|
|
a01dcf6 |
%if 0%{?fedora} > 12 || 0%{?rhel} > 6
|
|
|
fc28aa8 |
%global with_python3 1
|
|
|
a01dcf6 |
%else
|
|
|
a01dcf6 |
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}
|
|
|
a01dcf6 |
%endif
|
|
|
fc28aa8 |
|
|
|
f4a5c19 |
%define libsepolver 2.0.37-1
|
|
|
7fe322b |
%define libselinuxver 2.0.0-1
|
|
|
fc28aa8 |
|
|
|
4800db7 |
Summary: SELinux binary policy manipulation library
|
|
|
785fc2e |
Name: libsemanage
|
|
|
a01dcf6 |
Version: 2.0.46
|
|
|
a01dcf6 |
Release: 4%{?dist}
|
|
|
3296a8c |
License: LGPLv2+
|
|
|
4800db7 |
Group: System Environment/Libraries
|
|
|
4800db7 |
Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
|
|
|
e3e8d63 |
Patch: libsemanage-rhat.patch
|
|
|
9b8c9f0 |
URL: http://www.selinuxproject.org
|
|
|
0b6b0c9 |
Source1: semanage.conf
|
|
|
23614f8 |
|
|
|
212e1b7 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
c0c84ef |
BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel
|
|
|
786f3e5 |
BuildRequires: libsepol-devel >= %{libsepolver}
|
|
|
43a16b6 |
BuildRequires: python-devel bison flex bzip2-devel
|
|
|
fc28aa8 |
|
|
|
fc28aa8 |
%if 0%{?with_python3}
|
|
|
fc28aa8 |
BuildRequires: python3-devel
|
|
|
fc28aa8 |
%endif # if with_python3
|
|
|
fc28aa8 |
|
|
|
43a16b6 |
Requires: bzip2-libs
|
|
|
4800db7 |
|
|
|
4800db7 |
%description
|
|
|
9e67036 |
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
|
|
4800db7 |
of utilities with enhanced security functionality designed to add
|
|
|
4800db7 |
mandatory access controls to Linux. The Security-enhanced Linux
|
|
|
4800db7 |
kernel contains new architectural components originally developed to
|
|
|
4800db7 |
improve the security of the Flask operating system. These
|
|
|
4800db7 |
architectural components provide general support for the enforcement
|
|
|
4800db7 |
of many kinds of mandatory access control policies, including those
|
|
|
4800db7 |
based on the concepts of Type Enforcement®, Role-based Access
|
|
|
4800db7 |
Control, and Multi-level Security.
|
|
|
4800db7 |
|
|
|
4800db7 |
libsemanage provides an API for the manipulation of SELinux binary policies.
|
|
|
4800db7 |
It is used by checkpolicy (the policy compiler) and similar tools, as well
|
|
|
4800db7 |
as by programs like load_policy that need to perform specific transformations
|
|
|
4800db7 |
on binary policies such as customizing policy boolean settings.
|
|
|
4800db7 |
|
|
|
854b5d7 |
%package static
|
|
|
854b5d7 |
Summary: Static library used to build policy manipulation tools
|
|
|
854b5d7 |
Group: Development/Libraries
|
|
|
854b5d7 |
Requires: libsemanage-devel = %{version}-%{release}
|
|
|
854b5d7 |
|
|
|
854b5d7 |
%description static
|
|
|
854b5d7 |
The semanage-static package contains the static libraries
|
|
|
854b5d7 |
needed for developing applications that manipulate binary policies.
|
|
|
854b5d7 |
|
|
|
785fc2e |
%package devel
|
|
|
785fc2e |
Summary: Header files and libraries used to build policy manipulation tools
|
|
|
785fc2e |
Group: Development/Libraries
|
|
|
c0c84ef |
Requires: libsemanage = %{version}-%{release} ustr
|
|
|
785fc2e |
|
|
|
785fc2e |
%description devel
|
|
|
854b5d7 |
The semanage-devel package contains the libraries and header files
|
|
|
4800db7 |
needed for developing applications that manipulate binary policies.
|
|
|
4800db7 |
|
|
|
dd1def2 |
%package python
|
|
|
dd1def2 |
Summary: semanage python bindings for libsemanage
|
|
|
dd1def2 |
Group: Development/Libraries
|
|
|
dd1def2 |
Requires: libsemanage = %{version}-%{release}
|
|
|
dd1def2 |
|
|
|
dd1def2 |
%description python
|
|
|
dd1def2 |
The libsemanage-python package contains the python bindings for developing
|
|
|
dd1def2 |
SELinux management applications.
|
|
|
dd1def2 |
|
|
|
fc28aa8 |
%if 0%{?with_python3}
|
|
|
fc28aa8 |
%package python3
|
|
|
fc28aa8 |
Summary: semanage python 3 bindings for libsemanage
|
|
|
fc28aa8 |
Group: Development/Libraries
|
|
|
fc28aa8 |
Requires: libsemanage = %{version}-%{release}
|
|
|
fc28aa8 |
|
|
|
fc28aa8 |
%description python3
|
|
|
fc28aa8 |
The libsemanage-python3 package contains the python 3 bindings for developing
|
|
|
fc28aa8 |
SELinux management applications.
|
|
|
fc28aa8 |
%endif # if with_python3
|
|
|
fc28aa8 |
|
|
|
4800db7 |
%prep
|
|
|
785fc2e |
%setup -q
|
|
|
a01dcf6 |
%patch -p2 -b .rhat
|
|
|
4800db7 |
|
|
|
4800db7 |
%build
|
|
|
fc28aa8 |
# To support building the Python wrapper against multiple Python runtimes
|
|
|
fc28aa8 |
# Define a function, for how to perform a "build" of the python wrapper against
|
|
|
fc28aa8 |
# a specific runtime:
|
|
|
fc28aa8 |
BuildPythonWrapper() {
|
|
|
fc28aa8 |
BinaryName=$1
|
|
|
fc28aa8 |
Prefix=$2
|
|
|
a01dcf6 |
PyDsoSuffix=$3
|
|
|
a01dcf6 |
PyIncludeFlags=$4
|
|
|
a01dcf6 |
PyLdFlags=$5
|
|
|
fc28aa8 |
|
|
|
fc28aa8 |
# Perform the build from the upstream Makefile:
|
|
|
fc28aa8 |
make \
|
|
|
a01dcf6 |
PYTHON=$BinaryName \
|
|
|
a01dcf6 |
PYPREFIX=$Prefix \
|
|
|
a01dcf6 |
PY_DSO_SUFFIX=$PyDsoSuffix \
|
|
|
a01dcf6 |
PY_INCLUDE_FLAGS="$PyIncludeFlags" \
|
|
|
a01dcf6 |
PY_LD_FLAGS="$PyLdFlags" \
|
|
|
fc28aa8 |
CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" \
|
|
|
fc28aa8 |
pywrap
|
|
|
fc28aa8 |
}
|
|
|
fc28aa8 |
|
|
|
9993e32 |
make clean
|
|
|
65c9f70 |
make CFLAGS="%{optflags}" swigify
|
|
|
fc28aa8 |
make CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all
|
|
|
fc28aa8 |
|
|
|
a01dcf6 |
BuildPythonWrapper \
|
|
|
a01dcf6 |
%{__python} \
|
|
|
a01dcf6 |
python2 \
|
|
|
a01dcf6 |
.so \
|
|
|
a01dcf6 |
"$(python-config --includes)" \
|
|
|
a01dcf6 |
"$(python-config --libs)"
|
|
|
a01dcf6 |
|
|
|
fc28aa8 |
%if 0%{?with_python3}
|
|
|
a01dcf6 |
BuildPythonWrapper \
|
|
|
a01dcf6 |
%{__python3} \
|
|
|
a01dcf6 |
python3 \
|
|
|
a01dcf6 |
$(python3-config --extension-suffix) \
|
|
|
a01dcf6 |
"$(python3-config --includes)" \
|
|
|
a01dcf6 |
"$(python3-config --libs)"
|
|
|
fc28aa8 |
%endif # with_python3
|
|
|
4800db7 |
|
|
|
4800db7 |
%install
|
|
|
fc28aa8 |
InstallPythonWrapper() {
|
|
|
fc28aa8 |
BinaryName=$1
|
|
|
fc28aa8 |
Prefix=$2
|
|
|
a01dcf6 |
PyDsoSuffix=$3
|
|
|
a01dcf6 |
PyIncludeFlags=$4
|
|
|
a01dcf6 |
PyLdFlags=$5
|
|
|
fc28aa8 |
|
|
|
fc28aa8 |
make \
|
|
|
a01dcf6 |
PYTHON=$BinaryName \
|
|
|
a01dcf6 |
PYPREFIX=$Prefix \
|
|
|
a01dcf6 |
PY_DSO_SUFFIX=$PyDsoSuffix PY_INCLUDE_FLAGS=$PyIncludeFlags \
|
|
|
fc28aa8 |
DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" \
|
|
|
fc28aa8 |
install-pywrap
|
|
|
fc28aa8 |
}
|
|
|
fc28aa8 |
|
|
|
4800db7 |
rm -rf ${RPM_BUILD_ROOT}
|
|
|
4800db7 |
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
|
|
|
4800db7 |
mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
|
|
|
fc28aa8 |
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_libdir}" install
|
|
|
fc28aa8 |
|
|
|
a01dcf6 |
InstallPythonWrapper \
|
|
|
a01dcf6 |
%{__python} \
|
|
|
a01dcf6 |
python2 \
|
|
|
a01dcf6 |
.so \
|
|
|
a01dcf6 |
"$(python-config --includes)" \
|
|
|
a01dcf6 |
"$(python-config --libs)"
|
|
|
a01dcf6 |
|
|
|
fc28aa8 |
%if 0%{?with_python3}
|
|
|
a01dcf6 |
InstallPythonWrapper \
|
|
|
a01dcf6 |
%{__python3} \
|
|
|
a01dcf6 |
python3 \
|
|
|
a01dcf6 |
$(python3-config --extension-suffix) \
|
|
|
a01dcf6 |
"$(python3-config --includes)" \
|
|
|
a01dcf6 |
"$(python3-config --libs)"
|
|
|
fc28aa8 |
%endif # with_python3
|
|
|
a01dcf6 |
|
|
|
0b6b0c9 |
cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf
|
|
|
1088cc0 |
ln -sf %{_libdir}/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so
|
|
|
785fc2e |
|
|
|
4800db7 |
%clean
|
|
|
4800db7 |
rm -rf ${RPM_BUILD_ROOT}
|
|
|
4800db7 |
|
|
|
b609a6d |
%files
|
|
|
4800db7 |
%defattr(-,root,root)
|
|
|
76b34ef |
%config(noreplace) /etc/selinux/semanage.conf
|
|
|
8e01c2c |
/%{_libdir}/libsemanage.so.1
|
|
|
785fc2e |
|
|
|
785fc2e |
%post -p /sbin/ldconfig
|
|
|
785fc2e |
|
|
|
785fc2e |
%postun -p /sbin/ldconfig
|
|
|
785fc2e |
|
|
|
854b5d7 |
%files static
|
|
|
785fc2e |
%defattr(-,root,root)
|
|
|
4800db7 |
%{_libdir}/libsemanage.a
|
|
|
854b5d7 |
|
|
|
854b5d7 |
%files devel
|
|
|
854b5d7 |
%defattr(-,root,root)
|
|
|
cf2b1c2 |
%{_libdir}/libsemanage.so
|
|
|
372c07f |
%{_libdir}/pkgconfig/libsemanage.pc
|
|
|
8f1e8ed |
%dir %{_includedir}/semanage
|
|
|
4800db7 |
%{_includedir}/semanage/*.h
|
|
|
eddd487 |
%{_mandir}/man3/*
|
|
|
4800db7 |
|
|
|
dd1def2 |
%files python
|
|
|
4e0d31f |
%defattr(-,root,root)
|
|
|
fc28aa8 |
%{python_sitearch}/_semanage.so
|
|
|
fc28aa8 |
%{python_sitearch}/semanage.py*
|
|
|
fc28aa8 |
|
|
|
fc28aa8 |
%if 0%{?with_python3}
|
|
|
fc28aa8 |
%files python3
|
|
|
fc28aa8 |
%defattr(-,root,root)
|
|
|
a01dcf6 |
%{python3_sitearch}/_semanage.cpython-3?mu.so
|
|
|
fc28aa8 |
%{python3_sitearch}/semanage.py*
|
|
|
a01dcf6 |
%{python3_sitearch}/__pycache__/semanage*
|
|
|
fc28aa8 |
%endif # if with_python3
|
|
|
fc28aa8 |
|
|
|
dd1def2 |
|
|
|
4800db7 |
%changelog
|
|
|
a01dcf6 |
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.46-4
|
|
|
a01dcf6 |
- Add exception throwing to semanage python library on failures
|
|
|
a01dcf6 |
|
|
|
a01dcf6 |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.46-3
|
|
|
a01dcf6 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
a01dcf6 |
|
|
|
a01dcf6 |
* Thu Dec 30 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.46-2
|
|
|
a01dcf6 |
- big reworking of the support-multiple-python-builds patch to deal with
|
|
|
a01dcf6 |
PEP 3149: the latest Python 3.2 onwards uses include paths and library names
|
|
|
a01dcf6 |
that don't fit prior naming patterns, and so we must query python3-config for
|
|
|
a01dcf6 |
this information. To complicate things further, python 2's python-config
|
|
|
a01dcf6 |
doesn't understand all of the options needed ("--extension-suffix"). I've
|
|
|
a01dcf6 |
thus added new Makefile variables as needed, to be supplied by the specfile by
|
|
|
a01dcf6 |
invoking the appropriate config tool (or by hardcoding the old value for
|
|
|
a01dcf6 |
"--extension-suffix" i.e. ".so")
|
|
|
a01dcf6 |
- rework python3 manifest for PEP 3149, and rebuild for newer python3
|
|
|
a01dcf6 |
|
|
|
a01dcf6 |
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1
|
|
|
a01dcf6 |
- Update to upstream
|
|
|
a01dcf6 |
* Fix compliation under GCC 4.6 by Justin Mattock
|
|
|
a01dcf6 |
|
|
|
a01dcf6 |
* Wed Aug 25 2010 Thomas Spura <tomspur@fedoraproject.org> - 2.0.45-6
|
|
|
a01dcf6 |
- rebuild with python3.2
|
|
|
a01dcf6 |
http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html
|
|
|
a01dcf6 |
|
|
|
ced26f3 |
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-5
|
|
|
ced26f3 |
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
|
|
ced26f3 |
|
|
|
fc28aa8 |
* Tue Apr 27 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.45-4
|
|
|
fc28aa8 |
- add python3 subpackage
|
|
|
fc28aa8 |
|
|
|
1088cc0 |
* Wed Apr 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-3
|
|
|
1088cc0 |
- Fix -devel package to point at the correct shared library
|
|
|
1088cc0 |
|
|
|
8e01c2c |
* Fri Mar 26 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-2
|
|
|
8e01c2c |
- Move shared library to /usr/lib
|
|
|
8e01c2c |
|
|
|
0b6b0c9 |
* Mon Mar 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.45-1
|
|
|
0b6b0c9 |
- Update to upstream
|
|
|
0b6b0c9 |
* Add enable/disable patch support from Dan Walsh.
|
|
|
0b6b0c9 |
* Add usepasswd flag to semanage.conf to disable genhomedircon using
|
|
|
0b6b0c9 |
passwd from Dan Walsh.
|
|
|
0b6b0c9 |
* regenerate swig wrappers
|
|
|
0b6b0c9 |
|
|
|
0b6b0c9 |
* Thu Feb 25 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-2
|
|
|
0b6b0c9 |
- Allow disable of usepasswd
|
|
|
0b6b0c9 |
|
|
|
0b6b0c9 |
* Wed Feb 17 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.44-1
|
|
|
0b6b0c9 |
- Update to upstream
|
|
|
0b6b0c9 |
* Replace usage of fmemopen() with sepol_policy_file_set_mem() since
|
|
|
0b6b0c9 |
glibc < 2.9 does not support binary mode ('b') for fmemopen'd
|
|
|
0b6b0c9 |
streams.
|
|
|
0b6b0c9 |
|
|
|
4e0d31f |
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-4
|
|
|
4e0d31f |
- Cleanup spec file
|
|
|
4e0d31f |
|
|
|
854b5d7 |
* Mon Jan 18 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.43-3
|
|
|
854b5d7 |
- Splect libsemanage.a into a static subpackage to keep fedora packaging guidelines happy
|
|
|
854b5d7 |
|
|
|
bae6b41 |
* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-2
|
|
|
bae6b41 |
- Rebuild all c programs with -fPIC
|
|
|
bae6b41 |
|
|
|
ec76bdf |
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.43-1
|
|
|
ec76bdf |
- Update to upstream
|
|
|
4e0d31f |
* Move libsemanage.so to /usr/lib
|
|
|
4e0d31f |
* Add NAME lines to man pages from Manoj Srivastava<srivasta@debian.org>
|
|
|
ec76bdf |
|
|
|
71c0c5e |
* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.42-1
|
|
|
71c0c5e |
- Update to upstream
|
|
|
4e0d31f |
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
|
|
|
71c0c5e |
|
|
|
5111246 |
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.41-1
|
|
|
5111246 |
- Update to upstream
|
|
|
4e0d31f |
* Add pkgconfig file from Eamon Walsh.
|
|
|
4e0d31f |
* Add semanage_set_check_contexts() function to disable calling
|
|
|
4e0d31f |
setfiles
|
|
|
5111246 |
|
|
|
f8b7dc8 |
* Mon Sep 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.39-1
|
|
|
f8b7dc8 |
- Update to upstream
|
|
|
4e0d31f |
* make swigify
|
|
|
f8b7dc8 |
|
|
|
b1238c4 |
* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-2
|
|
|
b1238c4 |
- Dont relabel /root with genhomedircon
|
|
|
b1238c4 |
|
|
|
b055669 |
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.38-1
|
|
|
b055669 |
- Update to upstream
|
|
|
4e0d31f |
* Change semodule upgrade behavior to install even if the module
|
|
|
4e0d31f |
is not present from Dan Walsh.
|
|
|
4e0d31f |
* Make genhomedircon trim excess '/' from homedirs from Dan Walsh.
|
|
|
b055669 |
|
|
|
5aeb590 |
* Wed Sep 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.37-1
|
|
|
5aeb590 |
- Update to upstream
|
|
|
4e0d31f |
* Fix persistent dontaudit support to rebuild policy if the
|
|
|
5aeb590 |
dontaudit state is changed from Chad Sellers.
|
|
|
5aeb590 |
- Move load_policy to /sbin
|
|
|
5aeb590 |
|
|
|
f6a1eaa |
* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-2
|
|
|
f6a1eaa |
- Add enable/disable modules
|
|
|
f6a1eaa |
|
|
|
f6a1eaa |
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.36-1
|
|
|
f6a1eaa |
- Update to upstream
|
|
|
4e0d31f |
* Changed bzip-blocksize=0 handling to support existing compressed
|
|
|
4e0d31f |
modules in the store.
|
|
|
f6a1eaa |
|
|
|
7313e2e |
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-2
|
|
|
7313e2e |
- Make sure /root is not used in genhomedircon
|
|
|
7313e2e |
|
|
|
168ea7c |
* Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1
|
|
|
4e0d31f |
* Revert hard linking of files between tmp/active/previous.
|
|
|
4e0d31f |
* Enable configuration of bzip behavior from Stephen Smalley.
|
|
|
4e0d31f |
bzip-blocksize=0 to disable compression and decompression support.
|
|
|
4e0d31f |
bzip-blocksize=1..9 to set the blocksize for compression.
|
|
|
4e0d31f |
bzip-small=true to reduce memory usage for decompression.
|
|
|
168ea7c |
|
|
|
6eb6423 |
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.33-3
|
|
|
6eb6423 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
6eb6423 |
|
|
|
1639efd |
* Fri Jul 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-2
|
|
|
1639efd |
- Put check for /root back into genhomedircon
|
|
|
1639efd |
|
|
|
f4a5c19 |
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.33-1
|
|
|
f4a5c19 |
- Update to upstream
|
|
|
f4a5c19 |
|
|
|
3652b31 |
* Mon Jun 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.32-1
|
|
|
3652b31 |
- Update to upstream
|
|
|
4e0d31f |
* Ruby bindings from David Quigley.
|
|
|
3652b31 |
|
|
|
713ea52 |
* Thu Apr 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-5
|
|
|
713ea52 |
- Return error on invalid file
|
|
|
713ea52 |
|
|
|
9b8c9f0 |
* Wed Mar 11 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-4
|
|
|
9b8c9f0 |
- Fix typo
|
|
|
9b8c9f0 |
|
|
|
13cd6ad |
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.31-3
|
|
|
13cd6ad |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
13cd6ad |
|
|
|
dd8fa00 |
* Thu Jan 15 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-2
|
|
|
dd8fa00 |
- Fix link to only link on sandbox
|
|
|
dd8fa00 |
|
|
|
cee6603 |
* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.31-1
|
|
|
cee6603 |
- Update to upstream
|
|
|
4e0d31f |
* Policy module compression (bzip) support from Dan Walsh.
|
|
|
4e0d31f |
* Hard link files between tmp/active/previous from Dan Walsh.
|
|
|
cee6603 |
|
|
|
25dcff4 |
* Mon Jan 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.30-3
|
|
|
25dcff4 |
- Fix up patch to get it upstreamed
|
|
|
25dcff4 |
|
|
|
26c9056 |
* Thu Dec 04 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.30-2
|
|
|
26c9056 |
- Rebuild for Python 2.6
|
|
|
26c9056 |
|
|
|
81984aa |
* Thu Dec 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1
|
|
|
4e0d31f |
* Add semanage_mls_enabled() interface from Stephen Smalley.
|
|
|
1990483 |
|
|
|
ee2fde0 |
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.29-2
|
|
|
ee2fde0 |
- Rebuild for Python 2.6
|
|
|
ee2fde0 |
|
|
|
ab25b0b |
* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1
|
|
|
ab25b0b |
- Update to upstream
|
|
|
4e0d31f |
* Add USER to lines to homedir_template context file from Chris PeBenito.
|
|
|
ab25b0b |
|
|
|
688b1ed |
* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-2
|
|
|
688b1ed |
- Add compression support
|
|
|
688b1ed |
|
|
|
be97850 |
* Mon Sep 15 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.28-1
|
|
|
be97850 |
- Update to upstream
|
|
|
4e0d31f |
* allow fcontext and seuser changes without rebuilding the policy from Dan Walsh
|
|
|
be97850 |
|
|
|
ead711e |
* Wed Sep 10 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-3
|
|
|
ead711e |
- Additional fixes for Don't rebuild on fcontext or seuser modifications
|
|
|
ead711e |
|
|
|
ead711e |
* Tue Sep 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-2
|
|
|
5142c61 |
- Don't rebuild on fcontext or seuser modifications
|
|
|
5142c61 |
|
|
|
8bffda7 |
* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.27-1
|
|
|
8bffda7 |
- Update to upstream
|
|
|
4e0d31f |
* Modify genhomedircon to skip groupname entries.
|
|
|
4e0d31f |
Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the groupname syntax.
|
|
|
8bffda7 |
|
|
|
feb8552 |
* Wed Jul 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.26-1
|
|
|
feb8552 |
- Update to upstream
|
|
|
4e0d31f |
* Fix bug in genhomedircon fcontext matches logic from Dan Walsh.
|
|
|
4e0d31f |
Strip any trailing slash before appending /*$.
|
|
|
feb8552 |
|
|
|
e69414a |
* Thu Jun 17 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-3
|
|
|
e69414a |
- Another fix for genhomedircon
|
|
|
e69414a |
|
|
|
3296a8c |
* Wed May 28 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.25-2
|
|
|
3296a8c |
- fix license tag
|
|
|
3296a8c |
|
|
|
272f92a |
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.25-1
|
|
|
272f92a |
- Update to upstream
|
|
|
4e0d31f |
* Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
|
|
|
4e0d31f |
Fixes semanage boolean -D seg fault (bug 441379).
|
|
|
272f92a |
|
|
|
084654f |
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.24-1
|
|
|
084654f |
- Update to upstream
|
|
|
4e0d31f |
* make swigify
|
|
|
084654f |
|
|
|
ac914e4 |
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1
|
|
|
ac914e4 |
- Update to upstream
|
|
|
4e0d31f |
* Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller.
|
|
|
ac914e4 |
|
|
|
811753b |
* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
|
|
|
811753b |
- Update to upstream
|
|
|
4e0d31f |
* Free policydb before fork from Joshua Brindle.
|
|
|
4e0d31f |
* Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley.
|
|
|
811753b |
|
|
|
ade6fff |
* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.20-1
|
|
|
ade6fff |
- Update to upstream
|
|
|
4e0d31f |
* Use sepol_set_expand_consume_base to reduce peak memory usage when
|
|
|
4e0d31f |
using semodule
|
|
|
ade6fff |
|
|
|
2832956 |
* Fri Feb 1 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.19-1
|
|
|
2832956 |
- Update to upstream
|
|
|
4e0d31f |
* Fix genhomedircon to not override a file context with a homedir context from Todd Miller.
|
|
|
2832956 |
|
|
|
e2b1d21 |
* Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.18-1
|
|
|
e2b1d21 |
- Update to upstream
|
|
|
4e0d31f |
* Fix spurious out of memory error reports.
|
|
|
4e0d31f |
* Merged second version of fix for genhomedircon handling from Caleb Case.
|
|
|
e2b1d21 |
|
|
|
36d79c4 |
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.16-1
|
|
|
36d79c4 |
- Update to upstream
|
|
|
4e0d31f |
* Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case.
|
|
|
36d79c4 |
|
|
|
924325d |
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.15-2
|
|
|
924325d |
- Stop differentiating on user for homedir labeling
|
|
|
924325d |
|
|
|
1427637 |
* Thu Dec 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.15-1
|
|
|
1427637 |
- Update to upstream
|
|
|
4e0d31f |
* Fix genhomedircon handling of shells and missing user context template from Dan Walsh.
|
|
|
4e0d31f |
* Copy the store path in semanage_select_store from Dan Walsh.
|
|
|
1427637 |
- Add expand-check=0 to semanage.conf
|
|
|
1427637 |
|
|
|
f026dfb |
* Mon Dec 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-5
|
|
|
3d2cf39 |
- Fix handling of /etc/shells so genhomedircon will work
|
|
|
3d2cf39 |
|
|
|
e3e8d63 |
* Thu Nov 29 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-3
|
|
|
e3e8d63 |
- Allow semanage_genhomedircon to work with out a USER int homedir.template
|
|
|
e3e8d63 |
|
|
|
e3e8d63 |
* Sat Nov 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
|
|
|
e3e8d63 |
- Fix semanage_select_store to allocate memory, fixes crash on invalid store
|
|
|
e3e8d63 |
|
|
|
58209b6 |
* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1
|
|
|
58209b6 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley.
|
|
|
4e0d31f |
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
|
|
|
58209b6 |
|
|
|
fbe2b73 |
* Fri Oct 5 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.12-1
|
|
|
fbe2b73 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* ustr cleanups from James Antill.
|
|
|
4e0d31f |
* Ensure that /root gets labeled even if using the default context from Dan Walsh.
|
|
|
fbe2b73 |
|
|
|
3ba23c8 |
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.11-1
|
|
|
3ba23c8 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh.
|
|
|
3ba23c8 |
|
|
|
3ba23c8 |
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-2
|
|
|
3ba23c8 |
- Fix sort order on generated homedir context
|
|
|
3ba23c8 |
|
|
|
add9ada |
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.10-1
|
|
|
add9ada |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Fix error checking on getpw*_r functions from Todd Miller.
|
|
|
4e0d31f |
* Make genhomedircon skip invalid homedir contexts from Todd Miller.
|
|
|
4e0d31f |
* Set default user and prefix from seusers from Dan Walsh.
|
|
|
4e0d31f |
* Add swigify Makefile target from Dan Walsh.
|
|
|
add9ada |
|
|
|
8bb5a23 |
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.9-1
|
|
|
8bb5a23 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
|
|
|
4e0d31f |
* Clear errno on non-fatal errors to avoid reporting them upon a
|
|
|
4e0d31f |
later error that does not set errno.
|
|
|
4e0d31f |
* Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley.
|
|
|
8bb5a23 |
|
|
|
8bb5a23 |
- Fix segfault in genhomedircon when using bad user names
|
|
|
8bb5a23 |
|
|
|
0971186 |
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-2
|
|
|
0971186 |
- Fix genhomedircon code to only generate valid context
|
|
|
0971186 |
- Fixes autorelabel problem
|
|
|
0971186 |
|
|
|
422f3b6 |
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.6-1
|
|
|
422f3b6 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Change to use getpw* function calls to the _r versions from Todd Miller.
|
|
|
422f3b6 |
|
|
|
8f8294e |
* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.5-1
|
|
|
8f8294e |
- Upgrade to latest from NSA
|
|
|
8f8294e |
|
|
|
cf2b1c2 |
* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.4-1
|
|
|
cf2b1c2 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Allow dontaudits to be turned off via semanage interface when
|
|
|
4e0d31f |
updating policy
|
|
|
cf2b1c2 |
|
|
|
6da4db8 |
* Sat Aug 11 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-5
|
|
|
6da4db8 |
- Add ability to load a policy without dontaudit rules
|
|
|
6da4db8 |
-
|
|
|
6da4db8 |
|
|
|
65c9f70 |
* Tue Jun 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-4
|
|
|
65c9f70 |
- Rebuild to fix segfault on x86 platforms, swigify on each build
|
|
|
65c9f70 |
|
|
|
d49d036 |
* Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-3
|
|
|
d49d036 |
- Rebuild for rawhide
|
|
|
d49d036 |
|
|
|
212e1b7 |
* Thu May 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-2
|
|
|
212e1b7 |
- Apply patch to fix dependencies in spec file from Robert Scheck
|
|
|
212e1b7 |
|
|
|
3e627b0 |
* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.3-1
|
|
|
3e627b0 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Fix to libsemanage man patches so whatis will work better from Dan Walsh
|
|
|
3e627b0 |
|
|
|
b8748b2 |
* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.2-1
|
|
|
b8748b2 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged optimizations from Stephen Smalley.
|
|
|
4e0d31f |
- do not set all booleans upon commit, only those whose values have changed
|
|
|
4e0d31f |
- only install the sandbox upon commit if something was rebuilt
|
|
|
b8748b2 |
|
|
|
eea9396 |
* Sat Mar 17 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-2
|
|
|
eea9396 |
- Add SELinux to Man page Names so man -k will work
|
|
|
eea9396 |
|
|
|
c52428e |
* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.1-1
|
|
|
4e0d31f |
* Merged dbase_file_flush patch from Dan Walsh.
|
|
|
4e0d31f |
This removes any mention of specific tools (e.g. semanage)
|
|
|
4e0d31f |
from the comment header of the auto-generated files,
|
|
|
4e0d31f |
since there are multiple front-end tools.
|
|
|
c52428e |
|
|
|
7fe322b |
* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.0-1
|
|
|
7fe322b |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged Makefile test target patch from Caleb Case.
|
|
|
4e0d31f |
* Merged get_commit_number function rename patch from Caleb Case.
|
|
|
4e0d31f |
* Merged strnlen -> strlen patch from Todd Miller.
|
|
|
7fe322b |
|
|
|
6456c7a |
* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.10.1-1
|
|
|
4b215a5 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged python binding fix from Dan Walsh.
|
|
|
4e0d31f |
* Updated version for stable branch.
|
|
|
4b215a5 |
|
|
|
b91d944 |
* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.2-1
|
|
|
b91d944 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged patch to optionally reduce disk usage by removing
|
|
|
4e0d31f |
the backup module store and linked policy from Karl MacMillan
|
|
|
4e0d31f |
* Merged patch to correctly propagate return values in libsemanage
|
|
|
b91d944 |
|
|
|
7ccc8bd |
* Fri Dec 22 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-3
|
|
|
7ccc8bd |
- Apply Karl MacMillan patch to get proper error codes.
|
|
|
7ccc8bd |
|
|
|
bc624cc |
* Thu Dec 7 2006 Jeremy Katz <katzj@redhat.com> - 1.9.1-2
|
|
|
bc624cc |
- rebuild against python 2.5
|
|
|
bc624cc |
|
|
|
6429e69 |
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> - 1.9.1-1
|
|
|
6429e69 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged patch to compile wit -fPIC instead of -fpic from
|
|
|
4e0d31f |
Manoj Srivastava to prevent hitting the global offest table
|
|
|
4e0d31f |
limit. Patch changed to include libselinux and libsemanage in
|
|
|
4e0d31f |
addition to libsepol.
|
|
|
6429e69 |
|
|
|
003cc65 |
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.8-1
|
|
|
003cc65 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Updated version for release.
|
|
|
a6f3313 |
|
|
|
37c60b3 |
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.17-1
|
|
|
37c60b3 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged patch to skip reload if no active store exists and
|
|
|
4e0d31f |
the store path doesn't match the active store path from Dan Walsh.
|
|
|
4e0d31f |
* Merged patch to not destroy sepol handle on error path of
|
|
|
4e0d31f |
connect from James Athey.
|
|
|
4e0d31f |
* Merged patch to add genhomedircon path to semanage.conf from
|
|
|
4e0d31f |
James Athey.
|
|
|
37c60b3 |
|
|
|
77e41c7 |
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-3
|
|
|
77e41c7 |
- Fix semanage to not load if is not the correct policy type and it is installing
|
|
|
77e41c7 |
|
|
|
da97666 |
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-2
|
|
|
da97666 |
- Fix requires lines
|
|
|
da97666 |
|
|
|
b1567cf |
* Wed Aug 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.16-1
|
|
|
b1567cf |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Make most copy errors fatal, but allow exceptions for
|
|
|
4e0d31f |
file_contexts.local, seusers, and netfilter_contexts if
|
|
|
4e0d31f |
the source file does not exist in the store.
|
|
|
b1567cf |
|
|
|
a6f3313 |
* Sat Aug 12 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.15-1
|
|
|
a6f3313 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged separate local file contexts patch from Chris PeBenito.
|
|
|
4e0d31f |
* Merged patch to make most copy errors non-fatal from Dan Walsh.
|
|
|
a6f3313 |
|
|
|
df4486c |
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-3
|
|
|
df4486c |
- Change other updates to be non-fatal
|
|
|
df4486c |
|
|
|
6ba7395 |
* Wed Aug 9 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-2
|
|
|
6ba7395 |
- Change netfilter stuff to be non-fatal so update can proceed.
|
|
|
6ba7395 |
|
|
|
c102f81 |
* Thu Aug 3 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.13-1
|
|
|
c102f81 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged netfilter contexts support from Chris PeBenito.
|
|
|
c102f81 |
|
|
|
af95fdb |
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.12-2
|
|
|
af95fdb |
- Rebuild for new gcc
|
|
|
af95fdb |
|
|
|
b4bff1f |
* Tue Jul 11 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.12-1
|
|
|
b4bff1f |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged support for read operations on read-only fs from
|
|
|
4e0d31f |
Caleb Case (Tresys Technology).
|
|
|
b4bff1f |
|
|
|
43f2cfd |
* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.11-1
|
|
|
43f2cfd |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Lindent.
|
|
|
4e0d31f |
* Merged setfiles location check patch from Dan Walsh.
|
|
|
43f2cfd |
|
|
|
1c63c08 |
* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.9-1
|
|
|
1c63c08 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged several fixes from Serge Hallyn:
|
|
|
4e0d31f |
dbase_file_cache: deref of uninit data on error path.
|
|
|
4e0d31f |
dbase_policydb_cache: clear fp to avoid double fclose
|
|
|
4e0d31f |
semanage_fc_sort: destroy temp on error paths
|
|
|
1c63c08 |
|
|
|
786f3e5 |
* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.8-2
|
|
|
786f3e5 |
- Handle setfiles being in /sbin or /usr/sbin
|
|
|
786f3e5 |
|
|
|
25b23d0 |
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.8-1
|
|
|
25b23d0 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Updated default location for setfiles to /sbin to
|
|
|
4e0d31f |
match policycoreutils. This can also be adjusted via
|
|
|
4e0d31f |
semanage.conf using the syntax:
|
|
|
4e0d31f |
[setfiles]
|
|
|
4e0d31f |
path = /path/to/setfiles
|
|
|
4e0d31f |
args = -q -c $@ $<
|
|
|
4e0d31f |
[end]
|
|
|
25b23d0 |
|
|
|
8f1e8ed |
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-3
|
|
|
8f1e8ed |
- Spec file cleanup from n0dalus+redhat@gmail.com
|
|
|
8f1e8ed |
|
|
|
8f1e8ed |
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-2
|
|
|
8f1e8ed |
- Add /usr/include/semanage to spec file
|
|
|
8f1e8ed |
|
|
|
5b53b9a |
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.7-1
|
|
|
5b53b9a |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged fix warnings patch from Karl MacMillan.
|
|
|
5b53b9a |
|
|
|
96b801b |
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.6-1
|
|
|
9b0bb20 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged updated file context sorting patch from Christopher
|
|
|
4e0d31f |
Ashworth, with bug fix for escaped character flag.
|
|
|
4e0d31f |
* Merged file context sorting code from Christopher Ashworth
|
|
|
4e0d31f |
(Tresys Technology), based on fc_sort.c code in refpolicy.
|
|
|
4e0d31f |
* Merged python binding t_output_helper removal patch from Dan Walsh.
|
|
|
4e0d31f |
* Regenerated swig files.
|
|
|
9b0bb20 |
|
|
|
9b0bb20 |
* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.3-1
|
|
|
9b0bb20 |
- Fix to work with new version of swig
|
|
|
9b0bb20 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged corrected fix for descriptor leak from Dan Walsh.
|
|
|
9b0bb20 |
|
|
|
a247f45 |
* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.2-2
|
|
|
a247f45 |
- Fix leaky descriptor
|
|
|
a247f45 |
|
|
|
a247f45 |
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> - 1.6.2-1
|
|
|
60ab106 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
|
|
|
4e0d31f |
* Merged man page reorganization from Ivan Gyurdiev.
|
|
|
60ab106 |
|
|
|
5b53b9a |
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.6-1
|
|
|
aa0c632 |
- Make work on RHEL4
|
|
|
aa0c632 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged abort early on merge errors patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Cleaned up error handling in semanage_split_fc based on a patch
|
|
|
4e0d31f |
by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged MLS handling fixes from Ivan Gyurdiev.
|
|
|
aa0c632 |
|
|
|
5a4115f |
* Fri Feb 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.28-1
|
|
|
5a4115f |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged bug fix for fcontext validate handler from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged base_merge_components changes from Ivan Gyurdiev.
|
|
|
5a4115f |
|
|
|
95d8014 |
* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.26-1
|
|
|
95d8014 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged paths array patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged bug fix patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged improve bindings patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged use PyList patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged memory leak fix patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged nodecon support patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged cleanups patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged split swig patch from Ivan Gyurdiev.
|
|
|
95d8014 |
|
|
|
5cdd750 |
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.23-1
|
|
|
5cdd750 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged optionals in base patch from Joshua Brindle.
|
|
|
4e0d31f |
* Merged treat seusers/users_extra as optional sections patch from
|
|
|
4e0d31f |
Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged parse_optional fixes from Ivan Gyurdiev.
|
|
|
5cdd750 |
|
|
|
bdc5c50 |
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.5.21-2.1
|
|
|
bdc5c50 |
- bump again for double-long bug on ppc(64)
|
|
|
bdc5c50 |
|
|
|
437a167 |
* Fri Feb 10 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.21-2
|
|
|
437a167 |
- Fix handling of seusers and users_map file
|
|
|
437a167 |
|
|
|
437a167 |
* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> - 1.5.21-1
|
|
|
b406948 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged seuser/user_extra support patch from Joshua Brindle.
|
|
|
4e0d31f |
* Merged remote system dbase patch from Ivan Gyurdiev.
|
|
|
b406948 |
|
|
|
7e12efe |
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.5.20-1.1
|
|
|
7e12efe |
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
7e12efe |
|
|
|
c77fc83 |
* Thu Feb 2 2006 Dan Walsh <dwalsh@redhat.com> 1.5.20-1
|
|
|
c77fc83 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged clone record on set_con patch from Ivan Gyurdiev.
|
|
|
c77fc83 |
|
|
|
9d3d831 |
* Mon Jan 30 2006 Dan Walsh <dwalsh@redhat.com> 1.5.19-1
|
|
|
9d3d831 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged fname parameter patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged more size_t -> unsigned int fixes from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged seusers.system patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
|
|
|
9d3d831 |
|
|
|
2d7ec48 |
* Fri Jan 27 2006 Dan Walsh <dwalsh@redhat.com> 1.5.18-1
|
|
|
2d7ec48 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged seuser -> seuser_local rename patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged set_create_store, access_check, and is_connected interfaces
|
|
|
4e0d31f |
from Joshua Brindle.
|
|
|
2d7ec48 |
|
|
|
659f45d |
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.16-1
|
|
|
659f45d |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Regenerate python wrappers.
|
|
|
659f45d |
|
|
|
42ed049 |
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.15-1
|
|
|
42ed049 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged pywrap Makefile diff from Dan Walsh.
|
|
|
4e0d31f |
* Merged cache management patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged bugfix for dbase_llist_clear from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged remove apply_local function patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged only do read locking in direct case patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged cache error path memory leak fix from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged auto-generated file header patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged pywrap test update from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged hidden defs update from Ivan Gyurdiev.
|
|
|
42ed049 |
|
|
|
cef3ae1 |
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.14-2
|
|
|
cef3ae1 |
- Break out python out of regular Makefile
|
|
|
cef3ae1 |
|
|
|
c3f6b70 |
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.5.14-1
|
|
|
c3f6b70 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged disallow port overlap patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged join prereq and implementation patches from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged join user extra data part 2 patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged bugfix patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged user extra data part 1 patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged calloc check in semanage_store patch from Ivan Gyurdiev,
|
|
|
4e0d31f |
bug noticed by Steve Grubb.
|
|
|
4e0d31f |
* Merged cleanups after add/set removal patch from Ivan Gyurdiev.
|
|
|
c3f6b70 |
|
|
|
d70e174 |
* Fri Jan 7 2006 Dan Walsh <dwalsh@redhat.com> 1.5.9-1
|
|
|
d70e174 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged const in APIs patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged validation of local file contexts patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged compare2 function patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged hidden def/proto update patch from Ivan Gyurdiev.
|
|
|
d70e174 |
|
|
|
f12cd09 |
* Thu Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.8-1
|
|
|
f12cd09 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Re-applied string and file optimization patch from Russell Coker,
|
|
|
4e0d31f |
with bug fix.
|
|
|
4e0d31f |
* Reverted string and file optimization patch from Russell Coker.
|
|
|
4e0d31f |
* Clarified error messages from parse_module_headers and
|
|
|
4e0d31f |
parse_base_headers for base/module mismatches.
|
|
|
f12cd09 |
|
|
|
bcfb02b |
* Thu Jan 6 2006 Dan Walsh <dwalsh@redhat.com> 1.5.6-1
|
|
|
bcfb02b |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Clarified error messages from parse_module_headers and
|
|
|
4e0d31f |
parse_base_headers for base/module mismatches.
|
|
|
4e0d31f |
* Merged string and file optimization patch from Russell Coker.
|
|
|
4e0d31f |
* Merged swig header reordering patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged toggle modify on add patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged ports parser bugfix patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged fcontext swig patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged man pages for dbase functions patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged pywrap tests patch from Ivan Gyurdiev.
|
|
|
bcfb02b |
|
|
|
bcfb02b |
* Wed Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-2
|
|
|
bcfb02b |
- Patch to fix add
|
|
|
bcfb02b |
|
|
|
112859c |
* Wed Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.5.4-1
|
|
|
112859c |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged patch series from Ivan Gyurdiev.
|
|
|
4e0d31f |
This includes patches to:
|
|
|
4e0d31f |
- separate file rw code from linked list
|
|
|
4e0d31f |
- annotate objects
|
|
|
4e0d31f |
- fold together internal headers
|
|
|
4e0d31f |
- support ordering of records in compare function
|
|
|
4e0d31f |
- add active dbase backend, active booleans
|
|
|
4e0d31f |
- return commit numbers for ro database calls
|
|
|
4e0d31f |
- use modified flags to skip rebuild whenever possible
|
|
|
4e0d31f |
- enable port interfaces
|
|
|
4e0d31f |
- update swig interfaces and typemaps
|
|
|
4e0d31f |
- add an API for file_contexts.local and file_contexts
|
|
|
4e0d31f |
- flip the traversal order in iterate/list
|
|
|
4e0d31f |
- reorganize sandbox_expand
|
|
|
4e0d31f |
- add seusers MLS validation
|
|
|
4e0d31f |
- improve dbase spec/documentation
|
|
|
4e0d31f |
- clone record on set/add/modify
|
|
|
112859c |
|
|
|
23614f8 |
* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-3
|
|
|
23614f8 |
- Add Ivans patch to turn on ports
|
|
|
23614f8 |
|
|
|
a151f78 |
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-2
|
|
|
a151f78 |
- Remove patch since upstream does the right thing
|
|
|
a151f78 |
|
|
|
c2b1e26 |
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-1
|
|
|
c2b1e26 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged further header cleanups from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged toggle modified flag in policydb_modify, fix memory leak
|
|
|
4e0d31f |
in clear_obsolete, polymorphism vs headers fix, and include guards
|
|
|
4e0d31f |
for internal headers patches from Ivan Gyurdiev.
|
|
|
c2b1e26 |
|
|
|
9993e32 |
* Tue Dec 13 2005 Dan Walsh <dwalsh@redhat.com> 1.5.1-2
|
|
|
9993e32 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged toggle modified flag in policydb_modify, fix memory leak
|
|
|
4e0d31f |
in clear_obsolete, polymorphism vs headers fix, and include guards
|
|
|
4e0d31f |
for internal headers patches from Ivan Gyurdiev.
|
|
|
9993e32 |
|
|
|
2b5b2a6 |
* Mon Dec 12 2005 Dan Walsh <dwalsh@redhat.com> 1.5.1-1
|
|
|
2b5b2a6 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Added file-mode= setting to semanage.conf, default to 0644.
|
|
|
4e0d31f |
Changed semanage_copy_file and callers to use this mode when
|
|
|
4e0d31f |
installing policy files to runtime locations.
|
|
|
2b5b2a6 |
|
|
|
522bb5c |
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
|
522bb5c |
- rebuilt
|
|
|
522bb5c |
|
|
|
c96070d |
* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.4-1
|
|
|
97de529 |
- Fix mode of output seusers file
|
|
|
97de529 |
|
|
|
d6123fe |
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.3.64-1
|
|
|
d6123fe |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Changed semanage_handle_create() to set do_reload based on
|
|
|
4e0d31f |
is_selinux_enabled(). This prevents improper attempts to
|
|
|
4e0d31f |
load policy on a non-SELinux system.
|
|
|
d6123fe |
|
|
|
d6123fe |
* Mon Dec 5 2005 Dan Walsh <dwalsh@redhat.com> 1.3.63-1
|
|
|
d6123fe |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Dropped handle from user_del_role interface.
|
|
|
4e0d31f |
* Removed defrole interfaces.
|
|
|
d6123fe |
|
|
|
ff57ee5 |
* Tue Nov 29 2005 Dan Walsh <dwalsh@redhat.com> 1.3.61-1
|
|
|
ff57ee5 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged Makefile python definitions patch from Dan Walsh.
|
|
|
4e0d31f |
* Removed is_selinux_mls_enabled() conditionals in seusers and users
|
|
|
4e0d31f |
file parsers.
|
|
|
ff57ee5 |
|
|
|
066e239 |
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.59-1
|
|
|
066e239 |
- Add additional swig objects
|
|
|
4e0d31f |
* Merged wrap char*** for user_get_roles patch from Joshua Brindle.
|
|
|
4e0d31f |
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged swig wrappers for modifying users and seusers from Joshua Brindle.
|
|
|
066e239 |
|
|
|
be0e043 |
* Wed Nov 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.56-2
|
|
|
be0e043 |
- Add additional swig objects
|
|
|
be0e043 |
|
|
|
ffe4d2b |
* Fri Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.3.56-1
|
|
|
ffe4d2b |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Fixed free->key_free bug.
|
|
|
4e0d31f |
* Merged clear obsolete patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged modified swigify patch from Dan Walsh
|
|
|
4e0d31f |
(original patch from Joshua Brindle).
|
|
|
4e0d31f |
* Merged move genhomedircon call patch from Chad Sellers.
|
|
|
ffe4d2b |
|
|
|
ab22837 |
* Mon Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-3
|
|
|
ab22837 |
- Add genhomedircon patch from Joshua Brindle
|
|
|
ab22837 |
|
|
|
a711440 |
* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-2
|
|
|
a711440 |
- Add swigify patch from Joshua Brindle
|
|
|
a711440 |
|
|
|
bb7c4a7 |
* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.3.53-1
|
|
|
bb7c4a7 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged move seuser validation patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged hidden declaration fixes from Ivan Gyurdiev,
|
|
|
4e0d31f |
with minor corrections.
|
|
|
bb7c4a7 |
|
|
|
0e20be8 |
* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.3.52-1
|
|
|
0e20be8 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged cleanup patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
This renames semanage_module_conn to semanage_direct_handle,
|
|
|
4e0d31f |
and moves sepol handle create/destroy into semanage handle
|
|
|
4e0d31f |
create/destroy to allow use even when disconnected (for the
|
|
|
4e0d31f |
record interfaces).
|
|
|
0e20be8 |
|
|
|
32ce509 |
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.51-1
|
|
|
32ce509 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Clear modules modified flag upon disconnect and commit.
|
|
|
32ce509 |
* Added tracking of module modifications and use it to
|
|
|
4e0d31f |
determine whether expand-time checks should be applied
|
|
|
4e0d31f |
on commit.
|
|
|
4e0d31f |
* Reverted semanage_set_reload_bools() interface.
|
|
|
32ce509 |
|
|
|
ef65cfd |
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.48-1
|
|
|
ef65cfd |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Disabled calls to port dbase for merge and commit and stubbed
|
|
|
4e0d31f |
out calls to sepol_port interfaces since they are not exported.
|
|
|
4e0d31f |
* Merged rename instead of copy patch from Joshua Brindle (Tresys).
|
|
|
4e0d31f |
* Added hidden_def/hidden_proto for exported symbols used within
|
|
|
4e0d31f |
libsemanage to eliminate relocations. Wrapped type definitions
|
|
|
4e0d31f |
in exported headers as needed to avoid conflicts. Added
|
|
|
4e0d31f |
src/context_internal.h and src/iface_internal.h.
|
|
|
4e0d31f |
* Added semanage_is_managed() interface to allow detection of whether
|
|
|
4e0d31f |
the policy is managed via libsemanage. This enables proper handling
|
|
|
4e0d31f |
in setsebool for non-managed systems.
|
|
|
4e0d31f |
* Merged semanage_set_reload_bools() interface from Ivan Gyurdiev,
|
|
|
4e0d31f |
to enable runtime control over preserving active boolean values
|
|
|
4e0d31f |
versus reloading their saved settings upon commit.
|
|
|
ef65cfd |
|
|
|
bfd9450 |
* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.43-1
|
|
|
bfd9450 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged seuser parser resync, dbase tracking and cleanup, strtol
|
|
|
4e0d31f |
bug, copyright, and assert space patches from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Added src/*_internal.h in preparation for other changes.
|
|
|
4e0d31f |
* Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
|
|
|
bfd9450 |
src/seusers.[hc].
|
|
|
bfd9450 |
|
|
|
bfd9450 |
|
|
|
f2d442c |
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.3.41-1
|
|
|
f2d442c |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged interface parse/print, context_to_string interface change,
|
|
|
4e0d31f |
move assert_noeof, and order preserving patches from Ivan Gyurdiev.
|
|
|
f2d442c |
* Added src/dso.h in preparation for other changes.
|
|
|
4e0d31f |
* Merged install seusers, handle/error messages, MLS parsing,
|
|
|
4e0d31f |
and seusers validation patches from Ivan Gyurdiev.
|
|
|
f2d442c |
|
|
|
62754d6 |
* Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.3.39-1
|
|
|
62754d6 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged record interface, dbase flush, common database code,
|
|
|
4e0d31f |
and record bugfix patches from Ivan Gyurdiev.
|
|
|
62754d6 |
|
|
|
24d6364 |
* Fri Oct 28 2005 Dan Walsh <dwalsh@redhat.com> 1.3.38-1
|
|
|
24d6364 |
- Upgrade to latest from NSA
|
|
|
4e0d31f |
* Merged dbase policydb list and count change from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged enable dbase and set relay patches from Ivan Gyurdiev.
|
|
|
24d6364 |
|
|
|
24d6364 |
* Thu Oct 27 2005 Dan Walsh <dwalsh@redhat.com> 1.3.36-1
|
|
|
24d6364 |
- Update from NSA
|
|
|
4e0d31f |
* Merged query APIs and dbase_file_set patches from Ivan Gyurdiev.
|
|
|
24d6364 |
|
|
|
24d6364 |
* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.3.35-1
|
|
|
24d6364 |
- Update from NSA
|
|
|
4e0d31f |
* Merged sepol handle passing, seusers support, and policydb cache
|
|
|
4e0d31f |
patches from Ivan Gyurdiev.
|
|
|
24d6364 |
|
|
|
35380af |
* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.3.34-1
|
|
|
35380af |
- Update from NSA
|
|
|
4e0d31f |
* Merged resync to sepol changes and booleans fixes/improvements
|
|
|
4e0d31f |
patches from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged support for genhomedircon/homedir template, store selection,
|
|
|
4e0d31f |
explicit policy reload, and semanage.conf relocation from Joshua
|
|
|
4e0d31f |
Brindle.
|
|
|
35380af |
|
|
|
ac43226 |
* Mon Oct 24 2005 Dan Walsh <dwalsh@redhat.com> 1.3.32-1
|
|
|
ac43226 |
- Update from NSA
|
|
|
4e0d31f |
* Merged resync to sepol changes and transaction fix patches from
|
|
|
4e0d31f |
Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged reorganize users patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged remove unused relay functions patch from Ivan Gyurdiev.
|
|
|
ac43226 |
|
|
|
bed7f30 |
* Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.30-1
|
|
|
bed7f30 |
- Update from NSA
|
|
|
4e0d31f |
* Fixed policy file leaks in semanage_load_module and
|
|
|
4e0d31f |
semanage_write_module.
|
|
|
4e0d31f |
* Merged further database work from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Fixed bug in semanage_direct_disconnect.
|
|
|
bed7f30 |
|
|
|
e4a5671 |
* Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.28-1
|
|
|
e4a5671 |
- Update from NSA
|
|
|
4e0d31f |
* Merged interface renaming patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged policy component patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Renamed 'check=' configuration value to 'expand-check=' for
|
|
|
4e0d31f |
clarity.
|
|
|
4e0d31f |
* Changed semanage_commit_sandbox to check for and report errors
|
|
|
4e0d31f |
on rename(2) calls performed during rollback.
|
|
|
4e0d31f |
* Added optional check= configuration value to semanage.conf
|
|
|
4e0d31f |
and updated call to sepol_expand_module to pass its value
|
|
|
4e0d31f |
to control assertion and hierarchy checking on module expansion.
|
|
|
4e0d31f |
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
e4a5671 |
|
|
|
e4a5671 |
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.24-1
|
|
|
31d6500 |
- Update from NSA
|
|
|
4e0d31f |
* Merged default database from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged removal of connect requirement in policydb backend from
|
|
|
4e0d31f |
Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged commit locking fix and lock rename from Joshua Brindle.
|
|
|
4e0d31f |
* Merged transaction rollback in lock patch from Joshua Brindle.
|
|
|
4e0d31f |
* Changed default args for load_policy to be null, as it no longer
|
|
|
4e0d31f |
takes a pathname argument and we want to preserve booleans.
|
|
|
4e0d31f |
* Merged move local dbase initialization patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Added calls to sepol_policy_file_set_handle interface prior
|
|
|
4e0d31f |
to invoking sepol operations on policy files.
|
|
|
4e0d31f |
* Updated call to sepol_policydb_from_image to pass the handle.
|
|
|
31d6500 |
|
|
|
31d6500 |
|
|
|
e4a5671 |
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
|
|
|
b18ef05 |
- Update from NSA
|
|
|
4e0d31f |
* Changed default args for load_policy to be null, as it no longer
|
|
|
4e0d31f |
takes a pathname argument and we want to preserve booleans.
|
|
|
4e0d31f |
* Merged move local dbase initialization patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged acquire/release read lock in databases patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Added calls to sepol_policy_file_set_handle interface prior
|
|
|
4e0d31f |
to invoking sepol operations on policy files.
|
|
|
4e0d31f |
* Updated call to sepol_policydb_from_image to pass the handle.
|
|
|
aac0cfd |
|
|
|
e4a5671 |
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.20-1
|
|
|
aac0cfd |
- Update from NSA
|
|
|
4e0d31f |
* Merged user and port APIs - policy database patch from Ivan
|
|
|
4e0d31f |
Gyurdiev.
|
|
|
4e0d31f |
* Converted calls to sepol link_packages and expand_module interfaces
|
|
|
4e0d31f |
from using buffers to using sepol handles for error reporting, and
|
|
|
4e0d31f |
changed direct_connect/disconnect to create/destroy sepol handles.
|
|
|
b18ef05 |
|
|
|
830a300 |
* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.3.18-1
|
|
|
830a300 |
- Update from NSA
|
|
|
4e0d31f |
* Merged bugfix patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged seuser database patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
Merged direct user/port databases to the handle from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Removed obsolete include/semanage/commit_api.h (leftover).
|
|
|
4e0d31f |
Merged seuser record patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged boolean and interface databases from Ivan Gyurdiev.
|
|
|
830a300 |
|
|
|
43db242 |
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.14-1
|
|
|
43db242 |
- Update from NSA
|
|
|
4e0d31f |
* Updated to use get interfaces for hidden sepol_module_package type.
|
|
|
4e0d31f |
* Changed semanage_expand_sandbox and semanage_install_active
|
|
|
4e0d31f |
to generate/install the latest policy version supported by libsepol
|
|
|
4e0d31f |
by default (unless overridden by semanage.conf), since libselinux
|
|
|
4e0d31f |
will now downgrade automatically for load_policy.
|
|
|
4e0d31f |
* Merged new callback-based error reporting system and ongoing
|
|
|
4e0d31f |
database work from Ivan Gyurdiev.
|
|
|
43db242 |
|
|
|
43db242 |
* Wed Oct 12 2005 Dan Walsh <dwalsh@redhat.com> 1.3.11-1
|
|
|
e479f60 |
- Update from NSA
|
|
|
4e0d31f |
* Fixed semanage_install_active() to use the same logic for
|
|
|
4e0d31f |
selecting a policy version as semanage_expand_sandbox(). Dropped
|
|
|
4e0d31f |
dead code from semanage_install_sandbox().
|
|
|
e479f60 |
|
|
|
3b90157 |
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.3.10-1
|
|
|
3b90157 |
- Update from NSA
|
|
|
4e0d31f |
* Updated for changes to libsepol, and to only use types and interfaces
|
|
|
4e0d31f |
provided by the shared libsepol.
|
|
|
3b90157 |
|
|
|
278e64a |
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.9-1
|
|
|
278e64a |
- Update from NSA
|
|
|
4e0d31f |
* Merged further database work from Ivan Gyurdiev.
|
|
|
278e64a |
|
|
|
8b0a28a |
* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.3.8-1
|
|
|
8b0a28a |
- Update from NSA
|
|
|
4e0d31f |
* Merged iterate, redistribute, and dbase split patches from
|
|
|
4e0d31f |
Ivan Gyurdiev.
|
|
|
8b0a28a |
|
|
|
b2247ee |
* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.3.7-1
|
|
|
b2247ee |
- Update from NSA
|
|
|
4e0d31f |
* Merged patch series from Ivan Gyurdiev.
|
|
|
4e0d31f |
(pointer typedef elimination, file renames, dbase work, backend
|
|
|
4e0d31f |
separation)
|
|
|
4e0d31f |
* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
|
|
|
4e0d31f |
* Separated handle create from connect interface.
|
|
|
4e0d31f |
* Added a constructor for initialization.
|
|
|
4e0d31f |
* Moved up src/include/*.h to src.
|
|
|
4e0d31f |
* Created a symbol map file; dropped dso.h and hidden markings.
|
|
|
b2247ee |
|
|
|
9e67036 |
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.3.5-1
|
|
|
9e67036 |
- Update from NSA
|
|
|
4e0d31f |
* Split interfaces from semanage.[hc] into handle.[hc], modules.[hc].
|
|
|
4e0d31f |
* Separated handle create from connect interface.
|
|
|
4e0d31f |
* Added a constructor for initialization.
|
|
|
4e0d31f |
* Moved up src/include/*.h to src.
|
|
|
4e0d31f |
* Created a symbol map file; dropped dso.h and hidden markings.
|
|
|
9e67036 |
|
|
|
f23f477 |
* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.3.4-1
|
|
|
f23f477 |
- Update from NSA
|
|
|
4e0d31f |
* Merged dbase redesign patch from Ivan Gyurdiev.
|
|
|
f23f477 |
|
|
|
bc7b8ad |
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.3.3-1
|
|
|
bc7b8ad |
- Update from NSA
|
|
|
4e0d31f |
* Merged boolean record, stub record handler, and status codes
|
|
|
4e0d31f |
patches from Ivan Gyurdiev.
|
|
|
bc7b8ad |
|
|
|
df7239b |
* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.3.2-1
|
|
|
df7239b |
- Update from NSA
|
|
|
4e0d31f |
* Merged stub iterator functionality from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged interface record patch from Ivan Gyurdiev.
|
|
|
df7239b |
|
|
|
25d2554 |
* Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.3.1-1
|
|
|
25d2554 |
- Update from NSA
|
|
|
4e0d31f |
* Merged stub functionality for managing user and port records,
|
|
|
4e0d31f |
and record table code from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Updated version for release.
|
|
|
25d2554 |
|
|
|
c05d7ad |
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.1.6-1
|
|
|
c05d7ad |
- Update from NSA
|
|
|
4e0d31f |
* Merged semod.conf template patch from Dan Walsh (Red Hat),
|
|
|
4e0d31f |
but restored location to /usr/share/semod/semod.conf.
|
|
|
4e0d31f |
* Fixed several bugs found by valgrind.
|
|
|
4e0d31f |
* Fixed bug in prior patch for the semod_build_module_list leak.
|
|
|
4e0d31f |
* Merged errno fix from Joshua Brindle (Tresys).
|
|
|
4e0d31f |
* Merged fix for semod_build_modules_list leak on error path
|
|
|
4e0d31f |
from Serge Hallyn (IBM). Bug found by Coverity.
|
|
|
c05d7ad |
|
|
|
c05d7ad |
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.1.3-1
|
|
|
d9ff1de |
- Update from NSA
|
|
|
4e0d31f |
* Merged errno fix from Joshua Brindle (Tresys).
|
|
|
4e0d31f |
* Merged fix for semod_build_modules_list leak on error path
|
|
|
4e0d31f |
from Serge Hallyn (IBM). Bug found by Coverity.
|
|
|
4e0d31f |
* Merged several fixes from Serge Hallyn (IBM). Bugs found by
|
|
|
4e0d31f |
Coverity.
|
|
|
4e0d31f |
* Fixed several other bugs and warnings.
|
|
|
4e0d31f |
* Merged patch to move module read/write code from libsemanage
|
|
|
4e0d31f |
to libsepol from Jason Tang (Tresys).
|
|
|
4e0d31f |
* Merged relay records patch from Ivan Gyurdiev.
|
|
|
4e0d31f |
* Merged key extract patch from Ivan Gyurdiev.
|
|
|
4800db7 |
|
|
|
4800db7 |
- Initial version
|
|
|
4800db7 |
- Created by Stephen Smalley <sds@epoch.ncsc.mil>
|
|
|
4800db7 |
|
|
|
4800db7 |
|