|
Chris PeBenito |
25d796e |
- Unconditional staff and user oidentd home config access from Dominick Grift.
|
|
Chris PeBenito |
785ee79 |
- Conditional mmap_zero support from Dominick Grift.
|
|
Chris PeBenito |
76a9fe9 |
- Added devtmpfs support.
|
|
Chris PeBenito |
c62f1be |
- Dbadm updates from KaiGai Kohei.
|
|
Chris PeBenito |
27eeb64 |
- Virtio disk file context update from Mika Pfluger.
|
|
Chris PeBenito |
21fdee9 |
- Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh.
|
|
Chris PeBenito |
29f3bfa |
- Add JIT usage for freshclam.
|
|
Chris PeBenito |
08690c8 |
- Remove ethereal module since the application was renamed to wireshark.
|
|
Chris PeBenito |
bca0cdb |
- Remove duplicate/redundant rules, from Russell Coker.
|
|
Chris PeBenito |
0001e26 |
- Increased default number of categories to 1024, from Russell Coker.
|
|
Chris PeBenito |
98652c6 |
- Added modules:
|
|
Chris PeBenito |
12ab395 |
accountsd (Dan Walsh)
|
|
Chris PeBenito |
98652c6 |
cgroup (Dominick Grift)
|
|
Chris PeBenito |
a9539a0 |
kdumpgui (Dan Walsh)
|
|
Chris PeBenito |
b841dff |
livecd (Dan Walsh)
|
|
Chris PeBenito |
9d4395a |
mojomojo (Lain Arnell)
|
|
Chris PeBenito |
5d6bf45 |
sambagui (Dan Walsh)
|
|
Chris PeBenito |
7e265a8 |
shutdown (Dan Walsh)
|
|
Chris PeBenito |
98652c6 |
|
|
Chris PeBenito |
03e653b |
* Mon May 24 2010 Chris PeBenito <selinux@tresys.com> - 2.20100524
|
|
Chris PeBenito |
f9bdd1e |
- Merged a significant portion of Fedora policy.
|
|
Chris PeBenito |
f9bdd1e |
- Move rules from mta mailserver delivery from interface to .te to use
|
|
Chris PeBenito |
f9bdd1e |
attributes.
|
|
Chris PeBenito |
f9bdd1e |
- Remove concept of users from terminal module interfaces since the
|
|
Chris PeBenito |
f9bdd1e |
attributes are not specific to users.
|
|
Chris PeBenito |
f9bdd1e |
- Add non-drawing X client support, for consolekit usage.
|
|
Chris PeBenito |
f9bdd1e |
- Misc Gentoo fixes from Chris Richards.
|
|
Chris PeBenito |
f9bdd1e |
- AFS and abrt fixes from Dominick Grift.
|
|
Chris PeBenito |
f9bdd1e |
- Improved the XML docs of 55 most-used interfaces.
|
|
Chris PeBenito |
f9bdd1e |
- Apcupsd and amavis fixes from Dominick Grift.
|
|
Chris PeBenito |
85e71c8 |
- Fix network_port() in corenetwork to correctly handle port ranges.
|
|
KaiGai Kohei |
ec8d32c |
- SE-Postgresql updates from KaiGai Kohei.
|
|
Chris PeBenito |
7fc72a0 |
- X object manager revisions from Eamon Walsh.
|
|
Chris PeBenito |
22a2874 |
- Added modules:
|
|
Chris PeBenito |
5c2b95e |
aisexec (Dan Walsh)
|
|
Chris PeBenito |
a513794 |
chronyd (Miroslav Grepl)
|
|
Chris PeBenito |
12dc618 |
cobbler (Dominick Grift)
|
|
Chris PeBenito |
5c2b95e |
corosync (Dan Walsh)
|
|
Chris PeBenito |
22a2874 |
dbadm (KaiGai Kohei)
|
|
Chris PeBenito |
e07fbc0 |
denyhosts (Dan Walsh)
|
|
Chris PeBenito |
e526fca |
nut (Stefan Schulze Frielinghaus, Miroslav Grepl)
|
|
Chris PeBenito |
827060c |
likewise (Scott Salley)
|
|
Chris PeBenito |
e9e43f0 |
plymouthd (Dan Walsh)
|
|
Chris PeBenito |
4ebfec7 |
pyicqt (Stefan Schulze Frielinghaus)
|
|
Chris PeBenito |
5c2b95e |
rhcs (Dan Walsh)
|
|
Chris PeBenito |
5c2b95e |
rgmanager (Dan Walsh)
|
|
Chris PeBenito |
29b580c |
sectoolm (Miroslav Grepl)
|
|
Chris PeBenito |
ee2d2dd |
usbmuxd (Dan Walsh)
|
|
Chris PeBenito |
6d4dbd2 |
vhostmd (Dan Walsh)
|
|
Chris PeBenito |
7fc72a0 |
|
|
Chris PeBenito |
a404bc3 |
* Tue Nov 17 2009 Chris PeBenito <selinux@tresys.com> - 2.20091117
|
|
Chris PeBenito |
c596730 |
- Add separate x_pointer and x_keyboard classes inheriting from x_device.
|
|
Chris PeBenito |
c596730 |
From Eamon Walsh.
|
|
Chris PeBenito |
a404bc3 |
- Deprecated the userdom_xwindows_client_template().
|
|
Chris PeBenito |
62c80e2 |
- Misc Gentoo fixes from Corentin Labbe.
|
|
Chris PeBenito |
9099220 |
- Debian policykit fixes from Martin Orr.
|
|
Chris PeBenito |
b264824 |
- Fix unconfined_r use of unconfined_java_t.
|
|
Chris PeBenito |
4254cec |
- Add missing x_device rules for XI2 functions, from Eamon Walsh.
|
|
Chris PeBenito |
2a77737 |
- Add missing rules to make unconfined_cronjob_t a valid cron job domain.
|
|
Chris PeBenito |
0f5e26b |
- Add btrfs and ext4 to labeling targets.
|
|
Chris PeBenito |
90286f4 |
- Fix infrastructure to expand macros in initrc_context when installing.
|
|
Chris PeBenito |
02e594d |
- Handle unix_chkpwd usage by useradd and groupadd.
|
|
Chris PeBenito |
e335910 |
- Add missing compatibility aliases for xdm_xserver*_t types.
|
|
Chris PeBenito |
aa83007 |
- Added modules:
|
|
Chris PeBenito |
e3a90e3 |
abrt (Dan Walsh)
|
|
Chris PeBenito |
5a6b1fe |
dkim (Stefan Schulze Frielinghaus)
|
|
Chris PeBenito |
dbed953 |
gitosis (Miroslav Grepl)
|
|
Chris PeBenito |
21b1d10 |
gnomeclock (Dan Walsh)
|
|
Chris PeBenito |
aa83007 |
hddtemp (Dan Walsh)
|
|
Chris PeBenito |
71965a1 |
kdump (Dan Walsh)
|
|
Chris PeBenito |
c141d83 |
modemmanager(Dan Walsh)
|
|
Chris PeBenito |
81bca10 |
nslcd (Dan Walsh)
|
|
Chris PeBenito |
e6d8fd1 |
puppet (Craig Grube)
|
|
Chris PeBenito |
ed70158 |
rtkit (Dan Walsh)
|
|
Chris PeBenito |
4be8dd1 |
seunshare (Dan Walsh)
|
|
Chris PeBenito |
625be1b |
shorewall (Dan Walsh)
|
|
Chris PeBenito |
222d5b5 |
tgtd (Matthew Ife)
|
|
Chris PeBenito |
b04669a |
tuned (Miroslav Grepl)
|
|
Chris PeBenito |
1d3b9e3 |
xscreensaver (Corentin Labbe)
|
|
Chris PeBenito |
e335910 |
|
|
Chris PeBenito |
915dfa6 |
* Thu Jul 30 2009 Chris PeBenito <selinux@tresys.com> - 2.20090730
|
|
Chris PeBenito |
64c7061 |
- Gentoo fixes for init scripts and system startup.
|
|
Chris PeBenito |
09516cb |
- Remove read_default_t tunable.
|
|
Chris PeBenito |
c9c0d84 |
- Greylist milter from Paul Howarth.
|
|
Chris PeBenito |
c7dc1c7 |
- Crack db access for su to handle password expiration, from Brandon Whalen.
|
|
Chris PeBenito |
df28a0c |
- Misc fixes for unix_update from Brandon Whalen.
|
|
Chris PeBenito |
95ea7d6 |
- Add x_device permissions for XI2 functions, from Eamon Walsh.
|
|
Chris PeBenito |
16fd1fd |
- MLS constraints for the x_selection class, from Eamon Walsh.
|
|
Chris PeBenito |
350ed89 |
- Postgresql updates from KaiGai Kohei.
|
|
Chris PeBenito |
0cf1d56 |
- Milter state directory patch from Paul Howarth.
|
|
Chris PeBenito |
e1a70f1 |
- Add MLS constrains for ingress/egress and secmark from Paul Moore.
|
|
Chris PeBenito |
156204a |
- Drop write permission from fs_read_rpc_sockets().
|
|
Chris PeBenito |
81fa19e |
- Remove unused udev_runtime_t type.
|
|
Chris PeBenito |
f3fcadf |
- Patch for RadSec port from Glen Turner.
|
|
Chris PeBenito |
7722c29 |
- Enable network_peer_controls policy capability from Paul Moore.
|
|
Chris PeBenito |
805f34e |
- Btrfs xattr support from Paul Moore.
|
|
Chris PeBenito |
466e22a |
- Add db_procedure install permission from KaiGai Kohei.
|
|
Chris PeBenito |
019dfaf |
- Add support for network interfaces with access controlled by a Boolean
|
|
Chris PeBenito |
019dfaf |
from the CLIP project.
|
|
Chris PeBenito |
9e7a338 |
- Several fixes from the CLIP project.
|
|
Chris PeBenito |
f0435b1 |
- Add support for labeled Booleans.
|
|
Chris PeBenito |
c126214 |
- Remove node definitions and change node usage to generic nodes.
|
|
Chris PeBenito |
347a701 |
- Add kernel_service access vectors, from Stephen Smalley.
|
|
Chris PeBenito |
3c9b2e9 |
- Added modules:
|
|
Chris PeBenito |
3392356 |
certmaster (Dan Walsh)
|
|
Chris PeBenito |
f4962ab |
cpufreqselector (Dan Walsh)
|
|
Chris PeBenito |
677c4c2 |
devicekit (Dan Walsh)
|
|
Chris PeBenito |
20c3cce |
fprintd (Dan Walsh)
|
|
Chris PeBenito |
153fe24 |
git (Dan Walsh)
|
|
Chris PeBenito |
cca4a21 |
gpsd (Miroslav Grepl)
|
|
Chris PeBenito |
a5ef553 |
guest (Dan Walsh)
|
|
Chris PeBenito |
a5ef553 |
ifplugd (Dan Walsh)
|
|
Chris PeBenito |
da3ed06 |
lircd (Miroslav Grepl)
|
|
Chris PeBenito |
3c9b2e9 |
logadm (Dan Walsh)
|
|
Chris PeBenito |
50824a9 |
pads (Dan Walsh)
|
|
Chris PeBenito |
a5ef553 |
pingd (Dan Walsh)
|
|
Chris PeBenito |
dc0ab0f |
policykit (Dan Walsh)
|
|
Chris PeBenito |
9b1907b |
pulseaudio (Dan Walsh)
|
|
Chris PeBenito |
a5ef553 |
psad (Dan Walsh)
|
|
Chris PeBenito |
a5ef553 |
portreserve (Dan Walsh)
|
|
Chris PeBenito |
c017ee1 |
sssd (Dan Walsh)
|
|
Chris PeBenito |
a5ef553 |
ulogd (Dan Walsh)
|
|
Chris PeBenito |
267d9c6 |
varnishd (Dan Walsh)
|
|
Chris PeBenito |
153fe24 |
webadm (Dan Walsh)
|
|
Chris PeBenito |
5f6c30f |
wm (Dan Walsh)
|
|
Chris PeBenito |
42d567c |
xguest (Dan Walsh)
|
|
Chris PeBenito |
3c9b2e9 |
zosremote (Dan Walsh)
|
|
Chris PeBenito |
347a701 |
|
|
Chris PeBenito |
e66a0ca |
* Wed Dec 10 2008 Chris PeBenito <selinux@tresys.com> - 2.20081210
|
|
Chris PeBenito |
3196971 |
- Fix consistency of audioentropy and iscsi module naming.
|
|
Chris PeBenito |
b3eb124 |
- Debian file context fix for xen from Russell Coker.
|
|
Chris PeBenito |
7f49194 |
- Xserver MLS fix from Eamon Walsh.
|
|
Chris PeBenito |
99282e6 |
- Add omapi port for dhcpcd.
|
|
Chris PeBenito |
296273a |
- Deprecate per-role templates and rolemap support.
|
|
Chris PeBenito |
296273a |
- Implement user-based access control for use as role separations.
|
|
Chris PeBenito |
6e68e6b |
- Move shared library calls from individual modules to the domain module.
|
|
Chris PeBenito |
0b36a21 |
- Enable open permission checks policy capability.
|
|
Chris PeBenito |
aea3f28 |
- Remove hierarchy from portage module as it is not a good example of
|
|
Chris PeBenito |
aea3f28 |
hieararchy.
|
|
Chris PeBenito |
b19f862 |
- Remove enableaudit target from modular build as semodule -DB supplants it.
|
|
Chris PeBenito |
b9e5238 |
- Added modules:
|
|
Chris PeBenito |
b9e5238 |
milter (Paul Howarth)
|
|
Chris PeBenito |
b19f862 |
|
|
Chris PeBenito |
40db860 |
* Tue Oct 14 2008 Chris PeBenito <selinux@tresys.com> - 20081014
|
|
Chris PeBenito |
52ceaaa |
- Debian update for NetworkManager/wpa_supplicant from Martin Orr.
|
|
Chris PeBenito |
e40fa63 |
- Logrotate and Bind updates from Vaclav Ovsik.
|
|
Chris PeBenito |
6cc3f35 |
- Init script file and domain support.
|
|
Chris PeBenito |
9c4500b |
- Glibc 2.7 fix from Vaclav Ovsik.
|
|
Chris PeBenito |
b81bfc2 |
- Samba/winbind update from Mike Edenfield.
|
|
Chris PeBenito |
3338f23 |
- Policy size optimization with a non-security file attribute from James
|
|
Chris PeBenito |
3338f23 |
Carter.
|
|
Chris PeBenito |
dc1920b |
- Database labeled networking update from KaiGai Kohei.
|
|
Chris PeBenito |
6224fc1 |
- Several misc changes from the Fedora policy, cherry picked by David
|
|
Chris PeBenito |
8a948ca |
Hardeman.
|
|
Chris PeBenito |
0bfccda |
- Large whitespace fix from Dominick Grift.
|
|
Chris PeBenito |
2b592aa |
- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
|
|
Chris PeBenito |
4459a7c |
- Issuing commands to upstart is over a datagram socket, not the initctl
|
|
Chris PeBenito |
4459a7c |
named pipe. Updated init_telinit() to match.
|
|
Chris PeBenito |
32f8ff3 |
- Added modules:
|
|
Chris PeBenito |
a71e136 |
cyphesis (Dan Walsh)
|
|
Chris PeBenito |
967fd1b |
memcached (Dan Walsh)
|
|
Chris PeBenito |
73edbc9 |
oident (Dominick Grift)
|
|
Chris PeBenito |
32f8ff3 |
w3c (Dan Walsh)
|
|
Chris PeBenito |
4459a7c |
|
|
Chris PeBenito |
e64c38c |
* Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
|
|
Chris PeBenito |
e311e23 |
- Fix httpd_enable_homedirs to actually provide the access it is supposed to
|
|
Chris PeBenito |
e311e23 |
provide.
|
|
Chris PeBenito |
c5cfd2d |
- Add unused interface/template parameter metadata in XML.
|
|
Chris PeBenito |
8c6292b |
- Patch to handle postfix data_directory from Vaclav Ovsik.
|
|
Chris PeBenito |
e8cb08a |
- SE-Postgresql policy from KaiGai Kohei.
|
|
Chris PeBenito |
ef55a11 |
- Patch for X.org dbus support from Martin Orr.
|
|
Chris PeBenito |
308baad |
- Patch for labeled networking controls in 2.6.25 from Paul Moore.
|
|
Chris PeBenito |
4416c41 |
- Module loading now requires setsched on kernel threads.
|
|
Chris PeBenito |
a42ce93 |
- Patch to allow gpg agent --write-env-file option from Vaclav Ovsik.
|
|
Chris PeBenito |
d923d54 |
- X application data class from Eamon Walsh and Ted Toth.
|
|
Chris PeBenito |
e9c6cda |
- Move user roles into individual modules.
|
|
Chris PeBenito |
7e11b74 |
- Make hald_log_t a log file.
|
|
Chris PeBenito |
2083db2 |
- Cryptsetup runs shell scripts. Patch from Martin Orr.
|
|
Chris PeBenito |
c07f9cc |
- Add file for enabling policy capabilities.
|
|
Chris PeBenito |
75da4b8 |
- Patch to fix leaky interface/template call depth calculator from Vaclav
|
|
Chris PeBenito |
75da4b8 |
Ovsik.
|
|
Chris PeBenito |
ff79b83 |
- Added modules:
|
|
Chris PeBenito |
782c10e |
kerneloops (Dan Walsh)
|
|
Chris PeBenito |
ff79b83 |
kismet (Dan Walsh)
|
|
Chris PeBenito |
131634a |
podsleuth (Dan Walsh)
|
|
Chris PeBenito |
cdbd09f |
prelude (Dan Walsh)
|
|
Chris PeBenito |
eb42163 |
qemu (Dan Walsh)
|
|
Chris PeBenito |
eb42163 |
virt (Dan Walsh)
|
|
Chris PeBenito |
75da4b8 |
|
|
Chris PeBenito |
c565b44 |
* Wed Apr 02 2008 Chris PeBenito <selinux@tresys.com> - 20080402
|
|
Chris PeBenito |
2c12b47 |
- Add core Security Enhanced X Windows support.
|
|
Chris PeBenito |
9377a3e |
- Fix winbind socket connection interface for default location of the
|
|
Chris PeBenito |
9377a3e |
sock_file.
|
|
Chris PeBenito |
6e2123f |
- Add wireshark module based on ethereal module.
|
|
Chris PeBenito |
47333d8 |
- Revise upstart support in init module to use a tunable, as upstart is now
|
|
Chris PeBenito |
47333d8 |
used in Fedora too.
|
|
Chris PeBenito |
e276d50 |
- Add iferror.m4 rather generate it out of the Makefiles.
|
|
Chris PeBenito |
210607b |
- Definitions for open permisson on file and similar objects from Eric
|
|
Chris PeBenito |
210607b |
Paris.
|
|
Chris PeBenito |
e065ac8 |
- Apt updates for ptys and logs, from Martin Orr.
|
|
Chris PeBenito |
01e8ff4 |
- RPC update from Vaclav Ovsik.
|
|
Chris PeBenito |
d57a094 |
- Exim updates on Debian from Devin Carrawy.
|
|
Chris PeBenito |
9fa023f |
- Pam and samba updates from Stefan Schulze Frielinghaus.
|
|
Chris PeBenito |
45b56b0 |
- Backup update on Debian from Vaclav Ovsik.
|
|
Chris PeBenito |
45b56b0 |
- Cracklib update on Debian from Vaclav Ovsik.
|
|
Chris PeBenito |
037fc0f |
- Label /proc/kallsyms with system_map_t.
|
|
Chris PeBenito |
8b9ffed |
- 64-bit capabilities from Stephen Smalley.
|
|
Chris PeBenito |
f3da31d |
- Labeled networking peer object class updates.
|
|
Chris PeBenito |
f3da31d |
|
|
Chris PeBenito |
cde477c |
* Fri Dec 14 2007 Chris PeBenito <selinux@tresys.com> - 20071214
|
|
Chris PeBenito |
1abafe3 |
- Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
|
|
Chris PeBenito |
dd9e1de |
- Improve several tunables descriptions from Dan Walsh.
|
|
Chris PeBenito |
c0cf6e0 |
- Patch to clean up ns switch usage in the policy from Dan Walsh.
|
|
Chris PeBenito |
0b6acad |
- More complete labeled networking infrastructure from KaiGai Kohei.
|
|
Chris PeBenito |
eeef8dc |
- Add interface for libselinux constructor, for libselinux-linked
|
|
Chris PeBenito |
eeef8dc |
SELinux-enabled programs.
|
|
Chris PeBenito |
847937d |
- Patch to restructure user role templates to create restricted user roles
|
|
Chris PeBenito |
847937d |
from Dan Walsh.
|
|
Chris PeBenito |
164772b |
- Russian man page translations from Andrey Markelov.
|
|
Chris PeBenito |
bd973e3 |
- Remove unused types from dbus.
|
|
Chris PeBenito |
a334d29 |
- Add infrastructure for managing all user web content.
|
|
Chris PeBenito |
ef659a4 |
- Deprecate some old file and dir permission set macros in favor of the
|
|
Chris PeBenito |
ef659a4 |
newer, more consistently-named macros.
|
|
Chris PeBenito |
6c53a10 |
- Patch to clean up unescaped periods in several file context entries from
|
|
Chris PeBenito |
6c53a10 |
Jan-Frode Myklebust.
|
|
Chris PeBenito |
350b6ab |
- Merge shlib_t into lib_t.
|
|
Chris PeBenito |
350b6ab |
- Merge strict and targeted policies. The policy will now behave like the
|
|
Chris PeBenito |
350b6ab |
strict policy if the unconfined module is not present. If it is, it will
|
|
Chris PeBenito |
350b6ab |
behave like the targeted policy. Added an unconfined role to have a mix
|
|
Chris PeBenito |
350b6ab |
of confined and unconfined users.
|
|
Chris PeBenito |
6bf8bf4 |
- Added modules:
|
|
Chris PeBenito |
6bf8bf4 |
exim (Dan Walsh)
|
|
Chris PeBenito |
4605adc |
postfixpolicyd (Jan-Frode Myklebust)
|
|
Chris PeBenito |
350b6ab |
|
|
Chris PeBenito |
cb811cd |
* Fri Sep 28 2007 Chris PeBenito <selinux@tresys.com> - 20070928
|
|
Chris PeBenito |
8acfcbc |
- Add support for setting the unknown permissions handling.
|
|
Chris PeBenito |
96fc0a4 |
- Fix XML building for external reference builds and headers builds.
|
|
Chris PeBenito |
6f49b49 |
- Patch to add missing requirements in userdomain interfaces from Shintaro
|
|
Chris PeBenito |
6f49b49 |
Fujiwara.
|
|
Chris PeBenito |
8242f5a |
- Add tcpd_wrapped_domain() for services that use tcp wrappers.
|
|
Chris PeBenito |
d62c088 |
- Update MLS constraints from LSPP evaluated policy.
|
|
Chris PeBenito |
2af7b42 |
- Allow initrc_t file descriptors to be inherited regardless of MLS level.
|
|
Chris PeBenito |
2af7b42 |
Accordingly drop MLS permissions from daemons that inherit from any level.
|
|
Chris PeBenito |
80d5e02 |
- Files and radvd updates from Stefan Schulze Frielinghaus.
|
|
Chris PeBenito |
f8233ab |
- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
|
|
Chris PeBenito |
f8233ab |
mls_write_all_levels() and mls_read_all_levels(), for consistency.
|
|
Chris PeBenito |
2d0c9ce |
- Add make kernel and init ranged interfaces pass the range transition MLS
|
|
Chris PeBenito |
2d0c9ce |
constraints. Also remove calls to mls_rangetrans_target() in modules that use
|
|
Chris PeBenito |
2d0c9ce |
the kernel and init interfaces, since its redundant.
|
|
Chris PeBenito |
2d0c9ce |
- Add interfaces for all MLS attributes except X object classes.
|
|
Chris PeBenito |
2d0c9ce |
- Require all sensitivities and categories for MLS and MCS policies, not just
|
|
Chris PeBenito |
2d0c9ce |
the low and high sensitivity and category.
|
|
Chris PeBenito |
9760cbe |
- Database userspace object manager classes from KaiGai Kohei.
|
|
Chris PeBenito |
371d11e |
- Add third-party interface for Apache CGI.
|
|
Chris PeBenito |
924f3cc |
- Add getserv and shmemserv nscd permissions.
|
|
Chris PeBenito |
f80a0e4 |
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
|
|
Chris PeBenito |
d46cfe4 |
- Added modules:
|
|
Chris PeBenito |
d46cfe4 |
application
|
|
Chris PeBenito |
0cf6df5 |
awstats (Stefan Schulze Frielinghaus)
|
|
Chris PeBenito |
8242f5a |
bitlbee (Devin Carraway)
|
|
Chris PeBenito |
8241b53 |
brctl (Dan Walsh)
|
|
Chris PeBenito |
f80a0e4 |
|
|
Chris PeBenito |
970122c |
* Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
|
|
Chris PeBenito |
113b4fc |
- Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
|
|
Chris PeBenito |
113b4fc |
libraries module.
|
|
Chris PeBenito |
1900668 |
- Unified labeled networking policy from Paul Moore.
|
|
Chris PeBenito |
1900668 |
- Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
|
|
Chris PeBenito |
7f08978 |
- Xen updates from Dan Walsh.
|
|
Chris PeBenito |
5bf9deb |
- Filesystem updates from Dan Walsh.
|
|
Chris PeBenito |
40df567 |
- Large samba update from Dan Walsh.
|
|
Chris PeBenito |
788d88c |
- Drop snmpd_etc_t.
|
|
Chris PeBenito |
6c8aba7 |
- Confine sendmail and logrotate on targeted.
|
|
Chris PeBenito |
cb10a2d |
- Tunable connection to postgresql for users from KaiGai Kohei.
|
|
Chris PeBenito |
41337aa |
- Memprotect support patch from Stephen Smalley.
|
|
Chris PeBenito |
d5b81a8 |
- Add logging_send_audit_msgs() interface and deprecate
|
|
Chris PeBenito |
d5b81a8 |
send_audit_msgs_pattern().
|
|
Chris PeBenito |
d534d35 |
- Openct updates patch from Dan Walsh.
|
|
Chris PeBenito |
762d2cb |
- Merge restorecon into setfiles.
|
|
Chris PeBenito |
12217cc |
- Patch to begin separating out hald helper programs from Dan Walsh.
|
|
Chris PeBenito |
b129e20 |
- Fixes for squid, dovecot, and snmp from Dan Walsh.
|
|
Chris PeBenito |
4967aaa |
- Miscellaneous consolekit fixes from Dan Walsh.
|
|
Chris PeBenito |
ed4b730 |
- Patch to have avahi use the nsswitch interface rather than individual
|
|
Chris PeBenito |
ed4b730 |
permissions from Dan Walsh.
|
|
Chris PeBenito |
517618f |
- Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
|
|
Chris PeBenito |
882186c |
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
|
|
Chris PeBenito |
517618f |
to handle usage from userhelper from Dan Walsh.
|
|
Chris PeBenito |
747ab18 |
- Patch to allow amavis to read spamassassin libraries from Dan Walsh.
|
|
Chris PeBenito |
f9029fc |
- Patch to allow slocate to getattr other filesystems and directories on those
|
|
Chris PeBenito |
f9029fc |
filesystems from Dan Walsh.
|
|
Chris PeBenito |
d28e528 |
- Fixes for RHEL4 from the CLIP project.
|
|
Chris PeBenito |
cd16fe6 |
- Replace the old lrrd fc entries with munin ones.
|
|
Chris PeBenito |
b4dfdc7 |
- Move program admin template usage out of userdom_admin_user_template() to
|
|
Chris PeBenito |
b4dfdc7 |
sysadm policy in userdomain.te to fix usage of the template for third
|
|
Chris PeBenito |
b4dfdc7 |
parties.
|
|
Chris PeBenito |
7a4bd42 |
- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
|
|
Chris PeBenito |
7a4bd42 |
template instead of an interface.
|
|
Chris PeBenito |
6a29757 |
- Added modules:
|
|
Chris PeBenito |
a74d1ad |
amtu (Dan Walsh)
|
|
Chris PeBenito |
78f17e6 |
apcupsd (Dan Walsh)
|
|
Chris PeBenito |
7b61fe5 |
rpcbind (Dan Walsh)
|
|
Chris PeBenito |
6a29757 |
rwho (Nalin Dahyabhai)
|
|
Chris PeBenito |
7a4bd42 |
|
|
Chris PeBenito |
2733830 |
* Tue Apr 17 2007 Chris PeBenito <selinux@tresys.com> - 20070417
|
|
Chris PeBenito |
6974890 |
- Patch for sasl's use of kerberos from Dan Walsh.
|
|
Chris PeBenito |
6974890 |
- Patches to confine ldconfig, udev, and insmod in the targeted policy from Dan Walsh.
|
|
Chris PeBenito |
f4e2b19 |
- Man page updates from Dan Walsh.
|
|
Chris PeBenito |
a26923c |
- Two patches from Paul Moore to for ipsec to remove redundant rules and
|
|
Chris PeBenito |
a26923c |
have setkey read the config file.
|
|
Chris PeBenito |
56e1b3d |
- Move booleans and tunables to modules when it is only used in a single
|
|
Chris PeBenito |
56e1b3d |
module.
|
|
Chris PeBenito |
56e1b3d |
- Add support for tunables and booleans local to a module.
|
|
Chris PeBenito |
8021cb4 |
- Merge sbin_t and ls_exec_t into bin_t.
|
|
Chris PeBenito |
ab514d6 |
- Remove disable_trans booleans.
|
|
Chris PeBenito |
e9b0042 |
- Output different header sets for kernel and userland from flask headers.
|
|
Chris PeBenito |
1852cda |
- Marked the pax class as deprecated, changed it to userland so
|
|
Chris PeBenito |
1852cda |
it will be removed from the kernel.
|
|
Chris PeBenito |
d17bab0 |
- Stop including netfilter contexts by default.
|
|
Chris PeBenito |
a5f5eba |
- Add dontaudits for init fds and console to init_daemon_domain().
|
|
Chris PeBenito |
4832f0e |
- Patch to allow gpg to create user keys dir.
|
|
Chris PeBenito |
9378492 |
- Patch to support kvmfs from Dan Walsh.
|
|
Chris PeBenito |
6c20f77 |
- Patch for misc fixes in sudo from Dan Walsh.
|
|
Chris PeBenito |
b50f2ee |
- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
|
|
Chris PeBenito |
cdc91b9 |
- Patch for handling restart of nscd when ran from useradd, groupadd, and
|
|
Chris PeBenito |
cdc91b9 |
admin passwd, from Dan Walsh.
|
|
Chris PeBenito |
59bedc1 |
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
|
|
Chris PeBenito |
7aca2aa |
- Patch for setroubleshoot for validating file contexts from Dan Walsh.
|
|
Chris PeBenito |
c23eb5b |
- Patch for gssd fixes from Dan Walsh.
|
|
Chris PeBenito |
c5561c7 |
- Patch for lvm fixes from Dan Walsh.
|
|
Chris PeBenito |
c5561c7 |
- Patch for ricci fixes from Dan Walsh.
|
|
Chris PeBenito |
f2c69c4 |
- Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
|
|
Chris PeBenito |
4900fdf |
- Patch for kerberized telnet fixes from Dan Walsh.
|
|
Chris PeBenito |
09c56f5 |
- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
|
|
Chris PeBenito |
2aea366 |
- Patch for an additional wine executable from Dan Walsh.
|
|
Chris PeBenito |
ecc98e1 |
- Eight patches for file contexts in games, wine, networkmanager, miscfiles,
|
|
Chris PeBenito |
ecc98e1 |
corecommands, devices, and java from Dan Walsh.
|
|
Chris PeBenito |
86d754e |
- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
|
|
Chris PeBenito |
f0eaed3 |
- Patch for misc fixes to bluetooth from Dan Walsh.
|
|
Chris PeBenito |
5b06477 |
- Patch for misc fixes to kerberos from Dan Walsh.
|
|
Chris PeBenito |
bbb7cc8 |
- Patch to start deprecating usercanread attribute from Ryan Bradetich.
|
|
Chris PeBenito |
a715dc0 |
- Add dccp_socket object class which was added in kernel 2.6.20.
|
|
Chris PeBenito |
3a39015 |
- Patch for prelink relabefrom it's temp files from Dan Walsh.
|
|
Chris PeBenito |
5c45eae |
- Patch for capability fix for auditd and networking fix for syslogd from
|
|
Chris PeBenito |
5c45eae |
Dan Walsh.
|
|
Chris PeBenito |
66cf194 |
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
|
|
Chris PeBenito |
4685213 |
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
|
|
Chris PeBenito |
aeb54c6 |
- Patch to allow apmd to telinit from Dan Walsh.
|
|
Chris PeBenito |
d114071 |
- Patch for additional labeling of samba files from Stefan Schulze
|
|
Chris PeBenito |
d114071 |
Frielinghaus.
|
|
Chris PeBenito |
bcac3a5 |
- Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
|
|
Chris PeBenito |
f1be09c |
- Fix ptys and ttys to be device nodes.
|
|
Chris PeBenito |
4bd55eb |
- Fix explicit use of httpd_t in openca_domtrans().
|
|
Chris PeBenito |
ff943a1 |
- Clean up file context regexes in apache and java, from Eamon Walsh.
|
|
Chris PeBenito |
6b19be3 |
- Patches from Dan Walsh:
|
|
Chris PeBenito |
6b19be3 |
Thu, 25 Jan 2007
|
|
Chris PeBenito |
c224d91 |
- Added modules:
|
|
Chris PeBenito |
c224d91 |
consolekit (Dan Walsh)
|
|
Chris PeBenito |
cd3ee91 |
fail2ban (Dan Walsh)
|
|
Chris PeBenito |
97e8156 |
zabbix (Dan Walsh)
|
|
Chris PeBenito |
ff943a1 |
|
|
Chris PeBenito |
b001503 |
* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
|
|
Chris PeBenito |
c0868a7 |
- Add policy patterns support macros. This changes the behavior of
|
|
Chris PeBenito |
c0868a7 |
the create_dir_perms and create_file_perms permission sets.
|
|
Chris PeBenito |
d31d3c1 |
- Association polmatch MLS constraint making unlabeled_t an exception
|
|
Chris PeBenito |
d31d3c1 |
is no longer needed, patch from Venkat Yekkirala.
|
|
Chris PeBenito |
c6a60bb |
- Context contains checking for PAM and cron from James Antill.
|
|
Chris PeBenito |
59f8539 |
- Add a reload target to Modules.devel and change the load
|
|
Chris PeBenito |
59f8539 |
target to only insert modules that were changed.
|
|
Chris PeBenito |
ed38ca9 |
- Allow semanage to read from /root on strict non-MLS for
|
|
Chris PeBenito |
ed38ca9 |
local policy modules.
|
|
Chris PeBenito |
ed38ca9 |
- Gentoo init script fixes for udev.
|
|
Chris PeBenito |
ed38ca9 |
- Allow udev to read kernel modules.inputmap.
|
|
Chris PeBenito |
ed38ca9 |
- Dnsmasq fixes from testing.
|
|
Chris PeBenito |
ed38ca9 |
- Allow kernel NFS server to getattr filesystems so df can work
|
|
Chris PeBenito |
ed38ca9 |
on clients.
|
|
Chris PeBenito |
f497b8d |
- Patch from Matt Anderson for a MLS constraint exemption on a
|
|
Chris PeBenito |
f497b8d |
file that can be written to from a subject whose range is
|
|
Chris PeBenito |
f497b8d |
within the object's range.
|
|
Chris PeBenito |
a8671ae |
- Enhanced setransd support from Darrel Goeddel.
|
|
Chris PeBenito |
d9845ae |
- Patches from Dan Walsh:
|
|
Chris PeBenito |
d9845ae |
Tue, 24 Oct 2006
|
|
Chris PeBenito |
d6d16b9 |
Wed, 29 Nov 2006
|
|
Chris PeBenito |
d9845ae |
- Added modules:
|
|
Chris PeBenito |
fa45da0 |
aide (Matt Anderson)
|
|
Chris PeBenito |
fa45da0 |
ccs (Dan Walsh)
|
|
Chris PeBenito |
d9845ae |
iscsi (Dan Walsh)
|
|
Chris PeBenito |
fa45da0 |
ricci (Dan Walsh)
|
|
Chris PeBenito |
a8671ae |
|
|
Chris PeBenito |
248cccf |
* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
|
|
Chris PeBenito |
3c3c043 |
- Patch from Russell Coker Thu, 5 Oct 2006
|
|
Chris PeBenito |
e070dd2 |
- Move range transitions to modules.
|
|
Chris PeBenito |
e070dd2 |
- Make number of MLS sensitivities, and number of MLS and MCS
|
|
Chris PeBenito |
e070dd2 |
categories configurable as build options.
|
|
Chris PeBenito |
bbcd3c9 |
- Add role infrastructure.
|
|
Chris PeBenito |
13d7cec |
- Debian updates from Erich Schubert.
|
|
Chris PeBenito |
3ef029d |
- Add nscd_socket_use() to auth_use_nsswitch().
|
|
Chris PeBenito |
33c7e6b |
- Remove old selopt rules.
|
|
Chris PeBenito |
f5d1d0f |
- Full support for netfilter_contexts.
|
|
Chris PeBenito |
4846dc8 |
- MRTG patch for daemon operation from Stefan.
|
|
Chris PeBenito |
4b3b46d |
- Add authlogin interface to abstract common access for login programs.
|
|
Chris PeBenito |
133000c |
- Remove setbool auditallow, except for RHEL4.
|
|
Chris PeBenito |
81a016f |
- Change eventpollfs to task SID labeling.
|
|
Chris PeBenito |
fe3a1eb |
- Add key support from Michael LeMay.
|
|
Chris PeBenito |
75fbbb0 |
- Add ftpdctl domain to ftp, from Paul Howarth.
|
|
Chris PeBenito |
4f447b0 |
- Fix build system to not move type declarations out of optionals.
|
|
Chris PeBenito |
5afdf0b |
- Add gcc-config domain to portage.
|
|
Chris PeBenito |
e37158e |
- Add packet object class and support in corenetwork.
|
|
Chris PeBenito |
fc47b34 |
- Add a copy of genhomedircon for monolithic policy building, so that a
|
|
Chris PeBenito |
fc47b34 |
policycoreutils package update is not required for RHEL4 systems.
|
|
Chris PeBenito |
c8229a9 |
- Add appletalk sockets for use in cups.
|
|
Chris PeBenito |
ea5333d |
- Add Make target to validate module linking.
|
|
Chris PeBenito |
5706fac |
- Make duplicate template and interface declarations a fatal error.
|
|
Chris PeBenito |
86e869e |
- Patch to stabilize modules.conf `make conf` output, from Erich Schubert.
|
|
Chris PeBenito |
413982c |
- Move xconsole_device_t from devices to xserver since it is
|
|
Chris PeBenito |
413982c |
not actually a device, it is a named pipe.
|
|
Chris PeBenito |
0578bf8 |
- Handle nonexistant .fc and .if files in devel Makefile by
|
|
Chris PeBenito |
0578bf8 |
automatically creating empty files.
|
|
Chris PeBenito |
fc70c9d |
- Remove unused devfs_control_t.
|
|
Chris PeBenito |
2f1a8fb |
- Add rhel4 distro, which also implies redhat distro.
|
|
Chris PeBenito |
f3ac5e9 |
- Remove unneeded range_transition for su_exec_t and move the
|
|
Chris PeBenito |
f3ac5e9 |
type declaration back to the su module.
|
|
Chris PeBenito |
9779f09 |
- Constrain transitions in MCS so unconfined_t cannot have
|
|
Chris PeBenito |
9779f09 |
arbitrary category sets.
|
|
Chris PeBenito |
d2a9030 |
- Change reiserfs from xattr filesystem to genfscon as it's xattrs
|
|
Chris PeBenito |
d2a9030 |
are currently nonfunctional.
|
|
Chris PeBenito |
da14da8 |
- Change files and filesystem modules to use their own interfaces.
|
|
Chris PeBenito |
1786478 |
- Add user fonts to xserver.
|
|
Chris PeBenito |
d42c7ed |
- Additional interfaces in corecommands, miscfiles, and userdomain
|
|
Chris PeBenito |
d42c7ed |
from Joy Latten.
|
|
Chris PeBenito |
8b2d5ca |
- Miscellaneous fixes from Thomas Bleher.
|
|
Chris PeBenito |
bb7170f |
- Deprecate module name as first parameter of optional_policy()
|
|
Chris PeBenito |
bb7170f |
now that optionals are allowed everywhere.
|
|
Chris PeBenito |
0db866c |
- Enable optional blocks in base module and monolithic policy.
|
|
Chris PeBenito |
0db866c |
This requires checkpolicy 1.30.1.
|
|
Chris PeBenito |
ac6cff2 |
- Fix vpn module declaration.
|
|
Chris PeBenito |
a3cf80d |
- Numerous fixes from Dan Walsh.
|
|
Chris PeBenito |
3abd5ee |
- Change build order to preserve m4 line number information so policy
|
|
Chris PeBenito |
3abd5ee |
compile errors are useful again.
|
|
Chris PeBenito |
405efe1 |
- Additional MLS interfaces from Chad Hanson.
|
|
Chris PeBenito |
3cfd487 |
- Move some rules out of domain_type() and domain_base_type()
|
|
Chris PeBenito |
3cfd487 |
to the TE file, to use the domain attribute to take advantage
|
|
Chris PeBenito |
3cfd487 |
of space savings from attribute use.
|
|
Chris PeBenito |
3cfd487 |
- Add global stack smashing protector rule for urandom access from
|
|
Chris PeBenito |
3cfd487 |
Petre Rodan.
|
|
Chris PeBenito |
e78c775 |
- Fix temporary rules at the bottom of portmap.
|
|
Chris PeBenito |
63e0a1e |
- Updated comments in mls file from Chad Hanson.
|
|
Chris PeBenito |
2dd1d30 |
- Patches from Dan Walsh:
|
|
Chris PeBenito |
2dd1d30 |
Fri, 17 Mar 2006
|
|
Chris PeBenito |
2dd1d30 |
Wed, 29 Mar 2006
|
|
Chris PeBenito |
2dd1d30 |
Tue, 11 Apr 2006
|
|
Chris PeBenito |
2dd1d30 |
Fri, 14 Apr 2006
|
|
Chris PeBenito |
2dd1d30 |
Tue, 18 Apr 2006
|
|
Chris PeBenito |
2dd1d30 |
Thu, 20 Apr 2006
|
|
Chris PeBenito |
2dd1d30 |
Tue, 02 May 2006
|
|
Chris PeBenito |
2dd1d30 |
Mon, 15 May 2006
|
|
Chris PeBenito |
2dd1d30 |
Thu, 18 May 2006
|
|
Chris PeBenito |
2dd1d30 |
Tue, 06 Jun 2006
|
|
Chris PeBenito |
2dd1d30 |
Mon, 12 Jun 2006
|
|
Chris PeBenito |
2dd1d30 |
Tue, 20 Jun 2006
|
|
Chris PeBenito |
9d3a3f8 |
Wed, 26 Jul 2006
|
|
Chris PeBenito |
a5e2133 |
Wed, 23 Aug 2006
|
|
Chris PeBenito |
eac818f |
Thu, 31 Aug 2006
|
|
Chris PeBenito |
5dbda55 |
Fri, 01 Sep 2006
|
|
Chris PeBenito |
75beb95 |
Tue, 05 Sep 2006
|
|
Chris PeBenito |
8708d9b |
Wed, 20 Sep 2006
|
|
Chris PeBenito |
693d4ae |
Fri, 22 Sep 2006
|
|
Chris PeBenito |
e2b84ef |
Mon, 25 Sep 2006
|
|
Chris PeBenito |
ce3145e |
- Added modules:
|
|
Chris PeBenito |
48b1d0b |
afs
|
|
Chris PeBenito |
8a0a994 |
amavis (Erich Schubert)
|
|
Chris PeBenito |
0c54fcf |
apt (Erich Schubert)
|
|
Chris PeBenito |
e3e37e8 |
asterisk
|
|
Chris PeBenito |
7f74a41 |
audioentropy
|
|
Chris PeBenito |
b6b5747 |
authbind
|
|
Chris PeBenito |
57f233b |
backup
|
|
Chris PeBenito |
99c902f |
calamaris
|
|
Chris PeBenito |
096ae61 |
cipe
|
|
Chris PeBenito |
8a0a994 |
clamav (Erich Schubert)
|
|
Chris PeBenito |
46bec43 |
clockspeed (Petre Rodan)
|
|
Chris PeBenito |
03631a5 |
courier
|
|
Chris PeBenito |
1896311 |
dante
|
|
Chris PeBenito |
6ba4d96 |
dcc
|
|
Chris PeBenito |
70b8a72 |
ddclient
|
|
Chris PeBenito |
0c54fcf |
dpkg (Erich Schubert)
|
|
Chris PeBenito |
9e725d8 |
dnsmasq
|
|
Chris PeBenito |
0834f9b |
ethereal
|
|
Chris PeBenito |
edf241c |
evolution
|
|
Chris PeBenito |
fbc0a27 |
games
|
|
Chris PeBenito |
5d03fc2 |
gatekeeper
|
|
Chris PeBenito |
6cd6d7a |
gift
|
|
Chris PeBenito |
0021906 |
gnome (James Carter)
|
|
Chris PeBenito |
4d73bb4 |
imaze
|
|
Chris PeBenito |
050f364 |
ircd
|
|
Chris PeBenito |
61cf534 |
jabber
|
|
Chris PeBenito |
3f1c086 |
monop
|
|
Chris PeBenito |
9105f90 |
mozilla
|
|
Chris PeBenito |
77b81c6 |
mplayer
|
|
Chris PeBenito |
b6d37eb |
munin
|
|
Chris PeBenito |
f1e604b |
nagios
|
|
Chris PeBenito |
a478b5e |
nessus
|
|
Chris PeBenito |
130f8a4 |
netlabel (Paul Moore)
|
|
Chris PeBenito |
6a21cef |
nsd
|
|
Chris PeBenito |
e3e37e8 |
ntop
|
|
Chris PeBenito |
6bd4494 |
nx
|
|
Chris PeBenito |
2e9cd95 |
oav
|
|
Chris PeBenito |
e2b84ef |
oddjob (Dan Walsh)
|
|
Chris PeBenito |
5bd9fd7 |
openca
|
|
Chris PeBenito |
2ba3de9 |
openvpn (Petre Rodan)
|
|
Chris PeBenito |
0cc79fc |
perdition
|
|
Chris PeBenito |
12cd9a0 |
portslave
|
|
Chris PeBenito |
7f9ebb2 |
postgrey
|
|
Chris PeBenito |
3411c3c |
pxe
|
|
Chris PeBenito |
e993594 |
pyzor (Dan Walsh)
|
|
Chris PeBenito |
65e131f |
qmail (Petre Rodan)
|
|
Chris PeBenito |
20e929e |
razor
|
|
Chris PeBenito |
b057be8 |
resmgr
|
|
Chris PeBenito |
c8d5b35 |
rhgb
|
|
Chris PeBenito |
5540e76 |
rssh
|
|
Chris PeBenito |
e551601 |
snort
|
|
Chris PeBenito |
9b244cb |
soundserver
|
|
Chris PeBenito |
5501be5 |
speedtouch
|
|
Chris PeBenito |
b6cc2f9 |
sxid
|
|
Chris PeBenito |
1852726 |
thunderbird
|
|
Chris PeBenito |
ce3145e |
tor (Erich Schubert)
|
|
Chris PeBenito |
fa89516 |
transproxy
|
|
Chris PeBenito |
8536924 |
tripwire
|
|
Chris PeBenito |
dfd2c1e |
uptime
|
|
Chris PeBenito |
3eec24b |
uwimap
|
|
Chris PeBenito |
b35d3f7 |
vmware
|
|
Chris PeBenito |
d592b69 |
watchdog
|
|
Chris PeBenito |
a3cf80d |
xen (Dan Walsh)
|
|
Chris PeBenito |
5516db6 |
xprint
|
|
Chris PeBenito |
f30e6ea |
yam
|
|
Chris PeBenito |
ce3145e |
|
|
Chris PeBenito |
0fc3e1b |
* Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
|
|
Chris PeBenito |
1c1ac67 |
- Make all interface parameters required.
|
|
Chris PeBenito |
1c1ac67 |
- Move boot_t, system_map_t, and modules_object_t to files module,
|
|
Chris PeBenito |
1c1ac67 |
and move bootloader to admin layer.
|
|
Chris PeBenito |
02bcb8b |
- Add semanage policy for semodule from Dan Walsh.
|
|
Chris PeBenito |
3eea551 |
- Remove allow_execmem from targeted policy domain_base_type().
|
|
Chris PeBenito |
ace3688 |
- Add users_extra and seusers support.
|
|
Chris PeBenito |
0062f96 |
- Postfix fixes from Serge Hallyn.
|
|
Chris PeBenito |
0e686f1 |
- Run python and shell directly to interpret scripts so policy
|
|
Chris PeBenito |
0e686f1 |
sources need not be executable.
|
|
Chris PeBenito |
0e686f1 |
- Add desc tag XML to booleans and tunables, and add summary
|
|
Chris PeBenito |
0e686f1 |
to param XML tag, to make future translations possible.
|
|
Chris PeBenito |
017bab0 |
- Remove unused lvm_vg_t.
|
|
Chris PeBenito |
ffd5c34 |
- Many interface renames to improve naming consistency.
|
|
Chris PeBenito |
0f5d13f |
- Merge xdm into xserver.
|
|
Chris PeBenito |
18cc016 |
- Remove kernel module reversed interfaces.
|
|
Chris PeBenito |
5850761 |
- Add filename attribute to module XML tag and lineno attribute to
|
|
Chris PeBenito |
5850761 |
interface XML tag.
|
|
Chris PeBenito |
9b3756b |
- Changed QUIET build option to a yes or no option.
|
|
Chris PeBenito |
9b3756b |
- Add a Makefile used for compiling loadable modules in a
|
|
Chris PeBenito |
9b3756b |
user's development environment, building against policy headers.
|
|
Chris PeBenito |
9b3756b |
- Add Make target for installing policy headers.
|
|
Chris PeBenito |
4ace0fa |
- Separate per-userdomain template expansion from the userdomain
|
|
Chris PeBenito |
4ace0fa |
module and add infrastructure to expand templates in the modules
|
|
Chris PeBenito |
4ace0fa |
that own the template.
|
|
Chris PeBenito |
4ace0fa |
- Enable secadm only for MLS policies.
|
|
Chris PeBenito |
5e4cbc7 |
- Remove role change rules in su and sudo since this functionality has been
|
|
Chris PeBenito |
5e4cbc7 |
removed from these programs.
|
|
Chris PeBenito |
37227dc |
- Add ctags Make target from Thomas Bleher.
|
|
Chris PeBenito |
7dca64f |
- Collapse commands with grep piped to sed into one sed command.
|
|
Chris PeBenito |
1e786ea |
- Fix type_change bug in term_user_pty().
|
|
Chris PeBenito |
acd87ca |
- Move ice_tmp_t from miscfiles to xserver.
|
|
Chris PeBenito |
85c20af |
- Login fixes from Serge Hallyn.
|
|
Chris PeBenito |
488ec7b |
- Move xserver_log_t from xdm to xserver.
|
|
Chris PeBenito |
8dca6b9 |
- Add lpr per-userdomain policy to lpd.
|
|
Chris PeBenito |
0a77288 |
- Miscellaneous fixes from Dan Walsh.
|
|
Chris PeBenito |
68228b3 |
- Change initrc_var_run_t interface noun from script_pid to utmp,
|
|
Chris PeBenito |
68228b3 |
for greater clarity.
|
|
Chris PeBenito |
8cc4947 |
- Added modules:
|
|
Chris PeBenito |
2bcdbd8 |
certwatch
|
|
Chris PeBenito |
a225f98 |
mono (Dan Walsh)
|
|
Chris PeBenito |
6796266 |
mrtg
|
|
Chris PeBenito |
e1c4142 |
portage
|
|
Chris PeBenito |
b77d019 |
tvtime
|
|
Chris PeBenito |
7c2f5a8 |
userhelper
|
|
Chris PeBenito |
8cc4947 |
usernetctl
|
|
Chris PeBenito |
a225f98 |
wine (Dan Walsh)
|
|
Chris PeBenito |
488ec7b |
xserver
|
|
Chris PeBenito |
8cc4947 |
|
|
Chris PeBenito |
22cb0be |
* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
|
|
Chris PeBenito |
b7b1d23 |
- Adds support for generating corenetwork interfaces based on attributes
|
|
Chris PeBenito |
b7b1d23 |
in addition to types.
|
|
Chris PeBenito |
b7b1d23 |
- Permits the listing of multiple nodes in a network_node() that will be
|
|
Chris PeBenito |
b7b1d23 |
given the same type.
|
|
Chris PeBenito |
b7b1d23 |
- Add two new permission sets for stream sockets.
|
|
Chris PeBenito |
9d59498 |
- Rename file type transition interfaces verb from create to
|
|
Chris PeBenito |
9d59498 |
filetrans to differentiate it from create interfaces without
|
|
Chris PeBenito |
9d59498 |
type transitions.
|
|
Chris PeBenito |
9d59498 |
- Fix expansion of interfaces from disabled modules.
|
|
Chris PeBenito |
de94087 |
- Rsync can be long running from init,
|
|
Chris PeBenito |
de94087 |
added rules to allow this.
|
|
Chris PeBenito |
b07eaef |
- Add polyinstantiation build option.
|
|
Chris PeBenito |
afd38b1 |
- Add setcontext to the association object class.
|
|
Chris PeBenito |
bb43724 |
- Add apache relay and db connect tunables.
|
|
Chris PeBenito |
a324ef1 |
- Rename texrel_shlib_t to textrel_shlib_t.
|
|
Chris PeBenito |
cbe3275 |
- Add swat to samba module.
|
|
Chris PeBenito |
2c24358 |
- Numerous miscellaneous fixes from Dan Walsh.
|
|
Chris PeBenito |
0f73fde |
- Added modules:
|
|
Chris PeBenito |
de8af9d |
alsa
|
|
Chris PeBenito |
7576fad |
automount
|
|
Chris PeBenito |
4ec6941 |
cdrecord
|
|
Chris PeBenito |
44d5d93 |
daemontools (Petre Rodan)
|
|
Chris PeBenito |
8710791 |
ddcprobe
|
|
Chris PeBenito |
44d5d93 |
djbdns (Petre Rodan)
|
|
Chris PeBenito |
a089b6d |
fetchmail
|
|
Chris PeBenito |
8cffa78 |
irc
|
|
Chris PeBenito |
3ffe298 |
java
|
|
Chris PeBenito |
1ae2c31 |
lockdev
|
|
Chris PeBenito |
020cbef |
logwatch (Dan Walsh)
|
|
Chris PeBenito |
0e8ec43 |
openct
|
|
Chris PeBenito |
2c24358 |
prelink (Dan Walsh)
|
|
Chris PeBenito |
44d5d93 |
publicfile (Petre Rodan)
|
|
Chris PeBenito |
6f11d6b |
readahead
|
|
Chris PeBenito |
7e0fa55 |
roundup
|
|
Chris PeBenito |
c8ba683 |
screen
|
|
Chris PeBenito |
6a57b68 |
slocate (Dan Walsh)
|
|
Chris PeBenito |
1d427ac |
slrnpull
|
|
Chris PeBenito |
871b685 |
smartmon
|
|
Chris PeBenito |
0f73fde |
sysstat
|
|
Chris PeBenito |
44d5d93 |
ucspitcp (Petre Rodan)
|
|
Chris PeBenito |
44f490b |
usbmodules
|
|
Chris PeBenito |
39a17ec |
vbetool (Dan Walsh)
|
|
Chris PeBenito |
0f73fde |
|
|
Chris PeBenito |
cd1b0b3 |
* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
|
|
Chris PeBenito |
c0626aa |
- Add unlabeled IPSEC association rule to domains with
|
|
Chris PeBenito |
c0626aa |
networking permissions.
|
|
Chris PeBenito |
bdb2fac |
- Merge systemuser back in to users, as these files
|
|
Chris PeBenito |
bdb2fac |
do not need to be split.
|
|
Chris PeBenito |
0176d13 |
- Add check for duplicate interface/template definitions.
|
|
Chris PeBenito |
058f3ef |
- Move domain, files, and corecommands modules to kernel
|
|
Chris PeBenito |
058f3ef |
layer to resolve some layering inconsistencies.
|
|
Chris PeBenito |
8e0ef1f |
- Move policy build options out of Makefile into build.conf.
|
|
Chris PeBenito |
131e573 |
- Add yppasswd to nis module.
|
|
Chris PeBenito |
1328802 |
- Change optional_policy() to refer to the module name
|
|
Chris PeBenito |
1328802 |
rather than modulename.te.
|
|
Chris PeBenito |
c767b14 |
- Fix labeling targets to use installed file_contexts rather
|
|
Chris PeBenito |
c767b14 |
than partial file_contexts in the policy source directory.
|
|
Chris PeBenito |
c767b14 |
- Fix build process to use make's internal vpath functions
|
|
Chris PeBenito |
c767b14 |
to detect modules rather than using subshells and find.
|
|
Chris PeBenito |
c767b14 |
- Add install target for modular policy.
|
|
Chris PeBenito |
c767b14 |
- Add load target for modular policy.
|
|
Chris PeBenito |
c767b14 |
- Add appconfig dependency to the load target.
|
|
Chris PeBenito |
9cc2ccc |
- Miscellaneous fixes from Dan Walsh.
|
|
Chris PeBenito |
cf6141a |
- Fix corenetwork gen_context()'s to expand during the policy
|
|
Chris PeBenito |
cf6141a |
build phase instead of during the generation phase.
|
|
Chris PeBenito |
cf6141a |
- Added policies:
|
|
Chris PeBenito |
10b1f32 |
amanda
|
|
Chris PeBenito |
4b9516c |
avahi
|
|
Chris PeBenito |
3509484 |
canna
|
|
Chris PeBenito |
ea557a8 |
cyrus
|
|
Chris PeBenito |
a636210 |
dbskk
|
|
Chris PeBenito |
29ce000 |
dovecot
|
|
Chris PeBenito |
cf6141a |
distcc
|
|
Chris PeBenito |
4093c29 |
i18n_input
|
|
Chris PeBenito |
5d5ea8d |
irqbalance
|
|
Chris PeBenito |
ad3b9d7 |
lpd
|
|
Chris PeBenito |
239db5e |
networkmanager
|
|
Chris PeBenito |
230838e |
pegasus
|
|
Chris PeBenito |
04926d0 |
postfix
|
|
Chris PeBenito |
3e6c816 |
procmail
|
|
Chris PeBenito |
385dcd4 |
radius
|
|
Chris PeBenito |
19ff64f |
rdisc
|
|
Chris PeBenito |
43989f8 |
rpc
|
|
Chris PeBenito |
f932d8e |
spamassassin
|
|
Chris PeBenito |
f11f0c1 |
timidity
|
|
Chris PeBenito |
23a4442 |
xdm
|
|
Chris PeBenito |
3f41889 |
xfs
|
|
Chris PeBenito |
2b01ae7 |
|
|
Chris PeBenito |
a4e8b79 |
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
|
|
Chris PeBenito |
61feb22 |
- Many fixes to make loadable modules build.
|
|
Chris PeBenito |
8df65f1 |
- Add targets for sechecker.
|
|
Chris PeBenito |
4f9f30c |
- Updated to sedoctool to read bool files and tunable
|
|
Chris PeBenito |
4f9f30c |
files separately.
|
|
Chris PeBenito |
4f9f30c |
- Changed the xml tag of <boolean> to <bool> to be consistent
|
|
Chris PeBenito |
4f9f30c |
with gen_bool().
|
|
Chris PeBenito |
4f9f30c |
- Modified the implementation of segenxml to use regular
|
|
Chris PeBenito |
4f9f30c |
expressions.
|
|
Chris PeBenito |
e02c61c |
- Rename context_template() to gen_context() to clarify
|
|
Chris PeBenito |
e02c61c |
that its not a Reference Policy template, but a support
|
|
Chris PeBenito |
e02c61c |
macro.
|
|
Chris PeBenito |
b03f960 |
- Add disable_*_trans bool support for targeted policy.
|
|
Chris PeBenito |
f0574fa |
- Add MLS module to handle MLS constraint exceptions,
|
|
Chris PeBenito |
f0574fa |
such as reading up and writing down.
|
|
Chris PeBenito |
681c9a0 |
- Fix errors uncovered by sediff.
|
|
Chris PeBenito |
8428592 |
- Added policies:
|
|
Chris PeBenito |
9edc289 |
anaconda
|
|
Chris PeBenito |
e749cd1 |
apache
|
|
Chris PeBenito |
4483ee8 |
apm
|
|
Chris PeBenito |
4483ee8 |
arpwatch
|
|
Chris PeBenito |
d4dca58 |
bluetooth
|
|
Chris PeBenito |
20e306e |
dmidecode
|
|
Chris PeBenito |
d4dca58 |
finger
|
|
Chris PeBenito |
fc6524d |
ftp
|
|
Chris PeBenito |
8428592 |
kudzu
|
|
Chris PeBenito |
799a0b4 |
mailman
|
|
Chris PeBenito |
e08118a |
ppp
|
|
Chris PeBenito |
fa67570 |
radvd
|
|
Chris PeBenito |
f33561f |
sasl
|
|
Chris PeBenito |
f33561f |
webalizer
|
|
Chris PeBenito |
681c9a0 |
|
|
Chris PeBenito |
4855866 |
* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
|
|
Chris PeBenito |
142e9f4 |
- Make logrotate, sendmail, sshd, and rpm policies
|
|
Chris PeBenito |
142e9f4 |
unconfined in the targeted policy so no special
|
|
Chris PeBenito |
142e9f4 |
modules.conf is required.
|
|
Chris PeBenito |
a082484 |
- Add experimental MCS support.
|
|
Chris PeBenito |
c0e4fe2 |
- Add appconfig for MLS.
|
|
Chris PeBenito |
98a8ead |
- Add equivalents for old can_resolve(), can_ldap(), and
|
|
Chris PeBenito |
98a8ead |
can_portmap() to sysnetwork.
|
|
Chris PeBenito |
082dcd9 |
- Fix base module compile issues.
|
|
Chris PeBenito |
d17b4d2 |
- Added policies:
|
|
Chris PeBenito |
9210553 |
cpucontrol
|
|
Chris PeBenito |
93070cb |
cvs
|
|
Chris PeBenito |
d17b4d2 |
ktalk
|
|
Chris PeBenito |
eb3cb68 |
portmap
|
|
Chris PeBenito |
a1fcff3 |
postgresql
|
|
Chris PeBenito |
4fd5201 |
rlogin
|
|
Chris PeBenito |
84c9223 |
samba
|
|
Chris PeBenito |
ccc5978 |
snmp
|
|
Chris PeBenito |
200f453 |
stunnel
|
|
Chris PeBenito |
4fd5201 |
telnet
|
|
Chris PeBenito |
40adb57 |
tftp
|
|
Chris PeBenito |
f7ba4a8 |
uucp
|
|
Chris PeBenito |
a1fcff3 |
vpn
|
|
Chris PeBenito |
9ff3003 |
zebra
|
|
Chris PeBenito |
d17b4d2 |
|
|
Chris PeBenito |
541b7d5 |
* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
|
|
Chris PeBenito |
ce1b44a |
- Fix errors uncovered by sediff.
|
|
Chris PeBenito |
a19e346 |
- Doc tool will explicitly say a module does not have interfaces
|
|
Chris PeBenito |
a19e346 |
or templates on the module page.
|
|
Chris PeBenito |
6e61566 |
- Added policies:
|
|
Chris PeBenito |
6e61566 |
comsat
|
|
Chris PeBenito |
0c3d170 |
dbus
|
|
Chris PeBenito |
f344c0f |
dhcp
|
|
Chris PeBenito |
ac0483a |
dictd
|
|
Chris PeBenito |
fdae8e7 |
hal
|
|
Chris PeBenito |
8d93523 |
inn
|
|
Chris PeBenito |
b11a75a |
ntp
|
|
Chris PeBenito |
0f707d5 |
squid
|
|
Chris PeBenito |
a19e346 |
|
|
Chris PeBenito |
37aa3ff |
* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
|
|
Chris PeBenito |
e28aa68 |
- Add Makefile support for building loadable modules.
|
|
Chris PeBenito |
e28aa68 |
- Add genclassperms.py tool to add require blocks
|
|
Chris PeBenito |
e28aa68 |
for loadable modules.
|
|
Chris PeBenito |
e28aa68 |
- Change sedoctool to make required modules part of base
|
|
Chris PeBenito |
e28aa68 |
by default, otherwise make as modules, in modules.conf.
|
|
Chris PeBenito |
e28aa68 |
- Fix segenxml to handle modules with no interfaces.
|
|
Chris PeBenito |
e28aa68 |
- Rename ipsec connect interface for consistency.
|
|
Chris PeBenito |
e28aa68 |
- Add missing parts of unix stream socket connect interface
|
|
Chris PeBenito |
e28aa68 |
of ipsec.
|
|
Chris PeBenito |
e28aa68 |
- Rename inetd connect interface for consistency.
|
|
Chris PeBenito |
e28aa68 |
- Rename interface for purging contents of tmp, for clarity,
|
|
Chris PeBenito |
e28aa68 |
since it allows deletion of classes other than file.
|
|
Chris PeBenito |
e28aa68 |
- Misc. cleanups.
|
|
Chris PeBenito |
e28aa68 |
- Added policies:
|
|
Chris PeBenito |
e28aa68 |
acct
|
|
Chris PeBenito |
e28aa68 |
bind
|
|
Chris PeBenito |
e28aa68 |
firstboot
|
|
Chris PeBenito |
e28aa68 |
gpm
|
|
Chris PeBenito |
e28aa68 |
howl
|
|
Chris PeBenito |
e28aa68 |
ldap
|
|
Chris PeBenito |
e28aa68 |
loadkeys
|
|
Chris PeBenito |
e28aa68 |
mysql
|
|
Chris PeBenito |
e28aa68 |
privoxy
|
|
Chris PeBenito |
e28aa68 |
quota
|
|
Chris PeBenito |
e28aa68 |
rshd
|
|
Chris PeBenito |
e28aa68 |
rsync
|
|
Chris PeBenito |
e28aa68 |
su
|
|
Chris PeBenito |
e28aa68 |
sudo
|
|
Chris PeBenito |
e28aa68 |
tcpd
|
|
Chris PeBenito |
e28aa68 |
tmpreaper
|
|
Chris PeBenito |
e28aa68 |
updfstab
|
|
Chris PeBenito |
81343a6 |
|
|
Chris PeBenito |
e28aa68 |
* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
|
|
Chris PeBenito |
e28aa68 |
- Fix comparison bug in fc_sort.
|
|
Chris PeBenito |
e28aa68 |
- Fix handling of ordered and unordered HTML lists.
|
|
Chris PeBenito |
e28aa68 |
- Corenetwork now supports multiple network interfaces having the
|
|
Chris PeBenito |
e28aa68 |
same type.
|
|
Chris PeBenito |
e28aa68 |
- Doc tool now creates pages for global Booleans and global tunables.
|
|
Chris PeBenito |
e28aa68 |
- Doc tool now links directly to the interface/template in the
|
|
Chris PeBenito |
e28aa68 |
module page when it is selected in the interface/template index.
|
|
Chris PeBenito |
e28aa68 |
- Added support for layer summaries.
|
|
Chris PeBenito |
e28aa68 |
- Added policies:
|
|
Chris PeBenito |
e28aa68 |
ipsec
|
|
Chris PeBenito |
e28aa68 |
nscd
|
|
Chris PeBenito |
e28aa68 |
pcmcia
|
|
Chris PeBenito |
e28aa68 |
raid
|
|
Chris PeBenito |
acb668e |
|
|
Chris PeBenito |
e28aa68 |
* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
|
|
Chris PeBenito |
e28aa68 |
- Changed xml to have modules encapsulated by layer tags, rather
|
|
Chris PeBenito |
e28aa68 |
than putting layer="foo" in the module tags. Also in the future
|
|
Chris PeBenito |
e28aa68 |
we can put a summary and description for each layer.
|
|
Chris PeBenito |
e28aa68 |
- Added tool to infer interface, module, and layer tags. This will
|
|
Chris PeBenito |
e28aa68 |
now list all interfaces, even if they are missing xml docs.
|
|
Chris PeBenito |
e28aa68 |
- Shortened xml tag names.
|
|
Chris PeBenito |
e28aa68 |
- Added macros to declare interfaces and templates.
|
|
Chris PeBenito |
e28aa68 |
- Added interface call trace.
|
|
Chris PeBenito |
e28aa68 |
- Updated all xml documentation for shorter and inferred tags.
|
|
Chris PeBenito |
e28aa68 |
- Doc tool now displays templates in the web pages.
|
|
Chris PeBenito |
e28aa68 |
- Doc tool retains the user's settings in modules.conf and
|
|
Chris PeBenito |
e28aa68 |
tunables.conf if the files already exist.
|
|
Chris PeBenito |
e28aa68 |
- Modules.conf behavior has been changed to be a list of all
|
|
Chris PeBenito |
e28aa68 |
available modules, and the user can specify if the module is
|
|
Chris PeBenito |
e28aa68 |
built as a loadable module, included in the monolithic policy,
|
|
Chris PeBenito |
e28aa68 |
or excluded.
|
|
Chris PeBenito |
e28aa68 |
- Added policies:
|
|
Chris PeBenito |
e28aa68 |
fstools (fsck, mkfs, swapon, etc. tools)
|
|
Chris PeBenito |
e28aa68 |
logrotate
|
|
Chris PeBenito |
e28aa68 |
inetd
|
|
Chris PeBenito |
e28aa68 |
kerberos
|
|
Chris PeBenito |
e28aa68 |
nis (ypbind and ypserv)
|
|
Chris PeBenito |
e28aa68 |
ssh (server, client, and agent)
|
|
Chris PeBenito |
e28aa68 |
unconfined
|
|
Chris PeBenito |
e28aa68 |
- Added infrastructure for targeted policy support, only missing
|
|
Chris PeBenito |
e28aa68 |
transition boolean support.
|
|
Chris PeBenito |
dfa83e9 |
|
|
Chris PeBenito |
e28aa68 |
* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
|
|
Chris PeBenito |
e28aa68 |
- Initial release
|