- Updated version of sepolgen
* Merged updates to sepolgen-ifgen from Karl MacMillan.
* Merged updates to sepolgen parser and tools from Karl MacMillan.
This includes improved debugging support, handling of interface
calls with list parameters, support for role transition rules,
updated range transition rule support, and looser matching.
- Update to upstream
* Merged restorecond init script LSB compliance patch from Steve Grubb.
-sepolgen
* Merged better matching for refpolicy style from Karl MacMillan
* Merged support for extracting interface paramaters from interface calls from Karl MacMillan
* Merged support for parsing USER_AVC audit messages from Karl MacMillan.
- Update to upstream
- policycoreutils
* Merged newrole O_NONBLOCK fix from Linda Knippers.
* Merged sepolgen and audit2allow patches to leave generated files
in the current directory from Karl MacMillan.
* Merged restorecond memory leak fix from Steve Grubb.
-sepolgen
* Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan.
* Merged patch to make run-tests.py use unittest.main from Karl MacMillan.
* Merged patch to update PLY from Karl MacMillan.
* Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan.
- Update to upstream
- policycoreutils
* Merged newrole O_NONBLOCK fix from Linda Knippers.
* Merged sepolgen and audit2allow patches to leave generated files
in the current directory from Karl MacMillan.
* Merged restorecond memory leak fix from Steve Grubb.
-sepolgen
* Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan.
* Merged patch to make run-tests.py use unittest.main from Karl MacMillan.
* Merged patch to update PLY from Karl MacMillan.
* Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan.
- Update to upstream
* Merged translations update from Dan Walsh.
* Merged chcat fixes from Dan Walsh.
* Merged man page fixes from Dan Walsh.
* Merged seobject prefix validity checking from Dan Walsh.
* Merged Makefile and refparser.py patch from Dan Walsh.
Fixes PYTHONLIBDIR definition and error handling on interface files.
- Update to upstream
* Merged translations update from Dan Walsh.
* Merged chcat fixes from Dan Walsh.
* Merged man page fixes from Dan Walsh.
* Merged seobject prefix validity checking from Dan Walsh.
* Merged Makefile and refparser.py patch from Dan Walsh.
Fixes PYTHONLIBDIR definition and error handling on interface files.
- Update to upstream
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
* Fixed newrole non-pam build.
- Fix Changelog and spelling error in man page
- Update to upstream
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
* Fixed newrole non-pam build.
- Fix Changelog and spelling error in man page
- Update to upstream
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
* Fixed newrole non-pam build.
- Update to upstream
* Merged unicode-to-string fix for seobject audit from Dan Walsh.
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
* Tue Jan 16 2007 Dan Walsh <dwalsh@redhat.com> 1.33.14-1
* Merged newrole man page patch from Michael Thompson.
* Merged patch to fix python unicode problem from Dan Walsh.
- Want to update to match api
- Update to upstream
* Merged newrole securetty check from Dan Walsh.
* Merged semodule patch to generalize list support from Karl MacMillan.
Resolves: #200110
- Update to upstream
* Merged patch to correctly handle a failure during semanage handle
creation from Karl MacMillan.
* Merged patch to fix seobject role modification from Dan Walsh.
- Update to upstream
* Merged patches from Dan Walsh to:
- omit the optional name from audit2allow
- use the installed python version in the Makefiles
- re-open the tty with O_RDWR in newrole
- Upstream accepted my patches
* Merged setsebool patch from Karl MacMillan.
This fixes a bug reported by Yuichi Nakamura with
always setting booleans persistently on an unmanaged system.
- Add newrole audit patch from sgrubb
- Update to upstream
* Merged audit2allow -l fix from Yuichi Nakamura.
* Merged restorecon -i and -o - support from Karl MacMillan.
* Merged semanage/seobject fix from Dan Walsh.
* Merged fixfiles -R and verify changes from Dan Walsh.
- Add newrole audit patch from sgrubb
- Update to upstream
* Merged audit2allow -l fix from Yuichi Nakamura.
* Merged restorecon -i and -o - support from Karl MacMillan.
* Merged semanage/seobject fix from Dan Walsh.
* Merged fixfiles -R and verify changes from Dan Walsh.
- Change setfiles and restorecon to use stderr except for -o flag
- Also -o flag will now output files
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-5
- Put back Erich's change
- Security fixes to run python in a more locked down manner
- More Translations
- Update to upstream
* Merged fix for restorecon // handling from Erich Schubert.
* Merged translations update and fixfiles fix from Dan Walsh.
- Update to upstream
* Merged patch from Dan Walsh with:
* audit2allow: process MAC_POLICY_LOAD events
* newrole: run shell with - prefix to start a login shell
* po: po file updates
* restorecond: bail if SELinux not enabled
* fixfiles: omit -q
* genhomedircon: fix exit code if non-root
* semodule_deps: install man page
* Merged secon Makefile fix from Joshua Brindle.
* Merged netfilter contexts support patch from Chris PeBenito.
- Update to upstream
* Merged restorecond size_t fix from Joshua Brindle.
* Merged secon keycreate patch from Michael LeMay.
* Merged restorecond fixes from Dan Walsh.
Merged updated po files from Dan Walsh.
* Merged python gettext patch from Stephen Bennett.
* Merged semodule_deps from Karl MacMillan.
- Update to upstream
* Lindent.
* Merged patch from Dan Walsh with:
* -p option (progress) for setfiles and restorecon.
* disable context translation for setfiles and restorecon.
* on/off values for setsebool.
* Merged setfiles and semodule_link fixes from Joshua Brindle.
* Thu Jun 22 2006 Dan Walsh <dwalsh@redhat.com> 1.30.14-5
- Add progress indicator on fixfiles/setfiles/restorecon
- Update to upstream
* Merged fix for setsebool error path from Serge Hallyn.
* Merged patch from Dan Walsh with:
* Updated po files.
* Fixes for genhomedircon and seobject.
* Audit message for mass relabel by setfiles.
- Update to upstream
* Merged more translations from Dan Walsh.
* Merged patch to relocate setfiles to /sbin for early relabel
when /usr might not be mounted from Dan Walsh.
* Merged semanage/seobject patch to preserve fcontext ordering in list.
* Merged secon patch from James Antill.
- Update to upstream
* Merged more translations from Dan Walsh.
* Merged patch to relocate setfiles to /sbin for early relabel
when /usr might not be mounted from Dan Walsh.
* Merged semanage/seobject patch to preserve fcontext ordering in list.
* Merged secon patch from James Antill.
- secon fixes for --self-exec etc.
- secon change from level => sensitivity, add clearance.
- Add mass relabel AUDIT patch, but disable it until kernel problem solved.
- Update to upstream
* Fixed audit2allow and po Makefiles for DESTDIR= builds.
* Merged .po file patch from Dan Walsh.
* Merged bug fix for genhomedircon.
- Update to upstream
* Merged fix warnings patch from Karl MacMillan.
* Merged patch from Dan Walsh.
This includes audit2allow changes for analysis plugins,
internationalization support for several additional programs
and added po files, some fixes for semanage, and several cleanups.
It also adds a new secon utility.
- Add /etc/samba/secrets.tdb to restorecond.conf
- Update from upstream
* Merged semanage prefix support from Russell Coker.
* Added a test to setfiles to check that the spec file is
a regular file.
- Update from upstream
* Merged audit2allow fixes for refpolicy from Dan Walsh.
* Merged fixfiles patch from Dan Walsh.
* Merged restorecond daemon from Dan Walsh.
* Merged semanage non-MLS fixes from Chris PeBenito.
* Merged semanage and semodule man page examples from Thomas Bleher.
- Update from upstream
* Merged semanage bug fix patch from Ivan Gyurdiev.
* Merged improve bindings patch from Ivan Gyurdiev.
* Merged semanage usage patch from Ivan Gyurdiev.
* Merged use PyList patch from Ivan Gyurdiev.
- Update from upstream
* Merged newrole -V/--version support from Glauber de Oliveira Costa.
* Merged genhomedircon prefix patch from Dan Walsh.
* Merged optionals in base patch from Joshua Brindle.
- Update from upstream
* Merged seuser/user_extra support patch to semodule_package
from Joshua Brindle.
* Merged getopt type fix for semodule_link/expand and sestatus
from Chris PeBenito.
- Fix genhomedircon output
- Update from upstream
* Merged newrole audit patch from Steve Grubb.
* Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
* Merged semanage and semodule access check patches from Joshua Brindle.
* Wed Jan 25 2006 Dan Walsh <dwalsh@redhat.com> 1.29.12-1
- Add a default of /export/home
- Added translation support to semanage
- Update from upstream
* Modified newrole and run_init to use the loginuid when
supported to obtain the Linux user identity to re-authenticate,
and to fall back to real uid. Dropped the use of the SELinux
user identity, as Linux users are now mapped to SELinux users
via seusers and the SELinux user identity space is separate.
* Merged semanage bug fixes from Ivan Gyurdiev.
* Merged semanage fixes from Russell Coker.
* Merged chcat.8 and genhomedircon patches from Dan Walsh.
- Update to match NSA
* Merged semanage fixes from Ivan Gyurdiev.
* Merged semanage fixes from Russell Coker.
* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
- Update to match NSA
* Merged newrole cleanup patch from Steve Grubb.
* Merged setfiles/restorecon performance patch from Russell Coker.
* Merged genhomedircon and semanage patches from Dan Walsh.
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
- Update to match NSA
* Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- cleanup setsebool
- update setsebool to apply active booleans through libsemanage
- update semodule to use the new semanage_set_rebuild() interface
- fix various bugs in semanage
* Merged patch from Dan Walsh (Red Hat).
This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
and semanage.
- Update to match NSA
* Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
* Merged patch series from Ivan Gyurdiev.
This includes patches to:
- cleanup setsebool
- update setsebool to apply active booleans through libsemanage
- update semodule to use the new semanage_set_rebuild() interface
- fix various bugs in semanage
* Merged patch from Dan Walsh (Red Hat).
This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
and semanage.
- Add try catch for files that may not exists
* Mon Dec 19 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-3
- Remove commands from genhomedircon for installer
- Update to match NSA
* Merged fix for audit2allow long option list from Dan Walsh.
* Merged -r option for restorecon (alias for -R) from Dan Walsh.
* Merged chcat script and man page from Dan Walsh.
- Update to match NSA
- Add chcat to policycoreutils, adding +/- syntax
`
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-2
- Require new version of libsemanage
- Update to match NSA
- Add chcat to policycoreutils, adding +/- syntax
`
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-2
- Require new version of libsemanage
- Update to match NSA
* Changed genhomedircon to warn on use of ROLE in homedir_template
if using managed policy, as libsemanage does not yet support it.
* Added -B (--build) option to semodule to force a rebuild.
* Reverted setsebool patch to call semanage_set_reload_bools().
* Changed setsebool to disable policy reload and to call
security_set_boolean_list to update the runtime booleans.
* Changed setfiles -c to use new flag to set_matchpathcon_flags()
to disable context translation by matchpathcon_init().
- Update to match NSA
* Changed setfiles for the context canonicalization support.
* Changed setsebool to call semanage_is_managed() interface
and fall back to security_set_boolean_list() if policy is
not managed.
* Merged setsebool memory leak fix from Ivan Gyurdiev.
* Merged setsebool patch to call semanage_set_reload_bools()
interface from Ivan Gyurdiev.
- Update to match NSA
* Merged setsebool patch from Ivan Gyurdiev.
This moves setsebool from libselinux/utils to policycoreutils,
and rewrites it to use libsemanage for permanent boolean changes.
- Update to match NSA
* Merged setsebool patch from Ivan Gyurdiev.
This moves setsebool from libselinux/utils to policycoreutils,
and rewrites it to use libsemanage for permanent boolean changes.
- Update to match NSA
* Merged semodule support for reload, noreload, and store options
from Joshua Brindle.
* Merged semodule_package rewrite from Joshua Brindle.
- Update to match NSA
* Merged semodule support for reload, noreload, and store options
from Joshua Brindle.
* Merged semodule_package rewrite from Joshua Brindle.
- Update to match NSA
* Cleaned up usage and error messages and releasing of memory by
semodule_* utilities.
* Corrected error reporting by semodule.
* Updated semodule_expand for change to sepol interface.
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
- Update to match NSA
* Cleaned up usage and error messages and releasing of memory by
semodule_* utilities.
* Corrected error reporting by semodule.
* Updated semodule_expand for change to sepol interface.
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
- Update to match NSA
* Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
* Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
* Merged fixfiles patch from Dan Walsh (Red Hat).
* Updated semodule for removal of semanage_strerror.
- Update to match NSA
* Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
* Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
* Merged fixfiles patch from Dan Walsh (Red Hat).
* Updated semodule for removal of semanage_strerror.
- Update to match NSA
* Updated semodule_link and semodule_expand to use shared libsepol.
Fixed audit2why to call policydb_init prior to policydb_read (still
uses the static libsepol).
- Update to match NSA
* Updated for changes to libsepol.
Changed semodule and semodule_package to use the shared libsepol.
Disabled build of semodule_link and semodule_expand for now.
Updated audit2why for relocated policydb internal headers,
still needs to be converted to a shared lib interface.
- Update to match NSA
* Merged patch to update semodule to the new libsemanage API
and improve the user interface from Karl MacMillan (Tresys).
* Modified semodule for the create/connect API split.
- Update to match NSA
* Merged patch to update semodule to the new libsemanage API
and improve the user interface from Karl MacMillan (Tresys).
* Modified semodule for the create/connect API split.