psss / rpms / libsemanage

Forked from rpms/libsemanage 5 years ago
Clone
Source Code
GIT

Files

  1.   ab2283782434795bbb1d1d7c93e2c3d0fff77218
  2.   libsemanage.spec
Blob Blame History Raw 
%define libselinuxver 1.27.21-1
Summary: SELinux binary policy manipulation library 
Name: libsemanage
Version: 1.3.53
Release: 3
License: GPL
Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
Patch: libsemanage-swigify.patch
Patch1: libsemanage-genhomedircon.patch

BuildRoot: %{_tmppath}/%{name}-buildroot
BuildRequires: libselinux-devel >= %{libselinuxver} 

%description
Security-enhanced Linux is a feature of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

libsemanage provides an API for the manipulation of SELinux binary policies.
It is used by checkpolicy (the policy compiler) and similar tools, as well
as by programs like load_policy that need to perform specific transformations
on binary policies such as customizing policy boolean settings.

%package devel
Summary: Header files and libraries used to build policy manipulation tools
Group: Development/Libraries
Requires: libsemanage = %{version}

%description devel
The semanage-devel package contains the static libraries and header files
needed for developing applications that manipulate binary policies. 

%prep
%setup -q
%patch -p1 -b .swigify
%patch1 -p1 -b .genhomedircon

%build
make CFLAGS="%{optflags}"

%install
rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}/%{_lib} 
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} 
mkdir -p ${RPM_BUILD_ROOT}%{_includedir} 
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install

%clean
rm -rf ${RPM_BUILD_ROOT}

%files
%defattr(-,root,root)
%config(noreplace) /etc/selinux/semanage.conf
/%{_lib}/libsemanage.so.1
%{_libdir}/libsemanage.so
%{_libdir}/python2.4/site-packages/_semanage.so
%{_libdir}/python2.4/site-packages/semanage.py
%{_libdir}/python2.4/site-packages/semanage.pyc
%{_libdir}/python2.4/site-packages/semanage.pyo

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files devel
%defattr(-,root,root)
%{_libdir}/libsemanage.a
%{_includedir}/semanage/*.h

%changelog
* Mon Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-3
- Add genhomedircon patch from Joshua Brindle

* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-2
- Add swigify patch from Joshua Brindle

* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-1
- Upgrade to latest from NSA
	* Merged move seuser validation patch from Ivan Gyurdiev.
	* Merged hidden declaration fixes from Ivan Gyurdiev,
	  with minor corrections.

* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.3.52-1
- Upgrade to latest from NSA
	* Merged cleanup patch from Ivan Gyurdiev.
	  This renames semanage_module_conn to semanage_direct_handle,
	  and moves sepol handle create/destroy into semanage handle
	  create/destroy to allow use even when disconnected (for the
	  record interfaces).

* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.51-1
- Upgrade to latest from NSA
	* Clear modules modified flag upon disconnect and commit.
        * Added tracking of module modifications and use it to
	  determine whether expand-time checks should be applied
	  on commit.
	* Reverted semanage_set_reload_bools() interface.

* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.48-1
- Upgrade to latest from NSA
	* Disabled calls to port dbase for merge and commit and stubbed
	  out calls to sepol_port interfaces since they are not exported.
	* Merged rename instead of copy patch from Joshua Brindle (Tresys).
	* Added hidden_def/hidden_proto for exported symbols used within 
	  libsemanage to eliminate relocations.  Wrapped type definitions
	  in exported headers as needed to avoid conflicts.  Added
	  src/context_internal.h and src/iface_internal.h.
	* Added semanage_is_managed() interface to allow detection of whether
	  the policy is managed via libsemanage.  This enables proper handling
	  in setsebool for non-managed systems.
	* Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
	  to enable runtime control over preserving active boolean values
	  versus reloading their saved settings upon commit.

* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.43-1
- Upgrade to latest from NSA
	* Merged seuser parser resync, dbase tracking and cleanup, strtol
	  bug, copyright, and assert space patches from Ivan Gyurdiev.
	* Added src/*_internal.h in preparation for other changes.
 	* Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
          src/seusers.[hc].


* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.3.41-1
- Upgrade to latest from NSA
	* Merged interface parse/print, context_to_string interface change,
	  move assert_noeof, and order preserving patches from Ivan Gyurdiev.
        * Added src/dso.h in preparation for other changes.
	* Merged install seusers, handle/error messages, MLS parsing,
	  and seusers validation patches from Ivan Gyurdiev.

* Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.3.39-1
- Upgrade to latest from NSA
	* Merged record interface, dbase flush, common database code,
	  and record bugfix patches from Ivan Gyurdiev.

* Fri Oct 28 2005 Dan Walsh <dwalsh@redhat.com> 1.3.38-1
- Upgrade to latest from NSA
	* Merged dbase policydb list and count change from Ivan Gyurdiev.
	* Merged enable dbase and set relay patches from Ivan Gyurdiev.

* Thu Oct 27 2005 Dan Walsh <dwalsh@redhat.com> 1.3.36-1
- Update from NSA
	* Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.

* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.3.35-1
- Update from NSA
	* Merged sepol handle passing, seusers support, and policydb cache
	  patches from Ivan Gyurdiev.

* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.3.34-1
- Update from NSA
	* Merged resync to sepol changes and booleans fixes/improvements 
	  patches from Ivan Gyurdiev.
	* Merged support for genhomedircon/homedir template, store selection,
	  explicit policy reload, and semanage.conf relocation from Joshua
	  Brindle.

* Mon Oct 24 2005 Dan Walsh <dwalsh@redhat.com> 1.3.32-1
- Update from NSA
	* Merged resync to sepol changes and transaction fix patches from
	  Ivan Gyurdiev.
	* Merged reorganize users patch from Ivan Gyurdiev.
	* Merged remove unused relay functions patch from Ivan Gyurdiev.

* Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.30-1
- Update from NSA
	* Fixed policy file leaks in semanage_load_module and
	  semanage_write_module.
	* Merged further database work from Ivan Gyurdiev.
	* Fixed bug in semanage_direct_disconnect.

* Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.28-1
- Update from NSA
	* Merged interface renaming patch from Ivan Gyurdiev.
	* Merged policy component patch from Ivan Gyurdiev.
	* Renamed 'check=' configuration value to 'expand-check=' for 
	  clarity.
	* Changed semanage_commit_sandbox to check for and report errors 
	  on rename(2) calls performed during rollback.
	* Added optional check= configuration value to semanage.conf 
	  and updated call to sepol_expand_module to pass its value
	  to control assertion and hierarchy checking on module expansion.
	* Merged fixes for make DESTDIR= builds from Joshua Brindle.

* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.24-1
- Update from NSA
	* Merged default database from Ivan Gyurdiev.
	* Merged removal of connect requirement in policydb backend from
	  Ivan Gyurdiev.
	* Merged commit locking fix and lock rename from Joshua Brindle.
	* Merged transaction rollback in lock patch from Joshua Brindle.
	* Changed default args for load_policy to be null, as it no longer
	  takes a pathname argument and we want to preserve booleans.
	* Merged move local dbase initialization patch from Ivan Gyurdiev.
	* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
	* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
	* Added calls to sepol_policy_file_set_handle interface prior
	  to invoking sepol operations on policy files.
	* Updated call to sepol_policydb_from_image to pass the handle.


* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
- Update from NSA
	* Changed default args for load_policy to be null, as it no longer
	  takes a pathname argument and we want to preserve booleans.
	* Merged move local dbase initialization patch from Ivan Gyurdiev.
	* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
	* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
	* Added calls to sepol_policy_file_set_handle interface prior
	  to invoking sepol operations on policy files.
	* Updated call to sepol_policydb_from_image to pass the handle.

* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
- Update from NSA
	* Merged user and port APIs - policy database patch from Ivan
	Gyurdiev.
	* Converted calls to sepol link_packages and expand_module interfaces
	from using buffers to using sepol handles for error reporting, and 
	changed direct_connect/disconnect to create/destroy sepol handles.

* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.3.18-1
- Update from NSA
	* Merged bugfix patch from Ivan Gyurdiev.
	* Merged seuser database patch from Ivan Gyurdiev.
	Merged direct user/port databases to the handle from Ivan Gyurdiev.
	* Removed obsolete include/semanage/commit_api.h (leftover).
	Merged seuser record patch from Ivan Gyurdiev.
	* Merged boolean and interface databases from Ivan Gyurdiev.

* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.14-1
- Update from NSA
	* Updated to use get interfaces for hidden sepol_module_package type.
	* Changed semanage_expand_sandbox and semanage_install_active
	to generate/install the latest policy version supported	by libsepol
	by default (unless overridden by semanage.conf), since libselinux
	will now downgrade automatically for load_policy.
	* Merged new callback-based error reporting system and ongoing
	database work from Ivan Gyurdiev.

* Wed Oct 12 2005 Dan Walsh <dwalsh@redhat.com> 1.3.11-1
- Update from NSA
	* Fixed semanage_install_active() to use the same logic for
	selecting a policy version as semanage_expand_sandbox().  Dropped
	dead code from semanage_install_sandbox().

* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.3.10-1
- Update from NSA
	* Updated for changes to libsepol, and to only use types and interfaces
	provided by the shared libsepol.

* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.9-1
- Update from NSA
	* Merged further database work from Ivan Gyurdiev.

* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.3.8-1
- Update from NSA
	* Merged iterate, redistribute, and dbase split patches from
	Ivan Gyurdiev.

* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.3.7-1
- Update from NSA
	* Merged patch series from Ivan Gyurdiev.
	  (pointer typedef elimination, file renames, dbase work, backend
	   separation)
	* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
	* Separated handle create from connect interface.
	* Added a constructor for initialization.
	* Moved up src/include/*.h to src.
	* Created a symbol map file; dropped dso.h and hidden markings.

* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.3.5-1
- Update from NSA
	* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
	* Separated handle create from connect interface.
	* Added a constructor for initialization.
	* Moved up src/include/*.h to src.
	* Created a symbol map file; dropped dso.h and hidden markings.

* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.4-1
- Update from NSA
	* Merged dbase redesign patch from Ivan Gyurdiev.

* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.3-1
- Update from NSA
	* Merged boolean record, stub record handler, and status codes 
	  patches from Ivan Gyurdiev.

* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.2-1
- Update from NSA
	* Merged stub iterator functionality from Ivan Gyurdiev.
	* Merged interface record patch from Ivan Gyurdiev.

* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.1-1
- Update from NSA
	* Merged stub functionality for managing user and port records,
	and record table code from Ivan Gyurdiev.
	* Updated version for release.

* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.1.6-1
- Update from NSA
	* Merged semod.conf template patch from Dan Walsh (Red Hat),
	but restored location to /usr/share/semod/semod.conf.
	* Fixed several bugs found by valgrind.
	* Fixed bug in prior patch for the semod_build_module_list leak.
	* Merged errno fix from Joshua Brindle (Tresys).
	* Merged fix for semod_build_modules_list leak on error path
	  from Serge Hallyn (IBM).  Bug found by Coverity.

* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.1.3-1
- Update from NSA
	* Merged errno fix from Joshua Brindle (Tresys).
	* Merged fix for semod_build_modules_list leak on error path
	  from Serge Hallyn (IBM).  Bug found by Coverity.
	* Merged several fixes from Serge Hallyn (IBM).  Bugs found by
	  Coverity.
	* Fixed several other bugs and warnings.
	* Merged patch to move module read/write code from libsemanage
	  to libsepol from Jason Tang (Tresys).	
	* Merged relay records patch from Ivan Gyurdiev.
	* Merged key extract patch from Ivan Gyurdiev.

- Initial version
- Created by Stephen Smalley <sds@epoch.ncsc.mil>
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.