| * Fixed typo/grammatical error, from Christopher Peterson. |
| * Fix typo in semanage-port man page, from Andrew Spiers. |
| |
| 2.4 2015-02-02 |
| * Fix bugs found by hardened gcc flags, from Nicolas Iooss. |
| * Improve support for building with different versions of python from |
| Nicolas Iooss. |
| * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, |
| from Dan Walsh |
| * Remove cgroups from sandbox, from Dan Walsh |
| * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski |
| * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley |
| * Add a store root path in semodule, from Yuli Khodorkovskiy |
| * Add a flag to ignore cached CIL files and recompile HLL modules, from |
| Yuli Khodorkovskiy |
| * Add and install HLL compiler for policy packages to CIL. The compiler is |
| installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence |
| * Fixes to pp compiler to better support roles and type attributes, from |
| Yuli Khodorkovskiy |
| * Deprecate base/upgrade/version in semodule. Calling these commands will |
| now call --install on the backend, from Yuli Khodorkovskiy |
| * Add ability to install modules with a specified priority, from Caleb |
| Case |
| * Use /tmp for permissive module creation, by Caleb Case |
| * Update semanage to use new source policy infrastructure, from Jason Dana |
| * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent |
| Bigonville |
| |
| 2.3 2014-05-06 |
| * Add -P semodule option to man page from Dan Walsh. |
| * selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh. |
| * Add new icons for sepolicy gui from Dan Walsh. |
| * Only return writeable files that are enabled from Dan Walsh. |
| * Add domain to short list of domains, when -t and -d from Dan Walsh. |
| * Fix up desktop files to match current standards from Dan Walsh. |
| * Add support to return sensitivities and categories for python from Dan Walsh. |
| * Cleanup whitespace from Dan Walsh. |
| * Add message to tell user to install sandbox policy from Dan Walsh. |
| * Add systemd unit file for mcstrans from Laurent Bigonville. |
| * Improve restorecond systemd unit file from Laurent Bigonville. |
| * Minor man pages improvements from Laurent Bigonville. |
| |
| 2.2.5 2013-12-09 |
| * Ignore selevel/serange if MLS is disabled from Sven Vermeulen. |
| |
| 2.2.4 2013-11-26 |
| * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems. |
| |
| 2.2.3 2013-11-13 |
| * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh. |
| * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh. |
| |
| 2.2.2 2013-11-06 |
| * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. |
| |
| 2.2.1 2013-10-31 |
| * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. |
| * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh. |
| |
| 2.2 2013-10-30 |
| * Properly build the swig exception file from Laurent Bigonville. |
| * Fix man pages from Laurent Bigonville. |
| * Support overriding PATH and INITDIR in Makefile from Laurent Bigonville. |
| * Fix LDFLAGS usage from Laurent Bigonville. |
| * Fix init_policy warning from Laurent Bigonville. |
| * Fix semanage logging from Laurent Bigonville. |
| * Open newrole stdin as read/write from Sven Vermeulen. |
| * Fix sepolicy transition from Sven Vermeulen. |
| * Support overriding CFLAGS from Simon Ruderich. |
| * Create correct man directory for run_init from Russell Coker. |
| * restorecon GLOB_BRACE change from Michal Trunecka. |
| * Extend audit2why to report additional constraint information. |
| * Catch IOError errors within audit2allow from Dan Walsh. |
| * semanage export/import fixes from Dan Walsh. |
| * Improve setfiles progress reporting from Dan Walsh. |
| * Document setfiles -o option in usage from Dan Walsh. |
| * Change setfiles to always return -1 on failure from Dan Walsh. |
| * Improve setsebool error r eporting from Dan Walsh. |
| * Major overhaul of gui from Dan Walsh. |
| * Fix sepolicy handling of non-MLS policy from Dan Walsh. |
| * Support returning type aliases from Dan Walsh. |
| * Add sepolicy tests from Dan Walsh. |
| * Add org.selinux.config.policy from Dan Walsh. |
| * Improve range and user input checking by semanage from Dan Walsh. |
| * Prevent source or target arguments that end with / for substitutions from Dan Walsh. |
| * Allow use of <<none>> for semanage fcontext from Dan Walsh. |
| * Report customized user levels from Dan Walsh. |
| * Support deleteall for restoring disabled modules from Dan Walsh. |
| * Improve semanage error reporting from Dan Walsh. |
| * Only list disabled modules for module locallist from Dan Walsh. |
| * Fix logging from Dan Walsh. |
| * Define new constants for file type character codes from Dan Walsh. |
| * Improve bash completions from Dan Walsh. |
| * Convert semanage to argparse from Dan Walsh (originally by Dave Quigley). |
| * Add semanage tests from Dan Walsh. |
| * Split semanage man pages from Dan Walsh. |
| * Move bash completion scripts from Dan Walsh. |
| * Replace genhomedircon script with a link to semodule from Dan Walsh. |
| * Fix fixfiles from Dan Walsh. |
| * Add support for systemd service for restorecon from Dan Walsh. |
| * Spelling corrections from Dan Walsh. |
| * Improve sandbox support for home dir symlinks and file caps from Dan Walsh. |
| * Switch sandbox to openbox window manager from Dan Walsh. |
| * Coalesce audit2why and audit2allow from Dan Walsh. |
| * Change audit2allow to append to output file from Dan Walsh. |
| * Update translations from Dan Walsh. |
| * Change audit2why to use selinux_current_policy_path from Dan Walsh. |
| |
| 2.1.14 2013-02-01 |
| * setfiles: estimate percent progress |
| * load_policy: make link at the destination directory |
| * Rebuild polgen.glade with glade-3 |
| * sepolicy: new command to unite small utilities |
| * sepolicy: Update Makefiles and po files |
| * sandbox: use sepolicy to look for sandbox_t |
| * gui: switch to use sepolicy |
| * gui: sepolgen: use sepolicy to generate |
| * semanage: use sepolicy for boolean dictionary |
| * add po file configuration information |
| * po: stop running update-po on all |
| * semanage: seobject verify policy types before allowing you to assign them. |
| * gui: Start using Popen, instead of os.spawnl |
| * sandbox: Copy /var/tmp to /tmp as they are the same inside |
| * qualifier to shred content |
| * semanage: Fix handling of boolean_sub names when using the -F flag |
| * semanage: man: roles instead of role |
| * gui: system-config-selinux: Catch no DISPLAY= error |
| * setfiles: print error if no default label found |
| * semanage: list logins file entries in semanage login -l |
| * semanage: good error message is sepolgen python module missing |
| * gui: system-config-selinux: do not use lokkit |
| * secon: add support for setrans color information in prompt output |
| * restorecond: remove /etc/mtab from default list |
| * gui: If you are not able to read enforcemode set it to False |
| * genhomedircon: regenerate genhomedircon more often |
| * restorecond: Add /etc/udpatedb.conf to restorecond.conf |
| * genhomedircon generation to allow spec file to pass in SEMODULE_PATH |
| * fixfiles: relabel only after specific date |
| * po: update translations |
| * sandbox: seunshare: do not reassign realloc value |
| * seunshare: do checking on setfsuid |
| * sestatus: rewrite to shut up coverity |
| |
| 2.1.13 2012-09-13 |
| * genhomedircon: manual page improvements |
| * setfiles/restorecon minor improvements |
| * run_init: If open_init_pty is not available then just use exec |
| * newrole: do not drop capabilities when newrole is run as |
| * restorecon: only update type by default |
| * scripts: Don't syslog setfiles changes on a fixfiles restore |
| * setfiles: do not syslog if no changes |
| * Disable user restorecond by default |
| * Make restorecon return 0 when a file has changed context |
| * setfiles: Fix process_glob error handling |
| * semanage: allow enable/disable under -m |
| * add .tx to gitignore |
| * translations: commit translations from Fedora community |
| * po: silence build process |
| * gui: Checking in policy to support polgengui and sepolgen. |
| * gui: polgen: search for systemd subpackage when generating policy |
| * gui: for exploring booleans |
| * gui: system-config-selinux gui |
| * Add Makefiles to support new gui code |
| * gui: remove lockdown wizard |
| * return equivalency records in fcontext customized |
| * semanage: option to not load new policy into kernel after |
| * sandbox: manpage update to describe standard types |
| * setsebool: -N should not reload policy on changes |
| * semodule: Add -N qualifier to no reload kernel policy |
| * gui: polgen: sort selinux types of user controls |
| * gui: polgen: follow symlinks and get the real path to |
| * gui: Fix missing error function |
| * setfiles: return errors when bad paths are given |
| * fixfiles: tell restorecon to ignore missing paths |
| * setsebool: error when setting multiple options |
| * semanage: use boolean subs. |
| * sandbox: Make sure Xephyr never listens on tcp ports |
| * sepolgen: return and output constraint violation information |
| * semanage: skip comments while reading external configuration files |
| * restorecond: relabel all mount runtime files in the restorecond example |
| * genhomedircon: dynamically create genhomedircon |
| |
| 2.1.12 2012-06-28 |
| * restorecond: wrong options should exit with non-zero error code |
| * restorecond: Add -h option to get usage command |
| * resorecond: user: fix fd leak |
| * mcstrans: add -f to run in foreground |
| * semanage: fix man page range and level defaults |
| * semanage: bash completion for modules should include -a,-m, -d |
| * semanage: manpage update for -e |
| * semanage: dontaudit off should work |
| * semanage: locallist option does not take an argument |
| * sepolgen: Make use of setools optional within sepolgen |
| |
| 2.1.11 2012-03-28 |
| * sandbox: do not propogate inside mounts outside |
| * sandbox: Removing sandbox init script, should no longer be necessary |
| * restorecond: Stop using deprecated interfaces for g_io |
| * semanage: proper auditting of user changes for LSPP |
| * semanage: audit message to show what record(s) and item(s) have chaged |
| * scripts: Update Makefiles to handle /usrmove |
| * mcstrans: Version should have been bumped on last check in |
| * seunshare: Only drop caps not the Bounding Set from seunshare |
| * Add bash-completion scripts for setsebool and semanage |
| * newrole: Use correct capng calls in newrole |
| * Fix infinite loop with inotify on 2.6.31 kernels |
| * fix ftbfs with hardening flags |
| * Only run setfiles if we found read-write filesystems to run it on |
| * update .po files |
| * remove empty po files |
| * do not fail to install if unable to make load_policy lnk file |
| |
| 2.1.10 2011-12-21 |
| * Remove excess whitespace |
| * sandbox: Add back in . functions to sandbox.init script |
| * Fix Makefile to match other policycoreutils Makefiles |
| * semanage: drop unused translation getopt |
| |
| 2.1.9 2011-12-05 |
| * sandbox: move sandbox.conf.5 to just sandbox.5 |
| * po: Makefile use -p to preserve times to allow multilib simultatious installs |
| * of po files |
| * sandbox: Allow user to specify the DPI value for X in a sandbox |
| * sandbox: make sure the domain launching sandbox has at least 100 categories |
| * sandbox: do not try forever to find available category set |
| * sandbox: only complain if sandbox unable to launch |
| * sandbox: init script run twice is still successful |
| * semanage: print local and dristo equiv rules |
| * semanage: check file equivalence rules for conflict |
| * semanage: Make sure semanage fcontext -l -C prints even if local keys |
| * are not defined |
| * semanage: change src,dst to target,substitute for equivalency |
| * sestatus: Updated sestatus and man pages. |
| * Added SELinux config file man page. |
| * add clean target to man Makefile |
| |
| 2.1.8 2011-11-03 |
| * sandbox: Maintain the LANG environment into the sandbox |
| * audit2allow: use audit2why internally |
| * fixfiles: label /root but not /var/lib/BackupPC |
| * semanage: update local boolean settings is dealing with localstore |
| * semanage: missing modify=True |
| * semanage: set modified correctly |
| * restorecond: make restorecond dbuss-able |
| * restorecon: Always check return code on asprintf |
| * restorecond: make restorecond -u exit when terminal closes |
| * sandbox: introduce package name and language stuff |
| * semodule_package: remove semodule_unpackage on clean |
| * fix sandbox Makefile to support DESTDIR |
| * semanage: Add -o description to the semanage man page |
| * make use of the new realpath_not_final function |
| * setfiles: close /proc/mounts file when finished |
| * semodule: Document semodule -p in man page |
| * setfiles: fix use before initialized |
| * restorecond: Add .local/share as a directory to watch |
| |
| 2.1.7 2011-09-27 |
| * semanage: fix indentation error in seobject |
| |
| 2.1.6 2011-09-15 |
| * sepolgen-ifgen: new attr-helper does something |
| * audit2allow: use alternate policy file |
| * audit2allow: sepolgen-ifgen use the attr helper |
| * setfiles: switch from stat to stat64 |
| * setfiles: Fix potential crash using dereferenced ftsent |
| * setfiles: do not wrap * output at 80 characters |
| * sandbox: add -Wall and -Werror to makefile |
| * sandbox: add sandbox cgroup support |
| * sandbox: rewrite /tmp handling |
| * sandbox: do not bind mount so much |
| * sandbox: add level based kill option |
| * sandbox: cntrl-c should kill entire process control group |
| * Create a new preserve_tunables flag in sepol_handle_t. |
| * semanage: show running and disk setting for booleans |
| * semanage: Dont print heading if no items selected |
| * sepolgen: audit2allow is mistakakenly not allowing valid module names |
| * semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled |
| * More files to ignore |
| * tree: default make target to all not install |
| * sandbox: do not load unused generic init functions |
| |
| 2.1.5 2011-08-26 |
| * setfiles: Fix process_glob to handle error situations |
| * sandbox: Allow seunshare to run as root |
| * sandbox: trap sigterm to make sure sandbox |
| * sandbox: pass DPI from the desktop |
| * sandbox: seunshare: introduce helper spawn_command |
| * sandbox: seunshare: introduce new filesystem helpers |
| * sandbox: add -C option to not drop |
| * sandbox: split seunshare caps dropping |
| * sandbox: use dbus-launch |
| * sandbox: numerous simple updates to sandbox |
| * sandbox: do not require selinux context |
| * sandbox: Makefile: new man pages |
| * sandbox: rename dir to srcdir |
| * sandbox: allow users specify sandbox window size |
| * sandbox: check for paths up front |
| * sandbox: use defined values for paths rather |
| * sandbox: move seunshare globals to the top |
| * sandbox: whitespace fix |
| * semodule_package: Add semodule_unpackage executable |
| * setfiles: get rid of some stupid globals |
| * setfiles: move exclude_non_seclabel_mounts to a generic location |
| |
| 2.1.4 2011-08-17 |
| * run_init: clarification of the usage in the |
| * semanage: fix usage header around booleans |
| * semanage: remove useless empty lines |
| * semanage: update man page with new examples |
| * semanage: update usage text |
| * semanage: introduce file context equivalencies |
| * semanage: enable and disable modules |
| * semanage: output all local modifications |
| * semanage: introduce extraction of local configuration |
| * semanage: cleanup error on invalid operation |
| * semanage: handle being called with no arguments |
| * semanage: return sooner to save CPU time |
| * semanage: surround getopt with try/except |
| * semanage: use define/raise instead of lots of |
| * semanage: some options are only valid for |
| * semanage: introduce better deleteall support |
| * semanage: do not allow spaces in file |
| * semanage: distinguish between builtin and local permissive |
| * semanage: centralized ip node handling |
| * setfiles: make the restore function exclude() non-static |
| * setfiles: use glob to handle ~ and |
| * fixfiles: do not hard code types |
| * fixfiles: stop trying to be smart about |
| * fixfiles: use new kernel seclabel option |
| * fixfiles: pipe everything to cat before sending |
| * fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs |
| * semodule: support for alternative root paths |
| |
| 2.1.3 2011-08-03 |
| * semanage: fix indention |
| * semodule_package: fix man page typo |
| * semodule_expand: update man page with -a |
| * semanage: handle os errors |
| * semanage: fix traceback with bad options |
| * semanage: show usage on -h or --help |
| * semanage: introduce more deleteall options |
| * semanage: verify ports < 65536 |
| * transaction into semanageRecords |
| * make get_handle a method of semanageRecords |
| * remove a needless blank line |
| * make process_one error if not initialized correctly |
| * fixfiles: correct usage for r_opts.rootpath |
| * put -p in help for restorecon and |
| * fixfiles: do not try to only label |
| * fixfiles clean up /var/run and /var/lib/debug |
| * fixfiles delete tmp sockets and pipes rather |
| * fixfile use find -delete instead of pipe |
| * chcat man page typo |
| * add man page for genhomedircon |
| * setfiles fix typo |
| * setsebool should inform users they need to |
| * setsebool typos |
| * open_init_tty man page typos |
| * Don't add user site directory to sys.path |
| * newrole retain CAP_SETPCAP |
| |
| 2.1.2 2011-08-02 |
| * seunshare: define _GNU_SOURCE earlier |
| * make ignore_enoent do something |
| * restorecond: first user logged in is not noticed |
| * Repo: update .gitignore |
| |
| 2.1.1 2011-08-01 |
| * Man page updates |
| * restorecon fix for bad inotify assumptions |
| |
| 2.1.0 2011-07-27 |
| * Release, minor version bump |
| |
| 2.0.86 2011-04-11 |
| * Use correct color range in mcstrand by Richard Haines. |
| |
| 2.0.85 2010-12-20 |
| * Move newrole to use libcap-ng from Dan Walsh |
| |
| 2.0.84 2010-11-16 |
| * Add mcstrans support from Ted Toth with modifications from Steve Lawrence. |
| |
| 2.0.83 2010-06-10 |
| * Add sandbox support from Dan Walsh with modifications from Steve Lawrence. |
| |
| 2.0.82 2010-03-12 |
| * Add avc's since boot from Dan Walsh. |
| |
| 2.0.81 2010-03-12 |
| * Add dontaudit flag to audit2allow from Dan Walsh. |
| |
| 2.0.80 2010-03-06 |
| * Module enable/disable support from Dan Walsh. |
| |
| 2.0.79 2010-01-26 |
| * Fix double-free in newrole |
| |
| 2.0.78 2009-11-27 |
| * Remove non-working OUTFILE from fixfiles from Dan Walsh. |
| * Additional exception handling in chcat from Dan Walsh. |
| |
| 2.0.77 2009-11-19 |
| * Fixed bug preventing semanage node -a from working |
| from Chad Sellers |
| * Fixed bug preventing semanage fcontext -l from working |
| from Chad Sellers |
| |
| 2.0.76 2009-11-18 |
| * Remove setrans management from semanage, as it does not work |
| from Dan Walsh. |
| * Move load_policy from /usr/sbin to /sbin from Dan Walsh. |
| |
| 2.0.75 2009-11-02 |
| * Factor out restoring logic from setfiles.c into restore.c |
| |
| 2.0.74 2009-09-16 |
| * Change semodule upgrade behavior to install even if the module |
| is not present from Dan Walsh. |
| * Make setfiles label if selinux is disabled and a seclabel aware |
| kernel is running from Caleb Case. |
| * Clarify forkpty() error message in run_init from Manoj Srivastava. |
| |
| 2.0.73 2009-09-04 |
| * Add semanage dontaudit to turn off dontaudits from Dan Walsh. |
| * Fix semanage to set correct mode for setrans file from Dan Walsh. |
| * Fix malformed dictionary in portRecord from Dan Walsh. |
| |
| 2.0.72 2009-09-03 |
| * Restore symlink handling support to restorecon based on a patch by |
| Martin Orr. This fixes the restorecon /dev/stdin performed by Debian |
| udev scripts that was broken by policycoreutils 2.0.70. |
| |
| 2.0.71 2009-08-11 |
| * Modify setfiles/restorecon checking of exclude paths. Only check |
| user-supplied exclude paths (not automatically generated ones based on |
| lack of seclabel support), don't require them to be directories, and |
| ignore permission denied errors on them (it is ok to exclude a path to |
| which the caller lacks permission). |
| |
| 2.0.70 2009-08-04 |
| * Modify restorecon to only call realpath() on user-supplied pathnames |
| from Stephen Smalley. |
| |
| 2.0.69 2009-07-30 |
| * Fix typo in fixfiles that prevented it from relabeling btrfs |
| filesystems from Dan Walsh. |
| |
| 2.0.68 2009-07-24 |
| * Modify setfiles to exclude mounts without seclabel option in |
| /proc/mounts on kernels >= 2.6.30 from Thomas Liu. |
| |
| 2.0.67 2009-07-07 |
| * Re-enable disable_dontaudit rules upon semodule -B from Christopher |
| Pardy and Dan Walsh. |
| |
| 2.0.66 2009-07-07 |
| * setfiles converted to fts from Thomas Liu. |
| |
| 2.0.65 2009-06-24 |
| * Remove gui from po/Makefile and po/POTFILES and regenerate po files |
| |
| 2.0.64 2009-06-22 |
| * Keep setfiles from spamming console from Dan Walsh. |
| * Fix chcat's category expansion for users from Dan Walsh. |
| |
| 2.0.63 2009-05-15 |
| * Fix transaction checking from Dan Walsh. |
| * Make fixfiles -R (for rpm) recursive. |
| * Make semanage permissive clean up after itself from Dan Walsh. |
| * add /root/.ssh/* to restorecond.conf |
| |
| 2.0.62 2009-02-19 |
| * Add btrfs to fixfiles from Dan Walsh. |
| * Remove restorecond error for matching globs with multiple hard links |
| and fix some error messages from Dan Walsh. |
| * Make removing a non-existant module a warning rather than an error |
| from Dan Walsh. |
| * Man page fixes from Dan Walsh. |
| |
| 2.0.61 2009-01-12 |
| * chcat: cut categories at arbitrary point (25) from Dan Walsh |
| * semodule: use new interfaces in libsemanage for compressed files |
| from Dan Walsh |
| * audit2allow: string changes for usage |
| |
| 2.0.60 2008-11-12 |
| * semanage: use semanage_mls_enabled() from Stephen Smalley. |
| |
| 2.0.59 2008-11-11 |
| * fcontext add checked local records twice, fix from Dan Walsh. |
| |
| 2.0.58 2008-11-09 |
| * Allow local file context entries to override policy entries in |
| semanage from Dan Walsh. |
| * Newrole error message corrections from Dan Walsh. |
| * Add exception to audit2why call in audit2allow from Dan Walsh. |
| |
| 2.0.57 2008-09-18 |
| * Update po files from Dan Walsh. |
| |
| 2.0.56 2008-09-12 |
| * fixfiles will now remove all files in /tmp and will check for |
| unlabeled_t in /tmp and /var/tmp from Dan Walsh. |
| * add glob support to restorecond from Dan Walsh. |
| * allow semanage to handle multi-line commands in a single transaction |
| from Dan Walsh. |
| |
| 2.0.55 2008-08-26 |
| * Merged semanage node support from Christian Kuester. |
| |
| 2.0.54 2008-08-05 |
| * Add support for boolean files and group support for seusers from Dan Walsh. |
| * Ensure that setfiles -p output is newline terminated from Russell Coker. |
| |
| 2.0.53 2008-07-29 |
| * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley. |
| |
| 2.0.52 2008-07-02 |
| * Add permissive domain capability to semanage from Dan Walsh. |
| |
| 2.0.51 2008-06-28 |
| * Add onboot option to fixfiles from Dan Walsh. |
| * Change restorecon.init to not run on boot by default from Dan Walsh. |
| |
| 2.0.50 2008-06-30 |
| * Fix audit2allow generation of role-type rules from Karl MacMillan. |
| |
| 2.0.49 2008-05-16 |
| * Remove security_check_context calls for prefix validation from semanage. |
| |
| 2.0.48 2008-05-16 |
| * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified. |
| |
| 2.0.47 2008-04-18 |
| * Update semanage man page for booleans from Dan Walsh. |
| * Add further error checking to seobject.py for setting booleans. |
| |
| 2.0.46 2008-03-18 |
| * Update audit2allow to report dontaudit cases from Dan Walsh. |
| |
| 2.0.45 2008-03-18 |
| * Fix semanage port to use --proto from Caleb Case. |
| |
| 2.0.44 2008-02-22 |
| * Fixed semodule to correctly handle error when unable to create a handle. |
| |
| 2.0.43 2008-02-08 |
| * Merged fix fixfiles option processing from Vaclav Ovsik. |
| |
| 2.0.42 2008-02-02 |
| * Make semodule_expand use sepol_set_expand_consume_base to reduce |
| peak memory usage. |
| |
| 2.0.41 2008-01-28 |
| * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh. |
| |
| 2.0.40 2008-01-25 |
| * Merged a second fixfiles -C fix from Marshall Miller. |
| |
| 2.0.39 2008-01-24 |
| * Merged fixfiles -C fix from Marshall Miller. |
| |
| 2.0.38 2008-01-24 |
| * Merged audit2allow cleanups and boolean descriptions from Dan Walsh. |
| * Merged setfiles -0 support by Benny Amorsen via Dan Walsh. |
| * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh. |
| |
| 2.0.37 2008-01-23 |
| * Merged replacement for audit2why from Dan Walsh. |
| |
| 2.0.36 2008-01-23 |
| * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh. |
| |
| 2.0.35 2007-12-21 |
| * Merged support for non-interactive newrole command invocation from Tim Reed. |
| |
| 2.0.34 2007-12-14 |
| * Update Makefile to not build restorecond if |
| /usr/include/sys/inotify.h is not present |
| |
| 2.0.33 2007-12-07 |
| * Drop verbose output on fixfiles -C from Dan Walsh. |
| * Fix argument handling in fixfiles from Dan Walsh. |
| * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh. |
| |
| 2.0.32 2007-10-16 |
| * load_policy initial load option from Chad Sellers. |
| |
| 2.0.31 2007-10-15 |
| * Fix semodule option handling from Dan Walsh. |
| |
| 2.0.30 2007-10-11 |
| * Add deleteall support for ports and fcontexts in semanage from Dan Walsh. |
| |
| 2.0.29 2007-10-05 |
| * Add genhomedircon script to invoke semodule -Bn from Dan Walsh. |
| |
| 2.0.28 2007-10-05 |
| * Update semodule man page for -D from Dan Walsh. |
| * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh. |
| |
| 2.0.27 2007-09-19 |
| * Improve semodule reporting of system errors from Stephen Smalley. |
| |
| 2.0.26 2007-09-18 |
| * Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley. |
| |
| 2.0.25 2007-08-23 |
| * Remove genhomedircon script (functionality is now provided |
| within libsemanage) from Todd Miller. |
| |
| 2.0.24 2007-08-23 |
| * Fix genhomedircon searching for USER from Todd Miller |
| * Install run_init with mode 0755 from Dan Walsh. |
| * Fix chcat from Dan Walsh. |
| * Fix fixfiles pattern expansion and error reporting from Dan Walsh. |
| * Optimize genhomedircon to compile regexes once from Dan Walsh. |
| * Fix semanage gettext call from Dan Walsh. |
| |
| 2.0.23 2007-08-16 |
| * Disable dontaudits via semodule -D |
| |
| 2.0.22 2007-06-20 |
| * Rebase setfiles to use new labeling interface. |
| |
| 2.0.21 2007-06-13 |
| * Fixed setsebool (falling through to error path on success). |
| |
| 2.0.20 2007-06-05 |
| * Merged genhomedircon fixes from Dan Walsh. |
| * Merged setfiles -c usage fix from Dan Walsh. |
| * Merged restorecon fix from Yuichi Nakamura. |
| * Dropped -lsepol where no longer needed. |
| |
| 2.0.19 2007-05-11 |
| * Merge newrole support for alternate pam configs from Ted X Toth. |
| |
| 2.0.18 2007-05-11 |
| * Merged merging of restorecon into setfiles from Stephen Smalley. |
| |
| 2.0.17 2007-05-09 |
| * Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh. |
| |
| 2.0.16 2007-05-03 |
| * Merged support for modifying the prefix via semanage from Dan Walsh. |
| |
| 2.0.15 2007-04-26 |
| * Merged move of audit2why to /usr/bin from Dan Walsh. |
| |
| 2.0.14 2007-04-25 |
| * Build fix for setsebool. |
| |
| 2.0.13 2007-04-24 |
| * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley. |
| |
| 2.0.12 2007-04-24 |
| * Merged genhomedircon patch to use the __default__ setting from Dan Walsh. |
| |
| 2.0.11 2007-04-24 |
| * Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel. |
| |
| 2.0.10 2007-04-24 |
| * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh. |
| |
| 2.0.9 2007-04-12 |
| * Merged seobject setransRecords patch to return the first alias from Xavier Toth. |
| |
| 2.0.8 2007-04-10 |
| * Merged updates to sepolgen-ifgen from Karl MacMillan. |
| |
| 2.0.7 2007-03-01 |
| * Merged restorecond init script LSB compliance patch from Steve Grubb. |
| |
| 2.0.6 2007-02-22 |
| * Merged newrole O_NONBLOCK fix from Linda Knippers. |
| |
| 2.0.5 2007-02-22 |
| * Merged sepolgen and audit2allow patches to leave generated files |
| in the current directory from Karl MacMillan. |
| |
| 2.0.4 2007-02-22 |
| * Merged restorecond memory leak fix from Steve Grubb. |
| |
| 2.0.3 2007-02-21 |
| * Merged translations update from Dan Walsh. |
| * Merged chcat fixes from Dan Walsh. |
| * Merged man page fixes from Dan Walsh. |
| * Merged seobject prefix validity checking from Dan Walsh. |
| |
| 2.0.2 2007-02-20 |
| * Merged seobject exception handler fix from Caleb Case. |
| * Merged setfiles memory leak patch from Todd Miller. |
| |
| 2.0.1 2007-02-08 |
| * Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh. |
| |
| 2.0.0 2007-02-05 |
| * Merged new audit2allow from Karl MacMillan. |
| This audit2allow depends on the new sepolgen python module. |
| Note that you must run the sepolgen-ifgen tool to generate |
| the data needed by audit2allow to generate refpolicy. |
| |
| 1.34.1 2007-01-22 |
| * Fixed newrole non-pam build. |
| |
| 1.34.0 2007-01-18 |
| * Updated version for stable branch. |
| |
| 1.33.16 2007-01-18 |
| * Merged po file updates from Dan Walsh. |
| * Removed update-po from all target in po/Makefile. |
| |
| 1.33.15 2007-01-17 |
| * Merged unicode-to-string fix for seobject audit from Dan Walsh. |
| * Merged man page updates to make "apropos selinux" work from Dan Walsh. |
| |
| 1.33.14 2007-01-16 |
| * Merged newrole man page patch from Michael Thompson. |
| |
| 1.33.13 2007-01-16 |
| * Merged patch to fix python unicode problem from Dan Walsh. |
| |
| 1.33.12 2007-01-11 |
| * Merged newrole securetty check from Dan Walsh. |
| * Merged semodule patch to generalize list support from Karl MacMillan. |
| |
| 1.33.11 2007-01-09 |
| * Merged fixfiles and seobject fixes from Dan Walsh. |
| * Merged semodule support for list of modules after -i from Karl MacMillan. |
| |
| 1.33.10 2007-01-08 |
| * Merged patch to correctly handle a failure during semanage handle |
| creation from Karl MacMillan. |
| |
| 1.33.9 2007-01-05 |
| * Merged patch to fix seobject role modification from Dan Walsh. |
| |
| 1.33.8 2007-01-04 |
| * Merged patches from Dan Walsh to: |
| - omit the optional name from audit2allow |
| - use the installed python version in the Makefiles |
| - re-open the tty with O_RDWR in newrole |
| |
| 1.33.7 2007-01-03 |
| * Patch from Dan Walsh to correctly suppress warnings in load_policy. |
| |
| 1.33.6 2006-11-29 |
| * Patch from Dan Walsh to add an pam_acct_msg call to run_init |
| * Patch from Dan Walsh to fix error code returns in newrole |
| * Patch from Dan Walsh to remove verbose flag from semanage man page |
| * Patch from Dan Walsh to make audit2allow use refpolicy Makefile |
| in /usr/share/selinux/<SELINUXTYPE> |
| |
| 1.33.5 2006-11-27 |
| * Merged patch from Michael C Thompson to clean up genhomedircon |
| error handling. |
| 1.33.4 2006-11-21 |
| * Merged po file updates from Dan Walsh. |
| |
| 1.33.3 2006-11-21 |
| * Merged setsebool patch from Karl MacMillan. |
| This fixes a bug reported by Yuichi Nakamura with |
| always setting booleans persistently on an unmanaged system. |
| |
| 1.33.2 2006-11-20 |
| * Merged patch from Dan Walsh (via Karl MacMillan): |
| * Added newrole audit message on login failure |
| * Add /var/log/wtmp to restorecond.conf watch list |
| * Fix genhomedircon, semanage, semodule_expand man pages. |
| |
| 1.33.1 2006-11-13 |
| * Merged newrole patch set from Michael Thompson. |
| |
| 1.32 2006-10-17 |
| * Updated version for release. |
| |
| 1.30.31 2006-10-17 |
| * Merged audit2allow -l fix from Yuichi Nakamura. |
| * Merged restorecon -i and -o - support from Karl MacMillan. |
| * Merged semanage/seobject fix from Dan Walsh. |
| * Merged fixfiles -R and verify changes from Dan Walsh. |
| |
| 1.30.30 2006-09-29 |
| * Merged newrole auditing of failures due to user actions from |
| Michael Thompson. |
| |
| 1.30.29 2006-09-13 |
| * Man page corrections from Dan Walsh |
| * Change all python invocations to /usr/bin/python -E |
| * Add missing getopt flags to genhomedircon |
| |
| 1.30.28 2006-09-01 |
| * Merged fix for restorecon // handling from Erich Schubert. |
| * Merged translations update and fixfiles fix from Dan Walsh. |
| |
| 1.30.27 2006-08-24 |
| * Merged fix for restorecon symlink handling from Erich Schubert. |
| |
| 1.30.26 2006-08-11 |
| * Merged semanage local file contexts patch from Chris PeBenito. |
| |
| 1.30.25 2006-08-03 |
| * Merged patch from Dan Walsh with: |
| * audit2allow: process MAC_POLICY_LOAD events |
| * newrole: run shell with - prefix to start a login shell |
| * po: po file updates |
| * restorecond: bail if SELinux not enabled |
| * fixfiles: omit -q |
| * genhomedircon: fix exit code if non-root |
| * semodule_deps: install man page |
| |
| 1.30.24 2006-08-03 |
| * Merged secon Makefile fix from Joshua Brindle. |
| |
| 1.30.23 2006-08-03 |
| * Merged netfilter contexts support patch from Chris PeBenito. |
| |
| 1.30.22 2006-07-28 |
| * Merged restorecond size_t fix from Joshua Brindle. |
| |
| 1.30.21 2006-07-28 |
| * Merged secon keycreate patch from Michael LeMay. |
| |
| 1.30.20 2006-07-26 |
| * Merged restorecond fixes from Dan Walsh. |
| Merged updated po files from Dan Walsh. |
| |
| 1.30.19 2006-07-26 |
| * Merged python gettext patch from Stephen Bennett. |
| |
| 1.30.18 2006-07-25 |
| * Merged semodule_deps from Karl MacMillan. |
| |
| 1.30.17 2006-06-29 |
| * Lindent. |
| |
| 1.30.16 2006-06-26 |
| * Merged patch from Dan Walsh with: |
| * -p option (progress) for setfiles and restorecon. |
| * disable context translation for setfiles and restorecon. |
| * on/off values for setsebool. |
| |
| 1.30.15 2006-06-26 |
| * Merged setfiles and semodule_link fixes from Joshua Brindle. |
| |
| 1.30.14 2006-06-16 |
| * Merged fix for setsebool error path from Serge Hallyn. |
| |
| 1.30.13 2006-06-16 |
| * Merged patch from Dan Walsh with: |
| * Updated po files. |
| * Fixes for genhomedircon and seobject. |
| * Audit message for mass relabel by setfiles. |
| |
| 1.30.12 2006-06-02 |
| * Updated fixfiles script for new setfiles location in /sbin. |
| |
| 1.30.11 2006-05-26 |
| * Merged more translations from Dan Walsh. |
| * Merged patch to relocate setfiles to /sbin for early relabel |
| when /usr might not be mounted from Dan Walsh. |
| * Merged semanage/seobject patch to preserve fcontext ordering in list. |
| * Merged secon patch from James Antill. |
| |
| 1.30.10 2006-05-22 |
| * Merged patch with updates to audit2allow, secon, genhomedircon, |
| and semanage from Dan Walsh. |
| |
| 1.30.9 2006-05-08 |
| * Fixed audit2allow and po Makefiles for DESTDIR= builds. |
| * Merged .po file patch from Dan Walsh. |
| * Merged bug fix for genhomedircon. |
| |
| 1.30.8 2006-05-08 |
| * Merged patch from Dan Walsh. |
| This includes audit2allow changes for analysis plugins, |
| internationalization support for several additional programs |
| and added po files, some fixes for semanage, and several cleanups. |
| It also adds a new secon utility. |
| |
| 1.30.7 2006-05-05 |
| * Merged fix warnings patch from Karl MacMillan. |
| |
| 1.30.6 2006-04-14 |
| * Merged semanage prefix support from Russell Coker. |
| |
| 1.30.5 2006-04-11 |
| * Added a test to setfiles to check that the spec file is |
| a regular file. |
| |
| 1.30.4 2006-03-29 |
| * Merged audit2allow fixes for refpolicy from Dan Walsh. |
| * Merged fixfiles patch from Dan Walsh. |
| * Merged restorecond daemon from Dan Walsh. |
| |
| 1.30.3 2006-03-29 |
| * Merged semanage non-MLS fixes from Chris PeBenito. |
| |
| 1.30.2 2006-03-29 |
| * Merged semanage and semodule man page examples from Thomas Bleher. |
| |
| 1.30.1 2006-03-20 |
| * Merged semanage labeling prefix patch from Ivan Gyurdiev. |
| |
| 1.30 2006-03-14 |
| * Updated version for release. |
| |
| 1.29.28 2006-03-13 |
| * Merged German translations (de.po) by Debian translation team from Manoj Srivastava. |
| |
| 1.29.27 2006-03-08 |
| * Merged audit2allow -R support, chcat fix, semanage MLS checks |
| and semanage audit calls from Dan Walsh. |
| |
| 1.29.26 2006-02-15 |
| * Merged semanage bug fix patch from Ivan Gyurdiev. |
| |
| 1.29.25 2006-02-14 |
| * Merged improve bindings patch from Ivan Gyurdiev. |
| |
| 1.29.24 2006-02-14 |
| * Merged semanage usage patch from Ivan Gyurdiev. |
| * Merged use PyList patch from Ivan Gyurdiev. |
| |
| 1.29.23 2006-02-13 |
| * Merged newrole -V/--version support from Glauber de Oliveira Costa. |
| |
| 1.29.22 2006-02-13 |
| * Merged genhomedircon prefix patch from Dan Walsh. |
| |
| 1.29.21 2006-02-13 |
| * Merged optionals in base patch from Joshua Brindle. |
| |
| 1.29.20 2006-02-07 |
| * Merged seuser/user_extra support patch to semodule_package |
| from Joshua Brindle. |
| |
| 1.29.19 2006-02-06 |
| * Merged getopt type fix for semodule_link/expand and sestatus |
| from Chris PeBenito. |
| |
| 1.29.18 2006-02-02 |
| * Merged clone record on set_con patch from Ivan Gyurdiev. |
| |
| 1.29.17 2006-01-30 |
| * Merged genhomedircon fix from Dan Walsh. |
| |
| 1.29.16 2006-01-30 |
| * Merged seusers.system patch from Ivan Gyurdiev. |
| * Merged improve port/fcontext API patch from Ivan Gyurdiev. |
| * Merged genhomedircon patch from Dan Walsh. |
| |
| 1.29.15 2006-01-27 |
| * Merged newrole audit patch from Steve Grubb. |
| |
| 1.29.14 2006-01-27 |
| * Merged seuser -> seuser local rename patch from Ivan Gyurdiev. |
| |
| 1.29.13 2006-01-27 |
| * Merged semanage and semodule access check patches from Joshua Brindle. |
| |
| 1.29.12 2006-01-26 |
| * Merged restorecon, chcat, and semanage patches from Dan Walsh. |
| |
| 1.29.11 2006-01-25 |
| * Modified newrole and run_init to use the loginuid when |
| supported to obtain the Linux user identity to re-authenticate, |
| and to fall back to real uid. Dropped the use of the SELinux |
| user identity, as Linux users are now mapped to SELinux users |
| via seusers and the SELinux user identity space is separate. |
| |
| 1.29.10 2006-01-20 |
| * Merged semanage bug fixes from Ivan Gyurdiev. |
| * Merged semanage fixes from Russell Coker. |
| * Merged chcat.8 and genhomedircon patches from Dan Walsh. |
| |
| 1.29.9 2006-01-19 |
| * Merged chcat, semanage, and setsebool patches from Dan Walsh. |
| |
| 1.29.8 2006-01-18 |
| * Merged semanage fixes from Ivan Gyurdiev. |
| * Merged semanage fixes from Russell Coker. |
| * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh. |
| |
| 1.29.7 2006-01-13 |
| * Merged newrole cleanup patch from Steve Grubb. |
| * Merged setfiles/restorecon performance patch from Russell Coker. |
| * Merged genhomedircon and semanage patches from Dan Walsh. |
| |
| 1.29.6 2006-01-12 |
| * Merged remove add_local/set_local patch from Ivan Gyurdiev. |
| |
| 1.29.5 2006-01-05 |
| * Added filename to semodule error reporting. |
| |
| 1.29.4 2006-01-05 |
| * Merged genhomedircon and semanage patch from Dan Walsh. |
| * Changed semodule error reporting to include argv[0]. |
| |
| 1.29.3 2006-01-04 |
| * Merged semanage getpwnam bug fix from Serge Hallyn (IBM). |
| * Merged patch series from Ivan Gyurdiev. |
| This includes patches to: |
| - cleanup setsebool |
| - update setsebool to apply active booleans through libsemanage |
| - update semodule to use the new semanage_set_rebuild() interface |
| - fix various bugs in semanage |
| * Merged patch from Dan Walsh (Red Hat). |
| This includes fixes for restorecon, chcat, fixfiles, genhomedircon, |
| and semanage. |
| |
| 1.29.2 2005-12-14 |
| * Merged patch for chcat script from Dan Walsh. |
| |
| 1.29.1 2005-12-08 |
| * Merged fix for audit2allow long option list from Dan Walsh. |
| * Merged -r option for restorecon (alias for -R) from Dan Walsh. |
| * Merged chcat script and man page from Dan Walsh. |
| |
| 1.28 2005-12-07 |
| * Updated version for release. |
| |
| 1.27.37 2005-12-07 |
| * Clarified the genhomedircon warning message. |
| |
| 1.27.36 2005-12-05 |
| * Changed genhomedircon to warn on use of ROLE in homedir_template |
| if using managed policy, as libsemanage does not yet support it. |
| |
| 1.27.35 2005-12-02 |
| * Merged genhomedircon bug fix from Dan Walsh. |
| |
| 1.27.34 2005-12-02 |
| * Revised semodule* man pages to refer to checkmodule and |
| to include example sections. |
| |
| 1.27.33 2005-12-01 |
| * Merged audit2allow --tefile and --fcfile support from Dan Walsh. |
| * Merged genhomedircon fix from Dan Walsh. |
| * Merged semodule* man pages from Dan Walsh, and edited them. |
| |
| 1.27.32 2005-12-01 |
| * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to |
| retain validation/canonicalization of contexts during init. |
| |
| 1.27.31 2005-11-29 |
| * Changed genhomedircon to always use user_r for the role in the |
| managed case since user_get_defrole is broken. |
| |
| 1.27.30 2005-11-29 |
| * Merged sestatus, audit2allow, and semanage patch from Dan Walsh. |
| * Fixed semodule -v option. |
| |
| 1.27.29 2005-11-28 |
| * Merged audit2allow python script from Dan Walsh. |
| (old script moved to audit2allow.perl, will be removed later). |
| * Merged genhomedircon fixes from Dan Walsh. |
| * Merged semodule quieting patch from Dan Walsh |
| (inverts default, use -v to restore original behavior). |
| |
| 1.27.28 2005-11-15 |
| * Merged genhomedircon rewrite from Dan Walsh. |
| |
| 1.27.27 2005-11-09 |
| * Merged setsebool cleanup patch from Ivan Gyurdiev. |
| |
| 1.27.26 2005-11-09 |
| * Added -B (--build) option to semodule to force a rebuild. |
| |
| 1.27.25 2005-11-08 |
| * Reverted setsebool patch to call semanage_set_reload_bools(). |
| * Changed setsebool to disable policy reload and to call |
| security_set_boolean_list to update the runtime booleans. |
| |
| 1.27.24 2005-11-08 |
| * Changed setfiles -c to use new flag to set_matchpathcon_flags() |
| to disable context translation by matchpathcon_init(). |
| |
| 1.27.23 2005-11-07 |
| * Changed setfiles for the context canonicalization support. |
| |
| 1.27.22 2005-11-07 |
| * Changed setsebool to call semanage_is_managed() interface |
| and fall back to security_set_boolean_list() if policy is |
| not managed. |
| |
| 1.27.21 2005-11-07 |
| * Merged setsebool memory leak fix from Ivan Gyurdiev. |
| * Merged setsebool patch to call semanage_set_reload_bools() |
| interface from Ivan Gyurdiev. |
| |
| 1.27.20 2005-11-04 |
| * Merged setsebool patch from Ivan Gyurdiev. |
| This moves setsebool from libselinux/utils to policycoreutils, |
| and rewrites it to use libsemanage for permanent boolean changes. |
| |
| 1.27.19 2005-10-25 |
| * Merged semodule support for reload, noreload, and store options |
| from Joshua Brindle. |
| * Merged semodule_package rewrite from Joshua Brindle. |
| |
| 1.27.18 2005-10-20 |
| * Cleaned up usage and error messages and releasing of memory by |
| semodule_* utilities. |
| |
| 1.27.17 2005-10-20 |
| * Corrected error reporting by semodule. |
| |
| 1.27.16 2005-10-19 |
| * Updated semodule_expand for change to sepol interface. |
| |
| 1.27.15 2005-10-19 |
| * Merged fixes for make DESTDIR= builds from Joshua Brindle. |
| |
| 1.27.14 2005-10-18 |
| * Updated semodule_package for sepol interface changes. |
| |
| 1.27.13 2005-10-17 |
| * Updated semodule_expand/link for sepol interface changes. |
| |
| 1.27.12 2005-10-14 |
| * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood. |
| |
| 1.27.11 2005-10-13 |
| * Updated semodule_expand to use get interfaces for hidden sepol_module_package type. |
| |
| 1.27.10 2005-10-13 |
| * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat). |
| |
| 1.27.9 2005-10-13 |
| * Merged fixfiles patch from Dan Walsh (Red Hat). |
| |
| 1.27.8 2005-10-13 |
| * Updated semodule for removal of semanage_strerror. |
| |
| 1.27.7 2005-10-11 |
| * Updated semodule_link and semodule_expand to use shared libsepol. |
| Fixed audit2why to call policydb_init prior to policydb_read (still |
| uses the static libsepol). |
| |
| 1.27.6 2005-10-07 |
| * Updated for changes to libsepol. |
| Changed semodule and semodule_package to use the shared libsepol. |
| Disabled build of semodule_link and semodule_expand for now. |
| Updated audit2why for relocated policydb internal headers, |
| still needs to be converted to a shared lib interface. |
| |
| 1.27.5 2005-10-06 |
| * Fixed warnings in load_policy. |
| |
| 1.27.4 2005-10-06 |
| * Rewrote load_policy to use the new selinux_mkload_policy() |
| interface provided by libselinux. |
| |
| 1.27.3 2005-09-28 |
| * Merged patch to update semodule to the new libsemanage API |
| and improve the user interface from Karl MacMillan (Tresys). |
| * Modified semodule for the create/connect API split. |
| |
| 1.27.2 2005-09-20 |
| * Merged run_init open_init_pty bug fix from Manoj Srivastava |
| (unblock SIGCHLD). Bug reported by Erich Schubert. |
| |
| 1.27.1 2005-09-20 |
| * Merged error shadowing bug fix for restorecon from Dan Walsh. |
| * Merged setfiles usage/man page update for -r option from Dan Walsh. |
| * Merged fixfiles -C patch to ignore :s0 addition on update |
| to a MCS/MLS policy from Dan Walsh. |
| |
| 1.26 2005-09-06 |
| * Updated version for release. |
| |
| 1.25.9 2005-08-31 |
| * Changed setfiles -c to translate the context to raw format |
| prior to calling libsepol. |
| |
| 1.25.8 2005-08-31 |
| * Changed semodule to report errors even without -v, |
| to detect extraneous arguments, and corrected usage message. |
| |
| 1.25.7 2005-08-25 |
| * Merged patch for fixfiles -C from Dan Walsh. |
| |
| 1.25.6 2005-08-22 |
| * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM). |
| Bugs found by Coverity. |
| |
| 1.25.5 2005-08-02 |
| * Merged patch to move module read/write code from libsemanage |
| to libsepol from Jason Tang (Tresys). |
| |
| 1.25.4 2005-07-27 |
| * Changed semodule* to link with libsemanage. |
| |
| 1.25.3 2005-07-26 |
| * Merged restorecon patch from Ivan Gyurdiev. |
| |
| 1.25.2 2005-07-11 |
| * Merged load_policy, newrole, and genhomedircon patches from Red Hat. |
| |
| 1.25.1 2005-07-06 |
| * Merged loadable module support from Tresys Technology. |
| |
| 1.24 2005-06-20 |
| * Updated version for release. |
| |
| 1.23.11 2005-05-19 |
| * Merged fixfiles and newrole patch from Dan Walsh. |
| * Merged audit2why man page from Dan Walsh. |
| |
| 1.23.10 2005-05-16 |
| * Extended audit2why to incorporate booleans and local user |
| settings when analyzing audit messages. |
| |
| 1.23.9 2005-05-13 |
| * Updated audit2why for sepol_ prefixes on Flask types to |
| avoid namespace collision with libselinux, and to |
| include <selinux/selinux.h> now. |
| |
| 1.23.8 2005-05-13 |
| * Added audit2why utility. |
| |
| 1.23.7 2005-04-29 |
| * Merged patch for fixfiles from Dan Walsh. |
| Allow passing -F to force reset of customizable contexts. |
| |
| 1.23.6 2005-04-13 |
| * Fixed signed/unsigned pointer bug in load_policy. |
| * Reverted context validation patch for genhomedircon. |
| |
| 1.23.5 2005-04-12 |
| * Reverted load_policy is_selinux_enabled patch from Dan Walsh. |
| Otherwise, an initial policy load cannot be performed using |
| load_policy, e.g. for anaconda. |
| |
| 1.23.4 2005-04-08 |
| * Merged load_policy is_selinux_enabled patch from Dan Walsh. |
| * Merged restorecon verbose output patch from Dan Walsh. |
| * Merged setfiles altroot patch from Chris PeBenito. |
| |
| 1.23.3 2005-03-17 |
| * Merged context validation patch for genhomedircon from Eric Paris. |
| |
| 1.23.2 2005-03-16 |
| * Changed setfiles -c to call set_matchpathcon_flags(3) to |
| turn off processing of .homedirs and .local. |
| |
| 1.23.1 2005-03-14 |
| * Merged rewrite of genhomedircon by Eric Paris. |
| * Changed fixfiles to relabel jfs since it now supports security xattrs |
| (as of 2.6.11). Removed reiserfs until 2.6.12 is released with |
| fixed support for reiserfs and selinux. |
| |
| 1.22 2005-03-09 |
| * Updated version for release. |
| |
| 1.21.22 2005-03-07 |
| * Merged restorecon and genhomedircon patch from Dan Walsh. |
| |
| 1.21.21 2005-02-28 |
| * Merged load_policy and genhomedircon patch from Dan Walsh. |
| |
| 1.21.20 2005-02-24 |
| * Merged fixfiles and genhomedircon patch from Dan Walsh. |
| |
| 1.21.19 2005-02-22 |
| * Merged several fixes from Ulrich Drepper. |
| |
| 1.21.18 2005-02-18 |
| * Changed load_policy to fall back to the original policy upon |
| an error from sepol_genusers(). |
| |
| 1.21.17 2005-02-17 |
| * Merged new genhomedircon script from Dan Walsh. |
| |
| 1.21.16 2005-02-17 |
| * Changed load_policy to call sepol_genusers(). |
| |
| 1.21.15 2005-02-09 |
| * Changed relabel Makefile target to use restorecon. |
| |
| 1.21.14 2005-02-08 |
| * Merged restorecon patch from Dan Walsh. |
| |
| 1.21.13 2005-02-07 |
| * Merged sestatus patch from Dan Walsh. |
| * Merged further change to fixfiles -C from Dan Walsh. |
| |
| 1.21.12 2005-02-02 |
| * Merged further patches for restorecon/setfiles -e and fixfiles -C. |
| |
| 1.21.11 2005-02-02 |
| * Merged patch for fixfiles -C option from Dan Walsh. |
| * Merged patch -e support for restorecon from Dan Walsh. |
| * Merged updated -e support for setfiles from Dan Walsh. |
| |
| 1.21.10 2005-01-31 |
| * Merged patch for open_init_pty from Manoj Srivastava. |
| |
| 1.21.9 2005-01-28 |
| * Merged updated fixfiles script from Dan Walsh. |
| * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped. |
| * Reverted fixfiles patch for file_contexts.local; |
| obsoleted by setfiles rewrite. |
| * Merged error handling patch for restorecon from Dan Walsh. |
| * Merged semi raw mode for open_init_pty helper from Manoj Srivastava. |
| |
| 1.21.8 2005-01-28 |
| * Rewrote setfiles to use matchpathcon and the new interfaces |
| exported by libselinux (>= 1.21.5). |
| |
| 1.21.7 2005-01-27 |
| * Prevent overflow of spec array in setfiles. |
| |
| 1.21.6 2005-01-27 |
| * Merged genhomedircon STARTING_UID bug fix from Dan Walsh. |
| |
| 1.21.5 2005-01-26 |
| * Merged newrole -l support from Darrel Goeddel (TCS). |
| |
| 1.21.4 2005-01-25 |
| * Merged fixfiles patch for file_contexts.local from Dan Walsh. |
| |
| 1.21.3 2005-01-21 |
| * Fixed restorecon to not treat errors from is_context_customizable() |
| as a customizable context. |
| * Merged setfiles/restorecon patch to not reset user field unless |
| -F option is specified from Dan Walsh. |
| |
| 1.21.2 2005-01-21 |
| * Merged open_init_pty helper for run_init from Manoj Srivastava. |
| * Merged audit2allow and genhomedircon man pages from Manoj Srivastava. |
| |
| 1.21.1 2005-01-19 |
| * Merged customizable contexts patch for restorecon/setfiles from Dan Walsh. |
| |
| 1.20 2005-01-06 |
| * Merged fixfiles rewrite from Dan Walsh. |
| * Merged restorecon patch from Dan Walsh. |
| * Merged fixfiles and restorecon patches from Dan Walsh. |
| * Changed restorecon to ignore ENOENT errors from matchpathcon. |
| * Merged nonls patch from Chris PeBenito. |
| * Removed fixfiles.cron. |
| * Merged run_init.8 patch from Dan Walsh. |
| |
| 1.18 2004-11-01 |
| * Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh. |
| * Merged sestatus patch from Steve Grubb. |
| * Merged fixfiles patch from Dan Walsh. |
| * Added -l option to setfiles to log changes via syslog. |
| * Merged -e option to setfiles to exclude directories. |
| * Merged -R option to restorecon for recursive descent. |
| * Merged sestatus patch from Steve Grubb via Dan Walsh. |
| * Merged load_policy and fixfiles.cron patches from Dan Walsh. |
| * Merged fix for setfiles context validation patch from Colin Walters. |
| * Merged setfiles context validation patch from Colin Walters. |
| * Merged genhomedircon patch from Russell Coker. |
| * Merged restorecon patch from Russell Coker. |
| |
| 1.16 2004-08-13 |
| * Merged audit2allow fix from Tom London. |
| * Merged load_policy man page from Dan Walsh. |
| * Merged newrole bug fix from Chad Hanson. |
| * Changed load_policy to preserve booleans by default. |
| * Changed load_policy to invoke sepol_genbools() instead. |
| * Changed load_policy to also invoke security_load_booleans(). |
| * Merged genhomedircon fixes from Dan Walsh. |
| * Changed restorecon to use realpath. |
| * Merged fixfiles patch from Dan Walsh. |
| * Merged genhomedircon patch from Russell Coker and Dan Walsh. |
| * Merged fixfiles patch and fixfiles.cron script from Dan Walsh. |
| * Merged stat fix for setfiles -s from Russell Coker. |
| |
| 1.14 2004-06-25 |
| * Merged fix for fixfiles. |
| * Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh. |
| * Merged updated genhomedircon script from Russell Coker. |
| * Merged run_init patch to find initrc_context from Dan Walsh. |
| * Merged fixfiles patch for /etc/selinux from Dan Walsh. |
| * Merged restorecon patch from Dan Walsh. |
| * Merged fixfiles patch from Dan Walsh. |
| |
| 1.12 2004-05-10 |
| * Merged newrole patch from Colin Walters. |
| * Merged fixfiles from Dan Walsh. |
| |
| 1.10 2004-04-05 |
| * Changed setfiles to not abort upon lsetfilecon failures. |
| * Merged sestatus from Chris PeBenito. |
| * Merged fixes for restorecon. |
| * Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie. |
| * Merged restorecon patch from Dan Walsh. |
| * Revert add_assoc change from setfiles. |
| * Moved restorecon to /sbin. |
| * Disable add_assoc in setfiles by default, use -a to enable. |
| * Merged genhomedircon patch from Dan Walsh. |
| * Merged restorecon patch from Dan Walsh. |
| * Merged setfiles buffer size change from Dan Walsh. |
| * Merged genhomedircon fix from Karl MacMillan of Tresys. |
| This generates separate lines for each prefix. |
| |
| 1.8 2004-03-09 |
| * Merged genhomedircon patch from Karl MacMillan of Tresys. |
| * Removed checkcon script (obsoleted by restorecon -nv). |
| * Replaced restorecon script with C program from Dan Walsh. |
| Uses the new matchpathcon function from libselinux. |
| |
| 1.6 2004-02-18 |
| * Fixed setfiles sorting problem reported by Colin Walters. |
| * Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker. |
| * Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh. |
| * Quiet warning about duplicate same specifications if -q is used. |
| * Fixed usage message of audit2allow. |
| |
| 1.4 2003-12-01 |
| * Merged patch from Russell Coker. |
| * Added audit2allow (formerly newrules.pl from policy). |
| * Dropped -lattr from Makefiles. |
| * Merged setfiles check type first patch by Russell Coker. |
| |
| 1.2 2003-09-30 |
| * Merged run_init close file patch from Chris PeBenito. |
| * Merged setfiles stem compression patch by Russell Coker. |
| * Merged setfiles usage/getopt/err patch by Russell Coker. |
| * Merged setfiles altroot patch by Hardened Gentoo team. |
| * Merged i18n patch by Dan Walsh. |
| * Changed Makefiles to allow non-root rpm builds. |
| |
| 1.1 2003-08-13 |
| * Dropped obsolete psid code from setfiles. |
| |
| 1.0 2003-07-11 |
| * Initial public release. |
| |
