[people/stevee/selinux-policy.git] / refpolicy / Changelog

- Fix corenetwork gen_context()'s to expand during the policy
  build phase instead of during the generation phase.  
- DISTRO=redhat now implies DIRECT_INITRC=y.
- Added policies:
	amanda
	canna
	cyrus
	dovecot
	distcc
	networkmanager
	xdm

* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
- Many fixes to make loadable modules build.
- Add targets for sechecker.
- Updated to sedoctool to read bool files and tunable
  files separately.
- Changed the xml tag of <boolean> to <bool> to be consistent
  with gen_bool().
- Modified the implementation of segenxml to use regular
  expressions.
- Rename context_template() to gen_context() to clarify
  that its not a Reference Policy template, but a support
  macro.
- Add disable_*_trans bool support for targeted policy.
- Add MLS module to handle MLS constraint exceptions,
  such as reading up and writing down.
- Fix errors uncovered by sediff.
- Added policies:
	anaconda
	apache
	apm
	arpwatch
	bluetooth
	dmidecode
	finger
	ftp
	kudzu
	mailman
	ppp
	radvd
	sasl
	webalizer

* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
- Make logrotate, sendmail, sshd, and rpm policies
  unconfined in the targeted policy so no special
  modules.conf is required.
- Add experimental MCS support.
- Add appconfig for MLS.
- Add equivalents for old can_resolve(), can_ldap(), and
  can_portmap() to sysnetwork.
- Fix base module compile issues.
- Added policies:
	cpucontrol
	cvs
	ktalk
	portmap
	postgresql
	rlogin
	samba
	snmp
	stunnel
	telnet
	tftp
	uucp
	vpn
	zebra

* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
- Fix errors uncovered by sediff.
- Doc tool will explicitly say a module does not have interfaces
  or templates on the module page.
- Added policies:
	comsat
	dbus
	dhcp
	dictd
	hal
	inn
	ntp
	squid

* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
- Add Makefile support for building loadable modules.
- Add genclassperms.py tool to add require blocks
  for loadable modules.
- Change sedoctool to make required modules part of base
  by default, otherwise make as modules, in modules.conf.
- Fix segenxml to handle modules with no interfaces.
- Rename ipsec connect interface for consistency.
- Add missing parts of unix stream socket connect interface
  of ipsec.
- Rename inetd connect interface for consistency.
- Rename interface for purging contents of tmp, for clarity,
  since it allows deletion of classes other than file.
- Misc. cleanups.
- Added policies:
	acct
	bind
	firstboot
	gpm
	howl
	ldap
	loadkeys
	mysql
	privoxy
	quota
	rshd
	rsync
	su
	sudo
	tcpd
	tmpreaper
	updfstab

* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
- Fix comparison bug in fc_sort.
- Fix handling of ordered and unordered HTML lists.
- Corenetwork now supports multiple network interfaces having the
  same type.
- Doc tool now creates pages for global Booleans and global tunables.
- Doc tool now links directly to the interface/template in the
  module page when it is selected in the interface/template index.
- Added support for layer summaries.
- Added policies:
	ipsec
	nscd
	pcmcia
	raid

* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
- Changed xml to have modules encapsulated by layer tags, rather
  than putting layer="foo" in the module tags.  Also in the future
  we can put a summary and description for each layer.
- Added tool to infer interface, module, and layer tags.  This will
  now list all interfaces, even if they are missing xml docs.
- Shortened xml tag names.
- Added macros to declare interfaces and templates.
- Added interface call trace.
- Updated all xml documentation for shorter and inferred tags.
- Doc tool now displays templates in the web pages.
- Doc tool retains the user's settings in modules.conf and
  tunables.conf if the files already exist.
- Modules.conf behavior has been changed to be a list of all
  available modules, and the user can specify if the module is
  built as a loadable module, included in the monolithic policy,
  or excluded.
- Added policies:
	fstools (fsck, mkfs, swapon, etc. tools)
	logrotate
	inetd
	kerberos
	nis (ypbind and ypserv)
	ssh (server, client, and agent)
	unconfined
- Added infrastructure for targeted policy support, only missing
	transition boolean support.

* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
	- Initial release
Commit	Line	Data
cf6141a7 CP	1	- Fix corenetwork gen_context()'s to expand during the policy
cf6141a7 CP	2	build phase instead of during the generation phase.
2b01ae7e	3	- DISTRO=redhat now implies DIRECT_INITRC=y.
cf6141a7	4	- Added policies:
10b1f324	5	amanda
3509484c	6	canna
ea557a85	7	cyrus
29ce0009	8	dovecot
cf6141a7	9	distcc
239db5e2	10	networkmanager
23a4442b	11	xdm
2b01ae7e	12
a4e8b79d	13	* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
61feb222	14	- Many fixes to make loadable modules build.
8df65f13	15	- Add targets for sechecker.
4f9f30c8 CP	16	- Updated to sedoctool to read bool files and tunable
	17	files separately.
	18	- Changed the xml tag of <boolean> to <bool> to be consistent
	19	with gen_bool().
	20	- Modified the implementation of segenxml to use regular
	21	expressions.
e02c61cf CP	22	- Rename context_template() to gen_context() to clarify
	23	that its not a Reference Policy template, but a support
	24	macro.
b03f960e	25	- Add disable_*_trans bool support for targeted policy.
f0574fa9 CP	26	- Add MLS module to handle MLS constraint exceptions,
f0574fa9 CP	27	such as reading up and writing down.
681c9a02	28	- Fix errors uncovered by sediff.
84285926	29	- Added policies:
9edc2895	30	anaconda
e749cd12	31	apache
4483ee84 CP	32	apm
4483ee84 CP	33	arpwatch
d4dca585	34	bluetooth
20e306e2	35	dmidecode
d4dca585	36	finger
fc6524d7	37	ftp
84285926	38	kudzu
799a0b43	39	mailman
e08118a5	40	ppp
fa67570d	41	radvd
f33561f5 CP	42	sasl
f33561f5 CP	43	webalizer
681c9a02	44
48558667	45	* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
142e9f40 CP	46	- Make logrotate, sendmail, sshd, and rpm policies
	47	unconfined in the targeted policy so no special
	48	modules.conf is required.
a0824843	49	- Add experimental MCS support.
c0e4fe2c	50	- Add appconfig for MLS.
98a8ead4 CP	51	- Add equivalents for old can_resolve(), can_ldap(), and
98a8ead4 CP	52	can_portmap() to sysnetwork.
082dcd9e	53	- Fix base module compile issues.
d17b4d23	54	- Added policies:
9210553e	55	cpucontrol
93070cba	56	cvs
d17b4d23	57	ktalk
eb3cb682	58	portmap
a1fcff33	59	postgresql
4fd5201a	60	rlogin
84c92239	61	samba
ccc59782	62	snmp
200f453f	63	stunnel
4fd5201a	64	telnet
40adb57f	65	tftp
f7ba4a89	66	uucp
a1fcff33	67	vpn
9ff30033	68	zebra
d17b4d23	69
541b7d57	70	* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
ce1b44aa	71	- Fix errors uncovered by sediff.
a19e3464 CP	72	- Doc tool will explicitly say a module does not have interfaces
a19e3464 CP	73	or templates on the module page.
6e61566d CP	74	- Added policies:
6e61566d CP	75	comsat
0c3d1705	76	dbus
f344c0f3	77	dhcp
ac0483ae	78	dictd
fdae8e75	79	hal
8d935234	80	inn
b11a75a5	81	ntp
0f707d52	82	squid
a19e3464	83
37aa3ff2	84	* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
e28aa682 CP	85	- Add Makefile support for building loadable modules.
	86	- Add genclassperms.py tool to add require blocks
	87	for loadable modules.
	88	- Change sedoctool to make required modules part of base
	89	by default, otherwise make as modules, in modules.conf.
	90	- Fix segenxml to handle modules with no interfaces.
	91	- Rename ipsec connect interface for consistency.
	92	- Add missing parts of unix stream socket connect interface
	93	of ipsec.
	94	- Rename inetd connect interface for consistency.
	95	- Rename interface for purging contents of tmp, for clarity,
	96	since it allows deletion of classes other than file.
	97	- Misc. cleanups.
	98	- Added policies:
	99	acct
	100	bind
	101	firstboot
	102	gpm
	103	howl
	104	ldap
	105	loadkeys
	106	mysql
	107	privoxy
	108	quota
	109	rshd
	110	rsync
	111	su
	112	sudo
	113	tcpd
	114	tmpreaper
	115	updfstab
81343a6f	116
e28aa682 CP	117	* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
	118	- Fix comparison bug in fc_sort.
	119	- Fix handling of ordered and unordered HTML lists.
	120	- Corenetwork now supports multiple network interfaces having the
	121	same type.
	122	- Doc tool now creates pages for global Booleans and global tunables.
	123	- Doc tool now links directly to the interface/template in the
	124	module page when it is selected in the interface/template index.
	125	- Added support for layer summaries.
	126	- Added policies:
	127	ipsec
	128	nscd
	129	pcmcia
	130	raid
acb668ed	131
e28aa682 CP	132	* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
	133	- Changed xml to have modules encapsulated by layer tags, rather
	134	than putting layer="foo" in the module tags. Also in the future
	135	we can put a summary and description for each layer.
	136	- Added tool to infer interface, module, and layer tags. This will
	137	now list all interfaces, even if they are missing xml docs.
	138	- Shortened xml tag names.
	139	- Added macros to declare interfaces and templates.
	140	- Added interface call trace.
	141	- Updated all xml documentation for shorter and inferred tags.
	142	- Doc tool now displays templates in the web pages.
	143	- Doc tool retains the user's settings in modules.conf and
	144	tunables.conf if the files already exist.
	145	- Modules.conf behavior has been changed to be a list of all
	146	available modules, and the user can specify if the module is
	147	built as a loadable module, included in the monolithic policy,
	148	or excluded.
	149	- Added policies:
	150	fstools (fsck, mkfs, swapon, etc. tools)
	151	logrotate
	152	inetd
	153	kerberos
	154	nis (ypbind and ypserv)
	155	ssh (server, client, and agent)
	156	unconfined
	157	- Added infrastructure for targeted policy support, only missing
	158	transition boolean support.
dfa83e92	159
e28aa682 CP	160	* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
e28aa682 CP	161	- Initial release