Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

policycoreutils-3.0-1.20 RPM for x86_64

From OpenSuSE Leap 15.3 for x86_64

Name: policycoreutils Distribution: SUSE Linux Enterprise 15
Version: 3.0 Vendor: SUSE LLC <https://www.suse.com/>
Release: 1.20 Build date: Sat Jun 6 03:55:50 2020
Group: Productivity/Security Build host: sheep59
Size: 616035 Source RPM: policycoreutils-3.0-1.20.src.rpm
Packager: https://www.suse.com/
Url: https://github.com/SELinuxProject/selinux
Summary: SELinux policy core utilities
policycoreutils contains the policy core utilities that are required
for basic operation of a SELinux system.  These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles, and run_init to run /etc/init.d scripts in the proper
context.

(Security-enhanced Linux is a feature of the kernel and some
utilities that implement mandatory access control policies, such as
Type Enforcement, Role-based Access Control and Multi-Level
Security.)

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Mon Mar 09 2020 jsegitz@suse.de
  - Dropped Recommends: for %{name}-lang and %{name}-devel. Not
    allowed by openSUSE guidelines
* Tue Mar 03 2020 jsegitz@suse.de
  - Update to version 3.0
    * fixfiles: Fix "verify" option
    * fixfiles: Fix [-B] [-F] onboot
    * fixfiles: Force full relabel when SELinux is disabled
    * semodule: Enable CIL logging
    * semanage: Add support for DCCP and SCTP protocols
    * semanage: Do not use default s0 range in "semanage login -a"
    * semanage: Document DCCP and SCTP support
    * semanage: Improve handling of "permissive" statements
    * semanage: fix moduleRecords.customized()
    Refreshed chcat_join.patch
* Thu Feb 27 2020 jsegitz@suse.de
  - Ship working pam config for newrole (bsc#1163020)
  - Recommend policycoreutils-devel to have perm_map file available
* Wed Feb 19 2020 jsegitz@suse.de
  - Package perm_map as it's used by audit2* tools
* Tue Dec 17 2019 jsegitz@suse.de
  - Added chcat_join.patch to prevent joining non-existing categories
    (bsc#1159262)
* Wed Sep 18 2019 jsegitz@suse.de
  - Added run_init_use_pam_keyinit.patch
    Added pam_keyinit to the run_init pam config (bsc#1144052)
* Wed Mar 20 2019 jsegitz@suse.com
  - Update to version 2.9
    * secon: free scon_trans before returning
    * audit2allow/sepolgen-ifgen: show errors on stderr
    * audit2allow: allow using audit2why as non-root user
    * chcat: use check_call instead of getstatusoutput
    * restorecon: add force option
    * semanage module: Fix handling of -a/-e/-d/-r options
    * semanage/seobject: Fix listing boolean values
    * semanage: Drop python shebang from seobject.py
    * semanage: Fix logger class definition
    * semanage: Include MCS/MLS range when exporting local customizations
    * semanage: Load a store policy and set the store SELinux policy root
    * semanage: Start exporting "ibendport" and "ibpkey" entries
    * semanage: Stop logging loginRecords changes
    * semanage: Stop rejecting aliases in semanage commands
    * semanage: Use standard argparse.error() method in handlePermissive
    * semanage: do not show "None" levels when using a non-MLS policy
    * semanage: import sepolicy only when it's needed
    * semanage: move valid_types initialisations to class constructors
    * sepolgen: close /etc/selinux/sepolgen.conf after parsing it
    * sepolgen: fix access vector initialization
    * sepolgen: fix refpolicy parsing of "permissive"
    * sepolgen: print all AV rules correctly
    * sepolgen: refpolicy installs its Makefile in include/Makefile
    * sepolgen: return NotImplemented instead of raising it
    * sepolgen: silence linter warning about has_key
    * sepolgen: use self when accessing members in FilesystemUse
    * sepolicy: Add sepolicy.load_store_policy(store)
    * sepolicy: Make policy files sorting more robust
    * sepolicy: Stop rejecting aliases in sepolicy commands
    * sepolicy: Update to work with setools-4.2.0
    * sepolicy: add missing % in network tab help text
    * sepolicy: initialize mislabeled_files in __init__()
    * sepolicy: search() also for dontaudit rules
    * add xperms support to audit2allow
    * replace aliases with corresponding type names
  - Dropped python3.patch, upstream now
* Wed Feb 13 2019 jsegitz@suse.com
  - Make sure current devel package conflicts with old
    policycoreutils-python (bsc#1124437)
* Tue Feb 05 2019 jengelh@inai.de
  - Replace overly complicated %setup calls.
* Mon Feb 04 2019 jsegitz@suse.com
  - Removed hardcoded python 3.6 path from spec file
* Thu Jan 31 2019 bwiedemann@suse.com
  - Fix build with python 3.7
* Fri Jan 11 2019 jsegitz@suse.com
  - Required python3-policycoreutils instead of just recommending it
    for policycoreutils (bsc#1121455)
  - Added requires for python3-setuptools to python3-policycoreutils
    (bsc#1121455)
  - Removed requires for audit-libs-python from policycoreutils
    (bsc#1121455)
* Mon Jan 07 2019 mrueckert@suse.de
  - properly obsolete/provides for policycoreutils-python
  - remove unneeded obsolete from the devel package
* Fri Dec 07 2018 jsegitz@suse.com
  - Don't require selinux-policy-devel for the devel package
* Fri Dec 07 2018 jsegitz@suse.com
  - Obsolete policycoreutils-python in policycoreutils and
    policycoreutils-devel to prevent file conflicts
* Wed Nov 21 2018 jsegitz@suse.com
  - Included content of selinux-python-2.8 and semodule-utils-2.8.
    I think it's easier to have all the relevant binaries in the
    policycoreutils package (bsc#1116596).
    Added make_targets.patch for this
  - Removed restorecond, is now a separate package
  - Added python3.patch to use python3 interpreter
  - New runtime requires:
    * libsepol1
    * python3-ipy
    * python3-networkx
    * python3-semanage
  - Provides and obsolete policycoreutils-python
* Thu Nov 08 2018 jsegitz@suse.com
  - Adjusted source urls (bsc#1115052)
* Wed Oct 17 2018 jsegitz@suse.com
  - Update to version 2.8 (bsc#1111732)
    For changes please see
    https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
* Wed May 16 2018 mcepl@suse.com
  - Rebase to 2.7
    * Rather large rewrite of the SPEC file
    * Significantly, support for python2 removed
    For changes please see
    https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
  - Dropped patches:
    * policycoreutils-initscript.patch
    * policycoreutils-pam-common.patch
    * loadpolicy_path.patch
    * CVE-2018-1063.patch
* Mon Apr 30 2018 dimstar@opensuse.org
  - Don't build policycoreutils-gui for anything suse_version >=
    1500: there is no reason te believe that SLE16 will have those
    old, depreacted dependencies back. Fixes also the issues for
    Tumbleweed, where -gui was not installable.
* Thu Apr 26 2018 jsegitz@suse.com
  - SLE 15 doesn't have the necessary files for policycoreutils-gui,
    don't build it there
* Wed Apr 25 2018 jsegitz@suse.com
  - Drop the requirement for selinux-policy for the gui tools.
* Tue Mar 27 2018 tchvatal@suse.com
  - Drop SLE11 support, needs the audit that is not present on SLE11
  - Fix service link to actually work on current releases
  - Drop SUSE_ASNEEDED=0 as it seems to build fine without it
  - Do not depend on systemd, just systemd-rpm-macros
* Wed Mar 21 2018 jsegitz@suse.com
  - Added CVE-2018-1063.patch to prevent chcon from following symlinks in
    /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624, CVE-2018-1063)
* Tue Mar 20 2018 jsegitz@suse.com
  - Remove BuildRequires for libcgroup-devel (bsc#1085837)
* Thu Dec 21 2017 jsegitz@suse.com
  - Removed BuildRequires for setools-devel and added new
    runtime requirement for python2-networkx
* Mon Nov 27 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Fri Nov 24 2017 jsegitz@suse.com
  - Update to policycoreutils version 2.6. Notable changes:
    * setfiles: reverse the sense of -D option
    * sandbox: Use dbus-run-session instead of dbus-launch when available
    * setfiles: Utility to find security.restorecon_last entries
    * setfiles: Add option to stop setting the digest
    * hll/pp: Change warning for module name not matching filename to match new behavior
    * sepolicy: convert to setools4
    * sandbox: create a new session for sandboxed processes
    * sandbox: do not try to setup directories without -X or -M
    * sandbox: do not run xmodmap in a new X session
    * sandbox: fix file labels on copied files
    * semanage: Fix semanage fcontext -D
    * semanage: Default serange to "s0" for port modify
    * semanage: Use socket.getprotobyname for protocol
    * semanage: Add auditing of changes in records
    * Improve compatibility with Python 3
    * Update sandbox types in sandbox manual
    * hll/pp: Warn if module name different than output filename
  - Update to sepolgen version 2.6. Notable changes:
    * Add support for TYPEBOUNDS statement in INTERFACE policy files
  - Dropped CVE-2016-7545_sandbox_escape.patch
* Mon Dec 19 2016 jsegitz@novell.com
  - Added CVE-2016-7545_sandbox_escape.patch to fix CVE-2016-7545, bsc#1000998
    Sandboxed session could have escaped to the parent session
* Sat Jul 23 2016 jengelh@inai.de
  - Trim description in line with other selinux packages
* Thu Jul 14 2016 jsegitz@novell.com
  - Changes submitted by MargueriteSu:
    Update to version 2.5
    * sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss.
    * sepolicy: Rename policy global variable conflict, from Nicolas Iooss.
    * newrole: Add missing defined in #if, from Nicolas Iooss.
    * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec.
    * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec
    * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach.
    * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville.
    * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach.
    * semanage: replace string.join() with str.join(), from Petr Lautrbach.
    * Man page warning fixes, from Ville Skyttä.
    * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl.
    * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach.
    * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach.
    * audit2allow/why: ignore setlocale errors, from Petr Lautrbach.
    * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy.
    * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach.
    * Fix PEP8 issues, from Jason Zaman.
    * semanage: fix moduleRecords deleteall method, from Stephen Smalley.
    * Improve compatibility with Python 3, from Michal Srb.
    * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville.
    * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach.
    * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen.
    * mcstransd: don't reinvent getpeercon, from Stephen Smalley.
    * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach.
    * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley.
    * hll: Move core functions of pp to libsepol, from James Carter
    * run_init: Use a ring buffer in open_init_pty, from Jason Zaman.
    * run_init: fix open_init_pty availability check, from Nicolas Iooss.
    * Widen Xen IOMEM context entries, from Daniel De Graaf.
    * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
    * Fixed typo/grammatical error, from Christopher Peterson.
    * Fix typo in semanage-port man page, from Andrew Spiers.
    Update to version 2.4
    * Fix bugs found by hardened gcc flags, from Nicolas Iooss.
    * Improve support for building with different versions of python from
      Nicolas Iooss.
    * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare,
      from Dan Walsh
    * Remove cgroups from sandbox, from Dan Walsh
    * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski
    * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley
    * Add a store root path in semodule, from Yuli Khodorkovskiy
    * Add a flag to ignore cached CIL files and recompile HLL modules, from
      Yuli Khodorkovskiy
    * Add and install HLL compiler for policy packages to CIL. The compiler is
      installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence
    * Fixes to pp compiler to better support roles and type attributes, from
      Yuli Khodorkovskiy
    * Deprecate base/upgrade/version in semodule. Calling these commands will
      now call --install on the backend, from Yuli Khodorkovskiy
    * Add ability to install modules with a specified priority, from Caleb
      Case
    * Use /tmp for permissive module creation, by Caleb Case
    * Update semanage to use new source policy infrastructure, from Jason Dana
    * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent
      Bigonville
* Wed Nov 05 2014 jsegitz@novell.com
  - added Requires: python-yum, yum-metadata-parser to fix sepolicy
    (bnc#903841)

Files

/etc/pam.d/run_init
/etc/sestatus.conf
/sbin/restorecon
/sbin/restorecon_xattr
/sbin/setfiles
/usr/bin/audit2allow
/usr/bin/audit2why
/usr/bin/chcat
/usr/bin/secon
/usr/bin/semodule_expand
/usr/bin/semodule_link
/usr/bin/semodule_package
/usr/bin/semodule_unpackage
/usr/bin/sepolgen
/usr/bin/sepolgen-ifgen
/usr/bin/sepolgen-ifgen-attr-helper
/usr/bin/sepolicy
/usr/lib/selinux
/usr/lib/selinux/hll
/usr/lib/selinux/hll/pp
/usr/sbin/fixfiles
/usr/sbin/genhomedircon
/usr/sbin/load_policy
/usr/sbin/open_init_pty
/usr/sbin/run_init
/usr/sbin/semanage
/usr/sbin/semodule
/usr/sbin/sestatus
/usr/sbin/setsebool
/usr/share/bash-completion/completions/semanage
/usr/share/bash-completion/completions/sepolicy
/usr/share/bash-completion/completions/setsebool
/usr/share/man/man1/audit2allow.1.gz
/usr/share/man/man1/audit2why.1.gz
/usr/share/man/man1/secon.1.gz
/usr/share/man/man5/selinux_config.5.gz
/usr/share/man/man5/sestatus.conf.5.gz
/usr/share/man/man8/chcat.8.gz
/usr/share/man/man8/fixfiles.8.gz
/usr/share/man/man8/genhomedircon.8.gz
/usr/share/man/man8/load_policy.8.gz
/usr/share/man/man8/open_init_pty.8.gz
/usr/share/man/man8/restorecon.8.gz
/usr/share/man/man8/restorecon_xattr.8.gz
/usr/share/man/man8/run_init.8.gz
/usr/share/man/man8/semanage-boolean.8.gz
/usr/share/man/man8/semanage-dontaudit.8.gz
/usr/share/man/man8/semanage-export.8.gz
/usr/share/man/man8/semanage-fcontext.8.gz
/usr/share/man/man8/semanage-ibendport.8.gz
/usr/share/man/man8/semanage-ibpkey.8.gz
/usr/share/man/man8/semanage-import.8.gz
/usr/share/man/man8/semanage-interface.8.gz
/usr/share/man/man8/semanage-login.8.gz
/usr/share/man/man8/semanage-module.8.gz
/usr/share/man/man8/semanage-node.8.gz
/usr/share/man/man8/semanage-permissive.8.gz
/usr/share/man/man8/semanage-port.8.gz
/usr/share/man/man8/semanage-user.8.gz
/usr/share/man/man8/semanage.8.gz
/usr/share/man/man8/semodule.8.gz
/usr/share/man/man8/semodule_expand.8.gz
/usr/share/man/man8/semodule_link.8.gz
/usr/share/man/man8/semodule_package.8.gz
/usr/share/man/man8/semodule_unpackage.8.gz
/usr/share/man/man8/sepolgen.8.gz
/usr/share/man/man8/sepolicy-booleans.8.gz
/usr/share/man/man8/sepolicy-communicate.8.gz
/usr/share/man/man8/sepolicy-generate.8.gz
/usr/share/man/man8/sepolicy-gui.8.gz
/usr/share/man/man8/sepolicy-interface.8.gz
/usr/share/man/man8/sepolicy-manpage.8.gz
/usr/share/man/man8/sepolicy-network.8.gz
/usr/share/man/man8/sepolicy-transition.8.gz
/usr/share/man/man8/sepolicy.8.gz
/usr/share/man/man8/sestatus.8.gz
/usr/share/man/man8/setfiles.8.gz
/usr/share/man/man8/setsebool.8.gz
/usr/share/man/ru/man1/audit2allow.1.gz
/usr/share/man/ru/man1/audit2why.1.gz
/usr/share/man/ru/man1/secon.1.gz
/usr/share/man/ru/man5/selinux_config.5.gz
/usr/share/man/ru/man5/sestatus.conf.5.gz
/usr/share/man/ru/man8/chcat.8.gz
/usr/share/man/ru/man8/fixfiles.8.gz
/usr/share/man/ru/man8/genhomedircon.8.gz
/usr/share/man/ru/man8/load_policy.8.gz
/usr/share/man/ru/man8/open_init_pty.8.gz
/usr/share/man/ru/man8/restorecon.8.gz
/usr/share/man/ru/man8/restorecon_xattr.8.gz
/usr/share/man/ru/man8/run_init.8.gz
/usr/share/man/ru/man8/semanage-boolean.8.gz
/usr/share/man/ru/man8/semanage-dontaudit.8.gz
/usr/share/man/ru/man8/semanage-export.8.gz
/usr/share/man/ru/man8/semanage-fcontext.8.gz
/usr/share/man/ru/man8/semanage-ibendport.8.gz
/usr/share/man/ru/man8/semanage-ibpkey.8.gz
/usr/share/man/ru/man8/semanage-import.8.gz
/usr/share/man/ru/man8/semanage-interface.8.gz
/usr/share/man/ru/man8/semanage-login.8.gz
/usr/share/man/ru/man8/semanage-module.8.gz
/usr/share/man/ru/man8/semanage-node.8.gz
/usr/share/man/ru/man8/semanage-permissive.8.gz
/usr/share/man/ru/man8/semanage-port.8.gz
/usr/share/man/ru/man8/semanage-user.8.gz
/usr/share/man/ru/man8/semanage.8.gz
/usr/share/man/ru/man8/semodule.8.gz
/usr/share/man/ru/man8/semodule_expand.8.gz
/usr/share/man/ru/man8/semodule_link.8.gz
/usr/share/man/ru/man8/semodule_package.8.gz
/usr/share/man/ru/man8/semodule_unpackage.8.gz
/usr/share/man/ru/man8/sepolgen.8.gz
/usr/share/man/ru/man8/sepolicy-booleans.8.gz
/usr/share/man/ru/man8/sepolicy-communicate.8.gz
/usr/share/man/ru/man8/sepolicy-generate.8.gz
/usr/share/man/ru/man8/sepolicy-gui.8.gz
/usr/share/man/ru/man8/sepolicy-interface.8.gz
/usr/share/man/ru/man8/sepolicy-manpage.8.gz
/usr/share/man/ru/man8/sepolicy-network.8.gz
/usr/share/man/ru/man8/sepolicy-transition.8.gz
/usr/share/man/ru/man8/sepolicy.8.gz
/usr/share/man/ru/man8/sestatus.8.gz
/usr/share/man/ru/man8/setfiles.8.gz
/usr/share/man/ru/man8/setsebool.8.gz
/var/lib/sepolgen


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 14:00:23 2024