29 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-3.1
+* Fri Jan 17 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-9
+- Update translations (#1754978)
+
+* Thu Nov 21 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-8
+- restorecond: Fix redundant console log output error (#1626468)
+
+* Tue Nov 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-7
+- dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot (#1754873)
+
+* Tue Nov 12 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
- Configure autorelabel service to output to journal and to console if set (#1766578)
+* Wed Nov 06 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-5
+- fixfiles: Fix "verify" option (#1647532)
+- semanage: Improve handling of "permissive" statements (#1417455)
+- semanage: fix moduleRecords.customized()
+- semanage: Add support for DCCP and SCTP protocols (#1563742)
+
+* Wed Sep 4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-4
+- semanage: Do not use default s0 range in "semanage login -a" (#1554360)
+- gui: Fix remove module in system-config-selinux (#1748763)
+
* Thu Aug 22 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
- fixfiles: Fix unbound variable problem (#1743213)