2006-02-15 21:58:41 +00:00
|
|
|
- Add users_extra and seusers support.
|
2006-02-14 20:55:45 +00:00
|
|
|
- Postfix fixes from Serge Hallyn.
|
2006-02-13 20:06:05 +00:00
|
|
|
- Run python and shell directly to interpret scripts so policy
|
|
|
|
|
sources need not be executable.
|
|
|
|
|
- Add desc tag XML to booleans and tunables, and add summary
|
|
|
|
|
to param XML tag, to make future translations possible.
|
2006-02-03 16:21:06 +00:00
|
|
|
- Remove unused lvm_vg_t.
|
2006-02-01 14:20:36 +00:00
|
|
|
- Many interface renames to improve naming consistency.
|
2006-01-30 22:51:35 +00:00
|
|
|
- Merge xdm into xserver.
|
2006-01-30 18:22:24 +00:00
|
|
|
- Remove kernel module reversed interfaces.
|
2006-01-27 15:47:52 +00:00
|
|
|
- Add filename attribute to module XML tag and lineno attribute to
|
|
|
|
|
interface XML tag.
|
2006-01-26 20:35:55 +00:00
|
|
|
- Changed QUIET build option to a yes or no option.
|
|
|
|
|
- Add a Makefile used for compiling loadable modules in a
|
|
|
|
|
user's development environment, building against policy headers.
|
|
|
|
|
- Add Make target for installing policy headers.
|
2006-01-26 18:04:57 +00:00
|
|
|
- Separate per-userdomain template expansion from the userdomain
|
|
|
|
|
module and add infrastructure to expand templates in the modules
|
|
|
|
|
that own the template.
|
|
|
|
|
- Enable secadm only for MLS policies.
|
2006-01-25 19:40:21 +00:00
|
|
|
- Remove role change rules in su and sudo since this functionality has been
|
|
|
|
|
removed from these programs.
|
2006-01-25 18:30:27 +00:00
|
|
|
- Add ctags Make target from Thomas Bleher.
|
2006-01-23 20:53:40 +00:00
|
|
|
- Collapse commands with grep piped to sed into one sed command.
|
2006-01-20 22:05:40 +00:00
|
|
|
- Fix type_change bug in term_user_pty().
|
2006-01-20 19:36:54 +00:00
|
|
|
- Move ice_tmp_t from miscfiles to xserver.
|
2006-01-19 22:47:40 +00:00
|
|
|
- Login fixes from Serge Hallyn.
|
2006-01-19 22:01:48 +00:00
|
|
|
- Move xserver_log_t from xdm to xserver.
|
2006-01-18 22:26:26 +00:00
|
|
|
- Add lpr per-userdomain policy to lpd.
|
2006-01-18 18:45:23 +00:00
|
|
|
- Miscellaneous fixes from Dan Walsh.
|
2006-01-18 18:08:39 +00:00
|
|
|
- Change initrc_var_run_t interface noun from script_pid to utmp,
|
|
|
|
|
for greater clarity.
|
2006-01-17 23:01:14 +00:00
|
|
|
- Added modules:
|
2006-01-18 19:09:48 +00:00
|
|
|
certwatch
|
2006-01-19 23:00:23 +00:00
|
|
|
mono (Dan Walsh)
|
2006-01-31 21:43:09 +00:00
|
|
|
mrtg
|
2006-01-18 14:48:24 +00:00
|
|
|
portage
|
2006-02-01 15:11:43 +00:00
|
|
|
tvtime
|
2006-01-18 16:40:04 +00:00
|
|
|
userhelper
|
2006-01-17 23:01:14 +00:00
|
|
|
usernetctl
|
2006-01-19 23:00:23 +00:00
|
|
|
wine (Dan Walsh)
|
2006-01-19 22:01:48 +00:00
|
|
|
xserver
|
2006-01-17 23:01:14 +00:00
|
|
|
|
2006-01-17 20:16:16 +00:00
|
|
|
* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
|
2006-01-16 18:48:57 +00:00
|
|
|
- Adds support for generating corenetwork interfaces based on attributes
|
|
|
|
|
in addition to types.
|
|
|
|
|
- Permits the listing of multiple nodes in a network_node() that will be
|
|
|
|
|
given the same type.
|
|
|
|
|
- Add two new permission sets for stream sockets.
|
2006-01-13 21:06:49 +00:00
|
|
|
- Rename file type transition interfaces verb from create to
|
|
|
|
|
filetrans to differentiate it from create interfaces without
|
|
|
|
|
type transitions.
|
|
|
|
|
- Fix expansion of interfaces from disabled modules.
|
2006-01-12 16:03:18 +00:00
|
|
|
- Rsync can be long running from init,
|
|
|
|
|
added rules to allow this.
|
2006-01-10 21:03:16 +00:00
|
|
|
- Add polyinstantiation build option.
|
2006-01-06 22:53:34 +00:00
|
|
|
- Add setcontext to the association object class.
|
2005-12-12 21:47:43 +00:00
|
|
|
- Add apache relay and db connect tunables.
|
2005-12-12 16:51:28 +00:00
|
|
|
- Rename texrel_shlib_t to textrel_shlib_t.
|
2005-12-09 21:07:30 +00:00
|
|
|
- Add swat to samba module.
|
2006-01-11 23:20:28 +00:00
|
|
|
- Numerous miscellaneous fixes from Dan Walsh.
|
2005-12-08 15:01:57 +00:00
|
|
|
- Added modules:
|
2006-01-12 16:00:55 +00:00
|
|
|
alsa
|
2005-12-09 20:08:10 +00:00
|
|
|
automount
|
2006-01-12 23:23:22 +00:00
|
|
|
cdrecord
|
2006-01-16 18:30:14 +00:00
|
|
|
daemontools (Petre Rodan)
|
2006-01-04 16:29:11 +00:00
|
|
|
ddcprobe
|
2006-01-16 18:30:14 +00:00
|
|
|
djbdns (Petre Rodan)
|
2005-12-08 15:58:12 +00:00
|
|
|
fetchmail
|
2006-01-06 19:46:44 +00:00
|
|
|
irc
|
2006-01-12 22:26:46 +00:00
|
|
|
java
|
2006-01-11 20:18:56 +00:00
|
|
|
lockdev
|
2006-01-10 14:39:21 +00:00
|
|
|
logwatch (Dan Walsh)
|
2006-01-04 18:32:22 +00:00
|
|
|
openct
|
2006-01-11 23:20:28 +00:00
|
|
|
prelink (Dan Walsh)
|
2006-01-16 18:30:14 +00:00
|
|
|
publicfile (Petre Rodan)
|
2006-01-04 19:31:53 +00:00
|
|
|
readahead
|
2006-01-11 20:03:21 +00:00
|
|
|
roundup
|
2006-01-11 18:10:49 +00:00
|
|
|
screen
|
2006-01-16 14:58:58 +00:00
|
|
|
slocate (Dan Walsh)
|
2006-01-04 20:44:30 +00:00
|
|
|
slrnpull
|
2006-01-04 15:26:42 +00:00
|
|
|
smartmon
|
2005-12-08 15:01:57 +00:00
|
|
|
sysstat
|
2006-01-16 18:30:14 +00:00
|
|
|
ucspitcp (Petre Rodan)
|
2006-01-11 18:28:57 +00:00
|
|
|
usbmodules
|
2006-01-03 21:39:31 +00:00
|
|
|
vbetool (Dan Walsh)
|
2005-12-08 15:01:57 +00:00
|
|
|
|
2005-12-07 15:44:05 +00:00
|
|
|
* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
|
2005-12-07 16:38:24 +00:00
|
|
|
- Add unlabeled IPSEC association rule to domains with
|
|
|
|
|
networking permissions.
|
2005-12-05 20:31:54 +00:00
|
|
|
- Merge systemuser back in to users, as these files
|
|
|
|
|
do not need to be split.
|
2005-12-05 16:43:28 +00:00
|
|
|
- Add check for duplicate interface/template definitions.
|
2005-12-01 20:25:27 +00:00
|
|
|
- Move domain, files, and corecommands modules to kernel
|
|
|
|
|
layer to resolve some layering inconsistencies.
|
2005-12-01 19:04:57 +00:00
|
|
|
- Move policy build options out of Makefile into build.conf.
|
2005-11-28 16:44:51 +00:00
|
|
|
- Add yppasswd to nis module.
|
2005-11-23 20:24:27 +00:00
|
|
|
- Change optional_policy() to refer to the module name
|
|
|
|
|
rather than modulename.te.
|
2005-11-22 22:07:12 +00:00
|
|
|
- Fix labeling targets to use installed file_contexts rather
|
|
|
|
|
than partial file_contexts in the policy source directory.
|
|
|
|
|
- Fix build process to use make's internal vpath functions
|
|
|
|
|
to detect modules rather than using subshells and find.
|
|
|
|
|
- Add install target for modular policy.
|
|
|
|
|
- Add load target for modular policy.
|
|
|
|
|
- Add appconfig dependency to the load target.
|
2005-11-22 17:56:53 +00:00
|
|
|
- Miscellaneous fixes from Dan Walsh.
|
2005-10-21 13:11:17 +00:00
|
|
|
- Fix corenetwork gen_context()'s to expand during the policy
|
|
|
|
|
build phase instead of during the generation phase.
|
|
|
|
|
- Added policies:
|
2005-10-22 19:58:58 +00:00
|
|
|
amanda
|
2005-11-09 17:12:34 +00:00
|
|
|
avahi
|
2005-10-21 16:39:28 +00:00
|
|
|
canna
|
2005-10-21 16:18:11 +00:00
|
|
|
cyrus
|
2005-10-22 21:18:03 +00:00
|
|
|
dbskk
|
2005-10-21 15:38:22 +00:00
|
|
|
dovecot
|
2005-10-21 13:11:17 +00:00
|
|
|
distcc
|
2005-12-01 18:50:00 +00:00
|
|
|
i18n_input
|
2005-11-28 19:06:22 +00:00
|
|
|
irqbalance
|
2005-10-22 21:09:03 +00:00
|
|
|
lpd
|
2005-10-22 17:44:04 +00:00
|
|
|
networkmanager
|
2005-10-22 21:55:39 +00:00
|
|
|
pegasus
|
2005-10-23 20:18:36 +00:00
|
|
|
postfix
|
2005-11-15 20:17:18 +00:00
|
|
|
procmail
|
2005-10-22 22:51:14 +00:00
|
|
|
radius
|
2005-11-28 17:46:29 +00:00
|
|
|
rdisc
|
2005-10-24 01:53:13 +00:00
|
|
|
rpc
|
2005-10-22 23:50:23 +00:00
|
|
|
spamassassin
|
2005-11-28 18:29:03 +00:00
|
|
|
timidity
|
2005-10-21 17:55:15 +00:00
|
|
|
xdm
|
2005-11-25 19:09:08 +00:00
|
|
|
xfs
|
2005-10-20 18:08:31 +00:00
|
|
|
|
2005-10-19 21:18:25 +00:00
|
|
|
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
|
2005-10-19 20:18:21 +00:00
|
|
|
- Many fixes to make loadable modules build.
|
2005-10-12 19:13:49 +00:00
|
|
|
- Add targets for sechecker.
|
2005-10-07 18:08:50 +00:00
|
|
|
- Updated to sedoctool to read bool files and tunable
|
|
|
|
|
files separately.
|
|
|
|
|
- Changed the xml tag of <boolean> to <bool> to be consistent
|
|
|
|
|
with gen_bool().
|
|
|
|
|
- Modified the implementation of segenxml to use regular
|
|
|
|
|
expressions.
|
2005-10-06 19:33:06 +00:00
|
|
|
- Rename context_template() to gen_context() to clarify
|
|
|
|
|
that its not a Reference Policy template, but a support
|
|
|
|
|
macro.
|
2005-09-27 20:17:50 +00:00
|
|
|
- Add disable_*_trans bool support for targeted policy.
|
2005-09-26 20:26:32 +00:00
|
|
|
- Add MLS module to handle MLS constraint exceptions,
|
|
|
|
|
such as reading up and writing down.
|
2005-09-22 21:59:50 +00:00
|
|
|
- Fix errors uncovered by sediff.
|
2005-09-23 19:38:34 +00:00
|
|
|
- Added policies:
|
2005-09-23 22:15:04 +00:00
|
|
|
anaconda
|
2005-10-17 17:55:38 +00:00
|
|
|
apache
|
2005-10-10 18:11:46 +00:00
|
|
|
apm
|
|
|
|
|
arpwatch
|
2005-10-07 21:45:04 +00:00
|
|
|
bluetooth
|
2005-09-27 21:24:01 +00:00
|
|
|
dmidecode
|
2005-10-07 21:45:04 +00:00
|
|
|
finger
|
2005-10-05 19:52:53 +00:00
|
|
|
ftp
|
2005-09-23 19:38:34 +00:00
|
|
|
kudzu
|
2005-10-11 15:36:53 +00:00
|
|
|
mailman
|
2005-10-14 20:00:07 +00:00
|
|
|
ppp
|
2005-09-23 21:20:03 +00:00
|
|
|
radvd
|
2005-10-10 18:50:08 +00:00
|
|
|
sasl
|
|
|
|
|
webalizer
|
2005-09-22 21:59:50 +00:00
|
|
|
|
2005-09-22 19:05:26 +00:00
|
|
|
* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
|
2005-09-21 14:49:41 +00:00
|
|
|
- Make logrotate, sendmail, sshd, and rpm policies
|
|
|
|
|
unconfined in the targeted policy so no special
|
|
|
|
|
modules.conf is required.
|
2005-09-16 13:36:26 +00:00
|
|
|
- Add experimental MCS support.
|
2005-09-20 14:20:02 +00:00
|
|
|
- Add appconfig for MLS.
|
2005-09-15 21:03:29 +00:00
|
|
|
- Add equivalents for old can_resolve(), can_ldap(), and
|
|
|
|
|
can_portmap() to sysnetwork.
|
2005-09-12 15:58:44 +00:00
|
|
|
- Fix base module compile issues.
|
2005-09-08 13:42:13 +00:00
|
|
|
- Added policies:
|
2005-09-20 18:15:35 +00:00
|
|
|
cpucontrol
|
2005-09-20 18:49:13 +00:00
|
|
|
cvs
|
2005-09-08 13:42:13 +00:00
|
|
|
ktalk
|
2005-09-08 17:12:38 +00:00
|
|
|
portmap
|
2005-09-19 21:17:45 +00:00
|
|
|
postgresql
|
2005-09-20 17:11:53 +00:00
|
|
|
rlogin
|
2005-09-14 18:33:53 +00:00
|
|
|
samba
|
2005-09-16 14:54:36 +00:00
|
|
|
snmp
|
2005-09-20 13:47:36 +00:00
|
|
|
stunnel
|
2005-09-20 17:11:53 +00:00
|
|
|
telnet
|
2005-09-16 15:18:09 +00:00
|
|
|
tftp
|
2005-09-22 16:27:52 +00:00
|
|
|
uucp
|
2005-09-19 21:17:45 +00:00
|
|
|
vpn
|
2005-09-09 13:24:11 +00:00
|
|
|
zebra
|
2005-09-08 13:42:13 +00:00
|
|
|
|
2005-09-07 16:15:51 +00:00
|
|
|
* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
|
2005-09-02 20:55:17 +00:00
|
|
|
- Fix errors uncovered by sediff.
|
2005-08-29 19:55:00 +00:00
|
|
|
- Doc tool will explicitly say a module does not have interfaces
|
|
|
|
|
or templates on the module page.
|
2005-08-31 15:25:12 +00:00
|
|
|
- Added policies:
|
|
|
|
|
comsat
|
2005-08-31 20:58:12 +00:00
|
|
|
dbus
|
2005-09-02 19:18:43 +00:00
|
|
|
dhcp
|
2005-09-02 20:50:54 +00:00
|
|
|
dictd
|
2005-09-02 20:29:52 +00:00
|
|
|
hal
|
2005-09-06 18:37:27 +00:00
|
|
|
inn
|
2005-09-05 16:47:19 +00:00
|
|
|
ntp
|
2005-09-02 19:11:07 +00:00
|
|
|
squid
|
2005-08-29 19:55:00 +00:00
|
|
|
|
2005-08-26 15:02:23 +00:00
|
|
|
* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
|
2005-08-24 20:18:06 +00:00
|
|
|
- Add Makefile support for building loadable modules.
|
|
|
|
|
- Add genclassperms.py tool to add require blocks
|
|
|
|
|
for loadable modules.
|
|
|
|
|
- Change sedoctool to make required modules part of base
|
|
|
|
|
by default, otherwise make as modules, in modules.conf.
|
|
|
|
|
- Fix segenxml to handle modules with no interfaces.
|
|
|
|
|
- Rename ipsec connect interface for consistency.
|
|
|
|
|
- Add missing parts of unix stream socket connect interface
|
|
|
|
|
of ipsec.
|
|
|
|
|
- Rename inetd connect interface for consistency.
|
|
|
|
|
- Rename interface for purging contents of tmp, for clarity,
|
|
|
|
|
since it allows deletion of classes other than file.
|
|
|
|
|
- Misc. cleanups.
|
|
|
|
|
- Added policies:
|
|
|
|
|
acct
|
|
|
|
|
bind
|
|
|
|
|
firstboot
|
|
|
|
|
gpm
|
|
|
|
|
howl
|
|
|
|
|
ldap
|
|
|
|
|
loadkeys
|
|
|
|
|
mysql
|
|
|
|
|
privoxy
|
|
|
|
|
quota
|
|
|
|
|
rshd
|
|
|
|
|
rsync
|
|
|
|
|
su
|
|
|
|
|
sudo
|
|
|
|
|
tcpd
|
|
|
|
|
tmpreaper
|
|
|
|
|
updfstab
|
2005-08-03 15:16:33 +00:00
|
|
|
|
2005-08-24 20:18:06 +00:00
|
|
|
* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
|
|
|
|
|
- Fix comparison bug in fc_sort.
|
|
|
|
|
- Fix handling of ordered and unordered HTML lists.
|
|
|
|
|
- Corenetwork now supports multiple network interfaces having the
|
|
|
|
|
same type.
|
|
|
|
|
- Doc tool now creates pages for global Booleans and global tunables.
|
|
|
|
|
- Doc tool now links directly to the interface/template in the
|
|
|
|
|
module page when it is selected in the interface/template index.
|
|
|
|
|
- Added support for layer summaries.
|
|
|
|
|
- Added policies:
|
|
|
|
|
ipsec
|
|
|
|
|
nscd
|
|
|
|
|
pcmcia
|
|
|
|
|
raid
|
2005-07-07 20:56:27 +00:00
|
|
|
|
2005-08-24 20:18:06 +00:00
|
|
|
* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
|
|
|
|
|
- Changed xml to have modules encapsulated by layer tags, rather
|
|
|
|
|
than putting layer="foo" in the module tags. Also in the future
|
|
|
|
|
we can put a summary and description for each layer.
|
|
|
|
|
- Added tool to infer interface, module, and layer tags. This will
|
|
|
|
|
now list all interfaces, even if they are missing xml docs.
|
|
|
|
|
- Shortened xml tag names.
|
|
|
|
|
- Added macros to declare interfaces and templates.
|
|
|
|
|
- Added interface call trace.
|
|
|
|
|
- Updated all xml documentation for shorter and inferred tags.
|
|
|
|
|
- Doc tool now displays templates in the web pages.
|
|
|
|
|
- Doc tool retains the user's settings in modules.conf and
|
|
|
|
|
tunables.conf if the files already exist.
|
|
|
|
|
- Modules.conf behavior has been changed to be a list of all
|
|
|
|
|
available modules, and the user can specify if the module is
|
|
|
|
|
built as a loadable module, included in the monolithic policy,
|
|
|
|
|
or excluded.
|
|
|
|
|
- Added policies:
|
|
|
|
|
fstools (fsck, mkfs, swapon, etc. tools)
|
|
|
|
|
logrotate
|
|
|
|
|
inetd
|
|
|
|
|
kerberos
|
|
|
|
|
nis (ypbind and ypserv)
|
|
|
|
|
ssh (server, client, and agent)
|
|
|
|
|
unconfined
|
|
|
|
|
- Added infrastructure for targeted policy support, only missing
|
|
|
|
|
transition boolean support.
|
2005-07-07 17:13:17 +00:00
|
|
|
|
2005-08-24 20:18:06 +00:00
|
|
|
* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
|
|
|
|
|
- Initial release
|
