%if 0%{?fedora} > 12 || 0%{?rhel} > 6

%global with_python3 1

%else

%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}

%endif

%define libsepolver 2.1.0-1

%define libselinuxver 2.0.102-6

Summary: SELinux binary policy manipulation library 

Name: libsemanage

Version: 2.1.2

Release: 1.1%{?dist}

License: LGPLv2+

Group: System Environment/Libraries

Source: libsemanage-%{version}.tgz

Patch: libsemanage-rhat.patch

Patch1: libsemanage-umask.patch

URL: http://oss.tresys.com/git/selinux.git

Source1: semanage.conf

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel

BuildRequires: libsepol-devel >= %{libsepolver} 

BuildRequires: python-devel bison flex bzip2-devel

%if 0%{?with_python3}

BuildRequires: python3-devel

%endif # if with_python3

Requires: bzip2-libs

%description

Security-enhanced Linux is a feature of the Linux® kernel and a number

of utilities with enhanced security functionality designed to add

mandatory access controls to Linux.  The Security-enhanced Linux

kernel contains new architectural components originally developed to

improve the security of the Flask operating system. These

architectural components provide general support for the enforcement

of many kinds of mandatory access control policies, including those

based on the concepts of Type Enforcement®, Role-based Access

Control, and Multi-level Security.

libsemanage provides an API for the manipulation of SELinux binary policies.

It is used by checkpolicy (the policy compiler) and similar tools, as well

as by programs like load_policy that need to perform specific transformations

on binary policies such as customizing policy boolean settings.

%package static

Summary: Static library used to build policy manipulation tools

Group: Development/Libraries

Requires: libsemanage-devel = %{version}-%{release}

%description static

The semanage-static package contains the static libraries 

needed for developing applications that manipulate binary policies. 

%package devel

Summary: Header files and libraries used to build policy manipulation tools

Group: Development/Libraries

Requires: libsemanage = %{version}-%{release} ustr

%description devel

The semanage-devel package contains the libraries and header files

needed for developing applications that manipulate binary policies. 

%package python

Summary: semanage python bindings for libsemanage

Group: Development/Libraries

Requires: libsemanage = %{version}-%{release} 

%description python

The libsemanage-python package contains the python bindings for developing 

SELinux management applications. 

%if 0%{?with_python3}

%package python3

Summary: semanage python 3 bindings for libsemanage

Group: Development/Libraries

Requires: libsemanage = %{version}-%{release} 

%description python3

The libsemanage-python3 package contains the python 3 bindings for developing

SELinux management applications.

%endif # if with_python3

%prep

%setup -q

%patch -p2 -b .rhat

%patch1 -p2 -b .umask

%build

# To support building the Python wrapper against multiple Python runtimes

# Define a function, for how to perform a "build" of the python wrapper against

# a specific runtime:

BuildPythonWrapper() {

  BinaryName=$1

  # Perform the build from the upstream Makefile:

  make \

    PYTHON=$BinaryName \

    CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \

    pywrap

}

make clean

make CFLAGS="%{optflags}" swigify

make CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all

BuildPythonWrapper \

  %{__python}

%if 0%{?with_python3}

BuildPythonWrapper \

  %{__python3}

%endif # with_python3

%install

InstallPythonWrapper() {

  BinaryName=$1

  make \

    PYTHON=$BinaryName \

    DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" \

    install-pywrap

}

rm -rf ${RPM_BUILD_ROOT}

mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} 

mkdir -p ${RPM_BUILD_ROOT}%{_includedir} 

make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install

InstallPythonWrapper \

  %{__python} \

  .so

%if 0%{?with_python3}

InstallPythonWrapper \

  %{__python3} \

  $(python3-config --extension-suffix)

%endif # with_python3

cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf

ln -sf  %{_libdir}/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so

%clean

rm -rf ${RPM_BUILD_ROOT}

%files

%defattr(-,root,root)

%config(noreplace) /etc/selinux/semanage.conf

/%{_libdir}/libsemanage.so.1

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files static

%defattr(-,root,root)

%{_libdir}/libsemanage.a

%files devel

%defattr(-,root,root)

%{_libdir}/libsemanage.so

%{_libdir}/pkgconfig/libsemanage.pc

%dir %{_includedir}/semanage

%{_includedir}/semanage/*.h

%{_mandir}/man3/*

%files python

%defattr(-,root,root)

%{python_sitearch}/_semanage.so

%{python_sitearch}/semanage.py*

%if 0%{?with_python3}

%files python3

%defattr(-,root,root)

%{python3_sitearch}/*.so

%{python3_sitearch}/semanage.py*

%{python3_sitearch}/__pycache__/semanage*

%endif # if with_python3

%changelog

* Thu Oct 20 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-1.1

- Add Stephen Smalley patch to make sure selinux config files are created with the correct permissions, 

- ignoring the umask

* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.2-1

-Update to upstream

2.1.2 2011-08-17

	* print error debug info for buggy fc

	* introduce semanage_set_root and friends

	* throw exceptions in python rather than return

	* python3 support.

	* patch for MCS/MLS in user files

2.1.1 2011-08-01

	* Remove generated files, expand .gitignore

	* Use -Werror and change a few prototypes to support it

* Thu Jul 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.0-1

- Update to upstream

	* Release, minor version bump

* Wed Jun 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-6

- More fixes for disabled modules

* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-5

- Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module 

indicating the module is disabled.  MODULE.pp.disabled, it will no longer rename the module.  This way we can

ship active modules in rpm.

* Wed Jun 1 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-4

- Add semanage_set_selinux_path, to allow semodule to work on alternate selinux pools

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.46-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Thu Dec 30 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.46-2

- big reworking of the support-multiple-python-builds patch to deal with

PEP 3149: the latest Python 3.2 onwards uses include paths and library names

that don't fit prior naming patterns, and so we must query python3-config for

this information.  To complicate things further, python 2's python-config

doesn't understand all of the options needed ("--extension-suffix").  I've

thus added new Makefile variables as needed, to be supplied by the specfile by

invoking the appropriate config tool (or by hardcoding the old value for

"--extension-suffix" i.e. ".so")

- rework python3 manifest for PEP 3149, and rebuild for newer python3

* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1

- Update to upstream

  * Fix compliation under GCC 4.6 by Justin Mattock

* Wed Aug 25 2010 Thomas Spura <tomspur@fedoraproject.org> - 2.0.45-6

- rebuild with python3.2

  http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html

* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-5

- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

* Tue Apr 27 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-4

- add python3 subpackage

* Wed Apr 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-3

- Fix -devel package to point at the correct shared library

* Fri Mar 26 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-2

- Move shared library to /usr/lib

* Mon Mar 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-1

- Update to upstream

	* Add enable/disable patch support from Dan Walsh.

	* Add usepasswd flag to semanage.conf to disable genhomedircon using

	  passwd from Dan Walsh.

	* regenerate swig wrappers

* Thu Feb 25 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-2

- Allow disable of usepasswd

* Wed Feb 17 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-1

- Update to upstream

	* Replace usage of fmemopen() with sepol_policy_file_set_mem() since

	  glibc < 2.9 does not support binary mode ('b') for fmemopen'd

	  streams.

* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-4

- Cleanup spec file

* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-3

- Splect libsemanage.a into a static subpackage to keep fedora packaging guidelines happy

* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-2

- Rebuild all c programs with -fPIC

* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-1

- Update to upstream

  * Move libsemanage.so to /usr/lib

  * Add NAME lines to man pages from Manoj Srivastava<srivasta@debian.org>

* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.42-1

- Update to upstream

  * Move load_policy from /usr/sbin to /sbin from Dan Walsh.

* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.41-1

- Update to upstream

  * Add pkgconfig file from Eamon Walsh.

  * Add semanage_set_check_contexts() function to disable calling

  setfiles

* Mon Sep 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.39-1

- Update to upstream

  * make swigify

* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-2

- Dont relabel /root with genhomedircon

* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-1

- Update to upstream

  * Change semodule upgrade behavior to install even if the module

    is not present from Dan Walsh.

  * Make genhomedircon trim excess '/' from homedirs from Dan Walsh.

* Wed Sep 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.37-1

- Update to upstream

  * Fix persistent dontaudit support to rebuild policy if the 

        dontaudit state is changed from Chad Sellers.

- Move load_policy to /sbin

* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-2

- Add enable/disable modules

* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-1

- Update to upstream

  * Changed bzip-blocksize=0 handling to support existing compressed

  modules in the store.

* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-2

- Make sure /root is not used in genhomedircon

* Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1

  * Revert hard linking of files between tmp/active/previous.

  * Enable configuration of bzip behavior from Stephen Smalley.

    bzip-blocksize=0 to disable compression and decompression support.

    bzip-blocksize=1..9 to set the blocksize for compression.

    bzip-small=true to reduce memory usage for decompression.

* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.33-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Fri Jul 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-2

- Put check for /root back into genhomedircon

* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-1

- Update to upstream

* Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.32-1

- Update to upstream

  * Ruby bindings from David Quigley.

* Thu Apr 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-5

- Return error on invalid file

* Wed Mar 11 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-4

- Fix typo

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.31-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Thu Jan 15 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-2

- Fix link to only link on sandbox

* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-1

- Update to upstream

  * Policy module compression (bzip) support from Dan Walsh.

  * Hard link files between tmp/active/previous from Dan Walsh.

* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.30-3

- Fix up patch to get it upstreamed

* Thu Dec 04 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.30-2

- Rebuild for Python 2.6

* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1

  * Add semanage_mls_enabled() interface from Stephen Smalley.

* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.29-2

- Rebuild for Python 2.6

* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1

- Update to upstream

  * Add USER to lines to homedir_template context file from Chris PeBenito.

* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-2

- Add compression support

* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1

- Update to upstream

  * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh

* Wed Sep 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-3

- Additional fixes for Don't rebuild on fcontext or seuser modifications

* Tue Sep 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-2

- Don't rebuild on fcontext or seuser modifications

* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-1

- Update to upstream

  * Modify genhomedircon to skip groupname entries.

  Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the groupname syntax.

* Wed Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1

- Update to upstream

  * Fix bug in genhomedircon fcontext matches logic from Dan Walsh.

  Strip any trailing slash before appending /*$.

* Thu Jun 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-3

- Another fix for genhomedircon

* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.25-2

- fix license tag

* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-1

- Update to upstream

  * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.

    Fixes semanage boolean -D seg fault (bug 441379).

* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.24-1

- Update to upstream

  * make swigify

* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1

- Update to upstream

  * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.

* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1

- Update to upstream

  * Free policydb before fork from Joshua Brindle.

  * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.

* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.20-1

- Update to upstream

  * Use sepol_set_expand_consume_base to reduce peak memory usage when

  using semodule

* Fri Feb 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.19-1

- Update to upstream

  * Fix genhomedircon to not override a file context with a homedir context from Todd Miller.

* Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1

- Update to upstream

  * Fix spurious out of memory error reports.

  * Merged second version of fix for genhomedircon handling from Caleb Case.

* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-1

- Update to upstream

  * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.

* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-2

- Stop differentiating on user for homedir labeling

* Thu Dec 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1

- Update to upstream

  * Fix genhomedircon handling of shells and missing user context template from Dan Walsh.

  * Copy the store path in semanage_select_store from Dan Walsh.

- Add expand-check=0 to semanage.conf

* Mon Dec 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-5

- Fix handling of /etc/shells so genhomedircon will work

* Thu Nov 29 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-3

- Allow semanage_genhomedircon to work with out a USER int homedir.template

* Sat Nov 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2

- Fix semanage_select_store to allocate memory, fixes crash on invalid store

* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1

- Upgrade to latest from NSA

  * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.

  * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.

* Fri Oct 5 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.12-1

- Upgrade to latest from NSA

  * ustr cleanups from James Antill.

  * Ensure that /root gets labeled even if using the default context from Dan Walsh.

* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.11-1

- Upgrade to latest from NSA

  * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.

* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-2

- Fix sort order on generated homedir context

* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-1

- Upgrade to latest from NSA

  * Fix error checking on getpw*_r functions from Todd Miller.

  * Make genhomedircon skip invalid homedir contexts from Todd Miller.

  * Set default user and prefix from seusers from Dan Walsh.

  * Add swigify Makefile target from Dan Walsh.

* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1

- Upgrade to latest from NSA

  * Pass CFLAGS to CC even on link command, per Dennis Gilmore.

  * Clear errno on non-fatal errors to avoid reporting them upon a

    later error that does not set errno.

  * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.

- Fix segfault in genhomedircon when using bad user names

* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-2

- Fix genhomedircon code to only generate valid context

- Fixes autorelabel problem

* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-1

- Upgrade to latest from NSA

  * Change to use getpw* function calls to the _r versions from Todd Miller.

* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.5-1

- Upgrade to latest from NSA

* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.4-1

- Upgrade to latest from NSA

  * Allow dontaudits to be turned off via semanage interface when

    updating policy

* Sat Aug 11 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-5

- Add ability to load a policy without dontaudit rules

-

* Tue Jun 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-4

- Rebuild to fix segfault on x86 platforms, swigify on each build

* Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-3

- Rebuild for rawhide

* Thu May 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2

- Apply patch to fix dependencies in spec file from Robert Scheck

* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1

- Upgrade to latest from NSA

  * Fix to libsemanage man patches so whatis will work better from Dan Walsh

* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.2-1

- Upgrade to latest from NSA

  * Merged optimizations from Stephen Smalley.

    - do not set all booleans upon commit, only those whose values have changed

    - only install the sandbox upon commit if something was rebuilt

* Sat Mar 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2

- Add SELinux to Man page Names so man -k will work

* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1

  * Merged dbase_file_flush patch from Dan Walsh.

    This removes any mention of specific tools (e.g. semanage)

    from the comment header of the auto-generated files,

    since there are multiple front-end tools.

* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1

- Upgrade to latest from NSA

  * Merged Makefile test target patch from Caleb Case.

  * Merged get_commit_number function rename patch from Caleb Case.

  * Merged strnlen -> strlen patch from Todd Miller.

* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.10.1-1

- Upgrade to latest from NSA

  * Merged python binding fix from Dan Walsh.

  * Updated version for stable branch.

* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.2-1

- Upgrade to latest from NSA

  * Merged patch to optionally reduce disk usage by removing 

    the backup module store and linked policy from Karl MacMillan

  * Merged patch to correctly propagate return values in libsemanage

* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-3

- Apply Karl MacMillan patch to get proper error codes.

* Thu Dec  7 2006 Jeremy Katz <katzj@redhat.com> - 1.9.1-2

- rebuild against python 2.5

* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-1

- Upgrade to latest from NSA

  * Merged patch to compile wit -fPIC instead of -fpic from

    Manoj Srivastava to prevent hitting the global offest table

    limit. Patch changed to include libselinux and libsemanage in

    addition to libsepol.

* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.8-1

- Upgrade to latest from NSA

  * Updated version for release.

* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.17-1

- Upgrade to latest from NSA

  * Merged patch to skip reload if no active store exists and

    the store path doesn't match the active store path from Dan Walsh.

  * Merged patch to not destroy sepol handle on error path of

    connect from James Athey.

  * Merged patch to add genhomedircon path to semanage.conf from

    James Athey. 

* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-3

- Fix semanage to not load if is not the correct policy type and it is installing

* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-2

- Fix requires lines

* Wed Aug 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-1

- Upgrade to latest from NSA

  * Make most copy errors fatal, but allow exceptions for

    file_contexts.local, seusers, and netfilter_contexts if

    the source file does not exist in the store.

* Sat Aug 12 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.15-1

- Upgrade to latest from NSA

  * Merged separate local file contexts patch from Chris PeBenito.

  * Merged patch to make most copy errors non-fatal from Dan Walsh.

* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-3

- Change other updates to be non-fatal

* Wed Aug 9 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-2

- Change netfilter stuff to be non-fatal so update can proceed.

* Thu Aug 3 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-1

- Upgrade to latest from NSA

  * Merged netfilter contexts support from Chris PeBenito.

* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.12-2

- Rebuild for new gcc

* Tue Jul 11 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.12-1

- Upgrade to latest from NSA

  * Merged support for read operations on read-only fs from 

    Caleb Case (Tresys Technology).

* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.11-1

- Upgrade to latest from NSA

  * Lindent.

  * Merged setfiles location check patch from Dan Walsh.

* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.9-1

- Upgrade to latest from NSA

  * Merged several fixes from Serge Hallyn:

       dbase_file_cache:  deref of uninit data on error path.

       dbase_policydb_cache:  clear fp to avoid double fclose

       semanage_fc_sort:  destroy temp on error paths

* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.8-2

- Handle setfiles being in /sbin or /usr/sbin

* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.8-1

- Upgrade to latest from NSA

  * Updated default location for setfiles to /sbin to

    match policycoreutils.  This can also be adjusted via 

    semanage.conf using the syntax:

    [setfiles]

    path = /path/to/setfiles

    args = -q -c $@ $<

    [end]

* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-3

- Spec file cleanup from n0dalus+redhat@gmail.com

* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-2

- Add /usr/include/semanage to spec file

* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-1

- Upgrade to latest from NSA

  * Merged fix warnings patch from Karl MacMillan.

* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.6-1

- Upgrade to latest from NSA

  * Merged updated file context sorting patch from Christopher

    Ashworth, with bug fix for escaped character flag.

  * Merged file context sorting code from Christopher Ashworth 

    (Tresys Technology), based on fc_sort.c code in refpolicy.

  * Merged python binding t_output_helper removal patch from Dan Walsh.

  * Regenerated swig files.

* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.3-1

- Fix to work with new version of swig

- Upgrade to latest from NSA

  * Merged corrected fix for descriptor leak from Dan Walsh.

* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.2-2

- Fix leaky descriptor

* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.2-1

- Upgrade to latest from NSA

  * Merged Makefile PYLIBVER definition patch from Dan Walsh.

  * Merged man page reorganization from Ivan Gyurdiev.

* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.6-1

- Make work on RHEL4

- Upgrade to latest from NSA

  * Merged abort early on merge errors patch from Ivan Gyurdiev.

  * Cleaned up error handling in semanage_split_fc based on a patch

    by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.

  * Merged MLS handling fixes from Ivan Gyurdiev.

* Fri Feb 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.28-1

- Upgrade to latest from NSA

  * Merged bug fix for fcontext validate handler from Ivan Gyurdiev.

  * Merged base_merge_components changes from Ivan Gyurdiev.

* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.26-1

- Upgrade to latest from NSA

  * Merged paths array patch from Ivan Gyurdiev.

  * Merged bug fix patch from Ivan Gyurdiev.

  * Merged improve bindings patch from Ivan Gyurdiev.

  * Merged use PyList patch from Ivan Gyurdiev.  

  * Merged memory leak fix patch from Ivan Gyurdiev.

  * Merged nodecon support patch from Ivan Gyurdiev.

  * Merged cleanups patch from Ivan Gyurdiev.

  * Merged split swig patch from Ivan Gyurdiev.

* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.23-1

- Upgrade to latest from NSA

  * Merged optionals in base patch from Joshua Brindle.

  * Merged treat seusers/users_extra as optional sections patch from

    Ivan Gyurdiev.

  * Merged parse_optional fixes from Ivan Gyurdiev.

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.5.21-2.1

- bump again for double-long bug on ppc(64)

* Fri Feb 10 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.21-2

- Fix handling of seusers and users_map file

* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.21-1

- Upgrade to latest from NSA

  * Merged seuser/user_extra support patch from Joshua Brindle.

  * Merged remote system dbase patch from Ivan Gyurdiev.  

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.5.20-1.1

- rebuilt for new gcc4.1 snapshot and glibc changes

* Thu Feb 2 2006 Dan Walsh <dwalsh@redhat.com> 1.5.20-1