You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5526 lines
214 KiB
5526 lines
214 KiB
%global libauditver 3.0
|
|
%global libsepolver 2.9-1
|
|
%global libsemanagever 2.9-7
|
|
%global libselinuxver 2.9-1
|
|
%global sepolgenver 2.9
|
|
|
|
%global generatorsdir %{_prefix}/lib/systemd/system-generators
|
|
|
|
# Disable automatic compilation of Python files in extra directories
|
|
%global _python_bytecompile_extra 0
|
|
|
|
Summary: SELinux policy core utilities
|
|
Name: policycoreutils
|
|
Version: 2.9
|
|
Release: 25%{?dist}
|
|
License: GPLv2
|
|
# https://github.com/SELinuxProject/selinux/wiki/Releases
|
|
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
|
|
Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz
|
|
Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz
|
|
Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz
|
|
Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz
|
|
Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz
|
|
Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz
|
|
URL: https://github.com/SELinuxProject/selinux
|
|
Source13: system-config-selinux.png
|
|
Source14: sepolicy-icons.tgz
|
|
Source15: selinux-autorelabel
|
|
Source16: selinux-autorelabel.service
|
|
Source17: selinux-autorelabel-mark.service
|
|
Source18: selinux-autorelabel.target
|
|
Source19: selinux-autorelabel-generator.sh
|
|
Source20: policycoreutils-po.tgz
|
|
Source21: python-po.tgz
|
|
Source22: gui-po.tgz
|
|
Source23: sandbox-po.tgz
|
|
# https://gitlab.cee.redhat.com/SELinux/selinux
|
|
# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
|
|
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
|
|
Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
|
|
Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch
|
|
Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
|
|
Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
|
|
Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
|
|
Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
|
|
Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
|
|
Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch
|
|
Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
|
|
Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
|
|
Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch
|
|
Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch
|
|
Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
|
|
Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch
|
|
# this is too big and it's covered by sources 20 - 23
|
|
# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch
|
|
Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
|
|
Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch
|
|
Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
|
|
Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
|
|
Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch
|
|
Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
|
|
Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
|
|
Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
|
|
Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
|
|
Patch0025: 0025-gui-Fix-remove-module-in-system-config-selinux.patch
|
|
Patch0026: 0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch
|
|
Patch0027: 0027-policycoreutils-fixfiles-Fix-verify-option.patch
|
|
Patch0028: 0028-python-semanage-Improve-handling-of-permissive-state.patch
|
|
Patch0029: 0029-python-semanage-fix-moduleRecords.customized.patch
|
|
Patch0030: 0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch
|
|
Patch0031: 0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch
|
|
Patch0032: 0032-restorecond-Fix-redundant-console-log-output-error.patch
|
|
Patch0033: 0033-python-semanage-empty-stdout-before-exiting-on-Broke.patch
|
|
Patch0034: 0034-python-semanage-Sort-imports-in-alphabetical-order.patch
|
|
Patch0035: 0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch
|
|
Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch
|
|
Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch
|
|
Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch
|
|
Patch0039: 0039-selinux-8-5-Describe-fcontext-regular-expressions.patch
|
|
Patch0040: 0040-policycoreutils-setfiles-do-not-restrict-checks-agai.patch
|
|
Patch0041: 0041-semodule-add-m-checksum-option.patch
|
|
Patch0042: 0042-semodule-Fix-lang_ext-column-index.patch
|
|
Patch0043: 0043-semodule-Don-t-forget-to-munmap-data.patch
|
|
Patch0044: 0044-policycoreutils-Improve-error-message-when-selabel_o.patch
|
|
Patch0045: 0045-semodule-libsemanage-move-module-hashing-into-libsem.patch
|
|
Patch0046: 0046-semodule-add-command-line-option-to-detect-module-ch.patch
|
|
Patch0047: 0047-python-Split-semanage-import-into-two-transactions.patch
|
|
Patch0048: 0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch
|
|
Patch0049: 0049-python-Harden-tools-against-rogue-modules.patch
|
|
Patch0050: 0050-python-Do-not-query-the-local-database-if-the-fconte.patch
|
|
Patch0051: 0051-python-sepolicy-add-missing-booleans-to-man-pages.patch
|
|
Patch0052: 0052-python-sepolicy-Cache-conditional-rule-queries.patch
|
|
Patch0053: 0053-python-Harden-more-tools-against-rogue-modules.patch
|
|
Patch0054: 0054-sepolicy-port-to-dnf4-python-API.patch
|
|
|
|
Obsoletes: policycoreutils < 2.0.61-2
|
|
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
|
|
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
|
|
Conflicts: initscripts < 9.66
|
|
Provides: /sbin/fixfiles
|
|
Provides: /sbin/restorecon
|
|
|
|
BuildRequires: gcc
|
|
BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
|
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
|
BuildRequires: python3-devel
|
|
BuildRequires: systemd
|
|
BuildRequires: git
|
|
Requires: util-linux grep gawk diffutils rpm sed
|
|
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
|
|
|
|
%description
|
|
Security-enhanced Linux is a feature of the Linux® kernel and a number
|
|
of utilities with enhanced security functionality designed to add
|
|
mandatory access controls to Linux. The Security-enhanced Linux
|
|
kernel contains new architectural components originally developed to
|
|
improve the security of the Flask operating system. These
|
|
architectural components provide general support for the enforcement
|
|
of many kinds of mandatory access control policies, including those
|
|
based on the concepts of Type Enforcement®, Role-based Access
|
|
Control, and Multi-level Security.
|
|
|
|
policycoreutils contains the policy core utilities that are required
|
|
for basic operation of a SELinux system. These utilities include
|
|
load_policy to load policies, setfiles to label filesystems, newrole
|
|
to switch roles.
|
|
|
|
%prep -p /usr/bin/bash
|
|
# create selinux/ directory and extract sources
|
|
%autosetup -S git -N -c -n selinux
|
|
%autosetup -S git -N -T -D -a 1 -n selinux
|
|
%autosetup -S git -N -T -D -a 2 -n selinux
|
|
%autosetup -S git -N -T -D -a 3 -n selinux
|
|
%autosetup -S git -N -T -D -a 4 -n selinux
|
|
%autosetup -S git -N -T -D -a 5 -n selinux
|
|
%autosetup -S git -N -T -D -a 6 -n selinux
|
|
|
|
for i in *; do
|
|
git mv $i ${i/-%{version}/}
|
|
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}/}"
|
|
done
|
|
|
|
for i in selinux-*; do
|
|
git mv $i ${i#selinux-}
|
|
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i#selinux-}"
|
|
done
|
|
|
|
git am %{_sourcedir}/[0-9]*.patch
|
|
|
|
cp %{SOURCE13} gui/
|
|
tar -xvf %{SOURCE14} -C python/sepolicy/
|
|
|
|
# Since patches containing translation changes were too big, translations were moved to separate tarballs
|
|
# For more information see README.translations
|
|
# First remove old translation files
|
|
rm -f policycoreutils/po/*.po python/po/*.po gui/po/*.po sandbox/po/*.po
|
|
tar -x -f %{SOURCE20} -C policycoreutils -z
|
|
tar -x -f %{SOURCE21} -C python -z
|
|
tar -x -f %{SOURCE22} -C gui -z
|
|
tar -x -f %{SOURCE23} -C sandbox -z
|
|
|
|
%build
|
|
%set_build_flags
|
|
export PYTHON=%{__python3}
|
|
|
|
make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
|
make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
|
make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
|
make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
|
make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
|
make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
|
make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
|
|
|
|
%install
|
|
mkdir -p %{buildroot}%{_bindir}
|
|
mkdir -p %{buildroot}%{_sbindir}
|
|
mkdir -p %{buildroot}%{_mandir}/man1
|
|
mkdir -p %{buildroot}%{_mandir}/man5
|
|
mkdir -p %{buildroot}%{_mandir}/man8
|
|
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
|
|
|
|
make -C policycoreutils LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
|
|
|
make -C python PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
|
|
|
make -C gui PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
|
|
|
make -C sandbox PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
|
|
|
make -C dbus PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
|
|
|
make -C semodule-utils PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
|
|
|
make -C restorecond PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
|
|
|
|
# Fix perms on newrole so that objcopy can process it
|
|
chmod 0755 %{buildroot}%{_bindir}/newrole
|
|
|
|
# Systemd
|
|
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
|
|
|
|
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
|
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8*
|
|
rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
|
|
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
|
|
rm -f %{buildroot}/usr/sbin/open_init_pty
|
|
rm -f %{buildroot}/usr/sbin/run_init
|
|
rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
|
|
rm -f %{buildroot}/usr/share/man/man8/run_init.8*
|
|
rm -f %{buildroot}/etc/pam.d/run_init*
|
|
|
|
mkdir -m 755 -p %{buildroot}/%{generatorsdir}
|
|
install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
|
|
install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
|
|
install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/
|
|
install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/
|
|
install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/
|
|
|
|
# change /usr/bin/python to %%{__python3} in policycoreutils-python3
|
|
pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib}
|
|
|
|
# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils
|
|
pathfix.py -i "%{__python3} -EsI" -p \
|
|
%{buildroot}%{_sbindir}/semanage \
|
|
%{buildroot}%{_bindir}/chcat \
|
|
%{buildroot}%{_bindir}/sandbox \
|
|
%{buildroot}%{_datadir}/sandbox/start \
|
|
%{buildroot}%{_bindir}/audit2allow \
|
|
%{buildroot}%{_bindir}/sepolicy \
|
|
%{buildroot}%{_bindir}/sepolgen-ifgen \
|
|
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
|
|
%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
|
|
%nil
|
|
|
|
# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
|
|
find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
|
|
%{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
|
|
-type f -name '*~' | xargs rm -f
|
|
|
|
# Manually invoke the python byte compile macro for each path that needs byte
|
|
# compilation.
|
|
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux
|
|
|
|
%find_lang policycoreutils
|
|
%find_lang selinux-python
|
|
%find_lang selinux-gui
|
|
%find_lang selinux-sandbox
|
|
|
|
%package python-utils
|
|
Summary: SELinux policy core python utilities
|
|
Requires: python3-policycoreutils = %{version}-%{release}
|
|
Obsoletes: policycoreutils-python <= 2.4-4
|
|
BuildArch: noarch
|
|
|
|
%description python-utils
|
|
The policycoreutils-python-utils package contains the management tools use to manage
|
|
an SELinux environment.
|
|
|
|
%files python-utils
|
|
%{_sbindir}/semanage
|
|
%{_bindir}/chcat
|
|
%{_bindir}/sandbox
|
|
%{_bindir}/audit2allow
|
|
%{_bindir}/audit2why
|
|
%{_mandir}/man1/audit2allow.1*
|
|
%{_mandir}/ru/man1/audit2allow.1*
|
|
%{_mandir}/man1/audit2why.1*
|
|
%{_mandir}/ru/man1/audit2why.1*
|
|
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
|
|
%{_mandir}/man8/chcat.8*
|
|
%{_mandir}/ru/man8/chcat.8*
|
|
%{_mandir}/man8/sandbox.8*
|
|
%{_mandir}/ru/man8/sandbox.8*
|
|
%{_mandir}/man8/semanage*.8*
|
|
%{_mandir}/ru/man8/semanage*.8*
|
|
%{_datadir}/bash-completion/completions/semanage
|
|
|
|
%package dbus
|
|
Summary: SELinux policy core DBUS api
|
|
Requires: python3-policycoreutils = %{version}-%{release}
|
|
Requires: python3-slip-dbus
|
|
BuildArch: noarch
|
|
|
|
%description dbus
|
|
The policycoreutils-dbus package contains the management DBUS API use to manage
|
|
an SELinux environment.
|
|
|
|
%files dbus
|
|
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
|
|
%{_datadir}/dbus-1/system-services/org.selinux.service
|
|
%{_datadir}/polkit-1/actions/org.selinux.policy
|
|
%{_datadir}/polkit-1/actions/org.selinux.config.policy
|
|
%{_datadir}/system-config-selinux/selinux_server.py
|
|
%dir %{_datadir}/system-config-selinux/__pycache__
|
|
%{_datadir}/system-config-selinux/__pycache__/selinux_server.*
|
|
|
|
%package -n python3-policycoreutils
|
|
%{?python_provide:%python_provide python3-policycoreutils}
|
|
# Remove before F31
|
|
Provides: %{name}-python3 = %{version}-%{release}
|
|
Provides: %{name}-python3 = %{version}-%{release}
|
|
Obsoletes: %{name}-python3 < %{version}-%{release}
|
|
Summary: SELinux policy core python3 interfaces
|
|
Requires:policycoreutils = %{version}-%{release}
|
|
Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux
|
|
# no python3-audit-libs yet
|
|
Requires:audit-libs-python3 >= %{libauditver}
|
|
Requires: checkpolicy
|
|
Requires: python3-setools >= 4.1.1
|
|
BuildArch: noarch
|
|
|
|
%description -n python3-policycoreutils
|
|
The python3-policycoreutils package contains the interfaces that can be used
|
|
by python 3 in an SELinux environment.
|
|
|
|
%files -f selinux-python.lang -n python3-policycoreutils
|
|
%{python3_sitelib}/seobject.py*
|
|
%{python3_sitelib}/__pycache__
|
|
%{python3_sitelib}/sepolgen
|
|
%dir %{python3_sitelib}/sepolicy
|
|
%{python3_sitelib}/sepolicy/templates
|
|
%dir %{python3_sitelib}/sepolicy/help
|
|
%{python3_sitelib}/sepolicy/help/*
|
|
%{python3_sitelib}/sepolicy/__init__.py*
|
|
%{python3_sitelib}/sepolicy/booleans.py*
|
|
%{python3_sitelib}/sepolicy/communicate.py*
|
|
%{python3_sitelib}/sepolicy/generate.py*
|
|
%{python3_sitelib}/sepolicy/interface.py*
|
|
%{python3_sitelib}/sepolicy/manpage.py*
|
|
%{python3_sitelib}/sepolicy/network.py*
|
|
%{python3_sitelib}/sepolicy/transition.py*
|
|
%{python3_sitelib}/sepolicy/sedbus.py*
|
|
%{python3_sitelib}/sepolicy*.egg-info
|
|
%{python3_sitelib}/sepolicy/__pycache__
|
|
|
|
%package devel
|
|
Summary: SELinux policy core policy devel utilities
|
|
Requires: policycoreutils-python-utils = %{version}-%{release}
|
|
Requires: /usr/bin/make dnf
|
|
Requires: selinux-policy-devel
|
|
|
|
%description devel
|
|
The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
|
|
|
|
%files devel
|
|
%{_bindir}/sepolgen
|
|
%{_bindir}/sepolgen-ifgen
|
|
%{_bindir}/sepolgen-ifgen-attr-helper
|
|
%dir /var/lib/sepolgen
|
|
/var/lib/sepolgen/perm_map
|
|
%{_bindir}/sepolicy
|
|
%{_mandir}/man8/sepolgen.8*
|
|
%{_mandir}/ru/man8/sepolgen.8*
|
|
%{_mandir}/man8/sepolicy-booleans.8*
|
|
%{_mandir}/man8/sepolicy-generate.8*
|
|
%{_mandir}/man8/sepolicy-interface.8*
|
|
%{_mandir}/man8/sepolicy-network.8*
|
|
%{_mandir}/man8/sepolicy.8*
|
|
%{_mandir}/man8/sepolicy-communicate.8*
|
|
%{_mandir}/man8/sepolicy-manpage.8*
|
|
%{_mandir}/man8/sepolicy-transition.8*
|
|
%{_mandir}/ru/man8/sepolicy*.8*
|
|
%{_usr}/share/bash-completion/completions/sepolicy
|
|
|
|
|
|
%package sandbox
|
|
Summary: SELinux sandbox utilities
|
|
Requires: python3-policycoreutils = %{version}-%{release}
|
|
Requires: xorg-x11-server-Xephyr >= 1.14.1-2 /usr/bin/rsync /usr/bin/xmodmap
|
|
Requires: matchbox-window-manager
|
|
BuildRequires: libcap-ng-devel
|
|
|
|
%description sandbox
|
|
The policycoreutils-sandbox package contains the scripts to create graphical
|
|
sandboxes
|
|
|
|
%files -f selinux-sandbox.lang sandbox
|
|
%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
|
|
%{_datadir}/sandbox/sandboxX.sh
|
|
%{_datadir}/sandbox/start
|
|
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
|
|
%{_mandir}/man8/seunshare.8*
|
|
%{_mandir}/ru/man8/seunshare.8*
|
|
%{_mandir}/man5/sandbox.5*
|
|
%{_mandir}/ru/man5/sandbox.5*
|
|
|
|
%package newrole
|
|
Summary: The newrole application for RBAC/MLS
|
|
Requires: policycoreutils = %{version}-%{release}
|
|
|
|
%description newrole
|
|
RBAC/MLS policy machines require newrole as a way of changing the role
|
|
or level of a logged in user.
|
|
|
|
%files newrole
|
|
%attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
|
|
%{_mandir}/man1/newrole.1.gz
|
|
%{_mandir}/ru/man1/newrole.1.gz
|
|
%config(noreplace) %{_sysconfdir}/pam.d/newrole
|
|
|
|
%package gui
|
|
Summary: SELinux configuration GUI
|
|
Requires: policycoreutils-devel = %{version}-%{release}, python3-policycoreutils = %{version}-%{release}
|
|
Requires: policycoreutils-dbus = %{version}-%{release}
|
|
Requires: gtk3, python3-gobject
|
|
BuildRequires: desktop-file-utils
|
|
BuildArch: noarch
|
|
|
|
%description gui
|
|
system-config-selinux is a utility for managing the SELinux environment
|
|
|
|
%files -f selinux-gui.lang gui
|
|
%{_bindir}/system-config-selinux
|
|
%{_bindir}/selinux-polgengui
|
|
%{_datadir}/applications/sepolicy.desktop
|
|
%{_datadir}/applications/system-config-selinux.desktop
|
|
%{_datadir}/applications/selinux-polgengui.desktop
|
|
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
|
|
%{_datadir}/pixmaps/system-config-selinux.png
|
|
%dir %{_datadir}/system-config-selinux
|
|
%dir %{_datadir}/system-config-selinux/__pycache__
|
|
%{_datadir}/system-config-selinux/system-config-selinux.png
|
|
%{_datadir}/system-config-selinux/*Page.py
|
|
%{_datadir}/system-config-selinux/__pycache__/*Page.*
|
|
%{_datadir}/system-config-selinux/system-config-selinux.py
|
|
%{_datadir}/system-config-selinux/__pycache__/system-config-selinux.*
|
|
%{_datadir}/system-config-selinux/*.ui
|
|
%{python3_sitelib}/sepolicy/gui.py*
|
|
%{python3_sitelib}/sepolicy/sepolicy.glade
|
|
%{_datadir}/icons/hicolor/*/apps/sepolicy.png
|
|
%{_datadir}/pixmaps/sepolicy.png
|
|
%{_mandir}/man8/system-config-selinux.8*
|
|
%{_mandir}/ru/man8/system-config-selinux.8*
|
|
%{_mandir}/man8/selinux-polgengui.8*
|
|
%{_mandir}/ru/man8/selinux-polgengui.8*
|
|
%{_mandir}/man8/sepolicy-gui.8*
|
|
%{_mandir}/ru/man8/sepolicy-gui.8*
|
|
|
|
%files -f %{name}.lang
|
|
%{_sbindir}/restorecon
|
|
%{_sbindir}/restorecon_xattr
|
|
%{_sbindir}/fixfiles
|
|
%{_sbindir}/setfiles
|
|
%{_sbindir}/load_policy
|
|
%{_sbindir}/genhomedircon
|
|
%{_sbindir}/setsebool
|
|
%{_sbindir}/semodule
|
|
%{_sbindir}/sestatus
|
|
%{_bindir}/secon
|
|
%{_bindir}/semodule_expand
|
|
%{_bindir}/semodule_link
|
|
%{_bindir}/semodule_package
|
|
%{_bindir}/semodule_unpackage
|
|
%{_libexecdir}/selinux/hll
|
|
%{_libexecdir}/selinux/selinux-autorelabel
|
|
%{_unitdir}/selinux-autorelabel-mark.service
|
|
%{_unitdir}/selinux-autorelabel.service
|
|
%{_unitdir}/selinux-autorelabel.target
|
|
%{generatorsdir}/selinux-autorelabel-generator.sh
|
|
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
|
%{_mandir}/man5/selinux_config.5.gz
|
|
%{_mandir}/ru/man5/selinux_config.5.gz
|
|
%{_mandir}/man5/sestatus.conf.5.gz
|
|
%{_mandir}/ru/man5/sestatus.conf.5.gz
|
|
%{_mandir}/man8/fixfiles.8*
|
|
%{_mandir}/ru/man8/fixfiles.8*
|
|
%{_mandir}/man8/load_policy.8*
|
|
%{_mandir}/ru/man8/load_policy.8*
|
|
%{_mandir}/man8/restorecon.8*
|
|
%{_mandir}/ru/man8/restorecon.8*
|
|
%{_mandir}/man8/restorecon_xattr.8*
|
|
%{_mandir}/ru/man8/restorecon_xattr.8*
|
|
%{_mandir}/man8/semodule.8*
|
|
%{_mandir}/ru/man8/semodule.8*
|
|
%{_mandir}/man8/sestatus.8*
|
|
%{_mandir}/ru/man8/sestatus.8*
|
|
%{_mandir}/man8/setfiles.8*
|
|
%{_mandir}/ru/man8/setfiles.8*
|
|
%{_mandir}/man8/setsebool.8*
|
|
%{_mandir}/ru/man8/setsebool.8*
|
|
%{_mandir}/man1/secon.1*
|
|
%{_mandir}/ru/man1/secon.1*
|
|
%{_mandir}/man8/genhomedircon.8*
|
|
%{_mandir}/ru/man8/genhomedircon.8*
|
|
%{_mandir}/man8/semodule_expand.8*
|
|
%{_mandir}/ru/man8/semodule_expand.8*
|
|
%{_mandir}/man8/semodule_link.8*
|
|
%{_mandir}/ru/man8/semodule_link.8*
|
|
%{_mandir}/man8/semodule_unpackage.8*
|
|
%{_mandir}/ru/man8/semodule_unpackage.8*
|
|
%{_mandir}/man8/semodule_package.8*
|
|
%{_mandir}/ru/man8/semodule_package.8*
|
|
%dir %{_datadir}/bash-completion
|
|
%{_datadir}/bash-completion/completions/setsebool
|
|
%{!?_licensedir:%global license %%doc}
|
|
%license policycoreutils/COPYING
|
|
%doc %{_usr}/share/doc/%{name}
|
|
|
|
%package restorecond
|
|
Summary: SELinux restorecond utilities
|
|
BuildRequires: systemd-units
|
|
|
|
%description restorecond
|
|
The policycoreutils-restorecond package contains the restorecond service.
|
|
|
|
%files restorecond
|
|
%{_sbindir}/restorecond
|
|
%{_unitdir}/restorecond.service
|
|
%config(noreplace) %{_sysconfdir}/selinux/restorecond.conf
|
|
%config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf
|
|
%{_sysconfdir}/xdg/autostart/restorecond.desktop
|
|
%{_datadir}/dbus-1/services/org.selinux.Restorecond.service
|
|
%{_mandir}/man8/restorecond.8*
|
|
%{_mandir}/ru/man8/restorecond.8*
|
|
%{!?_licensedir:%global license %%doc}
|
|
%license policycoreutils/COPYING
|
|
|
|
%post
|
|
%systemd_post selinux-autorelabel-mark.service
|
|
|
|
%preun
|
|
%systemd_preun selinux-autorelabel-mark.service
|
|
|
|
%post restorecond
|
|
%systemd_post restorecond.service
|
|
|
|
%preun restorecond
|
|
%systemd_preun restorecond.service
|
|
|
|
%postun restorecond
|
|
%systemd_postun_with_restart restorecond.service
|
|
|
|
%changelog
|
|
* Tue Feb 06 2024 Vit Mojzis <vmojzis@redhat.com> - 2.9-25
|
|
- Harden more tools against "rogue" modules (RHEL-17351)
|
|
- sepolicy: port to dnf4 python API (RHEL-17398)
|
|
|
|
* Wed Feb 15 2023 Vit Mojzis <vmojzis@redhat.com> - 2.9-24
|
|
- Update translations (#2124826)
|
|
|
|
* Wed Feb 08 2023 Vit Mojzis <vmojzis@redhat.com> - 2.9-23
|
|
- python/sepolicy: Cache conditional rule queries (#2155540)
|
|
|
|
* Mon Jan 09 2023 Vit Mojzis <vmojzis@redhat.com> - 2.9-22
|
|
- python/sepolicy: add missing booleans to man pages (#2155540)
|
|
|
|
* Mon Dec 19 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-21.1
|
|
- python: Harden tools against "rogue" modules (#2128976)
|
|
- Update "pathfix" arguments to match ^^^ (#2128976)
|
|
- python: Do not query the local database if the fcontext is non-local (#2124825)
|
|
|
|
* Thu Jul 07 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-20
|
|
- python: Split "semanage import" into two transactions (#2063353)
|
|
- semodule: rename --rebuild-if-modules-changed to --refresh (#2089802)
|
|
- selinux-autorelabel: Do not force reboot (#2093133)
|
|
|
|
* Thu Feb 17 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-19
|
|
- semodule: move module hashing into libsemanage (requires libsemanage-2.9-7)
|
|
- semodule: add command-line option to detect module changes (#2049189)
|
|
|
|
* Fri Jan 14 2022 Vit Mojzis <vmojzis@redhat.com> - 2.9-18
|
|
- Improve error message when selabel_open fails (#1926511)
|
|
|
|
* Tue Nov 30 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-17
|
|
- semodule: add -m | --checksum option
|
|
|
|
* Thu Sep 16 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-16
|
|
- Update translations (#1962009)
|
|
|
|
* Mon Jul 19 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-15
|
|
- setfiles: do not restrict checks against a binary policy (#1973754)
|
|
|
|
* Tue Mar 09 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-14
|
|
- Update translations (#1899695)
|
|
|
|
* Mon Feb 22 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-13
|
|
- selinux(8,5): Describe fcontext regular expressions (#1904059)
|
|
|
|
* Tue Feb 2 2021 Petr Lautrbach <plautrba@redhat.com> - 2.9-12
|
|
- setfiles: Do not abort on labeling error (#1794518)
|
|
|
|
* Wed Jan 27 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-11
|
|
- python/sepolgen: allow any policy statement in if(n)def (#1868717)
|
|
|
|
* Sat Jan 16 2021 Vit Mojzis <vmojzis@redhat.com> - 2.9-10
|
|
- python/semanage: Sort imports in alphabetical order
|
|
- python/semanage: empty stdout before exiting on BrokenPipeError (#1822100)
|
|
|
|
* Fri Jan 17 2020 Vit Mojzis <vmojzis@redhat.com> - 2.9-9
|
|
- Update translations (#1754978)
|
|
|
|
* Thu Nov 21 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-8
|
|
- restorecond: Fix redundant console log output error (#1626468)
|
|
|
|
* Tue Nov 19 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-7
|
|
- dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot (#1754873)
|
|
|
|
* Tue Nov 12 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-6
|
|
- Configure autorelabel service to output to journal and to console if set (#1766578)
|
|
|
|
* Wed Nov 06 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-5
|
|
- fixfiles: Fix "verify" option (#1647532)
|
|
- semanage: Improve handling of "permissive" statements (#1417455)
|
|
- semanage: fix moduleRecords.customized()
|
|
- semanage: Add support for DCCP and SCTP protocols (#1563742)
|
|
|
|
* Wed Sep 4 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-4
|
|
- semanage: Do not use default s0 range in "semanage login -a" (#1554360)
|
|
- gui: Fix remove module in system-config-selinux (#1748763)
|
|
|
|
* Thu Aug 22 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
|
|
- fixfiles: Fix unbound variable problem (#1743213)
|
|
|
|
* Tue Jul 2 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2
|
|
- Update transition
|
|
- fixfiles: Fix [-B] [-F] onboot
|
|
|
|
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
|
|
- SELinux userspace 2.9 release
|
|
|
|
* Fri Dec 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-16.1
|
|
- semanage: move valid_types initialisations to class constructors
|
|
- semanage: import sepolicy only when it's needed
|
|
- sepolicy: Add sepolicy.load_store_policy(store)
|
|
- semanage: Start exporting "ibendport" and "ibpkey" entries
|
|
|
|
* Wed Dec 5 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-15
|
|
- chcat: use check_call instead of getstatusoutput
|
|
- semanage: Use standard argparse.error() method
|
|
- semanage: Fix handling of -a/-e/-d/-r options
|
|
|
|
* Tue Dec 4 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-14
|
|
- Update translations
|
|
|
|
* Mon Dec 3 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-13
|
|
- Use ipaddress module instead of IPy
|
|
|
|
* Tue Nov 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-12
|
|
- Handle more reserved port types
|
|
- Replace aliases with corresponding type names
|
|
|
|
* Thu Nov 8 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-11.1
|
|
- Fix RESOURCE_LEAK coverity scan defects
|
|
|
|
* Thu Oct 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
|
|
- sepolicy: Update to work with setools-4.2.0
|
|
- gui: Make all polgen button labels translatable
|
|
|
|
* Tue Oct 16 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-9
|
|
- sepolicy: Fix get_real_type_name to handle query failure properly
|
|
|
|
* Mon Oct 15 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-8
|
|
- sepolicy: search() for dontaudit rules as well
|
|
|
|
* Fri Sep 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-7
|
|
- setfiles: Improve description of -d switch
|
|
- Fix typo in newrole.1 manpage
|
|
- semanage: Stop rejecting aliases in semanage commands
|
|
- sepolicy: Stop rejecting aliases in sepolicy commands
|
|
- sepolicy: Fix "info" to search aliases as well
|
|
- sepolgen: fix refpolicy parsing of "permissive"
|
|
- sepolgen: return NotImplemented instead of raising it
|
|
- semanage: fix Python syntax of catching several exceptions
|
|
- semanage: Replace bare except with specific one
|
|
- semanage: Fix logger class definition
|
|
- semanage: Stop logging loginRecords changes
|
|
- add xperms support to audit2allow
|
|
- sepolgen: fix access vector initialization
|
|
- sepolgen: print all AV rules correctly
|
|
|
|
* Thu Sep 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-6.1
|
|
- Update translations
|
|
|
|
* Tue Jul 24 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-5
|
|
- sandbox: Use matchbox-window-manager instead of openbox (#1568295)
|
|
|
|
* Thu Jul 19 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-4
|
|
- selinux-autorelabel: Use plymouth --quit rather then --hide-splash (#1592221)
|
|
- selinux-autorelabel: Increment boot_indeterminate grub environment variable (#1592221)
|
|
- Do not require libcgroup - it's not used anymore
|
|
|
|
* Tue Jun 26 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-3
|
|
- Do not use symlinks to enable selinux-autorelabel-mark.service (#1589720)
|
|
|
|
* Wed Jun 6 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-2
|
|
- Don't build the Python 2 subpackages (#1567354)
|
|
|
|
* Fri May 25 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-1.1
|
|
- SELinux userspace 2.8 release
|
|
|
|
* Tue May 22 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-19
|
|
- selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
|
|
- selinux-autorelabel: synchronize cached writes before reboot (#1385272)
|
|
|
|
* Tue Apr 3 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-18
|
|
- Move semodule_* utilities to policycoreutils package (#1562549)
|
|
|
|
* Thu Mar 22 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-17
|
|
- semanage/seobject.py: Fix undefined store check (#1559174)
|
|
|
|
* Fri Mar 16 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-16
|
|
- Build python only subpackages as noarch
|
|
- Move semodule_package to policycoreutils-devel
|
|
|
|
* Tue Mar 13 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-15
|
|
- sepolicy: Fix translated strings with parameters
|
|
- sepolicy: Support non-MLS policy
|
|
- sepolicy: Initialize policy.ports as a dict in generate.py
|
|
- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
|
|
- Minor update for bash completion
|
|
- semodule_package: fix semodule_unpackage man page
|
|
- gui/semanagePage: Close "edit" and "add" dialogues when successfull
|
|
- gui/fcontextPage: Set default object class in addDialog\
|
|
- sepolgen: fix typo in PolicyGenerator
|
|
- build: follow standard semantics for DESTDIR and PREFIX
|
|
|
|
* Mon Feb 26 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-14
|
|
- Use Fedora RPM build flags (#1548740)
|
|
|
|
* Tue Feb 20 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-13
|
|
- Fix mangling of python shebangs
|
|
|
|
* Mon Feb 19 2018 Miro Hrončok <mhroncok@redhat.com> - 2.7-12
|
|
- Rename the python3 subpackage to have prefix, not suffix
|
|
- Use python3 prefixes in requires where possible
|
|
|
|
* Thu Feb 15 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-11
|
|
- Rewrite selinux-polgengui to use Gtk3
|
|
- Drop python2 and gnome-python2 from gui Requires
|
|
|
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7-10
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
|
* Wed Jan 31 2018 Petr Lautrbach <plautrba@redhat.com> - 2.7-9
|
|
- Require audit-libs-python2
|
|
|
|
* Thu Jan 18 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.7-8
|
|
- Remove obsolete scriptlets
|
|
|
|
* Wed Dec 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-7
|
|
- semanage: bring semanageRecords.set_reload back to seobject.py (#1527745)
|
|
|
|
* Wed Dec 13 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-6
|
|
- semanage: make seobject.py backward compatible
|
|
- Own %%{pythonX_sitelib}/site-packages/sepolicy directories (#1522942)
|
|
|
|
* Wed Nov 22 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-5
|
|
- sepolicy: Fix sepolicy manpage
|
|
- semanage: Update Infiniband code to work on python3
|
|
- semanage: Fix export of ibendport entries
|
|
- semanage: Enforce noreload only if it's requested by -N option
|
|
|
|
* Fri Oct 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-4
|
|
- restorecond: check write() and daemon() results
|
|
- sepolicy: do not fail when file_contexts.local or .subs do not exist
|
|
- sepolicy: remove stray space in section "SEE ALSO"
|
|
- sepolicy: fix misspelling of _ra_content_t suffix
|
|
- gui: port to Python 3 by migrating to PyGI
|
|
- gui: remove the status bar
|
|
- gui: fix parsing of "semodule -lfull" in tab Modules
|
|
- gui: delete overridden definition of usersPage.delete()
|
|
- Enable listing file_contexts.homedirs (#1409813)
|
|
- remove semodule_deps
|
|
|
|
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-3
|
|
- Also add Provides for the old name without %%_isa
|
|
|
|
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.7-2
|
|
- Python 2 binary package renamed to python2-policycoreutils
|
|
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
|
|
|
|
* Mon Aug 07 2017 Petr Lautrbach <plautrba@redhat.com> - 2.7-1
|
|
- Update to upstream release 2017-08-04
|
|
- Move DBUS API from -gui to -dbus package
|
|
|
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-9
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
|
* Sun Jul 30 2017 Florian Weimer <fweimer@redhat.com> - 2.6-8
|
|
- Rebuild with binutils fix for ppc64le (#1475636)
|
|
|
|
* Fri Jul 28 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-7
|
|
- Make 'sepolicy manpage' and 'sepolicy transition' faster
|
|
- open_init_pty: restore stdin/stdout to blocking upon exit
|
|
- fixfiles: do not dereference link files in tmp
|
|
- fixfiles: use a consistent order for options to restorecon
|
|
- fixfiles: don't ignore `-F` when run in `-C` mode
|
|
- fixfiles: remove bad modes of "relabel" command
|
|
- fixfiles: refactor into the `set -u` dialect
|
|
- fixfiles: if restorecon aborts, we should too
|
|
- fixfiles: usage errors are fatal
|
|
- fixfiles: syntax error
|
|
- fixfiles: remove two unused variables
|
|
- fixfiles: tidy up usage(), manpage synopsis
|
|
- fixfiles: deprecate -l option
|
|
- fixfiles: move logit call outside of redirected function
|
|
- fixfiles: fix logging about R/O filesystems
|
|
- fixfiles: clarify exclude_dirs()
|
|
- fixfiles: remove (broken) redundant code
|
|
|
|
|
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.6-6
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
|
* Thu Apr 06 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-5
|
|
- semanage: Unify argument handling (#1398987)
|
|
- setfiles: set up a logging callback for libselinux
|
|
- setfiles: Fix setfiles progress indicator
|
|
- setfiles: stdout messages don't need program prefix
|
|
- setfiles: don't scramble stdout and stderr together (#1435894)
|
|
- restorecond: Decrease loglevel of termination message (#1264505)
|
|
- fixfiles should handle path arguments more robustly
|
|
- fixfiles: handle unexpected spaces in command
|
|
- fixfiles: remove useless use of cat (#1435894)
|
|
- semanage: Add checks if a module name is passed in (#1420707)
|
|
- semanage: fix export of fcontext socket entries (#1435127)
|
|
- selinux-autorelabel: remove incorrect redirection to /dev/null (#1415674)
|
|
|
|
* Fri Mar 17 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-4
|
|
- Fix selinux-polgengui (#1432337)
|
|
- sepolicy - fix obtaining domain name in HTMLManPages
|
|
|
|
* Tue Feb 28 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-3
|
|
- Fix several issues in gui and 'sepolicy manpage' (#1416372)
|
|
|
|
* Thu Feb 23 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-2
|
|
- Use %%{__python3} instead of python3
|
|
|
|
* Mon Feb 20 2017 Petr Lautrbach <plautrba@redhat.com> - 2.6-1.1
|
|
- Fix pp crash when processing base module (#1417200)
|
|
- Update to upstream release 2016-10-14
|
|
|
|
* Wed Feb 15 2017 Igor Gnatenko <ignatenko@redhat.com> - 2.5-22
|
|
- Rebuild for brp-python-bytecompile
|
|
|
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.5-21
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
|
* Wed Dec 21 2016 Kevin Fenzi <kevin@scrye.com> - 2.5-20
|
|
- Rebuild for python 3.6
|
|
|
|
* Thu Dec 01 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-19
|
|
- seobject: Handle python error returns correctly
|
|
- policycoreutils/sepolicy/gui: fix current selinux state radiobutton
|
|
- policycoreutils: semodule_package: do not fail with an empty fc file
|
|
|
|
* Tue Nov 22 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-18
|
|
- Update translations
|
|
- Fix fcontextPage editing features (#1344842)
|
|
|
|
* Mon Oct 03 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-17
|
|
- sandbox: Use dbus-run-session instead of dbus-launch when available
|
|
- hll/pp: Change warning for module name not matching filename to match new behavior
|
|
- Remove LDFLAGS from CFLAGS
|
|
- sandbox: create a new session for sandboxed processes
|
|
- sandbox: do not try to setup directories without -X or -M
|
|
- sandbox: do not run xmodmap in a new X session
|
|
- sandbox: Use GObject introspection binding instead of pygtk2
|
|
- sandbox: fix file labels on copied files
|
|
- sandbox: tests - close stdout of p
|
|
- sandbox: tests - use sandbox from cwd
|
|
- audit2allow: tests should use local copy not system
|
|
- audit2allow: fix audit2why import from seobject
|
|
- audit2allow: remove audit2why so that it gets symlinked
|
|
- semanage: fix man page and help message for import option
|
|
- semanage: fix error message for fcontext -m
|
|
- semanage: Fix semanage fcontext -D
|
|
- semanage: Correct fcontext auditing
|
|
- semanage: Default serange to "s0" for port modify
|
|
- semanage: Use socket.getprotobyname for protocol
|
|
- semanage: fix modify action in node and interface
|
|
- fixfiles: Pass -n to restorecon for fixfiles check
|
|
- sepolicy: Check get_rpm_nvr_list() return value
|
|
- Don't use subprocess.getstatusoutput() in Python 2 code
|
|
- semanage: Add auditing of changes in records
|
|
- Remove unused 'q' from semodule getopt string
|
|
|
|
* Mon Aug 01 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-16
|
|
- Remove unused autoconf files from po/
|
|
- Remove duplicate, empty translation files
|
|
- Rebuilt with libsepol-2.5-9, libselinux-2.5-11, libsemanage-2.5-7
|
|
|
|
* Thu Jul 21 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-15
|
|
- Fix sandbox -X issue related to python3 (#1358138)
|
|
|
|
* Wed Jul 20 2016 Richard W.M. Jones <rjones@redhat.com> - 2.5-14
|
|
- Use generator approach to fix autorelabel
|
|
|
|
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5-13
|
|
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
|
|
|
* Thu Jul 14 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-12
|
|
- open_init_pty: Do not error on EINTR
|
|
- Fix [-s STORE] typos in semanage
|
|
- Update sandbox types in sandbox manual
|
|
- Update translations
|
|
|
|
* Mon Jun 27 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-11
|
|
- Convert sandbox to gtk-3 using pygi-convert.sh (#1343166)
|
|
|
|
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-10
|
|
- Fix typos in semanage manpages
|
|
- Fix the documentation of -l,--list for semodule
|
|
- Minor fix in a French translation
|
|
- Fix the extract example in semodule.8
|
|
- Update sandbox.8 man page
|
|
- Remove typos from chcat --help
|
|
- sepolgen: Remove additional files when cleaning
|
|
|
|
* Wed May 11 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-9
|
|
- Fix multiple spelling errors
|
|
- Rebuild with libsepol-2.5-6
|
|
|
|
* Mon May 02 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-8
|
|
- Rebuilt with libsepol-2.5-5
|
|
|
|
* Fri Apr 29 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-7
|
|
- hll/pp: Warn if module name different than output filename
|
|
|
|
* Mon Apr 25 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-6
|
|
- Ship selinux-autorelabel utility and systemd unit files (#1328825)
|
|
|
|
* Fri Apr 08 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-5
|
|
- sepolgen: Add support for TYPEBOUNDS statement in INTERFACE policy files (#1319338)
|
|
|
|
* Fri Mar 18 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-4
|
|
- Add documentation for MCS separated domains
|
|
- Move svirt man page out of libvirt into its own
|
|
|
|
* Thu Mar 17 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-3
|
|
- policycoreutils: use python3 in chcat(#1318408)
|
|
|
|
* Sat Mar 05 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-2
|
|
- policycoreutils/sepolicy: selinux_server.py to use GLib instead of gobject
|
|
- policycoreutils-gui requires python-slip-dbus (#1314685)
|
|
|
|
* Tue Feb 23 2016 Petr Lautrbach <plautrba@redhat.com> 2.5-1
|
|
- Update to upstream release 2016-02-23
|
|
|
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.4-21
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
|
* Mon Dec 14 2015 Petr Lautrbach <plautrba@redhat.com> - 2.4-20
|
|
- Fix 'semanage permissive -l' subcommand (#1286325)
|
|
- Several 'sepolicy gui' fixes (#1281309,#1281309,#1282382)
|
|
|
|
* Tue Nov 17 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-19
|
|
- Require at least one argument for 'semanage permissive -d' (#1255676)
|
|
|
|
* Mon Nov 16 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-18
|
|
- Improve sepolicy command line interface
|
|
- Fix sandbox to propagate specified MCS/MLS Security Level. (#1279006)
|
|
- Fix 'audit2allow -R' (#1280418)
|
|
|
|
* Thu Nov 12 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-17
|
|
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
|
|
|
|
* Mon Nov 09 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-16
|
|
- policycoreutils-gui needs policycoreutils-python (#1279046)
|
|
|
|
* Wed Nov 04 2015 Robert Kuska <rkuska@redhat.com> - 2.4-15
|
|
- Rebuilt for Python3.5 rebuild
|
|
|
|
* Thu Oct 08 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-14
|
|
- Revert the attempt to port -gui to GTK 3 (#1269328, #1266059)
|
|
|
|
* Fri Oct 02 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-13
|
|
- newrole: Set keepcaps around setresuid calls
|
|
- newrole: Open stdin as read/write
|
|
|
|
* Fri Sep 04 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-12
|
|
- Fix several semanage issue (#1247714)
|
|
- Decode output from subprocess, if error occurred (#1247039)
|
|
|
|
* Wed Sep 02 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-11
|
|
- audit2allow, audit2why - ignore setlocale errors (#1208529)
|
|
|
|
* Fri Aug 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-10
|
|
- Port sandbox to GTK 3 and fix issue with Xephyr
|
|
|
|
* Thu Aug 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-9
|
|
- Fix another python3 issues mainly in sepolicy (#1247039,#1247575,#1251713)
|
|
|
|
* Thu Aug 06 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-8
|
|
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)
|
|
|
|
* Mon Jul 27 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-7
|
|
- policycoreutils-python3 depends on python-IPy-python3
|
|
|
|
* Mon Jul 27 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-6
|
|
- policycoreutils-devel depends on policycoreutils-python-utils (#1246818)
|
|
|
|
* Fri Jul 24 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-5
|
|
- Move python utilities from -python to -python-utilities
|
|
- All scripts originally from policycoreutils-python use python 3 now
|
|
|
|
* Fri Jul 24 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-4
|
|
- policycoreutils: semanage: fix moduleRecords deleteall method
|
|
|
|
* Thu Jul 23 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-3
|
|
- Improve compatibility with python 3
|
|
- Add sepolgen module to python3 package
|
|
|
|
* Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-2
|
|
- Add Python3 support for sepolgen module (#1125208,#1125209)
|
|
|
|
* Tue Jul 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-1.1
|
|
- Update to 2.4 release
|
|
|
|
* Wed Jul 15 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.7
|
|
- Fix typo in semanage args for minimum policy store
|
|
|
|
* Fri Jul 03 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.6
|
|
- policycoreutils: semanage: update to new source policy infrastructure
|
|
- semanage: move permissive module creation to /tmp
|
|
|
|
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-18
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
|
* Wed May 06 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-17
|
|
- setfiles/restorecon: fix -r/-R option (#1211721)
|
|
|
|
* Mon Apr 13 2015 Petr Lautrbach <plautrba@redhat.com> 2.4-0.4
|
|
- Update to upstream 2.4
|
|
|
|
* Tue Feb 24 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-16
|
|
- Temporary removed Requires:audit-libs-python from policycoreutils-python3 subpackage (#1195139)
|
|
- Simplication of sepolicy-manpage web functionality (#1193552)
|
|
|
|
* Mon Feb 02 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-15
|
|
- We need to cover file_context.XXX.homedir to have fixfiles with exclude_dirs working correctly
|
|
- Use dnf instead of yum (#1156547)
|
|
|
|
* Tue Nov 18 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-14
|
|
- Audit2allow will check for mislabeled files, and tells user to fix the label.
|
|
- Also checks for basefiles and suggests creating a different label.
|
|
- Patch from Ryan Hallisey
|
|
|
|
* Wed Nov 5 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-13
|
|
- Switch back to yum. Need additional fixes to make it working correctly.
|
|
|
|
* Wed Nov 5 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-12
|
|
- Switch over to dnf from yum
|
|
|
|
* Tue Sep 23 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-11
|
|
- Improvements to audit2allow from rhallise@redhat.com
|
|
* Check for mislabeled files.
|
|
* Check for base file use and
|
|
* Suggest writable files as alternatives
|
|
|
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-10
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
|
* Mon Aug 4 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-9
|
|
- Remove build requires for openbox, not needed
|
|
|
|
* Thu Jul 31 2014 Tom Callaway <spot@fedoraproject.org> - 2.3-8
|
|
- fix license handling
|
|
|
|
* Wed Jul 23 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-7
|
|
- Examples are no longer in the main semanage man page (#1084390)
|
|
- Add support for Fedora22 man pages. We need to fix it to not using hardcoding.
|
|
- Print usage for all mutually exclusive options.
|
|
- Fix selinux man page to refer seinfo and sesearch tools.
|
|
|
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3-6
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
|
* Wed May 28 2014 Kalev Lember <kalevlember@gmail.com> - 2.3-5
|
|
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
|
|
|
|
* Tue May 20 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-4
|
|
- Fix setfiles to work correctly if -r option is defined
|
|
|
|
* Fri May 16 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-3
|
|
- Update Miroslav Grepl Patches
|
|
* If there is no executable we don't want to print a part of STANDARD FILE CON
|
|
* Add-manpages-for-typealiased-types
|
|
* Make fixfiles_exclude_dirs working if there is a substituion for the given d
|
|
|
|
* Mon May 12 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-2
|
|
- If there is no executable we don't want to print a part of STANDARD FILE CONTEXT
|
|
|
|
* Tue May 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.3-1
|
|
- Update to upstream
|
|
* Add -P semodule option to man page from Dan Walsh.
|
|
* selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
|
|
* Add new icons for sepolicy gui from Dan Walsh.
|
|
* Only return writeable files that are enabled from Dan Walsh.
|
|
* Add domain to short list of domains, when -t and -d from Dan Walsh.
|
|
* Fix up desktop files to match current standards from Dan Walsh.
|
|
* Add support to return sensitivities and categories for python from Dan Walsh.
|
|
* Cleanup whitespace from Dan Walsh.
|
|
* Add message to tell user to install sandbox policy from Dan Walsh.
|
|
* Add systemd unit file for mcstrans from Laurent Bigonville.
|
|
* Improve restorecond systemd unit file from Laurent Bigonville.
|
|
* Minor man pages improvements from Laurent Bigonville.
|
|
|
|
* Tue May 6 2014 Miroslav Grepl <mgreplh@redhat.com> - 2.2.5-15
|
|
- Apply patch to use setcon in seunshare from luto@mit.edu
|
|
|
|
* Wed Apr 30 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-14
|
|
- Remove requirement for systemd-units
|
|
|
|
* Fri Apr 25 2014 Miroslav Grepl <mgreplh@redhat.com> - 2.2.5-13
|
|
- Fix previous Fix-STANDARD_FILE_CONTEXT patch to exclude if non_exec does not exist
|
|
|
|
* Thu Apr 24 2014 Miroslav Grepl <mgreplh@redhat.com> - 2.2.5-12
|
|
- Add policycoreutils-rhat-revert.patch to revert the last two commits to make build working
|
|
- Add 0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages patch
|
|
|
|
* Tue Apr 1 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-11
|
|
- Update Translations
|
|
|
|
* Thu Mar 27 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.2.5-10
|
|
- Add support for Fedora21 html manpage structure
|
|
- Fix broken dependencies to require only usermode-gtk
|
|
|
|
* Wed Mar 26 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-9
|
|
- mgrepl [PATCH] Deleteall user customization fails if there is a user used
|
|
- for the default login. We do not want to fail on it and continue to delete
|
|
- customizations for users which are not used for default login.
|
|
|
|
* Mon Mar 24 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-8
|
|
- Update Translations
|
|
- Make selinux-policy build working also on another architectures related to s
|
|
- Miroslav grepl patch to fix the creation of man pages on different architectures.
|
|
- Add ability to list the actual active modules
|
|
- Fix spelling mistake on sesearch in generate man pages.
|
|
|
|
* Fri Feb 14 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-7
|
|
- Allow manpages to be built on aarch64
|
|
|
|
* Fri Feb 14 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-6
|
|
- Don't be verbose in fixfiles if there is not tty
|
|
|
|
* Thu Feb 13 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-5
|
|
- Yum should only be required for policycoreutils-devel
|
|
|
|
* Tue Jan 21 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-4
|
|
- Update translations
|
|
|
|
* Thu Jan 16 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-3
|
|
- Add Miroslav patch to
|
|
- Fix previously_modified_initialize() to show modified changes properly for all selections
|
|
|
|
* Wed Jan 8 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-2
|
|
- Do not require /usr/share/selinux/devel/Makefile to build permissive domains
|
|
|
|
* Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.5-1
|
|
- Update to upstream
|
|
* Ignore selevel/serange if MLS is disabled from Sven Vermeulen.
|
|
|
|
* Fri Jan 3 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.4-8
|
|
- Update Tranlations
|
|
- Patch from Yuri Chornoivan to fix typos
|
|
|
|
* Fri Jan 3 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.4-7
|
|
- Fixes Customized booleans causing a crash of the sepolicy gui
|
|
|
|
* Fri Dec 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.4-6
|
|
- Fix sepolicy gui selection for advanced screen
|
|
- Update Translations
|
|
- Move requires checkpolicy requirement into policycoreutils-python
|
|
|
|
* Mon Dec 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.4-5
|
|
- Fix semanage man page description of import command
|
|
- Fix policy kit file to allow changing to permissive mode
|
|
|
|
* Mon Dec 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.4-4
|
|
- Fix broken dependencies.
|
|
|
|
* Fri Dec 13 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.4-3
|
|
- Break out python3 code into separate package
|
|
|
|
* Fri Dec 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.4-2
|
|
- Add mgrepl patch
|
|
- ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin
|
|
|
|
* Tue Dec 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.4-1
|
|
- Update to upstream
|
|
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
|
|
- Add patches for sepolicy gui from mgrepl to
|
|
Fix advanced_item_button_push() to allow to select an application in advanced search menu
|
|
Fix previously_modified_initialize() to show modified changes properly for all selections
|
|
|
|
|
|
* Fri Nov 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.3-1
|
|
- Update to upstream
|
|
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
|
|
* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
|
|
- Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate
|
|
|
|
* Wed Nov 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.2-2
|
|
- Fix selinux-polgengui, get_all_modules call
|
|
|
|
* Fri Nov 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1
|
|
- Speed up startup time of sepolicy gui
|
|
- Clean up ports screen to only show enabled ports.
|
|
- Update to upstream
|
|
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
|
|
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
|
|
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
|
|
|
|
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-2
|
|
- Shift around some of the files to more appropriate packages.
|
|
* semodule_* packages are required for devel.
|
|
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1
|
|
- Update to upstream
|
|
* Properly build the swig exception file from Laurent Bigonville.
|
|
* Fix man pages from Laurent Bigonville.
|
|
* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
|
|
* Fix LDFLAGS usage from Laurent Bigonville.
|
|
* Fix init_policy warning from Laurent Bigonville.
|
|
* Fix semanage logging from Laurent Bigonville.
|
|
* Open newrole stdin as read/write from Sven Vermeulen.
|
|
* Fix sepolicy transition from Sven Vermeulen.
|
|
* Support overriding CFLAGS from Simon Ruderich.
|
|
* Create correct man directory for run_init from Russell Coker.
|
|
* restorecon GLOB_BRACE change from Michal Trunecka.
|
|
* Extend audit2why to report additional constraint information.
|
|
* Catch IOError errors within audit2allow from Dan Walsh.
|
|
* semanage export/import fixes from Dan Walsh.
|
|
* Improve setfiles progress reporting from Dan Walsh.
|
|
* Document setfiles -o option in usage from Dan Walsh.
|
|
* Change setfiles to always return -1 on failure from Dan Walsh.
|
|
* Improve setsebool error r eporting from Dan Walsh.
|
|
* Major overhaul of gui from Dan Walsh.
|
|
* Fix sepolicy handling of non-MLS policy from Dan Walsh.
|
|
* Support returning type aliases from Dan Walsh.
|
|
* Add sepolicy tests from Dan Walsh.
|
|
* Add org.selinux.config.policy from Dan Walsh.
|
|
* Improve range and user input checking by semanage from Dan Walsh.
|
|
* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
|
|
* Allow use of <<none>> for semanage fcontext from Dan Walsh.
|
|
* Report customized user levels from Dan Walsh.
|
|
* Support deleteall for restoring disabled modules from Dan Walsh.
|
|
* Improve semanage error reporting from Dan Walsh.
|
|
* Only list disabled modules for module locallist from Dan Walsh.
|
|
* Fix logging from Dan Walsh.
|
|
* Define new constants for file type character codes from Dan Walsh.
|
|
* Improve bash completions from Dan Walsh.
|
|
* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
|
|
* Add semanage tests from Dan Walsh.
|
|
* Split semanage man pages from Dan Walsh.
|
|
* Move bash completion scripts from Dan Walsh.
|
|
* Replace genhomedircon script with a link to semodule from Dan Walsh.
|
|
* Fix fixfiles from Dan Walsh.
|
|
* Add support for systemd service for restorecon from Dan Walsh.
|
|
* Spelling corrections from Dan Walsh.
|
|
* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
|
|
* Switch sandbox to openbox window manager from Dan Walsh.
|
|
* Coalesce audit2why and audit2allow from Dan Walsh.
|
|
* Change audit2allow to append to output file from Dan Walsh.
|
|
* Update translations from Dan Walsh.
|
|
* Change audit2why to use selinux_current_policy_path from Dan Walsh.
|
|
|
|
* Fri Oct 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-89
|
|
- Fix handling of man pages.
|
|
|
|
* Wed Oct 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-88
|
|
- Cleanup errors found by pychecker
|
|
- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
|
|
|
|
* Fri Oct 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-87
|
|
- sepolicy gui
|
|
- mgrepl fixes for users and login
|
|
- Update Translations.
|
|
|
|
* Fri Oct 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-86
|
|
- sepolicy gui
|
|
- mgrepl added delete screens for users and login
|
|
- Fix lots of bugs.
|
|
- Update Translations.
|
|
|
|
|
|
* Fri Oct 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-85
|
|
- Fixes for fixfiles
|
|
* exclude_from_dirs should apply to all types of restorecon calls
|
|
* fixfiles check now works
|
|
* exit with the correct status
|
|
|
|
- semanage no longer import selinux
|
|
|
|
* Wed Oct 2 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-84
|
|
- Fixes for sepolicy gui
|
|
- Fix setsebool to return 0 on success
|
|
- Update Po
|
|
|
|
* Mon Sep 30 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-83
|
|
- Fix sizes of help screens in sepolicy gui
|
|
|
|
* Sat Sep 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-82
|
|
- Improvements to sepolicy gui
|
|
- Add more help information
|
|
- Cleanup code
|
|
- Add deny_ptrace on lockdown screen
|
|
- Make unconfined/permissivedomains lockdown work
|
|
- Add more support for file equivalency
|
|
|
|
* Wed Sep 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-81
|
|
- Add back in the help png files
|
|
- Begin Adding support for file equivalency.
|
|
|
|
* Wed Sep 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-80
|
|
- Random fixes for sepolicy gui
|
|
* Do not prompt for password until you make a change
|
|
* Add user mappings and selinux users page
|
|
* lots of code cleanup
|
|
|
|
- Verify homedir is owned by user before mounting over it with seunshare
|
|
- Fix fixfiles to handle Relabel properly
|
|
- Fix semanage fcontext -e / command to allow "/"
|
|
|
|
* Wed Sep 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-79
|
|
- Add Miroslav Grepl setsebool patch to give better error message on bad boolean names
|
|
- Additional help screens for sepolicy gui
|
|
|
|
* Tue Sep 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-78
|
|
- Random fixes for sepolicy gui
|
|
- Update Translations
|
|
|
|
* Fri Aug 30 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-77
|
|
- Add help screens for each page
|
|
- Fixes for system page
|
|
|
|
* Mon Aug 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-76
|
|
- Add Miroslav Grepl Patch to handle semanage -i and semanage -o better
|
|
- Update Translations
|
|
|
|
* Thu Aug 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-75
|
|
- Update sepolicy gui code, cleanups and add file transition tab
|
|
- Fix semanage fcontext -a --ftype code to work.
|
|
|
|
* Wed Aug 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-74
|
|
- If policy is not installed get_bools should not crash
|
|
|
|
* Wed Aug 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-73
|
|
- Fix doc versioning
|
|
|
|
* Tue Aug 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-72
|
|
- Update sepolicy gui code, cleanups and add file transition tab
|
|
- Fix semanage argparse problems
|
|
|
|
* Fri Aug 2 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-71
|
|
- Update sepolicy gui code, adding dbus calls
|
|
- Update Translations
|
|
|
|
* Fri Jul 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-70
|
|
- Fix semanage argparse bugs
|
|
- Update Translations
|
|
- Add test suite for semanage command lines
|
|
|
|
* Wed Jul 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-69
|
|
- Fix semanage argparse bugs
|
|
|
|
* Tue Jul 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-68
|
|
- Fix bugs introduced by previous patch. semanage port
|
|
- Update Translations
|
|
- Add test suite for sepolicy command lines
|
|
|
|
* Fri Jul 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-67
|
|
- Fix bugs introduced by previous patch. semanage port
|
|
- Update Translations
|
|
|
|
* Wed Jul 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-66
|
|
- Rewrite argparse code in semanage and fix reload problem.
|
|
|
|
* Tue Jul 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-65
|
|
- Do not generate shell script or spec file for sepolicy generate --newtype
|
|
- Update translations
|
|
- Fix sepolicy generate --admin_user man page again
|
|
- Fix setsebool to print less verbose error messages by default, add -V for ve
|
|
|
|
* Mon Jul 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-64
|
|
- Move audit2allow and audit2why back into -python package
|
|
|
|
* Wed Jul 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-63
|
|
- Update sepolicy gui.
|
|
- Error out of you call sepolicy gui without policycoreutils-gui package installed
|
|
- Fix semanage login -d command
|
|
- Update Translations
|
|
|
|
* Wed Jul 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-62
|
|
- Update sepolicy gui.
|
|
|
|
* Fri Jul 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-61
|
|
- Add Ryan Hallisey sepolicy gui.
|
|
- Update Translations
|
|
|
|
* Mon Jun 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-60
|
|
- Fix semanage module error handling
|
|
|
|
* Sun Jun 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-59
|
|
- Add back default exception handling for errors, which argparse rewrite removed.
|
|
|
|
* Fri Jun 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-58
|
|
- Fix generation of booleans in man pages
|
|
|
|
* Fri Jun 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-57
|
|
- Remove requires for systemd-sysv
|
|
- Move systemd-units require to restorecond section
|
|
- Update Tranlasions
|
|
- More sepolicy interfaces for gui
|
|
- Cleanup man pages for sepolicy generate
|
|
|
|
* Wed Jun 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-56
|
|
- Fix semanage export/import commands
|
|
- Fix semange module command
|
|
- Remove --version option from sandbox
|
|
|
|
* Tue Jun 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-55
|
|
- Add man page doc for --role and bash complestion support for sepolicy --role
|
|
|
|
* Tue Jun 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-54
|
|
- Make fcdict return a dictionary of dictionaries
|
|
- Fix for sepolicy manpage
|
|
|
|
* Mon Jun 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-53
|
|
- Add new man pages for each semanage subsection
|
|
|
|
* Mon Jun 17 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-52
|
|
- Fix handling of sepolicy network sorting.
|
|
- Additional interfaces needed for sepolicy gui
|
|
|
|
* Thu Jun 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-51
|
|
- Fix handling of semanage args
|
|
|
|
* Thu Jun 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-50
|
|
- Fix sepolicy generate --confined_admin to generate tunables
|
|
- Add new interface to generate entrypoints for use with new gui
|
|
|
|
* Wed Jun 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-49
|
|
- Fix handing of semanage with no args
|
|
|
|
* Tue Jun 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-48
|
|
- Fix audit2allow -o to open file for append
|
|
- Fix the name of the spec file generated in the build script
|
|
|
|
* Fri May 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-47
|
|
- Fix mgrepl patch to support all semanage command parsing
|
|
|
|
* Sun May 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-46
|
|
- Fix the name of the spec file generated in the build script
|
|
- Add mgrepl patch to support argparse for semanage command parsing
|
|
|
|
* Tue May 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-45
|
|
- Fix sandbox to always use sandbox_file_t, so generated policy will work.
|
|
- Update Translations
|
|
|
|
* Thu May 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-44
|
|
- Fix sepolicy-generate man page to clear up options/policy type
|
|
- Add Miroslav Grepl to not generate man page when doing
|
|
sepolicy generate --customize
|
|
- Add support for executing semanage user within spec file
|
|
- Fix generation of confined admin domains, to handle booleans properly.
|
|
|
|
* Tue May 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-43
|
|
- Need to handle gziped policy.xml as well as not compressed.
|
|
|
|
* Tue May 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-42
|
|
- Add support for Xephyr -resizable, so sandbox can now resize window
|
|
- Add support for compressed policy.xml
|
|
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
|
|
- Also add capability to test interfaces for correctness.
|
|
|
|
* Mon May 13 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-41
|
|
- Apply patches from Sven Vermeulen for sepolgen to fix typos.
|
|
|
|
* Mon May 13 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-40
|
|
- Only require selinux-policy-devel for policycoreutils-devel, this will shrink the size of the livecd.
|
|
|
|
* Sun May 12 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-39
|
|
- Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed, first time
|
|
- Add Sven Vermeulen patches to cleanup man pages
|
|
|
|
* Fri May 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-38
|
|
- No longer run sepolgen-ifgen at install time.
|
|
- Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed.
|
|
- Update Translations
|
|
|
|
* Mon Apr 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-37
|
|
- Fix exceptionion hanling in audit2allow -o
|
|
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
|
|
- sepolicy comunicate should return ValueError not TypeError
|
|
- Trim header line in sepolicy manpage to use less space
|
|
- Add missing options to restorecon man page
|
|
|
|
* Thu Apr 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-36
|
|
- Raise proper Exception on sepolicy communicate with invalid value
|
|
|
|
* Wed Apr 10 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-35
|
|
- Update translations
|
|
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
|
|
|
|
* Tue Apr 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-34
|
|
- Update translations
|
|
- Add patch inspired by Miroslav Grepl to add extended information for sepolicy interface command.
|
|
|
|
* Mon Apr 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-33
|
|
- Update translations
|
|
- Add missing man pages and fixup existing man pages
|
|
|
|
* Wed Apr 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-32
|
|
- Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel
|
|
- Apply Miroslav Grepl Patches for sepolicy
|
|
-- Fix generate mutually groups option handling
|
|
-- EUSER is used for existing policy
|
|
-- customize options can be used together with admin_domain option
|
|
-- Fix manpage.py to generate correct man pages for SELinux users
|
|
-- Fix policy *.te file generated by customize+writepaths options
|
|
-- Fix install script for confined_admin option
|
|
|
|
* Mon Apr 1 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-31
|
|
- Add post install scripts for gui to make sure Icon Cache is refreshed.
|
|
- Fix grammar issue in secon man page
|
|
- Update Translations
|
|
|
|
* Thu Mar 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-30
|
|
- Add buildrequires for OpenBox to prevent me from accidently building into RHEL7
|
|
- Add support for returning alias data to sepolicy.info python bindings
|
|
|
|
* Wed Mar 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-28
|
|
- Fix audit2allow output to better align analysys with the allow rules
|
|
- Apply Miroslav Grepl patch to clean up sepolicy generate usage
|
|
- Apply Miroslav Grepl patch to fixupt handing of admin_user generation
|
|
- Update Tranlslations
|
|
|
|
* Wed Mar 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-27
|
|
- Allow semanage fcontext -a -t "<<none>>" ... to work
|
|
|
|
* Mon Mar 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-26
|
|
- Can not unshare IPC in sandbox, since it blows up Xephyr
|
|
- Remove bogus error message sandbox about reseting setfsuid
|
|
|
|
* Thu Mar 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-25
|
|
- Fix sepolicy generate --customize to generate policy with -w commands
|
|
|
|
* Thu Mar 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-24
|
|
- sepolgen-ifgen needs to handle filename transition rules containing ":"
|
|
|
|
* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-23
|
|
- sepolicy manpage:
|
|
- use nroff instead of man2html
|
|
- Remove checking for name of person who created the man page
|
|
- audit2allow
|
|
- Fix output to show the level that is different.
|
|
|
|
* Thu Mar 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-22
|
|
- Fix newrole to not drop capabilities from the bounding set.
|
|
- Stop dropping capabilities from its children.
|
|
- Add better error messages.
|
|
- Change location of bash_completion files to /usr/share/bash-completion/compl
|
|
|
|
* Mon Mar 11 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-21
|
|
- sepolicy generate should look for booleans that effect equivalence names, and add them to the man page
|
|
|
|
* Thu Mar 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-20
|
|
- Mention creation of permissive domains in sepolicy generate man page
|
|
- Change sepolicy manpage to use shortname with an "_" to stop accidently grabbing unrelated types for a domain.
|
|
- Fix audit2allow to show better information on constraint violations.
|
|
|
|
* Wed Mar 6 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-19
|
|
- Have restorecon exit -1 on errors for consistancy.
|
|
|
|
* Tue Mar 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-18
|
|
- Need to provide a value to semanage boolean -m
|
|
|
|
* Mon Mar 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-17
|
|
- Fix cut and paste errors for sepolicy network command
|
|
|
|
* Fri Mar 1 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-16
|
|
- Fix sepoicy interface to work properly
|
|
|
|
* Thu Feb 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-15
|
|
- Fix fixfiles to use exclude_dirs on fixfiles restore
|
|
|
|
* Thu Feb 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-14
|
|
- Allow users with symlinked homedirs to work. call realpath on homedir
|
|
- Fix sepolicy reorganization of helper functions.
|
|
|
|
* Sun Feb 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-13
|
|
- Update trans
|
|
- Fix sepolicy reorganization of helper functions.
|
|
|
|
* Sun Feb 24 2013 Rahul Sundaram <sundaram@fedoraproject.org> - 2.1.14-13
|
|
- remove vendor tag from desktop file. https://fedorahosted.org/fpc/ticket/247
|
|
- clean up spec to follow current guidelines
|
|
|
|
* Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-12
|
|
- Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package
|
|
|
|
* Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-11
|
|
- sepolgen-ifgen should use the current policy path if selinux is enabled
|
|
|
|
* Fri Feb 22 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-10
|
|
- Fix sepolicy to be able to work on an SELinux disabled system.
|
|
- Needed to be able to build man pages in selinux-policy package
|
|
|
|
* Thu Feb 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-9
|
|
- Add yum to requires of policycoreutils-python since sepolicy requires it.
|
|
|
|
* Thu Feb 21 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-8
|
|
- Sepolixy should not throw an exception on an SELinux disabled machine
|
|
- Switch from using console app to using pkexec, so we will work better
|
|
with policykit.
|
|
- Add missing import to fix system-config-selinux startup
|
|
- Add comment to pamd files about pam_rootok.so
|
|
- Fix sepolicy generate to not comment out the first line
|
|
|
|
* Wed Feb 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-7
|
|
- Add --root/-r flag to sepolicy manpage,
|
|
- This allows us to generate man pages on the fly in the selinux-policy build
|
|
|
|
* Mon Feb 18 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-6
|
|
- Fix newrole to retain cap_audit_write when compiled with namespace, also
|
|
do not drop capabilities when run as root.
|
|
|
|
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-5
|
|
- Fix man page generation and public_content description
|
|
|
|
* Thu Feb 14 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-4
|
|
- Revert some changes which are causing the wrong policy version file to be created
|
|
- Switch sandbox to start using openbox rather then matchbox
|
|
- Make sepolgen a symlink to sepolicy
|
|
- update translations
|
|
|
|
* Wed Feb 13 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-3
|
|
- Fix empty system-config-selinux.png, again
|
|
|
|
* Tue Feb 12 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-2
|
|
- Fix empty system-config-selinux.png
|
|
|
|
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-1
|
|
- Update to upstream
|
|
* setfiles: estimate percent progress
|
|
* load_policy: make link at the destination directory
|
|
* Rebuild polgen.glade with glade-3
|
|
* sepolicy: new command to unite small utilities
|
|
* sepolicy: Update Makefiles and po files
|
|
* sandbox: use sepolicy to look for sandbox_t
|
|
* gui: switch to use sepolicy
|
|
* gui: sepolgen: use sepolicy to generate
|
|
* semanage: use sepolicy for boolean dictionary
|
|
* add po file configuration information
|
|
* po: stop running update-po on all
|
|
* semanage: seobject verify policy types before allowing you to assign them.
|
|
* gui: Start using Popen, instead of os.spawnl
|
|
* sandbox: Copy /var/tmp to /tmp as they are the same inside
|
|
* qualifier to shred content
|
|
* semanage: Fix handling of boolean_sub names when using the -F flag
|
|
* semanage: man: roles instead of role
|
|
* gui: system-config-selinux: Catch no DISPLAY= error
|
|
* setfiles: print error if no default label found
|
|
* semanage: list logins file entries in semanage login -l
|
|
* semanage: good error message is sepolgen python module missing
|
|
* gui: system-config-selinux: do not use lokkit
|
|
* secon: add support for setrans color information in prompt output
|
|
* restorecond: remove /etc/mtab from default list
|
|
* gui: If you are not able to read enforcemode set it to False
|
|
* genhomedircon: regenerate genhomedircon more often
|
|
* restorecond: Add /etc/udpatedb.conf to restorecond.conf
|
|
* genhomedircon generation to allow spec file to pass in SEMODULE_PATH
|
|
* fixfiles: relabel only after specific date
|
|
* po: update translations
|
|
* sandbox: seunshare: do not reassign realloc value
|
|
* seunshare: do checking on setfsuid
|
|
* sestatus: rewrite to shut up coverity
|
|
|
|
* Thu Jan 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-58
|
|
- Reorginize sepolicy so all get_all functions are in main module
|
|
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
|
|
|
|
* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-57
|
|
- Update to latest patches from eparis/Upstream
|
|
- fixfiles onboot will write any flags handed to it to /.autorelabel.
|
|
- * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
|
|
- * This should allow fixfiles -F onboot, to force a hard relabel.
|
|
- Add -p to show progress on full relabel.
|
|
|
|
* Tue Jan 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-56
|
|
- Additional changes for bash completsion and generate man page to match the w
|
|
- Add newtype as a new qualifier to sepolicy generate. This new mechanism wil
|
|
- a policy write to generate types after the initial policy has been written a
|
|
- will autogenerate all of the interfaces.
|
|
- I also added a -w options to allow policy writers from the command line to s
|
|
- the writable directories of files.
|
|
-
|
|
- Modify network.py to include interface definitions for newly created port type
|
|
- Standardize of te_types just like all of the other templates.
|
|
|
|
- Change permissive domains creation to raise exception if sepolgen is not ins
|
|
- get_te_results no longer needs or uses the opts parameter.
|
|
- The compliler was complaining so I just removed the option.
|
|
- Start returning analysis data for audit2allow
|
|
|
|
* Tue Jan 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-55
|
|
- Update Translations
|
|
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
|
|
- This fixes the spec file and script file getting wrong names for modules and types.
|
|
|
|
* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-54
|
|
- Additional patch from Miroslav to handle role attributes
|
|
|
|
* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-53
|
|
- Update with Miroslav patch to handle role attributes
|
|
- Update Translations
|
|
- import sepolicy will only throw exception on missing policy iff selinux is enabled
|
|
|
|
* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-52
|
|
- Update to latest patches from eparis/Upstream
|
|
- secon: add support for setrans color information in prompt output
|
|
- Update translations
|
|
|
|
* Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-51
|
|
- Update translations
|
|
- Fix sepolicy booleans to handle autogenerated booleans descriptions
|
|
- Cleanups of sepolicy manpage
|
|
- Fix crash on git_shell man page generation
|
|
|
|
* Thu Jan 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-50
|
|
- Update translations
|
|
- update sepolicy manpage to generate fcontext equivalence data and to list
|
|
default file context paths.
|
|
- Add ability to generate policy for confined admins and domains like puppet.
|
|
|
|
* Thu Dec 20 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-49
|
|
- Fix semanage permissive , this time with the patch.
|
|
- Update translations
|
|
|
|
* Wed Dec 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-48
|
|
- Fix semanage permissive
|
|
- Change to use correct gtk forward button
|
|
- Update po
|
|
|
|
* Mon Dec 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-47
|
|
- Move audit2why to -devel package
|
|
|
|
* Mon Dec 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-46
|
|
- sepolicy transition was blowing up. Also cleanup output when only source is specified.
|
|
- sepolicy generate should allow policy modules names that include - or _
|
|
|
|
* Mon Dec 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-45
|
|
- Apply patch from Miroslav to display proper range description in man pages g
|
|
- Should print warning on missing default label when run in recusive mode iff
|
|
- Remove extra -R description, and fix recursive description
|
|
|
|
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44
|
|
- Additional fixes for disabled SELinux Box
|
|
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
|
|
|
|
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-43
|
|
- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
|
|
|
|
* Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42
|
|
- Update Translations
|
|
- sepolicy network -d needs to accept multiple domains
|
|
|
|
* Fri Nov 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-41
|
|
- Add --path as a parameter to sepolicy generate
|
|
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
|
|
- Fix sepolicy generate -T to not take an argument, and supress the help message
|
|
- Since this is really just a testing tool
|
|
|
|
* Fri Nov 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-40
|
|
- Fix sepolicy communicate to handle invalid input
|
|
|
|
* Thu Nov 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-39
|
|
- Fix sepolicy network -p to handle high ports
|
|
|
|
* Thu Nov 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-38
|
|
- Fix handling of manpages without entrypoints, nsswitch domains
|
|
- Update Translations
|
|
|
|
* Wed Nov 28 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-37
|
|
- Move sepogen python bindings back into policycoreutils-python out of -devel, since sepolicy is using the
|
|
|
|
* Tue Nov 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-36
|
|
- Fix sepolicy/__init__.py to handle _()
|
|
|
|
* Wed Nov 21 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-35
|
|
- Add Miroslav Grepl patch to create etc_rw_t sock files policy
|
|
|
|
* Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-34
|
|
- Fix semanage to work without policycoreutils-devel installed
|
|
- Update translations
|
|
|
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-33
|
|
- Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
|
|
|
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-32
|
|
- Fix booleansPage not showing booleans
|
|
- Fix audit2allow -b
|
|
|
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-31
|
|
- Fix sepolicy booleans again
|
|
- Fix man page
|
|
|
|
* Mon Nov 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-30
|
|
- Move policy generation tools into policycoreutils-devel
|
|
|
|
* Mon Nov 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-29
|
|
- Document and fix sepolicy booleans
|
|
- Update Translations
|
|
- Fix several spelling mistakes
|
|
|
|
* Wed Nov 7 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-27
|
|
- Only report restorecon warning for missing default label, if not running
|
|
recusively
|
|
- Update translations
|
|
|
|
* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-26
|
|
- Fix semanage booleans -l, move more boolean_dict handling into sepolicy
|
|
- Update translations
|
|
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
|
|
- Fix kill function call should indicate signal_perms not kill capability
|
|
- Error out cleanly in system-config-selinux, if it can not contact XServer
|
|
|
|
* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-25
|
|
- Remove run_init, no longer needed with systemd.
|
|
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
|
|
|
|
* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
|
|
- Fix manpage to generate proper man pages for alternate policy,
|
|
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
|
|
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
|
|
|
|
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
|
|
- Fix some build problems in sepolicy manpage and sepolicy transition
|
|
|
|
* Tue Oct 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-22
|
|
- Add alias man pages to sepolicy manpage
|
|
|
|
* Mon Oct 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-21
|
|
- Redesign sepolicy to only read the policy file once, not for every call
|
|
|
|
* Mon Oct 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20
|
|
- Fixes to sepolicy transition, allow it to list all transitions from a domain
|
|
|
|
* Sat Oct 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-19
|
|
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
|
|
|
|
* Fri Oct 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
|
|
- Allow sepolicy to specify the policy to generate content from
|
|
|
|
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17
|
|
- Fix semanage boolean -F to handle boolean subs
|
|
|
|
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-16
|
|
- Add Miroslav Grepl patch to generate html man pages
|
|
- Update Translations
|
|
- Add option to sandbox to shred files before deleting
|
|
|
|
* Mon Oct 22 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15
|
|
- Add Requires(post) PKGNAME to sepolicy generate /usr/bin/pkg
|
|
|
|
* Fri Oct 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14
|
|
- Add role_allow to sepolicy.search python bindings, this allows us to remove last requirement for setools-cmdline in gui tools.
|
|
- Fix man page generator.
|
|
|
|
* Wed Oct 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13
|
|
- Remove dwalsh@redhat.com from man pages
|
|
- Fix spec file for sepolicy generate
|
|
|
|
* Wed Oct 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-12
|
|
- Add missing spec.py from templates directory needed for sepolicy generate
|
|
- Add /var/tmp as collection point for sandbox apps.
|
|
|
|
* Tue Oct 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-11
|
|
- Handle audit2allow -b in foreign locales
|
|
|
|
* Tue Oct 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-10
|
|
- Update sepolicy generate with patch to create spec file and man page.
|
|
- Patch initiated by Miroslav Grepl
|
|
|
|
* Wed Oct 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-9
|
|
- Fix semanage to verify that types are appropriate for commands.
|
|
* Patch initiated by mgrepl
|
|
* Fixes problem of specifying non file_types for fcontext, or not port_types for semanage port
|
|
|
|
* Tue Oct 9 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8
|
|
- Fix typo in preunstall line for restorecond
|
|
- Add mgrepl patch to consolidate file context generated by sepolicy generate
|
|
|
|
* Mon Oct 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-7
|
|
- Fix manpage generation, missing import
|
|
- Add equiv_dict to get samba booleans into smbd_selinux
|
|
- Add proper translations for booleans and remove selinux.tbl
|
|
|
|
* Sat Oct 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-6
|
|
- Fix system-config-selinux to use sepolicy.generate instead of sepolgen
|
|
|
|
* Thu Oct 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-5
|
|
- Add sepolicy commands, and change tools to use them.
|
|
|
|
* Tue Sep 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-4
|
|
- Rebuild without bogus prebuild 64 bit seunshare app
|
|
|
|
* Sun Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-3
|
|
- Allow fixfiles to specify -v, so they can get verbosity rather then progress.
|
|
- Fix load_file Makefile to use SBINDIR rather then real OS.
|
|
- Fix man pages in setfiles and restorecon to reflect what happens when you relabel the entire OS.
|
|
|
|
* Sun Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-2
|
|
- Use systemd post install scriptlets
|
|
|
|
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
|
|
- Update to upstream
|
|
* genhomedircon: manual page improvements
|
|
* setfiles/restorecon minor improvements
|
|
* run_init: If open_init_pty is not available then just use exec
|
|
* newrole: do not drop capabilities when newrole is run as
|
|
* restorecon: only update type by default
|
|
* scripts: Don't syslog setfiles changes on a fixfiles restore
|
|
* setfiles: do not syslog if no changes
|
|
* Disable user restorecond by default
|
|
* Make restorecon return 0 when a file has changed context
|
|
* setfiles: Fix process_glob error handling
|
|
* semanage: allow enable/disable under -m
|
|
* add .tx to gitignore
|
|
* translations: commit translations from Fedora community
|
|
* po: silence build process
|
|
* gui: Checking in policy to support polgengui and sepolgen.
|
|
* gui: polgen: search for systemd subpackage when generating policy
|
|
* gui: for exploring booleans
|
|
* gui: system-config-selinux gui
|
|
* Add Makefiles to support new gui code
|
|
* gui: remove lockdown wizard
|
|
* return equivalency records in fcontext customized
|
|
* semanage: option to not load new policy into kernel after
|
|
* sandbox: manpage update to describe standard types
|
|
* setsebool: -N should not reload policy on changes
|
|
* semodule: Add -N qualifier to no reload kernel policy
|
|
* gui: polgen: sort selinux types of user controls
|
|
* gui: polgen: follow symlinks and get the real path to
|
|
* gui: Fix missing error function
|
|
* setfiles: return errors when bad paths are given
|
|
* fixfiles: tell restorecon to ignore missing paths
|
|
* setsebool: error when setting multiple options
|
|
* semanage: use boolean subs.
|
|
* sandbox: Make sure Xephyr never listens on tcp ports
|
|
* sepolgen: return and output constraint violation information
|
|
* semanage: skip comments while reading external configuration files
|
|
* restorecond: relabel all mount runtime files in the restorecond example
|
|
* genhomedircon: dynamically create genhomedircon
|
|
* Allow returning of bastard matches
|
|
* sepolgen: return and output constraint violation information
|
|
* audit2allow: one role/type pair per line
|
|
|
|
* Wed Aug 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-6
|
|
- Change polgen to generate dbus apps as optional so they can compile on minimal policy system, patch from Miroslav Grepl
|
|
|
|
* Fri Jul 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-5
|
|
- Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
|
|
|
|
* Thu Jul 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-4
|
|
- Fix restorecon to generate a better percentage of completion on restorecon -R /.
|
|
- Have audit2allow look at the constaint violation and tell the user whether it
|
|
- is because of user,role or level
|
|
|
|
|
|
* Wed Jul 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-3
|
|
- userapps is generating sandbox code in polgengui
|
|
|
|
* Thu Jul 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-2
|
|
- Remove load_policy symbolic link on usrmove systems this breaks the system
|
|
|
|
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
|
|
- Update to upstream
|
|
- policycoreutils
|
|
* restorecond: wrong options should exit with non-zero error code
|
|
* restorecond: Add -h option to get usage command
|
|
* resorecond: user: fix fd leak
|
|
* mcstrans: add -f to run in foreground
|
|
* semanage: fix man page range and level defaults
|
|
* semanage: bash completion for modules should include -a,-m, -d
|
|
* semanage: manpage update for -e
|
|
* semanage: dontaudit off should work
|
|
* semanage: locallist option does not take an argument
|
|
* sepolgen: Make use of setools optional within sepolgen
|
|
- sepolgen
|
|
* Make use of setools optional within sepolgen
|
|
* We need to support files that have a + in them
|
|
|
|
* Thu May 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-18
|
|
- Make restorecon exit with an error on a bad path
|
|
|
|
* Thu May 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-17
|
|
- Fix setsebool command, handling of = broken.
|
|
- Add missing error option in booleansPage
|
|
|
|
* Sun May 20 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-16
|
|
- Fix sepolgen to use realpath on executables handed to it. - Brian Bickford
|
|
|
|
* Fri May 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-15
|
|
- Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
|
|
- Trigger on selinux-policy needs to change to selinux-policy-devel
|
|
- Update translations
|
|
- Fix semanage dontaudit off/on exception
|
|
|
|
* Tue May 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-12
|
|
- Add -N qualifier to semanage, setsebool and semodule to allow you to update
|
|
- policy without reloading it into the kernel.
|
|
|
|
* Thu May 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-11
|
|
- add some definition to the standard types available for sandboxes
|
|
|
|
* Tue May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
|
|
- Remove lockdown wizard
|
|
|
|
* Mon Apr 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-9
|
|
- Fix semanage fcontext -E to extract the equivalance customizations.
|
|
|
|
* Thu Apr 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-8
|
|
- Add mgrepl patch to have sepolgen search for -systemd rpm packages
|
|
|
|
* Tue Apr 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-7
|
|
- Apply Stef Walter patch for semanage man page
|
|
|
|
* Mon Apr 23 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-6
|
|
- Rebuild to get latest libsepol which fixes the file_name transition problems
|
|
- Update translations
|
|
- Fix calls to close fd for restorecond
|
|
|
|
* Fri Apr 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-5
|
|
- Update translations
|
|
- Fix sepolgen to discover unit files in /lib/systemd/
|
|
|
|
* Tue Apr 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-4
|
|
- Update translations
|
|
- Fix segfault on restorecon
|
|
|
|
* Tue Apr 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-3
|
|
- Allow filename transitions to use + in a file name
|
|
|
|
* Fri Mar 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-2
|
|
- Change policycoreutils-python to require selinux-policy-devel package
|
|
|
|
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1
|
|
- Update to upstream
|
|
- policycoreutils
|
|
* sandbox: do not propogate inside mounts outside
|
|
* sandbox: Removing sandbox init script, should no longer be necessary
|
|
* restorecond: Stop using deprecated interfaces for g_io
|
|
* semanage: proper auditting of user changes for LSPP
|
|
* semanage: audit message to show what record(s) and item(s) have chaged
|
|
* scripts: Update Makefiles to handle /usrmove
|
|
* mcstrans: Version should have been bumped on last check in
|
|
* seunshare: Only drop caps not the Bounding Set from seunshare
|
|
* Add bash-completion scripts for setsebool and semanage
|
|
* newrole: Use correct capng calls in newrole
|
|
* Fix infinite loop with inotify on 2.6.31 kernels
|
|
* fix ftbfs with hardening flags
|
|
* Only run setfiles if we found read-write filesystems to run it on
|
|
* update .po files
|
|
* remove empty po files
|
|
* do not fail to install if unable to make load_policy lnk file
|
|
|
|
- sepolgen
|
|
* Fix dead links to www.nsa.gov/selinux
|
|
* audit.py Dont crash if empty data is passed to sepolgen
|
|
* do not use md5 when calculating hash signatures
|
|
* fix detection of policy loads
|
|
|
|
* Wed Mar 28 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-30
|
|
- Have sepolgen script specify the pp file with the make command. From mgrepl.
|
|
|
|
* Wed Mar 21 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-29
|
|
- Fix sepolgen handling of unit files.
|
|
|
|
* Thu Mar 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-28
|
|
- Require selinux-policy-doc
|
|
|
|
* Thu Mar 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-27
|
|
- Fix unit file handling in sepolgen
|
|
|
|
* Wed Feb 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-26
|
|
- Add bash_command completion for setsebool/getsebool
|
|
|
|
* Mon Feb 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-25
|
|
- Disable restorecond on desktop by default
|
|
- Change seunshare to not modify the bounding set
|
|
|
|
* Mon Feb 20 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-24
|
|
- Stop using sandbox init in post install since it no longer exists.
|
|
|
|
* Thu Feb 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-23
|
|
- Change to use new selinux_current_policy_path()
|
|
|
|
* Wed Feb 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-22
|
|
- Change to use new selinux_binary_policy_path()
|
|
- Add systemd_passwd_agent_exec($1), and systemd_read_fifo_file_passwd_run($1) to templates for _admin interface
|
|
|
|
* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-21
|
|
- On full relabels we will now show a estimated percent complete rather then
|
|
just *s.
|
|
|
|
* Wed Feb 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-20
|
|
- Add unit_file.py for sepolgen
|
|
|
|
* Tue Jan 31 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-19
|
|
- Change sepolgen to use sha256 instead of md5
|
|
|
|
* Mon Jan 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-18
|
|
- Stop syslogging on full restore
|
|
- Stop syslogging when restorecon is not changing values
|
|
|
|
* Fri Jan 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
|
|
- Change semanage to produce proper audit records for Common Criteria
|
|
- Cleanup packaging for usrmove
|
|
|
|
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 2.1.10-16
|
|
- fixed load_policy location
|
|
|
|
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 2.1.10-15
|
|
- fixed load_policy location
|
|
|
|
* Thu Jan 26 2012 Harald Hoyer <harald@redhat.com> 2.1.10-14
|
|
- fixed load_policy location
|
|
|
|
* Wed Jan 25 2012 Harald Hoyer <harald@redhat.com> 2.1.10-13
|
|
- add filesystem guard
|
|
|
|
* Wed Jan 25 2012 Harald Hoyer <harald@redhat.com> 2.1.10-12
|
|
- install everything in /usr
|
|
https://fedoraproject.org/wiki/Features/UsrMove
|
|
|
|
* Tue Jan 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-11
|
|
- restorecond fixes:
|
|
Stop using depracated g_io interfaces
|
|
Exit with non zero exit code if wrong options given
|
|
Add -h option
|
|
|
|
* Thu Jan 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-10
|
|
- Eliminate not needed Requires
|
|
|
|
* Wed Jan 18 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-9
|
|
- fix sepolgen to not crash on echo "" | audit2allow
|
|
|
|
* Mon Jan 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-8
|
|
- Remove sandbox init script, should no longer be necessary
|
|
|
|
* Sun Jan 15 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-7
|
|
- Add unit file support to sepolgen, and cleanup some of the output.
|
|
|
|
* Mon Jan 9 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5
|
|
- Fix English in templates for sepolgen
|
|
|
|
* Fri Dec 23 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4
|
|
- Fix the handling of namespaces in seunshare/sandbox.
|
|
- Currently mounting of directories within sandbox is propogating to the
|
|
- parent namesspace.
|
|
|
|
* Thu Dec 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.10-3
|
|
- Add umount code to seunshare to cleanup left over mounts of /var/tmp
|
|
|
|
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.10-2
|
|
- Remove open_init_pty
|
|
|
|
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1
|
|
-Update to upstream
|
|
- sepolgen
|
|
* better analysis of why things broke
|
|
- policycoreutils
|
|
* Remove excess whitespace
|
|
* sandbox: Add back in . functions to sandbox.init script
|
|
* Fix Makefile to match other policycoreutils Makefiles
|
|
* semanage: drop unused translation getopt
|
|
|
|
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.9-3
|
|
- Bump libsepol version requires rebuild
|
|
|
|
* Wed Dec 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.9-2
|
|
- Add back accidently dropped patches for semanage
|
|
|
|
* Tue Dec 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.9-1
|
|
- Upgrade to upstream
|
|
* sandbox: move sandbox.conf.5 to just sandbox.5
|
|
* po: Makefile use -p to preserve times to allow multilib simultatious installs
|
|
* of po files
|
|
* sandbox: Allow user to specify the DPI value for X in a sandbox
|
|
* sandbox: make sure the domain launching sandbox has at least 100 categories
|
|
* sandbox: do not try forever to find available category set
|
|
* sandbox: only complain if sandbox unable to launch
|
|
* sandbox: init script run twice is still successful
|
|
* semanage: print local and dristo equiv rules
|
|
* semanage: check file equivalence rules for conflict
|
|
* semanage: Make sure semanage fcontext -l -C prints even if local keys
|
|
* are not defined
|
|
* semanage: change src,dst to target,substitute for equivalency
|
|
* sestatus: Updated sestatus and man pages.
|
|
* Added SELinux config file man page.
|
|
* add clean target to man Makefile
|
|
|
|
* Wed Nov 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-8
|
|
- Fix semange fcontext -a to check for more conflicts on equivalency
|
|
|
|
* Tue Nov 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-7
|
|
- Fix dpi handling in sandbox
|
|
- Make sure semanage fcontext -l -C prints if only local equiv have changed
|
|
|
|
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-6
|
|
- Add listing of distribution equivalence class from semanage fcontext -l
|
|
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
|
|
|
|
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
|
|
- Allow ~ as a valid part of a filename in sepolgen
|
|
|
|
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4
|
|
- sandbox init script should always return 0
|
|
- sandbox command needs to check range of categories and report error if not big enough
|
|
|
|
* Mon Nov 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-3
|
|
- Allow user to specify DPI when running sandbox
|
|
|
|
* Mon Nov 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-2
|
|
- Add Miroslav patch to return all attributes
|
|
|
|
* Fri Nov 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-1
|
|
- Upgrade to policycoreutils upstream
|
|
* sandbox: Maintain the LANG environment into the sandbox
|
|
* audit2allow: use audit2why internally
|
|
* fixfiles: label /root but not /var/lib/BackupPC
|
|
* semanage: update local boolean settings is dealing with localstore
|
|
* semanage: missing modify=True
|
|
* semanage: set modified correctly
|
|
* restorecond: make restorecond dbuss-able
|
|
* restorecon: Always check return code on asprintf
|
|
* restorecond: make restorecond -u exit when terminal closes
|
|
* sandbox: introduce package name and language stuff
|
|
* semodule_package: remove semodule_unpackage on clean
|
|
* fix sandbox Makefile to support DESTDIR
|
|
* semanage: Add -o description to the semanage man page
|
|
* make use of the new realpath_not_final function
|
|
* setfiles: close /proc/mounts file when finished
|
|
* semodule: Document semodule -p in man page
|
|
* setfiles: fix use before initialized
|
|
* restorecond: Add .local/share as a directory to watch
|
|
- Upgrade to sepolgen upstream
|
|
* Ignore permissive qualifier if found in an interface
|
|
* Return name field in avc data
|
|
|
|
* Mon Oct 31 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-6
|
|
- Rebuild versus newer libsepol
|
|
|
|
* Fri Oct 28 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-5
|
|
- A couple of minor coverity fixes for a potential leaked file descriptor
|
|
- An an unchecked return code.
|
|
- Add ~/.local/share/* to restorecond_user watches
|
|
|
|
* Thu Oct 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-4
|
|
- Have sepolgen return name field in AVC
|
|
|
|
* Thu Oct 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
|
|
- restorecond -u needs to watch terminal for exit if run outside of dbus.
|
|
|
|
* Tue Oct 4 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
|
|
- Do not drop capabilities if running newrole as root
|
|
|
|
* Fri Sep 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-1
|
|
-Update to upstream
|
|
* semanage: fix indentation error in seobject
|
|
|
|
* Thu Sep 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-3
|
|
- Ignore permissive commands in interfaces
|
|
|
|
* Thu Sep 29 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2
|
|
- Remove gnome requirement from polgengui
|
|
|
|
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1
|
|
-Update to upstream
|
|
policycoreutils-2.1.6
|
|
* sepolgen-ifgen: new attr-helper does something
|
|
* audit2allow: use alternate policy file
|
|
* audit2allow: sepolgen-ifgen use the attr helper
|
|
* setfiles: switch from stat to stat64
|
|
* setfiles: Fix potential crash using dereferenced ftsent
|
|
* setfiles: do not wrap * output at 80 characters
|
|
* sandbox: add -Wall and -Werror to makefile
|
|
* sandbox: add sandbox cgroup support
|
|
* sandbox: rewrite /tmp handling
|
|
* sandbox: do not bind mount so much
|
|
* sandbox: add level based kill option
|
|
* sandbox: cntrl-c should kill entire process control group
|
|
* Create a new preserve_tunables flag in sepol_handle_t.
|
|
* semanage: show running and disk setting for booleans
|
|
* semanage: Dont print heading if no items selected
|
|
* sepolgen: audit2allow is mistakakenly not allowing valid module names
|
|
* semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled
|
|
* More files to ignore
|
|
* tree: default make target to all not install
|
|
* sandbox: do not load unused generic init functions
|
|
sepolgen-1.1.2
|
|
* src: sepolgen: add attribute storing infrastructure
|
|
* Change perm-map and add open to try to get better results on
|
|
* look for booleans that might solve problems
|
|
* sepolgen: audit2allow is mistakakenly not allowing valid module names
|
|
* tree: default make target to all not install
|
|
|
|
* Wed Sep 14 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-6
|
|
- Change separator on -L from ; to :
|
|
|
|
* Thu Sep 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-5
|
|
- Add back lockdown wizard for booleans using pywebkitgtk
|
|
|
|
* Wed Sep 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-4
|
|
- Maintain the LANG environment Variable into the sandbox
|
|
- Change restorecon/setfiles to only change type part of the context unless
|
|
-f qualifier is given
|
|
|
|
* Tue Sep 6 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
|
|
- Remove lockdown wizard, since gtkhtml2 is no longer supported.
|
|
|
|
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2
|
|
- Allow setfiles and restorecon to use labeledprefix to speed up processing
|
|
and limit memory.
|
|
|
|
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1
|
|
-Update to upstream
|
|
* policycoreutils
|
|
* setfiles: Fix process_glob to handle error situations
|
|
* sandbox: Allow seunshare to run as root
|
|
* sandbox: trap sigterm to make sure sandbox
|
|
* sandbox: pass DPI from the desktop
|
|
* sandbox: seunshare: introduce helper spawn_command
|
|
* sandbox: seunshare: introduce new filesystem helpers
|
|
* sandbox: add -C option to not drop
|
|
* sandbox: split seunshare caps dropping
|
|
* sandbox: use dbus-launch
|
|
* sandbox: numerous simple updates to sandbox
|
|
* sandbox: do not require selinux context
|
|
* sandbox: Makefile: new man pages
|
|
* sandbox: rename dir to srcdir
|
|
* sandbox: allow users specify sandbox window size
|
|
* sandbox: check for paths up front
|
|
* sandbox: use defined values for paths rather
|
|
* sandbox: move seunshare globals to the top
|
|
* sandbox: whitespace fix
|
|
* semodule_package: Add semodule_unpackage executable
|
|
* setfiles: get rid of some stupid globals
|
|
* setfiles: move exclude_non_seclabel_mounts to a generic location
|
|
* sepolgen
|
|
* refparser: include open among valid permissions
|
|
* refparser: add support for filename_trans rules
|
|
|
|
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-2
|
|
- Fix bug in glob handling for restorecon
|
|
|
|
* Thu Aug 18 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-1
|
|
-Update to upstream
|
|
2.1.4 2011-08-17
|
|
* run_init: clarification of the usage in the
|
|
* semanage: fix usage header around booleans
|
|
* semanage: remove useless empty lines
|
|
* semanage: update man page with new examples
|
|
* semanage: update usage text
|
|
* semanage: introduce file context equivalencies
|
|
* semanage: enable and disable modules
|
|
* semanage: output all local modifications
|
|
* semanage: introduce extraction of local configuration
|
|
* semanage: cleanup error on invalid operation
|
|
* semanage: handle being called with no arguments
|
|
* semanage: return sooner to save CPU time
|
|
* semanage: surround getopt with try/except
|
|
* semanage: use define/raise instead of lots of
|
|
* semanage: some options are only valid for
|
|
* semanage: introduce better deleteall support
|
|
* semanage: do not allow spaces in file
|
|
* semanage: distinguish between builtin and local permissive
|
|
* semanage: centralized ip node handling
|
|
* setfiles: make the restore function exclude() non-static
|
|
* setfiles: use glob to handle ~ and
|
|
* fixfiles: do not hard code types
|
|
* fixfiles: stop trying to be smart about
|
|
* fixfiles: use new kernel seclabel option
|
|
* fixfiles: pipe everything to cat before sending
|
|
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
|
|
* semodule: support for alternative root paths
|
|
|
|
2.1.3 2011-08-03
|
|
* semanage: fix indention
|
|
* semodule_package: fix man page typo
|
|
* semodule_expand: update man page with -a
|
|
* semanage: handle os errors
|
|
* semanage: fix traceback with bad options
|
|
* semanage: show usage on -h or --help
|
|
* semanage: introduce more deleteall options
|
|
* semanage: verify ports < 65536
|
|
* transaction into semanageRecords
|
|
* make get_handle a method of semanageRecords
|
|
* remove a needless blank line
|
|
* make process_one error if not initialized correctly
|
|
* fixfiles: correct usage for r_opts.rootpath
|
|
* put -p in help for restorecon and
|
|
* fixfiles: do not try to only label
|
|
* fixfiles clean up /var/run and /var/lib/debug
|
|
* fixfiles delete tmp sockets and pipes rather
|
|
* fixfile use find -delete instead of pipe
|
|
* chcat man page typo
|
|
* add man page for genhomedircon
|
|
* setfiles fix typo
|
|
* setsebool should inform users they need to
|
|
* setsebool typos
|
|
* open_init_tty man page typos
|
|
* Don't add user site directory to sys.path
|
|
* newrole retain CAP_SETPCAP
|
|
|
|
2.1.2 2011-08-02
|
|
* seunshare: define _GNU_SOURCE earlier
|
|
* make ignore_enoent do something
|
|
* restorecond: first user logged in is not noticed
|
|
* Repo: update .gitignore
|
|
|
|
2.1.1 2011-08-01
|
|
* Man page updates
|
|
* restorecon fix for bad inotify assumptions
|
|
|
|
2.1.0 2011-07-27
|
|
* Release, minor version bump
|
|
|
|
* Tue Jul 26 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-20
|
|
- Fix sepolgen usage statement
|
|
- Stop using -k insandbox
|
|
- Fix seunshare usage statement
|
|
|
|
* Thu Jul 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-18
|
|
- Change seunshare to send kill signals to the childs session.
|
|
- Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
|
|
|
|
* Wed Jul 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-17
|
|
- Add -k qualifier to seunshare to have it attempt to kill all processes with
|
|
the matching MCS label.
|
|
|
|
* Tue Jul 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-16
|
|
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
|
|
the bounding set will be dropped.
|
|
- Change --cgroups short name -c rather then -C for consistancy
|
|
- Fix memory and fd leaks in seunshare
|
|
|
|
* Wed Jun 29 2011 Jóhann B. Guðmundsson <johannbg@gmail.com> - 2.0.86-15
|
|
- Introduce systemd unit file for restorecond drop SysV support
|
|
|
|
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-14
|
|
- Do not drop capability bounding set in seunshare, this allows sandbox to
|
|
- run setuid apps.
|
|
|
|
* Fri Jun 10 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-13
|
|
- Add semanage-bash-completion.sh script
|
|
|
|
* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-12
|
|
- Remove mount -o bind calls from sandbox init script
|
|
- pam_namespace now has this built in.
|
|
|
|
* Tue Jun 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-11
|
|
- Pass desktop dpi to sandbox Xephyr window
|
|
|
|
* Mon Jun 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-10
|
|
- Allow semodule to pick alternate root for selinux files
|
|
- Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
|
|
|
|
* Wed May 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-9
|
|
- Fix var_spool template read_spool_files
|
|
- Fix sepolgen to handle filename transitions
|
|
|
|
* Mon May 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-8
|
|
- Templates cleanedup by Dominic Grift
|
|
|
|
* Fri Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-7
|
|
- Clean up some of the templates for sepolgen
|
|
|
|
* Fri Apr 22 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-6
|
|
- Apply patches from Christoph A.
|
|
* fix sandbox title
|
|
* stop xephyr from li
|
|
- Also ignore errors on sandbox include of directory missing files
|
|
|
|
* Thu Apr 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-5
|
|
- rebuild versus latest libsepol
|
|
|
|
* Mon Apr 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-4
|
|
- Change fixfiles restore to delete unlabeled sockets in /tmp
|
|
|
|
* Mon Apr 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-2
|
|
- rebuild versus latest libsepol
|
|
|
|
* Tue Apr 12 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-1
|
|
- Update to upstream
|
|
* Use correct color range in mcstrand by Richard Haines.
|
|
|
|
* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-30
|
|
- Add Elia Pinto patches to allow user to specify directories to ignore
|
|
|
|
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-29
|
|
- Fix policycoreutils-sandbox description
|
|
|
|
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
|
|
- rsynccmd should run outside of execcon
|
|
|
|
* Thu Mar 24 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-27
|
|
- Fix semange node handling of ipv6 addresses
|
|
|
|
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-26
|
|
- Fix sepolgen-ifgen call, add -p option
|
|
|
|
* Wed Mar 23 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-25
|
|
- Fix sepolgen-ifgen call
|
|
|
|
* Fri Mar 18 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-24
|
|
- Fix rsync command to work if the directory is old.
|
|
- Fix all tests
|
|
|
|
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-23
|
|
- Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node
|
|
|
|
* Wed Mar 16 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-22
|
|
- Return to original seunshare man page
|
|
|
|
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-21
|
|
- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_*
|
|
- This will allow default sandboxes to work on NFS homedirs without allowing
|
|
access to homedir data
|
|
|
|
* Fri Mar 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-20
|
|
- Change sepolgen-ifgen to search all available policy files
|
|
- Exit in restorecond if it can not find a UID in the passwd database
|
|
|
|
* Wed Mar 9 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-19
|
|
- Fix portspage in system-config-selinux to not crash
|
|
- More fixes for seunshare from Tomas Hoger
|
|
|
|
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-18
|
|
- put back in old handling of -T in sandbox command
|
|
- Put back setsid in seunshare
|
|
- Fix rsync to maintain times
|
|
|
|
* Tue Mar 8 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-17
|
|
- Use rewritten seunshare from thoger
|
|
|
|
* Mon Mar 7 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-16
|
|
- Require python-IPy for policycoreutils-python package
|
|
- Fixes for sepologen
|
|
- Usage statement needs -n name
|
|
- Names with _ are being prevented
|
|
- dbus apps should get _chat interface
|
|
|
|
* Thu Mar 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-15
|
|
- Fix error message in seunshare, check for tmpdir existance before unlink.
|
|
|
|
* Fri Feb 25 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-13
|
|
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
|
|
- Only allow names in polgengui that contain letters and numbers
|
|
- Fix up node handling in semanage command
|
|
- Update translations
|
|
|
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-12
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
|
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
|
|
- Fix sandbox policy creation with udp connect ports
|
|
|
|
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
|
|
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
|
|
- Cleanup chcat man page
|
|
|
|
* Wed Feb 2 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-9
|
|
- Report full errors on OSError on Sandbox
|
|
|
|
* Fri Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8
|
|
- Fix newrole hanlding of pcap
|
|
|
|
* Wed Jan 19 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-7
|
|
- Have restorecond watch more directories in homedir
|
|
|
|
* Fri Jan 14 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-6
|
|
- Add sandbox to sepolgen
|
|
|
|
* Thu Jan 6 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-4
|
|
- Fix proper handling of getopt errors
|
|
- Do not allow modules names to contain spaces
|
|
|
|
* Wed Jan 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-3
|
|
- Polgengui raises the wrong type of exception. #471078
|
|
- Change semanage to not allow it to semanage module -D
|
|
- Change setsebool to suggest run as root on failure
|
|
|
|
* Wed Dec 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-2
|
|
- Fix restorecond watching utmp file for people logging in our out
|
|
|
|
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.85-1
|
|
- Update to upstream
|
|
|
|
* Thu Dec 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-5
|
|
- Change to allow sandbox to run on nfs homedirs, add start python script
|
|
|
|
* Wed Dec 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-4
|
|
- Move seunshare to sandbox package
|
|
|
|
* Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-3
|
|
- Fix sandbox to show correct types in usage statement
|
|
|
|
* Mon Nov 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-2
|
|
- Stop fixfiles from complaining about missing dirs
|
|
|
|
* Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.84-1
|
|
- Update to upstream
|
|
- List types available for sandbox in usage statement
|
|
|
|
* Mon Nov 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-37
|
|
- Don't report error on load_policy when system is disabled.
|
|
|
|
* Mon Nov 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-36
|
|
- Fix up problems pointed out by solar designer on dropping capabilities
|
|
|
|
* Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-35
|
|
- Check if you have full privs and reset otherwise dont drop caps
|
|
|
|
* Mon Nov 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-34
|
|
- Fix setools require line
|
|
|
|
* Fri Oct 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-33
|
|
- Move /etc/pam.d/newrole in to polcicycoreutils-newrole
|
|
- Additional capability checking in sepolgen
|
|
|
|
* Mon Oct 25 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-32
|
|
- Remove setuid flag and replace with file capabilities
|
|
- Fix sandbox handling of files with spaces in them
|
|
|
|
* Wed Sep 29 2010 jkeating - 2.0.83-31
|
|
- Rebuilt for gcc bug 634757
|
|
|
|
* Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-30
|
|
- Move restorecond into its own subpackage
|
|
|
|
* Thu Sep 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-29
|
|
- Fix semanage man page
|
|
|
|
* Mon Sep 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-28
|
|
- Add seremote, to allow the execution of command inside the sandbox from outside the sandbox.
|
|
|
|
* Mon Sep 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-27
|
|
- Fix sandbox copyfile when copying a dir with a socket, print error
|
|
|
|
* Fri Sep 10 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-26
|
|
- Stop polgengui from crashing if selinux policy is not installed
|
|
|
|
* Thu Sep 9 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-25
|
|
- Fix bug preventing sandbox from using -l
|
|
|
|
* Tue Sep 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-24
|
|
- Eliminate quotes fro desktop files
|
|
|
|
* Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-23
|
|
- Add -w windowsize patch from Christoph A.
|
|
|
|
* Mon Aug 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-22
|
|
- Update po
|
|
|
|
* Wed Aug 25 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-21
|
|
- Update po
|
|
|
|
* Tue Aug 24 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-20
|
|
- Tighten down seunshare to create /tmp dir with sticky bit and MS_NODEV | MS_NOSUID | MS_NOEXEC;
|
|
- Remove setsid on seunshare so ^c on sandbox will cause apps to exit
|
|
- Add dbus-launch --exit-with-session so all processes launched within the sandbox exit with the sandbox
|
|
- Clean up error handling so error will get sent back to sandbox tool
|
|
|
|
* Mon Aug 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-19
|
|
- Fix translation handling in file context page of system-config-selinux
|
|
|
|
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-18
|
|
- Fix sandbox error handling
|
|
|
|
* Fri Aug 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-17
|
|
- Apply patch to restorecond from Chris Adams, which will cause restorecond
|
|
- to watch first user that logs in.
|
|
|
|
* Thu Aug 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-16
|
|
- Add COPYING file to doc dir
|
|
|
|
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-15
|
|
- Update po and translations
|
|
Resolves: #610473
|
|
|
|
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-14
|
|
- More fixes for polgen tools
|
|
|
|
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-13
|
|
- Remove requirement to run selinux-polgen as root
|
|
|
|
* Thu Aug 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-12
|
|
- Update po and translations
|
|
- Fix gui policy generation tools
|
|
|
|
* Wed Aug 4 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-11
|
|
- Update po and translations
|
|
|
|
* Sat Jul 31 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.83-10
|
|
- rebuild against python 2.7
|
|
|
|
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9
|
|
- Update selinux-polgengui to sepolgen policy generation
|
|
|
|
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-8
|
|
- Fix invalid free in seunshare and fix man page
|
|
|
|
* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-7
|
|
- Update translations
|
|
|
|
* Mon Jul 26 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-6
|
|
- Fix sandbox man page
|
|
|
|
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 2.0.83-5
|
|
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
|
|
|
* Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-4
|
|
- Add translations for menus
|
|
- Fixup man page from Russell Coker
|
|
|
|
* Tue Jun 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-3
|
|
- Change python scripts to use -s flag
|
|
- Update po
|
|
|
|
* Tue Jun 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-1
|
|
- Update to upstream
|
|
* Add sandbox support from Dan Walsh with modifications from Steve Lawrence.
|
|
|
|
* Tue Jun 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-31
|
|
- Fix sepolgen code generation
|
|
Resolve: #603001
|
|
|
|
* Tue Jun 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-30
|
|
- Add cgroup support for sandbox
|
|
|
|
* Mon Jun 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-29
|
|
- Allow creation of /var/cache/DOMAIN from sepolgen
|
|
|
|
* Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-28
|
|
- Fix sandbox init script
|
|
- Add dbus-launch to sandbox -X
|
|
Resolve: #599599
|
|
|
|
* Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-27
|
|
- Move genhomedircon.8 to same package as genhomedircon
|
|
- Fix sandbox to pass unit test
|
|
Resolves: #595796
|
|
|
|
* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-26
|
|
- Fix listing of booleans from audit2allow
|
|
|
|
* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-25
|
|
- Fix audit2allow to output if the current policy has avc
|
|
- Update translations
|
|
- Fix icon
|
|
|
|
* Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24
|
|
- Man page fixes
|
|
- sandbox fixes
|
|
- Move seunshare to base package
|
|
|
|
* Fri May 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-23
|
|
- Fix seunshare translations
|
|
- Fix seunshare to work on all arches
|
|
- Fix icon for system-config-selinux
|
|
Resolves: #595276
|
|
|
|
* Fri May 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-22
|
|
- Fix can_exec definition in sepolgen
|
|
|
|
* Fri May 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-21
|
|
- Add man page for seunshare and genhomedircon
|
|
Resolves: #594303
|
|
- Fix node management via semanage
|
|
|
|
* Wed May 19 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-20
|
|
- Fixes from upstream for sandbox command
|
|
Resolves: #580938
|
|
|
|
* Thu May 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-18
|
|
- Fix sandbox error handling on copyfile
|
|
- Fix desktop files
|
|
|
|
* Tue May 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-17
|
|
- Fix policy tool to have correct name in menus
|
|
- Fix seunshare to handle /tmp being in ~/home
|
|
- Fix saving of altered files
|
|
- Update translations
|
|
|
|
* Tue May 4 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-15
|
|
- Allow audit2allow to specify alternative policy file for analysis
|
|
|
|
* Mon May 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-14
|
|
- Update po
|
|
- Fix sepolgen --no_attrs
|
|
Resolves: #588280
|
|
|
|
* Thu Apr 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-13
|
|
- Make semanage boolean work on disabled machines and during livecd xguest
|
|
- Fix homedir and tmpdir handling in sandbox
|
|
Resolves: #587263
|
|
|
|
* Wed Apr 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-11
|
|
- Make semanage boolean work on disabled machines
|
|
|
|
* Tue Apr 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-10
|
|
- Make sepolgen-ifgen be quiet
|
|
|
|
* Wed Apr 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-8
|
|
- Make sepolgen report on more interfaces
|
|
- Fix system-config-selinux display of modules
|
|
|
|
* Thu Apr 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-7
|
|
- Fix crash when args are empty
|
|
Resolves: #582542
|
|
- Fix semange to exit on bad options
|
|
- Fix semanage dontaudit man page section
|
|
Resolves: #582533
|
|
|
|
* Wed Apr 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-6
|
|
- Remove debug line from semanage
|
|
- Update po
|
|
|
|
* Tue Apr 13 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-5
|
|
- Fix sandbox comment on HOMEDIRS
|
|
- Fix sandbox to throw error on bad executable
|
|
|
|
* Tue Apr 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-4
|
|
- Fix spacing in templates
|
|
|
|
* Wed Mar 31 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-3
|
|
- Fix semanage return codes
|
|
|
|
* Tue Mar 30 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-2
|
|
- Fix sepolgen to confirm to the "Reference Policy Style Guide"
|
|
|
|
* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-1
|
|
- Update to upstream
|
|
* Add avc's since boot from Dan Walsh.
|
|
* Fix unit tests from Dan Walsh.
|
|
|
|
* Tue Mar 23 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-4
|
|
- Update to upstream - sepolgen
|
|
* Add since-last-boot option to audit2allow from Dan Walsh.
|
|
* Fix sepolgen output to match what Chris expects for upstream
|
|
refpolicy from Dan Walsh.
|
|
|
|
* Mon Mar 22 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-3
|
|
- Allow restorecon on > 2 Gig files
|
|
|
|
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-2
|
|
- Fix semanage handling of boolean options
|
|
- Update translations
|
|
|
|
* Fri Mar 12 2010 Dan Walsh <dwalsh@redhat.com> 2.0.81-1
|
|
- Update to upstream
|
|
* Add dontaudit flag to audit2allow from Dan Walsh.
|
|
|
|
* Thu Mar 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.80-2
|
|
- Use --rbind in sandbox init scripts
|
|
|
|
* Mon Mar 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.80-1
|
|
- Update to upstream
|
|
* Module enable/disable support from Dan Walsh.
|
|
|
|
* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-5
|
|
- Rewrite of sandbox script, add unit test for sandbox
|
|
- Update translations
|
|
|
|
* Mon Mar 1 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-4
|
|
- Fix patch for dontaudit rules from audit2allow for upstream acceptance
|
|
|
|
* Fri Feb 26 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-3
|
|
- Fixes for fixfiles
|
|
|
|
* Wed Feb 17 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-2
|
|
- Fix sandbox to complain if mount-shared has not been run
|
|
- Fix to use /etc/sysconfig/sandbox
|
|
|
|
* Tue Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
|
|
- Update to upstream
|
|
* Fix double-free in newrole
|
|
- Fix python language handling
|
|
|
|
* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
|
|
- Fix display of command in sandbox
|
|
|
|
* Fri Feb 5 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-20
|
|
- Catch OSError in semanage
|
|
|
|
* Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-19
|
|
- Fix seobject and fixfiles
|
|
|
|
* Fri Jan 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-17
|
|
- Change seobject to use translations properly
|
|
|
|
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-16
|
|
- Cleanup spec file
|
|
Resolves: 555835
|
|
|
|
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15
|
|
- Add use_resolve to sepolgen
|
|
|
|
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
|
|
- Add session capability to sandbox
|
|
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
|
|
|
|
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-13
|
|
- Fix executable template for fifo files
|
|
|
|
* Tue Jan 19 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-12
|
|
- Fix patch xod xmodmap
|
|
- Exit 0 from script
|
|
|
|
* Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
|
|
- Run with the same xdmodmap in sandbox as outside
|
|
- Patch from Josh Cogliati
|
|
|
|
* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-10
|
|
- Fix sepolgen to not generate user sh section on non user policy
|
|
|
|
* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-9
|
|
- Add -e to semanage man page
|
|
- Add -D qualifier to audit2allow to generate dontaudit rules
|
|
|
|
* Wed Jan 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-8
|
|
- Speed up audit2allow processing of audit2why comments
|
|
|
|
* Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-7
|
|
- Fixes to sandbox man page
|
|
|
|
* Thu Dec 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-6
|
|
- Add setools-libs-python to requires for gui
|
|
|
|
* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-5
|
|
- If restorecond running as a user has no files to watch then it should exit. (NFS Homedirs)
|
|
|
|
* Thu Dec 10 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-4
|
|
- Move sandbox man page to base package
|
|
|
|
* Tue Dec 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-3
|
|
- Fix audit2allow to report constraints, dontaudits, types, booleans
|
|
|
|
* Fri Dec 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-2
|
|
- Fix restorecon -i to ignore enoent
|
|
|
|
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-1
|
|
- Update to upstream
|
|
* Remove non-working OUTFILE from fixfiles from Dan Walsh.
|
|
* Additional exception handling in chcat from Dan Walsh.
|
|
|
|
* fix sepolgen to read a "type 1403" msg as a policy load by Stephen
|
|
Smalley <sds@tycho.nsa.gov>
|
|
* Add support for Xen ocontexts from Paul Nuzzi.
|
|
|
|
* Tue Nov 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.77-1
|
|
- Update to upstream
|
|
* Fixed bug preventing semanage node -a from working
|
|
from Chad Sellers
|
|
* Fixed bug preventing semanage fcontext -l from working
|
|
from Chad Sellers
|
|
- Change semanage to use unicode
|
|
|
|
* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1
|
|
- Update to upstream
|
|
* Remove setrans management from semanage, as it does not work
|
|
from Dan Walsh.
|
|
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
|
|
|
|
* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-3
|
|
- Raise exception if user tries to add file context with an embedded space
|
|
|
|
* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
|
|
- Fix sandbox to setsid so it can run under mozilla without crashing the session
|
|
|
|
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
|
|
- Update to upstream
|
|
* Factor out restoring logic from setfiles.c into restore.c
|
|
|
|
* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-15
|
|
- Fix typo in seobject.py
|
|
|
|
* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-14
|
|
- Allow semanage -i and semanage -o to generate customization files.
|
|
- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration
|
|
|
|
* Tue Oct 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-13
|
|
- Fix restorecond man page
|
|
|
|
* Mon Oct 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-12
|
|
- Add generation of the users context file to polgengui
|
|
|
|
* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-11
|
|
- Remove tabs from system-config-selinux glade file
|
|
|
|
* Thu Oct 15 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-10
|
|
- Remove translations screen from system-config-selinux
|
|
|
|
* Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-9
|
|
- Move fixfiles man pages into the correct package
|
|
- Add genhomedircon to fixfiles restore
|
|
|
|
* Tue Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
|
|
- Add check to sandbox to verify save changes - Chris Pardy
|
|
- Fix memory leak in restorecond - Steve Grubb
|
|
|
|
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-7
|
|
- Fixes Templates
|
|
|
|
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-6
|
|
- Fixes for polgengui to handle tcp ports correctly
|
|
- Fix semanage node -a
|
|
|
|
* Wed Sep 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-5
|
|
- Fixes for semanage -equiv, readded modules, --enable, --disable
|
|
|
|
* Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-4
|
|
- Close sandbox when eclipse exits
|
|
|
|
* Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3
|
|
- Security fixes for seunshare
|
|
- Fix Sandbox to handle non file input to command.
|
|
|
|
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2
|
|
- Security fixes for seunshare
|
|
|
|
* Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-1
|
|
- Update to upstream
|
|
* Change semodule upgrade behavior to install even if the module
|
|
is not present from Dan Walsh.
|
|
* Make setfiles label if selinux is disabled and a seclabel aware
|
|
kernel is running from Caleb Case.
|
|
* Clarify forkpty() error message in run_init from Manoj Srivastava.
|
|
|
|
* Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-5
|
|
- Fix sandbox to handle relative paths
|
|
|
|
* Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-4
|
|
- Add symbolic link to load_policy
|
|
|
|
* Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-3
|
|
- Fix restorecond script to use force-reload
|
|
|
|
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-2
|
|
- Fix init script to show status in usage message
|
|
|
|
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-1
|
|
- Update to upstream
|
|
* Add semanage dontaudit to turn off dontaudits from Dan Walsh.
|
|
* Fix semanage to set correct mode for setrans file from Dan Walsh.
|
|
* Fix malformed dictionary in portRecord from Dan Walsh.
|
|
* Restore symlink handling support to restorecon based on a patch by
|
|
Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
|
|
udev scripts that was broken by policycoreutils 2.0.70.
|
|
|
|
* Thu Sep 3 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-15
|
|
- Add DAC_OVERRIED to seunshare
|
|
|
|
* Wed Sep 2 2009 Bill Nottingham <notting@redhat.com> 2.0.71-15
|
|
- Fix typo
|
|
|
|
* Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
|
|
- Add enable/disable patch
|
|
|
|
* Thu Aug 27 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.71-13
|
|
- rebuilt with new audit
|
|
|
|
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-12
|
|
- Tighten up controls on seunshare.c
|
|
|
|
* Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-11
|
|
- Add sandboxX
|
|
|
|
* Sat Aug 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-10
|
|
- Fix realpath usage to only happen on argv input from user
|
|
|
|
* Fri Aug 21 2009 Ville Skyttä <ville.skytta@iki.fi> - 2.0.71-9
|
|
- Don't try to remove restorecond after last erase (done already in %%preun).
|
|
- Ensure scriptlets exit with status 0.
|
|
- Fix %%post and %%pr
|
|
|
|
* Thu Aug 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-7
|
|
- Fix glob handling of /..
|
|
|
|
* Wed Aug 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-6
|
|
- Redesign restorecond to use setfiles/restore functionality
|
|
|
|
* Wed Aug 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-5
|
|
- Fix sepolgen again
|
|
|
|
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4
|
|
- Add --boot flag to audit2allow to get all AVC messages since last boot
|
|
|
|
* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-3
|
|
- Fix semanage command
|
|
|
|
* Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-2
|
|
- exclude unconfined.if from sepolgen
|
|
|
|
* Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-1
|
|
- Fix chcat to report error on non existing file
|
|
- Update to upstream
|
|
* Modify setfiles/restorecon checking of exclude paths. Only check
|
|
user-supplied exclude paths (not automatically generated ones based on
|
|
lack of seclabel support), don't require them to be directories, and
|
|
ignore permission denied errors on them (it is ok to exclude a path to
|
|
which the caller lacks permission).
|
|
|
|
* Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 2.0.70-2
|
|
- Don't warn if the user did not specify the exclude if root can not stat file system
|
|
|
|
* Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.70-1
|
|
- Update to upstream
|
|
* Modify restorecon to only call realpath() on user-supplied pathnames
|
|
from Stephen Smalley.
|
|
* Fix typo in fixfiles that prevented it from relabeling btrfs
|
|
filesystems from Dan Walsh.
|
|
|
|
* Wed Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
|
|
- Fix location of man pages
|
|
- Update to upstream
|
|
* Modify setfiles to exclude mounts without seclabel option in
|
|
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
|
|
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
|
|
Pardy and Dan Walsh.
|
|
* setfiles converted to fts from Thomas Liu.
|
|
|
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.64-3
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
|
* Tue Jul 7 2009 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.64-2
|
|
- fix multiple directory ownership of mandirs
|
|
|
|
* Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.64-1
|
|
- Update to upstream
|
|
* Keep setfiles from spamming console from Dan Walsh.
|
|
* Fix chcat's category expansion for users from Dan Walsh.
|
|
- Update po files
|
|
- Fix sepolgen
|
|
|
|
* Thu Jun 4 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-5
|
|
- Add sepolgen executable
|
|
|
|
* Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-4
|
|
- Fix Sandbox option handling
|
|
- Fix fixfiles handling of btrfs
|
|
|
|
* Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-3
|
|
- Fix sandbox to be able to execute files in homedir
|
|
|
|
* Fri May 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-2
|
|
- Change polgen.py to be able to generate policy
|
|
|
|
* Wed May 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-1
|
|
- Update to upstream
|
|
* Fix transaction checking from Dan Walsh.
|
|
* Make fixfiles -R (for rpm) recursive.
|
|
* Make semanage permissive clean up after itself from Dan Walsh.
|
|
* add /root/.ssh/* to restorecond.conf
|
|
|
|
* Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14
|
|
- Fix audit2allow -a to retun /var/log/messages
|
|
|
|
* Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-13
|
|
- Run restorecond as a user service
|
|
|
|
* Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-12
|
|
- Add semanage module support
|
|
|
|
* Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-10
|
|
- Do not print \n, if count < 1000;
|
|
|
|
* Sat Apr 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-9
|
|
- Handle case where subs file does not exist
|
|
|
|
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-8
|
|
- Update po files
|
|
- Add --equiv command for semanage
|
|
|
|
* Tue Mar 31 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-7
|
|
- Cleanup creation of permissive domains
|
|
- Update po files
|
|
|
|
* Mon Mar 23 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-6
|
|
- Update po files
|
|
|
|
* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-5
|
|
- Fix semanage transations
|
|
|
|
* Sat Mar 7 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-4
|
|
- Update polgengui templates to match current upstream policy
|
|
|
|
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.62-3
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
|
* Mon Feb 23 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-2
|
|
- Add /root/.ssh to restorecond.conf
|
|
- fixfiles -R package should recursively fix files
|
|
|
|
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-1
|
|
- Update to upstream
|
|
* Add btrfs to fixfiles from Dan Walsh.
|
|
* Remove restorecond error for matching globs with multiple hard links
|
|
and fix some error messages from Dan Walsh.
|
|
* Make removing a non-existant module a warning rather than an error
|
|
from Dan Walsh.
|
|
* Man page fixes from Dan Walsh.
|
|
|
|
* Mon Feb 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-10
|
|
- Fix script created by polgengui to not refer to selinux-policy-devel
|
|
|
|
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-9
|
|
- Change initc scripts to use proper labeling on gui
|
|
|
|
* Mon Feb 9 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-8
|
|
- Add obsoletes to cause policycoreuils to update both python and non python version
|
|
|
|
* Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-7
|
|
- Dont report errors on glob match and multiple links
|
|
|
|
* Thu Jan 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-6
|
|
- Move sepolgen-ifgen to post python
|
|
|
|
* Wed Jan 21 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-4
|
|
- Fix Translations
|
|
|
|
* Tue Jan 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-3
|
|
- Add Domains Page to system-config-selinux
|
|
- Add ability to create dbus confined applications to polgen
|
|
|
|
* Wed Jan 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-2
|
|
- Split python into a separate package
|
|
|
|
* Tue Jan 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-1
|
|
- Update to upstream
|
|
* chcat: cut categories at arbitrary point (25) from Dan Walsh
|
|
* semodule: use new interfaces in libsemanage for compressed files
|
|
from Dan Walsh
|
|
* audit2allow: string changes for usage
|
|
|
|
* Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.60-7
|
|
- Don't error out when removing a non existing module
|
|
|
|
* Mon Dec 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-6
|
|
- fix audit2allow man page
|
|
|
|
* Wed Dec 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-5
|
|
- Fix Japanese translations
|
|
|
|
* Sat Dec 6 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-4
|
|
- Change md5 to hashlib.md5 in sepolgen
|
|
|
|
* Thu Dec 04 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.60-3
|
|
- Rebuild for Python 2.6
|
|
|
|
* Tue Dec 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-2
|
|
- Fix error checking in restorecond, for inotify_add_watch
|
|
|
|
* Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-1
|
|
- Update to upstream
|
|
* semanage: use semanage_mls_enabled() from Stephen Smalley.
|
|
|
|
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0.59-2
|
|
- Rebuild for Python 2.6
|
|
|
|
* Tue Nov 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.59-1
|
|
- Update to upstream
|
|
* fcontext add checked local records twice, fix from Dan Walsh.
|
|
|
|
* Mon Nov 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.58-1
|
|
- Update to upstream
|
|
* Allow local file context entries to override policy entries in
|
|
semanage from Dan Walsh.
|
|
* Newrole error message corrections from Dan Walsh.
|
|
* Add exception to audit2why call in audit2allow from Dan Walsh.
|
|
|
|
* Fri Nov 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
|
|
- add compression
|
|
|
|
* Tue Nov 04 2008 Jesse Keating <jkeating@redhat.com> - 2.0.57-11
|
|
- Move the usermode-gtk requires to the -gui subpackage.
|
|
|
|
* Thu Oct 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-10
|
|
- Fix traceback in audit2why
|
|
|
|
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-9
|
|
- Make GUI use translations
|
|
|
|
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-8
|
|
- Fix typo in man page
|
|
|
|
* Tue Oct 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-7
|
|
- Handle selinux disabled correctly
|
|
- Handle manipulation of fcontext file correctly
|
|
|
|
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-6
|
|
- Add usermode-gtk requires
|
|
|
|
* Thu Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-5
|
|
- Allow addition of local modifications of fcontext policy.
|
|
|
|
* Mon Oct 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-4
|
|
- Fix system-config-selinux booleanspage throwing and exception
|
|
- Update po files
|
|
|
|
* Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-3
|
|
- Fix text in newrole
|
|
- Fix revertbutton on booleans page in system-config-selinux
|
|
|
|
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-2
|
|
- Change semodule calls for libsemanage
|
|
|
|
* Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-1
|
|
- Update to upstream
|
|
* Update po files from Dan Walsh.
|
|
|
|
* Fri Sep 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.56-1
|
|
- Fix semanage help display
|
|
- Update to upstream
|
|
* fixfiles will now remove all files in /tmp and will check for
|
|
unlabeled_t in /tmp and /var/tmp from Dan Walsh.
|
|
* add glob support to restorecond from Dan Walsh.
|
|
* allow semanage to handle multi-line commands in a single transaction
|
|
from Dan Walsh.
|
|
|
|
* Thu Sep 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-8
|
|
- Only call gen_requires once in sepolgen
|
|
|
|
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-7
|
|
- Change Requires line to gnome-python2-gnome
|
|
- Fix spelling mistakes
|
|
- Require libselinux-utils
|
|
|
|
* Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-5
|
|
- Add node support to semanage
|
|
|
|
* Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-4
|
|
- Fix fixfiles to correct unlabeled_t files and remove .? files
|
|
|
|
* Wed Sep 3 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-2
|
|
- Add glob support to restorecond so it can check every file in the homedir
|
|
|
|
* Thu Aug 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-1
|
|
- Update to upstream
|
|
* Merged semanage node support from Christian Kuester.
|
|
|
|
* Fri Aug 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-7
|
|
- Add require libsemanage-python
|
|
|
|
* Mon Aug 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-6
|
|
- Add missing html_util.py file
|
|
|
|
* Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-5
|
|
- Fixes for multiple transactions
|
|
|
|
* Wed Aug 6 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-2
|
|
- Allow multiple transactions in one semanage command
|
|
|
|
* Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-1
|
|
- Update to upstream
|
|
* Add support for boolean files and group support for seusers from Dan Walsh.
|
|
* Ensure that setfiles -p output is newline terminated from Russell Coker.
|
|
|
|
* Fri Aug 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-3
|
|
- Allow semanage user to add group lists % groupname
|
|
|
|
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-2
|
|
- Fix help
|
|
|
|
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-1
|
|
- Update to upstream
|
|
* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
|
|
|
|
* Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-6
|
|
- Fix boolean handling
|
|
- Upgrade to latest sepolgen
|
|
- Update po patch
|
|
|
|
* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-5
|
|
- Additial cleanup of boolean handling for semanage
|
|
|
|
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-4
|
|
- Handle ranges of ports in gui
|
|
|
|
* Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-3
|
|
- Fix indent problems in seobject
|
|
|
|
* Wed Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-2
|
|
- Add lockdown wizard
|
|
- Allow semanage booleans to take an input file an process lots of booleans at once.
|
|
|
|
* Wed Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-1
|
|
- Default prefix to "user"
|
|
|
|
* Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2
|
|
- Remove semodule use within semanage
|
|
- Fix launching of polgengui from toolbar
|
|
|
|
* Mon Jun 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-1
|
|
- Update to upstream
|
|
* Fix audit2allow generation of role-type rules from Karl MacMillan.
|
|
|
|
* Tue Jun 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-10
|
|
- Fix spelling of enforcement
|
|
|
|
* Mon Jun 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-8
|
|
- Fix sepolgen/audit2allow handling of roles
|
|
|
|
* Mon Jun 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-7
|
|
- Fix sepolgen-ifgen processing
|
|
|
|
* Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-6
|
|
- Add deleteall to semanage permissive, cleanup error handling
|
|
|
|
* Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-5
|
|
- Complete removal of rhpl requirement
|
|
|
|
* Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-4
|
|
- Add semanage permissive *
|
|
|
|
* Fri May 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-3
|
|
- Fix fixfiles to cleanup /tmp and /var/tmp
|
|
|
|
* Fri May 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-2
|
|
- Fix listing of types in gui
|
|
|
|
* Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-1
|
|
- Update to upstream
|
|
* Remove security_check_context calls for prefix validation from semanage.
|
|
* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
|
|
|
|
* Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-3
|
|
- Remove /usr/share/locale/sr@Latn/LC_MESSAGES/policycoreutils.mo
|
|
|
|
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-2
|
|
- Add rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* to fixfiles restore
|
|
- So that mislabeled files will get removed on full relabel
|
|
|
|
* Wed May 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.47-1
|
|
- Make restorecond not start by default
|
|
- Fix polgengui to allow defining of confined roles.
|
|
- Add patches from Lubomir Rintel <lkundrak@v3.sk>
|
|
* Add necessary runtime dependencies on setools-console for -gui
|
|
* separate stderr when run seinfo commands
|
|
- Update to upstream
|
|
* Update semanage man page for booleans from Dan Walsh.
|
|
* Add further error checking to seobject.py for setting booleans.
|
|
|
|
* Fri Apr 18 2008 Matthias Clasen <mclasen@redhat.com> - 2.0.46-5
|
|
- Uninvasive (ie no string or widget changes) HIG approximations
|
|
in selinux-polgenui
|
|
|
|
* Fri Apr 18 2008 Matthias Clasen <mclasen@redhat.com> - 2.0.46-4
|
|
- Move s-c-selinux to the right menu
|
|
|
|
* Sun Apr 6 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-3
|
|
- Fix boolean descriptions
|
|
- Fix semanage man page
|
|
|
|
* Wed Mar 19 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-2
|
|
- Don't use prefix in gui
|
|
|
|
* Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-1
|
|
- Update to upstream
|
|
* Update audit2allow to report dontaudit cases from Dan Walsh.
|
|
* Fix semanage port to use --proto from Caleb Case.
|
|
|
|
* Fri Feb 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.44-1
|
|
- Update to upstream
|
|
* Fix for segfault when conf file parse error occurs.
|
|
|
|
* Wed Feb 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.43-2
|
|
- Don't show tabs on polgengui
|
|
|
|
* Wed Feb 13 2008 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
|
|
- Update to upstream
|
|
* Merged fix fixfiles option processing from Vaclav Ovsik.
|
|
- Added existing users, staff and user_t users to polgengui
|
|
|
|
* Fri Feb 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
|
|
- Add messages for audit2allow DONTAUDIT
|
|
|
|
* Tue Feb 5 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-2
|
|
- Add ability to transition to roles via polgengui
|
|
|
|
* Sat Feb 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-1
|
|
- Update to upstream
|
|
* Make semodule_expand use sepol_set_expand_consume_base to reduce
|
|
peak memory usage.
|
|
|
|
* Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.41-1
|
|
- Update to upstream
|
|
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
|
|
* Merged a second fixfiles -C fix from Marshall Miller.
|
|
|
|
|
|
* Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.39-1
|
|
- Don't initialize audit2allow for audit2why call. Use default
|
|
- Update to upstream
|
|
* Merged fixfiles -C fix from Marshall Miller.
|
|
|
|
* Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.38-1
|
|
- Update to upstream
|
|
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
|
|
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
|
|
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
|
|
|
|
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.37-1
|
|
- Update to upstream
|
|
* Merged replacement for audit2why from Dan Walsh.
|
|
|
|
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-2
|
|
- Cleanup fixfiles -f message in man page
|
|
|
|
* Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-1
|
|
- Update to upstream
|
|
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
|
|
* Merged sepolgen fixes from Dan Walsh.
|
|
|
|
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-5
|
|
- handle files with spaces on upgrades
|
|
|
|
* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-4
|
|
- Add support in fixfiles for ext4 ext4dev and gfs2
|
|
|
|
* Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-3
|
|
- Allow files with spaces to be used by setfiles
|
|
|
|
* Tue Jan 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-2
|
|
- Add descriptions of booleans to audit2allow
|
|
|
|
* Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-1
|
|
- Update to upstream
|
|
* Merged support for non-interactive newrole command invocation from Tim Reed.
|
|
|
|
* Thu Jan 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-8
|
|
- Change to use selinux bindings to audit2why
|
|
|
|
* Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-7
|
|
- Fix fixfiles to handle no args
|
|
|
|
* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-5
|
|
- Fix roles output when creating a module
|
|
|
|
* Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
|
|
- Handle files with spaces in fixfiles
|
|
|
|
* Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
|
|
- Catch SELINUX_ERR with audit2allow and generate policy
|
|
|
|
* Thu Dec 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-2
|
|
- Make sepolgen set error exit code when partial failure
|
|
- audit2why now checks booleans for avc diagnosis
|
|
|
|
* Wed Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-1
|
|
- Update to upstream
|
|
* Update Makefile to not build restorecond if
|
|
/usr/include/sys/inotify.h is not present
|
|
|
|
* Wed Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-4
|
|
- Fix sepolgen to be able to parse Fedora 9 policy
|
|
Handle ifelse statements
|
|
Handle refpolicywarn inside of define
|
|
Add init.if and inetd.if into parse
|
|
Add parse_file to syntax error message
|
|
|
|
* Fri Dec 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-3
|
|
- Add scroll bar to fcontext gui page
|
|
|
|
* Tue Dec 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-2
|
|
- Add Russion Man pages
|
|
|
|
* Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-1
|
|
- Upgrade from NSA
|
|
* Drop verbose output on fixfiles -C from Dan Walsh.
|
|
* Fix argument handling in fixfiles from Dan Walsh.
|
|
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
|
|
- Fix handling of final screen in polgengui
|
|
|
|
* Sun Dec 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.32-2
|
|
- Fix handling of disable selinux button in gui
|
|
|
|
* Mon Nov 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.32-1
|
|
- Upgrade from NSA
|
|
* load_policy initial load option from Chad Sellers.
|
|
|
|
* Mon Nov 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-20
|
|
- Don't show error on missing policy.xml
|
|
|
|
* Mon Nov 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-19
|
|
- GUI Enhancements
|
|
- Fix cgi generation
|
|
- Use more patterns
|
|
|
|
* Mon Nov 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-18
|
|
- Remove codec hacking, which seems to be fixed in python
|
|
|
|
* Fri Nov 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-17
|
|
- Fix typo
|
|
- Change to upstream minimal privledge interfaces
|
|
|
|
* Fri Nov 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-16
|
|
- Fix fixfiles argument parsing
|
|
|
|
* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-15
|
|
- Fix File Labeling add
|
|
|
|
* Thu Nov 8 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-14
|
|
- Fix semanage to handle state where policy.xml is not installed
|
|
|
|
* Mon Nov 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-13
|
|
- Remove -v from restorecon in fixfiles
|
|
|
|
* Mon Nov 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-12
|
|
- Fix filter and search capabilities, add wait cursor
|
|
|
|
* Fri Nov 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-11
|
|
- Translate booleans via policy.xml
|
|
- Allow booleans to be set via semanage
|
|
|
|
* Thu Nov 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-10
|
|
- Require use of selinux-policy-devel
|
|
|
|
* Wed Oct 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-9
|
|
- Validate semanage fcontext input
|
|
- Fix template names for log files in gui
|
|
|
|
* Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-8
|
|
- Fix template to generate correct content
|
|
|
|
* Fri Oct 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-7
|
|
- Fix consolekit link to selinux-polgengui
|
|
|
|
* Thu Oct 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-6
|
|
- Fix the generation templates
|
|
|
|
* Tue Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-5
|
|
- Fix enable/disable audit messages
|
|
|
|
* Mon Oct 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-4
|
|
- Add booleans page
|
|
|
|
* Mon Oct 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-3
|
|
- Lots of updates to gui
|
|
|
|
* Mon Oct 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-1
|
|
- Remove no.po
|
|
- Update to upstream
|
|
* Fix semodule option handling from Dan Walsh.
|
|
* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
|
|
|
|
* Thu Oct 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.29-2
|
|
- Fix semodule parameter checking
|
|
|
|
* Sun Oct 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.29-1
|
|
- Update to upstream
|
|
* Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
|
|
- Add deleteall for ports and fcontext
|
|
|
|
* Fri Oct 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.28-1
|
|
- Update to upstream
|
|
* Update semodule man page for -D from Dan Walsh.
|
|
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
|
|
|
|
* Tue Oct 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-7
|
|
- Add genhomedircon script to rebuild file_context for shadow-utils
|
|
|
|
* Tue Oct 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-6
|
|
- Update translations
|
|
|
|
* Tue Oct 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-5
|
|
- Additional checkboxes for application policy
|
|
|
|
* Fri Sep 28 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-4
|
|
- Allow policy writer to select user types to transition to there users
|
|
|
|
* Thu Sep 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-3
|
|
- Fix bug in building policy with polgengui
|
|
- Creating ports correctly
|
|
|
|
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-1
|
|
- Update to upstream
|
|
* Improve semodule reporting of system errors from Stephen Smalley.
|
|
|
|
* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.26-3
|
|
- Show local changes with semanage
|
|
|
|
* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.26-2
|
|
- Fixed spelling mistakes in booleans defs
|
|
- Update po
|
|
|
|
* Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.26-1
|
|
- Update to upstream
|
|
* Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
|
|
|
|
* Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-15
|
|
- Fix wording in policy generation tool
|
|
|
|
* Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-14
|
|
- Fix calls to _admin interfaces
|
|
|
|
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-13
|
|
- Upgrade version of sepolgen from NSA
|
|
* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.
|
|
* Suppress generation of rules for non-denials from Karl MacMillan (take 3).
|
|
|
|
* Tue Sep 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-12
|
|
- Remove bogus import libxml2
|
|
|
|
* Mon Sep 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-11
|
|
- Lots of fixes for polgengui
|
|
|
|
* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-10
|
|
- Change Requires /bin/rpm to rpm
|
|
|
|
* Wed Sep 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-9
|
|
- Bump libsemanage version for disable dontaudit
|
|
- New gui features for creating admin users
|
|
|
|
* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-8
|
|
- Fix generated code for admin policy
|
|
|
|
* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-7
|
|
- Lots of fixes for role templates
|
|
|
|
* Tue Aug 28 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-6
|
|
- Add more role_templates
|
|
|
|
* Tue Aug 28 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-5
|
|
- Update genpolgui to add creation of user domains
|
|
|
|
* Mon Aug 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-4
|
|
- Fix location of sepolgen-ifgen
|
|
|
|
* Sat Aug 25 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-3
|
|
- Add selinux-polgengui to desktop
|
|
|
|
* Fri Aug 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-2
|
|
- Cleanup spec
|
|
|
|
* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-1
|
|
- Update semodule man page
|
|
* Fix genhomedircon searching for USER from Todd Miller
|
|
* Install run_init with mode 0755 from Dan Walsh.
|
|
* Fix chcat from Dan Walsh.
|
|
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
|
|
* Optimize genhomedircon to compile regexes once from Dan Walsh.
|
|
* Fix semanage gettext call from Dan Walsh.
|
|
|
|
* Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.23-2
|
|
- Update semodule man page
|
|
|
|
* Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.23-1
|
|
- Update to match NSA
|
|
* Disable dontaudits via semodule -D
|
|
|
|
* Wed Aug 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-13
|
|
- Speed up genhomedircon by an order of magnitude by compiling regex
|
|
- Allow semanage fcontext -a -t <<none>> /path to work
|
|
|
|
* Fri Jul 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-11
|
|
- Fixfiles update required to match new regex
|
|
|
|
* Fri Jul 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-10
|
|
- Update booleans translations
|
|
|
|
* Wed Jul 25 2007 Jeremy Katz <katzj@redhat.com> - 2.0.22-9
|
|
- rebuild for toolchain bug
|
|
|
|
* Tue Jul 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-8
|
|
- Add requires libselinux-python
|
|
|
|
* Mon Jul 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-7
|
|
- Fix fixfiles to report incorrect rpm
|
|
- Patch provided by Tony Nelson
|
|
|
|
* Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-6
|
|
- Clean up spec file
|
|
|
|
* Fri Jul 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-5
|
|
- Require newer libselinux version
|
|
|
|
* Sat Jul 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-4
|
|
- Fix checking for conflicting directory specification in genhomedircon
|
|
|
|
* Mon Jun 25 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-3
|
|
- Fix spelling mistakes in GUI
|
|
|
|
* Fri Jun 22 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-2
|
|
- Fix else path in chcat
|
|
|
|
* Thu Jun 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-1
|
|
- Update to match NSA
|
|
* Rebase setfiles to use new labeling interface.
|
|
|
|
* Wed Jun 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.21-2
|
|
- Add filter to all system-config-selinux lists
|
|
|
|
* Wed Jun 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.21-1
|
|
- Update to match NSA
|
|
* Fixed setsebool (falling through to error path on success).
|
|
|
|
* Mon Jun 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.20-1
|
|
- Update to match NSA
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Merged setfiles -c usage fix from Dan Walsh.
|
|
* Merged restorecon fix from Yuichi Nakamura.
|
|
* Dropped -lsepol where no longer needed.
|
|
|
|
* Mon Jun 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-5
|
|
- Fix translations code, Add more filters to gui
|
|
|
|
* Mon Jun 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-4
|
|
- Fix setfiles -c to make it work
|
|
|
|
* Mon Jun 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-3
|
|
- Fix french translation to not crash system-config-selinux
|
|
|
|
* Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-2
|
|
- Fix genhomedircon to work in stage2 builds of anaconda
|
|
|
|
* Sat May 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
|
|
- Update to match NSA
|
|
|
|
* Thu May 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-2
|
|
- Fixes for polgentool templates file
|
|
|
|
* Fri May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
|
|
- Updated version of policycoreutils
|
|
* Merged support for modifying the prefix via semanage from Dan Walsh.
|
|
- Fixed genhomedircon to find homedirs correctly.
|
|
|
|
* Tue May 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.15-1
|
|
- Updated version of policycoreutils
|
|
* Merged po file updates from Dan Walsh.
|
|
- Fix semanage to be able to modify prefix in user record
|
|
|
|
* Mon Apr 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.14-2
|
|
- Fix title on system-config-selinux
|
|
|
|
* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> 2.0.14-1
|
|
- Updated version of policycoreutils
|
|
* Build fix for setsebool.
|
|
|
|
* Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> 2.0.13-1
|
|
- Updated version of policycoreutils
|
|
* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
|
|
* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
|
|
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
|
|
|
|
* Tue Apr 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.10-2
|
|
- Fixes for polgengui
|
|
|
|
* Tue Apr 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.10-1
|
|
- Updated version of policycoreutils
|
|
* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
|
|
|
|
* Fri Apr 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-10
|
|
- Fix genhomedircon to handle non user_u for the default user
|
|
|
|
* Wed Apr 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-9
|
|
- More cleanups for gui
|
|
|
|
* Wed Apr 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-8
|
|
- Fix size and use_tmp problem on gui
|
|
|
|
* Wed Apr 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-7
|
|
- Fix restorecon crash
|
|
|
|
* Wed Apr 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-6
|
|
- Change polgengui to a druid
|
|
|
|
* Tue Apr 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-5
|
|
- Fully path script.py
|
|
|
|
* Mon Apr 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-4
|
|
- Add -l flag to restorecon to not traverse file systems
|
|
|
|
* Sat Apr 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-3
|
|
- Fixes for policygengui
|
|
|
|
* Fri Apr 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-2
|
|
- Add polgengui
|
|
|
|
* Thu Apr 12 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-1
|
|
- Updated version of sepolgen
|
|
* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
|
|
|
|
* Wed Apr 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.8-1
|
|
- Updated version of sepolgen
|
|
* Merged updates to sepolgen-ifgen from Karl MacMillan.
|
|
* Merged updates to sepolgen parser and tools from Karl MacMillan.
|
|
This includes improved debugging support, handling of interface
|
|
calls with list parameters, support for role transition rules,
|
|
updated range transition rule support, and looser matching.
|
|
|
|
* Mon Apr 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-11
|
|
- Don't generate invalid context with genhomedircon
|
|
|
|
* Mon Apr 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-10
|
|
- Add filter to booleans page
|
|
|
|
* Tue Apr 3 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-9
|
|
- Fix polgen.py to not generate udp rules on tcp input
|
|
|
|
* Fri Mar 30 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-8
|
|
- system-config-selinux should be able to run on a disabled system,
|
|
- at least enough to get it enabled.
|
|
|
|
* Thu Mar 29 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-7
|
|
- Many fixes to polgengui
|
|
|
|
* Fri Mar 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-6
|
|
- Updated version of sepolgen
|
|
* Merged patch to discard self from types when generating requires from Karl MacMillan.
|
|
|
|
* Fri Mar 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-5
|
|
- Change location of audit2allow and sepol-ifgen to sbin
|
|
- Updated version of sepolgen
|
|
* Merged patch to move the sepolgen runtime data from /usr/share to /var/lib to facilitate a read-only /usr from Karl MacMillan.
|
|
|
|
* Mon Mar 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-4
|
|
- Add polgen gui
|
|
- Many fixes to system-config-selinux
|
|
|
|
* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-3
|
|
- service restorecond status needs to set exit value correctly
|
|
|
|
* Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-2
|
|
- Fix gui
|
|
|
|
* Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-1
|
|
- Update to upstream
|
|
* Merged restorecond init script LSB compliance patch from Steve Grubb.
|
|
-sepolgen
|
|
* Merged better matching for refpolicy style from Karl MacMillan
|
|
* Merged support for extracting interface paramaters from interface calls from Karl MacMillan
|
|
* Merged support for parsing USER_AVC audit messages from Karl MacMillan.
|
|
|
|
* Tue Feb 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-3
|
|
- Update to upstream
|
|
-sepolgen
|
|
* Merged support for enabling parser debugging from Karl MacMillan.
|
|
- Add sgrupp cleanup of restorcon init script
|
|
|
|
* Mon Feb 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-2
|
|
- Add Bill Nottinham patch to run restorcond condrestart in postun
|
|
|
|
* Fri Feb 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-1
|
|
- Update to upstream
|
|
- policycoreutils
|
|
* Merged newrole O_NONBLOCK fix from Linda Knippers.
|
|
* Merged sepolgen and audit2allow patches to leave generated files
|
|
in the current directory from Karl MacMillan.
|
|
* Merged restorecond memory leak fix from Steve Grubb.
|
|
-sepolgen
|
|
* Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan.
|
|
* Merged patch to make run-tests.py use unittest.main from Karl MacMillan.
|
|
* Merged patch to update PLY from Karl MacMillan.
|
|
* Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan.
|
|
|
|
* Thu Feb 22 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-2
|
|
- Do not fail on sepolgen-ifgen
|
|
|
|
* Thu Feb 22 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-1
|
|
- Update to upstream
|
|
* Merged translations update from Dan Walsh.
|
|
* Merged chcat fixes from Dan Walsh.
|
|
* Merged man page fixes from Dan Walsh.
|
|
* Merged seobject prefix validity checking from Dan Walsh.
|
|
* Merged Makefile and refparser.py patch from Dan Walsh.
|
|
Fixes PYTHONLIBDIR definition and error handling on interface files.
|
|
|
|
* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-3
|
|
- Updated newrole NONBlOCK patch
|
|
|
|
* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-2
|
|
- Remove Requires: %%{name}-plugins
|
|
|
|
* Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-1
|
|
- Update to upstream
|
|
* Merged seobject exception handler fix from Caleb Case.
|
|
* Merged setfiles memory leak patch from Todd Miller.
|
|
|
|
* Thu Feb 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-2
|
|
- Cleanup man pages syntax
|
|
- Add sepolgen
|
|
|
|
* Mon Feb 12 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-1
|
|
- Update to upstream
|
|
* Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh.
|
|
|
|
* Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.0-1
|
|
- Update to upstream
|
|
* Merged new audit2allow from Karl MacMillan.
|
|
This audit2allow depends on the new sepolgen python module.
|
|
Note that you must run the sepolgen-ifgen tool to generate
|
|
the data needed by audit2allow to generate refpolicy.
|
|
* Fixed newrole non-pam build.
|
|
- Fix Changelog and spelling error in man page
|
|
|
|
* Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-4
|
|
- Fix audit2allow on missing translations
|
|
|
|
* Wed Jan 24 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-3
|
|
- More chcat fixes
|
|
|
|
* Wed Jan 24 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-2
|
|
- Change chcat to exec semodule so file context is maintained
|
|
|
|
* Wed Jan 24 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-1
|
|
- Fix system-config-selinux ports view
|
|
- Update to upstream
|
|
* Fixed newrole non-pam build.
|
|
* Updated version for stable branch.
|
|
|
|
* Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> 1.33.15-1
|
|
- Update to upstream
|
|
* Merged unicode-to-string fix for seobject audit from Dan Walsh.
|
|
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
|
|
* Tue Jan 16 2007 Dan Walsh <dwalsh@redhat.com> 1.33.14-1
|
|
* Merged newrole man page patch from Michael Thompson.
|
|
* Merged patch to fix python unicode problem from Dan Walsh.
|
|
|
|
* Tue Jan 16 2007 Dan Walsh <dwalsh@redhat.com> 1.33.12-3
|
|
- Fix handling of audit messages for useradd change
|
|
Resolves: #222159
|
|
|
|
* Fri Jan 12 2007 Dan Walsh <dwalsh@redhat.com> 1.33.12-2
|
|
- Update man pages by adding SELinux to header to fix apropos database
|
|
Resolves: #217881
|
|
|
|
* Tue Jan 9 2007 Dan Walsh <dwalsh@redhat.com> 1.33.12-1
|
|
- Want to update to match api
|
|
- Update to upstream
|
|
* Merged newrole securetty check from Dan Walsh.
|
|
* Merged semodule patch to generalize list support from Karl MacMillan.
|
|
Resolves: #200110
|
|
|
|
* Tue Jan 9 2007 Dan Walsh <dwalsh@redhat.com> 1.33.11-1
|
|
- Update to upstream
|
|
* Merged fixfiles and seobject fixes from Dan Walsh.
|
|
* Merged semodule support for list of modules after -i from Karl MacMillan.
|
|
|
|
* Tue Jan 9 2007 Dan Walsh <dwalsh@redhat.com> 1.33.10-1
|
|
- Update to upstream
|
|
* Merged patch to correctly handle a failure during semanage handle
|
|
creation from Karl MacMillan.
|
|
* Merged patch to fix seobject role modification from Dan Walsh.
|
|
|
|
* Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> 1.33.8-2
|
|
- Stop newrole -l from working on non secure ttys
|
|
Resolves: #200110
|
|
|
|
* Thu Jan 4 2007 Dan Walsh <dwalsh@redhat.com> 1.33.8-1
|
|
- Update to upstream
|
|
* Merged patches from Dan Walsh to:
|
|
- omit the optional name from audit2allow
|
|
- use the installed python version in the Makefiles
|
|
- re-open the tty with O_RDWR in newrole
|
|
|
|
* Wed Jan 3 2007 Dan Walsh <dwalsh@redhat.com> 1.33.7-1
|
|
- Update to upstream
|
|
* Patch from Dan Walsh to correctly suppress warnings in load_policy.
|
|
|
|
* Tue Jan 2 2007 Dan Walsh <dwalsh@redhat.com> 1.33.6-9
|
|
- Fix fixfiles script to use tty command correctly. If this command fails, it
|
|
should set the LOGFILE to /dev/null
|
|
Resolves: #220879
|
|
|
|
* Wed Dec 20 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-8
|
|
- Remove hard coding of python2.4 from Makefiles
|
|
|
|
* Tue Dec 19 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-7
|
|
- add exists switch to semanage to tell it not to check for existance of Linux user
|
|
Resolves: #219421
|
|
|
|
* Mon Dec 18 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-6
|
|
- Fix audit2allow generating reference policy
|
|
- Fix semanage to manage user roles properly
|
|
Resolves: #220071
|
|
|
|
* Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-5
|
|
- Update po files
|
|
- Fix newrole to open stdout and stderr rdrw so more will work on MLS machines
|
|
Resolves: #216920
|
|
|
|
* Thu Dec 7 2006 Jeremy Katz <katzj@redhat.com> - 1.33.6-4
|
|
- rebuild for python 2.5
|
|
|
|
* Wed Dec 6 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-3
|
|
- Update po files
|
|
Resolves: #216920
|
|
|
|
* Fri Dec 1 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-2
|
|
- Update po files
|
|
Resolves: #216920
|
|
|
|
* Wed Nov 29 2006 Dan Walsh <dwalsh@redhat.com> 1.33.6-1
|
|
- Update to upstream
|
|
* Patch from Dan Walsh to add an pam_acct_msg call to run_init
|
|
* Patch from Dan Walsh to fix error code returns in newrole
|
|
* Patch from Dan Walsh to remove verbose flag from semanage man page
|
|
* Patch from Dan Walsh to make audit2allow use refpolicy Makefile
|
|
in /usr/share/selinux/<SELINUXTYPE>
|
|
|
|
* Wed Nov 29 2006 Dan Walsh <dwalsh@redhat.com> 1.33.5-4
|
|
- Fixing the Makefile line again to build with LSPP support
|
|
Resolves: #208838
|
|
|
|
* Wed Nov 29 2006 Dan Walsh <dwalsh@redhat.com> 1.33.5-3
|
|
- Don't report errors on restorecond when file system does not support XATTRS
|
|
Resolves: #217694
|
|
|
|
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 1.33.5-2
|
|
- Fix -q qualifier on load_policy
|
|
Resolves: #214827
|
|
|
|
* Tue Nov 28 2006 Dan Walsh <dwalsh@redhat.com> 1.33.5-1
|
|
- Merge to upstream
|
|
- Fix makefile line
|
|
Resolves: #208838
|
|
|
|
* Fri Nov 24 2006 Dan Walsh <dwalsh@redhat.com> 1.33.4-2
|
|
- Additional po changes
|
|
- Added all booleans definitions
|
|
|
|
* Wed Nov 22 2006 Dan Walsh <dwalsh@redhat.com> 1.33.4-1
|
|
- Upstream accepted my patches
|
|
* Merged setsebool patch from Karl MacMillan.
|
|
This fixes a bug reported by Yuichi Nakamura with
|
|
always setting booleans persistently on an unmanaged system.
|
|
|
|
* Mon Nov 20 2006 Dan Walsh <dwalsh@redhat.com> 1.33.2-2
|
|
- Fixes for the gui
|
|
|
|
* Mon Nov 20 2006 Dan Walsh <dwalsh@redhat.com> 1.33.2-1
|
|
- Upstream accepted my patches
|
|
|
|
* Fri Nov 17 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-9
|
|
- Add Amy Grifis Patch to preserve newrole exit status
|
|
|
|
* Thu Nov 16 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-8
|
|
- Fix display of gui
|
|
|
|
* Thu Nov 16 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-7
|
|
- Add patch by Jose Plans to make run_init use pam_acct_mgmt
|
|
|
|
* Wed Nov 15 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-6
|
|
- More fixes to gui
|
|
|
|
* Wed Nov 15 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-5
|
|
- Fix audit2allow to generate referene policy
|
|
|
|
* Wed Nov 15 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-4
|
|
- Add group sort for portsPage.py
|
|
- Add enable/disableaudit to modules page
|
|
|
|
* Wed Nov 15 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-3
|
|
- Add glade file
|
|
|
|
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-2
|
|
- Fix Module handling in system-config-selinux
|
|
|
|
* Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> 1.33.1-1
|
|
- Update to upstream
|
|
* Merged newrole patch set from Michael Thompson.
|
|
- Add policycoreutils-gui
|
|
|
|
* Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-3
|
|
- No longer requires rhpl
|
|
|
|
* Mon Nov 6 2006 Dan Walsh <dwalsh@redhat.com> 1.32-2
|
|
- Fix genhomedircon man page
|
|
|
|
* Mon Oct 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-1
|
|
- Add newrole audit patch from sgrubb
|
|
- Update to upstream
|
|
* Merged audit2allow -l fix from Yuichi Nakamura.
|
|
* Merged restorecon -i and -o - support from Karl MacMillan.
|
|
* Merged semanage/seobject fix from Dan Walsh.
|
|
* Merged fixfiles -R and verify changes from Dan Walsh.
|
|
|
|
* Fri Oct 6 2006 Dan Walsh <dwalsh@redhat.com> 1.30.30-2
|
|
- Separate out newrole into its own package
|
|
|
|
* Fri Sep 29 2006 Dan Walsh <dwalsh@redhat.com> 1.30.30-1
|
|
- Update to upstream
|
|
* Merged newrole auditing of failures due to user actions from
|
|
Michael Thompson.
|
|
|
|
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-6
|
|
- Pass -i qualifier to restorecon for fixfiles -R
|
|
- Update translations
|
|
|
|
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
|
|
- Remove recursion from fixfiles -R calls
|
|
- Fix semanage to verify prefix
|
|
|
|
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
|
|
- More translations
|
|
- Compile with -pie
|
|
|
|
* Mon Sep 18 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-3
|
|
- Add translations
|
|
- Fix audit2allow -l
|
|
|
|
* Thu Sep 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-2
|
|
- Rebuild
|
|
|
|
* Thu Sep 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-1
|
|
- Update to upstream
|
|
- Change -o to take "-" for stdout
|
|
|
|
* Wed Sep 13 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-9
|
|
- Add -h support for genhomedircon
|
|
|
|
* Wed Sep 13 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-8
|
|
- Fix fixfiles handling of -o
|
|
|
|
* Mon Sep 11 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-7
|
|
- Make restorecon return the number of changes files if you use the -n flag
|
|
|
|
* Fri Sep 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-6
|
|
- Change setfiles and restorecon to use stderr except for -o flag
|
|
- Also -o flag will now output files
|
|
|
|
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-5
|
|
- Put back Erich's change
|
|
|
|
* Wed Sep 6 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-4
|
|
- Remove recursive switch when using rpm
|
|
|
|
* Wed Sep 6 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-3
|
|
- Fix fixfiles to handle multiple rpm and make -o work
|
|
|
|
* Fri Sep 1 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-2
|
|
- Apply patch
|
|
|
|
* Fri Sep 1 2006 Dan Walsh <dwalsh@redhat.com> 1.30.28-1
|
|
- Security fixes to run python in a more locked down manner
|
|
- More Translations
|
|
- Update to upstream
|
|
* Merged fix for restorecon // handling from Erich Schubert.
|
|
* Merged translations update and fixfiles fix from Dan Walsh.
|
|
|
|
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> 1.30.27-5
|
|
- Change scripts to use /usr/sbin/python
|
|
|
|
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> 1.30.27-4
|
|
- Add -i qualified to restorecon to tell it to ignore files that do not exist
|
|
- Fixfiles also modified for this change
|
|
|
|
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> 1.30.27-3
|
|
- Ignore sigpipe
|
|
|
|
* Thu Aug 31 2006 Dan Walsh <dwalsh@redhat.com> 1.30.27-2
|
|
- Fix init script and add translations
|
|
|
|
* Thu Aug 24 2006 Dan Walsh <dwalsh@redhat.com> 1.30.27-1
|
|
- Update to upstream
|
|
* Merged fix for restorecon symlink handling from Erich Schubert.
|
|
|
|
* Sat Aug 12 2006 Dan Walsh <dwalsh@redhat.com> 1.30.26-1
|
|
- Update to upstream
|
|
* Merged semanage local file contexts patch from Chris PeBenito.
|
|
- Fix fixfiles log creation
|
|
- More translations
|
|
|
|
* Thu Aug 3 2006 Dan Walsh <dwalsh@redhat.com> 1.30.25-1
|
|
- Update to upstream
|
|
* Merged patch from Dan Walsh with:
|
|
* audit2allow: process MAC_POLICY_LOAD events
|
|
* newrole: run shell with - prefix to start a login shell
|
|
* po: po file updates
|
|
* restorecond: bail if SELinux not enabled
|
|
* fixfiles: omit -q
|
|
* genhomedircon: fix exit code if non-root
|
|
* semodule_deps: install man page
|
|
* Merged secon Makefile fix from Joshua Brindle.
|
|
* Merged netfilter contexts support patch from Chris PeBenito.
|
|
|
|
* Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 1.30.22-3
|
|
- Fix audit2allow to handle reload of policy
|
|
|
|
* Wed Aug 2 2006 Dan Walsh <dwalsh@redhat.com> 1.30.22-2
|
|
- Stop restorecond init script when selinux is not enabled
|
|
|
|
* Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> 1.30.22-1
|
|
- Update to upstream
|
|
* Merged restorecond size_t fix from Joshua Brindle.
|
|
* Merged secon keycreate patch from Michael LeMay.
|
|
* Merged restorecond fixes from Dan Walsh.
|
|
Merged updated po files from Dan Walsh.
|
|
* Merged python gettext patch from Stephen Bennett.
|
|
* Merged semodule_deps from Karl MacMillan.
|
|
|
|
* Thu Jul 27 2006 Dan Walsh <dwalsh@redhat.com> 1.30.17-7
|
|
- Change newrole to exec a login shell to prevent suspend.
|
|
|
|
* Fri Jul 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.17-6
|
|
- Report error when selinux not enabled in restorecond
|
|
|
|
* Tue Jul 18 2006 Dan Walsh <dwalsh@redhat.com> 1.30.17-5
|
|
- Fix handling of restorecond
|
|
|
|
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.17-4
|
|
- Fix creation of restorecond pidfile
|
|
|
|
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.17-3
|
|
- Update translations
|
|
- Update to new GCC
|
|
|
|
* Mon Jul 10 2006 Dan Walsh <dwalsh@redhat.com> 1.30.17-2
|
|
- Add verbose flag to restorecond and update translations
|
|
|
|
* Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> 1.30.17-1
|
|
- Update to upstream
|
|
* Lindent.
|
|
* Merged patch from Dan Walsh with:
|
|
* -p option (progress) for setfiles and restorecon.
|
|
* disable context translation for setfiles and restorecon.
|
|
* on/off values for setsebool.
|
|
* Merged setfiles and semodule_link fixes from Joshua Brindle.
|
|
|
|
* Thu Jun 22 2006 Dan Walsh <dwalsh@redhat.com> 1.30.14-5
|
|
- Add progress indicator on fixfiles/setfiles/restorecon
|
|
|
|
* Wed Jun 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.14-4
|
|
- Don't use translations with matchpathcon
|
|
|
|
* Tue Jun 20 2006 Dan Walsh <dwalsh@redhat.com> 1.30.14-3
|
|
- Prompt for selinux-policy-devel package in audit2allow
|
|
|
|
* Mon Jun 19 2006 Dan Walsh <dwalsh@redhat.com> 1.30.14-2
|
|
- Allow setsebool to use on/off
|
|
- Update translations
|
|
|
|
* Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> 1.30.14-1
|
|
- Update to upstream
|
|
* Merged fix for setsebool error path from Serge Hallyn.
|
|
* Merged patch from Dan Walsh with:
|
|
* Updated po files.
|
|
* Fixes for genhomedircon and seobject.
|
|
* Audit message for mass relabel by setfiles.
|
|
|
|
* Tue Jun 13 2006 James Antill <jantill@redhat.com> 1.30.12-5
|
|
- Update audit mass relabel to only compile in when audit is installed.
|
|
|
|
* Mon Jun 12 2006 Dan Walsh <dwalsh@redhat.com> 1.30.12-4
|
|
- Update to required versions
|
|
- Update translation
|
|
|
|
* Wed Jun 7 2006 Dan Walsh <dwalsh@redhat.com> 1.30.12-3
|
|
- Fix shell selection
|
|
|
|
* Mon Jun 5 2006 Dan Walsh <dwalsh@redhat.com> 1.30.12-2
|
|
- Add BuildRequires for gettext
|
|
|
|
* Mon Jun 5 2006 Dan Walsh <dwalsh@redhat.com> 1.30.12-1
|
|
* Updated fixfiles script for new setfiles location in /sbin.
|
|
|
|
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
|
|
- Update to upstream
|
|
* Merged more translations from Dan Walsh.
|
|
* Merged patch to relocate setfiles to /sbin for early relabel
|
|
when /usr might not be mounted from Dan Walsh.
|
|
* Merged semanage/seobject patch to preserve fcontext ordering in list.
|
|
* Merged secon patch from James Antill.
|
|
|
|
* Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4
|
|
- Fix seobject.py to not sort the file_context file.
|
|
- move setfiles to /sbin
|
|
|
|
* Wed May 24 2006 James Antill <jantill@redhat.com> 1.30.10-3
|
|
- secon man page and getopt fixes.
|
|
- Enable mass relabel audit, even though it doesn't work.
|
|
|
|
* Wed May 24 2006 James Antill <jantill@redhat.com> 1.30.10-2
|
|
- secon fixes for --self-exec etc.
|
|
- secon change from level => sensitivity, add clearance.
|
|
- Add mass relabel AUDIT patch, but disable it until kernel problem solved.
|
|
|
|
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-1
|
|
- Update to upstream
|
|
* Merged patch with updates to audit2allow, secon, genhomedircon,
|
|
and semanage from Dan Walsh.
|
|
|
|
* Sat May 20 2006 Dan Walsh <dwalsh@redhat.com> 1.30.9-4
|
|
- Fix exception in genhomedircon
|
|
|
|
* Mon May 15 2006 James Antill <jantill@redhat.com> 1.30.9-3
|
|
- Add rhpl dependancy
|
|
|
|
* Mon May 15 2006 James Antill <jantill@redhat.com> 1.30.9-2
|
|
- Add secon man page and prompt options.
|
|
|
|
* Mon May 15 2006 Dan Walsh <dwalsh@redhat.com> 1.30.9-1
|
|
- Update to upstream
|
|
* Fixed audit2allow and po Makefiles for DESTDIR= builds.
|
|
* Merged .po file patch from Dan Walsh.
|
|
* Merged bug fix for genhomedircon.
|
|
|
|
* Wed May 10 2006 Dan Walsh <dwalsh@redhat.com> 1.30.8-2
|
|
- Fix exception on bad file_context
|
|
|
|
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.8-1
|
|
- Update to upstream
|
|
* Merged fix warnings patch from Karl MacMillan.
|
|
* Merged patch from Dan Walsh.
|
|
This includes audit2allow changes for analysis plugins,
|
|
internationalization support for several additional programs
|
|
and added po files, some fixes for semanage, and several cleanups.
|
|
It also adds a new secon utility.
|
|
|
|
* Sun May 7 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-5
|
|
- Fix genhomedircon to catch duplicate homedir problem
|
|
|
|
* Thu May 4 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-4
|
|
- Add secon program
|
|
- Add translations
|
|
|
|
* Thu Apr 20 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-3
|
|
- Fix check for "msg"
|
|
|
|
* Mon Apr 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-2
|
|
- Ship avc.py
|
|
|
|
* Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1
|
|
- Add /etc/samba/secrets.tdb to restorecond.conf
|
|
- Update from upstream
|
|
* Merged semanage prefix support from Russell Coker.
|
|
* Added a test to setfiles to check that the spec file is
|
|
a regular file.
|
|
|
|
* Thu Apr 06 2006 Karsten Hopp <karsten@redhat.de> 1.30.4-4
|
|
- added some missing buildrequires
|
|
- added Requires: initscripts for /sbin/service
|
|
|
|
* Thu Apr 06 2006 Karsten Hopp <karsten@redhat.de> 1.30.4-3
|
|
- use absolute path /sbin/service
|
|
|
|
* Wed Apr 5 2006 Dan Walsh <dwalsh@redhat.com> 1.30.4-2
|
|
- Fix audit2allow to not require ausearch.
|
|
- Fix man page
|
|
- Add libflashplayer to restorecond.conf
|
|
|
|
* Wed Mar 29 2006 Dan Walsh <dwalsh@redhat.com> 1.30.4-1
|
|
- Update from upstream
|
|
* Merged audit2allow fixes for refpolicy from Dan Walsh.
|
|
* Merged fixfiles patch from Dan Walsh.
|
|
* Merged restorecond daemon from Dan Walsh.
|
|
* Merged semanage non-MLS fixes from Chris PeBenito.
|
|
* Merged semanage and semodule man page examples from Thomas Bleher.
|
|
|
|
* Tue Mar 28 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-4
|
|
- Clean up reference policy generation in audit2allow
|
|
|
|
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-3
|
|
- Add IN_MOVED_TO to catch renames
|
|
|
|
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-2
|
|
- make restorecond only ignore non directories with lnk > 1
|
|
|
|
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-1
|
|
- Make audit2allow translate dontaudit as well as allow rules
|
|
- Update from upstream
|
|
* Merged semanage labeling prefix patch from Ivan Gyurdiev.
|
|
|
|
* Tue Mar 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30-5
|
|
- Fix audit2allow to retrieve dontaudit rules
|
|
|
|
* Mon Mar 20 2006 Dan Walsh <dwalsh@redhat.com> 1.30-4
|
|
- Open file descriptor to make sure file does not change from underneath.
|
|
|
|
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30-3
|
|
- Fixes for restorecond attack via symlinks
|
|
- Fixes for fixfiles
|
|
|
|
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30-2
|
|
- Restorecon has to handle suspend/resume
|
|
|
|
* Fri Mar 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30-1
|
|
- Update to upstream
|
|
|
|
* Fri Mar 10 2006 Dan Walsh <dwalsh@redhat.com> 1.29.27-1
|
|
- Add restorecond
|
|
|
|
* Fri Mar 10 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-6
|
|
- Remove prereq
|
|
|
|
* Mon Mar 6 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-5
|
|
- Fix audit2allow to generate all rules
|
|
|
|
* Fri Mar 3 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-4
|
|
- Minor fixes to chcat and semanage
|
|
|
|
* Fri Feb 24 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-3
|
|
- Add missing setsebool man page
|
|
|
|
* Thu Feb 23 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-2
|
|
- Change audit2allow to use devel instead of refpolicy
|
|
|
|
* Mon Feb 20 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-1
|
|
- Update from upstream
|
|
* Merged semanage bug fix patch from Ivan Gyurdiev.
|
|
* Merged improve bindings patch from Ivan Gyurdiev.
|
|
* Merged semanage usage patch from Ivan Gyurdiev.
|
|
* Merged use PyList patch from Ivan Gyurdiev.
|
|
|
|
* Mon Feb 13 2006 Dan Walsh <dwalsh@redhat.com> 1.29.23-1
|
|
- Update from upstream
|
|
* Merged newrole -V/--version support from Glauber de Oliveira Costa.
|
|
* Merged genhomedircon prefix patch from Dan Walsh.
|
|
* Merged optionals in base patch from Joshua Brindle.
|
|
|
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.29.20-2.1
|
|
- bump again for double-long bug on ppc(64)
|
|
|
|
* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> 1.29.20-2
|
|
- Fix auditing to semanage
|
|
- Change genhomedircon to use new prefix interface in libselinux
|
|
|
|
* Tue Feb 07 2006 Dan Walsh <dwalsh@redhat.com> 1.29.20-1
|
|
- Update from upstream
|
|
* Merged seuser/user_extra support patch to semodule_package
|
|
from Joshua Brindle.
|
|
* Merged getopt type fix for semodule_link/expand and sestatus
|
|
from Chris PeBenito.
|
|
- Fix genhomedircon output
|
|
|
|
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.29.18-2.1
|
|
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
|
* Fri Feb 3 2006 Dan Walsh <dwalsh@redhat.com> 1.29.18-2
|
|
- Add auditing to semanage
|
|
|
|
* Thu Feb 2 2006 Dan Walsh <dwalsh@redhat.com> 1.29.18-1
|
|
- Update from upstream
|
|
* Merged clone record on set_con patch from Ivan Gyurdiev.
|
|
|
|
* Mon Jan 30 2006 Dan Walsh <dwalsh@redhat.com> 1.29.17-1
|
|
- Update from upstream
|
|
* Merged genhomedircon fix from Dan Walsh.
|
|
* Merged seusers.system patch from Ivan Gyurdiev.
|
|
* Merged improve port/fcontext API patch from Ivan Gyurdiev.
|
|
* Merged genhomedircon patch from Dan Walsh.
|
|
|
|
* Fri Jan 27 2006 Dan Walsh <dwalsh@redhat.com> 1.29.15-1
|
|
- Update from upstream
|
|
* Merged newrole audit patch from Steve Grubb.
|
|
* Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
|
|
* Merged semanage and semodule access check patches from Joshua Brindle.
|
|
* Wed Jan 25 2006 Dan Walsh <dwalsh@redhat.com> 1.29.12-1
|
|
- Add a default of /export/home
|
|
|
|
* Wed Jan 25 2006 Dan Walsh <dwalsh@redhat.com> 1.29.11-3
|
|
- Cleanup of the patch
|
|
|
|
* Wed Jan 25 2006 Dan Walsh <dwalsh@redhat.com> 1.29.11-2
|
|
- Correct handling of symbolic links in restorecon
|
|
|
|
* Wed Jan 25 2006 Dan Walsh <dwalsh@redhat.com> 1.29.11-1
|
|
- Added translation support to semanage
|
|
- Update from upstream
|
|
* Modified newrole and run_init to use the loginuid when
|
|
supported to obtain the Linux user identity to re-authenticate,
|
|
and to fall back to real uid. Dropped the use of the SELinux
|
|
user identity, as Linux users are now mapped to SELinux users
|
|
via seusers and the SELinux user identity space is separate.
|
|
* Merged semanage bug fixes from Ivan Gyurdiev.
|
|
* Merged semanage fixes from Russell Coker.
|
|
* Merged chcat.8 and genhomedircon patches from Dan Walsh.
|
|
|
|
* Thu Jan 19 2006 Dan Walsh <dwalsh@redhat.com> 1.29.9-2
|
|
- Fix genhomedircon to work on MLS policy
|
|
|
|
* Thu Jan 19 2006 Dan Walsh <dwalsh@redhat.com> 1.29.9-1
|
|
- Update to match NSA
|
|
* Merged chcat, semanage, and setsebool patches from Dan Walsh.
|
|
|
|
* Thu Jan 19 2006 Dan Walsh <dwalsh@redhat.com> 1.29.8-4
|
|
- Fixes for "add"-"modify" error messages
|
|
- Fixes for chcat
|
|
|
|
* Wed Jan 18 2006 Dan Walsh <dwalsh@redhat.com> 1.29.8-3
|
|
- Add management of translation file to semaange and seobject
|
|
|
|
* Wed Jan 18 2006 Dan Walsh <dwalsh@redhat.com> 1.29.8-2
|
|
- Fix chcat -l -L to work while not root
|
|
|
|
* Wed Jan 18 2006 Dan Walsh <dwalsh@redhat.com> 1.29.8-1
|
|
- Update to match NSA
|
|
* Merged semanage fixes from Ivan Gyurdiev.
|
|
* Merged semanage fixes from Russell Coker.
|
|
* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
|
|
|
|
* Tue Jan 17 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-4
|
|
- Update chcat to manage user categories also
|
|
|
|
* Sat Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-3
|
|
- Add check for root for semanage, genhomedircon
|
|
|
|
* Sat Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-2
|
|
- Add ivans patch
|
|
|
|
* Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-1
|
|
- Update to match NSA
|
|
* Merged newrole cleanup patch from Steve Grubb.
|
|
* Merged setfiles/restorecon performance patch from Russell Coker.
|
|
* Merged genhomedircon and semanage patches from Dan Walsh.
|
|
* Merged remove add_local/set_local patch from Ivan Gyurdiev.
|
|
|
|
* Tue Jan 10 2006 Dan Walsh <dwalsh@redhat.com> 1.29.5-3
|
|
- Fixes for mls policy
|
|
|
|
* Tue Jan 10 2006 Dan Walsh <dwalsh@redhat.com> 1.29.5-2
|
|
- Update semanage and split out seobject
|
|
- Fix labeleing of home_root
|
|
|
|
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.29.5-1
|
|
- Update to match NSA
|
|
* Added filename to semodule error reporting.
|
|
|
|
* Thu Jan 5 2006 Dan Walsh <dwalsh@redhat.com> 1.29.4-1
|
|
- Update to match NSA
|
|
* Merged genhomedircon and semanage patch from Dan Walsh.
|
|
* Changed semodule error reporting to include argv[0].
|
|
|
|
* Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.29.3-1
|
|
- Update to match NSA
|
|
* Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
|
|
* Merged patch series from Ivan Gyurdiev.
|
|
This includes patches to:
|
|
- cleanup setsebool
|
|
- update setsebool to apply active booleans through libsemanage
|
|
- update semodule to use the new semanage_set_rebuild() interface
|
|
- fix various bugs in semanage
|
|
* Merged patch from Dan Walsh (Red Hat).
|
|
This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
|
|
and semanage.
|
|
|
|
* Mon Jan 2 2006 Dan Walsh <dwalsh@redhat.com> 1.29.2-10
|
|
- Fix restorecon to not say it is changing user section when -vv is specified
|
|
|
|
* Tue Dec 27 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-9
|
|
- Fixes for semanage, patch from Ivan and added a test script
|
|
|
|
* Sat Dec 24 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-8
|
|
- Fix getpwnam call
|
|
|
|
* Fri Dec 23 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-7
|
|
- Anaconda fixes
|
|
|
|
* Thu Dec 22 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-6
|
|
- Turn off try catch block to debug anaconda failure
|
|
|
|
* Tue Dec 20 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-5
|
|
- More fixes for chcat
|
|
|
|
* Tue Dec 20 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-4
|
|
- Add try catch for files that may not exists
|
|
|
|
* Mon Dec 19 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-3
|
|
- Remove commands from genhomedircon for installer
|
|
|
|
* Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-1
|
|
- Fix genhomedircon to work in installer
|
|
- Update to match NSA
|
|
* Merged patch for chcat script from Dan Walsh.
|
|
|
|
* Fri Dec 9 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-2
|
|
- More fixes to chcat
|
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
- rebuilt
|
|
|
|
* Thu Dec 8 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-1
|
|
- Update to match NSA
|
|
* Merged fix for audit2allow long option list from Dan Walsh.
|
|
* Merged -r option for restorecon (alias for -R) from Dan Walsh.
|
|
* Merged chcat script and man page from Dan Walsh.
|
|
|
|
* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.28-1
|
|
- Update to match NSA
|
|
- Add gfs support
|
|
|
|
* Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.37-1
|
|
- Update to match NSA
|
|
- Add chcat to policycoreutils, adding +/- syntax
|
|
`
|
|
* Tue Dec 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-2
|
|
- Require new version of libsemanage
|
|
|
|
* Mon Dec 5 2005 Dan Walsh <dwalsh@redhat.com> 1.27.36-1
|
|
- Update to match NSA
|
|
* Changed genhomedircon to warn on use of ROLE in homedir_template
|
|
if using managed policy, as libsemanage does not yet support it.
|
|
|
|
* Sun Dec 4 2005 Dan Walsh <dwalsh@redhat.com> 1.27.35-1
|
|
- Update to match NSA
|
|
* Merged genhomedircon bug fix from Dan Walsh.
|
|
* Revised semodule* man pages to refer to checkmodule and
|
|
to include example sections.
|
|
|
|
* Thu Dec 1 2005 Dan Walsh <dwalsh@redhat.com> 1.27.33-1
|
|
- Update to match NSA
|
|
* Merged audit2allow --tefile and --fcfile support from Dan Walsh.
|
|
* Merged genhomedircon fix from Dan Walsh.
|
|
* Merged semodule* man pages from Dan Walsh, and edited them.
|
|
* Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
|
|
retain validation/canonicalization of contexts during init.
|
|
|
|
* Wed Nov 30 2005 Dan Walsh <dwalsh@redhat.com> 1.27.31-1
|
|
- Update to match NSA
|
|
* Changed genhomedircon to always use user_r for the role in the
|
|
managed case since user_get_defrole is broken.
|
|
- Add te file capabilities to audit2allow
|
|
- Add man pages for semodule
|
|
|
|
* Tue Nov 29 2005 Dan Walsh <dwalsh@redhat.com> 1.27.30-1
|
|
- Update to match NSA
|
|
* Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
|
|
* Fixed semodule -v option.
|
|
|
|
* Mon Nov 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.29-1
|
|
- Update to match NSA
|
|
* Merged audit2allow python script from Dan Walsh.
|
|
(old script moved to audit2allow.perl, will be removed later).
|
|
* Merged genhomedircon fixes from Dan Walsh.
|
|
* Merged semodule quieting patch from Dan Walsh
|
|
(inverts default, use -v to restore original behavior).
|
|
|
|
* Thu Nov 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-3
|
|
- Audit2allow
|
|
* Add more error checking
|
|
* Add gen policy package
|
|
* Add gen requires
|
|
|
|
* Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2
|
|
- Update to match NSA
|
|
* Merged genhomedircon rewrite from Dan Walsh.
|
|
- Rewrite audit2allow to python
|
|
|
|
* Mon Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-5
|
|
- Fix genhomedircon to work with non libsemanage systems
|
|
|
|
* Fri Nov 11 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-3
|
|
- Patch genhomedircon to use libsemanage.py stuff
|
|
|
|
* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.27.27-1
|
|
- Update to match NSA
|
|
* Merged setsebool cleanup patch from Ivan Gyurdiev.
|
|
|
|
* Wed Nov 9 2005 Dan Walsh <dwalsh@redhat.com> 1.27.26-4
|
|
- Fix genhomedircon to use seusers file, temporary fix until swigified semanage
|
|
|
|
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.26-1
|
|
* Added -B (--build) option to semodule to force a rebuild.
|
|
* Reverted setsebool patch to call semanage_set_reload_bools().
|
|
* Changed setsebool to disable policy reload and to call
|
|
security_set_boolean_list to update the runtime booleans.
|
|
* Changed setfiles -c to use new flag to set_matchpathcon_flags()
|
|
to disable context translation by matchpathcon_init().
|
|
|
|
* Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.23-1
|
|
- Update to match NSA
|
|
* Changed setfiles for the context canonicalization support.
|
|
* Changed setsebool to call semanage_is_managed() interface
|
|
and fall back to security_set_boolean_list() if policy is
|
|
not managed.
|
|
* Merged setsebool memory leak fix from Ivan Gyurdiev.
|
|
* Merged setsebool patch to call semanage_set_reload_bools()
|
|
interface from Ivan Gyurdiev.
|
|
|
|
* Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.20-1
|
|
- Update to match NSA
|
|
* Merged setsebool patch from Ivan Gyurdiev.
|
|
This moves setsebool from libselinux/utils to policycoreutils,
|
|
and rewrites it to use libsemanage for permanent boolean changes.
|
|
|
|
* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-2
|
|
- Rebuild to use latest libselinux, libsemanage, and libsepol
|
|
|
|
* Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
|
|
- Update to match NSA
|
|
* Merged semodule support for reload, noreload, and store options
|
|
from Joshua Brindle.
|
|
* Merged semodule_package rewrite from Joshua Brindle.
|
|
|
|
* Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.27.18-1
|
|
- Update to match NSA
|
|
* Cleaned up usage and error messages and releasing of memory by
|
|
semodule utilities.
|
|
* Corrected error reporting by semodule.
|
|
* Updated semodule_expand for change to sepol interface.
|
|
* Merged fixes for make DESTDIR= builds from Joshua Brindle.
|
|
|
|
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.27.14-1
|
|
- Update to match NSA
|
|
* Updated semodule_package for sepol interface changes.
|
|
|
|
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 1.27.13-1
|
|
- Update to match NSA
|
|
* Updated semodule_expand/link for sepol interface changes.
|
|
|
|
* Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.27.12-1
|
|
- Update to match NSA
|
|
* Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
|
|
|
|
* Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.27.11-1
|
|
- Update to match NSA
|
|
* Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
|
|
* Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
|
|
* Merged fixfiles patch from Dan Walsh (Red Hat).
|
|
* Updated semodule for removal of semanage_strerror.
|
|
|
|
|
|
* Thu Oct 13 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-2
|
|
- Fix run_init.pamd and spec file
|
|
|
|
* Wed Oct 12 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
|
|
- Update to match NSA
|
|
* Updated semodule_link and semodule_expand to use shared libsepol.
|
|
Fixed audit2why to call policydb_init prior to policydb_read (still
|
|
uses the static libsepol).
|
|
|
|
* Mon Oct 10 2005 Dan Walsh <dwalsh@redhat.com> 1.27.6-1
|
|
- Update to match NSA
|
|
* Updated for changes to libsepol.
|
|
Changed semodule and semodule_package to use the shared libsepol.
|
|
Disabled build of semodule_link and semodule_expand for now.
|
|
Updated audit2why for relocated policydb internal headers,
|
|
still needs to be converted to a shared lib interface.
|
|
|
|
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-3
|
|
- Update newrole pam file to remove pam-stack
|
|
- Update run_init pam file to remove pam-stack
|
|
|
|
* Thu Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-1
|
|
- Update to match NSA
|
|
* Fixed warnings in load_policy.
|
|
* Rewrote load_policy to use the new selinux_mkload_policy()
|
|
interface provided by libselinux.
|
|
|
|
* Wed Oct 5 2005 Dan Walsh <dwalsh@redhat.com> 1.27.3-2
|
|
- Rebuild with newer libararies
|
|
|
|
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.3-1
|
|
- Update to match NSA
|
|
* Merged patch to update semodule to the new libsemanage API
|
|
and improve the user interface from Karl MacMillan (Tresys).
|
|
* Modified semodule for the create/connect API split.
|
|
|
|
* Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.2-2
|
|
- More fixes to stop find from following nfs paths
|
|
|
|
* Wed Sep 21 2005 Dan Walsh <dwalsh@redhat.com> 1.27.2-1
|
|
- Update to match NSA
|
|
* Merged run_init open_init_pty bug fix from Manoj Srivastava
|
|
(unblock SIGCHLD). Bug reported by Erich Schubert.
|
|
|
|
* Tue Sep 20 2005 Dan Walsh <dwalsh@redhat.com> 1.27.1-1
|
|
- Update to match NSA
|
|
* Merged error shadowing bug fix for restorecon from Dan Walsh.
|
|
* Merged setfiles usage/man page update for -r option from Dan Walsh.
|
|
* Merged fixfiles -C patch to ignore :s0 addition on update
|
|
to a MCS/MLS policy from Dan Walsh.
|
|
|
|
* Thu Sep 15 2005 Dan Walsh <dwalsh@redhat.com> 1.26-3
|
|
- Add chcat script for use with chcon.
|
|
|
|
* Tue Sep 13 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
|
|
- Fix restorecon to exit with error code
|
|
|
|
* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-1
|
|
* Updated version for release.
|
|
|
|
* Tue Sep 6 2005 Dan Walsh <dwalsh@redhat.com> 1.25.9-2
|
|
- Add prereq for mount command
|
|
|
|
* Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.25.9-1
|
|
- Update to match NSA
|
|
* Changed setfiles -c to translate the context to raw format
|
|
prior to calling libsepol.
|
|
|
|
* Fri Aug 26 2005 Dan Walsh <dwalsh@redhat.com> 1.25.7-3
|
|
- Use new version of libsemange and require it for install
|
|
|
|
* Fri Aug 26 2005 Dan Walsh <dwalsh@redhat.com> 1.25.7-2
|
|
- Ignore s0 in file context
|
|
|
|
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.7-1
|
|
- Update to match NSA
|
|
* Merged patch for fixfiles -C from Dan Walsh.
|
|
|
|
* Tue Aug 23 2005 Dan Walsh <dwalsh@redhat.com> 1.25.6-1
|
|
- Update to match NSA
|
|
* Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
|
|
Bugs found by Coverity.
|
|
|
|
* Mon Aug 22 2005 Dan Walsh <dwalsh@redhat.com> 1.25.5-3
|
|
- Fix fixfiles to call sort -u followed by sort -d.
|
|
|
|
* Wed Aug 17 2005 Dan Walsh <dwalsh@redhat.com> 1.25.5-2
|
|
- Change fixfiles to ignore /home directory on updates
|
|
|
|
* Fri Aug 5 2005 Dan Walsh <dwalsh@redhat.com> 1.25.5-1
|
|
- Update to match NSA
|
|
* Merged patch to move module read/write code from libsemanage
|
|
to libsepol from Jason Tang (Tresys).
|
|
|
|
* Thu Jul 28 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
|
|
- Update to match NSA
|
|
* Changed semodule* to link with libsemanage.
|
|
|
|
* Wed Jul 27 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
|
|
- Update to match NSA
|
|
* Merged restorecon patch from Ivan Gyurdiev.
|
|
|
|
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-1
|
|
- Update to match NSA
|
|
* Merged load_policy, newrole, and genhomedircon patches from Red Hat.
|
|
|
|
* Thu Jul 7 2005 Dan Walsh <dwalsh@redhat.com> 1.25.1-1
|
|
- Update to match NSA
|
|
* Merged loadable module support from Tresys Technology.
|
|
|
|
* Wed Jun 29 2005 Dan Walsh <dwalsh@redhat.com> 1.24-1
|
|
- Update to match NSA
|
|
* Updated version for release.
|
|
|
|
* Tue Jun 14 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-4
|
|
- Fix Ivan's patch for user role changes
|
|
|
|
* Sat May 28 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-3
|
|
- Add Ivan's patch for user role changes in genhomedircon
|
|
|
|
* Thu May 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-2
|
|
- Fix warning message on reload of booleans
|
|
|
|
|
|
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
|
|
- Update to match NSA
|
|
* Merged fixfiles and newrole patch from Dan Walsh.
|
|
* Merged audit2why man page from Dan Walsh.
|
|
|
|
* Thu May 19 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-2
|
|
- Add call to pam_acct_mgmt in newrole.
|
|
|
|
* Tue May 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1
|
|
- Update to match NSA
|
|
* Extended audit2why to incorporate booleans and local user
|
|
settings when analyzing audit messages.
|
|
|
|
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 1.23.9-1
|
|
- Update to match NSA
|
|
* Updated audit2why for sepol_ prefixes on Flask types to
|
|
avoid namespace collision with libselinux, and to
|
|
include <selinux/selinux.h> now.
|
|
|
|
* Fri May 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.8-1
|
|
- Fix fixfiles to accept -f
|
|
- Update to match NSA
|
|
* Added audit2why utility.
|
|
|
|
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-1
|
|
- Change -f flag in fixfiles to remove stuff from /tmp
|
|
- Change -F flag to pass -F flag to restorecon/fixfiles. (IE Force relabel).
|
|
|
|
* Thu Apr 14 2005 Dan Walsh <dwalsh@redhat.com> 1.23.6-1
|
|
- Update to match NSA
|
|
* Fixed signed/unsigned pointer bug in load_policy.
|
|
* Reverted context validation patch for genhomedircon.
|
|
|
|
* Wed Apr 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.5-1
|
|
- Update to match NSA
|
|
* Reverted load_policy is_selinux_enabled patch from Dan Walsh.
|
|
Otherwise, an initial policy load cannot be performed using
|
|
load_policy, e.g. for anaconda.
|
|
|
|
|
|
* Mon Apr 11 2005 Dan Walsh <dwalsh@redhat.com> 1.23.4-3
|
|
- remove is_selinux_enabled check from load_policy (Bad idea)
|
|
|
|
* Mon Apr 11 2005 Dan Walsh <dwalsh@redhat.com> 1.23.4-1
|
|
- Update to version from NSA
|
|
* Merged load_policy is_selinux_enabled patch from Dan Walsh.
|
|
* Merged restorecon verbose output patch from Dan Walsh.
|
|
* Merged setfiles altroot patch from Chris PeBenito.
|
|
|
|
* Thu Apr 7 2005 Dan Walsh <dwalsh@redhat.com> 1.23.3-2
|
|
- Don't run load_policy on a non SELinux kernel.
|
|
|
|
* Wed Apr 6 2005 Dan Walsh <dwalsh@redhat.com> 1.23.3-1
|
|
- Update to version from NSA
|
|
* Merged context validation patch for genhomedircon from Eric Paris.
|
|
- Fix verbose output of restorecon
|
|
|
|
* Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.2-1
|
|
- Update to version from NSA
|
|
* Changed setfiles -c to call set_matchpathcon_flags(3) to
|
|
turn off processing of .homedirs and .local.
|
|
|
|
* Tue Mar 15 2005 Dan Walsh <dwalsh@redhat.com> 1.23.1-1
|
|
- Update to released version from NSA
|
|
* Merged rewrite of genhomedircon by Eric Paris.
|
|
* Changed fixfiles to relabel jfs since it now supports security xattrs
|
|
(as of 2.6.11). Removed reiserfs until 2.6.12 is released with
|
|
fixed support for reiserfs and selinux.
|
|
|
|
* Thu Mar 10 2005 Dan Walsh <dwalsh@redhat.com> 1.22-2
|
|
- Update to released version from NSA
|
|
- Patch genhomedircon to handle passwd in different places.
|
|
|
|
* Wed Mar 9 2005 Dan Walsh <dwalsh@redhat.com> 1.21.22-2
|
|
- Fix genhomedircon to not put bad userad error in file_contexts.homedir
|
|
|
|
* Tue Mar 8 2005 Dan Walsh <dwalsh@redhat.com> 1.21.22-1
|
|
- Cleanup error reporting
|
|
|
|
* Tue Mar 1 2005 Dan Walsh <dwalsh@redhat.com> 1.21.21-1
|
|
* Merged load_policy and genhomedircon patch from Dan Walsh.
|
|
|
|
* Mon Feb 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-3
|
|
- Fix genhomedircon to add extr "\n"
|
|
|
|
* Fri Feb 25 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-2
|
|
- Fix genhomedircon to handle blank users
|
|
|
|
* Fri Feb 25 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-1
|
|
- Update to latest from NSA
|
|
- Add call to libsepol
|
|
|
|
* Thu Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-4
|
|
- Fix genhomedircon to handle root
|
|
- Fix fixfiles to better handle file system types
|
|
|
|
* Wed Feb 23 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-2
|
|
- Fix genhomedircon to handle spaces in SELINUXPOLICYTYPE
|
|
|
|
* Tue Feb 22 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-1
|
|
- Update to latest from NSA
|
|
* Merged several fixes from Ulrich Drepper.
|
|
|
|
* Mon Feb 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.18-2
|
|
- Apply Uli patch
|
|
* The Makefiles should use the -Wall option even if compiled in beehive
|
|
* Add -W, too
|
|
* use -Werror when used outside of beehive. This could also be used unconditionally
|
|
* setfiles/setfiles.c: fix resulting warning
|
|
* restorecon/restorecon.c: Likewise
|
|
* run_init/open_init_pty.c: argc hasn't been checked, the program would crash if
|
|
called without parameters. ignore the return value of nice properly.
|
|
* run_init: don't link with -ldl lutil
|
|
* load_policy: that's the bad bug. pointer to unsigned int is passed, size_t is
|
|
written to. fails on 64-bit archs
|
|
* sestatus: signed vs unsigned problem
|
|
* newrole: don't link with -ldl
|
|
|
|
* Sat Feb 19 2005 Dan Walsh <dwalsh@redhat.com> 1.21.18-1
|
|
- Update to latest from NSA
|
|
* Changed load_policy to fall back to the original policy upon
|
|
an error from sepol_genusers().
|
|
|
|
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.21.17-2
|
|
- Only restorecon on ext[23], reiser and xfs
|
|
|
|
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.21.17-1
|
|
- Update to latest from NSA
|
|
* Merged new genhomedircon script from Dan Walsh.
|
|
* Changed load_policy to call sepol_genusers().
|
|
|
|
* Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.21.15-9
|
|
- Remove Red Hat rhpl usage
|
|
- Add back in original syntax
|
|
- Update man page to match new syntax
|
|
|
|
* Fri Feb 11 2005 Dan Walsh <dwalsh@redhat.com> 1.21.15-8
|
|
- Fix genhomedircon regular expression
|
|
- Fix exclude in restorecon
|
|
|
|
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.15-5
|
|
- Trap failure on write
|
|
- Rewrite genhomedircon to generate file_context.homedirs
|
|
- several passes
|
|
|
|
* Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.15-1
|
|
- Update from NSA
|
|
* Changed relabel Makefile target to use restorecon.
|
|
|
|
* Wed Feb 9 2005 Dan Walsh <dwalsh@redhat.com> 1.21.14-1
|
|
- Update from NSA
|
|
* Merged restorecon patch from Dan Walsh.
|
|
|
|
* Tue Feb 8 2005 Dan Walsh <dwalsh@redhat.com> 1.21.13-1
|
|
- Update from NSA
|
|
* Merged further change to fixfiles -C from Dan Walsh.
|
|
* Merged updated fixfiles script from Dan Walsh.
|
|
- Fix error handling of restorecon
|
|
|
|
|
|
* Mon Feb 7 2005 Dan Walsh <dwalsh@redhat.com> 1.21.12-2
|
|
- Fix sestatus for longer booleans
|
|
|
|
* Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.12-1
|
|
- More cleanup of fixfiles sed patch
|
|
* Merged further patches for restorecon/setfiles -e and fixfiles -C.
|
|
|
|
* Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-2
|
|
- More cleanup of fixfiles sed patch
|
|
|
|
* Mon Jan 31 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-1
|
|
- More cleanup of fixfiles sed patch
|
|
- Upgrade to latest from NSA
|
|
* Merged patch for open_init_pty from Manoj Srivastava.
|
|
|
|
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.9-1
|
|
- More cleanup of sed patch
|
|
- Upgrade to latest from NSA
|
|
* Merged updated fixfiles script from Dan Walsh.
|
|
* Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
|
|
* Reverted fixfiles patch for file_contexts.local;
|
|
obsoleted by setfiles rewrite.
|
|
* Merged error handling patch for restorecon from Dan Walsh.
|
|
* Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
|
|
* Rewrote setfiles to use matchpathcon and the new interfaces
|
|
exported by libselinux (>= 1.21.5).
|
|
|
|
|
|
* Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-3
|
|
- Fix fixfiles patch
|
|
- Upgrade to latest from NSA
|
|
* Prevent overflow of spec array in setfiles.
|
|
- Add diff comparason between file_contexts to fixfiles
|
|
- Allow restorecon to give an warning on file not found instead of exiting
|
|
|
|
* Thu Jan 27 2005 Dan Walsh <dwalsh@redhat.com> 1.21.5-1
|
|
- Upgrade to latest from NSA
|
|
* Merged newrole -l support from Darrel Goeddel (TCS).
|
|
- Fix genhomedircon STARTING_UID
|
|
|
|
* Wed Jan 26 2005 Dan Walsh <dwalsh@redhat.com> 1.21.4-1
|
|
- Upgrade to latest from NSA
|
|
* Merged fixfiles patch for file_contexts.local from Dan Walsh.
|
|
|
|
* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-2
|
|
- Temp file needs to be created in /etc/selinux/POLICYTYPE/contexts/files/ directory.
|
|
|
|
* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-1
|
|
- Upgrade to latest from NSA
|
|
* Fixed restorecon to not treat errors from is_context_customizable()
|
|
as a customizable context.
|
|
* Merged setfiles/restorecon patch to not reset user field unless
|
|
-F option is specified from Dan Walsh.
|
|
* Merged open_init_pty helper for run_init from Manoj Srivastava.
|
|
* Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
|
|
|
|
* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
|
|
- Don't change user componant if it is all that changed unless forced.
|
|
- Change fixfiles to concatinate file_context.local for setfiles
|
|
|
|
* Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-1
|
|
- Update to latest from NSA
|
|
|
|
* Mon Jan 10 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-2
|
|
- Fix restorecon segfault
|
|
|
|
* Mon Jan 3 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-1
|
|
- Update to latest from NSA
|
|
* Merged fixfiles rewrite from Dan Walsh.
|
|
* Merged restorecon patch from Dan Walsh.
|
|
|
|
* Mon Jan 3 2005 Dan Walsh <dwalsh@redhat.com> 1.19.3-1
|
|
- Update to latest from NSA
|
|
* Merged fixfiles and restorecon patches from Dan Walsh.
|
|
* Don't display change if only user part changed.
|
|
|
|
* Mon Jan 3 2005 Dan Walsh <dwalsh@redhat.com> 1.19.2-4
|
|
- Fix fixfiles handling of rpm
|
|
- Fix restorecon to not warn on symlinks unless -v -v
|
|
- Fix output of verbose to show old context as well as new context
|
|
|
|
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
|
|
- Update to latest from NSA
|
|
* Changed restorecon to ignore ENOENT errors from matchpathcon.
|
|
* Merged nonls patch from Chris PeBenito.
|
|
|
|
* Mon Dec 20 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-1
|
|
- Update to latest from NSA
|
|
* Removed fixfiles.cron.
|
|
* Merged run_init.8 patch from Dan Walsh.
|
|
|
|
* Thu Nov 18 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-3
|
|
- Fix run_init.8 to refer to correct location of initrc_context
|
|
|
|
* Wed Nov 3 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-1
|
|
- Upgrade to latest from NSA
|
|
|
|
* Wed Oct 27 2004 Steve Grubb <sgrubb@redhat.com> 1.17.7-3
|
|
- Add code to sestatus to output the current policy from config file
|
|
|
|
* Fri Oct 22 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-2
|
|
- Patch audit2allow to return self and no brackets if only one rule
|
|
|
|
* Fri Oct 22 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
|
|
- Update to latest from NSA
|
|
- Eliminate fixfiles.cron
|
|
|
|
* Tue Oct 12 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-2
|
|
- Only run fixfiles.cron once a week, and eliminate null message
|
|
|
|
* Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
|
|
- Update with NSA
|
|
* Added -l option to setfiles to log changes via syslog.
|
|
* Merged -e option to setfiles to exclude directories.
|
|
* Merged -R option to restorecon for recursive descent.
|
|
* Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-6
|
|
- Add -e (exclude directory) switch to setfiles
|
|
- Add syslog to setfiles
|
|
|
|
* Fri Sep 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-5
|
|
- Add -R (recursive) switch to restorecon.
|
|
|
|
* Thu Sep 23 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-4
|
|
- Change to only display to terminal if tty is specified
|
|
|
|
* Tue Sep 21 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-3
|
|
- Only display to stdout if logfile not specified
|
|
|
|
* Thu Sep 9 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-2
|
|
- Add Steve Grubb patch to cleanup log files.
|
|
|
|
* Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-1
|
|
- Add optargs
|
|
- Update to match NSA
|
|
|
|
* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
|
|
- Add fix to get cdrom info from /proc/media in fixfiles.
|
|
|
|
* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-4
|
|
- Add Steve Grub patches for
|
|
* Fix fixfiles.cron MAILTO
|
|
* Several problems in sestatus
|
|
|
|
* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-3
|
|
- Add -q (quiet) qualifier to load_policy to not report warnings
|
|
|
|
* Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-2
|
|
- Add requires for libsepol >= 1.1.1
|
|
|
|
* Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-1
|
|
- Update to latest from upstream
|
|
|
|
* Mon Aug 23 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
|
|
- Update to latest from upstream
|
|
- Includes Colin patch for verifying file_contexts
|
|
|
|
* Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.17.1-1
|
|
- Update to latest from upstream
|
|
|
|
* Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.7-1
|
|
- Update to latest from upstream
|
|
|
|
* Thu Aug 12 2004 Dan Walsh <dwalsh@redhat.com> 1.15.6-1
|
|
- Add Man page for load_policy
|
|
|
|
* Tue Aug 10 2004 Dan Walsh <dwalsh@redhat.com> 1.15.5-1
|
|
- new version from NSA uses libsepol
|
|
|
|
* Mon Aug 2 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-2
|
|
- Fix genhomedircon join command
|
|
|
|
* Thu Jul 29 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
|
|
- Latest from NSA
|
|
|
|
* Mon Jul 26 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-4
|
|
- Change fixfiles to not change when running a check
|
|
|
|
* Tue Jul 20 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-3
|
|
- Fix restorecon getopt call to stop hang on IBM Arches
|
|
|
|
* Mon Jul 19 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-2
|
|
- Only mail files less than 100 lines from fixfiles.cron
|
|
- Add Russell's fix for genhomedircon
|
|
|
|
* Fri Jul 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
|
|
- Latest from NSA
|
|
|
|
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-2
|
|
- Add ro warnings
|
|
|
|
* Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
|
|
- Latest from NSA
|
|
- Fix fixfiles.cron to delete outfile
|
|
|
|
* Tue Jul 6 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-2
|
|
- Fix fixfiles.cron to not run on non SELinux boxes
|
|
- Fix several problems in fixfiles and fixfiles.cron
|
|
|
|
* Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
|
|
- Update from NSA
|
|
- Add cron capability to fixfiles
|
|
|
|
* Fri Jun 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
|
|
- Update from NSA
|
|
|
|
* Thu Jun 24 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
|
|
- Fix fixfiles to handle no rpm file on relabel
|
|
|
|
* Wed Jun 23 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-1
|
|
- Update latest from NSA
|
|
- Add -o option to setfiles to save output of any files with incorrect context.
|
|
|
|
* Tue Jun 22 2004 Dan Walsh <dwalsh@redhat.com> 1.13.2-2
|
|
- Add rpm support to fixfiles
|
|
- Update restorecon to add file input support
|
|
|
|
* Fri Jun 18 2004 Dan Walsh <dwalsh@redhat.com> 1.13.2-1
|
|
- Update with NSA Latest
|
|
|
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Sat Jun 12 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-2
|
|
- Fix run_init to use policy formats
|
|
|
|
* Wed Jun 2 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-1
|
|
- Update from NSA
|
|
|
|
* Tue May 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13-3
|
|
- Change location of file_context file
|
|
|
|
* Tue May 25 2004 Dan Walsh <dwalsh@redhat.com> 1.13-2
|
|
- Change to use /etc/sysconfig/selinux to determine location of policy files
|
|
|
|
* Fri May 21 2004 Dan Walsh <dwalsh@redhat.com> 1.13-1
|
|
- Update to latest from NSA
|
|
- Change fixfiles to prompt before deleteing /tmp files
|
|
|
|
* Tue May 18 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
|
|
- have restorecon ingnore <<none>>
|
|
- Hand matchpathcon the file status
|
|
|
|
* Thu May 13 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
|
|
- Update to match NSA
|
|
|
|
* Mon May 10 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
|
|
- Move location of log file to /var/tmp
|
|
|
|
* Mon May 10 2004 Dan Walsh <dwalsh@redhat.com> 1.11-3
|
|
- Better grep command for bind
|
|
|
|
* Fri May 7 2004 Dan Walsh <dwalsh@redhat.com> 1.11-2
|
|
- Eliminate bind and context mounts
|
|
|
|
* Wed May 5 2004 Dan Walsh <dwalsh@redhat.com> 1.11-1
|
|
- update to match NSA
|
|
|
|
* Wed Apr 28 2004 Dan Walsh <dwalsh@redhat.com> 1.10-4
|
|
- Log fixfiles to the /tmp directory
|
|
|
|
* Wed Apr 21 2004 Colin Walters <walters@redhat.com> 1.10-3
|
|
- Add patch to fall back to authenticating via uid if
|
|
the current user's SELinux user identity is the default
|
|
identity
|
|
- Add BuildRequires pam-devel
|
|
|
|
* Mon Apr 12 2004 Dan Walsh <dwalsh@redhat.com> 1.10-2
|
|
- Add man page, thanks to Richard Halley
|
|
|
|
* Thu Apr 8 2004 Dan Walsh <dwalsh@redhat.com> 1.10-1
|
|
- Upgrade to latest from NSA
|
|
|
|
* Fri Apr 2 2004 Dan Walsh <dwalsh@redhat.com> 1.9.2-1
|
|
- Update with latest from gentoo and NSA
|
|
|
|
* Thu Apr 1 2004 Dan Walsh <dwalsh@redhat.com> 1.9.1-1
|
|
- Check return codes in sestatus.c
|
|
|
|
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-19
|
|
- Fix sestatus to not double free
|
|
- Fix sestatus.conf to be unix format
|
|
|
|
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-18
|
|
- Warn on setfiles failure to relabel.
|
|
|
|
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-17
|
|
- Updated version of sestatus
|
|
|
|
* Mon Mar 29 2004 Dan Walsh <dwalsh@redhat.com> 1.9-16
|
|
- Fix fixfiles to checklabel properly
|
|
|
|
* Fri Mar 26 2004 Dan Walsh <dwalsh@redhat.com> 1.9-15
|
|
- add sestatus
|
|
|
|
* Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.9-14
|
|
- Change free call to freecon
|
|
- Cleanup
|
|
|
|
* Tue Mar 23 2004 Dan Walsh <dwalsh@redhat.com> 1.9-12
|
|
- Remove setfiles-assoc patch
|
|
- Fix restorecon to not crash on missing dir
|
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-11
|
|
- Eliminate trailing / in restorecon
|
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-10
|
|
- Add Verbosity check
|
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-9
|
|
- Change restorecon to not follow symlinks. It is too difficult and confusing
|
|
- to figure out the file context for the file pointed to by a symlink.
|
|
|
|
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-8
|
|
- Fix restorecon
|
|
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-7
|
|
- Read restorecon patch
|
|
|
|
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-6
|
|
- Change genhomedircon to take POLICYSOURCEDIR from command line
|
|
|
|
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-5
|
|
- Add checkselinux
|
|
- move fixfiles and restorecon to /sbin
|
|
|
|
* Wed Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-4
|
|
- Restore patch of genhomedircon
|
|
|
|
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.9-3
|
|
- Add setfiles-assoc patch to try to freeup memory use
|
|
|
|
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.9-2
|
|
- Add fixlabels
|
|
|
|
* Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.9-1
|
|
- Update to latest from NSA
|
|
|
|
* Wed Mar 10 2004 Dan Walsh <dwalsh@redhat.com> 1.6-8
|
|
- Increase the size of buffer accepted by setfiles to BUFSIZ.
|
|
|
|
* Tue Mar 9 2004 Dan Walsh <dwalsh@redhat.com> 1.6-7
|
|
- genhomedircon should complete even if it can't read /etc/default/useradd
|
|
|
|
* Tue Mar 9 2004 Dan Walsh <dwalsh@redhat.com> 1.6-6
|
|
- fix restorecon to relabel unlabled files.
|
|
|
|
* Fri Mar 5 2004 Dan Walsh <dwalsh@redhat.com> 1.6-5
|
|
- Add genhomedircon from tresys
|
|
- Fixed patch for restorecon
|
|
|
|
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6-4
|
|
- exit out when selinux is not enabled
|
|
|
|
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6-3
|
|
- Fix minor bugs in restorecon
|
|
|
|
* Thu Feb 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6-2
|
|
- Add restorecon c program
|
|
|
|
* Tue Feb 24 2004 Dan Walsh <dwalsh@redhat.com> 1.6-1
|
|
- Update to latest tarball from NSA
|
|
|
|
* Thu Feb 19 2004 Dan Walsh <dwalsh@redhat.com> 1.4-9
|
|
- Add sort patch
|
|
|
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
- rebuilt
|
|
|
|
* Thu Jan 29 2004 Dan Walsh <dwalsh@redhat.com> 1.4-7
|
|
- remove mods to run_init since init scripts don't require it anymore
|
|
|
|
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 1.4-6
|
|
- fix genhomedircon not to return and error
|
|
|
|
* Wed Jan 28 2004 Dan Walsh <dwalsh@redhat.com> 1.4-5
|
|
- add setfiles quiet patch
|
|
|
|
* Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.4-4
|
|
- add checkcon to verify context match file_context
|
|
|
|
* Wed Jan 7 2004 Dan Walsh <dwalsh@redhat.com> 1.4-3
|
|
- fix command parsing restorecon
|
|
|
|
* Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.4-2
|
|
- Add restorecon
|
|
|
|
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
|
|
- Update to latest NSA 1.4
|
|
|
|
* Tue Nov 25 2003 Dan Walsh <dwalsh@redhat.com> 1.2-9
|
|
- Change run_init.console to run as run_init_t
|
|
|
|
* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.2-8
|
|
- Remove dietcc since load_policy is not in mkinitrd
|
|
- Change to use CONSOLEHELPER flag
|
|
|
|
* Tue Oct 14 2003 Dan Walsh <dwalsh@redhat.com> 1.2-7
|
|
- Don't authenticate run_init when used with consolehelper
|
|
|
|
* Wed Oct 01 2003 Dan Walsh <dwalsh@redhat.com> 1.2-6
|
|
- Add run_init consolehelper link
|
|
|
|
* Wed Sep 24 2003 Dan Walsh <dwalsh@redhat.com> 1.2-5
|
|
- Add russell spead up patch to deal with file path stems
|
|
|
|
* Fri Sep 12 2003 Dan Walsh <dwalsh@redhat.com> 1.2-4
|
|
- Build load_policy with diet gcc in order to save space on initrd
|
|
|
|
* Fri Sep 12 2003 Dan Walsh <dwalsh@redhat.com> 1.2-3
|
|
- Update with NSA latest
|
|
|
|
* Thu Aug 7 2003 Dan Walsh <dwalsh@redhat.com> 1.2-1
|
|
- remove i18n
|
|
- Temp remove gtk support
|
|
|
|
* Thu Aug 7 2003 Dan Walsh <dwalsh@redhat.com> 1.1-4
|
|
- Remove wnck requirement
|
|
|
|
* Thu Aug 7 2003 Dan Walsh <dwalsh@redhat.com> 1.1-3
|
|
- Add gtk support to run_init
|
|
|
|
* Tue Aug 5 2003 Dan Walsh <dwalsh@redhat.com> 1.1-2
|
|
- Add internationalization
|
|
|
|
* Mon Jun 2 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
|
|
- Initial version
|