* policycoreutils
* setfiles: Fix process_glob to handle error situations
* sandbox: Allow seunshare to run as root
* sandbox: trap sigterm to make sure sandbox
* sandbox: pass DPI from the desktop
* sandbox: seunshare: introduce helper spawn_command
* sandbox: seunshare: introduce new filesystem helpers
* sandbox: add -C option to not drop
* sandbox: split seunshare caps dropping
* sandbox: use dbus-launch
* sandbox: numerous simple updates to sandbox
* sandbox: do not require selinux context
* sandbox: Makefile: new man pages
* sandbox: rename dir to srcdir
* sandbox: allow users specify sandbox window size
* sandbox: check for paths up front
* sandbox: use defined values for paths rather
* sandbox: move seunshare globals to the top
* sandbox: whitespace fix
* semodule_package: Add semodule_unpackage executable
* setfiles: get rid of some stupid globals
* setfiles: move exclude_non_seclabel_mounts to a generic location
* sepolgen
* refparser: include open among valid permissions
* refparser: add support for filename_trans rules
2.1.4 2011-08-17
* run_init: clarification of the usage in the
* semanage: fix usage header around booleans
* semanage: remove useless empty lines
* semanage: update man page with new examples
* semanage: update usage text
* semanage: introduce file context equivalencies
* semanage: enable and disable modules
* semanage: output all local modifications
* semanage: introduce extraction of local configuration
* semanage: cleanup error on invalid operation
* semanage: handle being called with no arguments
* semanage: return sooner to save CPU time
* semanage: surround getopt with try/except
* semanage: use define/raise instead of lots of
* semanage: some options are only valid for
* semanage: introduce better deleteall support
* semanage: do not allow spaces in file
* semanage: distinguish between builtin and local permissive
* semanage: centralized ip node handling
* setfiles: make the restore function exclude() non-static
* setfiles: use glob to handle ~ and
* fixfiles: do not hard code types
* fixfiles: stop trying to be smart about
* fixfiles: use new kernel seclabel option
* fixfiles: pipe everything to cat before sending
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
* semodule: support for alternative root paths
- Update to upstream
* Fixed bug preventing semanage node -a from working
from Chad Sellers
* Fixed bug preventing semanage fcontext -l from working
from Chad Sellers
- Change semanage to use unicode
- Update to upstream
* Fixed bug preventing semanage node -a from working
from Chad Sellers
* Fixed bug preventing semanage fcontext -l from working
from Chad Sellers
- Change semanage to use unicode
- Update to upstream
* Remove setrans management from semanage, as it does not work
from Dan Walsh.
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
- Update to upstream
* Change semodule upgrade behavior to install even if the module
is not present from Dan Walsh.
* Make setfiles label if selinux is disabled and a seclabel aware
kernel is running from Caleb Case.
* Clarify forkpty() error message in run_init from Manoj Srivastava.
- Update to upstream
* Add semanage dontaudit to turn off dontaudits from Dan Walsh.
* Fix semanage to set correct mode for setrans file from Dan Walsh.
* Fix malformed dictionary in portRecord from Dan Walsh.
* Restore symlink handling support to restorecon based on a patch by
Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
udev scripts that was broken by policycoreutils 2.0.70.
- Update to upstream
* Add semanage dontaudit to turn off dontaudits from Dan Walsh.
* Fix semanage to set correct mode for setrans file from Dan Walsh.
* Fix malformed dictionary in portRecord from Dan Walsh.
* Restore symlink handling support to restorecon based on a patch by
Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
udev scripts that was broken by policycoreutils 2.0.70.
- Fix chcat to report error on non existing file
- Update to upstream
* Modify setfiles/restorecon checking of exclude paths. Only check
user-supplied exclude paths (not automatically generated ones based on
lack of seclabel support), don't require them to be directories, and
ignore permission denied errors on them (it is ok to exclude a path to
which the caller lacks permission).
- Fix chcat to report error on non existing file
- Update to upstream
* Modify setfiles/restorecon checking of exclude paths. Only check
user-supplied exclude paths (not automatically generated ones based on
lack of seclabel support), don't require them to be directories, and
ignore permission denied errors on them (it is ok to exclude a path to
which the caller lacks permission).
- Fix chcat to report error on non existing file
- Update to upstream
* Modify setfiles/restorecon checking of exclude paths. Only check
user-supplied exclude paths (not automatically generated ones based on
lack of seclabel support), don't require them to be directories, and
ignore permission denied errors on them (it is ok to exclude a path to
which the caller lacks permission).
- Update to upstream
* Modify restorecon to only call realpath() on user-supplied pathnames
from Stephen Smalley.
* Fix typo in fixfiles that prevented it from relabeling btrfs
filesystems from Dan Walsh.
- Fix location of man pages
- Update to upstream
* Modify setfiles to exclude mounts without seclabel option in
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
Pardy and Dan Walsh.
* setfiles converted to fts from Thomas Liu.
- Update to upstream
* Keep setfiles from spamming console from Dan Walsh.
* Fix chcat's category expansion for users from Dan Walsh.
- Update po files
- Fix sepolgen
- Update to upstream
* Fix transaction checking from Dan Walsh.
* Make fixfiles -R (for rpm) recursive.
* Make semanage permissive clean up after itself from Dan Walsh.
* add /root/.ssh/* to restorecond.conf
- Update to upstream
* Add btrfs to fixfiles from Dan Walsh.
* Remove restorecond error for matching globs with multiple hard links
and fix some error messages from Dan Walsh.
* Make removing a non-existant module a warning rather than an error
from Dan Walsh.
* Man page fixes from Dan Walsh.
- Update to upstream
* chcat: cut categories at arbitrary point (25) from Dan Walsh
* semodule: use new interfaces in libsemanage for compressed files
from Dan Walsh
* audit2allow: string changes for usage
- Update to upstream
* chcat: cut categories at arbitrary point (25) from Dan Walsh
* semodule: use new interfaces in libsemanage for compressed files
from Dan Walsh
* audit2allow: string changes for usage
- Fix semanage help display
- Update to upstream
* fixfiles will now remove all files in /tmp and will check for
unlabeled_t in /tmp and /var/tmp from Dan Walsh.
* add glob support to restorecond from Dan Walsh.
* allow semanage to handle multi-line commands in a single transaction
from Dan Walsh.
- Update to upstream
* Add support for boolean files and group support for seusers from Dan Walsh.
* Ensure that setfiles -p output is newline terminated from Russell Coker.
- Update to upstream
* Remove security_check_context calls for prefix validation from semanage.
* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
- Update to upstream
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
* Merged a second fixfiles -C fix from Marshall Miller.
- Update to upstream
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
- Update to upstream
* Tue Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-4
- Fix sepolgen to be able to parse Fedora 9 policy
Handle ifelse statements
Handle refpolicywarn inside of define
Add init.if and inetd.if into parse
Add parse_file to syntax error message
- Upgrade from NSA
* Drop verbose output on fixfiles -C from Dan Walsh.
* Fix argument handling in fixfiles from Dan Walsh.
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
- Fix handling of final screen in polgengui
- Remove no.po
- Update to upstream
* Fix semodule option handling from Dan Walsh.
* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
- Update to upstream
* Update semodule man page for -D from Dan Walsh.
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
- Upgrade version of sepolgen from NSA
* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.
* Suppress generation of rules for non-denials from Karl MacMillan (take 3).
- Update semodule man page
* Fix genhomedircon searching for USER from Todd Miller
* Install run_init with mode 0755 from Dan Walsh.
* Fix chcat from Dan Walsh.
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
* Optimize genhomedircon to compile regexes once from Dan Walsh.
* Fix semanage gettext call from Dan Walsh.
- Update to match NSA
* Merged genhomedircon fixes from Dan Walsh.
* Merged setfiles -c usage fix from Dan Walsh.
* Merged restorecon fix from Yuichi Nakamura.
* Dropped -lsepol where no longer needed.
- Updated version of policycoreutils
* Merged support for modifying the prefix via semanage from Dan Walsh.
- Fixed genhomedircon to find homedirs correctly.
- Updated version of policycoreutils
* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
- Updated version of sepolgen
* Merged updates to sepolgen-ifgen from Karl MacMillan.
* Merged updates to sepolgen parser and tools from Karl MacMillan.
This includes improved debugging support, handling of interface
calls with list parameters, support for role transition rules,
updated range transition rule support, and looser matching.
- Update to upstream
* Merged restorecond init script LSB compliance patch from Steve Grubb.
-sepolgen
* Merged better matching for refpolicy style from Karl MacMillan
* Merged support for extracting interface paramaters from interface calls from Karl MacMillan
* Merged support for parsing USER_AVC audit messages from Karl MacMillan.
- Update to upstream
- policycoreutils
* Merged newrole O_NONBLOCK fix from Linda Knippers.
* Merged sepolgen and audit2allow patches to leave generated files
in the current directory from Karl MacMillan.
* Merged restorecond memory leak fix from Steve Grubb.
-sepolgen
* Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan.
* Merged patch to make run-tests.py use unittest.main from Karl MacMillan.
* Merged patch to update PLY from Karl MacMillan.
* Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan.
- Update to upstream
* Merged translations update from Dan Walsh.
* Merged chcat fixes from Dan Walsh.
* Merged man page fixes from Dan Walsh.
* Merged seobject prefix validity checking from Dan Walsh.
* Merged Makefile and refparser.py patch from Dan Walsh.
Fixes PYTHONLIBDIR definition and error handling on interface files.
- Update to upstream
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
* Fixed newrole non-pam build.
- Fix Changelog and spelling error in man page
- Update to upstream
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
* Fixed newrole non-pam build.
- Update to upstream
* Merged unicode-to-string fix for seobject audit from Dan Walsh.
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
* Tue Jan 16 2007 Dan Walsh <dwalsh@redhat.com> 1.33.14-1
* Merged newrole man page patch from Michael Thompson.
* Merged patch to fix python unicode problem from Dan Walsh.
- Want to update to match api
- Update to upstream
* Merged newrole securetty check from Dan Walsh.
* Merged semodule patch to generalize list support from Karl MacMillan.
Resolves: #200110
- Update to upstream
* Merged patch to correctly handle a failure during semanage handle
creation from Karl MacMillan.
* Merged patch to fix seobject role modification from Dan Walsh.
- Update to upstream
* Merged patches from Dan Walsh to:
- omit the optional name from audit2allow
- use the installed python version in the Makefiles
- re-open the tty with O_RDWR in newrole
- Upstream accepted my patches
* Merged setsebool patch from Karl MacMillan.
This fixes a bug reported by Yuichi Nakamura with
always setting booleans persistently on an unmanaged system.
