Chris PeBenito 8df65f
- Add targets for sechecker.
Chris PeBenito 4f9f30
- Updated to sedoctool to read bool files and tunable
Chris PeBenito 4f9f30
  files separately.
Chris PeBenito 4f9f30
- Changed the xml tag of <boolean> to <bool> to be consistent
Chris PeBenito 4f9f30
  with gen_bool().
Chris PeBenito 4f9f30
- Modified the implementation of segenxml to use regular
Chris PeBenito 4f9f30
  expressions.
Chris PeBenito e02c61
- Rename context_template() to gen_context() to clarify
Chris PeBenito e02c61
  that its not a Reference Policy template, but a support
Chris PeBenito e02c61
  macro.
Chris PeBenito b03f96
- Add disable_*_trans bool support for targeted policy.
Chris PeBenito f0574f
- Add MLS module to handle MLS constraint exceptions,
Chris PeBenito f0574f
  such as reading up and writing down.
Chris PeBenito 681c9a
- Fix errors uncovered by sediff.
Chris PeBenito 842859
- Added policies:
Chris PeBenito 9edc28
	anaconda
Chris PeBenito e749cd
	apache
Chris PeBenito 4483ee
	apm
Chris PeBenito 4483ee
	arpwatch
Chris PeBenito d4dca5
	bluetooth
Chris PeBenito 20e306
	dmidecode
Chris PeBenito d4dca5
	finger
Chris PeBenito fc6524
	ftp
Chris PeBenito 842859
	kudzu
Chris PeBenito 799a0b
	mailman
Chris PeBenito e08118
	ppp
Chris PeBenito fa6757
	radvd
Chris PeBenito f33561
	sasl
Chris PeBenito f33561
	webalizer
Chris PeBenito 681c9a
Chris PeBenito 485586
* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
Chris PeBenito 142e9f
- Make logrotate, sendmail, sshd, and rpm policies
Chris PeBenito 142e9f
  unconfined in the targeted policy so no special
Chris PeBenito 142e9f
  modules.conf is required.
Chris PeBenito a08248
- Add experimental MCS support.
Chris PeBenito c0e4fe
- Add appconfig for MLS.
Chris PeBenito 98a8ea
- Add equivalents for old can_resolve(), can_ldap(), and
Chris PeBenito 98a8ea
  can_portmap() to sysnetwork.
Chris PeBenito 082dcd
- Fix base module compile issues.
Chris PeBenito d17b4d
- Added policies:
Chris PeBenito 921055
	cpucontrol
Chris PeBenito 93070c
	cvs
Chris PeBenito d17b4d
	ktalk
Chris PeBenito eb3cb6
	portmap
Chris PeBenito a1fcff
	postgresql
Chris PeBenito 4fd520
	rlogin
Chris PeBenito 84c922
	samba
Chris PeBenito ccc597
	snmp
Chris PeBenito 200f45
	stunnel
Chris PeBenito 4fd520
	telnet
Chris PeBenito 40adb5
	tftp
Chris PeBenito f7ba4a
	uucp
Chris PeBenito a1fcff
	vpn
Chris PeBenito 9ff300
	zebra
Chris PeBenito d17b4d
Chris PeBenito 541b7d
* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
Chris PeBenito ce1b44
- Fix errors uncovered by sediff.
Chris PeBenito a19e34
- Doc tool will explicitly say a module does not have interfaces
Chris PeBenito a19e34
  or templates on the module page.
Chris PeBenito 6e6156
- Added policies:
Chris PeBenito 6e6156
	comsat
Chris PeBenito 0c3d17
	dbus
Chris PeBenito f344c0
	dhcp
Chris PeBenito ac0483
	dictd
Chris PeBenito fdae8e
	hal
Chris PeBenito 8d9352
	inn
Chris PeBenito b11a75
	ntp
Chris PeBenito 0f707d
	squid
Chris PeBenito a19e34
Chris PeBenito 37aa3f
* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
Chris PeBenito e28aa6
- Add Makefile support for building loadable modules.
Chris PeBenito e28aa6
- Add genclassperms.py tool to add require blocks
Chris PeBenito e28aa6
  for loadable modules.
Chris PeBenito e28aa6
- Change sedoctool to make required modules part of base
Chris PeBenito e28aa6
  by default, otherwise make as modules, in modules.conf.
Chris PeBenito e28aa6
- Fix segenxml to handle modules with no interfaces.
Chris PeBenito e28aa6
- Rename ipsec connect interface for consistency.
Chris PeBenito e28aa6
- Add missing parts of unix stream socket connect interface
Chris PeBenito e28aa6
  of ipsec.
Chris PeBenito e28aa6
- Rename inetd connect interface for consistency.
Chris PeBenito e28aa6
- Rename interface for purging contents of tmp, for clarity,
Chris PeBenito e28aa6
  since it allows deletion of classes other than file.
Chris PeBenito e28aa6
- Misc. cleanups.
Chris PeBenito e28aa6
- Added policies:
Chris PeBenito e28aa6
	acct
Chris PeBenito e28aa6
	bind
Chris PeBenito e28aa6
	firstboot
Chris PeBenito e28aa6
	gpm
Chris PeBenito e28aa6
	howl
Chris PeBenito e28aa6
	ldap
Chris PeBenito e28aa6
	loadkeys
Chris PeBenito e28aa6
	mysql
Chris PeBenito e28aa6
	privoxy
Chris PeBenito e28aa6
	quota
Chris PeBenito e28aa6
	rshd
Chris PeBenito e28aa6
	rsync
Chris PeBenito e28aa6
	su
Chris PeBenito e28aa6
	sudo
Chris PeBenito e28aa6
	tcpd
Chris PeBenito e28aa6
	tmpreaper
Chris PeBenito e28aa6
	updfstab
Chris PeBenito 81343a
Chris PeBenito e28aa6
* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
Chris PeBenito e28aa6
- Fix comparison bug in fc_sort.
Chris PeBenito e28aa6
- Fix handling of ordered and unordered HTML lists.
Chris PeBenito e28aa6
- Corenetwork now supports multiple network interfaces having the
Chris PeBenito e28aa6
  same type.
Chris PeBenito e28aa6
- Doc tool now creates pages for global Booleans and global tunables.
Chris PeBenito e28aa6
- Doc tool now links directly to the interface/template in the
Chris PeBenito e28aa6
  module page when it is selected in the interface/template index.
Chris PeBenito e28aa6
- Added support for layer summaries.
Chris PeBenito e28aa6
- Added policies:
Chris PeBenito e28aa6
	ipsec
Chris PeBenito e28aa6
	nscd
Chris PeBenito e28aa6
	pcmcia
Chris PeBenito e28aa6
	raid
Chris PeBenito acb668
Chris PeBenito e28aa6
* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
Chris PeBenito e28aa6
- Changed xml to have modules encapsulated by layer tags, rather
Chris PeBenito e28aa6
  than putting layer="foo" in the module tags.  Also in the future
Chris PeBenito e28aa6
  we can put a summary and description for each layer.
Chris PeBenito e28aa6
- Added tool to infer interface, module, and layer tags.  This will
Chris PeBenito e28aa6
  now list all interfaces, even if they are missing xml docs.
Chris PeBenito e28aa6
- Shortened xml tag names.
Chris PeBenito e28aa6
- Added macros to declare interfaces and templates.
Chris PeBenito e28aa6
- Added interface call trace.
Chris PeBenito e28aa6
- Updated all xml documentation for shorter and inferred tags.
Chris PeBenito e28aa6
- Doc tool now displays templates in the web pages.
Chris PeBenito e28aa6
- Doc tool retains the user's settings in modules.conf and
Chris PeBenito e28aa6
  tunables.conf if the files already exist.
Chris PeBenito e28aa6
- Modules.conf behavior has been changed to be a list of all
Chris PeBenito e28aa6
  available modules, and the user can specify if the module is
Chris PeBenito e28aa6
  built as a loadable module, included in the monolithic policy,
Chris PeBenito e28aa6
  or excluded.
Chris PeBenito e28aa6
- Added policies:
Chris PeBenito e28aa6
	fstools (fsck, mkfs, swapon, etc. tools)
Chris PeBenito e28aa6
	logrotate
Chris PeBenito e28aa6
	inetd
Chris PeBenito e28aa6
	kerberos
Chris PeBenito e28aa6
	nis (ypbind and ypserv)
Chris PeBenito e28aa6
	ssh (server, client, and agent)
Chris PeBenito e28aa6
	unconfined
Chris PeBenito e28aa6
- Added infrastructure for targeted policy support, only missing
Chris PeBenito e28aa6
	transition boolean support.
Chris PeBenito dfa83e
Chris PeBenito e28aa6
* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
Chris PeBenito e28aa6
	- Initial release