selinux/libsemanage/ChangeLog

672 lines
22 KiB
Plaintext
Raw Normal View History

2009-07-07 18:26:15 +00:00
2.0.33 2009-07-07
* Maintain disable dontaudit state from Christopher Pardy.
2009-05-28 14:55:27 +00:00
2.0.32 2009-05-28
* Ruby bindings from David Quigley.
2009-01-12 15:45:26 +00:00
2.0.31 2009-01-12
* Policy module compression (bzip) support from Dan Walsh.
* Hard link files between tmp/active/previous from Dan Walsh.
2008-11-12 14:27:21 +00:00
2.0.30 2008-11-12
* Add semanage_mls_enabled() interface from Stephen Smalley.
2.0.29 2008-11-11
* Add USER to lines to homedir_template context file from Chris PeBenito.
2008-09-15 15:25:27 +00:00
2.0.28 2008-09-15
* allow fcontext and seuser changes without rebuilding the policy from Dan Walsh
2.0.27 2008-08-05
* Modify genhomedircon to skip %groupname entries.
Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax.
2.0.26 2008-07-29
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
Strip any trailing slash before appending /*$.
2.0.25 2008-04-21
* Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
Fixes semanage boolean -D seg fault (bug 441379).
2.0.24 2008-02-26
* make swigify
2.0.23 2008-02-04
* Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.
2.0.22 2008-02-04
* Free policydb before fork from Joshua Brindle.
2.0.21 2008-02-04
* Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.
2.0.12 2008-02-02
* Use sepol_set_expand_consume_base to reduce peak memory usage when
using semodule from Joshua Brindle.
2.0.19 2008-01-31
* Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
2.0.18 2008-01-28
* Fix spurious out of memory error reports.
2.0.17 2008-01-25
* Merged second version of fix for genhomedircon handling from Caleb Case.
2.0.16 2008-01-24
* Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
2.0.15 2007-12-05
* Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
* Copy the store path in semanage_select_store from Dan Walsh.
2.0.14 2007-11-05
* Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.
2.0.13 2007-11-05
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
2.0.12 2007-10-05
* ustr cleanups from James Antill.
* Ensure that /root gets labeled even if using the default context from Dan Walsh.
2.0.11 2007-09-28
* Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
2.0.10 2007-09-28
* Fix error checking on getpw*_r functions from Todd Miller.
* Make genhomedircon skip invalid homedir contexts from Todd Miller.
* Set default user and prefix from seusers from Dan Walsh.
* Add swigify Makefile target from Dan Walsh.
2.0.9 2007-09-24
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
2.0.8 2007-09-19
* Clear errno on non-fatal errors to avoid reporting them upon a
later error that does not set errno.
2.0.7 2007-09-19
* Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
2.0.6 2007-09-10
* Change to use getpw* function calls to the _r versions from Todd Miller.
2.0.5 2007-08-23
* Replace genhomedircon script with equivalent functionality within
libsemanage and introduce disable-genhomedircon option in
semanage.conf from Todd Miller.
Note: Depends on ustr.
2.0.4 2007-08-16
* Allow dontaudits to be turned off via semanage interface when
updating policy from Joshua Brindle.
2.0.3 2007-04-25
* Fix to libsemanage man patches so whatis will work better from Dan Walsh
2.0.2 2007-04-24
* Merged optimizations from Stephen Smalley.
- do not set all booleans upon commit, only those whose values have changed
- only install the sandbox upon commit if something was rebuilt
2.0.1 2007-03-12
* Merged dbase_file_flush patch from Dan Walsh.
This removes any mention of specific tools (e.g. semanage)
from the comment header of the auto-generated files,
since there are multiple front-end tools.
2.0.0 2007-02-20
* Merged Makefile test target patch from Caleb Case.
* Merged get_commit_number function rename patch from Caleb Case.
* Merged strnlen -> strlen patch from Todd Miller.
1.10.1 2007-01-26
* Merged python binding fix from Dan Walsh.
1.10.0 2007-01-18
* Updated version for stable branch.
1.9.2 2007-01-08
* Merged patch to optionally reduce disk usage by removing
the backup module store and linked policy from Karl MacMillan
* Merged patch to correctly propagate return values in libsemanage
1.9.1 2006-11-27
* Merged patch to compile wit -fPIC instead of -fpic from
Manoj Srivastava to prevent hitting the global offest table
limit. Patch changed to include libselinux and libsemanage in
addition to libsepol.
1.8 2006-10-17
* Updated version for release.
1.6.17 2006-09-29
* Merged patch to skip reload if no active store exists and
the store path doesn't match the active store path from Dan Walsh.
* Merged patch to not destroy sepol handle on error path of
connect from James Athey.
* Merged patch to add genhomedircon path to semanage.conf from
James Athey.
1.6.16 2006-08-14
* Make most copy errors fatal, but allow exceptions for
file_contexts.local, seusers, and netfilter_contexts if
the source file does not exist in the store.
1.6.15 2006-08-11
* Merged separate local file contexts patch from Chris PeBenito.
1.6.14 2006-08-11
* Merged patch to make most copy errors non-fatal from Dan Walsh.
1.6.13 2006-08-03
* Merged netfilter contexts support from Chris PeBenito.
1.6.12 2006-07-11
* Merged support for read operations on read-only fs from
Caleb Case (Tresys Technology).
1.6.11 2006-06-29
* Lindent.
1.6.10 2006-06-26
* Merged setfiles location check patch from Dan Walsh.
1.6.9 2006-06-16
* Merged several fixes from Serge Hallyn:
dbase_file_cache: deref of uninit data on error path.
dbase_policydb_cache: clear fp to avoid double fclose
semanage_fc_sort: destroy temp on error paths
1.6.8 2006-06-02
* Updated default location for setfiles to /sbin to
match policycoreutils. This can also be adjusted via
semanage.conf using the syntax:
[setfiles]
path = /path/to/setfiles
args = -q -c $@ $<
[end]
1.6.7 2006-05-05
* Merged fix warnings patch from Karl MacMillan.
1.6.6 2006-04-14
* Merged updated file context sorting patch from Christopher
Ashworth, with bug fix for escaped character flag.
1.6.5 2006-04-13
* Merged file context sorting code from Christopher Ashworth
(Tresys Technology), based on fc_sort.c code in refpolicy.
1.6.4 2006-04-12
* Merged python binding t_output_helper removal patch from Dan Walsh.
* Regenerated swig files.
1.6.3 2006-03-30
* Merged corrected fix for descriptor leak from Dan Walsh.
1.6.2 2006-03-20
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
1.6.1 2006-03-20
* Merged man page reorganization from Ivan Gyurdiev.
1.6 2006-03-14
* Updated version for release.
1.5.31 2006-03-09
* Merged abort early on merge errors patch from Ivan Gyurdiev.
1.5.30 2006-03-08
* Cleaned up error handling in semanage_split_fc based on a patch
by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
1.5.29 2006-02-21
* Merged MLS handling fixes from Ivan Gyurdiev.
1.5.28 2006-02-16
* Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
1.5.27 2006-02-16
* Merged base_merge_components changes from Ivan Gyurdiev.
1.5.26 2006-02-15
* Merged paths array patch from Ivan Gyurdiev.
* Merged bug fix patch from Ivan Gyurdiev.
1.5.25 2006-02-14
* Merged improve bindings patch from Ivan Gyurdiev.
1.5.24 2006-02-14
* Merged use PyList patch from Ivan Gyurdiev.
* Merged memory leak fix patch from Ivan Gyurdiev.
* Merged nodecon support patch from Ivan Gyurdiev.
* Merged cleanups patch from Ivan Gyurdiev.
* Merged split swig patch from Ivan Gyurdiev.
1.5.23 2006-02-13
* Merged optionals in base patch from Joshua Brindle.
1.5.22 2006-02-13
* Merged treat seusers/users_extra as optional sections patch from
Ivan Gyurdiev.
* Merged parse_optional fixes from Ivan Gyurdiev.
1.5.21 2006-02-07
* Merged seuser/user_extra support patch from Joshua Brindle.
* Merged remote system dbase patch from Ivan Gyurdiev.
1.5.20 2006-02-02
* Merged clone record on set_con patch from Ivan Gyurdiev.
1.5.19 2006-01-30
* Merged fname parameter patch from Ivan Gyurdiev.
* Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
* Merged seusers.system patch from Ivan Gyurdiev.
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
1.5.18 2006-01-27
* Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
1.5.17 2006-01-27
* Merged set_create_store, access_check, and is_connected interfaces
from Joshua Brindle.
1.5.16 2006-01-19
* Regenerate python wrappers.
1.5.15 2006-01-18
* Merged pywrap Makefile diff from Dan Walsh.
* Merged cache management patch from Ivan Gyurdiev.
* Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
* Merged remove apply_local function patch from Ivan Gyurdiev.
* Merged only do read locking in direct case patch from Ivan Gyurdiev.
* Merged cache error path memory leak fix from Ivan Gyurdiev.
* Merged auto-generated file header patch from Ivan Gyurdiev.
* Merged pywrap test update from Ivan Gyurdiev.
* Merged hidden defs update from Ivan Gyurdiev.
1.5.14 2006-01-13
* Merged disallow port overlap patch from Ivan Gyurdiev.
1.5.13 2006-01-12
* Merged join prereq and implementation patches from Ivan Gyurdiev.
* Merged join user extra data part 2 patch from Ivan Gyurdiev.
* Merged bugfix patch from Ivan Gyurdiev.
1.5.12 2006-01-12
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
* Merged user extra data part 1 patch from Ivan Gyurdiev.
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
* Merged calloc check in semanage_store patch from Ivan Gyurdiev,
bug noticed by Steve Grubb.
* Merged cleanups after add/set removal patch from Ivan Gyurdiev.
1.5.11 2006-01-09
* Merged fcontext compare fix from Ivan Gyurdiev.
1.5.10 2006-01-06
* Fixed commit to return the commit number aka policy sequence number.
1.5.9 2006-01-06
* Merged const in APIs patch from Ivan Gyurdiev.
* Merged validation of local file contexts patch from Ivan Gyurdiev.
* Merged compare2 function patch from Ivan Gyurdiev.
* Merged hidden def/proto update patch from Ivan Gyurdiev.
1.5.8 2006-01-05
* Re-applied string and file optimization patch from Russell Coker,
with bug fix.
1.5.7 2006-01-05
* Reverted string and file optimization patch from Russell Coker.
1.5.6 2006-01-05
* Clarified error messages from parse_module_headers and
parse_base_headers for base/module mismatches.
1.5.5 2006-01-05
* Merged string and file optimization patch from Russell Coker.
* Merged swig header reordering patch from Ivan Gyurdiev.
* Merged toggle modify on add patch from Ivan Gyurdiev.
* Merged ports parser bugfix patch from Ivan Gyurdiev.
* Merged fcontext swig patch from Ivan Gyurdiev.
* Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
* Merged man pages for dbase functions patch from Ivan Gyurdiev.
* Merged pywrap tests patch from Ivan Gyurdiev.
1.5.4 2006-01-04
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- separate file rw code from linked list
- annotate objects
- fold together internal headers
- support ordering of records in compare function
- add active dbase backend, active booleans
- return commit numbers for ro database calls
- use modified flags to skip rebuild whenever possible
- enable port interfaces
- update swig interfaces and typemaps
- add an API for file_contexts.local and file_contexts
- flip the traversal order in iterate/list
- reorganize sandbox_expand
- add seusers MLS validation
- improve dbase spec/documentation
- clone record on set/add/modify
1.5.3 2005-12-14
* Merged further header cleanups from Ivan Gyurdiev.
1.5.2 2005-12-13
* Merged toggle modified flag in policydb_modify, fix memory leak
in clear_obsolete, polymorphism vs headers fix, and include guards
for internal headers patches from Ivan Gyurdiev.
1.5.1 2005-12-12
* Added file-mode= setting to semanage.conf, default to 0644.
Changed semanage_copy_file and callers to use this mode when
installing policy files to runtime locations.
1.4 2005-12-07
* Updated version for release.
1.3.64 2005-12-06
* Changed semanage_handle_create() to set do_reload based on
is_selinux_enabled(). This prevents improper attempts to
load policy on a non-SELinux system.
1.3.63 2005-12-05
* Dropped handle from user_del_role interface.
1.3.62 2005-12-05
* Removed defrole interfaces.
1.3.61 2005-11-29
* Merged Makefile python definitions patch from Dan Walsh.
1.3.60 2005-11-29
* Removed is_selinux_mls_enabled() conditionals in seusers and users
file parsers.
1.3.59 2005-11-28
* Merged wrap char*** for user_get_roles patch from Joshua Brindle.
1.3.58 2005-11-28
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
1.3.57 2005-11-28
* Merged swig wrappers for modifying users and seusers from Joshua Brindle.
1.3.56 2005-11-16
* Fixed free->key_free bug.
1.3.55 2005-11-16
* Merged clear obsolete patch from Ivan Gyurdiev.
1.3.54 2005-11-15
* Merged modified swigify patch from Dan Walsh
(original patch from Joshua Brindle).
* Merged move genhomedircon call patch from Chad Sellers.
1.3.53 2005-11-10
* Merged move seuser validation patch from Ivan Gyurdiev.
* Merged hidden declaration fixes from Ivan Gyurdiev,
with minor corrections.
1.3.52 2005-11-09
* Merged cleanup patch from Ivan Gyurdiev.
This renames semanage_module_conn to semanage_direct_handle,
and moves sepol handle create/destroy into semanage handle
create/destroy to allow use even when disconnected (for the
record interfaces).
1.3.51 2005-11-08
* Clear modules modified flag upon disconnect and commit.
1.3.50 2005-11-08
* Added tracking of module modifications and use it to
determine whether expand-time checks should be applied
on commit.
1.3.49 2005-11-08
* Reverted semanage_set_reload_bools() interface.
1.3.48 2005-11-08
* Disabled calls to port dbase for merge and commit and stubbed
out calls to sepol_port interfaces since they are not exported.
1.3.47 2005-11-08
* Merged rename instead of copy patch from Joshua Brindle (Tresys).
1.3.46 2005-11-07
* Added hidden_def/hidden_proto for exported symbols used within
libsemanage to eliminate relocations. Wrapped type definitions
in exported headers as needed to avoid conflicts. Added
src/context_internal.h and src/iface_internal.h.
1.3.45 2005-11-07
* Added semanage_is_managed() interface to allow detection of whether
the policy is managed via libsemanage. This enables proper handling
in setsebool for non-managed systems.
1.3.44 2005-11-07
* Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
to enable runtime control over preserving active boolean values
versus reloading their saved settings upon commit.
1.3.43 2005-11-04
* Merged seuser parser resync, dbase tracking and cleanup, strtol
bug, copyright, and assert space patches from Ivan Gyurdiev.
1.3.42 2005-11-04
* Added src/*_internal.h in preparation for other changes.
* Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
src/seusers.[hc].
1.3.41 2005-11-03
* Merged interface parse/print, context_to_string interface change,
move assert_noeof, and order preserving patches from Ivan Gyurdiev.
* Added src/dso.h in preparation for other changes.
1.3.40 2005-11-01
* Merged install seusers, handle/error messages, MLS parsing,
and seusers validation patches from Ivan Gyurdiev.
1.3.39 2005-10-31
* Merged record interface, dbase flush, common database code,
and record bugfix patches from Ivan Gyurdiev.
1.3.38 2005-10-27
* Merged dbase policydb list and count change from Ivan Gyurdiev.
1.3.37 2005-10-27
* Merged enable dbase and set relay patches from Ivan Gyurdiev.
1.3.36 2005-10-27
* Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
1.3.35 2005-10-26
* Merged sepol handle passing, seusers support, and policydb cache
patches from Ivan Gyurdiev.
1.3.34 2005-10-25
* Merged resync to sepol changes and booleans fixes/improvements
patches from Ivan Gyurdiev.
1.3.33 2005-10-25
* Merged support for genhomedircon/homedir template, store selection,
explicit policy reload, and semanage.conf relocation from Joshua
Brindle.
1.3.32 2005-10-24
* Merged resync to sepol changes and transaction fix patches from
Ivan Gyurdiev.
1.3.31 2005-10-21
* Merged reorganize users patch from Ivan Gyurdiev.
* Merged remove unused relay functions patch from Ivan Gyurdiev.
1.3.30 2005-10-20
* Fixed policy file leaks in semanage_load_module and
semanage_write_module.
* Merged further database work from Ivan Gyurdiev.
1.3.29 2005-10-20
* Fixed bug in semanage_direct_disconnect.
1.3.28 2005-10-20
* Merged interface renaming patch from Ivan Gyurdiev.
* Merged policy component patch from Ivan Gyurdiev.
1.3.27 2005-10-20
* Renamed 'check=' configuration value to 'expand-check=' for
clarity.
* Changed semanage_commit_sandbox to check for and report errors
on rename(2) calls performed during rollback.
1.3.26 2005-10-19
* Added optional check= configuration value to semanage.conf
and updated call to sepol_expand_module to pass its value
to control assertion and hierarchy checking on module expansion.
1.3.25 2005-10-19
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
1.3.24 2005-10-19
* Merged default database from Ivan Gyurdiev.
* Merged removal of connect requirement in policydb backend from
Ivan Gyurdiev.
* Merged commit locking fix and lock rename from Joshua Brindle.
* Merged transaction rollback in lock patch from Joshua Brindle.
1.3.23 2005-10-18
* Changed default args for load_policy to be null, as it no longer
takes a pathname argument and we want to preserve booleans.
1.3.22 2005-10-18
* Merged move local dbase initialization patch from Ivan Gyurdiev.
* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
1.3.21 2005-10-18
* Added calls to sepol_policy_file_set_handle interface prior
to invoking sepol operations on policy files.
* Updated call to sepol_policydb_from_image to pass the handle.
1.3.20 2005-10-17
* Merged user and port APIs - policy database patch from Ivan
Gyurdiev.
1.3.19 2005-10-17
* Converted calls to sepol link_packages and expand_module interfaces
from using buffers to using sepol handles for error reporting, and
changed direct_connect/disconnect to create/destroy sepol handles.
1.3.18 2005-10-14
* Merged bugfix patch from Ivan Gyurdiev.
1.3.17 2005-10-14
* Merged seuser database patch from Ivan Gyurdiev.
Merged direct user/port databases to the handle from Ivan Gyurdiev.
1.3.16 2005-10-14
* Removed obsolete include/semanage/commit_api.h (leftover).
Merged seuser record patch from Ivan Gyurdiev.
1.3.15 2005-10-14
* Merged boolean and interface databases from Ivan Gyurdiev.
1.3.14 2005-10-13
* Updated to use get interfaces for hidden sepol_module_package type.
1.3.13 2005-10-13
* Changed semanage_expand_sandbox and semanage_install_active
to generate/install the latest policy version supported by libsepol
by default (unless overridden by semanage.conf), since libselinux
will now downgrade automatically for load_policy.
1.3.12 2005-10-13
* Merged new callback-based error reporting system and ongoing
database work from Ivan Gyurdiev.
1.3.11 2005-10-11
* Fixed semanage_install_active() to use the same logic for
selecting a policy version as semanage_expand_sandbox(). Dropped
dead code from semanage_install_sandbox().
1.3.10 2005-10-07
* Updated for changes to libsepol, and to only use types and interfaces
provided by the shared libsepol.
1.3.9 2005-10-06
* Merged further database work from Ivan Gyurdiev.
1.3.8 2005-10-04
* Merged iterate, redistribute, and dbase split patches from
Ivan Gyurdiev.
1.3.7 2005-09-30
* Merged patch series from Ivan Gyurdiev.
(pointer typedef elimination, file renames, dbase work, backend
separation)
1.3.6 2005-09-28
* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
* Separated handle create from connect interface.
* Added a constructor for initialization.
* Moved up src/include/*.h to src.
* Created a symbol map file; dropped dso.h and hidden markings.
1.3.5 2005-09-28
* Merged major update to libsemanage organization and functionality
from Karl MacMillan (Tresys).
1.3.4 2005-09-23
* Merged dbase redesign patch from Ivan Gyurdiev.
1.3.3 2005-09-21
* Merged boolean record, stub record handler, and status codes
patches from Ivan Gyurdiev.
1.3.2 2005-09-16
* Merged stub iterator functionality from Ivan Gyurdiev.
* Merged interface record patch from Ivan Gyurdiev.
1.3.1 2005-09-14
* Merged stub functionality for managing user and port records,
and record table code from Ivan Gyurdiev.
1.2 2005-09-06
* Updated version for release.
1.1.6 2005-08-31
* Merged semod.conf template patch from Dan Walsh (Red Hat),
but restored location to /usr/share/semod/semod.conf.
1.1.5 2005-08-30
* Fixed several bugs found by valgrind.
* Fixed bug in prior patch for the semod_build_module_list leak.
1.1.4 2005-08-25
* Merged errno fix from Joshua Brindle (Tresys).
* Merged fix for semod_build_modules_list leak on error path
from Serge Hallyn (IBM). Bug found by Coverity.
1.1.3 2005-08-22
* Merged several fixes from Serge Hallyn (IBM). Bugs found by
Coverity.
* Fixed several other bugs and warnings.
1.1.2 2005-08-02
* Merged patch to move module read/write code from libsemanage
to libsepol from Jason Tang (Tresys).
1.1.1 2005-08-02
* Merged relay records patch from Ivan Gyurdiev.
* Merged key extract patch from Ivan Gyurdiev.
1.0 2005-07-27
* Initial version.