Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.
Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call
matchpathcon_init_prefix if not already initialized.
Add -q qualifier for -V option of matchpathcon and change it to indicate
whether verification succeeded or failed via exit status.
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
libsepol-supported version when no manipulation of the binary policy is
needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
Disable setlocaldefs if no local boolean or users files are present from
Stephen Smalley.
Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen
Smalley.
dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
Based on a suggestion from Ulrich Drepper, defer regex compilation until we
have a stem match, by Stephen Smalley.
A further optimization would be to defer regex compilation until we have a
complete match of the constant prefix of the regex - TBD.
AVC enforcing mode override patch from Eamon Walsh.
Aligned attributes in AVC netlink code from Eamon Walsh.
- Move libselinux.so back into devel package, procps has been fixed
Merged refactored AVC netlink code from Eamon Walsh.
Merged new X label namespaces from Eamon Walsh.
Bux fix and minor refactoring in string representation code.
Class and permission mapping support patches from Eamon Walsh.
Object class discovery support patches from Chris PeBenito.
Refactoring and errno support in string representation code.
Merged patch to reduce size of libselinux and remove need for libsepol for
embedded systems from Yuichi Nakamura. This patch also turns the
link-time dependency on libsepol into a runtime (dlopen) dependency
even in the non-embedded case.
Merged userspace AVC patch to follow kernel's behavior for permissive mode
in caching previous denials from Eamon Walsh.
Merged sidput(NULL) patch from Eamon Walsh.
the use of the non-standard format %as. (original patch changed for
style).
Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
- Add context function to python to split context into 4 parts
