| 2.0.91 2010-02-22 |
| * Change the AVC to only audit the permissions specified by the |
| policy, excluding any permissions specified via dontaudit or not |
| specified via auditallow. |
| * Fix compilation of label_file.c with latest glibc headers. |
| |
| 2.0.90 2009-11-27 |
| * add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>. |
| * Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org> |
| |
| 2.0.89 2009-10-29 |
| * Add pkgconfig file from Eamon Walsh. |
| |
| 2.0.88 2009-10-22 |
| * Rename and export selinux_reset_config() |
| |
| 2.0.87 2009-09-25 |
| * Add exception handling in libselinux from Dan Walsh. This uses a |
| shell script called exception.sh to generate a swig interface file. |
| * make swigify |
| * Make matchpathcon print <<none>> if path not found in fcontext file. |
| |
| 2.0.86 2009-09-02 |
| * Removal of reference counting on userspace AVC SID's. |
| |
| 2.0.85 2009-07-14 |
| * Reverted Tomas Mraz's fix for freeing thread local storage to avoid |
| pthread dependency. |
| * Removed fini_context_translations() altogether. |
| * Merged lazy init patch from Stephen Smalley based on original patch |
| by Steve Grubb. |
| |
| 2.0.84 2009-07-07 |
| * Add per-service seuser support from Dan Walsh. |
| * Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. |
| |
| 2.0.83 2009-07-07 |
| * Check /proc/filesystems before /proc/mounts for selinuxfs from Eric |
| Paris. |
| |
| 2.0.82 2009-06-19 |
| * Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>. |
| * Label substitution support from Dan Walsh. |
| * Support for labeling virtual machine images from Dan Walsh. |
| |
| 2.0.81 2009-05-15 |
| * Trim / from the end of input paths to matchpathcon from Dan Walsh. |
| * Fix leak in process_line in label_file.c from Hiroshi Shinji. |
| * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. |
| * getdefaultcon to print just the correct match and add verbose option from Dan Walsh. |
| |
| 2.0.80 2009-04-07 |
| * deny_unknown wrapper function from KaiGai Kohei. |
| * security_compute_av_flags API from KaiGai Kohei. |
| * Netlink socket management and callbacks from KaiGai Kohei. |
| |
| 2.0.79 2009-03-11 |
| * Netlink socket handoff patch from Adam Jackson. |
| * AVC caching of compute_create results by Eric Paris. |
| |
| 2.0.78 2009-02-27 |
| * Fix incorrect conversion in discover_class code. |
| |
| 2.0.77 2009-01-12 |
| * add restorecon to python bindings from Dan Walsh. |
| |
| 2.0.76 2009-01-08 |
| * Client support for translating raw contexts to colors via setrans. |
| |
| 2.0.75 2008-11-18 |
| * Allow shell-style wildcards in x_contexts file. |
| |
| 2.0.74 2008-11-03 |
| * Correct message types in AVC log messages. |
| |
| 2.0.73 2008-10-14 |
| * Make matchpathcon -V pass mode from Dan Walsh. |
| * Add man page for selinux_file_context_cmp from Dan Walsh. |
| |
| 2.0.72 2008-09-29 |
| * New man pages from Dan Walsh. |
| * Update flask headers from refpolicy trunk from Dan Walsh. |
| |
| 2.0.71 2008-08-05 |
| * Add group support to seusers using %groupname syntax from Dan Walsh. |
| * Mark setrans socket close-on-exec from Stephen Smalley. |
| * Only apply nodups checking to base file contexts from Stephen Smalley. |
| |
| 2.0.70 2008-07-30 |
| * Merge ruby bindings from Dan Walsh. |
| |
| 2.0.69 2008-07-29 |
| * Handle duplicate file context regexes as a fatal error from Stephen Smalley. |
| This prevents adding them via semanage. |
| |
| 2.0.68 2008-07-18 |
| * Fix audit2why shadowed variables from Stephen Smalley. |
| * Note that freecon NULL is legal in man page from Karel Zak. |
| |
| 2.0.67 2008-06-13 |
| * New and revised AVC, label, and mapping man pages from Eamon Walsh. |
| |
| 2.0.66 2008-06-11 |
| * Add swig python bindings for avc interfaces from Dan Walsh. |
| |
| 2.0.65 2008-05-27 |
| * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized. |
| * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status. |
| |
| 2.0.64 2008-04-21 |
| * Fixed selinux_set_callback man page. |
| |
| 2.0.63 2008-04-18 |
| * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. |
| |
| 2.0.62 2008-04-18 |
| * Fix memory leaks in matchpathcon from Eamon Walsh. |
| |
| 2.0.61 2008-03-31 |
| * Man page typo fix from Jim Meyering. |
| |
| 2.0.60 2008-03-20 |
| * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel. |
| |
| 2.0.59 2008-02-29 |
| * Merged new X label "poly_selection" namespace from Eamon Walsh. |
| |
| 2.0.58 2008-02-28 |
| * Merged reset_selinux_config() for load policy from Dan Walsh. |
| |
| 2.0.57 2008-02-25 |
| * Merged avc_has_perm() errno fix from Eamon Walsh. |
| |
| 2.0.56 2008-02-21 |
| * Regenerated Flask headers from refpolicy flask definitions. |
| |
| 2.0.55 2008-02-08 |
| * Merged compute_member AVC function and manpages from Eamon Walsh. |
| |
| 2.0.54 2008-02-08 |
| * Provide more error reporting on load policy failures from Stephen Smalley. |
| |
| 2.0.53 2008-02-07 |
| * Merged new X label "poly_prop" namespace from Eamon Walsh. |
| |
| 2.0.52 2008-02-06 |
| * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley. |
| |
| 2.0.51 2008-02-05 |
| * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley. |
| |
| 2.0.50 2008-01-28 |
| * Merged fix for audit2why from Dan Walsh. |
| |
| 2.0.49 2008-01-23 |
| * Merged audit2why python binding from Dan Walsh. |
| |
| 2.0.48 2008-01-23 |
| * Merged updated swig bindings from Dan Walsh, including typemap for pid_t. |
| |
| 2.0.47 2007-12-21 |
| * Fix for the avc: granted null message bug from Stephen Smalley. |
| |
| 2.0.46 2007-12-07 |
| * matchpathcon(8) man page update from Dan Walsh. |
| |
| 2.0.45 2007-11-20 |
| * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. |
| |
| 2.0.44 2007-11-20 |
| * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. |
| A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD. |
| |
| 2.0.43 2007-11-15 |
| * Regenerated Flask headers from policy. |
| |
| 2.0.42 2007-11-08 |
| * AVC enforcing mode override patch from Eamon Walsh. |
| |
| 2.0.41 2007-11-06 |
| * Aligned attributes in AVC netlink code from Eamon Walsh. |
| |
| 2.0.40 2007-11-01 |
| * Merged refactored AVC netlink code from Eamon Walsh. |
| |
| 2.0.39 2007-10-19 |
| * Merged new X label namespaces from Eamon Walsh. |
| |
| 2.0.38 2007-10-15 |
| * Bux fix and minor refactoring in string representation code. |
| |
| 2.0.37 2007-10-05 |
| * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh. |
| |
| 2.0.36 2007-09-27 |
| * Fix segfault resulting from missing file_contexts file. |
| |
| 2.0.35 2007-09-24 |
| * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. |
| * Pass CFLAGS when using gcc for linking from Dennis Gilmore. |
| |
| 2.0.34 2007-09-18 |
| * Fix selabel option flag setting for 64-bit from Stephen Smalley. |
| |
| 2.0.33 2007-09-12 |
| * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley. |
| * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley. |
| |
| 2.0.32 2007-09-10 |
| * Fix swig binding for rpm_execcon from James Athey. |
| |
| 2.0.31 2007-08-23 |
| * Fix file_contexts.homedirs path from Todd Miller. |
| |
| 2.0.30 2007-08-06 |
| * Fix segfault resulting from uninitialized print-callback pointer. |
| |
| 2.0.29 2007-08-02 |
| * Added x_contexts path function patch from Eamon Walsh. |
| |
| 2.0.28 2007-08-01 |
| * Fix build for EMBEDDED=y from Yuichi Nakamura. |
| |
| 2.0.27 2007-07-25 |
| * Fix markup problems in selinux man pages from Dan Walsh. |
| |
| 2.0.26 2007-07-23 |
| * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh. |
| * Added swigify to top-level Makefile from Dan Walsh. |
| |
| 2.0.25 2007-07-23 |
| * Fix for string_to_security_class segfault on x86_64 from Stephen |
| Smalley. |
| |
| 2.0.24 2007-09-07 |
| * Fix for getfilecon() for zero-length contexts from Stephen Smalley. |
| |
| 2.0.23 2007-06-22 |
| * Refactored SWIG bindings from James Athey. |
| |
| 2.0.22 2007-06-20 |
| * Labeling and callback interface patches from Eamon Walsh. |
| |
| 2.0.21 2007-06-11 |
| * Class and permission mapping support patches from Eamon Walsh. |
| |
| 2.0.20 2007-06-07 |
| * Object class discovery support patches from Chris PeBenito. |
| |
| 2.0.19 2007-06-05 |
| * Refactoring and errno support in string representation code. |
| |
| 2.0.18 2007-05-31 |
| * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. |
| This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. |
| |
| 2.0.17 2007-05-31 |
| * Updated Lindent script and reindented two header files. |
| |
| 2.0.16 2007-05-09 |
| * Merged additional swig python bindings from Dan Walsh. |
| |
| 2.0.15 2007-04-27 |
| * Merged helpful message when selinuxfs mount fails patch from Dax Kelson. |
| |
| 2.0.14 2007-04-24 |
| * Merged build fix for avc_internal.c from Joshua Brindle. |
| |
| 2.0.13 2007-04-12 |
| * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh. |
| |
| 2.0.12 2007-04-09 |
| * Merged support for getting initial contexts from James Carter. |
| |
| 2.0.11 2007-04-05 |
| * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. |
| |
| |
| 2.0.10 2007-04-05 |
| * Merged sidput(NULL) patch from Eamon Walsh. |
| |
| 2.0.9 2007-03-30 |
| * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh. |
| |
| 2.0.8 2007-03-20 |
| * Merged fix for avc.h #include's from Eamon Walsh. |
| |
| 2.0.7 2007-03-12 |
| * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. |
| |
| 2.0.6 2007-03-12 |
| * Merged patch to drop support for old /etc/sysconfig/selinux and |
| /etc/security policy file layout from Steve Grubb. |
| |
| 2.0.5 2007-02-27 |
| * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb. |
| |
| 2.0.4 2007-02-23 |
| * Removed sending of setrans init message. |
| |
| 2.0.3 2007-02-22 |
| * Merged matchpathcon memory leak fix from Steve Grubb. |
| |
| 2.0.2 2007-02-21 |
| * Merged more swig initializers from Dan Walsh. |
| |
| 2.0.1 2007-02-20 |
| * Merged patch from Todd Miller to convert int types over to C99 style. |
| |
| 2.0.0 2007-02-01 |
| * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because |
| of the use of the non-standard format %as. (original patch changed |
| for style). |
| * Merged patch from Todd Miller to fix memory leak in matchpathcon.c. |
| |
| 1.34.1 2007-01-26 |
| * Merged python binding fixes from Dan Walsh. |
| |
| 1.34.0 2007-01-18 |
| * Updated version for stable branch. |
| |
| 1.33.6 2007-01-17 |
| * Merged man page updates to make "apropos selinux" work from Dan Walsh. |
| |
| 1.33.5 2007-01-16 |
| * Merged getdefaultcon utility from Dan Walsh. |
| |
| 1.33.4 2007-01-11 |
| * Merged selinux_check_securetty_context() and support from Dan Walsh. |
| |
| 1.33.3 2007-01-04 |
| * Merged patch for matchpathcon utility to use file mode information |
| when available from Dan Walsh. |
| |
| 1.33.2 2006-11-27 |
| * Merged patch to compile with -fPIC instead of -fpic from |
| Manoj Srivastava to prevent hitting the global offset table |
| limit. Patch changed to include libsepol and libsemanage in |
| addition to libselinux. |
| |
| 1.33.1 2006-10-19 |
| * Merged updated flask definitions from Darrel Goeddel. |
| This adds the context security class, and also adds |
| the string definitions for setsockcreate and polmatch. |
| |
| 1.32 2006-10-17 |
| * Updated version for release. |
| |
| 1.30.30 2006-10-05 |
| * Merged patch from Darrel Goeddel to always use untranslated |
| contexts in the userspace AVC. |
| |
| 1.30.29 2006-09-29 |
| * Merged av_permissions.h update from Steve Grubb, |
| adding setsockcreate and polmatch definitions. |
| |
| 1.30.28 2006-09-13 |
| * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client |
| * Merged c++ class identifier fix from Joe Nall. |
| |
| 1.30.27 2006-08-24 |
| * Merged patch to not log avc stats upon a reset from Steve Grubb. |
| * Applied patch to revert compat_net setting upon policy load. |
| |
| 1.30.26 2006-08-11 |
| * Merged file context homedir and local path functions from |
| Chris PeBenito. |
| |
| 1.30.25 2006-08-11 |
| * Rework functions that access /proc/pid/attr to access the |
| per-thread nodes, and unify the code to simplify maintenance. |
| |
| 1.30.24 2006-08-10 |
| * Merged return value fix for *getfilecon() from Dan Walsh. |
| |
| 1.30.23 2006-08-10 |
| * Merged sockcreate interfaces from Eric Paris. |
| |
| 1.30.22 2006-08-03 |
| * Merged no-tls-direct-seg-refs patch from Jeremy Katz. |
| |
| 1.30.21 2006-08-03 |
| * Merged netfilter_contexts support patch from Chris PeBenito. |
| |
| 1.30.20 2006-08-01 |
| * Merged context_*_set errno patch from Jim Meyering. |
| |
| 1.30.19 2006-06-29 |
| * Lindent. |
| |
| 1.30.18 2006-06-27 |
| * Merged {get,set}procattrcon patch set from Eric Paris. |
| * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris. |
| |
| 1.30.17 2006-06-27 |
| * Regenerated Flask headers from refpolicy. |
| |
| 1.30.16 2006-06-26 |
| * Merged patch from Dan Walsh with: |
| - Added selinux_file_context_{cmp,verify}. |
| - Added selinux_lsetfilecon_default. |
| - Delay translation of contexts in matchpathcon. |
| |
| 1.30.15 2006-06-16 |
| * Merged patch from Dan Walsh with: |
| * Added selinux_getpolicytype() function. |
| * Modified setrans code to skip processing if !mls_enabled. |
| |
| 1.30.14 2006-06-16 |
| * Set errno in the !selinux_mnt case. |
| |
| 1.30.13 2006-06-02 |
| * Allocate large buffers from the heap, not on stack. |
| Affects is_context_customizable, selinux_init_load_policy, |
| and selinux_getenforcemode. |
| |
| 1.30.12 2006-06-02 |
| * Merged !selinux_mnt checks from Ian Kent. |
| |
| 1.30.11 2006-05-24 |
| * Merged matchmediacon and trans_to_raw_context fixes from |
| Serge Hallyn. |
| |
| 1.30.10 2006-05-22 |
| * Merged simple setrans client cache from Dan Walsh. |
| Merged avcstat patch from Russell Coker. |
| |
| 1.30.9 2006-05-22 |
| * Modified selinux_mkload_policy() to also set /selinux/compat_net |
| appropriately for the loaded policy. |
| |
| 1.30.8 2006-05-17 |
| * Added matchpathcon_fini() function to free memory allocated by |
| matchpathcon_init(). |
| |
| 1.30.7 2006-05-16 |
| * Merged setrans client cleanup patch from Steve Grubb. |
| |
| 1.30.6 2006-05-08 |
| * Merged getfscreatecon man page fix from Dan Walsh. |
| * Updated booleans(8) man page to drop references to the old |
| booleans file and to note that setsebool can be used to set |
| the boot-time defaults via -P. |
| |
| 1.30.5 2006-05-05 |
| * Merged fix warnings patch from Karl MacMillan. |
| |
| 1.30.4 2006-05-05 |
| * Merged setrans client support from Dan Walsh. |
| This removes use of libsetrans. |
| * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. |
| * Merged swig typemap fixes from Glauber de Oliveira Costa. |
| |
| 1.30.3 2006-04-12 |
| * Added distclean target to Makefile. |
| * Regenerated swig files. |
| |
| 1.30.2 2006-04-11 |
| * Changed matchpathcon_init to verify that the spec file is |
| a regular file. |
| * Merged python binding t_output_helper removal patch from Dan Walsh. |
| |
| 1.30.1 2006-03-20 |
| * Merged Makefile PYLIBVER definition patch from Dan Walsh. |
| |
| 1.30 2006-03-14 |
| * Updated version for release. |
| |
| 1.29.8 2006-02-27 |
| * Altered rpm_execcon fallback logic for permissive mode to also |
| handle case where /selinux/enforce is not available. |
| |
| 1.29.7 2006-01-20 |
| * Merged install-pywrap Makefile patch from Joshua Brindle. |
| |
| 1.29.6 2006-01-18 |
| * Merged pywrap Makefile patch from Dan Walsh. |
| |
| 1.29.5 2006-01-11 |
| * Added getseuser test program. |
| |
| 1.29.4 2006-01-06 |
| * Added format attribute to myprintf in matchpathcon.c and |
| removed obsoleted rootlen variable in init_selinux_config(). |
| |
| 1.29.3 2006-01-04 |
| * Merged several fixes and improvements from Ulrich Drepper |
| (Red Hat), including: |
| - corrected use of getline |
| - further calls to __fsetlocking for local files |
| - use of strdupa and asprintf |
| - proper handling of dirent in booleans code |
| - use of -z relro |
| - several other optimizations |
| * Merged getpidcon python wrapper from Dan Walsh (Red Hat). |
| |
| 1.29.2 2005-12-14 |
| * Merged call to finish_context_translations from Dan Walsh. |
| This eliminates a memory leak from failing to release memory |
| allocated by libsetrans. |
| |
| 1.29.1 2005-12-08 |
| * Merged patch for swig interfaces from Dan Walsh. |
| |
| 1.28 2005-12-07 |
| * Updated version for release. |
| |
| 1.27.28 2005-12-01 |
| * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and |
| modified matchpathcon implementation to make context validation/ |
| canonicalization optional at matchpathcon_init time, deferring it |
| to a successful matchpathcon by default unless the new flag is set |
| by the caller. |
| |
| 1.27.27 2005-12-01 |
| * Added matchpathcon_init_prefix() interface, and |
| reworked matchpathcon implementation to support selective |
| loading of file contexts entries based on prefix matching |
| between the pathname regex stems and the specified path |
| prefix (stem must be a prefix of the specified path prefix). |
| |
| 1.27.26 2005-11-29 |
| * Merged getsebool patch from Dan Walsh. |
| |
| 1.27.25 2005-11-29 |
| * Added -f file_contexts option to matchpathcon util. |
| Fixed warning message in matchpathcon_init(). |
| |
| 1.27.24 2005-11-29 |
| * Merged Makefile python definitions patch from Dan Walsh. |
| |
| 1.27.23 2005-11-28 |
| * Merged swigify patch from Dan Walsh. |
| |
| 1.27.22 2005-11-15 |
| * Merged make failure in rpm_execcon non-fatal in permissive mode |
| patch from Ivan Gyurdiev. |
| |
| 1.27.21 2005-11-08 |
| * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() |
| and modified matchpathcon_init() to skip context translation |
| if it is set by the caller. |
| |
| 1.27.20 2005-11-07 |
| * Added security_canonicalize_context() interface and |
| set_matchpathcon_canoncon() interface for obtaining |
| canonical contexts. Changed matchpathcon internals |
| to obtain canonical contexts by default. Provided |
| fallback for kernels that lack extended selinuxfs context |
| interface. |
| |
| 1.27.19 2005-11-04 |
| * Merged seusers parser changes from Ivan Gyurdiev. |
| * Merged setsebool to libsemanage patch from Ivan Gyurdiev. |
| * Changed seusers parser to reject empty fields. |
| |
| 1.27.18 2005-11-03 |
| * Merged seusers empty level handling patch from Jonathan Kim (TCS). |
| |
| 1.27.17 2005-10-27 |
| * Changed default entry for seusers to use __default__ to avoid |
| ambiguity with users named "default". |
| |
| 1.27.16 2005-10-27 |
| * Fixed init_selinux_config() handling of missing /etc/selinux/config |
| or missing SELINUXTYPE= definition. |
| * Merged selinux_translations_path() patch from Dan Walsh. |
| |
| 1.27.15 2005-10-25 |
| * Added hidden_proto/def for get_default_context_with_role. |
| |
| 1.27.14 2005-10-25 |
| * Merged selinux_path() and selinux_homedir_context_path() |
| functions from Joshua Brindle. |
| |
| 1.27.13 2005-10-19 |
| * Merged fixes for make DESTDIR= builds from Joshua Brindle. |
| |
| 1.27.12 2005-10-18 |
| * Merged get_default_context_with_rolelevel and man pages from |
| Dan Walsh (Red Hat). |
| |
| 1.27.11 2005-10-18 |
| * Updated call to sepol_policydb_to_image for sepol changes. |
| |
| 1.27.10 2005-10-17 |
| * Changed getseuserbyname to ignore empty lines and to handle |
| no matching entry in the same manner as no seusers file. |
| |
| 1.27.9 2005-10-13 |
| * Changed selinux_mkload_policy to try downgrading the |
| latest policy version available to the kernel-supported version. |
| |
| 1.27.8 2005-10-11 |
| * Changed selinux_mkload_policy to fall back to the maximum |
| policy version supported by libsepol if the kernel policy version |
| falls outside of the supported range. |
| |
| 1.27.7 2005-10-06 |
| * Changed getseuserbyname to fall back to the Linux username and |
| NULL level if seusers config file doesn't exist unless |
| REQUIRESEUSERS=1 is set in /etc/selinux/config. |
| * Moved seusers.conf under $SELINUXTYPE and renamed to seusers. |
| |
| 1.27.6 2005-10-06 |
| * Added selinux_init_load_policy() function as an even higher level |
| interface for the initial policy load by /sbin/init. This obsoletes |
| the load_policy() function in the sysvinit-selinux.patch. |
| |
| 1.27.5 2005-10-06 |
| * Added selinux_mkload_policy() function as a higher level interface |
| for loading policy than the security_load_policy() interface. |
| |
| 1.27.4 2005-10-05 |
| * Merged fix for matchpathcon (regcomp error checking) from Johan |
| Fischer. Also added use of regerror to obtain the error string |
| for inclusion in the error message. |
| |
| 1.27.3 2005-10-03 |
| * Changed getseuserbyname to not require (and ignore if present) |
| the MLS level in seusers.conf if MLS is disabled, setting *level |
| to NULL in this case. |
| |
| 1.27.2 2005-09-30 |
| * Merged getseuserbyname patch from Dan Walsh. |
| |
| 1.27.1 2005-09-19 |
| * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh. |
| This allows file_contexts with MLS fields to be processed on |
| non-MLS-enabled systems with policies that are otherwise |
| identical (e.g. same type definitions). |
| * Merged get_ordered_context_list_with_level() function from |
| Dan Walsh, and added get_default_context_with_level(). |
| This allows MLS level selection for users other than the |
| default level. |
| |
| 1.26 2005-09-06 |
| * Updated version for release. |
| |
| 1.25.7 2005-09-01 |
| * Merged modified form of patch to avoid dlopen/dlclose by |
| the static libselinux from Dan Walsh. Users of the static libselinux |
| will not have any context translation by default. |
| |
| 1.25.6 2005-08-31 |
| * Added public functions to export context translation to |
| users of libselinux (selinux_trans_to_raw_context, |
| selinux_raw_to_trans_context). |
| |
| 1.25.5 2005-08-26 |
| * Remove special definition for context_range_set; use |
| common code. |
| |
| 1.25.4 2005-08-25 |
| * Hid translation-related symbols entirely and ensured that |
| raw functions have hidden definitions for internal use. |
| * Allowed setting NULL via context_set* functions. |
| * Allowed whitespace in MLS component of context. |
| * Changed rpm_execcon to use translated functions to workaround |
| lack of MLS level on upgraded systems. |
| |
| 1.25.3 2005-08-23 |
| * Merged context translation patch, originally by TCS, |
| with modifications by Dan Walsh (Red Hat). |
| |
| 1.25.2 2005-08-11 |
| * Merged several fixes for error handling paths in the |
| AVC sidtab, matchpathcon, booleans, context, and get_context_list |
| code from Serge Hallyn (IBM). Bugs found by Coverity. |
| |
| 1.25.1 2005-08-10 |
| * Removed setupns; migrated to pam. |
| * Merged patches to rename checkPasswdAccess() from Joshua Brindle. |
| Original symbol is temporarily retained for compatibility until |
| all callers are updated. |
| |
| 1.24 2005-06-20 |
| * Updated version for release. |
| |
| 1.23.12 2005-06-13 |
| * Merged security_setupns() from Chad Sellers. |
| |
| 1.23.11 2005-05-19 |
| * Merged avcstat and selinux man page from Dan Walsh. |
| * Changed security_load_booleans to process booleans.local |
| even if booleans file doesn't exist. |
| |
| 1.23.10 2005-04-29 |
| * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). |
| |
| 1.23.9 2005-04-26 |
| * Rewrote get_ordered_context_list and helpers, including |
| changing logic to allow variable MLS fields. |
| |
| 1.23.8 2005-04-25 |
| * Merged matchpathcon and man page patch from Dan Walsh. |
| |
| 1.23.7 2005-04-12 |
| * Changed boolean functions to return -1 with errno ENOENT |
| rather than assert on a NULL selinux_mnt (i.e. selinuxfs not |
| mounted). |
| |
| 1.23.6 2005-04-08 |
| * Fixed bug in matchpathcon_filespec_destroy. |
| |
| 1.23.5 2005-04-05 |
| * Fixed bug in rpm_execcon error handling path. |
| |
| 1.23.4 2005-04-04 |
| * Merged fix for set_matchpathcon* functions from Andreas Steinmetz. |
| * Merged fix for getconlist utility from Andreas Steinmetz. |
| |
| 1.23.3 2005-03-29 |
| * Merged security_set_boolean_list patch from Dan Walsh. |
| This introduces booleans.local support for setsebool. |
| |
| 1.23.2 2005-03-17 |
| * Merged destructors patch from Tomas Mraz. |
| |
| 1.23.1 2005-03-16 |
| * Added set_matchpathcon_flags() function for setting flags |
| controlling operation of matchpathcon. MATCHPATHCON_BASEONLY |
| means only process the base file_contexts file, not |
| file_contexts.homedirs or file_contexts.local, and is for use by |
| setfiles -c. |
| * Updated matchpathcon.3 man page. |
| |
| 1.22 2005-03-09 |
| * Updated version for release. |
| |
| 1.21.13 2005-03-08 |
| * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. |
| |
| 1.21.12 2005-03-01 |
| * Changed matchpathcon_common to ignore any non-format bits in the mode. |
| |
| 1.21.11 2005-02-22 |
| * Merged several fixes from Ulrich Drepper. |
| |
| 1.21.10 2005-02-17 |
| * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh. |
| * Added selinux_users_path() for path to directory containing |
| system.users and local.users. |
| |
| 1.21.9 2005-02-09 |
| * Changed relabel Makefile target to use restorecon. |
| |
| 1.21.8 2005-02-07 |
| * Regenerated av_permissions.h. |
| |
| 1.21.7 2005-02-01 |
| * Modified avc_dump_av to explicitly check for any permissions that |
| cannot be mapped to string names and display them as a hex value. |
| |
| 1.21.6 2005-01-31 |
| * Regenerated av_permissions.h. |
| |
| 1.21.5 2005-01-28 |
| * Generalized matchpathcon internals, exported more interfaces, |
| and moved additional code from setfiles into libselinux so that |
| setfiles can directly use matchpathcon. |
| |
| 1.21.4 2005-01-27 |
| * Prevent overflow of spec array in matchpathcon. |
| |
| 1.21.3 2005-01-26 |
| * Fixed several uses of internal functions to avoid relocations. |
| * Changed rpm_execcon to check is_selinux_enabled() and fallback to |
| a regular execve if not enabled (or unable to determine due to a lack |
| of /proc, e.g. chroot'd environment). |
| |
| |
| 1.21.2 2005-01-24 |
| * Merged minor fix for avcstat from Dan Walsh. |
| |
| 1.21.1 2005-01-19 |
| * Merged patch from Dan Walsh, including: |
| - new is_context_customizable function |
| - changed matchpathcon to also use file_contexts.local if present |
| - man page cleanups |
| |
| 1.20 2005-01-04 |
| * Changed matchpathcon to return -1 with errno ENOENT for |
| <<none>> entries, and also for an empty file_contexts configuration. |
| * Removed some trivial utils that were not useful or redundant. |
| * Changed BINDIR default to /usr/sbin to match change in Fedora. |
| * Added security_compute_member. |
| * Added man page for setcon. |
| * Merged more man pages from Dan Walsh. |
| * Merged avcstat from James Morris. |
| * Merged build fix for mips from Manoj Srivastava. |
| * Merged C++ support from John Ramsdell of MITRE. |
| * Merged setcon() function from Darrel Goeddel of TCS. |
| * Merged setsebool/togglesebool enhancement from Steve Grubb. |
| * Merged cleanup patches from Steve Grubb. |
| |
| 1.18 2004-11-01 |
| * Merged cleanup patches from Steve Grubb. |
| * Added rpm_execcon. |
| * Merged setenforce and removable context patch from Dan Walsh. |
| * Merged build fix for alpha from Ulrich Drepper. |
| * Removed copyright/license from selinux_netlink.h - definitions only. |
| * Merged matchmediacon from Dan Walsh. |
| * Regenerated headers for new nscd permissions. |
| * Added get_default_context_with_role. |
| * Added set_matchpathcon_printf. |
| * Reworked av_inherit.h to allow easier re-use by kernel. |
| * Changed avc_has_perm_noaudit to not fail on netlink errors. |
| * Changed avc netlink code to check pid based on patch by Steve Grubb. |
| * Merged second optimization patch from Ulrich Drepper. |
| * Changed matchpathcon to skip invalid file_contexts entries. |
| * Made string tables private to libselinux. |
| * Merged strcat->stpcpy patch from Ulrich Drepper. |
| * Merged matchpathcon man page from Dan Walsh. |
| * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. |
| * Autobind netlink socket. |
| * Dropped compatibility code from security_compute_user. |
| * Merged fix for context_range_set from Chad Hanson. |
| * Merged allocation failure checking patch from Chad Hanson. |
| * Merged avc netlink error message patch from Colin Walters. |
| |
| 1.16 2004-08-19 |
| * Regenerated headers for nscd class. |
| * Merged man pages from Dan Walsh. |
| * Merged context_new bug fix for MLS ranges from Chad Hanson. |
| * Merged toggle_bool from Chris PeBenito, renamed to togglesebool. |
| * Renamed change_bool and show_bools to setsebool and getsebool. |
| * Merged security_load_booleans() function from Dan Walsh. |
| * Added selinux_booleans_path() function. |
| * Changed avc_init function prototype to use const. |
| * Regenerated headers for crontab permission. |
| * Added checkAccess from Dan Walsh. |
| * Merged getenforce patch from Dan Walsh. |
| * Regenerated headers for dbus classes. |
| |
| 1.14 2004-06-16 |
| * Regenerated headers for fine-grained netlink classes. |
| * Merged selinux_config bug fix from Dan Walsh. |
| * Added userspace AVC man pages. |
| * Added man links for API calls to existing man pages documenting them. |
| * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support. |
| * Merged patch to determine config file paths at runtime to support |
| reorganized layout. |
| * Regenerated flask headers with stable ordering. |
| * Merged patch for man pages from Russell Coker. |
| |
| 1.12 2004-05-10 |
| * Updated flask files to include new SE-X security classes. |
| * Added security_disable function for runtime disable of SELinux prior |
| to initial policy load (for /sbin/init). |
| * Changed get_ordered_context_list to omit any reachable contexts |
| that are not explicitly listed in default_contexts, unless there |
| are no matches. |
| * Merged man pages from Russell Coker and Dan Walsh. |
| * Merged memory leak fixes from Dan Walsh. |
| * Merged policyvers errno patch from Chris PeBenito. |
| |
| 1.10 2004-04-05 |
| * Merged getenforce patch from Dan Walsh. |
| * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as |
| the device specification, i.e. mount selinuxfs /selinux -t selinuxfs. |
| Based on a patch by Russell Coker. |
| * Merged matchpathcon buffer size fix from Dan Walsh. |
| |
| 1.8 2004-03-09 |
| * Merged is_selinux_mls_enabled() from Chad Hanson of TCS. |
| * Added matchpathcon function. |
| * Updated userspace AVC to handle netlink selinux notifications. |
| |
| 1.6 2004-02-18 |
| * Merged conditional policy extensions from Tresys Technology. |
| * Added userspace avc and SID table implementation. |
| * Fixed type on size in getpeercon per Thorsten Kukuk's advice. |
| * Fixed use of getpwnam_r per Thorsten Kukuk's advice. |
| * Changed to use getpwnam_r rather than getpwnam internally to |
| avoid clobbering any existing pwd struct obtained by the caller. |
| * Added getpeercon function to encapsulate getsockopt SO_PEERSEC |
| and handle allocation ala getfilecon. |
| * Changed is_selinux_enabled to return -1 on errors. |
| * Changed to discover selinuxfs mount point via /proc/mounts |
| so that the mount point can be changed without rebuilding. |
| |
| 1.4 2003-12-01 |
| * Merged another cleanup patch from Bastian Blank and Joerg Hoh. |
| * Regenerate headers for new permissions. |
| * Merged static lib build patch from Bastian Blank and Joerg Hoh. |
| * Export SELINUXMNT definition, add SELINUXPOLICY definition. |
| * Add functions to provide access to enforce and policyvers. |
| * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs. |
| * Fixed type for 'size' in *getfilecon. |
| * Dropped -lattr and changed #include's to <sys/xattr.h> |
| * Merged patch to move shared library to /lib from Dan Walsh. |
| * Changed get_ordered_context_list to support a failsafe context. |
| * Added selinuxenabled utility. |
| * Merged const patch from Thorsten Kukuk. |
| |
| 1.2 2003-09-30 |
| * Change is_selinux_enabled to fail if policy isn't loaded. |
| * Changed Makefiles to allow non-root rpm builds. |
| * Added -lattr for libselinux.so to ensure proper binding. |
| |
| 1.1 2003-08-13 |
| * Ensure that context strings are padded with a null byte |
| in case the kernel didn't include one. |
| * Regenerate headers, update helpers.c for code cleanup. |
| * Pass soname flag to linker (Colin Walters). |
| * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters). |
| |
| 1.0 2003-07-11 |
| * Initial public release. |