44121f6624
Bump checkpolicy to 2.1.0 Bump libselinux to 2.1.0 Bump libsepol to 2.1.0 Bump libsemanage to 2.1.0 Bump policycoreutils to 2.1.0 Bump sepolgen to 1.1.0
959 lines
32 KiB
Text
959 lines
32 KiB
Text
2.1.0 2011-07-27
|
|
* Release, minor version bump
|
|
|
|
2.0.102 2011-04-11
|
|
* Give correct names to mount points in load_policy by Dan Walsh.
|
|
* Make sure selinux state is reported correctly if selinux is disabled or
|
|
fails to load by Dan Walsh.
|
|
* Fix crash if selinux_key_create was never called by Dan Walsh.
|
|
* Add new file_context.subs_dist for distro specific filecon substitutions
|
|
by Dan Walsh.
|
|
* Update man pages for selinux_color_* functions by Richard Haines.
|
|
|
|
2.0.101 2011-03-23
|
|
* db_language object class support for selabel_lookup from KaiGai
|
|
Kohei.
|
|
|
|
2.0.100 2011-03-09
|
|
* Library destructors for thread local storage keys from Eamon Walsh.
|
|
|
|
2.0.99 2011-03-01
|
|
* SELinux man page fixes from Dan Walsh.
|
|
* selinux_status interfaces from KaiGai Kohei.
|
|
|
|
2.0.98 2010-12-16
|
|
* Turn off default user handling when computing user contexts by Dan Walsh
|
|
|
|
2.0.97 2010-12-02
|
|
* Thread local storage fixes from Eamon Walsh.
|
|
|
|
2.0.96 2010-06-14
|
|
* Add const qualifiers to public API where appropriate by KaiGai Kohei.
|
|
|
|
2.0.95 2010-06-10
|
|
* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers
|
|
* Adds a chcon method to the libselinux python bindings from Steve Lawrence
|
|
|
|
2.0.94 2010-03-24
|
|
* Set errno=EINVAL for invalid contexts from Dan Walsh.
|
|
|
|
2.0.93 2010-03-15
|
|
* Show strerror for security_getenforce() by Colin Walters.
|
|
* Merged selabel database support by KaiGai Kohei.
|
|
* Modify netlink socket blocking code by KaiGai Kohei.
|
|
|
|
2.0.92 2010-03-06
|
|
* Fix from Eric Paris to fix leak on non-selinux systems.
|
|
* regenerate swig wrappers
|
|
* pkgconfig fix to respect LIBDIR from Dan Walsh.
|
|
|
|
2.0.91 2010-02-22
|
|
* Change the AVC to only audit the permissions specified by the
|
|
policy, excluding any permissions specified via dontaudit or not
|
|
specified via auditallow.
|
|
* Fix compilation of label_file.c with latest glibc headers.
|
|
|
|
2.0.90 2009-11-27
|
|
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
|
|
* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org>
|
|
|
|
2.0.89 2009-10-29
|
|
* Add pkgconfig file from Eamon Walsh.
|
|
|
|
2.0.88 2009-10-22
|
|
* Rename and export selinux_reset_config()
|
|
|
|
2.0.87 2009-09-25
|
|
* Add exception handling in libselinux from Dan Walsh. This uses a
|
|
shell script called exception.sh to generate a swig interface file.
|
|
* make swigify
|
|
* Make matchpathcon print <<none>> if path not found in fcontext file.
|
|
|
|
2.0.86 2009-09-02
|
|
* Removal of reference counting on userspace AVC SID's.
|
|
|
|
2.0.85 2009-07-14
|
|
* Reverted Tomas Mraz's fix for freeing thread local storage to avoid
|
|
pthread dependency.
|
|
* Removed fini_context_translations() altogether.
|
|
* Merged lazy init patch from Stephen Smalley based on original patch
|
|
by Steve Grubb.
|
|
|
|
2.0.84 2009-07-07
|
|
* Add per-service seuser support from Dan Walsh.
|
|
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.
|
|
|
|
2.0.83 2009-07-07
|
|
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
|
|
Paris.
|
|
|
|
2.0.82 2009-06-19
|
|
* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>.
|
|
* Label substitution support from Dan Walsh.
|
|
* Support for labeling virtual machine images from Dan Walsh.
|
|
|
|
2.0.81 2009-05-15
|
|
* Trim / from the end of input paths to matchpathcon from Dan Walsh.
|
|
* Fix leak in process_line in label_file.c from Hiroshi Shinji.
|
|
* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.
|
|
* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.
|
|
|
|
2.0.80 2009-04-07
|
|
* deny_unknown wrapper function from KaiGai Kohei.
|
|
* security_compute_av_flags API from KaiGai Kohei.
|
|
* Netlink socket management and callbacks from KaiGai Kohei.
|
|
|
|
2.0.79 2009-03-11
|
|
* Netlink socket handoff patch from Adam Jackson.
|
|
* AVC caching of compute_create results by Eric Paris.
|
|
|
|
2.0.78 2009-02-27
|
|
* Fix incorrect conversion in discover_class code.
|
|
|
|
2.0.77 2009-01-12
|
|
* add restorecon to python bindings from Dan Walsh.
|
|
|
|
2.0.76 2009-01-08
|
|
* Client support for translating raw contexts to colors via setrans.
|
|
|
|
2.0.75 2008-11-18
|
|
* Allow shell-style wildcards in x_contexts file.
|
|
|
|
2.0.74 2008-11-03
|
|
* Correct message types in AVC log messages.
|
|
|
|
2.0.73 2008-10-14
|
|
* Make matchpathcon -V pass mode from Dan Walsh.
|
|
* Add man page for selinux_file_context_cmp from Dan Walsh.
|
|
|
|
2.0.72 2008-09-29
|
|
* New man pages from Dan Walsh.
|
|
* Update flask headers from refpolicy trunk from Dan Walsh.
|
|
|
|
2.0.71 2008-08-05
|
|
* Add group support to seusers using %groupname syntax from Dan Walsh.
|
|
* Mark setrans socket close-on-exec from Stephen Smalley.
|
|
* Only apply nodups checking to base file contexts from Stephen Smalley.
|
|
|
|
2.0.70 2008-07-30
|
|
* Merge ruby bindings from Dan Walsh.
|
|
|
|
2.0.69 2008-07-29
|
|
* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
|
|
This prevents adding them via semanage.
|
|
|
|
2.0.68 2008-07-18
|
|
* Fix audit2why shadowed variables from Stephen Smalley.
|
|
* Note that freecon NULL is legal in man page from Karel Zak.
|
|
|
|
2.0.67 2008-06-13
|
|
* New and revised AVC, label, and mapping man pages from Eamon Walsh.
|
|
|
|
2.0.66 2008-06-11
|
|
* Add swig python bindings for avc interfaces from Dan Walsh.
|
|
|
|
2.0.65 2008-05-27
|
|
* Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
|
|
* Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
|
|
|
|
2.0.64 2008-04-21
|
|
* Fixed selinux_set_callback man page.
|
|
|
|
2.0.63 2008-04-18
|
|
* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
|
|
|
|
2.0.62 2008-04-18
|
|
* Fix memory leaks in matchpathcon from Eamon Walsh.
|
|
|
|
2.0.61 2008-03-31
|
|
* Man page typo fix from Jim Meyering.
|
|
|
|
2.0.60 2008-03-20
|
|
* Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
|
|
|
|
2.0.59 2008-02-29
|
|
* Merged new X label "poly_selection" namespace from Eamon Walsh.
|
|
|
|
2.0.58 2008-02-28
|
|
* Merged reset_selinux_config() for load policy from Dan Walsh.
|
|
|
|
2.0.57 2008-02-25
|
|
* Merged avc_has_perm() errno fix from Eamon Walsh.
|
|
|
|
2.0.56 2008-02-21
|
|
* Regenerated Flask headers from refpolicy flask definitions.
|
|
|
|
2.0.55 2008-02-08
|
|
* Merged compute_member AVC function and manpages from Eamon Walsh.
|
|
|
|
2.0.54 2008-02-08
|
|
* Provide more error reporting on load policy failures from Stephen Smalley.
|
|
|
|
2.0.53 2008-02-07
|
|
* Merged new X label "poly_prop" namespace from Eamon Walsh.
|
|
|
|
2.0.52 2008-02-06
|
|
* Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.
|
|
|
|
2.0.51 2008-02-05
|
|
* Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.
|
|
|
|
2.0.50 2008-01-28
|
|
* Merged fix for audit2why from Dan Walsh.
|
|
|
|
2.0.49 2008-01-23
|
|
* Merged audit2why python binding from Dan Walsh.
|
|
|
|
2.0.48 2008-01-23
|
|
* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
|
|
|
|
2.0.47 2007-12-21
|
|
* Fix for the avc: granted null message bug from Stephen Smalley.
|
|
|
|
2.0.46 2007-12-07
|
|
* matchpathcon(8) man page update from Dan Walsh.
|
|
|
|
2.0.45 2007-11-20
|
|
* dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
|
|
|
|
2.0.44 2007-11-20
|
|
* Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.
|
|
A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.
|
|
|
|
2.0.43 2007-11-15
|
|
* Regenerated Flask headers from policy.
|
|
|
|
2.0.42 2007-11-08
|
|
* AVC enforcing mode override patch from Eamon Walsh.
|
|
|
|
2.0.41 2007-11-06
|
|
* Aligned attributes in AVC netlink code from Eamon Walsh.
|
|
|
|
2.0.40 2007-11-01
|
|
* Merged refactored AVC netlink code from Eamon Walsh.
|
|
|
|
2.0.39 2007-10-19
|
|
* Merged new X label namespaces from Eamon Walsh.
|
|
|
|
2.0.38 2007-10-15
|
|
* Bux fix and minor refactoring in string representation code.
|
|
|
|
2.0.37 2007-10-05
|
|
* Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
|
|
|
|
2.0.36 2007-09-27
|
|
* Fix segfault resulting from missing file_contexts file.
|
|
|
|
2.0.35 2007-09-24
|
|
* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
|
|
* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
|
|
|
|
2.0.34 2007-09-18
|
|
* Fix selabel option flag setting for 64-bit from Stephen Smalley.
|
|
|
|
2.0.33 2007-09-12
|
|
* Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
|
|
* Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
|
|
|
|
2.0.32 2007-09-10
|
|
* Fix swig binding for rpm_execcon from James Athey.
|
|
|
|
2.0.31 2007-08-23
|
|
* Fix file_contexts.homedirs path from Todd Miller.
|
|
|
|
2.0.30 2007-08-06
|
|
* Fix segfault resulting from uninitialized print-callback pointer.
|
|
|
|
2.0.29 2007-08-02
|
|
* Added x_contexts path function patch from Eamon Walsh.
|
|
|
|
2.0.28 2007-08-01
|
|
* Fix build for EMBEDDED=y from Yuichi Nakamura.
|
|
|
|
2.0.27 2007-07-25
|
|
* Fix markup problems in selinux man pages from Dan Walsh.
|
|
|
|
2.0.26 2007-07-23
|
|
* Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
|
|
* Added swigify to top-level Makefile from Dan Walsh.
|
|
|
|
2.0.25 2007-07-23
|
|
* Fix for string_to_security_class segfault on x86_64 from Stephen
|
|
Smalley.
|
|
|
|
2.0.24 2007-09-07
|
|
* Fix for getfilecon() for zero-length contexts from Stephen Smalley.
|
|
|
|
2.0.23 2007-06-22
|
|
* Refactored SWIG bindings from James Athey.
|
|
|
|
2.0.22 2007-06-20
|
|
* Labeling and callback interface patches from Eamon Walsh.
|
|
|
|
2.0.21 2007-06-11
|
|
* Class and permission mapping support patches from Eamon Walsh.
|
|
|
|
2.0.20 2007-06-07
|
|
* Object class discovery support patches from Chris PeBenito.
|
|
|
|
2.0.19 2007-06-05
|
|
* Refactoring and errno support in string representation code.
|
|
|
|
2.0.18 2007-05-31
|
|
* Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
|
|
This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.
|
|
|
|
2.0.17 2007-05-31
|
|
* Updated Lindent script and reindented two header files.
|
|
|
|
2.0.16 2007-05-09
|
|
* Merged additional swig python bindings from Dan Walsh.
|
|
|
|
2.0.15 2007-04-27
|
|
* Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
|
|
|
|
2.0.14 2007-04-24
|
|
* Merged build fix for avc_internal.c from Joshua Brindle.
|
|
|
|
2.0.13 2007-04-12
|
|
* Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.
|
|
|
|
2.0.12 2007-04-09
|
|
* Merged support for getting initial contexts from James Carter.
|
|
|
|
2.0.11 2007-04-05
|
|
* Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.
|
|
|
|
|
|
2.0.10 2007-04-05
|
|
* Merged sidput(NULL) patch from Eamon Walsh.
|
|
|
|
2.0.9 2007-03-30
|
|
* Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.
|
|
|
|
2.0.8 2007-03-20
|
|
* Merged fix for avc.h #include's from Eamon Walsh.
|
|
|
|
2.0.7 2007-03-12
|
|
* Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
|
|
|
|
2.0.6 2007-03-12
|
|
* Merged patch to drop support for old /etc/sysconfig/selinux and
|
|
/etc/security policy file layout from Steve Grubb.
|
|
|
|
2.0.5 2007-02-27
|
|
* Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.
|
|
|
|
2.0.4 2007-02-23
|
|
* Removed sending of setrans init message.
|
|
|
|
2.0.3 2007-02-22
|
|
* Merged matchpathcon memory leak fix from Steve Grubb.
|
|
|
|
2.0.2 2007-02-21
|
|
* Merged more swig initializers from Dan Walsh.
|
|
|
|
2.0.1 2007-02-20
|
|
* Merged patch from Todd Miller to convert int types over to C99 style.
|
|
|
|
2.0.0 2007-02-01
|
|
* Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
|
|
of the use of the non-standard format %as. (original patch changed
|
|
for style).
|
|
* Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
|
|
|
|
1.34.1 2007-01-26
|
|
* Merged python binding fixes from Dan Walsh.
|
|
|
|
1.34.0 2007-01-18
|
|
* Updated version for stable branch.
|
|
|
|
1.33.6 2007-01-17
|
|
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
|
|
|
|
1.33.5 2007-01-16
|
|
* Merged getdefaultcon utility from Dan Walsh.
|
|
|
|
1.33.4 2007-01-11
|
|
* Merged selinux_check_securetty_context() and support from Dan Walsh.
|
|
|
|
1.33.3 2007-01-04
|
|
* Merged patch for matchpathcon utility to use file mode information
|
|
when available from Dan Walsh.
|
|
|
|
1.33.2 2006-11-27
|
|
* Merged patch to compile with -fPIC instead of -fpic from
|
|
Manoj Srivastava to prevent hitting the global offset table
|
|
limit. Patch changed to include libsepol and libsemanage in
|
|
addition to libselinux.
|
|
|
|
1.33.1 2006-10-19
|
|
* Merged updated flask definitions from Darrel Goeddel.
|
|
This adds the context security class, and also adds
|
|
the string definitions for setsockcreate and polmatch.
|
|
|
|
1.32 2006-10-17
|
|
* Updated version for release.
|
|
|
|
1.30.30 2006-10-05
|
|
* Merged patch from Darrel Goeddel to always use untranslated
|
|
contexts in the userspace AVC.
|
|
|
|
1.30.29 2006-09-29
|
|
* Merged av_permissions.h update from Steve Grubb,
|
|
adding setsockcreate and polmatch definitions.
|
|
|
|
1.30.28 2006-09-13
|
|
* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
|
|
* Merged c++ class identifier fix from Joe Nall.
|
|
|
|
1.30.27 2006-08-24
|
|
* Merged patch to not log avc stats upon a reset from Steve Grubb.
|
|
* Applied patch to revert compat_net setting upon policy load.
|
|
|
|
1.30.26 2006-08-11
|
|
* Merged file context homedir and local path functions from
|
|
Chris PeBenito.
|
|
|
|
1.30.25 2006-08-11
|
|
* Rework functions that access /proc/pid/attr to access the
|
|
per-thread nodes, and unify the code to simplify maintenance.
|
|
|
|
1.30.24 2006-08-10
|
|
* Merged return value fix for *getfilecon() from Dan Walsh.
|
|
|
|
1.30.23 2006-08-10
|
|
* Merged sockcreate interfaces from Eric Paris.
|
|
|
|
1.30.22 2006-08-03
|
|
* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
|
|
|
|
1.30.21 2006-08-03
|
|
* Merged netfilter_contexts support patch from Chris PeBenito.
|
|
|
|
1.30.20 2006-08-01
|
|
* Merged context_*_set errno patch from Jim Meyering.
|
|
|
|
1.30.19 2006-06-29
|
|
* Lindent.
|
|
|
|
1.30.18 2006-06-27
|
|
* Merged {get,set}procattrcon patch set from Eric Paris.
|
|
* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
|
|
|
|
1.30.17 2006-06-27
|
|
* Regenerated Flask headers from refpolicy.
|
|
|
|
1.30.16 2006-06-26
|
|
* Merged patch from Dan Walsh with:
|
|
- Added selinux_file_context_{cmp,verify}.
|
|
- Added selinux_lsetfilecon_default.
|
|
- Delay translation of contexts in matchpathcon.
|
|
|
|
1.30.15 2006-06-16
|
|
* Merged patch from Dan Walsh with:
|
|
* Added selinux_getpolicytype() function.
|
|
* Modified setrans code to skip processing if !mls_enabled.
|
|
|
|
1.30.14 2006-06-16
|
|
* Set errno in the !selinux_mnt case.
|
|
|
|
1.30.13 2006-06-02
|
|
* Allocate large buffers from the heap, not on stack.
|
|
Affects is_context_customizable, selinux_init_load_policy,
|
|
and selinux_getenforcemode.
|
|
|
|
1.30.12 2006-06-02
|
|
* Merged !selinux_mnt checks from Ian Kent.
|
|
|
|
1.30.11 2006-05-24
|
|
* Merged matchmediacon and trans_to_raw_context fixes from
|
|
Serge Hallyn.
|
|
|
|
1.30.10 2006-05-22
|
|
* Merged simple setrans client cache from Dan Walsh.
|
|
Merged avcstat patch from Russell Coker.
|
|
|
|
1.30.9 2006-05-22
|
|
* Modified selinux_mkload_policy() to also set /selinux/compat_net
|
|
appropriately for the loaded policy.
|
|
|
|
1.30.8 2006-05-17
|
|
* Added matchpathcon_fini() function to free memory allocated by
|
|
matchpathcon_init().
|
|
|
|
1.30.7 2006-05-16
|
|
* Merged setrans client cleanup patch from Steve Grubb.
|
|
|
|
1.30.6 2006-05-08
|
|
* Merged getfscreatecon man page fix from Dan Walsh.
|
|
* Updated booleans(8) man page to drop references to the old
|
|
booleans file and to note that setsebool can be used to set
|
|
the boot-time defaults via -P.
|
|
|
|
1.30.5 2006-05-05
|
|
* Merged fix warnings patch from Karl MacMillan.
|
|
|
|
1.30.4 2006-05-05
|
|
* Merged setrans client support from Dan Walsh.
|
|
This removes use of libsetrans.
|
|
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
|
|
* Merged swig typemap fixes from Glauber de Oliveira Costa.
|
|
|
|
1.30.3 2006-04-12
|
|
* Added distclean target to Makefile.
|
|
* Regenerated swig files.
|
|
|
|
1.30.2 2006-04-11
|
|
* Changed matchpathcon_init to verify that the spec file is
|
|
a regular file.
|
|
* Merged python binding t_output_helper removal patch from Dan Walsh.
|
|
|
|
1.30.1 2006-03-20
|
|
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
|
|
|
|
1.30 2006-03-14
|
|
* Updated version for release.
|
|
|
|
1.29.8 2006-02-27
|
|
* Altered rpm_execcon fallback logic for permissive mode to also
|
|
handle case where /selinux/enforce is not available.
|
|
|
|
1.29.7 2006-01-20
|
|
* Merged install-pywrap Makefile patch from Joshua Brindle.
|
|
|
|
1.29.6 2006-01-18
|
|
* Merged pywrap Makefile patch from Dan Walsh.
|
|
|
|
1.29.5 2006-01-11
|
|
* Added getseuser test program.
|
|
|
|
1.29.4 2006-01-06
|
|
* Added format attribute to myprintf in matchpathcon.c and
|
|
removed obsoleted rootlen variable in init_selinux_config().
|
|
|
|
1.29.3 2006-01-04
|
|
* Merged several fixes and improvements from Ulrich Drepper
|
|
(Red Hat), including:
|
|
- corrected use of getline
|
|
- further calls to __fsetlocking for local files
|
|
- use of strdupa and asprintf
|
|
- proper handling of dirent in booleans code
|
|
- use of -z relro
|
|
- several other optimizations
|
|
* Merged getpidcon python wrapper from Dan Walsh (Red Hat).
|
|
|
|
1.29.2 2005-12-14
|
|
* Merged call to finish_context_translations from Dan Walsh.
|
|
This eliminates a memory leak from failing to release memory
|
|
allocated by libsetrans.
|
|
|
|
1.29.1 2005-12-08
|
|
* Merged patch for swig interfaces from Dan Walsh.
|
|
|
|
1.28 2005-12-07
|
|
* Updated version for release.
|
|
|
|
1.27.28 2005-12-01
|
|
* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
|
|
modified matchpathcon implementation to make context validation/
|
|
canonicalization optional at matchpathcon_init time, deferring it
|
|
to a successful matchpathcon by default unless the new flag is set
|
|
by the caller.
|
|
|
|
1.27.27 2005-12-01
|
|
* Added matchpathcon_init_prefix() interface, and
|
|
reworked matchpathcon implementation to support selective
|
|
loading of file contexts entries based on prefix matching
|
|
between the pathname regex stems and the specified path
|
|
prefix (stem must be a prefix of the specified path prefix).
|
|
|
|
1.27.26 2005-11-29
|
|
* Merged getsebool patch from Dan Walsh.
|
|
|
|
1.27.25 2005-11-29
|
|
* Added -f file_contexts option to matchpathcon util.
|
|
Fixed warning message in matchpathcon_init().
|
|
|
|
1.27.24 2005-11-29
|
|
* Merged Makefile python definitions patch from Dan Walsh.
|
|
|
|
1.27.23 2005-11-28
|
|
* Merged swigify patch from Dan Walsh.
|
|
|
|
1.27.22 2005-11-15
|
|
* Merged make failure in rpm_execcon non-fatal in permissive mode
|
|
patch from Ivan Gyurdiev.
|
|
|
|
1.27.21 2005-11-08
|
|
* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
|
|
and modified matchpathcon_init() to skip context translation
|
|
if it is set by the caller.
|
|
|
|
1.27.20 2005-11-07
|
|
* Added security_canonicalize_context() interface and
|
|
set_matchpathcon_canoncon() interface for obtaining
|
|
canonical contexts. Changed matchpathcon internals
|
|
to obtain canonical contexts by default. Provided
|
|
fallback for kernels that lack extended selinuxfs context
|
|
interface.
|
|
|
|
1.27.19 2005-11-04
|
|
* Merged seusers parser changes from Ivan Gyurdiev.
|
|
* Merged setsebool to libsemanage patch from Ivan Gyurdiev.
|
|
* Changed seusers parser to reject empty fields.
|
|
|
|
1.27.18 2005-11-03
|
|
* Merged seusers empty level handling patch from Jonathan Kim (TCS).
|
|
|
|
1.27.17 2005-10-27
|
|
* Changed default entry for seusers to use __default__ to avoid
|
|
ambiguity with users named "default".
|
|
|
|
1.27.16 2005-10-27
|
|
* Fixed init_selinux_config() handling of missing /etc/selinux/config
|
|
or missing SELINUXTYPE= definition.
|
|
* Merged selinux_translations_path() patch from Dan Walsh.
|
|
|
|
1.27.15 2005-10-25
|
|
* Added hidden_proto/def for get_default_context_with_role.
|
|
|
|
1.27.14 2005-10-25
|
|
* Merged selinux_path() and selinux_homedir_context_path()
|
|
functions from Joshua Brindle.
|
|
|
|
1.27.13 2005-10-19
|
|
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
|
1.27.12 2005-10-18
|
|
* Merged get_default_context_with_rolelevel and man pages from
|
|
Dan Walsh (Red Hat).
|
|
|
|
1.27.11 2005-10-18
|
|
* Updated call to sepol_policydb_to_image for sepol changes.
|
|
|
|
1.27.10 2005-10-17
|
|
* Changed getseuserbyname to ignore empty lines and to handle
|
|
no matching entry in the same manner as no seusers file.
|
|
|
|
1.27.9 2005-10-13
|
|
* Changed selinux_mkload_policy to try downgrading the
|
|
latest policy version available to the kernel-supported version.
|
|
|
|
1.27.8 2005-10-11
|
|
* Changed selinux_mkload_policy to fall back to the maximum
|
|
policy version supported by libsepol if the kernel policy version
|
|
falls outside of the supported range.
|
|
|
|
1.27.7 2005-10-06
|
|
* Changed getseuserbyname to fall back to the Linux username and
|
|
NULL level if seusers config file doesn't exist unless
|
|
REQUIRESEUSERS=1 is set in /etc/selinux/config.
|
|
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
|
|
|
|
1.27.6 2005-10-06
|
|
* Added selinux_init_load_policy() function as an even higher level
|
|
interface for the initial policy load by /sbin/init. This obsoletes
|
|
the load_policy() function in the sysvinit-selinux.patch.
|
|
|
|
1.27.5 2005-10-06
|
|
* Added selinux_mkload_policy() function as a higher level interface
|
|
for loading policy than the security_load_policy() interface.
|
|
|
|
1.27.4 2005-10-05
|
|
* Merged fix for matchpathcon (regcomp error checking) from Johan
|
|
Fischer. Also added use of regerror to obtain the error string
|
|
for inclusion in the error message.
|
|
|
|
1.27.3 2005-10-03
|
|
* Changed getseuserbyname to not require (and ignore if present)
|
|
the MLS level in seusers.conf if MLS is disabled, setting *level
|
|
to NULL in this case.
|
|
|
|
1.27.2 2005-09-30
|
|
* Merged getseuserbyname patch from Dan Walsh.
|
|
|
|
1.27.1 2005-09-19
|
|
* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
|
|
This allows file_contexts with MLS fields to be processed on
|
|
non-MLS-enabled systems with policies that are otherwise
|
|
identical (e.g. same type definitions).
|
|
* Merged get_ordered_context_list_with_level() function from
|
|
Dan Walsh, and added get_default_context_with_level().
|
|
This allows MLS level selection for users other than the
|
|
default level.
|
|
|
|
1.26 2005-09-06
|
|
* Updated version for release.
|
|
|
|
1.25.7 2005-09-01
|
|
* Merged modified form of patch to avoid dlopen/dlclose by
|
|
the static libselinux from Dan Walsh. Users of the static libselinux
|
|
will not have any context translation by default.
|
|
|
|
1.25.6 2005-08-31
|
|
* Added public functions to export context translation to
|
|
users of libselinux (selinux_trans_to_raw_context,
|
|
selinux_raw_to_trans_context).
|
|
|
|
1.25.5 2005-08-26
|
|
* Remove special definition for context_range_set; use
|
|
common code.
|
|
|
|
1.25.4 2005-08-25
|
|
* Hid translation-related symbols entirely and ensured that
|
|
raw functions have hidden definitions for internal use.
|
|
* Allowed setting NULL via context_set* functions.
|
|
* Allowed whitespace in MLS component of context.
|
|
* Changed rpm_execcon to use translated functions to workaround
|
|
lack of MLS level on upgraded systems.
|
|
|
|
1.25.3 2005-08-23
|
|
* Merged context translation patch, originally by TCS,
|
|
with modifications by Dan Walsh (Red Hat).
|
|
|
|
1.25.2 2005-08-11
|
|
* Merged several fixes for error handling paths in the
|
|
AVC sidtab, matchpathcon, booleans, context, and get_context_list
|
|
code from Serge Hallyn (IBM). Bugs found by Coverity.
|
|
|
|
1.25.1 2005-08-10
|
|
* Removed setupns; migrated to pam.
|
|
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
|
|
Original symbol is temporarily retained for compatibility until
|
|
all callers are updated.
|
|
|
|
1.24 2005-06-20
|
|
* Updated version for release.
|
|
|
|
1.23.12 2005-06-13
|
|
* Merged security_setupns() from Chad Sellers.
|
|
|
|
1.23.11 2005-05-19
|
|
* Merged avcstat and selinux man page from Dan Walsh.
|
|
* Changed security_load_booleans to process booleans.local
|
|
even if booleans file doesn't exist.
|
|
|
|
1.23.10 2005-04-29
|
|
* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
|
|
|
|
1.23.9 2005-04-26
|
|
* Rewrote get_ordered_context_list and helpers, including
|
|
changing logic to allow variable MLS fields.
|
|
|
|
1.23.8 2005-04-25
|
|
* Merged matchpathcon and man page patch from Dan Walsh.
|
|
|
|
1.23.7 2005-04-12
|
|
* Changed boolean functions to return -1 with errno ENOENT
|
|
rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
|
|
mounted).
|
|
|
|
1.23.6 2005-04-08
|
|
* Fixed bug in matchpathcon_filespec_destroy.
|
|
|
|
1.23.5 2005-04-05
|
|
* Fixed bug in rpm_execcon error handling path.
|
|
|
|
1.23.4 2005-04-04
|
|
* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
|
|
* Merged fix for getconlist utility from Andreas Steinmetz.
|
|
|
|
1.23.3 2005-03-29
|
|
* Merged security_set_boolean_list patch from Dan Walsh.
|
|
This introduces booleans.local support for setsebool.
|
|
|
|
1.23.2 2005-03-17
|
|
* Merged destructors patch from Tomas Mraz.
|
|
|
|
1.23.1 2005-03-16
|
|
* Added set_matchpathcon_flags() function for setting flags
|
|
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
|
|
means only process the base file_contexts file, not
|
|
file_contexts.homedirs or file_contexts.local, and is for use by
|
|
setfiles -c.
|
|
* Updated matchpathcon.3 man page.
|
|
|
|
1.22 2005-03-09
|
|
* Updated version for release.
|
|
|
|
1.21.13 2005-03-08
|
|
* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
|
|
|
|
1.21.12 2005-03-01
|
|
* Changed matchpathcon_common to ignore any non-format bits in the mode.
|
|
|
|
1.21.11 2005-02-22
|
|
* Merged several fixes from Ulrich Drepper.
|
|
|
|
1.21.10 2005-02-17
|
|
* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
|
|
* Added selinux_users_path() for path to directory containing
|
|
system.users and local.users.
|
|
|
|
1.21.9 2005-02-09
|
|
* Changed relabel Makefile target to use restorecon.
|
|
|
|
1.21.8 2005-02-07
|
|
* Regenerated av_permissions.h.
|
|
|
|
1.21.7 2005-02-01
|
|
* Modified avc_dump_av to explicitly check for any permissions that
|
|
cannot be mapped to string names and display them as a hex value.
|
|
|
|
1.21.6 2005-01-31
|
|
* Regenerated av_permissions.h.
|
|
|
|
1.21.5 2005-01-28
|
|
* Generalized matchpathcon internals, exported more interfaces,
|
|
and moved additional code from setfiles into libselinux so that
|
|
setfiles can directly use matchpathcon.
|
|
|
|
1.21.4 2005-01-27
|
|
* Prevent overflow of spec array in matchpathcon.
|
|
|
|
1.21.3 2005-01-26
|
|
* Fixed several uses of internal functions to avoid relocations.
|
|
* Changed rpm_execcon to check is_selinux_enabled() and fallback to
|
|
a regular execve if not enabled (or unable to determine due to a lack
|
|
of /proc, e.g. chroot'd environment).
|
|
|
|
|
|
1.21.2 2005-01-24
|
|
* Merged minor fix for avcstat from Dan Walsh.
|
|
|
|
1.21.1 2005-01-19
|
|
* Merged patch from Dan Walsh, including:
|
|
- new is_context_customizable function
|
|
- changed matchpathcon to also use file_contexts.local if present
|
|
- man page cleanups
|
|
|
|
1.20 2005-01-04
|
|
* Changed matchpathcon to return -1 with errno ENOENT for
|
|
<<none>> entries, and also for an empty file_contexts configuration.
|
|
* Removed some trivial utils that were not useful or redundant.
|
|
* Changed BINDIR default to /usr/sbin to match change in Fedora.
|
|
* Added security_compute_member.
|
|
* Added man page for setcon.
|
|
* Merged more man pages from Dan Walsh.
|
|
* Merged avcstat from James Morris.
|
|
* Merged build fix for mips from Manoj Srivastava.
|
|
* Merged C++ support from John Ramsdell of MITRE.
|
|
* Merged setcon() function from Darrel Goeddel of TCS.
|
|
* Merged setsebool/togglesebool enhancement from Steve Grubb.
|
|
* Merged cleanup patches from Steve Grubb.
|
|
|
|
1.18 2004-11-01
|
|
* Merged cleanup patches from Steve Grubb.
|
|
* Added rpm_execcon.
|
|
* Merged setenforce and removable context patch from Dan Walsh.
|
|
* Merged build fix for alpha from Ulrich Drepper.
|
|
* Removed copyright/license from selinux_netlink.h - definitions only.
|
|
* Merged matchmediacon from Dan Walsh.
|
|
* Regenerated headers for new nscd permissions.
|
|
* Added get_default_context_with_role.
|
|
* Added set_matchpathcon_printf.
|
|
* Reworked av_inherit.h to allow easier re-use by kernel.
|
|
* Changed avc_has_perm_noaudit to not fail on netlink errors.
|
|
* Changed avc netlink code to check pid based on patch by Steve Grubb.
|
|
* Merged second optimization patch from Ulrich Drepper.
|
|
* Changed matchpathcon to skip invalid file_contexts entries.
|
|
* Made string tables private to libselinux.
|
|
* Merged strcat->stpcpy patch from Ulrich Drepper.
|
|
* Merged matchpathcon man page from Dan Walsh.
|
|
* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
|
|
* Autobind netlink socket.
|
|
* Dropped compatibility code from security_compute_user.
|
|
* Merged fix for context_range_set from Chad Hanson.
|
|
* Merged allocation failure checking patch from Chad Hanson.
|
|
* Merged avc netlink error message patch from Colin Walters.
|
|
|
|
1.16 2004-08-19
|
|
* Regenerated headers for nscd class.
|
|
* Merged man pages from Dan Walsh.
|
|
* Merged context_new bug fix for MLS ranges from Chad Hanson.
|
|
* Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
|
|
* Renamed change_bool and show_bools to setsebool and getsebool.
|
|
* Merged security_load_booleans() function from Dan Walsh.
|
|
* Added selinux_booleans_path() function.
|
|
* Changed avc_init function prototype to use const.
|
|
* Regenerated headers for crontab permission.
|
|
* Added checkAccess from Dan Walsh.
|
|
* Merged getenforce patch from Dan Walsh.
|
|
* Regenerated headers for dbus classes.
|
|
|
|
1.14 2004-06-16
|
|
* Regenerated headers for fine-grained netlink classes.
|
|
* Merged selinux_config bug fix from Dan Walsh.
|
|
* Added userspace AVC man pages.
|
|
* Added man links for API calls to existing man pages documenting them.
|
|
* Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
|
|
* Merged patch to determine config file paths at runtime to support
|
|
reorganized layout.
|
|
* Regenerated flask headers with stable ordering.
|
|
* Merged patch for man pages from Russell Coker.
|
|
|
|
1.12 2004-05-10
|
|
* Updated flask files to include new SE-X security classes.
|
|
* Added security_disable function for runtime disable of SELinux prior
|
|
to initial policy load (for /sbin/init).
|
|
* Changed get_ordered_context_list to omit any reachable contexts
|
|
that are not explicitly listed in default_contexts, unless there
|
|
are no matches.
|
|
* Merged man pages from Russell Coker and Dan Walsh.
|
|
* Merged memory leak fixes from Dan Walsh.
|
|
* Merged policyvers errno patch from Chris PeBenito.
|
|
|
|
1.10 2004-04-05
|
|
* Merged getenforce patch from Dan Walsh.
|
|
* Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
|
|
the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
|
|
Based on a patch by Russell Coker.
|
|
* Merged matchpathcon buffer size fix from Dan Walsh.
|
|
|
|
1.8 2004-03-09
|
|
* Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
|
|
* Added matchpathcon function.
|
|
* Updated userspace AVC to handle netlink selinux notifications.
|
|
|
|
1.6 2004-02-18
|
|
* Merged conditional policy extensions from Tresys Technology.
|
|
* Added userspace avc and SID table implementation.
|
|
* Fixed type on size in getpeercon per Thorsten Kukuk's advice.
|
|
* Fixed use of getpwnam_r per Thorsten Kukuk's advice.
|
|
* Changed to use getpwnam_r rather than getpwnam internally to
|
|
avoid clobbering any existing pwd struct obtained by the caller.
|
|
* Added getpeercon function to encapsulate getsockopt SO_PEERSEC
|
|
and handle allocation ala getfilecon.
|
|
* Changed is_selinux_enabled to return -1 on errors.
|
|
* Changed to discover selinuxfs mount point via /proc/mounts
|
|
so that the mount point can be changed without rebuilding.
|
|
|
|
1.4 2003-12-01
|
|
* Merged another cleanup patch from Bastian Blank and Joerg Hoh.
|
|
* Regenerate headers for new permissions.
|
|
* Merged static lib build patch from Bastian Blank and Joerg Hoh.
|
|
* Export SELINUXMNT definition, add SELINUXPOLICY definition.
|
|
* Add functions to provide access to enforce and policyvers.
|
|
* Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
|
|
* Fixed type for 'size' in *getfilecon.
|
|
* Dropped -lattr and changed #include's to <sys/xattr.h>
|
|
* Merged patch to move shared library to /lib from Dan Walsh.
|
|
* Changed get_ordered_context_list to support a failsafe context.
|
|
* Added selinuxenabled utility.
|
|
* Merged const patch from Thorsten Kukuk.
|
|
|
|
1.2 2003-09-30
|
|
* Change is_selinux_enabled to fail if policy isn't loaded.
|
|
* Changed Makefiles to allow non-root rpm builds.
|
|
* Added -lattr for libselinux.so to ensure proper binding.
|
|
|
|
1.1 2003-08-13
|
|
* Ensure that context strings are padded with a null byte
|
|
in case the kernel didn't include one.
|
|
* Regenerate headers, update helpers.c for code cleanup.
|
|
* Pass soname flag to linker (Colin Walters).
|
|
* Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
|
|
|
|
1.0 2003-07-11
|
|
* Initial public release.
|