RepoMirrors/selinux-refpolicy
1
0
Fork 0
mirror of https://github.com/SELinuxProject/refpolicy synced 2025-02-02 21:01:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Changelog and VERSION for release.

Browse Source
This commit is contained in:
Chris PeBenito 2016-10-23 16:58:59 -04:00
parent 34055cae87
commit 633ab9fea3
3 changed files with 236 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

234
Changelog
View File

@ -1,3 +1,237 @@
* Sun Oct 23 2016 Chris PeBenito <pebenito@ieee.org> - 2.20161023
Chris PeBenito (94):
Module version bump for systemd-user-sessions fc entry from Dominick Grift
Module version bumps for 2 patches from Dominick Grift.
Module version bump for vm overcommit sysctl interfaces from Laurent
Bigonville.
Update contrib.
Module version bump for Xorg and SSH patches from Nicolas Iooss.
Add neverallow for mac_override capability. It is not used by SELinux.
Merge branch 'overcommit-1' of git://github.com/bigon/refpolicy into
bigon-overcommit-1
Merge branch 'bigon-overcommit-1'
Merge branch 'systemd-1' of git://github.com/bigon/refpolicy into
bigon-systemd-1
Merge branch 'bigon-systemd-1'
Module version bump for syslog and systemd changes from Laurent Bigonville
Merge pull request #19 from shootingatshadow/fc_sort
Merge branch 'xorg-1' of git://github.com/bigon/refpolicy into
bigon-xorg-1
Merge branch 'bigon-xorg-1'
Module version bump for Debian Xorg fc fixes from Laurent Bigonville
Add a type and genfscon for nsfs.
Module version bump for systemd PrivateNetwork patch from Nicolas Iooss
Module version bump for systemd audit_read capability from Laurent
Bigonville
Merge pull request #21 from fishilico/typos
Module version bump for patches from Nicolas Iooss and Grant Ridder.
Update contrib.
Module version bump for efivarfs patches from Dan Walsh, Vit Mojzis, and
Laurent Bigonville
Module version bump for ipset fc entry from Laurent Bigonville.
Update contrib.
Whitespace fix in iptables.fc.
Module version bump for iptables fc entries from Laurent Bigonville and
Lukas Vrabec.
Update contrib.
Module version bump for iptables/firewalld patch from Laurent Bigonville.
Merge pull request #29 from bigon/appconfig-lxc
Module version bump for getty patch from Luis Ressel.
Module version bump for tboot utils from Luis Ressel and systemd fix from
Jason Zaman.
Merge branch 'corecommands-archlinux' of
https://github.com/fishilico/selinux-refpolicy-patched
Merge branch 'dev_setattr_dlm_control-typo' of
https://github.com/fishilico/selinux-refpolicy-patched
Merge branch 'kdevtmpfs-unlink' of
https://github.com/fishilico/selinux-refpolicy-patched
Module version bump for several Arch fixes from Nicolas Iooss.
Update contrib.
Reduce broad entrypoints for unconfined domains.
Update Travis-CI build to newest SELinux userspace release.
Update su for libselinux-2.5 changes.
Merge branch 'selinux-1' of https://github.com/bigon/refpolicy
Module version bump for Debian fc entries from Laurent Bigonville.
Module version bump for patches from Dominick Grift and Lukas Vrabec.
Add user namespace capability object classes.
Module version bump for hwloc-dump-hwdata from Dominick Grift and Grzegorz
Andrejczuk.
Module version bump for nftables fc entry from Jason Zaman.
Update contrib.
Module version bump for LMNR port from Laurent Bigonville.
Module version bump for systemd-resolved patch from Laurent BIgonville.
Merge branch 'master' of https://github.com/qqo/refpolicy into qqo-master
Merge branch 'qqo-master'
Module version bump for mlstrustedsocket from qqo.
Module version bumps + contrib update for user_runtime from Jason Zaman.
Update contrib.
Module version bump for corecommands update from Garrett Holmstrom.
Module version bump for MLS relabeling patch from Lukas Vrabec.
Get attributes of generic ptys, from Russell Coker.
Module version bump for user_udp_server tunable from Russell Coker.
libraries: Move libsystemd fc entry.
libraries: Module version bump for libsystemd fc entry from Lukas Vrabec.
Update contrib.
Systemd units from Russell Coker.
corenetwork: Add port labeling for Global Catalog over LDAPS.
corenetwork: Missed version bump for previous commit.
Update contrib.
Allow the system user domains to chat over dbus with a few other domains
(e.g. gnome session).
Update alsa module use from Guido Trentalancia.
Update the sysnetwork module to add some permissions needed by the dhcp
client (another separate patch makes changes to the ifconfig part).
Ifconfig should be able to read firmware files in /lib (i.e. some network
cards need to load their firmware) and it should not audit attempts to
load kernel modules directly.
Remove redundant libs_read_lib_files() for ifconfig_t.
Module version bump for various patches from Guido Trentalancia.
Update contrib.
Update for the xserver module:
userdomain: Fix compile errors.
Update contrib.
Merge pull request #38 from fishilico/travis-nosudo
Module version bump for module_load perm use from Guido Trentalancia.
Update contrib.
Merge pull request #39 from rfkrocktk/feature/vagrant
Merge pull request #40 from jer-gentoo/patch-1
userdomain: Move enable_mls block in userdom_common_user_template().
Module version bumps for LVM and useromain patches from Guido
Trentalancia.
Update contrib.
Additional change from Guido Trentalancia related to evolution.
Module version bump for selinuxutil fix from Jason Zaman.
Update contrib.
Update contrib.
Merge branch 'feature/syncthing' of https://github.com/rfkrocktk/refpolicy
into rfkrocktk-feature/syncthing
Merge branch 'rfkrocktk-feature/syncthing'
Module version bumps for syncthing from Naftuli Tzvi Kay.
Merge pull request #41 from SeanPlacchetti/patch-1
Merge pull request #42 from SeanPlacchetti/patch-1
Merge pull request #43 from williamcroberts/google-patch
Update contrib.
Bump module versions for release.
Dan Walsh (1):
Add label for efivarfs
Dominick Grift (5):
systemd: add missing file context spec for systemd-user-sessions
executable file
authlogin: remove duplicate files_list_var_lib(nsswitch_domain)
kernel: implement sysctl_vm_overcommit_t for
/proc/sys/vm/overcommit_memory
systemd: Add support for --log-target
Update refpolicy to handle hwloc
Garrett Holmstrom (1):
corecmd: Remove fcontext for /etc/sysconfig/libvirtd
Grant Ridder (1):
Add redis-sentinel port to redis network_port def
Guido Trentalancia (6):
Add module_load permission to class system
Add module_load permission to can_load_kernmodule
Remove deprecated semodule options from Makefile
Update the lvm module
Improve tunable support for rw operations on noxattr fs / removable media
userdomain: introduce the user certificate file context (was miscfiles:
introduce the user certificate file context)
Jason Zaman (6):
system/init: move systemd_ interfaces into optional_policy
iptables: add fcontext for nftables
authlogin: remove fcontext for /var/run/user
userdomain: Introduce types for /run/user
userdomain: user_tmp requires searching /run/user
userdomain: introduce interfaces for user runtime
Jason Zaman via refpolicy (1):
selinuxutil: allow setfiles to read semanage store
Jeroen Roovers (1):
Use $(AWK) not plain awk
Laurent Bigonville (15):
Add interfaces to read/write /proc/sys/vm/overcommit_memory
Give some systemd domain access to /proc/sys/kernel/random/boot_id
On Debian, systemd binaries are installed in / not /usr
Allow syslogd_t to read sysctl_vm_overcommit_t
Label Xorg server binary correctly on Debian
Allow systemd the audit_read capability
Allow logind to read efivarfs files
Add label for /sbin/ipset
Label /var/run/ebtables.lock as iptables_var_run_t.
Allow {eb,ip,ip6}tables-restore to read files in /run/firewalld
Add lxc_contexts config file
Add some labels for SELinux tools path in Debian
Add the validate_trans access vector to the security class
Add llmnr/5355 (Link-local Multicast Name Resolution)
Add policy for systemd-resolved
Luis Ressel (2):
Allow getty the sys_admin capability
Allow sysadm to run txt-stat.
Lukas Vrabec (4):
Label /var/run/xtables.lock as iptables_var_run_t.
SELinux support for cgroup2 filesystem.
Add new MLS attribute to allow relabeling objects higher than system low.
This exception is needed for package managers when processing sensitive
data.
Systemd by version 231 starts using shared library and systemd daemons
execute it. For this reason lib_t type is needed.
Mike Palmiotto (1):
Add mls support for some db classes
Naftuli Tzvi Kay (2):
Add Syncthing Support to Policy
Add Vagrant box for development.
Nicolas Iooss (18):
Label Xorg server binary correctly on Arch Linux
Label OpenSSH files correctly on Arch Linux
Label OpenSSH systemd unit files
Allow systemd services to use PrivateNetwork feature
Fix typo in init_dbus_chat requirements
Fix typos in comments from corenetwork module
man: Spelling fixes
Fix interface descriptions when duplicate ones are found
Label /sys/kernel/debug/tracing filesystem
Label TexLive scripts bin_t
Label system-config-printer applet properly on Arch Linux
Label gedit plugins properly on Arch Linux
Label some user session DBus services as bin_t
Do not label /usr/lib/gvfs/libgvfscommon.so as bin_t
Fix typo in dev_setattr_dlm_control interface requirements
Allow kdevtmpfs to unlink fixed disk devices
Fix typo in module compilation message
Make Travis-CI build without using sudo
Rahul Chaudhry (1):
fc_sort: cleanup warnings caught by clang tidy / static analyzer.
Russell Coker (2):
user_udp_server tunable
getattr on unlabeled blk devs
Sean Placchetti (2):
Update to refpolicy spec file
Update specfile
Vit Mojzis (1):
Add interface to allow reading files in efivarfs - contains Linux Kernel
configuration options for UEFI systems (UEFI Runtime Variables)
William Roberts (1):
fc_sort: strip whitespace errors
qqo (1):
Adds attribute mlstrustedsocket, along with the interface.
* Tue Dec 08 2015 Chris PeBenito <selinux@tresys.com> - 2.20151208
Alexander Wetzel (1):
adds vfio device support to base policy

2
VERSION
View File

@ -1 +1 @@
2.20151208
2.20161023

2
policy/modules/contrib

@ -1 +1 @@
Subproject commit f86706a14b661be798c4929d533b99d0bf4449e7
Subproject commit 082f271d9304aaa8e7d8107d94ba47b71b875a8d