#define LIBSELINUXVER 1.21.5
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 1.21.10
Release: 1
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
Patch: policycoreutils-rhat.patch
Prefix: %{_prefix}
BuildRequires: libselinux-devel >= %{LIBSELINUXVER} pam-devel libsepol-devel >= 1.1.1
Requires: libselinux >= %{LIBSELINUXVER} libsepol >= 1.1.1
BuildRoot: %{_tmppath}/%{name}-buildroot
%description
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.
%prep
%setup -q
%patch -p1 -b .rhat
%build
make CFLAGS="%{optflags}" all
%install
rm -rf ${RPM_BUILD_ROOT}
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
mkdir -p ${RPM_BUILD_ROOT}/sbin
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man1
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/pam.d
make DESTDIR="${RPM_BUILD_ROOT}" install
%find_lang %{name}
%clean
rm -rf ${RPM_BUILD_ROOT}
%files -f %{name}.lang
%defattr(-,root,root)
%{_sbindir}/setfiles
/sbin/fixfiles
/sbin/restorecon
%{_mandir}/man8/restorecon.8.gz
%{_sbindir}/genhomedircon
%{_sbindir}/sestatus
%{_mandir}/man8/sestatus.8.gz
%{_mandir}/man8/setfiles.8.gz
%{_mandir}/man8/fixfiles.8.gz
%{_mandir}/man8/load_policy.8.gz
%{_mandir}/man1/audit2allow.1.gz
%{_mandir}/man8/genhomedircon.8.gz
%{_mandir}/man8/open_init_pty.8.gz
%{_sbindir}/load_policy
%{_bindir}/newrole
%{_bindir}/audit2allow
%{_mandir}/man1/newrole.1.gz
%config %{_sysconfdir}/pam.d/newrole
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
%config %{_sysconfdir}/pam.d/run_init
%{_mandir}/man8/run_init.8.gz
%config(noreplace) %{_sysconfdir}/sestatus.conf
%changelog
* Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-2
- More cleanup of fixfiles sed patch
* Mon Jan 31 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-1
- More cleanup of fixfiles sed patch
- Upgrade to latest from NSA
* Merged patch for open_init_pty from Manoj Srivastava.
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.9-1
- More cleanup of sed patch
- Upgrade to latest from NSA
* Merged updated fixfiles script from Dan Walsh.
* Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
* Reverted fixfiles patch for file_contexts.local;
obsoleted by setfiles rewrite.
* Merged error handling patch for restorecon from Dan Walsh.
* Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
* Rewrote setfiles to use matchpathcon and the new interfaces
exported by libselinux (>= 1.21.5).
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3
- Fix fixfiles patch
- Upgrade to latest from NSA
* Prevent overflow of spec array in setfiles.
- Add diff comparason between file_contexts to fixfiles
- Allow restorecon to give an warning on file not found instead of exiting
* Thu Jan 27 2005 Dan Walsh <dwalsh@redhat.com> 1.21.5-1
- Upgrade to latest from NSA
* Merged newrole -l support from Darrel Goeddel (TCS).
- Fix genhomedircon STARTING_UID
* Wed Jan 26 2005 Dan Walsh <dwalsh@redhat.com> 1.21.4-1
- Upgrade to latest from NSA
* Merged fixfiles patch for file_contexts.local from Dan Walsh.
* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-2
- Temp file needs to be created in /etc/selinux/POLICYTYPE/contexts/files/ directory.
* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-1
- Upgrade to latest from NSA
* Fixed restorecon to not treat errors from is_context_customizable()
as a customizable context.
* Merged setfiles/restorecon patch to not reset user field unless
-F option is specified from Dan Walsh.
* Merged open_init_pty helper for run_init from Manoj Srivastava.
* Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
- Don't change user componant if it is all that changed unless forced.
- Change fixfiles to concatinate file_context.local for setfiles
* Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-1
- Update to latest from NSA
* Mon Jan 10 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-2
- Fix restorecon segfault
* Mon Jan 3 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-1
- Update to latest from NSA
* Merged fixfiles rewrite from Dan Walsh.
* Merged restorecon patch from Dan Walsh.
* Mon Jan 3 2005 Dan Walsh <dwalsh@redhat.com> 1.19.3-1
- Update to latest from NSA
* Merged fixfiles and restorecon patches from Dan Walsh.
* Don't display change if only user part changed.
* Mon Jan 3 2005 Dan Walsh <dwalsh@redhat.com> 1.19.2-4
- Fix fixfiles handling of rpm
- Fix restorecon to not warn on symlinks unless -v -v
- Fix output of verbose to show old context as well as new context
* Mon Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
- Update to latest from NSA
* Changed restorecon to ignore ENOENT errors from matchpathcon.
* Merged nonls patch from Chris PeBenito.
* Mon Dec 20 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-1
- Update to latest from NSA
* Removed fixfiles.cron.
* Merged run_init.8 patch from Dan Walsh.
* Thu Nov 18 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-3
- Fix run_init.8 to refer to correct location of initrc_context
* Wed Nov 3 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-1
- Upgrade to latest from NSA
* Wed Oct 27 2004 Steve Grubb <sgrubb@redhat.com> 1.17.7-3
- Add code to sestatus to output the current policy from config file
* Fri Oct 22 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-2
- Patch audit2allow to return self and no brackets if only one rule
* Fri Oct 22 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
- Update to latest from NSA
- Eliminate fixfiles.cron
* Tue Oct 12 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-2
- Only run fixfiles.cron once a week, and eliminate null message
* Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
- Update with NSA
* Added -l option to setfiles to log changes via syslog.
* Merged -e option to setfiles to exclude directories.
* Merged -R option to restorecon for recursive descent.
* Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-6
- Add -e (exclude directory) switch to setfiles
- Add syslog to setfiles
* Fri Sep 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-5
- Add -R (recursive) switch to restorecon.
* Thu Sep 23 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-4
- Change to only display to terminal if tty is specified
* Tue Sep 21 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-3
- Only display to stdout if logfile not specified
* Mon Sep 9 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-2
- Add Steve Grubb patch to cleanup log files.
* Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-1
- Add optargs
- Update to match NSA
* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
- Add fix to get cdrom info from /proc/media in fixfiles.
* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-4
- Add Steve Grub patches for
* Fix fixfiles.cron MAILTO
* Several problems in sestatus
* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-3
- Add -q (quiet) qualifier to load_policy to not report warnings
* Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-2
- Add requires for libsepol >= 1.1.1
* Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-1
- Update to latest from upstream
* Mon Aug 23 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
- Update to latest from upstream
- Includes Colin patch for verifying file_contexts
* Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.17.1-1
- Update to latest from upstream
* Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.7-1
- Update to latest from upstream
* Thu Aug 12 2004 Dan Walsh <dwalsh@redhat.com> 1.15.6-1
- Add Man page for load_policy
* Tue Aug 10 2004 Dan Walsh <dwalsh@redhat.com> 1.15.5-1
- new version from NSA uses libsepol
* Mon Aug 2 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-2
- Fix genhomedircon join command
* Thu Jul 29 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
- Latest from NSA
* Mon Jul 26 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-4
- Change fixfiles to not change when running a check
* Tue Jul 20 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-3
- Fix restorecon getopt call to stop hang on IBM Arches
* Mon Jul 19 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-2
- Only mail files less than 100 lines from fixfiles.cron
- Add Russell's fix for genhomedircon
* Fri Jul 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
- Latest from NSA
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-2
- Add ro warnings
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
- Latest from NSA
- Fix fixfiles.cron to delete outfile
* Tue Jul 6 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-2
- Fix fixfiles.cron to not run on non SELinux boxes
- Fix several problems in fixfiles and fixfiles.cron
* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
- Update from NSA
- Add cron capability to fixfiles
* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
- Update from NSA
* Thu Jun 24 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
- Fix fixfiles to handle no rpm file on relabel
* Wed Jun 23 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-1
- Update latest from NSA
- Add -o option to setfiles to save output of any files with incorrect context.
* Tue Jun 22 2004 Dan Walsh <dwalsh@redhat.com> 1.13.2-2
- Add rpm support to fixfiles
- Update restorecon to add file input support
* Fri Jun 18 2004 Dan Walsh <dwalsh@redhat.com> 1.13.2-1
- Update with NSA Latest
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Sat Jun 12 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-2
- Fix run_init to use policy formats
* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-1
- Update from NSA
* Tue May 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13-3
- Change location of file_context file
* Tue May 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13-2
- Change to use /etc/sysconfig/selinux to determine location of policy files
* Fri May 21 2004 Dan Walsh <dwalsh@redhat.com> 1.13-1
- Update to latest from NSA
- Change fixfiles to prompt before deleteing /tmp files
* Tue May 18 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
- have restorecon ingnore <<none>>
- Hand matchpathcon the file status
* Thu May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
- Update to match NSA
* Mon May 10 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
- Move location of log file to /var/tmp
* Mon May 10 2004 Dan Walsh <dwalsh@redhat.com> 1.11-3
- Better grep command for bind
* Fri May 7 2004 Dan Walsh <dwalsh@redhat.com> 1.11-2
- Eliminate bind and context mounts
* Wed May 5 2004 Dan Walsh <dwalsh@redhat.com> 1.11-1
- update to match NSA
* Wed Apr 28 2004 Dan Walsh <dwalsh@redhat.com> 1.10-4
- Log fixfiles to the /tmp directory
* Wed Apr 21 2004 Colin Walters <walters@redhat.com> 1.10-3
- Add patch to fall back to authenticating via uid if
the current user's SELinux user identity is the default
identity
- Add BuildRequires pam-devel
* Mon Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 1.10-2
- Add man page, thanks to Richard Halley
* Thu Apr 8 2004 Dan Walsh <dwalsh@redhat.com> 1.10-1
- Upgrade to latest from NSA
* Fri Apr 2 2004 Dan Walsh <dwalsh@redhat.com> 1.9.2-1
- Update with latest from gentoo and NSA
* Thu Apr 1 2004 Dan Walsh <dwalsh@redhat.com> 1.9.1-1
- Check return codes in sestatus.c
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-19
- Fix sestatus to not double free
- Fix sestatus.conf to be unix format
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-18
- Warn on setfiles failure to relabel.
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-17
- Updated version of sestatus
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-16
- Fix fixfiles to checklabel properly
* Fri Mar 26 2004 Dan Walsh <dwalsh@redhat.com> 1.9-15
- add sestatus
* Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.9-14
- Change free call to freecon
- Cleanup
* Tue Mar 23 2004 Dan Walsh <dwalsh@redhat.com> 1.9-12
- Remove setfiles-assoc patch
- Fix restorecon to not crash on missing dir
* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-11
- Eliminate trailing / in restorecon
* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-10
- Add Verbosity check
* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-9
- Change restorecon to not follow symlinks. It is too difficult and confusing
- to figure out the file context for the file pointed to by a symlink.
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-8
- Fix restorecon
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-7
- Read restorecon patch
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-6
- Change genhomedircon to take POLICYSOURCEDIR from command line
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-5
- Add checkselinux
- move fixfiles and restorecon to /sbin
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-4
- Restore patch of genhomedircon
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.9-3
- Add setfiles-assoc patch to try to freeup memory use
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.9-2
- Add fixlabels
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.9-1
- Update to latest from NSA
* Wed Mar 10 2004 Dan Walsh <dwalsh@redhat.com> 1.6-8
- Increase the size of buffer accepted by setfiles to BUFSIZ.
* Tue Mar 9 2004 Dan Walsh <dwalsh@redhat.com> 1.6-7
- genhomedircon should complete even if it can't read /etc/default/useradd
* Tue Mar 9 2004 Dan Walsh <dwalsh@redhat.com> 1.6-6
- fix restorecon to relabel unlabled files.
* Fri Mar 5 2004 Dan Walsh <dwalsh@redhat.com> 1.6-5
- Add genhomedircon from tresys
- Fixed patch for restorecon
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6-4
- exit out when selinux is not enabled
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6-3
- Fix minor bugs in restorecon
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6-2
- Add restorecon c program
* Tue Feb 24 2004 Dan Walsh <dwalsh@redhat.com> 1.6-1
- Update to latest tarball from NSA
* Thu Feb 19 2004 Dan Walsh <dwalsh@redhat.com> 1.4-9
- Add sort patch
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu Jan 29 2004 Dan Walsh <dwalsh@redhat.com> 1.4-7
- remove mods to run_init since init scripts don't require it anymore
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 1.4-6
- fix genhomedircon not to return and error
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
- add setfiles quiet patch
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4
- add checkcon to verify context match file_context
* Wed Jan 7 2004 Dan Walsh <dwalsh@redhat.com> 1.4-3
- fix command parsing restorecon
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Add restorecon
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
- Update to latest NSA 1.4
* Tue Nov 25 2003 Dan Walsh <dwalsh@redhat.com> 1.2-9
- Change run_init.console to run as run_init_t
* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.2-8
- Remove dietcc since load_policy is not in mkinitrd
- Change to use CONSOLEHELPER flag
* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.2-7
- Don't authenticate run_init when used with consolehelper
* Wed Oct 01 2003 Dan Walsh <dwalsh@redhat.com> 1.2-6
- Add run_init consolehelper link
* Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 1.2-5
- Add russell spead up patch to deal with file path stems
* Fri Sep 12 2003 Dan Walsh <dwalsh@redhat.com> 1.2-4
- Build load_policy with diet gcc in order to save space on initrd
* Fri Sep 12 2003 Dan Walsh <dwalsh@redhat.com> 1.2-3
- Update with NSA latest
* Thu Aug 7 2003 Dan Walsh <dwalsh@redhat.com> 1.2-1
- remove i18n
- Temp remove gtk support
* Thu Aug 7 2003 Dan Walsh <dwalsh@redhat.com> 1.1-4
- Remove wnck requirement
* Thu Aug 7 2003 Dan Walsh <dwalsh@redhat.com> 1.1-3
- Add gtk support to run_init
* Tue Aug 5 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2
- Add internationalization
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version