1 * Do not copy contexts in semanage_migrate_store, from Jason Zaman. 2 * Fix logic in bunzip for uncompressed pp files, from Thomas Hurd. 3 * Fix fname[] initialization in test_utilities.c, from Petr Lautrbach. 4 * Add remove-hll semanage.conf option to remove HLL files after 5 compilation to CIL, from Yuli Khodorkovskiy 6 * Fix memory leaks when parsing semanage.conf, from Yuli Khodorkovskiy 7 * Change bunzip to use heap instead of stack to prevent segfault on 8 systems with small stack size, from Thomas Hurd. 9 10 2.4 2015-02-02 11 * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different 12 directories, from Steve Lawrence 13 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. 14 * Add missing manpage links to security_load_policy, from Laurent 15 Bigonville. 16 * Fix failing libsemanage pywrap tests, from Nicolas Iooss 17 * Fix deprecation warning for bison, from Ilya Frolov 18 * Skip policy module relink when only setting booleans, from Stephen 19 Smalley 20 * Fix typo in tests makefile, from Caleb Case 21 * Only try to compile file contexts if they exist, from Steve Lawrence 22 * Fix memory leak when setting a custom store path, from Yuli 23 Khodorkovskiy 24 * Add semodule option to set store root path in semanage.conf and the 25 semodule command, from Yuli Khodorkovskiy 26 * Add semanage.conf option to set an alternative root path for policy 27 store, from Yuli Khodorkovskiy 28 * Add support for High Level Language (HLL) to CIL compilers. The HLL 29 compiler path is configurable, but should be placed in 30 /usr/libexec/selinux/hll by default, from Yuli Khodorkovskiy 31 * Create a policy migration script for migrating the policy store from 32 /etc/selinux to /var/lib/selinux, from Caleb Case 33 * Add python3 support to the migration script, from Jason Zaman 34 * Use libcil to compile modules, from Steve Lawrence 35 * Use symbolic versioning to maintain ABI compatibility for old install 36 functions, from Yuli Khodorkovskiy 37 * Add a target-platform option to semanage.conf to control how policies 38 are built, from Steve Lawrence 39 * Add API to handle modules and source policies, moving module store to 40 /var/lib/selinux, from Caleb Case 41 * Only try to compile file contexts if they exist, from Steve Lawrence 42 43 2.3 2014-05-06 44 * Fix memory leak in semanage_genhomedircon from Thomas Hurd. 45 46 2.2 2013-10-30 47 * Avoid duplicate list entries from Dan Walsh. 48 * Add audit support to libsemanage from Dan Walsh. 49 * Remove policy.kern and replace with symlink from Dan Walsh. 50 * Apply a MAX_UID check for genhomedircon from Laurent Bigonville. 51 * Fix man pages from Laurent Bigonville. 52 53 2.1.10 2013-02-01 54 * Add sefcontext_compile to compile regex everytime policy is rebuilt 55 * Cleanup/fix enable/disable/remove module. 56 * redo genhomedircon minuid 57 * fixes from coverity 58 * semanage_store: do not leak memory in semanage_exec_prog 59 * genhomedircon: remove useless conditional in get_home_dirs 60 * genhomedircon: double free in get_home_dirs 61 * fcontext_record: do not leak on error in semanage_fcontext_key_create 62 * genhomedircon: do not leak on failure in write_gen_home_dir_context 63 * semanage_store: do not leak fd 64 * genhomedircon: do not leak shells list 65 * semanage_store: do not leak on strdup failure 66 * semanage_store: rewrite for readability 67 68 2.1.9 2012-09-13 69 * libsemanage: do not set soname needlessly 70 * libsemanage: remove PYTHONLIBDIR and ruby equivalent 71 * do boolean name substitution 72 * Fix segfault for building standard policies. 73 74 2.1.8 2012-06-28 75 * remove build warning when build swig c files 76 * additional makefile support for rubywrap 77 * ignore 80 column limit for readability 78 * semanage_store: fix snprintf length argument by using asprintf 79 * Use default semanage.conf as a fallback 80 * use after free in python bindings 81 82 2.1.7 2012-03-28 83 * Alternate path for semanage.conf 84 * do not link against libpython, this is considered bad in Debian 85 * Allow to build for several ruby version 86 * fallback-user-level 87 88 2.1.6 2011-12-21 89 * add ignoredirs config for genhomedircon 90 * Fallback_user_level can be NULL if you are not using MLS 91 92 2.1.5 2011-11-03 93 * regenerate .pc on VERSION change 94 * maintain mode even if umask is tighter 95 * semanage.conf man page 96 * create man5dir if not exist 97 98 2.1.4 2011-09-15 99 * Create a new preserve_tunables flag 100 * tree: default make target to all not 101 * fix semanage_store_access_check calling arguments 102 103 2.1.3 2011-08-26 104 * python wrapper makefile changes 105 106 2.1.2 2011-08-17 107 * print error debug info for buggy fc 108 * introduce semanage_set_root and friends 109 * throw exceptions in python rather than return 110 * python3 support. 111 * patch for MCS/MLS in user files 112 113 2.1.1 2011-08-01 114 * Remove generated files, expand .gitignore 115 * Use -Werror and change a few prototypes to support it 116 117 2.1.0 2011-07-27 118 * Release, minor version bump 119 120 2.0.46 2010-12-16 121 * Fix compliation under GCC 4.6 by Justin Mattock 122 123 2.0.45 2010-03-06 124 * Add enable/disable patch support from Dan Walsh. 125 * Add usepasswd flag to semanage.conf to disable genhomedircon using 126 passwd from Dan Walsh. 127 * regenerate swig wrappers 128 129 2.0.44 2010-02-02 130 * Replace usage of fmemopen() with sepol_policy_file_set_mem() since 131 glibc < 2.9 does not support binary mode ('b') for fmemopen'd 132 streams. 133 134 2.0.43 2009-11-27 135 * Move libsemanage.so to /usr/lib 136 * Add NAME lines to man pages from Manoj Srivastava<srivasta (a] debian.org> 137 138 2.0.42 2009-11-18 139 * Move load_policy from /usr/sbin to /sbin from Dan Walsh. 140 141 2.0.41 2009-10-29 142 * Add pkgconfig file from Eamon Walsh. 143 144 2.0.40 2009-10-22 145 * Add semanage_set_check_contexts() function to disable calling 146 setfiles 147 148 2.0.39 2009-09-24 149 * make swigify 150 151 2.0.38 2009-09-16 152 * Change semodule upgrade behavior to install even if the module 153 is not present from Dan Walsh. 154 * Make genhomedircon trim excess '/' from homedirs from Dan Walsh. 155 156 2.0.37 2009-09-04 157 * Fix persistent dontaudit support to rebuild policy if the 158 dontaudit state is changed from Chad Sellers. 159 160 2.0.36 2009-08-24 161 * Changed bzip-blocksize=0 handling to support existing compressed 162 modules in the store. 163 164 2.0.35 2009-08-05 165 * Revert hard linking of files between tmp/active/previous. 166 167 2.0.34 2009-08-05 168 * Enable configuration of bzip behavior from Stephen Smalley. 169 bzip-blocksize=0 to disable compression and decompression support. 170 bzip-blocksize=1..9 to set the blocksize for compression. 171 bzip-small=true to reduce memory usage for decompression. 172 173 2.0.33 2009-07-07 174 * Maintain disable dontaudit state from Christopher Pardy. 175 176 2.0.32 2009-05-28 177 * Ruby bindings from David Quigley. 178 179 2.0.31 2009-01-12 180 * Policy module compression (bzip) support from Dan Walsh. 181 * Hard link files between tmp/active/previous from Dan Walsh. 182 183 2.0.30 2008-11-12 184 * Add semanage_mls_enabled() interface from Stephen Smalley. 185 186 2.0.29 2008-11-11 187 * Add USER to lines to homedir_template context file from Chris PeBenito. 188 189 2.0.28 2008-09-15 190 * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh 191 192 2.0.27 2008-08-05 193 * Modify genhomedircon to skip %groupname entries. 194 Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax. 195 196 2.0.26 2008-07-29 197 * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. 198 Strip any trailing slash before appending /*$. 199 200 2.0.25 2008-04-21 201 * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley. 202 Fixes semanage boolean -D seg fault (bug 441379). 203 204 2.0.24 2008-02-26 205 * make swigify 206 207 2.0.23 2008-02-04 208 * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller. 209 210 2.0.22 2008-02-04 211 * Free policydb before fork from Joshua Brindle. 212 213 2.0.21 2008-02-04 214 * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley. 215 216 2.0.12 2008-02-02 217 * Use sepol_set_expand_consume_base to reduce peak memory usage when 218 using semodule from Joshua Brindle. 219 220 2.0.19 2008-01-31 221 * Fix genhomedircon to not override a file context with a homedir context from Todd Miller. 222 223 2.0.18 2008-01-28 224 * Fix spurious out of memory error reports. 225 226 2.0.17 2008-01-25 227 * Merged second version of fix for genhomedircon handling from Caleb Case. 228 229 2.0.16 2008-01-24 230 * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case. 231 232 2.0.15 2007-12-05 233 * Fix genhomedircon handling of shells and missing user context template from Dan Walsh. 234 * Copy the store path in semanage_select_store from Dan Walsh. 235 236 2.0.14 2007-11-05 237 * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley. 238 239 2.0.13 2007-11-05 240 * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. 241 242 2.0.12 2007-10-05 243 * ustr cleanups from James Antill. 244 * Ensure that /root gets labeled even if using the default context from Dan Walsh. 245 246 2.0.11 2007-09-28 247 * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh. 248 249 2.0.10 2007-09-28 250 * Fix error checking on getpw*_r functions from Todd Miller. 251 * Make genhomedircon skip invalid homedir contexts from Todd Miller. 252 * Set default user and prefix from seusers from Dan Walsh. 253 * Add swigify Makefile target from Dan Walsh. 254 255 2.0.9 2007-09-24 256 * Pass CFLAGS to CC even on link command, per Dennis Gilmore. 257 258 2.0.8 2007-09-19 259 * Clear errno on non-fatal errors to avoid reporting them upon a 260 later error that does not set errno. 261 262 2.0.7 2007-09-19 263 * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley. 264 265 2.0.6 2007-09-10 266 * Change to use getpw* function calls to the _r versions from Todd Miller. 267 268 2.0.5 2007-08-23 269 * Replace genhomedircon script with equivalent functionality within 270 libsemanage and introduce disable-genhomedircon option in 271 semanage.conf from Todd Miller. 272 Note: Depends on ustr. 273 274 2.0.4 2007-08-16 275 * Allow dontaudits to be turned off via semanage interface when 276 updating policy from Joshua Brindle. 277 278 2.0.3 2007-04-25 279 * Fix to libsemanage man patches so whatis will work better from Dan Walsh 280 281 2.0.2 2007-04-24 282 * Merged optimizations from Stephen Smalley. 283 - do not set all booleans upon commit, only those whose values have changed 284 - only install the sandbox upon commit if something was rebuilt 285 286 2.0.1 2007-03-12 287 * Merged dbase_file_flush patch from Dan Walsh. 288 This removes any mention of specific tools (e.g. semanage) 289 from the comment header of the auto-generated files, 290 since there are multiple front-end tools. 291 292 2.0.0 2007-02-20 293 * Merged Makefile test target patch from Caleb Case. 294 * Merged get_commit_number function rename patch from Caleb Case. 295 * Merged strnlen -> strlen patch from Todd Miller. 296 297 1.10.1 2007-01-26 298 * Merged python binding fix from Dan Walsh. 299 300 1.10.0 2007-01-18 301 * Updated version for stable branch. 302 303 1.9.2 2007-01-08 304 * Merged patch to optionally reduce disk usage by removing 305 the backup module store and linked policy from Karl MacMillan 306 * Merged patch to correctly propagate return values in libsemanage 307 308 1.9.1 2006-11-27 309 * Merged patch to compile wit -fPIC instead of -fpic from 310 Manoj Srivastava to prevent hitting the global offest table 311 limit. Patch changed to include libselinux and libsemanage in 312 addition to libsepol. 313 314 1.8 2006-10-17 315 * Updated version for release. 316 317 1.6.17 2006-09-29 318 * Merged patch to skip reload if no active store exists and 319 the store path doesn't match the active store path from Dan Walsh. 320 * Merged patch to not destroy sepol handle on error path of 321 connect from James Athey. 322 * Merged patch to add genhomedircon path to semanage.conf from 323 James Athey. 324 325 1.6.16 2006-08-14 326 * Make most copy errors fatal, but allow exceptions for 327 file_contexts.local, seusers, and netfilter_contexts if 328 the source file does not exist in the store. 329 330 1.6.15 2006-08-11 331 * Merged separate local file contexts patch from Chris PeBenito. 332 333 1.6.14 2006-08-11 334 * Merged patch to make most copy errors non-fatal from Dan Walsh. 335 336 1.6.13 2006-08-03 337 * Merged netfilter contexts support from Chris PeBenito. 338 339 1.6.12 2006-07-11 340 * Merged support for read operations on read-only fs from 341 Caleb Case (Tresys Technology). 342 343 1.6.11 2006-06-29 344 * Lindent. 345 346 1.6.10 2006-06-26 347 * Merged setfiles location check patch from Dan Walsh. 348 349 1.6.9 2006-06-16 350 * Merged several fixes from Serge Hallyn: 351 dbase_file_cache: deref of uninit data on error path. 352 dbase_policydb_cache: clear fp to avoid double fclose 353 semanage_fc_sort: destroy temp on error paths 354 355 1.6.8 2006-06-02 356 * Updated default location for setfiles to /sbin to 357 match policycoreutils. This can also be adjusted via 358 semanage.conf using the syntax: 359 [setfiles] 360 path = /path/to/setfiles 361 args = -q -c $@ $< 362 [end] 363 364 1.6.7 2006-05-05 365 * Merged fix warnings patch from Karl MacMillan. 366 367 1.6.6 2006-04-14 368 * Merged updated file context sorting patch from Christopher 369 Ashworth, with bug fix for escaped character flag. 370 371 1.6.5 2006-04-13 372 * Merged file context sorting code from Christopher Ashworth 373 (Tresys Technology), based on fc_sort.c code in refpolicy. 374 375 1.6.4 2006-04-12 376 * Merged python binding t_output_helper removal patch from Dan Walsh. 377 * Regenerated swig files. 378 379 1.6.3 2006-03-30 380 * Merged corrected fix for descriptor leak from Dan Walsh. 381 382 1.6.2 2006-03-20 383 * Merged Makefile PYLIBVER definition patch from Dan Walsh. 384 385 1.6.1 2006-03-20 386 * Merged man page reorganization from Ivan Gyurdiev. 387 388 1.6 2006-03-14 389 * Updated version for release. 390 391 1.5.31 2006-03-09 392 * Merged abort early on merge errors patch from Ivan Gyurdiev. 393 394 1.5.30 2006-03-08 395 * Cleaned up error handling in semanage_split_fc based on a patch 396 by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. 397 398 1.5.29 2006-02-21 399 * Merged MLS handling fixes from Ivan Gyurdiev. 400 401 1.5.28 2006-02-16 402 * Merged bug fix for fcontext validate handler from Ivan Gyurdiev. 403 404 1.5.27 2006-02-16 405 * Merged base_merge_components changes from Ivan Gyurdiev. 406 407 1.5.26 2006-02-15 408 * Merged paths array patch from Ivan Gyurdiev. 409 * Merged bug fix patch from Ivan Gyurdiev. 410 411 1.5.25 2006-02-14 412 * Merged improve bindings patch from Ivan Gyurdiev. 413 414 1.5.24 2006-02-14 415 * Merged use PyList patch from Ivan Gyurdiev. 416 * Merged memory leak fix patch from Ivan Gyurdiev. 417 * Merged nodecon support patch from Ivan Gyurdiev. 418 * Merged cleanups patch from Ivan Gyurdiev. 419 * Merged split swig patch from Ivan Gyurdiev. 420 421 1.5.23 2006-02-13 422 * Merged optionals in base patch from Joshua Brindle. 423 424 1.5.22 2006-02-13 425 * Merged treat seusers/users_extra as optional sections patch from 426 Ivan Gyurdiev. 427 * Merged parse_optional fixes from Ivan Gyurdiev. 428 429 1.5.21 2006-02-07 430 * Merged seuser/user_extra support patch from Joshua Brindle. 431 * Merged remote system dbase patch from Ivan Gyurdiev. 432 433 1.5.20 2006-02-02 434 * Merged clone record on set_con patch from Ivan Gyurdiev. 435 436 1.5.19 2006-01-30 437 * Merged fname parameter patch from Ivan Gyurdiev. 438 * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev. 439 * Merged seusers.system patch from Ivan Gyurdiev. 440 * Merged improve port/fcontext API patch from Ivan Gyurdiev. 441 442 1.5.18 2006-01-27 443 * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev. 444 445 1.5.17 2006-01-27 446 * Merged set_create_store, access_check, and is_connected interfaces 447 from Joshua Brindle. 448 449 1.5.16 2006-01-19 450 * Regenerate python wrappers. 451 452 1.5.15 2006-01-18 453 * Merged pywrap Makefile diff from Dan Walsh. 454 * Merged cache management patch from Ivan Gyurdiev. 455 * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev. 456 * Merged remove apply_local function patch from Ivan Gyurdiev. 457 * Merged only do read locking in direct case patch from Ivan Gyurdiev. 458 * Merged cache error path memory leak fix from Ivan Gyurdiev. 459 * Merged auto-generated file header patch from Ivan Gyurdiev. 460 * Merged pywrap test update from Ivan Gyurdiev. 461 * Merged hidden defs update from Ivan Gyurdiev. 462 463 1.5.14 2006-01-13 464 * Merged disallow port overlap patch from Ivan Gyurdiev. 465 466 1.5.13 2006-01-12 467 * Merged join prereq and implementation patches from Ivan Gyurdiev. 468 * Merged join user extra data part 2 patch from Ivan Gyurdiev. 469 * Merged bugfix patch from Ivan Gyurdiev. 470 471 1.5.12 2006-01-12 472 * Merged remove add_local/set_local patch from Ivan Gyurdiev. 473 * Merged user extra data part 1 patch from Ivan Gyurdiev. 474 * Merged size_t -> unsigned int patch from Ivan Gyurdiev. 475 * Merged calloc check in semanage_store patch from Ivan Gyurdiev, 476 bug noticed by Steve Grubb. 477 * Merged cleanups after add/set removal patch from Ivan Gyurdiev. 478 479 1.5.11 2006-01-09 480 * Merged fcontext compare fix from Ivan Gyurdiev. 481 482 1.5.10 2006-01-06 483 * Fixed commit to return the commit number aka policy sequence number. 484 485 1.5.9 2006-01-06 486 * Merged const in APIs patch from Ivan Gyurdiev. 487 * Merged validation of local file contexts patch from Ivan Gyurdiev. 488 * Merged compare2 function patch from Ivan Gyurdiev. 489 * Merged hidden def/proto update patch from Ivan Gyurdiev. 490 491 1.5.8 2006-01-05 492 * Re-applied string and file optimization patch from Russell Coker, 493 with bug fix. 494 495 1.5.7 2006-01-05 496 * Reverted string and file optimization patch from Russell Coker. 497 498 1.5.6 2006-01-05 499 * Clarified error messages from parse_module_headers and 500 parse_base_headers for base/module mismatches. 501 502 1.5.5 2006-01-05 503 * Merged string and file optimization patch from Russell Coker. 504 * Merged swig header reordering patch from Ivan Gyurdiev. 505 * Merged toggle modify on add patch from Ivan Gyurdiev. 506 * Merged ports parser bugfix patch from Ivan Gyurdiev. 507 * Merged fcontext swig patch from Ivan Gyurdiev. 508 * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. 509 * Merged man pages for dbase functions patch from Ivan Gyurdiev. 510 * Merged pywrap tests patch from Ivan Gyurdiev. 511 512 1.5.4 2006-01-04 513 * Merged patch series from Ivan Gyurdiev. 514 This includes patches to: 515 - separate file rw code from linked list 516 - annotate objects 517 - fold together internal headers 518 - support ordering of records in compare function 519 - add active dbase backend, active booleans 520 - return commit numbers for ro database calls 521 - use modified flags to skip rebuild whenever possible 522 - enable port interfaces 523 - update swig interfaces and typemaps 524 - add an API for file_contexts.local and file_contexts 525 - flip the traversal order in iterate/list 526 - reorganize sandbox_expand 527 - add seusers MLS validation 528 - improve dbase spec/documentation 529 - clone record on set/add/modify 530 531 1.5.3 2005-12-14 532 * Merged further header cleanups from Ivan Gyurdiev. 533 534 1.5.2 2005-12-13 535 * Merged toggle modified flag in policydb_modify, fix memory leak 536 in clear_obsolete, polymorphism vs headers fix, and include guards 537 for internal headers patches from Ivan Gyurdiev. 538 539 1.5.1 2005-12-12 540 * Added file-mode= setting to semanage.conf, default to 0644. 541 Changed semanage_copy_file and callers to use this mode when 542 installing policy files to runtime locations. 543 544 1.4 2005-12-07 545 * Updated version for release. 546 547 1.3.64 2005-12-06 548 * Changed semanage_handle_create() to set do_reload based on 549 is_selinux_enabled(). This prevents improper attempts to 550 load policy on a non-SELinux system. 551 552 1.3.63 2005-12-05 553 * Dropped handle from user_del_role interface. 554 555 1.3.62 2005-12-05 556 * Removed defrole interfaces. 557 558 1.3.61 2005-11-29 559 * Merged Makefile python definitions patch from Dan Walsh. 560 561 1.3.60 2005-11-29 562 * Removed is_selinux_mls_enabled() conditionals in seusers and users 563 file parsers. 564 565 1.3.59 2005-11-28 566 * Merged wrap char*** for user_get_roles patch from Joshua Brindle. 567 568 1.3.58 2005-11-28 569 * Merged remove defrole from sepol patch from Ivan Gyurdiev. 570 571 1.3.57 2005-11-28 572 * Merged swig wrappers for modifying users and seusers from Joshua Brindle. 573 574 1.3.56 2005-11-16 575 * Fixed free->key_free bug. 576 577 1.3.55 2005-11-16 578 * Merged clear obsolete patch from Ivan Gyurdiev. 579 580 1.3.54 2005-11-15 581 * Merged modified swigify patch from Dan Walsh 582 (original patch from Joshua Brindle). 583 * Merged move genhomedircon call patch from Chad Sellers. 584 585 1.3.53 2005-11-10 586 * Merged move seuser validation patch from Ivan Gyurdiev. 587 * Merged hidden declaration fixes from Ivan Gyurdiev, 588 with minor corrections. 589 590 1.3.52 2005-11-09 591 * Merged cleanup patch from Ivan Gyurdiev. 592 This renames semanage_module_conn to semanage_direct_handle, 593 and moves sepol handle create/destroy into semanage handle 594 create/destroy to allow use even when disconnected (for the 595 record interfaces). 596 597 1.3.51 2005-11-08 598 * Clear modules modified flag upon disconnect and commit. 599 600 1.3.50 2005-11-08 601 * Added tracking of module modifications and use it to 602 determine whether expand-time checks should be applied 603 on commit. 604 605 1.3.49 2005-11-08 606 * Reverted semanage_set_reload_bools() interface. 607 608 1.3.48 2005-11-08 609 * Disabled calls to port dbase for merge and commit and stubbed 610 out calls to sepol_port interfaces since they are not exported. 611 612 1.3.47 2005-11-08 613 * Merged rename instead of copy patch from Joshua Brindle (Tresys). 614 615 1.3.46 2005-11-07 616 * Added hidden_def/hidden_proto for exported symbols used within 617 libsemanage to eliminate relocations. Wrapped type definitions 618 in exported headers as needed to avoid conflicts. Added 619 src/context_internal.h and src/iface_internal.h. 620 621 1.3.45 2005-11-07 622 * Added semanage_is_managed() interface to allow detection of whether 623 the policy is managed via libsemanage. This enables proper handling 624 in setsebool for non-managed systems. 625 626 1.3.44 2005-11-07 627 * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, 628 to enable runtime control over preserving active boolean values 629 versus reloading their saved settings upon commit. 630 631 1.3.43 2005-11-04 632 * Merged seuser parser resync, dbase tracking and cleanup, strtol 633 bug, copyright, and assert space patches from Ivan Gyurdiev. 634 635 1.3.42 2005-11-04 636 * Added src/*_internal.h in preparation for other changes. 637 * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and 638 src/seusers.[hc]. 639 640 1.3.41 2005-11-03 641 * Merged interface parse/print, context_to_string interface change, 642 move assert_noeof, and order preserving patches from Ivan Gyurdiev. 643 * Added src/dso.h in preparation for other changes. 644 645 1.3.40 2005-11-01 646 * Merged install seusers, handle/error messages, MLS parsing, 647 and seusers validation patches from Ivan Gyurdiev. 648 649 1.3.39 2005-10-31 650 * Merged record interface, dbase flush, common database code, 651 and record bugfix patches from Ivan Gyurdiev. 652 653 1.3.38 2005-10-27 654 * Merged dbase policydb list and count change from Ivan Gyurdiev. 655 656 1.3.37 2005-10-27 657 * Merged enable dbase and set relay patches from Ivan Gyurdiev. 658 659 1.3.36 2005-10-27 660 * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev. 661 662 1.3.35 2005-10-26 663 * Merged sepol handle passing, seusers support, and policydb cache 664 patches from Ivan Gyurdiev. 665 666 1.3.34 2005-10-25 667 * Merged resync to sepol changes and booleans fixes/improvements 668 patches from Ivan Gyurdiev. 669 670 1.3.33 2005-10-25 671 * Merged support for genhomedircon/homedir template, store selection, 672 explicit policy reload, and semanage.conf relocation from Joshua 673 Brindle. 674 675 1.3.32 2005-10-24 676 * Merged resync to sepol changes and transaction fix patches from 677 Ivan Gyurdiev. 678 679 1.3.31 2005-10-21 680 * Merged reorganize users patch from Ivan Gyurdiev. 681 * Merged remove unused relay functions patch from Ivan Gyurdiev. 682 683 1.3.30 2005-10-20 684 * Fixed policy file leaks in semanage_load_module and 685 semanage_write_module. 686 * Merged further database work from Ivan Gyurdiev. 687 688 1.3.29 2005-10-20 689 * Fixed bug in semanage_direct_disconnect. 690 691 1.3.28 2005-10-20 692 * Merged interface renaming patch from Ivan Gyurdiev. 693 * Merged policy component patch from Ivan Gyurdiev. 694 695 1.3.27 2005-10-20 696 * Renamed 'check=' configuration value to 'expand-check=' for 697 clarity. 698 * Changed semanage_commit_sandbox to check for and report errors 699 on rename(2) calls performed during rollback. 700 701 1.3.26 2005-10-19 702 * Added optional check= configuration value to semanage.conf 703 and updated call to sepol_expand_module to pass its value 704 to control assertion and hierarchy checking on module expansion. 705 706 1.3.25 2005-10-19 707 * Merged fixes for make DESTDIR= builds from Joshua Brindle. 708 709 1.3.24 2005-10-19 710 * Merged default database from Ivan Gyurdiev. 711 * Merged removal of connect requirement in policydb backend from 712 Ivan Gyurdiev. 713 * Merged commit locking fix and lock rename from Joshua Brindle. 714 * Merged transaction rollback in lock patch from Joshua Brindle. 715 716 1.3.23 2005-10-18 717 * Changed default args for load_policy to be null, as it no longer 718 takes a pathname argument and we want to preserve booleans. 719 720 1.3.22 2005-10-18 721 * Merged move local dbase initialization patch from Ivan Gyurdiev. 722 * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. 723 * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. 724 725 1.3.21 2005-10-18 726 * Added calls to sepol_policy_file_set_handle interface prior 727 to invoking sepol operations on policy files. 728 * Updated call to sepol_policydb_from_image to pass the handle. 729 730 1.3.20 2005-10-17 731 * Merged user and port APIs - policy database patch from Ivan 732 Gyurdiev. 733 734 1.3.19 2005-10-17 735 * Converted calls to sepol link_packages and expand_module interfaces 736 from using buffers to using sepol handles for error reporting, and 737 changed direct_connect/disconnect to create/destroy sepol handles. 738 739 1.3.18 2005-10-14 740 * Merged bugfix patch from Ivan Gyurdiev. 741 742 1.3.17 2005-10-14 743 * Merged seuser database patch from Ivan Gyurdiev. 744 Merged direct user/port databases to the handle from Ivan Gyurdiev. 745 746 1.3.16 2005-10-14 747 * Removed obsolete include/semanage/commit_api.h (leftover). 748 Merged seuser record patch from Ivan Gyurdiev. 749 750 1.3.15 2005-10-14 751 * Merged boolean and interface databases from Ivan Gyurdiev. 752 753 1.3.14 2005-10-13 754 * Updated to use get interfaces for hidden sepol_module_package type. 755 756 1.3.13 2005-10-13 757 * Changed semanage_expand_sandbox and semanage_install_active 758 to generate/install the latest policy version supported by libsepol 759 by default (unless overridden by semanage.conf), since libselinux 760 will now downgrade automatically for load_policy. 761 762 1.3.12 2005-10-13 763 * Merged new callback-based error reporting system and ongoing 764 database work from Ivan Gyurdiev. 765 766 1.3.11 2005-10-11 767 * Fixed semanage_install_active() to use the same logic for 768 selecting a policy version as semanage_expand_sandbox(). Dropped 769 dead code from semanage_install_sandbox(). 770 771 1.3.10 2005-10-07 772 * Updated for changes to libsepol, and to only use types and interfaces 773 provided by the shared libsepol. 774 775 1.3.9 2005-10-06 776 * Merged further database work from Ivan Gyurdiev. 777 778 1.3.8 2005-10-04 779 * Merged iterate, redistribute, and dbase split patches from 780 Ivan Gyurdiev. 781 782 1.3.7 2005-09-30 783 * Merged patch series from Ivan Gyurdiev. 784 (pointer typedef elimination, file renames, dbase work, backend 785 separation) 786 787 1.3.6 2005-09-28 788 * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. 789 * Separated handle create from connect interface. 790 * Added a constructor for initialization. 791 * Moved up src/include/*.h to src. 792 * Created a symbol map file; dropped dso.h and hidden markings. 793 794 1.3.5 2005-09-28 795 * Merged major update to libsemanage organization and functionality 796 from Karl MacMillan (Tresys). 797 798 1.3.4 2005-09-23 799 * Merged dbase redesign patch from Ivan Gyurdiev. 800 801 1.3.3 2005-09-21 802 * Merged boolean record, stub record handler, and status codes 803 patches from Ivan Gyurdiev. 804 805 1.3.2 2005-09-16 806 * Merged stub iterator functionality from Ivan Gyurdiev. 807 * Merged interface record patch from Ivan Gyurdiev. 808 809 1.3.1 2005-09-14 810 * Merged stub functionality for managing user and port records, 811 and record table code from Ivan Gyurdiev. 812 813 1.2 2005-09-06 814 * Updated version for release. 815 816 1.1.6 2005-08-31 817 * Merged semod.conf template patch from Dan Walsh (Red Hat), 818 but restored location to /usr/share/semod/semod.conf. 819 820 1.1.5 2005-08-30 821 * Fixed several bugs found by valgrind. 822 * Fixed bug in prior patch for the semod_build_module_list leak. 823 824 1.1.4 2005-08-25 825 * Merged errno fix from Joshua Brindle (Tresys). 826 * Merged fix for semod_build_modules_list leak on error path 827 from Serge Hallyn (IBM). Bug found by Coverity. 828 829 1.1.3 2005-08-22 830 * Merged several fixes from Serge Hallyn (IBM). Bugs found by 831 Coverity. 832 * Fixed several other bugs and warnings. 833 834 1.1.2 2005-08-02 835 * Merged patch to move module read/write code from libsemanage 836 to libsepol from Jason Tang (Tresys). 837 838 1.1.1 2005-08-02 839 * Merged relay records patch from Ivan Gyurdiev. 840 * Merged key extract patch from Ivan Gyurdiev. 841 842 1.0 2005-07-27 843 * Initial version. 844
