[people/stevee/selinux-policy.git] / refpolicy / Changelog

- Add targets for sechecker.
- Updated to sedoctool to read bool files and tunable
  files separately.
- Changed the xml tag of <boolean> to <bool> to be consistent
  with gen_bool().
- Modified the implementation of segenxml to use regular
  expressions.
- Rename context_template() to gen_context() to clarify
  that its not a Reference Policy template, but a support
  macro.
- Add disable_*_trans bool support for targeted policy.
- Add MLS module to handle MLS constraint exceptions,
  such as reading up and writing down.
- Fix errors uncovered by sediff.
- Added policies:
	anaconda
	apache
	apm
	arpwatch
	bluetooth
	dmidecode
	finger
	ftp
	kudzu
	mailman
	ppp
	radvd
	sasl
	webalizer

* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
- Make logrotate, sendmail, sshd, and rpm policies
  unconfined in the targeted policy so no special
  modules.conf is required.
- Add experimental MCS support.
- Add appconfig for MLS.
- Add equivalents for old can_resolve(), can_ldap(), and
  can_portmap() to sysnetwork.
- Fix base module compile issues.
- Added policies:
	cpucontrol
	cvs
	ktalk
	portmap
	postgresql
	rlogin
	samba
	snmp
	stunnel
	telnet
	tftp
	uucp
	vpn
	zebra

* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
- Fix errors uncovered by sediff.
- Doc tool will explicitly say a module does not have interfaces
  or templates on the module page.
- Added policies:
	comsat
	dbus
	dhcp
	dictd
	hal
	inn
	ntp
	squid

* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
- Add Makefile support for building loadable modules.
- Add genclassperms.py tool to add require blocks
  for loadable modules.
- Change sedoctool to make required modules part of base
  by default, otherwise make as modules, in modules.conf.
- Fix segenxml to handle modules with no interfaces.
- Rename ipsec connect interface for consistency.
- Add missing parts of unix stream socket connect interface
  of ipsec.
- Rename inetd connect interface for consistency.
- Rename interface for purging contents of tmp, for clarity,
  since it allows deletion of classes other than file.
- Misc. cleanups.
- Added policies:
	acct
	bind
	firstboot
	gpm
	howl
	ldap
	loadkeys
	mysql
	privoxy
	quota
	rshd
	rsync
	su
	sudo
	tcpd
	tmpreaper
	updfstab

* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
- Fix comparison bug in fc_sort.
- Fix handling of ordered and unordered HTML lists.
- Corenetwork now supports multiple network interfaces having the
  same type.
- Doc tool now creates pages for global Booleans and global tunables.
- Doc tool now links directly to the interface/template in the
  module page when it is selected in the interface/template index.
- Added support for layer summaries.
- Added policies:
	ipsec
	nscd
	pcmcia
	raid

* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
- Changed xml to have modules encapsulated by layer tags, rather
  than putting layer="foo" in the module tags.  Also in the future
  we can put a summary and description for each layer.
- Added tool to infer interface, module, and layer tags.  This will
  now list all interfaces, even if they are missing xml docs.
- Shortened xml tag names.
- Added macros to declare interfaces and templates.
- Added interface call trace.
- Updated all xml documentation for shorter and inferred tags.
- Doc tool now displays templates in the web pages.
- Doc tool retains the user's settings in modules.conf and
  tunables.conf if the files already exist.
- Modules.conf behavior has been changed to be a list of all
  available modules, and the user can specify if the module is
  built as a loadable module, included in the monolithic policy,
  or excluded.
- Added policies:
	fstools (fsck, mkfs, swapon, etc. tools)
	logrotate
	inetd
	kerberos
	nis (ypbind and ypserv)
	ssh (server, client, and agent)
	unconfined
- Added infrastructure for targeted policy support, only missing
	transition boolean support.

* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
	- Initial release
Commit	Line	Data
8df65f13	1	- Add targets for sechecker.
4f9f30c8 CP	2	- Updated to sedoctool to read bool files and tunable
	3	files separately.
	4	- Changed the xml tag of <boolean> to <bool> to be consistent
	5	with gen_bool().
	6	- Modified the implementation of segenxml to use regular
	7	expressions.
e02c61cf CP	8	- Rename context_template() to gen_context() to clarify
	9	that its not a Reference Policy template, but a support
	10	macro.
b03f960e	11	- Add disable_*_trans bool support for targeted policy.
f0574fa9 CP	12	- Add MLS module to handle MLS constraint exceptions,
f0574fa9 CP	13	such as reading up and writing down.
681c9a02	14	- Fix errors uncovered by sediff.
84285926	15	- Added policies:
9edc2895	16	anaconda
e749cd12	17	apache
4483ee84 CP	18	apm
4483ee84 CP	19	arpwatch
d4dca585	20	bluetooth
20e306e2	21	dmidecode
d4dca585	22	finger
fc6524d7	23	ftp
84285926	24	kudzu
799a0b43	25	mailman
e08118a5	26	ppp
fa67570d	27	radvd
f33561f5 CP	28	sasl
f33561f5 CP	29	webalizer
681c9a02	30
48558667	31	* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
142e9f40 CP	32	- Make logrotate, sendmail, sshd, and rpm policies
	33	unconfined in the targeted policy so no special
	34	modules.conf is required.
a0824843	35	- Add experimental MCS support.
c0e4fe2c	36	- Add appconfig for MLS.
98a8ead4 CP	37	- Add equivalents for old can_resolve(), can_ldap(), and
98a8ead4 CP	38	can_portmap() to sysnetwork.
082dcd9e	39	- Fix base module compile issues.
d17b4d23	40	- Added policies:
9210553e	41	cpucontrol
93070cba	42	cvs
d17b4d23	43	ktalk
eb3cb682	44	portmap
a1fcff33	45	postgresql
4fd5201a	46	rlogin
84c92239	47	samba
ccc59782	48	snmp
200f453f	49	stunnel
4fd5201a	50	telnet
40adb57f	51	tftp
f7ba4a89	52	uucp
a1fcff33	53	vpn
9ff30033	54	zebra
d17b4d23	55
541b7d57	56	* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
ce1b44aa	57	- Fix errors uncovered by sediff.
a19e3464 CP	58	- Doc tool will explicitly say a module does not have interfaces
a19e3464 CP	59	or templates on the module page.
6e61566d CP	60	- Added policies:
6e61566d CP	61	comsat
0c3d1705	62	dbus
f344c0f3	63	dhcp
ac0483ae	64	dictd
fdae8e75	65	hal
8d935234	66	inn
b11a75a5	67	ntp
0f707d52	68	squid
a19e3464	69
37aa3ff2	70	* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
e28aa682 CP	71	- Add Makefile support for building loadable modules.
	72	- Add genclassperms.py tool to add require blocks
	73	for loadable modules.
	74	- Change sedoctool to make required modules part of base
	75	by default, otherwise make as modules, in modules.conf.
	76	- Fix segenxml to handle modules with no interfaces.
	77	- Rename ipsec connect interface for consistency.
	78	- Add missing parts of unix stream socket connect interface
	79	of ipsec.
	80	- Rename inetd connect interface for consistency.
	81	- Rename interface for purging contents of tmp, for clarity,
	82	since it allows deletion of classes other than file.
	83	- Misc. cleanups.
	84	- Added policies:
	85	acct
	86	bind
	87	firstboot
	88	gpm
	89	howl
	90	ldap
	91	loadkeys
	92	mysql
	93	privoxy
	94	quota
	95	rshd
	96	rsync
	97	su
	98	sudo
	99	tcpd
	100	tmpreaper
	101	updfstab
81343a6f	102
e28aa682 CP	103	* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
	104	- Fix comparison bug in fc_sort.
	105	- Fix handling of ordered and unordered HTML lists.
	106	- Corenetwork now supports multiple network interfaces having the
	107	same type.
	108	- Doc tool now creates pages for global Booleans and global tunables.
	109	- Doc tool now links directly to the interface/template in the
	110	module page when it is selected in the interface/template index.
	111	- Added support for layer summaries.
	112	- Added policies:
	113	ipsec
	114	nscd
	115	pcmcia
	116	raid
acb668ed	117
e28aa682 CP	118	* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
	119	- Changed xml to have modules encapsulated by layer tags, rather
	120	than putting layer="foo" in the module tags. Also in the future
	121	we can put a summary and description for each layer.
	122	- Added tool to infer interface, module, and layer tags. This will
	123	now list all interfaces, even if they are missing xml docs.
	124	- Shortened xml tag names.
	125	- Added macros to declare interfaces and templates.
	126	- Added interface call trace.
	127	- Updated all xml documentation for shorter and inferred tags.
	128	- Doc tool now displays templates in the web pages.
	129	- Doc tool retains the user's settings in modules.conf and
	130	tunables.conf if the files already exist.
	131	- Modules.conf behavior has been changed to be a list of all
	132	available modules, and the user can specify if the module is
	133	built as a loadable module, included in the monolithic policy,
	134	or excluded.
	135	- Added policies:
	136	fstools (fsck, mkfs, swapon, etc. tools)
	137	logrotate
	138	inetd
	139	kerberos
	140	nis (ypbind and ypserv)
	141	ssh (server, client, and agent)
	142	unconfined
	143	- Added infrastructure for targeted policy support, only missing
	144	transition boolean support.
dfa83e92	145
e28aa682 CP	146	* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
e28aa682 CP	147	- Initial release