From ea03a1c62fd9b0f974ab28332bf153346454ec6b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mar 11 2010 16:32:40 +0000 Subject: - Update to upstream Add enable/disable patch support from Dan Walsh. Add usepasswd flag to semanage.conf to disable genhomedircon using passwd from Dan Walsh. regenerate swig wrappers --- diff --git a/.cvsignore b/.cvsignore index 21c57a4..777b33f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -116,3 +116,5 @@ libsemanage-2.0.40.tgz libsemanage-2.0.41.tgz libsemanage-2.0.42.tgz libsemanage-2.0.43.tgz +libsemanage-2.0.44.tgz +libsemanage-2.0.45.tgz diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch index c1e58fb..a1f53c5 100644 --- a/libsemanage-rhat.patch +++ b/libsemanage-rhat.patch @@ -1,204 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsalibsemanage/include/semanage/modules.h libsemanage-2.0.43/include/semanage/modules.h ---- nsalibsemanage/include/semanage/modules.h 2009-01-13 08:45:35.000000000 -0500 -+++ libsemanage-2.0.43/include/semanage/modules.h 2009-12-16 16:07:43.000000000 -0500 -@@ -40,10 +40,12 @@ - char *module_data, size_t data_len); - int semanage_module_install_base_file(semanage_handle_t *, - const char *module_name); -+int semanage_module_enable(semanage_handle_t *, char *module_name); -+int semanage_module_disable(semanage_handle_t *, char *module_name); - int semanage_module_remove(semanage_handle_t *, char *module_name); - - /* semanage_module_info is for getting information on installed -- modules, only name and version at this time */ -+ modules, only name and version, and enabled/disabled flag at this time */ - typedef struct semanage_module_info semanage_module_info_t; - - int semanage_module_list(semanage_handle_t *, -@@ -53,5 +55,6 @@ - int n); - const char *semanage_module_get_name(semanage_module_info_t *); - const char *semanage_module_get_version(semanage_module_info_t *); -+int semanage_module_get_enabled(semanage_module_info_t *); - - #endif -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/direct_api.c libsemanage-2.0.43/src/direct_api.c ---- nsalibsemanage/src/direct_api.c 2009-09-17 08:59:43.000000000 -0400 -+++ libsemanage-2.0.43/src/direct_api.c 2009-12-16 16:07:43.000000000 -0500 -@@ -66,6 +66,8 @@ - static int semanage_direct_install_base(semanage_handle_t * sh, char *base_data, - size_t data_len); - static int semanage_direct_install_base_file(semanage_handle_t * sh, const char *module_name); -+static int semanage_direct_enable(semanage_handle_t * sh, char *module_name); -+static int semanage_direct_disable(semanage_handle_t * sh, char *module_name); - static int semanage_direct_remove(semanage_handle_t * sh, char *module_name); - static int semanage_direct_list(semanage_handle_t * sh, - semanage_module_info_t ** modinfo, -@@ -83,6 +85,8 @@ - .upgrade_file = semanage_direct_upgrade_file, - .install_base = semanage_direct_install_base, - .install_base_file = semanage_direct_install_base_file, -+ .enable = semanage_direct_enable, -+ .disable = semanage_direct_disable, - .remove = semanage_direct_remove, - .list = semanage_direct_list - }; -@@ -348,10 +352,17 @@ - semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES)) == NULL) { - return -1; - } -- if (asprintf(filename, "%s/%s.pp", module_path, *module_name) == -1) { -+ if (asprintf(filename, "%s/%s.pp%s", module_path, *module_name, DISABLESTR) == -1) { - ERR(sh, "Out of memory!"); - return -1; - } -+ -+ if (access(*filename, F_OK) == -1) { -+ char *ptr = *filename; -+ int len = strlen(ptr) - strlen(DISABLESTR); -+ if (len > 0) ptr[len]='\0'; -+ } -+ - return 0; - } - -@@ -1273,6 +1284,107 @@ - return retval; - } - -+/* Enables a module from the sandbox. Returns 0 on success, -1 if out -+ * of memory, -2 if module not found or could not be enabled. */ -+static int semanage_direct_enable(semanage_handle_t * sh, char *module_name) -+{ -+ int i, retval = -1; -+ char **module_filenames = NULL; -+ int num_mod_files; -+ size_t name_len = strlen(module_name); -+ if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) == -+ -1) { -+ return -1; -+ } -+ for (i = 0; i < num_mod_files; i++) { -+ char *base = strrchr(module_filenames[i], '/'); -+ if (base == NULL) { -+ ERR(sh, "Could not read module names."); -+ retval = -2; -+ goto cleanup; -+ } -+ base++; -+ if (memcmp(module_name, base, name_len) == 0 && -+ strcmp(base + name_len + 3, DISABLESTR) == 0) { -+ int len = strlen(module_filenames[i]) - strlen(DISABLESTR); -+ char *enabled_name = calloc(1, len+1); -+ if (!enabled_name) { -+ ERR(sh, "Could not allocate memory"); -+ retval = -1; -+ goto cleanup; -+ } -+ -+ strncpy(enabled_name, module_filenames[i],len); -+ -+ if (rename(module_filenames[i], enabled_name) == -1) { -+ ERR(sh, "Could not enable module file %s.", -+ enabled_name); -+ retval = -2; -+ } -+ retval = 0; -+ free(enabled_name); -+ goto cleanup; -+ } -+ } -+ ERR(sh, "Module %s was not found.", module_name); -+ retval = -2; /* module not found */ -+ cleanup: -+ for (i = 0; module_filenames != NULL && i < num_mod_files; i++) { -+ free(module_filenames[i]); -+ } -+ free(module_filenames); -+ return retval; -+} -+ -+/* Enables a module from the sandbox. Returns 0 on success, -1 if out -+ * of memory, -2 if module not found or could not be enabled. */ -+static int semanage_direct_disable(semanage_handle_t * sh, char *module_name) -+{ -+ int i, retval = -1; -+ char **module_filenames = NULL; -+ int num_mod_files; -+ size_t name_len = strlen(module_name); -+ if (semanage_get_modules_names(sh, &module_filenames, &num_mod_files) == -+ -1) { -+ return -1; -+ } -+ for (i = 0; i < num_mod_files; i++) { -+ char *base = strrchr(module_filenames[i], '/'); -+ if (base == NULL) { -+ ERR(sh, "Could not read module names."); -+ retval = -2; -+ goto cleanup; -+ } -+ base++; -+ if (memcmp(module_name, base, name_len) == 0 && -+ strcmp(base + name_len, ".pp") == 0) { -+ char disabled_name[PATH_MAX]; -+ if (snprintf(disabled_name, PATH_MAX, "%s%s", -+ module_filenames[i], DISABLESTR) == PATH_MAX) { -+ ERR(sh, "Could not disable module file %s.", -+ module_filenames[i]); -+ retval = -2; -+ goto cleanup; -+ } -+ if (rename(module_filenames[i], disabled_name) == -1) { -+ ERR(sh, "Could not disable module file %s.", -+ module_filenames[i]); -+ retval = -2; -+ } -+ retval = 0; -+ goto cleanup; -+ } -+ } -+ ERR(sh, "Module %s was not found.", module_name); -+ retval = -2; /* module not found */ -+ cleanup: -+ for (i = 0; module_filenames != NULL && i < num_mod_files; i++) { -+ free(module_filenames[i]); -+ } -+ free(module_filenames); -+ return retval; -+} -+ - /* Removes a module from the sandbox. Returns 0 on success, -1 if out - * of memory, -2 if module not found or could not be removed. */ - static int semanage_direct_remove(semanage_handle_t * sh, char *module_name) -@@ -1293,8 +1405,7 @@ - goto cleanup; - } - base++; -- if (memcmp(module_name, base, name_len) == 0 && -- strcmp(base + name_len, ".pp") == 0) { -+ if (memcmp(module_name, base, name_len) == 0) { - if (unlink(module_filenames[i]) == -1) { - ERR(sh, "Could not remove module file %s.", - module_filenames[i]); -@@ -1369,6 +1480,7 @@ - } - ssize_t size; - char *data = NULL; -+ int enabled = semanage_module_enabled(module_filenames[i]); - - if ((size = bunzip(sh, fp, &data)) > 0) { - fclose(fp); -@@ -1393,6 +1505,7 @@ - if (type == SEPOL_POLICY_MOD) { - (*modinfo)[*num_modules].name = name; - (*modinfo)[*num_modules].version = version; -+ (*modinfo)[*num_modules].enabled = enabled; - (*num_modules)++; - } else { - /* file was not a module, so don't report it */ -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.43/src/genhomedircon.c +diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libsemanage-2.0.44/src/genhomedircon.c --- nsalibsemanage/src/genhomedircon.c 2009-09-17 08:59:43.000000000 -0400 -+++ libsemanage-2.0.43/src/genhomedircon.c 2009-12-16 16:07:43.000000000 -0500 ++++ libsemanage-2.0.44/src/genhomedircon.c 2010-02-24 14:57:23.000000000 -0500 @@ -310,6 +310,10 @@ } if (strcmp(pwbuf->pw_dir, "/") == 0) @@ -220,252 +22,3 @@ diff --exclude-from=exclude -N -u -r nsalibsemanage/src/genhomedircon.c libseman if (push_user_entry(&head, name, seuname, prefix, pwent->pw_dir) != STATUS_SUCCESS) { *errors = STATUS_ERR; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/libsemanage.map libsemanage-2.0.43/src/libsemanage.map ---- nsalibsemanage/src/libsemanage.map 2009-10-29 15:21:39.000000000 -0400 -+++ libsemanage-2.0.43/src/libsemanage.map 2009-12-16 16:07:43.000000000 -0500 -@@ -6,10 +6,13 @@ - semanage_module_install; semanage_module_install_file; - semanage_module_upgrade; semanage_module_upgrade_file; - semanage_module_install_base; semanage_module_install_base_file; -+ semanage_module_enable; -+ semanage_module_disable; - semanage_module_remove; - semanage_module_list; semanage_module_info_datum_destroy; - semanage_module_list_nth; semanage_module_get_name; - semanage_module_get_version; semanage_select_store; -+ semanage_module_get_enabled; - semanage_reload_policy; semanage_set_reload; semanage_set_rebuild; - semanage_user_*; semanage_bool_*; semanage_seuser_*; - semanage_iface_*; semanage_port_*; semanage_context_*; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-2.0.43/src/Makefile ---- nsalibsemanage/src/Makefile 2009-12-01 15:46:50.000000000 -0500 -+++ libsemanage-2.0.43/src/Makefile 2009-12-16 16:07:47.000000000 -0500 -@@ -47,7 +47,7 @@ - LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo - CFLAGS ?= -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter - --override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -+override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -fPIC - - SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ - -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/module_internal.h libsemanage-2.0.43/src/module_internal.h ---- nsalibsemanage/src/module_internal.h 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.43/src/module_internal.h 2009-12-16 16:07:43.000000000 -0500 -@@ -6,6 +6,7 @@ - - hidden_proto(semanage_module_get_name) - hidden_proto(semanage_module_get_version) -+ hidden_proto(semanage_module_get_enabled) - hidden_proto(semanage_module_info_datum_destroy) - hidden_proto(semanage_module_list_nth) - #endif -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.c libsemanage-2.0.43/src/modules.c ---- nsalibsemanage/src/modules.c 2009-09-17 08:59:43.000000000 -0400 -+++ libsemanage-2.0.43/src/modules.c 2009-12-16 16:07:43.000000000 -0500 -@@ -154,6 +154,40 @@ - return sh->funcs->install_base_file(sh, module_name); - } - -+int semanage_module_enable(semanage_handle_t * sh, char *module_name) -+{ -+ if (sh->funcs->enable == NULL) { -+ ERR(sh, "No enable function defined for this connection type."); -+ return -1; -+ } else if (!sh->is_connected) { -+ ERR(sh, "Not connected."); -+ return -1; -+ } else if (!sh->is_in_transaction) { -+ if (semanage_begin_transaction(sh) < 0) { -+ return -1; -+ } -+ } -+ sh->modules_modified = 1; -+ return sh->funcs->enable(sh, module_name); -+} -+ -+int semanage_module_disable(semanage_handle_t * sh, char *module_name) -+{ -+ if (sh->funcs->disable == NULL) { -+ ERR(sh, "No disable function defined for this connection type."); -+ return -1; -+ } else if (!sh->is_connected) { -+ ERR(sh, "Not connected."); -+ return -1; -+ } else if (!sh->is_in_transaction) { -+ if (semanage_begin_transaction(sh) < 0) { -+ return -1; -+ } -+ } -+ sh->modules_modified = 1; -+ return sh->funcs->disable(sh, module_name); -+} -+ - int semanage_module_remove(semanage_handle_t * sh, char *module_name) - { - if (sh->funcs->remove == NULL) { -@@ -209,6 +243,13 @@ - - hidden_def(semanage_module_get_name) - -+int semanage_module_get_enabled(semanage_module_info_t * modinfo) -+{ -+ return modinfo->enabled; -+} -+ -+hidden_def(semanage_module_get_enabled) -+ - const char *semanage_module_get_version(semanage_module_info_t * modinfo) - { - return modinfo->version; -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/modules.h libsemanage-2.0.43/src/modules.h ---- nsalibsemanage/src/modules.h 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.43/src/modules.h 2009-12-16 16:07:43.000000000 -0500 -@@ -26,6 +26,7 @@ - struct semanage_module_info { - char *name; /* Key */ - char *version; -+ int enabled; - }; - - #endif -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/policy.h libsemanage-2.0.43/src/policy.h ---- nsalibsemanage/src/policy.h 2009-01-13 08:45:35.000000000 -0500 -+++ libsemanage-2.0.43/src/policy.h 2009-12-16 16:07:43.000000000 -0500 -@@ -58,6 +58,12 @@ - /* Upgrade a policy module */ - int (*upgrade_file) (struct semanage_handle *, const char *); - -+ /* Enable a policy module */ -+ int (*enable) (struct semanage_handle *, char *); -+ -+ /* Disable a policy module */ -+ int (*disable) (struct semanage_handle *, char *); -+ - /* Remove a policy module */ - int (*remove) (struct semanage_handle *, char *); - -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-2.0.43/src/semanage.conf ---- nsalibsemanage/src/semanage.conf 2008-08-28 09:34:24.000000000 -0400 -+++ libsemanage-2.0.43/src/semanage.conf 2009-12-16 16:07:43.000000000 -0500 -@@ -35,4 +35,4 @@ - # given in . Change this setting if a different - # version is necessary. - #policy-version = 19 -- -+expand-check=0 -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.c libsemanage-2.0.43/src/semanage_store.c ---- nsalibsemanage/src/semanage_store.c 2009-10-29 15:21:39.000000000 -0400 -+++ libsemanage-2.0.43/src/semanage_store.c 2009-12-16 16:07:43.000000000 -0500 -@@ -57,6 +57,8 @@ - - #include "debug.h" - -+const char *DISABLESTR=".disabled"; -+ - #define SEMANAGE_CONF_FILE "semanage.conf" - /* relative path names to enum semanage_paths to special files and - * directories for the module store */ -@@ -433,6 +435,21 @@ - return 1; - } - -+int semanage_module_enabled(const char *file) { -+ int len = strlen(file) - strlen(DISABLESTR); -+ return (len < 0 || strcmp(&file[len], DISABLESTR) != 0); -+} -+ -+static int semanage_modulename_select(const struct dirent *d) -+{ -+ if (d->d_name[0] == '.' -+ && (d->d_name[1] == '\0' -+ || (d->d_name[1] == '.' && d->d_name[2] == '\0'))) -+ return 0; -+ -+ return semanage_module_enabled(d->d_name); -+} -+ - /* Copies a file from src to dst. If dst already exists then - * overwrite it. Returns 0 on success, -1 on error. */ - static int semanage_copy_file(const char *src, const char *dst, mode_t mode) -@@ -599,15 +616,8 @@ - return -1; - } - --/* Scans the modules directory for the current semanage handler. This -- * might be the active directory or sandbox, depending upon if the -- * handler has a transaction lock. Allocates and fills in *filenames -- * with an array of module filenames; length of array is stored in -- * *len. The caller is responsible for free()ing *filenames and its -- * individual elements. Upon success returns 0, -1 on error. -- */ --int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, -- int *len) -+static int semanage_get_modules_names_filter(semanage_handle_t * sh, char ***filenames, -+ int *len, int (*filter)(const struct dirent *)) - { - const char *modules_path; - struct dirent **namelist = NULL; -@@ -622,7 +632,7 @@ - *filenames = NULL; - *len = 0; - if ((num_files = scandir(modules_path, &namelist, -- semanage_filename_select, alphasort)) == -1) { -+ filter, alphasort)) == -1) { - ERR(sh, "Error while scanning directory %s.", modules_path); - goto cleanup; - } -@@ -663,6 +673,34 @@ - return retval; - } - -+/* Scans the modules directory for the current semanage handler. This -+ * might be the active directory or sandbox, depending upon if the -+ * handler has a transaction lock. Allocates and fills in *filenames -+ * with an array of module filenames; length of array is stored in -+ * *len. The caller is responsible for free()ing *filenames and its -+ * individual elements. Upon success returns 0, -1 on error. -+ */ -+int semanage_get_modules_names(semanage_handle_t * sh, char ***filenames, -+ int *len) -+{ -+ return semanage_get_modules_names_filter(sh, filenames, -+ len, semanage_filename_select); -+} -+ -+/* Scans the modules directory for the current semanage handler. This -+ * might be the active directory or sandbox, depending upon if the -+ * handler has a transaction lock. Allocates and fills in *filenames -+ * with an array of module filenames; length of array is stored in -+ * *len. The caller is responsible for free()ing *filenames and its -+ * individual elements. Upon success returns 0, -1 on error. -+ */ -+int semanage_get_active_modules_names(semanage_handle_t * sh, char ***filenames, -+ int *len) -+{ -+ return semanage_get_modules_names_filter(sh, filenames, -+ len, semanage_modulename_select); -+} -+ - /******************* routines that run external programs *******************/ - - /* Appends a single character to a string. Returns a pointer to the -@@ -1589,7 +1627,7 @@ - } - - /* get list of modules and load them */ -- if (semanage_get_modules_names(sh, &module_filenames, &num_modules) == -+ if (semanage_get_active_modules_names(sh, &module_filenames, &num_modules) == - -1 || semanage_load_module(sh, base_filename, base) == -1) { - goto cleanup; - } -diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage_store.h libsemanage-2.0.43/src/semanage_store.h ---- nsalibsemanage/src/semanage_store.h 2009-07-07 15:32:32.000000000 -0400 -+++ libsemanage-2.0.43/src/semanage_store.h 2009-12-16 16:07:43.000000000 -0500 -@@ -128,4 +128,6 @@ - size_t buf_len, - char **sorted_buf, size_t * sorted_buf_len); - -+extern const char *DISABLESTR; -+ - #endif diff --git a/libsemanage.spec b/libsemanage.spec index 09e4105..9e6d403 100644 --- a/libsemanage.spec +++ b/libsemanage.spec @@ -2,13 +2,14 @@ %define libselinuxver 2.0.0-1 Summary: SELinux binary policy manipulation library Name: libsemanage -Version: 2.0.43 -Release: 3%{?dist} +Version: 2.0.45 +Release: 1%{?dist} License: LGPLv2+ Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz Patch: libsemanage-rhat.patch URL: http://www.selinuxproject.org +Source1: semanage.conf BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libselinux-devel >= %{libselinuxver} swig ustr-devel @@ -68,13 +69,13 @@ make clean make CFLAGS="%{optflags}" swigify make CFLAGS="%{optflags}" LIBDIR="%{_libdir}" SHLIBDIR="%{_lib}" all pywrap - %install rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}/%{_lib} mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir} make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install install-pywrap +cp %{SOURCE1} ${RPM_BUILD_ROOT}/etc/selinux/semanage.conf ln -sf /%{_lib}/libsemanage.so.1 ${RPM_BUILD_ROOT}/%{_libdir}/libsemanage.so %clean @@ -102,9 +103,29 @@ rm -rf ${RPM_BUILD_ROOT} %{_mandir}/man3/* %files python +%defattr(-,root,root) %{_libdir}/python*/site-packages/* %changelog +* Mon Mar 8 2010 Dan Walsh - 2.0.45-1 +- Update to upstream + * Add enable/disable patch support from Dan Walsh. + * Add usepasswd flag to semanage.conf to disable genhomedircon using + passwd from Dan Walsh. + * regenerate swig wrappers + +* Thu Feb 25 2010 Dan Walsh - 2.0.44-2 +- Allow disable of usepasswd + +* Wed Feb 17 2010 Dan Walsh - 2.0.44-1 +- Update to upstream + * Replace usage of fmemopen() with sepol_policy_file_set_mem() since + glibc < 2.9 does not support binary mode ('b') for fmemopen'd + streams. + +* Thu Jan 28 2010 Dan Walsh - 2.0.43-4 +- Cleanup spec file + * Mon Jan 18 2010 Dan Walsh - 2.0.43-3 - Splect libsemanage.a into a static subpackage to keep fedora packaging guidelines happy @@ -113,35 +134,35 @@ rm -rf ${RPM_BUILD_ROOT} * Tue Dec 1 2009 Dan Walsh - 2.0.43-1 - Update to upstream - * Move libsemanage.so to /usr/lib - * Add NAME lines to man pages from Manoj Srivastava + * Move libsemanage.so to /usr/lib + * Add NAME lines to man pages from Manoj Srivastava * Wed Nov 18 2009 Dan Walsh - 2.0.42-1 - Update to upstream - * Move load_policy from /usr/sbin to /sbin from Dan Walsh. + * Move load_policy from /usr/sbin to /sbin from Dan Walsh. * Mon Nov 2 2009 Dan Walsh - 2.0.41-1 - Update to upstream - * Add pkgconfig file from Eamon Walsh. - * Add semanage_set_check_contexts() function to disable calling - setfiles + * Add pkgconfig file from Eamon Walsh. + * Add semanage_set_check_contexts() function to disable calling + setfiles * Mon Sep 28 2009 Dan Walsh - 2.0.39-1 - Update to upstream - * make swigify + * make swigify * Sun Sep 20 2009 Dan Walsh - 2.0.38-2 - Dont relabel /root with genhomedircon * Thu Sep 17 2009 Dan Walsh - 2.0.38-1 - Update to upstream - * Change semodule upgrade behavior to install even if the module - is not present from Dan Walsh. - * Make genhomedircon trim excess '/' from homedirs from Dan Walsh. + * Change semodule upgrade behavior to install even if the module + is not present from Dan Walsh. + * Make genhomedircon trim excess '/' from homedirs from Dan Walsh. * Wed Sep 9 2009 Dan Walsh - 2.0.37-1 - Update to upstream - * Fix persistent dontaudit support to rebuild policy if the + * Fix persistent dontaudit support to rebuild policy if the dontaudit state is changed from Chad Sellers. - Move load_policy to /sbin @@ -150,18 +171,18 @@ rm -rf ${RPM_BUILD_ROOT} * Wed Aug 26 2009 Dan Walsh - 2.0.36-1 - Update to upstream - * Changed bzip-blocksize=0 handling to support existing compressed - modules in the store. + * Changed bzip-blocksize=0 handling to support existing compressed + modules in the store. * Wed Aug 26 2009 Dan Walsh - 2.0.35-2 - Make sure /root is not used in genhomedircon * Wed Aug 5 2009 Dan Walsh - 2.0.35-1 - * Revert hard linking of files between tmp/active/previous. - * Enable configuration of bzip behavior from Stephen Smalley. - bzip-blocksize=0 to disable compression and decompression support. - bzip-blocksize=1..9 to set the blocksize for compression. - bzip-small=true to reduce memory usage for decompression. + * Revert hard linking of files between tmp/active/previous. + * Enable configuration of bzip behavior from Stephen Smalley. + bzip-blocksize=0 to disable compression and decompression support. + bzip-blocksize=1..9 to set the blocksize for compression. + bzip-small=true to reduce memory usage for decompression. * Sat Jul 25 2009 Fedora Release Engineering - 2.0.33-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild @@ -174,7 +195,7 @@ rm -rf ${RPM_BUILD_ROOT} * Mon Jun 8 2009 Dan Walsh - 2.0.32-1 - Update to upstream - * Ruby bindings from David Quigley. + * Ruby bindings from David Quigley. * Thu Apr 9 2009 Dan Walsh - 2.0.31-5 - Return error on invalid file @@ -190,8 +211,8 @@ rm -rf ${RPM_BUILD_ROOT} * Mon Jan 12 2009 Dan Walsh - 2.0.31-1 - Update to upstream - * Policy module compression (bzip) support from Dan Walsh. - * Hard link files between tmp/active/previous from Dan Walsh. + * Policy module compression (bzip) support from Dan Walsh. + * Hard link files between tmp/active/previous from Dan Walsh. * Mon Jan 12 2009 Dan Walsh - 2.0.30-3 - Fix up patch to get it upstreamed @@ -200,21 +221,21 @@ rm -rf ${RPM_BUILD_ROOT} - Rebuild for Python 2.6 * Thu Dec 4 2008 Dan Walsh - 2.0.30-1 - * Add semanage_mls_enabled() interface from Stephen Smalley. + * Add semanage_mls_enabled() interface from Stephen Smalley. * Sat Nov 29 2008 Ignacio Vazquez-Abrams - 2.0.29-2 - Rebuild for Python 2.6 * Mon Sep 15 2008 Dan Walsh - 2.0.28-1 - Update to upstream - * Add USER to lines to homedir_template context file from Chris PeBenito. + * Add USER to lines to homedir_template context file from Chris PeBenito. * Mon Sep 15 2008 Dan Walsh - 2.0.28-2 - Add compression support * Mon Sep 15 2008 Dan Walsh - 2.0.28-1 - Update to upstream - * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh + * allow fcontext and seuser changes without rebuilding the policy from Dan Walsh * Wed Sep 10 2008 Dan Walsh - 2.0.27-3 - Additional fixes for Don't rebuild on fcontext or seuser modifications @@ -224,13 +245,13 @@ rm -rf ${RPM_BUILD_ROOT} * Tue Aug 5 2008 Dan Walsh - 2.0.27-1 - Update to upstream - * Modify genhomedircon to skip %groupname entries. - Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the %groupname syntax. + * Modify genhomedircon to skip groupname entries. + Ultimately we need to expand them to the list of users to support per-role homedir labeling when using the groupname syntax. * Wed Jul 29 2008 Dan Walsh - 2.0.26-1 - Update to upstream - * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. - Strip any trailing slash before appending /*$. + * Fix bug in genhomedircon fcontext matches logic from Dan Walsh. + Strip any trailing slash before appending /*$. * Thu Jun 17 2008 Dan Walsh - 2.0.25-3 - Another fix for genhomedircon @@ -240,48 +261,47 @@ rm -rf ${RPM_BUILD_ROOT} * Tue Feb 5 2008 Dan Walsh - 2.0.25-1 - Update to upstream - * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley. - Fixes semanage boolean -D seg fault (bug 441379). + * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley. + Fixes semanage boolean -D seg fault (bug 441379). * Tue Feb 5 2008 Dan Walsh - 2.0.24-1 - Update to upstream - * make swigify + * make swigify * Tue Feb 5 2008 Dan Walsh - 2.0.23-1 - Update to upstream - * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller. + * Use vfork rather than fork for libsemanage helpers to reduce memory overhead as suggested by Todd Miller. * Mon Feb 4 2008 Dan Walsh - 2.0.22-1 - Update to upstream - * Free policydb before fork from Joshua Brindle. - * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley. + * Free policydb before fork from Joshua Brindle. + * Drop the base module immediately after expanding to permit memory re-use from Stephen Smalley. * Sat Feb 2 2008 Dan Walsh - 2.0.20-1 - Update to upstream - * Use sepol_set_expand_consume_base to reduce peak memory usage when - using semodule + * Use sepol_set_expand_consume_base to reduce peak memory usage when + using semodule * Fri Feb 1 2008 Dan Walsh - 2.0.19-1 - Update to upstream - * Fix genhomedircon to not override a file context with a homedir context from Todd Miller. + * Fix genhomedircon to not override a file context with a homedir context from Todd Miller. * Tue Jan 29 2008 Dan Walsh - 2.0.18-1 - Update to upstream - * Fix spurious out of memory error reports. - * Merged second version of fix for genhomedircon handling from Caleb Case. + * Fix spurious out of memory error reports. + * Merged second version of fix for genhomedircon handling from Caleb Case. * Tue Jan 22 2008 Dan Walsh - 2.0.16-1 - Update to upstream - * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case. + * Merged fix for genhomedircon handling of missing HOME_DIR or HOME_ROOT templates from Caleb Case. * Tue Jan 22 2008 Dan Walsh - 2.0.15-2 - Stop differentiating on user for homedir labeling * Thu Dec 6 2007 Dan Walsh - 2.0.15-1 - Update to upstream - * Fix genhomedircon handling of shells and missing user context template from Dan Walsh. - * Copy the store path in semanage_select_store from Dan Walsh. - + * Fix genhomedircon handling of shells and missing user context template from Dan Walsh. + * Copy the store path in semanage_select_store from Dan Walsh. - Add expand-check=0 to semanage.conf * Mon Dec 3 2007 Dan Walsh - 2.0.14-5 @@ -295,34 +315,34 @@ rm -rf ${RPM_BUILD_ROOT} * Tue Nov 6 2007 Dan Walsh - 2.0.14-1 - Upgrade to latest from NSA - * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley. - * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. + * Call rmdir() rather than remove() on directory removal so that errno isn't polluted from Stephen Smalley. + * Allow handle_unknown in base to be overridden by semanage.conf from Stephen Smalley. * Fri Oct 5 2007 Dan Walsh - 2.0.12-1 - Upgrade to latest from NSA - * ustr cleanups from James Antill. - * Ensure that /root gets labeled even if using the default context from Dan Walsh. + * ustr cleanups from James Antill. + * Ensure that /root gets labeled even if using the default context from Dan Walsh. * Fri Sep 28 2007 Dan Walsh - 2.0.11-1 - Upgrade to latest from NSA - * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh. + * Fix ordering of file_contexts.homedirs from Todd Miller and Dan Walsh. * Fri Sep 28 2007 Dan Walsh - 2.0.10-2 - Fix sort order on generated homedir context * Fri Sep 28 2007 Dan Walsh - 2.0.10-1 - Upgrade to latest from NSA - * Fix error checking on getpw*_r functions from Todd Miller. - * Make genhomedircon skip invalid homedir contexts from Todd Miller. - * Set default user and prefix from seusers from Dan Walsh. - * Add swigify Makefile target from Dan Walsh. + * Fix error checking on getpw*_r functions from Todd Miller. + * Make genhomedircon skip invalid homedir contexts from Todd Miller. + * Set default user and prefix from seusers from Dan Walsh. + * Add swigify Makefile target from Dan Walsh. * Wed Sep 26 2007 Dan Walsh - 2.0.9-1 - Upgrade to latest from NSA - * Pass CFLAGS to CC even on link command, per Dennis Gilmore. - * Clear errno on non-fatal errors to avoid reporting them upon a - later error that does not set errno. - * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley. + * Pass CFLAGS to CC even on link command, per Dennis Gilmore. + * Clear errno on non-fatal errors to avoid reporting them upon a + later error that does not set errno. + * Improve reporting of system errors, e.g. full filesystem or read-only filesystem from Stephen Smalley. - Fix segfault in genhomedircon when using bad user names @@ -332,15 +352,15 @@ rm -rf ${RPM_BUILD_ROOT} * Thu Sep 13 2007 Dan Walsh - 2.0.6-1 - Upgrade to latest from NSA - * Change to use getpw* function calls to the _r versions from Todd Miller. + * Change to use getpw* function calls to the _r versions from Todd Miller. * Thu Aug 23 2007 Dan Walsh - 2.0.5-1 - Upgrade to latest from NSA * Mon Aug 20 2007 Dan Walsh - 2.0.4-1 - Upgrade to latest from NSA - * Allow dontaudits to be turned off via semanage interface when - updating policy + * Allow dontaudits to be turned off via semanage interface when + updating policy * Sat Aug 11 2007 Dan Walsh - 2.0.3-5 - Add ability to load a policy without dontaudit rules @@ -357,39 +377,39 @@ rm -rf ${RPM_BUILD_ROOT} * Wed Apr 25 2007 Dan Walsh - 2.0.3-1 - Upgrade to latest from NSA - * Fix to libsemanage man patches so whatis will work better from Dan Walsh + * Fix to libsemanage man patches so whatis will work better from Dan Walsh * Wed Apr 25 2007 Dan Walsh - 2.0.2-1 - Upgrade to latest from NSA - * Merged optimizations from Stephen Smalley. - - do not set all booleans upon commit, only those whose values have changed - - only install the sandbox upon commit if something was rebuilt + * Merged optimizations from Stephen Smalley. + - do not set all booleans upon commit, only those whose values have changed + - only install the sandbox upon commit if something was rebuilt * Sat Mar 17 2007 Dan Walsh - 2.0.1-2 - Add SELinux to Man page Names so man -k will work * Mon Mar 12 2007 Dan Walsh - 2.0.1-1 - * Merged dbase_file_flush patch from Dan Walsh. - This removes any mention of specific tools (e.g. semanage) - from the comment header of the auto-generated files, - since there are multiple front-end tools. + * Merged dbase_file_flush patch from Dan Walsh. + This removes any mention of specific tools (e.g. semanage) + from the comment header of the auto-generated files, + since there are multiple front-end tools. * Tue Feb 20 2007 Dan Walsh - 2.0.0-1 - Upgrade to latest from NSA - * Merged Makefile test target patch from Caleb Case. - * Merged get_commit_number function rename patch from Caleb Case. - * Merged strnlen -> strlen patch from Todd Miller. + * Merged Makefile test target patch from Caleb Case. + * Merged get_commit_number function rename patch from Caleb Case. + * Merged strnlen -> strlen patch from Todd Miller. * Wed Feb 7 2007 Dan Walsh - 1.10.1-1 - Upgrade to latest from NSA - * Merged python binding fix from Dan Walsh. - * Updated version for stable branch. + * Merged python binding fix from Dan Walsh. + * Updated version for stable branch. * Fri Dec 22 2006 Dan Walsh - 1.9.2-1 - Upgrade to latest from NSA - * Merged patch to optionally reduce disk usage by removing - the backup module store and linked policy from Karl MacMillan - * Merged patch to correctly propagate return values in libsemanage + * Merged patch to optionally reduce disk usage by removing + the backup module store and linked policy from Karl MacMillan + * Merged patch to correctly propagate return values in libsemanage * Fri Dec 22 2006 Dan Walsh - 1.9.1-3 - Apply Karl MacMillan patch to get proper error codes. @@ -399,23 +419,23 @@ rm -rf ${RPM_BUILD_ROOT} * Tue Nov 28 2006 Dan Walsh - 1.9.1-1 - Upgrade to latest from NSA - * Merged patch to compile wit -fPIC instead of -fpic from - Manoj Srivastava to prevent hitting the global offest table - limit. Patch changed to include libselinux and libsemanage in - addition to libsepol. + * Merged patch to compile wit -fPIC instead of -fpic from + Manoj Srivastava to prevent hitting the global offest table + limit. Patch changed to include libselinux and libsemanage in + addition to libsepol. * Tue Oct 17 2006 Dan Walsh - 1.8-1 - Upgrade to latest from NSA - * Updated version for release. + * Updated version for release. * Thu Aug 31 2006 Dan Walsh - 1.6.17-1 - Upgrade to latest from NSA - * Merged patch to skip reload if no active store exists and - the store path doesn't match the active store path from Dan Walsh. - * Merged patch to not destroy sepol handle on error path of - connect from James Athey. - * Merged patch to add genhomedircon path to semanage.conf from - James Athey. + * Merged patch to skip reload if no active store exists and + the store path doesn't match the active store path from Dan Walsh. + * Merged patch to not destroy sepol handle on error path of + connect from James Athey. + * Merged patch to add genhomedircon path to semanage.conf from + James Athey. * Thu Aug 31 2006 Dan Walsh - 1.6.16-3 - Fix semanage to not load if is not the correct policy type and it is installing @@ -425,14 +445,14 @@ rm -rf ${RPM_BUILD_ROOT} * Wed Aug 23 2006 Dan Walsh - 1.6.16-1 - Upgrade to latest from NSA - * Make most copy errors fatal, but allow exceptions for - file_contexts.local, seusers, and netfilter_contexts if - the source file does not exist in the store. + * Make most copy errors fatal, but allow exceptions for + file_contexts.local, seusers, and netfilter_contexts if + the source file does not exist in the store. * Sat Aug 12 2006 Dan Walsh - 1.6.15-1 - Upgrade to latest from NSA - * Merged separate local file contexts patch from Chris PeBenito. - * Merged patch to make most copy errors non-fatal from Dan Walsh. + * Merged separate local file contexts patch from Chris PeBenito. + * Merged patch to make most copy errors non-fatal from Dan Walsh. * Thu Aug 10 2006 Dan Walsh - 1.6.13-3 - Change other updates to be non-fatal @@ -442,40 +462,40 @@ rm -rf ${RPM_BUILD_ROOT} * Thu Aug 3 2006 Dan Walsh - 1.6.13-1 - Upgrade to latest from NSA - * Merged netfilter contexts support from Chris PeBenito. + * Merged netfilter contexts support from Chris PeBenito. * Mon Jul 17 2006 Dan Walsh - 1.6.12-2 - Rebuild for new gcc * Tue Jul 11 2006 Dan Walsh - 1.6.12-1 - Upgrade to latest from NSA - * Merged support for read operations on read-only fs from - Caleb Case (Tresys Technology). + * Merged support for read operations on read-only fs from + Caleb Case (Tresys Technology). * Tue Jul 4 2006 Dan Walsh - 1.6.11-1 - Upgrade to latest from NSA - * Lindent. - * Merged setfiles location check patch from Dan Walsh. + * Lindent. + * Merged setfiles location check patch from Dan Walsh. * Fri Jun 16 2006 Dan Walsh - 1.6.9-1 - Upgrade to latest from NSA - * Merged several fixes from Serge Hallyn: - dbase_file_cache: deref of uninit data on error path. - dbase_policydb_cache: clear fp to avoid double fclose - semanage_fc_sort: destroy temp on error paths + * Merged several fixes from Serge Hallyn: + dbase_file_cache: deref of uninit data on error path. + dbase_policydb_cache: clear fp to avoid double fclose + semanage_fc_sort: destroy temp on error paths * Fri Jun 16 2006 Dan Walsh - 1.6.8-2 - Handle setfiles being in /sbin or /usr/sbin * Mon May 15 2006 Dan Walsh - 1.6.8-1 - Upgrade to latest from NSA - * Updated default location for setfiles to /sbin to - match policycoreutils. This can also be adjusted via - semanage.conf using the syntax: - [setfiles] - path = /path/to/setfiles - args = -q -c $@ $< - [end] + * Updated default location for setfiles to /sbin to + match policycoreutils. This can also be adjusted via + semanage.conf using the syntax: + [setfiles] + path = /path/to/setfiles + args = -q -c $@ $< + [end] * Mon May 15 2006 Dan Walsh - 1.6.7-3 - Spec file cleanup from n0dalus+redhat@gmail.com @@ -485,60 +505,60 @@ rm -rf ${RPM_BUILD_ROOT} * Mon May 8 2006 Dan Walsh - 1.6.7-1 - Upgrade to latest from NSA - * Merged fix warnings patch from Karl MacMillan. + * Merged fix warnings patch from Karl MacMillan. * Fri Apr 14 2006 Dan Walsh - 1.6.6-1 - Upgrade to latest from NSA - * Merged updated file context sorting patch from Christopher - Ashworth, with bug fix for escaped character flag. - * Merged file context sorting code from Christopher Ashworth - (Tresys Technology), based on fc_sort.c code in refpolicy. - * Merged python binding t_output_helper removal patch from Dan Walsh. - * Regenerated swig files. + * Merged updated file context sorting patch from Christopher + Ashworth, with bug fix for escaped character flag. + * Merged file context sorting code from Christopher Ashworth + (Tresys Technology), based on fc_sort.c code in refpolicy. + * Merged python binding t_output_helper removal patch from Dan Walsh. + * Regenerated swig files. * Wed Mar 29 2006 Dan Walsh - 1.6.3-1 - Fix to work with new version of swig - Upgrade to latest from NSA - * Merged corrected fix for descriptor leak from Dan Walsh. + * Merged corrected fix for descriptor leak from Dan Walsh. * Wed Mar 29 2006 Dan Walsh - 1.6.2-2 - Fix leaky descriptor * Tue Mar 21 2006 Dan Walsh - 1.6.2-1 - Upgrade to latest from NSA - * Merged Makefile PYLIBVER definition patch from Dan Walsh. - * Merged man page reorganization from Ivan Gyurdiev. + * Merged Makefile PYLIBVER definition patch from Dan Walsh. + * Merged man page reorganization from Ivan Gyurdiev. * Fri Mar 17 2006 Dan Walsh - 1.6-1 - Make work on RHEL4 - Upgrade to latest from NSA - * Merged abort early on merge errors patch from Ivan Gyurdiev. - * Cleaned up error handling in semanage_split_fc based on a patch - by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. - * Merged MLS handling fixes from Ivan Gyurdiev. + * Merged abort early on merge errors patch from Ivan Gyurdiev. + * Cleaned up error handling in semanage_split_fc based on a patch + by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. + * Merged MLS handling fixes from Ivan Gyurdiev. * Fri Feb 17 2006 Dan Walsh - 1.5.28-1 - Upgrade to latest from NSA - * Merged bug fix for fcontext validate handler from Ivan Gyurdiev. - * Merged base_merge_components changes from Ivan Gyurdiev. + * Merged bug fix for fcontext validate handler from Ivan Gyurdiev. + * Merged base_merge_components changes from Ivan Gyurdiev. * Thu Feb 16 2006 Dan Walsh - 1.5.26-1 - Upgrade to latest from NSA - * Merged paths array patch from Ivan Gyurdiev. - * Merged bug fix patch from Ivan Gyurdiev. - * Merged improve bindings patch from Ivan Gyurdiev. - * Merged use PyList patch from Ivan Gyurdiev. - * Merged memory leak fix patch from Ivan Gyurdiev. - * Merged nodecon support patch from Ivan Gyurdiev. - * Merged cleanups patch from Ivan Gyurdiev. - * Merged split swig patch from Ivan Gyurdiev. + * Merged paths array patch from Ivan Gyurdiev. + * Merged bug fix patch from Ivan Gyurdiev. + * Merged improve bindings patch from Ivan Gyurdiev. + * Merged use PyList patch from Ivan Gyurdiev. + * Merged memory leak fix patch from Ivan Gyurdiev. + * Merged nodecon support patch from Ivan Gyurdiev. + * Merged cleanups patch from Ivan Gyurdiev. + * Merged split swig patch from Ivan Gyurdiev. * Mon Feb 13 2006 Dan Walsh - 1.5.23-1 - Upgrade to latest from NSA - * Merged optionals in base patch from Joshua Brindle. - * Merged treat seusers/users_extra as optional sections patch from - Ivan Gyurdiev. - * Merged parse_optional fixes from Ivan Gyurdiev. + * Merged optionals in base patch from Joshua Brindle. + * Merged treat seusers/users_extra as optional sections patch from + Ivan Gyurdiev. + * Merged parse_optional fixes from Ivan Gyurdiev. * Fri Feb 10 2006 Jesse Keating - 1.5.21-2.1 - bump again for double-long bug on ppc(64) @@ -548,111 +568,111 @@ rm -rf ${RPM_BUILD_ROOT} * Tue Feb 07 2006 Dan Walsh - 1.5.21-1 - Upgrade to latest from NSA - * Merged seuser/user_extra support patch from Joshua Brindle. - * Merged remote system dbase patch from Ivan Gyurdiev. + * Merged seuser/user_extra support patch from Joshua Brindle. + * Merged remote system dbase patch from Ivan Gyurdiev. * Tue Feb 07 2006 Jesse Keating - 1.5.20-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Thu Feb 2 2006 Dan Walsh 1.5.20-1 - Upgrade to latest from NSA - * Merged clone record on set_con patch from Ivan Gyurdiev. + * Merged clone record on set_con patch from Ivan Gyurdiev. * Mon Jan 30 2006 Dan Walsh 1.5.19-1 - Upgrade to latest from NSA - * Merged fname parameter patch from Ivan Gyurdiev. - * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev. - * Merged seusers.system patch from Ivan Gyurdiev. - * Merged improve port/fcontext API patch from Ivan Gyurdiev. + * Merged fname parameter patch from Ivan Gyurdiev. + * Merged more size_t -> unsigned int fixes from Ivan Gyurdiev. + * Merged seusers.system patch from Ivan Gyurdiev. + * Merged improve port/fcontext API patch from Ivan Gyurdiev. * Fri Jan 27 2006 Dan Walsh 1.5.18-1 - Upgrade to latest from NSA - * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev. - * Merged set_create_store, access_check, and is_connected interfaces - from Joshua Brindle. + * Merged seuser -> seuser_local rename patch from Ivan Gyurdiev. + * Merged set_create_store, access_check, and is_connected interfaces + from Joshua Brindle. * Fri Jan 13 2006 Dan Walsh 1.5.16-1 - Upgrade to latest from NSA - * Regenerate python wrappers. + * Regenerate python wrappers. * Fri Jan 13 2006 Dan Walsh 1.5.15-1 - Upgrade to latest from NSA - * Merged pywrap Makefile diff from Dan Walsh. - * Merged cache management patch from Ivan Gyurdiev. - * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev. - * Merged remove apply_local function patch from Ivan Gyurdiev. - * Merged only do read locking in direct case patch from Ivan Gyurdiev. - * Merged cache error path memory leak fix from Ivan Gyurdiev. - * Merged auto-generated file header patch from Ivan Gyurdiev. - * Merged pywrap test update from Ivan Gyurdiev. - * Merged hidden defs update from Ivan Gyurdiev. + * Merged pywrap Makefile diff from Dan Walsh. + * Merged cache management patch from Ivan Gyurdiev. + * Merged bugfix for dbase_llist_clear from Ivan Gyurdiev. + * Merged remove apply_local function patch from Ivan Gyurdiev. + * Merged only do read locking in direct case patch from Ivan Gyurdiev. + * Merged cache error path memory leak fix from Ivan Gyurdiev. + * Merged auto-generated file header patch from Ivan Gyurdiev. + * Merged pywrap test update from Ivan Gyurdiev. + * Merged hidden defs update from Ivan Gyurdiev. * Fri Jan 13 2006 Dan Walsh 1.5.14-2 - Break out python out of regular Makefile * Fri Jan 13 2006 Dan Walsh 1.5.14-1 - Upgrade to latest from NSA - * Merged disallow port overlap patch from Ivan Gyurdiev. - * Merged join prereq and implementation patches from Ivan Gyurdiev. - * Merged join user extra data part 2 patch from Ivan Gyurdiev. - * Merged bugfix patch from Ivan Gyurdiev. - * Merged remove add_local/set_local patch from Ivan Gyurdiev. - * Merged user extra data part 1 patch from Ivan Gyurdiev. - * Merged size_t -> unsigned int patch from Ivan Gyurdiev. - * Merged calloc check in semanage_store patch from Ivan Gyurdiev, - bug noticed by Steve Grubb. - * Merged cleanups after add/set removal patch from Ivan Gyurdiev. + * Merged disallow port overlap patch from Ivan Gyurdiev. + * Merged join prereq and implementation patches from Ivan Gyurdiev. + * Merged join user extra data part 2 patch from Ivan Gyurdiev. + * Merged bugfix patch from Ivan Gyurdiev. + * Merged remove add_local/set_local patch from Ivan Gyurdiev. + * Merged user extra data part 1 patch from Ivan Gyurdiev. + * Merged size_t -> unsigned int patch from Ivan Gyurdiev. + * Merged calloc check in semanage_store patch from Ivan Gyurdiev, + bug noticed by Steve Grubb. + * Merged cleanups after add/set removal patch from Ivan Gyurdiev. * Fri Jan 7 2006 Dan Walsh 1.5.9-1 - Upgrade to latest from NSA - * Merged const in APIs patch from Ivan Gyurdiev. - * Merged validation of local file contexts patch from Ivan Gyurdiev. - * Merged compare2 function patch from Ivan Gyurdiev. - * Merged hidden def/proto update patch from Ivan Gyurdiev. + * Merged const in APIs patch from Ivan Gyurdiev. + * Merged validation of local file contexts patch from Ivan Gyurdiev. + * Merged compare2 function patch from Ivan Gyurdiev. + * Merged hidden def/proto update patch from Ivan Gyurdiev. * Thu Jan 6 2006 Dan Walsh 1.5.8-1 - Upgrade to latest from NSA - * Re-applied string and file optimization patch from Russell Coker, - with bug fix. - * Reverted string and file optimization patch from Russell Coker. - * Clarified error messages from parse_module_headers and - parse_base_headers for base/module mismatches. + * Re-applied string and file optimization patch from Russell Coker, + with bug fix. + * Reverted string and file optimization patch from Russell Coker. + * Clarified error messages from parse_module_headers and + parse_base_headers for base/module mismatches. * Thu Jan 6 2006 Dan Walsh 1.5.6-1 - Upgrade to latest from NSA - * Clarified error messages from parse_module_headers and - parse_base_headers for base/module mismatches. - * Merged string and file optimization patch from Russell Coker. - * Merged swig header reordering patch from Ivan Gyurdiev. - * Merged toggle modify on add patch from Ivan Gyurdiev. - * Merged ports parser bugfix patch from Ivan Gyurdiev. - * Merged fcontext swig patch from Ivan Gyurdiev. - * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. - * Merged man pages for dbase functions patch from Ivan Gyurdiev. - * Merged pywrap tests patch from Ivan Gyurdiev. + * Clarified error messages from parse_module_headers and + parse_base_headers for base/module mismatches. + * Merged string and file optimization patch from Russell Coker. + * Merged swig header reordering patch from Ivan Gyurdiev. + * Merged toggle modify on add patch from Ivan Gyurdiev. + * Merged ports parser bugfix patch from Ivan Gyurdiev. + * Merged fcontext swig patch from Ivan Gyurdiev. + * Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. + * Merged man pages for dbase functions patch from Ivan Gyurdiev. + * Merged pywrap tests patch from Ivan Gyurdiev. * Wed Jan 5 2006 Dan Walsh 1.5.4-2 - Patch to fix add * Wed Jan 5 2006 Dan Walsh 1.5.4-1 - Upgrade to latest from NSA - * Merged patch series from Ivan Gyurdiev. - This includes patches to: - - separate file rw code from linked list - - annotate objects - - fold together internal headers - - support ordering of records in compare function - - add active dbase backend, active booleans - - return commit numbers for ro database calls - - use modified flags to skip rebuild whenever possible - - enable port interfaces - - update swig interfaces and typemaps - - add an API for file_contexts.local and file_contexts - - flip the traversal order in iterate/list - - reorganize sandbox_expand - - add seusers MLS validation - - improve dbase spec/documentation - - clone record on set/add/modify + * Merged patch series from Ivan Gyurdiev. + This includes patches to: + - separate file rw code from linked list + - annotate objects + - fold together internal headers + - support ordering of records in compare function + - add active dbase backend, active booleans + - return commit numbers for ro database calls + - use modified flags to skip rebuild whenever possible + - enable port interfaces + - update swig interfaces and typemaps + - add an API for file_contexts.local and file_contexts + - flip the traversal order in iterate/list + - reorganize sandbox_expand + - add seusers MLS validation + - improve dbase spec/documentation + - clone record on set/add/modify * Tue Dec 27 2005 Dan Walsh 1.5.3-3 - Add Ivans patch to turn on ports @@ -662,22 +682,22 @@ rm -rf ${RPM_BUILD_ROOT} * Wed Dec 14 2005 Dan Walsh 1.5.3-1 - Upgrade to latest from NSA - * Merged further header cleanups from Ivan Gyurdiev. - * Merged toggle modified flag in policydb_modify, fix memory leak - in clear_obsolete, polymorphism vs headers fix, and include guards - for internal headers patches from Ivan Gyurdiev. + * Merged further header cleanups from Ivan Gyurdiev. + * Merged toggle modified flag in policydb_modify, fix memory leak + in clear_obsolete, polymorphism vs headers fix, and include guards + for internal headers patches from Ivan Gyurdiev. * Tue Dec 13 2005 Dan Walsh 1.5.1-2 - Upgrade to latest from NSA - * Merged toggle modified flag in policydb_modify, fix memory leak - in clear_obsolete, polymorphism vs headers fix, and include guards - for internal headers patches from Ivan Gyurdiev. + * Merged toggle modified flag in policydb_modify, fix memory leak + in clear_obsolete, polymorphism vs headers fix, and include guards + for internal headers patches from Ivan Gyurdiev. * Mon Dec 12 2005 Dan Walsh 1.5.1-1 - Upgrade to latest from NSA - * Added file-mode= setting to semanage.conf, default to 0644. - Changed semanage_copy_file and callers to use this mode when - installing policy files to runtime locations. + * Added file-mode= setting to semanage.conf, default to 0644. + Changed semanage_copy_file and callers to use this mode when + installing policy files to runtime locations. * Fri Dec 09 2005 Jesse Keating - rebuilt @@ -687,37 +707,37 @@ rm -rf ${RPM_BUILD_ROOT} * Tue Dec 6 2005 Dan Walsh 1.3.64-1 - Upgrade to latest from NSA - * Changed semanage_handle_create() to set do_reload based on - is_selinux_enabled(). This prevents improper attempts to - load policy on a non-SELinux system. + * Changed semanage_handle_create() to set do_reload based on + is_selinux_enabled(). This prevents improper attempts to + load policy on a non-SELinux system. * Mon Dec 5 2005 Dan Walsh 1.3.63-1 - Upgrade to latest from NSA - * Dropped handle from user_del_role interface. - * Removed defrole interfaces. + * Dropped handle from user_del_role interface. + * Removed defrole interfaces. * Tue Nov 29 2005 Dan Walsh 1.3.61-1 - Upgrade to latest from NSA - * Merged Makefile python definitions patch from Dan Walsh. - * Removed is_selinux_mls_enabled() conditionals in seusers and users - file parsers. + * Merged Makefile python definitions patch from Dan Walsh. + * Removed is_selinux_mls_enabled() conditionals in seusers and users + file parsers. * Wed Nov 23 2005 Dan Walsh 1.3.59-1 - Add additional swig objects - * Merged wrap char*** for user_get_roles patch from Joshua Brindle. - * Merged remove defrole from sepol patch from Ivan Gyurdiev. - * Merged swig wrappers for modifying users and seusers from Joshua Brindle. + * Merged wrap char*** for user_get_roles patch from Joshua Brindle. + * Merged remove defrole from sepol patch from Ivan Gyurdiev. + * Merged swig wrappers for modifying users and seusers from Joshua Brindle. * Wed Nov 23 2005 Dan Walsh 1.3.56-2 - Add additional swig objects * Fri Nov 16 2005 Dan Walsh 1.3.56-1 - Upgrade to latest from NSA - * Fixed free->key_free bug. - * Merged clear obsolete patch from Ivan Gyurdiev. - * Merged modified swigify patch from Dan Walsh - (original patch from Joshua Brindle). - * Merged move genhomedircon call patch from Chad Sellers. + * Fixed free->key_free bug. + * Merged clear obsolete patch from Ivan Gyurdiev. + * Merged modified swigify patch from Dan Walsh + (original patch from Joshua Brindle). + * Merged move genhomedircon call patch from Chad Sellers. * Mon Nov 14 2005 Dan Walsh 1.3.53-3 - Add genhomedircon patch from Joshua Brindle @@ -727,249 +747,249 @@ rm -rf ${RPM_BUILD_ROOT} * Fri Nov 11 2005 Dan Walsh 1.3.53-1 - Upgrade to latest from NSA - * Merged move seuser validation patch from Ivan Gyurdiev. - * Merged hidden declaration fixes from Ivan Gyurdiev, - with minor corrections. + * Merged move seuser validation patch from Ivan Gyurdiev. + * Merged hidden declaration fixes from Ivan Gyurdiev, + with minor corrections. * Wed Nov 9 2005 Dan Walsh 1.3.52-1 - Upgrade to latest from NSA - * Merged cleanup patch from Ivan Gyurdiev. - This renames semanage_module_conn to semanage_direct_handle, - and moves sepol handle create/destroy into semanage handle - create/destroy to allow use even when disconnected (for the - record interfaces). + * Merged cleanup patch from Ivan Gyurdiev. + This renames semanage_module_conn to semanage_direct_handle, + and moves sepol handle create/destroy into semanage handle + create/destroy to allow use even when disconnected (for the + record interfaces). * Tue Nov 8 2005 Dan Walsh 1.3.51-1 - Upgrade to latest from NSA - * Clear modules modified flag upon disconnect and commit. + * Clear modules modified flag upon disconnect and commit. * Added tracking of module modifications and use it to - determine whether expand-time checks should be applied - on commit. - * Reverted semanage_set_reload_bools() interface. + determine whether expand-time checks should be applied + on commit. + * Reverted semanage_set_reload_bools() interface. * Tue Nov 8 2005 Dan Walsh 1.3.48-1 - Upgrade to latest from NSA - * Disabled calls to port dbase for merge and commit and stubbed - out calls to sepol_port interfaces since they are not exported. - * Merged rename instead of copy patch from Joshua Brindle (Tresys). - * Added hidden_def/hidden_proto for exported symbols used within - libsemanage to eliminate relocations. Wrapped type definitions - in exported headers as needed to avoid conflicts. Added - src/context_internal.h and src/iface_internal.h. - * Added semanage_is_managed() interface to allow detection of whether - the policy is managed via libsemanage. This enables proper handling - in setsebool for non-managed systems. - * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, - to enable runtime control over preserving active boolean values - versus reloading their saved settings upon commit. + * Disabled calls to port dbase for merge and commit and stubbed + out calls to sepol_port interfaces since they are not exported. + * Merged rename instead of copy patch from Joshua Brindle (Tresys). + * Added hidden_def/hidden_proto for exported symbols used within + libsemanage to eliminate relocations. Wrapped type definitions + in exported headers as needed to avoid conflicts. Added + src/context_internal.h and src/iface_internal.h. + * Added semanage_is_managed() interface to allow detection of whether + the policy is managed via libsemanage. This enables proper handling + in setsebool for non-managed systems. + * Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, + to enable runtime control over preserving active boolean values + versus reloading their saved settings upon commit. * Mon Nov 7 2005 Dan Walsh 1.3.43-1 - Upgrade to latest from NSA - * Merged seuser parser resync, dbase tracking and cleanup, strtol - bug, copyright, and assert space patches from Ivan Gyurdiev. - * Added src/*_internal.h in preparation for other changes. - * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and + * Merged seuser parser resync, dbase tracking and cleanup, strtol + bug, copyright, and assert space patches from Ivan Gyurdiev. + * Added src/*_internal.h in preparation for other changes. + * Added hidden/hidden_proto/hidden_def to src/debug.[hc] and src/seusers.[hc]. * Thu Nov 3 2005 Dan Walsh 1.3.41-1 - Upgrade to latest from NSA - * Merged interface parse/print, context_to_string interface change, - move assert_noeof, and order preserving patches from Ivan Gyurdiev. + * Merged interface parse/print, context_to_string interface change, + move assert_noeof, and order preserving patches from Ivan Gyurdiev. * Added src/dso.h in preparation for other changes. - * Merged install seusers, handle/error messages, MLS parsing, - and seusers validation patches from Ivan Gyurdiev. + * Merged install seusers, handle/error messages, MLS parsing, + and seusers validation patches from Ivan Gyurdiev. * Mon Oct 31 2005 Dan Walsh 1.3.39-1 - Upgrade to latest from NSA - * Merged record interface, dbase flush, common database code, - and record bugfix patches from Ivan Gyurdiev. + * Merged record interface, dbase flush, common database code, + and record bugfix patches from Ivan Gyurdiev. * Fri Oct 28 2005 Dan Walsh 1.3.38-1 - Upgrade to latest from NSA - * Merged dbase policydb list and count change from Ivan Gyurdiev. - * Merged enable dbase and set relay patches from Ivan Gyurdiev. + * Merged dbase policydb list and count change from Ivan Gyurdiev. + * Merged enable dbase and set relay patches from Ivan Gyurdiev. * Thu Oct 27 2005 Dan Walsh 1.3.36-1 - Update from NSA - * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev. + * Merged query APIs and dbase_file_set patches from Ivan Gyurdiev. * Wed Oct 26 2005 Dan Walsh 1.3.35-1 - Update from NSA - * Merged sepol handle passing, seusers support, and policydb cache - patches from Ivan Gyurdiev. + * Merged sepol handle passing, seusers support, and policydb cache + patches from Ivan Gyurdiev. * Tue Oct 25 2005 Dan Walsh 1.3.34-1 - Update from NSA - * Merged resync to sepol changes and booleans fixes/improvements - patches from Ivan Gyurdiev. - * Merged support for genhomedircon/homedir template, store selection, - explicit policy reload, and semanage.conf relocation from Joshua - Brindle. + * Merged resync to sepol changes and booleans fixes/improvements + patches from Ivan Gyurdiev. + * Merged support for genhomedircon/homedir template, store selection, + explicit policy reload, and semanage.conf relocation from Joshua + Brindle. * Mon Oct 24 2005 Dan Walsh 1.3.32-1 - Update from NSA - * Merged resync to sepol changes and transaction fix patches from - Ivan Gyurdiev. - * Merged reorganize users patch from Ivan Gyurdiev. - * Merged remove unused relay functions patch from Ivan Gyurdiev. + * Merged resync to sepol changes and transaction fix patches from + Ivan Gyurdiev. + * Merged reorganize users patch from Ivan Gyurdiev. + * Merged remove unused relay functions patch from Ivan Gyurdiev. * Fri Oct 21 2005 Dan Walsh 1.3.30-1 - Update from NSA - * Fixed policy file leaks in semanage_load_module and - semanage_write_module. - * Merged further database work from Ivan Gyurdiev. - * Fixed bug in semanage_direct_disconnect. + * Fixed policy file leaks in semanage_load_module and + semanage_write_module. + * Merged further database work from Ivan Gyurdiev. + * Fixed bug in semanage_direct_disconnect. * Thu Oct 20 2005 Dan Walsh 1.3.28-1 - Update from NSA - * Merged interface renaming patch from Ivan Gyurdiev. - * Merged policy component patch from Ivan Gyurdiev. - * Renamed 'check=' configuration value to 'expand-check=' for - clarity. - * Changed semanage_commit_sandbox to check for and report errors - on rename(2) calls performed during rollback. - * Added optional check= configuration value to semanage.conf - and updated call to sepol_expand_module to pass its value - to control assertion and hierarchy checking on module expansion. - * Merged fixes for make DESTDIR= builds from Joshua Brindle. + * Merged interface renaming patch from Ivan Gyurdiev. + * Merged policy component patch from Ivan Gyurdiev. + * Renamed 'check=' configuration value to 'expand-check=' for + clarity. + * Changed semanage_commit_sandbox to check for and report errors + on rename(2) calls performed during rollback. + * Added optional check= configuration value to semanage.conf + and updated call to sepol_expand_module to pass its value + to control assertion and hierarchy checking on module expansion. + * Merged fixes for make DESTDIR= builds from Joshua Brindle. * Tue Oct 18 2005 Dan Walsh 1.3.24-1 - Update from NSA - * Merged default database from Ivan Gyurdiev. - * Merged removal of connect requirement in policydb backend from - Ivan Gyurdiev. - * Merged commit locking fix and lock rename from Joshua Brindle. - * Merged transaction rollback in lock patch from Joshua Brindle. - * Changed default args for load_policy to be null, as it no longer - takes a pathname argument and we want to preserve booleans. - * Merged move local dbase initialization patch from Ivan Gyurdiev. - * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. - * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. - * Added calls to sepol_policy_file_set_handle interface prior - to invoking sepol operations on policy files. - * Updated call to sepol_policydb_from_image to pass the handle. + * Merged default database from Ivan Gyurdiev. + * Merged removal of connect requirement in policydb backend from + Ivan Gyurdiev. + * Merged commit locking fix and lock rename from Joshua Brindle. + * Merged transaction rollback in lock patch from Joshua Brindle. + * Changed default args for load_policy to be null, as it no longer + takes a pathname argument and we want to preserve booleans. + * Merged move local dbase initialization patch from Ivan Gyurdiev. + * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. + * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. + * Added calls to sepol_policy_file_set_handle interface prior + to invoking sepol operations on policy files. + * Updated call to sepol_policydb_from_image to pass the handle. * Tue Oct 18 2005 Dan Walsh 1.3.20-1 - Update from NSA - * Changed default args for load_policy to be null, as it no longer - takes a pathname argument and we want to preserve booleans. - * Merged move local dbase initialization patch from Ivan Gyurdiev. - * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. - * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. - * Added calls to sepol_policy_file_set_handle interface prior - to invoking sepol operations on policy files. - * Updated call to sepol_policydb_from_image to pass the handle. + * Changed default args for load_policy to be null, as it no longer + takes a pathname argument and we want to preserve booleans. + * Merged move local dbase initialization patch from Ivan Gyurdiev. + * Merged acquire/release read lock in databases patch from Ivan Gyurdiev. + * Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. + * Added calls to sepol_policy_file_set_handle interface prior + to invoking sepol operations on policy files. + * Updated call to sepol_policydb_from_image to pass the handle. * Tue Oct 18 2005 Dan Walsh 1.3.20-1 - Update from NSA - * Merged user and port APIs - policy database patch from Ivan - Gyurdiev. - * Converted calls to sepol link_packages and expand_module interfaces - from using buffers to using sepol handles for error reporting, and - changed direct_connect/disconnect to create/destroy sepol handles. + * Merged user and port APIs - policy database patch from Ivan + Gyurdiev. + * Converted calls to sepol link_packages and expand_module interfaces + from using buffers to using sepol handles for error reporting, and + changed direct_connect/disconnect to create/destroy sepol handles. * Sat Oct 15 2005 Dan Walsh 1.3.18-1 - Update from NSA - * Merged bugfix patch from Ivan Gyurdiev. - * Merged seuser database patch from Ivan Gyurdiev. - Merged direct user/port databases to the handle from Ivan Gyurdiev. - * Removed obsolete include/semanage/commit_api.h (leftover). - Merged seuser record patch from Ivan Gyurdiev. - * Merged boolean and interface databases from Ivan Gyurdiev. + * Merged bugfix patch from Ivan Gyurdiev. + * Merged seuser database patch from Ivan Gyurdiev. + Merged direct user/port databases to the handle from Ivan Gyurdiev. + * Removed obsolete include/semanage/commit_api.h (leftover). + Merged seuser record patch from Ivan Gyurdiev. + * Merged boolean and interface databases from Ivan Gyurdiev. * Fri Oct 14 2005 Dan Walsh 1.3.14-1 - Update from NSA - * Updated to use get interfaces for hidden sepol_module_package type. - * Changed semanage_expand_sandbox and semanage_install_active - to generate/install the latest policy version supported by libsepol - by default (unless overridden by semanage.conf), since libselinux - will now downgrade automatically for load_policy. - * Merged new callback-based error reporting system and ongoing - database work from Ivan Gyurdiev. + * Updated to use get interfaces for hidden sepol_module_package type. + * Changed semanage_expand_sandbox and semanage_install_active + to generate/install the latest policy version supported by libsepol + by default (unless overridden by semanage.conf), since libselinux + will now downgrade automatically for load_policy. + * Merged new callback-based error reporting system and ongoing + database work from Ivan Gyurdiev. * Wed Oct 12 2005 Dan Walsh 1.3.11-1 - Update from NSA - * Fixed semanage_install_active() to use the same logic for - selecting a policy version as semanage_expand_sandbox(). Dropped - dead code from semanage_install_sandbox(). + * Fixed semanage_install_active() to use the same logic for + selecting a policy version as semanage_expand_sandbox(). Dropped + dead code from semanage_install_sandbox(). * Mon Oct 10 2005 Dan Walsh 1.3.10-1 - Update from NSA - * Updated for changes to libsepol, and to only use types and interfaces - provided by the shared libsepol. + * Updated for changes to libsepol, and to only use types and interfaces + provided by the shared libsepol. * Fri Oct 7 2005 Dan Walsh 1.3.9-1 - Update from NSA - * Merged further database work from Ivan Gyurdiev. + * Merged further database work from Ivan Gyurdiev. * Tue Oct 4 2005 Dan Walsh 1.3.8-1 - Update from NSA - * Merged iterate, redistribute, and dbase split patches from - Ivan Gyurdiev. + * Merged iterate, redistribute, and dbase split patches from + Ivan Gyurdiev. * Mon Oct 3 2005 Dan Walsh 1.3.7-1 - Update from NSA - * Merged patch series from Ivan Gyurdiev. - (pointer typedef elimination, file renames, dbase work, backend - separation) - * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. - * Separated handle create from connect interface. - * Added a constructor for initialization. - * Moved up src/include/*.h to src. - * Created a symbol map file; dropped dso.h and hidden markings. + * Merged patch series from Ivan Gyurdiev. + (pointer typedef elimination, file renames, dbase work, backend + separation) + * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. + * Separated handle create from connect interface. + * Added a constructor for initialization. + * Moved up src/include/*.h to src. + * Created a symbol map file; dropped dso.h and hidden markings. * Wed Sep 28 2005 Dan Walsh 1.3.5-1 - Update from NSA - * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. - * Separated handle create from connect interface. - * Added a constructor for initialization. - * Moved up src/include/*.h to src. - * Created a symbol map file; dropped dso.h and hidden markings. + * Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. + * Separated handle create from connect interface. + * Added a constructor for initialization. + * Moved up src/include/*.h to src. + * Created a symbol map file; dropped dso.h and hidden markings. * Fri Sep 23 2005 Dan Walsh 1.3.4-1 - Update from NSA - * Merged dbase redesign patch from Ivan Gyurdiev. + * Merged dbase redesign patch from Ivan Gyurdiev. * Wed Sep 21 2005 Dan Walsh 1.3.3-1 - Update from NSA - * Merged boolean record, stub record handler, and status codes - patches from Ivan Gyurdiev. + * Merged boolean record, stub record handler, and status codes + patches from Ivan Gyurdiev. * Tue Sep 20 2005 Dan Walsh 1.3.2-1 - Update from NSA - * Merged stub iterator functionality from Ivan Gyurdiev. - * Merged interface record patch from Ivan Gyurdiev. + * Merged stub iterator functionality from Ivan Gyurdiev. + * Merged interface record patch from Ivan Gyurdiev. * Wed Sep 14 2005 Dan Walsh 1.3.1-1 - Update from NSA - * Merged stub functionality for managing user and port records, - and record table code from Ivan Gyurdiev. - * Updated version for release. + * Merged stub functionality for managing user and port records, + and record table code from Ivan Gyurdiev. + * Updated version for release. * Thu Sep 1 2005 Dan Walsh 1.1.6-1 - Update from NSA - * Merged semod.conf template patch from Dan Walsh (Red Hat), - but restored location to /usr/share/semod/semod.conf. - * Fixed several bugs found by valgrind. - * Fixed bug in prior patch for the semod_build_module_list leak. - * Merged errno fix from Joshua Brindle (Tresys). - * Merged fix for semod_build_modules_list leak on error path - from Serge Hallyn (IBM). Bug found by Coverity. + * Merged semod.conf template patch from Dan Walsh (Red Hat), + but restored location to /usr/share/semod/semod.conf. + * Fixed several bugs found by valgrind. + * Fixed bug in prior patch for the semod_build_module_list leak. + * Merged errno fix from Joshua Brindle (Tresys). + * Merged fix for semod_build_modules_list leak on error path + from Serge Hallyn (IBM). Bug found by Coverity. * Thu Aug 25 2005 Dan Walsh 1.1.3-1 - Update from NSA - * Merged errno fix from Joshua Brindle (Tresys). - * Merged fix for semod_build_modules_list leak on error path - from Serge Hallyn (IBM). Bug found by Coverity. - * Merged several fixes from Serge Hallyn (IBM). Bugs found by - Coverity. - * Fixed several other bugs and warnings. - * Merged patch to move module read/write code from libsemanage - to libsepol from Jason Tang (Tresys). - * Merged relay records patch from Ivan Gyurdiev. - * Merged key extract patch from Ivan Gyurdiev. + * Merged errno fix from Joshua Brindle (Tresys). + * Merged fix for semod_build_modules_list leak on error path + from Serge Hallyn (IBM). Bug found by Coverity. + * Merged several fixes from Serge Hallyn (IBM). Bugs found by + Coverity. + * Fixed several other bugs and warnings. + * Merged patch to move module read/write code from libsemanage + to libsepol from Jason Tang (Tresys). + * Merged relay records patch from Ivan Gyurdiev. + * Merged key extract patch from Ivan Gyurdiev. - Initial version - Created by Stephen Smalley diff --git a/semanage.conf b/semanage.conf new file mode 100644 index 0000000..cc7d464 --- /dev/null +++ b/semanage.conf @@ -0,0 +1,48 @@ +# Authors: Jason Tang +# +# Copyright (C) 2004-2005 Tresys Technology, LLC +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +# Specify how libsemanage will interact with a SELinux policy manager. +# The four options are: +# +# "source" - libsemanage manipulates a source SELinux policy +# "direct" - libsemanage will write directly to a module store. +# /foo/bar - Write by way of a policy management server, whose +# named socket is at /foo/bar. The path must begin +# with a '/'. +# foo.com:4242 - Establish a TCP connection to a remote policy +# management server at foo.com. If there is a colon +# then the remainder is interpreted as a port number; +# otherwise default to port 4242. +module-store = direct + +# When generating the final linked and expanded policy, by default +# semanage will set the policy version to POLICYDB_VERSION_MAX, as +# given in . Change this setting if a different +# version is necessary. +#policy-version = 19 + +# expand-check check neverallow rules when executing all semanage commands. +# Large penalty in time if you turn this on. +expand-check=0 + +# usepasswd check tells semanage to scan all pass word records for home directories +# and setup the labeling correctly. If this is turned off, SELinux will label /home +# correctly only. You will need to use semanage fcontext command. +# For example, if you had home dirs in /althome directory you would have to execute +# semanage fcontext -a -e /home /althome +usepasswd=True diff --git a/sources b/sources index e38a8f4..5fbbfb8 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fb11e8dfb69cefbd014419804df82294 libsemanage-2.0.43.tgz +9a1b8cf612052daab7d5cb2676f2098a libsemanage-2.0.45.tgz