1003 lines
32 KiB
Plaintext
1003 lines
32 KiB
Plaintext
2.0.71 2009-08-11
|
|
* Modify setfiles/restorecon checking of exclude paths. Only check
|
|
user-supplied exclude paths (not automatically generated ones based on
|
|
lack of seclabel support), don't require them to be directories, and
|
|
ignore permission denied errors on them (it is ok to exclude a path to
|
|
which the caller lacks permission).
|
|
|
|
2.0.70 2009-08-04
|
|
* Modify restorecon to only call realpath() on user-supplied pathnames
|
|
from Stephen Smalley.
|
|
|
|
2.0.69 2009-07-30
|
|
* Fix typo in fixfiles that prevented it from relabeling btrfs
|
|
filesystems from Dan Walsh.
|
|
|
|
2.0.68 2009-07-24
|
|
* Modify setfiles to exclude mounts without seclabel option in
|
|
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
|
|
|
|
2.0.67 2009-07-07
|
|
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
|
|
Pardy and Dan Walsh.
|
|
|
|
2.0.66 2009-07-07
|
|
* setfiles converted to fts from Thomas Liu.
|
|
|
|
2.0.65 2009-06-24
|
|
* Remove gui from po/Makefile and po/POTFILES and regenerate po files
|
|
|
|
2.0.64 2009-06-22
|
|
* Keep setfiles from spamming console from Dan Walsh.
|
|
* Fix chcat's category expansion for users from Dan Walsh.
|
|
|
|
2.0.63 2009-05-15
|
|
* Fix transaction checking from Dan Walsh.
|
|
* Make fixfiles -R (for rpm) recursive.
|
|
* Make semanage permissive clean up after itself from Dan Walsh.
|
|
* add /root/.ssh/* to restorecond.conf
|
|
|
|
2.0.62 2009-02-19
|
|
* Add btrfs to fixfiles from Dan Walsh.
|
|
* Remove restorecond error for matching globs with multiple hard links
|
|
and fix some error messages from Dan Walsh.
|
|
* Make removing a non-existant module a warning rather than an error
|
|
from Dan Walsh.
|
|
* Man page fixes from Dan Walsh.
|
|
|
|
2.0.61 2009-01-12
|
|
* chcat: cut categories at arbitrary point (25) from Dan Walsh
|
|
* semodule: use new interfaces in libsemanage for compressed files
|
|
from Dan Walsh
|
|
* audit2allow: string changes for usage
|
|
|
|
2.0.60 2008-11-12
|
|
* semanage: use semanage_mls_enabled() from Stephen Smalley.
|
|
|
|
2.0.59 2008-11-11
|
|
* fcontext add checked local records twice, fix from Dan Walsh.
|
|
|
|
2.0.58 2008-11-09
|
|
* Allow local file context entries to override policy entries in
|
|
semanage from Dan Walsh.
|
|
* Newrole error message corrections from Dan Walsh.
|
|
* Add exception to audit2why call in audit2allow from Dan Walsh.
|
|
|
|
2.0.57 2008-09-18
|
|
* Update po files from Dan Walsh.
|
|
|
|
2.0.56 2008-09-12
|
|
* fixfiles will now remove all files in /tmp and will check for
|
|
unlabeled_t in /tmp and /var/tmp from Dan Walsh.
|
|
* add glob support to restorecond from Dan Walsh.
|
|
* allow semanage to handle multi-line commands in a single transaction
|
|
from Dan Walsh.
|
|
|
|
2.0.55 2008-08-26
|
|
* Merged semanage node support from Christian Kuester.
|
|
|
|
2.0.54 2008-08-05
|
|
* Add support for boolean files and group support for seusers from Dan Walsh.
|
|
* Ensure that setfiles -p output is newline terminated from Russell Coker.
|
|
|
|
2.0.53 2008-07-29
|
|
* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
|
|
|
|
2.0.52 2008-07-02
|
|
* Add permissive domain capability to semanage from Dan Walsh.
|
|
|
|
2.0.51 2008-06-28
|
|
* Add onboot option to fixfiles from Dan Walsh.
|
|
* Change restorecon.init to not run on boot by default from Dan Walsh.
|
|
|
|
2.0.50 2008-06-30
|
|
* Fix audit2allow generation of role-type rules from Karl MacMillan.
|
|
|
|
2.0.49 2008-05-16
|
|
* Remove security_check_context calls for prefix validation from semanage.
|
|
|
|
2.0.48 2008-05-16
|
|
* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
|
|
|
|
2.0.47 2008-04-18
|
|
* Update semanage man page for booleans from Dan Walsh.
|
|
* Add further error checking to seobject.py for setting booleans.
|
|
|
|
2.0.46 2008-03-18
|
|
* Update audit2allow to report dontaudit cases from Dan Walsh.
|
|
|
|
2.0.45 2008-03-18
|
|
* Fix semanage port to use --proto from Caleb Case.
|
|
|
|
2.0.44 2008-02-22
|
|
* Fixed semodule to correctly handle error when unable to create a handle.
|
|
|
|
2.0.43 2008-02-08
|
|
* Merged fix fixfiles option processing from Vaclav Ovsik.
|
|
|
|
2.0.42 2008-02-02
|
|
* Make semodule_expand use sepol_set_expand_consume_base to reduce
|
|
peak memory usage.
|
|
|
|
2.0.41 2008-01-28
|
|
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
|
|
|
|
2.0.40 2008-01-25
|
|
* Merged a second fixfiles -C fix from Marshall Miller.
|
|
|
|
2.0.39 2008-01-24
|
|
* Merged fixfiles -C fix from Marshall Miller.
|
|
|
|
2.0.38 2008-01-24
|
|
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
|
|
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
|
|
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
|
|
|
|
2.0.37 2008-01-23
|
|
* Merged replacement for audit2why from Dan Walsh.
|
|
|
|
2.0.36 2008-01-23
|
|
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
|
|
|
|
2.0.35 2007-12-21
|
|
* Merged support for non-interactive newrole command invocation from Tim Reed.
|
|
|
|
2.0.34 2007-12-14
|
|
* Update Makefile to not build restorecond if
|
|
/usr/include/sys/inotify.h is not present
|
|
|
|
2.0.33 2007-12-07
|
|
* Drop verbose output on fixfiles -C from Dan Walsh.
|
|
* Fix argument handling in fixfiles from Dan Walsh.
|
|
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
|
|
|
|
2.0.32 2007-10-16
|
|
* load_policy initial load option from Chad Sellers.
|
|
|
|
2.0.31 2007-10-15
|
|
* Fix semodule option handling from Dan Walsh.
|
|
|
|
2.0.30 2007-10-11
|
|
* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
|
|
|
|
2.0.29 2007-10-05
|
|
* Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
|
|
|
|
2.0.28 2007-10-05
|
|
* Update semodule man page for -D from Dan Walsh.
|
|
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
|
|
|
|
2.0.27 2007-09-19
|
|
* Improve semodule reporting of system errors from Stephen Smalley.
|
|
|
|
2.0.26 2007-09-18
|
|
* Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
|
|
|
|
2.0.25 2007-08-23
|
|
* Remove genhomedircon script (functionality is now provided
|
|
within libsemanage) from Todd Miller.
|
|
|
|
2.0.24 2007-08-23
|
|
* Fix genhomedircon searching for USER from Todd Miller
|
|
* Install run_init with mode 0755 from Dan Walsh.
|
|
* Fix chcat from Dan Walsh.
|
|
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
|
|
* Optimize genhomedircon to compile regexes once from Dan Walsh.
|
|
* Fix semanage gettext call from Dan Walsh.
|
|
|
|
2.0.23 2007-08-16
|
|
* Disable dontaudits via semodule -D
|
|
|
|
2.0.22 2007-06-20
|
|
* Rebase setfiles to use new labeling interface.
|
|
|
|
2.0.21 2007-06-13
|
|
* Fixed setsebool (falling through to error path on success).
|
|
|
|
2.0.20 2007-06-05
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Merged setfiles -c usage fix from Dan Walsh.
|
|
* Merged restorecon fix from Yuichi Nakamura.
|
|
* Dropped -lsepol where no longer needed.
|
|
|
|
2.0.19 2007-05-11
|
|
* Merge newrole support for alternate pam configs from Ted X Toth.
|
|
|
|
2.0.18 2007-05-11
|
|
* Merged merging of restorecon into setfiles from Stephen Smalley.
|
|
|
|
2.0.17 2007-05-09
|
|
* Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
|
|
|
|
2.0.16 2007-05-03
|
|
* Merged support for modifying the prefix via semanage from Dan Walsh.
|
|
|
|
2.0.15 2007-04-26
|
|
* Merged move of audit2why to /usr/bin from Dan Walsh.
|
|
|
|
2.0.14 2007-04-25
|
|
* Build fix for setsebool.
|
|
|
|
2.0.13 2007-04-24
|
|
* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
|
|
|
|
2.0.12 2007-04-24
|
|
* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
|
|
|
|
2.0.11 2007-04-24
|
|
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
|
|
|
|
2.0.10 2007-04-24
|
|
* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
|
|
|
|
2.0.9 2007-04-12
|
|
* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
|
|
|
|
2.0.8 2007-04-10
|
|
* Merged updates to sepolgen-ifgen from Karl MacMillan.
|
|
|
|
2.0.7 2007-03-01
|
|
* Merged restorecond init script LSB compliance patch from Steve Grubb.
|
|
|
|
2.0.6 2007-02-22
|
|
* Merged newrole O_NONBLOCK fix from Linda Knippers.
|
|
|
|
2.0.5 2007-02-22
|
|
* Merged sepolgen and audit2allow patches to leave generated files
|
|
in the current directory from Karl MacMillan.
|
|
|
|
2.0.4 2007-02-22
|
|
* Merged restorecond memory leak fix from Steve Grubb.
|
|
|
|
2.0.3 2007-02-21
|
|
* Merged translations update from Dan Walsh.
|
|
* Merged chcat fixes from Dan Walsh.
|
|
* Merged man page fixes from Dan Walsh.
|
|
* Merged seobject prefix validity checking from Dan Walsh.
|
|
|
|
2.0.2 2007-02-20
|
|
* Merged seobject exception handler fix from Caleb Case.
|
|
* Merged setfiles memory leak patch from Todd Miller.
|
|
|
|
2.0.1 2007-02-08
|
|
* Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh.
|
|
|
|
2.0.0 2007-02-05
|
|
* Merged new audit2allow from Karl MacMillan.
|
|
This audit2allow depends on the new sepolgen python module.
|
|
Note that you must run the sepolgen-ifgen tool to generate
|
|
the data needed by audit2allow to generate refpolicy.
|
|
|
|
1.34.1 2007-01-22
|
|
* Fixed newrole non-pam build.
|
|
|
|
1.34.0 2007-01-18
|
|
* Updated version for stable branch.
|
|
|
|
1.33.16 2007-01-18
|
|
* Merged po file updates from Dan Walsh.
|
|
* Removed update-po from all target in po/Makefile.
|
|
|
|
1.33.15 2007-01-17
|
|
* Merged unicode-to-string fix for seobject audit from Dan Walsh.
|
|
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
|
|
|
|
1.33.14 2007-01-16
|
|
* Merged newrole man page patch from Michael Thompson.
|
|
|
|
1.33.13 2007-01-16
|
|
* Merged patch to fix python unicode problem from Dan Walsh.
|
|
|
|
1.33.12 2007-01-11
|
|
* Merged newrole securetty check from Dan Walsh.
|
|
* Merged semodule patch to generalize list support from Karl MacMillan.
|
|
|
|
1.33.11 2007-01-09
|
|
* Merged fixfiles and seobject fixes from Dan Walsh.
|
|
* Merged semodule support for list of modules after -i from Karl MacMillan.
|
|
|
|
1.33.10 2007-01-08
|
|
* Merged patch to correctly handle a failure during semanage handle
|
|
creation from Karl MacMillan.
|
|
|
|
1.33.9 2007-01-05
|
|
* Merged patch to fix seobject role modification from Dan Walsh.
|
|
|
|
1.33.8 2007-01-04
|
|
* Merged patches from Dan Walsh to:
|
|
- omit the optional name from audit2allow
|
|
- use the installed python version in the Makefiles
|
|
- re-open the tty with O_RDWR in newrole
|
|
|
|
1.33.7 2007-01-03
|
|
* Patch from Dan Walsh to correctly suppress warnings in load_policy.
|
|
|
|
1.33.6 2006-11-29
|
|
* Patch from Dan Walsh to add an pam_acct_msg call to run_init
|
|
* Patch from Dan Walsh to fix error code returns in newrole
|
|
* Patch from Dan Walsh to remove verbose flag from semanage man page
|
|
* Patch from Dan Walsh to make audit2allow use refpolicy Makefile
|
|
in /usr/share/selinux/<SELINUXTYPE>
|
|
|
|
1.33.5 2006-11-27
|
|
* Merged patch from Michael C Thompson to clean up genhomedircon
|
|
error handling.
|
|
1.33.4 2006-11-21
|
|
* Merged po file updates from Dan Walsh.
|
|
|
|
1.33.3 2006-11-21
|
|
* Merged setsebool patch from Karl MacMillan.
|
|
This fixes a bug reported by Yuichi Nakamura with
|
|
always setting booleans persistently on an unmanaged system.
|
|
|
|
1.33.2 2006-11-20
|
|
* Merged patch from Dan Walsh (via Karl MacMillan):
|
|
* Added newrole audit message on login failure
|
|
* Add /var/log/wtmp to restorecond.conf watch list
|
|
* Fix genhomedircon, semanage, semodule_expand man pages.
|
|
|
|
1.33.1 2006-11-13
|
|
* Merged newrole patch set from Michael Thompson.
|
|
|
|
1.32 2006-10-17
|
|
* Updated version for release.
|
|
|
|
1.30.31 2006-10-17
|
|
* Merged audit2allow -l fix from Yuichi Nakamura.
|
|
* Merged restorecon -i and -o - support from Karl MacMillan.
|
|
* Merged semanage/seobject fix from Dan Walsh.
|
|
* Merged fixfiles -R and verify changes from Dan Walsh.
|
|
|
|
1.30.30 2006-09-29
|
|
* Merged newrole auditing of failures due to user actions from
|
|
Michael Thompson.
|
|
|
|
1.30.29 2006-09-13
|
|
* Man page corrections from Dan Walsh
|
|
* Change all python invocations to /usr/bin/python -E
|
|
* Add missing getopt flags to genhomedircon
|
|
|
|
1.30.28 2006-09-01
|
|
* Merged fix for restorecon // handling from Erich Schubert.
|
|
* Merged translations update and fixfiles fix from Dan Walsh.
|
|
|
|
1.30.27 2006-08-24
|
|
* Merged fix for restorecon symlink handling from Erich Schubert.
|
|
|
|
1.30.26 2006-08-11
|
|
* Merged semanage local file contexts patch from Chris PeBenito.
|
|
|
|
1.30.25 2006-08-03
|
|
* Merged patch from Dan Walsh with:
|
|
* audit2allow: process MAC_POLICY_LOAD events
|
|
* newrole: run shell with - prefix to start a login shell
|
|
* po: po file updates
|
|
* restorecond: bail if SELinux not enabled
|
|
* fixfiles: omit -q
|
|
* genhomedircon: fix exit code if non-root
|
|
* semodule_deps: install man page
|
|
|
|
1.30.24 2006-08-03
|
|
* Merged secon Makefile fix from Joshua Brindle.
|
|
|
|
1.30.23 2006-08-03
|
|
* Merged netfilter contexts support patch from Chris PeBenito.
|
|
|
|
1.30.22 2006-07-28
|
|
* Merged restorecond size_t fix from Joshua Brindle.
|
|
|
|
1.30.21 2006-07-28
|
|
* Merged secon keycreate patch from Michael LeMay.
|
|
|
|
1.30.20 2006-07-26
|
|
* Merged restorecond fixes from Dan Walsh.
|
|
Merged updated po files from Dan Walsh.
|
|
|
|
1.30.19 2006-07-26
|
|
* Merged python gettext patch from Stephen Bennett.
|
|
|
|
1.30.18 2006-07-25
|
|
* Merged semodule_deps from Karl MacMillan.
|
|
|
|
1.30.17 2006-06-29
|
|
* Lindent.
|
|
|
|
1.30.16 2006-06-26
|
|
* Merged patch from Dan Walsh with:
|
|
* -p option (progress) for setfiles and restorecon.
|
|
* disable context translation for setfiles and restorecon.
|
|
* on/off values for setsebool.
|
|
|
|
1.30.15 2006-06-26
|
|
* Merged setfiles and semodule_link fixes from Joshua Brindle.
|
|
|
|
1.30.14 2006-06-16
|
|
* Merged fix for setsebool error path from Serge Hallyn.
|
|
|
|
1.30.13 2006-06-16
|
|
* Merged patch from Dan Walsh with:
|
|
* Updated po files.
|
|
* Fixes for genhomedircon and seobject.
|
|
* Audit message for mass relabel by setfiles.
|
|
|
|
1.30.12 2006-06-02
|
|
* Updated fixfiles script for new setfiles location in /sbin.
|
|
|
|
1.30.11 2006-05-26
|
|
* Merged more translations from Dan Walsh.
|
|
* Merged patch to relocate setfiles to /sbin for early relabel
|
|
when /usr might not be mounted from Dan Walsh.
|
|
* Merged semanage/seobject patch to preserve fcontext ordering in list.
|
|
* Merged secon patch from James Antill.
|
|
|
|
1.30.10 2006-05-22
|
|
* Merged patch with updates to audit2allow, secon, genhomedircon,
|
|
and semanage from Dan Walsh.
|
|
|
|
1.30.9 2006-05-08
|
|
* Fixed audit2allow and po Makefiles for DESTDIR= builds.
|
|
* Merged .po file patch from Dan Walsh.
|
|
* Merged bug fix for genhomedircon.
|
|
|
|
1.30.8 2006-05-08
|
|
* Merged patch from Dan Walsh.
|
|
This includes audit2allow changes for analysis plugins,
|
|
internationalization support for several additional programs
|
|
and added po files, some fixes for semanage, and several cleanups.
|
|
It also adds a new secon utility.
|
|
|
|
1.30.7 2006-05-05
|
|
* Merged fix warnings patch from Karl MacMillan.
|
|
|
|
1.30.6 2006-04-14
|
|
* Merged semanage prefix support from Russell Coker.
|
|
|
|
1.30.5 2006-04-11
|
|
* Added a test to setfiles to check that the spec file is
|
|
a regular file.
|
|
|
|
1.30.4 2006-03-29
|
|
* Merged audit2allow fixes for refpolicy from Dan Walsh.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
* Merged restorecond daemon from Dan Walsh.
|
|
|
|
1.30.3 2006-03-29
|
|
* Merged semanage non-MLS fixes from Chris PeBenito.
|
|
|
|
1.30.2 2006-03-29
|
|
* Merged semanage and semodule man page examples from Thomas Bleher.
|
|
|
|
1.30.1 2006-03-20
|
|
* Merged semanage labeling prefix patch from Ivan Gyurdiev.
|
|
|
|
1.30 2006-03-14
|
|
* Updated version for release.
|
|
|
|
1.29.28 2006-03-13
|
|
* Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
|
|
|
|
1.29.27 2006-03-08
|
|
* Merged audit2allow -R support, chcat fix, semanage MLS checks
|
|
and semanage audit calls from Dan Walsh.
|
|
|
|
1.29.26 2006-02-15
|
|
* Merged semanage bug fix patch from Ivan Gyurdiev.
|
|
|
|
1.29.25 2006-02-14
|
|
* Merged improve bindings patch from Ivan Gyurdiev.
|
|
|
|
1.29.24 2006-02-14
|
|
* Merged semanage usage patch from Ivan Gyurdiev.
|
|
* Merged use PyList patch from Ivan Gyurdiev.
|
|
|
|
1.29.23 2006-02-13
|
|
* Merged newrole -V/--version support from Glauber de Oliveira Costa.
|
|
|
|
1.29.22 2006-02-13
|
|
* Merged genhomedircon prefix patch from Dan Walsh.
|
|
|
|
1.29.21 2006-02-13
|
|
* Merged optionals in base patch from Joshua Brindle.
|
|
|
|
1.29.20 2006-02-07
|
|
* Merged seuser/user_extra support patch to semodule_package
|
|
from Joshua Brindle.
|
|
|
|
1.29.19 2006-02-06
|
|
* Merged getopt type fix for semodule_link/expand and sestatus
|
|
from Chris PeBenito.
|
|
|
|
1.29.18 2006-02-02
|
|
* Merged clone record on set_con patch from Ivan Gyurdiev.
|
|
|
|
1.29.17 2006-01-30
|
|
* Merged genhomedircon fix from Dan Walsh.
|
|
|
|
1.29.16 2006-01-30
|
|
* Merged seusers.system patch from Ivan Gyurdiev.
|
|
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
|
|
* Merged genhomedircon patch from Dan Walsh.
|
|
|
|
1.29.15 2006-01-27
|
|
* Merged newrole audit patch from Steve Grubb.
|
|
|
|
1.29.14 2006-01-27
|
|
* Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
|
|
|
|
1.29.13 2006-01-27
|
|
* Merged semanage and semodule access check patches from Joshua Brindle.
|
|
|
|
1.29.12 2006-01-26
|
|
* Merged restorecon, chcat, and semanage patches from Dan Walsh.
|
|
|
|
1.29.11 2006-01-25
|
|
* Modified newrole and run_init to use the loginuid when
|
|
supported to obtain the Linux user identity to re-authenticate,
|
|
and to fall back to real uid. Dropped the use of the SELinux
|
|
user identity, as Linux users are now mapped to SELinux users
|
|
via seusers and the SELinux user identity space is separate.
|
|
|
|
1.29.10 2006-01-20
|
|
* Merged semanage bug fixes from Ivan Gyurdiev.
|
|
* Merged semanage fixes from Russell Coker.
|
|
* Merged chcat.8 and genhomedircon patches from Dan Walsh.
|
|
|
|
1.29.9 2006-01-19
|
|
* Merged chcat, semanage, and setsebool patches from Dan Walsh.
|
|
|
|
1.29.8 2006-01-18
|
|
* Merged semanage fixes from Ivan Gyurdiev.
|
|
* Merged semanage fixes from Russell Coker.
|
|
* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
|
|
|
|
1.29.7 2006-01-13
|
|
* Merged newrole cleanup patch from Steve Grubb.
|
|
* Merged setfiles/restorecon performance patch from Russell Coker.
|
|
* Merged genhomedircon and semanage patches from Dan Walsh.
|
|
|
|
1.29.6 2006-01-12
|
|
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
|
|
|
|
1.29.5 2006-01-05
|
|
* Added filename to semodule error reporting.
|
|
|
|
1.29.4 2006-01-05
|
|
* Merged genhomedircon and semanage patch from Dan Walsh.
|
|
* Changed semodule error reporting to include argv[0].
|
|
|
|
1.29.3 2006-01-04
|
|
* Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
|
|
* Merged patch series from Ivan Gyurdiev.
|
|
This includes patches to:
|
|
- cleanup setsebool
|
|
- update setsebool to apply active booleans through libsemanage
|
|
- update semodule to use the new semanage_set_rebuild() interface
|
|
- fix various bugs in semanage
|
|
* Merged patch from Dan Walsh (Red Hat).
|
|
This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
|
|
and semanage.
|
|
|
|
1.29.2 2005-12-14
|
|
* Merged patch for chcat script from Dan Walsh.
|
|
|
|
1.29.1 2005-12-08
|
|
* Merged fix for audit2allow long option list from Dan Walsh.
|
|
* Merged -r option for restorecon (alias for -R) from Dan Walsh.
|
|
* Merged chcat script and man page from Dan Walsh.
|
|
|
|
1.28 2005-12-07
|
|
* Updated version for release.
|
|
|
|
1.27.37 2005-12-07
|
|
* Clarified the genhomedircon warning message.
|
|
|
|
1.27.36 2005-12-05
|
|
* Changed genhomedircon to warn on use of ROLE in homedir_template
|
|
if using managed policy, as libsemanage does not yet support it.
|
|
|
|
1.27.35 2005-12-02
|
|
* Merged genhomedircon bug fix from Dan Walsh.
|
|
|
|
1.27.34 2005-12-02
|
|
* Revised semodule* man pages to refer to checkmodule and
|
|
to include example sections.
|
|
|
|
1.27.33 2005-12-01
|
|
* Merged audit2allow --tefile and --fcfile support from Dan Walsh.
|
|
* Merged genhomedircon fix from Dan Walsh.
|
|
* Merged semodule* man pages from Dan Walsh, and edited them.
|
|
|
|
1.27.32 2005-12-01
|
|
* Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
|
|
retain validation/canonicalization of contexts during init.
|
|
|
|
1.27.31 2005-11-29
|
|
* Changed genhomedircon to always use user_r for the role in the
|
|
managed case since user_get_defrole is broken.
|
|
|
|
1.27.30 2005-11-29
|
|
* Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
|
|
* Fixed semodule -v option.
|
|
|
|
1.27.29 2005-11-28
|
|
* Merged audit2allow python script from Dan Walsh.
|
|
(old script moved to audit2allow.perl, will be removed later).
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Merged semodule quieting patch from Dan Walsh
|
|
(inverts default, use -v to restore original behavior).
|
|
|
|
1.27.28 2005-11-15
|
|
* Merged genhomedircon rewrite from Dan Walsh.
|
|
|
|
1.27.27 2005-11-09
|
|
* Merged setsebool cleanup patch from Ivan Gyurdiev.
|
|
|
|
1.27.26 2005-11-09
|
|
* Added -B (--build) option to semodule to force a rebuild.
|
|
|
|
1.27.25 2005-11-08
|
|
* Reverted setsebool patch to call semanage_set_reload_bools().
|
|
* Changed setsebool to disable policy reload and to call
|
|
security_set_boolean_list to update the runtime booleans.
|
|
|
|
1.27.24 2005-11-08
|
|
* Changed setfiles -c to use new flag to set_matchpathcon_flags()
|
|
to disable context translation by matchpathcon_init().
|
|
|
|
1.27.23 2005-11-07
|
|
* Changed setfiles for the context canonicalization support.
|
|
|
|
1.27.22 2005-11-07
|
|
* Changed setsebool to call semanage_is_managed() interface
|
|
and fall back to security_set_boolean_list() if policy is
|
|
not managed.
|
|
|
|
1.27.21 2005-11-07
|
|
* Merged setsebool memory leak fix from Ivan Gyurdiev.
|
|
* Merged setsebool patch to call semanage_set_reload_bools()
|
|
interface from Ivan Gyurdiev.
|
|
|
|
1.27.20 2005-11-04
|
|
* Merged setsebool patch from Ivan Gyurdiev.
|
|
This moves setsebool from libselinux/utils to policycoreutils,
|
|
and rewrites it to use libsemanage for permanent boolean changes.
|
|
|
|
1.27.19 2005-10-25
|
|
* Merged semodule support for reload, noreload, and store options
|
|
from Joshua Brindle.
|
|
* Merged semodule_package rewrite from Joshua Brindle.
|
|
|
|
1.27.18 2005-10-20
|
|
* Cleaned up usage and error messages and releasing of memory by
|
|
semodule_* utilities.
|
|
|
|
1.27.17 2005-10-20
|
|
* Corrected error reporting by semodule.
|
|
|
|
1.27.16 2005-10-19
|
|
* Updated semodule_expand for change to sepol interface.
|
|
|
|
1.27.15 2005-10-19
|
|
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
|
1.27.14 2005-10-18
|
|
* Updated semodule_package for sepol interface changes.
|
|
|
|
1.27.13 2005-10-17
|
|
* Updated semodule_expand/link for sepol interface changes.
|
|
|
|
1.27.12 2005-10-14
|
|
* Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
|
|
|
|
1.27.11 2005-10-13
|
|
* Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
|
|
|
|
1.27.10 2005-10-13
|
|
* Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
|
|
|
|
1.27.9 2005-10-13
|
|
* Merged fixfiles patch from Dan Walsh (Red Hat).
|
|
|
|
1.27.8 2005-10-13
|
|
* Updated semodule for removal of semanage_strerror.
|
|
|
|
1.27.7 2005-10-11
|
|
* Updated semodule_link and semodule_expand to use shared libsepol.
|
|
Fixed audit2why to call policydb_init prior to policydb_read (still
|
|
uses the static libsepol).
|
|
|
|
1.27.6 2005-10-07
|
|
* Updated for changes to libsepol.
|
|
Changed semodule and semodule_package to use the shared libsepol.
|
|
Disabled build of semodule_link and semodule_expand for now.
|
|
Updated audit2why for relocated policydb internal headers,
|
|
still needs to be converted to a shared lib interface.
|
|
|
|
1.27.5 2005-10-06
|
|
* Fixed warnings in load_policy.
|
|
|
|
1.27.4 2005-10-06
|
|
* Rewrote load_policy to use the new selinux_mkload_policy()
|
|
interface provided by libselinux.
|
|
|
|
1.27.3 2005-09-28
|
|
* Merged patch to update semodule to the new libsemanage API
|
|
and improve the user interface from Karl MacMillan (Tresys).
|
|
* Modified semodule for the create/connect API split.
|
|
|
|
1.27.2 2005-09-20
|
|
* Merged run_init open_init_pty bug fix from Manoj Srivastava
|
|
(unblock SIGCHLD). Bug reported by Erich Schubert.
|
|
|
|
1.27.1 2005-09-20
|
|
* Merged error shadowing bug fix for restorecon from Dan Walsh.
|
|
* Merged setfiles usage/man page update for -r option from Dan Walsh.
|
|
* Merged fixfiles -C patch to ignore :s0 addition on update
|
|
to a MCS/MLS policy from Dan Walsh.
|
|
|
|
1.26 2005-09-06
|
|
* Updated version for release.
|
|
|
|
1.25.9 2005-08-31
|
|
* Changed setfiles -c to translate the context to raw format
|
|
prior to calling libsepol.
|
|
|
|
1.25.8 2005-08-31
|
|
* Changed semodule to report errors even without -v,
|
|
to detect extraneous arguments, and corrected usage message.
|
|
|
|
1.25.7 2005-08-25
|
|
* Merged patch for fixfiles -C from Dan Walsh.
|
|
|
|
1.25.6 2005-08-22
|
|
* Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
|
|
Bugs found by Coverity.
|
|
|
|
1.25.5 2005-08-02
|
|
* Merged patch to move module read/write code from libsemanage
|
|
to libsepol from Jason Tang (Tresys).
|
|
|
|
1.25.4 2005-07-27
|
|
* Changed semodule* to link with libsemanage.
|
|
|
|
1.25.3 2005-07-26
|
|
* Merged restorecon patch from Ivan Gyurdiev.
|
|
|
|
1.25.2 2005-07-11
|
|
* Merged load_policy, newrole, and genhomedircon patches from Red Hat.
|
|
|
|
1.25.1 2005-07-06
|
|
* Merged loadable module support from Tresys Technology.
|
|
|
|
1.24 2005-06-20
|
|
* Updated version for release.
|
|
|
|
1.23.11 2005-05-19
|
|
* Merged fixfiles and newrole patch from Dan Walsh.
|
|
* Merged audit2why man page from Dan Walsh.
|
|
|
|
1.23.10 2005-05-16
|
|
* Extended audit2why to incorporate booleans and local user
|
|
settings when analyzing audit messages.
|
|
|
|
1.23.9 2005-05-13
|
|
* Updated audit2why for sepol_ prefixes on Flask types to
|
|
avoid namespace collision with libselinux, and to
|
|
include <selinux/selinux.h> now.
|
|
|
|
1.23.8 2005-05-13
|
|
* Added audit2why utility.
|
|
|
|
1.23.7 2005-04-29
|
|
* Merged patch for fixfiles from Dan Walsh.
|
|
Allow passing -F to force reset of customizable contexts.
|
|
|
|
1.23.6 2005-04-13
|
|
* Fixed signed/unsigned pointer bug in load_policy.
|
|
* Reverted context validation patch for genhomedircon.
|
|
|
|
1.23.5 2005-04-12
|
|
* Reverted load_policy is_selinux_enabled patch from Dan Walsh.
|
|
Otherwise, an initial policy load cannot be performed using
|
|
load_policy, e.g. for anaconda.
|
|
|
|
1.23.4 2005-04-08
|
|
* Merged load_policy is_selinux_enabled patch from Dan Walsh.
|
|
* Merged restorecon verbose output patch from Dan Walsh.
|
|
* Merged setfiles altroot patch from Chris PeBenito.
|
|
|
|
1.23.3 2005-03-17
|
|
* Merged context validation patch for genhomedircon from Eric Paris.
|
|
|
|
1.23.2 2005-03-16
|
|
* Changed setfiles -c to call set_matchpathcon_flags(3) to
|
|
turn off processing of .homedirs and .local.
|
|
|
|
1.23.1 2005-03-14
|
|
* Merged rewrite of genhomedircon by Eric Paris.
|
|
* Changed fixfiles to relabel jfs since it now supports security xattrs
|
|
(as of 2.6.11). Removed reiserfs until 2.6.12 is released with
|
|
fixed support for reiserfs and selinux.
|
|
|
|
1.22 2005-03-09
|
|
* Updated version for release.
|
|
|
|
1.21.22 2005-03-07
|
|
* Merged restorecon and genhomedircon patch from Dan Walsh.
|
|
|
|
1.21.21 2005-02-28
|
|
* Merged load_policy and genhomedircon patch from Dan Walsh.
|
|
|
|
1.21.20 2005-02-24
|
|
* Merged fixfiles and genhomedircon patch from Dan Walsh.
|
|
|
|
1.21.19 2005-02-22
|
|
* Merged several fixes from Ulrich Drepper.
|
|
|
|
1.21.18 2005-02-18
|
|
* Changed load_policy to fall back to the original policy upon
|
|
an error from sepol_genusers().
|
|
|
|
1.21.17 2005-02-17
|
|
* Merged new genhomedircon script from Dan Walsh.
|
|
|
|
1.21.16 2005-02-17
|
|
* Changed load_policy to call sepol_genusers().
|
|
|
|
1.21.15 2005-02-09
|
|
* Changed relabel Makefile target to use restorecon.
|
|
|
|
1.21.14 2005-02-08
|
|
* Merged restorecon patch from Dan Walsh.
|
|
|
|
1.21.13 2005-02-07
|
|
* Merged sestatus patch from Dan Walsh.
|
|
* Merged further change to fixfiles -C from Dan Walsh.
|
|
|
|
1.21.12 2005-02-02
|
|
* Merged further patches for restorecon/setfiles -e and fixfiles -C.
|
|
|
|
1.21.11 2005-02-02
|
|
* Merged patch for fixfiles -C option from Dan Walsh.
|
|
* Merged patch -e support for restorecon from Dan Walsh.
|
|
* Merged updated -e support for setfiles from Dan Walsh.
|
|
|
|
1.21.10 2005-01-31
|
|
* Merged patch for open_init_pty from Manoj Srivastava.
|
|
|
|
1.21.9 2005-01-28
|
|
* Merged updated fixfiles script from Dan Walsh.
|
|
* Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
|
|
* Reverted fixfiles patch for file_contexts.local;
|
|
obsoleted by setfiles rewrite.
|
|
* Merged error handling patch for restorecon from Dan Walsh.
|
|
* Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
|
|
|
|
1.21.8 2005-01-28
|
|
* Rewrote setfiles to use matchpathcon and the new interfaces
|
|
exported by libselinux (>= 1.21.5).
|
|
|
|
1.21.7 2005-01-27
|
|
* Prevent overflow of spec array in setfiles.
|
|
|
|
1.21.6 2005-01-27
|
|
* Merged genhomedircon STARTING_UID bug fix from Dan Walsh.
|
|
|
|
1.21.5 2005-01-26
|
|
* Merged newrole -l support from Darrel Goeddel (TCS).
|
|
|
|
1.21.4 2005-01-25
|
|
* Merged fixfiles patch for file_contexts.local from Dan Walsh.
|
|
|
|
1.21.3 2005-01-21
|
|
* Fixed restorecon to not treat errors from is_context_customizable()
|
|
as a customizable context.
|
|
* Merged setfiles/restorecon patch to not reset user field unless
|
|
-F option is specified from Dan Walsh.
|
|
|
|
1.21.2 2005-01-21
|
|
* Merged open_init_pty helper for run_init from Manoj Srivastava.
|
|
* Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
|
|
|
|
1.21.1 2005-01-19
|
|
* Merged customizable contexts patch for restorecon/setfiles from Dan Walsh.
|
|
|
|
1.20 2005-01-06
|
|
* Merged fixfiles rewrite from Dan Walsh.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Merged fixfiles and restorecon patches from Dan Walsh.
|
|
* Changed restorecon to ignore ENOENT errors from matchpathcon.
|
|
* Merged nonls patch from Chris PeBenito.
|
|
* Removed fixfiles.cron.
|
|
* Merged run_init.8 patch from Dan Walsh.
|
|
|
|
1.18 2004-11-01
|
|
* Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh.
|
|
* Merged sestatus patch from Steve Grubb.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
* Added -l option to setfiles to log changes via syslog.
|
|
* Merged -e option to setfiles to exclude directories.
|
|
* Merged -R option to restorecon for recursive descent.
|
|
* Merged sestatus patch from Steve Grubb via Dan Walsh.
|
|
* Merged load_policy and fixfiles.cron patches from Dan Walsh.
|
|
* Merged fix for setfiles context validation patch from Colin Walters.
|
|
* Merged setfiles context validation patch from Colin Walters.
|
|
* Merged genhomedircon patch from Russell Coker.
|
|
* Merged restorecon patch from Russell Coker.
|
|
|
|
1.16 2004-08-13
|
|
* Merged audit2allow fix from Tom London.
|
|
* Merged load_policy man page from Dan Walsh.
|
|
* Merged newrole bug fix from Chad Hanson.
|
|
* Changed load_policy to preserve booleans by default.
|
|
* Changed load_policy to invoke sepol_genbools() instead.
|
|
* Changed load_policy to also invoke security_load_booleans().
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Changed restorecon to use realpath.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
* Merged genhomedircon patch from Russell Coker and Dan Walsh.
|
|
* Merged fixfiles patch and fixfiles.cron script from Dan Walsh.
|
|
* Merged stat fix for setfiles -s from Russell Coker.
|
|
|
|
1.14 2004-06-25
|
|
* Merged fix for fixfiles.
|
|
* Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh.
|
|
* Merged updated genhomedircon script from Russell Coker.
|
|
* Merged run_init patch to find initrc_context from Dan Walsh.
|
|
* Merged fixfiles patch for /etc/selinux from Dan Walsh.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
|
|
1.12 2004-05-10
|
|
* Merged newrole patch from Colin Walters.
|
|
* Merged fixfiles from Dan Walsh.
|
|
|
|
1.10 2004-04-05
|
|
* Changed setfiles to not abort upon lsetfilecon failures.
|
|
* Merged sestatus from Chris PeBenito.
|
|
* Merged fixes for restorecon.
|
|
* Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Revert add_assoc change from setfiles.
|
|
* Moved restorecon to /sbin.
|
|
* Disable add_assoc in setfiles by default, use -a to enable.
|
|
* Merged genhomedircon patch from Dan Walsh.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Merged setfiles buffer size change from Dan Walsh.
|
|
* Merged genhomedircon fix from Karl MacMillan of Tresys.
|
|
This generates separate lines for each prefix.
|
|
|
|
1.8 2004-03-09
|
|
* Merged genhomedircon patch from Karl MacMillan of Tresys.
|
|
* Removed checkcon script (obsoleted by restorecon -nv).
|
|
* Replaced restorecon script with C program from Dan Walsh.
|
|
Uses the new matchpathcon function from libselinux.
|
|
|
|
1.6 2004-02-18
|
|
* Fixed setfiles sorting problem reported by Colin Walters.
|
|
* Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker.
|
|
* Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh.
|
|
* Quiet warning about duplicate same specifications if -q is used.
|
|
* Fixed usage message of audit2allow.
|
|
|
|
1.4 2003-12-01
|
|
* Merged patch from Russell Coker.
|
|
* Added audit2allow (formerly newrules.pl from policy).
|
|
* Dropped -lattr from Makefiles.
|
|
* Merged setfiles check type first patch by Russell Coker.
|
|
|
|
1.2 2003-09-30
|
|
* Merged run_init close file patch from Chris PeBenito.
|
|
* Merged setfiles stem compression patch by Russell Coker.
|
|
* Merged setfiles usage/getopt/err patch by Russell Coker.
|
|
* Merged setfiles altroot patch by Hardened Gentoo team.
|
|
* Merged i18n patch by Dan Walsh.
|
|
* Changed Makefiles to allow non-root rpm builds.
|
|
|
|
1.1 2003-08-13
|
|
* Dropped obsolete psid code from setfiles.
|
|
|
|
1.0 2003-07-11
|
|
* Initial public release.
|
|
|