selinux-policy/libselinux/ChangeLog

313 lines
12 KiB
Plaintext
Raw Normal View History

2005-10-07 13:42:05 +00:00
1.27.7 2005-10-06
* Changed getseuserbyname to fall back to the Linux username and
NULL level if seusers config file doesn't exist unless
REQUIRESEUSERS=1 is set in /etc/selinux/config.
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
1.27.6 2005-10-06
* Added selinux_init_load_policy() function as an even higher level
interface for the initial policy load by /sbin/init. This obsoletes
the load_policy() function in the sysvinit-selinux.patch.
1.27.5 2005-10-06
* Added selinux_mkload_policy() function as a higher level interface
for loading policy than the security_load_policy() interface.
1.27.4 2005-10-05
* Merged fix for matchpathcon (regcomp error checking) from Johan
Fischer. Also added use of regerror to obtain the error string
for inclusion in the error message.
1.27.3 2005-10-03
* Changed getseuserbyname to not require (and ignore if present)
the MLS level in seusers.conf if MLS is disabled, setting *level
to NULL in this case.
1.27.2 2005-09-30
* Merged getseuserbyname patch from Dan Walsh.
1.27.1 2005-09-19
* Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
This allows file_contexts with MLS fields to be processed on
non-MLS-enabled systems with policies that are otherwise
identical (e.g. same type definitions).
* Merged get_ordered_context_list_with_level() function from
Dan Walsh, and added get_default_context_with_level().
This allows MLS level selection for users other than the
default level.
1.26 2005-09-06
* Updated version for release.
1.25.7 2005-09-01
* Merged modified form of patch to avoid dlopen/dlclose by
the static libselinux from Dan Walsh. Users of the static libselinux
will not have any context translation by default.
1.25.6 2005-08-31
* Added public functions to export context translation to
users of libselinux (selinux_trans_to_raw_context,
selinux_raw_to_trans_context).
1.25.5 2005-08-26
* Remove special definition for context_range_set; use
common code.
1.25.4 2005-08-25
* Hid translation-related symbols entirely and ensured that
raw functions have hidden definitions for internal use.
* Allowed setting NULL via context_set* functions.
* Allowed whitespace in MLS component of context.
* Changed rpm_execcon to use translated functions to workaround
lack of MLS level on upgraded systems.
1.25.3 2005-08-23
* Merged context translation patch, originally by TCS,
with modifications by Dan Walsh (Red Hat).
1.25.2 2005-08-11
* Merged several fixes for error handling paths in the
AVC sidtab, matchpathcon, booleans, context, and get_context_list
code from Serge Hallyn (IBM). Bugs found by Coverity.
1.25.1 2005-08-10
* Removed setupns; migrated to pam.
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
Original symbol is temporarily retained for compatibility until
all callers are updated.
1.24 2005-06-20
* Updated version for release.
1.23.12 2005-06-13
* Merged security_setupns() from Chad Sellers.
1.23.11 2005-05-19
* Merged avcstat and selinux man page from Dan Walsh.
* Changed security_load_booleans to process booleans.local
even if booleans file doesn't exist.
1.23.10 2005-04-29
* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
1.23.9 2005-04-26
* Rewrote get_ordered_context_list and helpers, including
changing logic to allow variable MLS fields.
1.23.8 2005-04-25
* Merged matchpathcon and man page patch from Dan Walsh.
1.23.7 2005-04-12
* Changed boolean functions to return -1 with errno ENOENT
rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
mounted).
1.23.6 2005-04-08
* Fixed bug in matchpathcon_filespec_destroy.
1.23.5 2005-04-05
* Fixed bug in rpm_execcon error handling path.
1.23.4 2005-04-04
* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
* Merged fix for getconlist utility from Andreas Steinmetz.
1.23.3 2005-03-29
* Merged security_set_boolean_list patch from Dan Walsh.
This introduces booleans.local support for setsebool.
1.23.2 2005-03-17
* Merged destructors patch from Tomas Mraz.
1.23.1 2005-03-16
* Added set_matchpathcon_flags() function for setting flags
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
means only process the base file_contexts file, not
file_contexts.homedirs or file_contexts.local, and is for use by
setfiles -c.
* Updated matchpathcon.3 man page.
1.22 2005-03-09
* Updated version for release.
1.21.13 2005-03-08
* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
1.21.12 2005-03-01
* Changed matchpathcon_common to ignore any non-format bits in the mode.
1.21.11 2005-02-22
* Merged several fixes from Ulrich Drepper.
1.21.10 2005-02-17
* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
* Added selinux_users_path() for path to directory containing
system.users and local.users.
1.21.9 2005-02-09
* Changed relabel Makefile target to use restorecon.
1.21.8 2005-02-07
* Regenerated av_permissions.h.
1.21.7 2005-02-01
* Modified avc_dump_av to explicitly check for any permissions that
cannot be mapped to string names and display them as a hex value.
1.21.6 2005-01-31
* Regenerated av_permissions.h.
1.21.5 2005-01-28
* Generalized matchpathcon internals, exported more interfaces,
and moved additional code from setfiles into libselinux so that
setfiles can directly use matchpathcon.
1.21.4 2005-01-27
* Prevent overflow of spec array in matchpathcon.
1.21.3 2005-01-26
* Fixed several uses of internal functions to avoid relocations.
* Changed rpm_execcon to check is_selinux_enabled() and fallback to
a regular execve if not enabled (or unable to determine due to a lack
of /proc, e.g. chroot'd environment).
1.21.2 2005-01-24
* Merged minor fix for avcstat from Dan Walsh.
1.21.1 2005-01-19
* Merged patch from Dan Walsh, including:
- new is_context_customizable function
- changed matchpathcon to also use file_contexts.local if present
- man page cleanups
1.20 2005-01-04
* Changed matchpathcon to return -1 with errno ENOENT for
<<none>> entries, and also for an empty file_contexts configuration.
* Removed some trivial utils that were not useful or redundant.
* Changed BINDIR default to /usr/sbin to match change in Fedora.
* Added security_compute_member.
* Added man page for setcon.
* Merged more man pages from Dan Walsh.
* Merged avcstat from James Morris.
* Merged build fix for mips from Manoj Srivastava.
* Merged C++ support from John Ramsdell of MITRE.
* Merged setcon() function from Darrel Goeddel of TCS.
* Merged setsebool/togglesebool enhancement from Steve Grubb.
* Merged cleanup patches from Steve Grubb.
1.18 2004-11-01
* Merged cleanup patches from Steve Grubb.
* Added rpm_execcon.
* Merged setenforce and removable context patch from Dan Walsh.
* Merged build fix for alpha from Ulrich Drepper.
* Removed copyright/license from selinux_netlink.h - definitions only.
* Merged matchmediacon from Dan Walsh.
* Regenerated headers for new nscd permissions.
* Added get_default_context_with_role.
* Added set_matchpathcon_printf.
* Reworked av_inherit.h to allow easier re-use by kernel.
* Changed avc_has_perm_noaudit to not fail on netlink errors.
* Changed avc netlink code to check pid based on patch by Steve Grubb.
* Merged second optimization patch from Ulrich Drepper.
* Changed matchpathcon to skip invalid file_contexts entries.
* Made string tables private to libselinux.
* Merged strcat->stpcpy patch from Ulrich Drepper.
* Merged matchpathcon man page from Dan Walsh.
* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
* Autobind netlink socket.
* Dropped compatibility code from security_compute_user.
* Merged fix for context_range_set from Chad Hanson.
* Merged allocation failure checking patch from Chad Hanson.
* Merged avc netlink error message patch from Colin Walters.
1.16 2004-08-19
* Regenerated headers for nscd class.
* Merged man pages from Dan Walsh.
* Merged context_new bug fix for MLS ranges from Chad Hanson.
* Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
* Renamed change_bool and show_bools to setsebool and getsebool.
* Merged security_load_booleans() function from Dan Walsh.
* Added selinux_booleans_path() function.
* Changed avc_init function prototype to use const.
* Regenerated headers for crontab permission.
* Added checkAccess from Dan Walsh.
* Merged getenforce patch from Dan Walsh.
* Regenerated headers for dbus classes.
1.14 2004-06-16
* Regenerated headers for fine-grained netlink classes.
* Merged selinux_config bug fix from Dan Walsh.
* Added userspace AVC man pages.
* Added man links for API calls to existing man pages documenting them.
* Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
* Merged patch to determine config file paths at runtime to support
reorganized layout.
* Regenerated flask headers with stable ordering.
* Merged patch for man pages from Russell Coker.
1.12 2004-05-10
* Updated flask files to include new SE-X security classes.
* Added security_disable function for runtime disable of SELinux prior
to initial policy load (for /sbin/init).
* Changed get_ordered_context_list to omit any reachable contexts
that are not explicitly listed in default_contexts, unless there
are no matches.
* Merged man pages from Russell Coker and Dan Walsh.
* Merged memory leak fixes from Dan Walsh.
* Merged policyvers errno patch from Chris PeBenito.
1.10 2004-04-05
* Merged getenforce patch from Dan Walsh.
* Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
Based on a patch by Russell Coker.
* Merged matchpathcon buffer size fix from Dan Walsh.
1.8 2004-03-09
* Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
* Added matchpathcon function.
* Updated userspace AVC to handle netlink selinux notifications.
1.6 2004-02-18
* Merged conditional policy extensions from Tresys Technology.
* Added userspace avc and SID table implementation.
* Fixed type on size in getpeercon per Thorsten Kukuk's advice.
* Fixed use of getpwnam_r per Thorsten Kukuk's advice.
* Changed to use getpwnam_r rather than getpwnam internally to
avoid clobbering any existing pwd struct obtained by the caller.
* Added getpeercon function to encapsulate getsockopt SO_PEERSEC
and handle allocation ala getfilecon.
* Changed is_selinux_enabled to return -1 on errors.
* Changed to discover selinuxfs mount point via /proc/mounts
so that the mount point can be changed without rebuilding.
1.4 2003-12-01
* Merged another cleanup patch from Bastian Blank and Joerg Hoh.
* Regenerate headers for new permissions.
* Merged static lib build patch from Bastian Blank and Joerg Hoh.
* Export SELINUXMNT definition, add SELINUXPOLICY definition.
* Add functions to provide access to enforce and policyvers.
* Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
* Fixed type for 'size' in *getfilecon.
* Dropped -lattr and changed #include's to <sys/xattr.h>
* Merged patch to move shared library to /lib from Dan Walsh.
* Changed get_ordered_context_list to support a failsafe context.
* Added selinuxenabled utility.
* Merged const patch from Thorsten Kukuk.
1.2 2003-09-30
* Change is_selinux_enabled to fail if policy isn't loaded.
* Changed Makefiles to allow non-root rpm builds.
* Added -lattr for libselinux.so to ensure proper binding.
1.1 2003-08-13
* Ensure that context strings are padded with a null byte
in case the kernel didn't include one.
* Regenerate headers, update helpers.c for code cleanup.
* Pass soname flag to linker (Colin Walters).
* Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
1.0 2003-07-11
* Initial public release.