2010-07-07 13:31:57 +00:00
|
|
|
- Remove ethereal module since the application was renamed to wireshark.
|
2010-07-07 12:41:20 +00:00
|
|
|
- Remove duplicate/redundant rules, from Russell Coker.
|
2010-06-28 13:04:24 +00:00
|
|
|
- Increased default number of categories to 1024, from Russell Coker.
|
2010-06-08 17:08:36 +00:00
|
|
|
- Added modules:
|
|
|
|
cgroup (Dominick Grift)
|
2010-07-07 14:28:25 +00:00
|
|
|
livecd (Dan Walsh)
|
2010-07-07 15:10:56 +00:00
|
|
|
shutdown (Dan Walsh)
|
2010-06-08 17:08:36 +00:00
|
|
|
|
2010-05-25 20:01:49 +00:00
|
|
|
* Mon May 24 2010 Chris PeBenito <selinux@tresys.com> - 2.20100524
|
2010-05-24 19:24:40 +00:00
|
|
|
- Merged a significant portion of Fedora policy.
|
|
|
|
- Move rules from mta mailserver delivery from interface to .te to use
|
|
|
|
attributes.
|
|
|
|
- Remove concept of users from terminal module interfaces since the
|
|
|
|
attributes are not specific to users.
|
|
|
|
- Add non-drawing X client support, for consolekit usage.
|
|
|
|
- Misc Gentoo fixes from Chris Richards.
|
|
|
|
- AFS and abrt fixes from Dominick Grift.
|
|
|
|
- Improved the XML docs of 55 most-used interfaces.
|
|
|
|
- Apcupsd and amavis fixes from Dominick Grift.
|
2010-04-13 15:06:02 +00:00
|
|
|
- Fix network_port() in corenetwork to correctly handle port ranges.
|
2010-04-12 14:14:10 +00:00
|
|
|
- SE-Postgresql updates from KaiGai Kohei.
|
2009-12-03 15:40:42 +00:00
|
|
|
- X object manager revisions from Eamon Walsh.
|
2010-02-08 15:34:08 +00:00
|
|
|
- Added modules:
|
2010-05-26 15:53:21 +00:00
|
|
|
aisexec (Dan Walsh)
|
2010-02-16 19:53:59 +00:00
|
|
|
chronyd (Miroslav Grepl)
|
2010-02-08 19:52:02 +00:00
|
|
|
cobbler (Dominick Grift)
|
2010-05-26 15:53:21 +00:00
|
|
|
corosync (Dan Walsh)
|
2010-02-08 15:34:08 +00:00
|
|
|
dbadm (KaiGai Kohei)
|
2010-04-20 13:46:20 +00:00
|
|
|
denyhosts (Dan Walsh)
|
2010-02-08 16:29:12 +00:00
|
|
|
nut (Stefan Schulze Frielinghaus, Miroslav Grepl)
|
2010-03-17 13:28:18 +00:00
|
|
|
likewise (Scott Salley)
|
2010-05-18 13:54:18 +00:00
|
|
|
plymouthd (Dan Walsh)
|
2010-02-08 15:58:16 +00:00
|
|
|
pyicqt (Stefan Schulze Frielinghaus)
|
2010-05-26 15:53:21 +00:00
|
|
|
rhcs (Dan Walsh)
|
|
|
|
rgmanager (Dan Walsh)
|
2010-02-19 14:39:06 +00:00
|
|
|
sectoolm (Miroslav Grepl)
|
2010-03-29 17:29:18 +00:00
|
|
|
usbmuxd (Dan Walsh)
|
2010-03-29 15:25:06 +00:00
|
|
|
vhostmd (Dan Walsh)
|
2009-12-03 15:40:42 +00:00
|
|
|
|
2009-11-17 15:17:43 +00:00
|
|
|
* Tue Nov 17 2009 Chris PeBenito <selinux@tresys.com> - 2.20091117
|
2009-10-22 13:22:14 +00:00
|
|
|
- Add separate x_pointer and x_keyboard classes inheriting from x_device.
|
|
|
|
From Eamon Walsh.
|
2009-11-17 15:17:43 +00:00
|
|
|
- Deprecated the userdom_xwindows_client_template().
|
2009-08-18 17:20:01 +00:00
|
|
|
- Misc Gentoo fixes from Corentin Labbe.
|
2009-08-18 13:48:28 +00:00
|
|
|
- Debian policykit fixes from Martin Orr.
|
2009-08-17 17:19:26 +00:00
|
|
|
- Fix unconfined_r use of unconfined_java_t.
|
2009-08-14 17:18:16 +00:00
|
|
|
- Add missing x_device rules for XI2 functions, from Eamon Walsh.
|
2009-08-12 18:15:39 +00:00
|
|
|
- Add missing rules to make unconfined_cronjob_t a valid cron job domain.
|
2009-08-11 13:01:58 +00:00
|
|
|
- Add btrfs and ext4 to labeling targets.
|
2009-08-10 17:59:29 +00:00
|
|
|
- Fix infrastructure to expand macros in initrc_context when installing.
|
2009-08-05 18:19:54 +00:00
|
|
|
- Handle unix_chkpwd usage by useradd and groupadd.
|
2009-08-05 15:01:37 +00:00
|
|
|
- Add missing compatibility aliases for xdm_xserver*_t types.
|
2009-09-01 12:32:37 +00:00
|
|
|
- Added modules:
|
2009-09-14 13:22:24 +00:00
|
|
|
abrt (Dan Walsh)
|
2009-09-17 13:12:33 +00:00
|
|
|
dkim (Stefan Schulze Frielinghaus)
|
2009-09-03 13:52:08 +00:00
|
|
|
gitosis (Miroslav Grepl)
|
2009-09-16 12:38:58 +00:00
|
|
|
gnomeclock (Dan Walsh)
|
2009-09-01 12:32:37 +00:00
|
|
|
hddtemp (Dan Walsh)
|
2009-09-02 12:33:25 +00:00
|
|
|
kdump (Dan Walsh)
|
2009-09-14 13:48:13 +00:00
|
|
|
modemmanager(Dan Walsh)
|
2009-09-08 14:31:19 +00:00
|
|
|
nslcd (Dan Walsh)
|
2009-11-11 16:28:50 +00:00
|
|
|
puppet (Craig Grube)
|
2009-09-15 13:53:24 +00:00
|
|
|
rtkit (Dan Walsh)
|
2009-09-28 19:40:06 +00:00
|
|
|
seunshare (Dan Walsh)
|
2009-09-02 12:58:52 +00:00
|
|
|
shorewall (Dan Walsh)
|
2009-11-03 14:25:37 +00:00
|
|
|
tgtd (Matthew Ife)
|
2009-10-26 13:42:11 +00:00
|
|
|
tuned (Miroslav Grepl)
|
2009-09-15 13:18:07 +00:00
|
|
|
xscreensaver (Corentin Labbe)
|
2009-08-05 15:01:37 +00:00
|
|
|
|
2009-07-30 18:35:47 +00:00
|
|
|
* Thu Jul 30 2009 Chris PeBenito <selinux@tresys.com> - 2.20090730
|
2009-07-30 14:41:17 +00:00
|
|
|
- Gentoo fixes for init scripts and system startup.
|
2009-07-23 12:58:35 +00:00
|
|
|
- Remove read_default_t tunable.
|
2009-06-18 14:36:35 +00:00
|
|
|
- Greylist milter from Paul Howarth.
|
2009-06-18 13:57:26 +00:00
|
|
|
- Crack db access for su to handle password expiration, from Brandon Whalen.
|
2009-06-18 13:36:40 +00:00
|
|
|
- Misc fixes for unix_update from Brandon Whalen.
|
2009-06-18 13:07:23 +00:00
|
|
|
- Add x_device permissions for XI2 functions, from Eamon Walsh.
|
2009-06-05 13:36:19 +00:00
|
|
|
- MLS constraints for the x_selection class, from Eamon Walsh.
|
2009-05-07 12:35:32 +00:00
|
|
|
- Postgresql updates from KaiGai Kohei.
|
2009-04-21 20:40:45 +00:00
|
|
|
- Milter state directory patch from Paul Howarth.
|
2009-03-02 15:16:49 +00:00
|
|
|
- Add MLS constrains for ingress/egress and secmark from Paul Moore.
|
2009-02-24 20:00:15 +00:00
|
|
|
- Drop write permission from fs_read_rpc_sockets().
|
2009-02-24 19:31:08 +00:00
|
|
|
- Remove unused udev_runtime_t type.
|
2009-02-23 13:41:28 +00:00
|
|
|
- Patch for RadSec port from Glen Turner.
|
2009-02-03 15:45:30 +00:00
|
|
|
- Enable network_peer_controls policy capability from Paul Moore.
|
2009-01-30 13:44:14 +00:00
|
|
|
- Btrfs xattr support from Paul Moore.
|
2009-01-23 19:49:36 +00:00
|
|
|
- Add db_procedure install permission from KaiGai Kohei.
|
2009-01-15 20:31:06 +00:00
|
|
|
- Add support for network interfaces with access controlled by a Boolean
|
|
|
|
from the CLIP project.
|
2009-01-13 19:44:23 +00:00
|
|
|
- Several fixes from the CLIP project.
|
2009-01-13 13:01:48 +00:00
|
|
|
- Add support for labeled Booleans.
|
2009-01-09 19:48:02 +00:00
|
|
|
- Remove node definitions and change node usage to generic nodes.
|
2009-01-05 21:44:33 +00:00
|
|
|
- Add kernel_service access vectors, from Stephen Smalley.
|
2009-03-19 17:56:10 +00:00
|
|
|
- Added modules:
|
2009-05-06 14:26:20 +00:00
|
|
|
certmaster (Dan Walsh)
|
2009-07-27 13:09:00 +00:00
|
|
|
cpufreqselector (Dan Walsh)
|
2009-07-29 14:02:06 +00:00
|
|
|
devicekit (Dan Walsh)
|
2009-07-29 14:28:31 +00:00
|
|
|
fprintd (Dan Walsh)
|
2009-04-07 14:09:43 +00:00
|
|
|
git (Dan Walsh)
|
2009-06-02 14:28:40 +00:00
|
|
|
gpsd (Miroslav Grepl)
|
2009-04-20 19:03:15 +00:00
|
|
|
guest (Dan Walsh)
|
|
|
|
ifplugd (Dan Walsh)
|
2009-05-06 15:09:46 +00:00
|
|
|
lircd (Miroslav Grepl)
|
2009-03-19 17:56:10 +00:00
|
|
|
logadm (Dan Walsh)
|
2009-06-30 15:03:20 +00:00
|
|
|
pads (Dan Walsh)
|
2009-04-20 19:03:15 +00:00
|
|
|
pingd (Dan Walsh)
|
2009-07-20 15:16:22 +00:00
|
|
|
policykit (Dan Walsh)
|
2009-07-21 14:05:38 +00:00
|
|
|
pulseaudio (Dan Walsh)
|
2009-04-20 19:03:15 +00:00
|
|
|
psad (Dan Walsh)
|
|
|
|
portreserve (Dan Walsh)
|
2009-06-22 15:33:21 +00:00
|
|
|
sssd (Dan Walsh)
|
2009-04-20 19:03:15 +00:00
|
|
|
ulogd (Dan Walsh)
|
2009-06-30 13:49:53 +00:00
|
|
|
varnishd (Dan Walsh)
|
2009-04-07 14:09:43 +00:00
|
|
|
webadm (Dan Walsh)
|
2009-07-27 19:11:22 +00:00
|
|
|
wm (Dan Walsh)
|
2009-03-31 13:40:59 +00:00
|
|
|
xguest (Dan Walsh)
|
2009-03-19 17:56:10 +00:00
|
|
|
zosremote (Dan Walsh)
|
2009-01-05 21:44:33 +00:00
|
|
|
|
2008-12-10 19:49:42 +00:00
|
|
|
* Wed Dec 10 2008 Chris PeBenito <selinux@tresys.com> - 2.20081210
|
2008-12-09 16:47:33 +00:00
|
|
|
- Fix consistency of audioentropy and iscsi module naming.
|
2008-11-24 15:34:54 +00:00
|
|
|
- Debian file context fix for xen from Russell Coker.
|
2008-11-17 13:49:19 +00:00
|
|
|
- Xserver MLS fix from Eamon Walsh.
|
2008-11-12 13:11:00 +00:00
|
|
|
- Add omapi port for dhcpcd.
|
2008-11-05 16:10:46 +00:00
|
|
|
- Deprecate per-role templates and rolemap support.
|
|
|
|
- Implement user-based access control for use as role separations.
|
2008-10-17 17:36:56 +00:00
|
|
|
- Move shared library calls from individual modules to the domain module.
|
2008-10-16 16:09:20 +00:00
|
|
|
- Enable open permission checks policy capability.
|
2008-10-15 19:56:33 +00:00
|
|
|
- Remove hierarchy from portage module as it is not a good example of
|
|
|
|
hieararchy.
|
2008-10-15 14:30:14 +00:00
|
|
|
- Remove enableaudit target from modular build as semodule -DB supplants it.
|
2008-11-24 15:06:58 +00:00
|
|
|
- Added modules:
|
|
|
|
milter (Paul Howarth)
|
2008-10-15 14:30:14 +00:00
|
|
|
|
2008-10-14 17:38:03 +00:00
|
|
|
* Tue Oct 14 2008 Chris PeBenito <selinux@tresys.com> - 20081014
|
2008-09-11 14:02:53 +00:00
|
|
|
- Debian update for NetworkManager/wpa_supplicant from Martin Orr.
|
2008-09-03 14:12:56 +00:00
|
|
|
- Logrotate and Bind updates from Vaclav Ovsik.
|
2008-08-29 19:00:02 +00:00
|
|
|
- Init script file and domain support.
|
2008-08-12 19:33:18 +00:00
|
|
|
- Glibc 2.7 fix from Vaclav Ovsik.
|
2008-08-05 12:54:11 +00:00
|
|
|
- Samba/winbind update from Mike Edenfield.
|
2008-07-31 14:05:46 +00:00
|
|
|
- Policy size optimization with a non-security file attribute from James
|
|
|
|
Carter.
|
2008-07-25 04:07:09 +00:00
|
|
|
- Database labeled networking update from KaiGai Kohei.
|
2008-07-24 23:56:03 +00:00
|
|
|
- Several misc changes from the Fedora policy, cherry picked by David
|
2008-08-07 14:17:50 +00:00
|
|
|
Hardeman.
|
2008-07-23 21:38:39 +00:00
|
|
|
- Large whitespace fix from Dominick Grift.
|
2008-07-18 13:25:31 +00:00
|
|
|
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
|
2008-07-15 15:33:51 +00:00
|
|
|
- Issuing commands to upstart is over a datagram socket, not the initctl
|
|
|
|
named pipe. Updated init_telinit() to match.
|
2008-08-21 13:52:52 +00:00
|
|
|
- Added modules:
|
2008-09-03 14:46:10 +00:00
|
|
|
cyphesis (Dan Walsh)
|
2008-10-08 20:03:24 +00:00
|
|
|
memcached (Dan Walsh)
|
2008-10-06 14:01:59 +00:00
|
|
|
oident (Dominick Grift)
|
2008-08-21 13:52:52 +00:00
|
|
|
w3c (Dan Walsh)
|
2008-07-15 15:33:51 +00:00
|
|
|
|
2008-07-02 15:39:31 +00:00
|
|
|
* Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
|
2008-07-01 13:57:53 +00:00
|
|
|
- Fix httpd_enable_homedirs to actually provide the access it is supposed to
|
|
|
|
provide.
|
2008-06-24 14:23:40 +00:00
|
|
|
- Add unused interface/template parameter metadata in XML.
|
2008-06-24 13:21:35 +00:00
|
|
|
- Patch to handle postfix data_directory from Vaclav Ovsik.
|
2008-06-10 15:33:18 +00:00
|
|
|
- SE-Postgresql policy from KaiGai Kohei.
|
2008-06-07 13:31:48 +00:00
|
|
|
- Patch for X.org dbus support from Martin Orr.
|
2008-05-26 18:38:06 +00:00
|
|
|
- Patch for labeled networking controls in 2.6.25 from Paul Moore.
|
2008-05-22 18:39:03 +00:00
|
|
|
- Module loading now requires setsched on kernel threads.
|
2008-05-12 20:05:32 +00:00
|
|
|
- Patch to allow gpg agent --write-env-file option from Vaclav Ovsik.
|
2008-05-06 14:37:05 +00:00
|
|
|
- X application data class from Eamon Walsh and Ted Toth.
|
2008-04-29 13:58:34 +00:00
|
|
|
- Move user roles into individual modules.
|
2008-04-18 16:04:15 +00:00
|
|
|
- Make hald_log_t a log file.
|
2008-04-18 15:32:03 +00:00
|
|
|
- Cryptsetup runs shell scripts. Patch from Martin Orr.
|
2008-04-18 14:21:01 +00:00
|
|
|
- Add file for enabling policy capabilities.
|
2008-04-18 12:57:01 +00:00
|
|
|
- Patch to fix leaky interface/template call depth calculator from Vaclav
|
|
|
|
Ovsik.
|
2008-05-26 15:35:25 +00:00
|
|
|
- Added modules:
|
2008-05-26 17:47:49 +00:00
|
|
|
kerneloops (Dan Walsh)
|
2008-05-26 15:35:25 +00:00
|
|
|
kismet (Dan Walsh)
|
2008-06-17 14:07:44 +00:00
|
|
|
podsleuth (Dan Walsh)
|
2008-06-06 03:13:42 +00:00
|
|
|
prelude (Dan Walsh)
|
2008-06-16 18:59:07 +00:00
|
|
|
qemu (Dan Walsh)
|
|
|
|
virt (Dan Walsh)
|
2008-04-18 12:57:01 +00:00
|
|
|
|
2008-04-02 18:44:07 +00:00
|
|
|
* Wed Apr 02 2008 Chris PeBenito <selinux@tresys.com> - 20080402
|
2008-04-01 20:23:23 +00:00
|
|
|
- Add core Security Enhanced X Windows support.
|
2008-03-21 14:18:13 +00:00
|
|
|
- Fix winbind socket connection interface for default location of the
|
|
|
|
sock_file.
|
2008-03-14 15:26:52 +00:00
|
|
|
- Add wireshark module based on ethereal module.
|
2008-03-10 19:29:47 +00:00
|
|
|
- Revise upstart support in init module to use a tunable, as upstart is now
|
|
|
|
used in Fedora too.
|
2008-03-06 20:17:46 +00:00
|
|
|
- Add iferror.m4 rather generate it out of the Makefiles.
|
2008-03-04 20:19:29 +00:00
|
|
|
- Definitions for open permisson on file and similar objects from Eric
|
|
|
|
Paris.
|
2008-03-04 19:48:58 +00:00
|
|
|
- Apt updates for ptys and logs, from Martin Orr.
|
2008-03-04 19:14:08 +00:00
|
|
|
- RPC update from Vaclav Ovsik.
|
2008-03-04 18:25:13 +00:00
|
|
|
- Exim updates on Debian from Devin Carrawy.
|
2008-02-19 19:33:48 +00:00
|
|
|
- Pam and samba updates from Stefan Schulze Frielinghaus.
|
2008-02-19 14:26:59 +00:00
|
|
|
- Backup update on Debian from Vaclav Ovsik.
|
|
|
|
- Cracklib update on Debian from Vaclav Ovsik.
|
2008-02-15 19:59:10 +00:00
|
|
|
- Label /proc/kallsyms with system_map_t.
|
2008-02-07 17:51:59 +00:00
|
|
|
- 64-bit capabilities from Stephen Smalley.
|
2008-01-03 16:20:01 +00:00
|
|
|
- Labeled networking peer object class updates.
|
|
|
|
|
2007-12-14 18:49:30 +00:00
|
|
|
* Fri Dec 14 2007 Chris PeBenito <selinux@tresys.com> - 20071214
|
2007-12-12 16:18:50 +00:00
|
|
|
- Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
|
2007-12-07 15:44:53 +00:00
|
|
|
- Improve several tunables descriptions from Dan Walsh.
|
2007-12-04 15:05:55 +00:00
|
|
|
- Patch to clean up ns switch usage in the policy from Dan Walsh.
|
2007-11-26 16:44:57 +00:00
|
|
|
- More complete labeled networking infrastructure from KaiGai Kohei.
|
2007-11-16 14:58:17 +00:00
|
|
|
- Add interface for libselinux constructor, for libselinux-linked
|
|
|
|
SELinux-enabled programs.
|
2007-11-13 19:31:43 +00:00
|
|
|
- Patch to restructure user role templates to create restricted user roles
|
|
|
|
from Dan Walsh.
|
2007-10-29 18:45:24 +00:00
|
|
|
- Russian man page translations from Andrey Markelov.
|
2007-10-26 18:04:38 +00:00
|
|
|
- Remove unused types from dbus.
|
2007-10-18 19:23:33 +00:00
|
|
|
- Add infrastructure for managing all user web content.
|
2007-10-09 17:29:48 +00:00
|
|
|
- Deprecate some old file and dir permission set macros in favor of the
|
|
|
|
newer, more consistently-named macros.
|
2007-10-05 18:00:55 +00:00
|
|
|
- Patch to clean up unescaped periods in several file context entries from
|
|
|
|
Jan-Frode Myklebust.
|
2007-10-02 16:04:50 +00:00
|
|
|
- Merge shlib_t into lib_t.
|
|
|
|
- Merge strict and targeted policies. The policy will now behave like the
|
|
|
|
strict policy if the unconfined module is not present. If it is, it will
|
|
|
|
behave like the targeted policy. Added an unconfined role to have a mix
|
|
|
|
of confined and unconfined users.
|
2007-10-24 15:07:40 +00:00
|
|
|
- Added modules:
|
|
|
|
exim (Dan Walsh)
|
2007-11-07 20:17:44 +00:00
|
|
|
postfixpolicyd (Jan-Frode Myklebust)
|
2007-10-02 16:04:50 +00:00
|
|
|
|
2007-09-28 15:14:55 +00:00
|
|
|
* Fri Sep 28 2007 Chris PeBenito <selinux@tresys.com> - 20070928
|
2007-09-27 13:41:09 +00:00
|
|
|
- Add support for setting the unknown permissions handling.
|
2007-09-21 15:06:58 +00:00
|
|
|
- Fix XML building for external reference builds and headers builds.
|
2007-09-17 18:04:35 +00:00
|
|
|
- Patch to add missing requirements in userdomain interfaces from Shintaro
|
|
|
|
Fujiwara.
|
2007-09-17 14:33:40 +00:00
|
|
|
- Add tcpd_wrapped_domain() for services that use tcp wrappers.
|
2007-08-24 14:14:29 +00:00
|
|
|
- Update MLS constraints from LSPP evaluated policy.
|
2007-08-22 20:21:52 +00:00
|
|
|
- Allow initrc_t file descriptors to be inherited regardless of MLS level.
|
|
|
|
Accordingly drop MLS permissions from daemons that inherit from any level.
|
2007-08-21 19:03:34 +00:00
|
|
|
- Files and radvd updates from Stefan Schulze Frielinghaus.
|
2007-08-20 18:26:08 +00:00
|
|
|
- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
|
|
|
|
mls_write_all_levels() and mls_read_all_levels(), for consistency.
|
2007-08-20 15:15:03 +00:00
|
|
|
- Add make kernel and init ranged interfaces pass the range transition MLS
|
|
|
|
constraints. Also remove calls to mls_rangetrans_target() in modules that use
|
|
|
|
the kernel and init interfaces, since its redundant.
|
|
|
|
- Add interfaces for all MLS attributes except X object classes.
|
|
|
|
- Require all sensitivities and categories for MLS and MCS policies, not just
|
|
|
|
the low and high sensitivity and category.
|
2007-08-09 13:15:07 +00:00
|
|
|
- Database userspace object manager classes from KaiGai Kohei.
|
2007-07-26 19:48:40 +00:00
|
|
|
- Add third-party interface for Apache CGI.
|
2007-07-24 19:52:18 +00:00
|
|
|
- Add getserv and shmemserv nscd permissions.
|
2007-07-02 15:25:46 +00:00
|
|
|
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
|
2007-07-19 18:57:48 +00:00
|
|
|
- Added modules:
|
|
|
|
application
|
2007-09-17 17:25:40 +00:00
|
|
|
awstats (Stefan Schulze Frielinghaus)
|
2007-09-17 14:33:40 +00:00
|
|
|
bitlbee (Devin Carraway)
|
2007-09-05 17:55:57 +00:00
|
|
|
brctl (Dan Walsh)
|
2007-07-02 15:25:46 +00:00
|
|
|
|
2007-06-29 15:30:58 +00:00
|
|
|
* Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
|
2007-06-28 17:25:46 +00:00
|
|
|
- Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
|
|
|
|
libraries module.
|
2007-06-27 15:23:21 +00:00
|
|
|
- Unified labeled networking policy from Paul Moore.
|
|
|
|
- Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
|
2007-06-21 13:36:05 +00:00
|
|
|
- Xen updates from Dan Walsh.
|
2007-06-20 19:47:10 +00:00
|
|
|
- Filesystem updates from Dan Walsh.
|
2007-06-19 19:11:35 +00:00
|
|
|
- Large samba update from Dan Walsh.
|
2007-06-19 17:39:35 +00:00
|
|
|
- Drop snmpd_etc_t.
|
2007-06-19 17:01:39 +00:00
|
|
|
- Confine sendmail and logrotate on targeted.
|
2007-06-19 14:30:06 +00:00
|
|
|
- Tunable connection to postgresql for users from KaiGai Kohei.
|
2007-06-19 13:02:26 +00:00
|
|
|
- Memprotect support patch from Stephen Smalley.
|
2007-06-12 18:46:14 +00:00
|
|
|
- Add logging_send_audit_msgs() interface and deprecate
|
|
|
|
send_audit_msgs_pattern().
|
2007-06-11 15:01:10 +00:00
|
|
|
- Openct updates patch from Dan Walsh.
|
2007-05-11 17:10:43 +00:00
|
|
|
- Merge restorecon into setfiles.
|
2007-05-07 17:57:48 +00:00
|
|
|
- Patch to begin separating out hald helper programs from Dan Walsh.
|
2007-05-07 13:45:17 +00:00
|
|
|
- Fixes for squid, dovecot, and snmp from Dan Walsh.
|
2007-05-03 14:15:38 +00:00
|
|
|
- Miscellaneous consolekit fixes from Dan Walsh.
|
2007-05-03 12:45:28 +00:00
|
|
|
- Patch to have avahi use the nsswitch interface rather than individual
|
|
|
|
permissions from Dan Walsh.
|
2007-05-02 17:55:03 +00:00
|
|
|
- Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
|
2007-05-02 17:31:38 +00:00
|
|
|
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
|
2007-05-02 17:55:03 +00:00
|
|
|
to handle usage from userhelper from Dan Walsh.
|
2007-04-30 15:19:47 +00:00
|
|
|
- Patch to allow amavis to read spamassassin libraries from Dan Walsh.
|
2007-04-30 15:01:19 +00:00
|
|
|
- Patch to allow slocate to getattr other filesystems and directories on those
|
|
|
|
filesystems from Dan Walsh.
|
2007-04-27 15:08:15 +00:00
|
|
|
- Fixes for RHEL4 from the CLIP project.
|
2007-04-23 17:36:35 +00:00
|
|
|
- Replace the old lrrd fc entries with munin ones.
|
2007-04-19 14:30:57 +00:00
|
|
|
- Move program admin template usage out of userdom_admin_user_template() to
|
|
|
|
sysadm policy in userdomain.te to fix usage of the template for third
|
|
|
|
parties.
|
2007-04-19 14:24:02 +00:00
|
|
|
- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
|
|
|
|
template instead of an interface.
|
2007-04-30 17:39:01 +00:00
|
|
|
- Added modules:
|
2007-06-12 18:58:36 +00:00
|
|
|
amtu (Dan Walsh)
|
2007-05-07 14:55:54 +00:00
|
|
|
apcupsd (Dan Walsh)
|
2007-06-27 16:31:55 +00:00
|
|
|
rpcbind (Dan Walsh)
|
2007-04-30 17:39:01 +00:00
|
|
|
rwho (Nalin Dahyabhai)
|
2007-04-19 14:24:02 +00:00
|
|
|
|
2007-04-17 14:20:24 +00:00
|
|
|
* Tue Apr 17 2007 Chris PeBenito <selinux@tresys.com> - 20070417
|
2007-04-11 17:56:03 +00:00
|
|
|
- Patch for sasl's use of kerberos from Dan Walsh.
|
|
|
|
- Patches to confine ldconfig, udev, and insmod in the targeted policy from Dan Walsh.
|
2007-04-02 13:58:33 +00:00
|
|
|
- Man page updates from Dan Walsh.
|
2007-03-28 18:47:45 +00:00
|
|
|
- Two patches from Paul Moore to for ipsec to remove redundant rules and
|
|
|
|
have setkey read the config file.
|
2007-03-26 18:41:45 +00:00
|
|
|
- Move booleans and tunables to modules when it is only used in a single
|
|
|
|
module.
|
|
|
|
- Add support for tunables and booleans local to a module.
|
2007-03-23 23:24:59 +00:00
|
|
|
- Merge sbin_t and ls_exec_t into bin_t.
|
2007-03-23 21:01:49 +00:00
|
|
|
- Remove disable_trans booleans.
|
2007-03-23 20:32:23 +00:00
|
|
|
- Output different header sets for kernel and userland from flask headers.
|
2007-03-23 20:21:06 +00:00
|
|
|
- Marked the pax class as deprecated, changed it to userland so
|
|
|
|
it will be removed from the kernel.
|
2007-03-21 19:40:55 +00:00
|
|
|
- Stop including netfilter contexts by default.
|
2007-03-20 18:47:18 +00:00
|
|
|
- Add dontaudits for init fds and console to init_daemon_domain().
|
2007-03-19 19:10:43 +00:00
|
|
|
- Patch to allow gpg to create user keys dir.
|
2007-03-19 18:48:14 +00:00
|
|
|
- Patch to support kvmfs from Dan Walsh.
|
2007-03-19 16:32:44 +00:00
|
|
|
- Patch for misc fixes in sudo from Dan Walsh.
|
2007-03-09 14:45:19 +00:00
|
|
|
- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
|
2007-03-08 15:14:45 +00:00
|
|
|
- Patch for handling restart of nscd when ran from useradd, groupadd, and
|
|
|
|
admin passwd, from Dan Walsh.
|
2007-03-07 21:33:22 +00:00
|
|
|
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
|
2007-03-06 17:16:08 +00:00
|
|
|
- Patch for setroubleshoot for validating file contexts from Dan Walsh.
|
2007-03-06 16:18:59 +00:00
|
|
|
- Patch for gssd fixes from Dan Walsh.
|
2007-03-06 15:35:02 +00:00
|
|
|
- Patch for lvm fixes from Dan Walsh.
|
|
|
|
- Patch for ricci fixes from Dan Walsh.
|
2007-03-01 20:41:19 +00:00
|
|
|
- Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
|
2007-02-28 17:17:52 +00:00
|
|
|
- Patch for kerberized telnet fixes from Dan Walsh.
|
2007-02-28 17:01:47 +00:00
|
|
|
- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
|
2007-02-28 16:23:06 +00:00
|
|
|
- Patch for an additional wine executable from Dan Walsh.
|
2007-03-01 15:43:39 +00:00
|
|
|
- Eight patches for file contexts in games, wine, networkmanager, miscfiles,
|
|
|
|
corecommands, devices, and java from Dan Walsh.
|
2007-02-27 17:02:35 +00:00
|
|
|
- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
|
2007-02-26 17:23:52 +00:00
|
|
|
- Patch for misc fixes to bluetooth from Dan Walsh.
|
2007-02-26 17:04:56 +00:00
|
|
|
- Patch for misc fixes to kerberos from Dan Walsh.
|
2007-02-26 16:13:23 +00:00
|
|
|
- Patch to start deprecating usercanread attribute from Ryan Bradetich.
|
2007-02-26 15:39:59 +00:00
|
|
|
- Add dccp_socket object class which was added in kernel 2.6.20.
|
2007-02-23 21:20:46 +00:00
|
|
|
- Patch for prelink relabefrom it's temp files from Dan Walsh.
|
2007-02-23 20:19:29 +00:00
|
|
|
- Patch for capability fix for auditd and networking fix for syslogd from
|
|
|
|
Dan Walsh.
|
2007-02-23 20:05:12 +00:00
|
|
|
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
|
2007-02-23 19:52:52 +00:00
|
|
|
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
|
2007-02-23 19:41:41 +00:00
|
|
|
- Patch to allow apmd to telinit from Dan Walsh.
|
2007-02-23 19:30:17 +00:00
|
|
|
- Patch for additional labeling of samba files from Stefan Schulze
|
|
|
|
Frielinghaus.
|
2007-02-23 19:08:45 +00:00
|
|
|
- Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
|
2007-02-20 20:17:07 +00:00
|
|
|
- Fix ptys and ttys to be device nodes.
|
2007-02-07 22:16:18 +00:00
|
|
|
- Fix explicit use of httpd_t in openca_domtrans().
|
2007-01-24 17:10:31 +00:00
|
|
|
- Clean up file context regexes in apache and java, from Eamon Walsh.
|
2007-02-16 23:01:42 +00:00
|
|
|
- Patches from Dan Walsh:
|
|
|
|
Thu, 25 Jan 2007
|
2007-03-19 18:01:15 +00:00
|
|
|
- Added modules:
|
|
|
|
consolekit (Dan Walsh)
|
2007-03-21 15:51:52 +00:00
|
|
|
fail2ban (Dan Walsh)
|
2007-04-11 18:55:44 +00:00
|
|
|
zabbix (Dan Walsh)
|
2007-01-24 17:10:31 +00:00
|
|
|
|
2006-12-12 21:59:26 +00:00
|
|
|
* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
|
2006-12-12 20:08:08 +00:00
|
|
|
- Add policy patterns support macros. This changes the behavior of
|
|
|
|
the create_dir_perms and create_file_perms permission sets.
|
2006-11-16 13:38:14 +00:00
|
|
|
- Association polmatch MLS constraint making unlabeled_t an exception
|
|
|
|
is no longer needed, patch from Venkat Yekkirala.
|
2006-11-14 13:38:52 +00:00
|
|
|
- Context contains checking for PAM and cron from James Antill.
|
2006-11-13 03:36:13 +00:00
|
|
|
- Add a reload target to Modules.devel and change the load
|
|
|
|
target to only insert modules that were changed.
|
2006-11-13 03:24:07 +00:00
|
|
|
- Allow semanage to read from /root on strict non-MLS for
|
|
|
|
local policy modules.
|
|
|
|
- Gentoo init script fixes for udev.
|
|
|
|
- Allow udev to read kernel modules.inputmap.
|
|
|
|
- Dnsmasq fixes from testing.
|
|
|
|
- Allow kernel NFS server to getattr filesystems so df can work
|
|
|
|
on clients.
|
2006-11-01 15:42:22 +00:00
|
|
|
- Patch from Matt Anderson for a MLS constraint exemption on a
|
|
|
|
file that can be written to from a subject whose range is
|
|
|
|
within the object's range.
|
2006-10-20 14:44:23 +00:00
|
|
|
- Enhanced setransd support from Darrel Goeddel.
|
2006-10-31 21:01:48 +00:00
|
|
|
- Patches from Dan Walsh:
|
|
|
|
Tue, 24 Oct 2006
|
2006-12-04 20:10:56 +00:00
|
|
|
Wed, 29 Nov 2006
|
2006-10-31 21:01:48 +00:00
|
|
|
- Added modules:
|
2006-11-16 20:56:24 +00:00
|
|
|
aide (Matt Anderson)
|
|
|
|
ccs (Dan Walsh)
|
2006-10-31 21:01:48 +00:00
|
|
|
iscsi (Dan Walsh)
|
2006-11-16 20:56:24 +00:00
|
|
|
ricci (Dan Walsh)
|
2006-10-20 14:44:23 +00:00
|
|
|
|
2006-10-18 20:26:45 +00:00
|
|
|
* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
|
2006-10-05 19:57:37 +00:00
|
|
|
- Patch from Russell Coker Thu, 5 Oct 2006
|
2006-10-04 17:25:34 +00:00
|
|
|
- Move range transitions to modules.
|
|
|
|
- Make number of MLS sensitivities, and number of MLS and MCS
|
|
|
|
categories configurable as build options.
|
2006-09-06 22:07:25 +00:00
|
|
|
- Add role infrastructure.
|
2006-09-04 18:22:12 +00:00
|
|
|
- Debian updates from Erich Schubert.
|
2006-08-22 19:37:56 +00:00
|
|
|
- Add nscd_socket_use() to auth_use_nsswitch().
|
2006-08-15 20:00:58 +00:00
|
|
|
- Remove old selopt rules.
|
2006-08-07 17:25:46 +00:00
|
|
|
- Full support for netfilter_contexts.
|
2006-08-07 17:14:00 +00:00
|
|
|
- MRTG patch for daemon operation from Stefan.
|
2006-07-31 22:26:59 +00:00
|
|
|
- Add authlogin interface to abstract common access for login programs.
|
2006-07-13 14:22:21 +00:00
|
|
|
- Remove setbool auditallow, except for RHEL4.
|
2006-06-28 20:28:09 +00:00
|
|
|
- Change eventpollfs to task SID labeling.
|
2006-06-21 21:02:49 +00:00
|
|
|
- Add key support from Michael LeMay.
|
2006-06-13 18:17:34 +00:00
|
|
|
- Add ftpdctl domain to ftp, from Paul Howarth.
|
2006-06-12 16:59:21 +00:00
|
|
|
- Fix build system to not move type declarations out of optionals.
|
2006-05-29 14:16:22 +00:00
|
|
|
- Add gcc-config domain to portage.
|
2006-05-23 18:31:02 +00:00
|
|
|
- Add packet object class and support in corenetwork.
|
2006-05-15 15:21:43 +00:00
|
|
|
- Add a copy of genhomedircon for monolithic policy building, so that a
|
|
|
|
policycoreutils package update is not required for RHEL4 systems.
|
2006-05-04 20:42:06 +00:00
|
|
|
- Add appletalk sockets for use in cups.
|
2006-05-02 20:14:41 +00:00
|
|
|
- Add Make target to validate module linking.
|
2006-05-02 14:34:32 +00:00
|
|
|
- Make duplicate template and interface declarations a fatal error.
|
2006-04-17 18:06:36 +00:00
|
|
|
- Patch to stabilize modules.conf `make conf` output, from Erich Schubert.
|
2006-04-06 19:27:41 +00:00
|
|
|
- Move xconsole_device_t from devices to xserver since it is
|
|
|
|
not actually a device, it is a named pipe.
|
2006-04-06 19:18:53 +00:00
|
|
|
- Handle nonexistant .fc and .if files in devel Makefile by
|
|
|
|
automatically creating empty files.
|
2006-04-06 15:14:11 +00:00
|
|
|
- Remove unused devfs_control_t.
|
2006-03-31 14:28:45 +00:00
|
|
|
- Add rhel4 distro, which also implies redhat distro.
|
2006-03-30 14:58:16 +00:00
|
|
|
- Remove unneeded range_transition for su_exec_t and move the
|
|
|
|
type declaration back to the su module.
|
2006-03-29 16:23:17 +00:00
|
|
|
- Constrain transitions in MCS so unconfined_t cannot have
|
|
|
|
arbitrary category sets.
|
2006-03-29 14:53:58 +00:00
|
|
|
- Change reiserfs from xattr filesystem to genfscon as it's xattrs
|
|
|
|
are currently nonfunctional.
|
2006-03-29 19:55:30 +00:00
|
|
|
- Change files and filesystem modules to use their own interfaces.
|
2006-03-28 18:29:52 +00:00
|
|
|
- Add user fonts to xserver.
|
2006-03-24 18:59:51 +00:00
|
|
|
- Additional interfaces in corecommands, miscfiles, and userdomain
|
|
|
|
from Joy Latten.
|
2006-03-24 16:48:35 +00:00
|
|
|
- Miscellaneous fixes from Thomas Bleher.
|
2006-03-24 16:13:54 +00:00
|
|
|
- Deprecate module name as first parameter of optional_policy()
|
|
|
|
now that optionals are allowed everywhere.
|
2006-03-23 21:07:57 +00:00
|
|
|
- Enable optional blocks in base module and monolithic policy.
|
|
|
|
This requires checkpolicy 1.30.1.
|
2006-03-23 19:59:36 +00:00
|
|
|
- Fix vpn module declaration.
|
2006-03-23 19:19:38 +00:00
|
|
|
- Numerous fixes from Dan Walsh.
|
2006-03-20 20:54:56 +00:00
|
|
|
- Change build order to preserve m4 line number information so policy
|
|
|
|
compile errors are useful again.
|
2006-03-15 16:27:39 +00:00
|
|
|
- Additional MLS interfaces from Chad Hanson.
|
2006-03-14 19:13:59 +00:00
|
|
|
- Move some rules out of domain_type() and domain_base_type()
|
|
|
|
to the TE file, to use the domain attribute to take advantage
|
|
|
|
of space savings from attribute use.
|
|
|
|
- Add global stack smashing protector rule for urandom access from
|
|
|
|
Petre Rodan.
|
2006-03-13 22:03:12 +00:00
|
|
|
- Fix temporary rules at the bottom of portmap.
|
2006-03-13 15:36:38 +00:00
|
|
|
- Updated comments in mls file from Chad Hanson.
|
2006-06-21 19:07:32 +00:00
|
|
|
- Patches from Dan Walsh:
|
|
|
|
Fri, 17 Mar 2006
|
|
|
|
Wed, 29 Mar 2006
|
|
|
|
Tue, 11 Apr 2006
|
|
|
|
Fri, 14 Apr 2006
|
|
|
|
Tue, 18 Apr 2006
|
|
|
|
Thu, 20 Apr 2006
|
|
|
|
Tue, 02 May 2006
|
|
|
|
Mon, 15 May 2006
|
|
|
|
Thu, 18 May 2006
|
|
|
|
Tue, 06 Jun 2006
|
|
|
|
Mon, 12 Jun 2006
|
|
|
|
Tue, 20 Jun 2006
|
2006-08-02 19:56:32 +00:00
|
|
|
Wed, 26 Jul 2006
|
2006-08-29 02:41:00 +00:00
|
|
|
Wed, 23 Aug 2006
|
2006-09-01 15:52:05 +00:00
|
|
|
Thu, 31 Aug 2006
|
2006-09-04 15:15:35 +00:00
|
|
|
Fri, 01 Sep 2006
|
2006-09-06 16:36:23 +00:00
|
|
|
Tue, 05 Sep 2006
|
2006-09-22 17:14:35 +00:00
|
|
|
Wed, 20 Sep 2006
|
2006-09-25 18:53:06 +00:00
|
|
|
Fri, 22 Sep 2006
|
2006-09-28 14:37:29 +00:00
|
|
|
Mon, 25 Sep 2006
|
2006-03-07 18:07:15 +00:00
|
|
|
- Added modules:
|
2006-05-05 17:53:45 +00:00
|
|
|
afs
|
2006-03-07 21:15:24 +00:00
|
|
|
amavis (Erich Schubert)
|
2006-03-08 18:43:05 +00:00
|
|
|
apt (Erich Schubert)
|
2006-04-18 13:44:07 +00:00
|
|
|
asterisk
|
2006-03-21 18:50:58 +00:00
|
|
|
audioentropy
|
2006-04-27 18:11:26 +00:00
|
|
|
authbind
|
2006-04-24 18:58:46 +00:00
|
|
|
backup
|
2006-03-21 20:12:24 +00:00
|
|
|
calamaris
|
2006-03-24 19:22:19 +00:00
|
|
|
cipe
|
2006-03-07 21:15:24 +00:00
|
|
|
clamav (Erich Schubert)
|
2006-05-08 14:16:10 +00:00
|
|
|
clockspeed (Petre Rodan)
|
2006-04-11 20:47:56 +00:00
|
|
|
courier
|
2006-03-31 22:09:27 +00:00
|
|
|
dante
|
2006-05-04 17:44:26 +00:00
|
|
|
dcc
|
2006-04-25 17:50:31 +00:00
|
|
|
ddclient
|
2006-03-08 18:43:05 +00:00
|
|
|
dpkg (Erich Schubert)
|
2006-04-25 14:45:14 +00:00
|
|
|
dnsmasq
|
2006-03-14 21:54:26 +00:00
|
|
|
ethereal
|
2006-03-13 21:36:49 +00:00
|
|
|
evolution
|
2006-03-21 18:07:53 +00:00
|
|
|
games
|
2006-04-18 20:35:09 +00:00
|
|
|
gatekeeper
|
2006-04-24 20:21:27 +00:00
|
|
|
gift
|
2006-10-02 15:22:48 +00:00
|
|
|
gnome (James Carter)
|
2006-04-25 15:33:44 +00:00
|
|
|
imaze
|
2006-04-28 19:23:17 +00:00
|
|
|
ircd
|
2006-04-12 20:10:47 +00:00
|
|
|
jabber
|
2006-05-01 19:45:30 +00:00
|
|
|
monop
|
2006-03-13 19:24:52 +00:00
|
|
|
mozilla
|
2006-03-09 20:28:51 +00:00
|
|
|
mplayer
|
2006-04-28 15:50:06 +00:00
|
|
|
munin
|
2006-04-06 15:03:23 +00:00
|
|
|
nagios
|
2006-04-05 20:27:25 +00:00
|
|
|
nessus
|
2006-10-17 16:58:17 +00:00
|
|
|
netlabel (Paul Moore)
|
2006-04-27 19:41:35 +00:00
|
|
|
nsd
|
2006-04-18 13:44:07 +00:00
|
|
|
ntop
|
2006-05-09 15:12:17 +00:00
|
|
|
nx
|
2006-05-02 19:42:04 +00:00
|
|
|
oav
|
2006-09-28 14:37:29 +00:00
|
|
|
oddjob (Dan Walsh)
|
2006-05-02 17:42:41 +00:00
|
|
|
openca
|
2006-04-14 20:07:01 +00:00
|
|
|
openvpn (Petre Rodan)
|
2006-04-12 19:24:21 +00:00
|
|
|
perdition
|
2006-05-05 18:51:42 +00:00
|
|
|
portslave
|
2006-04-05 18:07:51 +00:00
|
|
|
postgrey
|
2006-04-05 19:31:34 +00:00
|
|
|
pxe
|
2006-05-03 19:58:01 +00:00
|
|
|
pyzor (Dan Walsh)
|
2006-04-05 15:32:38 +00:00
|
|
|
qmail (Petre Rodan)
|
2006-05-05 19:26:50 +00:00
|
|
|
razor
|
2006-04-14 19:13:17 +00:00
|
|
|
resmgr
|
2006-03-09 19:02:29 +00:00
|
|
|
rhgb
|
2006-04-25 19:17:43 +00:00
|
|
|
rssh
|
2006-04-05 18:53:26 +00:00
|
|
|
snort
|
2006-04-25 15:13:59 +00:00
|
|
|
soundserver
|
2006-04-12 18:22:54 +00:00
|
|
|
speedtouch
|
2006-05-01 20:36:13 +00:00
|
|
|
sxid
|
2006-03-08 20:09:42 +00:00
|
|
|
thunderbird
|
2006-03-07 18:07:15 +00:00
|
|
|
tor (Erich Schubert)
|
2006-04-12 18:02:55 +00:00
|
|
|
transproxy
|
2006-04-24 18:00:32 +00:00
|
|
|
tripwire
|
2006-04-12 17:41:28 +00:00
|
|
|
uptime
|
2006-04-07 19:37:16 +00:00
|
|
|
uwimap
|
2006-04-26 18:18:29 +00:00
|
|
|
vmware
|
2006-04-28 20:20:40 +00:00
|
|
|
watchdog
|
2006-03-23 19:19:38 +00:00
|
|
|
xen (Dan Walsh)
|
2006-04-07 20:53:39 +00:00
|
|
|
xprint
|
2006-04-28 18:30:02 +00:00
|
|
|
yam
|
2006-03-07 18:07:15 +00:00
|
|
|
|
2006-03-07 14:29:51 +00:00
|
|
|
* Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
|
2006-03-02 23:41:11 +00:00
|
|
|
- Make all interface parameters required.
|
|
|
|
- Move boot_t, system_map_t, and modules_object_t to files module,
|
|
|
|
and move bootloader to admin layer.
|
2006-02-22 21:21:26 +00:00
|
|
|
- Add semanage policy for semodule from Dan Walsh.
|
2006-02-17 16:08:14 +00:00
|
|
|
- Remove allow_execmem from targeted policy domain_base_type().
|
2006-02-15 21:58:41 +00:00
|
|
|
- Add users_extra and seusers support.
|
2006-02-14 20:55:45 +00:00
|
|
|
- Postfix fixes from Serge Hallyn.
|
2006-02-13 20:06:05 +00:00
|
|
|
- Run python and shell directly to interpret scripts so policy
|
|
|
|
sources need not be executable.
|
|
|
|
- Add desc tag XML to booleans and tunables, and add summary
|
|
|
|
to param XML tag, to make future translations possible.
|
2006-02-03 16:21:06 +00:00
|
|
|
- Remove unused lvm_vg_t.
|
2006-02-01 14:20:36 +00:00
|
|
|
- Many interface renames to improve naming consistency.
|
2006-01-30 22:51:35 +00:00
|
|
|
- Merge xdm into xserver.
|
2006-01-30 18:22:24 +00:00
|
|
|
- Remove kernel module reversed interfaces.
|
2006-01-27 15:47:52 +00:00
|
|
|
- Add filename attribute to module XML tag and lineno attribute to
|
|
|
|
interface XML tag.
|
2006-01-26 20:35:55 +00:00
|
|
|
- Changed QUIET build option to a yes or no option.
|
|
|
|
- Add a Makefile used for compiling loadable modules in a
|
|
|
|
user's development environment, building against policy headers.
|
|
|
|
- Add Make target for installing policy headers.
|
2006-01-26 18:04:57 +00:00
|
|
|
- Separate per-userdomain template expansion from the userdomain
|
|
|
|
module and add infrastructure to expand templates in the modules
|
|
|
|
that own the template.
|
|
|
|
- Enable secadm only for MLS policies.
|
2006-01-25 19:40:21 +00:00
|
|
|
- Remove role change rules in su and sudo since this functionality has been
|
|
|
|
removed from these programs.
|
2006-01-25 18:30:27 +00:00
|
|
|
- Add ctags Make target from Thomas Bleher.
|
2006-01-23 20:53:40 +00:00
|
|
|
- Collapse commands with grep piped to sed into one sed command.
|
2006-01-20 22:05:40 +00:00
|
|
|
- Fix type_change bug in term_user_pty().
|
2006-01-20 19:36:54 +00:00
|
|
|
- Move ice_tmp_t from miscfiles to xserver.
|
2006-01-19 22:47:40 +00:00
|
|
|
- Login fixes from Serge Hallyn.
|
2006-01-19 22:01:48 +00:00
|
|
|
- Move xserver_log_t from xdm to xserver.
|
2006-01-18 22:26:26 +00:00
|
|
|
- Add lpr per-userdomain policy to lpd.
|
2006-01-18 18:45:23 +00:00
|
|
|
- Miscellaneous fixes from Dan Walsh.
|
2006-01-18 18:08:39 +00:00
|
|
|
- Change initrc_var_run_t interface noun from script_pid to utmp,
|
|
|
|
for greater clarity.
|
2006-01-17 23:01:14 +00:00
|
|
|
- Added modules:
|
2006-01-18 19:09:48 +00:00
|
|
|
certwatch
|
2006-01-19 23:00:23 +00:00
|
|
|
mono (Dan Walsh)
|
2006-01-31 21:43:09 +00:00
|
|
|
mrtg
|
2006-01-18 14:48:24 +00:00
|
|
|
portage
|
2006-02-01 15:11:43 +00:00
|
|
|
tvtime
|
2006-01-18 16:40:04 +00:00
|
|
|
userhelper
|
2006-01-17 23:01:14 +00:00
|
|
|
usernetctl
|
2006-01-19 23:00:23 +00:00
|
|
|
wine (Dan Walsh)
|
2006-01-19 22:01:48 +00:00
|
|
|
xserver
|
2006-01-17 23:01:14 +00:00
|
|
|
|
2006-01-17 20:16:16 +00:00
|
|
|
* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
|
2006-01-16 18:48:57 +00:00
|
|
|
- Adds support for generating corenetwork interfaces based on attributes
|
|
|
|
in addition to types.
|
|
|
|
- Permits the listing of multiple nodes in a network_node() that will be
|
|
|
|
given the same type.
|
|
|
|
- Add two new permission sets for stream sockets.
|
2006-01-13 21:06:49 +00:00
|
|
|
- Rename file type transition interfaces verb from create to
|
|
|
|
filetrans to differentiate it from create interfaces without
|
|
|
|
type transitions.
|
|
|
|
- Fix expansion of interfaces from disabled modules.
|
2006-01-12 16:03:18 +00:00
|
|
|
- Rsync can be long running from init,
|
|
|
|
added rules to allow this.
|
2006-01-10 21:03:16 +00:00
|
|
|
- Add polyinstantiation build option.
|
2006-01-06 22:53:34 +00:00
|
|
|
- Add setcontext to the association object class.
|
2005-12-12 21:47:43 +00:00
|
|
|
- Add apache relay and db connect tunables.
|
2005-12-12 16:51:28 +00:00
|
|
|
- Rename texrel_shlib_t to textrel_shlib_t.
|
2005-12-09 21:07:30 +00:00
|
|
|
- Add swat to samba module.
|
2006-01-11 23:20:28 +00:00
|
|
|
- Numerous miscellaneous fixes from Dan Walsh.
|
2005-12-08 15:01:57 +00:00
|
|
|
- Added modules:
|
2006-01-12 16:00:55 +00:00
|
|
|
alsa
|
2005-12-09 20:08:10 +00:00
|
|
|
automount
|
2006-01-12 23:23:22 +00:00
|
|
|
cdrecord
|
2006-01-16 18:30:14 +00:00
|
|
|
daemontools (Petre Rodan)
|
2006-01-04 16:29:11 +00:00
|
|
|
ddcprobe
|
2006-01-16 18:30:14 +00:00
|
|
|
djbdns (Petre Rodan)
|
2005-12-08 15:58:12 +00:00
|
|
|
fetchmail
|
2006-01-06 19:46:44 +00:00
|
|
|
irc
|
2006-01-12 22:26:46 +00:00
|
|
|
java
|
2006-01-11 20:18:56 +00:00
|
|
|
lockdev
|
2006-01-10 14:39:21 +00:00
|
|
|
logwatch (Dan Walsh)
|
2006-01-04 18:32:22 +00:00
|
|
|
openct
|
2006-01-11 23:20:28 +00:00
|
|
|
prelink (Dan Walsh)
|
2006-01-16 18:30:14 +00:00
|
|
|
publicfile (Petre Rodan)
|
2006-01-04 19:31:53 +00:00
|
|
|
readahead
|
2006-01-11 20:03:21 +00:00
|
|
|
roundup
|
2006-01-11 18:10:49 +00:00
|
|
|
screen
|
2006-01-16 14:58:58 +00:00
|
|
|
slocate (Dan Walsh)
|
2006-01-04 20:44:30 +00:00
|
|
|
slrnpull
|
2006-01-04 15:26:42 +00:00
|
|
|
smartmon
|
2005-12-08 15:01:57 +00:00
|
|
|
sysstat
|
2006-01-16 18:30:14 +00:00
|
|
|
ucspitcp (Petre Rodan)
|
2006-01-11 18:28:57 +00:00
|
|
|
usbmodules
|
2006-01-03 21:39:31 +00:00
|
|
|
vbetool (Dan Walsh)
|
2005-12-08 15:01:57 +00:00
|
|
|
|
2005-12-07 15:44:05 +00:00
|
|
|
* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
|
2005-12-07 16:38:24 +00:00
|
|
|
- Add unlabeled IPSEC association rule to domains with
|
|
|
|
networking permissions.
|
2005-12-05 20:31:54 +00:00
|
|
|
- Merge systemuser back in to users, as these files
|
|
|
|
do not need to be split.
|
2005-12-05 16:43:28 +00:00
|
|
|
- Add check for duplicate interface/template definitions.
|
2005-12-01 20:25:27 +00:00
|
|
|
- Move domain, files, and corecommands modules to kernel
|
|
|
|
layer to resolve some layering inconsistencies.
|
2005-12-01 19:04:57 +00:00
|
|
|
- Move policy build options out of Makefile into build.conf.
|
2005-11-28 16:44:51 +00:00
|
|
|
- Add yppasswd to nis module.
|
2005-11-23 20:24:27 +00:00
|
|
|
- Change optional_policy() to refer to the module name
|
|
|
|
rather than modulename.te.
|
2005-11-22 22:07:12 +00:00
|
|
|
- Fix labeling targets to use installed file_contexts rather
|
|
|
|
than partial file_contexts in the policy source directory.
|
|
|
|
- Fix build process to use make's internal vpath functions
|
|
|
|
to detect modules rather than using subshells and find.
|
|
|
|
- Add install target for modular policy.
|
|
|
|
- Add load target for modular policy.
|
|
|
|
- Add appconfig dependency to the load target.
|
2005-11-22 17:56:53 +00:00
|
|
|
- Miscellaneous fixes from Dan Walsh.
|
2005-10-21 13:11:17 +00:00
|
|
|
- Fix corenetwork gen_context()'s to expand during the policy
|
|
|
|
build phase instead of during the generation phase.
|
|
|
|
- Added policies:
|
2005-10-22 19:58:58 +00:00
|
|
|
amanda
|
2005-11-09 17:12:34 +00:00
|
|
|
avahi
|
2005-10-21 16:39:28 +00:00
|
|
|
canna
|
2005-10-21 16:18:11 +00:00
|
|
|
cyrus
|
2005-10-22 21:18:03 +00:00
|
|
|
dbskk
|
2005-10-21 15:38:22 +00:00
|
|
|
dovecot
|
2005-10-21 13:11:17 +00:00
|
|
|
distcc
|
2005-12-01 18:50:00 +00:00
|
|
|
i18n_input
|
2005-11-28 19:06:22 +00:00
|
|
|
irqbalance
|
2005-10-22 21:09:03 +00:00
|
|
|
lpd
|
2005-10-22 17:44:04 +00:00
|
|
|
networkmanager
|
2005-10-22 21:55:39 +00:00
|
|
|
pegasus
|
2005-10-23 20:18:36 +00:00
|
|
|
postfix
|
2005-11-15 20:17:18 +00:00
|
|
|
procmail
|
2005-10-22 22:51:14 +00:00
|
|
|
radius
|
2005-11-28 17:46:29 +00:00
|
|
|
rdisc
|
2005-10-24 01:53:13 +00:00
|
|
|
rpc
|
2005-10-22 23:50:23 +00:00
|
|
|
spamassassin
|
2005-11-28 18:29:03 +00:00
|
|
|
timidity
|
2005-10-21 17:55:15 +00:00
|
|
|
xdm
|
2005-11-25 19:09:08 +00:00
|
|
|
xfs
|
2005-10-20 18:08:31 +00:00
|
|
|
|
2005-10-19 21:18:25 +00:00
|
|
|
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
|
2005-10-19 20:18:21 +00:00
|
|
|
- Many fixes to make loadable modules build.
|
2005-10-12 19:13:49 +00:00
|
|
|
- Add targets for sechecker.
|
2005-10-07 18:08:50 +00:00
|
|
|
- Updated to sedoctool to read bool files and tunable
|
|
|
|
files separately.
|
|
|
|
- Changed the xml tag of <boolean> to <bool> to be consistent
|
|
|
|
with gen_bool().
|
|
|
|
- Modified the implementation of segenxml to use regular
|
|
|
|
expressions.
|
2005-10-06 19:33:06 +00:00
|
|
|
- Rename context_template() to gen_context() to clarify
|
|
|
|
that its not a Reference Policy template, but a support
|
|
|
|
macro.
|
2005-09-27 20:17:50 +00:00
|
|
|
- Add disable_*_trans bool support for targeted policy.
|
2005-09-26 20:26:32 +00:00
|
|
|
- Add MLS module to handle MLS constraint exceptions,
|
|
|
|
such as reading up and writing down.
|
2005-09-22 21:59:50 +00:00
|
|
|
- Fix errors uncovered by sediff.
|
2005-09-23 19:38:34 +00:00
|
|
|
- Added policies:
|
2005-09-23 22:15:04 +00:00
|
|
|
anaconda
|
2005-10-17 17:55:38 +00:00
|
|
|
apache
|
2005-10-10 18:11:46 +00:00
|
|
|
apm
|
|
|
|
arpwatch
|
2005-10-07 21:45:04 +00:00
|
|
|
bluetooth
|
2005-09-27 21:24:01 +00:00
|
|
|
dmidecode
|
2005-10-07 21:45:04 +00:00
|
|
|
finger
|
2005-10-05 19:52:53 +00:00
|
|
|
ftp
|
2005-09-23 19:38:34 +00:00
|
|
|
kudzu
|
2005-10-11 15:36:53 +00:00
|
|
|
mailman
|
2005-10-14 20:00:07 +00:00
|
|
|
ppp
|
2005-09-23 21:20:03 +00:00
|
|
|
radvd
|
2005-10-10 18:50:08 +00:00
|
|
|
sasl
|
|
|
|
webalizer
|
2005-09-22 21:59:50 +00:00
|
|
|
|
2005-09-22 19:05:26 +00:00
|
|
|
* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
|
2005-09-21 14:49:41 +00:00
|
|
|
- Make logrotate, sendmail, sshd, and rpm policies
|
|
|
|
unconfined in the targeted policy so no special
|
|
|
|
modules.conf is required.
|
2005-09-16 13:36:26 +00:00
|
|
|
- Add experimental MCS support.
|
2005-09-20 14:20:02 +00:00
|
|
|
- Add appconfig for MLS.
|
2005-09-15 21:03:29 +00:00
|
|
|
- Add equivalents for old can_resolve(), can_ldap(), and
|
|
|
|
can_portmap() to sysnetwork.
|
2005-09-12 15:58:44 +00:00
|
|
|
- Fix base module compile issues.
|
2005-09-08 13:42:13 +00:00
|
|
|
- Added policies:
|
2005-09-20 18:15:35 +00:00
|
|
|
cpucontrol
|
2005-09-20 18:49:13 +00:00
|
|
|
cvs
|
2005-09-08 13:42:13 +00:00
|
|
|
ktalk
|
2005-09-08 17:12:38 +00:00
|
|
|
portmap
|
2005-09-19 21:17:45 +00:00
|
|
|
postgresql
|
2005-09-20 17:11:53 +00:00
|
|
|
rlogin
|
2005-09-14 18:33:53 +00:00
|
|
|
samba
|
2005-09-16 14:54:36 +00:00
|
|
|
snmp
|
2005-09-20 13:47:36 +00:00
|
|
|
stunnel
|
2005-09-20 17:11:53 +00:00
|
|
|
telnet
|
2005-09-16 15:18:09 +00:00
|
|
|
tftp
|
2005-09-22 16:27:52 +00:00
|
|
|
uucp
|
2005-09-19 21:17:45 +00:00
|
|
|
vpn
|
2005-09-09 13:24:11 +00:00
|
|
|
zebra
|
2005-09-08 13:42:13 +00:00
|
|
|
|
2005-09-07 16:15:51 +00:00
|
|
|
* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
|
2005-09-02 20:55:17 +00:00
|
|
|
- Fix errors uncovered by sediff.
|
2005-08-29 19:55:00 +00:00
|
|
|
- Doc tool will explicitly say a module does not have interfaces
|
|
|
|
or templates on the module page.
|
2005-08-31 15:25:12 +00:00
|
|
|
- Added policies:
|
|
|
|
comsat
|
2005-08-31 20:58:12 +00:00
|
|
|
dbus
|
2005-09-02 19:18:43 +00:00
|
|
|
dhcp
|
2005-09-02 20:50:54 +00:00
|
|
|
dictd
|
2005-09-02 20:29:52 +00:00
|
|
|
hal
|
2005-09-06 18:37:27 +00:00
|
|
|
inn
|
2005-09-05 16:47:19 +00:00
|
|
|
ntp
|
2005-09-02 19:11:07 +00:00
|
|
|
squid
|
2005-08-29 19:55:00 +00:00
|
|
|
|
2005-08-26 15:02:23 +00:00
|
|
|
* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
|
2005-08-24 20:18:06 +00:00
|
|
|
- Add Makefile support for building loadable modules.
|
|
|
|
- Add genclassperms.py tool to add require blocks
|
|
|
|
for loadable modules.
|
|
|
|
- Change sedoctool to make required modules part of base
|
|
|
|
by default, otherwise make as modules, in modules.conf.
|
|
|
|
- Fix segenxml to handle modules with no interfaces.
|
|
|
|
- Rename ipsec connect interface for consistency.
|
|
|
|
- Add missing parts of unix stream socket connect interface
|
|
|
|
of ipsec.
|
|
|
|
- Rename inetd connect interface for consistency.
|
|
|
|
- Rename interface for purging contents of tmp, for clarity,
|
|
|
|
since it allows deletion of classes other than file.
|
|
|
|
- Misc. cleanups.
|
|
|
|
- Added policies:
|
|
|
|
acct
|
|
|
|
bind
|
|
|
|
firstboot
|
|
|
|
gpm
|
|
|
|
howl
|
|
|
|
ldap
|
|
|
|
loadkeys
|
|
|
|
mysql
|
|
|
|
privoxy
|
|
|
|
quota
|
|
|
|
rshd
|
|
|
|
rsync
|
|
|
|
su
|
|
|
|
sudo
|
|
|
|
tcpd
|
|
|
|
tmpreaper
|
|
|
|
updfstab
|
2005-08-03 15:16:33 +00:00
|
|
|
|
2005-08-24 20:18:06 +00:00
|
|
|
* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
|
|
|
|
- Fix comparison bug in fc_sort.
|
|
|
|
- Fix handling of ordered and unordered HTML lists.
|
|
|
|
- Corenetwork now supports multiple network interfaces having the
|
|
|
|
same type.
|
|
|
|
- Doc tool now creates pages for global Booleans and global tunables.
|
|
|
|
- Doc tool now links directly to the interface/template in the
|
|
|
|
module page when it is selected in the interface/template index.
|
|
|
|
- Added support for layer summaries.
|
|
|
|
- Added policies:
|
|
|
|
ipsec
|
|
|
|
nscd
|
|
|
|
pcmcia
|
|
|
|
raid
|
2005-07-07 20:56:27 +00:00
|
|
|
|
2005-08-24 20:18:06 +00:00
|
|
|
* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
|
|
|
|
- Changed xml to have modules encapsulated by layer tags, rather
|
|
|
|
than putting layer="foo" in the module tags. Also in the future
|
|
|
|
we can put a summary and description for each layer.
|
|
|
|
- Added tool to infer interface, module, and layer tags. This will
|
|
|
|
now list all interfaces, even if they are missing xml docs.
|
|
|
|
- Shortened xml tag names.
|
|
|
|
- Added macros to declare interfaces and templates.
|
|
|
|
- Added interface call trace.
|
|
|
|
- Updated all xml documentation for shorter and inferred tags.
|
|
|
|
- Doc tool now displays templates in the web pages.
|
|
|
|
- Doc tool retains the user's settings in modules.conf and
|
|
|
|
tunables.conf if the files already exist.
|
|
|
|
- Modules.conf behavior has been changed to be a list of all
|
|
|
|
available modules, and the user can specify if the module is
|
|
|
|
built as a loadable module, included in the monolithic policy,
|
|
|
|
or excluded.
|
|
|
|
- Added policies:
|
|
|
|
fstools (fsck, mkfs, swapon, etc. tools)
|
|
|
|
logrotate
|
|
|
|
inetd
|
|
|
|
kerberos
|
|
|
|
nis (ypbind and ypserv)
|
|
|
|
ssh (server, client, and agent)
|
|
|
|
unconfined
|
|
|
|
- Added infrastructure for targeted policy support, only missing
|
|
|
|
transition boolean support.
|
2005-07-07 17:13:17 +00:00
|
|
|
|
2005-08-24 20:18:06 +00:00
|
|
|
* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
|
|
|
|
- Initial release
|