* Change the location of _selinux.so, from Petr Lautrbach. * Clarify is_selinux_mls_enabled() description, from David King. * Explain how to free policy type from selinux_getpolicytype(), from David King. * Compare absolute pathname in matchpathcon -V, from Petr Lautrbach. * Add selinux_snapperd_contexts_path(), from Petr Lautrbach. * Modify audit2why analyze function to use loaded policy, from Joshua Brindle. * Sort object files for deterministic linking order, from Laurent Bigonville. * Respect CC and PKG_CONFIG environment variable, from Julien Pivotto. * Avoid mounting /proc outside of selinux_init_load_policy(), from Stephen Smalley. * Fix multiple spelling errors, from Laurent Bigonville. * Fix typo in sefcontext_compile.8, from Petr Lautrbach and Milos Malik * Fix location of selinuxfs mount point, from Dan Walsh. * Only mount /proc if necessary, from Stephen Smalley. * procattr: return einval for <= 0 pid args, from Daniel Cashman. * procattr: return error on invalid pid_t input, from Daniel Cashman. 2.5 2016-02-23 * selinux_restorecon.3 man page corrections, from Richard Haines. * Add selinux_restorecon function, from Richard Haines. * read_spec_entry: fail on non-ascii, from William Roberts. * Add man information about thread specific functions, from Dan Waslh. * Don't wrap rpm_execcon with DISABLE_RPM with SWIG, from Petr Lautrbach. * Correct line count for property and service context files, from Richard Haines. * Man page warning fixes, from Ville Skyttä. * label_file: fix memory leaks and uninitialized jump, from William Roberts. * Replace selabel_digest hash function, from Richard Haines. * Fix selabel_open(3) services if no digest requested, from Richard Haines. * Add selabel_digest function, from Richard Haines. * Fix parallel build with swig python, from Jason Zaman. * Flush the class/perm string mapping cache on policy reload, from Stephen Smalley. * Fix restorecon when path has no context, from Nir Soffer. * Free memory when processing media and x specfiles, from Richard Haines. * Fix mmap memory release for file labeling, from Richard Haines. * Add explicit dependency for pywrap on selinux.py, from Wenzong Fan. * Add policy context validation to sefcontext_compile, from Richard Haines. * Do not treat an empty file_contexts(.local) as an error, from Stephen Smalley. * Fail hard on invalid property_contexts entries, from Stephen Smalley. * Fail hard on invalid file_contexts entries, from Stephen Smalley. * Support context validation on file_contexts.bin, from Stephen Smalley. * Test for file_contexts.bin format by magic number, from Stephen Smalley. * Add selabel_cmp interface and label_file backend, from Stephen Smalley. * Support specifying file_contexts.bin file path, from Stephen Smalley. * Support file_contexts.bin without file_contexts, from Stephen Smalley. * Simplify procattr cache, from Stephen Smalley. * Use /proc/thread-self when available, from Stephen Smalley. * Add const to selinux_opt for label backends, from Richard Haines. * Fix binary file labels for regexes with metachars, from Richard Haines. * Fix file labels for regexes with metachars, from Jeff Vander Stoep. * Fix if file_contexts not '\n' terminated, from Richard Haines. * Enhance file context support, from Richard Haines. * Fix property processing and cleanup formatting, from Richard Haines. * Add read_spec_entries function to replace sscanf, from Richard Haines. * Support consistent mode size for bin files, from Richard Haines. * Expunge remaining references to flask.h and av_permissions.h, from Stephen Smalley. * Fix more bin file processing core dumps, from Richard Haines. * add selinux_openssh_contexts_path(), from Petr Lautrbach. * setrans_client: minimize overhead when mcstransd is not present, from Stephen Smalley. * Ensure selabel_lookup_best_match links NULL terminated, from Richard Haines. * is_selinux_enabled: Add /etc/selinux/config test, from Stephen Smalley. * matchpathcon/selabel_file: Fix man pages, from Stephen Smalley. * Fix core dumps with corrupt *.bin files, from Richard Haines. * Add selabel partial and best match APIs, from Richard Haines. * Use os.walk() instead of the deprecated os.path.walk(), from Petr Lautrbach & Miro Hrončok * is_selinux_enabled(): drop no-policy-loaded test, from Stephen Smalley. * Remove deprecated mudflap option, from Stephen Smalley. * Mount procfs before checking /proc/filesystems, from Ben Shelton. * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. * label_file: handle newlines in file names, from Nick Kralevich. * getcon.3: Fix setcon description, from Stephen Smalley. * Fix audit2why error handling if SELinux is disabled, from Stephen Smalley. * pcre_study can return NULL without error, from Stephen Smalley. * Android property backend validation support, from Robert Craig. * Only check SELinux enabled status once in selinux_check_access, from Stephen Smalley. 2.4 2015-02-02 * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve Lawrence * Fix bugs found by hardened gcc flags, from Nicolas Iooss. * Set the system to permissive if failing to disable SELinux because policy has already been loaded, from Will Woods. * Fix type in selinux.8 manpage, from Nicolas Iooss * Add db_exception and db_datatype support to label_db backend, from Artyom Smirnov * Log an error on unknown classes and permissions, from Stephen Smalley * Add pcre version string to the compiled file_contexts format, from Stephen Smalley * Deprecate use of flask.h and av_permissions.h, from Stephen Smalley * Compiled file_context files and the original should have the same DAC permissions, from Dan Walsh 2.3 2014-05-06 * Get rid of security_context_t and fix const declarations. * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. 2.2.2 2013-12-30 * Fix userspace AVC handling of per-domain permissive mode. 2.2.1 2013-11-06 * Remove -lpthread from pkg-config file; it is not required. 2.2 2013-10-30 * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. * Support overriding Makefile RANLIB from Sven Vermeulen. * Update pkgconfig definition from Sven Vermeulen. * Mount sysfs before trying to mount selinuxfs from Sven Vermeulen. * Fix man pages from Laurent Bigonville. * Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville. * Fix LDFLAGS usage from Laurent Bigonville * Avoid shadowing stat in load_mmap from Joe MacDonald. * Support building on older PCRE libraries from Joe MacDonald. * Fix handling of temporary file in sefcontext_compile from Dan Walsh. * Fix procattr cache from Dan Walsh. * Define python constants for getenforce result from Dan Walsh. * Fix label substitution handling of / from Dan Walsh. * Add selinux_current_policy_path from Dan Walsh. * Change get_context_list to only return good matches from Dan Walsh. * Support udev-197 and higher from Sven Vermeulen and Dan Walsh. * Add support for local substitutions from Dan Walsh. * Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh. * Python wrapper leak fixes from Dan Walsh. * Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh. * Add selinux_systemd_contexts_path from Dan Walsh. * Add selinux_set_policy_root from Dan Walsh. * Add man page for sefcontext_compile from Dan Walsh. 2.1.13 2013-02-01 * audit2why: make sure path is nul terminated * utils: new file context regex compiler * label_file: use precompiled filecontext when possible * do not leak mmapfd * sefcontontext_compile: Add error handling to help debug problems in libsemanage. * man: make selinux.8 mention service man pages * audit2why: Fix segfault if finish() called twice * audit2why: do not leak on multiple init() calls * mode_to_security_class: interface to translate a mode_t in to a security class * audit2why: Cleanup audit2why analysys function * man: Fix program synopsis and function prototypes in man pages * man: Fix man pages formatting * man: Fix typo in man page * man: Add references and man page links to _raw function variants * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions * man: context_new(3): fix the return value description * selinux_status_open: handle error from sysconf * selinux_status_open: do not leak statusfd on exec * Fix errors found by coverity * Change boooleans.subs to booleans.subs_dist. * optimize set*con functions * pkg-config do not specifc ruby version * unmap file contexts on selabel_close() * do not leak file contexts with mmap'd backend * sefcontext_compile: do not leak fd on error * matchmediacon: do not leak fd * src/label_android_property: do not leak fd on error 2.1.12 2012-09-13 * Add support for lxc_contexts_path * utils: add service to getdefaultcon * libsemanage: do not set soname needlessly * libsemanage: remove PYTHONLIBDIR and ruby equivalent * boolean name equivalency * getsebool: support boolean name substitution * Add man page for new selinux_boolean_sub function. * expose selinux_boolean_sub * matchpathcon: add -m option to force file type check * utils: avcstat: clear sa_mask set * seusers: Check for strchr failure * booleans: initialize pointer to silence coveriety * stop messages when SELinux disabled * label_file: use PCRE instead of glibc regex functions * label_file: remove all typedefs * label_file: move definitions to include file * label_file: do string to mode_t conversion in a helper function * label_file: move error reporting back into caller * label_file: move stem/spec handling to header * label_file: drop useless ncomp field from label_file data * label_file: move spec_hasMetaChars to header * label_file: fix potential read past buffer in spec_hasMetaChars * label_file: move regex sorting to the header * label_file: add accessors for the pcre extra data * label_file: only run regex files one time * label_file: new process_file function * label_file: break up find_stem_from_spec * label_file: struct reorg * label_file: only run array once when sorting * Ensure that we only close the selinux netlink socket once. * improve the file_contexts.5 manual page 2.1.11 2012-06-28 * Fortify source now requires all code to be compiled with -O flag * asprintf return code must be checked * avc_netlink_recieve handle EINTR * audit2why: silence -Wmissing-prototypes warning * libsemanage: remove build warning when build swig c files * matchpathcon: bad handling of symlinks in / * seusers: remove unused lineno * seusers: getseuser: gracefully handle NULL service * New Android property labeling backend * label_android_property whitespace cleanups * additional makefile support for rubywrap 2.1.10 2012-03-28 * Fix dead links to www.nsa.gov/selinux * Remove jump over variable declaration * Fix old style function definitions * Fix const-correctness * Remove unused flush_class_cache method * Add prototype decl for destructor * Add more printf format annotations * Add printf format attribute annotation to die() method * Fix const-ness of parameters & make usage() methods static * Enable many more gcc warnings for libselinux/src/ builds * utils: Enable many more gcc warnings for libselinux/utils builds * Change annotation on include/selinux/avc.h to avoid upsetting SWIG * Ensure there is a prototype for 'matchpathcon_lib_destructor' * Update Makefiles to handle /usrmove * utils: Stop separating out matchpathcon as something special * pkg-config to figure out where ruby include files are located * build with either ruby 1.9 or ruby 1.8 * assert if avc_init() not called * take security_deny_unknown into account * security_compute_create_name(3) * Do not link against python library, this is considered * bad practice in debian * Hide unnecessarily-exported library destructors 2.1.9 2011-12-21 * Fix setenforce man page to refer to selinux man page * Cleanup Man pages * merge freecon with getcon man page 2.1.8 2011-12-05 * selinuxswig_python.i: don't make syscall if it won't change anything * Remove assert in security_get_boolean_names(3) * Mapped compute functions now obey deny_unknown flag * get_default_type now sets EINVAL if no entry. * return EINVAL if invalid role selected * Updated selabel_file(5) man page * Updated selabel_db(5) man page * Updated selabel_media(5) man page * Updated selabel_x(5) man page * Add man/man5 man pages * Add man/man5 man pages * Add man/man5 man pages * use -W and -Werror in utils 2.1.7 2011-11-03 * Makefiles: syntax, convert all ${VAR} to $(VAR) * load_policy: handle selinux=0 and /sys/fs/selinux not exist * regenerate .pc on VERSION change * label: cosmetic cleanups * simple interface for access checks * Don't reinitialize avc_init if it has been called previously * seusers: fix to handle large sets of groups * audit2why: close fd on enomem * rename and export symlink_realpath * label_file: style changes to make Eric happy. 2.1.6 2011-09-15 * utils: matchpathcon: remove duplicate declaration * src: matchpathcon: use myprintf not fprintf * src: matchpathcon: make sure resolved path starts * put libselinux.so.1 in /lib not /usr/lib * tree: default make target to all not 2.1.5 2011-0826 * selinux_file_context_verify function returns wrong value. * move realpath helper to matchpathcon library * python wrapper makefile changes 2.1.4 2011-0817 * mapping fix for invalid class/perms after selinux_set_mapping * audit2why: work around python bug not defining * resolv symlinks and dot directories before matching 2.1.2 2011-0803 * audit2allow: do not print statistics * make python bindings for restorecon work on relative path * fix python audit2why binding error * support new python3 functions * do not check fcontext duplicates on use * Patch for python3 for libselinux 2.1.1 2011-08-02 * move .gitignore into utils * new setexecon utility * selabel_open fix processing of substitution files * mountpoint changing patch. * simplify SRCS in Makefile 2.1.1 2011-08-01 * Remove generated files, introduce more .gitignore 2.1.0 2011-07-27 * Release, minor version bump 2.0.102 2011-04-11 * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_* functions by Richard Haines. 2.0.101 2011-03-23 * db_language object class support for selabel_lookup from KaiGai Kohei. 2.0.100 2011-03-09 * Library destructors for thread local storage keys from Eamon Walsh. 2.0.99 2011-03-01 * SELinux man page fixes from Dan Walsh. * selinux_status interfaces from KaiGai Kohei. 2.0.98 2010-12-16 * Turn off default user handling when computing user contexts by Dan Walsh 2.0.97 2010-12-02 * Thread local storage fixes from Eamon Walsh. 2.0.96 2010-06-14 * Add const qualifiers to public API where appropriate by KaiGai Kohei. 2.0.95 2010-06-10 * Remove duplicate slashes in paths in selabel_lookup from Chad Sellers * Adds a chcon method to the libselinux python bindings from Steve Lawrence 2.0.94 2010-03-24 * Set errno=EINVAL for invalid contexts from Dan Walsh. 2.0.93 2010-03-15 * Show strerror for security_getenforce() by Colin Walters. * Merged selabel database support by KaiGai Kohei. * Modify netlink socket blocking code by KaiGai Kohei. 2.0.92 2010-03-06 * Fix from Eric Paris to fix leak on non-selinux systems. * regenerate swig wrappers * pkgconfig fix to respect LIBDIR from Dan Walsh. 2.0.91 2010-02-22 * Change the AVC to only audit the permissions specified by the policy, excluding any permissions specified via dontaudit or not specified via auditallow. * Fix compilation of label_file.c with latest glibc headers. 2.0.90 2009-11-27 * add/reformat man pages by Guido Trentalancia . * Change exception.sh to be called with bash by Manoj Srivastava 2.0.89 2009-10-29 * Add pkgconfig file from Eamon Walsh. 2.0.88 2009-10-22 * Rename and export selinux_reset_config() 2.0.87 2009-09-25 * Add exception handling in libselinux from Dan Walsh. This uses a shell script called exception.sh to generate a swig interface file. * make swigify * Make matchpathcon print <> if path not found in fcontext file. 2.0.86 2009-09-02 * Removal of reference counting on userspace AVC SID's. 2.0.85 2009-07-14 * Reverted Tomas Mraz's fix for freeing thread local storage to avoid pthread dependency. * Removed fini_context_translations() altogether. * Merged lazy init patch from Stephen Smalley based on original patch by Steve Grubb. 2.0.84 2009-07-07 * Add per-service seuser support from Dan Walsh. * Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. 2.0.83 2009-07-07 * Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris. 2.0.82 2009-06-19 * Fix improper use of thread local storage from Tomas Mraz . * Label substitution support from Dan Walsh. * Support for labeling virtual machine images from Dan Walsh. 2.0.81 2009-05-15 * Trim / from the end of input paths to matchpathcon from Dan Walsh. * Fix leak in process_line in label_file.c from Hiroshi Shinji. * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. * getdefaultcon to print just the correct match and add verbose option from Dan Walsh. 2.0.80 2009-04-07 * deny_unknown wrapper function from KaiGai Kohei. * security_compute_av_flags API from KaiGai Kohei. * Netlink socket management and callbacks from KaiGai Kohei. 2.0.79 2009-03-11 * Netlink socket handoff patch from Adam Jackson. * AVC caching of compute_create results by Eric Paris. 2.0.78 2009-02-27 * Fix incorrect conversion in discover_class code. 2.0.77 2009-01-12 * add restorecon to python bindings from Dan Walsh. 2.0.76 2009-01-08 * Client support for translating raw contexts to colors via setrans. 2.0.75 2008-11-18 * Allow shell-style wildcards in x_contexts file. 2.0.74 2008-11-03 * Correct message types in AVC log messages. 2.0.73 2008-10-14 * Make matchpathcon -V pass mode from Dan Walsh. * Add man page for selinux_file_context_cmp from Dan Walsh. 2.0.72 2008-09-29 * New man pages from Dan Walsh. * Update flask headers from refpolicy trunk from Dan Walsh. 2.0.71 2008-08-05 * Add group support to seusers using %groupname syntax from Dan Walsh. * Mark setrans socket close-on-exec from Stephen Smalley. * Only apply nodups checking to base file contexts from Stephen Smalley. 2.0.70 2008-07-30 * Merge ruby bindings from Dan Walsh. 2.0.69 2008-07-29 * Handle duplicate file context regexes as a fatal error from Stephen Smalley. This prevents adding them via semanage. 2.0.68 2008-07-18 * Fix audit2why shadowed variables from Stephen Smalley. * Note that freecon NULL is legal in man page from Karel Zak. 2.0.67 2008-06-13 * New and revised AVC, label, and mapping man pages from Eamon Walsh. 2.0.66 2008-06-11 * Add swig python bindings for avc interfaces from Dan Walsh. 2.0.65 2008-05-27 * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized. * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status. 2.0.64 2008-04-21 * Fixed selinux_set_callback man page. 2.0.63 2008-04-18 * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. 2.0.62 2008-04-18 * Fix memory leaks in matchpathcon from Eamon Walsh. 2.0.61 2008-03-31 * Man page typo fix from Jim Meyering. 2.0.60 2008-03-20 * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel. 2.0.59 2008-02-29 * Merged new X label "poly_selection" namespace from Eamon Walsh. 2.0.58 2008-02-28 * Merged reset_selinux_config() for load policy from Dan Walsh. 2.0.57 2008-02-25 * Merged avc_has_perm() errno fix from Eamon Walsh. 2.0.56 2008-02-21 * Regenerated Flask headers from refpolicy flask definitions. 2.0.55 2008-02-08 * Merged compute_member AVC function and manpages from Eamon Walsh. 2.0.54 2008-02-08 * Provide more error reporting on load policy failures from Stephen Smalley. 2.0.53 2008-02-07 * Merged new X label "poly_prop" namespace from Eamon Walsh. 2.0.52 2008-02-06 * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley. 2.0.51 2008-02-05 * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley. 2.0.50 2008-01-28 * Merged fix for audit2why from Dan Walsh. 2.0.49 2008-01-23 * Merged audit2why python binding from Dan Walsh. 2.0.48 2008-01-23 * Merged updated swig bindings from Dan Walsh, including typemap for pid_t. 2.0.47 2007-12-21 * Fix for the avc: granted null message bug from Stephen Smalley. 2.0.46 2007-12-07 * matchpathcon(8) man page update from Dan Walsh. 2.0.45 2007-11-20 * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. 2.0.44 2007-11-20 * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD. 2.0.43 2007-11-15 * Regenerated Flask headers from policy. 2.0.42 2007-11-08 * AVC enforcing mode override patch from Eamon Walsh. 2.0.41 2007-11-06 * Aligned attributes in AVC netlink code from Eamon Walsh. 2.0.40 2007-11-01 * Merged refactored AVC netlink code from Eamon Walsh. 2.0.39 2007-10-19 * Merged new X label namespaces from Eamon Walsh. 2.0.38 2007-10-15 * Bux fix and minor refactoring in string representation code. 2.0.37 2007-10-05 * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh. 2.0.36 2007-09-27 * Fix segfault resulting from missing file_contexts file. 2.0.35 2007-09-24 * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. * Pass CFLAGS when using gcc for linking from Dennis Gilmore. 2.0.34 2007-09-18 * Fix selabel option flag setting for 64-bit from Stephen Smalley. 2.0.33 2007-09-12 * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley. * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley. 2.0.32 2007-09-10 * Fix swig binding for rpm_execcon from James Athey. 2.0.31 2007-08-23 * Fix file_contexts.homedirs path from Todd Miller. 2.0.30 2007-08-06 * Fix segfault resulting from uninitialized print-callback pointer. 2.0.29 2007-08-02 * Added x_contexts path function patch from Eamon Walsh. 2.0.28 2007-08-01 * Fix build for EMBEDDED=y from Yuichi Nakamura. 2.0.27 2007-07-25 * Fix markup problems in selinux man pages from Dan Walsh. 2.0.26 2007-07-23 * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh. * Added swigify to top-level Makefile from Dan Walsh. 2.0.25 2007-07-23 * Fix for string_to_security_class segfault on x86_64 from Stephen Smalley. 2.0.24 2007-09-07 * Fix for getfilecon() for zero-length contexts from Stephen Smalley. 2.0.23 2007-06-22 * Refactored SWIG bindings from James Athey. 2.0.22 2007-06-20 * Labeling and callback interface patches from Eamon Walsh. 2.0.21 2007-06-11 * Class and permission mapping support patches from Eamon Walsh. 2.0.20 2007-06-07 * Object class discovery support patches from Chris PeBenito. 2.0.19 2007-06-05 * Refactoring and errno support in string representation code. 2.0.18 2007-05-31 * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. 2.0.17 2007-05-31 * Updated Lindent script and reindented two header files. 2.0.16 2007-05-09 * Merged additional swig python bindings from Dan Walsh. 2.0.15 2007-04-27 * Merged helpful message when selinuxfs mount fails patch from Dax Kelson. 2.0.14 2007-04-24 * Merged build fix for avc_internal.c from Joshua Brindle. 2.0.13 2007-04-12 * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh. 2.0.12 2007-04-09 * Merged support for getting initial contexts from James Carter. 2.0.11 2007-04-05 * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. 2.0.10 2007-04-05 * Merged sidput(NULL) patch from Eamon Walsh. 2.0.9 2007-03-30 * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh. 2.0.8 2007-03-20 * Merged fix for avc.h #include's from Eamon Walsh. 2.0.7 2007-03-12 * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. 2.0.6 2007-03-12 * Merged patch to drop support for old /etc/sysconfig/selinux and /etc/security policy file layout from Steve Grubb. 2.0.5 2007-02-27 * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb. 2.0.4 2007-02-23 * Removed sending of setrans init message. 2.0.3 2007-02-22 * Merged matchpathcon memory leak fix from Steve Grubb. 2.0.2 2007-02-21 * Merged more swig initializers from Dan Walsh. 2.0.1 2007-02-20 * Merged patch from Todd Miller to convert int types over to C99 style. 2.0.0 2007-02-01 * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because of the use of the non-standard format %as. (original patch changed for style). * Merged patch from Todd Miller to fix memory leak in matchpathcon.c. 1.34.1 2007-01-26 * Merged python binding fixes from Dan Walsh. 1.34.0 2007-01-18 * Updated version for stable branch. 1.33.6 2007-01-17 * Merged man page updates to make "apropos selinux" work from Dan Walsh. 1.33.5 2007-01-16 * Merged getdefaultcon utility from Dan Walsh. 1.33.4 2007-01-11 * Merged selinux_check_securetty_context() and support from Dan Walsh. 1.33.3 2007-01-04 * Merged patch for matchpathcon utility to use file mode information when available from Dan Walsh. 1.33.2 2006-11-27 * Merged patch to compile with -fPIC instead of -fpic from Manoj Srivastava to prevent hitting the global offset table limit. Patch changed to include libsepol and libsemanage in addition to libselinux. 1.33.1 2006-10-19 * Merged updated flask definitions from Darrel Goeddel. This adds the context security class, and also adds the string definitions for setsockcreate and polmatch. 1.32 2006-10-17 * Updated version for release. 1.30.30 2006-10-05 * Merged patch from Darrel Goeddel to always use untranslated contexts in the userspace AVC. 1.30.29 2006-09-29 * Merged av_permissions.h update from Steve Grubb, adding setsockcreate and polmatch definitions. 1.30.28 2006-09-13 * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client * Merged c++ class identifier fix from Joe Nall. 1.30.27 2006-08-24 * Merged patch to not log avc stats upon a reset from Steve Grubb. * Applied patch to revert compat_net setting upon policy load. 1.30.26 2006-08-11 * Merged file context homedir and local path functions from Chris PeBenito. 1.30.25 2006-08-11 * Rework functions that access /proc/pid/attr to access the per-thread nodes, and unify the code to simplify maintenance. 1.30.24 2006-08-10 * Merged return value fix for *getfilecon() from Dan Walsh. 1.30.23 2006-08-10 * Merged sockcreate interfaces from Eric Paris. 1.30.22 2006-08-03 * Merged no-tls-direct-seg-refs patch from Jeremy Katz. 1.30.21 2006-08-03 * Merged netfilter_contexts support patch from Chris PeBenito. 1.30.20 2006-08-01 * Merged context_*_set errno patch from Jim Meyering. 1.30.19 2006-06-29 * Lindent. 1.30.18 2006-06-27 * Merged {get,set}procattrcon patch set from Eric Paris. * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris. 1.30.17 2006-06-27 * Regenerated Flask headers from refpolicy. 1.30.16 2006-06-26 * Merged patch from Dan Walsh with: - Added selinux_file_context_{cmp,verify}. - Added selinux_lsetfilecon_default. - Delay translation of contexts in matchpathcon. 1.30.15 2006-06-16 * Merged patch from Dan Walsh with: * Added selinux_getpolicytype() function. * Modified setrans code to skip processing if !mls_enabled. 1.30.14 2006-06-16 * Set errno in the !selinux_mnt case. 1.30.13 2006-06-02 * Allocate large buffers from the heap, not on stack. Affects is_context_customizable, selinux_init_load_policy, and selinux_getenforcemode. 1.30.12 2006-06-02 * Merged !selinux_mnt checks from Ian Kent. 1.30.11 2006-05-24 * Merged matchmediacon and trans_to_raw_context fixes from Serge Hallyn. 1.30.10 2006-05-22 * Merged simple setrans client cache from Dan Walsh. Merged avcstat patch from Russell Coker. 1.30.9 2006-05-22 * Modified selinux_mkload_policy() to also set /selinux/compat_net appropriately for the loaded policy. 1.30.8 2006-05-17 * Added matchpathcon_fini() function to free memory allocated by matchpathcon_init(). 1.30.7 2006-05-16 * Merged setrans client cleanup patch from Steve Grubb. 1.30.6 2006-05-08 * Merged getfscreatecon man page fix from Dan Walsh. * Updated booleans(8) man page to drop references to the old booleans file and to note that setsebool can be used to set the boot-time defaults via -P. 1.30.5 2006-05-05 * Merged fix warnings patch from Karl MacMillan. 1.30.4 2006-05-05 * Merged setrans client support from Dan Walsh. This removes use of libsetrans. * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. * Merged swig typemap fixes from Glauber de Oliveira Costa. 1.30.3 2006-04-12 * Added distclean target to Makefile. * Regenerated swig files. 1.30.2 2006-04-11 * Changed matchpathcon_init to verify that the spec file is a regular file. * Merged python binding t_output_helper removal patch from Dan Walsh. 1.30.1 2006-03-20 * Merged Makefile PYLIBVER definition patch from Dan Walsh. 1.30 2006-03-14 * Updated version for release. 1.29.8 2006-02-27 * Altered rpm_execcon fallback logic for permissive mode to also handle case where /selinux/enforce is not available. 1.29.7 2006-01-20 * Merged install-pywrap Makefile patch from Joshua Brindle. 1.29.6 2006-01-18 * Merged pywrap Makefile patch from Dan Walsh. 1.29.5 2006-01-11 * Added getseuser test program. 1.29.4 2006-01-06 * Added format attribute to myprintf in matchpathcon.c and removed obsoleted rootlen variable in init_selinux_config(). 1.29.3 2006-01-04 * Merged several fixes and improvements from Ulrich Drepper (Red Hat), including: - corrected use of getline - further calls to __fsetlocking for local files - use of strdupa and asprintf - proper handling of dirent in booleans code - use of -z relro - several other optimizations * Merged getpidcon python wrapper from Dan Walsh (Red Hat). 1.29.2 2005-12-14 * Merged call to finish_context_translations from Dan Walsh. This eliminates a memory leak from failing to release memory allocated by libsetrans. 1.29.1 2005-12-08 * Merged patch for swig interfaces from Dan Walsh. 1.28 2005-12-07 * Updated version for release. 1.27.28 2005-12-01 * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and modified matchpathcon implementation to make context validation/ canonicalization optional at matchpathcon_init time, deferring it to a successful matchpathcon by default unless the new flag is set by the caller. 1.27.27 2005-12-01 * Added matchpathcon_init_prefix() interface, and reworked matchpathcon implementation to support selective loading of file contexts entries based on prefix matching between the pathname regex stems and the specified path prefix (stem must be a prefix of the specified path prefix). 1.27.26 2005-11-29 * Merged getsebool patch from Dan Walsh. 1.27.25 2005-11-29 * Added -f file_contexts option to matchpathcon util. Fixed warning message in matchpathcon_init(). 1.27.24 2005-11-29 * Merged Makefile python definitions patch from Dan Walsh. 1.27.23 2005-11-28 * Merged swigify patch from Dan Walsh. 1.27.22 2005-11-15 * Merged make failure in rpm_execcon non-fatal in permissive mode patch from Ivan Gyurdiev. 1.27.21 2005-11-08 * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() and modified matchpathcon_init() to skip context translation if it is set by the caller. 1.27.20 2005-11-07 * Added security_canonicalize_context() interface and set_matchpathcon_canoncon() interface for obtaining canonical contexts. Changed matchpathcon internals to obtain canonical contexts by default. Provided fallback for kernels that lack extended selinuxfs context interface. 1.27.19 2005-11-04 * Merged seusers parser changes from Ivan Gyurdiev. * Merged setsebool to libsemanage patch from Ivan Gyurdiev. * Changed seusers parser to reject empty fields. 1.27.18 2005-11-03 * Merged seusers empty level handling patch from Jonathan Kim (TCS). 1.27.17 2005-10-27 * Changed default entry for seusers to use __default__ to avoid ambiguity with users named "default". 1.27.16 2005-10-27 * Fixed init_selinux_config() handling of missing /etc/selinux/config or missing SELINUXTYPE= definition. * Merged selinux_translations_path() patch from Dan Walsh. 1.27.15 2005-10-25 * Added hidden_proto/def for get_default_context_with_role. 1.27.14 2005-10-25 * Merged selinux_path() and selinux_homedir_context_path() functions from Joshua Brindle. 1.27.13 2005-10-19 * Merged fixes for make DESTDIR= builds from Joshua Brindle. 1.27.12 2005-10-18 * Merged get_default_context_with_rolelevel and man pages from Dan Walsh (Red Hat). 1.27.11 2005-10-18 * Updated call to sepol_policydb_to_image for sepol changes. 1.27.10 2005-10-17 * Changed getseuserbyname to ignore empty lines and to handle no matching entry in the same manner as no seusers file. 1.27.9 2005-10-13 * Changed selinux_mkload_policy to try downgrading the latest policy version available to the kernel-supported version. 1.27.8 2005-10-11 * Changed selinux_mkload_policy to fall back to the maximum policy version supported by libsepol if the kernel policy version falls outside of the supported range. 1.27.7 2005-10-06 * Changed getseuserbyname to fall back to the Linux username and NULL level if seusers config file doesn't exist unless REQUIRESEUSERS=1 is set in /etc/selinux/config. * Moved seusers.conf under $SELINUXTYPE and renamed to seusers. 1.27.6 2005-10-06 * Added selinux_init_load_policy() function as an even higher level interface for the initial policy load by /sbin/init. This obsoletes the load_policy() function in the sysvinit-selinux.patch. 1.27.5 2005-10-06 * Added selinux_mkload_policy() function as a higher level interface for loading policy than the security_load_policy() interface. 1.27.4 2005-10-05 * Merged fix for matchpathcon (regcomp error checking) from Johan Fischer. Also added use of regerror to obtain the error string for inclusion in the error message. 1.27.3 2005-10-03 * Changed getseuserbyname to not require (and ignore if present) the MLS level in seusers.conf if MLS is disabled, setting *level to NULL in this case. 1.27.2 2005-09-30 * Merged getseuserbyname patch from Dan Walsh. 1.27.1 2005-09-19 * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh. This allows file_contexts with MLS fields to be processed on non-MLS-enabled systems with policies that are otherwise identical (e.g. same type definitions). * Merged get_ordered_context_list_with_level() function from Dan Walsh, and added get_default_context_with_level(). This allows MLS level selection for users other than the default level. 1.26 2005-09-06 * Updated version for release. 1.25.7 2005-09-01 * Merged modified form of patch to avoid dlopen/dlclose by the static libselinux from Dan Walsh. Users of the static libselinux will not have any context translation by default. 1.25.6 2005-08-31 * Added public functions to export context translation to users of libselinux (selinux_trans_to_raw_context, selinux_raw_to_trans_context). 1.25.5 2005-08-26 * Remove special definition for context_range_set; use common code. 1.25.4 2005-08-25 * Hid translation-related symbols entirely and ensured that raw functions have hidden definitions for internal use. * Allowed setting NULL via context_set* functions. * Allowed whitespace in MLS component of context. * Changed rpm_execcon to use translated functions to workaround lack of MLS level on upgraded systems. 1.25.3 2005-08-23 * Merged context translation patch, originally by TCS, with modifications by Dan Walsh (Red Hat). 1.25.2 2005-08-11 * Merged several fixes for error handling paths in the AVC sidtab, matchpathcon, booleans, context, and get_context_list code from Serge Hallyn (IBM). Bugs found by Coverity. 1.25.1 2005-08-10 * Removed setupns; migrated to pam. * Merged patches to rename checkPasswdAccess() from Joshua Brindle. Original symbol is temporarily retained for compatibility until all callers are updated. 1.24 2005-06-20 * Updated version for release. 1.23.12 2005-06-13 * Merged security_setupns() from Chad Sellers. 1.23.11 2005-05-19 * Merged avcstat and selinux man page from Dan Walsh. * Changed security_load_booleans to process booleans.local even if booleans file doesn't exist. 1.23.10 2005-04-29 * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). 1.23.9 2005-04-26 * Rewrote get_ordered_context_list and helpers, including changing logic to allow variable MLS fields. 1.23.8 2005-04-25 * Merged matchpathcon and man page patch from Dan Walsh. 1.23.7 2005-04-12 * Changed boolean functions to return -1 with errno ENOENT rather than assert on a NULL selinux_mnt (i.e. selinuxfs not mounted). 1.23.6 2005-04-08 * Fixed bug in matchpathcon_filespec_destroy. 1.23.5 2005-04-05 * Fixed bug in rpm_execcon error handling path. 1.23.4 2005-04-04 * Merged fix for set_matchpathcon* functions from Andreas Steinmetz. * Merged fix for getconlist utility from Andreas Steinmetz. 1.23.3 2005-03-29 * Merged security_set_boolean_list patch from Dan Walsh. This introduces booleans.local support for setsebool. 1.23.2 2005-03-17 * Merged destructors patch from Tomas Mraz. 1.23.1 2005-03-16 * Added set_matchpathcon_flags() function for setting flags controlling operation of matchpathcon. MATCHPATHCON_BASEONLY means only process the base file_contexts file, not file_contexts.homedirs or file_contexts.local, and is for use by setfiles -c. * Updated matchpathcon.3 man page. 1.22 2005-03-09 * Updated version for release. 1.21.13 2005-03-08 * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. 1.21.12 2005-03-01 * Changed matchpathcon_common to ignore any non-format bits in the mode. 1.21.11 2005-02-22 * Merged several fixes from Ulrich Drepper. 1.21.10 2005-02-17 * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh. * Added selinux_users_path() for path to directory containing system.users and local.users. 1.21.9 2005-02-09 * Changed relabel Makefile target to use restorecon. 1.21.8 2005-02-07 * Regenerated av_permissions.h. 1.21.7 2005-02-01 * Modified avc_dump_av to explicitly check for any permissions that cannot be mapped to string names and display them as a hex value. 1.21.6 2005-01-31 * Regenerated av_permissions.h. 1.21.5 2005-01-28 * Generalized matchpathcon internals, exported more interfaces, and moved additional code from setfiles into libselinux so that setfiles can directly use matchpathcon. 1.21.4 2005-01-27 * Prevent overflow of spec array in matchpathcon. 1.21.3 2005-01-26 * Fixed several uses of internal functions to avoid relocations. * Changed rpm_execcon to check is_selinux_enabled() and fallback to a regular execve if not enabled (or unable to determine due to a lack of /proc, e.g. chroot'd environment). 1.21.2 2005-01-24 * Merged minor fix for avcstat from Dan Walsh. 1.21.1 2005-01-19 * Merged patch from Dan Walsh, including: - new is_context_customizable function - changed matchpathcon to also use file_contexts.local if present - man page cleanups 1.20 2005-01-04 * Changed matchpathcon to return -1 with errno ENOENT for <> entries, and also for an empty file_contexts configuration. * Removed some trivial utils that were not useful or redundant. * Changed BINDIR default to /usr/sbin to match change in Fedora. * Added security_compute_member. * Added man page for setcon. * Merged more man pages from Dan Walsh. * Merged avcstat from James Morris. * Merged build fix for mips from Manoj Srivastava. * Merged C++ support from John Ramsdell of MITRE. * Merged setcon() function from Darrel Goeddel of TCS. * Merged setsebool/togglesebool enhancement from Steve Grubb. * Merged cleanup patches from Steve Grubb. 1.18 2004-11-01 * Merged cleanup patches from Steve Grubb. * Added rpm_execcon. * Merged setenforce and removable context patch from Dan Walsh. * Merged build fix for alpha from Ulrich Drepper. * Removed copyright/license from selinux_netlink.h - definitions only. * Merged matchmediacon from Dan Walsh. * Regenerated headers for new nscd permissions. * Added get_default_context_with_role. * Added set_matchpathcon_printf. * Reworked av_inherit.h to allow easier re-use by kernel. * Changed avc_has_perm_noaudit to not fail on netlink errors. * Changed avc netlink code to check pid based on patch by Steve Grubb. * Merged second optimization patch from Ulrich Drepper. * Changed matchpathcon to skip invalid file_contexts entries. * Made string tables private to libselinux. * Merged strcat->stpcpy patch from Ulrich Drepper. * Merged matchpathcon man page from Dan Walsh. * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. * Autobind netlink socket. * Dropped compatibility code from security_compute_user. * Merged fix for context_range_set from Chad Hanson. * Merged allocation failure checking patch from Chad Hanson. * Merged avc netlink error message patch from Colin Walters. 1.16 2004-08-19 * Regenerated headers for nscd class. * Merged man pages from Dan Walsh. * Merged context_new bug fix for MLS ranges from Chad Hanson. * Merged toggle_bool from Chris PeBenito, renamed to togglesebool. * Renamed change_bool and show_bools to setsebool and getsebool. * Merged security_load_booleans() function from Dan Walsh. * Added selinux_booleans_path() function. * Changed avc_init function prototype to use const. * Regenerated headers for crontab permission. * Added checkAccess from Dan Walsh. * Merged getenforce patch from Dan Walsh. * Regenerated headers for dbus classes. 1.14 2004-06-16 * Regenerated headers for fine-grained netlink classes. * Merged selinux_config bug fix from Dan Walsh. * Added userspace AVC man pages. * Added man links for API calls to existing man pages documenting them. * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support. * Merged patch to determine config file paths at runtime to support reorganized layout. * Regenerated flask headers with stable ordering. * Merged patch for man pages from Russell Coker. 1.12 2004-05-10 * Updated flask files to include new SE-X security classes. * Added security_disable function for runtime disable of SELinux prior to initial policy load (for /sbin/init). * Changed get_ordered_context_list to omit any reachable contexts that are not explicitly listed in default_contexts, unless there are no matches. * Merged man pages from Russell Coker and Dan Walsh. * Merged memory leak fixes from Dan Walsh. * Merged policyvers errno patch from Chris PeBenito. 1.10 2004-04-05 * Merged getenforce patch from Dan Walsh. * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as the device specification, i.e. mount selinuxfs /selinux -t selinuxfs. Based on a patch by Russell Coker. * Merged matchpathcon buffer size fix from Dan Walsh. 1.8 2004-03-09 * Merged is_selinux_mls_enabled() from Chad Hanson of TCS. * Added matchpathcon function. * Updated userspace AVC to handle netlink selinux notifications. 1.6 2004-02-18 * Merged conditional policy extensions from Tresys Technology. * Added userspace avc and SID table implementation. * Fixed type on size in getpeercon per Thorsten Kukuk's advice. * Fixed use of getpwnam_r per Thorsten Kukuk's advice. * Changed to use getpwnam_r rather than getpwnam internally to avoid clobbering any existing pwd struct obtained by the caller. * Added getpeercon function to encapsulate getsockopt SO_PEERSEC and handle allocation ala getfilecon. * Changed is_selinux_enabled to return -1 on errors. * Changed to discover selinuxfs mount point via /proc/mounts so that the mount point can be changed without rebuilding. 1.4 2003-12-01 * Merged another cleanup patch from Bastian Blank and Joerg Hoh. * Regenerate headers for new permissions. * Merged static lib build patch from Bastian Blank and Joerg Hoh. * Export SELINUXMNT definition, add SELINUXPOLICY definition. * Add functions to provide access to enforce and policyvers. * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs. * Fixed type for 'size' in *getfilecon. * Dropped -lattr and changed #include's to * Merged patch to move shared library to /lib from Dan Walsh. * Changed get_ordered_context_list to support a failsafe context. * Added selinuxenabled utility. * Merged const patch from Thorsten Kukuk. 1.2 2003-09-30 * Change is_selinux_enabled to fail if policy isn't loaded. * Changed Makefiles to allow non-root rpm builds. * Added -lattr for libselinux.so to ensure proper binding. 1.1 2003-08-13 * Ensure that context strings are padded with a null byte in case the kernel didn't include one. * Regenerate headers, update helpers.c for code cleanup. * Pass soname flag to linker (Colin Walters). * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters). 1.0 2003-07-11 * Initial public release.