Chris PeBenito bd973e
- Remove unused types from dbus.
Chris PeBenito a334d2
- Add infrastructure for managing all user web content.
Chris PeBenito ef659a
- Deprecate some old file and dir permission set macros in favor of the
Chris PeBenito ef659a
  newer, more consistently-named macros.
Chris PeBenito 6c53a1
- Patch to clean up unescaped periods in several file context entries from
Chris PeBenito 6c53a1
  Jan-Frode Myklebust.
Chris PeBenito 350b6a
- Merge shlib_t into lib_t.
Chris PeBenito 350b6a
- Merge strict and targeted policies.  The policy will now behave like the
Chris PeBenito 350b6a
  strict policy if the unconfined module is not present.  If it is, it will
Chris PeBenito 350b6a
  behave like the targeted policy.  Added an unconfined role to have a mix
Chris PeBenito 350b6a
  of confined and unconfined users.
Chris PeBenito 6bf8bf
- Added modules:
Chris PeBenito 6bf8bf
	exim (Dan Walsh)
Chris PeBenito 350b6a
Chris PeBenito cb811c
* Fri Sep 28 2007 Chris PeBenito <selinux@tresys.com> - 20070928
Chris PeBenito 8acfcb
- Add support for setting the unknown permissions handling.
Chris PeBenito 96fc0a
- Fix XML building for external reference builds and headers builds.
Chris PeBenito 6f49b4
- Patch to add missing requirements in userdomain interfaces from Shintaro
Chris PeBenito 6f49b4
  Fujiwara.
Chris PeBenito 8242f5
- Add tcpd_wrapped_domain() for services that use tcp wrappers.
Chris PeBenito d62c08
- Update MLS constraints from LSPP evaluated policy.
Chris PeBenito 2af7b4
- Allow initrc_t file descriptors to be inherited regardless of MLS level.
Chris PeBenito 2af7b4
  Accordingly drop MLS permissions from daemons that inherit from any level.
Chris PeBenito 80d5e0
- Files and radvd updates from Stefan Schulze Frielinghaus.
Chris PeBenito f8233a
- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
Chris PeBenito f8233a
  mls_write_all_levels() and mls_read_all_levels(), for consistency.
Chris PeBenito 2d0c9c
- Add make kernel and init ranged interfaces pass the range transition MLS
Chris PeBenito 2d0c9c
  constraints.  Also remove calls to mls_rangetrans_target() in modules that use
Chris PeBenito 2d0c9c
  the kernel and init interfaces, since its redundant.
Chris PeBenito 2d0c9c
- Add interfaces for all MLS attributes except X object classes.
Chris PeBenito 2d0c9c
- Require all sensitivities and categories for MLS and MCS policies, not just
Chris PeBenito 2d0c9c
  the low and high sensitivity and category.
Chris PeBenito 9760cb
- Database userspace object manager classes from KaiGai Kohei.
Chris PeBenito 371d11
- Add third-party interface for Apache CGI.
Chris PeBenito 924f3c
- Add getserv and shmemserv nscd permissions.
Chris PeBenito f80a0e
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
Chris PeBenito d46cfe
- Added modules:
Chris PeBenito d46cfe
	application
Chris PeBenito 0cf6df
	awstats (Stefan Schulze Frielinghaus)
Chris PeBenito 8242f5
	bitlbee (Devin Carraway)
Chris PeBenito 8241b5
	brctl (Dan Walsh)
Chris PeBenito f80a0e
Chris PeBenito 970122
* Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
Chris PeBenito 113b4f
- Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
Chris PeBenito 113b4f
  libraries module.
Chris PeBenito 190066
- Unified labeled networking policy from Paul Moore.
Chris PeBenito 190066
- Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
Chris PeBenito 7f0897
- Xen updates from Dan Walsh.
Chris PeBenito 5bf9de
- Filesystem updates from Dan Walsh.
Chris PeBenito 40df56
- Large samba update from Dan Walsh.
Chris PeBenito 788d88
- Drop snmpd_etc_t.
Chris PeBenito 6c8aba
- Confine sendmail and logrotate on targeted.
Chris PeBenito cb10a2
- Tunable connection to postgresql for users from KaiGai Kohei.
Chris PeBenito 41337a
- Memprotect support patch from Stephen Smalley.
Chris PeBenito d5b81a
- Add logging_send_audit_msgs() interface and deprecate
Chris PeBenito d5b81a
  send_audit_msgs_pattern().
Chris PeBenito d534d3
- Openct updates patch from Dan Walsh.
Chris PeBenito 762d2c
- Merge restorecon into setfiles.
Chris PeBenito 12217c
- Patch to begin separating out hald helper programs from Dan Walsh.
Chris PeBenito b129e2
- Fixes for squid, dovecot, and snmp from Dan Walsh.
Chris PeBenito 4967aa
- Miscellaneous consolekit fixes from Dan Walsh.
Chris PeBenito ed4b73
- Patch to have avahi use the nsswitch interface rather than individual
Chris PeBenito ed4b73
  permissions from Dan Walsh.
Chris PeBenito 517618
- Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
Chris PeBenito 882186
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
Chris PeBenito 517618
  to handle usage from userhelper from Dan Walsh.
Chris PeBenito 747ab1
- Patch to allow amavis to read spamassassin libraries from Dan Walsh.
Chris PeBenito f9029f
- Patch to allow slocate to getattr other filesystems and directories on those
Chris PeBenito f9029f
  filesystems from Dan Walsh.
Chris PeBenito d28e52
- Fixes for RHEL4 from the CLIP project.
Chris PeBenito cd16fe
- Replace the old lrrd fc entries with munin ones.
Chris PeBenito b4dfdc
- Move program admin template usage out of userdom_admin_user_template() to
Chris PeBenito b4dfdc
  sysadm policy in userdomain.te to fix usage of the template for third
Chris PeBenito b4dfdc
  parties.
Chris PeBenito 7a4bd4
- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
Chris PeBenito 7a4bd4
  template instead of an interface.
Chris PeBenito 6a2975
- Added modules:
Chris PeBenito a74d1a
	amtu (Dan Walsh)
Chris PeBenito 78f17e
	apcupsd (Dan Walsh)
Chris PeBenito 7b61fe
	rpcbind (Dan Walsh)
Chris PeBenito 6a2975
	rwho (Nalin Dahyabhai)
Chris PeBenito 7a4bd4
Chris PeBenito 273383
* Tue Apr 17 2007 Chris PeBenito <selinux@tresys.com> - 20070417
Chris PeBenito 697489
- Patch for sasl's use of kerberos from Dan Walsh.
Chris PeBenito 697489
- Patches to confine ldconfig, udev, and insmod in the targeted policy from Dan Walsh.
Chris PeBenito f4e2b1
- Man page updates from Dan Walsh.
Chris PeBenito a26923
- Two patches from Paul Moore to for ipsec to remove redundant rules and
Chris PeBenito a26923
  have setkey read the config file.
Chris PeBenito 56e1b3
- Move booleans and tunables to modules when it is only used in a single
Chris PeBenito 56e1b3
  module.
Chris PeBenito 56e1b3
- Add support for tunables and booleans local to a module.
Chris PeBenito 8021cb
- Merge sbin_t and ls_exec_t into bin_t.
Chris PeBenito ab514d
- Remove disable_trans booleans.
Chris PeBenito e9b004
- Output different header sets for kernel and userland from flask headers.
Chris PeBenito 1852cd
- Marked the pax class as deprecated, changed it to userland so
Chris PeBenito 1852cd
  it will be removed from the kernel.
Chris PeBenito d17bab
- Stop including netfilter contexts by default.
Chris PeBenito a5f5eb
- Add dontaudits for init fds and console to init_daemon_domain().
Chris PeBenito 4832f0
- Patch to allow gpg to create user keys dir.
Chris PeBenito 937849
- Patch to support kvmfs from Dan Walsh.
Chris PeBenito 6c20f7
- Patch for misc fixes in sudo from Dan Walsh.
Chris PeBenito b50f2e
- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
Chris PeBenito cdc91b
- Patch for handling restart of nscd when ran from useradd, groupadd, and
Chris PeBenito cdc91b
  admin passwd, from Dan Walsh.
Chris PeBenito 59bedc
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
Chris PeBenito 7aca2a
- Patch for setroubleshoot for validating file contexts from Dan Walsh.
Chris PeBenito c23eb5
- Patch for gssd fixes from Dan Walsh.
Chris PeBenito c5561c
- Patch for lvm fixes from Dan Walsh.
Chris PeBenito c5561c
- Patch for ricci fixes from Dan Walsh.
Chris PeBenito f2c69c
- Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
Chris PeBenito 4900fd
- Patch for kerberized telnet fixes from Dan Walsh.
Chris PeBenito 09c56f
- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
Chris PeBenito 2aea36
- Patch for an additional wine executable from Dan Walsh.
Chris PeBenito ecc98e
- Eight patches for file contexts in games, wine, networkmanager, miscfiles,
Chris PeBenito ecc98e
  corecommands, devices, and java from Dan Walsh.
Chris PeBenito 86d754
- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
Chris PeBenito f0eaed
- Patch for misc fixes to bluetooth from Dan Walsh.
Chris PeBenito 5b0647
- Patch for misc fixes to kerberos from Dan Walsh.
Chris PeBenito bbb7cc
- Patch to start deprecating usercanread attribute from Ryan Bradetich.
Chris PeBenito a715dc
- Add dccp_socket object class which was added in kernel 2.6.20.
Chris PeBenito 3a3901
- Patch for prelink relabefrom it's temp files from Dan Walsh.
Chris PeBenito 5c45ea
- Patch for capability fix for auditd and networking fix for syslogd from
Chris PeBenito 5c45ea
  Dan Walsh.
Chris PeBenito 66cf19
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
Chris PeBenito 468521
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
Chris PeBenito aeb54c
- Patch to allow apmd to telinit from Dan Walsh.
Chris PeBenito d11407
- Patch for additional labeling of samba files from Stefan Schulze
Chris PeBenito d11407
  Frielinghaus.
Chris PeBenito bcac3a
- Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
Chris PeBenito f1be09
- Fix ptys and ttys to be device nodes.
Chris PeBenito 4bd55e
- Fix explicit use of httpd_t in openca_domtrans().
Chris PeBenito ff943a
- Clean up file context regexes in apache and java, from Eamon Walsh.
Chris PeBenito 6b19be
- Patches from Dan Walsh:
Chris PeBenito 6b19be
	Thu, 25 Jan 2007
Chris PeBenito c224d9
- Added modules:
Chris PeBenito c224d9
	consolekit (Dan Walsh)
Chris PeBenito cd3ee9
	fail2ban (Dan Walsh)
Chris PeBenito 97e815
	zabbix (Dan Walsh)
Chris PeBenito ff943a
Chris PeBenito b00150
* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
Chris PeBenito c0868a
- Add policy patterns support macros.  This changes the behavior of
Chris PeBenito c0868a
  the create_dir_perms and create_file_perms permission sets.
Chris PeBenito d31d3c
- Association polmatch MLS constraint making unlabeled_t an exception
Chris PeBenito d31d3c
  is no longer needed, patch from Venkat Yekkirala.
Chris PeBenito c6a60b
- Context contains checking for PAM and cron from James Antill.
Chris PeBenito 59f853
- Add a reload target to Modules.devel and change the load
Chris PeBenito 59f853
  target to only insert modules that were changed.
Chris PeBenito ed38ca
- Allow semanage to read from /root on strict non-MLS for
Chris PeBenito ed38ca
  local policy modules.
Chris PeBenito ed38ca
- Gentoo init script fixes for udev.
Chris PeBenito ed38ca
- Allow udev to read kernel modules.inputmap.
Chris PeBenito ed38ca
- Dnsmasq fixes from testing.
Chris PeBenito ed38ca
- Allow kernel NFS server to getattr filesystems so df can work
Chris PeBenito ed38ca
  on clients.
Chris PeBenito f497b8
- Patch from Matt Anderson for a MLS constraint exemption on a
Chris PeBenito f497b8
  file that can be written to from a subject whose range is
Chris PeBenito f497b8
  within the object's range.
Chris PeBenito a8671a
- Enhanced setransd support from Darrel Goeddel.
Chris PeBenito d9845a
- Patches from Dan Walsh:
Chris PeBenito d9845a
	Tue, 24 Oct 2006
Chris PeBenito d6d16b
	Wed, 29 Nov 2006
Chris PeBenito d9845a
- Added modules:
Chris PeBenito fa45da
	aide (Matt Anderson)
Chris PeBenito fa45da
	ccs (Dan Walsh)
Chris PeBenito d9845a
	iscsi (Dan Walsh)
Chris PeBenito fa45da
	ricci (Dan Walsh)
Chris PeBenito a8671a
Chris PeBenito 248ccc
* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
Chris PeBenito 3c3c04
- Patch from Russell Coker Thu, 5 Oct 2006
Chris PeBenito e070dd
- Move range transitions to modules.
Chris PeBenito e070dd
- Make number of MLS sensitivities, and number of MLS and MCS
Chris PeBenito e070dd
  categories configurable as build options.
Chris PeBenito bbcd3c
- Add role infrastructure.
Chris PeBenito 13d7ce
- Debian updates from Erich Schubert.
Chris PeBenito 3ef029
- Add nscd_socket_use() to auth_use_nsswitch().
Chris PeBenito 33c7e6
- Remove old selopt rules.
Chris PeBenito f5d1d0
- Full support for netfilter_contexts.
Chris PeBenito 4846dc
- MRTG patch for daemon operation from Stefan.
Chris PeBenito 4b3b46
- Add authlogin interface to abstract common access for login programs.
Chris PeBenito 133000
- Remove setbool auditallow, except for RHEL4.
Chris PeBenito 81a016
- Change eventpollfs to task SID labeling.
Chris PeBenito fe3a1e
- Add key support from Michael LeMay.
Chris PeBenito 75fbbb
- Add ftpdctl domain to ftp, from Paul Howarth.
Chris PeBenito 4f447b
- Fix build system to not move type declarations out of optionals.
Chris PeBenito 5afdf0
- Add gcc-config domain to portage.
Chris PeBenito e37158
- Add packet object class and support in corenetwork.
Chris PeBenito fc47b3
- Add a copy of genhomedircon for monolithic policy building, so that a
Chris PeBenito fc47b3
  policycoreutils package update is not required for RHEL4 systems.
Chris PeBenito c8229a
- Add appletalk sockets for use in cups.
Chris PeBenito ea5333
- Add Make target to validate module linking.
Chris PeBenito 5706fa
- Make duplicate template and interface declarations a fatal error.
Chris PeBenito 86e869
- Patch to stabilize modules.conf `make conf` output, from Erich Schubert.
Chris PeBenito 413982
- Move xconsole_device_t from devices to xserver since it is
Chris PeBenito 413982
  not actually a device, it is a named pipe.
Chris PeBenito 0578bf
- Handle nonexistant .fc and .if files in devel Makefile by
Chris PeBenito 0578bf
  automatically creating empty files.
Chris PeBenito fc70c9
- Remove unused devfs_control_t.
Chris PeBenito 2f1a8f
- Add rhel4 distro, which also implies redhat distro.
Chris PeBenito f3ac5e
- Remove unneeded range_transition for su_exec_t and move the
Chris PeBenito f3ac5e
  type declaration back to the su module.
Chris PeBenito 9779f0
- Constrain transitions in MCS so unconfined_t cannot have
Chris PeBenito 9779f0
  arbitrary category sets.
Chris PeBenito d2a903
- Change reiserfs from xattr filesystem to genfscon as it's xattrs
Chris PeBenito d2a903
  are currently nonfunctional.
Chris PeBenito da14da
- Change files and filesystem modules to use their own interfaces.
Chris PeBenito 178647
- Add user fonts to xserver.
Chris PeBenito d42c7e
- Additional interfaces in corecommands, miscfiles, and userdomain
Chris PeBenito d42c7e
  from Joy Latten.
Chris PeBenito 8b2d5c
- Miscellaneous fixes from Thomas Bleher.
Chris PeBenito bb7170
- Deprecate module name as first parameter of optional_policy()
Chris PeBenito bb7170
  now that optionals are allowed everywhere.
Chris PeBenito 0db866
- Enable optional blocks in base module and monolithic policy.
Chris PeBenito 0db866
  This requires checkpolicy 1.30.1.
Chris PeBenito ac6cff
- Fix vpn module declaration.
Chris PeBenito a3cf80
- Numerous fixes from Dan Walsh.
Chris PeBenito 3abd5e
- Change build order to preserve m4 line number information so policy
Chris PeBenito 3abd5e
  compile errors are useful again.
Chris PeBenito 405efe
- Additional MLS interfaces from Chad Hanson.
Chris PeBenito 3cfd48
- Move some rules out of domain_type() and domain_base_type()
Chris PeBenito 3cfd48
  to the TE file, to use the domain attribute to take advantage
Chris PeBenito 3cfd48
  of space savings from attribute use.
Chris PeBenito 3cfd48
- Add global stack smashing protector rule for urandom access from
Chris PeBenito 3cfd48
  Petre Rodan.
Chris PeBenito e78c77
- Fix temporary rules at the bottom of portmap.
Chris PeBenito 63e0a1
- Updated comments in mls file from Chad Hanson.
Chris PeBenito 2dd1d3
- Patches from Dan Walsh:
Chris PeBenito 2dd1d3
	Fri, 17 Mar 2006
Chris PeBenito 2dd1d3
	Wed, 29 Mar 2006
Chris PeBenito 2dd1d3
	Tue, 11 Apr 2006
Chris PeBenito 2dd1d3
	Fri, 14 Apr 2006
Chris PeBenito 2dd1d3
	Tue, 18 Apr 2006
Chris PeBenito 2dd1d3
	Thu, 20 Apr 2006
Chris PeBenito 2dd1d3
	Tue, 02 May 2006
Chris PeBenito 2dd1d3
	Mon, 15 May 2006
Chris PeBenito 2dd1d3
	Thu, 18 May 2006
Chris PeBenito 2dd1d3
	Tue, 06 Jun 2006
Chris PeBenito 2dd1d3
	Mon, 12 Jun 2006
Chris PeBenito 2dd1d3
	Tue, 20 Jun 2006
Chris PeBenito 9d3a3f
	Wed, 26 Jul 2006
Chris PeBenito a5e213
	Wed, 23 Aug 2006
Chris PeBenito eac818
	Thu, 31 Aug 2006
Chris PeBenito 5dbda5
	Fri, 01 Sep 2006
Chris PeBenito 75beb9
	Tue, 05 Sep 2006
Chris PeBenito 8708d9
	Wed, 20 Sep 2006
Chris PeBenito 693d4a
	Fri, 22 Sep 2006
Chris PeBenito e2b84e
	Mon, 25 Sep 2006
Chris PeBenito ce3145
- Added modules:
Chris PeBenito 48b1d0
	afs
Chris PeBenito 8a0a99
	amavis (Erich Schubert)
Chris PeBenito 0c54fc
	apt (Erich Schubert)
Chris PeBenito e3e37e
	asterisk
Chris PeBenito 7f74a4
	audioentropy
Chris PeBenito b6b574
	authbind
Chris PeBenito 57f233
	backup
Chris PeBenito 99c902
	calamaris
Chris PeBenito 096ae6
	cipe
Chris PeBenito 8a0a99
	clamav (Erich Schubert)
Chris PeBenito 46bec4
	clockspeed (Petre Rodan)
Chris PeBenito 03631a
	courier
Chris PeBenito 189631
	dante
Chris PeBenito 6ba4d9
	dcc
Chris PeBenito 70b8a7
	ddclient
Chris PeBenito 0c54fc
	dpkg (Erich Schubert)
Chris PeBenito 9e725d
	dnsmasq
Chris PeBenito 0834f9
	ethereal
Chris PeBenito edf241
	evolution
Chris PeBenito fbc0a2
	games
Chris PeBenito 5d03fc
	gatekeeper
Chris PeBenito 6cd6d7
	gift
Chris PeBenito 002190
	gnome (James Carter)
Chris PeBenito 4d73bb
	imaze
Chris PeBenito 050f36
	ircd
Chris PeBenito 61cf53
	jabber
Chris PeBenito 3f1c08
	monop
Chris PeBenito 9105f9
	mozilla
Chris PeBenito 77b81c
	mplayer
Chris PeBenito b6d37e
	munin
Chris PeBenito f1e604
	nagios
Chris PeBenito a478b5
	nessus
Chris PeBenito 130f8a
	netlabel (Paul Moore)
Chris PeBenito 6a21ce
	nsd
Chris PeBenito e3e37e
	ntop
Chris PeBenito 6bd449
	nx
Chris PeBenito 2e9cd9
	oav
Chris PeBenito e2b84e
	oddjob (Dan Walsh)
Chris PeBenito 5bd9fd
	openca
Chris PeBenito 2ba3de
	openvpn (Petre Rodan)
Chris PeBenito 0cc79f
	perdition
Chris PeBenito 12cd9a
	portslave
Chris PeBenito 7f9ebb
	postgrey
Chris PeBenito 3411c3
	pxe
Chris PeBenito e99359
	pyzor (Dan Walsh)
Chris PeBenito 65e131
	qmail (Petre Rodan)
Chris PeBenito 20e929
	razor
Chris PeBenito b057be
	resmgr
Chris PeBenito c8d5b3
	rhgb
Chris PeBenito 5540e7
	rssh
Chris PeBenito e55160
	snort
Chris PeBenito 9b244c
	soundserver
Chris PeBenito 5501be
	speedtouch
Chris PeBenito b6cc2f
	sxid
Chris PeBenito 185272
	thunderbird
Chris PeBenito ce3145
	tor (Erich Schubert)
Chris PeBenito fa8951
	transproxy
Chris PeBenito 853692
	tripwire
Chris PeBenito dfd2c1
	uptime
Chris PeBenito 3eec24
	uwimap
Chris PeBenito b35d3f
	vmware
Chris PeBenito d592b6
	watchdog
Chris PeBenito a3cf80
	xen (Dan Walsh)
Chris PeBenito 5516db
	xprint
Chris PeBenito f30e6e
	yam
Chris PeBenito ce3145
Chris PeBenito 0fc3e1
* Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
Chris PeBenito 1c1ac6
- Make all interface parameters required.
Chris PeBenito 1c1ac6
- Move boot_t, system_map_t, and modules_object_t to files module,
Chris PeBenito 1c1ac6
  and move bootloader to admin layer.
Chris PeBenito 02bcb8
- Add semanage policy for semodule from Dan Walsh.
Chris PeBenito 3eea55
- Remove allow_execmem from targeted policy domain_base_type().
Chris PeBenito ace368
- Add users_extra and seusers support.
Chris PeBenito 0062f9
- Postfix fixes from Serge Hallyn.
Chris PeBenito 0e686f
- Run python and shell directly to interpret scripts so policy
Chris PeBenito 0e686f
  sources need not be executable.
Chris PeBenito 0e686f
- Add desc tag XML to booleans and tunables, and add summary
Chris PeBenito 0e686f
  to param XML tag, to make future translations possible.
Chris PeBenito 017bab
- Remove unused lvm_vg_t.
Chris PeBenito ffd5c3
- Many interface renames to improve naming consistency.
Chris PeBenito 0f5d13
- Merge xdm into xserver.
Chris PeBenito 18cc01
- Remove kernel module reversed interfaces.
Chris PeBenito 585076
- Add filename attribute to module XML tag and lineno attribute to
Chris PeBenito 585076
  interface XML tag.
Chris PeBenito 9b3756
- Changed QUIET build option to a yes or no option.
Chris PeBenito 9b3756
- Add a Makefile used for compiling loadable modules in a
Chris PeBenito 9b3756
  user's development environment, building against policy headers.
Chris PeBenito 9b3756
- Add Make target for installing policy headers.
Chris PeBenito 4ace0f
- Separate per-userdomain template expansion from the userdomain
Chris PeBenito 4ace0f
  module and add infrastructure to expand templates in the modules
Chris PeBenito 4ace0f
  that own the template.
Chris PeBenito 4ace0f
- Enable secadm only for MLS policies.
Chris PeBenito 5e4cbc
- Remove role change rules in su and sudo since this functionality has been
Chris PeBenito 5e4cbc
  removed from these programs.
Chris PeBenito 37227d
- Add ctags Make target from Thomas Bleher.
Chris PeBenito 7dca64
- Collapse commands with grep piped to sed into one sed command.
Chris PeBenito 1e786e
- Fix type_change bug in term_user_pty().
Chris PeBenito acd87c
- Move ice_tmp_t from miscfiles to xserver.
Chris PeBenito 85c20a
- Login fixes from Serge Hallyn.
Chris PeBenito 488ec7
- Move xserver_log_t from xdm to xserver.
Chris PeBenito 8dca6b
- Add lpr per-userdomain policy to lpd.
Chris PeBenito 0a7728
- Miscellaneous fixes from Dan Walsh.
Chris PeBenito 68228b
- Change initrc_var_run_t interface noun from script_pid to utmp,
Chris PeBenito 68228b
  for greater clarity.
Chris PeBenito 8cc494
- Added modules:
Chris PeBenito 2bcdbd
	certwatch
Chris PeBenito a225f9
	mono (Dan Walsh)
Chris PeBenito 679626
	mrtg
Chris PeBenito e1c414
	portage
Chris PeBenito b77d01
	tvtime
Chris PeBenito 7c2f5a
	userhelper
Chris PeBenito 8cc494
	usernetctl
Chris PeBenito a225f9
	wine (Dan Walsh)
Chris PeBenito 488ec7
	xserver
Chris PeBenito 8cc494
Chris PeBenito 22cb0b
* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
Chris PeBenito b7b1d2
- Adds support for generating corenetwork interfaces based on attributes 
Chris PeBenito b7b1d2
  in addition to types.
Chris PeBenito b7b1d2
- Permits the listing of multiple nodes in a network_node() that will be
Chris PeBenito b7b1d2
  given the same type.
Chris PeBenito b7b1d2
- Add two new permission sets for stream sockets.
Chris PeBenito 9d5949
- Rename file type transition interfaces verb from create to
Chris PeBenito 9d5949
  filetrans to differentiate it from create interfaces without
Chris PeBenito 9d5949
  type transitions.
Chris PeBenito 9d5949
- Fix expansion of interfaces from disabled modules.
Chris PeBenito de9408
- Rsync can be long running from init,
Chris PeBenito de9408
  added rules to allow this.
Chris PeBenito b07eae
- Add polyinstantiation build option.
Chris PeBenito afd38b
- Add setcontext to the association object class.
Chris PeBenito bb4372
- Add apache relay and db connect tunables.
Chris PeBenito a324ef
- Rename texrel_shlib_t to textrel_shlib_t.
Chris PeBenito cbe327
- Add swat to samba module.
Chris PeBenito 2c2435
- Numerous miscellaneous fixes from Dan Walsh.
Chris PeBenito 0f73fd
- Added modules:
Chris PeBenito de8af9
	alsa
Chris PeBenito 7576fa
	automount
Chris PeBenito 4ec694
	cdrecord
Chris PeBenito 44d5d9
	daemontools (Petre Rodan)
Chris PeBenito 871079
	ddcprobe
Chris PeBenito 44d5d9
	djbdns (Petre Rodan)
Chris PeBenito a089b6
	fetchmail
Chris PeBenito 8cffa7
	irc
Chris PeBenito 3ffe29
	java
Chris PeBenito 1ae2c3
	lockdev
Chris PeBenito 020cbe
	logwatch (Dan Walsh)
Chris PeBenito 0e8ec4
	openct
Chris PeBenito 2c2435
	prelink (Dan Walsh)
Chris PeBenito 44d5d9
	publicfile (Petre Rodan)
Chris PeBenito 6f11d6
	readahead
Chris PeBenito 7e0fa5
	roundup
Chris PeBenito c8ba68
	screen
Chris PeBenito 6a57b6
	slocate (Dan Walsh)
Chris PeBenito 1d427a
	slrnpull
Chris PeBenito 871b68
	smartmon
Chris PeBenito 0f73fd
	sysstat
Chris PeBenito 44d5d9
	ucspitcp (Petre Rodan)
Chris PeBenito 44f490
	usbmodules
Chris PeBenito 39a17e
	vbetool (Dan Walsh)
Chris PeBenito 0f73fd
Chris PeBenito cd1b0b
* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
Chris PeBenito c0626a
- Add unlabeled IPSEC association rule to domains with
Chris PeBenito c0626a
  networking permissions.
Chris PeBenito bdb2fa
- Merge systemuser back in to users, as these files
Chris PeBenito bdb2fa
  do not need to be split.
Chris PeBenito 0176d1
- Add check for duplicate interface/template definitions.
Chris PeBenito 058f3e
- Move domain, files, and corecommands modules to kernel
Chris PeBenito 058f3e
  layer to resolve some layering inconsistencies.
Chris PeBenito 8e0ef1
- Move policy build options out of Makefile into build.conf.
Chris PeBenito 131e57
- Add yppasswd to nis module.
Chris PeBenito 132880
- Change optional_policy() to refer to the module name
Chris PeBenito 132880
  rather than modulename.te.
Chris PeBenito c767b1
- Fix labeling targets to use installed file_contexts rather
Chris PeBenito c767b1
  than partial file_contexts in the policy source directory.
Chris PeBenito c767b1
- Fix build process to use make's internal vpath functions
Chris PeBenito c767b1
  to detect modules rather than using subshells and find.
Chris PeBenito c767b1
- Add install target for modular policy.
Chris PeBenito c767b1
- Add load target for modular policy.
Chris PeBenito c767b1
- Add appconfig dependency to the load target.
Chris PeBenito 9cc2cc
- Miscellaneous fixes from Dan Walsh.
Chris PeBenito cf6141
- Fix corenetwork gen_context()'s to expand during the policy
Chris PeBenito cf6141
  build phase instead of during the generation phase.  
Chris PeBenito cf6141
- Added policies:
Chris PeBenito 10b1f3
	amanda
Chris PeBenito 4b9516
	avahi
Chris PeBenito 350948
	canna
Chris PeBenito ea557a
	cyrus
Chris PeBenito a63621
	dbskk
Chris PeBenito 29ce00
	dovecot
Chris PeBenito cf6141
	distcc
Chris PeBenito 4093c2
	i18n_input
Chris PeBenito 5d5ea8
	irqbalance
Chris PeBenito ad3b9d
	lpd
Chris PeBenito 239db5
	networkmanager
Chris PeBenito 230838
	pegasus
Chris PeBenito 04926d
	postfix
Chris PeBenito 3e6c81
	procmail
Chris PeBenito 385dcd
	radius
Chris PeBenito 19ff64
	rdisc
Chris PeBenito 43989f
	rpc
Chris PeBenito f932d8
	spamassassin
Chris PeBenito f11f0c
	timidity
Chris PeBenito 23a444
	xdm
Chris PeBenito 3f4188
	xfs
Chris PeBenito 2b01ae
Chris PeBenito a4e8b7
* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
Chris PeBenito 61feb2
- Many fixes to make loadable modules build.
Chris PeBenito 8df65f
- Add targets for sechecker.
Chris PeBenito 4f9f30
- Updated to sedoctool to read bool files and tunable
Chris PeBenito 4f9f30
  files separately.
Chris PeBenito 4f9f30
- Changed the xml tag of <boolean> to <bool> to be consistent
Chris PeBenito 4f9f30
  with gen_bool().
Chris PeBenito 4f9f30
- Modified the implementation of segenxml to use regular
Chris PeBenito 4f9f30
  expressions.
Chris PeBenito e02c61
- Rename context_template() to gen_context() to clarify
Chris PeBenito e02c61
  that its not a Reference Policy template, but a support
Chris PeBenito e02c61
  macro.
Chris PeBenito b03f96
- Add disable_*_trans bool support for targeted policy.
Chris PeBenito f0574f
- Add MLS module to handle MLS constraint exceptions,
Chris PeBenito f0574f
  such as reading up and writing down.
Chris PeBenito 681c9a
- Fix errors uncovered by sediff.
Chris PeBenito 842859
- Added policies:
Chris PeBenito 9edc28
	anaconda
Chris PeBenito e749cd
	apache
Chris PeBenito 4483ee
	apm
Chris PeBenito 4483ee
	arpwatch
Chris PeBenito d4dca5
	bluetooth
Chris PeBenito 20e306
	dmidecode
Chris PeBenito d4dca5
	finger
Chris PeBenito fc6524
	ftp
Chris PeBenito 842859
	kudzu
Chris PeBenito 799a0b
	mailman
Chris PeBenito e08118
	ppp
Chris PeBenito fa6757
	radvd
Chris PeBenito f33561
	sasl
Chris PeBenito f33561
	webalizer
Chris PeBenito 681c9a
Chris PeBenito 485586
* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
Chris PeBenito 142e9f
- Make logrotate, sendmail, sshd, and rpm policies
Chris PeBenito 142e9f
  unconfined in the targeted policy so no special
Chris PeBenito 142e9f
  modules.conf is required.
Chris PeBenito a08248
- Add experimental MCS support.
Chris PeBenito c0e4fe
- Add appconfig for MLS.
Chris PeBenito 98a8ea
- Add equivalents for old can_resolve(), can_ldap(), and
Chris PeBenito 98a8ea
  can_portmap() to sysnetwork.
Chris PeBenito 082dcd
- Fix base module compile issues.
Chris PeBenito d17b4d
- Added policies:
Chris PeBenito 921055
	cpucontrol
Chris PeBenito 93070c
	cvs
Chris PeBenito d17b4d
	ktalk
Chris PeBenito eb3cb6
	portmap
Chris PeBenito a1fcff
	postgresql
Chris PeBenito 4fd520
	rlogin
Chris PeBenito 84c922
	samba
Chris PeBenito ccc597
	snmp
Chris PeBenito 200f45
	stunnel
Chris PeBenito 4fd520
	telnet
Chris PeBenito 40adb5
	tftp
Chris PeBenito f7ba4a
	uucp
Chris PeBenito a1fcff
	vpn
Chris PeBenito 9ff300
	zebra
Chris PeBenito d17b4d
Chris PeBenito 541b7d
* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
Chris PeBenito ce1b44
- Fix errors uncovered by sediff.
Chris PeBenito a19e34
- Doc tool will explicitly say a module does not have interfaces
Chris PeBenito a19e34
  or templates on the module page.
Chris PeBenito 6e6156
- Added policies:
Chris PeBenito 6e6156
	comsat
Chris PeBenito 0c3d17
	dbus
Chris PeBenito f344c0
	dhcp
Chris PeBenito ac0483
	dictd
Chris PeBenito fdae8e
	hal
Chris PeBenito 8d9352
	inn
Chris PeBenito b11a75
	ntp
Chris PeBenito 0f707d
	squid
Chris PeBenito a19e34
Chris PeBenito 37aa3f
* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
Chris PeBenito e28aa6
- Add Makefile support for building loadable modules.
Chris PeBenito e28aa6
- Add genclassperms.py tool to add require blocks
Chris PeBenito e28aa6
  for loadable modules.
Chris PeBenito e28aa6
- Change sedoctool to make required modules part of base
Chris PeBenito e28aa6
  by default, otherwise make as modules, in modules.conf.
Chris PeBenito e28aa6
- Fix segenxml to handle modules with no interfaces.
Chris PeBenito e28aa6
- Rename ipsec connect interface for consistency.
Chris PeBenito e28aa6
- Add missing parts of unix stream socket connect interface
Chris PeBenito e28aa6
  of ipsec.
Chris PeBenito e28aa6
- Rename inetd connect interface for consistency.
Chris PeBenito e28aa6
- Rename interface for purging contents of tmp, for clarity,
Chris PeBenito e28aa6
  since it allows deletion of classes other than file.
Chris PeBenito e28aa6
- Misc. cleanups.
Chris PeBenito e28aa6
- Added policies:
Chris PeBenito e28aa6
	acct
Chris PeBenito e28aa6
	bind
Chris PeBenito e28aa6
	firstboot
Chris PeBenito e28aa6
	gpm
Chris PeBenito e28aa6
	howl
Chris PeBenito e28aa6
	ldap
Chris PeBenito e28aa6
	loadkeys
Chris PeBenito e28aa6
	mysql
Chris PeBenito e28aa6
	privoxy
Chris PeBenito e28aa6
	quota
Chris PeBenito e28aa6
	rshd
Chris PeBenito e28aa6
	rsync
Chris PeBenito e28aa6
	su
Chris PeBenito e28aa6
	sudo
Chris PeBenito e28aa6
	tcpd
Chris PeBenito e28aa6
	tmpreaper
Chris PeBenito e28aa6
	updfstab
Chris PeBenito 81343a
Chris PeBenito e28aa6
* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
Chris PeBenito e28aa6
- Fix comparison bug in fc_sort.
Chris PeBenito e28aa6
- Fix handling of ordered and unordered HTML lists.
Chris PeBenito e28aa6
- Corenetwork now supports multiple network interfaces having the
Chris PeBenito e28aa6
  same type.
Chris PeBenito e28aa6
- Doc tool now creates pages for global Booleans and global tunables.
Chris PeBenito e28aa6
- Doc tool now links directly to the interface/template in the
Chris PeBenito e28aa6
  module page when it is selected in the interface/template index.
Chris PeBenito e28aa6
- Added support for layer summaries.
Chris PeBenito e28aa6
- Added policies:
Chris PeBenito e28aa6
	ipsec
Chris PeBenito e28aa6
	nscd
Chris PeBenito e28aa6
	pcmcia
Chris PeBenito e28aa6
	raid
Chris PeBenito acb668
Chris PeBenito e28aa6
* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
Chris PeBenito e28aa6
- Changed xml to have modules encapsulated by layer tags, rather
Chris PeBenito e28aa6
  than putting layer="foo" in the module tags.  Also in the future
Chris PeBenito e28aa6
  we can put a summary and description for each layer.
Chris PeBenito e28aa6
- Added tool to infer interface, module, and layer tags.  This will
Chris PeBenito e28aa6
  now list all interfaces, even if they are missing xml docs.
Chris PeBenito e28aa6
- Shortened xml tag names.
Chris PeBenito e28aa6
- Added macros to declare interfaces and templates.
Chris PeBenito e28aa6
- Added interface call trace.
Chris PeBenito e28aa6
- Updated all xml documentation for shorter and inferred tags.
Chris PeBenito e28aa6
- Doc tool now displays templates in the web pages.
Chris PeBenito e28aa6
- Doc tool retains the user's settings in modules.conf and
Chris PeBenito e28aa6
  tunables.conf if the files already exist.
Chris PeBenito e28aa6
- Modules.conf behavior has been changed to be a list of all
Chris PeBenito e28aa6
  available modules, and the user can specify if the module is
Chris PeBenito e28aa6
  built as a loadable module, included in the monolithic policy,
Chris PeBenito e28aa6
  or excluded.
Chris PeBenito e28aa6
- Added policies:
Chris PeBenito e28aa6
	fstools (fsck, mkfs, swapon, etc. tools)
Chris PeBenito e28aa6
	logrotate
Chris PeBenito e28aa6
	inetd
Chris PeBenito e28aa6
	kerberos
Chris PeBenito e28aa6
	nis (ypbind and ypserv)
Chris PeBenito e28aa6
	ssh (server, client, and agent)
Chris PeBenito e28aa6
	unconfined
Chris PeBenito e28aa6
- Added infrastructure for targeted policy support, only missing
Chris PeBenito e28aa6
	transition boolean support.
Chris PeBenito dfa83e
Chris PeBenito e28aa6
* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
Chris PeBenito e28aa6
	- Initial release