1 2.5-rc1 2016-01-07 2 * newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec. 3 * secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec 4 * semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach. 5 * chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville. 6 * semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach. 7 * semanage: replace string.join() with str.join(), from Petr Lautrbach. 8 * Man page warning fixes, from Ville Skytt. 9 * sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl. 10 * semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach. 11 * sepolicy: Improve sepolicy command line interface, from Petr Lautrbach. 12 * audit2allow/why: ignore setlocale errors, from Petr Lautrbach. 13 * semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy. 14 * audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach. 15 * Fix PEP8 issues, from Jason Zaman. 16 * semanage: fix moduleRecords deleteall method, from Stephen Smalley. 17 * Improve compatibility with Python 3, from Michal Srb. 18 * semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville. 19 * semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach. 20 * sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen. 21 * mcstransd: don't reinvent getpeercon, from Stephen Smalley. 22 * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach. 23 * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. 24 * hll: Move core functions of pp to libsepol, from James Carter 25 * run_init: Use a ring buffer in open_init_pty, from Jason Zaman. 26 * run_init: fix open_init_pty availability check, from Nicolas Iooss. 27 * Widen Xen IOMEM context entries, from Daniel De Graaf. 28 * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. 29 * Fixed typo/grammatical error, from Christopher Peterson. 30 * Fix typo in semanage-port man page, from Andrew Spiers. 31 32 2.4 2015-02-02 33 * Fix bugs found by hardened gcc flags, from Nicolas Iooss. 34 * Improve support for building with different versions of python from 35 Nicolas Iooss. 36 * Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare, 37 from Dan Walsh 38 * Remove cgroups from sandbox, from Dan Walsh 39 * Try to use setcurrent before setexec in seunshare, from Andy Lutomirski 40 * Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley 41 * Add a store root path in semodule, from Yuli Khodorkovskiy 42 * Add a flag to ignore cached CIL files and recompile HLL modules, from 43 Yuli Khodorkovskiy 44 * Add and install HLL compiler for policy packages to CIL. The compiler is 45 installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence 46 * Fixes to pp compiler to better support roles and type attributes, from 47 Yuli Khodorkovskiy 48 * Deprecate base/upgrade/version in semodule. Calling these commands will 49 now call --install on the backend, from Yuli Khodorkovskiy 50 * Add ability to install modules with a specified priority, from Caleb 51 Case 52 * Use /tmp for permissive module creation, by Caleb Case 53 * Update semanage to use new source policy infrastructure, from Jason Dana 54 * Add RuntimeDirectory to mcstrans systemd unit file, from Laurent 55 Bigonville 56 57 2.3 2014-05-06 58 * Add -P semodule option to man page from Dan Walsh. 59 * selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh. 60 * Add new icons for sepolicy gui from Dan Walsh. 61 * Only return writeable files that are enabled from Dan Walsh. 62 * Add domain to short list of domains, when -t and -d from Dan Walsh. 63 * Fix up desktop files to match current standards from Dan Walsh. 64 * Add support to return sensitivities and categories for python from Dan Walsh. 65 * Cleanup whitespace from Dan Walsh. 66 * Add message to tell user to install sandbox policy from Dan Walsh. 67 * Add systemd unit file for mcstrans from Laurent Bigonville. 68 * Improve restorecond systemd unit file from Laurent Bigonville. 69 * Minor man pages improvements from Laurent Bigonville. 70 71 2.2.5 2013-12-09 72 * Ignore selevel/serange if MLS is disabled from Sven Vermeulen. 73 74 2.2.4 2013-11-26 75 * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems. 76 77 2.2.3 2013-11-13 78 * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh. 79 * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh. 80 81 2.2.2 2013-11-06 82 * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. 83 84 2.2.1 2013-10-31 85 * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. 86 * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh. 87 88 2.2 2013-10-30 89 * Properly build the swig exception file from Laurent Bigonville. 90 * Fix man pages from Laurent Bigonville. 91 * Support overriding PATH and INITDIR in Makefile from Laurent Bigonville. 92 * Fix LDFLAGS usage from Laurent Bigonville. 93 * Fix init_policy warning from Laurent Bigonville. 94 * Fix semanage logging from Laurent Bigonville. 95 * Open newrole stdin as read/write from Sven Vermeulen. 96 * Fix sepolicy transition from Sven Vermeulen. 97 * Support overriding CFLAGS from Simon Ruderich. 98 * Create correct man directory for run_init from Russell Coker. 99 * restorecon GLOB_BRACE change from Michal Trunecka. 100 * Extend audit2why to report additional constraint information. 101 * Catch IOError errors within audit2allow from Dan Walsh. 102 * semanage export/import fixes from Dan Walsh. 103 * Improve setfiles progress reporting from Dan Walsh. 104 * Document setfiles -o option in usage from Dan Walsh. 105 * Change setfiles to always return -1 on failure from Dan Walsh. 106 * Improve setsebool error r eporting from Dan Walsh. 107 * Major overhaul of gui from Dan Walsh. 108 * Fix sepolicy handling of non-MLS policy from Dan Walsh. 109 * Support returning type aliases from Dan Walsh. 110 * Add sepolicy tests from Dan Walsh. 111 * Add org.selinux.config.policy from Dan Walsh. 112 * Improve range and user input checking by semanage from Dan Walsh. 113 * Prevent source or target arguments that end with / for substitutions from Dan Walsh. 114 * Allow use of <<none>> for semanage fcontext from Dan Walsh. 115 * Report customized user levels from Dan Walsh. 116 * Support deleteall for restoring disabled modules from Dan Walsh. 117 * Improve semanage error reporting from Dan Walsh. 118 * Only list disabled modules for module locallist from Dan Walsh. 119 * Fix logging from Dan Walsh. 120 * Define new constants for file type character codes from Dan Walsh. 121 * Improve bash completions from Dan Walsh. 122 * Convert semanage to argparse from Dan Walsh (originally by Dave Quigley). 123 * Add semanage tests from Dan Walsh. 124 * Split semanage man pages from Dan Walsh. 125 * Move bash completion scripts from Dan Walsh. 126 * Replace genhomedircon script with a link to semodule from Dan Walsh. 127 * Fix fixfiles from Dan Walsh. 128 * Add support for systemd service for restorecon from Dan Walsh. 129 * Spelling corrections from Dan Walsh. 130 * Improve sandbox support for home dir symlinks and file caps from Dan Walsh. 131 * Switch sandbox to openbox window manager from Dan Walsh. 132 * Coalesce audit2why and audit2allow from Dan Walsh. 133 * Change audit2allow to append to output file from Dan Walsh. 134 * Update translations from Dan Walsh. 135 * Change audit2why to use selinux_current_policy_path from Dan Walsh. 136 137 2.1.14 2013-02-01 138 * setfiles: estimate percent progress 139 * load_policy: make link at the destination directory 140 * Rebuild polgen.glade with glade-3 141 * sepolicy: new command to unite small utilities 142 * sepolicy: Update Makefiles and po files 143 * sandbox: use sepolicy to look for sandbox_t 144 * gui: switch to use sepolicy 145 * gui: sepolgen: use sepolicy to generate 146 * semanage: use sepolicy for boolean dictionary 147 * add po file configuration information 148 * po: stop running update-po on all 149 * semanage: seobject verify policy types before allowing you to assign them. 150 * gui: Start using Popen, instead of os.spawnl 151 * sandbox: Copy /var/tmp to /tmp as they are the same inside 152 * qualifier to shred content 153 * semanage: Fix handling of boolean_sub names when using the -F flag 154 * semanage: man: roles instead of role 155 * gui: system-config-selinux: Catch no DISPLAY= error 156 * setfiles: print error if no default label found 157 * semanage: list logins file entries in semanage login -l 158 * semanage: good error message is sepolgen python module missing 159 * gui: system-config-selinux: do not use lokkit 160 * secon: add support for setrans color information in prompt output 161 * restorecond: remove /etc/mtab from default list 162 * gui: If you are not able to read enforcemode set it to False 163 * genhomedircon: regenerate genhomedircon more often 164 * restorecond: Add /etc/udpatedb.conf to restorecond.conf 165 * genhomedircon generation to allow spec file to pass in SEMODULE_PATH 166 * fixfiles: relabel only after specific date 167 * po: update translations 168 * sandbox: seunshare: do not reassign realloc value 169 * seunshare: do checking on setfsuid 170 * sestatus: rewrite to shut up coverity 171 172 2.1.13 2012-09-13 173 * genhomedircon: manual page improvements 174 * setfiles/restorecon minor improvements 175 * run_init: If open_init_pty is not available then just use exec 176 * newrole: do not drop capabilities when newrole is run as 177 * restorecon: only update type by default 178 * scripts: Don't syslog setfiles changes on a fixfiles restore 179 * setfiles: do not syslog if no changes 180 * Disable user restorecond by default 181 * Make restorecon return 0 when a file has changed context 182 * setfiles: Fix process_glob error handling 183 * semanage: allow enable/disable under -m 184 * add .tx to gitignore 185 * translations: commit translations from Fedora community 186 * po: silence build process 187 * gui: Checking in policy to support polgengui and sepolgen. 188 * gui: polgen: search for systemd subpackage when generating policy 189 * gui: for exploring booleans 190 * gui: system-config-selinux gui 191 * Add Makefiles to support new gui code 192 * gui: remove lockdown wizard 193 * return equivalency records in fcontext customized 194 * semanage: option to not load new policy into kernel after 195 * sandbox: manpage update to describe standard types 196 * setsebool: -N should not reload policy on changes 197 * semodule: Add -N qualifier to no reload kernel policy 198 * gui: polgen: sort selinux types of user controls 199 * gui: polgen: follow symlinks and get the real path to 200 * gui: Fix missing error function 201 * setfiles: return errors when bad paths are given 202 * fixfiles: tell restorecon to ignore missing paths 203 * setsebool: error when setting multiple options 204 * semanage: use boolean subs. 205 * sandbox: Make sure Xephyr never listens on tcp ports 206 * sepolgen: return and output constraint violation information 207 * semanage: skip comments while reading external configuration files 208 * restorecond: relabel all mount runtime files in the restorecond example 209 * genhomedircon: dynamically create genhomedircon 210 211 2.1.12 2012-06-28 212 * restorecond: wrong options should exit with non-zero error code 213 * restorecond: Add -h option to get usage command 214 * resorecond: user: fix fd leak 215 * mcstrans: add -f to run in foreground 216 * semanage: fix man page range and level defaults 217 * semanage: bash completion for modules should include -a,-m, -d 218 * semanage: manpage update for -e 219 * semanage: dontaudit off should work 220 * semanage: locallist option does not take an argument 221 * sepolgen: Make use of setools optional within sepolgen 222 223 2.1.11 2012-03-28 224 * sandbox: do not propogate inside mounts outside 225 * sandbox: Removing sandbox init script, should no longer be necessary 226 * restorecond: Stop using deprecated interfaces for g_io 227 * semanage: proper auditting of user changes for LSPP 228 * semanage: audit message to show what record(s) and item(s) have chaged 229 * scripts: Update Makefiles to handle /usrmove 230 * mcstrans: Version should have been bumped on last check in 231 * seunshare: Only drop caps not the Bounding Set from seunshare 232 * Add bash-completion scripts for setsebool and semanage 233 * newrole: Use correct capng calls in newrole 234 * Fix infinite loop with inotify on 2.6.31 kernels 235 * fix ftbfs with hardening flags 236 * Only run setfiles if we found read-write filesystems to run it on 237 * update .po files 238 * remove empty po files 239 * do not fail to install if unable to make load_policy lnk file 240 241 2.1.10 2011-12-21 242 * Remove excess whitespace 243 * sandbox: Add back in . functions to sandbox.init script 244 * Fix Makefile to match other policycoreutils Makefiles 245 * semanage: drop unused translation getopt 246 247 2.1.9 2011-12-05 248 * sandbox: move sandbox.conf.5 to just sandbox.5 249 * po: Makefile use -p to preserve times to allow multilib simultatious installs 250 * of po files 251 * sandbox: Allow user to specify the DPI value for X in a sandbox 252 * sandbox: make sure the domain launching sandbox has at least 100 categories 253 * sandbox: do not try forever to find available category set 254 * sandbox: only complain if sandbox unable to launch 255 * sandbox: init script run twice is still successful 256 * semanage: print local and dristo equiv rules 257 * semanage: check file equivalence rules for conflict 258 * semanage: Make sure semanage fcontext -l -C prints even if local keys 259 * are not defined 260 * semanage: change src,dst to target,substitute for equivalency 261 * sestatus: Updated sestatus and man pages. 262 * Added SELinux config file man page. 263 * add clean target to man Makefile 264 265 2.1.8 2011-11-03 266 * sandbox: Maintain the LANG environment into the sandbox 267 * audit2allow: use audit2why internally 268 * fixfiles: label /root but not /var/lib/BackupPC 269 * semanage: update local boolean settings is dealing with localstore 270 * semanage: missing modify=True 271 * semanage: set modified correctly 272 * restorecond: make restorecond dbuss-able 273 * restorecon: Always check return code on asprintf 274 * restorecond: make restorecond -u exit when terminal closes 275 * sandbox: introduce package name and language stuff 276 * semodule_package: remove semodule_unpackage on clean 277 * fix sandbox Makefile to support DESTDIR 278 * semanage: Add -o description to the semanage man page 279 * make use of the new realpath_not_final function 280 * setfiles: close /proc/mounts file when finished 281 * semodule: Document semodule -p in man page 282 * setfiles: fix use before initialized 283 * restorecond: Add .local/share as a directory to watch 284 285 2.1.7 2011-09-27 286 * semanage: fix indentation error in seobject 287 288 2.1.6 2011-09-15 289 * sepolgen-ifgen: new attr-helper does something 290 * audit2allow: use alternate policy file 291 * audit2allow: sepolgen-ifgen use the attr helper 292 * setfiles: switch from stat to stat64 293 * setfiles: Fix potential crash using dereferenced ftsent 294 * setfiles: do not wrap * output at 80 characters 295 * sandbox: add -Wall and -Werror to makefile 296 * sandbox: add sandbox cgroup support 297 * sandbox: rewrite /tmp handling 298 * sandbox: do not bind mount so much 299 * sandbox: add level based kill option 300 * sandbox: cntrl-c should kill entire process control group 301 * Create a new preserve_tunables flag in sepol_handle_t. 302 * semanage: show running and disk setting for booleans 303 * semanage: Dont print heading if no items selected 304 * sepolgen: audit2allow is mistakakenly not allowing valid module names 305 * semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled 306 * More files to ignore 307 * tree: default make target to all not install 308 * sandbox: do not load unused generic init functions 309 310 2.1.5 2011-08-26 311 * setfiles: Fix process_glob to handle error situations 312 * sandbox: Allow seunshare to run as root 313 * sandbox: trap sigterm to make sure sandbox 314 * sandbox: pass DPI from the desktop 315 * sandbox: seunshare: introduce helper spawn_command 316 * sandbox: seunshare: introduce new filesystem helpers 317 * sandbox: add -C option to not drop 318 * sandbox: split seunshare caps dropping 319 * sandbox: use dbus-launch 320 * sandbox: numerous simple updates to sandbox 321 * sandbox: do not require selinux context 322 * sandbox: Makefile: new man pages 323 * sandbox: rename dir to srcdir 324 * sandbox: allow users specify sandbox window size 325 * sandbox: check for paths up front 326 * sandbox: use defined values for paths rather 327 * sandbox: move seunshare globals to the top 328 * sandbox: whitespace fix 329 * semodule_package: Add semodule_unpackage executable 330 * setfiles: get rid of some stupid globals 331 * setfiles: move exclude_non_seclabel_mounts to a generic location 332 333 2.1.4 2011-08-17 334 * run_init: clarification of the usage in the 335 * semanage: fix usage header around booleans 336 * semanage: remove useless empty lines 337 * semanage: update man page with new examples 338 * semanage: update usage text 339 * semanage: introduce file context equivalencies 340 * semanage: enable and disable modules 341 * semanage: output all local modifications 342 * semanage: introduce extraction of local configuration 343 * semanage: cleanup error on invalid operation 344 * semanage: handle being called with no arguments 345 * semanage: return sooner to save CPU time 346 * semanage: surround getopt with try/except 347 * semanage: use define/raise instead of lots of 348 * semanage: some options are only valid for 349 * semanage: introduce better deleteall support 350 * semanage: do not allow spaces in file 351 * semanage: distinguish between builtin and local permissive 352 * semanage: centralized ip node handling 353 * setfiles: make the restore function exclude() non-static 354 * setfiles: use glob to handle ~ and 355 * fixfiles: do not hard code types 356 * fixfiles: stop trying to be smart about 357 * fixfiles: use new kernel seclabel option 358 * fixfiles: pipe everything to cat before sending 359 * fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs 360 * semodule: support for alternative root paths 361 362 2.1.3 2011-08-03 363 * semanage: fix indention 364 * semodule_package: fix man page typo 365 * semodule_expand: update man page with -a 366 * semanage: handle os errors 367 * semanage: fix traceback with bad options 368 * semanage: show usage on -h or --help 369 * semanage: introduce more deleteall options 370 * semanage: verify ports < 65536 371 * transaction into semanageRecords 372 * make get_handle a method of semanageRecords 373 * remove a needless blank line 374 * make process_one error if not initialized correctly 375 * fixfiles: correct usage for r_opts.rootpath 376 * put -p in help for restorecon and 377 * fixfiles: do not try to only label 378 * fixfiles clean up /var/run and /var/lib/debug 379 * fixfiles delete tmp sockets and pipes rather 380 * fixfile use find -delete instead of pipe 381 * chcat man page typo 382 * add man page for genhomedircon 383 * setfiles fix typo 384 * setsebool should inform users they need to 385 * setsebool typos 386 * open_init_tty man page typos 387 * Don't add user site directory to sys.path 388 * newrole retain CAP_SETPCAP 389 390 2.1.2 2011-08-02 391 * seunshare: define _GNU_SOURCE earlier 392 * make ignore_enoent do something 393 * restorecond: first user logged in is not noticed 394 * Repo: update .gitignore 395 396 2.1.1 2011-08-01 397 * Man page updates 398 * restorecon fix for bad inotify assumptions 399 400 2.1.0 2011-07-27 401 * Release, minor version bump 402 403 2.0.86 2011-04-11 404 * Use correct color range in mcstrand by Richard Haines. 405 406 2.0.85 2010-12-20 407 * Move newrole to use libcap-ng from Dan Walsh 408 409 2.0.84 2010-11-16 410 * Add mcstrans support from Ted Toth with modifications from Steve Lawrence. 411 412 2.0.83 2010-06-10 413 * Add sandbox support from Dan Walsh with modifications from Steve Lawrence. 414 415 2.0.82 2010-03-12 416 * Add avc's since boot from Dan Walsh. 417 418 2.0.81 2010-03-12 419 * Add dontaudit flag to audit2allow from Dan Walsh. 420 421 2.0.80 2010-03-06 422 * Module enable/disable support from Dan Walsh. 423 424 2.0.79 2010-01-26 425 * Fix double-free in newrole 426 427 2.0.78 2009-11-27 428 * Remove non-working OUTFILE from fixfiles from Dan Walsh. 429 * Additional exception handling in chcat from Dan Walsh. 430 431 2.0.77 2009-11-19 432 * Fixed bug preventing semanage node -a from working 433 from Chad Sellers 434 * Fixed bug preventing semanage fcontext -l from working 435 from Chad Sellers 436 437 2.0.76 2009-11-18 438 * Remove setrans management from semanage, as it does not work 439 from Dan Walsh. 440 * Move load_policy from /usr/sbin to /sbin from Dan Walsh. 441 442 2.0.75 2009-11-02 443 * Factor out restoring logic from setfiles.c into restore.c 444 445 2.0.74 2009-09-16 446 * Change semodule upgrade behavior to install even if the module 447 is not present from Dan Walsh. 448 * Make setfiles label if selinux is disabled and a seclabel aware 449 kernel is running from Caleb Case. 450 * Clarify forkpty() error message in run_init from Manoj Srivastava. 451 452 2.0.73 2009-09-04 453 * Add semanage dontaudit to turn off dontaudits from Dan Walsh. 454 * Fix semanage to set correct mode for setrans file from Dan Walsh. 455 * Fix malformed dictionary in portRecord from Dan Walsh. 456 457 2.0.72 2009-09-03 458 * Restore symlink handling support to restorecon based on a patch by 459 Martin Orr. This fixes the restorecon /dev/stdin performed by Debian 460 udev scripts that was broken by policycoreutils 2.0.70. 461 462 2.0.71 2009-08-11 463 * Modify setfiles/restorecon checking of exclude paths. Only check 464 user-supplied exclude paths (not automatically generated ones based on 465 lack of seclabel support), don't require them to be directories, and 466 ignore permission denied errors on them (it is ok to exclude a path to 467 which the caller lacks permission). 468 469 2.0.70 2009-08-04 470 * Modify restorecon to only call realpath() on user-supplied pathnames 471 from Stephen Smalley. 472 473 2.0.69 2009-07-30 474 * Fix typo in fixfiles that prevented it from relabeling btrfs 475 filesystems from Dan Walsh. 476 477 2.0.68 2009-07-24 478 * Modify setfiles to exclude mounts without seclabel option in 479 /proc/mounts on kernels >= 2.6.30 from Thomas Liu. 480 481 2.0.67 2009-07-07 482 * Re-enable disable_dontaudit rules upon semodule -B from Christopher 483 Pardy and Dan Walsh. 484 485 2.0.66 2009-07-07 486 * setfiles converted to fts from Thomas Liu. 487 488 2.0.65 2009-06-24 489 * Remove gui from po/Makefile and po/POTFILES and regenerate po files 490 491 2.0.64 2009-06-22 492 * Keep setfiles from spamming console from Dan Walsh. 493 * Fix chcat's category expansion for users from Dan Walsh. 494 495 2.0.63 2009-05-15 496 * Fix transaction checking from Dan Walsh. 497 * Make fixfiles -R (for rpm) recursive. 498 * Make semanage permissive clean up after itself from Dan Walsh. 499 * add /root/.ssh/* to restorecond.conf 500 501 2.0.62 2009-02-19 502 * Add btrfs to fixfiles from Dan Walsh. 503 * Remove restorecond error for matching globs with multiple hard links 504 and fix some error messages from Dan Walsh. 505 * Make removing a non-existant module a warning rather than an error 506 from Dan Walsh. 507 * Man page fixes from Dan Walsh. 508 509 2.0.61 2009-01-12 510 * chcat: cut categories at arbitrary point (25) from Dan Walsh 511 * semodule: use new interfaces in libsemanage for compressed files 512 from Dan Walsh 513 * audit2allow: string changes for usage 514 515 2.0.60 2008-11-12 516 * semanage: use semanage_mls_enabled() from Stephen Smalley. 517 518 2.0.59 2008-11-11 519 * fcontext add checked local records twice, fix from Dan Walsh. 520 521 2.0.58 2008-11-09 522 * Allow local file context entries to override policy entries in 523 semanage from Dan Walsh. 524 * Newrole error message corrections from Dan Walsh. 525 * Add exception to audit2why call in audit2allow from Dan Walsh. 526 527 2.0.57 2008-09-18 528 * Update po files from Dan Walsh. 529 530 2.0.56 2008-09-12 531 * fixfiles will now remove all files in /tmp and will check for 532 unlabeled_t in /tmp and /var/tmp from Dan Walsh. 533 * add glob support to restorecond from Dan Walsh. 534 * allow semanage to handle multi-line commands in a single transaction 535 from Dan Walsh. 536 537 2.0.55 2008-08-26 538 * Merged semanage node support from Christian Kuester. 539 540 2.0.54 2008-08-05 541 * Add support for boolean files and group support for seusers from Dan Walsh. 542 * Ensure that setfiles -p output is newline terminated from Russell Coker. 543 544 2.0.53 2008-07-29 545 * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley. 546 547 2.0.52 2008-07-02 548 * Add permissive domain capability to semanage from Dan Walsh. 549 550 2.0.51 2008-06-28 551 * Add onboot option to fixfiles from Dan Walsh. 552 * Change restorecon.init to not run on boot by default from Dan Walsh. 553 554 2.0.50 2008-06-30 555 * Fix audit2allow generation of role-type rules from Karl MacMillan. 556 557 2.0.49 2008-05-16 558 * Remove security_check_context calls for prefix validation from semanage. 559 560 2.0.48 2008-05-16 561 * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified. 562 563 2.0.47 2008-04-18 564 * Update semanage man page for booleans from Dan Walsh. 565 * Add further error checking to seobject.py for setting booleans. 566 567 2.0.46 2008-03-18 568 * Update audit2allow to report dontaudit cases from Dan Walsh. 569 570 2.0.45 2008-03-18 571 * Fix semanage port to use --proto from Caleb Case. 572 573 2.0.44 2008-02-22 574 * Fixed semodule to correctly handle error when unable to create a handle. 575 576 2.0.43 2008-02-08 577 * Merged fix fixfiles option processing from Vaclav Ovsik. 578 579 2.0.42 2008-02-02 580 * Make semodule_expand use sepol_set_expand_consume_base to reduce 581 peak memory usage. 582 583 2.0.41 2008-01-28 584 * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh. 585 586 2.0.40 2008-01-25 587 * Merged a second fixfiles -C fix from Marshall Miller. 588 589 2.0.39 2008-01-24 590 * Merged fixfiles -C fix from Marshall Miller. 591 592 2.0.38 2008-01-24 593 * Merged audit2allow cleanups and boolean descriptions from Dan Walsh. 594 * Merged setfiles -0 support by Benny Amorsen via Dan Walsh. 595 * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh. 596 597 2.0.37 2008-01-23 598 * Merged replacement for audit2why from Dan Walsh. 599 600 2.0.36 2008-01-23 601 * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh. 602 603 2.0.35 2007-12-21 604 * Merged support for non-interactive newrole command invocation from Tim Reed. 605 606 2.0.34 2007-12-14 607 * Update Makefile to not build restorecond if 608 /usr/include/sys/inotify.h is not present 609 610 2.0.33 2007-12-07 611 * Drop verbose output on fixfiles -C from Dan Walsh. 612 * Fix argument handling in fixfiles from Dan Walsh. 613 * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh. 614 615 2.0.32 2007-10-16 616 * load_policy initial load option from Chad Sellers. 617 618 2.0.31 2007-10-15 619 * Fix semodule option handling from Dan Walsh. 620 621 2.0.30 2007-10-11 622 * Add deleteall support for ports and fcontexts in semanage from Dan Walsh. 623 624 2.0.29 2007-10-05 625 * Add genhomedircon script to invoke semodule -Bn from Dan Walsh. 626 627 2.0.28 2007-10-05 628 * Update semodule man page for -D from Dan Walsh. 629 * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh. 630 631 2.0.27 2007-09-19 632 * Improve semodule reporting of system errors from Stephen Smalley. 633 634 2.0.26 2007-09-18 635 * Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley. 636 637 2.0.25 2007-08-23 638 * Remove genhomedircon script (functionality is now provided 639 within libsemanage) from Todd Miller. 640 641 2.0.24 2007-08-23 642 * Fix genhomedircon searching for USER from Todd Miller 643 * Install run_init with mode 0755 from Dan Walsh. 644 * Fix chcat from Dan Walsh. 645 * Fix fixfiles pattern expansion and error reporting from Dan Walsh. 646 * Optimize genhomedircon to compile regexes once from Dan Walsh. 647 * Fix semanage gettext call from Dan Walsh. 648 649 2.0.23 2007-08-16 650 * Disable dontaudits via semodule -D 651 652 2.0.22 2007-06-20 653 * Rebase setfiles to use new labeling interface. 654 655 2.0.21 2007-06-13 656 * Fixed setsebool (falling through to error path on success). 657 658 2.0.20 2007-06-05 659 * Merged genhomedircon fixes from Dan Walsh. 660 * Merged setfiles -c usage fix from Dan Walsh. 661 * Merged restorecon fix from Yuichi Nakamura. 662 * Dropped -lsepol where no longer needed. 663 664 2.0.19 2007-05-11 665 * Merge newrole support for alternate pam configs from Ted X Toth. 666 667 2.0.18 2007-05-11 668 * Merged merging of restorecon into setfiles from Stephen Smalley. 669 670 2.0.17 2007-05-09 671 * Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh. 672 673 2.0.16 2007-05-03 674 * Merged support for modifying the prefix via semanage from Dan Walsh. 675 676 2.0.15 2007-04-26 677 * Merged move of audit2why to /usr/bin from Dan Walsh. 678 679 2.0.14 2007-04-25 680 * Build fix for setsebool. 681 682 2.0.13 2007-04-24 683 * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley. 684 685 2.0.12 2007-04-24 686 * Merged genhomedircon patch to use the __default__ setting from Dan Walsh. 687 688 2.0.11 2007-04-24 689 * Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel. 690 691 2.0.10 2007-04-24 692 * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh. 693 694 2.0.9 2007-04-12 695 * Merged seobject setransRecords patch to return the first alias from Xavier Toth. 696 697 2.0.8 2007-04-10 698 * Merged updates to sepolgen-ifgen from Karl MacMillan. 699 700 2.0.7 2007-03-01 701 * Merged restorecond init script LSB compliance patch from Steve Grubb. 702 703 2.0.6 2007-02-22 704 * Merged newrole O_NONBLOCK fix from Linda Knippers. 705 706 2.0.5 2007-02-22 707 * Merged sepolgen and audit2allow patches to leave generated files 708 in the current directory from Karl MacMillan. 709 710 2.0.4 2007-02-22 711 * Merged restorecond memory leak fix from Steve Grubb. 712 713 2.0.3 2007-02-21 714 * Merged translations update from Dan Walsh. 715 * Merged chcat fixes from Dan Walsh. 716 * Merged man page fixes from Dan Walsh. 717 * Merged seobject prefix validity checking from Dan Walsh. 718 719 2.0.2 2007-02-20 720 * Merged seobject exception handler fix from Caleb Case. 721 * Merged setfiles memory leak patch from Todd Miller. 722 723 2.0.1 2007-02-08 724 * Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh. 725 726 2.0.0 2007-02-05 727 * Merged new audit2allow from Karl MacMillan. 728 This audit2allow depends on the new sepolgen python module. 729 Note that you must run the sepolgen-ifgen tool to generate 730 the data needed by audit2allow to generate refpolicy. 731 732 1.34.1 2007-01-22 733 * Fixed newrole non-pam build. 734 735 1.34.0 2007-01-18 736 * Updated version for stable branch. 737 738 1.33.16 2007-01-18 739 * Merged po file updates from Dan Walsh. 740 * Removed update-po from all target in po/Makefile. 741 742 1.33.15 2007-01-17 743 * Merged unicode-to-string fix for seobject audit from Dan Walsh. 744 * Merged man page updates to make "apropos selinux" work from Dan Walsh. 745 746 1.33.14 2007-01-16 747 * Merged newrole man page patch from Michael Thompson. 748 749 1.33.13 2007-01-16 750 * Merged patch to fix python unicode problem from Dan Walsh. 751 752 1.33.12 2007-01-11 753 * Merged newrole securetty check from Dan Walsh. 754 * Merged semodule patch to generalize list support from Karl MacMillan. 755 756 1.33.11 2007-01-09 757 * Merged fixfiles and seobject fixes from Dan Walsh. 758 * Merged semodule support for list of modules after -i from Karl MacMillan. 759 760 1.33.10 2007-01-08 761 * Merged patch to correctly handle a failure during semanage handle 762 creation from Karl MacMillan. 763 764 1.33.9 2007-01-05 765 * Merged patch to fix seobject role modification from Dan Walsh. 766 767 1.33.8 2007-01-04 768 * Merged patches from Dan Walsh to: 769 - omit the optional name from audit2allow 770 - use the installed python version in the Makefiles 771 - re-open the tty with O_RDWR in newrole 772 773 1.33.7 2007-01-03 774 * Patch from Dan Walsh to correctly suppress warnings in load_policy. 775 776 1.33.6 2006-11-29 777 * Patch from Dan Walsh to add an pam_acct_msg call to run_init 778 * Patch from Dan Walsh to fix error code returns in newrole 779 * Patch from Dan Walsh to remove verbose flag from semanage man page 780 * Patch from Dan Walsh to make audit2allow use refpolicy Makefile 781 in /usr/share/selinux/<SELINUXTYPE> 782 783 1.33.5 2006-11-27 784 * Merged patch from Michael C Thompson to clean up genhomedircon 785 error handling. 786 1.33.4 2006-11-21 787 * Merged po file updates from Dan Walsh. 788 789 1.33.3 2006-11-21 790 * Merged setsebool patch from Karl MacMillan. 791 This fixes a bug reported by Yuichi Nakamura with 792 always setting booleans persistently on an unmanaged system. 793 794 1.33.2 2006-11-20 795 * Merged patch from Dan Walsh (via Karl MacMillan): 796 * Added newrole audit message on login failure 797 * Add /var/log/wtmp to restorecond.conf watch list 798 * Fix genhomedircon, semanage, semodule_expand man pages. 799 800 1.33.1 2006-11-13 801 * Merged newrole patch set from Michael Thompson. 802 803 1.32 2006-10-17 804 * Updated version for release. 805 806 1.30.31 2006-10-17 807 * Merged audit2allow -l fix from Yuichi Nakamura. 808 * Merged restorecon -i and -o - support from Karl MacMillan. 809 * Merged semanage/seobject fix from Dan Walsh. 810 * Merged fixfiles -R and verify changes from Dan Walsh. 811 812 1.30.30 2006-09-29 813 * Merged newrole auditing of failures due to user actions from 814 Michael Thompson. 815 816 1.30.29 2006-09-13 817 * Man page corrections from Dan Walsh 818 * Change all python invocations to /usr/bin/python -E 819 * Add missing getopt flags to genhomedircon 820 821 1.30.28 2006-09-01 822 * Merged fix for restorecon // handling from Erich Schubert. 823 * Merged translations update and fixfiles fix from Dan Walsh. 824 825 1.30.27 2006-08-24 826 * Merged fix for restorecon symlink handling from Erich Schubert. 827 828 1.30.26 2006-08-11 829 * Merged semanage local file contexts patch from Chris PeBenito. 830 831 1.30.25 2006-08-03 832 * Merged patch from Dan Walsh with: 833 * audit2allow: process MAC_POLICY_LOAD events 834 * newrole: run shell with - prefix to start a login shell 835 * po: po file updates 836 * restorecond: bail if SELinux not enabled 837 * fixfiles: omit -q 838 * genhomedircon: fix exit code if non-root 839 * semodule_deps: install man page 840 841 1.30.24 2006-08-03 842 * Merged secon Makefile fix from Joshua Brindle. 843 844 1.30.23 2006-08-03 845 * Merged netfilter contexts support patch from Chris PeBenito. 846 847 1.30.22 2006-07-28 848 * Merged restorecond size_t fix from Joshua Brindle. 849 850 1.30.21 2006-07-28 851 * Merged secon keycreate patch from Michael LeMay. 852 853 1.30.20 2006-07-26 854 * Merged restorecond fixes from Dan Walsh. 855 Merged updated po files from Dan Walsh. 856 857 1.30.19 2006-07-26 858 * Merged python gettext patch from Stephen Bennett. 859 860 1.30.18 2006-07-25 861 * Merged semodule_deps from Karl MacMillan. 862 863 1.30.17 2006-06-29 864 * Lindent. 865 866 1.30.16 2006-06-26 867 * Merged patch from Dan Walsh with: 868 * -p option (progress) for setfiles and restorecon. 869 * disable context translation for setfiles and restorecon. 870 * on/off values for setsebool. 871 872 1.30.15 2006-06-26 873 * Merged setfiles and semodule_link fixes from Joshua Brindle. 874 875 1.30.14 2006-06-16 876 * Merged fix for setsebool error path from Serge Hallyn. 877 878 1.30.13 2006-06-16 879 * Merged patch from Dan Walsh with: 880 * Updated po files. 881 * Fixes for genhomedircon and seobject. 882 * Audit message for mass relabel by setfiles. 883 884 1.30.12 2006-06-02 885 * Updated fixfiles script for new setfiles location in /sbin. 886 887 1.30.11 2006-05-26 888 * Merged more translations from Dan Walsh. 889 * Merged patch to relocate setfiles to /sbin for early relabel 890 when /usr might not be mounted from Dan Walsh. 891 * Merged semanage/seobject patch to preserve fcontext ordering in list. 892 * Merged secon patch from James Antill. 893 894 1.30.10 2006-05-22 895 * Merged patch with updates to audit2allow, secon, genhomedircon, 896 and semanage from Dan Walsh. 897 898 1.30.9 2006-05-08 899 * Fixed audit2allow and po Makefiles for DESTDIR= builds. 900 * Merged .po file patch from Dan Walsh. 901 * Merged bug fix for genhomedircon. 902 903 1.30.8 2006-05-08 904 * Merged patch from Dan Walsh. 905 This includes audit2allow changes for analysis plugins, 906 internationalization support for several additional programs 907 and added po files, some fixes for semanage, and several cleanups. 908 It also adds a new secon utility. 909 910 1.30.7 2006-05-05 911 * Merged fix warnings patch from Karl MacMillan. 912 913 1.30.6 2006-04-14 914 * Merged semanage prefix support from Russell Coker. 915 916 1.30.5 2006-04-11 917 * Added a test to setfiles to check that the spec file is 918 a regular file. 919 920 1.30.4 2006-03-29 921 * Merged audit2allow fixes for refpolicy from Dan Walsh. 922 * Merged fixfiles patch from Dan Walsh. 923 * Merged restorecond daemon from Dan Walsh. 924 925 1.30.3 2006-03-29 926 * Merged semanage non-MLS fixes from Chris PeBenito. 927 928 1.30.2 2006-03-29 929 * Merged semanage and semodule man page examples from Thomas Bleher. 930 931 1.30.1 2006-03-20 932 * Merged semanage labeling prefix patch from Ivan Gyurdiev. 933 934 1.30 2006-03-14 935 * Updated version for release. 936 937 1.29.28 2006-03-13 938 * Merged German translations (de.po) by Debian translation team from Manoj Srivastava. 939 940 1.29.27 2006-03-08 941 * Merged audit2allow -R support, chcat fix, semanage MLS checks 942 and semanage audit calls from Dan Walsh. 943 944 1.29.26 2006-02-15 945 * Merged semanage bug fix patch from Ivan Gyurdiev. 946 947 1.29.25 2006-02-14 948 * Merged improve bindings patch from Ivan Gyurdiev. 949 950 1.29.24 2006-02-14 951 * Merged semanage usage patch from Ivan Gyurdiev. 952 * Merged use PyList patch from Ivan Gyurdiev. 953 954 1.29.23 2006-02-13 955 * Merged newrole -V/--version support from Glauber de Oliveira Costa. 956 957 1.29.22 2006-02-13 958 * Merged genhomedircon prefix patch from Dan Walsh. 959 960 1.29.21 2006-02-13 961 * Merged optionals in base patch from Joshua Brindle. 962 963 1.29.20 2006-02-07 964 * Merged seuser/user_extra support patch to semodule_package 965 from Joshua Brindle. 966 967 1.29.19 2006-02-06 968 * Merged getopt type fix for semodule_link/expand and sestatus 969 from Chris PeBenito. 970 971 1.29.18 2006-02-02 972 * Merged clone record on set_con patch from Ivan Gyurdiev. 973 974 1.29.17 2006-01-30 975 * Merged genhomedircon fix from Dan Walsh. 976 977 1.29.16 2006-01-30 978 * Merged seusers.system patch from Ivan Gyurdiev. 979 * Merged improve port/fcontext API patch from Ivan Gyurdiev. 980 * Merged genhomedircon patch from Dan Walsh. 981 982 1.29.15 2006-01-27 983 * Merged newrole audit patch from Steve Grubb. 984 985 1.29.14 2006-01-27 986 * Merged seuser -> seuser local rename patch from Ivan Gyurdiev. 987 988 1.29.13 2006-01-27 989 * Merged semanage and semodule access check patches from Joshua Brindle. 990 991 1.29.12 2006-01-26 992 * Merged restorecon, chcat, and semanage patches from Dan Walsh. 993 994 1.29.11 2006-01-25 995 * Modified newrole and run_init to use the loginuid when 996 supported to obtain the Linux user identity to re-authenticate, 997 and to fall back to real uid. Dropped the use of the SELinux 998 user identity, as Linux users are now mapped to SELinux users 999 via seusers and the SELinux user identity space is separate. 1000 1001 1.29.10 2006-01-20 1002 * Merged semanage bug fixes from Ivan Gyurdiev. 1003 * Merged semanage fixes from Russell Coker. 1004 * Merged chcat.8 and genhomedircon patches from Dan Walsh. 1005 1006 1.29.9 2006-01-19 1007 * Merged chcat, semanage, and setsebool patches from Dan Walsh. 1008 1009 1.29.8 2006-01-18 1010 * Merged semanage fixes from Ivan Gyurdiev. 1011 * Merged semanage fixes from Russell Coker. 1012 * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh. 1013 1014 1.29.7 2006-01-13 1015 * Merged newrole cleanup patch from Steve Grubb. 1016 * Merged setfiles/restorecon performance patch from Russell Coker. 1017 * Merged genhomedircon and semanage patches from Dan Walsh. 1018 1019 1.29.6 2006-01-12 1020 * Merged remove add_local/set_local patch from Ivan Gyurdiev. 1021 1022 1.29.5 2006-01-05 1023 * Added filename to semodule error reporting. 1024 1025 1.29.4 2006-01-05 1026 * Merged genhomedircon and semanage patch from Dan Walsh. 1027 * Changed semodule error reporting to include argv[0]. 1028 1029 1.29.3 2006-01-04 1030 * Merged semanage getpwnam bug fix from Serge Hallyn (IBM). 1031 * Merged patch series from Ivan Gyurdiev. 1032 This includes patches to: 1033 - cleanup setsebool 1034 - update setsebool to apply active booleans through libsemanage 1035 - update semodule to use the new semanage_set_rebuild() interface 1036 - fix various bugs in semanage 1037 * Merged patch from Dan Walsh (Red Hat). 1038 This includes fixes for restorecon, chcat, fixfiles, genhomedircon, 1039 and semanage. 1040 1041 1.29.2 2005-12-14 1042 * Merged patch for chcat script from Dan Walsh. 1043 1044 1.29.1 2005-12-08 1045 * Merged fix for audit2allow long option list from Dan Walsh. 1046 * Merged -r option for restorecon (alias for -R) from Dan Walsh. 1047 * Merged chcat script and man page from Dan Walsh. 1048 1049 1.28 2005-12-07 1050 * Updated version for release. 1051 1052 1.27.37 2005-12-07 1053 * Clarified the genhomedircon warning message. 1054 1055 1.27.36 2005-12-05 1056 * Changed genhomedircon to warn on use of ROLE in homedir_template 1057 if using managed policy, as libsemanage does not yet support it. 1058 1059 1.27.35 2005-12-02 1060 * Merged genhomedircon bug fix from Dan Walsh. 1061 1062 1.27.34 2005-12-02 1063 * Revised semodule* man pages to refer to checkmodule and 1064 to include example sections. 1065 1066 1.27.33 2005-12-01 1067 * Merged audit2allow --tefile and --fcfile support from Dan Walsh. 1068 * Merged genhomedircon fix from Dan Walsh. 1069 * Merged semodule* man pages from Dan Walsh, and edited them. 1070 1071 1.27.32 2005-12-01 1072 * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to 1073 retain validation/canonicalization of contexts during init. 1074 1075 1.27.31 2005-11-29 1076 * Changed genhomedircon to always use user_r for the role in the 1077 managed case since user_get_defrole is broken. 1078 1079 1.27.30 2005-11-29 1080 * Merged sestatus, audit2allow, and semanage patch from Dan Walsh. 1081 * Fixed semodule -v option. 1082 1083 1.27.29 2005-11-28 1084 * Merged audit2allow python script from Dan Walsh. 1085 (old script moved to audit2allow.perl, will be removed later). 1086 * Merged genhomedircon fixes from Dan Walsh. 1087 * Merged semodule quieting patch from Dan Walsh 1088 (inverts default, use -v to restore original behavior). 1089 1090 1.27.28 2005-11-15 1091 * Merged genhomedircon rewrite from Dan Walsh. 1092 1093 1.27.27 2005-11-09 1094 * Merged setsebool cleanup patch from Ivan Gyurdiev. 1095 1096 1.27.26 2005-11-09 1097 * Added -B (--build) option to semodule to force a rebuild. 1098 1099 1.27.25 2005-11-08 1100 * Reverted setsebool patch to call semanage_set_reload_bools(). 1101 * Changed setsebool to disable policy reload and to call 1102 security_set_boolean_list to update the runtime booleans. 1103 1104 1.27.24 2005-11-08 1105 * Changed setfiles -c to use new flag to set_matchpathcon_flags() 1106 to disable context translation by matchpathcon_init(). 1107 1108 1.27.23 2005-11-07 1109 * Changed setfiles for the context canonicalization support. 1110 1111 1.27.22 2005-11-07 1112 * Changed setsebool to call semanage_is_managed() interface 1113 and fall back to security_set_boolean_list() if policy is 1114 not managed. 1115 1116 1.27.21 2005-11-07 1117 * Merged setsebool memory leak fix from Ivan Gyurdiev. 1118 * Merged setsebool patch to call semanage_set_reload_bools() 1119 interface from Ivan Gyurdiev. 1120 1121 1.27.20 2005-11-04 1122 * Merged setsebool patch from Ivan Gyurdiev. 1123 This moves setsebool from libselinux/utils to policycoreutils, 1124 and rewrites it to use libsemanage for permanent boolean changes. 1125 1126 1.27.19 2005-10-25 1127 * Merged semodule support for reload, noreload, and store options 1128 from Joshua Brindle. 1129 * Merged semodule_package rewrite from Joshua Brindle. 1130 1131 1.27.18 2005-10-20 1132 * Cleaned up usage and error messages and releasing of memory by 1133 semodule_* utilities. 1134 1135 1.27.17 2005-10-20 1136 * Corrected error reporting by semodule. 1137 1138 1.27.16 2005-10-19 1139 * Updated semodule_expand for change to sepol interface. 1140 1141 1.27.15 2005-10-19 1142 * Merged fixes for make DESTDIR= builds from Joshua Brindle. 1143 1144 1.27.14 2005-10-18 1145 * Updated semodule_package for sepol interface changes. 1146 1147 1.27.13 2005-10-17 1148 * Updated semodule_expand/link for sepol interface changes. 1149 1150 1.27.12 2005-10-14 1151 * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood. 1152 1153 1.27.11 2005-10-13 1154 * Updated semodule_expand to use get interfaces for hidden sepol_module_package type. 1155 1156 1.27.10 2005-10-13 1157 * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat). 1158 1159 1.27.9 2005-10-13 1160 * Merged fixfiles patch from Dan Walsh (Red Hat). 1161 1162 1.27.8 2005-10-13 1163 * Updated semodule for removal of semanage_strerror. 1164 1165 1.27.7 2005-10-11 1166 * Updated semodule_link and semodule_expand to use shared libsepol. 1167 Fixed audit2why to call policydb_init prior to policydb_read (still 1168 uses the static libsepol). 1169 1170 1.27.6 2005-10-07 1171 * Updated for changes to libsepol. 1172 Changed semodule and semodule_package to use the shared libsepol. 1173 Disabled build of semodule_link and semodule_expand for now. 1174 Updated audit2why for relocated policydb internal headers, 1175 still needs to be converted to a shared lib interface. 1176 1177 1.27.5 2005-10-06 1178 * Fixed warnings in load_policy. 1179 1180 1.27.4 2005-10-06 1181 * Rewrote load_policy to use the new selinux_mkload_policy() 1182 interface provided by libselinux. 1183 1184 1.27.3 2005-09-28 1185 * Merged patch to update semodule to the new libsemanage API 1186 and improve the user interface from Karl MacMillan (Tresys). 1187 * Modified semodule for the create/connect API split. 1188 1189 1.27.2 2005-09-20 1190 * Merged run_init open_init_pty bug fix from Manoj Srivastava 1191 (unblock SIGCHLD). Bug reported by Erich Schubert. 1192 1193 1.27.1 2005-09-20 1194 * Merged error shadowing bug fix for restorecon from Dan Walsh. 1195 * Merged setfiles usage/man page update for -r option from Dan Walsh. 1196 * Merged fixfiles -C patch to ignore :s0 addition on update 1197 to a MCS/MLS policy from Dan Walsh. 1198 1199 1.26 2005-09-06 1200 * Updated version for release. 1201 1202 1.25.9 2005-08-31 1203 * Changed setfiles -c to translate the context to raw format 1204 prior to calling libsepol. 1205 1206 1.25.8 2005-08-31 1207 * Changed semodule to report errors even without -v, 1208 to detect extraneous arguments, and corrected usage message. 1209 1210 1.25.7 2005-08-25 1211 * Merged patch for fixfiles -C from Dan Walsh. 1212 1213 1.25.6 2005-08-22 1214 * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM). 1215 Bugs found by Coverity. 1216 1217 1.25.5 2005-08-02 1218 * Merged patch to move module read/write code from libsemanage 1219 to libsepol from Jason Tang (Tresys). 1220 1221 1.25.4 2005-07-27 1222 * Changed semodule* to link with libsemanage. 1223 1224 1.25.3 2005-07-26 1225 * Merged restorecon patch from Ivan Gyurdiev. 1226 1227 1.25.2 2005-07-11 1228 * Merged load_policy, newrole, and genhomedircon patches from Red Hat. 1229 1230 1.25.1 2005-07-06 1231 * Merged loadable module support from Tresys Technology. 1232 1233 1.24 2005-06-20 1234 * Updated version for release. 1235 1236 1.23.11 2005-05-19 1237 * Merged fixfiles and newrole patch from Dan Walsh. 1238 * Merged audit2why man page from Dan Walsh. 1239 1240 1.23.10 2005-05-16 1241 * Extended audit2why to incorporate booleans and local user 1242 settings when analyzing audit messages. 1243 1244 1.23.9 2005-05-13 1245 * Updated audit2why for sepol_ prefixes on Flask types to 1246 avoid namespace collision with libselinux, and to 1247 include <selinux/selinux.h> now. 1248 1249 1.23.8 2005-05-13 1250 * Added audit2why utility. 1251 1252 1.23.7 2005-04-29 1253 * Merged patch for fixfiles from Dan Walsh. 1254 Allow passing -F to force reset of customizable contexts. 1255 1256 1.23.6 2005-04-13 1257 * Fixed signed/unsigned pointer bug in load_policy. 1258 * Reverted context validation patch for genhomedircon. 1259 1260 1.23.5 2005-04-12 1261 * Reverted load_policy is_selinux_enabled patch from Dan Walsh. 1262 Otherwise, an initial policy load cannot be performed using 1263 load_policy, e.g. for anaconda. 1264 1265 1.23.4 2005-04-08 1266 * Merged load_policy is_selinux_enabled patch from Dan Walsh. 1267 * Merged restorecon verbose output patch from Dan Walsh. 1268 * Merged setfiles altroot patch from Chris PeBenito. 1269 1270 1.23.3 2005-03-17 1271 * Merged context validation patch for genhomedircon from Eric Paris. 1272 1273 1.23.2 2005-03-16 1274 * Changed setfiles -c to call set_matchpathcon_flags(3) to 1275 turn off processing of .homedirs and .local. 1276 1277 1.23.1 2005-03-14 1278 * Merged rewrite of genhomedircon by Eric Paris. 1279 * Changed fixfiles to relabel jfs since it now supports security xattrs 1280 (as of 2.6.11). Removed reiserfs until 2.6.12 is released with 1281 fixed support for reiserfs and selinux. 1282 1283 1.22 2005-03-09 1284 * Updated version for release. 1285 1286 1.21.22 2005-03-07 1287 * Merged restorecon and genhomedircon patch from Dan Walsh. 1288 1289 1.21.21 2005-02-28 1290 * Merged load_policy and genhomedircon patch from Dan Walsh. 1291 1292 1.21.20 2005-02-24 1293 * Merged fixfiles and genhomedircon patch from Dan Walsh. 1294 1295 1.21.19 2005-02-22 1296 * Merged several fixes from Ulrich Drepper. 1297 1298 1.21.18 2005-02-18 1299 * Changed load_policy to fall back to the original policy upon 1300 an error from sepol_genusers(). 1301 1302 1.21.17 2005-02-17 1303 * Merged new genhomedircon script from Dan Walsh. 1304 1305 1.21.16 2005-02-17 1306 * Changed load_policy to call sepol_genusers(). 1307 1308 1.21.15 2005-02-09 1309 * Changed relabel Makefile target to use restorecon. 1310 1311 1.21.14 2005-02-08 1312 * Merged restorecon patch from Dan Walsh. 1313 1314 1.21.13 2005-02-07 1315 * Merged sestatus patch from Dan Walsh. 1316 * Merged further change to fixfiles -C from Dan Walsh. 1317 1318 1.21.12 2005-02-02 1319 * Merged further patches for restorecon/setfiles -e and fixfiles -C. 1320 1321 1.21.11 2005-02-02 1322 * Merged patch for fixfiles -C option from Dan Walsh. 1323 * Merged patch -e support for restorecon from Dan Walsh. 1324 * Merged updated -e support for setfiles from Dan Walsh. 1325 1326 1.21.10 2005-01-31 1327 * Merged patch for open_init_pty from Manoj Srivastava. 1328 1329 1.21.9 2005-01-28 1330 * Merged updated fixfiles script from Dan Walsh. 1331 * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped. 1332 * Reverted fixfiles patch for file_contexts.local; 1333 obsoleted by setfiles rewrite. 1334 * Merged error handling patch for restorecon from Dan Walsh. 1335 * Merged semi raw mode for open_init_pty helper from Manoj Srivastava. 1336 1337 1.21.8 2005-01-28 1338 * Rewrote setfiles to use matchpathcon and the new interfaces 1339 exported by libselinux (>= 1.21.5). 1340 1341 1.21.7 2005-01-27 1342 * Prevent overflow of spec array in setfiles. 1343 1344 1.21.6 2005-01-27 1345 * Merged genhomedircon STARTING_UID bug fix from Dan Walsh. 1346 1347 1.21.5 2005-01-26 1348 * Merged newrole -l support from Darrel Goeddel (TCS). 1349 1350 1.21.4 2005-01-25 1351 * Merged fixfiles patch for file_contexts.local from Dan Walsh. 1352 1353 1.21.3 2005-01-21 1354 * Fixed restorecon to not treat errors from is_context_customizable() 1355 as a customizable context. 1356 * Merged setfiles/restorecon patch to not reset user field unless 1357 -F option is specified from Dan Walsh. 1358 1359 1.21.2 2005-01-21 1360 * Merged open_init_pty helper for run_init from Manoj Srivastava. 1361 * Merged audit2allow and genhomedircon man pages from Manoj Srivastava. 1362 1363 1.21.1 2005-01-19 1364 * Merged customizable contexts patch for restorecon/setfiles from Dan Walsh. 1365 1366 1.20 2005-01-06 1367 * Merged fixfiles rewrite from Dan Walsh. 1368 * Merged restorecon patch from Dan Walsh. 1369 * Merged fixfiles and restorecon patches from Dan Walsh. 1370 * Changed restorecon to ignore ENOENT errors from matchpathcon. 1371 * Merged nonls patch from Chris PeBenito. 1372 * Removed fixfiles.cron. 1373 * Merged run_init.8 patch from Dan Walsh. 1374 1375 1.18 2004-11-01 1376 * Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh. 1377 * Merged sestatus patch from Steve Grubb. 1378 * Merged fixfiles patch from Dan Walsh. 1379 * Added -l option to setfiles to log changes via syslog. 1380 * Merged -e option to setfiles to exclude directories. 1381 * Merged -R option to restorecon for recursive descent. 1382 * Merged sestatus patch from Steve Grubb via Dan Walsh. 1383 * Merged load_policy and fixfiles.cron patches from Dan Walsh. 1384 * Merged fix for setfiles context validation patch from Colin Walters. 1385 * Merged setfiles context validation patch from Colin Walters. 1386 * Merged genhomedircon patch from Russell Coker. 1387 * Merged restorecon patch from Russell Coker. 1388 1389 1.16 2004-08-13 1390 * Merged audit2allow fix from Tom London. 1391 * Merged load_policy man page from Dan Walsh. 1392 * Merged newrole bug fix from Chad Hanson. 1393 * Changed load_policy to preserve booleans by default. 1394 * Changed load_policy to invoke sepol_genbools() instead. 1395 * Changed load_policy to also invoke security_load_booleans(). 1396 * Merged genhomedircon fixes from Dan Walsh. 1397 * Changed restorecon to use realpath. 1398 * Merged fixfiles patch from Dan Walsh. 1399 * Merged genhomedircon patch from Russell Coker and Dan Walsh. 1400 * Merged fixfiles patch and fixfiles.cron script from Dan Walsh. 1401 * Merged stat fix for setfiles -s from Russell Coker. 1402 1403 1.14 2004-06-25 1404 * Merged fix for fixfiles. 1405 * Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh. 1406 * Merged updated genhomedircon script from Russell Coker. 1407 * Merged run_init patch to find initrc_context from Dan Walsh. 1408 * Merged fixfiles patch for /etc/selinux from Dan Walsh. 1409 * Merged restorecon patch from Dan Walsh. 1410 * Merged fixfiles patch from Dan Walsh. 1411 1412 1.12 2004-05-10 1413 * Merged newrole patch from Colin Walters. 1414 * Merged fixfiles from Dan Walsh. 1415 1416 1.10 2004-04-05 1417 * Changed setfiles to not abort upon lsetfilecon failures. 1418 * Merged sestatus from Chris PeBenito. 1419 * Merged fixes for restorecon. 1420 * Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie. 1421 * Merged restorecon patch from Dan Walsh. 1422 * Revert add_assoc change from setfiles. 1423 * Moved restorecon to /sbin. 1424 * Disable add_assoc in setfiles by default, use -a to enable. 1425 * Merged genhomedircon patch from Dan Walsh. 1426 * Merged restorecon patch from Dan Walsh. 1427 * Merged setfiles buffer size change from Dan Walsh. 1428 * Merged genhomedircon fix from Karl MacMillan of Tresys. 1429 This generates separate lines for each prefix. 1430 1431 1.8 2004-03-09 1432 * Merged genhomedircon patch from Karl MacMillan of Tresys. 1433 * Removed checkcon script (obsoleted by restorecon -nv). 1434 * Replaced restorecon script with C program from Dan Walsh. 1435 Uses the new matchpathcon function from libselinux. 1436 1437 1.6 2004-02-18 1438 * Fixed setfiles sorting problem reported by Colin Walters. 1439 * Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker. 1440 * Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh. 1441 * Quiet warning about duplicate same specifications if -q is used. 1442 * Fixed usage message of audit2allow. 1443 1444 1.4 2003-12-01 1445 * Merged patch from Russell Coker. 1446 * Added audit2allow (formerly newrules.pl from policy). 1447 * Dropped -lattr from Makefiles. 1448 * Merged setfiles check type first patch by Russell Coker. 1449 1450 1.2 2003-09-30 1451 * Merged run_init close file patch from Chris PeBenito. 1452 * Merged setfiles stem compression patch by Russell Coker. 1453 * Merged setfiles usage/getopt/err patch by Russell Coker. 1454 * Merged setfiles altroot patch by Hardened Gentoo team. 1455 * Merged i18n patch by Dan Walsh. 1456 * Changed Makefiles to allow non-root rpm builds. 1457 1458 1.1 2003-08-13 1459 * Dropped obsolete psid code from setfiles. 1460 1461 1.0 2003-07-11 1462 * Initial public release. 1463 1464
