1 - Update MLS constraints from LSPP evaluated policy.
2 - Allow initrc_t file descriptors to be inherited regardless of MLS level.
3 Accordingly drop MLS permissions from daemons that inherit from any level.
4 - Files and radvd updates from Stefan Schulze Frielinghaus.
5 - Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
6 mls_write_all_levels() and mls_read_all_levels(), for consistency.
7 - Add make kernel and init ranged interfaces pass the range transition MLS
8 constraints. Also remove calls to mls_rangetrans_target() in modules that use
9 the kernel and init interfaces, since its redundant.
10 - Add interfaces for all MLS attributes except X object classes.
11 - Require all sensitivities and categories for MLS and MCS policies, not just
12 the low and high sensitivity and category.
13 - Database userspace object manager classes from KaiGai Kohei.
14 - Add third-party interface for Apache CGI.
15 - Add getserv and shmemserv nscd permissions.
16 - Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
21 * Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
22 - Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
24 - Unified labeled networking policy from Paul Moore.
25 - Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
26 - Xen updates from Dan Walsh.
27 - Filesystem updates from Dan Walsh.
28 - Large samba update from Dan Walsh.
30 - Confine sendmail and logrotate on targeted.
31 - Tunable connection to postgresql for users from KaiGai Kohei.
32 - Memprotect support patch from Stephen Smalley.
33 - Add logging_send_audit_msgs() interface and deprecate
34 send_audit_msgs_pattern().
35 - Openct updates patch from Dan Walsh.
36 - Merge restorecon into setfiles.
37 - Patch to begin separating out hald helper programs from Dan Walsh.
38 - Fixes for squid, dovecot, and snmp from Dan Walsh.
39 - Miscellaneous consolekit fixes from Dan Walsh.
40 - Patch to have avahi use the nsswitch interface rather than individual
41 permissions from Dan Walsh.
42 - Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
43 - Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
44 to handle usage from userhelper from Dan Walsh.
45 - Patch to allow amavis to read spamassassin libraries from Dan Walsh.
46 - Patch to allow slocate to getattr other filesystems and directories on those
47 filesystems from Dan Walsh.
48 - Fixes for RHEL4 from the CLIP project.
49 - Replace the old lrrd fc entries with munin ones.
50 - Move program admin template usage out of userdom_admin_user_template() to
51 sysadm policy in userdomain.te to fix usage of the template for third
53 - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
54 template instead of an interface.
59 rwho (Nalin Dahyabhai)
61 * Tue Apr 17 2007 Chris PeBenito <selinux@tresys.com> - 20070417
62 - Patch for sasl's use of kerberos from Dan Walsh.
63 - Patches to confine ldconfig, udev, and insmod in the targeted policy from Dan Walsh.
64 - Man page updates from Dan Walsh.
65 - Two patches from Paul Moore to for ipsec to remove redundant rules and
66 have setkey read the config file.
67 - Move booleans and tunables to modules when it is only used in a single
69 - Add support for tunables and booleans local to a module.
70 - Merge sbin_t and ls_exec_t into bin_t.
71 - Remove disable_trans booleans.
72 - Output different header sets for kernel and userland from flask headers.
73 - Marked the pax class as deprecated, changed it to userland so
74 it will be removed from the kernel.
75 - Stop including netfilter contexts by default.
76 - Add dontaudits for init fds and console to init_daemon_domain().
77 - Patch to allow gpg to create user keys dir.
78 - Patch to support kvmfs from Dan Walsh.
79 - Patch for misc fixes in sudo from Dan Walsh.
80 - Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
81 - Patch for handling restart of nscd when ran from useradd, groupadd, and
82 admin passwd, from Dan Walsh.
83 - Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
84 - Patch for setroubleshoot for validating file contexts from Dan Walsh.
85 - Patch for gssd fixes from Dan Walsh.
86 - Patch for lvm fixes from Dan Walsh.
87 - Patch for ricci fixes from Dan Walsh.
88 - Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
89 - Patch for kerberized telnet fixes from Dan Walsh.
90 - Patch for kerberized ftp and other ftp fixes from Dan Walsh.
91 - Patch for an additional wine executable from Dan Walsh.
92 - Eight patches for file contexts in games, wine, networkmanager, miscfiles,
93 corecommands, devices, and java from Dan Walsh.
94 - Add support for libselinux 2.0.5 init_selinuxmnt() changes.
95 - Patch for misc fixes to bluetooth from Dan Walsh.
96 - Patch for misc fixes to kerberos from Dan Walsh.
97 - Patch to start deprecating usercanread attribute from Ryan Bradetich.
98 - Add dccp_socket object class which was added in kernel 2.6.20.
99 - Patch for prelink relabefrom it's temp files from Dan Walsh.
100 - Patch for capability fix for auditd and networking fix for syslogd from
102 - Patch to remove redundant mls_trusted_object() call from Dan Walsh.
103 - Patch for misc fixes to nis ypxfr policy from Dan Walsh.
104 - Patch to allow apmd to telinit from Dan Walsh.
105 - Patch for additional labeling of samba files from Stefan Schulze
107 - Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
108 - Fix ptys and ttys to be device nodes.
109 - Fix explicit use of httpd_t in openca_domtrans().
110 - Clean up file context regexes in apache and java, from Eamon Walsh.
111 - Patches from Dan Walsh:
114 consolekit (Dan Walsh)
118 * Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
119 - Add policy patterns support macros. This changes the behavior of
120 the create_dir_perms and create_file_perms permission sets.
121 - Association polmatch MLS constraint making unlabeled_t an exception
122 is no longer needed, patch from Venkat Yekkirala.
123 - Context contains checking for PAM and cron from James Antill.
124 - Add a reload target to Modules.devel and change the load
125 target to only insert modules that were changed.
126 - Allow semanage to read from /root on strict non-MLS for
127 local policy modules.
128 - Gentoo init script fixes for udev.
129 - Allow udev to read kernel modules.inputmap.
130 - Dnsmasq fixes from testing.
131 - Allow kernel NFS server to getattr filesystems so df can work
133 - Patch from Matt Anderson for a MLS constraint exemption on a
134 file that can be written to from a subject whose range is
135 within the object's range.
136 - Enhanced setransd support from Darrel Goeddel.
137 - Patches from Dan Walsh:
146 * Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
147 - Patch from Russell Coker Thu, 5 Oct 2006
148 - Move range transitions to modules.
149 - Make number of MLS sensitivities, and number of MLS and MCS
150 categories configurable as build options.
151 - Add role infrastructure.
152 - Debian updates from Erich Schubert.
153 - Add nscd_socket_use() to auth_use_nsswitch().
154 - Remove old selopt rules.
155 - Full support for netfilter_contexts.
156 - MRTG patch for daemon operation from Stefan.
157 - Add authlogin interface to abstract common access for login programs.
158 - Remove setbool auditallow, except for RHEL4.
159 - Change eventpollfs to task SID labeling.
160 - Add key support from Michael LeMay.
161 - Add ftpdctl domain to ftp, from Paul Howarth.
162 - Fix build system to not move type declarations out of optionals.
163 - Add gcc-config domain to portage.
164 - Add packet object class and support in corenetwork.
165 - Add a copy of genhomedircon for monolithic policy building, so that a
166 policycoreutils package update is not required for RHEL4 systems.
167 - Add appletalk sockets for use in cups.
168 - Add Make target to validate module linking.
169 - Make duplicate template and interface declarations a fatal error.
170 - Patch to stabilize modules.conf `make conf` output, from Erich Schubert.
171 - Move xconsole_device_t from devices to xserver since it is
172 not actually a device, it is a named pipe.
173 - Handle nonexistant .fc and .if files in devel Makefile by
174 automatically creating empty files.
175 - Remove unused devfs_control_t.
176 - Add rhel4 distro, which also implies redhat distro.
177 - Remove unneeded range_transition for su_exec_t and move the
178 type declaration back to the su module.
179 - Constrain transitions in MCS so unconfined_t cannot have
180 arbitrary category sets.
181 - Change reiserfs from xattr filesystem to genfscon as it's xattrs
182 are currently nonfunctional.
183 - Change files and filesystem modules to use their own interfaces.
184 - Add user fonts to xserver.
185 - Additional interfaces in corecommands, miscfiles, and userdomain
187 - Miscellaneous fixes from Thomas Bleher.
188 - Deprecate module name as first parameter of optional_policy()
189 now that optionals are allowed everywhere.
190 - Enable optional blocks in base module and monolithic policy.
191 This requires checkpolicy 1.30.1.
192 - Fix vpn module declaration.
193 - Numerous fixes from Dan Walsh.
194 - Change build order to preserve m4 line number information so policy
195 compile errors are useful again.
196 - Additional MLS interfaces from Chad Hanson.
197 - Move some rules out of domain_type() and domain_base_type()
198 to the TE file, to use the domain attribute to take advantage
199 of space savings from attribute use.
200 - Add global stack smashing protector rule for urandom access from
202 - Fix temporary rules at the bottom of portmap.
203 - Updated comments in mls file from Chad Hanson.
204 - Patches from Dan Walsh:
227 amavis (Erich Schubert)
235 clamav (Erich Schubert)
236 clockspeed (Petre Rodan)
241 dpkg (Erich Schubert)
258 netlabel (Paul Moore)
265 openvpn (Petre Rodan)
292 * Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
293 - Make all interface parameters required.
294 - Move boot_t, system_map_t, and modules_object_t to files module,
295 and move bootloader to admin layer.
296 - Add semanage policy for semodule from Dan Walsh.
297 - Remove allow_execmem from targeted policy domain_base_type().
298 - Add users_extra and seusers support.
299 - Postfix fixes from Serge Hallyn.
300 - Run python and shell directly to interpret scripts so policy
301 sources need not be executable.
302 - Add desc tag XML to booleans and tunables, and add summary
303 to param XML tag, to make future translations possible.
304 - Remove unused lvm_vg_t.
305 - Many interface renames to improve naming consistency.
306 - Merge xdm into xserver.
307 - Remove kernel module reversed interfaces.
308 - Add filename attribute to module XML tag and lineno attribute to
310 - Changed QUIET build option to a yes or no option.
311 - Add a Makefile used for compiling loadable modules in a
312 user's development environment, building against policy headers.
313 - Add Make target for installing policy headers.
314 - Separate per-userdomain template expansion from the userdomain
315 module and add infrastructure to expand templates in the modules
316 that own the template.
317 - Enable secadm only for MLS policies.
318 - Remove role change rules in su and sudo since this functionality has been
319 removed from these programs.
320 - Add ctags Make target from Thomas Bleher.
321 - Collapse commands with grep piped to sed into one sed command.
322 - Fix type_change bug in term_user_pty().
323 - Move ice_tmp_t from miscfiles to xserver.
324 - Login fixes from Serge Hallyn.
325 - Move xserver_log_t from xdm to xserver.
326 - Add lpr per-userdomain policy to lpd.
327 - Miscellaneous fixes from Dan Walsh.
328 - Change initrc_var_run_t interface noun from script_pid to utmp,
341 * Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
342 - Adds support for generating corenetwork interfaces based on attributes
343 in addition to types.
344 - Permits the listing of multiple nodes in a network_node() that will be
346 - Add two new permission sets for stream sockets.
347 - Rename file type transition interfaces verb from create to
348 filetrans to differentiate it from create interfaces without
350 - Fix expansion of interfaces from disabled modules.
351 - Rsync can be long running from init,
352 added rules to allow this.
353 - Add polyinstantiation build option.
354 - Add setcontext to the association object class.
355 - Add apache relay and db connect tunables.
356 - Rename texrel_shlib_t to textrel_shlib_t.
357 - Add swat to samba module.
358 - Numerous miscellaneous fixes from Dan Walsh.
363 daemontools (Petre Rodan)
373 publicfile (Petre Rodan)
381 ucspitcp (Petre Rodan)
385 * Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
386 - Add unlabeled IPSEC association rule to domains with
387 networking permissions.
388 - Merge systemuser back in to users, as these files
389 do not need to be split.
390 - Add check for duplicate interface/template definitions.
391 - Move domain, files, and corecommands modules to kernel
392 layer to resolve some layering inconsistencies.
393 - Move policy build options out of Makefile into build.conf.
394 - Add yppasswd to nis module.
395 - Change optional_policy() to refer to the module name
396 rather than modulename.te.
397 - Fix labeling targets to use installed file_contexts rather
398 than partial file_contexts in the policy source directory.
399 - Fix build process to use make's internal vpath functions
400 to detect modules rather than using subshells and find.
401 - Add install target for modular policy.
402 - Add load target for modular policy.
403 - Add appconfig dependency to the load target.
404 - Miscellaneous fixes from Dan Walsh.
405 - Fix corenetwork gen_context()'s to expand during the policy
406 build phase instead of during the generation phase.
430 * Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
431 - Many fixes to make loadable modules build.
432 - Add targets for sechecker.
433 - Updated to sedoctool to read bool files and tunable
435 - Changed the xml tag of <boolean> to <bool> to be consistent
437 - Modified the implementation of segenxml to use regular
439 - Rename context_template() to gen_context() to clarify
440 that its not a Reference Policy template, but a support
442 - Add disable_*_trans bool support for targeted policy.
443 - Add MLS module to handle MLS constraint exceptions,
444 such as reading up and writing down.
445 - Fix errors uncovered by sediff.
462 * Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
463 - Make logrotate, sendmail, sshd, and rpm policies
464 unconfined in the targeted policy so no special
465 modules.conf is required.
466 - Add experimental MCS support.
467 - Add appconfig for MLS.
468 - Add equivalents for old can_resolve(), can_ldap(), and
469 can_portmap() to sysnetwork.
470 - Fix base module compile issues.
487 * Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
488 - Fix errors uncovered by sediff.
489 - Doc tool will explicitly say a module does not have interfaces
490 or templates on the module page.
501 * Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
502 - Add Makefile support for building loadable modules.
503 - Add genclassperms.py tool to add require blocks
504 for loadable modules.
505 - Change sedoctool to make required modules part of base
506 by default, otherwise make as modules, in modules.conf.
507 - Fix segenxml to handle modules with no interfaces.
508 - Rename ipsec connect interface for consistency.
509 - Add missing parts of unix stream socket connect interface
511 - Rename inetd connect interface for consistency.
512 - Rename interface for purging contents of tmp, for clarity,
513 since it allows deletion of classes other than file.
534 * Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
535 - Fix comparison bug in fc_sort.
536 - Fix handling of ordered and unordered HTML lists.
537 - Corenetwork now supports multiple network interfaces having the
539 - Doc tool now creates pages for global Booleans and global tunables.
540 - Doc tool now links directly to the interface/template in the
541 module page when it is selected in the interface/template index.
542 - Added support for layer summaries.
549 * Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
550 - Changed xml to have modules encapsulated by layer tags, rather
551 than putting layer="foo" in the module tags. Also in the future
552 we can put a summary and description for each layer.
553 - Added tool to infer interface, module, and layer tags. This will
554 now list all interfaces, even if they are missing xml docs.
555 - Shortened xml tag names.
556 - Added macros to declare interfaces and templates.
557 - Added interface call trace.
558 - Updated all xml documentation for shorter and inferred tags.
559 - Doc tool now displays templates in the web pages.
560 - Doc tool retains the user's settings in modules.conf and
561 tunables.conf if the files already exist.
562 - Modules.conf behavior has been changed to be a list of all
563 available modules, and the user can specify if the module is
564 built as a loadable module, included in the monolithic policy,
567 fstools (fsck, mkfs, swapon, etc. tools)
571 nis (ypbind and ypserv)
572 ssh (server, client, and agent)
574 - Added infrastructure for targeted policy support, only missing
575 transition boolean support.
577 * Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615