rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/ChangeLog

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   0e721690dc0a112500337388bbaed25a6ce468c9
  2.   strict
  3.   ChangeLog
Blob History Raw
Chris PeBenito 0fbfa5 
1.23.2 2005-03-14
Chris PeBenito 0fbfa5 
	* Merged diffs from Dan Walsh.  Dan's patch includes Ivan Gyurdiev's
Chris PeBenito 0fbfa5 
	gift policy.
Chris PeBenito 0fbfa5 
	* Made sysadm_r the first role for root, so root's home will be labled
Chris PeBenito 0fbfa5 
	as sysadm_home_dir_t instead of staff_home_dir_t.
Chris PeBenito 0fbfa5 
	* Modified fs_use and Makefile to reflect jfs now supporting security
Chris PeBenito 0fbfa5 
	xattrs.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.23.1 2005-03-10
Chris PeBenito 0fbfa5 
	* Merged diffs from Dan Walsh.  Dan's patch includes Ivan
Chris PeBenito 0fbfa5 
	Gyurdiev's cleanup of homedir macros and more extensive use of
Chris PeBenito 0fbfa5 
	read_sysctl()
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.22 2005-03-09
Chris PeBenito 0fbfa5 
	* Updated version for release.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.21 2005-02-24
Chris PeBenito 0fbfa5 
	* Added secure_file_type attribute from Dan Walsh
Chris PeBenito 0fbfa5 
	* Added access_terminal() macro from Ivan Gyurdiev
Chris PeBenito 0fbfa5 
	* Updated capability access vector for audit capabilities.
Chris PeBenito 0fbfa5 
	* Added mlsconvert Makefile target to help generate MLS policies
Chris PeBenito 0fbfa5 
	  (see selinux-doc/README.MLS for instructions).
Chris PeBenito 0fbfa5 
	* Changed policy Makefile to still generate policy.18 as well,
Chris PeBenito 0fbfa5 
	  and use it for make load if the kernel doesn't support 19.
Chris PeBenito 0fbfa5 
	* Merged enhanced MLS support from Darrel Goeddel (TCS).
Chris PeBenito 0fbfa5 
	* Merged diffs from Dan Walsh, Russell Coker, and Greg Norris.
Chris PeBenito 0fbfa5 
	* Merged man pages from Dan Walsh.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.20 2005-01-04
Chris PeBenito 0fbfa5 
	* Merged diffs from Dan Walsh, Russell Coker, Thomas Bleher, and
Chris PeBenito 0fbfa5 
	Petre Rodan.
Chris PeBenito 0fbfa5 
	* Merged can_create() macro used for file_type_{,auto_}trans()
Chris PeBenito 0fbfa5 
	from Thomas Bleher.
Chris PeBenito 0fbfa5 
	* Merged dante and stunnel policy by Petre Rodan.
Chris PeBenito 0fbfa5 
	* Merged $1_file_type attribute from Thomas Bleher.
Chris PeBenito 0fbfa5 
	* Merged network_macros from Dan Walsh.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.18 2004-10-25
Chris PeBenito 0fbfa5 
	* Merged diffs from Russell Coker and Dan Walsh.
Chris PeBenito 0fbfa5 
	* Merged mkflask and mkaccess_vector patches from Ulrich Drepper.
Chris PeBenito 0fbfa5 
	* Added reserved_port_t type and portcon entries to map all other
Chris PeBenito 0fbfa5 
	  reserved ports to this type.
Chris PeBenito 0fbfa5 
	* Added distro_ prefix to distro tunables to avoid conflicts.
Chris PeBenito 0fbfa5 
	* Merged diffs from Russell Coker.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.16 2004-08-16
Chris PeBenito 0fbfa5 
	* Added nscd definitions.
Chris PeBenito 0fbfa5 
	* Converted many tunables to policy booleans.
Chris PeBenito 0fbfa5 
	* Added crontab permission.
Chris PeBenito 0fbfa5 
	* Merged diffs from Dan Walsh.
Chris PeBenito 0fbfa5 
	  This included diffs from Thomas Bleher, Russell Coker, and Colin Walters as well.
Chris PeBenito 0fbfa5 
	* Merged diffs from Russell Coker.
Chris PeBenito 0fbfa5 
	* Adjusted constraints for crond restart.
Chris PeBenito 0fbfa5 
	* Merged dbus/userspace object manager policy from Colin Walters.
Chris PeBenito 0fbfa5 
	* Merged dbus definitions from Matthew Rickard.
Chris PeBenito 0fbfa5 
	* Merged dnsmasq policy from Greg Norris.
Chris PeBenito 0fbfa5 
	* Merged gpg-agent policy from Thomas Bleher.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.14 2004-06-28
Chris PeBenito 0fbfa5 
	* Removed vmware-config.pl from vmware.fc.
Chris PeBenito 0fbfa5 
	* Added crond entry to root_default_contexts.
Chris PeBenito 0fbfa5 
	* Merged patch from Dan Walsh.
Chris PeBenito 0fbfa5 
	* Merged mdadm and postfix changes from Colin Walters.
Chris PeBenito 0fbfa5 
	* Merged reiserfs and rpm changes from Russell Coker.
Chris PeBenito 0fbfa5 
	* Merged runaway .* glob fix from Valdis Kletnieks.
Chris PeBenito 0fbfa5 
	* Merged diff from Dan Walsh.
Chris PeBenito 0fbfa5 
	* Merged fine-grained netlink classes and permissions.
Chris PeBenito 0fbfa5 
	* Merged changes for new /etc/selinux layout.
Chris PeBenito 0fbfa5 
	* Changed mkaccess_vector.sh to provide stable order.
Chris PeBenito 0fbfa5 
	* Merged diff from Dan Walsh.
Chris PeBenito 0fbfa5 
	* Fix restorecon path in restorecon.fc.
Chris PeBenito 0fbfa5 
	* Merged pax class and access vector definition from Joshua Brindle.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.12 2004-05-12
Chris PeBenito 0fbfa5 
	* Added targeted policy.
Chris PeBenito 0fbfa5 
	* Merged atd/at into crond/crontab domains.
Chris PeBenito 0fbfa5 
	* Exclude bind mounts from relabeling to avoid aliasing.
Chris PeBenito 0fbfa5 
	* Removed some obsolete types and remapped their initial SIDs to unlabeled.
Chris PeBenito 0fbfa5 
	* Added SE-X related security classes and policy framework.
Chris PeBenito 0fbfa5 
	* Added devnull initial SID and context.
Chris PeBenito 0fbfa5 
	* Merged diffs from Fedora policy.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.10 2004-04-07
Chris PeBenito 0fbfa5 
	* Merged ipv6 support from James Morris of RedHat.
Chris PeBenito 0fbfa5 
	* Merged policy diffs from Dan Walsh.
Chris PeBenito 0fbfa5 
	* Updated call to genhomedircon to reflect new usage.
Chris PeBenito 0fbfa5 
	* Merged policy diffs from Dan Walsh and Russell Coker.
Chris PeBenito 0fbfa5 
	* Removed config-users and config-services per Dan's request.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.8 2004-03-09
Chris PeBenito 0fbfa5 
	* Merged genhomedircon patch from Karl MacMillan of Tresys.
Chris PeBenito 0fbfa5 
	* Added restorecon domain.
Chris PeBenito 0fbfa5 
	* Added unconfined_domain macro.
Chris PeBenito 0fbfa5 
	* Added default_t for /.* file_contexts entry and replaced some
Chris PeBenito 0fbfa5 
	  uses of file_t with default_t in the policy.
Chris PeBenito 0fbfa5 
	* Added su_restricted_domain() macro and use it for initrc_t.
Chris PeBenito 0fbfa5 
	* Merged policy diffs from Dan Walsh and Russell Coker.
Chris PeBenito 0fbfa5 
	  These included a merge of an earlier patch by Chris PeBenito
Chris PeBenito 0fbfa5 
	  to rename the etc types to be consistent with other types.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.6 2004-02-18
Chris PeBenito 0fbfa5 
	* Merged xfs support from Chris PeBenito.
Chris PeBenito 0fbfa5 
	* Merged conditional rules for ping.te.
Chris PeBenito 0fbfa5 
	* Defined setbool permission, added can_setbool macro.
Chris PeBenito 0fbfa5 
	* Partial network policy cleanup.
Chris PeBenito 0fbfa5 
	* Merged with Russell Coker's policy.
Chris PeBenito 0fbfa5 
	* Renamed netscape macro and domain to mozilla  and renamed
Chris PeBenito 0fbfa5 
	  ipchains domain to iptables for consistency with Russell.
Chris PeBenito 0fbfa5 
	* Merged rhgb macro and domain from Russell Coker.
Chris PeBenito 0fbfa5 
	* Merged tunable.te from Russell Coker.
Chris PeBenito 0fbfa5 
          Only define direct_sysadm_daemon by default in our copy.
Chris PeBenito 0fbfa5 
	* Added rootok permission to passwd class.
Chris PeBenito 0fbfa5 
	* Merged Makefile change from Dan Walsh to generate /home
Chris PeBenito 0fbfa5 
	  file_contexts entries for staff users.
Chris PeBenito 0fbfa5 
	* Added automatic role and domain transitions for init scripts and
Chris PeBenito 0fbfa5 
	  daemons.  Added an optional third argument (nosysadm) to
Chris PeBenito 0fbfa5 
	  daemon_domain to omit the direct transition from sysadm_r when
Chris PeBenito 0fbfa5 
	  the same executable is also used as an application, in which
Chris PeBenito 0fbfa5 
	  case the daemon must be restarted via the init script to obtain
Chris PeBenito 0fbfa5 
	  the proper security context.  Added system_r to the authorized roles
Chris PeBenito 0fbfa5 
	  for admin users at least until support for automatic user identity
Chris PeBenito 0fbfa5 
	  transitions exist so that a transition to system_u can be provided
Chris PeBenito 0fbfa5 
	  transparently.
Chris PeBenito 0fbfa5 
	* Added support to su domain for using pam_selinux.
Chris PeBenito 0fbfa5 
	  Added entries to default_contexts for the su domains to
Chris PeBenito 0fbfa5 
	  provide reasonable defaults.  Removed user_su_t.
Chris PeBenito 0fbfa5 
	* Tighten restriction on user identity and role transitions in constraints.
Chris PeBenito 0fbfa5 
	* Merged macro for newrole-like domains from Russell Coker.
Chris PeBenito 0fbfa5 
	* Merged stub dbusd domain from Russell Coker.
Chris PeBenito 0fbfa5 
	* Merged stub prelink domain from Dan Walsh.
Chris PeBenito 0fbfa5 
	* Merged updated userhelper and config tool domains from Dan Walsh.
Chris PeBenito 0fbfa5 
	* Added send_msg/recv_msg permissions to can_network macro.
Chris PeBenito 0fbfa5 
	* Merged patch by Chris PeBenito for sshd subsystems.
Chris PeBenito 0fbfa5 
	* Merged patch by Chris PeBenito for passing class to var_run_domain.
Chris PeBenito 0fbfa5 
	* Merged patch by Yuichi Nakamura for append_log_domain macros.
Chris PeBenito 0fbfa5 
	* Merged patch by Chris PeBenito for rpc_pipefs labeling.
Chris PeBenito 0fbfa5 
	* Merged patch by Colin Walters to apply m4 once so that
Chris PeBenito 0fbfa5 
	  source file info is preserved for checkpolicy.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.4 2003-12-01
Chris PeBenito 0fbfa5 
        * Merged patches from Russell Coker.
Chris PeBenito 0fbfa5 
	* Revised networking permissions.
Chris PeBenito 0fbfa5 
	* Added new node_bind permission.
Chris PeBenito 0fbfa5 
	* Added new siginh, rlimitinh, and setrlimit permissions.
Chris PeBenito 0fbfa5 
	* Added proc_t:file read permission for new is_selinux_enabled logic.
Chris PeBenito 0fbfa5 
	* Added failsafe_context configuration file to appconfig.
Chris PeBenito 0fbfa5 
	* Moved newrules.pl to policycoreutils, renamed to audit2allow.
Chris PeBenito 0fbfa5 
	* Merged newrules.pl patch from Yuichi Nakamura.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.2 2003-09-30
Chris PeBenito 0fbfa5 
	* More policy merging with Russell Coker.
Chris PeBenito 0fbfa5 
	* Transferred newrules.pl script from the old SELinux.
Chris PeBenito 0fbfa5 
	* Merged MLS configuration patch from Karl MacMillan of Tresys.
Chris PeBenito 0fbfa5 
	* Limit staff_t to reading /proc entries for unpriv_userdomain.
Chris PeBenito 0fbfa5 
        * Updated Makefile and spec file to allow non-root builds,
Chris PeBenito 0fbfa5 
	  based on patch by Paul Nasrat.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.1 2003-08-13
Chris PeBenito 0fbfa5 
        * Merged Makefile check-all and te-includes patches from Colin Walters.
Chris PeBenito 0fbfa5 
        * Merged x-debian-packages.patch from Colin Walters.
Chris PeBenito 0fbfa5 
	* Folded read permission into domain_trans.
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
1.0 2003-07-11
Chris PeBenito 0fbfa5 
	* Initial public release.
Chris PeBenito 0fbfa5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation