Update Changelog and VERSION for release 2.20210203.
Signed-off-by: Chris PeBenito <pebenito@ieee.org>
This commit is contained in:
parent
ff983a6239
commit
11612378e7
193
Changelog
193
Changelog
@ -1,3 +1,196 @@
|
||||
* Wed Feb 03 2021 Chris PeBenito <pebenito@ieee.org> - 2.20210203
|
||||
(GalaxyMaster) (1):
|
||||
added policy for systemd-socket-proxyd
|
||||
|
||||
0xC0ncord (1):
|
||||
userdomain, xserver: move xdg rules to userdom_xdg_user_template
|
||||
|
||||
Anthony PERARD (1):
|
||||
xen: Allow xenstored to map /proc/xen/xsd_kva
|
||||
|
||||
Antoine Tenart (15):
|
||||
udev: allow udevadm to retrieve xattrs
|
||||
locallogin: allow login to get attributes of procfs
|
||||
logging: allow systemd-journal to write messages to the audit socket
|
||||
sysnetwork: allow to read network configuration files
|
||||
dbus: add two interfaces to allow reading from directories and named
|
||||
sockets
|
||||
dbus: allow clients to list runtime dirs and named sockets
|
||||
systemd: add extra systemd_generator_t rules
|
||||
systemd: allow systemd-hwdb to search init runtime directories
|
||||
systemd: allow systemd-network to get attributes of fs
|
||||
systemd: allow systemd-resolve to read in tmpfs
|
||||
corecommands: add entry for Busybox shell
|
||||
systemd: allow systemd-getty-generator to read and write unallocated ttys
|
||||
systemd: allow systemd-network to list the runtime directory
|
||||
ntp: allow systemd-timesyn to watch dbus objects
|
||||
ntp: allow systemd-timesyn to setfscreate
|
||||
|
||||
Chris PeBenito (117):
|
||||
Merge branch 'acpid_shutdown' of https://github.com/jpds/refpolicy into
|
||||
jpds-acpid_shutdown
|
||||
.travis.yml: Point selint at only the policy dir.
|
||||
corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module
|
||||
version bump.
|
||||
systemd: Move systemd-pstore block up in alphabetical order.
|
||||
Switch to GitHub actions for CI actions.
|
||||
systemd: Whitespace changes.
|
||||
systemd: Rename systemd_connectto_socket_proxyd_unix_sockets() to
|
||||
systemd_stream_connect_socket_proxyd().
|
||||
Drop criteria on github actions.
|
||||
userdomain: Fix error in calling userdom_xdg_user_template().
|
||||
systemd: Add systemd-tty-ask watch for /run/systemd/ask-password.
|
||||
Makefile: Add -E to setfiles labeling targets.
|
||||
udev: Drop udev_tbl_t.
|
||||
udev: Systemd 246 merged udev and udevadm executables.
|
||||
devicekit: Udisks uses udevadm, it does not exec udev.
|
||||
Remove modules for programs that are deprecated or no longer supported.
|
||||
chromium: Whitespace changes.
|
||||
chromium: Move naclhelper lines.
|
||||
certbot: Whitespace changes.
|
||||
certbot: Drop aliases since they have never had the old names in
|
||||
refpolicy.
|
||||
certbot: Reorder fc lines.
|
||||
miscfiles: Rename miscfiles_manage_generic_tls_privkey_lnk_files.
|
||||
userdomain: Move lines.
|
||||
certbot: Fix lint issues.
|
||||
memlockd: Move lines.
|
||||
memlockd: Whitespace fixes.
|
||||
memlockd: Fix lint issue.
|
||||
file_patterns.spt: Add a mmap_manage_files_pattern().
|
||||
apache, mysql, postgrey, samba, squid: Apply new
|
||||
mmap_manage_files_pattern().
|
||||
devicekit, jabber, samba: Move lines.
|
||||
cron: Make backup call for system_cronjob_t optional.
|
||||
samba: Fix samba_runtime_t alias use.
|
||||
samba: Move service interface definitions.
|
||||
sysnetwork: Merge dhcpc_manage_samba tunable block with existing samba
|
||||
block.
|
||||
samba: Add missing userspace class requirements in unit interfaces.
|
||||
apache: Fix lint error.
|
||||
apache: Really fix lint error.
|
||||
aptcacher: Drop broken config interfaces.
|
||||
samba: Fix lint error.
|
||||
0xC0ncord/feature/sudodomain_http_connect_boolean
|
||||
0xC0ncord/bugfix/systemd_system_custom_unit_fc
|
||||
dpkg, aptcatcher, milter, mysql, systemd: Rename interfaces.
|
||||
apt, bootloader: Move lines.
|
||||
systemd: Move lines.
|
||||
systemd: Fix lint errors.
|
||||
systemd: Rename systemd_use_machined_devpts().
|
||||
Bump module versions for release.
|
||||
|
||||
Christian Göttsche (16):
|
||||
postfixpolicyd: split multi-class rule
|
||||
init/systemd: allow systemd to map the SELinux status page
|
||||
selinux: add selinux_use_status_page and deprecate
|
||||
selinux_map_security_files
|
||||
genhomedircon: drop backwards compatibility section
|
||||
genhomedircon: require match for home directory name
|
||||
genhomedircon: drop unused functions
|
||||
genhomedircon: generate file contexts for %{USERNAME} and %{USERID}
|
||||
genhomedircon: misc pylint cleanup
|
||||
genhomedircon: improve error messages for min uid search
|
||||
Rules.monolithic: ignore version mismatch
|
||||
gitignore: ignore monolithic generated files
|
||||
Preset OUTPUT_POLICY to 32
|
||||
Rules.monolithic: do not suppress load_policy warning messages
|
||||
Rules.monolithic: tweak checkpolicy arguments
|
||||
Rules.monolithic: drop dead variable
|
||||
Rules.monolithic: add missing phony declarations
|
||||
|
||||
Daniel Burgener (4):
|
||||
Allow init to mount over the system bus
|
||||
Allow systemd-ask-password to watch files
|
||||
Use self keyword when an AV rule source type matches destination
|
||||
Fix typo in comment
|
||||
|
||||
Dannick Pomerleau (1):
|
||||
access_vectors: Add new capabilities to cap2
|
||||
|
||||
Dave Sugar (9):
|
||||
Looks like this got dropped in pull request #294
|
||||
Allow snmpd to read hwdata
|
||||
Updates for corosync to work in enforcing
|
||||
To get pacemaker working in enforcing
|
||||
pacemaker systemd permissions
|
||||
Allow pacemaker to map/read/write corosync shared memory files
|
||||
Allow systemd-modules-load to search kernel keys
|
||||
pcs_snmpd_agent_t fix denials to allow it to read needed queues
|
||||
Work with xdg module disabled
|
||||
|
||||
David Schadlich (1):
|
||||
add policy for pcs_snmp_agent
|
||||
|
||||
Deepak Rawat (1):
|
||||
Add selinux-policy for systemd-pstore service
|
||||
|
||||
Dominick Grift (1):
|
||||
bind: add a few fc specs for unbound
|
||||
|
||||
Guido Trentalancia (1):
|
||||
Add LVM module permissions needed to open cryptsetup devices.
|
||||
|
||||
Jason Zaman (5):
|
||||
userdomain: Add watch on home dirs
|
||||
getty: allow watching file /run/agetty.reload
|
||||
Add transition on gentoo init_t to openrc
|
||||
init: upstream fcontexts from gentoo policy
|
||||
systemd: make remaining dbus_* optional
|
||||
|
||||
Jonathan Davies (8):
|
||||
acpi.te: Allow acpid_t to shutdown the system - this is required to handle
|
||||
shutdown calls from libvirt. Fixes #298.
|
||||
acpi.te: Removed unnecessary init_write_initctl().
|
||||
userdomain.if: Marked usbguard user modify tunable as optional so usbguard
|
||||
may be excluded.
|
||||
portage: Added /var/cache/distfiles path.
|
||||
init: Added fcontext for openrc-init.
|
||||
init: Added fcontext for openrc-shutdown.
|
||||
apps/screen.fc: Added fcontext for tmux xdg directory.
|
||||
apps/screen.te: Allow screen to search xdg directories.
|
||||
|
||||
Kenton Groombridge (11):
|
||||
devices: add interface for IOCTL on input devices
|
||||
virt: add boolean to allow evdev passthrough
|
||||
stunnel: add log type and rules
|
||||
fail2ban: allow reading systemd journal
|
||||
spamassassin: add rspamd support and tunable
|
||||
apache: add interface for list dir perms on httpd content
|
||||
sudo: add tunable for HTTP connections
|
||||
init: label systemd units in /etc
|
||||
certbot: add support for acme.sh
|
||||
lvm: add lvm_tmpfs_t type and rules
|
||||
Various fixes
|
||||
|
||||
Peter Morrow (1):
|
||||
selinux: add selinux_get_all_booleans() interface
|
||||
|
||||
Richard Haines (1):
|
||||
Ensure correct monolithic binary policy is loaded
|
||||
|
||||
Russell Coker (11):
|
||||
base chrome/chromium patch fixed
|
||||
latest iteration of certbot policy as patch
|
||||
yet more strict patches fixed
|
||||
remove deprecated from 20190201
|
||||
more Chrome stuff
|
||||
latest memlockd patch
|
||||
misc services patches with changes Dominick and Chris wanted
|
||||
misc network patches with Dominick's changes*2
|
||||
new version of filetrans patch
|
||||
misc apps and admin patches
|
||||
machined
|
||||
|
||||
Yi Zhao (1):
|
||||
sysnet: allow dhcpcd to create socket file
|
||||
|
||||
bauen1 (4):
|
||||
systemd: private type for /run/systemd/userdb
|
||||
authlogin: connect to userdb
|
||||
systemd-logind: utilize nsswitch
|
||||
selint: fix S-010
|
||||
|
||||
* Tue Aug 18 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200818
|
||||
Alexander Miroshnichenko (2):
|
||||
openvpn: more versatile file context regex for ipp.txt
|
||||
|
Loading…
Reference in New Issue
Block a user