selinux-refpolicy/Changelog
2013-04-24 16:14:52 -04:00

217 lines
9.8 KiB
Plaintext

* Wed Apr 24 2013 Chris PeBenito <selinux@tresys.com> - 2.20130424
Chris PeBenito (78):
Mcelog update from Guido Trentalancia.
Add bird contrib module from Dominick Grift.
Minor whitespace fix in udev.fc
Module version bump for udev binary location update from Sven Vermeulen.
clarify the file_contexts.subs_dist configuration file usage from Guido
Trentalancia
Update contrib.
Remove trailing / from paths
Module version bump for fc substitutions optimizations from Sven
Vermeulen.
Update contrib.
Module version bump for /run/dhcpc directory creation by dhcp from Sven
Vermeulen.
Module version bump for fc fixes in devices module from Dominick Grift.
Update contrib.
Module version bump for /dev/mei type and label from Dominick Grift.
Module version bump for init_daemon_run_dirs usage from Sven Vermeulen.
Module version bump for lost+found labeling in /var/log from Guido
Trentalancia.
Module version bump for loop-control patch.
Turn off all tunables by default, from Guido Trentalancia.
Add /usr/lib to TEST_TOOLCHAIN LD_LIBRARY_PATH.
Module version bump for various changes from Sven Vermeulen.
Module version bump for ports update from Dominick Grift.
Module version bump for Debian file context updates from Laurent
Bigonville.
Update contrib.
Update contrib.
split kmod fc into two lines.
Module version bump for kmod fc from Laurent Bigonville.
Module version bump for cfengine fc change from Dominick Grift.
Module verision bump for Debian cert file fc update from Laurent
Bigonville.
Module version bump for ipsec net sysctls reading from Miroslav Grepl.
Module version bump for srvloc port definition from Dominick Grift.
Rename cachefiles_dev_t to cachefiles_device_t.
Module version bump for cachefiles core support.
Module version bump for changes from Dominick Grift and Sven Vermeulen.
Module version bump for modutils patch from Dominick Grift.
Module version bump for dhcp6 ports, from Russell Coker.
Rearrange new xserver interfaces.
Rename new xserver interfaces.
Module version bump for xserver interfaces from Dominick Grift.
Move kernel_stream_connect() declaration.
Module version bump for kernel_stream_connect() from Dominick Grift.
Rename logging_search_all_log_dirs to logging_search_all_logs
Module version bump for minor logging and sysnet changes from Sven
Vermeulen.
Module version bump for dovecot libs from Mika Pflueger.
Rearrange interfaces in files, clock, and udev.
Module version bump for interfaces used by virt from Dominick Grift.
Module version bump for arping setcap from Dominick Grift.
Rearrange devices interfaces.
Module version bump/contrib sync.
Rearrange lines.
Module version bump for user home content fixes from Dominick Grift.
Rearrange files interfaces.
Module version bump for Gentoo openrc fixes for /run from Sven Vermeulen.
Update contrib.
Whitespace fix in miscfiles.fc.
Adjust man cache interface names.
Module version bump for man cache from Dominick Grift.
Module version bump for Debian ssh-keysign location from Laurent
Bigonville.
Module version bump for userdomain portion of XDG updates from Dominick
Grift.
Module version bump for iptables fc entry from Sven Vermeulen and inn log
from Dominick Grift.
Module version bump for logging and tcpdump fixes from Sven Vermeulen.
Move mcs_constrained() impementation.
Module version bump for mcs_constrained from Dominick Grift.
Update contrib.
Module version bump from Debian changes from Laurent Bigonville.
Module version bump for zfs labeling from Matthew Thode.
Module version bump for misc updates from Sven Vermeulen.
Update contrib.
Module version bump for fixes from Dominick Grift.
Module version bump for Debian updates from Laurent Bigonville.
Fix bug in userdom_delete_all_user_home_content_files() from Kohei KaiGai.
Update contrib
Fix fc_sort.c warning uncovered by recent gcc
Module version bump for chfn fixes from Sven Vermeulen.
Add swapoff fc entry.
Add conntrack fc entry.
Update contrib.
Update contrib
Archive old Changelog for log format change.
Bump module versions for release.
Dominick Grift (40):
There can be more than a single watchdog interface
Fix a suspected typo
Intel® Active Management Technology
Declare a loop control device node type and label /dev/loop-control
accordingly
Declare port types for ports used by Fedora but use /etc/services for port
names rather than using fedora port names. If /etc/services does not
have a port name for a port used by Fedora, skip for now.
Remove var_log_t file context spec
svrloc port type declaration from slpd policy module
Declare a cachfiles device node type
Implement files_create_all_files_as() for cachefilesd
Restricted Xwindows user domains run windows managers in the windows
managers domain
Declare a cslistener port type for phpfpm
Changes to the sysnetwork policy module
Changes to the userdomain policy module
Changes to the bootloader policy module
Changes to the modutils policy module
Changes to the xserver policy module
Changes to various policy modules
Changes to the kernel policy module
For svirt_lxc_domain
For svirt_lxc_domain
For svirt_lxc_domain
For virtd lxc
For virtd_lxc
For virtd_lxc
For virtd lxc
For virtd lxc
For virtd
Arping needs setcap to cap_set_proc
For virtd
Changes to the user domain policy module
Samhain_admin() now requires a role for the role_transition from $1 to
initrc_t via samhain_initrc_exec_t
Changes to the user domain policy module
Label /var/cache/man with a private man cache type for mandb
Create a attribute user_home_content_type and assign it to all types that
are classified userdom_user_home_content()
These two attribute are unused
System logger creates innd log files with a named file transition
Implement mcs_constrained_type
Changes to the init policy module
Changes to the userdomain policy module
NSCD related changes in various policy modules
Guido Trentalancia (1):
add lost+found filesystem labels to support NSA security guidelines
Laurent Bigonville (21):
Add Debian locations for GDM 3
Add Debian location for udisks helpers
Add insmod_exec_t label for kmod executable
Add Debian location for PKI files
Add Debian location for ssh-keysign
Properly label all the ssh host keys
Allow udev_t domain to read files labeled as consolekit_var_run_t
authlogin.if: Add auth_create_pam_console_data_dirs and
auth_pid_filetrans_pam_var_console interfaces
Label /etc/rc.d/init.d/x11-common as xdm_exec_t
Drop /etc/rc.d/init.d/xfree86-common filecontext definition
Label /var/run/shm as tmpfs_t for Debian
Label /var/run/motd.dynamic as initrc_var_run_t
Label /var/run/initctl as initctl_t
udev.if: Call files_search_pid instead of files_search_var_lib in
udev_manage_pid_files
Label executables in /usr/lib/NetworkManager/ as bin_t
Add support for rsyslog
Label var_lock_t as a mountpoint
Add mount_var_run_t type and allow mount_t domain to manage the files and
directories
Add initrc_t to use block_suspend capability
Label executables under /usr/lib/gnome-settings-daemon/ as bin_t
Label nut drivers that are installed in /lib/nut on Debian as bin_t
Matthew Thode (1):
Implement zfs support
Mika Pflüger (2):
Debian locations of gvfs and kde4 libexec binaries in /usr/lib
Explicitly label dovecot libraries lib_t for debian
Miroslav Grepl (1):
Allow ipsec to read kernel sysctl
Paul Moore (1):
flask: add the attach_queue permission to the tun_socket object class
Russell Coker (1):
Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for
client control
Sven Vermeulen (27):
New location for udevd binary
Use substititions for /usr/local/lib and /etc/init.d
DHCP client's hooks create /run/dhcpc directory
Introduce init_daemon_run_dir transformation
Use the init_daemon_run_dir interface for udev
Allow initrc_t to create run dirs for core modules
Puppet uses mount output for verification
Allow syslogd to create /var/lib/syslog and
/var/lib/misc/syslog-ng.persist
Gentoo's openrc does not require initrc_exec_t for runscripts anymore
Allow init scripts to read courier configuration
Allow search within postgresql var directory for the stream connect
interface
Introduce logging_getattr_all_logs interface
Introduce logging_search_all_log_dirs interface
Support flushing routing cache
Allow init to set attributes on device_t
Introduce files_manage_all_pids interface
Gentoo openrc migrates /var/run and /var/lock data to /run(/lock)
Update files_manage_generic_locks with directory permissions
Run ipset in iptables domain
tcpdump chroots into /var/lib/tcpdump
Remove generic log label for cron location
Postgresql 9.2 connects to its unix stream socket
lvscan creates the /run/lock/lvm directory if nonexisting (v2)
Allow syslogger to manage cron log files (v2)
Allow initrc_t to read stunnel configuration
Introduce exec-check interfaces for passwd binaries and useradd binaries
chfn_t reads in file context information and executes nscd