843 lines
28 KiB
Text
843 lines
28 KiB
Text
* Do not copy contexts in semanage_migrate_store, from Jason Zaman.
|
|
* Fix logic in bunzip for uncompressed pp files, from Thomas Hurd.
|
|
* Fix fname[] initialization in test_utilities.c, from Petr Lautrbach.
|
|
* Add remove-hll semanage.conf option to remove HLL files after
|
|
compilation to CIL, from Yuli Khodorkovskiy
|
|
* Fix memory leaks when parsing semanage.conf, from Yuli Khodorkovskiy
|
|
* Change bunzip to use heap instead of stack to prevent segfault on
|
|
systems with small stack size, from Thomas Hurd.
|
|
|
|
2.4 2015-02-02
|
|
* Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different
|
|
directories, from Steve Lawrence
|
|
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
|
|
* Add missing manpage links to security_load_policy, from Laurent
|
|
Bigonville.
|
|
* Fix failing libsemanage pywrap tests, from Nicolas Iooss
|
|
* Fix deprecation warning for bison, from Ilya Frolov
|
|
* Skip policy module relink when only setting booleans, from Stephen
|
|
Smalley
|
|
* Fix typo in tests makefile, from Caleb Case
|
|
* Only try to compile file contexts if they exist, from Steve Lawrence
|
|
* Fix memory leak when setting a custom store path, from Yuli
|
|
Khodorkovskiy
|
|
* Add semodule option to set store root path in semanage.conf and the
|
|
semodule command, from Yuli Khodorkovskiy
|
|
* Add semanage.conf option to set an alternative root path for policy
|
|
store, from Yuli Khodorkovskiy
|
|
* Add support for High Level Language (HLL) to CIL compilers. The HLL
|
|
compiler path is configurable, but should be placed in
|
|
/usr/libexec/selinux/hll by default, from Yuli Khodorkovskiy
|
|
* Create a policy migration script for migrating the policy store from
|
|
/etc/selinux to /var/lib/selinux, from Caleb Case
|
|
* Add python3 support to the migration script, from Jason Zaman
|
|
* Use libcil to compile modules, from Steve Lawrence
|
|
* Use symbolic versioning to maintain ABI compatibility for old install
|
|
functions, from Yuli Khodorkovskiy
|
|
* Add a target-platform option to semanage.conf to control how policies
|
|
are built, from Steve Lawrence
|
|
* Add API to handle modules and source policies, moving module store to
|
|
/var/lib/selinux, from Caleb Case
|
|
* Only try to compile file contexts if they exist, from Steve Lawrence
|
|
|
|
2.3 2014-05-06
|
|
* Fix memory leak in semanage_genhomedircon from Thomas Hurd.
|
|
|
|
2.2 2013-10-30
|
|
* Avoid duplicate list entries from Dan Walsh.
|
|
* Add audit support to libsemanage from Dan Walsh.
|
|
* Remove policy.kern and replace with symlink from Dan Walsh.
|
|
* Apply a MAX_UID check for genhomedircon from Laurent Bigonville.
|
|
* Fix man pages from Laurent Bigonville.
|
|
|
|
2.1.10 2013-02-01
|
|
* Add sefcontext_compile to compile regex everytime policy is rebuilt
|
|
* Cleanup/fix enable/disable/remove module.
|
|
* redo genhomedircon minuid
|
|
* fixes from coverity
|
|
* semanage_store: do not leak memory in semanage_exec_prog
|
|
* genhomedircon: remove useless conditional in get_home_dirs
|
|
* genhomedircon: double free in get_home_dirs
|
|
* fcontext_record: do not leak on error in semanage_fcontext_key_create
|
|
* genhomedircon: do not leak on failure in write_gen_home_dir_context
|
|
* semanage_store: do not leak fd
|
|
* genhomedircon: do not leak shells list
|
|
* semanage_store: do not leak on strdup failure
|
|
* semanage_store: rewrite for readability
|
|
|
|
2.1.9 2012-09-13
|
|
* libsemanage: do not set soname needlessly
|
|
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
|
|
* do boolean name substitution
|
|
* Fix segfault for building standard policies.
|
|
|
|
2.1.8 2012-06-28
|
|
* remove build warning when build swig c files
|
|
* additional makefile support for rubywrap
|
|
* ignore 80 column limit for readability
|
|
* semanage_store: fix snprintf length argument by using asprintf
|
|
* Use default semanage.conf as a fallback
|
|
* use after free in python bindings
|
|
|
|
2.1.7 2012-03-28
|
|
* Alternate path for semanage.conf
|
|
* do not link against libpython, this is considered bad in Debian
|
|
* Allow to build for several ruby version
|
|
* fallback-user-level
|
|
|
|
2.1.6 2011-12-21
|
|
* add ignoredirs config for genhomedircon
|
|
* Fallback_user_level can be NULL if you are not using MLS
|
|
|
|
2.1.5 2011-11-03
|
|
* regenerate .pc on VERSION change
|
|
* maintain mode even if umask is tighter
|
|
* semanage.conf man page
|
|
* create man5dir if not exist
|
|
|
|
2.1.4 2011-09-15
|
|
* Create a new preserve_tunables flag
|
|
* tree: default make target to all not
|
|
* fix semanage_store_access_check calling arguments
|
|
|
|
2.1.3 2011-08-26
|
|
* python wrapper makefile changes
|
|
|
|
2.1.2 2011-08-17
|
|
* print error debug info for buggy fc
|
|
* introduce semanage_set_root and friends
|
|
* throw exceptions in python rather than return
|
|
* python3 support.
|
|
* patch for MCS/MLS in user files
|
|
|
|
2.1.1 2011-08-01
|
|
* Remove generated files, expand .gitignore
|
|
* Use -Werror and change a few prototypes to support it
|
|
|
|
2.1.0 2011-07-27
|
|
* Release, minor version bump
|
|
|
|
2.0.46 2010-12-16
|
|
* Fix compliation under GCC 4.6 by Justin Mattock
|
|
|
|
2.0.45 2010-03-06
|
|
* Add enable/disable patch support from Dan Walsh.
|
|
* Add usepasswd flag to semanage.conf to disable genhomedircon using
|
|
passwd from Dan Walsh.
|
|
* regenerate swig wrappers
|
|
|
|
2.0.44 2010-02-02
|
|
* Replace usage of fmemopen() with sepol_policy_file_set_mem() since
|
|
glibc < 2.9 does not support binary mode ('b') for fmemopen'd
|
|
streams.
|
|
|
|
2.0.43 2009-11-27
|
|
* Move libsemanage.so to /usr/lib
|
|
* Add NAME lines to man pages from Manoj Srivastava<srivasta@debian.org>
|
|
|
|
2.0.42 2009-11-18
|
|
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
|
|
|
|
2.0.41 2009-10-29
|
|
* Add pkgconfig file from Eamon Walsh.
|
|
|
|
2.0.40 2009-10-22
|
|
* Add semanage_set_check_contexts() function to disable calling
|
|
setfiles
|
|
|
|
2.0.39 2009-09-24
|
|
* make swigify
|
|
|
|
2.0.38 2009-09-16
|
|
* Change semodule upgrade behavior to install even if the module
|
|
is not present from Dan Walsh.
|
|
* Make genhomedircon trim excess '/' from homedirs from Dan Walsh.
|
|
|
|
2.0.37 2009-09-04
|
|
* Fix persistent dontaudit support to rebuild policy if the
|
|
dontaudit state is changed from Chad Sellers.
|
|
|
|
2.0.36 2009-08-24
|
|
* Changed bzip-blocksize=0 handling to support existing compressed
|
|
modules in the store.
|
|
|
|
2.0.35 2009-08-05
|
|
* Revert hard linking of files between tmp/active/previous.
|
|
|
|
2.0.34 2009-08-05
|
|
* Enable configuration of bzip behavior from Stephen Smalley.
|
|
bzip-blocksize=0 to disable compression and decompression support.
|
|
bzip-blocksize=1..9 to set the blocksize for compression.
|
|
bzip-small=true to reduce memory usage for decompression.
|
|
|
|
2.0.33 2009-07-07
|
|
* Maintain disable dontaudit state from Christopher Pardy.
|
|
|
|
2.0.32 2009-05-28
|
|
* Ruby bindings from David Quigley.
|
|
|
|
2.0.31 2009-01-12
|
|
* Policy module compression (bzip) support from Dan Walsh.
|
|
* Hard link files between tmp/active/previous from Dan Walsh.
|
|
|
|
2.0.30 2008-11-12
|
|
* Add semanage_mls_enabled() interface from Stephen Smalley.
|
|
|
|
2.0.29 2008-11-11
|
|
* Add USER to lines to homedir_template context file from Chris PeBenito.
|
|
|
|
2.0.28 2008-09-15
|
|
* allow fcontext and seuser changes without rebuilding the policy from Dan Walsh
|
|
|
|
2.0.27 2008-08-05
|
|
* Modify genhomedircon to skip %groupname entries.
|
|
Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax.
|
|
|
|
2.0.26 2008-07-29
|
|
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
|
|
Strip any trailing slash before appending /*$.
|
|
|
|
2.0.25 2008-04-21
|
|
* Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
|
|
Fixes semanage boolean -D seg fault (bug 441379).
|
|
|
|
2.0.24 2008-02-26
|
|
* make swigify
|
|
|
|
2.0.23 2008-02-04
|
|
* Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.
|
|
|
|
2.0.22 2008-02-04
|
|
* Free policydb before fork from Joshua Brindle.
|
|
|
|
2.0.21 2008-02-04
|
|
* Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.
|
|
|
|
2.0.12 2008-02-02
|
|
* Use sepol_set_expand_consume_base to reduce peak memory usage when
|
|
using semodule from Joshua Brindle.
|
|
|
|
2.0.19 2008-01-31
|
|
* Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
|
|
|
|
2.0.18 2008-01-28
|
|
* Fix spurious out of memory error reports.
|
|
|
|
2.0.17 2008-01-25
|
|
* Merged second version of fix for genhomedircon handling from Caleb Case.
|
|
|
|
2.0.16 2008-01-24
|
|
* Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
|
|
|
|
2.0.15 2007-12-05
|
|
* Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
|
|
* Copy the store path in semanage_select_store from Dan Walsh.
|
|
|
|
2.0.14 2007-11-05
|
|
* Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.
|
|
|
|
2.0.13 2007-11-05
|
|
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
|
|
|
|
2.0.12 2007-10-05
|
|
* ustr cleanups from James Antill.
|
|
* Ensure that /root gets labeled even if using the default context from Dan Walsh.
|
|
|
|
2.0.11 2007-09-28
|
|
* Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
|
|
|
|
2.0.10 2007-09-28
|
|
* Fix error checking on getpw*_r functions from Todd Miller.
|
|
* Make genhomedircon skip invalid homedir contexts from Todd Miller.
|
|
* Set default user and prefix from seusers from Dan Walsh.
|
|
* Add swigify Makefile target from Dan Walsh.
|
|
|
|
2.0.9 2007-09-24
|
|
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
|
|
|
|
2.0.8 2007-09-19
|
|
* Clear errno on non-fatal errors to avoid reporting them upon a
|
|
later error that does not set errno.
|
|
|
|
2.0.7 2007-09-19
|
|
* Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
|
|
|
|
2.0.6 2007-09-10
|
|
* Change to use getpw* function calls to the _r versions from Todd Miller.
|
|
|
|
2.0.5 2007-08-23
|
|
* Replace genhomedircon script with equivalent functionality within
|
|
libsemanage and introduce disable-genhomedircon option in
|
|
semanage.conf from Todd Miller.
|
|
Note: Depends on ustr.
|
|
|
|
2.0.4 2007-08-16
|
|
* Allow dontaudits to be turned off via semanage interface when
|
|
updating policy from Joshua Brindle.
|
|
|
|
2.0.3 2007-04-25
|
|
* Fix to libsemanage man patches so whatis will work better from Dan Walsh
|
|
|
|
2.0.2 2007-04-24
|
|
* Merged optimizations from Stephen Smalley.
|
|
- do not set all booleans upon commit, only those whose values have changed
|
|
- only install the sandbox upon commit if something was rebuilt
|
|
|
|
2.0.1 2007-03-12
|
|
* Merged dbase_file_flush patch from Dan Walsh.
|
|
This removes any mention of specific tools (e.g. semanage)
|
|
from the comment header of the auto-generated files,
|
|
since there are multiple front-end tools.
|
|
|
|
2.0.0 2007-02-20
|
|
* Merged Makefile test target patch from Caleb Case.
|
|
* Merged get_commit_number function rename patch from Caleb Case.
|
|
* Merged strnlen -> strlen patch from Todd Miller.
|
|
|
|
1.10.1 2007-01-26
|
|
* Merged python binding fix from Dan Walsh.
|
|
|
|
1.10.0 2007-01-18
|
|
* Updated version for stable branch.
|
|
|
|
1.9.2 2007-01-08
|
|
* Merged patch to optionally reduce disk usage by removing
|
|
the backup module store and linked policy from Karl MacMillan
|
|
* Merged patch to correctly propagate return values in libsemanage
|
|
|
|
1.9.1 2006-11-27
|
|
* Merged patch to compile wit -fPIC instead of -fpic from
|
|
Manoj Srivastava to prevent hitting the global offest table
|
|
limit. Patch changed to include libselinux and libsemanage in
|
|
addition to libsepol.
|
|
|
|
1.8 2006-10-17
|
|
* Updated version for release.
|
|
|
|
1.6.17 2006-09-29
|
|
* Merged patch to skip reload if no active store exists and
|
|
the store path doesn't match the active store path from Dan Walsh.
|
|
* Merged patch to not destroy sepol handle on error path of
|
|
connect from James Athey.
|
|
* Merged patch to add genhomedircon path to semanage.conf from
|
|
James Athey.
|
|
|
|
1.6.16 2006-08-14
|
|
* Make most copy errors fatal, but allow exceptions for
|
|
file_contexts.local, seusers, and netfilter_contexts if
|
|
the source file does not exist in the store.
|
|
|
|
1.6.15 2006-08-11
|
|
* Merged separate local file contexts patch from Chris PeBenito.
|
|
|
|
1.6.14 2006-08-11
|
|
* Merged patch to make most copy errors non-fatal from Dan Walsh.
|
|
|
|
1.6.13 2006-08-03
|
|
* Merged netfilter contexts support from Chris PeBenito.
|
|
|
|
1.6.12 2006-07-11
|
|
* Merged support for read operations on read-only fs from
|
|
Caleb Case (Tresys Technology).
|
|
|
|
1.6.11 2006-06-29
|
|
* Lindent.
|
|
|
|
1.6.10 2006-06-26
|
|
* Merged setfiles location check patch from Dan Walsh.
|
|
|
|
1.6.9 2006-06-16
|
|
* Merged several fixes from Serge Hallyn:
|
|
dbase_file_cache: deref of uninit data on error path.
|
|
dbase_policydb_cache: clear fp to avoid double fclose
|
|
semanage_fc_sort: destroy temp on error paths
|
|
|
|
1.6.8 2006-06-02
|
|
* Updated default location for setfiles to /sbin to
|
|
match policycoreutils. This can also be adjusted via
|
|
semanage.conf using the syntax:
|
|
[setfiles]
|
|
path = /path/to/setfiles
|
|
args = -q -c $@ $<
|
|
[end]
|
|
|
|
1.6.7 2006-05-05
|
|
* Merged fix warnings patch from Karl MacMillan.
|
|
|
|
1.6.6 2006-04-14
|
|
* Merged updated file context sorting patch from Christopher
|
|
Ashworth, with bug fix for escaped character flag.
|
|
|
|
1.6.5 2006-04-13
|
|
* Merged file context sorting code from Christopher Ashworth
|
|
(Tresys Technology), based on fc_sort.c code in refpolicy.
|
|
|
|
1.6.4 2006-04-12
|
|
* Merged python binding t_output_helper removal patch from Dan Walsh.
|
|
* Regenerated swig files.
|
|
|
|
1.6.3 2006-03-30
|
|
* Merged corrected fix for descriptor leak from Dan Walsh.
|
|
|
|
1.6.2 2006-03-20
|
|
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
|
|
|
|
1.6.1 2006-03-20
|
|
* Merged man page reorganization from Ivan Gyurdiev.
|
|
|
|
1.6 2006-03-14
|
|
* Updated version for release.
|
|
|
|
1.5.31 2006-03-09
|
|
* Merged abort early on merge errors patch from Ivan Gyurdiev.
|
|
|
|
1.5.30 2006-03-08
|
|
* Cleaned up error handling in semanage_split_fc based on a patch
|
|
by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
|
|
|
|
1.5.29 2006-02-21
|
|
* Merged MLS handling fixes from Ivan Gyurdiev.
|
|
|
|
1.5.28 2006-02-16
|
|
* Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
|
|
|
|
1.5.27 2006-02-16
|
|
* Merged base_merge_components changes from Ivan Gyurdiev.
|
|
|
|
1.5.26 2006-02-15
|
|
* Merged paths array patch from Ivan Gyurdiev.
|
|
* Merged bug fix patch from Ivan Gyurdiev.
|
|
|
|
1.5.25 2006-02-14
|
|
* Merged improve bindings patch from Ivan Gyurdiev.
|
|
|
|
1.5.24 2006-02-14
|
|
* Merged use PyList patch from Ivan Gyurdiev.
|
|
* Merged memory leak fix patch from Ivan Gyurdiev.
|
|
* Merged nodecon support patch from Ivan Gyurdiev.
|
|
* Merged cleanups patch from Ivan Gyurdiev.
|
|
* Merged split swig patch from Ivan Gyurdiev.
|
|
|
|
1.5.23 2006-02-13
|
|
* Merged optionals in base patch from Joshua Brindle.
|
|
|
|
1.5.22 2006-02-13
|
|
* Merged treat seusers/users_extra as optional sections patch from
|
|
Ivan Gyurdiev.
|
|
* Merged parse_optional fixes from Ivan Gyurdiev.
|
|
|
|
1.5.21 2006-02-07
|
|
* Merged seuser/user_extra support patch from Joshua Brindle.
|
|
* Merged remote system dbase patch from Ivan Gyurdiev.
|
|
|
|
1.5.20 2006-02-02
|
|
* Merged clone record on set_con patch from Ivan Gyurdiev.
|
|
|
|
1.5.19 2006-01-30
|
|
* Merged fname parameter patch from Ivan Gyurdiev.
|
|
* Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
|
|
* Merged seusers.system patch from Ivan Gyurdiev.
|
|
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
|
|
|
|
1.5.18 2006-01-27
|
|
* Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
|
|
|
|
1.5.17 2006-01-27
|
|
* Merged set_create_store, access_check, and is_connected interfaces
|
|
from Joshua Brindle.
|
|
|
|
1.5.16 2006-01-19
|
|
* Regenerate python wrappers.
|
|
|
|
1.5.15 2006-01-18
|
|
* Merged pywrap Makefile diff from Dan Walsh.
|
|
* Merged cache management patch from Ivan Gyurdiev.
|
|
* Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
|
|
* Merged remove apply_local function patch from Ivan Gyurdiev.
|
|
* Merged only do read locking in direct case patch from Ivan Gyurdiev.
|
|
* Merged cache error path memory leak fix from Ivan Gyurdiev.
|
|
* Merged auto-generated file header patch from Ivan Gyurdiev.
|
|
* Merged pywrap test update from Ivan Gyurdiev.
|
|
* Merged hidden defs update from Ivan Gyurdiev.
|
|
|
|
1.5.14 2006-01-13
|
|
* Merged disallow port overlap patch from Ivan Gyurdiev.
|
|
|
|
1.5.13 2006-01-12
|
|
* Merged join prereq and implementation patches from Ivan Gyurdiev.
|
|
* Merged join user extra data part 2 patch from Ivan Gyurdiev.
|
|
* Merged bugfix patch from Ivan Gyurdiev.
|
|
|
|
1.5.12 2006-01-12
|
|
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
|
|
* Merged user extra data part 1 patch from Ivan Gyurdiev.
|
|
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
|
|
* Merged calloc check in semanage_store patch from Ivan Gyurdiev,
|
|
bug noticed by Steve Grubb.
|
|
* Merged cleanups after add/set removal patch from Ivan Gyurdiev.
|
|
|
|
1.5.11 2006-01-09
|
|
* Merged fcontext compare fix from Ivan Gyurdiev.
|
|
|
|
1.5.10 2006-01-06
|
|
* Fixed commit to return the commit number aka policy sequence number.
|
|
|
|
1.5.9 2006-01-06
|
|
* Merged const in APIs patch from Ivan Gyurdiev.
|
|
* Merged validation of local file contexts patch from Ivan Gyurdiev.
|
|
* Merged compare2 function patch from Ivan Gyurdiev.
|
|
* Merged hidden def/proto update patch from Ivan Gyurdiev.
|
|
|
|
1.5.8 2006-01-05
|
|
* Re-applied string and file optimization patch from Russell Coker,
|
|
with bug fix.
|
|
|
|
1.5.7 2006-01-05
|
|
* Reverted string and file optimization patch from Russell Coker.
|
|
|
|
1.5.6 2006-01-05
|
|
* Clarified error messages from parse_module_headers and
|
|
parse_base_headers for base/module mismatches.
|
|
|
|
1.5.5 2006-01-05
|
|
* Merged string and file optimization patch from Russell Coker.
|
|
* Merged swig header reordering patch from Ivan Gyurdiev.
|
|
* Merged toggle modify on add patch from Ivan Gyurdiev.
|
|
* Merged ports parser bugfix patch from Ivan Gyurdiev.
|
|
* Merged fcontext swig patch from Ivan Gyurdiev.
|
|
* Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
|
|
* Merged man pages for dbase functions patch from Ivan Gyurdiev.
|
|
* Merged pywrap tests patch from Ivan Gyurdiev.
|
|
|
|
1.5.4 2006-01-04
|
|
* Merged patch series from Ivan Gyurdiev.
|
|
This includes patches to:
|
|
- separate file rw code from linked list
|
|
- annotate objects
|
|
- fold together internal headers
|
|
- support ordering of records in compare function
|
|
- add active dbase backend, active booleans
|
|
- return commit numbers for ro database calls
|
|
- use modified flags to skip rebuild whenever possible
|
|
- enable port interfaces
|
|
- update swig interfaces and typemaps
|
|
- add an API for file_contexts.local and file_contexts
|
|
- flip the traversal order in iterate/list
|
|
- reorganize sandbox_expand
|
|
- add seusers MLS validation
|
|
- improve dbase spec/documentation
|
|
- clone record on set/add/modify
|
|
|
|
1.5.3 2005-12-14
|
|
* Merged further header cleanups from Ivan Gyurdiev.
|
|
|
|
1.5.2 2005-12-13
|
|
* Merged toggle modified flag in policydb_modify, fix memory leak
|
|
in clear_obsolete, polymorphism vs headers fix, and include guards
|
|
for internal headers patches from Ivan Gyurdiev.
|
|
|
|
1.5.1 2005-12-12
|
|
* Added file-mode= setting to semanage.conf, default to 0644.
|
|
Changed semanage_copy_file and callers to use this mode when
|
|
installing policy files to runtime locations.
|
|
|
|
1.4 2005-12-07
|
|
* Updated version for release.
|
|
|
|
1.3.64 2005-12-06
|
|
* Changed semanage_handle_create() to set do_reload based on
|
|
is_selinux_enabled(). This prevents improper attempts to
|
|
load policy on a non-SELinux system.
|
|
|
|
1.3.63 2005-12-05
|
|
* Dropped handle from user_del_role interface.
|
|
|
|
1.3.62 2005-12-05
|
|
* Removed defrole interfaces.
|
|
|
|
1.3.61 2005-11-29
|
|
* Merged Makefile python definitions patch from Dan Walsh.
|
|
|
|
1.3.60 2005-11-29
|
|
* Removed is_selinux_mls_enabled() conditionals in seusers and users
|
|
file parsers.
|
|
|
|
1.3.59 2005-11-28
|
|
* Merged wrap char*** for user_get_roles patch from Joshua Brindle.
|
|
|
|
1.3.58 2005-11-28
|
|
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
|
|
|
|
1.3.57 2005-11-28
|
|
* Merged swig wrappers for modifying users and seusers from Joshua Brindle.
|
|
|
|
1.3.56 2005-11-16
|
|
* Fixed free->key_free bug.
|
|
|
|
1.3.55 2005-11-16
|
|
* Merged clear obsolete patch from Ivan Gyurdiev.
|
|
|
|
1.3.54 2005-11-15
|
|
* Merged modified swigify patch from Dan Walsh
|
|
(original patch from Joshua Brindle).
|
|
* Merged move genhomedircon call patch from Chad Sellers.
|
|
|
|
1.3.53 2005-11-10
|
|
* Merged move seuser validation patch from Ivan Gyurdiev.
|
|
* Merged hidden declaration fixes from Ivan Gyurdiev,
|
|
with minor corrections.
|
|
|
|
1.3.52 2005-11-09
|
|
* Merged cleanup patch from Ivan Gyurdiev.
|
|
This renames semanage_module_conn to semanage_direct_handle,
|
|
and moves sepol handle create/destroy into semanage handle
|
|
create/destroy to allow use even when disconnected (for the
|
|
record interfaces).
|
|
|
|
1.3.51 2005-11-08
|
|
* Clear modules modified flag upon disconnect and commit.
|
|
|
|
1.3.50 2005-11-08
|
|
* Added tracking of module modifications and use it to
|
|
determine whether expand-time checks should be applied
|
|
on commit.
|
|
|
|
1.3.49 2005-11-08
|
|
* Reverted semanage_set_reload_bools() interface.
|
|
|
|
1.3.48 2005-11-08
|
|
* Disabled calls to port dbase for merge and commit and stubbed
|
|
out calls to sepol_port interfaces since they are not exported.
|
|
|
|
1.3.47 2005-11-08
|
|
* Merged rename instead of copy patch from Joshua Brindle (Tresys).
|
|
|
|
1.3.46 2005-11-07
|
|
* Added hidden_def/hidden_proto for exported symbols used within
|
|
libsemanage to eliminate relocations. Wrapped type definitions
|
|
in exported headers as needed to avoid conflicts. Added
|
|
src/context_internal.h and src/iface_internal.h.
|
|
|
|
1.3.45 2005-11-07
|
|
* Added semanage_is_managed() interface to allow detection of whether
|
|
the policy is managed via libsemanage. This enables proper handling
|
|
in setsebool for non-managed systems.
|
|
|
|
1.3.44 2005-11-07
|
|
* Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
|
|
to enable runtime control over preserving active boolean values
|
|
versus reloading their saved settings upon commit.
|
|
|
|
1.3.43 2005-11-04
|
|
* Merged seuser parser resync, dbase tracking and cleanup, strtol
|
|
bug, copyright, and assert space patches from Ivan Gyurdiev.
|
|
|
|
1.3.42 2005-11-04
|
|
* Added src/*_internal.h in preparation for other changes.
|
|
* Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
|
|
src/seusers.[hc].
|
|
|
|
1.3.41 2005-11-03
|
|
* Merged interface parse/print, context_to_string interface change,
|
|
move assert_noeof, and order preserving patches from Ivan Gyurdiev.
|
|
* Added src/dso.h in preparation for other changes.
|
|
|
|
1.3.40 2005-11-01
|
|
* Merged install seusers, handle/error messages, MLS parsing,
|
|
and seusers validation patches from Ivan Gyurdiev.
|
|
|
|
1.3.39 2005-10-31
|
|
* Merged record interface, dbase flush, common database code,
|
|
and record bugfix patches from Ivan Gyurdiev.
|
|
|
|
1.3.38 2005-10-27
|
|
* Merged dbase policydb list and count change from Ivan Gyurdiev.
|
|
|
|
1.3.37 2005-10-27
|
|
* Merged enable dbase and set relay patches from Ivan Gyurdiev.
|
|
|
|
1.3.36 2005-10-27
|
|
* Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
|
|
|
|
1.3.35 2005-10-26
|
|
* Merged sepol handle passing, seusers support, and policydb cache
|
|
patches from Ivan Gyurdiev.
|
|
|
|
1.3.34 2005-10-25
|
|
* Merged resync to sepol changes and booleans fixes/improvements
|
|
patches from Ivan Gyurdiev.
|
|
|
|
1.3.33 2005-10-25
|
|
* Merged support for genhomedircon/homedir template, store selection,
|
|
explicit policy reload, and semanage.conf relocation from Joshua
|
|
Brindle.
|
|
|
|
1.3.32 2005-10-24
|
|
* Merged resync to sepol changes and transaction fix patches from
|
|
Ivan Gyurdiev.
|
|
|
|
1.3.31 2005-10-21
|
|
* Merged reorganize users patch from Ivan Gyurdiev.
|
|
* Merged remove unused relay functions patch from Ivan Gyurdiev.
|
|
|
|
1.3.30 2005-10-20
|
|
* Fixed policy file leaks in semanage_load_module and
|
|
semanage_write_module.
|
|
* Merged further database work from Ivan Gyurdiev.
|
|
|
|
1.3.29 2005-10-20
|
|
* Fixed bug in semanage_direct_disconnect.
|
|
|
|
1.3.28 2005-10-20
|
|
* Merged interface renaming patch from Ivan Gyurdiev.
|
|
* Merged policy component patch from Ivan Gyurdiev.
|
|
|
|
1.3.27 2005-10-20
|
|
* Renamed 'check=' configuration value to 'expand-check=' for
|
|
clarity.
|
|
* Changed semanage_commit_sandbox to check for and report errors
|
|
on rename(2) calls performed during rollback.
|
|
|
|
1.3.26 2005-10-19
|
|
* Added optional check= configuration value to semanage.conf
|
|
and updated call to sepol_expand_module to pass its value
|
|
to control assertion and hierarchy checking on module expansion.
|
|
|
|
1.3.25 2005-10-19
|
|
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
|
1.3.24 2005-10-19
|
|
* Merged default database from Ivan Gyurdiev.
|
|
* Merged removal of connect requirement in policydb backend from
|
|
Ivan Gyurdiev.
|
|
* Merged commit locking fix and lock rename from Joshua Brindle.
|
|
* Merged transaction rollback in lock patch from Joshua Brindle.
|
|
|
|
1.3.23 2005-10-18
|
|
* Changed default args for load_policy to be null, as it no longer
|
|
takes a pathname argument and we want to preserve booleans.
|
|
|
|
1.3.22 2005-10-18
|
|
* Merged move local dbase initialization patch from Ivan Gyurdiev.
|
|
* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
|
|
* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
|
|
|
|
1.3.21 2005-10-18
|
|
* Added calls to sepol_policy_file_set_handle interface prior
|
|
to invoking sepol operations on policy files.
|
|
* Updated call to sepol_policydb_from_image to pass the handle.
|
|
|
|
1.3.20 2005-10-17
|
|
* Merged user and port APIs - policy database patch from Ivan
|
|
Gyurdiev.
|
|
|
|
1.3.19 2005-10-17
|
|
* Converted calls to sepol link_packages and expand_module interfaces
|
|
from using buffers to using sepol handles for error reporting, and
|
|
changed direct_connect/disconnect to create/destroy sepol handles.
|
|
|
|
1.3.18 2005-10-14
|
|
* Merged bugfix patch from Ivan Gyurdiev.
|
|
|
|
1.3.17 2005-10-14
|
|
* Merged seuser database patch from Ivan Gyurdiev.
|
|
Merged direct user/port databases to the handle from Ivan Gyurdiev.
|
|
|
|
1.3.16 2005-10-14
|
|
* Removed obsolete include/semanage/commit_api.h (leftover).
|
|
Merged seuser record patch from Ivan Gyurdiev.
|
|
|
|
1.3.15 2005-10-14
|
|
* Merged boolean and interface databases from Ivan Gyurdiev.
|
|
|
|
1.3.14 2005-10-13
|
|
* Updated to use get interfaces for hidden sepol_module_package type.
|
|
|
|
1.3.13 2005-10-13
|
|
* Changed semanage_expand_sandbox and semanage_install_active
|
|
to generate/install the latest policy version supported by libsepol
|
|
by default (unless overridden by semanage.conf), since libselinux
|
|
will now downgrade automatically for load_policy.
|
|
|
|
1.3.12 2005-10-13
|
|
* Merged new callback-based error reporting system and ongoing
|
|
database work from Ivan Gyurdiev.
|
|
|
|
1.3.11 2005-10-11
|
|
* Fixed semanage_install_active() to use the same logic for
|
|
selecting a policy version as semanage_expand_sandbox(). Dropped
|
|
dead code from semanage_install_sandbox().
|
|
|
|
1.3.10 2005-10-07
|
|
* Updated for changes to libsepol, and to only use types and interfaces
|
|
provided by the shared libsepol.
|
|
|
|
1.3.9 2005-10-06
|
|
* Merged further database work from Ivan Gyurdiev.
|
|
|
|
1.3.8 2005-10-04
|
|
* Merged iterate, redistribute, and dbase split patches from
|
|
Ivan Gyurdiev.
|
|
|
|
1.3.7 2005-09-30
|
|
* Merged patch series from Ivan Gyurdiev.
|
|
(pointer typedef elimination, file renames, dbase work, backend
|
|
separation)
|
|
|
|
1.3.6 2005-09-28
|
|
* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
|
|
* Separated handle create from connect interface.
|
|
* Added a constructor for initialization.
|
|
* Moved up src/include/*.h to src.
|
|
* Created a symbol map file; dropped dso.h and hidden markings.
|
|
|
|
1.3.5 2005-09-28
|
|
* Merged major update to libsemanage organization and functionality
|
|
from Karl MacMillan (Tresys).
|
|
|
|
1.3.4 2005-09-23
|
|
* Merged dbase redesign patch from Ivan Gyurdiev.
|
|
|
|
1.3.3 2005-09-21
|
|
* Merged boolean record, stub record handler, and status codes
|
|
patches from Ivan Gyurdiev.
|
|
|
|
1.3.2 2005-09-16
|
|
* Merged stub iterator functionality from Ivan Gyurdiev.
|
|
* Merged interface record patch from Ivan Gyurdiev.
|
|
|
|
1.3.1 2005-09-14
|
|
* Merged stub functionality for managing user and port records,
|
|
and record table code from Ivan Gyurdiev.
|
|
|
|
1.2 2005-09-06
|
|
* Updated version for release.
|
|
|
|
1.1.6 2005-08-31
|
|
* Merged semod.conf template patch from Dan Walsh (Red Hat),
|
|
but restored location to /usr/share/semod/semod.conf.
|
|
|
|
1.1.5 2005-08-30
|
|
* Fixed several bugs found by valgrind.
|
|
* Fixed bug in prior patch for the semod_build_module_list leak.
|
|
|
|
1.1.4 2005-08-25
|
|
* Merged errno fix from Joshua Brindle (Tresys).
|
|
* Merged fix for semod_build_modules_list leak on error path
|
|
from Serge Hallyn (IBM). Bug found by Coverity.
|
|
|
|
1.1.3 2005-08-22
|
|
* Merged several fixes from Serge Hallyn (IBM). Bugs found by
|
|
Coverity.
|
|
* Fixed several other bugs and warnings.
|
|
|
|
1.1.2 2005-08-02
|
|
* Merged patch to move module read/write code from libsemanage
|
|
to libsepol from Jason Tang (Tresys).
|
|
|
|
1.1.1 2005-08-02
|
|
* Merged relay records patch from Ivan Gyurdiev.
|
|
* Merged key extract patch from Ivan Gyurdiev.
|
|
|
|
1.0 2005-07-27
|
|
* Initial version.
|