166 lines
7.0 KiB
Plaintext
166 lines
7.0 KiB
Plaintext
1.23.2 2005-03-14
|
|
* Merged diffs from Dan Walsh. Dan's patch includes Ivan Gyurdiev's
|
|
gift policy.
|
|
* Made sysadm_r the first role for root, so root's home will be labled
|
|
as sysadm_home_dir_t instead of staff_home_dir_t.
|
|
* Modified fs_use and Makefile to reflect jfs now supporting security
|
|
xattrs.
|
|
|
|
1.23.1 2005-03-10
|
|
* Merged diffs from Dan Walsh. Dan's patch includes Ivan
|
|
Gyurdiev's cleanup of homedir macros and more extensive use of
|
|
read_sysctl()
|
|
|
|
1.22 2005-03-09
|
|
* Updated version for release.
|
|
|
|
1.21 2005-02-24
|
|
* Added secure_file_type attribute from Dan Walsh
|
|
* Added access_terminal() macro from Ivan Gyurdiev
|
|
* Updated capability access vector for audit capabilities.
|
|
* Added mlsconvert Makefile target to help generate MLS policies
|
|
(see selinux-doc/README.MLS for instructions).
|
|
* Changed policy Makefile to still generate policy.18 as well,
|
|
and use it for make load if the kernel doesn't support 19.
|
|
* Merged enhanced MLS support from Darrel Goeddel (TCS).
|
|
* Merged diffs from Dan Walsh, Russell Coker, and Greg Norris.
|
|
* Merged man pages from Dan Walsh.
|
|
|
|
1.20 2005-01-04
|
|
* Merged diffs from Dan Walsh, Russell Coker, Thomas Bleher, and
|
|
Petre Rodan.
|
|
* Merged can_create() macro used for file_type_{,auto_}trans()
|
|
from Thomas Bleher.
|
|
* Merged dante and stunnel policy by Petre Rodan.
|
|
* Merged $1_file_type attribute from Thomas Bleher.
|
|
* Merged network_macros from Dan Walsh.
|
|
|
|
1.18 2004-10-25
|
|
* Merged diffs from Russell Coker and Dan Walsh.
|
|
* Merged mkflask and mkaccess_vector patches from Ulrich Drepper.
|
|
* Added reserved_port_t type and portcon entries to map all other
|
|
reserved ports to this type.
|
|
* Added distro_ prefix to distro tunables to avoid conflicts.
|
|
* Merged diffs from Russell Coker.
|
|
|
|
1.16 2004-08-16
|
|
* Added nscd definitions.
|
|
* Converted many tunables to policy booleans.
|
|
* Added crontab permission.
|
|
* Merged diffs from Dan Walsh.
|
|
This included diffs from Thomas Bleher, Russell Coker, and Colin Walters as well.
|
|
* Merged diffs from Russell Coker.
|
|
* Adjusted constraints for crond restart.
|
|
* Merged dbus/userspace object manager policy from Colin Walters.
|
|
* Merged dbus definitions from Matthew Rickard.
|
|
* Merged dnsmasq policy from Greg Norris.
|
|
* Merged gpg-agent policy from Thomas Bleher.
|
|
|
|
1.14 2004-06-28
|
|
* Removed vmware-config.pl from vmware.fc.
|
|
* Added crond entry to root_default_contexts.
|
|
* Merged patch from Dan Walsh.
|
|
* Merged mdadm and postfix changes from Colin Walters.
|
|
* Merged reiserfs and rpm changes from Russell Coker.
|
|
* Merged runaway .* glob fix from Valdis Kletnieks.
|
|
* Merged diff from Dan Walsh.
|
|
* Merged fine-grained netlink classes and permissions.
|
|
* Merged changes for new /etc/selinux layout.
|
|
* Changed mkaccess_vector.sh to provide stable order.
|
|
* Merged diff from Dan Walsh.
|
|
* Fix restorecon path in restorecon.fc.
|
|
* Merged pax class and access vector definition from Joshua Brindle.
|
|
|
|
1.12 2004-05-12
|
|
* Added targeted policy.
|
|
* Merged atd/at into crond/crontab domains.
|
|
* Exclude bind mounts from relabeling to avoid aliasing.
|
|
* Removed some obsolete types and remapped their initial SIDs to unlabeled.
|
|
* Added SE-X related security classes and policy framework.
|
|
* Added devnull initial SID and context.
|
|
* Merged diffs from Fedora policy.
|
|
|
|
1.10 2004-04-07
|
|
* Merged ipv6 support from James Morris of RedHat.
|
|
* Merged policy diffs from Dan Walsh.
|
|
* Updated call to genhomedircon to reflect new usage.
|
|
* Merged policy diffs from Dan Walsh and Russell Coker.
|
|
* Removed config-users and config-services per Dan's request.
|
|
|
|
1.8 2004-03-09
|
|
* Merged genhomedircon patch from Karl MacMillan of Tresys.
|
|
* Added restorecon domain.
|
|
* Added unconfined_domain macro.
|
|
* Added default_t for /.* file_contexts entry and replaced some
|
|
uses of file_t with default_t in the policy.
|
|
* Added su_restricted_domain() macro and use it for initrc_t.
|
|
* Merged policy diffs from Dan Walsh and Russell Coker.
|
|
These included a merge of an earlier patch by Chris PeBenito
|
|
to rename the etc types to be consistent with other types.
|
|
|
|
1.6 2004-02-18
|
|
* Merged xfs support from Chris PeBenito.
|
|
* Merged conditional rules for ping.te.
|
|
* Defined setbool permission, added can_setbool macro.
|
|
* Partial network policy cleanup.
|
|
* Merged with Russell Coker's policy.
|
|
* Renamed netscape macro and domain to mozilla and renamed
|
|
ipchains domain to iptables for consistency with Russell.
|
|
* Merged rhgb macro and domain from Russell Coker.
|
|
* Merged tunable.te from Russell Coker.
|
|
Only define direct_sysadm_daemon by default in our copy.
|
|
* Added rootok permission to passwd class.
|
|
* Merged Makefile change from Dan Walsh to generate /home
|
|
file_contexts entries for staff users.
|
|
* Added automatic role and domain transitions for init scripts and
|
|
daemons. Added an optional third argument (nosysadm) to
|
|
daemon_domain to omit the direct transition from sysadm_r when
|
|
the same executable is also used as an application, in which
|
|
case the daemon must be restarted via the init script to obtain
|
|
the proper security context. Added system_r to the authorized roles
|
|
for admin users at least until support for automatic user identity
|
|
transitions exist so that a transition to system_u can be provided
|
|
transparently.
|
|
* Added support to su domain for using pam_selinux.
|
|
Added entries to default_contexts for the su domains to
|
|
provide reasonable defaults. Removed user_su_t.
|
|
* Tighten restriction on user identity and role transitions in constraints.
|
|
* Merged macro for newrole-like domains from Russell Coker.
|
|
* Merged stub dbusd domain from Russell Coker.
|
|
* Merged stub prelink domain from Dan Walsh.
|
|
* Merged updated userhelper and config tool domains from Dan Walsh.
|
|
* Added send_msg/recv_msg permissions to can_network macro.
|
|
* Merged patch by Chris PeBenito for sshd subsystems.
|
|
* Merged patch by Chris PeBenito for passing class to var_run_domain.
|
|
* Merged patch by Yuichi Nakamura for append_log_domain macros.
|
|
* Merged patch by Chris PeBenito for rpc_pipefs labeling.
|
|
* Merged patch by Colin Walters to apply m4 once so that
|
|
source file info is preserved for checkpolicy.
|
|
|
|
1.4 2003-12-01
|
|
* Merged patches from Russell Coker.
|
|
* Revised networking permissions.
|
|
* Added new node_bind permission.
|
|
* Added new siginh, rlimitinh, and setrlimit permissions.
|
|
* Added proc_t:file read permission for new is_selinux_enabled logic.
|
|
* Added failsafe_context configuration file to appconfig.
|
|
* Moved newrules.pl to policycoreutils, renamed to audit2allow.
|
|
* Merged newrules.pl patch from Yuichi Nakamura.
|
|
|
|
1.2 2003-09-30
|
|
* More policy merging with Russell Coker.
|
|
* Transferred newrules.pl script from the old SELinux.
|
|
* Merged MLS configuration patch from Karl MacMillan of Tresys.
|
|
* Limit staff_t to reading /proc entries for unpriv_userdomain.
|
|
* Updated Makefile and spec file to allow non-root builds,
|
|
based on patch by Paul Nasrat.
|
|
|
|
1.1 2003-08-13
|
|
* Merged Makefile check-all and te-includes patches from Colin Walters.
|
|
* Merged x-debian-packages.patch from Colin Walters.
|
|
* Folded read permission into domain_trans.
|
|
|
|
1.0 2003-07-11
|
|
* Initial public release.
|
|
|