2.0.45 2010-03-06 * Add enable/disable patch support from Dan Walsh. * Add usepasswd flag to semanage.conf to disable genhomedircon using passwd from Dan Walsh. * regenerate swig wrappers 2.0.44 2010-02-02 * Replace usage of fmemopen() with sepol_policy_file_set_mem() since glibc < 2.9 does not support binary mode ('b') for fmemopen'd streams. 2.0.43 2009-11-27 * Move libsemanage.so to /usr/lib * Add NAME lines to man pages from Manoj Srivastava 2.0.42 2009-11-18 * Move load_policy from /usr/sbin to /sbin from Dan Walsh. 2.0.41 2009-10-29 * Add pkgconfig file from Eamon Walsh. 2.0.40 2009-10-22 * Add semanage_set_check_contexts() function to disable calling setfiles 2.0.39 2009-09-24 * make swigify 2.0.38 2009-09-16 * Change semodule upgrade behavior to install even if the module is not present from Dan Walsh. * Make genhomedircon trim excess '/' from homedirs from Dan Walsh. 2.0.37 2009-09-04 * Fix persistent dontaudit support to rebuild policy if the dontaudit state is changed from Chad Sellers. 2.0.36 2009-08-24 * Changed bzip-blocksize=0 handling to support existing compressed modules in the store. 2.0.35 2009-08-05 * Revert hard linking of files between tmp/active/previous. 2.0.34 2009-08-05 * Enable configuration of bzip behavior from Stephen Smalley. bzip-blocksize=0 to disable compression and decompression support. bzip-blocksize=1..9 to set the blocksize for compression. bzip-small=true to reduce memory usage for decompression. 2.0.33 2009-07-07 * Maintain disable dontaudit state from Christopher Pardy. 2.0.32 2009-05-28 * Ruby bindings from David Quigley. 2.0.31 2009-01-12 * Policy module compression (bzip) support from Dan Walsh. * Hard link files between tmp/active/previous from Dan Walsh. 2.0.30 2008-11-12 * Add semanage_mls_enabled() interface from Stephen Smalley. 2.0.29 2008-11-11 * Add USER to lines to homedir_template context file from Chris PeBenito. 2.0.28 2008-09-15 * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh 2.0.27 2008-08-05 * Modify genhomedircon to skip %groupname entries. Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax. 2.0.26 2008-07-29 * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. Strip any trailing slash before appending /*$. 2.0.25 2008-04-21 * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley. Fixes semanage boolean -D seg fault (bug 441379). 2.0.24 2008-02-26 * make swigify 2.0.23 2008-02-04 * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller. 2.0.22 2008-02-04 * Free policydb before fork from Joshua Brindle. 2.0.21 2008-02-04 * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley. 2.0.12 2008-02-02 * Use sepol_set_expand_consume_base to reduce peak memory usage when using semodule from Joshua Brindle. 2.0.19 2008-01-31 * Fix genhomedircon to not override a file context with a homedir context from Todd Miller. 2.0.18 2008-01-28 * Fix spurious out of memory error reports. 2.0.17 2008-01-25 * Merged second version of fix for genhomedircon handling from Caleb Case. 2.0.16 2008-01-24 * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case. 2.0.15 2007-12-05 * Fix genhomedircon handling of shells and missing user context template from Dan Walsh. * Copy the store path in semanage_select_store from Dan Walsh. 2.0.14 2007-11-05 * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley. 2.0.13 2007-11-05 * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. 2.0.12 2007-10-05 * ustr cleanups from James Antill. * Ensure that /root gets labeled even if using the default context from Dan Walsh. 2.0.11 2007-09-28 * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh. 2.0.10 2007-09-28 * Fix error checking on getpw*_r functions from Todd Miller. * Make genhomedircon skip invalid homedir contexts from Todd Miller. * Set default user and prefix from seusers from Dan Walsh. * Add swigify Makefile target from Dan Walsh. 2.0.9 2007-09-24 * Pass CFLAGS to CC even on link command, per Dennis Gilmore. 2.0.8 2007-09-19 * Clear errno on non-fatal errors to avoid reporting them upon a later error that does not set errno. 2.0.7 2007-09-19 * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley. 2.0.6 2007-09-10 * Change to use getpw* function calls to the _r versions from Todd Miller. 2.0.5 2007-08-23 * Replace genhomedircon script with equivalent functionality within libsemanage and introduce disable-genhomedircon option in semanage.conf from Todd Miller. Note: Depends on ustr. 2.0.4 2007-08-16 * Allow dontaudits to be turned off via semanage interface when updating policy from Joshua Brindle. 2.0.3 2007-04-25 * Fix to libsemanage man patches so whatis will work better from Dan Walsh 2.0.2 2007-04-24 * Merged optimizations from Stephen Smalley. - do not set all booleans upon commit, only those whose values have changed - only install the sandbox upon commit if something was rebuilt 2.0.1 2007-03-12 * Merged dbase_file_flush patch from Dan Walsh. This removes any mention of specific tools (e.g. semanage) from the comment header of the auto-generated files, since there are multiple front-end tools. 2.0.0 2007-02-20 * Merged Makefile test target patch from Caleb Case. * Merged get_commit_number function rename patch from Caleb Case. * Merged strnlen -> strlen patch from Todd Miller. 1.10.1 2007-01-26 * Merged python binding fix from Dan Walsh. 1.10.0 2007-01-18 * Updated version for stable branch. 1.9.2 2007-01-08 * Merged patch to optionally reduce disk usage by removing the backup module store and linked policy from Karl MacMillan * Merged patch to correctly propagate return values in libsemanage 1.9.1 2006-11-27 * Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to prevent hitting the global offest table limit. Patch changed to include libselinux and libsemanage in addition to libsepol. 1.8 2006-10-17 * Updated version for release. 1.6.17 2006-09-29 * Merged patch to skip reload if no active store exists and the store path doesn't match the active store path from Dan Walsh. * Merged patch to not destroy sepol handle on error path of connect from James Athey. * Merged patch to add genhomedircon path to semanage.conf from James Athey. 1.6.16 2006-08-14 * Make most copy errors fatal, but allow exceptions for file_contexts.local, seusers, and netfilter_contexts if the source file does not exist in the store. 1.6.15 2006-08-11 * Merged separate local file contexts patch from Chris PeBenito. 1.6.14 2006-08-11 * Merged patch to make most copy errors non-fatal from Dan Walsh. 1.6.13 2006-08-03 * Merged netfilter contexts support from Chris PeBenito. 1.6.12 2006-07-11 * Merged support for read operations on read-only fs from Caleb Case (Tresys Technology). 1.6.11 2006-06-29 * Lindent. 1.6.10 2006-06-26 * Merged setfiles location check patch from Dan Walsh. 1.6.9 2006-06-16 * Merged several fixes from Serge Hallyn: dbase_file_cache: deref of uninit data on error path. dbase_policydb_cache: clear fp to avoid double fclose semanage_fc_sort: destroy temp on error paths 1.6.8 2006-06-02 * Updated default location for setfiles to /sbin to match policycoreutils. This can also be adjusted via semanage.conf using the syntax: [setfiles] path = /path/to/setfiles args = -q -c $@ $< [end] 1.6.7 2006-05-05 * Merged fix warnings patch from Karl MacMillan. 1.6.6 2006-04-14 * Merged updated file context sorting patch from Christopher Ashworth, with bug fix for escaped character flag. 1.6.5 2006-04-13 * Merged file context sorting code from Christopher Ashworth (Tresys Technology), based on fc_sort.c code in refpolicy. 1.6.4 2006-04-12 * Merged python binding t_output_helper removal patch from Dan Walsh. * Regenerated swig files. 1.6.3 2006-03-30 * Merged corrected fix for descriptor leak from Dan Walsh. 1.6.2 2006-03-20 * Merged Makefile PYLIBVER definition patch from Dan Walsh. 1.6.1 2006-03-20 * Merged man page reorganization from Ivan Gyurdiev. 1.6 2006-03-14 * Updated version for release. 1.5.31 2006-03-09 * Merged abort early on merge errors patch from Ivan Gyurdiev. 1.5.30 2006-03-08 * Cleaned up error handling in semanage_split_fc based on a patch by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. 1.5.29 2006-02-21 * Merged MLS handling fixes from Ivan Gyurdiev. 1.5.28 2006-02-16 * Merged bug fix for fcontext validate handler from Ivan Gyurdiev. 1.5.27 2006-02-16 * Merged base_merge_components changes from Ivan Gyurdiev. 1.5.26 2006-02-15 * Merged paths array patch from Ivan Gyurdiev. * Merged bug fix patch from Ivan Gyurdiev. 1.5.25 2006-02-14 * Merged improve bindings patch from Ivan Gyurdiev. 1.5.24 2006-02-14 * Merged use PyList patch from Ivan Gyurdiev. * Merged memory leak fix patch from Ivan Gyurdiev. * Merged nodecon support patch from Ivan Gyurdiev. * Merged cleanups patch from Ivan Gyurdiev. * Merged split swig patch from Ivan Gyurdiev. 1.5.23 2006-02-13 * Merged optionals in base patch from Joshua Brindle. 1.5.22 2006-02-13 * Merged treat seusers/users_extra as optional sections patch from Ivan Gyurdiev. * Merged parse_optional fixes from Ivan Gyurdiev. 1.5.21 2006-02-07 * Merged seuser/user_extra support patch from Joshua Brindle. * Merged remote system dbase patch from Ivan Gyurdiev. 1.5.20 2006-02-02 * Merged clone record on set_con patch from Ivan Gyurdiev. 1.5.19 2006-01-30 * Merged fname parameter patch from Ivan Gyurdiev. * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev. * Merged seusers.system patch from Ivan Gyurdiev. * Merged improve port/fcontext API patch from Ivan Gyurdiev. 1.5.18 2006-01-27 * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev. 1.5.17 2006-01-27 * Merged set_create_store, access_check, and is_connected interfaces from Joshua Brindle. 1.5.16 2006-01-19 * Regenerate python wrappers. 1.5.15 2006-01-18 * Merged pywrap Makefile diff from Dan Walsh. * Merged cache management patch from Ivan Gyurdiev. * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev. * Merged remove apply_local function patch from Ivan Gyurdiev. * Merged only do read locking in direct case patch from Ivan Gyurdiev. * Merged cache error path memory leak fix from Ivan Gyurdiev. * Merged auto-generated file header patch from Ivan Gyurdiev. * Merged pywrap test update from Ivan Gyurdiev. * Merged hidden defs update from Ivan Gyurdiev. 1.5.14 2006-01-13 * Merged disallow port overlap patch from Ivan Gyurdiev. 1.5.13 2006-01-12 * Merged join prereq and implementation patches from Ivan Gyurdiev. * Merged join user extra data part 2 patch from Ivan Gyurdiev. * Merged bugfix patch from Ivan Gyurdiev. 1.5.12 2006-01-12 * Merged remove add_local/set_local patch from Ivan Gyurdiev. * Merged user extra data part 1 patch from Ivan Gyurdiev. * Merged size_t -> unsigned int patch from Ivan Gyurdiev. * Merged calloc check in semanage_store patch from Ivan Gyurdiev, bug noticed by Steve Grubb. * Merged cleanups after add/set removal patch from Ivan Gyurdiev. 1.5.11 2006-01-09 * Merged fcontext compare fix from Ivan Gyurdiev. 1.5.10 2006-01-06 * Fixed commit to return the commit number aka policy sequence number. 1.5.9 2006-01-06 * Merged const in APIs patch from Ivan Gyurdiev. * Merged validation of local file contexts patch from Ivan Gyurdiev. * Merged compare2 function patch from Ivan Gyurdiev. * Merged hidden def/proto update patch from Ivan Gyurdiev. 1.5.8 2006-01-05 * Re-applied string and file optimization patch from Russell Coker, with bug fix. 1.5.7 2006-01-05 * Reverted string and file optimization patch from Russell Coker. 1.5.6 2006-01-05 * Clarified error messages from parse_module_headers and parse_base_headers for base/module mismatches. 1.5.5 2006-01-05 * Merged string and file optimization patch from Russell Coker. * Merged swig header reordering patch from Ivan Gyurdiev. * Merged toggle modify on add patch from Ivan Gyurdiev. * Merged ports parser bugfix patch from Ivan Gyurdiev. * Merged fcontext swig patch from Ivan Gyurdiev. * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. * Merged man pages for dbase functions patch from Ivan Gyurdiev. * Merged pywrap tests patch from Ivan Gyurdiev. 1.5.4 2006-01-04 * Merged patch series from Ivan Gyurdiev. This includes patches to: - separate file rw code from linked list - annotate objects - fold together internal headers - support ordering of records in compare function - add active dbase backend, active booleans - return commit numbers for ro database calls - use modified flags to skip rebuild whenever possible - enable port interfaces - update swig interfaces and typemaps - add an API for file_contexts.local and file_contexts - flip the traversal order in iterate/list - reorganize sandbox_expand - add seusers MLS validation - improve dbase spec/documentation - clone record on set/add/modify 1.5.3 2005-12-14 * Merged further header cleanups from Ivan Gyurdiev. 1.5.2 2005-12-13 * Merged toggle modified flag in policydb_modify, fix memory leak in clear_obsolete, polymorphism vs headers fix, and include guards for internal headers patches from Ivan Gyurdiev. 1.5.1 2005-12-12 * Added file-mode= setting to semanage.conf, default to 0644. Changed semanage_copy_file and callers to use this mode when installing policy files to runtime locations. 1.4 2005-12-07 * Updated version for release. 1.3.64 2005-12-06 * Changed semanage_handle_create() to set do_reload based on is_selinux_enabled(). This prevents improper attempts to load policy on a non-SELinux system. 1.3.63 2005-12-05 * Dropped handle from user_del_role interface. 1.3.62 2005-12-05 * Removed defrole interfaces. 1.3.61 2005-11-29 * Merged Makefile python definitions patch from Dan Walsh. 1.3.60 2005-11-29 * Removed is_selinux_mls_enabled() conditionals in seusers and users file parsers. 1.3.59 2005-11-28 * Merged wrap char*** for user_get_roles patch from Joshua Brindle. 1.3.58 2005-11-28 * Merged remove defrole from sepol patch from Ivan Gyurdiev. 1.3.57 2005-11-28 * Merged swig wrappers for modifying users and seusers from Joshua Brindle. 1.3.56 2005-11-16 * Fixed free->key_free bug. 1.3.55 2005-11-16 * Merged clear obsolete patch from Ivan Gyurdiev. 1.3.54 2005-11-15 * Merged modified swigify patch from Dan Walsh (original patch from Joshua Brindle). * Merged move genhomedircon call patch from Chad Sellers. 1.3.53 2005-11-10 * Merged move seuser validation patch from Ivan Gyurdiev. * Merged hidden declaration fixes from Ivan Gyurdiev, with minor corrections. 1.3.52 2005-11-09 * Merged cleanup patch from Ivan Gyurdiev. This renames semanage_module_conn to semanage_direct_handle, and moves sepol handle create/destroy into semanage handle create/destroy to allow use even when disconnected (for the record interfaces). 1.3.51 2005-11-08 * Clear modules modified flag upon disconnect and commit. 1.3.50 2005-11-08 * Added tracking of module modifications and use it to determine whether expand-time checks should be applied on commit. 1.3.49 2005-11-08 * Reverted semanage_set_reload_bools() interface. 1.3.48 2005-11-08 * Disabled calls to port dbase for merge and commit and stubbed out calls to sepol_port interfaces since they are not exported. 1.3.47 2005-11-08 * Merged rename instead of copy patch from Joshua Brindle (Tresys). 1.3.46 2005-11-07 * Added hidden_def/hidden_proto for exported symbols used within libsemanage to eliminate relocations. Wrapped type definitions in exported headers as needed to avoid conflicts. Added src/context_internal.h and src/iface_internal.h. 1.3.45 2005-11-07 * Added semanage_is_managed() interface to allow detection of whether the policy is managed via libsemanage. This enables proper handling in setsebool for non-managed systems. 1.3.44 2005-11-07 * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, to enable runtime control over preserving active boolean values versus reloading their saved settings upon commit. 1.3.43 2005-11-04 * Merged seuser parser resync, dbase tracking and cleanup, strtol bug, copyright, and assert space patches from Ivan Gyurdiev. 1.3.42 2005-11-04 * Added src/*_internal.h in preparation for other changes. * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and src/seusers.[hc]. 1.3.41 2005-11-03 * Merged interface parse/print, context_to_string interface change, move assert_noeof, and order preserving patches from Ivan Gyurdiev. * Added src/dso.h in preparation for other changes. 1.3.40 2005-11-01 * Merged install seusers, handle/error messages, MLS parsing, and seusers validation patches from Ivan Gyurdiev. 1.3.39 2005-10-31 * Merged record interface, dbase flush, common database code, and record bugfix patches from Ivan Gyurdiev. 1.3.38 2005-10-27 * Merged dbase policydb list and count change from Ivan Gyurdiev. 1.3.37 2005-10-27 * Merged enable dbase and set relay patches from Ivan Gyurdiev. 1.3.36 2005-10-27 * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev. 1.3.35 2005-10-26 * Merged sepol handle passing, seusers support, and policydb cache patches from Ivan Gyurdiev. 1.3.34 2005-10-25 * Merged resync to sepol changes and booleans fixes/improvements patches from Ivan Gyurdiev. 1.3.33 2005-10-25 * Merged support for genhomedircon/homedir template, store selection, explicit policy reload, and semanage.conf relocation from Joshua Brindle. 1.3.32 2005-10-24 * Merged resync to sepol changes and transaction fix patches from Ivan Gyurdiev. 1.3.31 2005-10-21 * Merged reorganize users patch from Ivan Gyurdiev. * Merged remove unused relay functions patch from Ivan Gyurdiev. 1.3.30 2005-10-20 * Fixed policy file leaks in semanage_load_module and semanage_write_module. * Merged further database work from Ivan Gyurdiev. 1.3.29 2005-10-20 * Fixed bug in semanage_direct_disconnect. 1.3.28 2005-10-20 * Merged interface renaming patch from Ivan Gyurdiev. * Merged policy component patch from Ivan Gyurdiev. 1.3.27 2005-10-20 * Renamed 'check=' configuration value to 'expand-check=' for clarity. * Changed semanage_commit_sandbox to check for and report errors on rename(2) calls performed during rollback. 1.3.26 2005-10-19 * Added optional check= configuration value to semanage.conf and updated call to sepol_expand_module to pass its value to control assertion and hierarchy checking on module expansion. 1.3.25 2005-10-19 * Merged fixes for make DESTDIR= builds from Joshua Brindle. 1.3.24 2005-10-19 * Merged default database from Ivan Gyurdiev. * Merged removal of connect requirement in policydb backend from Ivan Gyurdiev. * Merged commit locking fix and lock rename from Joshua Brindle. * Merged transaction rollback in lock patch from Joshua Brindle. 1.3.23 2005-10-18 * Changed default args for load_policy to be null, as it no longer takes a pathname argument and we want to preserve booleans. 1.3.22 2005-10-18 * Merged move local dbase initialization patch from Ivan Gyurdiev. * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. 1.3.21 2005-10-18 * Added calls to sepol_policy_file_set_handle interface prior to invoking sepol operations on policy files. * Updated call to sepol_policydb_from_image to pass the handle. 1.3.20 2005-10-17 * Merged user and port APIs - policy database patch from Ivan Gyurdiev. 1.3.19 2005-10-17 * Converted calls to sepol link_packages and expand_module interfaces from using buffers to using sepol handles for error reporting, and changed direct_connect/disconnect to create/destroy sepol handles. 1.3.18 2005-10-14 * Merged bugfix patch from Ivan Gyurdiev. 1.3.17 2005-10-14 * Merged seuser database patch from Ivan Gyurdiev. Merged direct user/port databases to the handle from Ivan Gyurdiev. 1.3.16 2005-10-14 * Removed obsolete include/semanage/commit_api.h (leftover). Merged seuser record patch from Ivan Gyurdiev. 1.3.15 2005-10-14 * Merged boolean and interface databases from Ivan Gyurdiev. 1.3.14 2005-10-13 * Updated to use get interfaces for hidden sepol_module_package type. 1.3.13 2005-10-13 * Changed semanage_expand_sandbox and semanage_install_active to generate/install the latest policy version supported by libsepol by default (unless overridden by semanage.conf), since libselinux will now downgrade automatically for load_policy. 1.3.12 2005-10-13 * Merged new callback-based error reporting system and ongoing database work from Ivan Gyurdiev. 1.3.11 2005-10-11 * Fixed semanage_install_active() to use the same logic for selecting a policy version as semanage_expand_sandbox(). Dropped dead code from semanage_install_sandbox(). 1.3.10 2005-10-07 * Updated for changes to libsepol, and to only use types and interfaces provided by the shared libsepol. 1.3.9 2005-10-06 * Merged further database work from Ivan Gyurdiev. 1.3.8 2005-10-04 * Merged iterate, redistribute, and dbase split patches from Ivan Gyurdiev. 1.3.7 2005-09-30 * Merged patch series from Ivan Gyurdiev. (pointer typedef elimination, file renames, dbase work, backend separation) 1.3.6 2005-09-28 * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. * Separated handle create from connect interface. * Added a constructor for initialization. * Moved up src/include/*.h to src. * Created a symbol map file; dropped dso.h and hidden markings. 1.3.5 2005-09-28 * Merged major update to libsemanage organization and functionality from Karl MacMillan (Tresys). 1.3.4 2005-09-23 * Merged dbase redesign patch from Ivan Gyurdiev. 1.3.3 2005-09-21 * Merged boolean record, stub record handler, and status codes patches from Ivan Gyurdiev. 1.3.2 2005-09-16 * Merged stub iterator functionality from Ivan Gyurdiev. * Merged interface record patch from Ivan Gyurdiev. 1.3.1 2005-09-14 * Merged stub functionality for managing user and port records, and record table code from Ivan Gyurdiev. 1.2 2005-09-06 * Updated version for release. 1.1.6 2005-08-31 * Merged semod.conf template patch from Dan Walsh (Red Hat), but restored location to /usr/share/semod/semod.conf. 1.1.5 2005-08-30 * Fixed several bugs found by valgrind. * Fixed bug in prior patch for the semod_build_module_list leak. 1.1.4 2005-08-25 * Merged errno fix from Joshua Brindle (Tresys). * Merged fix for semod_build_modules_list leak on error path from Serge Hallyn (IBM). Bug found by Coverity. 1.1.3 2005-08-22 * Merged several fixes from Serge Hallyn (IBM). Bugs found by Coverity. * Fixed several other bugs and warnings. 1.1.2 2005-08-02 * Merged patch to move module read/write code from libsemanage to libsepol from Jason Tang (Tresys). 1.1.1 2005-08-02 * Merged relay records patch from Ivan Gyurdiev. * Merged key extract patch from Ivan Gyurdiev. 1.0 2005-07-27 * Initial version.