* remove build warning when build swig c files
* additional makefile support for rubywrap
* ignore 80 column limit for readability
* semanage_store: fix snprintf length argument by using asprintf
* Use default semanage.conf as a fallback
* use after free in python bindings
* Alternate path for semanage.conf
* do not link against libpython, this is considered bad in Debian
* Allow to build for several ruby version
* fallback-user-level
* Alternate path for semanage.conf
* do not link against libpython, this is considered bad in Debian
* Allow to build for several ruby version
* fallback-user-level
2.1.2 2011-08-17
* print error debug info for buggy fc
* introduce semanage_set_root and friends
* throw exceptions in python rather than return
* python3 support.
* patch for MCS/MLS in user files
2.1.2 2011-08-17
* print error debug info for buggy fc
* introduce semanage_set_root and friends
* throw exceptions in python rather than return
* python3 support.
* patch for MCS/MLS in user files
2.1.2 2011-08-17
* print error debug info for buggy fc
* introduce semanage_set_root and friends
* throw exceptions in python rather than return
* python3 support.
* patch for MCS/MLS in user files
* Thu Dec 30 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.46-2
- big reworking of the support-multiple-python-builds patch to deal with
PEP 3149: the latest Python 3.2 onwards uses include paths and library names
that don't fit prior naming patterns, and so we must query python3-config for
this information. To complicate things further, python 2's python-config
doesn't understand all of the options needed ("--extension-suffix"). I've
thus added new Makefile variables as needed, to be supplied by the specfile by
invoking the appropriate config tool (or by hardcoding the old value for
"--extension-suffix" i.e. ".so")
- rework python3 manifest for PEP 3149, and rebuild for newer python3
Add enable/disable patch support from Dan Walsh.
Add usepasswd flag to semanage.conf to disable genhomedircon using passwd
from Dan Walsh.
regenerate swig wrappers
Change semodule upgrade behavior to install even if the module is not
present from Dan Walsh.
Make genhomedircon trim excess '/' from homedirs from Dan Walsh.
Enable configuration of bzip behavior from Stephen Smalley.
bzip-blocksize=0 to disable compression and decompression support.
bzip-blocksize=1..9 to set the blocksize for compression.
bzip-small=true to reduce memory usage for decompression.
Modify genhomedircon to skip %groupname entries. Ultimately we need to
expand them to the list of users to support per-role homedir labeling
when using the %groupname syntax.
Call rmdir() rather than remove() on directory removal so that errno isn't
polluted from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
Smalley.
Call rmdir() rather than remove() on directory removal so that errno isn't
polluted from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
Smalley.
Fix error checking on getpw*_r functions from Todd Miller.
Make genhomedircon skip invalid homedir contexts from Todd Miller.
Set default user and prefix from seusers from Dan Walsh.
Add swigify Makefile target from Dan Walsh.
Pass CFLAGS to CC even on link command, per Dennis Gilmore.
Clear errno on non-fatal errors to avoid reporting them upon a later error
that does not set errno.
Improve reporting of system errors, e.g. full filesystem or read-only
filesystem from Stephen Smalley.
Merged optimizations from Stephen Smalley.
- do not set all booleans upon commit, only those whose values have changed
- only install the sandbox upon commit if something was rebuilt
Merged Makefile test target patch from Caleb Case.
Merged get_commit_number function rename patch from Caleb Case.
Merged strnlen -> strlen patch from Todd Miller.
Merged patch to optionally reduce disk usage by removing the backup module
store and linked policy from Karl MacMillan
Merged patch to correctly propagate return values in libsemanage
Merged patch to optionally reduce disk usage by removing the backup module
store and linked policy from Karl MacMillan
Merged patch to correctly propagate return values in libsemanage
Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to
prevent hitting the global offest table limit. Patch changed to include
libselinux and libsemanage in addition to libsepol.
dbase_file_cache: deref of uninit data on error path. dbase_policydb_cache:
clear fp to avoid double fclose semanage_fc_sort: destroy temp on error
paths
Merged updated file context sorting patch from Christopher Ashworth, with
bug fix for escaped character flag.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
- Upgrade to latest from NSA
Merged abort early on merge errors patch from Ivan Gyurdiev.
Cleaned up error handling in semanage_split_fc based on a patch by Serge
Hallyn (IBM) and suggestions by Ivan Gyurdiev.
Merged MLS handling fixes from Ivan Gyurdiev.
Merged paths array patch from Ivan Gyurdiev.
Merged bug fix patch from Ivan Gyurdiev.
Merged improve bindings patch from Ivan Gyurdiev.
Merged use PyList patch from Ivan Gyurdiev.
Merged memory leak fix patch from Ivan Gyurdiev.
Merged nodecon support patch from Ivan Gyurdiev.
Merged cleanups patch from Ivan Gyurdiev.
Merged split swig patch from Ivan Gyurdiev.
Merged optionals in base patch from Joshua Brindle.
Merged treat seusers/users_extra as optional sections patch from Ivan
Gyurdiev.
Merged parse_optional fixes from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
- separate file rw code from linked list
- annotate objects
- fold together internal headers
- support ordering of records in compare function
- add active dbase backend, active booleans
- return commit numbers for ro database calls
- use modified flags to skip rebuild whenever possible
- enable port interfaces
- update swig interfaces and typemaps
- add an API for file_contexts.local and file_contexts
- flip the traversal order in iterate/list
- reorganize sandbox_expand
- add seusers MLS validation
- improve dbase spec/documentation
- clone record on set/add/modify
- separate file rw code from linked list
- annotate objects
- fold together internal headers
- support ordering of records in compare function
- add active dbase backend, active booleans
- return commit numbers for ro database calls
- use modified flags to skip rebuild whenever possible
- enable port interfaces
- update swig interfaces and typemaps
- add an API for file_contexts.local and file_contexts
- flip the traversal order in iterate/list
- reorganize sandbox_expand
- add seusers MLS validation
- improve dbase spec/documentation
- clone record on set/add/modify
Merged further header cleanups from Ivan Gyurdiev.
Merged toggle modified flag in policydb_modify, fix memory leak in
clear_obsolete, polymorphism vs headers fix, and include guards for
internal headers patches from Ivan Gyurdiev.
Merged toggle modified flag in policydb_modify, fix memory leak in
clear_obsolete, polymorphism vs headers fix, and include guards for
internal headers patches from Ivan Gyurdiev.
Added file-mode= setting to semanage.conf, default to 0644. Changed
semanage_copy_file and callers to use this mode when installing policy
files to runtime locations.
Changed semanage_handle_create() to set do_reload based on
is_selinux_enabled(). This prevents improper attempts to load policy on
a non-SELinux system.
Merged wrap char*** for user_get_roles patch from Joshua Brindle.
Merged remove defrole from sepol patch from Ivan Gyurdiev.
Merged swig wrappers for modifying users and seusers from Joshua Brindle.
Fixed free->key_free bug.
Merged clear obsolete patch from Ivan Gyurdiev.
Merged modified swigify patch from Dan Walsh (original patch from Joshua
Brindle).
Merged move genhomedircon call patch from Chad Sellers.
Fixed free->key_free bug.
Merged clear obsolete patch from Ivan Gyurdiev.
Merged modified swigify patch from Dan Walsh (original patch from Joshua
Brindle).
Merged move genhomedircon call patch from Chad Sellers.
Merged cleanup patch from Ivan Gyurdiev. This renames semanage_module_conn
to semanage_direct_handle, and moves sepol handle create/destroy into
semanage handle create/destroy to allow use even when disconnected (for
the record interfaces).
Clear modules modified flag upon disconnect and commit.
Added tracking of module modifications and use it to determine whether
expand-time checks should be applied on commit.
Reverted semanage_set_reload_bools() interface.
Disabled calls to port dbase for merge and commit and stubbed out calls to
sepol_port interfaces since they are not exported.
Merged rename instead of copy patch from Joshua Brindle (Tresys).
Added hidden_def/hidden_proto for exported symbols used within libsemanage
to eliminate relocations. Wrapped type definitions in exported headers
as needed to avoid conflicts. Added src/context_internal.h and
src/iface_internal.h.
Added semanage_is_managed() interface to allow detection of whether the
policy is managed via libsemanage. This enables proper handling in
setsebool for non-managed systems.
Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, to enable
runtime control over preserving active boolean values versus reloading
their saved settings upon commit.
