diff --git a/Changelog b/Changelog index e69de29bb..5fcca553b 100644 --- a/Changelog +++ b/Changelog @@ -0,0 +1,216 @@ +* Wed Apr 24 2013 Chris PeBenito - 2.20130424 +Chris PeBenito (78): + Mcelog update from Guido Trentalancia. + Add bird contrib module from Dominick Grift. + Minor whitespace fix in udev.fc + Module version bump for udev binary location update from Sven Vermeulen. + clarify the file_contexts.subs_dist configuration file usage from Guido + Trentalancia + Update contrib. + Remove trailing / from paths + Module version bump for fc substitutions optimizations from Sven + Vermeulen. + Update contrib. + Module version bump for /run/dhcpc directory creation by dhcp from Sven + Vermeulen. + Module version bump for fc fixes in devices module from Dominick Grift. + Update contrib. + Module version bump for /dev/mei type and label from Dominick Grift. + Module version bump for init_daemon_run_dirs usage from Sven Vermeulen. + Module version bump for lost+found labeling in /var/log from Guido + Trentalancia. + Module version bump for loop-control patch. + Turn off all tunables by default, from Guido Trentalancia. + Add /usr/lib to TEST_TOOLCHAIN LD_LIBRARY_PATH. + Module version bump for various changes from Sven Vermeulen. + Module version bump for ports update from Dominick Grift. + Module version bump for Debian file context updates from Laurent + Bigonville. + Update contrib. + Update contrib. + split kmod fc into two lines. + Module version bump for kmod fc from Laurent Bigonville. + Module version bump for cfengine fc change from Dominick Grift. + Module verision bump for Debian cert file fc update from Laurent + Bigonville. + Module version bump for ipsec net sysctls reading from Miroslav Grepl. + Module version bump for srvloc port definition from Dominick Grift. + Rename cachefiles_dev_t to cachefiles_device_t. + Module version bump for cachefiles core support. + Module version bump for changes from Dominick Grift and Sven Vermeulen. + Module version bump for modutils patch from Dominick Grift. + Module version bump for dhcp6 ports, from Russell Coker. + Rearrange new xserver interfaces. + Rename new xserver interfaces. + Module version bump for xserver interfaces from Dominick Grift. + Move kernel_stream_connect() declaration. + Module version bump for kernel_stream_connect() from Dominick Grift. + Rename logging_search_all_log_dirs to logging_search_all_logs + Module version bump for minor logging and sysnet changes from Sven + Vermeulen. + Module version bump for dovecot libs from Mika Pflueger. + Rearrange interfaces in files, clock, and udev. + Module version bump for interfaces used by virt from Dominick Grift. + Module version bump for arping setcap from Dominick Grift. + Rearrange devices interfaces. + Module version bump/contrib sync. + Rearrange lines. + Module version bump for user home content fixes from Dominick Grift. + Rearrange files interfaces. + Module version bump for Gentoo openrc fixes for /run from Sven Vermeulen. + Update contrib. + Whitespace fix in miscfiles.fc. + Adjust man cache interface names. + Module version bump for man cache from Dominick Grift. + Module version bump for Debian ssh-keysign location from Laurent + Bigonville. + Module version bump for userdomain portion of XDG updates from Dominick + Grift. + Module version bump for iptables fc entry from Sven Vermeulen and inn log + from Dominick Grift. + Module version bump for logging and tcpdump fixes from Sven Vermeulen. + Move mcs_constrained() impementation. + Module version bump for mcs_constrained from Dominick Grift. + Update contrib. + Module version bump from Debian changes from Laurent Bigonville. + Module version bump for zfs labeling from Matthew Thode. + Module version bump for misc updates from Sven Vermeulen. + Update contrib. + Module version bump for fixes from Dominick Grift. + Module version bump for Debian updates from Laurent Bigonville. + Fix bug in userdom_delete_all_user_home_content_files() from Kohei KaiGai. + Update contrib + Fix fc_sort.c warning uncovered by recent gcc + Module version bump for chfn fixes from Sven Vermeulen. + Add swapoff fc entry. + Add conntrack fc entry. + Update contrib. + Update contrib + Archive old Changelog for log format change. + Bump module versions for release. + +Dominick Grift (40): + There can be more than a single watchdog interface + Fix a suspected typo + Intel® Active Management Technology + Declare a loop control device node type and label /dev/loop-control + accordingly + Declare port types for ports used by Fedora but use /etc/services for port + names rather than using fedora port names. If /etc/services does not + have a port name for a port used by Fedora, skip for now. + Remove var_log_t file context spec + svrloc port type declaration from slpd policy module + Declare a cachfiles device node type + Implement files_create_all_files_as() for cachefilesd + Restricted Xwindows user domains run windows managers in the windows + managers domain + Declare a cslistener port type for phpfpm + Changes to the sysnetwork policy module + Changes to the userdomain policy module + Changes to the bootloader policy module + Changes to the modutils policy module + Changes to the xserver policy module + Changes to various policy modules + Changes to the kernel policy module + For svirt_lxc_domain + For svirt_lxc_domain + For svirt_lxc_domain + For virtd lxc + For virtd_lxc + For virtd_lxc + For virtd lxc + For virtd lxc + For virtd + Arping needs setcap to cap_set_proc + For virtd + Changes to the user domain policy module + Samhain_admin() now requires a role for the role_transition from $1 to + initrc_t via samhain_initrc_exec_t + Changes to the user domain policy module + Label /var/cache/man with a private man cache type for mandb + Create a attribute user_home_content_type and assign it to all types that + are classified userdom_user_home_content() + These two attribute are unused + System logger creates innd log files with a named file transition + Implement mcs_constrained_type + Changes to the init policy module + Changes to the userdomain policy module + NSCD related changes in various policy modules + +Guido Trentalancia (1): + add lost+found filesystem labels to support NSA security guidelines + +Laurent Bigonville (21): + Add Debian locations for GDM 3 + Add Debian location for udisks helpers + Add insmod_exec_t label for kmod executable + Add Debian location for PKI files + Add Debian location for ssh-keysign + Properly label all the ssh host keys + Allow udev_t domain to read files labeled as consolekit_var_run_t + authlogin.if: Add auth_create_pam_console_data_dirs and + auth_pid_filetrans_pam_var_console interfaces + Label /etc/rc.d/init.d/x11-common as xdm_exec_t + Drop /etc/rc.d/init.d/xfree86-common filecontext definition + Label /var/run/shm as tmpfs_t for Debian + Label /var/run/motd.dynamic as initrc_var_run_t + Label /var/run/initctl as initctl_t + udev.if: Call files_search_pid instead of files_search_var_lib in + udev_manage_pid_files + Label executables in /usr/lib/NetworkManager/ as bin_t + Add support for rsyslog + Label var_lock_t as a mountpoint + Add mount_var_run_t type and allow mount_t domain to manage the files and + directories + Add initrc_t to use block_suspend capability + Label executables under /usr/lib/gnome-settings-daemon/ as bin_t + Label nut drivers that are installed in /lib/nut on Debian as bin_t + +Matthew Thode (1): + Implement zfs support + +Mika Pflüger (2): + Debian locations of gvfs and kde4 libexec binaries in /usr/lib + Explicitly label dovecot libraries lib_t for debian + +Miroslav Grepl (1): + Allow ipsec to read kernel sysctl + +Paul Moore (1): + flask: add the attach_queue permission to the tun_socket object class + +Russell Coker (1): + Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for + client control + +Sven Vermeulen (27): + New location for udevd binary + Use substititions for /usr/local/lib and /etc/init.d + DHCP client's hooks create /run/dhcpc directory + Introduce init_daemon_run_dir transformation + Use the init_daemon_run_dir interface for udev + Allow initrc_t to create run dirs for core modules + Puppet uses mount output for verification + Allow syslogd to create /var/lib/syslog and + /var/lib/misc/syslog-ng.persist + Gentoo's openrc does not require initrc_exec_t for runscripts anymore + Allow init scripts to read courier configuration + Allow search within postgresql var directory for the stream connect + interface + Introduce logging_getattr_all_logs interface + Introduce logging_search_all_log_dirs interface + Support flushing routing cache + Allow init to set attributes on device_t + Introduce files_manage_all_pids interface + Gentoo openrc migrates /var/run and /var/lock data to /run(/lock) + Update files_manage_generic_locks with directory permissions + Run ipset in iptables domain + tcpdump chroots into /var/lib/tcpdump + Remove generic log label for cron location + Postgresql 9.2 connects to its unix stream socket + lvscan creates the /run/lock/lvm directory if nonexisting (v2) + Allow syslogger to manage cron log files (v2) + Allow initrc_t to read stunnel configuration + Introduce exec-check interfaces for passwd binaries and useradd binaries + chfn_t reads in file context information and executes nscd + diff --git a/VERSION b/VERSION index 37b3df8a7..d060af824 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.20120725 +2.20130424 diff --git a/policy/modules/contrib b/policy/modules/contrib index 02b4522e5..dbedd4e54 160000 --- a/policy/modules/contrib +++ b/policy/modules/contrib @@ -1 +1 @@ -Subproject commit 02b4522e586acd4b2760cc812438cf2c1cc19bb7 +Subproject commit dbedd4e548f8af5e61e2e9c2c6fb9b9600e61bba