+* Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
+- Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
+ libraries module.
+- Unified labeled networking policy from Paul Moore.
+- Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
+- Xen updates from Dan Walsh.
+- Filesystem updates from Dan Walsh.
+- Large samba update from Dan Walsh.
+- Drop snmpd_etc_t.
+- Confine sendmail and logrotate on targeted.
+- Tunable connection to postgresql for users from KaiGai Kohei.
+- Memprotect support patch from Stephen Smalley.
+- Add logging_send_audit_msgs() interface and deprecate
+ send_audit_msgs_pattern().
+- Openct updates patch from Dan Walsh.
+- Merge restorecon into setfiles.
+- Patch to begin separating out hald helper programs from Dan Walsh.
+- Fixes for squid, dovecot, and snmp from Dan Walsh.
+- Miscellaneous consolekit fixes from Dan Walsh.
+- Patch to have avahi use the nsswitch interface rather than individual
+ permissions from Dan Walsh.
+- Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
+- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
+ to handle usage from userhelper from Dan Walsh.
+- Patch to allow amavis to read spamassassin libraries from Dan Walsh.
+- Patch to allow slocate to getattr other filesystems and directories on those
+ filesystems from Dan Walsh.
+- Fixes for RHEL4 from the CLIP project.
+- Replace the old lrrd fc entries with munin ones.
+- Move program admin template usage out of userdom_admin_user_template() to
+ sysadm policy in userdomain.te to fix usage of the template for third
+ parties.
+- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
+ template instead of an interface.
+- Added modules:
+ amtu (Dan Walsh)
+ apcupsd (Dan Walsh)
+ rpcbind (Dan Walsh)
+ rwho (Nalin Dahyabhai)
+
+* Tue Apr 17 2007 Chris PeBenito <selinux@tresys.com> - 20070417
+- Patch for sasl's use of kerberos from Dan Walsh.
+- Patches to confine ldconfig, udev, and insmod in the targeted policy from Dan Walsh.
+- Man page updates from Dan Walsh.
+- Two patches from Paul Moore to for ipsec to remove redundant rules and
+ have setkey read the config file.
+- Move booleans and tunables to modules when it is only used in a single
+ module.
+- Add support for tunables and booleans local to a module.
+- Merge sbin_t and ls_exec_t into bin_t.
+- Remove disable_trans booleans.
+- Output different header sets for kernel and userland from flask headers.
+- Marked the pax class as deprecated, changed it to userland so
+ it will be removed from the kernel.
+- Stop including netfilter contexts by default.
+- Add dontaudits for init fds and console to init_daemon_domain().
+- Patch to allow gpg to create user keys dir.
+- Patch to support kvmfs from Dan Walsh.
+- Patch for misc fixes in sudo from Dan Walsh.
+- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
+- Patch for handling restart of nscd when ran from useradd, groupadd, and
+ admin passwd, from Dan Walsh.
+- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
+- Patch for setroubleshoot for validating file contexts from Dan Walsh.
+- Patch for gssd fixes from Dan Walsh.
+- Patch for lvm fixes from Dan Walsh.
+- Patch for ricci fixes from Dan Walsh.
+- Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
+- Patch for kerberized telnet fixes from Dan Walsh.
+- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
+- Patch for an additional wine executable from Dan Walsh.
+- Eight patches for file contexts in games, wine, networkmanager, miscfiles,
+ corecommands, devices, and java from Dan Walsh.
+- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
+- Patch for misc fixes to bluetooth from Dan Walsh.
+- Patch for misc fixes to kerberos from Dan Walsh.
+- Patch to start deprecating usercanread attribute from Ryan Bradetich.
+- Add dccp_socket object class which was added in kernel 2.6.20.
+- Patch for prelink relabefrom it's temp files from Dan Walsh.
+- Patch for capability fix for auditd and networking fix for syslogd from
+ Dan Walsh.
+- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
+- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
+- Patch to allow apmd to telinit from Dan Walsh.
+- Patch for additional labeling of samba files from Stefan Schulze
+ Frielinghaus.
+- Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
+- Fix ptys and ttys to be device nodes.
+- Fix explicit use of httpd_t in openca_domtrans().
+- Clean up file context regexes in apache and java, from Eamon Walsh.
+- Patches from Dan Walsh:
+ Thu, 25 Jan 2007
+- Added modules:
+ consolekit (Dan Walsh)
+ fail2ban (Dan Walsh)
+ zabbix (Dan Walsh)
+
+* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
+- Add policy patterns support macros. This changes the behavior of
+ the create_dir_perms and create_file_perms permission sets.
+- Association polmatch MLS constraint making unlabeled_t an exception
+ is no longer needed, patch from Venkat Yekkirala.
+- Context contains checking for PAM and cron from James Antill.
+- Add a reload target to Modules.devel and change the load
+ target to only insert modules that were changed.
+- Allow semanage to read from /root on strict non-MLS for
+ local policy modules.
+- Gentoo init script fixes for udev.
+- Allow udev to read kernel modules.inputmap.
+- Dnsmasq fixes from testing.
+- Allow kernel NFS server to getattr filesystems so df can work
+ on clients.
+- Patch from Matt Anderson for a MLS constraint exemption on a
+ file that can be written to from a subject whose range is
+ within the object's range.
+- Enhanced setransd support from Darrel Goeddel.
+- Patches from Dan Walsh:
+ Tue, 24 Oct 2006
+ Wed, 29 Nov 2006
+- Added modules:
+ aide (Matt Anderson)
+ ccs (Dan Walsh)
+ iscsi (Dan Walsh)
+ ricci (Dan Walsh)
+
+* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
+- Patch from Russell Coker Thu, 5 Oct 2006
+- Move range transitions to modules.
+- Make number of MLS sensitivities, and number of MLS and MCS
+ categories configurable as build options.
- Add role infrastructure.
- Debian updates from Erich Schubert.
- Add nscd_socket_use() to auth_use_nsswitch().
Thu, 31 Aug 2006
Fri, 01 Sep 2006
Tue, 05 Sep 2006
+ Wed, 20 Sep 2006
+ Fri, 22 Sep 2006
+ Mon, 25 Sep 2006
- Added modules:
afs
amavis (Erich Schubert)
games
gatekeeper
gift
+ gnome (James Carter)
imaze
ircd
jabber
munin
nagios
nessus
+ netlabel (Paul Moore)
nsd
ntop
nx
oav
+ oddjob (Dan Walsh)
openca
openvpn (Petre Rodan)
perdition
projects / people / stevee / selinux-policy.git / blobdiff