Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: policycoreutils | Distribution: SUSE Linux Enterprise 15 |
Version: 3.1 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: 150400.1.5 | Build date: Sun May 8 00:30:04 2022 |
Group: Productivity/Security | Build host: s390zl37 |
Size: 276305 | Source RPM: policycoreutils-3.1-150400.1.5.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://github.com/SELinuxProject/selinux | |
Summary: SELinux policy core utilities |
policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context. (Security-enhanced Linux is a feature of the kernel and some utilities that implement mandatory access control policies, such as Type Enforcement, Role-based Access Control and Multi-Level Security.)
GPL-2.0-or-later
* Thu Nov 25 2021 jsegitz@suse.com - Add run_init.pamd.patch to adjust to SUSE pam setup. Removed run_init_use_pam_keyinit.patch and included it in the new patch (bsc#1190098) * Thu Sep 10 2020 jsegitz@suse.com - Add get_os_version.patch get_os_version is implemented in a very RH/Fedora specific way. Ensure that it returns a valid string for SUSE by changing the default. Also remove the RH specific logic when generating HTML versions of the SELinux documentation * Wed Jul 29 2020 kukuk@suse.com - Align more with Fedora spec file to get rid of python dependencies in the core system - create new python-utils sub-package - move some tools to devel sub-package - Cleanup dependencies * Fri Jul 17 2020 jsegitz@suse.com - Proper default permissions for newrole (4755) * Tue Jul 14 2020 jsegitz@suse.com - Update to version 3.1 * New `setfiles -E` option - treat conflicting specifications as errors, such as where two hardlinks for the same inode have different contexts. * `setsebool -V` reports errors from commit phase * matchpathcon related interfaces are deprecated * New `restorecon -x` option which prevents it from crossing file system * boundaries. * `sepolgen-ifgen` parses a gen_tunable statement as bool * Removed Requires for python3-ipy as the ipaddress module is used. No requires for python-ipaddress as it's assumed this is used only on recent systems * Drop chcat_join.patch, is upstream * Thu Jun 04 2020 dimstar@opensuse.org - Pass the right value for LIBEXECDIR to make / make install instead of trying to move the file around post install. This caters for the planned change of libexecdir to change from /usr/lib to /usr/libexec by injecting the right value no matter what. * Fri May 29 2020 jsegitz@suse.de - Move pp binary to libexec directory instead of lib * Mon Mar 09 2020 jsegitz@suse.de - Dropped Recommends: for %{name}-lang and %{name}-devel. Not allowed by openSUSE guidelines * Tue Mar 03 2020 jsegitz@suse.de - Update to version 3.0 * fixfiles: Fix "verify" option * fixfiles: Fix [-B] [-F] onboot * fixfiles: Force full relabel when SELinux is disabled * semodule: Enable CIL logging * semanage: Add support for DCCP and SCTP protocols * semanage: Do not use default s0 range in "semanage login -a" * semanage: Document DCCP and SCTP support * semanage: Improve handling of "permissive" statements * semanage: fix moduleRecords.customized() Refreshed chcat_join.patch * Thu Feb 27 2020 jsegitz@suse.de - Ship working pam config for newrole (bsc#1163020) - Recommend policycoreutils-devel to have perm_map file available * Wed Feb 19 2020 jsegitz@suse.de - Package perm_map as it's used by audit2* tools * Tue Dec 17 2019 jsegitz@suse.de - Added chcat_join.patch to prevent joining non-existing categories (bsc#1159262) * Wed Sep 18 2019 jsegitz@suse.de - Added run_init_use_pam_keyinit.patch Added pam_keyinit to the run_init pam config (bsc#1144052) * Wed Mar 20 2019 jsegitz@suse.com - Update to version 2.9 * secon: free scon_trans before returning * audit2allow/sepolgen-ifgen: show errors on stderr * audit2allow: allow using audit2why as non-root user * chcat: use check_call instead of getstatusoutput * restorecon: add force option * semanage module: Fix handling of -a/-e/-d/-r options * semanage/seobject: Fix listing boolean values * semanage: Drop python shebang from seobject.py * semanage: Fix logger class definition * semanage: Include MCS/MLS range when exporting local customizations * semanage: Load a store policy and set the store SELinux policy root * semanage: Start exporting "ibendport" and "ibpkey" entries * semanage: Stop logging loginRecords changes * semanage: Stop rejecting aliases in semanage commands * semanage: Use standard argparse.error() method in handlePermissive * semanage: do not show "None" levels when using a non-MLS policy * semanage: import sepolicy only when it's needed * semanage: move valid_types initialisations to class constructors * sepolgen: close /etc/selinux/sepolgen.conf after parsing it * sepolgen: fix access vector initialization * sepolgen: fix refpolicy parsing of "permissive" * sepolgen: print all AV rules correctly * sepolgen: refpolicy installs its Makefile in include/Makefile * sepolgen: return NotImplemented instead of raising it * sepolgen: silence linter warning about has_key * sepolgen: use self when accessing members in FilesystemUse * sepolicy: Add sepolicy.load_store_policy(store) * sepolicy: Make policy files sorting more robust * sepolicy: Stop rejecting aliases in sepolicy commands * sepolicy: Update to work with setools-4.2.0 * sepolicy: add missing % in network tab help text * sepolicy: initialize mislabeled_files in __init__() * sepolicy: search() also for dontaudit rules * add xperms support to audit2allow * replace aliases with corresponding type names - Dropped python3.patch, upstream now * Wed Feb 13 2019 jsegitz@suse.com - Make sure current devel package conflicts with old policycoreutils-python (bsc#1124437) * Tue Feb 05 2019 jengelh@inai.de - Replace overly complicated %setup calls. * Mon Feb 04 2019 jsegitz@suse.com - Removed hardcoded python 3.6 path from spec file * Thu Jan 31 2019 bwiedemann@suse.com - Fix build with python 3.7 * Fri Jan 11 2019 jsegitz@suse.com - Required python3-policycoreutils instead of just recommending it for policycoreutils (bsc#1121455) - Added requires for python3-setuptools to python3-policycoreutils (bsc#1121455) - Removed requires for audit-libs-python from policycoreutils (bsc#1121455) * Mon Jan 07 2019 mrueckert@suse.de - properly obsolete/provides for policycoreutils-python - remove unneeded obsolete from the devel package * Fri Dec 07 2018 jsegitz@suse.com - Don't require selinux-policy-devel for the devel package * Fri Dec 07 2018 jsegitz@suse.com - Obsolete policycoreutils-python in policycoreutils and policycoreutils-devel to prevent file conflicts * Wed Nov 21 2018 jsegitz@suse.com - Included content of selinux-python-2.8 and semodule-utils-2.8. I think it's easier to have all the relevant binaries in the policycoreutils package (bsc#1116596). Added make_targets.patch for this - Removed restorecond, is now a separate package - Added python3.patch to use python3 interpreter - New runtime requires: * libsepol1 * python3-ipy * python3-networkx * python3-semanage - Provides and obsolete policycoreutils-python * Thu Nov 08 2018 jsegitz@suse.com - Adjusted source urls (bsc#1115052) * Wed Oct 17 2018 jsegitz@suse.com - Update to version 2.8 (bsc#1111732) For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt * Wed May 16 2018 mcepl@suse.com - Rebase to 2.7 * Rather large rewrite of the SPEC file * Significantly, support for python2 removed For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt - Dropped patches: * policycoreutils-initscript.patch * policycoreutils-pam-common.patch * loadpolicy_path.patch * CVE-2018-1063.patch * Mon Apr 30 2018 dimstar@opensuse.org - Don't build policycoreutils-gui for anything suse_version >= 1500: there is no reason te believe that SLE16 will have those old, depreacted dependencies back. Fixes also the issues for Tumbleweed, where -gui was not installable. * Thu Apr 26 2018 jsegitz@suse.com - SLE 15 doesn't have the necessary files for policycoreutils-gui, don't build it there * Wed Apr 25 2018 jsegitz@suse.com - Drop the requirement for selinux-policy for the gui tools. * Tue Mar 27 2018 tchvatal@suse.com - Drop SLE11 support, needs the audit that is not present on SLE11 - Fix service link to actually work on current releases - Drop SUSE_ASNEEDED=0 as it seems to build fine without it - Do not depend on systemd, just systemd-rpm-macros * Wed Mar 21 2018 jsegitz@suse.com - Added CVE-2018-1063.patch to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063) * Tue Mar 20 2018 jsegitz@suse.com - Remove BuildRequires for libcgroup-devel (bsc#1085837) * Thu Dec 21 2017 jsegitz@suse.com - Removed BuildRequires for setools-devel and added new runtime requirement for python2-networkx * Mon Nov 27 2017 rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Fri Nov 24 2017 jsegitz@suse.com - Update to policycoreutils version 2.6. Notable changes: * setfiles: reverse the sense of -D option * sandbox: Use dbus-run-session instead of dbus-launch when available * setfiles: Utility to find security.restorecon_last entries * setfiles: Add option to stop setting the digest * hll/pp: Change warning for module name not matching filename to match new behavior * sepolicy: convert to setools4 * sandbox: create a new session for sandboxed processes * sandbox: do not try to setup directories without -X or -M * sandbox: do not run xmodmap in a new X session * sandbox: fix file labels on copied files * semanage: Fix semanage fcontext -D * semanage: Default serange to "s0" for port modify * semanage: Use socket.getprotobyname for protocol * semanage: Add auditing of changes in records * Improve compatibility with Python 3 * Update sandbox types in sandbox manual * hll/pp: Warn if module name different than output filename - Update to sepolgen version 2.6. Notable changes: * Add support for TYPEBOUNDS statement in INTERFACE policy files - Dropped CVE-2016-7545_sandbox_escape.patch * Mon Dec 19 2016 jsegitz@novell.com - Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998 Sandboxed session could have escaped to the parent session * Sat Jul 23 2016 jengelh@inai.de - Trim description in line with other selinux packages * Thu Jul 14 2016 jsegitz@novell.com - Changes submitted by MargueriteSu: Update to version 2.5 * sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss. * sepolicy: Rename policy global variable conflict, from Nicolas Iooss. * newrole: Add missing defined in #if, from Nicolas Iooss. * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec. * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach. * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville. * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach. * semanage: replace string.join() with str.join(), from Petr Lautrbach. * Man page warning fixes, from Ville Skyttä. * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl. * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach. * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach. * audit2allow/why: ignore setlocale errors, from Petr Lautrbach. * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy. * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach. * Fix PEP8 issues, from Jason Zaman. * semanage: fix moduleRecords deleteall method, from Stephen Smalley. * Improve compatibility with Python 3, from Michal Srb. * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville. * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach. * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen. * mcstransd: don't reinvent getpeercon, from Stephen Smalley. * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach. * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. * hll: Move core functions of pp to libsepol, from James Carter * run_init: Use a ring buffer in open_init_pty, from Jason Zaman. * run_init: fix open_init_pty availability check, from Nicolas Iooss. * Widen Xen IOMEM context entries, from Daniel De Graaf. * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. * Fixed typo/grammatical error, from Christopher Peterson. * Fix typo in semanage-port man page, from Andrew Spiers. Update to version 2.4 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. * Improve support for building with different versions of python from Nicolas Iooss. * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, from Dan Walsh * Remove cgroups from sandbox, from Dan Walsh * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley * Add a store root path in semodule, from Yuli Khodorkovskiy * Add a flag to ignore cached CIL files and recompile HLL modules, from Yuli Khodorkovskiy * Add and install HLL compiler for policy packages to CIL. The compiler is installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence * Fixes to pp compiler to better support roles and type attributes, from Yuli Khodorkovskiy * Deprecate base/upgrade/version in semodule. Calling these commands will now call --install on the backend, from Yuli Khodorkovskiy * Add ability to install modules with a specified priority, from Caleb Case * Use /tmp for permissive module creation, by Caleb Case * Update semanage to use new source policy infrastructure, from Jason Dana * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent Bigonville * Wed Nov 05 2014 jsegitz@novell.com - added Requires: python-yum, yum-metadata-parser to fix sepolicy (bnc#903841)
/etc/pam.d/run_init /etc/sestatus.conf /sbin/restorecon /sbin/restorecon_xattr /sbin/setfiles /usr/bin/secon /usr/bin/semodule_expand /usr/bin/semodule_link /usr/bin/semodule_package /usr/bin/semodule_unpackage /usr/lib/selinux /usr/lib/selinux/hll /usr/lib/selinux/hll/pp /usr/sbin/fixfiles /usr/sbin/genhomedircon /usr/sbin/load_policy /usr/sbin/open_init_pty /usr/sbin/run_init /usr/sbin/semodule /usr/sbin/sestatus /usr/sbin/setsebool /usr/share/bash-completion/completions/setsebool /usr/share/man/man1/secon.1.gz /usr/share/man/man5/selinux_config.5.gz /usr/share/man/man5/sestatus.conf.5.gz /usr/share/man/man8/fixfiles.8.gz /usr/share/man/man8/genhomedircon.8.gz /usr/share/man/man8/load_policy.8.gz /usr/share/man/man8/open_init_pty.8.gz /usr/share/man/man8/restorecon.8.gz /usr/share/man/man8/restorecon_xattr.8.gz /usr/share/man/man8/run_init.8.gz /usr/share/man/man8/semodule.8.gz /usr/share/man/man8/semodule_expand.8.gz /usr/share/man/man8/semodule_link.8.gz /usr/share/man/man8/semodule_package.8.gz /usr/share/man/man8/semodule_unpackage.8.gz /usr/share/man/man8/sestatus.8.gz /usr/share/man/man8/setfiles.8.gz /usr/share/man/man8/setsebool.8.gz /usr/share/man/ru/man1/secon.1.gz /usr/share/man/ru/man5/selinux_config.5.gz /usr/share/man/ru/man5/sestatus.conf.5.gz /usr/share/man/ru/man8/fixfiles.8.gz /usr/share/man/ru/man8/genhomedircon.8.gz /usr/share/man/ru/man8/load_policy.8.gz /usr/share/man/ru/man8/open_init_pty.8.gz /usr/share/man/ru/man8/restorecon.8.gz /usr/share/man/ru/man8/restorecon_xattr.8.gz /usr/share/man/ru/man8/run_init.8.gz /usr/share/man/ru/man8/semodule.8.gz /usr/share/man/ru/man8/semodule_expand.8.gz /usr/share/man/ru/man8/semodule_link.8.gz /usr/share/man/ru/man8/semodule_package.8.gz /usr/share/man/ru/man8/semodule_unpackage.8.gz /usr/share/man/ru/man8/sepolgen.8.gz /usr/share/man/ru/man8/sestatus.8.gz /usr/share/man/ru/man8/setfiles.8.gz /usr/share/man/ru/man8/setsebool.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:25:27 2024