]>
Commit | Line | Data |
---|---|---|
cf6141a7 CP |
1 | - Fix corenetwork gen_context()'s to expand during the policy |
2 | build phase instead of during the generation phase. | |
2b01ae7e | 3 | - DISTRO=redhat now implies DIRECT_INITRC=y. |
cf6141a7 | 4 | - Added policies: |
10b1f324 | 5 | amanda |
3509484c | 6 | canna |
ea557a85 | 7 | cyrus |
29ce0009 | 8 | dovecot |
cf6141a7 | 9 | distcc |
239db5e2 | 10 | networkmanager |
23a4442b | 11 | xdm |
2b01ae7e | 12 | |
a4e8b79d | 13 | * Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019 |
61feb222 | 14 | - Many fixes to make loadable modules build. |
8df65f13 | 15 | - Add targets for sechecker. |
4f9f30c8 CP |
16 | - Updated to sedoctool to read bool files and tunable |
17 | files separately. | |
18 | - Changed the xml tag of <boolean> to <bool> to be consistent | |
19 | with gen_bool(). | |
20 | - Modified the implementation of segenxml to use regular | |
21 | expressions. | |
e02c61cf CP |
22 | - Rename context_template() to gen_context() to clarify |
23 | that its not a Reference Policy template, but a support | |
24 | macro. | |
b03f960e | 25 | - Add disable_*_trans bool support for targeted policy. |
f0574fa9 CP |
26 | - Add MLS module to handle MLS constraint exceptions, |
27 | such as reading up and writing down. | |
681c9a02 | 28 | - Fix errors uncovered by sediff. |
84285926 | 29 | - Added policies: |
9edc2895 | 30 | anaconda |
e749cd12 | 31 | apache |
4483ee84 CP |
32 | apm |
33 | arpwatch | |
d4dca585 | 34 | bluetooth |
20e306e2 | 35 | dmidecode |
d4dca585 | 36 | finger |
fc6524d7 | 37 | ftp |
84285926 | 38 | kudzu |
799a0b43 | 39 | mailman |
e08118a5 | 40 | ppp |
fa67570d | 41 | radvd |
f33561f5 CP |
42 | sasl |
43 | webalizer | |
681c9a02 | 44 | |
48558667 | 45 | * Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922 |
142e9f40 CP |
46 | - Make logrotate, sendmail, sshd, and rpm policies |
47 | unconfined in the targeted policy so no special | |
48 | modules.conf is required. | |
a0824843 | 49 | - Add experimental MCS support. |
c0e4fe2c | 50 | - Add appconfig for MLS. |
98a8ead4 CP |
51 | - Add equivalents for old can_resolve(), can_ldap(), and |
52 | can_portmap() to sysnetwork. | |
082dcd9e | 53 | - Fix base module compile issues. |
d17b4d23 | 54 | - Added policies: |
9210553e | 55 | cpucontrol |
93070cba | 56 | cvs |
d17b4d23 | 57 | ktalk |
eb3cb682 | 58 | portmap |
a1fcff33 | 59 | postgresql |
4fd5201a | 60 | rlogin |
84c92239 | 61 | samba |
ccc59782 | 62 | snmp |
200f453f | 63 | stunnel |
4fd5201a | 64 | telnet |
40adb57f | 65 | tftp |
f7ba4a89 | 66 | uucp |
a1fcff33 | 67 | vpn |
9ff30033 | 68 | zebra |
d17b4d23 | 69 | |
541b7d57 | 70 | * Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907 |
ce1b44aa | 71 | - Fix errors uncovered by sediff. |
a19e3464 CP |
72 | - Doc tool will explicitly say a module does not have interfaces |
73 | or templates on the module page. | |
6e61566d CP |
74 | - Added policies: |
75 | comsat | |
0c3d1705 | 76 | dbus |
f344c0f3 | 77 | dhcp |
ac0483ae | 78 | dictd |
fdae8e75 | 79 | hal |
8d935234 | 80 | inn |
b11a75a5 | 81 | ntp |
0f707d52 | 82 | squid |
a19e3464 | 83 | |
37aa3ff2 | 84 | * Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826 |
e28aa682 CP |
85 | - Add Makefile support for building loadable modules. |
86 | - Add genclassperms.py tool to add require blocks | |
87 | for loadable modules. | |
88 | - Change sedoctool to make required modules part of base | |
89 | by default, otherwise make as modules, in modules.conf. | |
90 | - Fix segenxml to handle modules with no interfaces. | |
91 | - Rename ipsec connect interface for consistency. | |
92 | - Add missing parts of unix stream socket connect interface | |
93 | of ipsec. | |
94 | - Rename inetd connect interface for consistency. | |
95 | - Rename interface for purging contents of tmp, for clarity, | |
96 | since it allows deletion of classes other than file. | |
97 | - Misc. cleanups. | |
98 | - Added policies: | |
99 | acct | |
100 | bind | |
101 | firstboot | |
102 | gpm | |
103 | howl | |
104 | ldap | |
105 | loadkeys | |
106 | mysql | |
107 | privoxy | |
108 | quota | |
109 | rshd | |
110 | rsync | |
111 | su | |
112 | sudo | |
113 | tcpd | |
114 | tmpreaper | |
115 | updfstab | |
81343a6f | 116 | |
e28aa682 CP |
117 | * Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802 |
118 | - Fix comparison bug in fc_sort. | |
119 | - Fix handling of ordered and unordered HTML lists. | |
120 | - Corenetwork now supports multiple network interfaces having the | |
121 | same type. | |
122 | - Doc tool now creates pages for global Booleans and global tunables. | |
123 | - Doc tool now links directly to the interface/template in the | |
124 | module page when it is selected in the interface/template index. | |
125 | - Added support for layer summaries. | |
126 | - Added policies: | |
127 | ipsec | |
128 | nscd | |
129 | pcmcia | |
130 | raid | |
acb668ed | 131 | |
e28aa682 CP |
132 | * Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707 |
133 | - Changed xml to have modules encapsulated by layer tags, rather | |
134 | than putting layer="foo" in the module tags. Also in the future | |
135 | we can put a summary and description for each layer. | |
136 | - Added tool to infer interface, module, and layer tags. This will | |
137 | now list all interfaces, even if they are missing xml docs. | |
138 | - Shortened xml tag names. | |
139 | - Added macros to declare interfaces and templates. | |
140 | - Added interface call trace. | |
141 | - Updated all xml documentation for shorter and inferred tags. | |
142 | - Doc tool now displays templates in the web pages. | |
143 | - Doc tool retains the user's settings in modules.conf and | |
144 | tunables.conf if the files already exist. | |
145 | - Modules.conf behavior has been changed to be a list of all | |
146 | available modules, and the user can specify if the module is | |
147 | built as a loadable module, included in the monolithic policy, | |
148 | or excluded. | |
149 | - Added policies: | |
150 | fstools (fsck, mkfs, swapon, etc. tools) | |
151 | logrotate | |
152 | inetd | |
153 | kerberos | |
154 | nis (ypbind and ypserv) | |
155 | ssh (server, client, and agent) | |
156 | unconfined | |
157 | - Added infrastructure for targeted policy support, only missing | |
158 | transition boolean support. | |
dfa83e92 | 159 | |
e28aa682 CP |
160 | * Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615 |
161 | - Initial release |