|
|
56a0f6a |
Summary: SELinux binary policy manipulation library
|
|
cvsdist |
88c9ead |
Name: libsepol
|
|
|
848ca5c |
Version: 2.0.35
|
|
|
a2f29b6 |
Release: 3%{?dist}
|
|
|
a2f29b6 |
License: LGPLv2+
|
|
cvsdist |
88c9ead |
Group: System Environment/Libraries
|
|
cvsdist |
88c9ead |
Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
|
|
|
d7175a2 |
URL: http://www.selinuxproject.org
|
|
|
bfb8873 |
|
|
|
d7175a2 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
%description
|
|
|
bfa19b4 |
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
|
cvsdist |
88c9ead |
of utilities with enhanced security functionality designed to add
|
|
cvsdist |
88c9ead |
mandatory access controls to Linux. The Security-enhanced Linux
|
|
cvsdist |
88c9ead |
kernel contains new architectural components originally developed to
|
|
cvsdist |
88c9ead |
improve the security of the Flask operating system. These
|
|
cvsdist |
88c9ead |
architectural components provide general support for the enforcement
|
|
cvsdist |
88c9ead |
of many kinds of mandatory access control policies, including those
|
|
cvsdist |
88c9ead |
based on the concepts of Type Enforcement®, Role-based Access
|
|
cvsdist |
88c9ead |
Control, and Multi-level Security.
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
libsepol provides an API for the manipulation of SELinux binary policies.
|
|
cvsdist |
88c9ead |
It is used by checkpolicy (the policy compiler) and similar tools, as well
|
|
cvsdist |
88c9ead |
as by programs like load_policy that need to perform specific transformations
|
|
cvsdist |
88c9ead |
on binary policies such as customizing policy boolean settings.
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
%package devel
|
|
cvsdist |
88c9ead |
Summary: Header files and libraries used to build policy manipulation tools
|
|
cvsdist |
88c9ead |
Group: Development/Libraries
|
|
|
2e432e5 |
Requires: %{name} = %{version}-%{release}
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
%description devel
|
|
|
0ab5c85 |
The libsepol-devel package contains the libraries and header files
|
|
|
0ab5c85 |
needed for developing applications that manipulate binary policies.
|
|
|
0ab5c85 |
|
|
|
0ab5c85 |
%package static
|
|
|
0ab5c85 |
Summary: static libraries used to build policy manipulation tools
|
|
|
0ab5c85 |
Group: Development/Libraries
|
|
|
0ab5c85 |
Requires: %{name}-devel = %{version}-%{release}
|
|
|
0ab5c85 |
|
|
|
0ab5c85 |
%description static
|
|
|
0ab5c85 |
The libsepol-static package contains the static libraries and header files
|
|
cvsdist |
88c9ead |
needed for developing applications that manipulate binary policies.
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
%prep
|
|
cvsdist |
88c9ead |
%setup -q
|
|
|
ae2ff08 |
# sparc64 is an -fPIC arch, so we need to fix it here
|
|
|
ae2ff08 |
%ifarch sparc64
|
|
|
ae2ff08 |
sed -i 's/fpic/fPIC/g' src/Makefile
|
|
|
ae2ff08 |
%endif
|
|
|
07cf4bd |
|
|
cvsdist |
88c9ead |
%build
|
|
|
cb69f78 |
make clean
|
|
|
0ab5c85 |
make %{?_smp_mflags} CFLAGS="%{optflags}"
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
%install
|
|
cvsdist |
88c9ead |
rm -rf ${RPM_BUILD_ROOT}
|
|
cvsdist |
88c9ead |
mkdir -p ${RPM_BUILD_ROOT}/%{_lib}
|
|
cvsdist |
88c9ead |
mkdir -p ${RPM_BUILD_ROOT}/%{_libdir}
|
|
cvsdist |
88c9ead |
mkdir -p ${RPM_BUILD_ROOT}%{_includedir}
|
|
cvsdist |
5ad5404 |
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
|
|
cvsdist |
5ad5404 |
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man3
|
|
cvsdist |
5ad5404 |
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
|
|
cvsdist |
88c9ead |
make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install
|
|
|
57d97af |
rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolbools
|
|
|
57d97af |
rm -f ${RPM_BUILD_ROOT}%{_bindir}/genpolusers
|
|
|
57d97af |
rm -f ${RPM_BUILD_ROOT}%{_bindir}/chkcon
|
|
|
414ccee |
rm -rf ${RPM_BUILD_ROOT}%{_mandir}/man8
|
|
|
2e432e5 |
|
|
cvsdist |
88c9ead |
%clean
|
|
cvsdist |
88c9ead |
rm -rf ${RPM_BUILD_ROOT}
|
|
cvsdist |
88c9ead |
|
|
|
21d06a6 |
%post
|
|
|
21d06a6 |
/sbin/ldconfig
|
|
|
9863116 |
[ -x /sbin/telinit ] && [ -p /dev/initctl ] && /sbin/telinit U
|
|
|
21d06a6 |
exit 0
|
|
cvsdist |
a25ddb6 |
|
|
cvsdist |
a25ddb6 |
%postun -p /sbin/ldconfig
|
|
cvsdist |
88c9ead |
|
|
|
0ab5c85 |
%files static
|
|
cvsdist |
88c9ead |
%defattr(-,root,root)
|
|
cvsdist |
88c9ead |
%{_libdir}/libsepol.a
|
|
|
0ab5c85 |
|
|
|
0ab5c85 |
%files devel
|
|
|
0ab5c85 |
%defattr(-,root,root)
|
|
cvsdist |
88c9ead |
%{_libdir}/libsepol.so
|
|
cvsdist |
88c9ead |
%{_includedir}/sepol/*.h
|
|
cvsdist |
5ad5404 |
%{_mandir}/man3/*.3.gz
|
|
|
6a90efc |
%dir %{_includedir}/sepol
|
|
|
3e3efa7 |
%dir %{_includedir}/sepol/policydb
|
|
|
6a90efc |
%{_includedir}/sepol/policydb/*.h
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
%files
|
|
cvsdist |
88c9ead |
%defattr(-,root,root)
|
|
cvsdist |
88c9ead |
/%{_lib}/libsepol.so.1
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
%changelog
|
|
|
a2f29b6 |
* Thu Mar 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.35-3
|
|
|
a2f29b6 |
- Fix license specification to be LGPL instead of GPL
|
|
|
a2f29b6 |
|
|
|
47d254b |
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.35-2
|
|
|
47d254b |
|
|
|
848ca5c |
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.35-1
|
|
|
848ca5c |
- Upgrade to latest from NSA
|
|
|
848ca5c |
* Fix alias field in module format, caused by boundary format change
|
|
|
848ca5c |
from Caleb Case.
|
|
|
848ca5c |
|
|
|
d13ce1e |
* Tue Oct 14 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-1
|
|
|
d13ce1e |
- Upgrade to latest from NSA
|
|
|
d13ce1e |
* Add bounds support from KaiGai Kohei.
|
|
|
d13ce1e |
* Fix invalid aliases bug from Joshua Brindle.
|
|
|
d13ce1e |
|
|
|
f25671b |
* Tue Sep 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.33-1
|
|
|
f25671b |
- Upgrade to latest from NSA
|
|
|
f25671b |
* Revert patch that removed expand_rule.
|
|
|
f25671b |
|
|
|
962484c |
* Mon Jul 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.32-1
|
|
|
962484c |
- Upgrade to latest from NSA
|
|
|
962484c |
* Allow require then declare in the source policy from Joshua Brindle.
|
|
|
962484c |
|
|
|
38eb295 |
* Sun Jun 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.31-1
|
|
|
38eb295 |
- Upgrade to latest from NSA
|
|
|
38eb295 |
* Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.
|
|
|
38eb295 |
|
|
|
d7c8588 |
* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.30-1
|
|
|
d7c8588 |
- Upgrade to latest from NSA
|
|
|
d7c8588 |
* Fix endianness bug in the handling of network node addresses from Stephen Smalley.
|
|
|
d7c8588 |
Only affects big endian platforms.
|
|
|
d7c8588 |
Bug reported by John Weeks of Sun upon policy mismatch between x86 and sparc.
|
|
|
d7c8588 |
|
|
|
0f84883 |
* Wed May 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.29-1
|
|
|
0f84883 |
- Upgrade to latest from NSA
|
|
|
0f84883 |
* Merge user and role mapping support from Joshua Brindle.
|
|
|
0f84883 |
|
|
|
5249d73 |
* Mon May 19 2008 Dan Walsh <dwalsh@redhat.com> 2.0.28-1
|
|
|
5249d73 |
- Upgrade to latest from NSA
|
|
|
5249d73 |
* Fix mls_level_convert() to gracefully handle an empty user declaration/require from Stephen Smalley.
|
|
|
5249d73 |
* Belatedly merge test for policy downgrade from Todd Miller.
|
|
|
5249d73 |
|
|
|
f21dcfb |
* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.26-1
|
|
|
f21dcfb |
- Upgrade to latest from NSA
|
|
|
f21dcfb |
* Add permissive domain support from Eric Paris.
|
|
|
f21dcfb |
|
|
|
c5d82f5 |
* Thu Mar 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.25-1
|
|
|
c5d82f5 |
- Upgrade to latest from NSA
|
|
|
c5d82f5 |
* Drop unused ->buffer field from struct policy_file.
|
|
|
c5d82f5 |
* Add policy_file_init() initalizer for struct policy_file and use it, from Todd C. Miller.
|
|
|
c5d82f5 |
|
|
|
c5d82f5 |
|
|
|
e6e6048 |
* Thu Feb 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.23-1
|
|
|
e6e6048 |
- Upgrade to latest from NSA
|
|
|
e6e6048 |
* Accept "Flask" as an alternate identifier string in kernel policies from Stephen Smalley.
|
|
|
e6e6048 |
* Add support for open_perms policy capability from Eric Paris.
|
|
|
e6e6048 |
|
|
|
c24f89b |
* Wed Feb 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.21-1
|
|
|
c24f89b |
- Upgrade to latest from NSA
|
|
|
c24f89b |
* Fix invalid memory allocation in policydb_index_others() from Jason Tang.
|
|
|
c24f89b |
|
|
|
d0df7f6 |
* Mon Feb 4 2008 Dan Walsh <dwalsh@redhat.com> 2.0.20-1
|
|
|
d0df7f6 |
- Upgrade to latest from NSA
|
|
|
d0df7f6 |
* Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the kernel avtab to libsepol from Stephen Smalley.
|
|
|
d0df7f6 |
|
|
|
0ca4a0a |
* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
|
|
|
0ca4a0a |
- Upgrade to latest from NSA
|
|
|
0ca4a0a |
* Add support for consuming avrule_blocks during expansion to reduce
|
|
|
0ca4a0a |
peak memory usage.
|
|
|
0ca4a0a |
|
|
|
0ab5c85 |
* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> 2.0.18-2
|
|
|
0ab5c85 |
- Fixed for spec review
|
|
|
0ab5c85 |
|
|
|
66f43a6 |
* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.18-1
|
|
|
66f43a6 |
- Upgrade to latest from NSA
|
|
|
66f43a6 |
* Added support for policy capabilities from Todd Miller.
|
|
|
66f43a6 |
* Prevent generation of policy.18 with MLS enabled from Todd Miller.
|
|
|
66f43a6 |
|
|
|
a98dcaf |
* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
|
|
|
a98dcaf |
- Upgrade to latest from NSA
|
|
|
a98dcaf |
* print module magic number in hex on mismatch, from Todd Miller.
|
|
|
a98dcaf |
|
|
|
f823e8b |
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.15-1
|
|
|
f823e8b |
- Upgrade to latest from NSA
|
|
|
f823e8b |
* clarify and reduce neverallow error reporting from Stephen Smalley.
|
|
|
f823e8b |
|
|
|
54e869d |
* Tue Nov 6 2007 Dan Walsh <dwalsh@redhat.com> 2.0.14-1
|
|
|
54e869d |
- Upgrade to latest from NSA
|
|
|
54e869d |
* Reject self aliasing at link time from Stephen Smalley.
|
|
|
54e869d |
* Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley.
|
|
|
54e869d |
* Fixed bug in require checking from Stephen Smalley.
|
|
|
54e869d |
* Added user hierarchy checking from Todd Miller.
|
|
|
54e869d |
|
|
|
cd3ee0b |
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.11-1
|
|
|
cd3ee0b |
* Pass CFLAGS to CC even on link command, per Dennis Gilmore.
|
|
|
cd3ee0b |
|
|
|
340f7ec |
* Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.10-1
|
|
|
340f7ec |
- Upgrade to latest from NSA
|
|
|
340f7ec |
* Merged support for the handle_unknown policydb flag from Eric Paris.
|
|
|
340f7ec |
|
|
|
e034fd1 |
* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-1
|
|
|
e034fd1 |
- Upgrade to latest from NSA
|
|
|
e034fd1 |
* Moved next_entry and put_entry out-of-line to reduce code size from Ulrich Drepper.
|
|
|
e034fd1 |
* Fixed module_package_read_offsets bug introduced by the prior patch.
|
|
|
e034fd1 |
|
|
|
b081493 |
* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-1
|
|
|
b081493 |
- Upgrade to latest from NSA
|
|
|
b081493 |
* Eliminate unaligned accesses from policy reading code from Stephen Smalley.
|
|
|
b081493 |
|
|
|
7a9ae4d |
* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-1
|
|
|
7a9ae4d |
- Upgrade to latest from NSA
|
|
|
7a9ae4d |
* Allow dontaudits to be turned off during policy expansion
|
|
|
7a9ae4d |
|
|
|
7a9ae4d |
|
|
|
58a8c31 |
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.5-1
|
|
|
58a8c31 |
- Upgrade to latest from NSA
|
|
|
58a8c31 |
* Fix sepol_context_clone to handle a NULL context correctly.
|
|
|
58a8c31 |
This happens for e.g. semanage_fcontext_set_con(sh, fcontext, NULL)
|
|
|
58a8c31 |
to set the file context entry to "<<none>>".
|
|
|
58a8c31 |
- Apply patch from Joshua Brindle to disable dontaudit rules
|
|
|
58a8c31 |
|
|
|
58a8c31 |
|
|
|
63e1b4a |
* Thu Jun 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.4-1
|
|
|
63e1b4a |
- Upgrade to latest from NSA
|
|
|
63e1b4a |
* Merged error handling patch from Eamon Walsh.
|
|
|
63e1b4a |
|
|
|
d036a52 |
* Tue Apr 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-1
|
|
|
d036a52 |
- Upgrade to latest from NSA
|
|
|
d036a52 |
* Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
|
|
|
d036a52 |
|
|
|
53a0908 |
* Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-1
|
|
|
53a0908 |
- Upgrade to latest from NSA
|
|
|
53a0908 |
* Merged fix from Karl to remap booleans at expand time to
|
|
|
53a0908 |
avoid holes in the symbol table.
|
|
|
53a0908 |
|
|
|
91512f9 |
* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-1
|
|
|
91512f9 |
- Upgrade to latest from NSA
|
|
|
91512f9 |
* Merged libsepol segfault fix from Stephen Smalley for when
|
|
|
91512f9 |
sensitivities are required but not present in the base.
|
|
|
91512f9 |
* Merged patch to add errcodes.h to libsepol by Karl MacMillan.
|
|
|
91512f9 |
|
|
|
86fc00a |
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
|
|
|
7e8492d |
- Upgrade to latest from NSA
|
|
|
7e8492d |
* Updated version for stable branch.
|
|
|
7e8492d |
|
|
|
57b6fc1 |
* Tue Dec 12 2006 Adam Jackson <ajax@redhat.com> 1.15.3-1
|
|
|
57b6fc1 |
- Add dist tag and rebuild, fixes 6 to 7 upgrades.
|
|
|
57b6fc1 |
|
|
|
e5a8dba |
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
|
|
|
e5a8dba |
- Upgrade to latest from NSA
|
|
|
e5a8dba |
* Merged patch to compile wit -fPIC instead of -fpic from
|
|
|
e5a8dba |
Manoj Srivastava to prevent hitting the global offest table
|
|
|
e5a8dba |
limit. Patch changed to include libselinux and libsemanage in
|
|
|
e5a8dba |
addition to libselinux.
|
|
|
e5a8dba |
|
|
|
a92b818 |
* Wed Nov 1 2006 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
|
|
|
a92b818 |
- Upgrade to latest from NSA
|
|
|
a92b818 |
* Merged fix from Karl MacMillan for a segfault when linking
|
|
|
a92b818 |
non-MLS modules with users in them.
|
|
|
a92b818 |
|
|
|
a3a13a2 |
* Tue Oct 24 2006 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
|
|
|
a3a13a2 |
- Upgrade to latest from NSA
|
|
|
a3a13a2 |
* Merged fix for version comparison that was preventing range
|
|
|
a3a13a2 |
transition rules from being written for a version 5 base policy
|
|
|
a3a13a2 |
from Darrel Goeddel.
|
|
|
a3a13a2 |
|
|
|
288632e |
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> 1.14-1
|
|
|
288632e |
- NSA Released version - Same as previous but changed release number
|
|
|
288632e |
|
|
|
04bc0ce |
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> 1.12.28-1
|
|
|
04bc0ce |
- Upgrade to latest from NSA
|
|
|
04bc0ce |
* Build libsepol's static object files with -fpic
|
|
|
04bc0ce |
|
|
|
dd59fb4 |
* Thu Sep 28 2006 Dan Walsh <dwalsh@redhat.com> 1.12.27-1
|
|
|
dd59fb4 |
- Upgrade to latest from NSA
|
|
|
dd59fb4 |
* Merged mls user and range_transition support in modules
|
|
|
dd59fb4 |
from Darrel Goeddel
|
|
|
dd59fb4 |
|
|
|
d51bbdb |
* Wed Sep 6 2006 Dan Walsh <dwalsh@redhat.com> 1.12.26-1
|
|
|
d51bbdb |
- Upgrade to latest from NSA
|
|
|
d51bbdb |
* Merged range transition enhancements and user format changes
|
|
|
d51bbdb |
Darrel Goeddel
|
|
|
d51bbdb |
|
|
|
6a90efc |
* Fri Aug 25 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-3
|
|
|
6a90efc |
- Fix location of include directory to devel package
|
|
|
6a90efc |
|
|
|
bfedd4e |
* Fri Aug 25 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-2
|
|
|
bfedd4e |
- Remove invalid Requires
|
|
|
bfedd4e |
|
|
|
156e931 |
* Thu Aug 24 2006 Dan Walsh <dwalsh@redhat.com> 1.12.25-1
|
|
|
156e931 |
- Upgrade to latest from NSA
|
|
|
156e931 |
* Merged conditionally expand neverallows patch from Jeremy Mowery.
|
|
|
156e931 |
* Merged refactor expander patch from Jeremy Mowery.
|
|
|
156e931 |
|
|
|
f55a71f |
* Thu Aug 3 2006 Dan Walsh <dwalsh@redhat.com> 1.12.24-1
|
|
|
285dda5 |
- Upgrade to latest from NSA
|
|
|
f55a71f |
* Merged libsepol unit tests from Joshua Brindle.
|
|
|
285dda5 |
* Merged symtab datum patch from Karl MacMillan.
|
|
|
285dda5 |
* Merged netfilter contexts support from Chris PeBenito.
|
|
|
285dda5 |
|
|
|
ae2ff08 |
* Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 1.12.21-1
|
|
|
ae2ff08 |
- Upgrade to latest from NSA
|
|
|
ae2ff08 |
* Merged helpful hierarchy check errors patch from Joshua Brindle.
|
|
|
ae2ff08 |
* Merged semodule_deps patch from Karl MacMillan.
|
|
|
ae2ff08 |
This adds source module names to the avrule decls.
|
|
|
ae2ff08 |
|
|
|
31fdd8d |
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.12.19-1.1
|
|
|
31fdd8d |
- rebuild
|
|
|
31fdd8d |
|
|
|
c4ad64e |
* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> 1.12.19-1
|
|
|
c4ad64e |
- Upgrade to latest from NSA
|
|
|
c4ad64e |
* Lindent.
|
|
|
c4ad64e |
* Merged optionals in base take 2 patch set from Joshua Brindle.
|
|
|
c4ad64e |
|
|
|
79de515 |
* Tue Jun 13 2006 Bill Nottingham <notting@redhat.com> 1.12.17-2
|
|
|
79de515 |
- bump so it's newer than the FC5 version
|
|
|
79de515 |
|
|
|
6ab7e34 |
* Mon Jun 5 2006 Dan Walsh <dwalsh@redhat.com> 1.12.17-1
|
|
|
6ab7e34 |
- Upgrade to latest from NSA
|
|
|
6ab7e34 |
* Revert 1.12.16.
|
|
|
6ab7e34 |
* Merged cleaner fix for bool_ids overflow from Karl MacMillan,
|
|
|
6ab7e34 |
replacing the prior patch.
|
|
|
6ab7e34 |
* Merged fixes for several memory leaks in the error paths during
|
|
|
6ab7e34 |
policy read from Serge Hallyn.
|
|
|
6ab7e34 |
|
|
|
5609182 |
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.12.14-1
|
|
|
5609182 |
- Upgrade to latest from NSA
|
|
|
5609182 |
* Fixed bool_ids overflow bug in cond_node_find and cond_copy_list,
|
|
|
5609182 |
based on bug report and suggested fix by Cedric Roux.
|
|
|
5609182 |
* Merged sens_copy_callback, check_role_hierarchy_callback,
|
|
|
5609182 |
and node_from_record fixes from Serge Hallyn.
|
|
|
5609182 |
|
|
|
4e6d19b |
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 1.12.12-1
|
|
|
4e6d19b |
- Upgrade to latest from NSA
|
|
|
4e6d19b |
* Added sepol_policydb_compat_net() interface for testing whether
|
|
|
4e6d19b |
a policy requires the compatibility support for network checks
|
|
|
4e6d19b |
to be enabled in the kernel.
|
|
|
4e6d19b |
|
|
|
af05b5a |
* Thu May 15 2006 Dan Walsh <dwalsh@redhat.com> 1.12.11-1
|
|
|
af05b5a |
- Upgrade to latest from NSA
|
|
|
af05b5a |
* Merged patch to initialize sym_val_to_name arrays from Kevin Carr.
|
|
|
af05b5a |
Reworked to use calloc in the first place, and converted some other
|
|
|
af05b5a |
malloc/memset pairs to calloc calls.
|
|
|
af05b5a |
|
|
|
ba09d11 |
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 1.12.10-1
|
|
|
ba09d11 |
- Upgrade to latest from NSA
|
|
|
ba09d11 |
* Merged patch to revert role/user decl upgrade from Karl MacMillan.
|
|
|
ba09d11 |
|
|
|
2e432e5 |
* Thu May 11 2006 Steve Grubb <sgrubb@redhat.com> 1.12.9
|
|
|
2e432e5 |
- Couple minor spec file clean ups
|
|
|
2e432e5 |
|
|
|
c53a165 |
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.12.9-1
|
|
|
9b242c9 |
- Upgrade to latest from NSA
|
|
|
c53a165 |
* Dropped tests from all Makefile target.
|
|
|
9b242c9 |
* Merged fix warnings patch from Karl MacMillan.
|
|
|
9b242c9 |
* Merged libsepol test framework patch from Karl MacMillan.
|
|
|
9b242c9 |
|
|
|
c704b57 |
* Mon May 1 2006 Dan Walsh <dwalsh@redhat.com> 1.12.6-1
|
|
|
c704b57 |
- Upgrade to latest from NSA
|
|
|
c704b57 |
* Fixed cond_normalize to traverse the entire cond list at link time.
|
|
|
c704b57 |
|
|
|
d927fe6 |
* Wed Apr 5 2006 Dan Walsh <dwalsh@redhat.com> 1.12.5-1
|
|
|
d927fe6 |
- Upgrade to latest from NSA
|
|
|
d927fe6 |
* Merged fix for leak of optional package sections from Ivan Gyurdiev.
|
|
|
d927fe6 |
|
|
|
adbebcb |
* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> 1.12.4-1
|
|
|
adbebcb |
- Upgrade to latest from NSA
|
|
|
adbebcb |
* Generalize test for bitmap overflow in ebitmap_set_bit.
|
|
|
adbebcb |
|
|
|
058dbc8 |
* Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> 1.12.3-1
|
|
|
058dbc8 |
- Upgrade to latest from NSA
|
|
|
058dbc8 |
* Fixed attr_convert_callback and expand_convert_type_set
|
|
|
058dbc8 |
typemap bug.
|
|
|
058dbc8 |
|
|
|
9affa07 |
* Fri Mar 24 2006 Dan Walsh <dwalsh@redhat.com> 1.12.2-1
|
|
|
9affa07 |
- Upgrade to latest from NSA
|
|
|
9affa07 |
* Fixed avrule_block_write num_decls endian bug.
|
|
|
9affa07 |
|
|
|
9affa07 |
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> 1.12.1-1
|
|
|
2405135 |
- Upgrade to latest from NSA
|
|
|
2405135 |
* Fixed sepol_module_package_write buffer overflow bug.
|
|
|
2405135 |
|
|
|
9901b10 |
* Fri Mar 10 2006 Dan Walsh <dwalsh@redhat.com> 1.12-2
|
|
|
71e4315 |
- Upgrade to latest from NSA
|
|
|
71e4315 |
* Updated version for release.
|
|
|
71e4315 |
* Merged cond_evaluate_expr fix from Serge Hallyn (IBM).
|
|
|
71e4315 |
* Fixed bug in copy_avrule_list reported by Ivan Gyurdiev.
|
|
|
71e4315 |
* Merged sepol_policydb_mls_enabled interface and error handling
|
|
|
71e4315 |
changes from Ivan Gyurdiev.
|
|
|
71e4315 |
|
|
|
405ea9b |
* Mon Feb 20 2006 Dan Walsh <dwalsh@redhat.com> 1.11.18-2
|
|
|
405ea9b |
- Rebuild for fc5-head
|
|
|
71e4315 |
|
|
|
adf5556 |
* Fri Feb 17 2006 Dan Walsh <dwalsh@redhat.com> 1.11.18-1
|
|
|
adf5556 |
- Upgrade to latest from NSA
|
|
|
adf5556 |
* Merged node_expand_addr bugfix and node_compare* change from
|
|
|
adf5556 |
Ivan Gyurdiev.
|
|
|
adf5556 |
|
|
|
79c3d30 |
* Thu Feb 16 2006 Dan Walsh <dwalsh@redhat.com> 1.11.17-1
|
|
|
79c3d30 |
- Upgrade to latest from NSA
|
|
|
79c3d30 |
* Merged nodes, ports: always prepend patch from Ivan Gyurdiev.
|
|
|
79c3d30 |
* Merged bug fix patch from Ivan Gyurdiev.
|
|
|
79c3d30 |
* Added a defined flag to level_datum_t for use by checkpolicy.
|
|
|
79c3d30 |
* Merged nodecon support patch from Ivan Gyurdiev.
|
|
|
79c3d30 |
* Merged cleanups patch from Ivan Gyurdiev.
|
|
|
79c3d30 |
|
|
|
9863116 |
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.14-2
|
|
|
9863116 |
- Fix post install not to fire if /dev/initctr does not exist
|
|
|
9863116 |
|
|
|
81037ff |
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.14-1
|
|
|
81037ff |
- Upgrade to latest from NSA
|
|
|
81037ff |
* Merged optionals in base patch from Joshua Brindle.
|
|
|
81037ff |
|
|
|
b8d4dc8 |
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.11.13-1.1
|
|
|
b8d4dc8 |
- bump again for double-long bug on ppc(64)
|
|
|
b8d4dc8 |
|
|
|
81037ff |
* Tue Feb 7 2006 Dan Walsh <dwalsh@redhat.com> 1.11.13-1
|
|
|
6f864b4 |
- Upgrade to latest from NSA
|
|
|
6f864b4 |
* Merged seuser/user_extra support patch from Joshua Brindle.
|
|
|
6f864b4 |
* Merged fix patch from Ivan Gyurdiev.
|
|
|
6f864b4 |
|
|
|
93f928c |
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.11.12-1.1
|
|
|
93f928c |
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
93f928c |
|
|
|
384f984 |
* Thu Feb 2 2006 Dan Walsh <dwalsh@redhat.com> 1.11.12-1
|
|
|
384f984 |
- Upgrade to latest from NSA
|
|
|
384f984 |
* Merged assertion copying bugfix from Joshua Brindle.
|
|
|
384f984 |
* Merged sepol_av_to_string patch from Joshua Brindle.
|
|
|
384f984 |
* Merged clone record on set_con patch from Ivan Gyurdiev.
|
|
|
384f984 |
|
|
|
2716390 |
* Mon Jan 30 2006 Dan Walsh <dwalsh@redhat.com> 1.11.10-1
|
|
|
2716390 |
- Upgrade to latest from NSA
|
|
|
2716390 |
* Merged cond_expr mapping and package section count bug fixes
|
|
|
2716390 |
from Joshua Brindle.
|
|
|
2716390 |
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
|
|
|
2716390 |
* Merged fixes for overflow bugs on 64-bit from Ivan Gyurdiev.
|
|
|
2716390 |
|
|
|
2cf76a4 |
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.11.9-1
|
|
|
2cf76a4 |
- Upgrade to latest from NSA
|
|
|
2cf76a4 |
* Merged size_t -> unsigned int patch from Ivan Gyurdiev.
|
|
|
2cf76a4 |
|
|
|
9a4cd99 |
* Tue Jan 10 2006 Dan Walsh <dwalsh@redhat.com> 1.11.8-1
|
|
|
9a4cd99 |
- Upgrade to latest from NSA
|
|
|
9a4cd99 |
* Merged 2nd const in APIs patch from Ivan Gyurdiev.
|
|
|
9a4cd99 |
|
|
|
c05bbf4 |
* Fri Jan 7 2006 Dan Walsh <dwalsh@redhat.com> 1.11.7-1
|
|
|
c05bbf4 |
- Upgrade to latest from NSA
|
|
|
c05bbf4 |
* Merged const in APIs patch from Ivan Gyurdiev.
|
|
|
c05bbf4 |
* Merged compare2 function patch from Ivan Gyurdiev.
|
|
|
c05bbf4 |
* Fixed hierarchy checker to only check allow rules.
|
|
|
c05bbf4 |
|
|
|
731af03 |
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.11.5-1
|
|
|
731af03 |
- Upgrade to latest from NSA
|
|
|
731af03 |
* Merged further fixes from Russell Coker, specifically:
|
|
|
731af03 |
- av_to_string overflow checking
|
|
|
731af03 |
- sepol_context_to_string error handling
|
|
|
731af03 |
- hierarchy checking memory leak fixes and optimizations
|
|
|
731af03 |
- avrule_block_read variable initialization
|
|
|
731af03 |
* Marked deprecated code in genbools and genusers.
|
|
|
731af03 |
|
|
|
34791d4 |
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.11.4-1
|
|
|
34791d4 |
- Upgrade to latest from NSA
|
|
|
34791d4 |
* Merged bugfix for sepol_port_modify from Russell Coker.
|
|
|
34791d4 |
* Fixed bug in sepol_iface_modify error path noted by Ivan Gyurdiev.
|
|
|
34791d4 |
* Merged port ordering patch from Ivan Gyurdiev.
|
|
|
34791d4 |
|
|
|
34791d4 |
* Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.11.2-2
|
|
|
e9cf9fc |
- Upgrade to latest from NSA
|
|
|
e9cf9fc |
* Merged patch series from Ivan Gyurdiev.
|
|
|
e9cf9fc |
This includes patches to:
|
|
|
e9cf9fc |
- support ordering of records in compare function
|
|
|
e9cf9fc |
- enable port interfaces
|
|
|
e9cf9fc |
- add interfaces for context validity and range checks
|
|
|
e9cf9fc |
- add include guards
|
|
|
e9cf9fc |
|
|
|
7611aa0 |
* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.11.1-2
|
|
|
7611aa0 |
- Add Ivans patch to make ports work
|
|
|
7611aa0 |
|
|
|
cb69f78 |
* Fri Dec 16 2005 Dan Walsh <dwalsh@redhat.com> 1.11.1-1
|
|
|
cb69f78 |
- Upgrade to latest from NSA
|
|
|
cb69f78 |
* Fixed mls_range_cpy bug.
|
|
|
cb69f78 |
|
|
|
7c88899 |
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
|
7c88899 |
- rebuilt
|
|
|
7c88899 |
|
|
|
8cd7274 |
* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.10-1
|
|
|
8cd7274 |
- Upgrade to latest from NSA
|
|
|
8cd7274 |
|
|
|
bd181d3 |
* Mon Dec 5 2005 Dan Walsh <dwalsh@redhat.com> 1.9.42-1
|
|
|
bd181d3 |
- Upgrade to latest from NSA
|
|
|
bd181d3 |
* Dropped handle from user_del_role interface.
|
|
|
bd181d3 |
|
|
|
7c682bf |
* Mon Nov 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.41-1
|
|
|
7c682bf |
- Upgrade to latest from NSA
|
|
|
7c682bf |
* Merged remove defrole from sepol patch from Ivan Gyurdiev.
|
|
|
7c682bf |
|
|
|
7c682bf |
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.9.40-1
|
|
|
6d0505a |
- Upgrade to latest from NSA
|
|
|
6d0505a |
* Merged module function and map file cleanup from Ivan Gyurdiev.
|
|
|
6d0505a |
* Merged MLS and genusers cleanups from Ivan Gyurdiev.
|
|
|
6d0505a |
|
|
|
b3866cb |
* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.9.39-1
|
|
|
b3866cb |
- Upgrade to latest from NSA
|
|
|
b3866cb |
Prepare for removal of booleans* and *.users files.
|
|
|
b3866cb |
* Cleaned up sepol_genbools to not regenerate the image if
|
|
|
b3866cb |
there were no changes in the boolean values, including the
|
|
|
b3866cb |
degenerate case where there are no booleans or booleans.local
|
|
|
b3866cb |
files.
|
|
|
b3866cb |
* Cleaned up sepol_genusers to not warn on missing local.users.
|
|
|
b3866cb |
|
|
|
bd12c81 |
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.9.38-1
|
|
|
bd12c81 |
- Upgrade to latest from NSA
|
|
|
bd12c81 |
* Removed sepol_port_* from libsepol.map, as the port interfaces
|
|
|
bd12c81 |
are not yet stable.
|
|
|
bd12c81 |
|
|
|
e378155 |
* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.9.37-1
|
|
|
e378155 |
- Upgrade to latest from NSA
|
|
|
e378155 |
* Merged context destroy cleanup patch from Ivan Gyurdiev.
|
|
|
e378155 |
|
|
|
7516f6e |
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.9.36-1
|
|
|
7516f6e |
- Upgrade to latest from NSA
|
|
|
7516f6e |
* Merged context_to_string interface change patch from Ivan Gyurdiev.
|
|
|
7516f6e |
|
|
|
5cd6399 |
* Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.9.35-1
|
|
|
5cd6399 |
- Upgrade to latest from NSA
|
|
|
5cd6399 |
* Added src/dso.h and src/*_internal.h.
|
|
|
5cd6399 |
Added hidden_def for exported symbols used within libsepol.
|
|
|
5cd6399 |
Added hidden for symbols that should not be exported by
|
|
|
5cd6399 |
the wildcards in libsepol.map.
|
|
|
5cd6399 |
|
|
|
0ca45d8 |
* Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.9.34-1
|
|
|
0ca45d8 |
- Upgrade to latest from NSA
|
|
|
0ca45d8 |
* Merged record interface, record bugfix, and set_roles patches
|
|
|
0ca45d8 |
from Ivan Gyurdiev.
|
|
|
0ca45d8 |
|
|
|
04b9e37 |
* Fri Oct 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.33-1
|
|
|
04b9e37 |
- Upgrade to latest from NSA
|
|
|
04b9e37 |
* Merged count specification change from Ivan Gyurdiev.
|
|
|
04b9e37 |
|
|
|
5f5c84c |
* Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.9.32-1
|
|
|
5f5c84c |
- Upgrade to latest from NSA
|
|
|
5f5c84c |
* Added further checking and error reporting to
|
|
|
5f5c84c |
sepol_module_package_read and _info.
|
|
|
5f5c84c |
* Merged sepol handle passing, DEBUG conversion, and memory leak
|
|
|
5f5c84c |
fix patches from Ivan Gyurdiev.
|
|
|
5f5c84c |
|
|
|
80d5fef |
* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.9.30-1
|
|
|
80d5fef |
- Upgrade to latest from NSA
|
|
|
80d5fef |
* Removed processing of system.users from sepol_genusers and
|
|
|
80d5fef |
dropped delusers logic.
|
|
|
80d5fef |
* Removed policydb_destroy from error path of policydb_read,
|
|
|
80d5fef |
since create/init/destroy/free of policydb is handled by the
|
|
|
80d5fef |
caller now.
|
|
|
80d5fef |
* Fixed sepol_module_package_read to handle a failed policydb_read
|
|
|
80d5fef |
properly.
|
|
|
80d5fef |
* Merged query/exists and count patches from Ivan Gyurdiev.
|
|
|
80d5fef |
* Merged fix for pruned types in expand code from Joshua Brindle.
|
|
|
80d5fef |
* Merged new module package format code from Joshua Brindle.
|
|
|
80d5fef |
|
|
|
80d5fef |
|
|
|
467b5dd |
* Mon Oct 24 2005 Dan Walsh <dwalsh@redhat.com> 1.9.26-1
|
|
|
467b5dd |
- Upgrade to latest from NSA
|
|
|
467b5dd |
* Merged context interface cleanup, record conversion code,
|
|
|
467b5dd |
key passing, and bug fix patches from Ivan Gyurdiev.
|
|
|
467b5dd |
|
|
|
7769e13 |
* Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.9.25-1
|
|
|
7769e13 |
- Upgrade to latest from NSA
|
|
|
7769e13 |
* Merged users cleanup patch from Ivan Gyurdiev.
|
|
|
7769e13 |
* Merged user record memory leak fix from Ivan Gyurdiev.
|
|
|
7769e13 |
* Merged reorganize users patch from Ivan Gyurdiev.
|
|
|
7769e13 |
|
|
|
025ac73 |
- Need to check for /sbin/telinit
|
|
|
025ac73 |
|
|
|
1910dd4 |
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.23-1
|
|
|
7769e13 |
- Upgrade to latest from NSA
|
|
|
1910dd4 |
* Added check flag to expand_module() to control assertion
|
|
|
1910dd4 |
and hierarchy checking on expansion.
|
|
|
1910dd4 |
* Reworked check_assertions() and hierarchy_check_constraints()
|
|
|
1910dd4 |
to take handles and use callback-based error reporting.
|
|
|
1910dd4 |
* Changed expand_module() to call check_assertions() and
|
|
|
1910dd4 |
hierarchy_check_constraints() prior to returning the expanded
|
|
|
1910dd4 |
policy.
|
|
|
1910dd4 |
|
|
|
1910dd4 |
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.21-1
|
|
|
0bc6737 |
- Upgrade to latest from NSA
|
|
|
4a81528 |
* Changed sepol_module_package_set_file_contexts to copy the
|
|
|
4a81528 |
file contexts data since it is internally managed.
|
|
|
4a81528 |
* Added sepol_policy_file_set_handle interface to associate
|
|
|
4a81528 |
a handle with a policy file.
|
|
|
4a81528 |
* Added handle argument to policydb_from_image/to_image.
|
|
|
4a81528 |
* Added sepol_module_package_set_file_contexts interface.
|
|
|
4a81528 |
* Dropped sepol_module_package_create_file interface.
|
|
|
4a81528 |
* Reworked policydb_read/write, policydb_from_image/to_image,
|
|
|
4a81528 |
and sepol_module_package_read/write to use callback-based error
|
|
|
4a81528 |
reporting system rather than DEBUG.
|
|
|
4a81528 |
|
|
|
4a81528 |
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.9.19-1
|
|
|
4a81528 |
- Upgrade to latest from NSA
|
|
|
0bc6737 |
* Reworked link_packages, link_modules, and expand_module to use
|
|
|
0bc6737 |
callback-based error reporting system rather than error buffering.
|
|
|
0bc6737 |
|
|
|
1fbaab2 |
* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.9.18-1
|
|
|
1fbaab2 |
- Upgrade to latest from NSA
|
|
|
1fbaab2 |
* Merged conditional expression mapping fix in the module linking
|
|
|
1fbaab2 |
code from Joshua Brindle.
|
|
|
1fbaab2 |
|
|
|
21d06a6 |
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.9.17-2
|
|
|
21d06a6 |
- Tell init to reexec itself in post script
|
|
|
21d06a6 |
|
|
|
d658e96 |
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.9.17-1
|
|
|
d658e96 |
- Upgrade to latest from NSA
|
|
|
d658e96 |
* Hid sepol_module_package type definition, and added get interfaces.
|
|
|
d658e96 |
* Merged new callback-based error reporting system from Ivan
|
|
|
d658e96 |
Gyurdiev.
|
|
|
d658e96 |
* Merged support for require blocks inside conditionals from
|
|
|
d658e96 |
Joshua Brindle (Tresys).
|
|
|
d658e96 |
|
|
|
724f903 |
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.9.14.1-1
|
|
|
4dc90da |
- Upgrade to latest from NSA
|
|
|
4dc90da |
* Fixed use of policydb_from_image/to_image to ensure proper
|
|
|
4dc90da |
init of policydb.
|
|
|
4dc90da |
* Isolated policydb internal headers under <sepol/policydb/*.h>.
|
|
|
4dc90da |
These headers should only be used by users of the static libsepol.
|
|
|
4dc90da |
Created new <sepol/policydb.h> with new public types and interfaces
|
|
|
4dc90da |
for shared libsepol.
|
|
|
4dc90da |
Created new <sepol/module.h> with public types and interfaces moved
|
|
|
4dc90da |
or wrapped from old module.h, link.h, and expand.h, adjusted for
|
|
|
4dc90da |
new public types for policydb and policy_file.
|
|
|
4dc90da |
Added public interfaces to libsepol.map.
|
|
|
4dc90da |
Some implementation changes visible to users of the static libsepol:
|
|
|
4dc90da |
1) policydb_read no longer calls policydb_init.
|
|
|
4dc90da |
Caller must do so first.
|
|
|
4dc90da |
2) policydb_init no longer takes policy_type argument.
|
|
|
4dc90da |
Caller must set policy_type separately.
|
|
|
4dc90da |
3) expand_module automatically enables the global branch.
|
|
|
4dc90da |
Caller no longer needs to do so.
|
|
|
4dc90da |
4) policydb_write uses the policy_type and policyvers from the
|
|
|
4dc90da |
policydb itself, and sepol_set_policyvers() has been removed.
|
|
|
4dc90da |
|
|
|
6429db4 |
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.9.12-1
|
|
|
6429db4 |
- Upgrade to latest from NSA
|
|
|
6429db4 |
* Merged function renaming and static cleanup from Ivan Gyurdiev.
|
|
|
6429db4 |
|
|
|
8cf50ae |
* Thu Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.9.11-1
|
|
|
8cf50ae |
- Upgrade to latest from NSA
|
|
|
8cf50ae |
* Merged bug fix for check_assertions handling of no assertions
|
|
|
8cf50ae |
from Joshua Brindle (Tresys).
|
|
|
8cf50ae |
|
|
|
3ddcc84 |
* Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.9.10-1
|
|
|
3ddcc84 |
- Upgrade to latest from NSA
|
|
|
3ddcc84 |
* Merged iterate patch from Ivan Gyurdiev.
|
|
|
3ddcc84 |
* Merged MLS in modules patch from Joshua Brindle (Tresys).
|
|
|
3ddcc84 |
|
|
|
f22a649 |
* Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.9.8-1
|
|
|
f22a649 |
- Upgrade to latest from NSA
|
|
|
f22a649 |
* Merged pointer typedef elimination patch from Ivan Gyurdiev.
|
|
|
f22a649 |
* Merged user list function, new mls functions, and bugfix patch
|
|
|
f22a649 |
from Ivan Gyurdiev.
|
|
|
f22a649 |
|
|
|
bfa19b4 |
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.9.7-1
|
|
|
bfa19b4 |
- Upgrade to latest from NSA
|
|
|
bfa19b4 |
* Merged sepol_get_num_roles fix from Karl MacMillan (Tresys).
|
|
|
bfa19b4 |
|
|
|
5e7aa36 |
* Fri Sep 23 2005 Dan Walsh <dwalsh@redhat.com> 1.9.6-1
|
|
|
5e7aa36 |
- Upgrade to latest from NSA
|
|
|
5e7aa36 |
* Merged bug fix patches from Joshua Brindle (Tresys).
|
|
|
5e7aa36 |
|
|
|
703c74f |
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.9.5-1
|
|
|
703c74f |
- Upgrade to latest from NSA
|
|
|
703c74f |
* Merged boolean record and memory leak fix patches from Ivan
|
|
|
703c74f |
Gyurdiev.
|
|
|
703c74f |
|
|
|
0ffa4bf |
* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.9.4-1
|
|
|
0ffa4bf |
- Upgrade to latest from NSA
|
|
|
0ffa4bf |
* Merged interface record patch from Ivan Gyurdiev.
|
|
|
0ffa4bf |
|
|
|
3dd19e6 |
* Thu Sep 15 2005 Dan Walsh <dwalsh@redhat.com> 1.9.3-1
|
|
|
3dd19e6 |
- Upgrade to latest from NSA
|
|
|
3dd19e6 |
* Merged fix for sepol_enable/disable_debug from Ivan
|
|
|
3dd19e6 |
Gyurdiev.
|
|
|
3dd19e6 |
|
|
|
16d370e |
* Mon Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-2
|
|
|
16d370e |
- Upgrade to latest from NSA
|
|
|
16d370e |
* Merged stddef.h patch and debug conversion patch from
|
|
|
16d370e |
Ivan Gyurdiev.
|
|
|
16d370e |
|
|
|
89c9201 |
* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.9.1-1
|
|
|
89c9201 |
- Upgrade to latest from NSA
|
|
|
89c9201 |
* Fixed expand_avtab and expand_cond_av_list to keep separate
|
|
|
89c9201 |
entries with identical keys but different enabled flags.
|
|
|
89c9201 |
* Updated version for release.
|
|
|
89c9201 |
|
|
|
560bbca |
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.7.24-1
|
|
|
560bbca |
- Upgrade to latest from NSA
|
|
|
560bbca |
* Fixed symtab_insert return value for duplicate declarations.
|
|
|
560bbca |
* Merged fix for memory error in policy_module_destroy from
|
|
|
560bbca |
Jason Tang (Tresys).
|
|
|
560bbca |
|
|
|
c57ee23 |
* Mon Aug 29 2005 Dan Walsh <dwalsh@redhat.com> 1.7.22-1
|
|
|
c57ee23 |
- Upgrade to latest from NSA
|
|
|
c57ee23 |
* Merged fix for memory leak in sepol_context_to_sid from
|
|
|
c57ee23 |
Jason Tang (Tresys).
|
|
|
c57ee23 |
* Merged fixes for resource leaks on error paths and
|
|
|
c57ee23 |
change to scope_destroy from Joshua Brindle (Tresys).
|
|
|
c57ee23 |
|
|
|
680938b |
* Tue Aug 23 2005 Dan Walsh <dwalsh@redhat.com> 1.7.20-1
|
|
|
680938b |
- Upgrade to latest from NSA
|
|
|
680938b |
* Merged more fixes for resource leaks on error paths
|
|
|
680938b |
from Serge Hallyn (IBM). Bugs found by Coverity.
|
|
|
680938b |
|
|
|
691e94c |
* Fri Aug 19 2005 Dan Walsh <dwalsh@redhat.com> 1.7.19-1
|
|
|
691e94c |
- Upgrade to latest from NSA
|
|
|
691e94c |
* Changed to treat all type conflicts as fatal errors.
|
|
|
691e94c |
* Merged several error handling fixes from
|
|
|
691e94c |
Serge Hallyn (IBM). Bugs found by Coverity.
|
|
|
691e94c |
|
|
|
36260cb |
* Mon Aug 15 2005 Dan Walsh <dwalsh@redhat.com> 1.7.17-1
|
|
|
36260cb |
- Upgrade to latest from NSA
|
|
|
36260cb |
* Fixed several memory leaks found by valgrind.
|
|
|
36260cb |
|
|
|
56a2b4d |
* Sun Aug 14 2005 Dan Walsh <dwalsh@redhat.com> 1.7.15-1
|
|
|
56a2b4d |
- Upgrade to latest from NSA
|
|
|
56a2b4d |
* Fixed empty list test in cond_write_av_list. Bug found by
|
|
|
56a2b4d |
Coverity, reported by Serge Hallyn (IBM).
|
|
|
56a2b4d |
* Merged patch to policydb_write to check errors
|
|
|
56a2b4d |
when writing the type->attribute reverse map from
|
|
|
56a2b4d |
Serge Hallyn (IBM). Bug found by Coverity.
|
|
|
56a2b4d |
* Fixed policydb_destroy to properly handle NULL type_attr_map
|
|
|
56a2b4d |
or attr_type_map.
|
|
|
56a2b4d |
|
|
|
a0ffdcf |
* Sat Aug 13 2005 Dan Walsh <dwalsh@redhat.com> 1.7.14-1
|
|
|
a0ffdcf |
- Upgrade to latest from NSA
|
|
|
a0ffdcf |
* Fixed empty list test in cond_write_av_list. Bug found by
|
|
|
a0ffdcf |
Coverity, reported by Serge Hallyn (IBM).
|
|
|
a0ffdcf |
* Merged patch to policydb_write to check errors
|
|
|
a0ffdcf |
when writing the type->attribute reverse map from
|
|
|
a0ffdcf |
Serge Hallyn (IBM). Bug found by Coverity.
|
|
|
a0ffdcf |
* Fixed policydb_destroy to properly handle NULL type_attr_map
|
|
|
a0ffdcf |
or attr_type_map.
|
|
|
a0ffdcf |
|
|
|
a0ffdcf |
|
|
|
9aea386 |
* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.13-1
|
|
|
9aea386 |
- Upgrade to latest from NSA
|
|
|
9aea386 |
* Improved memory use by SELinux by both reducing the avtab
|
|
|
9aea386 |
node size and reducing the number of avtab nodes (by not
|
|
|
9aea386 |
expanding attributes in TE rules when possible). Added
|
|
|
9aea386 |
expand_avtab and expand_cond_av_list functions for use by
|
|
|
9aea386 |
assertion checker, hierarchy checker, compatibility code,
|
|
|
9aea386 |
and dispol. Added new inline ebitmap operators and converted
|
|
|
9aea386 |
existing users of ebitmaps to the new operators for greater
|
|
|
9aea386 |
efficiency.
|
|
|
9aea386 |
Note: The binary policy format version has been incremented to
|
|
|
9aea386 |
version 20 as a result of these changes.
|
|
|
9aea386 |
|
|
|
25190ca |
* Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.7.12-1
|
|
|
25190ca |
- Upgrade to latest from NSA
|
|
|
25190ca |
* Fixed bug in constraint_node_clone handling of name sets.
|
|
|
25190ca |
|
|
|
71a4369 |
* Wed Aug 10 2005 Dan Walsh <dwalsh@redhat.com> 1.7.11-1
|
|
|
71a4369 |
- Upgrade to latest from NSA
|
|
|
71a4369 |
* Fix range_trans_clone to map the type values properly.
|
|
|
71a4369 |
|
|
|
afa262c |
* Fri Aug 5 2005 Dan Walsh <dwalsh@redhat.com> 1.7.10-1
|
|
|
afa262c |
- Upgrade to latest from NSA
|
|
|
afa262c |
* Merged patch to move module read/write code from libsemanage
|
|
|
afa262c |
to libsepol from Jason Tang (Tresys).
|
|
|
afa262c |
|
|
|
c1a5ce0 |
* Tue Aug 2 2005 Dan Walsh <dwalsh@redhat.com> 1.7.9-1
|
|
|
c1a5ce0 |
- Upgrade to latest from NSA
|
|
|
c1a5ce0 |
* Enabled further compiler warning flags and fixed them.
|
|
|
c1a5ce0 |
* Merged user, context, port records patch from Ivan Gyurdiev.
|
|
|
c1a5ce0 |
* Merged key extract function patch from Ivan Gyurdiev.
|
|
|
c1a5ce0 |
* Merged mls_context_to_sid bugfix from Ivan Gyurdiev.
|
|
|
c1a5ce0 |
|
|
|
bfb8873 |
* Wed Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-2
|
|
|
bfb8873 |
- Fix MLS Free
|
|
|
bfb8873 |
|
|
|
b0f7b63 |
* Mon Jul 25 2005 Dan Walsh <dwalsh@redhat.com> 1.7.6-1
|
|
|
b0f7b63 |
- Upgrade to latest from NSA
|
|
|
b0f7b63 |
* Merged context reorganization, memory leak fixes,
|
|
|
b0f7b63 |
port and interface loading, replacements for genusers and
|
|
|
b0f7b63 |
genbools, debug traceback, and bugfix patches from Ivan Gyurdiev.
|
|
|
b0f7b63 |
* Merged uninitialized variable bugfix from Dan Walsh.
|
|
|
b0f7b63 |
|
|
|
5242278 |
* Mon Jul 25 2005 Dan Walsh <dwalsh@redhat.com> 1.7.5-2
|
|
|
5242278 |
- Fix unitialized variable problem
|
|
|
5242278 |
|
|
|
22cadfa |
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.7.5-1
|
|
|
22cadfa |
- Upgrade to latest from NSA
|
|
|
22cadfa |
* Merged debug support, policydb conversion functions from Ivan Gyurdiev (Red Hat).
|
|
|
22cadfa |
* Removed genpolbools and genpolusers utilities.
|
|
|
22cadfa |
* Merged hierarchy check fix from Joshua Brindle (Tresys).
|
|
|
22cadfa |
|
|
|
22cadfa |
|
|
|
22cadfa |
|
|
|
4e37e11 |
* Thu Jul 14 2005 Dan Walsh <dwalsh@redhat.com> 1.7.3-1
|
|
|
4e37e11 |
- Upgrade to latest from NSA
|
|
|
4e37e11 |
* Merged header file cleanup and memory leak fix from Ivan Gyurdiev (Red Hat).
|
|
|
4e37e11 |
* Merged genbools debugging message cleanup from Red Hat.
|
|
|
4e37e11 |
|
|
|
57d97af |
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-2
|
|
|
57d97af |
- Remove genpolbools and genpoluser
|
|
|
57d97af |
|
|
|
27c3880 |
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.7-1
|
|
|
27c3880 |
- Upgrade to latest from NSA
|
|
|
27c3880 |
* Merged loadable module support from Tresys Technology.
|
|
|
27c3880 |
|
|
|
3433537 |
* Wed Jun 29 2005 Dan Walsh <dwalsh@redhat.com> 1.6-1
|
|
|
3433537 |
- Upgrade to latest from NSA
|
|
|
3433537 |
* Updated version for release.
|
|
|
3433537 |
|
|
|
07cf4bd |
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.10-1
|
|
|
07cf4bd |
- Fix reset booleans warning message
|
|
|
07cf4bd |
- Upgrade to latest from NSA
|
|
|
07cf4bd |
* License changed to LGPL v2.1, see COPYING.
|
|
|
07cf4bd |
|
|
|
7d8931a |
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.9-2
|
|
|
bf612b3 |
- Upgrade to latest from NSA
|
|
|
bf612b3 |
* Added sepol_genbools_policydb and sepol_genusers_policydb for
|
|
|
bf612b3 |
audit2why.
|
|
|
bf612b3 |
|
|
|
5d7a0aa |
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.5.8-2
|
|
|
5d7a0aa |
- export sepol_context_to_sid
|
|
|
5d7a0aa |
|
|
|
e043783 |
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.5.8-1
|
|
|
e043783 |
- Upgrade to latest from NSA
|
|
|
e043783 |
* Added sepol_ prefix to Flask types to avoid
|
|
|
e043783 |
namespace collision with libselinux.
|
|
|
e043783 |
|
|
|
e043783 |
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.5.7-1
|
|
|
90feaaf |
- Upgrade to latest from NSA
|
|
|
90feaaf |
* Added sepol_compute_av_reason() for audit2why.
|
|
|
90feaaf |
|
|
|
c4ff628 |
* Tue Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.5.6-1
|
|
|
c4ff628 |
- Upgrade to latest from NSA
|
|
|
c4ff628 |
* Fixed bug in role hierarchy checker.
|
|
|
c4ff628 |
|
|
|
57d5dcc |
* Mon Apr 25 2005 Dan Walsh <dwalsh@redhat.com> 1.5.5-2
|
|
|
57d5dcc |
- Fixes found via intel compiler
|
|
|
57d5dcc |
|
|
|
fa4ea37 |
* Thu Apr 14 2005 Dan Walsh <dwalsh@redhat.com> 1.5.5-1
|
|
|
fa4ea37 |
- Update from NSA
|
|
|
fa4ea37 |
|
|
|
30eb218 |
* Tue Mar 29 2005 Dan Walsh <dwalsh@redhat.com> 1.5.3-1
|
|
|
30eb218 |
- Update from NSA
|
|
|
30eb218 |
|
|
|
041a966 |
* Thu Mar 24 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-2
|
|
|
041a966 |
- Handle booleans.local
|
|
|
041a966 |
|
|
|
b85e342 |
* Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.5.2-1
|
|
|
406a403 |
- Update to latest from NSA
|
|
|
b85e342 |
* Added man page for sepol_check_context.
|
|
|
406a403 |
* Added man page for sepol_genusers function.
|
|
|
406a403 |
* Merged man pages for genpolusers and chkcon from Manoj Srivastava.
|
|
|
406a403 |
|
|
|
6d972dd |
* Thu Mar 10 2005 Dan Walsh <dwalsh@redhat.com> 1.4-1
|
|
|
6d972dd |
- Update to latest from NSA
|
|
|
6d972dd |
|
|
|
bc67d33 |
* Tue Mar 8 2005 Dan Walsh <dwalsh@redhat.com> 1.3.8-1
|
|
|
bc67d33 |
- Update to latest from NSA
|
|
|
bc67d33 |
* Cleaned up error handling in sepol_genusers and sepol_genbools.
|
|
|
bc67d33 |
|
|
|
9e487d2 |
* Tue Mar 1 2005 Dan Walsh <dwalsh@redhat.com> 1.3.7-1
|
|
|
9e487d2 |
- Update to latest from NSA
|
|
|
9e487d2 |
* Merged sepol_debug and fclose patch from Dan Walsh.
|
|
|
9e487d2 |
|
|
|
9b7e5fe |
* Fri Feb 18 2005 Dan Walsh <dwalsh@redhat.com> 1.3.6-3
|
|
|
9b7e5fe |
- Make sure local_files file pointer is closed
|
|
|
2014478 |
- Stop outputing error messages
|
|
|
2014478 |
|
|
|
d6aaae0 |
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.3.6-1
|
|
|
d6aaae0 |
- Update to latest from NSA
|
|
|
d6aaae0 |
* Changed sepol_genusers to also use getline and correctly handle
|
|
|
d6aaae0 |
EOL.
|
|
|
d6aaae0 |
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.3.5-1
|
|
|
91a26c1 |
- Update to latest from NSA
|
|
|
7ed3ff5 |
* Merged endianness and compute_av patches from Darrel Goeddel (TCS).
|
|
|
91a26c1 |
* Merged range_transition support from Darrel Goeddel (TCS).
|
|
|
91a26c1 |
* Added sepol_genusers function.
|
|
|
7ed3ff5 |
|
|
|
d6aaae0 |
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.3.2-1
|
|
|
7ed3ff5 |
- Update to latest from NSA
|
|
|
7ed3ff5 |
* Changed relabel Makefile target to use restorecon.
|
|
|
7ed3ff5 |
|
|
|
d6aaae0 |
* Mon Feb 7 2005 Dan Walsh <dwalsh@redhat.com> 1.3.1-1
|
|
|
7ed3ff5 |
- Update to latest from NSA
|
|
|
7ed3ff5 |
* Merged enhanced MLS support from Darrel Goeddel (TCS).
|
|
|
7ed3ff5 |
|
|
|
d6aaae0 |
* Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.2.1.1-1
|
|
|
5a4e5b4 |
- Update to latest from NSA
|
|
|
5a4e5b4 |
* Merged build fix patch from Manoj Srivastava.
|
|
|
5a4e5b4 |
|
|
|
d6aaae0 |
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.2.1-1
|
|
|
90d964f |
- Update to latest from NSA
|
|
|
90d964f |
|
|
|
d6aaae0 |
* Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.1.1-2
|
|
cvsdist |
3c07940 |
- Add optargs for build
|
|
cvsdist |
3c07940 |
|
|
|
d6aaae0 |
* Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.1.1-1
|
|
cvsdist |
d9547a8 |
- New version from NSA
|
|
cvsdist |
d9547a8 |
|
|
cvsdist |
d08e6b4 |
* Fri Aug 20 2004 Colin Walters <walters@redhat.com> 1.0-2
|
|
cvsdist |
d08e6b4 |
- Apply Stephen's chkcon patch
|
|
cvsdist |
d08e6b4 |
|
|
cvsdist |
5b1b5b6 |
* Thu Aug 19 2004 Colin Walters <walters@redhat.com> 1.0-1
|
|
cvsdist |
5b1b5b6 |
- New upstream version
|
|
cvsdist |
5b1b5b6 |
|
|
|
d6aaae0 |
* Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 0.4.2-1
|
|
cvsdist |
3e7fdd1 |
- Newversion from upstream implementing stringcase compare
|
|
cvsdist |
3e7fdd1 |
|
|
cvsdist |
a25ddb6 |
* Fri Aug 13 2004 Bill Nottingham <notting@redhat.com> 0.4.1-2
|
|
cvsdist |
a25ddb6 |
- ldconfig tweaks
|
|
cvsdist |
88c9ead |
|
|
|
d6aaae0 |
* Thu Aug 12 2004 Dan Walsh <dwalsh@redhat.com> 0.4.1-1
|
|
cvsdist |
3e7fdd1 |
- Ignore case of true/false
|
|
cvsdist |
3e7fdd1 |
|
|
|
d6aaae0 |
* Wed Aug 11 2004 Dan Walsh <dwalsh@redhat.com> 0.4.1-1
|
|
cvsdist |
5ad5404 |
- New version from NSA
|
|
cvsdist |
5ad5404 |
|
|
|
d6aaae0 |
* Tue Aug 10 2004 Dan Walsh <dwalsh@redhat.com> 0.3.1-1
|
|
cvsdist |
88c9ead |
- Initial version
|
|
cvsdist |
88c9ead |
- Created by Stephen Smalley <sds@epoch.ncsc.mil>
|
|
cvsdist |
88c9ead |
|
|
cvsdist |
88c9ead |
|