trunk: udev update and brctl module from dan.

[people/stevee/selinux-policy.git] / Changelog

- Update MLS constraints from LSPP evaluated policy.
- Allow initrc_t file descriptors to be inherited regardless of MLS level.
  Accordingly drop MLS permissions from daemons that inherit from any level.
- Files and radvd updates from Stefan Schulze Frielinghaus.
- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
  mls_write_all_levels() and mls_read_all_levels(), for consistency.
- Add make kernel and init ranged interfaces pass the range transition MLS
  constraints.  Also remove calls to mls_rangetrans_target() in modules that use
  the kernel and init interfaces, since its redundant.
- Add interfaces for all MLS attributes except X object classes.
- Require all sensitivities and categories for MLS and MCS policies, not just
  the low and high sensitivity and category.
- Database userspace object manager classes from KaiGai Kohei.
- Add third-party interface for Apache CGI.
- Add getserv and shmemserv nscd permissions.
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
- Added modules:
        application
        brctl (Dan Walsh)

* Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
- Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
  libraries module.
- Unified labeled networking policy from Paul Moore.
- Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
- Xen updates from Dan Walsh.
- Filesystem updates from Dan Walsh.
- Large samba update from Dan Walsh.
- Drop snmpd_etc_t.
- Confine sendmail and logrotate on targeted.
- Tunable connection to postgresql for users from KaiGai Kohei.
- Memprotect support patch from Stephen Smalley.
- Add logging_send_audit_msgs() interface and deprecate
  send_audit_msgs_pattern().
- Openct updates patch from Dan Walsh.
- Merge restorecon into setfiles.
- Patch to begin separating out hald helper programs from Dan Walsh.
- Fixes for squid, dovecot, and snmp from Dan Walsh.
- Miscellaneous consolekit fixes from Dan Walsh.
- Patch to have avahi use the nsswitch interface rather than individual
  permissions from Dan Walsh.
- Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
  to handle usage from userhelper from Dan Walsh.
- Patch to allow amavis to read spamassassin libraries from Dan Walsh.
- Patch to allow slocate to getattr other filesystems and directories on those
  filesystems from Dan Walsh.
- Fixes for RHEL4 from the CLIP project.
- Replace the old lrrd fc entries with munin ones.
- Move program admin template usage out of userdom_admin_user_template() to
  sysadm policy in userdomain.te to fix usage of the template for third
  parties.
- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
  template instead of an interface.
- Added modules:
        amtu (Dan Walsh)
        apcupsd (Dan Walsh)
        rpcbind (Dan Walsh)
        rwho (Nalin Dahyabhai)

* Tue Apr 17 2007 Chris PeBenito <selinux@tresys.com> - 20070417
- Patch for sasl's use of kerberos from Dan Walsh.
- Patches to confine ldconfig, udev, and insmod in the targeted policy from Dan Walsh.
- Man page updates from Dan Walsh.
- Two patches from Paul Moore to for ipsec to remove redundant rules and
  have setkey read the config file.
- Move booleans and tunables to modules when it is only used in a single
  module.
- Add support for tunables and booleans local to a module.
- Merge sbin_t and ls_exec_t into bin_t.
- Remove disable_trans booleans.
- Output different header sets for kernel and userland from flask headers.
- Marked the pax class as deprecated, changed it to userland so
  it will be removed from the kernel.
- Stop including netfilter contexts by default.
- Add dontaudits for init fds and console to init_daemon_domain().
- Patch to allow gpg to create user keys dir.
- Patch to support kvmfs from Dan Walsh.
- Patch for misc fixes in sudo from Dan Walsh.
- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
- Patch for handling restart of nscd when ran from useradd, groupadd, and
  admin passwd, from Dan Walsh.
- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
- Patch for setroubleshoot for validating file contexts from Dan Walsh.
- Patch for gssd fixes from Dan Walsh.
- Patch for lvm fixes from Dan Walsh.
- Patch for ricci fixes from Dan Walsh.
- Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
- Patch for kerberized telnet fixes from Dan Walsh.
- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
- Patch for an additional wine executable from Dan Walsh.
- Eight patches for file contexts in games, wine, networkmanager, miscfiles,
  corecommands, devices, and java from Dan Walsh.
- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
- Patch for misc fixes to bluetooth from Dan Walsh.
- Patch for misc fixes to kerberos from Dan Walsh.
- Patch to start deprecating usercanread attribute from Ryan Bradetich.
- Add dccp_socket object class which was added in kernel 2.6.20.
- Patch for prelink relabefrom it's temp files from Dan Walsh.
- Patch for capability fix for auditd and networking fix for syslogd from
  Dan Walsh.
- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
- Patch to allow apmd to telinit from Dan Walsh.
- Patch for additional labeling of samba files from Stefan Schulze
  Frielinghaus.
- Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
- Fix ptys and ttys to be device nodes.
- Fix explicit use of httpd_t in openca_domtrans().
- Clean up file context regexes in apache and java, from Eamon Walsh.
- Patches from Dan Walsh:
        Thu, 25 Jan 2007
- Added modules:
        consolekit (Dan Walsh)
        fail2ban (Dan Walsh)
        zabbix (Dan Walsh)

* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
- Add policy patterns support macros.  This changes the behavior of
  the create_dir_perms and create_file_perms permission sets.
- Association polmatch MLS constraint making unlabeled_t an exception
  is no longer needed, patch from Venkat Yekkirala.
- Context contains checking for PAM and cron from James Antill.
- Add a reload target to Modules.devel and change the load
  target to only insert modules that were changed.
- Allow semanage to read from /root on strict non-MLS for
  local policy modules.
- Gentoo init script fixes for udev.
- Allow udev to read kernel modules.inputmap.
- Dnsmasq fixes from testing.
- Allow kernel NFS server to getattr filesystems so df can work
  on clients.
- Patch from Matt Anderson for a MLS constraint exemption on a
  file that can be written to from a subject whose range is
  within the object's range.
- Enhanced setransd support from Darrel Goeddel.
- Patches from Dan Walsh:
        Tue, 24 Oct 2006
        Wed, 29 Nov 2006
- Added modules:
        aide (Matt Anderson)
        ccs (Dan Walsh)
        iscsi (Dan Walsh)
        ricci (Dan Walsh)

* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
- Patch from Russell Coker Thu, 5 Oct 2006
- Move range transitions to modules.
- Make number of MLS sensitivities, and number of MLS and MCS
  categories configurable as build options.
- Add role infrastructure.
- Debian updates from Erich Schubert.
- Add nscd_socket_use() to auth_use_nsswitch().
- Remove old selopt rules.
- Full support for netfilter_contexts.
- MRTG patch for daemon operation from Stefan.
- Add authlogin interface to abstract common access for login programs.
- Remove setbool auditallow, except for RHEL4.
- Change eventpollfs to task SID labeling.
- Add key support from Michael LeMay.
- Add ftpdctl domain to ftp, from Paul Howarth.
- Fix build system to not move type declarations out of optionals.
- Add gcc-config domain to portage.
- Add packet object class and support in corenetwork.
- Add a copy of genhomedircon for monolithic policy building, so that a
  policycoreutils package update is not required for RHEL4 systems.
- Add appletalk sockets for use in cups.
- Add Make target to validate module linking.
- Make duplicate template and interface declarations a fatal error.
- Patch to stabilize modules.conf `make conf` output, from Erich Schubert.
- Move xconsole_device_t from devices to xserver since it is
  not actually a device, it is a named pipe.
- Handle nonexistant .fc and .if files in devel Makefile by
  automatically creating empty files.
- Remove unused devfs_control_t.
- Add rhel4 distro, which also implies redhat distro.
- Remove unneeded range_transition for su_exec_t and move the
  type declaration back to the su module.
- Constrain transitions in MCS so unconfined_t cannot have
  arbitrary category sets.
- Change reiserfs from xattr filesystem to genfscon as it's xattrs
  are currently nonfunctional.
- Change files and filesystem modules to use their own interfaces.
- Add user fonts to xserver.
- Additional interfaces in corecommands, miscfiles, and userdomain
  from Joy Latten.
- Miscellaneous fixes from Thomas Bleher.
- Deprecate module name as first parameter of optional_policy()
  now that optionals are allowed everywhere.
- Enable optional blocks in base module and monolithic policy.
  This requires checkpolicy 1.30.1.
- Fix vpn module declaration.
- Numerous fixes from Dan Walsh.
- Change build order to preserve m4 line number information so policy
  compile errors are useful again.
- Additional MLS interfaces from Chad Hanson.
- Move some rules out of domain_type() and domain_base_type()
  to the TE file, to use the domain attribute to take advantage
  of space savings from attribute use.
- Add global stack smashing protector rule for urandom access from
  Petre Rodan.
- Fix temporary rules at the bottom of portmap.
- Updated comments in mls file from Chad Hanson.
- Patches from Dan Walsh:
        Fri, 17 Mar 2006
        Wed, 29 Mar 2006
        Tue, 11 Apr 2006
        Fri, 14 Apr 2006
        Tue, 18 Apr 2006
        Thu, 20 Apr 2006
        Tue, 02 May 2006
        Mon, 15 May 2006
        Thu, 18 May 2006
        Tue, 06 Jun 2006
        Mon, 12 Jun 2006
        Tue, 20 Jun 2006
        Wed, 26 Jul 2006
        Wed, 23 Aug 2006
        Thu, 31 Aug 2006
        Fri, 01 Sep 2006
        Tue, 05 Sep 2006
        Wed, 20 Sep 2006
        Fri, 22 Sep 2006
        Mon, 25 Sep 2006
- Added modules:
        afs
        amavis (Erich Schubert)
        apt (Erich Schubert)
        asterisk
        audioentropy
        authbind
        backup
        calamaris
        cipe
        clamav (Erich Schubert)
        clockspeed (Petre Rodan)
        courier
        dante
        dcc
        ddclient
        dpkg (Erich Schubert)
        dnsmasq
        ethereal
        evolution
        games
        gatekeeper
        gift
        gnome (James Carter)
        imaze
        ircd
        jabber
        monop
        mozilla
        mplayer
        munin
        nagios
        nessus
        netlabel (Paul Moore)
        nsd
        ntop
        nx
        oav
        oddjob (Dan Walsh)
        openca
        openvpn (Petre Rodan)
        perdition
        portslave
        postgrey
        pxe
        pyzor (Dan Walsh)
        qmail (Petre Rodan)
        razor
        resmgr
        rhgb
        rssh
        snort
        soundserver
        speedtouch
        sxid
        thunderbird
        tor (Erich Schubert)
        transproxy
        tripwire
        uptime
        uwimap
        vmware
        watchdog
        xen (Dan Walsh)
        xprint
        yam

* Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
- Make all interface parameters required.
- Move boot_t, system_map_t, and modules_object_t to files module,
  and move bootloader to admin layer.
- Add semanage policy for semodule from Dan Walsh.
- Remove allow_execmem from targeted policy domain_base_type().
- Add users_extra and seusers support.
- Postfix fixes from Serge Hallyn.
- Run python and shell directly to interpret scripts so policy
  sources need not be executable.
- Add desc tag XML to booleans and tunables, and add summary
  to param XML tag, to make future translations possible.
- Remove unused lvm_vg_t.
- Many interface renames to improve naming consistency.
- Merge xdm into xserver.
- Remove kernel module reversed interfaces.
- Add filename attribute to module XML tag and lineno attribute to
  interface XML tag.
- Changed QUIET build option to a yes or no option.
- Add a Makefile used for compiling loadable modules in a
  user's development environment, building against policy headers.
- Add Make target for installing policy headers.
- Separate per-userdomain template expansion from the userdomain
  module and add infrastructure to expand templates in the modules
  that own the template.
- Enable secadm only for MLS policies.
- Remove role change rules in su and sudo since this functionality has been
  removed from these programs.
- Add ctags Make target from Thomas Bleher.
- Collapse commands with grep piped to sed into one sed command.
- Fix type_change bug in term_user_pty().
- Move ice_tmp_t from miscfiles to xserver.
- Login fixes from Serge Hallyn.
- Move xserver_log_t from xdm to xserver.
- Add lpr per-userdomain policy to lpd.
- Miscellaneous fixes from Dan Walsh.
- Change initrc_var_run_t interface noun from script_pid to utmp,
  for greater clarity.
- Added modules:
        certwatch
        mono (Dan Walsh)
        mrtg
        portage
        tvtime
        userhelper
        usernetctl
        wine (Dan Walsh)
        xserver

* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
- Adds support for generating corenetwork interfaces based on attributes 
  in addition to types.
- Permits the listing of multiple nodes in a network_node() that will be
  given the same type.
- Add two new permission sets for stream sockets.
- Rename file type transition interfaces verb from create to
  filetrans to differentiate it from create interfaces without
  type transitions.
- Fix expansion of interfaces from disabled modules.
- Rsync can be long running from init,
  added rules to allow this.
- Add polyinstantiation build option.
- Add setcontext to the association object class.
- Add apache relay and db connect tunables.
- Rename texrel_shlib_t to textrel_shlib_t.
- Add swat to samba module.
- Numerous miscellaneous fixes from Dan Walsh.
- Added modules:
        alsa
        automount
        cdrecord
        daemontools (Petre Rodan)
        ddcprobe
        djbdns (Petre Rodan)
        fetchmail
        irc
        java
        lockdev
        logwatch (Dan Walsh)
        openct
        prelink (Dan Walsh)
        publicfile (Petre Rodan)
        readahead
        roundup
        screen
        slocate (Dan Walsh)
        slrnpull
        smartmon
        sysstat
        ucspitcp (Petre Rodan)
        usbmodules
        vbetool (Dan Walsh)

* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
- Add unlabeled IPSEC association rule to domains with
  networking permissions.
- Merge systemuser back in to users, as these files
  do not need to be split.
- Add check for duplicate interface/template definitions.
- Move domain, files, and corecommands modules to kernel
  layer to resolve some layering inconsistencies.
- Move policy build options out of Makefile into build.conf.
- Add yppasswd to nis module.
- Change optional_policy() to refer to the module name
  rather than modulename.te.
- Fix labeling targets to use installed file_contexts rather
  than partial file_contexts in the policy source directory.
- Fix build process to use make's internal vpath functions
  to detect modules rather than using subshells and find.
- Add install target for modular policy.
- Add load target for modular policy.
- Add appconfig dependency to the load target.
- Miscellaneous fixes from Dan Walsh.
- Fix corenetwork gen_context()'s to expand during the policy
  build phase instead of during the generation phase.  
- Added policies:
        amanda
        avahi
        canna
        cyrus
        dbskk
        dovecot
        distcc
        i18n_input
        irqbalance
        lpd
        networkmanager
        pegasus
        postfix
        procmail
        radius
        rdisc
        rpc
        spamassassin
        timidity
        xdm
        xfs

* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
- Many fixes to make loadable modules build.
- Add targets for sechecker.
- Updated to sedoctool to read bool files and tunable
  files separately.
- Changed the xml tag of <boolean> to <bool> to be consistent
  with gen_bool().
- Modified the implementation of segenxml to use regular
  expressions.
- Rename context_template() to gen_context() to clarify
  that its not a Reference Policy template, but a support
  macro.
- Add disable_*_trans bool support for targeted policy.
- Add MLS module to handle MLS constraint exceptions,
  such as reading up and writing down.
- Fix errors uncovered by sediff.
- Added policies:
        anaconda
        apache
        apm
        arpwatch
        bluetooth
        dmidecode
        finger
        ftp
        kudzu
        mailman
        ppp
        radvd
        sasl
        webalizer

* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
- Make logrotate, sendmail, sshd, and rpm policies
  unconfined in the targeted policy so no special
  modules.conf is required.
- Add experimental MCS support.
- Add appconfig for MLS.
- Add equivalents for old can_resolve(), can_ldap(), and
  can_portmap() to sysnetwork.
- Fix base module compile issues.
- Added policies:
        cpucontrol
        cvs
        ktalk
        portmap
        postgresql
        rlogin
        samba
        snmp
        stunnel
        telnet
        tftp
        uucp
        vpn
        zebra

* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
- Fix errors uncovered by sediff.
- Doc tool will explicitly say a module does not have interfaces
  or templates on the module page.
- Added policies:
        comsat
        dbus
        dhcp
        dictd
        hal
        inn
        ntp
        squid

* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
- Add Makefile support for building loadable modules.
- Add genclassperms.py tool to add require blocks
  for loadable modules.
- Change sedoctool to make required modules part of base
  by default, otherwise make as modules, in modules.conf.
- Fix segenxml to handle modules with no interfaces.
- Rename ipsec connect interface for consistency.
- Add missing parts of unix stream socket connect interface
  of ipsec.
- Rename inetd connect interface for consistency.
- Rename interface for purging contents of tmp, for clarity,
  since it allows deletion of classes other than file.
- Misc. cleanups.
- Added policies:
        acct
        bind
        firstboot
        gpm
        howl
        ldap
        loadkeys
        mysql
        privoxy
        quota
        rshd
        rsync
        su
        sudo
        tcpd
        tmpreaper
        updfstab

* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
- Fix comparison bug in fc_sort.
- Fix handling of ordered and unordered HTML lists.
- Corenetwork now supports multiple network interfaces having the
  same type.
- Doc tool now creates pages for global Booleans and global tunables.
- Doc tool now links directly to the interface/template in the
  module page when it is selected in the interface/template index.
- Added support for layer summaries.
- Added policies:
        ipsec
        nscd
        pcmcia
        raid

* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
- Changed xml to have modules encapsulated by layer tags, rather
  than putting layer="foo" in the module tags.  Also in the future
  we can put a summary and description for each layer.
- Added tool to infer interface, module, and layer tags.  This will
  now list all interfaces, even if they are missing xml docs.
- Shortened xml tag names.
- Added macros to declare interfaces and templates.
- Added interface call trace.
- Updated all xml documentation for shorter and inferred tags.
- Doc tool now displays templates in the web pages.
- Doc tool retains the user's settings in modules.conf and
  tunables.conf if the files already exist.
- Modules.conf behavior has been changed to be a list of all
  available modules, and the user can specify if the module is
  built as a loadable module, included in the monolithic policy,
  or excluded.
- Added policies:
        fstools (fsck, mkfs, swapon, etc. tools)
        logrotate
        inetd
        kerberos
        nis (ypbind and ypserv)
        ssh (server, client, and agent)
        unconfined
- Added infrastructure for targeted policy support, only missing
        transition boolean support.

* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
        - Initial release