[people/stevee/selinux-policy.git] / refpolicy / Changelog

- Added modules:
	sysstat

* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
- Add unlabeled IPSEC association rule to domains with
  networking permissions.
- Merge systemuser back in to users, as these files
  do not need to be split.
- Add check for duplicate interface/template definitions.
- Move domain, files, and corecommands modules to kernel
  layer to resolve some layering inconsistencies.
- Move policy build options out of Makefile into build.conf.
- Add yppasswd to nis module.
- Change optional_policy() to refer to the module name
  rather than modulename.te.
- Fix labeling targets to use installed file_contexts rather
  than partial file_contexts in the policy source directory.
- Fix build process to use make's internal vpath functions
  to detect modules rather than using subshells and find.
- Add install target for modular policy.
- Add load target for modular policy.
- Add appconfig dependency to the load target.
- Miscellaneous fixes from Dan Walsh.
- Fix corenetwork gen_context()'s to expand during the policy
  build phase instead of during the generation phase.  
- Added policies:
	amanda
	avahi
	canna
	cyrus
	dbskk
	dovecot
	distcc
	i18n_input
	irqbalance
	lpd
	networkmanager
	pegasus
	postfix
	procmail
	radius
	rdisc
	rpc
	spamassassin
	timidity
	xdm
	xfs

* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
- Many fixes to make loadable modules build.
- Add targets for sechecker.
- Updated to sedoctool to read bool files and tunable
  files separately.
- Changed the xml tag of <boolean> to <bool> to be consistent
  with gen_bool().
- Modified the implementation of segenxml to use regular
  expressions.
- Rename context_template() to gen_context() to clarify
  that its not a Reference Policy template, but a support
  macro.
- Add disable_*_trans bool support for targeted policy.
- Add MLS module to handle MLS constraint exceptions,
  such as reading up and writing down.
- Fix errors uncovered by sediff.
- Added policies:
	anaconda
	apache
	apm
	arpwatch
	bluetooth
	dmidecode
	finger
	ftp
	kudzu
	mailman
	ppp
	radvd
	sasl
	webalizer

* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
- Make logrotate, sendmail, sshd, and rpm policies
  unconfined in the targeted policy so no special
  modules.conf is required.
- Add experimental MCS support.
- Add appconfig for MLS.
- Add equivalents for old can_resolve(), can_ldap(), and
  can_portmap() to sysnetwork.
- Fix base module compile issues.
- Added policies:
	cpucontrol
	cvs
	ktalk
	portmap
	postgresql
	rlogin
	samba
	snmp
	stunnel
	telnet
	tftp
	uucp
	vpn
	zebra

* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
- Fix errors uncovered by sediff.
- Doc tool will explicitly say a module does not have interfaces
  or templates on the module page.
- Added policies:
	comsat
	dbus
	dhcp
	dictd
	hal
	inn
	ntp
	squid

* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
- Add Makefile support for building loadable modules.
- Add genclassperms.py tool to add require blocks
  for loadable modules.
- Change sedoctool to make required modules part of base
  by default, otherwise make as modules, in modules.conf.
- Fix segenxml to handle modules with no interfaces.
- Rename ipsec connect interface for consistency.
- Add missing parts of unix stream socket connect interface
  of ipsec.
- Rename inetd connect interface for consistency.
- Rename interface for purging contents of tmp, for clarity,
  since it allows deletion of classes other than file.
- Misc. cleanups.
- Added policies:
	acct
	bind
	firstboot
	gpm
	howl
	ldap
	loadkeys
	mysql
	privoxy
	quota
	rshd
	rsync
	su
	sudo
	tcpd
	tmpreaper
	updfstab

* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
- Fix comparison bug in fc_sort.
- Fix handling of ordered and unordered HTML lists.
- Corenetwork now supports multiple network interfaces having the
  same type.
- Doc tool now creates pages for global Booleans and global tunables.
- Doc tool now links directly to the interface/template in the
  module page when it is selected in the interface/template index.
- Added support for layer summaries.
- Added policies:
	ipsec
	nscd
	pcmcia
	raid

* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
- Changed xml to have modules encapsulated by layer tags, rather
  than putting layer="foo" in the module tags.  Also in the future
  we can put a summary and description for each layer.
- Added tool to infer interface, module, and layer tags.  This will
  now list all interfaces, even if they are missing xml docs.
- Shortened xml tag names.
- Added macros to declare interfaces and templates.
- Added interface call trace.
- Updated all xml documentation for shorter and inferred tags.
- Doc tool now displays templates in the web pages.
- Doc tool retains the user's settings in modules.conf and
  tunables.conf if the files already exist.
- Modules.conf behavior has been changed to be a list of all
  available modules, and the user can specify if the module is
  built as a loadable module, included in the monolithic policy,
  or excluded.
- Added policies:
	fstools (fsck, mkfs, swapon, etc. tools)
	logrotate
	inetd
	kerberos
	nis (ypbind and ypserv)
	ssh (server, client, and agent)
	unconfined
- Added infrastructure for targeted policy support, only missing
	transition boolean support.

* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
	- Initial release
Commit	Line	Data
	1	- Added modules:
	2	sysstat
	3
	4	* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
	5	- Add unlabeled IPSEC association rule to domains with
	6	networking permissions.
	7	- Merge systemuser back in to users, as these files
	8	do not need to be split.
	9	- Add check for duplicate interface/template definitions.
	10	- Move domain, files, and corecommands modules to kernel
	11	layer to resolve some layering inconsistencies.
	12	- Move policy build options out of Makefile into build.conf.
	13	- Add yppasswd to nis module.
	14	- Change optional_policy() to refer to the module name
	15	rather than modulename.te.
	16	- Fix labeling targets to use installed file_contexts rather
	17	than partial file_contexts in the policy source directory.
	18	- Fix build process to use make's internal vpath functions
	19	to detect modules rather than using subshells and find.
	20	- Add install target for modular policy.
	21	- Add load target for modular policy.
	22	- Add appconfig dependency to the load target.
	23	- Miscellaneous fixes from Dan Walsh.
	24	- Fix corenetwork gen_context()'s to expand during the policy
	25	build phase instead of during the generation phase.
	26	- Added policies:
	27	amanda
	28	avahi
	29	canna
	30	cyrus
	31	dbskk
	32	dovecot
	33	distcc
	34	i18n_input
	35	irqbalance
	36	lpd
	37	networkmanager
	38	pegasus
	39	postfix
	40	procmail
	41	radius
	42	rdisc
	43	rpc
	44	spamassassin
	45	timidity
	46	xdm
	47	xfs
	48
	49	* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
	50	- Many fixes to make loadable modules build.
	51	- Add targets for sechecker.
	52	- Updated to sedoctool to read bool files and tunable
	53	files separately.
	54	- Changed the xml tag of <boolean> to <bool> to be consistent
	55	with gen_bool().
	56	- Modified the implementation of segenxml to use regular
	57	expressions.
	58	- Rename context_template() to gen_context() to clarify
	59	that its not a Reference Policy template, but a support
	60	macro.
	61	- Add disable_*_trans bool support for targeted policy.
	62	- Add MLS module to handle MLS constraint exceptions,
	63	such as reading up and writing down.
	64	- Fix errors uncovered by sediff.
	65	- Added policies:
	66	anaconda
	67	apache
	68	apm
	69	arpwatch
	70	bluetooth
	71	dmidecode
	72	finger
	73	ftp
	74	kudzu
	75	mailman
	76	ppp
	77	radvd
	78	sasl
	79	webalizer
	80
	81	* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
	82	- Make logrotate, sendmail, sshd, and rpm policies
	83	unconfined in the targeted policy so no special
	84	modules.conf is required.
	85	- Add experimental MCS support.
	86	- Add appconfig for MLS.
	87	- Add equivalents for old can_resolve(), can_ldap(), and
	88	can_portmap() to sysnetwork.
	89	- Fix base module compile issues.
	90	- Added policies:
	91	cpucontrol
	92	cvs
	93	ktalk
	94	portmap
	95	postgresql
	96	rlogin
	97	samba
	98	snmp
	99	stunnel
	100	telnet
	101	tftp
	102	uucp
	103	vpn
	104	zebra
	105
	106	* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
	107	- Fix errors uncovered by sediff.
	108	- Doc tool will explicitly say a module does not have interfaces
	109	or templates on the module page.
	110	- Added policies:
	111	comsat
	112	dbus
	113	dhcp
	114	dictd
	115	hal
	116	inn
	117	ntp
	118	squid
	119
	120	* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
	121	- Add Makefile support for building loadable modules.
	122	- Add genclassperms.py tool to add require blocks
	123	for loadable modules.
	124	- Change sedoctool to make required modules part of base
	125	by default, otherwise make as modules, in modules.conf.
	126	- Fix segenxml to handle modules with no interfaces.
	127	- Rename ipsec connect interface for consistency.
	128	- Add missing parts of unix stream socket connect interface
	129	of ipsec.
	130	- Rename inetd connect interface for consistency.
	131	- Rename interface for purging contents of tmp, for clarity,
	132	since it allows deletion of classes other than file.
	133	- Misc. cleanups.
	134	- Added policies:
	135	acct
	136	bind
	137	firstboot
	138	gpm
	139	howl
	140	ldap
	141	loadkeys
	142	mysql
	143	privoxy
	144	quota
	145	rshd
	146	rsync
	147	su
	148	sudo
	149	tcpd
	150	tmpreaper
	151	updfstab
	152
	153	* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
	154	- Fix comparison bug in fc_sort.
	155	- Fix handling of ordered and unordered HTML lists.
	156	- Corenetwork now supports multiple network interfaces having the
	157	same type.
	158	- Doc tool now creates pages for global Booleans and global tunables.
	159	- Doc tool now links directly to the interface/template in the
	160	module page when it is selected in the interface/template index.
	161	- Added support for layer summaries.
	162	- Added policies:
	163	ipsec
	164	nscd
	165	pcmcia
	166	raid
	167
	168	* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
	169	- Changed xml to have modules encapsulated by layer tags, rather
	170	than putting layer="foo" in the module tags. Also in the future
	171	we can put a summary and description for each layer.
	172	- Added tool to infer interface, module, and layer tags. This will
	173	now list all interfaces, even if they are missing xml docs.
	174	- Shortened xml tag names.
	175	- Added macros to declare interfaces and templates.
	176	- Added interface call trace.
	177	- Updated all xml documentation for shorter and inferred tags.
	178	- Doc tool now displays templates in the web pages.
	179	- Doc tool retains the user's settings in modules.conf and
	180	tunables.conf if the files already exist.
	181	- Modules.conf behavior has been changed to be a list of all
	182	available modules, and the user can specify if the module is
	183	built as a loadable module, included in the monolithic policy,
	184	or excluded.
	185	- Added policies:
	186	fstools (fsck, mkfs, swapon, etc. tools)
	187	logrotate
	188	inetd
	189	kerberos
	190	nis (ypbind and ypserv)
	191	ssh (server, client, and agent)
	192	unconfined
	193	- Added infrastructure for targeted policy support, only missing
	194	transition boolean support.
	195
	196	* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
	197	- Initial release