dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
Based on a suggestion from Ulrich Drepper, defer regex compilation until we
have a stem match, by Stephen Smalley.
A further optimization would be to defer regex compilation until we have a
complete match of the constant prefix of the regex - TBD.
Merged userspace AVC patch to follow kernel's behavior for permissive mode
in caching previous denials from Eamon Walsh.
Merged sidput(NULL) patch from Eamon Walsh.
the use of the non-standard format %as. (original patch changed for
style).
Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
- Add context function to python to split context into 4 parts
Merged setrans client support from Dan Walsh. This removes use of
libsetrans.
Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
Merged swig typemap fixes from Glauber de Oliveira Costa.
- Upgrade to latest from NSA
Updated version for release.
Altered rpm_execcon fallback logic for permissive mode to also handle case
where /selinux/enforce is not available.
Added security_canonicalize_context() interface and
set_matchpathcon_canoncon() interface for obtaining canonical contexts.
Changed matchpathcon internals to obtain canonical contexts by default.
Provided fallback for kernels that lack extended selinuxfs context
interface.
- Patch to not translate mls when calling setfiles
Merged get_default_context_with_rolelevel and man pages from Dan Walsh (Red
Hat).
Updated call to sepol_policydb_to_image for sepol changes.
Changed getseuserbyname to ignore empty lines and to handle no matching
entry in the same manner as no seusers file.
Merged modified form of patch to avoid dlopen/dlclose by the static
libselinux from Dan Walsh. Users of the static libselinux will not have
any context translation by default.
Hid translation-related symbols entirely and ensured that raw functions
have hidden definitions for internal use.
Allowed setting NULL via context_set* functions.
Allowed whitespace in MLS component of context.
Changed rpm_execcon to use translated functions to workaround lack of MLS
level on upgraded systems.
Merged several fixes for error handling paths in the AVC sidtab,
matchpathcon, booleans, context, and get_context_list code from Serge
Hallyn (IBM). Bugs found by Coverity.
Removed setupns; migrated to pam.
Merged patches to rename checkPasswdAccess() from Joshua Brindle. Original
symbol is temporarily retained for compatibility until all callers are
updated.
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
allow variable MLS fields.
Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
Added selinux_users_path() for path to directory containing system.users
and local.users.
Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
- Add strcasecmp in selinux_config
- Update from NSA
Changed avc_has_perm_noaudit to not fail on netlink errors.
Changed avc netlink code to check pid based on patch by Steve Grubb.
Merged second optimization patch from Ulrich Drepper.
Changed matchpathcon to skip invalid file_contexts entries.
Made string tables private to libselinux.
Merged strcat->stpcpy patch from Ulrich Drepper.
Merged matchpathcon man page from Dan Walsh.
Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.
Thu Aug 26 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
- Add matchpathcon man page
- Latest from NSA
Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.
Mon Jul 19 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-3
- uppercase getenforce returns, to make them match
system-config-securitylevel
Thu Jul 15 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-2
- Remove old path patch
Thu Jul 08 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
- Update to latest from NSA
- Add fix to only get old path if file_context file exists in old location
Mon May 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
- add man patch
Fri May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
- Update with latest from NSA
Wed May 05 2004 Dan Walsh <dwalsh@redhat.com> 1.11.4-1
- Update with latest from NSA
Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1
- Add changes for relaxed policy
- Update to match NSA
Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1
- Add relaxed policy changes
Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
- Sync with NSA
Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-3
- Remove requires glibc>2.3.4
Wed Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 1.11-2
- Fix selinuxenabled man page.
Wed Apr 07 2004 Dan Walsh <dwalsh@redhat.com> 1.11-1
- Upgrade to 1.11
Wed Apr 07 2004 Dan Walsh <dwalsh@redhat.com> 1.10-2
- Add memleaks patch
Wed Apr 07 2004 Dan Walsh <dwalsh@redhat.com> 1.10-1
- Upgrade to latest from NSA and add more man pages
Thu Apr 01 2004 Dan Walsh <dwalsh@redhat.com> 1.9-1
- Update to match NSA
- Cleanup some man pages
Tue Mar 30 2004 Dan Walsh <dwalsh@redhat.com> 1.8-1
- Upgrade to latest from NSA
Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-6
- Add Russell's Man pages
Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-5
- Change getenforce to also check is_selinux_enabled
Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-4
- Add ownership to /usr/include/selinux