Stephen Smalley | 3ff0579 | 2015-05-07 12:47:21 -0400 | [diff] [blame] | 1 | * Fix core dumps with corrupt *.bin files, from Richard Haines. |
| 2 | * Add selabel partial and best match APIs, from Richard Haines. |
Steve Lawrence | de4f82b | 2015-04-21 08:49:32 -0400 | [diff] [blame] | 3 | * Use os.walk() instead of the deprecated os.path.walk(), from Petr |
| 4 | Lautrbach & Miro HronĨok |
Stephen Smalley | 27d5377 | 2015-04-17 12:38:10 -0400 | [diff] [blame] | 5 | * is_selinux_enabled(): drop no-policy-loaded test, from Stephen Smalley. |
Stephen Smalley | 974f565 | 2015-04-16 09:51:31 -0400 | [diff] [blame] | 6 | * Remove deprecated mudflap option, from Stephen Smalley. |
Stephen Smalley | c4bd396 | 2015-04-16 07:50:25 -0400 | [diff] [blame] | 7 | * Mount procfs before checking /proc/filesystems, from Ben Shelton. |
Stephen Smalley | 50788b1 | 2015-03-13 14:18:34 -0400 | [diff] [blame] | 8 | * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. |
Stephen Smalley | 07ed778 | 2015-02-24 10:50:56 -0500 | [diff] [blame] | 9 | * label_file: handle newlines in file names, from Nick Kralevich. |
Stephen Smalley | b2beb53 | 2015-02-23 11:08:51 -0500 | [diff] [blame] | 10 | * getcon.3: Fix setcon description, from Stephen Smalley. |
Stephen Smalley | d8b2a0a | 2015-02-13 10:46:45 -0500 | [diff] [blame] | 11 | * Fix audit2why error handling if SELinux is disabled, from Stephen Smalley. |
Stephen Smalley | 54075fb | 2015-02-03 11:25:41 -0500 | [diff] [blame] | 12 | * pcre_study can return NULL without error, from Stephen Smalley. |
| 13 | * Android property backend validation support, from Robert Craig. |
| 14 | * Only check SELinux enabled status once in selinux_check_access, from Stephen Smalley. |
| 15 | |
Steve Lawrence | f0c9966 | 2015-02-02 09:38:10 -0500 | [diff] [blame] | 16 | 2.4 2015-02-02 |
Steve Lawrence | d1db56c | 2014-10-29 10:59:46 -0400 | [diff] [blame] | 17 | * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR, from Steve |
| 18 | Lawrence |
Steve Lawrence | ff5bbe6 | 2014-10-01 14:47:16 -0400 | [diff] [blame] | 19 | * Fix bugs found by hardened gcc flags, from Nicolas Iooss. |
Steve Lawrence | 79fd2d0 | 2014-08-26 09:48:54 -0400 | [diff] [blame] | 20 | * Set the system to permissive if failing to disable SELinux because |
| 21 | policy has already been loaded, from Will Woods. |
| 22 | * Fix type in selinux.8 manpage, from Nicolas Iooss |
| 23 | * Add db_exception and db_datatype support to label_db backend, from Artyom |
| 24 | Smirnov |
| 25 | * Log an error on unknown classes and permissions, from Stephen Smalley |
| 26 | * Add pcre version string to the compiled file_contexts format, from |
| 27 | Stephen Smalley |
| 28 | * Deprecate use of flask.h and av_permissions.h, from Stephen Smalley |
Steve Lawrence | 79fd2d0 | 2014-08-26 09:48:54 -0400 | [diff] [blame] | 29 | * Compiled file_context files and the original should have the same DAC |
| 30 | permissions, from Dan Walsh |
| 31 | |
Stephen Smalley | 1e64821 | 2014-05-06 13:30:27 -0400 | [diff] [blame] | 32 | 2.3 2014-05-06 |
Stephen Smalley | 269b45c | 2014-02-19 16:12:55 -0500 | [diff] [blame] | 33 | * Get rid of security_context_t and fix const declarations. |
Stephen Smalley | 1cb3686 | 2014-01-06 14:07:18 -0500 | [diff] [blame] | 34 | * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. |
| 35 | |
Stephen Smalley | edc2e99 | 2013-12-30 14:39:59 -0500 | [diff] [blame] | 36 | 2.2.2 2013-12-30 |
| 37 | * Fix userspace AVC handling of per-domain permissive mode. |
| 38 | |
Stephen Smalley | 2723843 | 2013-11-06 14:56:30 -0500 | [diff] [blame] | 39 | 2.2.1 2013-11-06 |
| 40 | * Remove -lpthread from pkg-config file; it is not required. |
| 41 | |
Stephen Smalley | 7c4bb77 | 2013-10-30 12:45:19 -0400 | [diff] [blame] | 42 | 2.2 2013-10-30 |
Stephen Smalley | 8e5d465 | 2013-10-30 12:42:05 -0400 | [diff] [blame] | 43 | * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. |
Stephen Smalley | a080100 | 2013-10-25 15:14:23 -0400 | [diff] [blame] | 44 | * Support overriding Makefile RANLIB from Sven Vermeulen. |
| 45 | * Update pkgconfig definition from Sven Vermeulen. |
| 46 | * Mount sysfs before trying to mount selinuxfs from Sven Vermeulen. |
| 47 | * Fix man pages from Laurent Bigonville. |
| 48 | * Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville. |
| 49 | * Fix LDFLAGS usage from Laurent Bigonville |
| 50 | * Avoid shadowing stat in load_mmap from Joe MacDonald. |
| 51 | * Support building on older PCRE libraries from Joe MacDonald. |
| 52 | * Fix handling of temporary file in sefcontext_compile from Dan Walsh. |
| 53 | * Fix procattr cache from Dan Walsh. |
| 54 | * Define python constants for getenforce result from Dan Walsh. |
| 55 | * Fix label substitution handling of / from Dan Walsh. |
| 56 | * Add selinux_current_policy_path from Dan Walsh. |
| 57 | * Change get_context_list to only return good matches from Dan Walsh. |
| 58 | * Support udev-197 and higher from Sven Vermeulen and Dan Walsh. |
| 59 | * Add support for local substitutions from Dan Walsh. |
| 60 | * Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh. |
| 61 | * Python wrapper leak fixes from Dan Walsh. |
| 62 | * Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh. |
| 63 | * Add selinux_systemd_contexts_path from Dan Walsh. |
| 64 | * Add selinux_set_policy_root from Dan Walsh. |
| 65 | * Add man page for sefcontext_compile from Dan Walsh. |
| 66 | |
Eric Paris | e9410c9 | 2013-02-01 16:57:55 -0500 | [diff] [blame] | 67 | 2.1.13 2013-02-01 |
| 68 | * audit2why: make sure path is nul terminated |
| 69 | * utils: new file context regex compiler |
| 70 | * label_file: use precompiled filecontext when possible |
| 71 | * do not leak mmapfd |
| 72 | * sefcontontext_compile: Add error handling to help debug problems in libsemanage. |
| 73 | * man: make selinux.8 mention service man pages |
| 74 | * audit2why: Fix segfault if finish() called twice |
| 75 | * audit2why: do not leak on multiple init() calls |
| 76 | * mode_to_security_class: interface to translate a mode_t in to a security class |
| 77 | * audit2why: Cleanup audit2why analysys function |
| 78 | * man: Fix program synopsis and function prototypes in man pages |
| 79 | * man: Fix man pages formatting |
| 80 | * man: Fix typo in man page |
| 81 | * man: Add references and man page links to _raw function variants |
| 82 | * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions |
| 83 | * man: context_new(3): fix the return value description |
| 84 | * selinux_status_open: handle error from sysconf |
| 85 | * selinux_status_open: do not leak statusfd on exec |
| 86 | * Fix errors found by coverity |
| 87 | * Change boooleans.subs to booleans.subs_dist. |
| 88 | * optimize set*con functions |
| 89 | * pkg-config do not specifc ruby version |
| 90 | * unmap file contexts on selabel_close() |
| 91 | * do not leak file contexts with mmap'd backend |
| 92 | * sefcontext_compile: do not leak fd on error |
| 93 | * matchmediacon: do not leak fd |
| 94 | * src/label_android_property: do not leak fd on error |
| 95 | |
Eric Paris | 8638197 | 2012-09-13 10:33:58 -0400 | [diff] [blame] | 96 | 2.1.12 2012-09-13 |
| 97 | * Add support for lxc_contexts_path |
| 98 | * utils: add service to getdefaultcon |
| 99 | * libsemanage: do not set soname needlessly |
| 100 | * libsemanage: remove PYTHONLIBDIR and ruby equivalent |
| 101 | * boolean name equivalency |
| 102 | * getsebool: support boolean name substitution |
| 103 | * Add man page for new selinux_boolean_sub function. |
| 104 | * expose selinux_boolean_sub |
| 105 | * matchpathcon: add -m option to force file type check |
| 106 | * utils: avcstat: clear sa_mask set |
| 107 | * seusers: Check for strchr failure |
| 108 | * booleans: initialize pointer to silence coveriety |
| 109 | * stop messages when SELinux disabled |
| 110 | * label_file: use PCRE instead of glibc regex functions |
| 111 | * label_file: remove all typedefs |
| 112 | * label_file: move definitions to include file |
| 113 | * label_file: do string to mode_t conversion in a helper function |
| 114 | * label_file: move error reporting back into caller |
| 115 | * label_file: move stem/spec handling to header |
| 116 | * label_file: drop useless ncomp field from label_file data |
| 117 | * label_file: move spec_hasMetaChars to header |
| 118 | * label_file: fix potential read past buffer in spec_hasMetaChars |
| 119 | * label_file: move regex sorting to the header |
| 120 | * label_file: add accessors for the pcre extra data |
| 121 | * label_file: only run regex files one time |
| 122 | * label_file: new process_file function |
| 123 | * label_file: break up find_stem_from_spec |
| 124 | * label_file: struct reorg |
| 125 | * label_file: only run array once when sorting |
| 126 | * Ensure that we only close the selinux netlink socket once. |
| 127 | * improve the file_contexts.5 manual page |
| 128 | |
Eric Paris | f05a71b | 2012-06-28 14:02:29 -0400 | [diff] [blame] | 129 | 2.1.11 2012-06-28 |
| 130 | * Fortify source now requires all code to be compiled with -O flag |
| 131 | * asprintf return code must be checked |
| 132 | * avc_netlink_recieve handle EINTR |
| 133 | * audit2why: silence -Wmissing-prototypes warning |
| 134 | * libsemanage: remove build warning when build swig c files |
| 135 | * matchpathcon: bad handling of symlinks in / |
| 136 | * seusers: remove unused lineno |
| 137 | * seusers: getseuser: gracefully handle NULL service |
| 138 | * New Android property labeling backend |
| 139 | * label_android_property whitespace cleanups |
| 140 | * additional makefile support for rubywrap |
| 141 | |
| 142 | |
Eric Paris | 7a86fe1 | 2012-03-28 15:44:05 -0400 | [diff] [blame] | 143 | 2.1.10 2012-03-28 |
| 144 | * Fix dead links to www.nsa.gov/selinux |
| 145 | * Remove jump over variable declaration |
| 146 | * Fix old style function definitions |
| 147 | * Fix const-correctness |
| 148 | * Remove unused flush_class_cache method |
| 149 | * Add prototype decl for destructor |
| 150 | * Add more printf format annotations |
| 151 | * Add printf format attribute annotation to die() method |
| 152 | * Fix const-ness of parameters & make usage() methods static |
| 153 | * Enable many more gcc warnings for libselinux/src/ builds |
| 154 | * utils: Enable many more gcc warnings for libselinux/utils builds |
| 155 | * Change annotation on include/selinux/avc.h to avoid upsetting SWIG |
| 156 | * Ensure there is a prototype for 'matchpathcon_lib_destructor' |
| 157 | * Update Makefiles to handle /usrmove |
| 158 | * utils: Stop separating out matchpathcon as something special |
| 159 | * pkg-config to figure out where ruby include files are located |
| 160 | * build with either ruby 1.9 or ruby 1.8 |
| 161 | * assert if avc_init() not called |
| 162 | * take security_deny_unknown into account |
| 163 | * security_compute_create_name(3) |
| 164 | * Do not link against python library, this is considered |
| 165 | * bad practice in debian |
| 166 | * Hide unnecessarily-exported library destructors |
| 167 | |
Eric Paris | 339f807 | 2011-12-21 12:46:04 -0500 | [diff] [blame] | 168 | 2.1.9 2011-12-21 |
| 169 | * Fix setenforce man page to refer to selinux man page |
| 170 | * Cleanup Man pages |
| 171 | * merge freecon with getcon man page |
| 172 | |
Eric Paris | d65c02f | 2011-12-05 16:20:45 -0500 | [diff] [blame] | 173 | 2.1.8 2011-12-05 |
| 174 | * selinuxswig_python.i: don't make syscall if it won't change anything |
| 175 | * Remove assert in security_get_boolean_names(3) |
| 176 | * Mapped compute functions now obey deny_unknown flag |
| 177 | * get_default_type now sets EINVAL if no entry. |
| 178 | * return EINVAL if invalid role selected |
| 179 | * Updated selabel_file(5) man page |
| 180 | * Updated selabel_db(5) man page |
| 181 | * Updated selabel_media(5) man page |
| 182 | * Updated selabel_x(5) man page |
| 183 | * Add man/man5 man pages |
| 184 | * Add man/man5 man pages |
| 185 | * Add man/man5 man pages |
| 186 | * use -W and -Werror in utils |
| 187 | |
Eric Paris | 14e4b70 | 2011-11-03 15:26:36 -0400 | [diff] [blame] | 188 | 2.1.7 2011-11-03 |
| 189 | * Makefiles: syntax, convert all ${VAR} to $(VAR) |
| 190 | * load_policy: handle selinux=0 and /sys/fs/selinux not exist |
| 191 | * regenerate .pc on VERSION change |
| 192 | * label: cosmetic cleanups |
| 193 | * simple interface for access checks |
| 194 | * Don't reinitialize avc_init if it has been called previously |
| 195 | * seusers: fix to handle large sets of groups |
| 196 | * audit2why: close fd on enomem |
| 197 | * rename and export symlink_realpath |
| 198 | * label_file: style changes to make Eric happy. |
| 199 | |
Eric Paris | 418dbc7 | 2011-09-16 15:34:36 -0400 | [diff] [blame] | 200 | 2.1.6 2011-09-15 |
| 201 | * utils: matchpathcon: remove duplicate declaration |
| 202 | * src: matchpathcon: use myprintf not fprintf |
| 203 | * src: matchpathcon: make sure resolved path starts |
| 204 | * put libselinux.so.1 in /lib not /usr/lib |
| 205 | * tree: default make target to all not |
| 206 | |
Eric Paris | 1f8cf40 | 2011-08-26 15:11:58 -0400 | [diff] [blame] | 207 | 2.1.5 2011-0826 |
| 208 | * selinux_file_context_verify function returns wrong value. |
| 209 | * move realpath helper to matchpathcon library |
| 210 | * python wrapper makefile changes |
| 211 | |
Eric Paris | 6b6b475 | 2011-08-17 11:17:28 -0400 | [diff] [blame] | 212 | 2.1.4 2011-0817 |
| 213 | * mapping fix for invalid class/perms after selinux_set_mapping |
| 214 | * audit2why: work around python bug not defining |
| 215 | * resolv symlinks and dot directories before matching |
| 216 | |
Eric Paris | 4749940 | 2011-08-03 18:09:02 -0400 | [diff] [blame] | 217 | 2.1.2 2011-0803 |
| 218 | * audit2allow: do not print statistics |
| 219 | * make python bindings for restorecon work on relative path |
| 220 | * fix python audit2why binding error |
| 221 | * support new python3 functions |
| 222 | * do not check fcontext duplicates on use |
| 223 | * Patch for python3 for libselinux |
| 224 | |
Eric Paris | 78b4b56 | 2011-08-02 14:10:39 -0400 | [diff] [blame] | 225 | 2.1.1 2011-08-02 |
| 226 | * move .gitignore into utils |
| 227 | * new setexecon utility |
| 228 | * selabel_open fix processing of substitution files |
| 229 | * mountpoint changing patch. |
| 230 | * simplify SRCS in Makefile |
| 231 | |
Eric Paris | 510003b | 2011-08-01 13:49:21 -0400 | [diff] [blame] | 232 | 2.1.1 2011-08-01 |
| 233 | * Remove generated files, introduce more .gitignore |
| 234 | |
Steve Lawrence | 44121f6 | 2011-07-26 09:39:09 -0400 | [diff] [blame] | 235 | 2.1.0 2011-07-27 |
| 236 | * Release, minor version bump |
| 237 | |
Steve Lawrence | c7512cf | 2011-04-11 16:10:04 -0400 | [diff] [blame] | 238 | 2.0.102 2011-04-11 |
| 239 | * Give correct names to mount points in load_policy by Dan Walsh. |
| 240 | * Make sure selinux state is reported correctly if selinux is disabled or |
| 241 | fails to load by Dan Walsh. |
| 242 | * Fix crash if selinux_key_create was never called by Dan Walsh. |
| 243 | * Add new file_context.subs_dist for distro specific filecon substitutions |
| 244 | by Dan Walsh. |
| 245 | * Update man pages for selinux_color_* functions by Richard Haines. |
| 246 | |
Stephen Smalley | acd3b7f | 2011-03-23 08:56:16 -0400 | [diff] [blame] | 247 | 2.0.101 2011-03-23 |
| 248 | * db_language object class support for selabel_lookup from KaiGai |
| 249 | Kohei. |
| 250 | |
Eamon Walsh | 44d8ff2 | 2011-03-09 11:51:06 -0500 | [diff] [blame] | 251 | 2.0.100 2011-03-09 |
| 252 | * Library destructors for thread local storage keys from Eamon Walsh. |
| 253 | |
| 254 | 2.0.99 2011-03-01 |
| 255 | * SELinux man page fixes from Dan Walsh. |
Stephen Smalley | acd3b7f | 2011-03-23 08:56:16 -0400 | [diff] [blame] | 256 | * selinux_status interfaces from KaiGai Kohei. |
Eamon Walsh | 44d8ff2 | 2011-03-09 11:51:06 -0500 | [diff] [blame] | 257 | |
Chad Sellers | d17ed0d | 2010-12-16 14:11:57 -0500 | [diff] [blame] | 258 | 2.0.98 2010-12-16 |
| 259 | * Turn off default user handling when computing user contexts by Dan Walsh |
| 260 | |
Eamon Walsh | 705071c | 2010-12-02 20:08:22 -0500 | [diff] [blame] | 261 | 2.0.97 2010-12-02 |
| 262 | * Thread local storage fixes from Eamon Walsh. |
| 263 | |
Chad Sellers | fe19c7a | 2010-06-14 16:33:29 -0400 | [diff] [blame] | 264 | 2.0.96 2010-06-14 |
| 265 | * Add const qualifiers to public API where appropriate by KaiGai Kohei. |
| 266 | |
Chad Sellers | 0750eb5 | 2010-06-10 16:57:28 -0400 | [diff] [blame] | 267 | 2.0.95 2010-06-10 |
| 268 | * Remove duplicate slashes in paths in selabel_lookup from Chad Sellers |
| 269 | * Adds a chcon method to the libselinux python bindings from Steve Lawrence |
| 270 | |
Joshua Brindle | 734f762 | 2010-03-24 14:28:39 -0400 | [diff] [blame] | 271 | 2.0.94 2010-03-24 |
| 272 | * Set errno=EINVAL for invalid contexts from Dan Walsh. |
| 273 | |
Eamon Walsh | 0b2e0bd | 2010-03-15 19:00:59 -0400 | [diff] [blame] | 274 | 2.0.93 2010-03-15 |
Eamon Walsh | 386ab8d | 2010-03-18 18:27:07 -0400 | [diff] [blame] | 275 | * Show strerror for security_getenforce() by Colin Walters. |
Eamon Walsh | 0b2e0bd | 2010-03-15 19:00:59 -0400 | [diff] [blame] | 276 | * Merged selabel database support by KaiGai Kohei. |
| 277 | * Modify netlink socket blocking code by KaiGai Kohei. |
| 278 | |
Joshua Brindle | e6bfff4 | 2010-03-06 18:10:51 -0500 | [diff] [blame] | 279 | 2.0.92 2010-03-06 |
| 280 | * Fix from Eric Paris to fix leak on non-selinux systems. |
| 281 | * regenerate swig wrappers |
| 282 | * pkgconfig fix to respect LIBDIR from Dan Walsh. |
| 283 | |
Stephen Smalley | 955f8d8 | 2010-02-22 15:35:02 -0500 | [diff] [blame] | 284 | 2.0.91 2010-02-22 |
| 285 | * Change the AVC to only audit the permissions specified by the |
| 286 | policy, excluding any permissions specified via dontaudit or not |
| 287 | specified via auditallow. |
| 288 | * Fix compilation of label_file.c with latest glibc headers. |
| 289 | |
Joshua Brindle | 32cf5d5 | 2009-11-27 15:03:02 -0500 | [diff] [blame] | 290 | 2.0.90 2009-11-27 |
| 291 | * add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>. |
| 292 | * Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org> |
| 293 | |
Eamon Walsh | 7cdfd6e | 2009-10-29 15:33:37 -0400 | [diff] [blame] | 294 | 2.0.89 2009-10-29 |
| 295 | * Add pkgconfig file from Eamon Walsh. |
| 296 | |
Chad Sellers | 6f46606 | 2009-10-22 14:00:10 -0400 | [diff] [blame] | 297 | 2.0.88 2009-10-22 |
| 298 | * Rename and export selinux_reset_config() |
| 299 | |
Joshua Brindle | 0e421af | 2009-09-24 15:18:12 -0400 | [diff] [blame] | 300 | 2.0.87 2009-09-25 |
| 301 | * Add exception handling in libselinux from Dan Walsh. This uses a |
| 302 | shell script called exception.sh to generate a swig interface file. |
| 303 | * make swigify |
| 304 | * Make matchpathcon print <<none>> if path not found in fcontext file. |
| 305 | |
Eamon Walsh | 206e2df | 2009-09-02 20:27:10 -0400 | [diff] [blame] | 306 | 2.0.86 2009-09-02 |
| 307 | * Removal of reference counting on userspace AVC SID's. |
| 308 | |
Stephen Smalley | 919c989 | 2009-07-14 11:00:37 -0400 | [diff] [blame] | 309 | 2.0.85 2009-07-14 |
| 310 | * Reverted Tomas Mraz's fix for freeing thread local storage to avoid |
| 311 | pthread dependency. |
| 312 | * Removed fini_context_translations() altogether. |
| 313 | * Merged lazy init patch from Stephen Smalley based on original patch |
| 314 | by Steve Grubb. |
| 315 | |
Joshua Brindle | 1591e42 | 2009-07-07 12:23:51 -0400 | [diff] [blame] | 316 | 2.0.84 2009-07-07 |
| 317 | * Add per-service seuser support from Dan Walsh. |
| 318 | * Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. |
| 319 | |
Stephen Smalley | 41be6cf | 2009-07-07 08:25:53 -0400 | [diff] [blame] | 320 | 2.0.83 2009-07-07 |
| 321 | * Check /proc/filesystems before /proc/mounts for selinuxfs from Eric |
| 322 | Paris. |
| 323 | |
Joshua Brindle | 33844aa | 2009-06-22 11:32:27 -0400 | [diff] [blame] | 324 | 2.0.82 2009-06-19 |
| 325 | * Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>. |
| 326 | * Label substitution support from Dan Walsh. |
| 327 | * Support for labeling virtual machine images from Dan Walsh. |
| 328 | |
Joshua Brindle | 99afa3c | 2009-05-05 20:19:43 -0400 | [diff] [blame] | 329 | 2.0.81 2009-05-15 |
| 330 | * Trim / from the end of input paths to matchpathcon from Dan Walsh. |
| 331 | * Fix leak in process_line in label_file.c from Hiroshi Shinji. |
| 332 | * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. |
| 333 | * getdefaultcon to print just the correct match and add verbose option from Dan Walsh. |
| 334 | |
Eamon Walsh | a07493d | 2009-04-07 22:53:50 -0400 | [diff] [blame] | 335 | 2.0.80 2009-04-07 |
| 336 | * deny_unknown wrapper function from KaiGai Kohei. |
| 337 | * security_compute_av_flags API from KaiGai Kohei. |
| 338 | * Netlink socket management and callbacks from KaiGai Kohei. |
| 339 | |
Eamon Walsh | 3028bc3 | 2009-03-11 19:06:12 -0400 | [diff] [blame] | 340 | 2.0.79 2009-03-11 |
| 341 | * Netlink socket handoff patch from Adam Jackson. |
| 342 | * AVC caching of compute_create results by Eric Paris. |
| 343 | |
Eamon Walsh | 5032faa | 2009-02-27 18:08:55 -0500 | [diff] [blame] | 344 | 2.0.78 2009-02-27 |
| 345 | * Fix incorrect conversion in discover_class code. |
| 346 | |
Joshua Brindle | c8a1880 | 2009-01-12 10:53:11 -0500 | [diff] [blame] | 347 | 2.0.77 2009-01-12 |
Joshua Brindle | a9e6fbd | 2009-01-12 10:44:08 -0500 | [diff] [blame] | 348 | * add restorecon to python bindings from Dan Walsh. |
| 349 | |
Eamon Walsh | 7817c92 | 2009-01-05 18:31:55 -0500 | [diff] [blame] | 350 | 2.0.76 2009-01-08 |
| 351 | * Client support for translating raw contexts to colors via setrans. |
| 352 | |
Eamon Walsh | aa92cfb | 2008-11-18 18:59:20 -0500 | [diff] [blame] | 353 | 2.0.75 2008-11-18 |
| 354 | * Allow shell-style wildcards in x_contexts file. |
| 355 | |
Eamon Walsh | cc50281 | 2008-11-03 13:45:19 -0500 | [diff] [blame] | 356 | 2.0.74 2008-11-03 |
| 357 | * Correct message types in AVC log messages. |
| 358 | |
Joshua Brindle | 3d431ae | 2008-10-14 08:12:59 -0400 | [diff] [blame] | 359 | 2.0.73 2008-10-14 |
| 360 | * Make matchpathcon -V pass mode from Dan Walsh. |
| 361 | * Add man page for selinux_file_context_cmp from Dan Walsh. |
| 362 | |
Joshua Brindle | 922103e | 2008-09-29 18:20:51 -0400 | [diff] [blame] | 363 | 2.0.72 2008-09-29 |
| 364 | * New man pages from Dan Walsh. |
| 365 | * Update flask headers from refpolicy trunk from Dan Walsh. |
| 366 | |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 367 | 2.0.71 2008-08-05 |
| 368 | * Add group support to seusers using %groupname syntax from Dan Walsh. |
| 369 | * Mark setrans socket close-on-exec from Stephen Smalley. |
| 370 | * Only apply nodups checking to base file contexts from Stephen Smalley. |
| 371 | |
| 372 | 2.0.70 2008-07-30 |
| 373 | * Merge ruby bindings from Dan Walsh. |
| 374 | |
| 375 | 2.0.69 2008-07-29 |
| 376 | * Handle duplicate file context regexes as a fatal error from Stephen Smalley. |
| 377 | This prevents adding them via semanage. |
| 378 | |
| 379 | 2.0.68 2008-07-18 |
| 380 | * Fix audit2why shadowed variables from Stephen Smalley. |
| 381 | * Note that freecon NULL is legal in man page from Karel Zak. |
| 382 | |
| 383 | 2.0.67 2008-06-13 |
| 384 | * New and revised AVC, label, and mapping man pages from Eamon Walsh. |
| 385 | |
| 386 | 2.0.66 2008-06-11 |
| 387 | * Add swig python bindings for avc interfaces from Dan Walsh. |
| 388 | |
| 389 | 2.0.65 2008-05-27 |
| 390 | * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized. |
| 391 | * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status. |
| 392 | |
| 393 | 2.0.64 2008-04-21 |
| 394 | * Fixed selinux_set_callback man page. |
| 395 | |
| 396 | 2.0.63 2008-04-18 |
| 397 | * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. |
| 398 | |
| 399 | 2.0.62 2008-04-18 |
| 400 | * Fix memory leaks in matchpathcon from Eamon Walsh. |
| 401 | |
| 402 | 2.0.61 2008-03-31 |
| 403 | * Man page typo fix from Jim Meyering. |
| 404 | |
| 405 | 2.0.60 2008-03-20 |
| 406 | * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel. |
| 407 | |
| 408 | 2.0.59 2008-02-29 |
| 409 | * Merged new X label "poly_selection" namespace from Eamon Walsh. |
| 410 | |
| 411 | 2.0.58 2008-02-28 |
| 412 | * Merged reset_selinux_config() for load policy from Dan Walsh. |
| 413 | |
| 414 | 2.0.57 2008-02-25 |
| 415 | * Merged avc_has_perm() errno fix from Eamon Walsh. |
| 416 | |
| 417 | 2.0.56 2008-02-21 |
| 418 | * Regenerated Flask headers from refpolicy flask definitions. |
| 419 | |
| 420 | 2.0.55 2008-02-08 |
| 421 | * Merged compute_member AVC function and manpages from Eamon Walsh. |
| 422 | |
| 423 | 2.0.54 2008-02-08 |
| 424 | * Provide more error reporting on load policy failures from Stephen Smalley. |
| 425 | |
| 426 | 2.0.53 2008-02-07 |
| 427 | * Merged new X label "poly_prop" namespace from Eamon Walsh. |
| 428 | |
| 429 | 2.0.52 2008-02-06 |
| 430 | * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley. |
| 431 | |
| 432 | 2.0.51 2008-02-05 |
| 433 | * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley. |
| 434 | |
| 435 | 2.0.50 2008-01-28 |
| 436 | * Merged fix for audit2why from Dan Walsh. |
| 437 | |
| 438 | 2.0.49 2008-01-23 |
| 439 | * Merged audit2why python binding from Dan Walsh. |
| 440 | |
| 441 | 2.0.48 2008-01-23 |
| 442 | * Merged updated swig bindings from Dan Walsh, including typemap for pid_t. |
| 443 | |
| 444 | 2.0.47 2007-12-21 |
| 445 | * Fix for the avc: granted null message bug from Stephen Smalley. |
| 446 | |
| 447 | 2.0.46 2007-12-07 |
| 448 | * matchpathcon(8) man page update from Dan Walsh. |
| 449 | |
| 450 | 2.0.45 2007-11-20 |
| 451 | * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley. |
| 452 | |
| 453 | 2.0.44 2007-11-20 |
| 454 | * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley. |
| 455 | A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD. |
| 456 | |
| 457 | 2.0.43 2007-11-15 |
| 458 | * Regenerated Flask headers from policy. |
| 459 | |
| 460 | 2.0.42 2007-11-08 |
| 461 | * AVC enforcing mode override patch from Eamon Walsh. |
| 462 | |
| 463 | 2.0.41 2007-11-06 |
| 464 | * Aligned attributes in AVC netlink code from Eamon Walsh. |
| 465 | |
| 466 | 2.0.40 2007-11-01 |
| 467 | * Merged refactored AVC netlink code from Eamon Walsh. |
| 468 | |
| 469 | 2.0.39 2007-10-19 |
| 470 | * Merged new X label namespaces from Eamon Walsh. |
| 471 | |
| 472 | 2.0.38 2007-10-15 |
| 473 | * Bux fix and minor refactoring in string representation code. |
| 474 | |
| 475 | 2.0.37 2007-10-05 |
| 476 | * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh. |
| 477 | |
| 478 | 2.0.36 2007-09-27 |
| 479 | * Fix segfault resulting from missing file_contexts file. |
| 480 | |
| 481 | 2.0.35 2007-09-24 |
| 482 | * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. |
| 483 | * Pass CFLAGS when using gcc for linking from Dennis Gilmore. |
| 484 | |
| 485 | 2.0.34 2007-09-18 |
| 486 | * Fix selabel option flag setting for 64-bit from Stephen Smalley. |
| 487 | |
| 488 | 2.0.33 2007-09-12 |
| 489 | * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley. |
| 490 | * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley. |
| 491 | |
| 492 | 2.0.32 2007-09-10 |
| 493 | * Fix swig binding for rpm_execcon from James Athey. |
| 494 | |
| 495 | 2.0.31 2007-08-23 |
| 496 | * Fix file_contexts.homedirs path from Todd Miller. |
| 497 | |
| 498 | 2.0.30 2007-08-06 |
| 499 | * Fix segfault resulting from uninitialized print-callback pointer. |
| 500 | |
| 501 | 2.0.29 2007-08-02 |
| 502 | * Added x_contexts path function patch from Eamon Walsh. |
| 503 | |
| 504 | 2.0.28 2007-08-01 |
| 505 | * Fix build for EMBEDDED=y from Yuichi Nakamura. |
| 506 | |
| 507 | 2.0.27 2007-07-25 |
| 508 | * Fix markup problems in selinux man pages from Dan Walsh. |
| 509 | |
| 510 | 2.0.26 2007-07-23 |
| 511 | * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh. |
| 512 | * Added swigify to top-level Makefile from Dan Walsh. |
| 513 | |
| 514 | 2.0.25 2007-07-23 |
| 515 | * Fix for string_to_security_class segfault on x86_64 from Stephen |
| 516 | Smalley. |
| 517 | |
| 518 | 2.0.24 2007-09-07 |
| 519 | * Fix for getfilecon() for zero-length contexts from Stephen Smalley. |
| 520 | |
| 521 | 2.0.23 2007-06-22 |
| 522 | * Refactored SWIG bindings from James Athey. |
| 523 | |
| 524 | 2.0.22 2007-06-20 |
| 525 | * Labeling and callback interface patches from Eamon Walsh. |
| 526 | |
| 527 | 2.0.21 2007-06-11 |
| 528 | * Class and permission mapping support patches from Eamon Walsh. |
| 529 | |
| 530 | 2.0.20 2007-06-07 |
| 531 | * Object class discovery support patches from Chris PeBenito. |
| 532 | |
| 533 | 2.0.19 2007-06-05 |
| 534 | * Refactoring and errno support in string representation code. |
| 535 | |
| 536 | 2.0.18 2007-05-31 |
| 537 | * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura. |
| 538 | This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case. |
| 539 | |
| 540 | 2.0.17 2007-05-31 |
| 541 | * Updated Lindent script and reindented two header files. |
| 542 | |
| 543 | 2.0.16 2007-05-09 |
| 544 | * Merged additional swig python bindings from Dan Walsh. |
| 545 | |
| 546 | 2.0.15 2007-04-27 |
| 547 | * Merged helpful message when selinuxfs mount fails patch from Dax Kelson. |
| 548 | |
| 549 | 2.0.14 2007-04-24 |
| 550 | * Merged build fix for avc_internal.c from Joshua Brindle. |
| 551 | |
| 552 | 2.0.13 2007-04-12 |
| 553 | * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh. |
| 554 | |
| 555 | 2.0.12 2007-04-09 |
| 556 | * Merged support for getting initial contexts from James Carter. |
| 557 | |
| 558 | 2.0.11 2007-04-05 |
| 559 | * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. |
| 560 | |
| 561 | |
| 562 | 2.0.10 2007-04-05 |
| 563 | * Merged sidput(NULL) patch from Eamon Walsh. |
| 564 | |
| 565 | 2.0.9 2007-03-30 |
| 566 | * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh. |
| 567 | |
| 568 | 2.0.8 2007-03-20 |
| 569 | * Merged fix for avc.h #include's from Eamon Walsh. |
| 570 | |
| 571 | 2.0.7 2007-03-12 |
| 572 | * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb. |
| 573 | |
| 574 | 2.0.6 2007-03-12 |
| 575 | * Merged patch to drop support for old /etc/sysconfig/selinux and |
| 576 | /etc/security policy file layout from Steve Grubb. |
| 577 | |
| 578 | 2.0.5 2007-02-27 |
| 579 | * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb. |
| 580 | |
| 581 | 2.0.4 2007-02-23 |
| 582 | * Removed sending of setrans init message. |
| 583 | |
| 584 | 2.0.3 2007-02-22 |
| 585 | * Merged matchpathcon memory leak fix from Steve Grubb. |
| 586 | |
| 587 | 2.0.2 2007-02-21 |
| 588 | * Merged more swig initializers from Dan Walsh. |
| 589 | |
| 590 | 2.0.1 2007-02-20 |
| 591 | * Merged patch from Todd Miller to convert int types over to C99 style. |
| 592 | |
| 593 | 2.0.0 2007-02-01 |
| 594 | * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because |
| 595 | of the use of the non-standard format %as. (original patch changed |
| 596 | for style). |
| 597 | * Merged patch from Todd Miller to fix memory leak in matchpathcon.c. |
| 598 | |
| 599 | 1.34.1 2007-01-26 |
| 600 | * Merged python binding fixes from Dan Walsh. |
| 601 | |
| 602 | 1.34.0 2007-01-18 |
| 603 | * Updated version for stable branch. |
| 604 | |
| 605 | 1.33.6 2007-01-17 |
| 606 | * Merged man page updates to make "apropos selinux" work from Dan Walsh. |
| 607 | |
| 608 | 1.33.5 2007-01-16 |
| 609 | * Merged getdefaultcon utility from Dan Walsh. |
| 610 | |
| 611 | 1.33.4 2007-01-11 |
| 612 | * Merged selinux_check_securetty_context() and support from Dan Walsh. |
| 613 | |
| 614 | 1.33.3 2007-01-04 |
| 615 | * Merged patch for matchpathcon utility to use file mode information |
| 616 | when available from Dan Walsh. |
| 617 | |
| 618 | 1.33.2 2006-11-27 |
| 619 | * Merged patch to compile with -fPIC instead of -fpic from |
| 620 | Manoj Srivastava to prevent hitting the global offset table |
| 621 | limit. Patch changed to include libsepol and libsemanage in |
| 622 | addition to libselinux. |
| 623 | |
| 624 | 1.33.1 2006-10-19 |
| 625 | * Merged updated flask definitions from Darrel Goeddel. |
| 626 | This adds the context security class, and also adds |
| 627 | the string definitions for setsockcreate and polmatch. |
| 628 | |
| 629 | 1.32 2006-10-17 |
| 630 | * Updated version for release. |
| 631 | |
| 632 | 1.30.30 2006-10-05 |
| 633 | * Merged patch from Darrel Goeddel to always use untranslated |
| 634 | contexts in the userspace AVC. |
| 635 | |
| 636 | 1.30.29 2006-09-29 |
| 637 | * Merged av_permissions.h update from Steve Grubb, |
| 638 | adding setsockcreate and polmatch definitions. |
| 639 | |
| 640 | 1.30.28 2006-09-13 |
| 641 | * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client |
| 642 | * Merged c++ class identifier fix from Joe Nall. |
| 643 | |
| 644 | 1.30.27 2006-08-24 |
| 645 | * Merged patch to not log avc stats upon a reset from Steve Grubb. |
| 646 | * Applied patch to revert compat_net setting upon policy load. |
| 647 | |
| 648 | 1.30.26 2006-08-11 |
| 649 | * Merged file context homedir and local path functions from |
| 650 | Chris PeBenito. |
| 651 | |
| 652 | 1.30.25 2006-08-11 |
| 653 | * Rework functions that access /proc/pid/attr to access the |
| 654 | per-thread nodes, and unify the code to simplify maintenance. |
| 655 | |
| 656 | 1.30.24 2006-08-10 |
| 657 | * Merged return value fix for *getfilecon() from Dan Walsh. |
| 658 | |
| 659 | 1.30.23 2006-08-10 |
| 660 | * Merged sockcreate interfaces from Eric Paris. |
| 661 | |
| 662 | 1.30.22 2006-08-03 |
| 663 | * Merged no-tls-direct-seg-refs patch from Jeremy Katz. |
| 664 | |
| 665 | 1.30.21 2006-08-03 |
| 666 | * Merged netfilter_contexts support patch from Chris PeBenito. |
| 667 | |
| 668 | 1.30.20 2006-08-01 |
| 669 | * Merged context_*_set errno patch from Jim Meyering. |
| 670 | |
| 671 | 1.30.19 2006-06-29 |
| 672 | * Lindent. |
| 673 | |
| 674 | 1.30.18 2006-06-27 |
| 675 | * Merged {get,set}procattrcon patch set from Eric Paris. |
| 676 | * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris. |
| 677 | |
| 678 | 1.30.17 2006-06-27 |
| 679 | * Regenerated Flask headers from refpolicy. |
| 680 | |
| 681 | 1.30.16 2006-06-26 |
| 682 | * Merged patch from Dan Walsh with: |
| 683 | - Added selinux_file_context_{cmp,verify}. |
| 684 | - Added selinux_lsetfilecon_default. |
| 685 | - Delay translation of contexts in matchpathcon. |
| 686 | |
| 687 | 1.30.15 2006-06-16 |
| 688 | * Merged patch from Dan Walsh with: |
| 689 | * Added selinux_getpolicytype() function. |
| 690 | * Modified setrans code to skip processing if !mls_enabled. |
| 691 | |
| 692 | 1.30.14 2006-06-16 |
| 693 | * Set errno in the !selinux_mnt case. |
| 694 | |
| 695 | 1.30.13 2006-06-02 |
| 696 | * Allocate large buffers from the heap, not on stack. |
| 697 | Affects is_context_customizable, selinux_init_load_policy, |
| 698 | and selinux_getenforcemode. |
| 699 | |
| 700 | 1.30.12 2006-06-02 |
| 701 | * Merged !selinux_mnt checks from Ian Kent. |
| 702 | |
| 703 | 1.30.11 2006-05-24 |
| 704 | * Merged matchmediacon and trans_to_raw_context fixes from |
| 705 | Serge Hallyn. |
| 706 | |
| 707 | 1.30.10 2006-05-22 |
| 708 | * Merged simple setrans client cache from Dan Walsh. |
| 709 | Merged avcstat patch from Russell Coker. |
| 710 | |
| 711 | 1.30.9 2006-05-22 |
| 712 | * Modified selinux_mkload_policy() to also set /selinux/compat_net |
| 713 | appropriately for the loaded policy. |
| 714 | |
| 715 | 1.30.8 2006-05-17 |
| 716 | * Added matchpathcon_fini() function to free memory allocated by |
| 717 | matchpathcon_init(). |
| 718 | |
| 719 | 1.30.7 2006-05-16 |
| 720 | * Merged setrans client cleanup patch from Steve Grubb. |
| 721 | |
| 722 | 1.30.6 2006-05-08 |
| 723 | * Merged getfscreatecon man page fix from Dan Walsh. |
| 724 | * Updated booleans(8) man page to drop references to the old |
| 725 | booleans file and to note that setsebool can be used to set |
| 726 | the boot-time defaults via -P. |
| 727 | |
| 728 | 1.30.5 2006-05-05 |
| 729 | * Merged fix warnings patch from Karl MacMillan. |
| 730 | |
| 731 | 1.30.4 2006-05-05 |
| 732 | * Merged setrans client support from Dan Walsh. |
| 733 | This removes use of libsetrans. |
| 734 | * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. |
| 735 | * Merged swig typemap fixes from Glauber de Oliveira Costa. |
| 736 | |
| 737 | 1.30.3 2006-04-12 |
| 738 | * Added distclean target to Makefile. |
| 739 | * Regenerated swig files. |
| 740 | |
| 741 | 1.30.2 2006-04-11 |
| 742 | * Changed matchpathcon_init to verify that the spec file is |
| 743 | a regular file. |
| 744 | * Merged python binding t_output_helper removal patch from Dan Walsh. |
| 745 | |
| 746 | 1.30.1 2006-03-20 |
| 747 | * Merged Makefile PYLIBVER definition patch from Dan Walsh. |
| 748 | |
| 749 | 1.30 2006-03-14 |
| 750 | * Updated version for release. |
| 751 | |
| 752 | 1.29.8 2006-02-27 |
| 753 | * Altered rpm_execcon fallback logic for permissive mode to also |
| 754 | handle case where /selinux/enforce is not available. |
| 755 | |
| 756 | 1.29.7 2006-01-20 |
| 757 | * Merged install-pywrap Makefile patch from Joshua Brindle. |
| 758 | |
| 759 | 1.29.6 2006-01-18 |
| 760 | * Merged pywrap Makefile patch from Dan Walsh. |
| 761 | |
| 762 | 1.29.5 2006-01-11 |
| 763 | * Added getseuser test program. |
| 764 | |
| 765 | 1.29.4 2006-01-06 |
| 766 | * Added format attribute to myprintf in matchpathcon.c and |
| 767 | removed obsoleted rootlen variable in init_selinux_config(). |
| 768 | |
| 769 | 1.29.3 2006-01-04 |
| 770 | * Merged several fixes and improvements from Ulrich Drepper |
| 771 | (Red Hat), including: |
| 772 | - corrected use of getline |
| 773 | - further calls to __fsetlocking for local files |
| 774 | - use of strdupa and asprintf |
| 775 | - proper handling of dirent in booleans code |
| 776 | - use of -z relro |
| 777 | - several other optimizations |
| 778 | * Merged getpidcon python wrapper from Dan Walsh (Red Hat). |
| 779 | |
| 780 | 1.29.2 2005-12-14 |
| 781 | * Merged call to finish_context_translations from Dan Walsh. |
| 782 | This eliminates a memory leak from failing to release memory |
| 783 | allocated by libsetrans. |
| 784 | |
| 785 | 1.29.1 2005-12-08 |
| 786 | * Merged patch for swig interfaces from Dan Walsh. |
| 787 | |
| 788 | 1.28 2005-12-07 |
| 789 | * Updated version for release. |
| 790 | |
| 791 | 1.27.28 2005-12-01 |
| 792 | * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and |
| 793 | modified matchpathcon implementation to make context validation/ |
| 794 | canonicalization optional at matchpathcon_init time, deferring it |
| 795 | to a successful matchpathcon by default unless the new flag is set |
| 796 | by the caller. |
| 797 | |
| 798 | 1.27.27 2005-12-01 |
| 799 | * Added matchpathcon_init_prefix() interface, and |
| 800 | reworked matchpathcon implementation to support selective |
| 801 | loading of file contexts entries based on prefix matching |
| 802 | between the pathname regex stems and the specified path |
| 803 | prefix (stem must be a prefix of the specified path prefix). |
| 804 | |
| 805 | 1.27.26 2005-11-29 |
| 806 | * Merged getsebool patch from Dan Walsh. |
| 807 | |
| 808 | 1.27.25 2005-11-29 |
| 809 | * Added -f file_contexts option to matchpathcon util. |
| 810 | Fixed warning message in matchpathcon_init(). |
| 811 | |
| 812 | 1.27.24 2005-11-29 |
| 813 | * Merged Makefile python definitions patch from Dan Walsh. |
| 814 | |
| 815 | 1.27.23 2005-11-28 |
| 816 | * Merged swigify patch from Dan Walsh. |
| 817 | |
| 818 | 1.27.22 2005-11-15 |
| 819 | * Merged make failure in rpm_execcon non-fatal in permissive mode |
| 820 | patch from Ivan Gyurdiev. |
| 821 | |
| 822 | 1.27.21 2005-11-08 |
| 823 | * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() |
| 824 | and modified matchpathcon_init() to skip context translation |
| 825 | if it is set by the caller. |
| 826 | |
| 827 | 1.27.20 2005-11-07 |
| 828 | * Added security_canonicalize_context() interface and |
| 829 | set_matchpathcon_canoncon() interface for obtaining |
| 830 | canonical contexts. Changed matchpathcon internals |
| 831 | to obtain canonical contexts by default. Provided |
| 832 | fallback for kernels that lack extended selinuxfs context |
| 833 | interface. |
| 834 | |
| 835 | 1.27.19 2005-11-04 |
| 836 | * Merged seusers parser changes from Ivan Gyurdiev. |
| 837 | * Merged setsebool to libsemanage patch from Ivan Gyurdiev. |
| 838 | * Changed seusers parser to reject empty fields. |
| 839 | |
| 840 | 1.27.18 2005-11-03 |
| 841 | * Merged seusers empty level handling patch from Jonathan Kim (TCS). |
| 842 | |
| 843 | 1.27.17 2005-10-27 |
| 844 | * Changed default entry for seusers to use __default__ to avoid |
| 845 | ambiguity with users named "default". |
| 846 | |
| 847 | 1.27.16 2005-10-27 |
| 848 | * Fixed init_selinux_config() handling of missing /etc/selinux/config |
| 849 | or missing SELINUXTYPE= definition. |
| 850 | * Merged selinux_translations_path() patch from Dan Walsh. |
| 851 | |
| 852 | 1.27.15 2005-10-25 |
| 853 | * Added hidden_proto/def for get_default_context_with_role. |
| 854 | |
| 855 | 1.27.14 2005-10-25 |
| 856 | * Merged selinux_path() and selinux_homedir_context_path() |
| 857 | functions from Joshua Brindle. |
| 858 | |
| 859 | 1.27.13 2005-10-19 |
| 860 | * Merged fixes for make DESTDIR= builds from Joshua Brindle. |
| 861 | |
| 862 | 1.27.12 2005-10-18 |
| 863 | * Merged get_default_context_with_rolelevel and man pages from |
| 864 | Dan Walsh (Red Hat). |
| 865 | |
| 866 | 1.27.11 2005-10-18 |
| 867 | * Updated call to sepol_policydb_to_image for sepol changes. |
| 868 | |
| 869 | 1.27.10 2005-10-17 |
| 870 | * Changed getseuserbyname to ignore empty lines and to handle |
| 871 | no matching entry in the same manner as no seusers file. |
| 872 | |
| 873 | 1.27.9 2005-10-13 |
| 874 | * Changed selinux_mkload_policy to try downgrading the |
| 875 | latest policy version available to the kernel-supported version. |
| 876 | |
| 877 | 1.27.8 2005-10-11 |
| 878 | * Changed selinux_mkload_policy to fall back to the maximum |
| 879 | policy version supported by libsepol if the kernel policy version |
| 880 | falls outside of the supported range. |
| 881 | |
| 882 | 1.27.7 2005-10-06 |
| 883 | * Changed getseuserbyname to fall back to the Linux username and |
| 884 | NULL level if seusers config file doesn't exist unless |
| 885 | REQUIRESEUSERS=1 is set in /etc/selinux/config. |
| 886 | * Moved seusers.conf under $SELINUXTYPE and renamed to seusers. |
| 887 | |
| 888 | 1.27.6 2005-10-06 |
| 889 | * Added selinux_init_load_policy() function as an even higher level |
| 890 | interface for the initial policy load by /sbin/init. This obsoletes |
| 891 | the load_policy() function in the sysvinit-selinux.patch. |
| 892 | |
| 893 | 1.27.5 2005-10-06 |
| 894 | * Added selinux_mkload_policy() function as a higher level interface |
| 895 | for loading policy than the security_load_policy() interface. |
| 896 | |
| 897 | 1.27.4 2005-10-05 |
| 898 | * Merged fix for matchpathcon (regcomp error checking) from Johan |
| 899 | Fischer. Also added use of regerror to obtain the error string |
| 900 | for inclusion in the error message. |
| 901 | |
| 902 | 1.27.3 2005-10-03 |
| 903 | * Changed getseuserbyname to not require (and ignore if present) |
| 904 | the MLS level in seusers.conf if MLS is disabled, setting *level |
| 905 | to NULL in this case. |
| 906 | |
| 907 | 1.27.2 2005-09-30 |
| 908 | * Merged getseuserbyname patch from Dan Walsh. |
| 909 | |
| 910 | 1.27.1 2005-09-19 |
| 911 | * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh. |
| 912 | This allows file_contexts with MLS fields to be processed on |
| 913 | non-MLS-enabled systems with policies that are otherwise |
| 914 | identical (e.g. same type definitions). |
| 915 | * Merged get_ordered_context_list_with_level() function from |
| 916 | Dan Walsh, and added get_default_context_with_level(). |
| 917 | This allows MLS level selection for users other than the |
| 918 | default level. |
| 919 | |
| 920 | 1.26 2005-09-06 |
| 921 | * Updated version for release. |
| 922 | |
| 923 | 1.25.7 2005-09-01 |
| 924 | * Merged modified form of patch to avoid dlopen/dlclose by |
| 925 | the static libselinux from Dan Walsh. Users of the static libselinux |
| 926 | will not have any context translation by default. |
| 927 | |
| 928 | 1.25.6 2005-08-31 |
| 929 | * Added public functions to export context translation to |
| 930 | users of libselinux (selinux_trans_to_raw_context, |
| 931 | selinux_raw_to_trans_context). |
| 932 | |
| 933 | 1.25.5 2005-08-26 |
| 934 | * Remove special definition for context_range_set; use |
| 935 | common code. |
| 936 | |
| 937 | 1.25.4 2005-08-25 |
| 938 | * Hid translation-related symbols entirely and ensured that |
| 939 | raw functions have hidden definitions for internal use. |
| 940 | * Allowed setting NULL via context_set* functions. |
| 941 | * Allowed whitespace in MLS component of context. |
| 942 | * Changed rpm_execcon to use translated functions to workaround |
| 943 | lack of MLS level on upgraded systems. |
| 944 | |
| 945 | 1.25.3 2005-08-23 |
| 946 | * Merged context translation patch, originally by TCS, |
| 947 | with modifications by Dan Walsh (Red Hat). |
| 948 | |
| 949 | 1.25.2 2005-08-11 |
| 950 | * Merged several fixes for error handling paths in the |
| 951 | AVC sidtab, matchpathcon, booleans, context, and get_context_list |
| 952 | code from Serge Hallyn (IBM). Bugs found by Coverity. |
| 953 | |
| 954 | 1.25.1 2005-08-10 |
| 955 | * Removed setupns; migrated to pam. |
| 956 | * Merged patches to rename checkPasswdAccess() from Joshua Brindle. |
| 957 | Original symbol is temporarily retained for compatibility until |
| 958 | all callers are updated. |
| 959 | |
| 960 | 1.24 2005-06-20 |
| 961 | * Updated version for release. |
| 962 | |
| 963 | 1.23.12 2005-06-13 |
| 964 | * Merged security_setupns() from Chad Sellers. |
| 965 | |
| 966 | 1.23.11 2005-05-19 |
| 967 | * Merged avcstat and selinux man page from Dan Walsh. |
| 968 | * Changed security_load_booleans to process booleans.local |
| 969 | even if booleans file doesn't exist. |
| 970 | |
| 971 | 1.23.10 2005-04-29 |
| 972 | * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). |
| 973 | |
| 974 | 1.23.9 2005-04-26 |
| 975 | * Rewrote get_ordered_context_list and helpers, including |
| 976 | changing logic to allow variable MLS fields. |
| 977 | |
| 978 | 1.23.8 2005-04-25 |
| 979 | * Merged matchpathcon and man page patch from Dan Walsh. |
| 980 | |
| 981 | 1.23.7 2005-04-12 |
| 982 | * Changed boolean functions to return -1 with errno ENOENT |
| 983 | rather than assert on a NULL selinux_mnt (i.e. selinuxfs not |
| 984 | mounted). |
| 985 | |
| 986 | 1.23.6 2005-04-08 |
| 987 | * Fixed bug in matchpathcon_filespec_destroy. |
| 988 | |
| 989 | 1.23.5 2005-04-05 |
| 990 | * Fixed bug in rpm_execcon error handling path. |
| 991 | |
| 992 | 1.23.4 2005-04-04 |
| 993 | * Merged fix for set_matchpathcon* functions from Andreas Steinmetz. |
| 994 | * Merged fix for getconlist utility from Andreas Steinmetz. |
| 995 | |
| 996 | 1.23.3 2005-03-29 |
| 997 | * Merged security_set_boolean_list patch from Dan Walsh. |
| 998 | This introduces booleans.local support for setsebool. |
| 999 | |
| 1000 | 1.23.2 2005-03-17 |
| 1001 | * Merged destructors patch from Tomas Mraz. |
| 1002 | |
| 1003 | 1.23.1 2005-03-16 |
| 1004 | * Added set_matchpathcon_flags() function for setting flags |
| 1005 | controlling operation of matchpathcon. MATCHPATHCON_BASEONLY |
| 1006 | means only process the base file_contexts file, not |
| 1007 | file_contexts.homedirs or file_contexts.local, and is for use by |
| 1008 | setfiles -c. |
| 1009 | * Updated matchpathcon.3 man page. |
| 1010 | |
| 1011 | 1.22 2005-03-09 |
| 1012 | * Updated version for release. |
| 1013 | |
| 1014 | 1.21.13 2005-03-08 |
| 1015 | * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. |
| 1016 | |
| 1017 | 1.21.12 2005-03-01 |
| 1018 | * Changed matchpathcon_common to ignore any non-format bits in the mode. |
| 1019 | |
| 1020 | 1.21.11 2005-02-22 |
| 1021 | * Merged several fixes from Ulrich Drepper. |
| 1022 | |
| 1023 | 1.21.10 2005-02-17 |
| 1024 | * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh. |
| 1025 | * Added selinux_users_path() for path to directory containing |
| 1026 | system.users and local.users. |
| 1027 | |
| 1028 | 1.21.9 2005-02-09 |
| 1029 | * Changed relabel Makefile target to use restorecon. |
| 1030 | |
| 1031 | 1.21.8 2005-02-07 |
| 1032 | * Regenerated av_permissions.h. |
| 1033 | |
| 1034 | 1.21.7 2005-02-01 |
| 1035 | * Modified avc_dump_av to explicitly check for any permissions that |
| 1036 | cannot be mapped to string names and display them as a hex value. |
| 1037 | |
| 1038 | 1.21.6 2005-01-31 |
| 1039 | * Regenerated av_permissions.h. |
| 1040 | |
| 1041 | 1.21.5 2005-01-28 |
| 1042 | * Generalized matchpathcon internals, exported more interfaces, |
| 1043 | and moved additional code from setfiles into libselinux so that |
| 1044 | setfiles can directly use matchpathcon. |
| 1045 | |
| 1046 | 1.21.4 2005-01-27 |
| 1047 | * Prevent overflow of spec array in matchpathcon. |
| 1048 | |
| 1049 | 1.21.3 2005-01-26 |
| 1050 | * Fixed several uses of internal functions to avoid relocations. |
| 1051 | * Changed rpm_execcon to check is_selinux_enabled() and fallback to |
| 1052 | a regular execve if not enabled (or unable to determine due to a lack |
| 1053 | of /proc, e.g. chroot'd environment). |
| 1054 | |
| 1055 | |
| 1056 | 1.21.2 2005-01-24 |
| 1057 | * Merged minor fix for avcstat from Dan Walsh. |
| 1058 | |
| 1059 | 1.21.1 2005-01-19 |
| 1060 | * Merged patch from Dan Walsh, including: |
| 1061 | - new is_context_customizable function |
| 1062 | - changed matchpathcon to also use file_contexts.local if present |
| 1063 | - man page cleanups |
| 1064 | |
| 1065 | 1.20 2005-01-04 |
| 1066 | * Changed matchpathcon to return -1 with errno ENOENT for |
| 1067 | <<none>> entries, and also for an empty file_contexts configuration. |
| 1068 | * Removed some trivial utils that were not useful or redundant. |
| 1069 | * Changed BINDIR default to /usr/sbin to match change in Fedora. |
| 1070 | * Added security_compute_member. |
| 1071 | * Added man page for setcon. |
| 1072 | * Merged more man pages from Dan Walsh. |
| 1073 | * Merged avcstat from James Morris. |
| 1074 | * Merged build fix for mips from Manoj Srivastava. |
| 1075 | * Merged C++ support from John Ramsdell of MITRE. |
| 1076 | * Merged setcon() function from Darrel Goeddel of TCS. |
| 1077 | * Merged setsebool/togglesebool enhancement from Steve Grubb. |
| 1078 | * Merged cleanup patches from Steve Grubb. |
| 1079 | |
| 1080 | 1.18 2004-11-01 |
| 1081 | * Merged cleanup patches from Steve Grubb. |
| 1082 | * Added rpm_execcon. |
| 1083 | * Merged setenforce and removable context patch from Dan Walsh. |
| 1084 | * Merged build fix for alpha from Ulrich Drepper. |
| 1085 | * Removed copyright/license from selinux_netlink.h - definitions only. |
| 1086 | * Merged matchmediacon from Dan Walsh. |
| 1087 | * Regenerated headers for new nscd permissions. |
| 1088 | * Added get_default_context_with_role. |
| 1089 | * Added set_matchpathcon_printf. |
| 1090 | * Reworked av_inherit.h to allow easier re-use by kernel. |
| 1091 | * Changed avc_has_perm_noaudit to not fail on netlink errors. |
| 1092 | * Changed avc netlink code to check pid based on patch by Steve Grubb. |
| 1093 | * Merged second optimization patch from Ulrich Drepper. |
| 1094 | * Changed matchpathcon to skip invalid file_contexts entries. |
| 1095 | * Made string tables private to libselinux. |
| 1096 | * Merged strcat->stpcpy patch from Ulrich Drepper. |
| 1097 | * Merged matchpathcon man page from Dan Walsh. |
| 1098 | * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. |
| 1099 | * Autobind netlink socket. |
| 1100 | * Dropped compatibility code from security_compute_user. |
| 1101 | * Merged fix for context_range_set from Chad Hanson. |
| 1102 | * Merged allocation failure checking patch from Chad Hanson. |
| 1103 | * Merged avc netlink error message patch from Colin Walters. |
| 1104 | |
| 1105 | 1.16 2004-08-19 |
| 1106 | * Regenerated headers for nscd class. |
| 1107 | * Merged man pages from Dan Walsh. |
| 1108 | * Merged context_new bug fix for MLS ranges from Chad Hanson. |
| 1109 | * Merged toggle_bool from Chris PeBenito, renamed to togglesebool. |
| 1110 | * Renamed change_bool and show_bools to setsebool and getsebool. |
| 1111 | * Merged security_load_booleans() function from Dan Walsh. |
| 1112 | * Added selinux_booleans_path() function. |
| 1113 | * Changed avc_init function prototype to use const. |
| 1114 | * Regenerated headers for crontab permission. |
| 1115 | * Added checkAccess from Dan Walsh. |
| 1116 | * Merged getenforce patch from Dan Walsh. |
| 1117 | * Regenerated headers for dbus classes. |
| 1118 | |
| 1119 | 1.14 2004-06-16 |
| 1120 | * Regenerated headers for fine-grained netlink classes. |
| 1121 | * Merged selinux_config bug fix from Dan Walsh. |
| 1122 | * Added userspace AVC man pages. |
| 1123 | * Added man links for API calls to existing man pages documenting them. |
| 1124 | * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support. |
| 1125 | * Merged patch to determine config file paths at runtime to support |
| 1126 | reorganized layout. |
| 1127 | * Regenerated flask headers with stable ordering. |
| 1128 | * Merged patch for man pages from Russell Coker. |
| 1129 | |
| 1130 | 1.12 2004-05-10 |
| 1131 | * Updated flask files to include new SE-X security classes. |
| 1132 | * Added security_disable function for runtime disable of SELinux prior |
| 1133 | to initial policy load (for /sbin/init). |
| 1134 | * Changed get_ordered_context_list to omit any reachable contexts |
| 1135 | that are not explicitly listed in default_contexts, unless there |
| 1136 | are no matches. |
| 1137 | * Merged man pages from Russell Coker and Dan Walsh. |
| 1138 | * Merged memory leak fixes from Dan Walsh. |
| 1139 | * Merged policyvers errno patch from Chris PeBenito. |
| 1140 | |
| 1141 | 1.10 2004-04-05 |
| 1142 | * Merged getenforce patch from Dan Walsh. |
| 1143 | * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as |
| 1144 | the device specification, i.e. mount selinuxfs /selinux -t selinuxfs. |
| 1145 | Based on a patch by Russell Coker. |
| 1146 | * Merged matchpathcon buffer size fix from Dan Walsh. |
| 1147 | |
| 1148 | 1.8 2004-03-09 |
| 1149 | * Merged is_selinux_mls_enabled() from Chad Hanson of TCS. |
| 1150 | * Added matchpathcon function. |
| 1151 | * Updated userspace AVC to handle netlink selinux notifications. |
| 1152 | |
| 1153 | 1.6 2004-02-18 |
| 1154 | * Merged conditional policy extensions from Tresys Technology. |
| 1155 | * Added userspace avc and SID table implementation. |
| 1156 | * Fixed type on size in getpeercon per Thorsten Kukuk's advice. |
| 1157 | * Fixed use of getpwnam_r per Thorsten Kukuk's advice. |
| 1158 | * Changed to use getpwnam_r rather than getpwnam internally to |
| 1159 | avoid clobbering any existing pwd struct obtained by the caller. |
| 1160 | * Added getpeercon function to encapsulate getsockopt SO_PEERSEC |
| 1161 | and handle allocation ala getfilecon. |
| 1162 | * Changed is_selinux_enabled to return -1 on errors. |
| 1163 | * Changed to discover selinuxfs mount point via /proc/mounts |
| 1164 | so that the mount point can be changed without rebuilding. |
| 1165 | |
| 1166 | 1.4 2003-12-01 |
| 1167 | * Merged another cleanup patch from Bastian Blank and Joerg Hoh. |
| 1168 | * Regenerate headers for new permissions. |
| 1169 | * Merged static lib build patch from Bastian Blank and Joerg Hoh. |
| 1170 | * Export SELINUXMNT definition, add SELINUXPOLICY definition. |
| 1171 | * Add functions to provide access to enforce and policyvers. |
| 1172 | * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs. |
| 1173 | * Fixed type for 'size' in *getfilecon. |
| 1174 | * Dropped -lattr and changed #include's to <sys/xattr.h> |
| 1175 | * Merged patch to move shared library to /lib from Dan Walsh. |
| 1176 | * Changed get_ordered_context_list to support a failsafe context. |
| 1177 | * Added selinuxenabled utility. |
| 1178 | * Merged const patch from Thorsten Kukuk. |
| 1179 | |
| 1180 | 1.2 2003-09-30 |
| 1181 | * Change is_selinux_enabled to fail if policy isn't loaded. |
| 1182 | * Changed Makefiles to allow non-root rpm builds. |
| 1183 | * Added -lattr for libselinux.so to ensure proper binding. |
| 1184 | |
| 1185 | 1.1 2003-08-13 |
| 1186 | * Ensure that context strings are padded with a null byte |
| 1187 | in case the kernel didn't include one. |
| 1188 | * Regenerate headers, update helpers.c for code cleanup. |
| 1189 | * Pass soname flag to linker (Colin Walters). |
| 1190 | * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters). |
| 1191 | |
| 1192 | 1.0 2003-07-11 |
| 1193 | * Initial public release. |