OBS-URL: https://build.opensuse.org/package/show/security:SELinux/restorecond?expand=0&rev=40

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

1231512-Set-GLib-IO-channels-to-binary-mode.patch

@@ -0,0 +1,30 @@
+By default, GIO channels use UTF-8 as encoding, which causes issues when
+reading binary data such as inotify events.
+
+Signed-off-by: Fabian Vogt <fvogt@suse.de>
+---
+ restorecond/user.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/restorecond/user.c b/restorecond/user.c
+index 3ae3ebbb7230..7188c22e3119 100644
+--- a/restorecond/user.c
++++ b/restorecond/user.c
+@@ -238,6 +238,7 @@ static int local_server(void) {
+ 	}
+ 	/* watch for stdin/terminal going away */
+ 	GIOChannel *in = g_io_channel_unix_new(0);
++	g_io_channel_set_encoding(in, NULL, NULL);
+ 	g_io_add_watch_full( in,
+ 			     G_PRIORITY_HIGH,
+ 			     G_IO_IN|G_IO_ERR|G_IO_HUP,
+@@ -282,6 +283,7 @@ int server(int master_fd, const char *watch_file) {
+ 	set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+ 
+ 	GIOChannel *c = g_io_channel_unix_new(master_fd);
++	g_io_channel_set_encoding(c, NULL, NULL);
+ 
+ 	g_io_add_watch_full(c,
+ 			    G_PRIORITY_HIGH,
+--
+2.47.0

1231512-Set-GLib-IO-channels-to-nonblocking.patch

@@ -0,0 +1,32 @@
+Without nonblocking IO, g_io_channel_read_chars waits indefinitely for more
+data without ever returning control to the event loop.
+
+Set the IO channels to nonblocking to fix SIGTERM handling.
+
+Signed-off-by: Fabian Vogt <fvogt@suse.de>
+---
+ restorecond/user.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/restorecond/user.c b/restorecond/user.c
+index 7188c22e3119..25e70ae15b94 100644
+--- a/restorecond/user.c
++++ b/restorecond/user.c
+@@ -239,6 +239,7 @@ static int local_server(void) {
+ 	/* watch for stdin/terminal going away */
+ 	GIOChannel *in = g_io_channel_unix_new(0);
+ 	g_io_channel_set_encoding(in, NULL, NULL);
++	g_io_channel_set_flags(in, g_io_channel_get_flags(in) | G_IO_FLAG_NONBLOCK, NULL);
+ 	g_io_add_watch_full( in,
+ 			     G_PRIORITY_HIGH,
+ 			     G_IO_IN|G_IO_ERR|G_IO_HUP,
+@@ -284,6 +285,7 @@ int server(int master_fd, const char *watch_file) {
+ 
+ 	GIOChannel *c = g_io_channel_unix_new(master_fd);
+ 	g_io_channel_set_encoding(c, NULL, NULL);
++	g_io_channel_set_flags(c, g_io_channel_get_flags(c) | G_IO_FLAG_NONBLOCK, NULL);
+ 
+ 	g_io_add_watch_full(c,
+ 			    G_PRIORITY_HIGH,
+--
+2.47.0

harden_restorecond.service.patch

@@ -0,0 +1,20 @@
+Index: restorecond-3.2/restorecond.service
+===================================================================
+--- restorecond-3.2.orig/restorecond.service
++++ restorecond-3.2/restorecond.service
+@@ -5,6 +5,15 @@ ConditionPathExists=/etc/selinux/restore
+ ConditionSecurity=selinux
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ Type=forking
+ ExecStart=/usr/sbin/restorecond
+ PIDFile=/run/restorecond.pid

restorecond-3.6.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8f8aa2c6c66bcc6d91c6edd63913e5d738de6428928f27d1019d89c31cf347b1
+size 18020

restorecond-3.6.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmV5xAMACgkQRpWIHCVF
+CNFXsw//RSQSkQcUwzxy+sVlv5IQnKNfc45b8xgsVmIkxfA5prVEPaQf+SAcuaQj
+PQ9ukDHBr07vtfyPRYm/eRmPZW/6s6FLrGEwhu4mnIJMuL84nB229IraSQeHRK5n
+53G+xuCMz3+fm8fZqyyr8XN1QS+ReVTeE1rFEGYTceAW2R+bYTfAoJXA+ExsQO/R
+d7U23+JyrLY5xADbaszvE1v2fDyTxhaGrdT+QmqySqcnrt8BF1sGbX46sEoyIUyh
+jgVy5dOfI11TxxZ3+uJovZmD6K1pQKcHuC7X/9LlGsoIOjdVz42DJlAcr2nGdPjc
+8GyC6dgCnWhisl1ePZMY7cW2LYXQvKnf7YH0KXRVtywuGX4mKD+PXmekJgfP20vz
+EeXkPMuRsHpnWhUcvPzxpVtlqsdVLKKVIhsKBQ/m5q8aplxM21xr5Ed/SZ+t2BA1
+H5G2L7wwGU88AOmRfYqkC/ebjozSS7e0htAm92gdC3g8hUbm04XsHJSRXfDHkqNu
+wkQJ6Y6A0M33Pc3YZFg+YnLL2Bb3F9+SxOh28YilEDtqgMBVyzlUhN2T4/oegABn
+G77GRVV3HG9e7kMpA/Oek77r055RN/E684NfpqN8pfoA/6LvtVh+LO2twT6YjO6t
+BpZWuPGPvlnjZiKUanDs9zNVshngq8gOuGhFqSt6uvMf+lO+BAE=
+=hHoX
+-----END PGP SIGNATURE-----

restorecond-3.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4192595c08c775ff540f5ab850885ce11b132a4a4e29b65f20e751dd0a69d31f
+size 18072

restorecond-3.7.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ8NeEACgkQRpWIHCVF
+CNEVjw//X+iCeLhgmmaxNsqucF8VahGo4wOeJTQUTr56hDDcrCderlCj1UYaeVgd
+wINyW3dRPTfFqKGwHcf93uFvjJKfn4xbScIjpmyTxCSvvksh8aOeyqKPH7NC2CMU
+sYivK+l6QDH0yzH+075Z2qMJW5dAIghFBAcJKrLPv7pdE4qmLuIERqD8UBWo+sBX
+XWEcATVBAqxAP0Dw35sBrECHUUzLTHnfbHv9UogPO8w7nRRgtbPDvi+xJvVOaUxs
+xbamgZ/yQwKbUnXWMslQSIim5egsn4HXPF3pkOZwbOE530ZC425pHFbtm5DGbdNa
+hQs8v94qHO9lQGIkSx+J65O1/GZ5VLocnac+yySn9AjTXb3oJpJcNzzByEDgB9Er
+0PYL1fbsJr9DCHX2B6DVENrPZ+FoZEBCpMdX4orcGz+5x9nzCHMzT6Yp+l0Mz25X
+ZfO/ZKeIAjEGMYgyfmEiigOMGtT4vDL33D/dM5HLJKHRWkbDZQrX+JiHJ4Hcplsc
+MFvvbvYH4ulIPrinSvoSZ2/7a+BgH1rObSqOD4s5PLGqF9U2GlVvwECXywsYzGIp
+Ixx0peAHLvuPCXPoPYkAARToEV8VrV1jJPUCMaNE5G43vWKgovSDpqLRHR2q8bdR
+CBA+V1c1mREoXe7gbp7aUI9gMcVMGXyL0MHk9HWL6ycOANaKPgU=
+=FkJC
+-----END PGP SIGNATURE-----

restorecond-3.8.1.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIyBAABCgAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmfIn6cACgkQzcroySfG
+vjGoPQ/3fymFfVLnPTejvYK/vP+iAaZ1bDWvfCXl3nfrKDfk5VfIMbW42uTXeQ2u
+azoZ4Afyz0en80LCNBKJ+kpmJSWJ99PX+xr6F2pqmnKDQZQhAqUp+aNrSTDpd2D3
+8nw492uLWpXNGi7KFvXOGTyWe2IGhe/ph9HtjP/CCON8R5GXt1AVbyewsoT2jpnp
+Ic+sz7n41A0XclX3pJedK4RkdeGTTJZezgEfGcepqd+eSVs65A0CkxA5Wa22GtMm
+dtfgyLJlGlcGWakcMQQ/4u/17cHK9Gw1vzrwxwOCmakX2Ux/8JktfYgvRZntVS8O
+MDzILTyaa8lyHyGrvygOy8Ql1Q4yfX0JWGDZ9CBVydaF5KSi1NQP0+Yogjd+juyA
+8JAf7e99OTnmXkvdqMpcMeHjZG1mSqaliWNKch7/YIU8RURJgWKmLe/Vdk7OVOYo
+jbfJVUkZ3aNjTiR5hW3zXX7G8bXKTybwKBkjnrZ9RrHylbOSBwS3DzJgwhdiv7uR
+XJ+XEule/9bxE27xFJ+26zufQHLYJsZbRB4DgGmFW+6LumzkHy0//2zVKCSR1SEJ
+A/KZDQ5ndxYkMqQzYUfbDZ5JIqzSC97BeQpqFenZE038JHiEU0BsHn2L1PfX6rUt
+i0MrTa2d5Xf45zC0/ZrDBFUWrsTPfJsKiCPFXvk+bPKpF/9OJQ==
+=QBal
+-----END PGP SIGNATURE-----

restorecond-3.8.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmeaa/0ACgkQzcroySfG
+vjFw3A/+OHpO+4u7Hom34zBWYxvRubEz59IDMYFlD3dGHPnBjgg1wL5SvwiGIAP+
+Fdo7E9lA1fmL59waqdPfQI+Uzu8FeFwClx1Z8QkKeCF5I8eCJE3JlMng/LuSSOq2
+9W7yOqGT8SsR5TR5LH2ex1EDhUjNoSWp6iC9z+dNv12lQZdHw19363lQxA2U0dKb
+//hM7KAXC8Z0Y21FBOWxx2uaXI4Q5g0HRRf/MhRCoqLjKeDEwsyz1uTLV/kgZshF
+bgwfdfgR3O6Uaa3Ue5H99jHfOqYIkz7cmgDhCxOz6Jn+sWh/18cs6GArjMoIPida
+ciCF/JSLPwVWznjQ4UopjIaYeXXWnluY+lywn6bdPthT7nv8rZ1i2Em6ZRVGb4Ta
+umknsKH3UWUcSzO3Zef8G4sZ9Pwh0bKIDpOUUcgjgfcPoEL0c7+CncgBz4/r8ooA
+dYsIxfEM/QQSY2fMWt1WpqdwIF5+MWdaa9DhntGbcrpJQD2XnxXm7fEsNj49xOkt
+vvtIT1n9j0WJUoia88yZ8Iv4zinJRIjOKHYLsgr+rIycGMsC5EY30JCV0mehd9rp
+uSsapv5O5U5poZLuJw9ZDeZ2s2U1NUELrIlgYRqxLsp77usRdVbyZNqnSxU6aDT8
+LhCAcXL0IGhV1xaTJ50BeoHGJWWRkx+wpidhqqkAY3BtfLrq+s8=
+=2i1G
+-----END PGP SIGNATURE-----

restorecond.changes

@@ -0,0 +1,155 @@
+-------------------------------------------------------------------
+Fri Mar  7 14:12:08 UTC 2025 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.8.1
+  https://github.com/SELinuxProject/selinux/releases/tag/3.8.1
+  * no source change
+
+-------------------------------------------------------------------
+Tue Feb  4 07:22:41 UTC 2025 - Robert Frohl <rfrohl@suse.com>
+
+- Update to version 3.8
+  https://github.com/SELinuxProject/selinux/releases/tag/3.8
+  * No functional change
+- For a more in depth list of changes see
+  https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
+- Drop 1231512-Set-GLib-IO-channels-to-binary-mode.patch: included upstream
+- Drop 1231512-Set-GLib-IO-channels-to-nonblocking.patch: included upstream
+- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
+  * removed 0xBC3905F235179CF1 (expired: 2024-10-25)
+  * added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
+
+-------------------------------------------------------------------
+Thu Oct 24 09:58:41 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Fix issue where inotify events are not being handled properly
+  * added: 1231512-Set-GLib-IO-channels-to-binary-mode.patch
+- Fix issue where restorecond -u is not terminating with SIGTERM (bsc#1231512)
+  * added: 1231512-Set-GLib-IO-channels-to-nonblocking.patch
+
+-------------------------------------------------------------------
+Mon Jul  1 08:12:59 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.7
+  https://github.com/SELinuxProject/selinux/releases/tag/3.7
+  * no changes from 3.6, only version changed to 3.7
+
+-------------------------------------------------------------------
+Tue Dec 19 12:37:32 UTC 2023 - Cathy Hu <cathy.hu@suse.com>
+
+- Update to version 3.6
+  https://github.com/SELinuxProject/selinux/releases/tag/3.6
+  * Add notself support for neverallow rules
+  * Improve man pages
+  * man pages: Remove the Russian translations
+  * Add notself and other support to CIL
+  * Add support for deny rules
+  * Translations updated from
+    https://translate.fedoraproject.org/projects/selinux/
+  * Bug fixes
+- Remove keys from keyring since they expired:
+  - E853C1848B0185CF42864DF363A8AD4B982C4373
+    Petr Lautrbach <plautrba@redhat.com>
+  - 63191CE94183098689CAB8DB7EF137EC935B0EAF
+    Jason Zaman <jasonzaman@gmail.com>
+- Add key to keyring:  
+  - B8682847764DF60DF52D992CBC3905F235179CF1  
+    Petr Lautrbach <lautrbach@redhat.com>
+
+-------------------------------------------------------------------
+Mon Nov 27 10:34:58 UTC 2023 - Hu <cathy.hu@suse.com>
+
+- Change deprecated `%patch1 -p1` syntax to supported `%patch -P1 -p1`
+  (bsc#1216669)
+
+-------------------------------------------------------------------
+Fri Feb 24 07:56:23 UTC 2023 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.5
+  * Code improvements, no user visible changes
+- Added additional developer key (Jason Zaman)
+
+-------------------------------------------------------------------
+Mon May  9 10:50:59 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.4
+  * Support parallel relabeling
+
+-------------------------------------------------------------------
+Thu Dec  2 12:10:11 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Claim ownership for %{_sysconfdir}/selinux
+
+-------------------------------------------------------------------
+Mon Nov 15 15:48:12 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_restorecond.service.patch
+
+-------------------------------------------------------------------
+Thu Nov 11 14:17:58 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.3
+  * No user visible changes
+
+-------------------------------------------------------------------
+Tue Mar  9 09:20:47 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.2
+  * Fix a double-close of a file descriptor
+
+-------------------------------------------------------------------
+Wed Jul 15 14:27:05 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
+
+- Use proper macros for SYSTEMDSYSTEMUNITDIR and SYSTEMDUSERUNITDIR
+
+-------------------------------------------------------------------
+Tue Jul 14 08:32:09 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
+
+- Update to version 3.1
+  * `restorecond_user.service` - new systemd user service which runs
+    `restorecond -u`
+
+-------------------------------------------------------------------
+Tue May 12 06:50:33 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Use %{_unitdir} for the location of the .service file 
+
+-------------------------------------------------------------------
+Thu May  7 08:44:43 UTC 2020 - pgajdos@suse.com
+
+- %{_libexecdir} now expands to /usr/libexec, so do not use it
+  where /usr/lib was intended
+
+-------------------------------------------------------------------
+Tue Mar  3 12:28:15 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Update to version 3.0
+  * Do not link against libpcre
+  * Fix redundant console log output error
+  * Use /run instead of /var/run
+  Dropped r_opts_global.patch
+
+-------------------------------------------------------------------
+Wed Jan 15 10:11:33 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
+
+- Added r_opts_global.patch to fix build problems with gcc due to 
+  multiple definitions for global symbols (bsc#1160290)
+
+-------------------------------------------------------------------
+Thu Dec  5 10:06:43 UTC 2019 - Martin Liška <mliska@suse.cz>
+
+- Use %make_build and respect %optflags.
+
+-------------------------------------------------------------------
+Wed Mar 20 15:22:48 UTC 2019 - jsegitz@suse.com
+
+- Update to version 2.9
+  * Do not ignore the -f option
+  * close the PID file if writing to it failed
+
+-------------------------------------------------------------------
+Tue Jan 15 15:16:00 UTC 2019 - jsegitz@suse.com
+
+- Package creation (already 2018-11-23, didn't include a .changes
+  file then)

restorecond.keyring

@@ -0,0 +1,121 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGcpEXsBEACjkf3/pxK1vKNYV5sbqoOfqlP7i/WuVtFmjStjBaQOYQCM5kxE
+L1ImKlMJ1B40WW/ocSKIK+XduZkiqtn7O8sjpTX7Z0fuTTrE2ogUtNXTNuv61SQ7
+CymDmevn0qy40/TVYFLQQvO6c7/MeP4E4R0+DUq8HQhAW2oDBoB+6fLrti9Ov07t
+jPTtkJ9PE+0d/oUnzQU95FrQuhlidbhSZIa2bV/n1UP36p7jKFG01qdqZdQqN/wF
+PDStDCOgmFVPkyDRnqFbp+EWsPnsuB3x8GLlkcdSVHjPX6eoYJSgeUeNzQlXIryP
+x+h8pp+jD/v0hNo6oHO/4/emxj15wGDvAZo4eurNHNHEB8phE7YhoUdEaewQTwWf
+BIQvTS49XGmKJNq+sskUSOS70aY/c5jetvAg9dvDWb2ZkbXIBVtIQR/nxZJZ6gGn
+Q7qqvAB0ht2BRfgGRDxtfky1SNenm2bRK2aNCJns73VyDRW5a2t+P8jgTfG2Wg3O
+G0bZAsjizuIAvWiuEKXES5lE71qVQJJydG+GbDYOHqwHqLnp69xl1QXDExc4HLF9
+avR/FfhCVHyNiow+PtQw2PY9xxME5Be6YhbZx0YR6eL2+sT1wt9lFI0LA9YBda2v
+XNBbngnHkOMIYehtCTndnuQT4xlUCN6A5pPS7nRyWME18mii26Wfj6BsYwARAQAB
+tCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNoQHJlZGhhdC5jb20+iQJXBBMBCABB
+FiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEXsCGwMFCQPCZwAFCwkIBwICIgIG
+FQoJCAsCBBYCAwECHgcCF4AACgkQ+0xoW13BwT52gxAAjmac0DxofR1945mfP82s
+zBjofuMr/6Vhq0LHTl7VN8r7PP195EqzGA/c+OPSn2KCjeMh09w3n9ieWZUR6mUO
+ZKIo4516d2+LL6wDyy6QyjTtD6bWlhY3MW3KJl35zjian0jWXuHquS0hj1cN52uU
+CQ2iDVWVR63142maBe3Y6Yk0OZh+1ZwoinLD9ktq5uNFwCbHCyfsjp1adProV+D0
+fy2txGVaKlVY/yKY7QQinALxFuG42CTGO39xV/cISnOiQXifSTeepia33Q020ZzS
+QblACVO+VS4ek1bO7O90A+0zLcoRpch+7cgRl4goLFKBZdObvNEpSfQXqMoCwteE
+r9Y4DUBrs10BTAzGsSd182ioGu6xosOWnNZTtRK/ZhP49/dpDu7WzODYnxXl6pE/
+4TzDB7nhE0KBCtwOBSrlpvKdyy+6WXcaom/O9kLv9DdOH+DlZz51FoYHPQ70UG5E
+9DCOucH3fbFbV8N/XtxJylUoC9X+PCe2lZd/udK/YzSj1+KGdMGXh3ZzYQEq1N2n
+lbQil5GXm4tp3cBiii4/pGhn78h39mA15pAof9mULGTlL0YvNiGbrrnKw5hGSHs1
++hOFG28CoB4NxMpYYMbWdCiTYoo5LKpLzU9PYCUzPsDbpHS+wf/2VDW5kUiEgZvF
+leUYRFnBd3Wz6WB9ZNsHkr6JAjMEEAEIAB0WIQS4aChHdk32DfUtmSy8OQXyNRec
+8QUCZykYBQAKCRC8OQXyNRec8V0ZD/4vu4DsQwH5iHS6uFm46W1lI22B7pv5Rstl
+N3wNGx/Tjh75nQ0lZ1DaxosGm0aEhydqzhB3SBL5CRYHuUysnfW67HXlkGMWwa3K
+or5Wgfwkg+9XwyvleiOoD5RhSlc/qewgut2RS83Ol4DnUjFi5UxZy63xJRVjOMPX
+VgbU/wsXPJ2wiZph7ux75ETzkXf/Y+iRk17R3QaHfq7J8lI0PzReuvEulE6BptCA
+c0bR2sv8MeN2hrcXRXkRSgbs0HBSuYFGVYpgItQV9b7yZCfpFUrwkhX1ZoevOL8o
+Bkuidlvl0KM7R746XXqnJSh8sDxI3sFqqN6ezyGjb3sa0Td1quReaPmnenhg+6v8
+P6hkI0gf4FgyyG3jpW0Te/pXXQ/woDboyA2jmowTVDSQLUNRiLrxw94OCtAExZr6
+cX6b2LZoZ4DKLeoOFm7TckuE5gCG/jk5VFrCb28WrIqIFEA1WiBNGv5yHjPLBpqn
+B9UtD7GLBUuqVPmf+IjNYJDSEDXl4pmAlXSRNcvg5YoF4mpI2ectWbgCFnY6kocy
+yMTsESim8J70llYUiuO1D1OuuIHI7HTdqdaSabtviVnUcoM4j8LHLPwFm9iLOjuF
+I50aMusUFMP9aTSzC+nMHg0qHkjo3uSCmlcxNpanfr4qZDHronNpmN6kaXVUw0V2
+CI/pLDqk77kCDQRnKRF7ARAArgRj7ToZ65fjAuVSoAxYKdsUQu6EFkZYUsQi8/pY
+lLVY6957jlFVylV9gyncCrKaI1FqECVEy1JD1i1dJ2UE+SG01yhX+GqNw3LAx1uz
+L5GzbulGT8MlULTJUvgAGtJKXCF81rjpfhm8+vwYYO+MBSEro1dDtatknFhH39TS
+epEa0a48EuEV7LUfrSflrE/z7Z/2kUI1sMnXcduuFWO75FR4TwarlYkjl15rlJ9i
+dcURGxP/M76nDtlppIOZYpHVrzw/oGQMPt7rdkhoBrzj0z8PP46DM0SBvJGO+Bs7
+Q4QitLbHrWUahbsX2msSDOP3s0iIG7qqk0Jgl5+Sl88Q2uT7CY5S2El+HoTu6mGW
+WJBqazp2pcBzdn7EE32MV/vhGnNWYg8r8wU2vQRxQwWBRGkG1pOuTh0YyH76/mLi
+orHHAkd/hGwYIOyAf1lkN6YrPmry4U1MjWRtOewo2353svjlT7f+ZGbiXbaDx674
+C8PpHgZ8qOzLMQULIYrtOZViPRj4QZH35htFDUZqFeq2tH9osLT0tLLFBOph8pTw
+q6yehx4RsE6KARlQ0/JunOJvAeXVURX1ytHl5Pww8eCzzF2mNDuBG4+LXZ+9zze6
+elSw0gdILFmpeiKUazPb7OlfayLc/EG0r+1OjpkVEuKOEezbnRjVqCngzJdir3UD
+ZVMAEQEAAYkCPAQYAQgAJhYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRF7AhsM
+BQkDwmcAAAoJEPtMaFtdwcE+jMYP/Rh+SS0bAara89lQj8Wxy/5WcSpW33h0GdLT
+/obJi+EjtN/zW/7vZRGVB5fxNRCjH0Hx3cCu7lvb6JKQ9y8fvQ9tjyO3/JPAe1KU
+XN/r5g8iX6jJPPsOiIgtKOs7nWe2XyAqYhvxD1bvjFXpUUgnibysfTgwoWkiXNQO
+rrrQlhAga05QW6BJ+DtotVT/SPhYooQp8B+D3fBhMop34mBEXLgVk+uJ6bse+VRK
+LZUp992utQX89fflfviIp09CgQANmLwqQxlQsO3JDpk67aGIOkCuOjmENp0ozfXh
+nrlWczXWGOISGZMXcjIYGWVvSoEiTQucFUe4xiaKoE0kRtqocuoiO7z9G8WVhX4A
+whJ4DsHrySdslxqjXeiC0Om4niGmAKOPYHWfQ1YxyO7SC167Wx+whpBtYd68fa+C
+XkskMI21Qk382hYHZSi/bvAS+yieDBjd27jROcz7l6PB/ivwPfBf4mlUICF+vc5z
+SSfDXidGoU8B7UTsM1REnzF8RX2I9ECzCjqqiHsgjE0RNQbWvLBETE23q0eyiPHR
+ZvQjQgHsKdZEr0Xqg1GnRLiRWCn4l6Fr00ZcUraGfyoEP+ulQ+yP852SIE34LsCL
+TusI17P4gp2dR9eQ4mosI7J5TAL1Y+W4U8H1GeeCFgzjGExZ/xe9Is46T++A/GKp
+HkA0s5uxuQINBGcpEuEBEAC6H5vY7GP2r5FFn6mQNV/8zo/TXIOYOHC1gfOL8tbw
+8UcLqJCXMxF7K/VHmfe4ISkBn76Z1R4KCjZOYWdh2mbESB1owhb3y6p7h+4eGhdT
+YyHh6I3uPIm9dAKyKMINjOJ+iPTcdjudNWPDj4FJK72QDf+8SpT0DliMbTUyZVIx
+ohpOupmqyfKkrqvZ7ElrthVFjBGqktgLmSyKQNUr1+11+GOeydgZLiljJ8w1IdjU
+oEykeNPvASQz4pnZZGmNNlnuc/27gt98kwqBxyVGB/7XcJ5Jol9UiGMmXEZUuSWg
+Txcls56Ha+Qrbnt70F6cQWBCfIsKkYnxg2yewlWHFTVoDrZ1PuOac5UwGGcag2Ez
+LPN+9TDRETPZVulkGSLBlF9n0xZQGzJud4fw3DNkxBAsJz/Kj+Oc+uYNL62CXgJc
+bMG2nE9RlIy5ji0dlna8FvTNx+Fjs/UKse7KVcsXOQ479dE/fDUXwjVSokKN1MqN
+2MIMX9Va150d57WISxIfE8Yfx8enhCmsEMPBng2d+KVg0cwNabpTVvOFfbKepwYC
+tBJ3U3L+gvsnMTWqgf+c2vBW85JI1YVRNcVd4vL5I5cl0UmkY/7/BX6Bh/JzOhQ/
+q+YJ0rUezXlZC8rPI/+eYtLm4uKV/FUqvFkMjpI2tLh/9eQdwadgHIUpSGrmBU3R
+lwARAQABiQRyBBgBCAAmFiEEaNIYIzQqE2g66z5O+0xoW13BwT4FAmcpEuECGwIF
+CQPCZwACQAkQ+0xoW13BwT7BdCAEGQEIAB0WIQRyAOssP15IhGPAzp7NyujJJ8a+
+MQUCZykS4QAKCRDNyujJJ8a+MTGJD/9MpDYKL6yo1JUhzCD+TQajWLhwDuWEo11h
+EEJohOEH2Myo2DbOA/OAQsFxpUkvzHDQTbHZm8F6Mzhf55OuaR259zEdHwH/MEXy
+g+UPamCz/NmZkQ7WCrgJ1pvvIihU02t+gJlKHE4I9HbAiLFxhm23l/tnfNJeqSMh
+5zqxM551PvlleulBu8g15SS84l8wI6JqKVq68N+/yTmIlRVs/4PHW85zzxu97BUl
+xssgPgchGv89L6TUPXTMZucXvVOfEZmvtqcxkJIUIcnlZX4FLAccq3FHL5snXH0w
+vjklyvVqdNd5och5Io3MUGKAlBKAe/R656CQPdGbD4hzE1viXnfqx6Vo1HRQDDHU
+MLWqmMG2cT3+ld1MSxlDGr2QyuPR359UoWM4oANUimTHujR1nWOZtSZ2NBXIYOAc
+T4SaB13vbr/Z+1auJba495QLphmKpu28GcKfAX5pXo/WesTQFYlyEvIGMMJ7ljah
+cEBgXrHCkM98w+viixyrM9XhNZVQsGJuu1FaBLGa+KcgYXH1P3BAJV9fbnh2oFoA
+SFEwiahP9g/7p69FkqpA4NGEjjg4bu5XvUhUAnwEcQE3yHG9AzdY+zV+HAwEULIZ
++v/H9Tj9zvxH0mHGRT1XCYxssZA/tU/VCB+IepmkcyTxlSZCfoot66vNZyfA8WTC
+AU9kQPw5A4xfEACKjcOFavkoN3eYgIcAs1jQDaKlv8kfotIfG7RLcwtr9sXo9upF
+jX58oxP9wVXGWf32s1Stf6ENFtzupuEqTG8aZydeeRxMdqH1t9SCERqeUqQGvWDW
+KTfOASek7/Hf5ff06/6B73YwNrBXSeqT1H/21L5kP+mHvZD2THdl9U1IvR5bGO7A
+HMVbRnCHlMBfitpKbJAKYBeLTk7diY2KrhqtJSDmgA4xFn533oOysBLhJ22XHr8K
+4pMHMRoY9AtD3Ak0HRWZ395BZM/30phwB0jCPkEnk/Rnv7GGxWNA6e2fii2c/q83
+pG4O1itLoztMI39l4oK838bSdFpzgP4glfcJhi1heBqgO6h61Ra1zs7k/MdERNoG
+3/jqhvaXN/pxPlDJW6NN/P6LSsYRzrem9cryZX4rsEVj8Mel0SGXWkPDZhgtsGZS
+2FBZ2wvr9NW+kx7/Blp28n9vLcB5HNB66xS5y5Kj1Q03tiPy7d1GHE2CxKJT3oD9
+IWUCgHmzc6eHkrhYRUIG78g2N2L6vYEsl49KcDcjtWRET0dp/UPbyO0HObddt+3a
+uzeU7XwVwKrDqR3siHd7S1ny5Qb1QO+pMMdNQcsBa/CurfyAooC7ZExpTToDmRHz
+tFxCKLPE7AEjCIe5RYxTj8fLHp9ew4OESzQ7oAUNqs0NkZ57ZqYpMDJmkbkCDQRn
+KRPFARAA7AZXVugEPe8MuygBPracbFtKpeIGw5vGelZs2J87Mz0FQY84ikexIffY
+9kYb/4s2M10QJ/LI/VHKwfk5PuP3ZDy+BFCgbdf3zmBs6NjJlzTG8CRNK9bE6LLk
+K4Xdfywnc1J6tANfCM/2pWotWP/cUHyeRrUcVLsrMLdmj+TMKjF5nf+FXc9NYiNy
+gm+0FIIo9nI4nGdGpZ+LkE0mjdLZJHWbFX3rvNrBeJnwx54GXqsuE58IG3P2D5uq
+tdlih6e4yfkmzaZwfSFph4xJXdRYgLiSKfOvUQnGz4vX+FUJUE2KINzoNdwVejP1
+lVz2SOllM4yhlUORGTI556f7lLJr3Ari14uYMswTj6mB4cJL9ZrgqtjIRZ7s2kbV
+VORImdFL5/JgZNa3ASK7BPon1TS3V3mFvGEztgCGWc4Sc1WaprcGrfKomz0b/uCJ
+xnsIgn0kEcpMnM6cp+kaHEFI6A6gI5pZbq5ULMOp+tg+YJQgpCZqcHjjXEkUa4dU
+8wsGNWOzCgwoaQreAzooxEINhDne7qwUr4lyXwehsFJ7NUhQqkpVfchb13nTpwTQ
+WFJb829Ym/QUgxWWjILYGk6NJZWATBe2T+bdIo+yAIBwKrOLvGWWhHz4T0LbFyL1
+x0Ybl9qCGBKNo/qPSoPDD+yVE9AlzkAMh66SQ5hMKJKIPBC1uUkAEQEAAYkCMwQY
+AQgAJxYhBGjSGCM0KhNoOus+TvtMaFtdwcE+BQJnKRPFAxsgBAUJA8JnAAAANxYP
+/iolEuftNwy1EwXjdif51f47XdivEEJPifVBWaI+watRxrhWDUn62tXogywauGS2
+mJpXSp4v+SbSHTabiAQNkoPJZZd15aERcVpNXL3IKlJdRYmXmBJdNLDGuoFbJYuU
+suThRP2X2yTmYx3LQkDy6ehtXgz95dCCBHXUMveOLto7SGyrHLFeQlxrBaNUZbko
+vURqgMogn8LDE4jmKkW54whFCNC/D0Cj/DZ+rXWpVdj3OSeTqkWSn9EMct6z7BUc
+O15tl8n3FXsxvWZ/+TTd1PnoZoD9TcRe8nYV2BZH7N/5gwRr0w8MdijZQ0S+T2Y6
+Tbjszyz4557F2WQ+DIpbkDya1i5j91GPxboLiktwxZr53+8hSmbka7DQXmrQBaT3
+8VsF70cvO0R6+9Ge4deZ9Nl62j+cICJiDikKPqncmg3kIt5tHxi1ab0AkFtfWSBW
++pJTZWDBggWzEETPxa7aHvP95IJJ4iABEVtOUnpwGtGRcJXKFu/Qs9ZZR8BSqIS1
+0bGsDhfH+MqsjTYmNF1b9tmReNKRrwr5wOWlyv2LEFZbkuRaw52IvyMTF9MbDbkU
+DtZ3UeIecG/foy7/Nv7T8jrd358ur3d7eWaZXH2pAXynk6R/iiNj1iggdWQtLu30
+CAWOb+5yakQZtfHI+TYKveX5vlHjXHd0Fb2TGK5alk3d
+=uF78
+-----END PGP PUBLIC KEY BLOCK-----

restorecond.spec

@@ -0,0 +1,77 @@
+#
+# spec file for package restorecond
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define libselinux_ver   3.8.1
+Name:           restorecond
+Version:        3.8.1
+Release:        0
+Summary:        Daemon to restore SELinux contexts
+License:        GPL-2.0-or-later
+Group:          Productivity/Security
+URL:            https://github.com/SELinuxProject/selinux.git
+Source0:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source1:        https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
+Source2:        restorecond.keyring
+Patch0:         harden_restorecond.service.patch
+BuildRequires:  dbus-1-glib-devel
+BuildRequires:  libselinux-devel >= %{libselinux_ver}
+Requires:       libselinux1 >= %{libselinux_ver}
+Requires:       selinux-tools >= %{libselinux_ver}
+
+%description
+Daemon that watches for file creation and then sets the default SELinux file context
+
+%prep
+%setup -q
+%patch -P0 -p1
+
+%build
+export CFLAGS="%optflags"
+%make_build LSPP_PRIV=y all
+
+%install
+make DESTDIR=%{buildroot} SHLIBDIR=/%{_lib} SYSTEMDSYSTEMUNITDIR=%{_unitdir} SYSTEMDUSERUNITDIR=%{_userunitdir} install
+rm %{buildroot}%{_sysconfdir}/rc.d/init.d/restorecond
+ln -s /sbin/service %{buildroot}%{_sbindir}/rcrestorecond
+
+%pre
+%service_add_pre restorecond.service
+
+%post
+%service_add_post restorecond.service
+
+%preun
+%service_del_preun restorecond.service
+
+%postun
+%service_del_postun restorecond.service
+
+%files
+%dir %{_sysconfdir}/selinux
+%config %{_sysconfdir}/selinux/restorecond.conf
+%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
+%{_sysconfdir}/xdg/autostart/restorecond.desktop
+%{_unitdir}/restorecond.service
+%{_userunitdir}/restorecond_user.service
+
+%{_sbindir}/restorecond
+%{_sbindir}/rcrestorecond
+%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
+%{_mandir}/man8/restorecond.8%{?ext_man}
+
+%changelog