1099 lines
37 KiB
Plaintext
1099 lines
37 KiB
Plaintext
2.1.12 2012-09-13
|
|
* Add support for lxc_contexts_path
|
|
* utils: add service to getdefaultcon
|
|
* libsemanage: do not set soname needlessly
|
|
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
|
|
* boolean name equivalency
|
|
* getsebool: support boolean name substitution
|
|
* Add man page for new selinux_boolean_sub function.
|
|
* expose selinux_boolean_sub
|
|
* matchpathcon: add -m option to force file type check
|
|
* utils: avcstat: clear sa_mask set
|
|
* seusers: Check for strchr failure
|
|
* booleans: initialize pointer to silence coveriety
|
|
* stop messages when SELinux disabled
|
|
* label_file: use PCRE instead of glibc regex functions
|
|
* label_file: remove all typedefs
|
|
* label_file: move definitions to include file
|
|
* label_file: do string to mode_t conversion in a helper function
|
|
* label_file: move error reporting back into caller
|
|
* label_file: move stem/spec handling to header
|
|
* label_file: drop useless ncomp field from label_file data
|
|
* label_file: move spec_hasMetaChars to header
|
|
* label_file: fix potential read past buffer in spec_hasMetaChars
|
|
* label_file: move regex sorting to the header
|
|
* label_file: add accessors for the pcre extra data
|
|
* label_file: only run regex files one time
|
|
* label_file: new process_file function
|
|
* label_file: break up find_stem_from_spec
|
|
* label_file: struct reorg
|
|
* label_file: only run array once when sorting
|
|
* Ensure that we only close the selinux netlink socket once.
|
|
* improve the file_contexts.5 manual page
|
|
|
|
2.1.11 2012-06-28
|
|
* Fortify source now requires all code to be compiled with -O flag
|
|
* asprintf return code must be checked
|
|
* avc_netlink_recieve handle EINTR
|
|
* audit2why: silence -Wmissing-prototypes warning
|
|
* libsemanage: remove build warning when build swig c files
|
|
* matchpathcon: bad handling of symlinks in /
|
|
* seusers: remove unused lineno
|
|
* seusers: getseuser: gracefully handle NULL service
|
|
* New Android property labeling backend
|
|
* label_android_property whitespace cleanups
|
|
* additional makefile support for rubywrap
|
|
|
|
|
|
2.1.10 2012-03-28
|
|
* Fix dead links to www.nsa.gov/selinux
|
|
* Remove jump over variable declaration
|
|
* Fix old style function definitions
|
|
* Fix const-correctness
|
|
* Remove unused flush_class_cache method
|
|
* Add prototype decl for destructor
|
|
* Add more printf format annotations
|
|
* Add printf format attribute annotation to die() method
|
|
* Fix const-ness of parameters & make usage() methods static
|
|
* Enable many more gcc warnings for libselinux/src/ builds
|
|
* utils: Enable many more gcc warnings for libselinux/utils builds
|
|
* Change annotation on include/selinux/avc.h to avoid upsetting SWIG
|
|
* Ensure there is a prototype for 'matchpathcon_lib_destructor'
|
|
* Update Makefiles to handle /usrmove
|
|
* utils: Stop separating out matchpathcon as something special
|
|
* pkg-config to figure out where ruby include files are located
|
|
* build with either ruby 1.9 or ruby 1.8
|
|
* assert if avc_init() not called
|
|
* take security_deny_unknown into account
|
|
* security_compute_create_name(3)
|
|
* Do not link against python library, this is considered
|
|
* bad practice in debian
|
|
* Hide unnecessarily-exported library destructors
|
|
|
|
2.1.9 2011-12-21
|
|
* Fix setenforce man page to refer to selinux man page
|
|
* Cleanup Man pages
|
|
* merge freecon with getcon man page
|
|
|
|
2.1.8 2011-12-05
|
|
* selinuxswig_python.i: don't make syscall if it won't change anything
|
|
* Remove assert in security_get_boolean_names(3)
|
|
* Mapped compute functions now obey deny_unknown flag
|
|
* get_default_type now sets EINVAL if no entry.
|
|
* return EINVAL if invalid role selected
|
|
* Updated selabel_file(5) man page
|
|
* Updated selabel_db(5) man page
|
|
* Updated selabel_media(5) man page
|
|
* Updated selabel_x(5) man page
|
|
* Add man/man5 man pages
|
|
* Add man/man5 man pages
|
|
* Add man/man5 man pages
|
|
* use -W and -Werror in utils
|
|
|
|
2.1.7 2011-11-03
|
|
* Makefiles: syntax, convert all ${VAR} to $(VAR)
|
|
* load_policy: handle selinux=0 and /sys/fs/selinux not exist
|
|
* regenerate .pc on VERSION change
|
|
* label: cosmetic cleanups
|
|
* simple interface for access checks
|
|
* Don't reinitialize avc_init if it has been called previously
|
|
* seusers: fix to handle large sets of groups
|
|
* audit2why: close fd on enomem
|
|
* rename and export symlink_realpath
|
|
* label_file: style changes to make Eric happy.
|
|
|
|
2.1.6 2011-09-15
|
|
* utils: matchpathcon: remove duplicate declaration
|
|
* src: matchpathcon: use myprintf not fprintf
|
|
* src: matchpathcon: make sure resolved path starts
|
|
* put libselinux.so.1 in /lib not /usr/lib
|
|
* tree: default make target to all not
|
|
|
|
2.1.5 2011-0826
|
|
* selinux_file_context_verify function returns wrong value.
|
|
* move realpath helper to matchpathcon library
|
|
* python wrapper makefile changes
|
|
|
|
2.1.4 2011-0817
|
|
* mapping fix for invalid class/perms after selinux_set_mapping
|
|
* audit2why: work around python bug not defining
|
|
* resolv symlinks and dot directories before matching
|
|
|
|
2.1.2 2011-0803
|
|
* audit2allow: do not print statistics
|
|
* make python bindings for restorecon work on relative path
|
|
* fix python audit2why binding error
|
|
* support new python3 functions
|
|
* do not check fcontext duplicates on use
|
|
* Patch for python3 for libselinux
|
|
|
|
2.1.1 2011-08-02
|
|
* move .gitignore into utils
|
|
* new setexecon utility
|
|
* selabel_open fix processing of substitution files
|
|
* mountpoint changing patch.
|
|
* simplify SRCS in Makefile
|
|
|
|
2.1.1 2011-08-01
|
|
* Remove generated files, introduce more .gitignore
|
|
|
|
2.1.0 2011-07-27
|
|
* Release, minor version bump
|
|
|
|
2.0.102 2011-04-11
|
|
* Give correct names to mount points in load_policy by Dan Walsh.
|
|
* Make sure selinux state is reported correctly if selinux is disabled or
|
|
fails to load by Dan Walsh.
|
|
* Fix crash if selinux_key_create was never called by Dan Walsh.
|
|
* Add new file_context.subs_dist for distro specific filecon substitutions
|
|
by Dan Walsh.
|
|
* Update man pages for selinux_color_* functions by Richard Haines.
|
|
|
|
2.0.101 2011-03-23
|
|
* db_language object class support for selabel_lookup from KaiGai
|
|
Kohei.
|
|
|
|
2.0.100 2011-03-09
|
|
* Library destructors for thread local storage keys from Eamon Walsh.
|
|
|
|
2.0.99 2011-03-01
|
|
* SELinux man page fixes from Dan Walsh.
|
|
* selinux_status interfaces from KaiGai Kohei.
|
|
|
|
2.0.98 2010-12-16
|
|
* Turn off default user handling when computing user contexts by Dan Walsh
|
|
|
|
2.0.97 2010-12-02
|
|
* Thread local storage fixes from Eamon Walsh.
|
|
|
|
2.0.96 2010-06-14
|
|
* Add const qualifiers to public API where appropriate by KaiGai Kohei.
|
|
|
|
2.0.95 2010-06-10
|
|
* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
|
|
* Adds a chcon method to the libselinux python bindings from Steve Lawrence
|
|
|
|
2.0.94 2010-03-24
|
|
* Set errno=EINVAL for invalid contexts from Dan Walsh.
|
|
|
|
2.0.93 2010-03-15
|
|
* Show strerror for security_getenforce() by Colin Walters.
|
|
* Merged selabel database support by KaiGai Kohei.
|
|
* Modify netlink socket blocking code by KaiGai Kohei.
|
|
|
|
2.0.92 2010-03-06
|
|
* Fix from Eric Paris to fix leak on non-selinux systems.
|
|
* regenerate swig wrappers
|
|
* pkgconfig fix to respect LIBDIR from Dan Walsh.
|
|
|
|
2.0.91 2010-02-22
|
|
* Change the AVC to only audit the permissions specified by the
|
|
policy, excluding any permissions specified via dontaudit or not
|
|
specified via auditallow.
|
|
* Fix compilation of label_file.c with latest glibc headers.
|
|
|
|
2.0.90 2009-11-27
|
|
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
|
|
* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>
|
|
|
|
2.0.89 2009-10-29
|
|
* Add pkgconfig file from Eamon Walsh.
|
|
|
|
2.0.88 2009-10-22
|
|
* Rename and export selinux_reset_config()
|
|
|
|
2.0.87 2009-09-25
|
|
* Add exception handling in libselinux from Dan Walsh. This uses a
|
|
shell script called exception.sh to generate a swig interface file.
|
|
* make swigify
|
|
* Make matchpathcon print <<none>> if path not found in fcontext file.
|
|
|
|
2.0.86 2009-09-02
|
|
* Removal of reference counting on userspace AVC SID's.
|
|
|
|
2.0.85 2009-07-14
|
|
* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
|
|
pthread dependency.
|
|
* Removed fini_context_translations() altogether.
|
|
* Merged lazy init patch from Stephen Smalley based on original patch
|
|
by Steve Grubb.
|
|
|
|
2.0.84 2009-07-07
|
|
* Add per-service seuser support from Dan Walsh.
|
|
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
|
|
|
|
2.0.83 2009-07-07
|
|
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
|
|
Paris.
|
|
|
|
2.0.82 2009-06-19
|
|
* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
|
|
* Label substitution support from Dan Walsh.
|
|
* Support for labeling virtual machine images from Dan Walsh.
|
|
|
|
2.0.81 2009-05-15
|
|
* Trim / from the end of input paths to matchpathcon from Dan Walsh.
|
|
* Fix leak in process_line in label_file.c from Hiroshi Shinji.
|
|
* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
|
|
* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
|
|
|
|
2.0.80 2009-04-07
|
|
* deny_unknown wrapper function from KaiGai Kohei.
|
|
* security_compute_av_flags API from KaiGai Kohei.
|
|
* Netlink socket management and callbacks from KaiGai Kohei.
|
|
|
|
2.0.79 2009-03-11
|
|
* Netlink socket handoff patch from Adam Jackson.
|
|
* AVC caching of compute_create results by Eric Paris.
|
|
|
|
2.0.78 2009-02-27
|
|
* Fix incorrect conversion in discover_class code.
|
|
|
|
2.0.77 2009-01-12
|
|
* add restorecon to python bindings from Dan Walsh.
|
|
|
|
2.0.76 2009-01-08
|
|
* Client support for translating raw contexts to colors via setrans.
|
|
|
|
2.0.75 2008-11-18
|
|
* Allow shell-style wildcards in x_contexts file.
|
|
|
|
2.0.74 2008-11-03
|
|
* Correct message types in AVC log messages.
|
|
|
|
2.0.73 2008-10-14
|
|
* Make matchpathcon -V pass mode from Dan Walsh.
|
|
* Add man page for selinux_file_context_cmp from Dan Walsh.
|
|
|
|
2.0.72 2008-09-29
|
|
* New man pages from Dan Walsh.
|
|
* Update flask headers from refpolicy trunk from Dan Walsh.
|
|
|
|
2.0.71 2008-08-05
|
|
* Add group support to seusers using %groupname syntax from Dan Walsh.
|
|
* Mark setrans socket close-on-exec from Stephen Smalley.
|
|
* Only apply nodups checking to base file contexts from Stephen Smalley.
|
|
|
|
2.0.70 2008-07-30
|
|
* Merge ruby bindings from Dan Walsh.
|
|
|
|
2.0.69 2008-07-29
|
|
* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
|
|
This prevents adding them via semanage.
|
|
|
|
2.0.68 2008-07-18
|
|
* Fix audit2why shadowed variables from Stephen Smalley.
|
|
* Note that freecon NULL is legal in man page from Karel Zak.
|
|
|
|
2.0.67 2008-06-13
|
|
* New and revised AVC, label, and mapping man pages from Eamon Walsh.
|
|
|
|
2.0.66 2008-06-11
|
|
* Add swig python bindings for avc interfaces from Dan Walsh.
|
|
|
|
2.0.65 2008-05-27
|
|
* Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
|
|
* Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
|
|
|
|
2.0.64 2008-04-21
|
|
* Fixed selinux_set_callback man page.
|
|
|
|
2.0.63 2008-04-18
|
|
* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
|
|
|
|
2.0.62 2008-04-18
|
|
* Fix memory leaks in matchpathcon from Eamon Walsh.
|
|
|
|
2.0.61 2008-03-31
|
|
* Man page typo fix from Jim Meyering.
|
|
|
|
2.0.60 2008-03-20
|
|
* Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
|
|
|
|
2.0.59 2008-02-29
|
|
* Merged new X label "poly_selection" namespace from Eamon Walsh.
|
|
|
|
2.0.58 2008-02-28
|
|
* Merged reset_selinux_config() for load policy from Dan Walsh.
|
|
|
|
2.0.57 2008-02-25
|
|
* Merged avc_has_perm() errno fix from Eamon Walsh.
|
|
|
|
2.0.56 2008-02-21
|
|
* Regenerated Flask headers from refpolicy flask definitions.
|
|
|
|
2.0.55 2008-02-08
|
|
* Merged compute_member AVC function and manpages from Eamon Walsh.
|
|
|
|
2.0.54 2008-02-08
|
|
* Provide more error reporting on load policy failures from Stephen Smalley.
|
|
|
|
2.0.53 2008-02-07
|
|
* Merged new X label "poly_prop" namespace from Eamon Walsh.
|
|
|
|
2.0.52 2008-02-06
|
|
* Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.
|
|
|
|
2.0.51 2008-02-05
|
|
* Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.
|
|
|
|
2.0.50 2008-01-28
|
|
* Merged fix for audit2why from Dan Walsh.
|
|
|
|
2.0.49 2008-01-23
|
|
* Merged audit2why python binding from Dan Walsh.
|
|
|
|
2.0.48 2008-01-23
|
|
* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
|
|
|
|
2.0.47 2007-12-21
|
|
* Fix for the avc: granted null message bug from Stephen Smalley.
|
|
|
|
2.0.46 2007-12-07
|
|
* matchpathcon(8) man page update from Dan Walsh.
|
|
|
|
2.0.45 2007-11-20
|
|
* dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
|
|
|
|
2.0.44 2007-11-20
|
|
* Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.
|
|
A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.
|
|
|
|
2.0.43 2007-11-15
|
|
* Regenerated Flask headers from policy.
|
|
|
|
2.0.42 2007-11-08
|
|
* AVC enforcing mode override patch from Eamon Walsh.
|
|
|
|
2.0.41 2007-11-06
|
|
* Aligned attributes in AVC netlink code from Eamon Walsh.
|
|
|
|
2.0.40 2007-11-01
|
|
* Merged refactored AVC netlink code from Eamon Walsh.
|
|
|
|
2.0.39 2007-10-19
|
|
* Merged new X label namespaces from Eamon Walsh.
|
|
|
|
2.0.38 2007-10-15
|
|
* Bux fix and minor refactoring in string representation code.
|
|
|
|
2.0.37 2007-10-05
|
|
* Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
|
|
|
|
2.0.36 2007-09-27
|
|
* Fix segfault resulting from missing file_contexts file.
|
|
|
|
2.0.35 2007-09-24
|
|
* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
|
|
* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
|
|
|
|
2.0.34 2007-09-18
|
|
* Fix selabel option flag setting for 64-bit from Stephen Smalley.
|
|
|
|
2.0.33 2007-09-12
|
|
* Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
|
|
* Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
|
|
|
|
2.0.32 2007-09-10
|
|
* Fix swig binding for rpm_execcon from James Athey.
|
|
|
|
2.0.31 2007-08-23
|
|
* Fix file_contexts.homedirs path from Todd Miller.
|
|
|
|
2.0.30 2007-08-06
|
|
* Fix segfault resulting from uninitialized print-callback pointer.
|
|
|
|
2.0.29 2007-08-02
|
|
* Added x_contexts path function patch from Eamon Walsh.
|
|
|
|
2.0.28 2007-08-01
|
|
* Fix build for EMBEDDED=y from Yuichi Nakamura.
|
|
|
|
2.0.27 2007-07-25
|
|
* Fix markup problems in selinux man pages from Dan Walsh.
|
|
|
|
2.0.26 2007-07-23
|
|
* Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
|
|
* Added swigify to top-level Makefile from Dan Walsh.
|
|
|
|
2.0.25 2007-07-23
|
|
* Fix for string_to_security_class segfault on x86_64 from Stephen
|
|
Smalley.
|
|
|
|
2.0.24 2007-09-07
|
|
* Fix for getfilecon() for zero-length contexts from Stephen Smalley.
|
|
|
|
2.0.23 2007-06-22
|
|
* Refactored SWIG bindings from James Athey.
|
|
|
|
2.0.22 2007-06-20
|
|
* Labeling and callback interface patches from Eamon Walsh.
|
|
|
|
2.0.21 2007-06-11
|
|
* Class and permission mapping support patches from Eamon Walsh.
|
|
|
|
2.0.20 2007-06-07
|
|
* Object class discovery support patches from Chris PeBenito.
|
|
|
|
2.0.19 2007-06-05
|
|
* Refactoring and errno support in string representation code.
|
|
|
|
2.0.18 2007-05-31
|
|
* Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
|
|
This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.
|
|
|
|
2.0.17 2007-05-31
|
|
* Updated Lindent script and reindented two header files.
|
|
|
|
2.0.16 2007-05-09
|
|
* Merged additional swig python bindings from Dan Walsh.
|
|
|
|
2.0.15 2007-04-27
|
|
* Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
|
|
|
|
2.0.14 2007-04-24
|
|
* Merged build fix for avc_internal.c from Joshua Brindle.
|
|
|
|
2.0.13 2007-04-12
|
|
* Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.
|
|
|
|
2.0.12 2007-04-09
|
|
* Merged support for getting initial contexts from James Carter.
|
|
|
|
2.0.11 2007-04-05
|
|
* Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.
|
|
|
|
|
|
2.0.10 2007-04-05
|
|
* Merged sidput(NULL) patch from Eamon Walsh.
|
|
|
|
2.0.9 2007-03-30
|
|
* Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.
|
|
|
|
2.0.8 2007-03-20
|
|
* Merged fix for avc.h #include's from Eamon Walsh.
|
|
|
|
2.0.7 2007-03-12
|
|
* Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
|
|
|
|
2.0.6 2007-03-12
|
|
* Merged patch to drop support for old /etc/sysconfig/selinux and
|
|
/etc/security policy file layout from Steve Grubb.
|
|
|
|
2.0.5 2007-02-27
|
|
* Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.
|
|
|
|
2.0.4 2007-02-23
|
|
* Removed sending of setrans init message.
|
|
|
|
2.0.3 2007-02-22
|
|
* Merged matchpathcon memory leak fix from Steve Grubb.
|
|
|
|
2.0.2 2007-02-21
|
|
* Merged more swig initializers from Dan Walsh.
|
|
|
|
2.0.1 2007-02-20
|
|
* Merged patch from Todd Miller to convert int types over to C99 style.
|
|
|
|
2.0.0 2007-02-01
|
|
* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
|
|
of the use of the non-standard format %as. (original patch changed
|
|
for style).
|
|
* Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
|
|
|
|
1.34.1 2007-01-26
|
|
* Merged python binding fixes from Dan Walsh.
|
|
|
|
1.34.0 2007-01-18
|
|
* Updated version for stable branch.
|
|
|
|
1.33.6 2007-01-17
|
|
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
|
|
|
|
1.33.5 2007-01-16
|
|
* Merged getdefaultcon utility from Dan Walsh.
|
|
|
|
1.33.4 2007-01-11
|
|
* Merged selinux_check_securetty_context() and support from Dan Walsh.
|
|
|
|
1.33.3 2007-01-04
|
|
* Merged patch for matchpathcon utility to use file mode information
|
|
when available from Dan Walsh.
|
|
|
|
1.33.2 2006-11-27
|
|
* Merged patch to compile with -fPIC instead of -fpic from
|
|
Manoj Srivastava to prevent hitting the global offset table
|
|
limit. Patch changed to include libsepol and libsemanage in
|
|
addition to libselinux.
|
|
|
|
1.33.1 2006-10-19
|
|
* Merged updated flask definitions from Darrel Goeddel.
|
|
This adds the context security class, and also adds
|
|
the string definitions for setsockcreate and polmatch.
|
|
|
|
1.32 2006-10-17
|
|
* Updated version for release.
|
|
|
|
1.30.30 2006-10-05
|
|
* Merged patch from Darrel Goeddel to always use untranslated
|
|
contexts in the userspace AVC.
|
|
|
|
1.30.29 2006-09-29
|
|
* Merged av_permissions.h update from Steve Grubb,
|
|
adding setsockcreate and polmatch definitions.
|
|
|
|
1.30.28 2006-09-13
|
|
* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
|
|
* Merged c++ class identifier fix from Joe Nall.
|
|
|
|
1.30.27 2006-08-24
|
|
* Merged patch to not log avc stats upon a reset from Steve Grubb.
|
|
* Applied patch to revert compat_net setting upon policy load.
|
|
|
|
1.30.26 2006-08-11
|
|
* Merged file context homedir and local path functions from
|
|
Chris PeBenito.
|
|
|
|
1.30.25 2006-08-11
|
|
* Rework functions that access /proc/pid/attr to access the
|
|
per-thread nodes, and unify the code to simplify maintenance.
|
|
|
|
1.30.24 2006-08-10
|
|
* Merged return value fix for *getfilecon() from Dan Walsh.
|
|
|
|
1.30.23 2006-08-10
|
|
* Merged sockcreate interfaces from Eric Paris.
|
|
|
|
1.30.22 2006-08-03
|
|
* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
|
|
|
|
1.30.21 2006-08-03
|
|
* Merged netfilter_contexts support patch from Chris PeBenito.
|
|
|
|
1.30.20 2006-08-01
|
|
* Merged context_*_set errno patch from Jim Meyering.
|
|
|
|
1.30.19 2006-06-29
|
|
* Lindent.
|
|
|
|
1.30.18 2006-06-27
|
|
* Merged {get,set}procattrcon patch set from Eric Paris.
|
|
* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
|
|
|
|
1.30.17 2006-06-27
|
|
* Regenerated Flask headers from refpolicy.
|
|
|
|
1.30.16 2006-06-26
|
|
* Merged patch from Dan Walsh with:
|
|
- Added selinux_file_context_{cmp,verify}.
|
|
- Added selinux_lsetfilecon_default.
|
|
- Delay translation of contexts in matchpathcon.
|
|
|
|
1.30.15 2006-06-16
|
|
* Merged patch from Dan Walsh with:
|
|
* Added selinux_getpolicytype() function.
|
|
* Modified setrans code to skip processing if !mls_enabled.
|
|
|
|
1.30.14 2006-06-16
|
|
* Set errno in the !selinux_mnt case.
|
|
|
|
1.30.13 2006-06-02
|
|
* Allocate large buffers from the heap, not on stack.
|
|
Affects is_context_customizable, selinux_init_load_policy,
|
|
and selinux_getenforcemode.
|
|
|
|
1.30.12 2006-06-02
|
|
* Merged !selinux_mnt checks from Ian Kent.
|
|
|
|
1.30.11 2006-05-24
|
|
* Merged matchmediacon and trans_to_raw_context fixes from
|
|
Serge Hallyn.
|
|
|
|
1.30.10 2006-05-22
|
|
* Merged simple setrans client cache from Dan Walsh.
|
|
Merged avcstat patch from Russell Coker.
|
|
|
|
1.30.9 2006-05-22
|
|
* Modified selinux_mkload_policy() to also set /selinux/compat_net
|
|
appropriately for the loaded policy.
|
|
|
|
1.30.8 2006-05-17
|
|
* Added matchpathcon_fini() function to free memory allocated by
|
|
matchpathcon_init().
|
|
|
|
1.30.7 2006-05-16
|
|
* Merged setrans client cleanup patch from Steve Grubb.
|
|
|
|
1.30.6 2006-05-08
|
|
* Merged getfscreatecon man page fix from Dan Walsh.
|
|
* Updated booleans(8) man page to drop references to the old
|
|
booleans file and to note that setsebool can be used to set
|
|
the boot-time defaults via -P.
|
|
|
|
1.30.5 2006-05-05
|
|
* Merged fix warnings patch from Karl MacMillan.
|
|
|
|
1.30.4 2006-05-05
|
|
* Merged setrans client support from Dan Walsh.
|
|
This removes use of libsetrans.
|
|
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
|
|
* Merged swig typemap fixes from Glauber de Oliveira Costa.
|
|
|
|
1.30.3 2006-04-12
|
|
* Added distclean target to Makefile.
|
|
* Regenerated swig files.
|
|
|
|
1.30.2 2006-04-11
|
|
* Changed matchpathcon_init to verify that the spec file is
|
|
a regular file.
|
|
* Merged python binding t_output_helper removal patch from Dan Walsh.
|
|
|
|
1.30.1 2006-03-20
|
|
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
|
|
|
|
1.30 2006-03-14
|
|
* Updated version for release.
|
|
|
|
1.29.8 2006-02-27
|
|
* Altered rpm_execcon fallback logic for permissive mode to also
|
|
handle case where /selinux/enforce is not available.
|
|
|
|
1.29.7 2006-01-20
|
|
* Merged install-pywrap Makefile patch from Joshua Brindle.
|
|
|
|
1.29.6 2006-01-18
|
|
* Merged pywrap Makefile patch from Dan Walsh.
|
|
|
|
1.29.5 2006-01-11
|
|
* Added getseuser test program.
|
|
|
|
1.29.4 2006-01-06
|
|
* Added format attribute to myprintf in matchpathcon.c and
|
|
removed obsoleted rootlen variable in init_selinux_config().
|
|
|
|
1.29.3 2006-01-04
|
|
* Merged several fixes and improvements from Ulrich Drepper
|
|
(Red Hat), including:
|
|
- corrected use of getline
|
|
- further calls to __fsetlocking for local files
|
|
- use of strdupa and asprintf
|
|
- proper handling of dirent in booleans code
|
|
- use of -z relro
|
|
- several other optimizations
|
|
* Merged getpidcon python wrapper from Dan Walsh (Red Hat).
|
|
|
|
1.29.2 2005-12-14
|
|
* Merged call to finish_context_translations from Dan Walsh.
|
|
This eliminates a memory leak from failing to release memory
|
|
allocated by libsetrans.
|
|
|
|
1.29.1 2005-12-08
|
|
* Merged patch for swig interfaces from Dan Walsh.
|
|
|
|
1.28 2005-12-07
|
|
* Updated version for release.
|
|
|
|
1.27.28 2005-12-01
|
|
* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
|
|
modified matchpathcon implementation to make context validation/
|
|
canonicalization optional at matchpathcon_init time, deferring it
|
|
to a successful matchpathcon by default unless the new flag is set
|
|
by the caller.
|
|
|
|
1.27.27 2005-12-01
|
|
* Added matchpathcon_init_prefix() interface, and
|
|
reworked matchpathcon implementation to support selective
|
|
loading of file contexts entries based on prefix matching
|
|
between the pathname regex stems and the specified path
|
|
prefix (stem must be a prefix of the specified path prefix).
|
|
|
|
1.27.26 2005-11-29
|
|
* Merged getsebool patch from Dan Walsh.
|
|
|
|
1.27.25 2005-11-29
|
|
* Added -f file_contexts option to matchpathcon util.
|
|
Fixed warning message in matchpathcon_init().
|
|
|
|
1.27.24 2005-11-29
|
|
* Merged Makefile python definitions patch from Dan Walsh.
|
|
|
|
1.27.23 2005-11-28
|
|
* Merged swigify patch from Dan Walsh.
|
|
|
|
1.27.22 2005-11-15
|
|
* Merged make failure in rpm_execcon non-fatal in permissive mode
|
|
patch from Ivan Gyurdiev.
|
|
|
|
1.27.21 2005-11-08
|
|
* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
|
|
and modified matchpathcon_init() to skip context translation
|
|
if it is set by the caller.
|
|
|
|
1.27.20 2005-11-07
|
|
* Added security_canonicalize_context() interface and
|
|
set_matchpathcon_canoncon() interface for obtaining
|
|
canonical contexts. Changed matchpathcon internals
|
|
to obtain canonical contexts by default. Provided
|
|
fallback for kernels that lack extended selinuxfs context
|
|
interface.
|
|
|
|
1.27.19 2005-11-04
|
|
* Merged seusers parser changes from Ivan Gyurdiev.
|
|
* Merged setsebool to libsemanage patch from Ivan Gyurdiev.
|
|
* Changed seusers parser to reject empty fields.
|
|
|
|
1.27.18 2005-11-03
|
|
* Merged seusers empty level handling patch from Jonathan Kim (TCS).
|
|
|
|
1.27.17 2005-10-27
|
|
* Changed default entry for seusers to use __default__ to avoid
|
|
ambiguity with users named "default".
|
|
|
|
1.27.16 2005-10-27
|
|
* Fixed init_selinux_config() handling of missing /etc/selinux/config
|
|
or missing SELINUXTYPE= definition.
|
|
* Merged selinux_translations_path() patch from Dan Walsh.
|
|
|
|
1.27.15 2005-10-25
|
|
* Added hidden_proto/def for get_default_context_with_role.
|
|
|
|
1.27.14 2005-10-25
|
|
* Merged selinux_path() and selinux_homedir_context_path()
|
|
functions from Joshua Brindle.
|
|
|
|
1.27.13 2005-10-19
|
|
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
|
1.27.12 2005-10-18
|
|
* Merged get_default_context_with_rolelevel and man pages from
|
|
Dan Walsh (Red Hat).
|
|
|
|
1.27.11 2005-10-18
|
|
* Updated call to sepol_policydb_to_image for sepol changes.
|
|
|
|
1.27.10 2005-10-17
|
|
* Changed getseuserbyname to ignore empty lines and to handle
|
|
no matching entry in the same manner as no seusers file.
|
|
|
|
1.27.9 2005-10-13
|
|
* Changed selinux_mkload_policy to try downgrading the
|
|
latest policy version available to the kernel-supported version.
|
|
|
|
1.27.8 2005-10-11
|
|
* Changed selinux_mkload_policy to fall back to the maximum
|
|
policy version supported by libsepol if the kernel policy version
|
|
falls outside of the supported range.
|
|
|
|
1.27.7 2005-10-06
|
|
* Changed getseuserbyname to fall back to the Linux username and
|
|
NULL level if seusers config file doesn't exist unless
|
|
REQUIRESEUSERS=1 is set in /etc/selinux/config.
|
|
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
|
|
|
|
1.27.6 2005-10-06
|
|
* Added selinux_init_load_policy() function as an even higher level
|
|
interface for the initial policy load by /sbin/init. This obsoletes
|
|
the load_policy() function in the sysvinit-selinux.patch.
|
|
|
|
1.27.5 2005-10-06
|
|
* Added selinux_mkload_policy() function as a higher level interface
|
|
for loading policy than the security_load_policy() interface.
|
|
|
|
1.27.4 2005-10-05
|
|
* Merged fix for matchpathcon (regcomp error checking) from Johan
|
|
Fischer. Also added use of regerror to obtain the error string
|
|
for inclusion in the error message.
|
|
|
|
1.27.3 2005-10-03
|
|
* Changed getseuserbyname to not require (and ignore if present)
|
|
the MLS level in seusers.conf if MLS is disabled, setting *level
|
|
to NULL in this case.
|
|
|
|
1.27.2 2005-09-30
|
|
* Merged getseuserbyname patch from Dan Walsh.
|
|
|
|
1.27.1 2005-09-19
|
|
* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
|
|
This allows file_contexts with MLS fields to be processed on
|
|
non-MLS-enabled systems with policies that are otherwise
|
|
identical (e.g. same type definitions).
|
|
* Merged get_ordered_context_list_with_level() function from
|
|
Dan Walsh, and added get_default_context_with_level().
|
|
This allows MLS level selection for users other than the
|
|
default level.
|
|
|
|
1.26 2005-09-06
|
|
* Updated version for release.
|
|
|
|
1.25.7 2005-09-01
|
|
* Merged modified form of patch to avoid dlopen/dlclose by
|
|
the static libselinux from Dan Walsh. Users of the static libselinux
|
|
will not have any context translation by default.
|
|
|
|
1.25.6 2005-08-31
|
|
* Added public functions to export context translation to
|
|
users of libselinux (selinux_trans_to_raw_context,
|
|
selinux_raw_to_trans_context).
|
|
|
|
1.25.5 2005-08-26
|
|
* Remove special definition for context_range_set; use
|
|
common code.
|
|
|
|
1.25.4 2005-08-25
|
|
* Hid translation-related symbols entirely and ensured that
|
|
raw functions have hidden definitions for internal use.
|
|
* Allowed setting NULL via context_set* functions.
|
|
* Allowed whitespace in MLS component of context.
|
|
* Changed rpm_execcon to use translated functions to workaround
|
|
lack of MLS level on upgraded systems.
|
|
|
|
1.25.3 2005-08-23
|
|
* Merged context translation patch, originally by TCS,
|
|
with modifications by Dan Walsh (Red Hat).
|
|
|
|
1.25.2 2005-08-11
|
|
* Merged several fixes for error handling paths in the
|
|
AVC sidtab, matchpathcon, booleans, context, and get_context_list
|
|
code from Serge Hallyn (IBM). Bugs found by Coverity.
|
|
|
|
1.25.1 2005-08-10
|
|
* Removed setupns; migrated to pam.
|
|
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
|
|
Original symbol is temporarily retained for compatibility until
|
|
all callers are updated.
|
|
|
|
1.24 2005-06-20
|
|
* Updated version for release.
|
|
|
|
1.23.12 2005-06-13
|
|
* Merged security_setupns() from Chad Sellers.
|
|
|
|
1.23.11 2005-05-19
|
|
* Merged avcstat and selinux man page from Dan Walsh.
|
|
* Changed security_load_booleans to process booleans.local
|
|
even if booleans file doesn't exist.
|
|
|
|
1.23.10 2005-04-29
|
|
* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
|
|
|
|
1.23.9 2005-04-26
|
|
* Rewrote get_ordered_context_list and helpers, including
|
|
changing logic to allow variable MLS fields.
|
|
|
|
1.23.8 2005-04-25
|
|
* Merged matchpathcon and man page patch from Dan Walsh.
|
|
|
|
1.23.7 2005-04-12
|
|
* Changed boolean functions to return -1 with errno ENOENT
|
|
rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
|
|
mounted).
|
|
|
|
1.23.6 2005-04-08
|
|
* Fixed bug in matchpathcon_filespec_destroy.
|
|
|
|
1.23.5 2005-04-05
|
|
* Fixed bug in rpm_execcon error handling path.
|
|
|
|
1.23.4 2005-04-04
|
|
* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
|
|
* Merged fix for getconlist utility from Andreas Steinmetz.
|
|
|
|
1.23.3 2005-03-29
|
|
* Merged security_set_boolean_list patch from Dan Walsh.
|
|
This introduces booleans.local support for setsebool.
|
|
|
|
1.23.2 2005-03-17
|
|
* Merged destructors patch from Tomas Mraz.
|
|
|
|
1.23.1 2005-03-16
|
|
* Added set_matchpathcon_flags() function for setting flags
|
|
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
|
|
means only process the base file_contexts file, not
|
|
file_contexts.homedirs or file_contexts.local, and is for use by
|
|
setfiles -c.
|
|
* Updated matchpathcon.3 man page.
|
|
|
|
1.22 2005-03-09
|
|
* Updated version for release.
|
|
|
|
1.21.13 2005-03-08
|
|
* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
|
|
|
|
1.21.12 2005-03-01
|
|
* Changed matchpathcon_common to ignore any non-format bits in the mode.
|
|
|
|
1.21.11 2005-02-22
|
|
* Merged several fixes from Ulrich Drepper.
|
|
|
|
1.21.10 2005-02-17
|
|
* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
|
|
* Added selinux_users_path() for path to directory containing
|
|
system.users and local.users.
|
|
|
|
1.21.9 2005-02-09
|
|
* Changed relabel Makefile target to use restorecon.
|
|
|
|
1.21.8 2005-02-07
|
|
* Regenerated av_permissions.h.
|
|
|
|
1.21.7 2005-02-01
|
|
* Modified avc_dump_av to explicitly check for any permissions that
|
|
cannot be mapped to string names and display them as a hex value.
|
|
|
|
1.21.6 2005-01-31
|
|
* Regenerated av_permissions.h.
|
|
|
|
1.21.5 2005-01-28
|
|
* Generalized matchpathcon internals, exported more interfaces,
|
|
and moved additional code from setfiles into libselinux so that
|
|
setfiles can directly use matchpathcon.
|
|
|
|
1.21.4 2005-01-27
|
|
* Prevent overflow of spec array in matchpathcon.
|
|
|
|
1.21.3 2005-01-26
|
|
* Fixed several uses of internal functions to avoid relocations.
|
|
* Changed rpm_execcon to check is_selinux_enabled() and fallback to
|
|
a regular execve if not enabled (or unable to determine due to a lack
|
|
of /proc, e.g. chroot'd environment).
|
|
|
|
|
|
1.21.2 2005-01-24
|
|
* Merged minor fix for avcstat from Dan Walsh.
|
|
|
|
1.21.1 2005-01-19
|
|
* Merged patch from Dan Walsh, including:
|
|
- new is_context_customizable function
|
|
- changed matchpathcon to also use file_contexts.local if present
|
|
- man page cleanups
|
|
|
|
1.20 2005-01-04
|
|
* Changed matchpathcon to return -1 with errno ENOENT for
|
|
<<none>> entries, and also for an empty file_contexts configuration.
|
|
* Removed some trivial utils that were not useful or redundant.
|
|
* Changed BINDIR default to /usr/sbin to match change in Fedora.
|
|
* Added security_compute_member.
|
|
* Added man page for setcon.
|
|
* Merged more man pages from Dan Walsh.
|
|
* Merged avcstat from James Morris.
|
|
* Merged build fix for mips from Manoj Srivastava.
|
|
* Merged C++ support from John Ramsdell of MITRE.
|
|
* Merged setcon() function from Darrel Goeddel of TCS.
|
|
* Merged setsebool/togglesebool enhancement from Steve Grubb.
|
|
* Merged cleanup patches from Steve Grubb.
|
|
|
|
1.18 2004-11-01
|
|
* Merged cleanup patches from Steve Grubb.
|
|
* Added rpm_execcon.
|
|
* Merged setenforce and removable context patch from Dan Walsh.
|
|
* Merged build fix for alpha from Ulrich Drepper.
|
|
* Removed copyright/license from selinux_netlink.h - definitions only.
|
|
* Merged matchmediacon from Dan Walsh.
|
|
* Regenerated headers for new nscd permissions.
|
|
* Added get_default_context_with_role.
|
|
* Added set_matchpathcon_printf.
|
|
* Reworked av_inherit.h to allow easier re-use by kernel.
|
|
* Changed avc_has_perm_noaudit to not fail on netlink errors.
|
|
* Changed avc netlink code to check pid based on patch by Steve Grubb.
|
|
* Merged second optimization patch from Ulrich Drepper.
|
|
* Changed matchpathcon to skip invalid file_contexts entries.
|
|
* Made string tables private to libselinux.
|
|
* Merged strcat->stpcpy patch from Ulrich Drepper.
|
|
* Merged matchpathcon man page from Dan Walsh.
|
|
* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
|
|
* Autobind netlink socket.
|
|
* Dropped compatibility code from security_compute_user.
|
|
* Merged fix for context_range_set from Chad Hanson.
|
|
* Merged allocation failure checking patch from Chad Hanson.
|
|
* Merged avc netlink error message patch from Colin Walters.
|
|
|
|
1.16 2004-08-19
|
|
* Regenerated headers for nscd class.
|
|
* Merged man pages from Dan Walsh.
|
|
* Merged context_new bug fix for MLS ranges from Chad Hanson.
|
|
* Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
|
|
* Renamed change_bool and show_bools to setsebool and getsebool.
|
|
* Merged security_load_booleans() function from Dan Walsh.
|
|
* Added selinux_booleans_path() function.
|
|
* Changed avc_init function prototype to use const.
|
|
* Regenerated headers for crontab permission.
|
|
* Added checkAccess from Dan Walsh.
|
|
* Merged getenforce patch from Dan Walsh.
|
|
* Regenerated headers for dbus classes.
|
|
|
|
1.14 2004-06-16
|
|
* Regenerated headers for fine-grained netlink classes.
|
|
* Merged selinux_config bug fix from Dan Walsh.
|
|
* Added userspace AVC man pages.
|
|
* Added man links for API calls to existing man pages documenting them.
|
|
* Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
|
|
* Merged patch to determine config file paths at runtime to support
|
|
reorganized layout.
|
|
* Regenerated flask headers with stable ordering.
|
|
* Merged patch for man pages from Russell Coker.
|
|
|
|
1.12 2004-05-10
|
|
* Updated flask files to include new SE-X security classes.
|
|
* Added security_disable function for runtime disable of SELinux prior
|
|
to initial policy load (for /sbin/init).
|
|
* Changed get_ordered_context_list to omit any reachable contexts
|
|
that are not explicitly listed in default_contexts, unless there
|
|
are no matches.
|
|
* Merged man pages from Russell Coker and Dan Walsh.
|
|
* Merged memory leak fixes from Dan Walsh.
|
|
* Merged policyvers errno patch from Chris PeBenito.
|
|
|
|
1.10 2004-04-05
|
|
* Merged getenforce patch from Dan Walsh.
|
|
* Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
|
|
the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
|
|
Based on a patch by Russell Coker.
|
|
* Merged matchpathcon buffer size fix from Dan Walsh.
|
|
|
|
1.8 2004-03-09
|
|
* Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
|
|
* Added matchpathcon function.
|
|
* Updated userspace AVC to handle netlink selinux notifications.
|
|
|
|
1.6 2004-02-18
|
|
* Merged conditional policy extensions from Tresys Technology.
|
|
* Added userspace avc and SID table implementation.
|
|
* Fixed type on size in getpeercon per Thorsten Kukuk's advice.
|
|
* Fixed use of getpwnam_r per Thorsten Kukuk's advice.
|
|
* Changed to use getpwnam_r rather than getpwnam internally to
|
|
avoid clobbering any existing pwd struct obtained by the caller.
|
|
* Added getpeercon function to encapsulate getsockopt SO_PEERSEC
|
|
and handle allocation ala getfilecon.
|
|
* Changed is_selinux_enabled to return -1 on errors.
|
|
* Changed to discover selinuxfs mount point via /proc/mounts
|
|
so that the mount point can be changed without rebuilding.
|
|
|
|
1.4 2003-12-01
|
|
* Merged another cleanup patch from Bastian Blank and Joerg Hoh.
|
|
* Regenerate headers for new permissions.
|
|
* Merged static lib build patch from Bastian Blank and Joerg Hoh.
|
|
* Export SELINUXMNT definition, add SELINUXPOLICY definition.
|
|
* Add functions to provide access to enforce and policyvers.
|
|
* Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
|
|
* Fixed type for 'size' in *getfilecon.
|
|
* Dropped -lattr and changed #include's to <sys/xattr.h>
|
|
* Merged patch to move shared library to /lib from Dan Walsh.
|
|
* Changed get_ordered_context_list to support a failsafe context.
|
|
* Added selinuxenabled utility.
|
|
* Merged const patch from Thorsten Kukuk.
|
|
|
|
1.2 2003-09-30
|
|
* Change is_selinux_enabled to fail if policy isn't loaded.
|
|
* Changed Makefiles to allow non-root rpm builds.
|
|
* Added -lattr for libselinux.so to ensure proper binding.
|
|
|
|
1.1 2003-08-13
|
|
* Ensure that context strings are padded with a null byte
|
|
in case the kernel didn't include one.
|
|
* Regenerate headers, update helpers.c for code cleanup.
|
|
* Pass soname flag to linker (Colin Walters).
|
|
* Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
|
|
|
|
1.0 2003-07-11
|
|
* Initial public release.
|