Merged several fixes for error handling paths in the AVC sidtab,
matchpathcon, booleans, context, and get_context_list code from Serge
Hallyn (IBM). Bugs found by Coverity.
Removed setupns; migrated to pam.
Merged patches to rename checkPasswdAccess() from Joshua Brindle. Original
symbol is temporarily retained for compatibility until all callers are
updated.
Merged avcstat and selinux man page from Dan Walsh.
Changed security_load_booleans to process booleans.local even if booleans
file doesn't exist.
Fri Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
- Fix avcstat to clear totals
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
allow variable MLS fields.
Added set_matchpathcon_flags() function for setting flags controlling
operation of matchpathcon. MATCHPATHCON_BASEONLY means only process the
base file_contexts file, not file_contexts.homedirs or
file_contexts.local, and is for use by setfiles -c.
Updated matchpathcon.3 man page.
Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
Added selinux_users_path() for path to directory containing system.users
and local.users.
Modified avc_dump_av to explicitly check for any permissions that cannot be
mapped to string names and display them as a hex value.
Regenerated av_permissions.h.
Generalized matchpathcon internals, exported more interfaces, and moved
additional code from setfiles into libselinux so that setfiles can
directly use matchpathcon.
Prevent overflow of spec array in matchpathcon.
Fixed several uses of internal functions to avoid relocations.
Changed rpm_execcon to check is_selinux_enabled() and fallback to a regular
execve if not enabled (or unable to determine due to a lack of /proc,
e.g. chroot'd environment).
Removed some trivial utils that were not useful or redundant.
Changed BINDIR default to /usr/sbin to match change in Fedora.
Added security_compute_member.
Added man page for setcon.
Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
- Add strcasecmp in selinux_config
- Update from NSA
Changed avc_has_perm_noaudit to not fail on netlink errors.
Changed avc netlink code to check pid based on patch by Steve Grubb.
Merged second optimization patch from Ulrich Drepper.
Changed matchpathcon to skip invalid file_contexts entries.
Made string tables private to libselinux.
Merged strcat->stpcpy patch from Ulrich Drepper.
Merged matchpathcon man page from Dan Walsh.
Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.
Thu Aug 26 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
- Add matchpathcon man page
- Latest from NSA
Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.
Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.1-1
- Latest from NSA
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.