mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-02-02 21:01:32 +00:00
Update Changelog and VERSION for release.
This commit is contained in:
Chris PeBenito
parent
468185f5f7
commit
960e6cd4e8
186
Changelog
186
Changelog
@ -1,3 +1,189 @@
|
||||
* Wed Dec 03 2014 Chris PeBenito <selinux@tresys.com> - 2.20141203
|
||||
Artyom Smirnov (3):
|
||||
New database object classes
|
||||
Fixes for db_domain and db_exception
|
||||
Renamed db_type to db_datatype, to avoid confusion with SELinux "type"
|
||||
|
||||
Chris PeBenito (69):
|
||||
Whitespace fix in postgresql.fc
|
||||
Module version bump for postgresql fc entries from Luis Ressel.
|
||||
Add symlink to contrib Changelog for easy reference.
|
||||
Move lightdm line in xserver.fc.
|
||||
Whitespace fix in xserver.fc.
|
||||
Update contrib.
|
||||
Module version bump for userdomain kernel symbol table fix from Nicolas
|
||||
Iooss.
|
||||
Module version bump for 2 Gentoo patches from Sven Vermeulen.
|
||||
Update contrib.
|
||||
Module version bump for 2 patch sets from Laurent Bigonville.
|
||||
Update contrib.
|
||||
Module version bump for gnome keyring fix from Laurent Bigonville.
|
||||
Update contrib.
|
||||
Module version bump for /sys/fs/selinux support from Sven Vermeulen.
|
||||
Module version bump for fixes from Laurent Bigonville.
|
||||
Update contrib.
|
||||
Module version bumps for fc fixes from Nicolas Iooss.
|
||||
Update contrib.
|
||||
Add file for placing default_* statements.
|
||||
Fix error in default_user example.
|
||||
Module version bump for unconfined->lvm transition from Nicolas Iooss.
|
||||
Need the __future__ import for python2 if using print().
|
||||
Module version bump for ifconfig fc entry from Sven Vermeulen.
|
||||
Module version bump for deprecated interface usage removal from Nicolas
|
||||
Iooss.
|
||||
Update contrib.
|
||||
Module version bump for rcs2log and xserver updates from Sven Vermeulen.
|
||||
Module version bump for shutdown transitions from Luis Ressel.
|
||||
Remove firstboot_rw_t as FC5 has been gone for a long time.
|
||||
Module version bump for firstboot_rw_t alias removal.
|
||||
Module version bump for dropbox port from Sven Vermeulen.
|
||||
Module version bump for unconfined syslog cap from Nicolas Iooss.
|
||||
Always use the unknown permissions handling build option.
|
||||
Merge pull request #1 from artyom-smirnov/master
|
||||
Module version bump for zram fc entry from Jason Zaman.
|
||||
Update contrib.
|
||||
Module version bump for init_daemon_pid_file from Sven Vermeulen.
|
||||
Move tumblerd fc entry
|
||||
Module version bump for tumblerd fc entry from Jason Zaman.
|
||||
Module version bump for libraries fc fix from Nicolas Iooss.
|
||||
Update contrib.
|
||||
Module version bump for fstools fc entries from Luis Ressel.
|
||||
Module version bump for missing unlabeled interfaces from Sven Vermeulen.
|
||||
Module version bump for ping rawip socket fix from Luis Ressel.
|
||||
Module version bump for full IRC ports from Luis Ressel.
|
||||
Move losetup addition in fstools.
|
||||
Module version bump for losetup fixes from Luis Ressel.
|
||||
Update contrib.
|
||||
Module version bump for postgres fc revisions from Luis Ressel.
|
||||
Module version bump for FUSE fix for mount from Luis Ressel.
|
||||
Module version bump for misc fixes from Nicolas Iooss.
|
||||
Move systemd fc entry.
|
||||
Whitespace change in logging.fc.
|
||||
Add comment for journald ring buffer reading.
|
||||
Module version bumps for systemd/journald patches from Nicolas Iooss.
|
||||
Update contrib.
|
||||
/dev/log symlinks are not labeled devlog_t.
|
||||
Module version bump for CIL fixes from Yuli Khodorkovskiy.
|
||||
Drop RHEL4 and RHEL5 support.
|
||||
Merge pull request #3 from bigon/arping
|
||||
Merge pull request #4 from fishilico/minor-typo
|
||||
Module version bump for Debian arping fc entries from Laurent Bigonville.
|
||||
Add comment for iw generic netlink socket usage
|
||||
Module version bump for /sbin/iw support from Nicolas Iooss.
|
||||
Merge pull request #5 from bigon/audit_read
|
||||
Update contrib.
|
||||
Module version bump for misc fixes from Sven Vermeulen.
|
||||
Update contrib.
|
||||
Module version bump for module store move from Steve Lawrence.
|
||||
Bump module versions for release.
|
||||
|
||||
Elia Pinto (1):
|
||||
Fix misspelling
|
||||
|
||||
Jason Zaman (2):
|
||||
File contexts for zram
|
||||
File Context for tumbler
|
||||
|
||||
Laurent Bigonville (14):
|
||||
Properly label git-shell and other git commands for Debian
|
||||
Label /usr/sbin/lightdm as xdm_exec_t
|
||||
Create new xattrfs attribute and fs_getattr_all_xattr_fs() interface
|
||||
Associate the new xattrfs attribute to fs_t and some pseudo-fs
|
||||
Use new fs_getattr_all_xattr_fs interface for setfiles_t and restorecond_t
|
||||
Add telepathy role for user_r and staff_r
|
||||
Properly label the manpages installed by postgresql
|
||||
Label /usr/local/share/ca-certificates(/.*)? as cert_t
|
||||
Allow the xdm_t domain to enter all the gkeyringd ones
|
||||
Label /etc/locale.alias as locale_t on Debian
|
||||
Allow hugetlbfs_t to be associated to /dev
|
||||
On Debian iputils-arping is installed in /usr/bin/arping
|
||||
Debian also ship a different arping implementation
|
||||
Add new audit_read access vector in capability2 class
|
||||
|
||||
Luis Ressel (13):
|
||||
Add two postgresql file contexts from gentoo policy
|
||||
Allow init to execute shutdown
|
||||
Allow xdm_t to transition to shutdown_t domain
|
||||
Some of the fsadm tools can also be in /usr/sbin instead of /sbin
|
||||
Label /usr/sbin/{add, del}part as fsadm_exec_t
|
||||
Grant ping_t getattr on rawip_socket
|
||||
kernel/corenetwork.te: Add all registered IRC ports
|
||||
system/mount.if: Add mount_rw_loopback_files interface
|
||||
system/fstools.if: Add fstools_use_fds interface
|
||||
Add neccessary permissions for losetup
|
||||
Only label administrative postgres commands as postgresql_exec_t
|
||||
Also apply the new postgres labeling scheme on Debian
|
||||
Grant mount permission to access /dev/fuse
|
||||
|
||||
Nicolas Iooss (31):
|
||||
Fix parallel build of the policy
|
||||
fc_sort: fix typos in comments
|
||||
fc_sort: initialize allocated memory to fix execution on an empty file
|
||||
fc_sort: make outfile argument optional
|
||||
userdomain: no longer allow unprivileged users to read kernel symbols
|
||||
Label syslog-ng.pid as syslogd_var_run_t
|
||||
filesystem: label cgroup symlinks
|
||||
Label /usr/lib/getconf as bin_t
|
||||
Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t
|
||||
Make support/policyvers.py compatible with Python 3
|
||||
Make unconfined user run lvm programs in confined domain
|
||||
No longer use deprecated MLS interfaces
|
||||
Allow unconfined domains to use syslog capability
|
||||
Label /lib symlink as lib_t for every distro
|
||||
Label /usr/lib/networkmanager/ like /usr/lib/NetworkManager/
|
||||
Add ioctl and lock to manage_lnk_file_perms
|
||||
Label (/var)?/tmp/systemd-private-.../tmp like /tmp
|
||||
Fix typo in fs_getattr_all_fs description
|
||||
Label systemd files in init module
|
||||
Introduce init_search_run interface
|
||||
Label systemd-journald files and directories
|
||||
Support logging with /run/systemd/journal/dev-log
|
||||
Allow journald to read the kernel ring buffer and to use /dev/kmsg
|
||||
Allow journald to access to the state of all processes
|
||||
Remove redundant Gentoo-specific term_append_unallocated_ttys(syslogd_t)
|
||||
Fix minor typo in init.if
|
||||
Label /sbin/iw as ifconfig_exec_t
|
||||
Allow iw to create generic netlink sockets
|
||||
Use create_netlink_socket_perms when allowing netlink socket creation
|
||||
Update Python requirement in INSTALL
|
||||
Create tmp directory when compiling a .mod.fc file in a modular way
|
||||
|
||||
Steve Lawrence (1):
|
||||
Update policy for selinux userspace moving the policy store to
|
||||
/var/lib/selinux
|
||||
|
||||
Sven Vermeulen (24):
|
||||
Hide getattr denials upon sudo invocation
|
||||
Support /sys/devices/system/cpu/online
|
||||
The security_t file system can be at /sys/fs/selinux
|
||||
Dontaudit access on security_t file system at /sys/fs/selinux
|
||||
ifconfig can also be in /bin
|
||||
xserver_t needs to ender dirs labeled xdm_var_run_t
|
||||
Enable rcs2log location for all distributions
|
||||
Add dropbox_port_t support
|
||||
Support initrc_t generated pid files with file transition
|
||||
Deprecate init_daemon_run_dir interface
|
||||
Use init_daemon_pid_file instead of init_daemon_run_dir
|
||||
Introduce kernel_delete_unlabeled_symlinks
|
||||
Introduce kernel_delete_unlabeled_pipes
|
||||
Introduce kernel_delete_unlabeled_sockets
|
||||
Introduce kernel_delete_unlabeled_blk_files
|
||||
Introduce kernel_delete_unlabeled_chr_files
|
||||
Run grub(2)-mkconfig in bootloader domain
|
||||
Add auth_pid_filetrans_pam_var_run
|
||||
New sudo manages timestamp directory in /var/run/sudo
|
||||
xfce4-notifyd is an executable
|
||||
Mark f2fs as a SELinux capable file system
|
||||
Add in LightDM contexts
|
||||
Add gfisk and efibootmgr as fsadm_exec_t
|
||||
Add /var/lib/racoon as runtime directory for ipsec
|
||||
|
||||
Yuli Khodorkovskiy (1):
|
||||
Remove duplicate role declarations
|
||||
|
||||
cgarst (1):
|
||||
Updating submodule URL to github
|
||||
|
||||
* Tue Mar 11 2014 Chris PeBenito <selinux@tresys.com> - 2.20140311
|
||||
Chris PeBenito (96):
|
||||
Update contrib to pull in minidlna.
|
||||
|
||||
@ -1 +1 @@
|
||||
Subproject commit 0c39ebe156e192ed46e58cff3e5e802b0d935660
|
||||
Subproject commit f627e84f52f62f4872889987ee32c903c3b7dc96
|
||||
Loading…
Reference in New Issue
Block a user