forked from SELinuxProject/selinux
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
1514 lines (1229 loc) · 55.8 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2.6-rc2 2016-10-06
* setfiles: reverse the sense of -D option, from Stephen Smalley.
* setfiles ignore restorecon_xattr in git, from Nicolas Iooss.
* sandbox: Use dbus-run-session instead of dbus-launch when available, from Laurent Bigonville.
* setfiles: Utility to find security.restorecon_last entries, from Richard Haines.
* setfiles: Add option to stop setting the digest, from Richard Haines.
* hll/pp: Change warning for module name not matching filename to match new behavior, from Petr Lautrbach.
* Remove LDFLAGS from CFLAGS, from Nicolas Iooss.
* sepolicy: convert to setools4, from Jason Zaman.
* sandbox: create a new session for sandboxed processes, from Petr Lautrbach.
* sandbox: do not try to setup directories without -X or -M, from Petr Lautrbach.
* sandbox: do not run xmodmap in a new X session, from Petr Lautrbach.
* sandbox: Use GObject introspection binding instead of pygtk2, from Petr Lautrbach and Laurent Bigonville.
* sandbox: fix file labels on copied files, from Petr Lautrbach.
* sandbox: tests - close stdout of p1, from Petr Lautrbach.
* sandbox: tests - use sandbox from cwd, from Petr Lautrbach.
* audit2allow: tests should use local copy not system, from Jason Zaman.
* audit2allow: fix audit2why import from seobject, from Jason Zaman.
* audit2allow: remove audit2why so that it gets symlinked, from Jason Zaman.
* semanage: fix man page and help message for import option, from AJ.
* semanage: fix error message for fcontext -m, from Miroslav Vadkerti.
* semanage: Fix semanage fcontext -D, from Stephen Smalley.
* semanage: Correct fcontext auditing, from Miroslav Vadkerti.
* semanage: Default serange to "s0" for port modify, from Miroslav Vadkerti.
* semanage: Use socket.getprotobyname for protocol, from Miroslav Vadkerti.
* restorecond: Modify to use selinux_restorecon, from Richard Haines.
* setfiles: Modify to use selinux_restorecon, from Richard Haines.
* semanage: fix modify action in node and interface, from Miroslav Vadkerti.
* fixfiles: Pass -n to restorecon for fixfiles check, from Petr Lautrbach.
* sepolicy: Check get_rpm_nvr_list() return value, from Vit Mojzis.
* Don't use subprocess.getstatusoutput() in Python 2 code, from Petr Lautrbach.
* semanage: Add auditing of changes in records, from Miroslav Vadkerti.
* Improve compatibility with Python 3, from Jason Zaman.
* Remove unused 'q' from semodule getopt string, from Petr Lautrbach.
* Remove unused autoconf files from po/, from Petr Lautrbach.
* Remove duplicate, empty translation files, from Piotr Drąg.
* open_init_pty: Do not error on EINTR, from Jason Zaman.
* Fix [-s STORE] typos in semanage, from Petr Lautrbach.
* Update sandbox types in sandbox manual, from Michael De La Rue.
* Fix typos in semanage manpages, from Philipp Gesang.
* Fix the documentation of -l,--list for semodule, from Petr Lautrbach.
* Minor fix in a French translation, from Laurent Bigonville.
* Fix the extract example in semodule.8, from Petr Lautrbach.
* Update sandbox.8 man page, from Petr Lautrbach.
* Remove typos from chcat --help, from Petr Lautrbach.
* Fix multiple spelling errors, from Laurent Bigonville.
* hll/pp: Warn if module name different than output filename, from James Carter
2.5 2016-02-23
* sepolicy: Do not overwrite CFLAGS, from Nicolas Iooss.
* sepolicy: Rename policy global variable conflict, from Nicolas Iooss.
* newrole: Add missing defined in #if, from Nicolas Iooss.
* newrole: Add description of missing parameter -p in newrole man page, from Lukas Vrabec.
* secon: Add missing descriptions for --*-key params in secon man page, from Lukas Vrabec
* semanage: List reserve_port_t in semanage port -l, from Petr Lautrbach.
* chcat: Add a fallback in case os.getlogin() returns nothing, from Laurent Bigonville.
* semanage: fix 'semanage permissions -l' subcommand, from Petr Lautrbach.
* semanage: replace string.join() with str.join(), from Petr Lautrbach.
* Man page warning fixes, from Ville Skyttä.
* sandbox: Fix sandbox to propagate specified MCS/MLS Security Level, from Miroslav Grepl.
* semanage: Require at least one argument for 'semanage permissive -d', from Petr Lautrbach.
* sepolicy: Improve sepolicy command line interface, from Petr Lautrbach.
* audit2allow/why: ignore setlocale errors, from Petr Lautrbach.
* semodule: Add --extract/-E, --cil/-c, and --hll/-H to extract modules, from Yuli Khodorkovskiy.
* audit2allow: Comment constraint rules in output, from Miroslav Grepl via Petr Lautrbach.
* Fix PEP8 issues, from Jason Zaman.
* semanage: fix moduleRecords deleteall method, from Stephen Smalley.
* Improve compatibility with Python 3, from Michal Srb.
* semanage: Set self.sename to sename after calling semanage_seuser_set_sename(), from Laurent Bigonville.
* semanage: Fix typo in semanage args for minimium policy store, from Petr Lautrbach.
* sepolicy: Only invoke RPM on RPM-enabled Linux distributions, from Sven Vermeulen.
* mcstransd: don't reinvent getpeercon, from Stephen Smalley.
* setfiles/restorecon: fix -r/-R option, from Petr Lautrbach.
* org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley.
* hll: Move core functions of pp to libsepol, from James Carter
* run_init: Use a ring buffer in open_init_pty, from Jason Zaman.
* run_init: fix open_init_pty availability check, from Nicolas Iooss.
* Widen Xen IOMEM context entries, from Daniel De Graaf.
* Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach.
* Fixed typo/grammatical error, from Christopher Peterson.
* Fix typo in semanage-port man page, from Andrew Spiers.
2.4 2015-02-02
* Fix bugs found by hardened gcc flags, from Nicolas Iooss.
* Improve support for building with different versions of python from
Nicolas Iooss.
* Ensure XDG_RUNTIME_DIR is passed through to the sandbox in seunshare,
from Dan Walsh
* Remove cgroups from sandbox, from Dan Walsh
* Try to use setcurrent before setexec in seunshare, from Andy Lutomirski
* Stop using the now deprecated flask.h and av_permissions.h, from Stephen Smalley
* Add a store root path in semodule, from Yuli Khodorkovskiy
* Add a flag to ignore cached CIL files and recompile HLL modules, from
Yuli Khodorkovskiy
* Add and install HLL compiler for policy packages to CIL. The compiler is
installed in /var/libexec/selinux/hll/ by default, from Steve Lawrence
* Fixes to pp compiler to better support roles and type attributes, from
Yuli Khodorkovskiy
* Deprecate base/upgrade/version in semodule. Calling these commands will
now call --install on the backend, from Yuli Khodorkovskiy
* Add ability to install modules with a specified priority, from Caleb
Case
* Use /tmp for permissive module creation, by Caleb Case
* Update semanage to use new source policy infrastructure, from Jason Dana
* Add RuntimeDirectory to mcstrans systemd unit file, from Laurent
Bigonville
2.3 2014-05-06
* Add -P semodule option to man page from Dan Walsh.
* selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
* Add new icons for sepolicy gui from Dan Walsh.
* Only return writeable files that are enabled from Dan Walsh.
* Add domain to short list of domains, when -t and -d from Dan Walsh.
* Fix up desktop files to match current standards from Dan Walsh.
* Add support to return sensitivities and categories for python from Dan Walsh.
* Cleanup whitespace from Dan Walsh.
* Add message to tell user to install sandbox policy from Dan Walsh.
* Add systemd unit file for mcstrans from Laurent Bigonville.
* Improve restorecond systemd unit file from Laurent Bigonville.
* Minor man pages improvements from Laurent Bigonville.
2.2.5 2013-12-09
* Ignore selevel/serange if MLS is disabled from Sven Vermeulen.
2.2.4 2013-11-26
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
2.2.3 2013-11-13
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
2.2.2 2013-11-06
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
2.2.1 2013-10-31
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
2.2 2013-10-30
* Properly build the swig exception file from Laurent Bigonville.
* Fix man pages from Laurent Bigonville.
* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
* Fix LDFLAGS usage from Laurent Bigonville.
* Fix init_policy warning from Laurent Bigonville.
* Fix semanage logging from Laurent Bigonville.
* Open newrole stdin as read/write from Sven Vermeulen.
* Fix sepolicy transition from Sven Vermeulen.
* Support overriding CFLAGS from Simon Ruderich.
* Create correct man directory for run_init from Russell Coker.
* restorecon GLOB_BRACE change from Michal Trunecka.
* Extend audit2why to report additional constraint information.
* Catch IOError errors within audit2allow from Dan Walsh.
* semanage export/import fixes from Dan Walsh.
* Improve setfiles progress reporting from Dan Walsh.
* Document setfiles -o option in usage from Dan Walsh.
* Change setfiles to always return -1 on failure from Dan Walsh.
* Improve setsebool error r eporting from Dan Walsh.
* Major overhaul of gui from Dan Walsh.
* Fix sepolicy handling of non-MLS policy from Dan Walsh.
* Support returning type aliases from Dan Walsh.
* Add sepolicy tests from Dan Walsh.
* Add org.selinux.config.policy from Dan Walsh.
* Improve range and user input checking by semanage from Dan Walsh.
* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
* Allow use of <<none>> for semanage fcontext from Dan Walsh.
* Report customized user levels from Dan Walsh.
* Support deleteall for restoring disabled modules from Dan Walsh.
* Improve semanage error reporting from Dan Walsh.
* Only list disabled modules for module locallist from Dan Walsh.
* Fix logging from Dan Walsh.
* Define new constants for file type character codes from Dan Walsh.
* Improve bash completions from Dan Walsh.
* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
* Add semanage tests from Dan Walsh.
* Split semanage man pages from Dan Walsh.
* Move bash completion scripts from Dan Walsh.
* Replace genhomedircon script with a link to semodule from Dan Walsh.
* Fix fixfiles from Dan Walsh.
* Add support for systemd service for restorecon from Dan Walsh.
* Spelling corrections from Dan Walsh.
* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
* Switch sandbox to openbox window manager from Dan Walsh.
* Coalesce audit2why and audit2allow from Dan Walsh.
* Change audit2allow to append to output file from Dan Walsh.
* Update translations from Dan Walsh.
* Change audit2why to use selinux_current_policy_path from Dan Walsh.
2.1.14 2013-02-01
* setfiles: estimate percent progress
* load_policy: make link at the destination directory
* Rebuild polgen.glade with glade-3
* sepolicy: new command to unite small utilities
* sepolicy: Update Makefiles and po files
* sandbox: use sepolicy to look for sandbox_t
* gui: switch to use sepolicy
* gui: sepolgen: use sepolicy to generate
* semanage: use sepolicy for boolean dictionary
* add po file configuration information
* po: stop running update-po on all
* semanage: seobject verify policy types before allowing you to assign them.
* gui: Start using Popen, instead of os.spawnl
* sandbox: Copy /var/tmp to /tmp as they are the same inside
* qualifier to shred content
* semanage: Fix handling of boolean_sub names when using the -F flag
* semanage: man: roles instead of role
* gui: system-config-selinux: Catch no DISPLAY= error
* setfiles: print error if no default label found
* semanage: list logins file entries in semanage login -l
* semanage: good error message is sepolgen python module missing
* gui: system-config-selinux: do not use lokkit
* secon: add support for setrans color information in prompt output
* restorecond: remove /etc/mtab from default list
* gui: If you are not able to read enforcemode set it to False
* genhomedircon: regenerate genhomedircon more often
* restorecond: Add /etc/udpatedb.conf to restorecond.conf
* genhomedircon generation to allow spec file to pass in SEMODULE_PATH
* fixfiles: relabel only after specific date
* po: update translations
* sandbox: seunshare: do not reassign realloc value
* seunshare: do checking on setfsuid
* sestatus: rewrite to shut up coverity
2.1.13 2012-09-13
* genhomedircon: manual page improvements
* setfiles/restorecon minor improvements
* run_init: If open_init_pty is not available then just use exec
* newrole: do not drop capabilities when newrole is run as
* restorecon: only update type by default
* scripts: Don't syslog setfiles changes on a fixfiles restore
* setfiles: do not syslog if no changes
* Disable user restorecond by default
* Make restorecon return 0 when a file has changed context
* setfiles: Fix process_glob error handling
* semanage: allow enable/disable under -m
* add .tx to gitignore
* translations: commit translations from Fedora community
* po: silence build process
* gui: Checking in policy to support polgengui and sepolgen.
* gui: polgen: search for systemd subpackage when generating policy
* gui: for exploring booleans
* gui: system-config-selinux gui
* Add Makefiles to support new gui code
* gui: remove lockdown wizard
* return equivalency records in fcontext customized
* semanage: option to not load new policy into kernel after
* sandbox: manpage update to describe standard types
* setsebool: -N should not reload policy on changes
* semodule: Add -N qualifier to no reload kernel policy
* gui: polgen: sort selinux types of user controls
* gui: polgen: follow symlinks and get the real path to
* gui: Fix missing error function
* setfiles: return errors when bad paths are given
* fixfiles: tell restorecon to ignore missing paths
* setsebool: error when setting multiple options
* semanage: use boolean subs.
* sandbox: Make sure Xephyr never listens on tcp ports
* sepolgen: return and output constraint violation information
* semanage: skip comments while reading external configuration files
* restorecond: relabel all mount runtime files in the restorecond example
* genhomedircon: dynamically create genhomedircon
2.1.12 2012-06-28
* restorecond: wrong options should exit with non-zero error code
* restorecond: Add -h option to get usage command
* resorecond: user: fix fd leak
* mcstrans: add -f to run in foreground
* semanage: fix man page range and level defaults
* semanage: bash completion for modules should include -a,-m, -d
* semanage: manpage update for -e
* semanage: dontaudit off should work
* semanage: locallist option does not take an argument
* sepolgen: Make use of setools optional within sepolgen
2.1.11 2012-03-28
* sandbox: do not propogate inside mounts outside
* sandbox: Removing sandbox init script, should no longer be necessary
* restorecond: Stop using deprecated interfaces for g_io
* semanage: proper auditting of user changes for LSPP
* semanage: audit message to show what record(s) and item(s) have chaged
* scripts: Update Makefiles to handle /usrmove
* mcstrans: Version should have been bumped on last check in
* seunshare: Only drop caps not the Bounding Set from seunshare
* Add bash-completion scripts for setsebool and semanage
* newrole: Use correct capng calls in newrole
* Fix infinite loop with inotify on 2.6.31 kernels
* fix ftbfs with hardening flags
* Only run setfiles if we found read-write filesystems to run it on
* update .po files
* remove empty po files
* do not fail to install if unable to make load_policy lnk file
2.1.10 2011-12-21
* Remove excess whitespace
* sandbox: Add back in . functions to sandbox.init script
* Fix Makefile to match other policycoreutils Makefiles
* semanage: drop unused translation getopt
2.1.9 2011-12-05
* sandbox: move sandbox.conf.5 to just sandbox.5
* po: Makefile use -p to preserve times to allow multilib simultatious installs
* of po files
* sandbox: Allow user to specify the DPI value for X in a sandbox
* sandbox: make sure the domain launching sandbox has at least 100 categories
* sandbox: do not try forever to find available category set
* sandbox: only complain if sandbox unable to launch
* sandbox: init script run twice is still successful
* semanage: print local and dristo equiv rules
* semanage: check file equivalence rules for conflict
* semanage: Make sure semanage fcontext -l -C prints even if local keys
* are not defined
* semanage: change src,dst to target,substitute for equivalency
* sestatus: Updated sestatus and man pages.
* Added SELinux config file man page.
* add clean target to man Makefile
2.1.8 2011-11-03
* sandbox: Maintain the LANG environment into the sandbox
* audit2allow: use audit2why internally
* fixfiles: label /root but not /var/lib/BackupPC
* semanage: update local boolean settings is dealing with localstore
* semanage: missing modify=True
* semanage: set modified correctly
* restorecond: make restorecond dbuss-able
* restorecon: Always check return code on asprintf
* restorecond: make restorecond -u exit when terminal closes
* sandbox: introduce package name and language stuff
* semodule_package: remove semodule_unpackage on clean
* fix sandbox Makefile to support DESTDIR
* semanage: Add -o description to the semanage man page
* make use of the new realpath_not_final function
* setfiles: close /proc/mounts file when finished
* semodule: Document semodule -p in man page
* setfiles: fix use before initialized
* restorecond: Add .local/share as a directory to watch
2.1.7 2011-09-27
* semanage: fix indentation error in seobject
2.1.6 2011-09-15
* sepolgen-ifgen: new attr-helper does something
* audit2allow: use alternate policy file
* audit2allow: sepolgen-ifgen use the attr helper
* setfiles: switch from stat to stat64
* setfiles: Fix potential crash using dereferenced ftsent
* setfiles: do not wrap * output at 80 characters
* sandbox: add -Wall and -Werror to makefile
* sandbox: add sandbox cgroup support
* sandbox: rewrite /tmp handling
* sandbox: do not bind mount so much
* sandbox: add level based kill option
* sandbox: cntrl-c should kill entire process control group
* Create a new preserve_tunables flag in sepol_handle_t.
* semanage: show running and disk setting for booleans
* semanage: Dont print heading if no items selected
* sepolgen: audit2allow is mistakakenly not allowing valid module names
* semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled
* More files to ignore
* tree: default make target to all not install
* sandbox: do not load unused generic init functions
2.1.5 2011-08-26
* setfiles: Fix process_glob to handle error situations
* sandbox: Allow seunshare to run as root
* sandbox: trap sigterm to make sure sandbox
* sandbox: pass DPI from the desktop
* sandbox: seunshare: introduce helper spawn_command
* sandbox: seunshare: introduce new filesystem helpers
* sandbox: add -C option to not drop
* sandbox: split seunshare caps dropping
* sandbox: use dbus-launch
* sandbox: numerous simple updates to sandbox
* sandbox: do not require selinux context
* sandbox: Makefile: new man pages
* sandbox: rename dir to srcdir
* sandbox: allow users specify sandbox window size
* sandbox: check for paths up front
* sandbox: use defined values for paths rather
* sandbox: move seunshare globals to the top
* sandbox: whitespace fix
* semodule_package: Add semodule_unpackage executable
* setfiles: get rid of some stupid globals
* setfiles: move exclude_non_seclabel_mounts to a generic location
2.1.4 2011-08-17
* run_init: clarification of the usage in the
* semanage: fix usage header around booleans
* semanage: remove useless empty lines
* semanage: update man page with new examples
* semanage: update usage text
* semanage: introduce file context equivalencies
* semanage: enable and disable modules
* semanage: output all local modifications
* semanage: introduce extraction of local configuration
* semanage: cleanup error on invalid operation
* semanage: handle being called with no arguments
* semanage: return sooner to save CPU time
* semanage: surround getopt with try/except
* semanage: use define/raise instead of lots of
* semanage: some options are only valid for
* semanage: introduce better deleteall support
* semanage: do not allow spaces in file
* semanage: distinguish between builtin and local permissive
* semanage: centralized ip node handling
* setfiles: make the restore function exclude() non-static
* setfiles: use glob to handle ~ and
* fixfiles: do not hard code types
* fixfiles: stop trying to be smart about
* fixfiles: use new kernel seclabel option
* fixfiles: pipe everything to cat before sending
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
* semodule: support for alternative root paths
2.1.3 2011-08-03
* semanage: fix indention
* semodule_package: fix man page typo
* semodule_expand: update man page with -a
* semanage: handle os errors
* semanage: fix traceback with bad options
* semanage: show usage on -h or --help
* semanage: introduce more deleteall options
* semanage: verify ports < 65536
* transaction into semanageRecords
* make get_handle a method of semanageRecords
* remove a needless blank line
* make process_one error if not initialized correctly
* fixfiles: correct usage for r_opts.rootpath
* put -p in help for restorecon and
* fixfiles: do not try to only label
* fixfiles clean up /var/run and /var/lib/debug
* fixfiles delete tmp sockets and pipes rather
* fixfile use find -delete instead of pipe
* chcat man page typo
* add man page for genhomedircon
* setfiles fix typo
* setsebool should inform users they need to
* setsebool typos
* open_init_tty man page typos
* Don't add user site directory to sys.path
* newrole retain CAP_SETPCAP
2.1.2 2011-08-02
* seunshare: define _GNU_SOURCE earlier
* make ignore_enoent do something
* restorecond: first user logged in is not noticed
* Repo: update .gitignore
2.1.1 2011-08-01
* Man page updates
* restorecon fix for bad inotify assumptions
2.1.0 2011-07-27
* Release, minor version bump
2.0.86 2011-04-11
* Use correct color range in mcstrand by Richard Haines.
2.0.85 2010-12-20
* Move newrole to use libcap-ng from Dan Walsh
2.0.84 2010-11-16
* Add mcstrans support from Ted Toth with modifications from Steve Lawrence.
2.0.83 2010-06-10
* Add sandbox support from Dan Walsh with modifications from Steve Lawrence.
2.0.82 2010-03-12
* Add avc's since boot from Dan Walsh.
2.0.81 2010-03-12
* Add dontaudit flag to audit2allow from Dan Walsh.
2.0.80 2010-03-06
* Module enable/disable support from Dan Walsh.
2.0.79 2010-01-26
* Fix double-free in newrole
2.0.78 2009-11-27
* Remove non-working OUTFILE from fixfiles from Dan Walsh.
* Additional exception handling in chcat from Dan Walsh.
2.0.77 2009-11-19
* Fixed bug preventing semanage node -a from working
from Chad Sellers
* Fixed bug preventing semanage fcontext -l from working
from Chad Sellers
2.0.76 2009-11-18
* Remove setrans management from semanage, as it does not work
from Dan Walsh.
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
2.0.75 2009-11-02
* Factor out restoring logic from setfiles.c into restore.c
2.0.74 2009-09-16
* Change semodule upgrade behavior to install even if the module
is not present from Dan Walsh.
* Make setfiles label if selinux is disabled and a seclabel aware
kernel is running from Caleb Case.
* Clarify forkpty() error message in run_init from Manoj Srivastava.
2.0.73 2009-09-04
* Add semanage dontaudit to turn off dontaudits from Dan Walsh.
* Fix semanage to set correct mode for setrans file from Dan Walsh.
* Fix malformed dictionary in portRecord from Dan Walsh.
2.0.72 2009-09-03
* Restore symlink handling support to restorecon based on a patch by
Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
udev scripts that was broken by policycoreutils 2.0.70.
2.0.71 2009-08-11
* Modify setfiles/restorecon checking of exclude paths. Only check
user-supplied exclude paths (not automatically generated ones based on
lack of seclabel support), don't require them to be directories, and
ignore permission denied errors on them (it is ok to exclude a path to
which the caller lacks permission).
2.0.70 2009-08-04
* Modify restorecon to only call realpath() on user-supplied pathnames
from Stephen Smalley.
2.0.69 2009-07-30
* Fix typo in fixfiles that prevented it from relabeling btrfs
filesystems from Dan Walsh.
2.0.68 2009-07-24
* Modify setfiles to exclude mounts without seclabel option in
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
2.0.67 2009-07-07
* Re-enable disable_dontaudit rules upon semodule -B from Christopher
Pardy and Dan Walsh.
2.0.66 2009-07-07
* setfiles converted to fts from Thomas Liu.
2.0.65 2009-06-24
* Remove gui from po/Makefile and po/POTFILES and regenerate po files
2.0.64 2009-06-22
* Keep setfiles from spamming console from Dan Walsh.
* Fix chcat's category expansion for users from Dan Walsh.
2.0.63 2009-05-15
* Fix transaction checking from Dan Walsh.
* Make fixfiles -R (for rpm) recursive.
* Make semanage permissive clean up after itself from Dan Walsh.
* add /root/.ssh/* to restorecond.conf
2.0.62 2009-02-19
* Add btrfs to fixfiles from Dan Walsh.
* Remove restorecond error for matching globs with multiple hard links
and fix some error messages from Dan Walsh.
* Make removing a non-existant module a warning rather than an error
from Dan Walsh.
* Man page fixes from Dan Walsh.
2.0.61 2009-01-12
* chcat: cut categories at arbitrary point (25) from Dan Walsh
* semodule: use new interfaces in libsemanage for compressed files
from Dan Walsh
* audit2allow: string changes for usage
2.0.60 2008-11-12
* semanage: use semanage_mls_enabled() from Stephen Smalley.
2.0.59 2008-11-11
* fcontext add checked local records twice, fix from Dan Walsh.
2.0.58 2008-11-09
* Allow local file context entries to override policy entries in
semanage from Dan Walsh.
* Newrole error message corrections from Dan Walsh.
* Add exception to audit2why call in audit2allow from Dan Walsh.
2.0.57 2008-09-18
* Update po files from Dan Walsh.
2.0.56 2008-09-12
* fixfiles will now remove all files in /tmp and will check for
unlabeled_t in /tmp and /var/tmp from Dan Walsh.
* add glob support to restorecond from Dan Walsh.
* allow semanage to handle multi-line commands in a single transaction
from Dan Walsh.
2.0.55 2008-08-26
* Merged semanage node support from Christian Kuester.
2.0.54 2008-08-05
* Add support for boolean files and group support for seusers from Dan Walsh.
* Ensure that setfiles -p output is newline terminated from Russell Coker.
2.0.53 2008-07-29
* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
2.0.52 2008-07-02
* Add permissive domain capability to semanage from Dan Walsh.
2.0.51 2008-06-28
* Add onboot option to fixfiles from Dan Walsh.
* Change restorecon.init to not run on boot by default from Dan Walsh.
2.0.50 2008-06-30
* Fix audit2allow generation of role-type rules from Karl MacMillan.
2.0.49 2008-05-16
* Remove security_check_context calls for prefix validation from semanage.
2.0.48 2008-05-16
* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
2.0.47 2008-04-18
* Update semanage man page for booleans from Dan Walsh.
* Add further error checking to seobject.py for setting booleans.
2.0.46 2008-03-18
* Update audit2allow to report dontaudit cases from Dan Walsh.
2.0.45 2008-03-18
* Fix semanage port to use --proto from Caleb Case.
2.0.44 2008-02-22
* Fixed semodule to correctly handle error when unable to create a handle.
2.0.43 2008-02-08
* Merged fix fixfiles option processing from Vaclav Ovsik.
2.0.42 2008-02-02
* Make semodule_expand use sepol_set_expand_consume_base to reduce
peak memory usage.
2.0.41 2008-01-28
* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
2.0.40 2008-01-25
* Merged a second fixfiles -C fix from Marshall Miller.
2.0.39 2008-01-24
* Merged fixfiles -C fix from Marshall Miller.
2.0.38 2008-01-24
* Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
* Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
* Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
2.0.37 2008-01-23
* Merged replacement for audit2why from Dan Walsh.
2.0.36 2008-01-23
* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
2.0.35 2007-12-21
* Merged support for non-interactive newrole command invocation from Tim Reed.
2.0.34 2007-12-14
* Update Makefile to not build restorecond if
/usr/include/sys/inotify.h is not present
2.0.33 2007-12-07
* Drop verbose output on fixfiles -C from Dan Walsh.
* Fix argument handling in fixfiles from Dan Walsh.
* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
2.0.32 2007-10-16
* load_policy initial load option from Chad Sellers.
2.0.31 2007-10-15
* Fix semodule option handling from Dan Walsh.
2.0.30 2007-10-11
* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
2.0.29 2007-10-05
* Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
2.0.28 2007-10-05
* Update semodule man page for -D from Dan Walsh.
* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
2.0.27 2007-09-19
* Improve semodule reporting of system errors from Stephen Smalley.
2.0.26 2007-09-18
* Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
2.0.25 2007-08-23
* Remove genhomedircon script (functionality is now provided
within libsemanage) from Todd Miller.
2.0.24 2007-08-23
* Fix genhomedircon searching for USER from Todd Miller
* Install run_init with mode 0755 from Dan Walsh.
* Fix chcat from Dan Walsh.
* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
* Optimize genhomedircon to compile regexes once from Dan Walsh.
* Fix semanage gettext call from Dan Walsh.
2.0.23 2007-08-16
* Disable dontaudits via semodule -D
2.0.22 2007-06-20
* Rebase setfiles to use new labeling interface.
2.0.21 2007-06-13
* Fixed setsebool (falling through to error path on success).
2.0.20 2007-06-05
* Merged genhomedircon fixes from Dan Walsh.
* Merged setfiles -c usage fix from Dan Walsh.
* Merged restorecon fix from Yuichi Nakamura.
* Dropped -lsepol where no longer needed.
2.0.19 2007-05-11
* Merge newrole support for alternate pam configs from Ted X Toth.
2.0.18 2007-05-11
* Merged merging of restorecon into setfiles from Stephen Smalley.
2.0.17 2007-05-09
* Merged genhomedircon fix to find conflicting directories correctly from Dan Walsh.
2.0.16 2007-05-03
* Merged support for modifying the prefix via semanage from Dan Walsh.
2.0.15 2007-04-26
* Merged move of audit2why to /usr/bin from Dan Walsh.
2.0.14 2007-04-25
* Build fix for setsebool.
2.0.13 2007-04-24
* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
2.0.12 2007-04-24
* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
2.0.11 2007-04-24
* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
2.0.10 2007-04-24
* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
2.0.9 2007-04-12
* Merged seobject setransRecords patch to return the first alias from Xavier Toth.
2.0.8 2007-04-10
* Merged updates to sepolgen-ifgen from Karl MacMillan.
2.0.7 2007-03-01
* Merged restorecond init script LSB compliance patch from Steve Grubb.
2.0.6 2007-02-22
* Merged newrole O_NONBLOCK fix from Linda Knippers.
2.0.5 2007-02-22
* Merged sepolgen and audit2allow patches to leave generated files
in the current directory from Karl MacMillan.
2.0.4 2007-02-22
* Merged restorecond memory leak fix from Steve Grubb.
2.0.3 2007-02-21
* Merged translations update from Dan Walsh.
* Merged chcat fixes from Dan Walsh.
* Merged man page fixes from Dan Walsh.
* Merged seobject prefix validity checking from Dan Walsh.
2.0.2 2007-02-20
* Merged seobject exception handler fix from Caleb Case.
* Merged setfiles memory leak patch from Todd Miller.
2.0.1 2007-02-08
* Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh.
2.0.0 2007-02-05
* Merged new audit2allow from Karl MacMillan.
This audit2allow depends on the new sepolgen python module.
Note that you must run the sepolgen-ifgen tool to generate
the data needed by audit2allow to generate refpolicy.
1.34.1 2007-01-22
* Fixed newrole non-pam build.
1.34.0 2007-01-18
* Updated version for stable branch.
1.33.16 2007-01-18
* Merged po file updates from Dan Walsh.
* Removed update-po from all target in po/Makefile.
1.33.15 2007-01-17
* Merged unicode-to-string fix for seobject audit from Dan Walsh.
* Merged man page updates to make "apropos selinux" work from Dan Walsh.
1.33.14 2007-01-16
* Merged newrole man page patch from Michael Thompson.
1.33.13 2007-01-16
* Merged patch to fix python unicode problem from Dan Walsh.
1.33.12 2007-01-11
* Merged newrole securetty check from Dan Walsh.
* Merged semodule patch to generalize list support from Karl MacMillan.
1.33.11 2007-01-09
* Merged fixfiles and seobject fixes from Dan Walsh.
* Merged semodule support for list of modules after -i from Karl MacMillan.
1.33.10 2007-01-08
* Merged patch to correctly handle a failure during semanage handle
creation from Karl MacMillan.
1.33.9 2007-01-05
* Merged patch to fix seobject role modification from Dan Walsh.
1.33.8 2007-01-04
* Merged patches from Dan Walsh to:
- omit the optional name from audit2allow
- use the installed python version in the Makefiles
- re-open the tty with O_RDWR in newrole
1.33.7 2007-01-03
* Patch from Dan Walsh to correctly suppress warnings in load_policy.
1.33.6 2006-11-29
* Patch from Dan Walsh to add an pam_acct_msg call to run_init
* Patch from Dan Walsh to fix error code returns in newrole
* Patch from Dan Walsh to remove verbose flag from semanage man page
* Patch from Dan Walsh to make audit2allow use refpolicy Makefile
in /usr/share/selinux/<SELINUXTYPE>
1.33.5 2006-11-27
* Merged patch from Michael C Thompson to clean up genhomedircon
error handling.
1.33.4 2006-11-21
* Merged po file updates from Dan Walsh.
1.33.3 2006-11-21
* Merged setsebool patch from Karl MacMillan.
This fixes a bug reported by Yuichi Nakamura with
always setting booleans persistently on an unmanaged system.
1.33.2 2006-11-20
* Merged patch from Dan Walsh (via Karl MacMillan):
* Added newrole audit message on login failure
* Add /var/log/wtmp to restorecond.conf watch list
* Fix genhomedircon, semanage, semodule_expand man pages.
1.33.1 2006-11-13
* Merged newrole patch set from Michael Thompson.
1.32 2006-10-17
* Updated version for release.
1.30.31 2006-10-17
* Merged audit2allow -l fix from Yuichi Nakamura.
* Merged restorecon -i and -o - support from Karl MacMillan.
* Merged semanage/seobject fix from Dan Walsh.
* Merged fixfiles -R and verify changes from Dan Walsh.
1.30.30 2006-09-29
* Merged newrole auditing of failures due to user actions from
Michael Thompson.
1.30.29 2006-09-13
* Man page corrections from Dan Walsh
* Change all python invocations to /usr/bin/python -E
* Add missing getopt flags to genhomedircon
1.30.28 2006-09-01
* Merged fix for restorecon // handling from Erich Schubert.
* Merged translations update and fixfiles fix from Dan Walsh.
1.30.27 2006-08-24
* Merged fix for restorecon symlink handling from Erich Schubert.
1.30.26 2006-08-11
* Merged semanage local file contexts patch from Chris PeBenito.
1.30.25 2006-08-03
* Merged patch from Dan Walsh with:
* audit2allow: process MAC_POLICY_LOAD events
* newrole: run shell with - prefix to start a login shell
* po: po file updates
* restorecond: bail if SELinux not enabled
* fixfiles: omit -q
* genhomedircon: fix exit code if non-root
* semodule_deps: install man page
1.30.24 2006-08-03
* Merged secon Makefile fix from Joshua Brindle.
1.30.23 2006-08-03
* Merged netfilter contexts support patch from Chris PeBenito.
1.30.22 2006-07-28
* Merged restorecond size_t fix from Joshua Brindle.
1.30.21 2006-07-28
* Merged secon keycreate patch from Michael LeMay.
1.30.20 2006-07-26
* Merged restorecond fixes from Dan Walsh.
Merged updated po files from Dan Walsh.
1.30.19 2006-07-26
* Merged python gettext patch from Stephen Bennett.
1.30.18 2006-07-25
* Merged semodule_deps from Karl MacMillan.
1.30.17 2006-06-29
* Lindent.
1.30.16 2006-06-26
* Merged patch from Dan Walsh with:
* -p option (progress) for setfiles and restorecon.
* disable context translation for setfiles and restorecon.
* on/off values for setsebool.
1.30.15 2006-06-26
* Merged setfiles and semodule_link fixes from Joshua Brindle.
1.30.14 2006-06-16
* Merged fix for setsebool error path from Serge Hallyn.
1.30.13 2006-06-16
* Merged patch from Dan Walsh with:
* Updated po files.
* Fixes for genhomedircon and seobject.
* Audit message for mass relabel by setfiles.
1.30.12 2006-06-02
* Updated fixfiles script for new setfiles location in /sbin.
1.30.11 2006-05-26
* Merged more translations from Dan Walsh.
* Merged patch to relocate setfiles to /sbin for early relabel
when /usr might not be mounted from Dan Walsh.
* Merged semanage/seobject patch to preserve fcontext ordering in list.
* Merged secon patch from James Antill.
1.30.10 2006-05-22
* Merged patch with updates to audit2allow, secon, genhomedircon,
and semanage from Dan Walsh.
1.30.9 2006-05-08
* Fixed audit2allow and po Makefiles for DESTDIR= builds.
* Merged .po file patch from Dan Walsh.
* Merged bug fix for genhomedircon.
1.30.8 2006-05-08
* Merged patch from Dan Walsh.
This includes audit2allow changes for analysis plugins,
internationalization support for several additional programs
and added po files, some fixes for semanage, and several cleanups.
It also adds a new secon utility.
1.30.7 2006-05-05
* Merged fix warnings patch from Karl MacMillan.
1.30.6 2006-04-14
* Merged semanage prefix support from Russell Coker.
1.30.5 2006-04-11
* Added a test to setfiles to check that the spec file is
a regular file.
1.30.4 2006-03-29
* Merged audit2allow fixes for refpolicy from Dan Walsh.
* Merged fixfiles patch from Dan Walsh.
* Merged restorecond daemon from Dan Walsh.
1.30.3 2006-03-29
* Merged semanage non-MLS fixes from Chris PeBenito.
1.30.2 2006-03-29
* Merged semanage and semodule man page examples from Thomas Bleher.
1.30.1 2006-03-20
* Merged semanage labeling prefix patch from Ivan Gyurdiev.
1.30 2006-03-14
* Updated version for release.
1.29.28 2006-03-13
* Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
1.29.27 2006-03-08
* Merged audit2allow -R support, chcat fix, semanage MLS checks
and semanage audit calls from Dan Walsh.
1.29.26 2006-02-15
* Merged semanage bug fix patch from Ivan Gyurdiev.
1.29.25 2006-02-14
* Merged improve bindings patch from Ivan Gyurdiev.