1 2.5-rc1 2016-01-07 2 * semanage_migrate_store: Load libsepol.so.1 instead of libsepol.so, from Laurent Bigonville. 3 * Store homedir_template and users_extra in policy store, from Steve Lawrence 4 * Fix null pointer dereference in semanage_module_key_destroy, from Yuli Khodorkovskiy. 5 * Add semanage_module_extract() to extract a module as CIL or HLL, from Yuli Khodorkovskiy. 6 * semanage_migrate_store: add -r <root> option for migrating inside chroots, from Petr Lautrbach. 7 * Add file_contexts and seusers to the store, from Yuli Khodorkovskiy. 8 * Add policy binary and file_contexts.local to the store, from Yuli Khodorkovskiy. 9 * Allow to install compressed modules without a compression extension, 10 from Petr Lautrbach. 11 * Do not copy contexts in semanage_migrate_store, from Jason Zaman. 12 * Fix logic in bunzip for uncompressed pp files, from Thomas Hurd. 13 * Fix fname[] initialization in test_utilities.c, from Petr Lautrbach. 14 * Add remove-hll semanage.conf option to remove HLL files after 15 compilation to CIL, from Yuli Khodorkovskiy 16 * Fix memory leaks when parsing semanage.conf, from Yuli Khodorkovskiy 17 * Change bunzip to use heap instead of stack to prevent segfault on 18 systems with small stack size, from Thomas Hurd. 19 20 2.4 2015-02-02 21 * Fix Makefile to allow LIBDIR and SHLIBDIR to be set to different 22 directories, from Steve Lawrence 23 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. 24 * Add missing manpage links to security_load_policy, from Laurent 25 Bigonville. 26 * Fix failing libsemanage pywrap tests, from Nicolas Iooss 27 * Fix deprecation warning for bison, from Ilya Frolov 28 * Skip policy module relink when only setting booleans, from Stephen 29 Smalley 30 * Fix typo in tests makefile, from Caleb Case 31 * Only try to compile file contexts if they exist, from Steve Lawrence 32 * Fix memory leak when setting a custom store path, from Yuli 33 Khodorkovskiy 34 * Add semodule option to set store root path in semanage.conf and the 35 semodule command, from Yuli Khodorkovskiy 36 * Add semanage.conf option to set an alternative root path for policy 37 store, from Yuli Khodorkovskiy 38 * Add support for High Level Language (HLL) to CIL compilers. The HLL 39 compiler path is configurable, but should be placed in 40 /usr/libexec/selinux/hll by default, from Yuli Khodorkovskiy 41 * Create a policy migration script for migrating the policy store from 42 /etc/selinux to /var/lib/selinux, from Caleb Case 43 * Add python3 support to the migration script, from Jason Zaman 44 * Use libcil to compile modules, from Steve Lawrence 45 * Use symbolic versioning to maintain ABI compatibility for old install 46 functions, from Yuli Khodorkovskiy 47 * Add a target-platform option to semanage.conf to control how policies 48 are built, from Steve Lawrence 49 * Add API to handle modules and source policies, moving module store to 50 /var/lib/selinux, from Caleb Case 51 * Only try to compile file contexts if they exist, from Steve Lawrence 52 53 2.3 2014-05-06 54 * Fix memory leak in semanage_genhomedircon from Thomas Hurd. 55 56 2.2 2013-10-30 57 * Avoid duplicate list entries from Dan Walsh. 58 * Add audit support to libsemanage from Dan Walsh. 59 * Remove policy.kern and replace with symlink from Dan Walsh. 60 * Apply a MAX_UID check for genhomedircon from Laurent Bigonville. 61 * Fix man pages from Laurent Bigonville. 62 63 2.1.10 2013-02-01 64 * Add sefcontext_compile to compile regex everytime policy is rebuilt 65 * Cleanup/fix enable/disable/remove module. 66 * redo genhomedircon minuid 67 * fixes from coverity 68 * semanage_store: do not leak memory in semanage_exec_prog 69 * genhomedircon: remove useless conditional in get_home_dirs 70 * genhomedircon: double free in get_home_dirs 71 * fcontext_record: do not leak on error in semanage_fcontext_key_create 72 * genhomedircon: do not leak on failure in write_gen_home_dir_context 73 * semanage_store: do not leak fd 74 * genhomedircon: do not leak shells list 75 * semanage_store: do not leak on strdup failure 76 * semanage_store: rewrite for readability 77 78 2.1.9 2012-09-13 79 * libsemanage: do not set soname needlessly 80 * libsemanage: remove PYTHONLIBDIR and ruby equivalent 81 * do boolean name substitution 82 * Fix segfault for building standard policies. 83 84 2.1.8 2012-06-28 85 * remove build warning when build swig c files 86 * additional makefile support for rubywrap 87 * ignore 80 column limit for readability 88 * semanage_store: fix snprintf length argument by using asprintf 89 * Use default semanage.conf as a fallback 90 * use after free in python bindings 91 92 2.1.7 2012-03-28 93 * Alternate path for semanage.conf 94 * do not link against libpython, this is considered bad in Debian 95 * Allow to build for several ruby version 96 * fallback-user-level 97 98 2.1.6 2011-12-21 99 * add ignoredirs config for genhomedircon 100 * Fallback_user_level can be NULL if you are not using MLS 101 102 2.1.5 2011-11-03 103 * regenerate .pc on VERSION change 104 * maintain mode even if umask is tighter 105 * semanage.conf man page 106 * create man5dir if not exist 107 108 2.1.4 2011-09-15 109 * Create a new preserve_tunables flag 110 * tree: default make target to all not 111 * fix semanage_store_access_check calling arguments 112 113 2.1.3 2011-08-26 114 * python wrapper makefile changes 115 116 2.1.2 2011-08-17 117 * print error debug info for buggy fc 118 * introduce semanage_set_root and friends 119 * throw exceptions in python rather than return 120 * python3 support. 121 * patch for MCS/MLS in user files 122 123 2.1.1 2011-08-01 124 * Remove generated files, expand .gitignore 125 * Use -Werror and change a few prototypes to support it 126 127 2.1.0 2011-07-27 128 * Release, minor version bump 129 130 2.0.46 2010-12-16 131 * Fix compliation under GCC 4.6 by Justin Mattock 132 133 2.0.45 2010-03-06 134 * Add enable/disable patch support from Dan Walsh. 135 * Add usepasswd flag to semanage.conf to disable genhomedircon using 136 passwd from Dan Walsh. 137 * regenerate swig wrappers 138 139 2.0.44 2010-02-02 140 * Replace usage of fmemopen() with sepol_policy_file_set_mem() since 141 glibc < 2.9 does not support binary mode ('b') for fmemopen'd 142 streams. 143 144 2.0.43 2009-11-27 145 * Move libsemanage.so to /usr/lib 146 * Add NAME lines to man pages from Manoj Srivastava<srivasta (a] debian.org> 147 148 2.0.42 2009-11-18 149 * Move load_policy from /usr/sbin to /sbin from Dan Walsh. 150 151 2.0.41 2009-10-29 152 * Add pkgconfig file from Eamon Walsh. 153 154 2.0.40 2009-10-22 155 * Add semanage_set_check_contexts() function to disable calling 156 setfiles 157 158 2.0.39 2009-09-24 159 * make swigify 160 161 2.0.38 2009-09-16 162 * Change semodule upgrade behavior to install even if the module 163 is not present from Dan Walsh. 164 * Make genhomedircon trim excess '/' from homedirs from Dan Walsh. 165 166 2.0.37 2009-09-04 167 * Fix persistent dontaudit support to rebuild policy if the 168 dontaudit state is changed from Chad Sellers. 169 170 2.0.36 2009-08-24 171 * Changed bzip-blocksize=0 handling to support existing compressed 172 modules in the store. 173 174 2.0.35 2009-08-05 175 * Revert hard linking of files between tmp/active/previous. 176 177 2.0.34 2009-08-05 178 * Enable configuration of bzip behavior from Stephen Smalley. 179 bzip-blocksize=0 to disable compression and decompression support. 180 bzip-blocksize=1..9 to set the blocksize for compression. 181 bzip-small=true to reduce memory usage for decompression. 182 183 2.0.33 2009-07-07 184 * Maintain disable dontaudit state from Christopher Pardy. 185 186 2.0.32 2009-05-28 187 * Ruby bindings from David Quigley. 188 189 2.0.31 2009-01-12 190 * Policy module compression (bzip) support from Dan Walsh. 191 * Hard link files between tmp/active/previous from Dan Walsh. 192 193 2.0.30 2008-11-12 194 * Add semanage_mls_enabled() interface from Stephen Smalley. 195 196 2.0.29 2008-11-11 197 * Add USER to lines to homedir_template context file from Chris PeBenito. 198 199 2.0.28 2008-09-15 200 * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh 201 202 2.0.27 2008-08-05 203 * Modify genhomedircon to skip %groupname entries. 204 Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax. 205 206 2.0.26 2008-07-29 207 * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. 208 Strip any trailing slash before appending /*$. 209 210 2.0.25 2008-04-21 211 * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley. 212 Fixes semanage boolean -D seg fault (bug 441379). 213 214 2.0.24 2008-02-26 215 * make swigify 216 217 2.0.23 2008-02-04 218 * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller. 219 220 2.0.22 2008-02-04 221 * Free policydb before fork from Joshua Brindle. 222 223 2.0.21 2008-02-04 224 * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley. 225 226 2.0.12 2008-02-02 227 * Use sepol_set_expand_consume_base to reduce peak memory usage when 228 using semodule from Joshua Brindle. 229 230 2.0.19 2008-01-31 231 * Fix genhomedircon to not override a file context with a homedir context from Todd Miller. 232 233 2.0.18 2008-01-28 234 * Fix spurious out of memory error reports. 235 236 2.0.17 2008-01-25 237 * Merged second version of fix for genhomedircon handling from Caleb Case. 238 239 2.0.16 2008-01-24 240 * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case. 241 242 2.0.15 2007-12-05 243 * Fix genhomedircon handling of shells and missing user context template from Dan Walsh. 244 * Copy the store path in semanage_select_store from Dan Walsh. 245 246 2.0.14 2007-11-05 247 * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley. 248 249 2.0.13 2007-11-05 250 * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. 251 252 2.0.12 2007-10-05 253 * ustr cleanups from James Antill. 254 * Ensure that /root gets labeled even if using the default context from Dan Walsh. 255 256 2.0.11 2007-09-28 257 * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh. 258 259 2.0.10 2007-09-28 260 * Fix error checking on getpw*_r functions from Todd Miller. 261 * Make genhomedircon skip invalid homedir contexts from Todd Miller. 262 * Set default user and prefix from seusers from Dan Walsh. 263 * Add swigify Makefile target from Dan Walsh. 264 265 2.0.9 2007-09-24 266 * Pass CFLAGS to CC even on link command, per Dennis Gilmore. 267 268 2.0.8 2007-09-19 269 * Clear errno on non-fatal errors to avoid reporting them upon a 270 later error that does not set errno. 271 272 2.0.7 2007-09-19 273 * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley. 274 275 2.0.6 2007-09-10 276 * Change to use getpw* function calls to the _r versions from Todd Miller. 277 278 2.0.5 2007-08-23 279 * Replace genhomedircon script with equivalent functionality within 280 libsemanage and introduce disable-genhomedircon option in 281 semanage.conf from Todd Miller. 282 Note: Depends on ustr. 283 284 2.0.4 2007-08-16 285 * Allow dontaudits to be turned off via semanage interface when 286 updating policy from Joshua Brindle. 287 288 2.0.3 2007-04-25 289 * Fix to libsemanage man patches so whatis will work better from Dan Walsh 290 291 2.0.2 2007-04-24 292 * Merged optimizations from Stephen Smalley. 293 - do not set all booleans upon commit, only those whose values have changed 294 - only install the sandbox upon commit if something was rebuilt 295 296 2.0.1 2007-03-12 297 * Merged dbase_file_flush patch from Dan Walsh. 298 This removes any mention of specific tools (e.g. semanage) 299 from the comment header of the auto-generated files, 300 since there are multiple front-end tools. 301 302 2.0.0 2007-02-20 303 * Merged Makefile test target patch from Caleb Case. 304 * Merged get_commit_number function rename patch from Caleb Case. 305 * Merged strnlen -> strlen patch from Todd Miller. 306 307 1.10.1 2007-01-26 308 * Merged python binding fix from Dan Walsh. 309 310 1.10.0 2007-01-18 311 * Updated version for stable branch. 312 313 1.9.2 2007-01-08 314 * Merged patch to optionally reduce disk usage by removing 315 the backup module store and linked policy from Karl MacMillan 316 * Merged patch to correctly propagate return values in libsemanage 317 318 1.9.1 2006-11-27 319 * Merged patch to compile wit -fPIC instead of -fpic from 320 Manoj Srivastava to prevent hitting the global offest table 321 limit. Patch changed to include libselinux and libsemanage in 322 addition to libsepol. 323 324 1.8 2006-10-17 325 * Updated version for release. 326 327 1.6.17 2006-09-29 328 * Merged patch to skip reload if no active store exists and 329 the store path doesn't match the active store path from Dan Walsh. 330 * Merged patch to not destroy sepol handle on error path of 331 connect from James Athey. 332 * Merged patch to add genhomedircon path to semanage.conf from 333 James Athey. 334 335 1.6.16 2006-08-14 336 * Make most copy errors fatal, but allow exceptions for 337 file_contexts.local, seusers, and netfilter_contexts if 338 the source file does not exist in the store. 339 340 1.6.15 2006-08-11 341 * Merged separate local file contexts patch from Chris PeBenito. 342 343 1.6.14 2006-08-11 344 * Merged patch to make most copy errors non-fatal from Dan Walsh. 345 346 1.6.13 2006-08-03 347 * Merged netfilter contexts support from Chris PeBenito. 348 349 1.6.12 2006-07-11 350 * Merged support for read operations on read-only fs from 351 Caleb Case (Tresys Technology). 352 353 1.6.11 2006-06-29 354 * Lindent. 355 356 1.6.10 2006-06-26 357 * Merged setfiles location check patch from Dan Walsh. 358 359 1.6.9 2006-06-16 360 * Merged several fixes from Serge Hallyn: 361 dbase_file_cache: deref of uninit data on error path. 362 dbase_policydb_cache: clear fp to avoid double fclose 363 semanage_fc_sort: destroy temp on error paths 364 365 1.6.8 2006-06-02 366 * Updated default location for setfiles to /sbin to 367 match policycoreutils. This can also be adjusted via 368 semanage.conf using the syntax: 369 [setfiles] 370 path = /path/to/setfiles 371 args = -q -c $@ $< 372 [end] 373 374 1.6.7 2006-05-05 375 * Merged fix warnings patch from Karl MacMillan. 376 377 1.6.6 2006-04-14 378 * Merged updated file context sorting patch from Christopher 379 Ashworth, with bug fix for escaped character flag. 380 381 1.6.5 2006-04-13 382 * Merged file context sorting code from Christopher Ashworth 383 (Tresys Technology), based on fc_sort.c code in refpolicy. 384 385 1.6.4 2006-04-12 386 * Merged python binding t_output_helper removal patch from Dan Walsh. 387 * Regenerated swig files. 388 389 1.6.3 2006-03-30 390 * Merged corrected fix for descriptor leak from Dan Walsh. 391 392 1.6.2 2006-03-20 393 * Merged Makefile PYLIBVER definition patch from Dan Walsh. 394 395 1.6.1 2006-03-20 396 * Merged man page reorganization from Ivan Gyurdiev. 397 398 1.6 2006-03-14 399 * Updated version for release. 400 401 1.5.31 2006-03-09 402 * Merged abort early on merge errors patch from Ivan Gyurdiev. 403 404 1.5.30 2006-03-08 405 * Cleaned up error handling in semanage_split_fc based on a patch 406 by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. 407 408 1.5.29 2006-02-21 409 * Merged MLS handling fixes from Ivan Gyurdiev. 410 411 1.5.28 2006-02-16 412 * Merged bug fix for fcontext validate handler from Ivan Gyurdiev. 413 414 1.5.27 2006-02-16 415 * Merged base_merge_components changes from Ivan Gyurdiev. 416 417 1.5.26 2006-02-15 418 * Merged paths array patch from Ivan Gyurdiev. 419 * Merged bug fix patch from Ivan Gyurdiev. 420 421 1.5.25 2006-02-14 422 * Merged improve bindings patch from Ivan Gyurdiev. 423 424 1.5.24 2006-02-14 425 * Merged use PyList patch from Ivan Gyurdiev. 426 * Merged memory leak fix patch from Ivan Gyurdiev. 427 * Merged nodecon support patch from Ivan Gyurdiev. 428 * Merged cleanups patch from Ivan Gyurdiev. 429 * Merged split swig patch from Ivan Gyurdiev. 430 431 1.5.23 2006-02-13 432 * Merged optionals in base patch from Joshua Brindle. 433 434 1.5.22 2006-02-13 435 * Merged treat seusers/users_extra as optional sections patch from 436 Ivan Gyurdiev. 437 * Merged parse_optional fixes from Ivan Gyurdiev. 438 439 1.5.21 2006-02-07 440 * Merged seuser/user_extra support patch from Joshua Brindle. 441 * Merged remote system dbase patch from Ivan Gyurdiev. 442 443 1.5.20 2006-02-02 444 * Merged clone record on set_con patch from Ivan Gyurdiev. 445 446 1.5.19 2006-01-30 447 * Merged fname parameter patch from Ivan Gyurdiev. 448 * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev. 449 * Merged seusers.system patch from Ivan Gyurdiev. 450 * Merged improve port/fcontext API patch from Ivan Gyurdiev. 451 452 1.5.18 2006-01-27 453 * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev. 454 455 1.5.17 2006-01-27 456 * Merged set_create_store, access_check, and is_connected interfaces 457 from Joshua Brindle. 458 459 1.5.16 2006-01-19 460 * Regenerate python wrappers. 461 462 1.5.15 2006-01-18 463 * Merged pywrap Makefile diff from Dan Walsh. 464 * Merged cache management patch from Ivan Gyurdiev. 465 * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev. 466 * Merged remove apply_local function patch from Ivan Gyurdiev. 467 * Merged only do read locking in direct case patch from Ivan Gyurdiev. 468 * Merged cache error path memory leak fix from Ivan Gyurdiev. 469 * Merged auto-generated file header patch from Ivan Gyurdiev. 470 * Merged pywrap test update from Ivan Gyurdiev. 471 * Merged hidden defs update from Ivan Gyurdiev. 472 473 1.5.14 2006-01-13 474 * Merged disallow port overlap patch from Ivan Gyurdiev. 475 476 1.5.13 2006-01-12 477 * Merged join prereq and implementation patches from Ivan Gyurdiev. 478 * Merged join user extra data part 2 patch from Ivan Gyurdiev. 479 * Merged bugfix patch from Ivan Gyurdiev. 480 481 1.5.12 2006-01-12 482 * Merged remove add_local/set_local patch from Ivan Gyurdiev. 483 * Merged user extra data part 1 patch from Ivan Gyurdiev. 484 * Merged size_t -> unsigned int patch from Ivan Gyurdiev. 485 * Merged calloc check in semanage_store patch from Ivan Gyurdiev, 486 bug noticed by Steve Grubb. 487 * Merged cleanups after add/set removal patch from Ivan Gyurdiev. 488 489 1.5.11 2006-01-09 490 * Merged fcontext compare fix from Ivan Gyurdiev. 491 492 1.5.10 2006-01-06 493 * Fixed commit to return the commit number aka policy sequence number. 494 495 1.5.9 2006-01-06 496 * Merged const in APIs patch from Ivan Gyurdiev. 497 * Merged validation of local file contexts patch from Ivan Gyurdiev. 498 * Merged compare2 function patch from Ivan Gyurdiev. 499 * Merged hidden def/proto update patch from Ivan Gyurdiev. 500 501 1.5.8 2006-01-05 502 * Re-applied string and file optimization patch from Russell Coker, 503 with bug fix. 504 505 1.5.7 2006-01-05 506 * Reverted string and file optimization patch from Russell Coker. 507 508 1.5.6 2006-01-05 509 * Clarified error messages from parse_module_headers and 510 parse_base_headers for base/module mismatches. 511 512 1.5.5 2006-01-05 513 * Merged string and file optimization patch from Russell Coker. 514 * Merged swig header reordering patch from Ivan Gyurdiev. 515 * Merged toggle modify on add patch from Ivan Gyurdiev. 516 * Merged ports parser bugfix patch from Ivan Gyurdiev. 517 * Merged fcontext swig patch from Ivan Gyurdiev. 518 * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. 519 * Merged man pages for dbase functions patch from Ivan Gyurdiev. 520 * Merged pywrap tests patch from Ivan Gyurdiev. 521 522 1.5.4 2006-01-04 523 * Merged patch series from Ivan Gyurdiev. 524 This includes patches to: 525 - separate file rw code from linked list 526 - annotate objects 527 - fold together internal headers 528 - support ordering of records in compare function 529 - add active dbase backend, active booleans 530 - return commit numbers for ro database calls 531 - use modified flags to skip rebuild whenever possible 532 - enable port interfaces 533 - update swig interfaces and typemaps 534 - add an API for file_contexts.local and file_contexts 535 - flip the traversal order in iterate/list 536 - reorganize sandbox_expand 537 - add seusers MLS validation 538 - improve dbase spec/documentation 539 - clone record on set/add/modify 540 541 1.5.3 2005-12-14 542 * Merged further header cleanups from Ivan Gyurdiev. 543 544 1.5.2 2005-12-13 545 * Merged toggle modified flag in policydb_modify, fix memory leak 546 in clear_obsolete, polymorphism vs headers fix, and include guards 547 for internal headers patches from Ivan Gyurdiev. 548 549 1.5.1 2005-12-12 550 * Added file-mode= setting to semanage.conf, default to 0644. 551 Changed semanage_copy_file and callers to use this mode when 552 installing policy files to runtime locations. 553 554 1.4 2005-12-07 555 * Updated version for release. 556 557 1.3.64 2005-12-06 558 * Changed semanage_handle_create() to set do_reload based on 559 is_selinux_enabled(). This prevents improper attempts to 560 load policy on a non-SELinux system. 561 562 1.3.63 2005-12-05 563 * Dropped handle from user_del_role interface. 564 565 1.3.62 2005-12-05 566 * Removed defrole interfaces. 567 568 1.3.61 2005-11-29 569 * Merged Makefile python definitions patch from Dan Walsh. 570 571 1.3.60 2005-11-29 572 * Removed is_selinux_mls_enabled() conditionals in seusers and users 573 file parsers. 574 575 1.3.59 2005-11-28 576 * Merged wrap char*** for user_get_roles patch from Joshua Brindle. 577 578 1.3.58 2005-11-28 579 * Merged remove defrole from sepol patch from Ivan Gyurdiev. 580 581 1.3.57 2005-11-28 582 * Merged swig wrappers for modifying users and seusers from Joshua Brindle. 583 584 1.3.56 2005-11-16 585 * Fixed free->key_free bug. 586 587 1.3.55 2005-11-16 588 * Merged clear obsolete patch from Ivan Gyurdiev. 589 590 1.3.54 2005-11-15 591 * Merged modified swigify patch from Dan Walsh 592 (original patch from Joshua Brindle). 593 * Merged move genhomedircon call patch from Chad Sellers. 594 595 1.3.53 2005-11-10 596 * Merged move seuser validation patch from Ivan Gyurdiev. 597 * Merged hidden declaration fixes from Ivan Gyurdiev, 598 with minor corrections. 599 600 1.3.52 2005-11-09 601 * Merged cleanup patch from Ivan Gyurdiev. 602 This renames semanage_module_conn to semanage_direct_handle, 603 and moves sepol handle create/destroy into semanage handle 604 create/destroy to allow use even when disconnected (for the 605 record interfaces). 606 607 1.3.51 2005-11-08 608 * Clear modules modified flag upon disconnect and commit. 609 610 1.3.50 2005-11-08 611 * Added tracking of module modifications and use it to 612 determine whether expand-time checks should be applied 613 on commit. 614 615 1.3.49 2005-11-08 616 * Reverted semanage_set_reload_bools() interface. 617 618 1.3.48 2005-11-08 619 * Disabled calls to port dbase for merge and commit and stubbed 620 out calls to sepol_port interfaces since they are not exported. 621 622 1.3.47 2005-11-08 623 * Merged rename instead of copy patch from Joshua Brindle (Tresys). 624 625 1.3.46 2005-11-07 626 * Added hidden_def/hidden_proto for exported symbols used within 627 libsemanage to eliminate relocations. Wrapped type definitions 628 in exported headers as needed to avoid conflicts. Added 629 src/context_internal.h and src/iface_internal.h. 630 631 1.3.45 2005-11-07 632 * Added semanage_is_managed() interface to allow detection of whether 633 the policy is managed via libsemanage. This enables proper handling 634 in setsebool for non-managed systems. 635 636 1.3.44 2005-11-07 637 * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, 638 to enable runtime control over preserving active boolean values 639 versus reloading their saved settings upon commit. 640 641 1.3.43 2005-11-04 642 * Merged seuser parser resync, dbase tracking and cleanup, strtol 643 bug, copyright, and assert space patches from Ivan Gyurdiev. 644 645 1.3.42 2005-11-04 646 * Added src/*_internal.h in preparation for other changes. 647 * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and 648 src/seusers.[hc]. 649 650 1.3.41 2005-11-03 651 * Merged interface parse/print, context_to_string interface change, 652 move assert_noeof, and order preserving patches from Ivan Gyurdiev. 653 * Added src/dso.h in preparation for other changes. 654 655 1.3.40 2005-11-01 656 * Merged install seusers, handle/error messages, MLS parsing, 657 and seusers validation patches from Ivan Gyurdiev. 658 659 1.3.39 2005-10-31 660 * Merged record interface, dbase flush, common database code, 661 and record bugfix patches from Ivan Gyurdiev. 662 663 1.3.38 2005-10-27 664 * Merged dbase policydb list and count change from Ivan Gyurdiev. 665 666 1.3.37 2005-10-27 667 * Merged enable dbase and set relay patches from Ivan Gyurdiev. 668 669 1.3.36 2005-10-27 670 * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev. 671 672 1.3.35 2005-10-26 673 * Merged sepol handle passing, seusers support, and policydb cache 674 patches from Ivan Gyurdiev. 675 676 1.3.34 2005-10-25 677 * Merged resync to sepol changes and booleans fixes/improvements 678 patches from Ivan Gyurdiev. 679 680 1.3.33 2005-10-25 681 * Merged support for genhomedircon/homedir template, store selection, 682 explicit policy reload, and semanage.conf relocation from Joshua 683 Brindle. 684 685 1.3.32 2005-10-24 686 * Merged resync to sepol changes and transaction fix patches from 687 Ivan Gyurdiev. 688 689 1.3.31 2005-10-21 690 * Merged reorganize users patch from Ivan Gyurdiev. 691 * Merged remove unused relay functions patch from Ivan Gyurdiev. 692 693 1.3.30 2005-10-20 694 * Fixed policy file leaks in semanage_load_module and 695 semanage_write_module. 696 * Merged further database work from Ivan Gyurdiev. 697 698 1.3.29 2005-10-20 699 * Fixed bug in semanage_direct_disconnect. 700 701 1.3.28 2005-10-20 702 * Merged interface renaming patch from Ivan Gyurdiev. 703 * Merged policy component patch from Ivan Gyurdiev. 704 705 1.3.27 2005-10-20 706 * Renamed 'check=' configuration value to 'expand-check=' for 707 clarity. 708 * Changed semanage_commit_sandbox to check for and report errors 709 on rename(2) calls performed during rollback. 710 711 1.3.26 2005-10-19 712 * Added optional check= configuration value to semanage.conf 713 and updated call to sepol_expand_module to pass its value 714 to control assertion and hierarchy checking on module expansion. 715 716 1.3.25 2005-10-19 717 * Merged fixes for make DESTDIR= builds from Joshua Brindle. 718 719 1.3.24 2005-10-19 720 * Merged default database from Ivan Gyurdiev. 721 * Merged removal of connect requirement in policydb backend from 722 Ivan Gyurdiev. 723 * Merged commit locking fix and lock rename from Joshua Brindle. 724 * Merged transaction rollback in lock patch from Joshua Brindle. 725 726 1.3.23 2005-10-18 727 * Changed default args for load_policy to be null, as it no longer 728 takes a pathname argument and we want to preserve booleans. 729 730 1.3.22 2005-10-18 731 * Merged move local dbase initialization patch from Ivan Gyurdiev. 732 * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. 733 * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. 734 735 1.3.21 2005-10-18 736 * Added calls to sepol_policy_file_set_handle interface prior 737 to invoking sepol operations on policy files. 738 * Updated call to sepol_policydb_from_image to pass the handle. 739 740 1.3.20 2005-10-17 741 * Merged user and port APIs - policy database patch from Ivan 742 Gyurdiev. 743 744 1.3.19 2005-10-17 745 * Converted calls to sepol link_packages and expand_module interfaces 746 from using buffers to using sepol handles for error reporting, and 747 changed direct_connect/disconnect to create/destroy sepol handles. 748 749 1.3.18 2005-10-14 750 * Merged bugfix patch from Ivan Gyurdiev. 751 752 1.3.17 2005-10-14 753 * Merged seuser database patch from Ivan Gyurdiev. 754 Merged direct user/port databases to the handle from Ivan Gyurdiev. 755 756 1.3.16 2005-10-14 757 * Removed obsolete include/semanage/commit_api.h (leftover). 758 Merged seuser record patch from Ivan Gyurdiev. 759 760 1.3.15 2005-10-14 761 * Merged boolean and interface databases from Ivan Gyurdiev. 762 763 1.3.14 2005-10-13 764 * Updated to use get interfaces for hidden sepol_module_package type. 765 766 1.3.13 2005-10-13 767 * Changed semanage_expand_sandbox and semanage_install_active 768 to generate/install the latest policy version supported by libsepol 769 by default (unless overridden by semanage.conf), since libselinux 770 will now downgrade automatically for load_policy. 771 772 1.3.12 2005-10-13 773 * Merged new callback-based error reporting system and ongoing 774 database work from Ivan Gyurdiev. 775 776 1.3.11 2005-10-11 777 * Fixed semanage_install_active() to use the same logic for 778 selecting a policy version as semanage_expand_sandbox(). Dropped 779 dead code from semanage_install_sandbox(). 780 781 1.3.10 2005-10-07 782 * Updated for changes to libsepol, and to only use types and interfaces 783 provided by the shared libsepol. 784 785 1.3.9 2005-10-06 786 * Merged further database work from Ivan Gyurdiev. 787 788 1.3.8 2005-10-04 789 * Merged iterate, redistribute, and dbase split patches from 790 Ivan Gyurdiev. 791 792 1.3.7 2005-09-30 793 * Merged patch series from Ivan Gyurdiev. 794 (pointer typedef elimination, file renames, dbase work, backend 795 separation) 796 797 1.3.6 2005-09-28 798 * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. 799 * Separated handle create from connect interface. 800 * Added a constructor for initialization. 801 * Moved up src/include/*.h to src. 802 * Created a symbol map file; dropped dso.h and hidden markings. 803 804 1.3.5 2005-09-28 805 * Merged major update to libsemanage organization and functionality 806 from Karl MacMillan (Tresys). 807 808 1.3.4 2005-09-23 809 * Merged dbase redesign patch from Ivan Gyurdiev. 810 811 1.3.3 2005-09-21 812 * Merged boolean record, stub record handler, and status codes 813 patches from Ivan Gyurdiev. 814 815 1.3.2 2005-09-16 816 * Merged stub iterator functionality from Ivan Gyurdiev. 817 * Merged interface record patch from Ivan Gyurdiev. 818 819 1.3.1 2005-09-14 820 * Merged stub functionality for managing user and port records, 821 and record table code from Ivan Gyurdiev. 822 823 1.2 2005-09-06 824 * Updated version for release. 825 826 1.1.6 2005-08-31 827 * Merged semod.conf template patch from Dan Walsh (Red Hat), 828 but restored location to /usr/share/semod/semod.conf. 829 830 1.1.5 2005-08-30 831 * Fixed several bugs found by valgrind. 832 * Fixed bug in prior patch for the semod_build_module_list leak. 833 834 1.1.4 2005-08-25 835 * Merged errno fix from Joshua Brindle (Tresys). 836 * Merged fix for semod_build_modules_list leak on error path 837 from Serge Hallyn (IBM). Bug found by Coverity. 838 839 1.1.3 2005-08-22 840 * Merged several fixes from Serge Hallyn (IBM). Bugs found by 841 Coverity. 842 * Fixed several other bugs and warnings. 843 844 1.1.2 2005-08-02 845 * Merged patch to move module read/write code from libsemanage 846 to libsepol from Jason Tang (Tresys). 847 848 1.1.1 2005-08-02 849 * Merged relay records patch from Ivan Gyurdiev. 850 * Merged key extract patch from Ivan Gyurdiev. 851 852 1.0 2005-07-27 853 * Initial version. 854
