mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-12 17:15:00 +00:00
0cea223d33
Intentionally jumping versions in sepolgen to make it consistent with the rest. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1515 lines
56 KiB
Plaintext
1515 lines
56 KiB
Plaintext
2.6-rc1 2016-09-30
|
|
* setfiles: reverse the sense of -D option, from Stephen Smalley.
|
|
* setfiles ignore restorecon_xattr in git, from Nicolas Iooss.
|
|
* sandbox: Use dbus-run-session instead of dbus-launch when available, from Laurent Bigonville.
|
|
* setfiles: Utility to find security.restorecon_last entries, from Richard Haines.
|
|
* setfiles: Add option to stop setting the digest, from Richard Haines.
|
|
* hll/pp: Change warning for module name not matching filename to match new behavior, from Petr Lautrbach.
|
|
* Remove LDFLAGS from CFLAGS, from Nicolas Iooss.
|
|
* sepolicy: convert to setools4, from Jason Zaman.
|
|
* sandbox: create a new session for sandboxed processes, from Petr Lautrbach.
|
|
* sandbox: do not try to setup directories without -X or -M, from Petr Lautrbach.
|
|
* sandbox: do not run xmodmap in a new X session, from Petr Lautrbach.
|
|
* sandbox: Use GObject introspection binding instead of pygtk2, from Petr Lautrbach and Laurent Bigonville.
|
|
* sandbox: fix file labels on copied files, from Petr Lautrbach.
|
|
* sandbox: tests - close stdout of p1, from Petr Lautrbach.
|
|
* sandbox: tests - use sandbox from cwd, from Petr Lautrbach.
|
|
* audit2allow: tests should use local copy not system, from Jason Zaman.
|
|
* audit2allow: fix audit2why import from seobject, from Jason Zaman.
|
|
* audit2allow: remove audit2why so that it gets symlinked, from Jason Zaman.
|
|
* semanage: fix man page and help message for import option, from AJ.
|
|
* semanage: fix error message for fcontext -m, from Miroslav Vadkerti.
|
|
* semanage: Fix semanage fcontext -D, from Stephen Smalley.
|
|
* semanage: Correct fcontext auditing, from Miroslav Vadkerti.
|
|
* semanage: Default serange to "s0" for port modify, from Miroslav Vadkerti.
|
|
* semanage: Use socket.getprotobyname for protocol, from Miroslav Vadkerti.
|
|
* restorecond: Modify to use selinux_restorecon, from Richard Haines.
|
|
* setfiles: Modify to use selinux_restorecon, from Richard Haines.
|
|
* semanage: fix modify action in node and interface, from Miroslav Vadkerti.
|
|
* fixfiles: Pass -n to restorecon for fixfiles check, from Petr Lautrbach.
|
|
* sepolicy: Check get_rpm_nvr_list() return value, from Vit Mojzis.
|
|
* Don't use subprocess.getstatusoutput() in Python 2 code, from Petr Lautrbach.
|
|
* semanage: Add auditing of changes in records, from Miroslav Vadkerti.
|
|
* Improve compatibility with Python 3, from Jason Zaman.
|
|
* Remove unused 'q' from semodule getopt string, from Petr Lautrbach.
|
|
* Remove unused autoconf files from po/, from Petr Lautrbach.
|
|
* Remove duplicate, empty translation files, from Piotr Drąg.
|
|
* open_init_pty: Do not error on EINTR, from Jason Zaman.
|
|
* Fix [-s STORE] typos in semanage, from Petr Lautrbach.
|
|
* Update sandbox types in sandbox manual, from Michael De La Rue.
|
|
* Fix typos in semanage manpages, from Philipp Gesang.
|
|
* Fix the documentation of -l,--list for semodule, from Petr Lautrbach.
|
|
* Minor fix in a French translation, from Laurent Bigonville.
|
|
* Fix the extract example in semodule.8, from Petr Lautrbach.
|
|
* Update sandbox.8 man page, from Petr Lautrbach.
|
|
* Remove typos from chcat --help, from Petr Lautrbach.
|
|
* Fix multiple spelling errors, from Laurent Bigonville.
|
|
* hll/pp: Warn if module name different than output filename, from James Carter
|
|
|
|
2.5 2016-02-23
|
|
* sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss.
|
|
* sepolicy: Rename policy global variable conflict, from Nicolas Iooss.
|
|
* newrole: Add missing defined in #if, from Nicolas Iooss.
|
|
* newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec.
|
|
* secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec
|
|
* semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach.
|
|
* chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville.
|
|
* semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach.
|
|
* semanage: replace string.join() with str.join(), from Petr Lautrbach.
|
|
* Man page warning fixes, from Ville Skyttä.
|
|
* sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl.
|
|
* semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach.
|
|
* sepolicy: Improve sepolicy command line interface, from Petr Lautrbach.
|
|
* audit2allow/why: ignore setlocale errors, from Petr Lautrbach.
|
|
* semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy.
|
|
* audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach.
|
|
* Fix PEP8 issues, from Jason Zaman.
|
|
* semanage: fix moduleRecords deleteall method, from Stephen Smalley.
|
|
* Improve compatibility with Python 3, from Michal Srb.
|
|
* semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville.
|
|
* semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach.
|
|
* sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen.
|
|
* mcstransd: don't reinvent getpeercon, from Stephen Smalley.
|
|
* setfiles/restorecon: fix -r/-R option, from Petr Lautrbach.
|
|
* org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley.
|
|
* hll: Move core functions of pp to libsepol, from James Carter
|
|
* run_init: Use a ring buffer in open_init_pty, from Jason Zaman.
|
|
* run_init: fix open_init_pty availability check, from Nicolas Iooss.
|
|
* Widen Xen IOMEM context entries, from Daniel De Graaf.
|
|
* Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
|
|
* Fixed typo/grammatical error, from Christopher Peterson.
|
|
* Fix typo in semanage-port man page, from Andrew Spiers.
|
|
|
|
2.4 2015-02-02
|
|
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
|
|
* Improve support for building with different versions of python from
|
|
Nicolas Iooss.
|
|
* Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare,
|
|
from Dan Walsh
|
|
* Remove cgroups from sandbox, from Dan Walsh
|
|
* Try to use setcurrent before setexec in seunshare, from Andy Lutomirski
|
|
* Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley
|
|
* Add a store root path in semodule, from Yuli Khodorkovskiy
|
|
* Add a flag to ignore cached CIL files and recompile HLL modules, from
|
|
Yuli Khodorkovskiy
|
|
* Add and install HLL compiler for policy packages to CIL. The compiler is
|
|
installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence
|
|
* Fixes to pp compiler to better support roles and type attributes, from
|
|
Yuli Khodorkovskiy
|
|
* Deprecate base/upgrade/version in semodule. Calling these commands will
|
|
now call --install on the backend, from Yuli Khodorkovskiy
|
|
* Add ability to install modules with a specified priority, from Caleb
|
|
Case
|
|
* Use /tmp for permissive module creation, by Caleb Case
|
|
* Update semanage to use new source policy infrastructure, from Jason Dana
|
|
* Add RuntimeDirectory to mcstrans systemd unit file, from Laurent
|
|
Bigonville
|
|
|
|
2.3 2014-05-06
|
|
* Add -P semodule option to man page from Dan Walsh.
|
|
* selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
|
|
* Add new icons for sepolicy gui from Dan Walsh.
|
|
* Only return writeable files that are enabled from Dan Walsh.
|
|
* Add domain to short list of domains, when -t and -d from Dan Walsh.
|
|
* Fix up desktop files to match current standards from Dan Walsh.
|
|
* Add support to return sensitivities and categories for python from Dan Walsh.
|
|
* Cleanup whitespace from Dan Walsh.
|
|
* Add message to tell user to install sandbox policy from Dan Walsh.
|
|
* Add systemd unit file for mcstrans from Laurent Bigonville.
|
|
* Improve restorecond systemd unit file from Laurent Bigonville.
|
|
* Minor man pages improvements from Laurent Bigonville.
|
|
|
|
2.2.5 2013-12-09
|
|
* Ignore selevel/serange if MLS is disabled from Sven Vermeulen.
|
|
|
|
2.2.4 2013-11-26
|
|
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
|
|
|
|
2.2.3 2013-11-13
|
|
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
|
|
* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
|
|
|
|
2.2.2 2013-11-06
|
|
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
|
|
|
|
2.2.1 2013-10-31
|
|
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
|
|
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
|
|
|
|
2.2 2013-10-30
|
|
* Properly build the swig exception file from Laurent Bigonville.
|
|
* Fix man pages from Laurent Bigonville.
|
|
* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
|
|
* Fix LDFLAGS usage from Laurent Bigonville.
|
|
* Fix init_policy warning from Laurent Bigonville.
|
|
* Fix semanage logging from Laurent Bigonville.
|
|
* Open newrole stdin as read/write from Sven Vermeulen.
|
|
* Fix sepolicy transition from Sven Vermeulen.
|
|
* Support overriding CFLAGS from Simon Ruderich.
|
|
* Create correct man directory for run_init from Russell Coker.
|
|
* restorecon GLOB_BRACE change from Michal Trunecka.
|
|
* Extend audit2why to report additional constraint information.
|
|
* Catch IOError errors within audit2allow from Dan Walsh.
|
|
* semanage export/import fixes from Dan Walsh.
|
|
* Improve setfiles progress reporting from Dan Walsh.
|
|
* Document setfiles -o option in usage from Dan Walsh.
|
|
* Change setfiles to always return -1 on failure from Dan Walsh.
|
|
* Improve setsebool error r eporting from Dan Walsh.
|
|
* Major overhaul of gui from Dan Walsh.
|
|
* Fix sepolicy handling of non-MLS policy from Dan Walsh.
|
|
* Support returning type aliases from Dan Walsh.
|
|
* Add sepolicy tests from Dan Walsh.
|
|
* Add org.selinux.config.policy from Dan Walsh.
|
|
* Improve range and user input checking by semanage from Dan Walsh.
|
|
* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
|
|
* Allow use of <<none>> for semanage fcontext from Dan Walsh.
|
|
* Report customized user levels from Dan Walsh.
|
|
* Support deleteall for restoring disabled modules from Dan Walsh.
|
|
* Improve semanage error reporting from Dan Walsh.
|
|
* Only list disabled modules for module locallist from Dan Walsh.
|
|
* Fix logging from Dan Walsh.
|
|
* Define new constants for file type character codes from Dan Walsh.
|
|
* Improve bash completions from Dan Walsh.
|
|
* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
|
|
* Add semanage tests from Dan Walsh.
|
|
* Split semanage man pages from Dan Walsh.
|
|
* Move bash completion scripts from Dan Walsh.
|
|
* Replace genhomedircon script with a link to semodule from Dan Walsh.
|
|
* Fix fixfiles from Dan Walsh.
|
|
* Add support for systemd service for restorecon from Dan Walsh.
|
|
* Spelling corrections from Dan Walsh.
|
|
* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
|
|
* Switch sandbox to openbox window manager from Dan Walsh.
|
|
* Coalesce audit2why and audit2allow from Dan Walsh.
|
|
* Change audit2allow to append to output file from Dan Walsh.
|
|
* Update translations from Dan Walsh.
|
|
* Change audit2why to use selinux_current_policy_path from Dan Walsh.
|
|
|
|
2.1.14 2013-02-01
|
|
* setfiles: estimate percent progress
|
|
* load_policy: make link at the destination directory
|
|
* Rebuild polgen.glade with glade-3
|
|
* sepolicy: new command to unite small utilities
|
|
* sepolicy: Update Makefiles and po files
|
|
* sandbox: use sepolicy to look for sandbox_t
|
|
* gui: switch to use sepolicy
|
|
* gui: sepolgen: use sepolicy to generate
|
|
* semanage: use sepolicy for boolean dictionary
|
|
* add po file configuration information
|
|
* po: stop running update-po on all
|
|
* semanage: seobject verify policy types before allowing you to assign them.
|
|
* gui: Start using Popen, instead of os.spawnl
|
|
* sandbox: Copy /var/tmp to /tmp as they are the same inside
|
|
* qualifier to shred content
|
|
* semanage: Fix handling of boolean_sub names when using the -F flag
|
|
* semanage: man: roles instead of role
|
|
* gui: system-config-selinux: Catch no DISPLAY= error
|
|
* setfiles: print error if no default label found
|
|
* semanage: list logins file entries in semanage login -l
|
|
* semanage: good error message is sepolgen python module missing
|
|
* gui: system-config-selinux: do not use lokkit
|
|
* secon: add support for setrans color information in prompt output
|
|
* restorecond: remove /etc/mtab from default list
|
|
* gui: If you are not able to read enforcemode set it to False
|
|
* genhomedircon: regenerate genhomedircon more often
|
|
* restorecond: Add /etc/udpatedb.conf to restorecond.conf
|
|
* genhomedircon generation to allow spec file to pass in SEMODULE_PATH
|
|
* fixfiles: relabel only after specific date
|
|
* po: update translations
|
|
* sandbox: seunshare: do not reassign realloc value
|
|
* seunshare: do checking on setfsuid
|
|
* sestatus: rewrite to shut up coverity
|
|
|
|
2.1.13 2012-09-13
|
|
* genhomedircon: manual page improvements
|
|
* setfiles/restorecon minor improvements
|
|
* run_init: If open_init_pty is not available then just use exec
|
|
* newrole: do not drop capabilities when newrole is run as
|
|
* restorecon: only update type by default
|
|
* scripts: Don't syslog setfiles changes on a fixfiles restore
|
|
* setfiles: do not syslog if no changes
|
|
* Disable user restorecond by default
|
|
* Make restorecon return 0 when a file has changed context
|
|
* setfiles: Fix process_glob error handling
|
|
* semanage: allow enable/disable under -m
|
|
* add .tx to gitignore
|
|
* translations: commit translations from Fedora community
|
|
* po: silence build process
|
|
* gui: Checking in policy to support polgengui and sepolgen.
|
|
* gui: polgen: search for systemd subpackage when generating policy
|
|
* gui: for exploring booleans
|
|
* gui: system-config-selinux gui
|
|
* Add Makefiles to support new gui code
|
|
* gui: remove lockdown wizard
|
|
* return equivalency records in fcontext customized
|
|
* semanage: option to not load new policy into kernel after
|
|
* sandbox: manpage update to describe standard types
|
|
* setsebool: -N should not reload policy on changes
|
|
* semodule: Add -N qualifier to no reload kernel policy
|
|
* gui: polgen: sort selinux types of user controls
|
|
* gui: polgen: follow symlinks and get the real path to
|
|
* gui: Fix missing error function
|
|
* setfiles: return errors when bad paths are given
|
|
* fixfiles: tell restorecon to ignore missing paths
|
|
* setsebool: error when setting multiple options
|
|
* semanage: use boolean subs.
|
|
* sandbox: Make sure Xephyr never listens on tcp ports
|
|
* sepolgen: return and output constraint violation information
|
|
* semanage: skip comments while reading external configuration files
|
|
* restorecond: relabel all mount runtime files in the restorecond example
|
|
* genhomedircon: dynamically create genhomedircon
|
|
|
|
2.1.12 2012-06-28
|
|
* restorecond: wrong options should exit with non-zero error code
|
|
* restorecond: Add -h option to get usage command
|
|
* resorecond: user: fix fd leak
|
|
* mcstrans: add -f to run in foreground
|
|
* semanage: fix man page range and level defaults
|
|
* semanage: bash completion for modules should include -a,-m, -d
|
|
* semanage: manpage update for -e
|
|
* semanage: dontaudit off should work
|
|
* semanage: locallist option does not take an argument
|
|
* sepolgen: Make use of setools optional within sepolgen
|
|
|
|
2.1.11 2012-03-28
|
|
* sandbox: do not propogate inside mounts outside
|
|
* sandbox: Removing sandbox init script, should no longer be necessary
|
|
* restorecond: Stop using deprecated interfaces for g_io
|
|
* semanage: proper auditting of user changes for LSPP
|
|
* semanage: audit message to show what record(s) and item(s) have chaged
|
|
* scripts: Update Makefiles to handle /usrmove
|
|
* mcstrans: Version should have been bumped on last check in
|
|
* seunshare: Only drop caps not the Bounding Set from seunshare
|
|
* Add bash-completion scripts for setsebool and semanage
|
|
* newrole: Use correct capng calls in newrole
|
|
* Fix infinite loop with inotify on 2.6.31 kernels
|
|
* fix ftbfs with hardening flags
|
|
* Only run setfiles if we found read-write filesystems to run it on
|
|
* update .po files
|
|
* remove empty po files
|
|
* do not fail to install if unable to make load_policy lnk file
|
|
|
|
2.1.10 2011-12-21
|
|
* Remove excess whitespace
|
|
* sandbox: Add back in . functions to sandbox.init script
|
|
* Fix Makefile to match other policycoreutils Makefiles
|
|
* semanage: drop unused translation getopt
|
|
|
|
2.1.9 2011-12-05
|
|
* sandbox: move sandbox.conf.5 to just sandbox.5
|
|
* po: Makefile use -p to preserve times to allow multilib simultatious installs
|
|
* of po files
|
|
* sandbox: Allow user to specify the DPI value for X in a sandbox
|
|
* sandbox: make sure the domain launching sandbox has at least 100 categories
|
|
* sandbox: do not try forever to find available category set
|
|
* sandbox: only complain if sandbox unable to launch
|
|
* sandbox: init script run twice is still successful
|
|
* semanage: print local and dristo equiv rules
|
|
* semanage: check file equivalence rules for conflict
|
|
* semanage: Make sure semanage fcontext -l -C prints even if local keys
|
|
* are not defined
|
|
* semanage: change src,dst to target,substitute for equivalency
|
|
* sestatus: Updated sestatus and man pages.
|
|
* Added SELinux config file man page.
|
|
* add clean target to man Makefile
|
|
|
|
2.1.8 2011-11-03
|
|
* sandbox: Maintain the LANG environment into the sandbox
|
|
* audit2allow: use audit2why internally
|
|
* fixfiles: label /root but not /var/lib/BackupPC
|
|
* semanage: update local boolean settings is dealing with localstore
|
|
* semanage: missing modify=True
|
|
* semanage: set modified correctly
|
|
* restorecond: make restorecond dbuss-able
|
|
* restorecon: Always check return code on asprintf
|
|
* restorecond: make restorecond -u exit when terminal closes
|
|
* sandbox: introduce package name and language stuff
|
|
* semodule_package: remove semodule_unpackage on clean
|
|
* fix sandbox Makefile to support DESTDIR
|
|
* semanage: Add -o description to the semanage man page
|
|
* make use of the new realpath_not_final function
|
|
* setfiles: close /proc/mounts file when finished
|
|
* semodule: Document semodule -p in man page
|
|
* setfiles: fix use before initialized
|
|
* restorecond: Add .local/share as a directory to watch
|
|
|
|
2.1.7 2011-09-27
|
|
* semanage: fix indentation error in seobject
|
|
|
|
2.1.6 2011-09-15
|
|
* sepolgen-ifgen: new attr-helper does something
|
|
* audit2allow: use alternate policy file
|
|
* audit2allow: sepolgen-ifgen use the attr helper
|
|
* setfiles: switch from stat to stat64
|
|
* setfiles: Fix potential crash using dereferenced ftsent
|
|
* setfiles: do not wrap * output at 80 characters
|
|
* sandbox: add -Wall and -Werror to makefile
|
|
* sandbox: add sandbox cgroup support
|
|
* sandbox: rewrite /tmp handling
|
|
* sandbox: do not bind mount so much
|
|
* sandbox: add level based kill option
|
|
* sandbox: cntrl-c should kill entire process control group
|
|
* Create a new preserve_tunables flag in sepol_handle_t.
|
|
* semanage: show running and disk setting for booleans
|
|
* semanage: Dont print heading if no items selected
|
|
* sepolgen: audit2allow is mistakakenly not allowing valid module names
|
|
* semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled
|
|
* More files to ignore
|
|
* tree: default make target to all not install
|
|
* sandbox: do not load unused generic init functions
|
|
|
|
2.1.5 2011-08-26
|
|
* setfiles: Fix process_glob to handle error situations
|
|
* sandbox: Allow seunshare to run as root
|
|
* sandbox: trap sigterm to make sure sandbox
|
|
* sandbox: pass DPI from the desktop
|
|
* sandbox: seunshare: introduce helper spawn_command
|
|
* sandbox: seunshare: introduce new filesystem helpers
|
|
* sandbox: add -C option to not drop
|
|
* sandbox: split seunshare caps dropping
|
|
* sandbox: use dbus-launch
|
|
* sandbox: numerous simple updates to sandbox
|
|
* sandbox: do not require selinux context
|
|
* sandbox: Makefile: new man pages
|
|
* sandbox: rename dir to srcdir
|
|
* sandbox: allow users specify sandbox window size
|
|
* sandbox: check for paths up front
|
|
* sandbox: use defined values for paths rather
|
|
* sandbox: move seunshare globals to the top
|
|
* sandbox: whitespace fix
|
|
* semodule_package: Add semodule_unpackage executable
|
|
* setfiles: get rid of some stupid globals
|
|
* setfiles: move exclude_non_seclabel_mounts to a generic location
|
|
|
|
2.1.4 2011-08-17
|
|
* run_init: clarification of the usage in the
|
|
* semanage: fix usage header around booleans
|
|
* semanage: remove useless empty lines
|
|
* semanage: update man page with new examples
|
|
* semanage: update usage text
|
|
* semanage: introduce file context equivalencies
|
|
* semanage: enable and disable modules
|
|
* semanage: output all local modifications
|
|
* semanage: introduce extraction of local configuration
|
|
* semanage: cleanup error on invalid operation
|
|
* semanage: handle being called with no arguments
|
|
* semanage: return sooner to save CPU time
|
|
* semanage: surround getopt with try/except
|
|
* semanage: use define/raise instead of lots of
|
|
* semanage: some options are only valid for
|
|
* semanage: introduce better deleteall support
|
|
* semanage: do not allow spaces in file
|
|
* semanage: distinguish between builtin and local permissive
|
|
* semanage: centralized ip node handling
|
|
* setfiles: make the restore function exclude() non-static
|
|
* setfiles: use glob to handle ~ and
|
|
* fixfiles: do not hard code types
|
|
* fixfiles: stop trying to be smart about
|
|
* fixfiles: use new kernel seclabel option
|
|
* fixfiles: pipe everything to cat before sending
|
|
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
|
|
* semodule: support for alternative root paths
|
|
|
|
2.1.3 2011-08-03
|
|
* semanage: fix indention
|
|
* semodule_package: fix man page typo
|
|
* semodule_expand: update man page with -a
|
|
* semanage: handle os errors
|
|
* semanage: fix traceback with bad options
|
|
* semanage: show usage on -h or --help
|
|
* semanage: introduce more deleteall options
|
|
* semanage: verify ports < 65536
|
|
* transaction into semanageRecords
|
|
* make get_handle a method of semanageRecords
|
|
* remove a needless blank line
|
|
* make process_one error if not initialized correctly
|
|
* fixfiles: correct usage for r_opts.rootpath
|
|
* put -p in help for restorecon and
|
|
* fixfiles: do not try to only label
|
|
* fixfiles clean up /var/run and /var/lib/debug
|
|
* fixfiles delete tmp sockets and pipes rather
|
|
* fixfile use find -delete instead of pipe
|
|
* chcat man page typo
|
|
* add man page for genhomedircon
|
|
* setfiles fix typo
|
|
* setsebool should inform users they need to
|
|
* setsebool typos
|
|
* open_init_tty man page typos
|
|
* Don't add user site directory to sys.path
|
|
* newrole retain CAP_SETPCAP
|
|
|
|
2.1.2 2011-08-02
|
|
* seunshare: define _GNU_SOURCE earlier
|
|
* make ignore_enoent do something
|
|
* restorecond: first user logged in is not noticed
|
|
* Repo: update .gitignore
|
|
|
|
2.1.1 2011-08-01
|
|
* Man page updates
|
|
* restorecon fix for bad inotify assumptions
|
|
|
|
2.1.0 2011-07-27
|
|
* Release, minor version bump
|
|
|
|
2.0.86 2011-04-11
|
|
* Use correct color range in mcstrand by Richard Haines.
|
|
|
|
2.0.85 2010-12-20
|
|
* Move newrole to use libcap-ng from Dan Walsh
|
|
|
|
2.0.84 2010-11-16
|
|
* Add mcstrans support from Ted Toth with modifications from Steve Lawrence.
|
|
|
|
2.0.83 2010-06-10
|
|
* Add sandbox support from Dan Walsh with modifications from Steve Lawrence.
|
|
|
|
2.0.82 2010-03-12
|
|
* Add avc's since boot from Dan Walsh.
|
|
|
|
2.0.81 2010-03-12
|
|
* Add dontaudit flag to audit2allow from Dan Walsh.
|
|
|
|
2.0.80 2010-03-06
|
|
* Module enable/disable support from Dan Walsh.
|
|
|
|
2.0.79 2010-01-26
|
|
* Fix double-free in newrole
|
|
|
|
2.0.78 2009-11-27
|
|
* Remove non-working OUTFILE from fixfiles from Dan Walsh.
|
|
* Additional exception handling in chcat from Dan Walsh.
|
|
|
|
2.0.77 2009-11-19
|
|
* Fixed bug preventing semanage node -a from working
|
|
from Chad Sellers
|
|
* Fixed bug preventing semanage fcontext -l from working
|
|
from Chad Sellers
|
|
|
|
2.0.76 2009-11-18
|
|
* Remove setrans management from semanage, as it does not work
|
|
from Dan Walsh.
|
|
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
|
|
|
|
2.0.75 2009-11-02
|
|
* Factor out restoring logic from setfiles.c into restore.c
|
|
|
|
2.0.74 2009-09-16
|
|
* Change semodule upgrade behavior to install even if the module
|
|
is not present from Dan Walsh.
|
|
* Make setfiles label if selinux is disabled and a seclabel aware
|
|
kernel is running from Caleb Case.
|
|
* Clarify forkpty() error message in run_init from Manoj Srivastava.
|
|
|
|
2.0.73 2009-09-04
|
|
* Add semanage dontaudit to turn off dontaudits from Dan Walsh.
|
|
* Fix semanage to set correct mode for setrans file from Dan Walsh.
|
|
* Fix malformed dictionary in portRecord from Dan Walsh.
|
|
|
|
2.0.72 2009-09-03
|
|
* Restore symlink handling support to restorecon based on a patch by
|
|
Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
|
|
udev scripts that was broken by policycoreutils 2.0.70.
|
|
|
|
2.0.71 2009-08-11
|
|
* Modify setfiles/restorecon checking of exclude paths. Only check
|
|
user-supplied exclude paths (not automatically generated ones based on
|
|
lack of seclabel support), don't require them to be directories, and
|
|
ignore permission denied errors on them (it is ok to exclude a path to
|
|
which the caller lacks permission).
|
|
|
|
2.0.70 2009-08-04
|
|
* Modify restorecon to only call realpath() on user-supplied pathnames
|
|
from Stephen Smalley.
|
|
|
|
2.0.69 2009-07-30
|
|
* Fix typo in fixfiles that prevented it from relabeling btrfs
|
|
filesystems from Dan Walsh.
|
|
|
|
2.0.68 2009-07-24
|
|
* Modify setfiles to exclude mounts without seclabel option in
|
|
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
|
|
|
|
2.0.67 2009-07-07
|
|
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
|
|
Pardy and Dan Walsh.
|
|
|
|
2.0.66 2009-07-07
|
|
* setfiles converted to fts from Thomas Liu.
|
|
|
|
2.0.65 2009-06-24
|
|
* Remove gui from po/Makefile and po/POTFILES and regenerate po files
|
|
|
|
2.0.64 2009-06-22
|
|
* Keep setfiles from spamming console from Dan Walsh.
|
|
* Fix chcat's category expansion for users from Dan Walsh.
|
|
|
|
2.0.63 2009-05-15
|
|
* Fix transaction checking from Dan Walsh.
|
|
* Make fixfiles -R (for rpm) recursive.
|
|
* Make semanage permissive clean up after itself from Dan Walsh.
|
|
* add /root/.ssh/* to restorecond.conf
|
|
|
|
2.0.62 2009-02-19
|
|
* Add btrfs to fixfiles from Dan Walsh.
|
|
* Remove restorecond error for matching globs with multiple hard links
|
|
and fix some error messages from Dan Walsh.
|
|
* Make removing a non-existant module a warning rather than an error
|
|
from Dan Walsh.
|
|
* Man page fixes from Dan Walsh.
|
|
|
|
2.0.61 2009-01-12
|
|
* chcat: cut categories at arbitrary point (25) from Dan Walsh
|
|
* semodule: use new interfaces in libsemanage for compressed files
|
|
from Dan Walsh
|
|
* audit2allow: string changes for usage
|
|
|
|
2.0.60 2008-11-12
|
|
* semanage: use semanage_mls_enabled() from Stephen Smalley.
|
|
|
|
2.0.59 2008-11-11
|
|
* fcontext add checked local records twice, fix from Dan Walsh.
|
|
|
|
2.0.58 2008-11-09
|
|
* Allow local file context entries to override policy entries in
|
|
semanage from Dan Walsh.
|
|
* Newrole error message corrections from Dan Walsh.
|
|
* Add exception to audit2why call in audit2allow from Dan Walsh.
|
|
|
|
2.0.57 2008-09-18
|
|
* Update po files from Dan Walsh.
|
|
|
|
2.0.56 2008-09-12
|
|
* fixfiles will now remove all files in /tmp and will check for
|
|
unlabeled_t in /tmp and /var/tmp from Dan Walsh.
|
|
* add glob support to restorecond from Dan Walsh.
|
|
* allow semanage to handle multi-line commands in a single transaction
|
|
from Dan Walsh.
|
|
|
|
2.0.55 2008-08-26
|
|
* Merged semanage node support from Christian Kuester.
|
|
|
|
2.0.54 2008-08-05
|
|
* Add support for boolean files and group support for seusers from Dan Walsh.
|
|
* Ensure that setfiles -p output is newline terminated from Russell Coker.
|
|
|
|
2.0.53 2008-07-29
|
|
* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
|
|
|
|
2.0.52 2008-07-02
|
|
* Add permissive domain capability to semanage from Dan Walsh.
|
|
|
|
2.0.51 2008-06-28
|
|
* Add onboot option to fixfiles from Dan Walsh.
|
|
* Change restorecon.init to not run on boot by default from Dan Walsh.
|
|
|
|
2.0.50 2008-06-30
|
|
* Fix audit2allow generation of role-type rules from Karl MacMillan.
|
|
|
|
2.0.49 2008-05-16
|
|
* Remove security_check_context calls for prefix validation from semanage.
|
|
|
|
2.0.48 2008-05-16
|
|
* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
|
|
|
|
2.0.47 2008-04-18
|
|
* Update semanage man page for booleans from Dan Walsh.
|
|
* Add further error checking to seobject.py for setting booleans.
|
|
|
|
2.0.46 2008-03-18
|
|
* Update audit2allow to report dontaudit cases from Dan Walsh.
|
|
|
|
2.0.45 2008-03-18
|
|
* Fix semanage port to use --proto from Caleb Case.
|
|
|
|
2.0.44 2008-02-22
|
|
* Fixed semodule to correctly handle error when unable to create a handle.
|
|
|
|
2.0.43 2008-02-08
|
|
* Merged fix fixfiles option processing from Vaclav Ovsik.
|
|
|
|
2.0.42 2008-02-02
|
|
* Make semodule_expand use sepol_set_expand_consume_base to reduce
|
|
peak memory usage.
|
|
|
|
2.0.41 2008-01-28
|
|
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
|
|
|
|
2.0.40 2008-01-25
|
|
* Merged a second fixfiles -C fix from Marshall Miller.
|
|
|
|
2.0.39 2008-01-24
|
|
* Merged fixfiles -C fix from Marshall Miller.
|
|
|
|
2.0.38 2008-01-24
|
|
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
|
|
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
|
|
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
|
|
|
|
2.0.37 2008-01-23
|
|
* Merged replacement for audit2why from Dan Walsh.
|
|
|
|
2.0.36 2008-01-23
|
|
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
|
|
|
|
2.0.35 2007-12-21
|
|
* Merged support for non-interactive newrole command invocation from Tim Reed.
|
|
|
|
2.0.34 2007-12-14
|
|
* Update Makefile to not build restorecond if
|
|
/usr/include/sys/inotify.h is not present
|
|
|
|
2.0.33 2007-12-07
|
|
* Drop verbose output on fixfiles -C from Dan Walsh.
|
|
* Fix argument handling in fixfiles from Dan Walsh.
|
|
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
|
|
|
|
2.0.32 2007-10-16
|
|
* load_policy initial load option from Chad Sellers.
|
|
|
|
2.0.31 2007-10-15
|
|
* Fix semodule option handling from Dan Walsh.
|
|
|
|
2.0.30 2007-10-11
|
|
* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
|
|
|
|
2.0.29 2007-10-05
|
|
* Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
|
|
|
|
2.0.28 2007-10-05
|
|
* Update semodule man page for -D from Dan Walsh.
|
|
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
|
|
|
|
2.0.27 2007-09-19
|
|
* Improve semodule reporting of system errors from Stephen Smalley.
|
|
|
|
2.0.26 2007-09-18
|
|
* Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
|
|
|
|
2.0.25 2007-08-23
|
|
* Remove genhomedircon script (functionality is now provided
|
|
within libsemanage) from Todd Miller.
|
|
|
|
2.0.24 2007-08-23
|
|
* Fix genhomedircon searching for USER from Todd Miller
|
|
* Install run_init with mode 0755 from Dan Walsh.
|
|
* Fix chcat from Dan Walsh.
|
|
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
|
|
* Optimize genhomedircon to compile regexes once from Dan Walsh.
|
|
* Fix semanage gettext call from Dan Walsh.
|
|
|
|
2.0.23 2007-08-16
|
|
* Disable dontaudits via semodule -D
|
|
|
|
2.0.22 2007-06-20
|
|
* Rebase setfiles to use new labeling interface.
|
|
|
|
2.0.21 2007-06-13
|
|
* Fixed setsebool (falling through to error path on success).
|
|
|
|
2.0.20 2007-06-05
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Merged setfiles -c usage fix from Dan Walsh.
|
|
* Merged restorecon fix from Yuichi Nakamura.
|
|
* Dropped -lsepol where no longer needed.
|
|
|
|
2.0.19 2007-05-11
|
|
* Merge newrole support for alternate pam configs from Ted X Toth.
|
|
|
|
2.0.18 2007-05-11
|
|
* Merged merging of restorecon into setfiles from Stephen Smalley.
|
|
|
|
2.0.17 2007-05-09
|
|
* Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
|
|
|
|
2.0.16 2007-05-03
|
|
* Merged support for modifying the prefix via semanage from Dan Walsh.
|
|
|
|
2.0.15 2007-04-26
|
|
* Merged move of audit2why to /usr/bin from Dan Walsh.
|
|
|
|
2.0.14 2007-04-25
|
|
* Build fix for setsebool.
|
|
|
|
2.0.13 2007-04-24
|
|
* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
|
|
|
|
2.0.12 2007-04-24
|
|
* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
|
|
|
|
2.0.11 2007-04-24
|
|
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
|
|
|
|
2.0.10 2007-04-24
|
|
* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
|
|
|
|
2.0.9 2007-04-12
|
|
* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
|
|
|
|
2.0.8 2007-04-10
|
|
* Merged updates to sepolgen-ifgen from Karl MacMillan.
|
|
|
|
2.0.7 2007-03-01
|
|
* Merged restorecond init script LSB compliance patch from Steve Grubb.
|
|
|
|
2.0.6 2007-02-22
|
|
* Merged newrole O_NONBLOCK fix from Linda Knippers.
|
|
|
|
2.0.5 2007-02-22
|
|
* Merged sepolgen and audit2allow patches to leave generated files
|
|
in the current directory from Karl MacMillan.
|
|
|
|
2.0.4 2007-02-22
|
|
* Merged restorecond memory leak fix from Steve Grubb.
|
|
|
|
2.0.3 2007-02-21
|
|
* Merged translations update from Dan Walsh.
|
|
* Merged chcat fixes from Dan Walsh.
|
|
* Merged man page fixes from Dan Walsh.
|
|
* Merged seobject prefix validity checking from Dan Walsh.
|
|
|
|
2.0.2 2007-02-20
|
|
* Merged seobject exception handler fix from Caleb Case.
|
|
* Merged setfiles memory leak patch from Todd Miller.
|
|
|
|
2.0.1 2007-02-08
|
|
* Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh.
|
|
|
|
2.0.0 2007-02-05
|
|
* Merged new audit2allow from Karl MacMillan.
|
|
This audit2allow depends on the new sepolgen python module.
|
|
Note that you must run the sepolgen-ifgen tool to generate
|
|
the data needed by audit2allow to generate refpolicy.
|
|
|
|
1.34.1 2007-01-22
|
|
* Fixed newrole non-pam build.
|
|
|
|
1.34.0 2007-01-18
|
|
* Updated version for stable branch.
|
|
|
|
1.33.16 2007-01-18
|
|
* Merged po file updates from Dan Walsh.
|
|
* Removed update-po from all target in po/Makefile.
|
|
|
|
1.33.15 2007-01-17
|
|
* Merged unicode-to-string fix for seobject audit from Dan Walsh.
|
|
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
|
|
|
|
1.33.14 2007-01-16
|
|
* Merged newrole man page patch from Michael Thompson.
|
|
|
|
1.33.13 2007-01-16
|
|
* Merged patch to fix python unicode problem from Dan Walsh.
|
|
|
|
1.33.12 2007-01-11
|
|
* Merged newrole securetty check from Dan Walsh.
|
|
* Merged semodule patch to generalize list support from Karl MacMillan.
|
|
|
|
1.33.11 2007-01-09
|
|
* Merged fixfiles and seobject fixes from Dan Walsh.
|
|
* Merged semodule support for list of modules after -i from Karl MacMillan.
|
|
|
|
1.33.10 2007-01-08
|
|
* Merged patch to correctly handle a failure during semanage handle
|
|
creation from Karl MacMillan.
|
|
|
|
1.33.9 2007-01-05
|
|
* Merged patch to fix seobject role modification from Dan Walsh.
|
|
|
|
1.33.8 2007-01-04
|
|
* Merged patches from Dan Walsh to:
|
|
- omit the optional name from audit2allow
|
|
- use the installed python version in the Makefiles
|
|
- re-open the tty with O_RDWR in newrole
|
|
|
|
1.33.7 2007-01-03
|
|
* Patch from Dan Walsh to correctly suppress warnings in load_policy.
|
|
|
|
1.33.6 2006-11-29
|
|
* Patch from Dan Walsh to add an pam_acct_msg call to run_init
|
|
* Patch from Dan Walsh to fix error code returns in newrole
|
|
* Patch from Dan Walsh to remove verbose flag from semanage man page
|
|
* Patch from Dan Walsh to make audit2allow use refpolicy Makefile
|
|
in /usr/share/selinux/<SELINUXTYPE>
|
|
|
|
1.33.5 2006-11-27
|
|
* Merged patch from Michael C Thompson to clean up genhomedircon
|
|
error handling.
|
|
1.33.4 2006-11-21
|
|
* Merged po file updates from Dan Walsh.
|
|
|
|
1.33.3 2006-11-21
|
|
* Merged setsebool patch from Karl MacMillan.
|
|
This fixes a bug reported by Yuichi Nakamura with
|
|
always setting booleans persistently on an unmanaged system.
|
|
|
|
1.33.2 2006-11-20
|
|
* Merged patch from Dan Walsh (via Karl MacMillan):
|
|
* Added newrole audit message on login failure
|
|
* Add /var/log/wtmp to restorecond.conf watch list
|
|
* Fix genhomedircon, semanage, semodule_expand man pages.
|
|
|
|
1.33.1 2006-11-13
|
|
* Merged newrole patch set from Michael Thompson.
|
|
|
|
1.32 2006-10-17
|
|
* Updated version for release.
|
|
|
|
1.30.31 2006-10-17
|
|
* Merged audit2allow -l fix from Yuichi Nakamura.
|
|
* Merged restorecon -i and -o - support from Karl MacMillan.
|
|
* Merged semanage/seobject fix from Dan Walsh.
|
|
* Merged fixfiles -R and verify changes from Dan Walsh.
|
|
|
|
1.30.30 2006-09-29
|
|
* Merged newrole auditing of failures due to user actions from
|
|
Michael Thompson.
|
|
|
|
1.30.29 2006-09-13
|
|
* Man page corrections from Dan Walsh
|
|
* Change all python invocations to /usr/bin/python -E
|
|
* Add missing getopt flags to genhomedircon
|
|
|
|
1.30.28 2006-09-01
|
|
* Merged fix for restorecon // handling from Erich Schubert.
|
|
* Merged translations update and fixfiles fix from Dan Walsh.
|
|
|
|
1.30.27 2006-08-24
|
|
* Merged fix for restorecon symlink handling from Erich Schubert.
|
|
|
|
1.30.26 2006-08-11
|
|
* Merged semanage local file contexts patch from Chris PeBenito.
|
|
|
|
1.30.25 2006-08-03
|
|
* Merged patch from Dan Walsh with:
|
|
* audit2allow: process MAC_POLICY_LOAD events
|
|
* newrole: run shell with - prefix to start a login shell
|
|
* po: po file updates
|
|
* restorecond: bail if SELinux not enabled
|
|
* fixfiles: omit -q
|
|
* genhomedircon: fix exit code if non-root
|
|
* semodule_deps: install man page
|
|
|
|
1.30.24 2006-08-03
|
|
* Merged secon Makefile fix from Joshua Brindle.
|
|
|
|
1.30.23 2006-08-03
|
|
* Merged netfilter contexts support patch from Chris PeBenito.
|
|
|
|
1.30.22 2006-07-28
|
|
* Merged restorecond size_t fix from Joshua Brindle.
|
|
|
|
1.30.21 2006-07-28
|
|
* Merged secon keycreate patch from Michael LeMay.
|
|
|
|
1.30.20 2006-07-26
|
|
* Merged restorecond fixes from Dan Walsh.
|
|
Merged updated po files from Dan Walsh.
|
|
|
|
1.30.19 2006-07-26
|
|
* Merged python gettext patch from Stephen Bennett.
|
|
|
|
1.30.18 2006-07-25
|
|
* Merged semodule_deps from Karl MacMillan.
|
|
|
|
1.30.17 2006-06-29
|
|
* Lindent.
|
|
|
|
1.30.16 2006-06-26
|
|
* Merged patch from Dan Walsh with:
|
|
* -p option (progress) for setfiles and restorecon.
|
|
* disable context translation for setfiles and restorecon.
|
|
* on/off values for setsebool.
|
|
|
|
1.30.15 2006-06-26
|
|
* Merged setfiles and semodule_link fixes from Joshua Brindle.
|
|
|
|
1.30.14 2006-06-16
|
|
* Merged fix for setsebool error path from Serge Hallyn.
|
|
|
|
1.30.13 2006-06-16
|
|
* Merged patch from Dan Walsh with:
|
|
* Updated po files.
|
|
* Fixes for genhomedircon and seobject.
|
|
* Audit message for mass relabel by setfiles.
|
|
|
|
1.30.12 2006-06-02
|
|
* Updated fixfiles script for new setfiles location in /sbin.
|
|
|
|
1.30.11 2006-05-26
|
|
* Merged more translations from Dan Walsh.
|
|
* Merged patch to relocate setfiles to /sbin for early relabel
|
|
when /usr might not be mounted from Dan Walsh.
|
|
* Merged semanage/seobject patch to preserve fcontext ordering in list.
|
|
* Merged secon patch from James Antill.
|
|
|
|
1.30.10 2006-05-22
|
|
* Merged patch with updates to audit2allow, secon, genhomedircon,
|
|
and semanage from Dan Walsh.
|
|
|
|
1.30.9 2006-05-08
|
|
* Fixed audit2allow and po Makefiles for DESTDIR= builds.
|
|
* Merged .po file patch from Dan Walsh.
|
|
* Merged bug fix for genhomedircon.
|
|
|
|
1.30.8 2006-05-08
|
|
* Merged patch from Dan Walsh.
|
|
This includes audit2allow changes for analysis plugins,
|
|
internationalization support for several additional programs
|
|
and added po files, some fixes for semanage, and several cleanups.
|
|
It also adds a new secon utility.
|
|
|
|
1.30.7 2006-05-05
|
|
* Merged fix warnings patch from Karl MacMillan.
|
|
|
|
1.30.6 2006-04-14
|
|
* Merged semanage prefix support from Russell Coker.
|
|
|
|
1.30.5 2006-04-11
|
|
* Added a test to setfiles to check that the spec file is
|
|
a regular file.
|
|
|
|
1.30.4 2006-03-29
|
|
* Merged audit2allow fixes for refpolicy from Dan Walsh.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
* Merged restorecond daemon from Dan Walsh.
|
|
|
|
1.30.3 2006-03-29
|
|
* Merged semanage non-MLS fixes from Chris PeBenito.
|
|
|
|
1.30.2 2006-03-29
|
|
* Merged semanage and semodule man page examples from Thomas Bleher.
|
|
|
|
1.30.1 2006-03-20
|
|
* Merged semanage labeling prefix patch from Ivan Gyurdiev.
|
|
|
|
1.30 2006-03-14
|
|
* Updated version for release.
|
|
|
|
1.29.28 2006-03-13
|
|
* Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
|
|
|
|
1.29.27 2006-03-08
|
|
* Merged audit2allow -R support, chcat fix, semanage MLS checks
|
|
and semanage audit calls from Dan Walsh.
|
|
|
|
1.29.26 2006-02-15
|
|
* Merged semanage bug fix patch from Ivan Gyurdiev.
|
|
|
|
1.29.25 2006-02-14
|
|
* Merged improve bindings patch from Ivan Gyurdiev.
|
|
|
|
1.29.24 2006-02-14
|
|
* Merged semanage usage patch from Ivan Gyurdiev.
|
|
* Merged use PyList patch from Ivan Gyurdiev.
|
|
|
|
1.29.23 2006-02-13
|
|
* Merged newrole -V/--version support from Glauber de Oliveira Costa.
|
|
|
|
1.29.22 2006-02-13
|
|
* Merged genhomedircon prefix patch from Dan Walsh.
|
|
|
|
1.29.21 2006-02-13
|
|
* Merged optionals in base patch from Joshua Brindle.
|
|
|
|
1.29.20 2006-02-07
|
|
* Merged seuser/user_extra support patch to semodule_package
|
|
from Joshua Brindle.
|
|
|
|
1.29.19 2006-02-06
|
|
* Merged getopt type fix for semodule_link/expand and sestatus
|
|
from Chris PeBenito.
|
|
|
|
1.29.18 2006-02-02
|
|
* Merged clone record on set_con patch from Ivan Gyurdiev.
|
|
|
|
1.29.17 2006-01-30
|
|
* Merged genhomedircon fix from Dan Walsh.
|
|
|
|
1.29.16 2006-01-30
|
|
* Merged seusers.system patch from Ivan Gyurdiev.
|
|
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
|
|
* Merged genhomedircon patch from Dan Walsh.
|
|
|
|
1.29.15 2006-01-27
|
|
* Merged newrole audit patch from Steve Grubb.
|
|
|
|
1.29.14 2006-01-27
|
|
* Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
|
|
|
|
1.29.13 2006-01-27
|
|
* Merged semanage and semodule access check patches from Joshua Brindle.
|
|
|
|
1.29.12 2006-01-26
|
|
* Merged restorecon, chcat, and semanage patches from Dan Walsh.
|
|
|
|
1.29.11 2006-01-25
|
|
* Modified newrole and run_init to use the loginuid when
|
|
supported to obtain the Linux user identity to re-authenticate,
|
|
and to fall back to real uid. Dropped the use of the SELinux
|
|
user identity, as Linux users are now mapped to SELinux users
|
|
via seusers and the SELinux user identity space is separate.
|
|
|
|
1.29.10 2006-01-20
|
|
* Merged semanage bug fixes from Ivan Gyurdiev.
|
|
* Merged semanage fixes from Russell Coker.
|
|
* Merged chcat.8 and genhomedircon patches from Dan Walsh.
|
|
|
|
1.29.9 2006-01-19
|
|
* Merged chcat, semanage, and setsebool patches from Dan Walsh.
|
|
|
|
1.29.8 2006-01-18
|
|
* Merged semanage fixes from Ivan Gyurdiev.
|
|
* Merged semanage fixes from Russell Coker.
|
|
* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
|
|
|
|
1.29.7 2006-01-13
|
|
* Merged newrole cleanup patch from Steve Grubb.
|
|
* Merged setfiles/restorecon performance patch from Russell Coker.
|
|
* Merged genhomedircon and semanage patches from Dan Walsh.
|
|
|
|
1.29.6 2006-01-12
|
|
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
|
|
|
|
1.29.5 2006-01-05
|
|
* Added filename to semodule error reporting.
|
|
|
|
1.29.4 2006-01-05
|
|
* Merged genhomedircon and semanage patch from Dan Walsh.
|
|
* Changed semodule error reporting to include argv[0].
|
|
|
|
1.29.3 2006-01-04
|
|
* Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
|
|
* Merged patch series from Ivan Gyurdiev.
|
|
This includes patches to:
|
|
- cleanup setsebool
|
|
- update setsebool to apply active booleans through libsemanage
|
|
- update semodule to use the new semanage_set_rebuild() interface
|
|
- fix various bugs in semanage
|
|
* Merged patch from Dan Walsh (Red Hat).
|
|
This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
|
|
and semanage.
|
|
|
|
1.29.2 2005-12-14
|
|
* Merged patch for chcat script from Dan Walsh.
|
|
|
|
1.29.1 2005-12-08
|
|
* Merged fix for audit2allow long option list from Dan Walsh.
|
|
* Merged -r option for restorecon (alias for -R) from Dan Walsh.
|
|
* Merged chcat script and man page from Dan Walsh.
|
|
|
|
1.28 2005-12-07
|
|
* Updated version for release.
|
|
|
|
1.27.37 2005-12-07
|
|
* Clarified the genhomedircon warning message.
|
|
|
|
1.27.36 2005-12-05
|
|
* Changed genhomedircon to warn on use of ROLE in homedir_template
|
|
if using managed policy, as libsemanage does not yet support it.
|
|
|
|
1.27.35 2005-12-02
|
|
* Merged genhomedircon bug fix from Dan Walsh.
|
|
|
|
1.27.34 2005-12-02
|
|
* Revised semodule* man pages to refer to checkmodule and
|
|
to include example sections.
|
|
|
|
1.27.33 2005-12-01
|
|
* Merged audit2allow --tefile and --fcfile support from Dan Walsh.
|
|
* Merged genhomedircon fix from Dan Walsh.
|
|
* Merged semodule* man pages from Dan Walsh, and edited them.
|
|
|
|
1.27.32 2005-12-01
|
|
* Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
|
|
retain validation/canonicalization of contexts during init.
|
|
|
|
1.27.31 2005-11-29
|
|
* Changed genhomedircon to always use user_r for the role in the
|
|
managed case since user_get_defrole is broken.
|
|
|
|
1.27.30 2005-11-29
|
|
* Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
|
|
* Fixed semodule -v option.
|
|
|
|
1.27.29 2005-11-28
|
|
* Merged audit2allow python script from Dan Walsh.
|
|
(old script moved to audit2allow.perl, will be removed later).
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Merged semodule quieting patch from Dan Walsh
|
|
(inverts default, use -v to restore original behavior).
|
|
|
|
1.27.28 2005-11-15
|
|
* Merged genhomedircon rewrite from Dan Walsh.
|
|
|
|
1.27.27 2005-11-09
|
|
* Merged setsebool cleanup patch from Ivan Gyurdiev.
|
|
|
|
1.27.26 2005-11-09
|
|
* Added -B (--build) option to semodule to force a rebuild.
|
|
|
|
1.27.25 2005-11-08
|
|
* Reverted setsebool patch to call semanage_set_reload_bools().
|
|
* Changed setsebool to disable policy reload and to call
|
|
security_set_boolean_list to update the runtime booleans.
|
|
|
|
1.27.24 2005-11-08
|
|
* Changed setfiles -c to use new flag to set_matchpathcon_flags()
|
|
to disable context translation by matchpathcon_init().
|
|
|
|
1.27.23 2005-11-07
|
|
* Changed setfiles for the context canonicalization support.
|
|
|
|
1.27.22 2005-11-07
|
|
* Changed setsebool to call semanage_is_managed() interface
|
|
and fall back to security_set_boolean_list() if policy is
|
|
not managed.
|
|
|
|
1.27.21 2005-11-07
|
|
* Merged setsebool memory leak fix from Ivan Gyurdiev.
|
|
* Merged setsebool patch to call semanage_set_reload_bools()
|
|
interface from Ivan Gyurdiev.
|
|
|
|
1.27.20 2005-11-04
|
|
* Merged setsebool patch from Ivan Gyurdiev.
|
|
This moves setsebool from libselinux/utils to policycoreutils,
|
|
and rewrites it to use libsemanage for permanent boolean changes.
|
|
|
|
1.27.19 2005-10-25
|
|
* Merged semodule support for reload, noreload, and store options
|
|
from Joshua Brindle.
|
|
* Merged semodule_package rewrite from Joshua Brindle.
|
|
|
|
1.27.18 2005-10-20
|
|
* Cleaned up usage and error messages and releasing of memory by
|
|
semodule_* utilities.
|
|
|
|
1.27.17 2005-10-20
|
|
* Corrected error reporting by semodule.
|
|
|
|
1.27.16 2005-10-19
|
|
* Updated semodule_expand for change to sepol interface.
|
|
|
|
1.27.15 2005-10-19
|
|
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
|
1.27.14 2005-10-18
|
|
* Updated semodule_package for sepol interface changes.
|
|
|
|
1.27.13 2005-10-17
|
|
* Updated semodule_expand/link for sepol interface changes.
|
|
|
|
1.27.12 2005-10-14
|
|
* Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
|
|
|
|
1.27.11 2005-10-13
|
|
* Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
|
|
|
|
1.27.10 2005-10-13
|
|
* Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
|
|
|
|
1.27.9 2005-10-13
|
|
* Merged fixfiles patch from Dan Walsh (Red Hat).
|
|
|
|
1.27.8 2005-10-13
|
|
* Updated semodule for removal of semanage_strerror.
|
|
|
|
1.27.7 2005-10-11
|
|
* Updated semodule_link and semodule_expand to use shared libsepol.
|
|
Fixed audit2why to call policydb_init prior to policydb_read (still
|
|
uses the static libsepol).
|
|
|
|
1.27.6 2005-10-07
|
|
* Updated for changes to libsepol.
|
|
Changed semodule and semodule_package to use the shared libsepol.
|
|
Disabled build of semodule_link and semodule_expand for now.
|
|
Updated audit2why for relocated policydb internal headers,
|
|
still needs to be converted to a shared lib interface.
|
|
|
|
1.27.5 2005-10-06
|
|
* Fixed warnings in load_policy.
|
|
|
|
1.27.4 2005-10-06
|
|
* Rewrote load_policy to use the new selinux_mkload_policy()
|
|
interface provided by libselinux.
|
|
|
|
1.27.3 2005-09-28
|
|
* Merged patch to update semodule to the new libsemanage API
|
|
and improve the user interface from Karl MacMillan (Tresys).
|
|
* Modified semodule for the create/connect API split.
|
|
|
|
1.27.2 2005-09-20
|
|
* Merged run_init open_init_pty bug fix from Manoj Srivastava
|
|
(unblock SIGCHLD). Bug reported by Erich Schubert.
|
|
|
|
1.27.1 2005-09-20
|
|
* Merged error shadowing bug fix for restorecon from Dan Walsh.
|
|
* Merged setfiles usage/man page update for -r option from Dan Walsh.
|
|
* Merged fixfiles -C patch to ignore :s0 addition on update
|
|
to a MCS/MLS policy from Dan Walsh.
|
|
|
|
1.26 2005-09-06
|
|
* Updated version for release.
|
|
|
|
1.25.9 2005-08-31
|
|
* Changed setfiles -c to translate the context to raw format
|
|
prior to calling libsepol.
|
|
|
|
1.25.8 2005-08-31
|
|
* Changed semodule to report errors even without -v,
|
|
to detect extraneous arguments, and corrected usage message.
|
|
|
|
1.25.7 2005-08-25
|
|
* Merged patch for fixfiles -C from Dan Walsh.
|
|
|
|
1.25.6 2005-08-22
|
|
* Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
|
|
Bugs found by Coverity.
|
|
|
|
1.25.5 2005-08-02
|
|
* Merged patch to move module read/write code from libsemanage
|
|
to libsepol from Jason Tang (Tresys).
|
|
|
|
1.25.4 2005-07-27
|
|
* Changed semodule* to link with libsemanage.
|
|
|
|
1.25.3 2005-07-26
|
|
* Merged restorecon patch from Ivan Gyurdiev.
|
|
|
|
1.25.2 2005-07-11
|
|
* Merged load_policy, newrole, and genhomedircon patches from Red Hat.
|
|
|
|
1.25.1 2005-07-06
|
|
* Merged loadable module support from Tresys Technology.
|
|
|
|
1.24 2005-06-20
|
|
* Updated version for release.
|
|
|
|
1.23.11 2005-05-19
|
|
* Merged fixfiles and newrole patch from Dan Walsh.
|
|
* Merged audit2why man page from Dan Walsh.
|
|
|
|
1.23.10 2005-05-16
|
|
* Extended audit2why to incorporate booleans and local user
|
|
settings when analyzing audit messages.
|
|
|
|
1.23.9 2005-05-13
|
|
* Updated audit2why for sepol_ prefixes on Flask types to
|
|
avoid namespace collision with libselinux, and to
|
|
include <selinux/selinux.h> now.
|
|
|
|
1.23.8 2005-05-13
|
|
* Added audit2why utility.
|
|
|
|
1.23.7 2005-04-29
|
|
* Merged patch for fixfiles from Dan Walsh.
|
|
Allow passing -F to force reset of customizable contexts.
|
|
|
|
1.23.6 2005-04-13
|
|
* Fixed signed/unsigned pointer bug in load_policy.
|
|
* Reverted context validation patch for genhomedircon.
|
|
|
|
1.23.5 2005-04-12
|
|
* Reverted load_policy is_selinux_enabled patch from Dan Walsh.
|
|
Otherwise, an initial policy load cannot be performed using
|
|
load_policy, e.g. for anaconda.
|
|
|
|
1.23.4 2005-04-08
|
|
* Merged load_policy is_selinux_enabled patch from Dan Walsh.
|
|
* Merged restorecon verbose output patch from Dan Walsh.
|
|
* Merged setfiles altroot patch from Chris PeBenito.
|
|
|
|
1.23.3 2005-03-17
|
|
* Merged context validation patch for genhomedircon from Eric Paris.
|
|
|
|
1.23.2 2005-03-16
|
|
* Changed setfiles -c to call set_matchpathcon_flags(3) to
|
|
turn off processing of .homedirs and .local.
|
|
|
|
1.23.1 2005-03-14
|
|
* Merged rewrite of genhomedircon by Eric Paris.
|
|
* Changed fixfiles to relabel jfs since it now supports security xattrs
|
|
(as of 2.6.11). Removed reiserfs until 2.6.12 is released with
|
|
fixed support for reiserfs and selinux.
|
|
|
|
1.22 2005-03-09
|
|
* Updated version for release.
|
|
|
|
1.21.22 2005-03-07
|
|
* Merged restorecon and genhomedircon patch from Dan Walsh.
|
|
|
|
1.21.21 2005-02-28
|
|
* Merged load_policy and genhomedircon patch from Dan Walsh.
|
|
|
|
1.21.20 2005-02-24
|
|
* Merged fixfiles and genhomedircon patch from Dan Walsh.
|
|
|
|
1.21.19 2005-02-22
|
|
* Merged several fixes from Ulrich Drepper.
|
|
|
|
1.21.18 2005-02-18
|
|
* Changed load_policy to fall back to the original policy upon
|
|
an error from sepol_genusers().
|
|
|
|
1.21.17 2005-02-17
|
|
* Merged new genhomedircon script from Dan Walsh.
|
|
|
|
1.21.16 2005-02-17
|
|
* Changed load_policy to call sepol_genusers().
|
|
|
|
1.21.15 2005-02-09
|
|
* Changed relabel Makefile target to use restorecon.
|
|
|
|
1.21.14 2005-02-08
|
|
* Merged restorecon patch from Dan Walsh.
|
|
|
|
1.21.13 2005-02-07
|
|
* Merged sestatus patch from Dan Walsh.
|
|
* Merged further change to fixfiles -C from Dan Walsh.
|
|
|
|
1.21.12 2005-02-02
|
|
* Merged further patches for restorecon/setfiles -e and fixfiles -C.
|
|
|
|
1.21.11 2005-02-02
|
|
* Merged patch for fixfiles -C option from Dan Walsh.
|
|
* Merged patch -e support for restorecon from Dan Walsh.
|
|
* Merged updated -e support for setfiles from Dan Walsh.
|
|
|
|
1.21.10 2005-01-31
|
|
* Merged patch for open_init_pty from Manoj Srivastava.
|
|
|
|
1.21.9 2005-01-28
|
|
* Merged updated fixfiles script from Dan Walsh.
|
|
* Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
|
|
* Reverted fixfiles patch for file_contexts.local;
|
|
obsoleted by setfiles rewrite.
|
|
* Merged error handling patch for restorecon from Dan Walsh.
|
|
* Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
|
|
|
|
1.21.8 2005-01-28
|
|
* Rewrote setfiles to use matchpathcon and the new interfaces
|
|
exported by libselinux (>= 1.21.5).
|
|
|
|
1.21.7 2005-01-27
|
|
* Prevent overflow of spec array in setfiles.
|
|
|
|
1.21.6 2005-01-27
|
|
* Merged genhomedircon STARTING_UID bug fix from Dan Walsh.
|
|
|
|
1.21.5 2005-01-26
|
|
* Merged newrole -l support from Darrel Goeddel (TCS).
|
|
|
|
1.21.4 2005-01-25
|
|
* Merged fixfiles patch for file_contexts.local from Dan Walsh.
|
|
|
|
1.21.3 2005-01-21
|
|
* Fixed restorecon to not treat errors from is_context_customizable()
|
|
as a customizable context.
|
|
* Merged setfiles/restorecon patch to not reset user field unless
|
|
-F option is specified from Dan Walsh.
|
|
|
|
1.21.2 2005-01-21
|
|
* Merged open_init_pty helper for run_init from Manoj Srivastava.
|
|
* Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
|
|
|
|
1.21.1 2005-01-19
|
|
* Merged customizable contexts patch for restorecon/setfiles from Dan Walsh.
|
|
|
|
1.20 2005-01-06
|
|
* Merged fixfiles rewrite from Dan Walsh.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Merged fixfiles and restorecon patches from Dan Walsh.
|
|
* Changed restorecon to ignore ENOENT errors from matchpathcon.
|
|
* Merged nonls patch from Chris PeBenito.
|
|
* Removed fixfiles.cron.
|
|
* Merged run_init.8 patch from Dan Walsh.
|
|
|
|
1.18 2004-11-01
|
|
* Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh.
|
|
* Merged sestatus patch from Steve Grubb.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
* Added -l option to setfiles to log changes via syslog.
|
|
* Merged -e option to setfiles to exclude directories.
|
|
* Merged -R option to restorecon for recursive descent.
|
|
* Merged sestatus patch from Steve Grubb via Dan Walsh.
|
|
* Merged load_policy and fixfiles.cron patches from Dan Walsh.
|
|
* Merged fix for setfiles context validation patch from Colin Walters.
|
|
* Merged setfiles context validation patch from Colin Walters.
|
|
* Merged genhomedircon patch from Russell Coker.
|
|
* Merged restorecon patch from Russell Coker.
|
|
|
|
1.16 2004-08-13
|
|
* Merged audit2allow fix from Tom London.
|
|
* Merged load_policy man page from Dan Walsh.
|
|
* Merged newrole bug fix from Chad Hanson.
|
|
* Changed load_policy to preserve booleans by default.
|
|
* Changed load_policy to invoke sepol_genbools() instead.
|
|
* Changed load_policy to also invoke security_load_booleans().
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Changed restorecon to use realpath.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
* Merged genhomedircon patch from Russell Coker and Dan Walsh.
|
|
* Merged fixfiles patch and fixfiles.cron script from Dan Walsh.
|
|
* Merged stat fix for setfiles -s from Russell Coker.
|
|
|
|
1.14 2004-06-25
|
|
* Merged fix for fixfiles.
|
|
* Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh.
|
|
* Merged updated genhomedircon script from Russell Coker.
|
|
* Merged run_init patch to find initrc_context from Dan Walsh.
|
|
* Merged fixfiles patch for /etc/selinux from Dan Walsh.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
|
|
1.12 2004-05-10
|
|
* Merged newrole patch from Colin Walters.
|
|
* Merged fixfiles from Dan Walsh.
|
|
|
|
1.10 2004-04-05
|
|
* Changed setfiles to not abort upon lsetfilecon failures.
|
|
* Merged sestatus from Chris PeBenito.
|
|
* Merged fixes for restorecon.
|
|
* Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Revert add_assoc change from setfiles.
|
|
* Moved restorecon to /sbin.
|
|
* Disable add_assoc in setfiles by default, use -a to enable.
|
|
* Merged genhomedircon patch from Dan Walsh.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
* Merged setfiles buffer size change from Dan Walsh.
|
|
* Merged genhomedircon fix from Karl MacMillan of Tresys.
|
|
This generates separate lines for each prefix.
|
|
|
|
1.8 2004-03-09
|
|
* Merged genhomedircon patch from Karl MacMillan of Tresys.
|
|
* Removed checkcon script (obsoleted by restorecon -nv).
|
|
* Replaced restorecon script with C program from Dan Walsh.
|
|
Uses the new matchpathcon function from libselinux.
|
|
|
|
1.6 2004-02-18
|
|
* Fixed setfiles sorting problem reported by Colin Walters.
|
|
* Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker.
|
|
* Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh.
|
|
* Quiet warning about duplicate same specifications if -q is used.
|
|
* Fixed usage message of audit2allow.
|
|
|
|
1.4 2003-12-01
|
|
* Merged patch from Russell Coker.
|
|
* Added audit2allow (formerly newrules.pl from policy).
|
|
* Dropped -lattr from Makefiles.
|
|
* Merged setfiles check type first patch by Russell Coker.
|
|
|
|
1.2 2003-09-30
|
|
* Merged run_init close file patch from Chris PeBenito.
|
|
* Merged setfiles stem compression patch by Russell Coker.
|
|
* Merged setfiles usage/getopt/err patch by Russell Coker.
|
|
* Merged setfiles altroot patch by Hardened Gentoo team.
|
|
* Merged i18n patch by Dan Walsh.
|
|
* Changed Makefiles to allow non-root rpm builds.
|
|
|
|
1.1 2003-08-13
|
|
* Dropped obsolete psid code from setfiles.
|
|
|
|
1.0 2003-07-11
|
|
* Initial public release.
|
|
|