selinux-policy/www/html/Changelog.txt

* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
- Many fixes to make loadable modules build.
- Add targets for sechecker.
- Updated to sedoctool to read bool files and tunable
  files separately.
- Changed the xml tag of <boolean> to <bool> to be consistent
  with gen_bool().
- Modified the implementation of segenxml to use regular
  expressions.
- Rename context_template() to gen_context() to clarify
  that its not a Reference Policy template, but a support
  macro.
- Add disable_*_trans bool support for targeted policy.
- Add MLS module to handle MLS constraint exceptions,
  such as reading up and writing down.
- Fix errors uncovered by sediff.
- Added policies:
	anaconda
	apache
	apm
	arpwatch
	bluetooth
	dmidecode
	finger
	ftp
	kudzu
	mailman
	ppp
	radvd
	radius
	sasl
	webalizer

* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
- Make logrotate, sendmail, sshd, and rpm policies
  unconfined in the targeted policy so no special
  modules.conf is required.
- Add experimental MCS support.
- Add appconfig for MLS.
- Add equivalents for old can_resolve(), can_ldap(), and
  can_portmap() to sysnetwork.
- Fix base module compile issues.
- Added policies:
	cpucontrol
	cvs
	ktalk
	portmap
	postgresql
	rlogin
	samba
	snmp
	stunnel
	telnet
	tftp
	uucp
	vpn
	zebra

* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
- Fix errors uncovered by sediff.
- Doc tool will explicitly say a module does not have interfaces
  or templates on the module page.
- Added policies:
	comsat
	dbus
	dhcp
	dictd
	hal
	inn
	ntp
	squid

* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
- Add Makefile support for building loadable modules.
- Add genclassperms.py tool to add require blocks
  for loadable modules.
- Change sedoctool to make required modules part of base
  by default, otherwise make as modules, in modules.conf.
- Fix segenxml to handle modules with no interfaces.
- Rename ipsec connect interface for consistency.
- Add missing parts of unix stream socket connect interface
  of ipsec.
- Rename inetd connect interface for consistency.
- Rename interface for purging contents of tmp, for clarity,
  since it allows deletion of classes other than file.
- Misc. cleanups.
- Added policies:
	acct
	bind
	firstboot
	gpm
	howl
	ldap
	loadkeys
	mysql
	privoxy
	quota
	rshd
	rsync
	su
	sudo
	tcpd
	tmpreaper
	updfstab

* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
- Fix comparison bug in fc_sort.
- Fix handling of ordered and unordered HTML lists.
- Corenetwork now supports multiple network interfaces having the
  same type.
- Doc tool now creates pages for global Booleans and global tunables.
- Doc tool now links directly to the interface/template in the
  module page when it is selected in the interface/template index.
- Added support for layer summaries.
- Added policies:
	ipsec
	nscd
	pcmcia
	raid

* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
- Changed xml to have modules encapsulated by layer tags, rather
  than putting layer="foo" in the module tags.  Also in the future
  we can put a summary and description for each layer.
- Added tool to infer interface, module, and layer tags.  This will
  now list all interfaces, even if they are missing xml docs.
- Shortened xml tag names.
- Added macros to declare interfaces and templates.
- Added interface call trace.
- Updated all xml documentation for shorter and inferred tags.
- Doc tool now displays templates in the web pages.
- Doc tool retains the user's settings in modules.conf and
  tunables.conf if the files already exist.
- Modules.conf behavior has been changed to be a list of all
  available modules, and the user can specify if the module is
  built as a loadable module, included in the monolithic policy,
  or excluded.
- Added policies:
	fstools (fsck, mkfs, swapon, etc. tools)
	logrotate
	inetd
	kerberos
	nis (ypbind and ypserv)
	ssh (server, client, and agent)
	unconfined
- Added infrastructure for targeted policy support, only missing
	transition boolean support.

* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
	- Initial release
update for 20051019 release 2005-10-19 21:12:22 +00:00			`* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019`
			`- Many fixes to make loadable modules build.`
			`- Add targets for sechecker.`
			`- Updated to sedoctool to read bool files and tunable`
			`files separately.`
			`- Changed the xml tag of <boolean> to <bool> to be consistent`
			`with gen_bool().`
			`- Modified the implementation of segenxml to use regular`
			`expressions.`
			`- Rename context_template() to gen_context() to clarify`
			`that its not a Reference Policy template, but a support`
			`macro.`
			`- Add disable_*_trans bool support for targeted policy.`
			`- Add MLS module to handle MLS constraint exceptions,`
			`such as reading up and writing down.`
			`- Fix errors uncovered by sediff.`
			`- Added policies:`
			`anaconda`
			`apache`
			`apm`
			`arpwatch`
			`bluetooth`
			`dmidecode`
			`finger`
			`ftp`
			`kudzu`
			`mailman`
			`ppp`
			`radvd`
			`radius`
			`sasl`
			`webalizer`

			`* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922`
			`- Make logrotate, sendmail, sshd, and rpm policies`
			`unconfined in the targeted policy so no special`
			`modules.conf is required.`
			`- Add experimental MCS support.`
			`- Add appconfig for MLS.`
			`- Add equivalents for old can_resolve(), can_ldap(), and`
			`can_portmap() to sysnetwork.`
			`- Fix base module compile issues.`
			`- Added policies:`
			`cpucontrol`
			`cvs`
			`ktalk`
			`portmap`
			`postgresql`
			`rlogin`
			`samba`
			`snmp`
			`stunnel`
			`telnet`
			`tftp`
			`uucp`
			`vpn`
			`zebra`

			`* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907`
			`- Fix errors uncovered by sediff.`
			`- Doc tool will explicitly say a module does not have interfaces`
			`or templates on the module page.`
			`- Added policies:`
			`comsat`
			`dbus`
			`dhcp`
			`dictd`
			`hal`
			`inn`
			`ntp`
			`squid`

			`* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826`
			`- Add Makefile support for building loadable modules.`
			`- Add genclassperms.py tool to add require blocks`
			`for loadable modules.`
			`- Change sedoctool to make required modules part of base`
			`by default, otherwise make as modules, in modules.conf.`
			`- Fix segenxml to handle modules with no interfaces.`
			`- Rename ipsec connect interface for consistency.`
			`- Add missing parts of unix stream socket connect interface`
			`of ipsec.`
			`- Rename inetd connect interface for consistency.`
			`- Rename interface for purging contents of tmp, for clarity,`
			`since it allows deletion of classes other than file.`
			`- Misc. cleanups.`
			`- Added policies:`
			`acct`
			`bind`
			`firstboot`
			`gpm`
			`howl`
			`ldap`
			`loadkeys`
			`mysql`
			`privoxy`
			`quota`
			`rshd`
			`rsync`
			`su`
			`sudo`
			`tcpd`
			`tmpreaper`
			`updfstab`

			`* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802`
			`- Fix comparison bug in fc_sort.`
			`- Fix handling of ordered and unordered HTML lists.`
			`- Corenetwork now supports multiple network interfaces having the`
			`same type.`
			`- Doc tool now creates pages for global Booleans and global tunables.`
			`- Doc tool now links directly to the interface/template in the`
			`module page when it is selected in the interface/template index.`
			`- Added support for layer summaries.`
			`- Added policies:`
			`ipsec`
			`nscd`
			`pcmcia`
			`raid`

			`* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707`
			`- Changed xml to have modules encapsulated by layer tags, rather`
			`than putting layer="foo" in the module tags. Also in the future`
			`we can put a summary and description for each layer.`
			`- Added tool to infer interface, module, and layer tags. This will`
			`now list all interfaces, even if they are missing xml docs.`
			`- Shortened xml tag names.`
			`- Added macros to declare interfaces and templates.`
			`- Added interface call trace.`
			`- Updated all xml documentation for shorter and inferred tags.`
			`- Doc tool now displays templates in the web pages.`
			`- Doc tool retains the user's settings in modules.conf and`
			`tunables.conf if the files already exist.`
			`- Modules.conf behavior has been changed to be a list of all`
			`available modules, and the user can specify if the module is`
			`built as a loadable module, included in the monolithic policy,`
			`or excluded.`
			`- Added policies:`
			`fstools (fsck, mkfs, swapon, etc. tools)`
			`logrotate`
			`inetd`
			`kerberos`
			`nis (ypbind and ypserv)`
			`ssh (server, client, and agent)`
			`unconfined`
			`- Added infrastructure for targeted policy support, only missing`
			`transition boolean support.`

			`* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615`
			`- Initial release`