|
Chris PeBenito |
09c56f |
- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
|
|
Chris PeBenito |
2aea36 |
- Patch for an additional wine executable from Dan Walsh.
|
|
Chris PeBenito |
bf39cd |
- Patch for additional games file contexts from Dan Walsh.
|
|
Chris PeBenito |
86d754 |
- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
|
|
Chris PeBenito |
f0eaed |
- Patch for misc fixes to bluetooth from Dan Walsh.
|
|
Chris PeBenito |
5b0647 |
- Patch for misc fixes to kerberos from Dan Walsh.
|
|
Chris PeBenito |
bbb7cc |
- Patch to start deprecating usercanread attribute from Ryan Bradetich.
|
|
Chris PeBenito |
a715dc |
- Add dccp_socket object class which was added in kernel 2.6.20.
|
|
Chris PeBenito |
3a3901 |
- Patch for prelink relabefrom it's temp files from Dan Walsh.
|
|
Chris PeBenito |
5c45ea |
- Patch for capability fix for auditd and networking fix for syslogd from
|
|
Chris PeBenito |
5c45ea |
Dan Walsh.
|
|
Chris PeBenito |
66cf19 |
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
|
|
Chris PeBenito |
468521 |
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
|
|
Chris PeBenito |
aeb54c |
- Patch to allow apmd to telinit from Dan Walsh.
|
|
Chris PeBenito |
d11407 |
- Patch for additional labeling of samba files from Stefan Schulze
|
|
Chris PeBenito |
d11407 |
Frielinghaus.
|
|
Chris PeBenito |
bcac3a |
- Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
|
|
Chris PeBenito |
f1be09 |
- Fix ptys and ttys to be device nodes.
|
|
Chris PeBenito |
4bd55e |
- Fix explicit use of httpd_t in openca_domtrans().
|
|
Chris PeBenito |
ff943a |
- Clean up file context regexes in apache and java, from Eamon Walsh.
|
|
Chris PeBenito |
6b19be |
- Patches from Dan Walsh:
|
|
Chris PeBenito |
6b19be |
Thu, 25 Jan 2007
|
|
Chris PeBenito |
ff943a |
|
|
Chris PeBenito |
b00150 |
* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
|
|
Chris PeBenito |
c0868a |
- Add policy patterns support macros. This changes the behavior of
|
|
Chris PeBenito |
c0868a |
the create_dir_perms and create_file_perms permission sets.
|
|
Chris PeBenito |
d31d3c |
- Association polmatch MLS constraint making unlabeled_t an exception
|
|
Chris PeBenito |
d31d3c |
is no longer needed, patch from Venkat Yekkirala.
|
|
Chris PeBenito |
c6a60b |
- Context contains checking for PAM and cron from James Antill.
|
|
Chris PeBenito |
59f853 |
- Add a reload target to Modules.devel and change the load
|
|
Chris PeBenito |
59f853 |
target to only insert modules that were changed.
|
|
Chris PeBenito |
ed38ca |
- Allow semanage to read from /root on strict non-MLS for
|
|
Chris PeBenito |
ed38ca |
local policy modules.
|
|
Chris PeBenito |
ed38ca |
- Gentoo init script fixes for udev.
|
|
Chris PeBenito |
ed38ca |
- Allow udev to read kernel modules.inputmap.
|
|
Chris PeBenito |
ed38ca |
- Dnsmasq fixes from testing.
|
|
Chris PeBenito |
ed38ca |
- Allow kernel NFS server to getattr filesystems so df can work
|
|
Chris PeBenito |
ed38ca |
on clients.
|
|
Chris PeBenito |
f497b8 |
- Patch from Matt Anderson for a MLS constraint exemption on a
|
|
Chris PeBenito |
f497b8 |
file that can be written to from a subject whose range is
|
|
Chris PeBenito |
f497b8 |
within the object's range.
|
|
Chris PeBenito |
a8671a |
- Enhanced setransd support from Darrel Goeddel.
|
|
Chris PeBenito |
d9845a |
- Patches from Dan Walsh:
|
|
Chris PeBenito |
d9845a |
Tue, 24 Oct 2006
|
|
Chris PeBenito |
d6d16b |
Wed, 29 Nov 2006
|
|
Chris PeBenito |
d9845a |
- Added modules:
|
|
Chris PeBenito |
fa45da |
aide (Matt Anderson)
|
|
Chris PeBenito |
fa45da |
ccs (Dan Walsh)
|
|
Chris PeBenito |
d9845a |
iscsi (Dan Walsh)
|
|
Chris PeBenito |
fa45da |
ricci (Dan Walsh)
|
|
Chris PeBenito |
a8671a |
|
|
Chris PeBenito |
248ccc |
* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
|
|
Chris PeBenito |
3c3c04 |
- Patch from Russell Coker Thu, 5 Oct 2006
|
|
Chris PeBenito |
e070dd |
- Move range transitions to modules.
|
|
Chris PeBenito |
e070dd |
- Make number of MLS sensitivities, and number of MLS and MCS
|
|
Chris PeBenito |
e070dd |
categories configurable as build options.
|
|
Chris PeBenito |
bbcd3c |
- Add role infrastructure.
|
|
Chris PeBenito |
13d7ce |
- Debian updates from Erich Schubert.
|
|
Chris PeBenito |
3ef029 |
- Add nscd_socket_use() to auth_use_nsswitch().
|
|
Chris PeBenito |
33c7e6 |
- Remove old selopt rules.
|
|
Chris PeBenito |
f5d1d0 |
- Full support for netfilter_contexts.
|
|
Chris PeBenito |
4846dc |
- MRTG patch for daemon operation from Stefan.
|
|
Chris PeBenito |
4b3b46 |
- Add authlogin interface to abstract common access for login programs.
|
|
Chris PeBenito |
133000 |
- Remove setbool auditallow, except for RHEL4.
|
|
Chris PeBenito |
81a016 |
- Change eventpollfs to task SID labeling.
|
|
Chris PeBenito |
fe3a1e |
- Add key support from Michael LeMay.
|
|
Chris PeBenito |
75fbbb |
- Add ftpdctl domain to ftp, from Paul Howarth.
|
|
Chris PeBenito |
4f447b |
- Fix build system to not move type declarations out of optionals.
|
|
Chris PeBenito |
5afdf0 |
- Add gcc-config domain to portage.
|
|
Chris PeBenito |
e37158 |
- Add packet object class and support in corenetwork.
|
|
Chris PeBenito |
fc47b3 |
- Add a copy of genhomedircon for monolithic policy building, so that a
|
|
Chris PeBenito |
fc47b3 |
policycoreutils package update is not required for RHEL4 systems.
|
|
Chris PeBenito |
c8229a |
- Add appletalk sockets for use in cups.
|
|
Chris PeBenito |
ea5333 |
- Add Make target to validate module linking.
|
|
Chris PeBenito |
5706fa |
- Make duplicate template and interface declarations a fatal error.
|
|
Chris PeBenito |
86e869 |
- Patch to stabilize modules.conf `make conf` output, from Erich Schubert.
|
|
Chris PeBenito |
413982 |
- Move xconsole_device_t from devices to xserver since it is
|
|
Chris PeBenito |
413982 |
not actually a device, it is a named pipe.
|
|
Chris PeBenito |
0578bf |
- Handle nonexistant .fc and .if files in devel Makefile by
|
|
Chris PeBenito |
0578bf |
automatically creating empty files.
|
|
Chris PeBenito |
fc70c9 |
- Remove unused devfs_control_t.
|
|
Chris PeBenito |
2f1a8f |
- Add rhel4 distro, which also implies redhat distro.
|
|
Chris PeBenito |
f3ac5e |
- Remove unneeded range_transition for su_exec_t and move the
|
|
Chris PeBenito |
f3ac5e |
type declaration back to the su module.
|
|
Chris PeBenito |
9779f0 |
- Constrain transitions in MCS so unconfined_t cannot have
|
|
Chris PeBenito |
9779f0 |
arbitrary category sets.
|
|
Chris PeBenito |
d2a903 |
- Change reiserfs from xattr filesystem to genfscon as it's xattrs
|
|
Chris PeBenito |
d2a903 |
are currently nonfunctional.
|
|
Chris PeBenito |
da14da |
- Change files and filesystem modules to use their own interfaces.
|
|
Chris PeBenito |
178647 |
- Add user fonts to xserver.
|
|
Chris PeBenito |
d42c7e |
- Additional interfaces in corecommands, miscfiles, and userdomain
|
|
Chris PeBenito |
d42c7e |
from Joy Latten.
|
|
Chris PeBenito |
8b2d5c |
- Miscellaneous fixes from Thomas Bleher.
|
|
Chris PeBenito |
bb7170 |
- Deprecate module name as first parameter of optional_policy()
|
|
Chris PeBenito |
bb7170 |
now that optionals are allowed everywhere.
|
|
Chris PeBenito |
0db866 |
- Enable optional blocks in base module and monolithic policy.
|
|
Chris PeBenito |
0db866 |
This requires checkpolicy 1.30.1.
|
|
Chris PeBenito |
ac6cff |
- Fix vpn module declaration.
|
|
Chris PeBenito |
a3cf80 |
- Numerous fixes from Dan Walsh.
|
|
Chris PeBenito |
3abd5e |
- Change build order to preserve m4 line number information so policy
|
|
Chris PeBenito |
3abd5e |
compile errors are useful again.
|
|
Chris PeBenito |
405efe |
- Additional MLS interfaces from Chad Hanson.
|
|
Chris PeBenito |
3cfd48 |
- Move some rules out of domain_type() and domain_base_type()
|
|
Chris PeBenito |
3cfd48 |
to the TE file, to use the domain attribute to take advantage
|
|
Chris PeBenito |
3cfd48 |
of space savings from attribute use.
|
|
Chris PeBenito |
3cfd48 |
- Add global stack smashing protector rule for urandom access from
|
|
Chris PeBenito |
3cfd48 |
Petre Rodan.
|
|
Chris PeBenito |
e78c77 |
- Fix temporary rules at the bottom of portmap.
|
|
Chris PeBenito |
63e0a1 |
- Updated comments in mls file from Chad Hanson.
|
|
Chris PeBenito |
2dd1d3 |
- Patches from Dan Walsh:
|
|
Chris PeBenito |
2dd1d3 |
Fri, 17 Mar 2006
|
|
Chris PeBenito |
2dd1d3 |
Wed, 29 Mar 2006
|
|
Chris PeBenito |
2dd1d3 |
Tue, 11 Apr 2006
|
|
Chris PeBenito |
2dd1d3 |
Fri, 14 Apr 2006
|
|
Chris PeBenito |
2dd1d3 |
Tue, 18 Apr 2006
|
|
Chris PeBenito |
2dd1d3 |
Thu, 20 Apr 2006
|
|
Chris PeBenito |
2dd1d3 |
Tue, 02 May 2006
|
|
Chris PeBenito |
2dd1d3 |
Mon, 15 May 2006
|
|
Chris PeBenito |
2dd1d3 |
Thu, 18 May 2006
|
|
Chris PeBenito |
2dd1d3 |
Tue, 06 Jun 2006
|
|
Chris PeBenito |
2dd1d3 |
Mon, 12 Jun 2006
|
|
Chris PeBenito |
2dd1d3 |
Tue, 20 Jun 2006
|
|
Chris PeBenito |
9d3a3f |
Wed, 26 Jul 2006
|
|
Chris PeBenito |
a5e213 |
Wed, 23 Aug 2006
|
|
Chris PeBenito |
eac818 |
Thu, 31 Aug 2006
|
|
Chris PeBenito |
5dbda5 |
Fri, 01 Sep 2006
|
|
Chris PeBenito |
75beb9 |
Tue, 05 Sep 2006
|
|
Chris PeBenito |
8708d9 |
Wed, 20 Sep 2006
|
|
Chris PeBenito |
693d4a |
Fri, 22 Sep 2006
|
|
Chris PeBenito |
e2b84e |
Mon, 25 Sep 2006
|
|
Chris PeBenito |
ce3145 |
- Added modules:
|
|
Chris PeBenito |
48b1d0 |
afs
|
|
Chris PeBenito |
8a0a99 |
amavis (Erich Schubert)
|
|
Chris PeBenito |
0c54fc |
apt (Erich Schubert)
|
|
Chris PeBenito |
e3e37e |
asterisk
|
|
Chris PeBenito |
7f74a4 |
audioentropy
|
|
Chris PeBenito |
b6b574 |
authbind
|
|
Chris PeBenito |
57f233 |
backup
|
|
Chris PeBenito |
99c902 |
calamaris
|
|
Chris PeBenito |
096ae6 |
cipe
|
|
Chris PeBenito |
8a0a99 |
clamav (Erich Schubert)
|
|
Chris PeBenito |
46bec4 |
clockspeed (Petre Rodan)
|
|
Chris PeBenito |
03631a |
courier
|
|
Chris PeBenito |
189631 |
dante
|
|
Chris PeBenito |
6ba4d9 |
dcc
|
|
Chris PeBenito |
70b8a7 |
ddclient
|
|
Chris PeBenito |
0c54fc |
dpkg (Erich Schubert)
|
|
Chris PeBenito |
9e725d |
dnsmasq
|
|
Chris PeBenito |
0834f9 |
ethereal
|
|
Chris PeBenito |
edf241 |
evolution
|
|
Chris PeBenito |
fbc0a2 |
games
|
|
Chris PeBenito |
5d03fc |
gatekeeper
|
|
Chris PeBenito |
6cd6d7 |
gift
|
|
Chris PeBenito |
002190 |
gnome (James Carter)
|
|
Chris PeBenito |
4d73bb |
imaze
|
|
Chris PeBenito |
050f36 |
ircd
|
|
Chris PeBenito |
61cf53 |
jabber
|
|
Chris PeBenito |
3f1c08 |
monop
|
|
Chris PeBenito |
9105f9 |
mozilla
|
|
Chris PeBenito |
77b81c |
mplayer
|
|
Chris PeBenito |
b6d37e |
munin
|
|
Chris PeBenito |
f1e604 |
nagios
|
|
Chris PeBenito |
a478b5 |
nessus
|
|
Chris PeBenito |
130f8a |
netlabel (Paul Moore)
|
|
Chris PeBenito |
6a21ce |
nsd
|
|
Chris PeBenito |
e3e37e |
ntop
|
|
Chris PeBenito |
6bd449 |
nx
|
|
Chris PeBenito |
2e9cd9 |
oav
|
|
Chris PeBenito |
e2b84e |
oddjob (Dan Walsh)
|
|
Chris PeBenito |
5bd9fd |
openca
|
|
Chris PeBenito |
2ba3de |
openvpn (Petre Rodan)
|
|
Chris PeBenito |
0cc79f |
perdition
|
|
Chris PeBenito |
12cd9a |
portslave
|
|
Chris PeBenito |
7f9ebb |
postgrey
|
|
Chris PeBenito |
3411c3 |
pxe
|
|
Chris PeBenito |
e99359 |
pyzor (Dan Walsh)
|
|
Chris PeBenito |
65e131 |
qmail (Petre Rodan)
|
|
Chris PeBenito |
20e929 |
razor
|
|
Chris PeBenito |
b057be |
resmgr
|
|
Chris PeBenito |
c8d5b3 |
rhgb
|
|
Chris PeBenito |
5540e7 |
rssh
|
|
Chris PeBenito |
e55160 |
snort
|
|
Chris PeBenito |
9b244c |
soundserver
|
|
Chris PeBenito |
5501be |
speedtouch
|
|
Chris PeBenito |
b6cc2f |
sxid
|
|
Chris PeBenito |
185272 |
thunderbird
|
|
Chris PeBenito |
ce3145 |
tor (Erich Schubert)
|
|
Chris PeBenito |
fa8951 |
transproxy
|
|
Chris PeBenito |
853692 |
tripwire
|
|
Chris PeBenito |
dfd2c1 |
uptime
|
|
Chris PeBenito |
3eec24 |
uwimap
|
|
Chris PeBenito |
b35d3f |
vmware
|
|
Chris PeBenito |
d592b6 |
watchdog
|
|
Chris PeBenito |
a3cf80 |
xen (Dan Walsh)
|
|
Chris PeBenito |
5516db |
xprint
|
|
Chris PeBenito |
f30e6e |
yam
|
|
Chris PeBenito |
ce3145 |
|
|
Chris PeBenito |
0fc3e1 |
* Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
|
|
Chris PeBenito |
1c1ac6 |
- Make all interface parameters required.
|
|
Chris PeBenito |
1c1ac6 |
- Move boot_t, system_map_t, and modules_object_t to files module,
|
|
Chris PeBenito |
1c1ac6 |
and move bootloader to admin layer.
|
|
Chris PeBenito |
02bcb8 |
- Add semanage policy for semodule from Dan Walsh.
|
|
Chris PeBenito |
3eea55 |
- Remove allow_execmem from targeted policy domain_base_type().
|
|
Chris PeBenito |
ace368 |
- Add users_extra and seusers support.
|
|
Chris PeBenito |
0062f9 |
- Postfix fixes from Serge Hallyn.
|
|
Chris PeBenito |
0e686f |
- Run python and shell directly to interpret scripts so policy
|
|
Chris PeBenito |
0e686f |
sources need not be executable.
|
|
Chris PeBenito |
0e686f |
- Add desc tag XML to booleans and tunables, and add summary
|
|
Chris PeBenito |
0e686f |
to param XML tag, to make future translations possible.
|
|
Chris PeBenito |
017bab |
- Remove unused lvm_vg_t.
|
|
Chris PeBenito |
ffd5c3 |
- Many interface renames to improve naming consistency.
|
|
Chris PeBenito |
0f5d13 |
- Merge xdm into xserver.
|
|
Chris PeBenito |
18cc01 |
- Remove kernel module reversed interfaces.
|
|
Chris PeBenito |
585076 |
- Add filename attribute to module XML tag and lineno attribute to
|
|
Chris PeBenito |
585076 |
interface XML tag.
|
|
Chris PeBenito |
9b3756 |
- Changed QUIET build option to a yes or no option.
|
|
Chris PeBenito |
9b3756 |
- Add a Makefile used for compiling loadable modules in a
|
|
Chris PeBenito |
9b3756 |
user's development environment, building against policy headers.
|
|
Chris PeBenito |
9b3756 |
- Add Make target for installing policy headers.
|
|
Chris PeBenito |
4ace0f |
- Separate per-userdomain template expansion from the userdomain
|
|
Chris PeBenito |
4ace0f |
module and add infrastructure to expand templates in the modules
|
|
Chris PeBenito |
4ace0f |
that own the template.
|
|
Chris PeBenito |
4ace0f |
- Enable secadm only for MLS policies.
|
|
Chris PeBenito |
5e4cbc |
- Remove role change rules in su and sudo since this functionality has been
|
|
Chris PeBenito |
5e4cbc |
removed from these programs.
|
|
Chris PeBenito |
37227d |
- Add ctags Make target from Thomas Bleher.
|
|
Chris PeBenito |
7dca64 |
- Collapse commands with grep piped to sed into one sed command.
|
|
Chris PeBenito |
1e786e |
- Fix type_change bug in term_user_pty().
|
|
Chris PeBenito |
acd87c |
- Move ice_tmp_t from miscfiles to xserver.
|
|
Chris PeBenito |
85c20a |
- Login fixes from Serge Hallyn.
|
|
Chris PeBenito |
488ec7 |
- Move xserver_log_t from xdm to xserver.
|
|
Chris PeBenito |
8dca6b |
- Add lpr per-userdomain policy to lpd.
|
|
Chris PeBenito |
0a7728 |
- Miscellaneous fixes from Dan Walsh.
|
|
Chris PeBenito |
68228b |
- Change initrc_var_run_t interface noun from script_pid to utmp,
|
|
Chris PeBenito |
68228b |
for greater clarity.
|
|
Chris PeBenito |
8cc494 |
- Added modules:
|
|
Chris PeBenito |
2bcdbd |
certwatch
|
|
Chris PeBenito |
a225f9 |
mono (Dan Walsh)
|
|
Chris PeBenito |
679626 |
mrtg
|
|
Chris PeBenito |
e1c414 |
portage
|
|
Chris PeBenito |
b77d01 |
tvtime
|
|
Chris PeBenito |
7c2f5a |
userhelper
|
|
Chris PeBenito |
8cc494 |
usernetctl
|
|
Chris PeBenito |
a225f9 |
wine (Dan Walsh)
|
|
Chris PeBenito |
488ec7 |
xserver
|
|
Chris PeBenito |
8cc494 |
|
|
Chris PeBenito |
22cb0b |
* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
|
|
Chris PeBenito |
b7b1d2 |
- Adds support for generating corenetwork interfaces based on attributes
|
|
Chris PeBenito |
b7b1d2 |
in addition to types.
|
|
Chris PeBenito |
b7b1d2 |
- Permits the listing of multiple nodes in a network_node() that will be
|
|
Chris PeBenito |
b7b1d2 |
given the same type.
|
|
Chris PeBenito |
b7b1d2 |
- Add two new permission sets for stream sockets.
|
|
Chris PeBenito |
9d5949 |
- Rename file type transition interfaces verb from create to
|
|
Chris PeBenito |
9d5949 |
filetrans to differentiate it from create interfaces without
|
|
Chris PeBenito |
9d5949 |
type transitions.
|
|
Chris PeBenito |
9d5949 |
- Fix expansion of interfaces from disabled modules.
|
|
Chris PeBenito |
de9408 |
- Rsync can be long running from init,
|
|
Chris PeBenito |
de9408 |
added rules to allow this.
|
|
Chris PeBenito |
b07eae |
- Add polyinstantiation build option.
|
|
Chris PeBenito |
afd38b |
- Add setcontext to the association object class.
|
|
Chris PeBenito |
bb4372 |
- Add apache relay and db connect tunables.
|
|
Chris PeBenito |
a324ef |
- Rename texrel_shlib_t to textrel_shlib_t.
|
|
Chris PeBenito |
cbe327 |
- Add swat to samba module.
|
|
Chris PeBenito |
2c2435 |
- Numerous miscellaneous fixes from Dan Walsh.
|
|
Chris PeBenito |
0f73fd |
- Added modules:
|
|
Chris PeBenito |
de8af9 |
alsa
|
|
Chris PeBenito |
7576fa |
automount
|
|
Chris PeBenito |
4ec694 |
cdrecord
|
|
Chris PeBenito |
44d5d9 |
daemontools (Petre Rodan)
|
|
Chris PeBenito |
871079 |
ddcprobe
|
|
Chris PeBenito |
44d5d9 |
djbdns (Petre Rodan)
|
|
Chris PeBenito |
a089b6 |
fetchmail
|
|
Chris PeBenito |
8cffa7 |
irc
|
|
Chris PeBenito |
3ffe29 |
java
|
|
Chris PeBenito |
1ae2c3 |
lockdev
|
|
Chris PeBenito |
020cbe |
logwatch (Dan Walsh)
|
|
Chris PeBenito |
0e8ec4 |
openct
|
|
Chris PeBenito |
2c2435 |
prelink (Dan Walsh)
|
|
Chris PeBenito |
44d5d9 |
publicfile (Petre Rodan)
|
|
Chris PeBenito |
6f11d6 |
readahead
|
|
Chris PeBenito |
7e0fa5 |
roundup
|
|
Chris PeBenito |
c8ba68 |
screen
|
|
Chris PeBenito |
6a57b6 |
slocate (Dan Walsh)
|
|
Chris PeBenito |
1d427a |
slrnpull
|
|
Chris PeBenito |
871b68 |
smartmon
|
|
Chris PeBenito |
0f73fd |
sysstat
|
|
Chris PeBenito |
44d5d9 |
ucspitcp (Petre Rodan)
|
|
Chris PeBenito |
44f490 |
usbmodules
|
|
Chris PeBenito |
39a17e |
vbetool (Dan Walsh)
|
|
Chris PeBenito |
0f73fd |
|
|
Chris PeBenito |
cd1b0b |
* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
|
|
Chris PeBenito |
c0626a |
- Add unlabeled IPSEC association rule to domains with
|
|
Chris PeBenito |
c0626a |
networking permissions.
|
|
Chris PeBenito |
bdb2fa |
- Merge systemuser back in to users, as these files
|
|
Chris PeBenito |
bdb2fa |
do not need to be split.
|
|
Chris PeBenito |
0176d1 |
- Add check for duplicate interface/template definitions.
|
|
Chris PeBenito |
058f3e |
- Move domain, files, and corecommands modules to kernel
|
|
Chris PeBenito |
058f3e |
layer to resolve some layering inconsistencies.
|
|
Chris PeBenito |
8e0ef1 |
- Move policy build options out of Makefile into build.conf.
|
|
Chris PeBenito |
131e57 |
- Add yppasswd to nis module.
|
|
Chris PeBenito |
132880 |
- Change optional_policy() to refer to the module name
|
|
Chris PeBenito |
132880 |
rather than modulename.te.
|
|
Chris PeBenito |
c767b1 |
- Fix labeling targets to use installed file_contexts rather
|
|
Chris PeBenito |
c767b1 |
than partial file_contexts in the policy source directory.
|
|
Chris PeBenito |
c767b1 |
- Fix build process to use make's internal vpath functions
|
|
Chris PeBenito |
c767b1 |
to detect modules rather than using subshells and find.
|
|
Chris PeBenito |
c767b1 |
- Add install target for modular policy.
|
|
Chris PeBenito |
c767b1 |
- Add load target for modular policy.
|
|
Chris PeBenito |
c767b1 |
- Add appconfig dependency to the load target.
|
|
Chris PeBenito |
9cc2cc |
- Miscellaneous fixes from Dan Walsh.
|
|
Chris PeBenito |
cf6141 |
- Fix corenetwork gen_context()'s to expand during the policy
|
|
Chris PeBenito |
cf6141 |
build phase instead of during the generation phase.
|
|
Chris PeBenito |
cf6141 |
- Added policies:
|
|
Chris PeBenito |
10b1f3 |
amanda
|
|
Chris PeBenito |
4b9516 |
avahi
|
|
Chris PeBenito |
350948 |
canna
|
|
Chris PeBenito |
ea557a |
cyrus
|
|
Chris PeBenito |
a63621 |
dbskk
|
|
Chris PeBenito |
29ce00 |
dovecot
|
|
Chris PeBenito |
cf6141 |
distcc
|
|
Chris PeBenito |
4093c2 |
i18n_input
|
|
Chris PeBenito |
5d5ea8 |
irqbalance
|
|
Chris PeBenito |
ad3b9d |
lpd
|
|
Chris PeBenito |
239db5 |
networkmanager
|
|
Chris PeBenito |
230838 |
pegasus
|
|
Chris PeBenito |
04926d |
postfix
|
|
Chris PeBenito |
3e6c81 |
procmail
|
|
Chris PeBenito |
385dcd |
radius
|
|
Chris PeBenito |
19ff64 |
rdisc
|
|
Chris PeBenito |
43989f |
rpc
|
|
Chris PeBenito |
f932d8 |
spamassassin
|
|
Chris PeBenito |
f11f0c |
timidity
|
|
Chris PeBenito |
23a444 |
xdm
|
|
Chris PeBenito |
3f4188 |
xfs
|
|
Chris PeBenito |
2b01ae |
|
|
Chris PeBenito |
a4e8b7 |
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
|
|
Chris PeBenito |
61feb2 |
- Many fixes to make loadable modules build.
|
|
Chris PeBenito |
8df65f |
- Add targets for sechecker.
|
|
Chris PeBenito |
4f9f30 |
- Updated to sedoctool to read bool files and tunable
|
|
Chris PeBenito |
4f9f30 |
files separately.
|
|
Chris PeBenito |
4f9f30 |
- Changed the xml tag of <boolean> to <bool> to be consistent
|
|
Chris PeBenito |
4f9f30 |
with gen_bool().
|
|
Chris PeBenito |
4f9f30 |
- Modified the implementation of segenxml to use regular
|
|
Chris PeBenito |
4f9f30 |
expressions.
|
|
Chris PeBenito |
e02c61 |
- Rename context_template() to gen_context() to clarify
|
|
Chris PeBenito |
e02c61 |
that its not a Reference Policy template, but a support
|
|
Chris PeBenito |
e02c61 |
macro.
|
|
Chris PeBenito |
b03f96 |
- Add disable_*_trans bool support for targeted policy.
|
|
Chris PeBenito |
f0574f |
- Add MLS module to handle MLS constraint exceptions,
|
|
Chris PeBenito |
f0574f |
such as reading up and writing down.
|
|
Chris PeBenito |
681c9a |
- Fix errors uncovered by sediff.
|
|
Chris PeBenito |
842859 |
- Added policies:
|
|
Chris PeBenito |
9edc28 |
anaconda
|
|
Chris PeBenito |
e749cd |
apache
|
|
Chris PeBenito |
4483ee |
apm
|
|
Chris PeBenito |
4483ee |
arpwatch
|
|
Chris PeBenito |
d4dca5 |
bluetooth
|
|
Chris PeBenito |
20e306 |
dmidecode
|
|
Chris PeBenito |
d4dca5 |
finger
|
|
Chris PeBenito |
fc6524 |
ftp
|
|
Chris PeBenito |
842859 |
kudzu
|
|
Chris PeBenito |
799a0b |
mailman
|
|
Chris PeBenito |
e08118 |
ppp
|
|
Chris PeBenito |
fa6757 |
radvd
|
|
Chris PeBenito |
f33561 |
sasl
|
|
Chris PeBenito |
f33561 |
webalizer
|
|
Chris PeBenito |
681c9a |
|
|
Chris PeBenito |
485586 |
* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
|
|
Chris PeBenito |
142e9f |
- Make logrotate, sendmail, sshd, and rpm policies
|
|
Chris PeBenito |
142e9f |
unconfined in the targeted policy so no special
|
|
Chris PeBenito |
142e9f |
modules.conf is required.
|
|
Chris PeBenito |
a08248 |
- Add experimental MCS support.
|
|
Chris PeBenito |
c0e4fe |
- Add appconfig for MLS.
|
|
Chris PeBenito |
98a8ea |
- Add equivalents for old can_resolve(), can_ldap(), and
|
|
Chris PeBenito |
98a8ea |
can_portmap() to sysnetwork.
|
|
Chris PeBenito |
082dcd |
- Fix base module compile issues.
|
|
Chris PeBenito |
d17b4d |
- Added policies:
|
|
Chris PeBenito |
921055 |
cpucontrol
|
|
Chris PeBenito |
93070c |
cvs
|
|
Chris PeBenito |
d17b4d |
ktalk
|
|
Chris PeBenito |
eb3cb6 |
portmap
|
|
Chris PeBenito |
a1fcff |
postgresql
|
|
Chris PeBenito |
4fd520 |
rlogin
|
|
Chris PeBenito |
84c922 |
samba
|
|
Chris PeBenito |
ccc597 |
snmp
|
|
Chris PeBenito |
200f45 |
stunnel
|
|
Chris PeBenito |
4fd520 |
telnet
|
|
Chris PeBenito |
40adb5 |
tftp
|
|
Chris PeBenito |
f7ba4a |
uucp
|
|
Chris PeBenito |
a1fcff |
vpn
|
|
Chris PeBenito |
9ff300 |
zebra
|
|
Chris PeBenito |
d17b4d |
|
|
Chris PeBenito |
541b7d |
* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
|
|
Chris PeBenito |
ce1b44 |
- Fix errors uncovered by sediff.
|
|
Chris PeBenito |
a19e34 |
- Doc tool will explicitly say a module does not have interfaces
|
|
Chris PeBenito |
a19e34 |
or templates on the module page.
|
|
Chris PeBenito |
6e6156 |
- Added policies:
|
|
Chris PeBenito |
6e6156 |
comsat
|
|
Chris PeBenito |
0c3d17 |
dbus
|
|
Chris PeBenito |
f344c0 |
dhcp
|
|
Chris PeBenito |
ac0483 |
dictd
|
|
Chris PeBenito |
fdae8e |
hal
|
|
Chris PeBenito |
8d9352 |
inn
|
|
Chris PeBenito |
b11a75 |
ntp
|
|
Chris PeBenito |
0f707d |
squid
|
|
Chris PeBenito |
a19e34 |
|
|
Chris PeBenito |
37aa3f |
* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
|
|
Chris PeBenito |
e28aa6 |
- Add Makefile support for building loadable modules.
|
|
Chris PeBenito |
e28aa6 |
- Add genclassperms.py tool to add require blocks
|
|
Chris PeBenito |
e28aa6 |
for loadable modules.
|
|
Chris PeBenito |
e28aa6 |
- Change sedoctool to make required modules part of base
|
|
Chris PeBenito |
e28aa6 |
by default, otherwise make as modules, in modules.conf.
|
|
Chris PeBenito |
e28aa6 |
- Fix segenxml to handle modules with no interfaces.
|
|
Chris PeBenito |
e28aa6 |
- Rename ipsec connect interface for consistency.
|
|
Chris PeBenito |
e28aa6 |
- Add missing parts of unix stream socket connect interface
|
|
Chris PeBenito |
e28aa6 |
of ipsec.
|
|
Chris PeBenito |
e28aa6 |
- Rename inetd connect interface for consistency.
|
|
Chris PeBenito |
e28aa6 |
- Rename interface for purging contents of tmp, for clarity,
|
|
Chris PeBenito |
e28aa6 |
since it allows deletion of classes other than file.
|
|
Chris PeBenito |
e28aa6 |
- Misc. cleanups.
|
|
Chris PeBenito |
e28aa6 |
- Added policies:
|
|
Chris PeBenito |
e28aa6 |
acct
|
|
Chris PeBenito |
e28aa6 |
bind
|
|
Chris PeBenito |
e28aa6 |
firstboot
|
|
Chris PeBenito |
e28aa6 |
gpm
|
|
Chris PeBenito |
e28aa6 |
howl
|
|
Chris PeBenito |
e28aa6 |
ldap
|
|
Chris PeBenito |
e28aa6 |
loadkeys
|
|
Chris PeBenito |
e28aa6 |
mysql
|
|
Chris PeBenito |
e28aa6 |
privoxy
|
|
Chris PeBenito |
e28aa6 |
quota
|
|
Chris PeBenito |
e28aa6 |
rshd
|
|
Chris PeBenito |
e28aa6 |
rsync
|
|
Chris PeBenito |
e28aa6 |
su
|
|
Chris PeBenito |
e28aa6 |
sudo
|
|
Chris PeBenito |
e28aa6 |
tcpd
|
|
Chris PeBenito |
e28aa6 |
tmpreaper
|
|
Chris PeBenito |
e28aa6 |
updfstab
|
|
Chris PeBenito |
81343a |
|
|
Chris PeBenito |
e28aa6 |
* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
|
|
Chris PeBenito |
e28aa6 |
- Fix comparison bug in fc_sort.
|
|
Chris PeBenito |
e28aa6 |
- Fix handling of ordered and unordered HTML lists.
|
|
Chris PeBenito |
e28aa6 |
- Corenetwork now supports multiple network interfaces having the
|
|
Chris PeBenito |
e28aa6 |
same type.
|
|
Chris PeBenito |
e28aa6 |
- Doc tool now creates pages for global Booleans and global tunables.
|
|
Chris PeBenito |
e28aa6 |
- Doc tool now links directly to the interface/template in the
|
|
Chris PeBenito |
e28aa6 |
module page when it is selected in the interface/template index.
|
|
Chris PeBenito |
e28aa6 |
- Added support for layer summaries.
|
|
Chris PeBenito |
e28aa6 |
- Added policies:
|
|
Chris PeBenito |
e28aa6 |
ipsec
|
|
Chris PeBenito |
e28aa6 |
nscd
|
|
Chris PeBenito |
e28aa6 |
pcmcia
|
|
Chris PeBenito |
e28aa6 |
raid
|
|
Chris PeBenito |
acb668 |
|
|
Chris PeBenito |
e28aa6 |
* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
|
|
Chris PeBenito |
e28aa6 |
- Changed xml to have modules encapsulated by layer tags, rather
|
|
Chris PeBenito |
e28aa6 |
than putting layer="foo" in the module tags. Also in the future
|
|
Chris PeBenito |
e28aa6 |
we can put a summary and description for each layer.
|
|
Chris PeBenito |
e28aa6 |
- Added tool to infer interface, module, and layer tags. This will
|
|
Chris PeBenito |
e28aa6 |
now list all interfaces, even if they are missing xml docs.
|
|
Chris PeBenito |
e28aa6 |
- Shortened xml tag names.
|
|
Chris PeBenito |
e28aa6 |
- Added macros to declare interfaces and templates.
|
|
Chris PeBenito |
e28aa6 |
- Added interface call trace.
|
|
Chris PeBenito |
e28aa6 |
- Updated all xml documentation for shorter and inferred tags.
|
|
Chris PeBenito |
e28aa6 |
- Doc tool now displays templates in the web pages.
|
|
Chris PeBenito |
e28aa6 |
- Doc tool retains the user's settings in modules.conf and
|
|
Chris PeBenito |
e28aa6 |
tunables.conf if the files already exist.
|
|
Chris PeBenito |
e28aa6 |
- Modules.conf behavior has been changed to be a list of all
|
|
Chris PeBenito |
e28aa6 |
available modules, and the user can specify if the module is
|
|
Chris PeBenito |
e28aa6 |
built as a loadable module, included in the monolithic policy,
|
|
Chris PeBenito |
e28aa6 |
or excluded.
|
|
Chris PeBenito |
e28aa6 |
- Added policies:
|
|
Chris PeBenito |
e28aa6 |
fstools (fsck, mkfs, swapon, etc. tools)
|
|
Chris PeBenito |
e28aa6 |
logrotate
|
|
Chris PeBenito |
e28aa6 |
inetd
|
|
Chris PeBenito |
e28aa6 |
kerberos
|
|
Chris PeBenito |
e28aa6 |
nis (ypbind and ypserv)
|
|
Chris PeBenito |
e28aa6 |
ssh (server, client, and agent)
|
|
Chris PeBenito |
e28aa6 |
unconfined
|
|
Chris PeBenito |
e28aa6 |
- Added infrastructure for targeted policy support, only missing
|
|
Chris PeBenito |
e28aa6 |
transition boolean support.
|
|
Chris PeBenito |
dfa83e |
|
|
Chris PeBenito |
e28aa6 |
* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
|
|
Chris PeBenito |
e28aa6 |
- Initial release
|