selinux/policycoreutils/ChangeLog

1003 lines
32 KiB
Plaintext

2.0.71 2009-08-11
* Modify setfiles/restorecon checking of exclude paths. Only check
user-supplied exclude paths (not automatically generated ones based on
lack of seclabel support), don't require them to be directories, and
ignore permission denied errors on them (it is ok to exclude a path to
which the caller lacks permission).
2.0.70 2009-08-04
* Modify restorecon to only call realpath() on user-supplied pathnames
from Stephen Smalley.
2.0.69 2009-07-30
* Fix typo in fixfiles that prevented it from relabeling btrfs
filesystems from Dan Walsh.
2.0.68 2009-07-24
* Modify setfiles to exclude mounts without seclabel option in
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
2.0.67 2009-07-07
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
Pardy and Dan Walsh.
2.0.66 2009-07-07
* setfiles converted to fts from Thomas Liu.
2.0.65 2009-06-24
* Remove gui from po/Makefile and po/POTFILES and regenerate po files
2.0.64 2009-06-22
* Keep setfiles from spamming console from Dan Walsh.
* Fix chcat's category expansion for users from Dan Walsh.
2.0.63 2009-05-15
* Fix transaction checking from Dan Walsh.
* Make fixfiles -R (for rpm) recursive.
* Make semanage permissive clean up after itself from Dan Walsh.
* add /root/.ssh/* to restorecond.conf
2.0.62 2009-02-19
* Add btrfs to fixfiles from Dan Walsh.
* Remove restorecond error for matching globs with multiple hard links
and fix some error messages from Dan Walsh.
* Make removing a non-existant module a warning rather than an error
from Dan Walsh.
* Man page fixes from Dan Walsh.
2.0.61 2009-01-12
* chcat: cut categories at arbitrary point (25) from Dan Walsh
* semodule: use new interfaces in libsemanage for compressed files
from Dan Walsh
* audit2allow: string changes for usage
2.0.60 2008-11-12
* semanage: use semanage_mls_enabled() from Stephen Smalley.
2.0.59 2008-11-11
* fcontext add checked local records twice, fix from Dan Walsh.
2.0.58 2008-11-09
* Allow local file context entries to override policy entries in
semanage from Dan Walsh.
* Newrole error message corrections from Dan Walsh.
* Add exception to audit2why call in audit2allow from Dan Walsh.
2.0.57 2008-09-18
* Update po files from Dan Walsh.
2.0.56 2008-09-12
* fixfiles will now remove all files in /tmp and will check for
unlabeled_t in /tmp and /var/tmp from Dan Walsh.
* add glob support to restorecond from Dan Walsh.
* allow semanage to handle multi-line commands in a single transaction
from Dan Walsh.
2.0.55 2008-08-26
* Merged semanage node support from Christian Kuester.
2.0.54 2008-08-05
* Add support for boolean files and group support for seusers from Dan Walsh.
* Ensure that setfiles -p output is newline terminated from Russell Coker.
2.0.53 2008-07-29
* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
2.0.52 2008-07-02
* Add permissive domain capability to semanage from Dan Walsh.
2.0.51 2008-06-28
* Add onboot option to fixfiles from Dan Walsh.
* Change restorecon.init to not run on boot by default from Dan Walsh.
2.0.50 2008-06-30
* Fix audit2allow generation of role-type rules from Karl MacMillan.
2.0.49 2008-05-16
* Remove security_check_context calls for prefix validation from semanage.
2.0.48 2008-05-16
* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
2.0.47 2008-04-18
* Update semanage man page for booleans from Dan Walsh.
* Add further error checking to seobject.py for setting booleans.
2.0.46 2008-03-18
* Update audit2allow to report dontaudit cases from Dan Walsh.
2.0.45 2008-03-18
* Fix semanage port to use --proto from Caleb Case.
2.0.44 2008-02-22
* Fixed semodule to correctly handle error when unable to create a handle.
2.0.43 2008-02-08
* Merged fix fixfiles option processing from Vaclav Ovsik.
2.0.42 2008-02-02
* Make semodule_expand use sepol_set_expand_consume_base to reduce
peak memory usage.
2.0.41 2008-01-28
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
2.0.40 2008-01-25
* Merged a second fixfiles -C fix from Marshall Miller.
2.0.39 2008-01-24
* Merged fixfiles -C fix from Marshall Miller.
2.0.38 2008-01-24
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
2.0.37 2008-01-23
* Merged replacement for audit2why from Dan Walsh.
2.0.36 2008-01-23
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
2.0.35 2007-12-21
* Merged support for non-interactive newrole command invocation from Tim Reed.
2.0.34 2007-12-14
* Update Makefile to not build restorecond if
/usr/include/sys/inotify.h is not present
2.0.33 2007-12-07
* Drop verbose output on fixfiles -C from Dan Walsh.
* Fix argument handling in fixfiles from Dan Walsh.
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
2.0.32 2007-10-16
* load_policy initial load option from Chad Sellers.
2.0.31 2007-10-15
* Fix semodule option handling from Dan Walsh.
2.0.30 2007-10-11
* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
2.0.29 2007-10-05
* Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
2.0.28 2007-10-05
* Update semodule man page for -D from Dan Walsh.
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
2.0.27 2007-09-19
* Improve semodule reporting of system errors from Stephen Smalley.
2.0.26 2007-09-18
* Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
2.0.25 2007-08-23
* Remove genhomedircon script (functionality is now provided
within libsemanage) from Todd Miller.
2.0.24 2007-08-23
* Fix genhomedircon searching for USER from Todd Miller
* Install run_init with mode 0755 from Dan Walsh.
* Fix chcat from Dan Walsh.
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
* Optimize genhomedircon to compile regexes once from Dan Walsh.
* Fix semanage gettext call from Dan Walsh.
2.0.23 2007-08-16
* Disable dontaudits via semodule -D
2.0.22 2007-06-20
* Rebase setfiles to use new labeling interface.
2.0.21 2007-06-13
* Fixed setsebool (falling through to error path on success).
2.0.20 2007-06-05
* Merged genhomedircon fixes from Dan Walsh.
* Merged setfiles -c usage fix from Dan Walsh.
* Merged restorecon fix from Yuichi Nakamura.
* Dropped -lsepol where no longer needed.
2.0.19 2007-05-11
* Merge newrole support for alternate pam configs from Ted X Toth.
2.0.18 2007-05-11
* Merged merging of restorecon into setfiles from Stephen Smalley.
2.0.17 2007-05-09
* Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
2.0.16 2007-05-03
* Merged support for modifying the prefix via semanage from Dan Walsh.
2.0.15 2007-04-26
* Merged move of audit2why to /usr/bin from Dan Walsh.
2.0.14 2007-04-25
* Build fix for setsebool.
2.0.13 2007-04-24
* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
2.0.12 2007-04-24
* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
2.0.11 2007-04-24
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
2.0.10 2007-04-24
* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
2.0.9 2007-04-12
* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
2.0.8 2007-04-10
* Merged updates to sepolgen-ifgen from Karl MacMillan.
2.0.7 2007-03-01
* Merged restorecond init script LSB compliance patch from Steve Grubb.
2.0.6 2007-02-22
* Merged newrole O_NONBLOCK fix from Linda Knippers.
2.0.5 2007-02-22
* Merged sepolgen and audit2allow patches to leave generated files
in the current directory from Karl MacMillan.
2.0.4 2007-02-22
* Merged restorecond memory leak fix from Steve Grubb.
2.0.3 2007-02-21
* Merged translations update from Dan Walsh.
* Merged chcat fixes from Dan Walsh.
* Merged man page fixes from Dan Walsh.
* Merged seobject prefix validity checking from Dan Walsh.
2.0.2 2007-02-20
* Merged seobject exception handler fix from Caleb Case.
* Merged setfiles memory leak patch from Todd Miller.
2.0.1 2007-02-08
* Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh.
2.0.0 2007-02-05
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
1.34.1 2007-01-22
* Fixed newrole non-pam build.
1.34.0 2007-01-18
* Updated version for stable branch.
1.33.16 2007-01-18
* Merged po file updates from Dan Walsh.
* Removed update-po from all target in po/Makefile.
1.33.15 2007-01-17
* Merged unicode-to-string fix for seobject audit from Dan Walsh.
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
1.33.14 2007-01-16
* Merged newrole man page patch from Michael Thompson.
1.33.13 2007-01-16
* Merged patch to fix python unicode problem from Dan Walsh.
1.33.12 2007-01-11
* Merged newrole securetty check from Dan Walsh.
* Merged semodule patch to generalize list support from Karl MacMillan.
1.33.11 2007-01-09
* Merged fixfiles and seobject fixes from Dan Walsh.
* Merged semodule support for list of modules after -i from Karl MacMillan.
1.33.10 2007-01-08
* Merged patch to correctly handle a failure during semanage handle
creation from Karl MacMillan.
1.33.9 2007-01-05
* Merged patch to fix seobject role modification from Dan Walsh.
1.33.8 2007-01-04
* Merged patches from Dan Walsh to:
- omit the optional name from audit2allow
- use the installed python version in the Makefiles
- re-open the tty with O_RDWR in newrole
1.33.7 2007-01-03
* Patch from Dan Walsh to correctly suppress warnings in load_policy.
1.33.6 2006-11-29
* Patch from Dan Walsh to add an pam_acct_msg call to run_init
* Patch from Dan Walsh to fix error code returns in newrole
* Patch from Dan Walsh to remove verbose flag from semanage man page
* Patch from Dan Walsh to make audit2allow use refpolicy Makefile
in /usr/share/selinux/<SELINUXTYPE>
1.33.5 2006-11-27
* Merged patch from Michael C Thompson to clean up genhomedircon
error handling.
1.33.4 2006-11-21
* Merged po file updates from Dan Walsh.
1.33.3 2006-11-21
* Merged setsebool patch from Karl MacMillan.
This fixes a bug reported by Yuichi Nakamura with
always setting booleans persistently on an unmanaged system.
1.33.2 2006-11-20
* Merged patch from Dan Walsh (via Karl MacMillan):
* Added newrole audit message on login failure
* Add /var/log/wtmp to restorecond.conf watch list
* Fix genhomedircon, semanage, semodule_expand man pages.
1.33.1 2006-11-13
* Merged newrole patch set from Michael Thompson.
1.32 2006-10-17
* Updated version for release.
1.30.31 2006-10-17
* Merged audit2allow -l fix from Yuichi Nakamura.
* Merged restorecon -i and -o - support from Karl MacMillan.
* Merged semanage/seobject fix from Dan Walsh.
* Merged fixfiles -R and verify changes from Dan Walsh.
1.30.30 2006-09-29
* Merged newrole auditing of failures due to user actions from
Michael Thompson.
1.30.29 2006-09-13
* Man page corrections from Dan Walsh
* Change all python invocations to /usr/bin/python -E
* Add missing getopt flags to genhomedircon
1.30.28 2006-09-01
* Merged fix for restorecon // handling from Erich Schubert.
* Merged translations update and fixfiles fix from Dan Walsh.
1.30.27 2006-08-24
* Merged fix for restorecon symlink handling from Erich Schubert.
1.30.26 2006-08-11
* Merged semanage local file contexts patch from Chris PeBenito.
1.30.25 2006-08-03
* Merged patch from Dan Walsh with:
* audit2allow: process MAC_POLICY_LOAD events
* newrole: run shell with - prefix to start a login shell
* po: po file updates
* restorecond: bail if SELinux not enabled
* fixfiles: omit -q
* genhomedircon: fix exit code if non-root
* semodule_deps: install man page
1.30.24 2006-08-03
* Merged secon Makefile fix from Joshua Brindle.
1.30.23 2006-08-03
* Merged netfilter contexts support patch from Chris PeBenito.
1.30.22 2006-07-28
* Merged restorecond size_t fix from Joshua Brindle.
1.30.21 2006-07-28
* Merged secon keycreate patch from Michael LeMay.
1.30.20 2006-07-26
* Merged restorecond fixes from Dan Walsh.
Merged updated po files from Dan Walsh.
1.30.19 2006-07-26
* Merged python gettext patch from Stephen Bennett.
1.30.18 2006-07-25
* Merged semodule_deps from Karl MacMillan.
1.30.17 2006-06-29
* Lindent.
1.30.16 2006-06-26
* Merged patch from Dan Walsh with:
* -p option (progress) for setfiles and restorecon.
* disable context translation for setfiles and restorecon.
* on/off values for setsebool.
1.30.15 2006-06-26
* Merged setfiles and semodule_link fixes from Joshua Brindle.
1.30.14 2006-06-16
* Merged fix for setsebool error path from Serge Hallyn.
1.30.13 2006-06-16
* Merged patch from Dan Walsh with:
* Updated po files.
* Fixes for genhomedircon and seobject.
* Audit message for mass relabel by setfiles.
1.30.12 2006-06-02
* Updated fixfiles script for new setfiles location in /sbin.
1.30.11 2006-05-26
* Merged more translations from Dan Walsh.
* Merged patch to relocate setfiles to /sbin for early relabel
when /usr might not be mounted from Dan Walsh.
* Merged semanage/seobject patch to preserve fcontext ordering in list.
* Merged secon patch from James Antill.
1.30.10 2006-05-22
* Merged patch with updates to audit2allow, secon, genhomedircon,
and semanage from Dan Walsh.
1.30.9 2006-05-08
* Fixed audit2allow and po Makefiles for DESTDIR= builds.
* Merged .po file patch from Dan Walsh.
* Merged bug fix for genhomedircon.
1.30.8 2006-05-08
* Merged patch from Dan Walsh.
This includes audit2allow changes for analysis plugins,
internationalization support for several additional programs
and added po files, some fixes for semanage, and several cleanups.
It also adds a new secon utility.
1.30.7 2006-05-05
* Merged fix warnings patch from Karl MacMillan.
1.30.6 2006-04-14
* Merged semanage prefix support from Russell Coker.
1.30.5 2006-04-11
* Added a test to setfiles to check that the spec file is
a regular file.
1.30.4 2006-03-29
* Merged audit2allow fixes for refpolicy from Dan Walsh.
* Merged fixfiles patch from Dan Walsh.
* Merged restorecond daemon from Dan Walsh.
1.30.3 2006-03-29
* Merged semanage non-MLS fixes from Chris PeBenito.
1.30.2 2006-03-29
* Merged semanage and semodule man page examples from Thomas Bleher.
1.30.1 2006-03-20
* Merged semanage labeling prefix patch from Ivan Gyurdiev.
1.30 2006-03-14
* Updated version for release.
1.29.28 2006-03-13
* Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
1.29.27 2006-03-08
* Merged audit2allow -R support, chcat fix, semanage MLS checks
and semanage audit calls from Dan Walsh.
1.29.26 2006-02-15
* Merged semanage bug fix patch from Ivan Gyurdiev.
1.29.25 2006-02-14
* Merged improve bindings patch from Ivan Gyurdiev.
1.29.24 2006-02-14
* Merged semanage usage patch from Ivan Gyurdiev.
* Merged use PyList patch from Ivan Gyurdiev.
1.29.23 2006-02-13
* Merged newrole -V/--version support from Glauber de Oliveira Costa.
1.29.22 2006-02-13
* Merged genhomedircon prefix patch from Dan Walsh.
1.29.21 2006-02-13
* Merged optionals in base patch from Joshua Brindle.
1.29.20 2006-02-07
* Merged seuser/user_extra support patch to semodule_package
from Joshua Brindle.
1.29.19 2006-02-06
* Merged getopt type fix for semodule_link/expand and sestatus
from Chris PeBenito.
1.29.18 2006-02-02
* Merged clone record on set_con patch from Ivan Gyurdiev.
1.29.17 2006-01-30
* Merged genhomedircon fix from Dan Walsh.
1.29.16 2006-01-30
* Merged seusers.system patch from Ivan Gyurdiev.
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
* Merged genhomedircon patch from Dan Walsh.
1.29.15 2006-01-27
* Merged newrole audit patch from Steve Grubb.
1.29.14 2006-01-27
* Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
1.29.13 2006-01-27
* Merged semanage and semodule access check patches from Joshua Brindle.
1.29.12 2006-01-26
* Merged restorecon, chcat, and semanage patches from Dan Walsh.
1.29.11 2006-01-25
* Modified newrole and run_init to use the loginuid when
supported to obtain the Linux user identity to re-authenticate,
and to fall back to real uid. Dropped the use of the SELinux
user identity, as Linux users are now mapped to SELinux users
via seusers and the SELinux user identity space is separate.
1.29.10 2006-01-20
* Merged semanage bug fixes from Ivan Gyurdiev.
* Merged semanage fixes from Russell Coker.
* Merged chcat.8 and genhomedircon patches from Dan Walsh.
1.29.9 2006-01-19
* Merged chcat, semanage, and setsebool patches from Dan Walsh.
1.29.8 2006-01-18
* Merged semanage fixes from Ivan Gyurdiev.
* Merged semanage fixes from Russell Coker.
* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
1.29.7 2006-01-13
* Merged newrole cleanup patch from Steve Grubb.
* Merged setfiles/restorecon performance patch from Russell Coker.
* Merged genhomedircon and semanage patches from Dan Walsh.
1.29.6 2006-01-12
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
1.29.5 2006-01-05
* Added filename to semodule error reporting.
1.29.4 2006-01-05
* Merged genhomedircon and semanage patch from Dan Walsh.
* Changed semodule error reporting to include argv[0].
1.29.3 2006-01-04
* Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- cleanup setsebool
- update setsebool to apply active booleans through libsemanage
- update semodule to use the new semanage_set_rebuild() interface
- fix various bugs in semanage
* Merged patch from Dan Walsh (Red Hat).
This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
and semanage.
1.29.2 2005-12-14
* Merged patch for chcat script from Dan Walsh.
1.29.1 2005-12-08
* Merged fix for audit2allow long option list from Dan Walsh.
* Merged -r option for restorecon (alias for -R) from Dan Walsh.
* Merged chcat script and man page from Dan Walsh.
1.28 2005-12-07
* Updated version for release.
1.27.37 2005-12-07
* Clarified the genhomedircon warning message.
1.27.36 2005-12-05
* Changed genhomedircon to warn on use of ROLE in homedir_template
if using managed policy, as libsemanage does not yet support it.
1.27.35 2005-12-02
* Merged genhomedircon bug fix from Dan Walsh.
1.27.34 2005-12-02
* Revised semodule* man pages to refer to checkmodule and
to include example sections.
1.27.33 2005-12-01
* Merged audit2allow --tefile and --fcfile support from Dan Walsh.
* Merged genhomedircon fix from Dan Walsh.
* Merged semodule* man pages from Dan Walsh, and edited them.
1.27.32 2005-12-01
* Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
retain validation/canonicalization of contexts during init.
1.27.31 2005-11-29
* Changed genhomedircon to always use user_r for the role in the
managed case since user_get_defrole is broken.
1.27.30 2005-11-29
* Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
* Fixed semodule -v option.
1.27.29 2005-11-28
* Merged audit2allow python script from Dan Walsh.
(old script moved to audit2allow.perl, will be removed later).
* Merged genhomedircon fixes from Dan Walsh.
* Merged semodule quieting patch from Dan Walsh
(inverts default, use -v to restore original behavior).
1.27.28 2005-11-15
* Merged genhomedircon rewrite from Dan Walsh.
1.27.27 2005-11-09
* Merged setsebool cleanup patch from Ivan Gyurdiev.
1.27.26 2005-11-09
* Added -B (--build) option to semodule to force a rebuild.
1.27.25 2005-11-08
* Reverted setsebool patch to call semanage_set_reload_bools().
* Changed setsebool to disable policy reload and to call
security_set_boolean_list to update the runtime booleans.
1.27.24 2005-11-08
* Changed setfiles -c to use new flag to set_matchpathcon_flags()
to disable context translation by matchpathcon_init().
1.27.23 2005-11-07
* Changed setfiles for the context canonicalization support.
1.27.22 2005-11-07
* Changed setsebool to call semanage_is_managed() interface
and fall back to security_set_boolean_list() if policy is
not managed.
1.27.21 2005-11-07
* Merged setsebool memory leak fix from Ivan Gyurdiev.
* Merged setsebool patch to call semanage_set_reload_bools()
interface from Ivan Gyurdiev.
1.27.20 2005-11-04
* Merged setsebool patch from Ivan Gyurdiev.
This moves setsebool from libselinux/utils to policycoreutils,
and rewrites it to use libsemanage for permanent boolean changes.
1.27.19 2005-10-25
* Merged semodule support for reload, noreload, and store options
from Joshua Brindle.
* Merged semodule_package rewrite from Joshua Brindle.
1.27.18 2005-10-20
* Cleaned up usage and error messages and releasing of memory by
semodule_* utilities.
1.27.17 2005-10-20
* Corrected error reporting by semodule.
1.27.16 2005-10-19
* Updated semodule_expand for change to sepol interface.
1.27.15 2005-10-19
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
1.27.14 2005-10-18
* Updated semodule_package for sepol interface changes.
1.27.13 2005-10-17
* Updated semodule_expand/link for sepol interface changes.
1.27.12 2005-10-14
* Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
1.27.11 2005-10-13
* Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
1.27.10 2005-10-13
* Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
1.27.9 2005-10-13
* Merged fixfiles patch from Dan Walsh (Red Hat).
1.27.8 2005-10-13
* Updated semodule for removal of semanage_strerror.
1.27.7 2005-10-11
* Updated semodule_link and semodule_expand to use shared libsepol.
Fixed audit2why to call policydb_init prior to policydb_read (still
uses the static libsepol).
1.27.6 2005-10-07
* Updated for changes to libsepol.
Changed semodule and semodule_package to use the shared libsepol.
Disabled build of semodule_link and semodule_expand for now.
Updated audit2why for relocated policydb internal headers,
still needs to be converted to a shared lib interface.
1.27.5 2005-10-06
* Fixed warnings in load_policy.
1.27.4 2005-10-06
* Rewrote load_policy to use the new selinux_mkload_policy()
interface provided by libselinux.
1.27.3 2005-09-28
* Merged patch to update semodule to the new libsemanage API
and improve the user interface from Karl MacMillan (Tresys).
* Modified semodule for the create/connect API split.
1.27.2 2005-09-20
* Merged run_init open_init_pty bug fix from Manoj Srivastava
(unblock SIGCHLD). Bug reported by Erich Schubert.
1.27.1 2005-09-20
* Merged error shadowing bug fix for restorecon from Dan Walsh.
* Merged setfiles usage/man page update for -r option from Dan Walsh.
* Merged fixfiles -C patch to ignore :s0 addition on update
to a MCS/MLS policy from Dan Walsh.
1.26 2005-09-06
* Updated version for release.
1.25.9 2005-08-31
* Changed setfiles -c to translate the context to raw format
prior to calling libsepol.
1.25.8 2005-08-31
* Changed semodule to report errors even without -v,
to detect extraneous arguments, and corrected usage message.
1.25.7 2005-08-25
* Merged patch for fixfiles -C from Dan Walsh.
1.25.6 2005-08-22
* Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
Bugs found by Coverity.
1.25.5 2005-08-02
* Merged patch to move module read/write code from libsemanage
to libsepol from Jason Tang (Tresys).
1.25.4 2005-07-27
* Changed semodule* to link with libsemanage.
1.25.3 2005-07-26
* Merged restorecon patch from Ivan Gyurdiev.
1.25.2 2005-07-11
* Merged load_policy, newrole, and genhomedircon patches from Red Hat.
1.25.1 2005-07-06
* Merged loadable module support from Tresys Technology.
1.24 2005-06-20
* Updated version for release.
1.23.11 2005-05-19
* Merged fixfiles and newrole patch from Dan Walsh.
* Merged audit2why man page from Dan Walsh.
1.23.10 2005-05-16
* Extended audit2why to incorporate booleans and local user
settings when analyzing audit messages.
1.23.9 2005-05-13
* Updated audit2why for sepol_ prefixes on Flask types to
avoid namespace collision with libselinux, and to
include <selinux/selinux.h> now.
1.23.8 2005-05-13
* Added audit2why utility.
1.23.7 2005-04-29
* Merged patch for fixfiles from Dan Walsh.
Allow passing -F to force reset of customizable contexts.
1.23.6 2005-04-13
* Fixed signed/unsigned pointer bug in load_policy.
* Reverted context validation patch for genhomedircon.
1.23.5 2005-04-12
* Reverted load_policy is_selinux_enabled patch from Dan Walsh.
Otherwise, an initial policy load cannot be performed using
load_policy, e.g. for anaconda.
1.23.4 2005-04-08
* Merged load_policy is_selinux_enabled patch from Dan Walsh.
* Merged restorecon verbose output patch from Dan Walsh.
* Merged setfiles altroot patch from Chris PeBenito.
1.23.3 2005-03-17
* Merged context validation patch for genhomedircon from Eric Paris.
1.23.2 2005-03-16
* Changed setfiles -c to call set_matchpathcon_flags(3) to
turn off processing of .homedirs and .local.
1.23.1 2005-03-14
* Merged rewrite of genhomedircon by Eric Paris.
* Changed fixfiles to relabel jfs since it now supports security xattrs
(as of 2.6.11). Removed reiserfs until 2.6.12 is released with
fixed support for reiserfs and selinux.
1.22 2005-03-09
* Updated version for release.
1.21.22 2005-03-07
* Merged restorecon and genhomedircon patch from Dan Walsh.
1.21.21 2005-02-28
* Merged load_policy and genhomedircon patch from Dan Walsh.
1.21.20 2005-02-24
* Merged fixfiles and genhomedircon patch from Dan Walsh.
1.21.19 2005-02-22
* Merged several fixes from Ulrich Drepper.
1.21.18 2005-02-18
* Changed load_policy to fall back to the original policy upon
an error from sepol_genusers().
1.21.17 2005-02-17
* Merged new genhomedircon script from Dan Walsh.
1.21.16 2005-02-17
* Changed load_policy to call sepol_genusers().
1.21.15 2005-02-09
* Changed relabel Makefile target to use restorecon.
1.21.14 2005-02-08
* Merged restorecon patch from Dan Walsh.
1.21.13 2005-02-07
* Merged sestatus patch from Dan Walsh.
* Merged further change to fixfiles -C from Dan Walsh.
1.21.12 2005-02-02
* Merged further patches for restorecon/setfiles -e and fixfiles -C.
1.21.11 2005-02-02
* Merged patch for fixfiles -C option from Dan Walsh.
* Merged patch -e support for restorecon from Dan Walsh.
* Merged updated -e support for setfiles from Dan Walsh.
1.21.10 2005-01-31
* Merged patch for open_init_pty from Manoj Srivastava.
1.21.9 2005-01-28
* Merged updated fixfiles script from Dan Walsh.
* Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
* Reverted fixfiles patch for file_contexts.local;
obsoleted by setfiles rewrite.
* Merged error handling patch for restorecon from Dan Walsh.
* Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
1.21.8 2005-01-28
* Rewrote setfiles to use matchpathcon and the new interfaces
exported by libselinux (>= 1.21.5).
1.21.7 2005-01-27
* Prevent overflow of spec array in setfiles.
1.21.6 2005-01-27
* Merged genhomedircon STARTING_UID bug fix from Dan Walsh.
1.21.5 2005-01-26
* Merged newrole -l support from Darrel Goeddel (TCS).
1.21.4 2005-01-25
* Merged fixfiles patch for file_contexts.local from Dan Walsh.
1.21.3 2005-01-21
* Fixed restorecon to not treat errors from is_context_customizable()
as a customizable context.
* Merged setfiles/restorecon patch to not reset user field unless
-F option is specified from Dan Walsh.
1.21.2 2005-01-21
* Merged open_init_pty helper for run_init from Manoj Srivastava.
* Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
1.21.1 2005-01-19
* Merged customizable contexts patch for restorecon/setfiles from Dan Walsh.
1.20 2005-01-06
* Merged fixfiles rewrite from Dan Walsh.
* Merged restorecon patch from Dan Walsh.
* Merged fixfiles and restorecon patches from Dan Walsh.
* Changed restorecon to ignore ENOENT errors from matchpathcon.
* Merged nonls patch from Chris PeBenito.
* Removed fixfiles.cron.
* Merged run_init.8 patch from Dan Walsh.
1.18 2004-11-01
* Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh.
* Merged sestatus patch from Steve Grubb.
* Merged fixfiles patch from Dan Walsh.
* Added -l option to setfiles to log changes via syslog.
* Merged -e option to setfiles to exclude directories.
* Merged -R option to restorecon for recursive descent.
* Merged sestatus patch from Steve Grubb via Dan Walsh.
* Merged load_policy and fixfiles.cron patches from Dan Walsh.
* Merged fix for setfiles context validation patch from Colin Walters.
* Merged setfiles context validation patch from Colin Walters.
* Merged genhomedircon patch from Russell Coker.
* Merged restorecon patch from Russell Coker.
1.16 2004-08-13
* Merged audit2allow fix from Tom London.
* Merged load_policy man page from Dan Walsh.
* Merged newrole bug fix from Chad Hanson.
* Changed load_policy to preserve booleans by default.
* Changed load_policy to invoke sepol_genbools() instead.
* Changed load_policy to also invoke security_load_booleans().
* Merged genhomedircon fixes from Dan Walsh.
* Changed restorecon to use realpath.
* Merged fixfiles patch from Dan Walsh.
* Merged genhomedircon patch from Russell Coker and Dan Walsh.
* Merged fixfiles patch and fixfiles.cron script from Dan Walsh.
* Merged stat fix for setfiles -s from Russell Coker.
1.14 2004-06-25
* Merged fix for fixfiles.
* Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh.
* Merged updated genhomedircon script from Russell Coker.
* Merged run_init patch to find initrc_context from Dan Walsh.
* Merged fixfiles patch for /etc/selinux from Dan Walsh.
* Merged restorecon patch from Dan Walsh.
* Merged fixfiles patch from Dan Walsh.
1.12 2004-05-10
* Merged newrole patch from Colin Walters.
* Merged fixfiles from Dan Walsh.
1.10 2004-04-05
* Changed setfiles to not abort upon lsetfilecon failures.
* Merged sestatus from Chris PeBenito.
* Merged fixes for restorecon.
* Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie.
* Merged restorecon patch from Dan Walsh.
* Revert add_assoc change from setfiles.
* Moved restorecon to /sbin.
* Disable add_assoc in setfiles by default, use -a to enable.
* Merged genhomedircon patch from Dan Walsh.
* Merged restorecon patch from Dan Walsh.
* Merged setfiles buffer size change from Dan Walsh.
* Merged genhomedircon fix from Karl MacMillan of Tresys.
This generates separate lines for each prefix.
1.8 2004-03-09
* Merged genhomedircon patch from Karl MacMillan of Tresys.
* Removed checkcon script (obsoleted by restorecon -nv).
* Replaced restorecon script with C program from Dan Walsh.
Uses the new matchpathcon function from libselinux.
1.6 2004-02-18
* Fixed setfiles sorting problem reported by Colin Walters.
* Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker.
* Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh.
* Quiet warning about duplicate same specifications if -q is used.
* Fixed usage message of audit2allow.
1.4 2003-12-01
* Merged patch from Russell Coker.
* Added audit2allow (formerly newrules.pl from policy).
* Dropped -lattr from Makefiles.
* Merged setfiles check type first patch by Russell Coker.
1.2 2003-09-30
* Merged run_init close file patch from Chris PeBenito.
* Merged setfiles stem compression patch by Russell Coker.
* Merged setfiles usage/getopt/err patch by Russell Coker.
* Merged setfiles altroot patch by Hardened Gentoo team.
* Merged i18n patch by Dan Walsh.
* Changed Makefiles to allow non-root rpm builds.
1.1 2003-08-13
* Dropped obsolete psid code from setfiles.
1.0 2003-07-11
* Initial public release.