|
|
@ -57,8 +57,8 @@ Group: Development/Libraries |
|
|
|
Requires: libselinux%{?_isa} = %{version}-%{release} |
|
|
|
Requires: libselinux%{?_isa} = %{version}-%{release} |
|
|
|
|
|
|
|
|
|
|
|
%description python |
|
|
|
%description python |
|
|
|
The libselinux-python package contains the python bindings for developing |
|
|
|
The libselinux-python package contains the python bindings for developing |
|
|
|
SELinux applications. |
|
|
|
SELinux applications. |
|
|
|
|
|
|
|
|
|
|
|
%if 0%{?with_python3} |
|
|
|
%if 0%{?with_python3} |
|
|
|
%package python3 |
|
|
|
%package python3 |
|
|
@ -68,7 +68,7 @@ Requires: libselinux%{?_isa} = %{version}-%{release} |
|
|
|
|
|
|
|
|
|
|
|
%description python3 |
|
|
|
%description python3 |
|
|
|
The libselinux-python3 package contains python 3 bindings for developing |
|
|
|
The libselinux-python3 package contains python 3 bindings for developing |
|
|
|
SELinux applications. |
|
|
|
SELinux applications. |
|
|
|
%endif # with_python3 |
|
|
|
%endif # with_python3 |
|
|
|
|
|
|
|
|
|
|
|
%package ruby |
|
|
|
%package ruby |
|
|
@ -78,8 +78,8 @@ Requires: libselinux%{?_isa} = %{version}-%{release} |
|
|
|
Provides: ruby(selinux) |
|
|
|
Provides: ruby(selinux) |
|
|
|
|
|
|
|
|
|
|
|
%description ruby |
|
|
|
%description ruby |
|
|
|
The libselinux-ruby package contains the ruby bindings for developing |
|
|
|
The libselinux-ruby package contains the ruby bindings for developing |
|
|
|
SELinux applications. |
|
|
|
SELinux applications. |
|
|
|
|
|
|
|
|
|
|
|
%package devel |
|
|
|
%package devel |
|
|
|
Summary: Header files and libraries used to build SELinux |
|
|
|
Summary: Header files and libraries used to build SELinux |
|
|
@ -89,7 +89,7 @@ Requires: libsepol-devel%{?_isa} >= %{libsepolver} |
|
|
|
|
|
|
|
|
|
|
|
%description devel |
|
|
|
%description devel |
|
|
|
The libselinux-devel package contains the libraries and header files |
|
|
|
The libselinux-devel package contains the libraries and header files |
|
|
|
needed for developing SELinux applications. |
|
|
|
needed for developing SELinux applications. |
|
|
|
|
|
|
|
|
|
|
|
%package static |
|
|
|
%package static |
|
|
|
Summary: Static libraries used to build SELinux |
|
|
|
Summary: Static libraries used to build SELinux |
|
|
@ -98,7 +98,7 @@ Requires: libselinux-devel%{?_isa} = %{version}-%{release} |
|
|
|
|
|
|
|
|
|
|
|
%description static |
|
|
|
%description static |
|
|
|
The libselinux-static package contains the static libraries |
|
|
|
The libselinux-static package contains the static libraries |
|
|
|
needed for developing SELinux applications. |
|
|
|
needed for developing SELinux applications. |
|
|
|
|
|
|
|
|
|
|
|
%prep |
|
|
|
%prep |
|
|
|
%setup -q -n libselinux-2.5 |
|
|
|
%setup -q -n libselinux-2.5 |
|
|
@ -151,8 +151,8 @@ InstallPythonWrapper() { |
|
|
|
|
|
|
|
|
|
|
|
rm -rf %{buildroot} |
|
|
|
rm -rf %{buildroot} |
|
|
|
mkdir -p %{buildroot}/%{_prefix}/lib/tmpfiles.d |
|
|
|
mkdir -p %{buildroot}/%{_prefix}/lib/tmpfiles.d |
|
|
|
mkdir -p %{buildroot}/%{_libdir} |
|
|
|
mkdir -p %{buildroot}/%{_libdir} |
|
|
|
mkdir -p %{buildroot}%{_includedir} |
|
|
|
mkdir -p %{buildroot}%{_includedir} |
|
|
|
mkdir -p %{buildroot}%{_sbindir} |
|
|
|
mkdir -p %{buildroot}%{_sbindir} |
|
|
|
mkdir -p %{buildroot}/var/run/setrans |
|
|
|
mkdir -p %{buildroot}/var/run/setrans |
|
|
|
echo "d /var/run/setrans 0755 root root" > %{buildroot}/%{_prefix}/lib/tmpfiles.d/libselinux.conf |
|
|
|
echo "d /var/run/setrans 0755 root root" > %{buildroot}/%{_prefix}/lib/tmpfiles.d/libselinux.conf |
|
|
@ -326,7 +326,7 @@ Resolves:#1053122 |
|
|
|
Resolves: #1053122 |
|
|
|
Resolves: #1053122 |
|
|
|
|
|
|
|
|
|
|
|
* Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1 |
|
|
|
* Mon Jan 6 2014 Dan Walsh <dwalsh@redhat.com> - 2.2.2-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Fix userspace AVC handling of per-domain permissive mode. |
|
|
|
* Fix userspace AVC handling of per-domain permissive mode. |
|
|
|
- Verify context is not null when passed into *setfilecon_raw |
|
|
|
- Verify context is not null when passed into *setfilecon_raw |
|
|
|
|
|
|
|
|
|
|
@ -348,12 +348,12 @@ Resolves: #1053122 |
|
|
|
Resolves: #1038606 |
|
|
|
Resolves: #1038606 |
|
|
|
|
|
|
|
|
|
|
|
* Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1 |
|
|
|
* Mon Nov 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.2.1-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Remove -lpthread from pkg-config file; it is not required. |
|
|
|
* Remove -lpthread from pkg-config file; it is not required. |
|
|
|
- Add support for policy compressed with xv |
|
|
|
- Add support for policy compressed with xv |
|
|
|
|
|
|
|
|
|
|
|
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1 |
|
|
|
* Thu Oct 31 2013 Dan Walsh <dwalsh@redhat.com> - 2.2-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. |
|
|
|
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. |
|
|
|
* Support overriding Makefile RANLIB from Sven Vermeulen. |
|
|
|
* Support overriding Makefile RANLIB from Sven Vermeulen. |
|
|
|
* Update pkgconfig definition from Sven Vermeulen. |
|
|
|
* Update pkgconfig definition from Sven Vermeulen. |
|
|
@ -384,7 +384,7 @@ Resolves: #1038606 |
|
|
|
Resolves: #971425 |
|
|
|
Resolves: #971425 |
|
|
|
|
|
|
|
|
|
|
|
* Thu Oct 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-20 |
|
|
|
* Thu Oct 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-20 |
|
|
|
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek |
|
|
|
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek |
|
|
|
Resolves: #1013801 |
|
|
|
Resolves: #1013801 |
|
|
|
|
|
|
|
|
|
|
|
* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-19 |
|
|
|
* Mon Sep 16 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-19 |
|
|
@ -413,7 +413,7 @@ Resolves: #1013801 |
|
|
|
- Add Eric Paris patch to fix procattr calls after a fork. |
|
|
|
- Add Eric Paris patch to fix procattr calls after a fork. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12 |
|
|
|
* Tue Mar 26 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-12 |
|
|
|
- Move secolor.conf.5 into mcstrans package and out of libselinux |
|
|
|
- Move secolor.conf.5 into mcstrans package and out of libselinux |
|
|
|
|
|
|
|
|
|
|
|
* Wed Mar 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-11 |
|
|
|
* Wed Mar 20 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-11 |
|
|
|
- Fix python bindings for selinux_check_access |
|
|
|
- Fix python bindings for selinux_check_access |
|
|
@ -449,7 +449,7 @@ Resolves: #1013801 |
|
|
|
- Revert some changes which are causing the wrong policy version file to be created |
|
|
|
- Revert some changes which are causing the wrong policy version file to be created |
|
|
|
|
|
|
|
|
|
|
|
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-1 |
|
|
|
* Thu Feb 7 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.13-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* audit2why: make sure path is nul terminated |
|
|
|
* audit2why: make sure path is nul terminated |
|
|
|
* utils: new file context regex compiler |
|
|
|
* utils: new file context regex compiler |
|
|
|
* label_file: use precompiled filecontext when possible |
|
|
|
* label_file: use precompiled filecontext when possible |
|
|
@ -475,7 +475,7 @@ Resolves: #1013801 |
|
|
|
* unmap file contexts on selabel_close() |
|
|
|
* unmap file contexts on selabel_close() |
|
|
|
* do not leak file contexts with mmap'd backend |
|
|
|
* do not leak file contexts with mmap'd backend |
|
|
|
* sefcontext_compile: do not leak fd on error |
|
|
|
* sefcontext_compile: do not leak fd on error |
|
|
|
* matchmediacon: do not leak fd |
|
|
|
* matchmediacon: do not leak fd |
|
|
|
* src/label_android_property: do not leak fd on error |
|
|
|
* src/label_android_property: do not leak fd on error |
|
|
|
|
|
|
|
|
|
|
|
* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20 |
|
|
|
* Sun Jan 27 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20 |
|
|
@ -544,7 +544,7 @@ Resolves: #1013801 |
|
|
|
- Rebuild with fixed libsepol |
|
|
|
- Rebuild with fixed libsepol |
|
|
|
|
|
|
|
|
|
|
|
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1 |
|
|
|
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Add support for lxc_contexts_path |
|
|
|
* Add support for lxc_contexts_path |
|
|
|
* utils: add service to getdefaultcon |
|
|
|
* utils: add service to getdefaultcon |
|
|
|
* libsemanage: do not set soname needlessly |
|
|
|
* libsemanage: do not set soname needlessly |
|
|
@ -593,7 +593,7 @@ Resolves: #1013801 |
|
|
|
- Revert Eric Paris Patch for selinux_binary_policy_path |
|
|
|
- Revert Eric Paris Patch for selinux_binary_policy_path |
|
|
|
|
|
|
|
|
|
|
|
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1 |
|
|
|
* Wed Jul 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Fortify source now requires all code to be compiled with -O flag |
|
|
|
* Fortify source now requires all code to be compiled with -O flag |
|
|
|
* asprintf return code must be checked |
|
|
|
* asprintf return code must be checked |
|
|
|
* avc_netlink_recieve handle EINTR |
|
|
|
* avc_netlink_recieve handle EINTR |
|
|
@ -607,7 +607,7 @@ Resolves: #1013801 |
|
|
|
* additional makefile support for rubywrap |
|
|
|
* additional makefile support for rubywrap |
|
|
|
|
|
|
|
|
|
|
|
* Mon Jun 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5 |
|
|
|
* Mon Jun 11 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-5 |
|
|
|
- Fix booleans.subs name, change function name to selinux_boolean_sub, |
|
|
|
- Fix booleans.subs name, change function name to selinux_boolean_sub, |
|
|
|
add man page, minor fixes to the function |
|
|
|
add man page, minor fixes to the function |
|
|
|
|
|
|
|
|
|
|
|
* Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4 |
|
|
|
* Fri May 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-4 |
|
|
@ -623,7 +623,7 @@ Resolves: #1013801 |
|
|
|
- Add support fot boolean subs file |
|
|
|
- Add support fot boolean subs file |
|
|
|
|
|
|
|
|
|
|
|
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1 |
|
|
|
* Thu Mar 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Fix dead links to www.nsa.gov/selinux |
|
|
|
* Fix dead links to www.nsa.gov/selinux |
|
|
|
* Remove jump over variable declaration |
|
|
|
* Remove jump over variable declaration |
|
|
|
* Fix old style function definitions |
|
|
|
* Fix old style function definitions |
|
|
@ -659,7 +659,7 @@ Resolves: #1013801 |
|
|
|
- Make work with ruby-1.9 |
|
|
|
- Make work with ruby-1.9 |
|
|
|
|
|
|
|
|
|
|
|
* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-7 |
|
|
|
* Fri Feb 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.9-7 |
|
|
|
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather |
|
|
|
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather |
|
|
|
|
|
|
|
|
|
|
|
* Sun Jan 29 2012 Kay Sievers <kay@redhat.com> - 2.1.9-6 |
|
|
|
* Sun Jan 29 2012 Kay Sievers <kay@redhat.com> - 2.1.9-6 |
|
|
|
- use /sbin/ldconfig, glibc does not provide |
|
|
|
- use /sbin/ldconfig, glibc does not provide |
|
|
@ -739,7 +739,7 @@ Resolves: #1013801 |
|
|
|
- Add selinux_check_access function. Needed for passwd, chfn, chsh |
|
|
|
- Add selinux_check_access function. Needed for passwd, chfn, chsh |
|
|
|
|
|
|
|
|
|
|
|
* Thu Sep 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2 |
|
|
|
* Thu Sep 22 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-2 |
|
|
|
- Handle situation where selinux=0 passed to the kernel and both /selinux and |
|
|
|
- Handle situation where selinux=0 passed to the kernel and both /selinux and |
|
|
|
|
|
|
|
|
|
|
|
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1 |
|
|
|
* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.6-1 |
|
|
|
-Update to upstream |
|
|
|
-Update to upstream |
|
|
@ -759,8 +759,8 @@ Resolves: #1013801 |
|
|
|
- Fix handling of subset labeling that is causing segfault in restorecon |
|
|
|
- Fix handling of subset labeling that is causing segfault in restorecon |
|
|
|
|
|
|
|
|
|
|
|
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2 |
|
|
|
* Fri Sep 2 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-2 |
|
|
|
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial |
|
|
|
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial |
|
|
|
prefixes. Now you can specify a ";" separated list of prefixes and the |
|
|
|
prefixes. Now you can specify a ";" separated list of prefixes and the |
|
|
|
labeling system will only load regular expressions that match these prefixes. |
|
|
|
labeling system will only load regular expressions that match these prefixes. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1 |
|
|
|
* Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-1 |
|
|
@ -813,7 +813,7 @@ labeling system will only load regular expressions that match these prefixes. |
|
|
|
* Update man pages for selinux_color_* functions by Richard Haines. |
|
|
|
* Update man pages for selinux_color_* functions by Richard Haines. |
|
|
|
|
|
|
|
|
|
|
|
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.102-6 |
|
|
|
* Mon Jun 13 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.102-6 |
|
|
|
- Only call dups check within selabel/matchpathcon if you are validating the |
|
|
|
- Only call dups check within selabel/matchpathcon if you are validating the |
|
|
|
context |
|
|
|
context |
|
|
|
- This seems to speed the loading of labels by 4 times. |
|
|
|
- This seems to speed the loading of labels by 4 times. |
|
|
|
|
|
|
|
|
|
|
@ -852,15 +852,15 @@ context |
|
|
|
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-4 |
|
|
|
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-4 |
|
|
|
Add patch from dbhole@redhat.com to initialize thread keys to -1 |
|
|
|
Add patch from dbhole@redhat.com to initialize thread keys to -1 |
|
|
|
Errors were being seen in libpthread/libdl that were related |
|
|
|
Errors were being seen in libpthread/libdl that were related |
|
|
|
to corrupt thread specific keys. Global destructors that are called on dl |
|
|
|
to corrupt thread specific keys. Global destructors that are called on dl |
|
|
|
unload. During destruction delete a thread specific key without checking |
|
|
|
unload. During destruction delete a thread specific key without checking |
|
|
|
if it has been initialized. Since the constructor is not called each time |
|
|
|
if it has been initialized. Since the constructor is not called each time |
|
|
|
(i.e. key is not initialized with pthread_key_create each time), and the |
|
|
|
(i.e. key is not initialized with pthread_key_create each time), and the |
|
|
|
default is 0, there is a possibility that key 0 for an active thread gets |
|
|
|
default is 0, there is a possibility that key 0 for an active thread gets |
|
|
|
deleted. This is exactly what is happening in case of OpenJDK. |
|
|
|
deleted. This is exactly what is happening in case of OpenJDK. |
|
|
|
|
|
|
|
|
|
|
|
Workaround patch that initializes the key to -1. Thus if the constructor is not |
|
|
|
Workaround patch that initializes the key to -1. Thus if the constructor is not |
|
|
|
called, the destructor tries to delete key -1 which is deemed invalid by |
|
|
|
called, the destructor tries to delete key -1 which is deemed invalid by |
|
|
|
pthread_key_delete, and is ignored. |
|
|
|
pthread_key_delete, and is ignored. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-3 |
|
|
|
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.99-3 |
|
|
@ -883,11 +883,11 @@ pthread_key_delete, and is ignored. |
|
|
|
- Fix Makefile to use pkg-config --cflags python3 to discover include paths |
|
|
|
- Fix Makefile to use pkg-config --cflags python3 to discover include paths |
|
|
|
|
|
|
|
|
|
|
|
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.98-1 |
|
|
|
* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.98-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list |
|
|
|
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list |
|
|
|
|
|
|
|
|
|
|
|
* Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1 |
|
|
|
* Mon Dec 6 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.97-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Thread local storage fixes from Eamon Walsh. |
|
|
|
* Thread local storage fixes from Eamon Walsh. |
|
|
|
|
|
|
|
|
|
|
|
* Sat Dec 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-9 |
|
|
|
* Sat Dec 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-9 |
|
|
@ -915,31 +915,31 @@ pthread_key_delete, and is ignored. |
|
|
|
- Turn off messages in audit2why |
|
|
|
- Turn off messages in audit2why |
|
|
|
|
|
|
|
|
|
|
|
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-1 |
|
|
|
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.96-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Add const qualifiers to public API where appropriate by KaiGai Kohei. |
|
|
|
* Add const qualifiers to public API where appropriate by KaiGai Kohei. |
|
|
|
|
|
|
|
|
|
|
|
2.0.95 2010-06-10 |
|
|
|
2.0.95 2010-06-10 |
|
|
|
* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers |
|
|
|
* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers |
|
|
|
* Adds a chcon method to the libselinux python bindings from Steve Lawrence |
|
|
|
* Adds a chcon method to the libselinux python bindings from Steve Lawrence |
|
|
|
- add python3 subpackage from David Malcolm |
|
|
|
- add python3 subpackage from David Malcolm |
|
|
|
|
|
|
|
|
|
|
|
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1 |
|
|
|
* Wed Mar 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.94-1 |
|
|
|
* Set errno=EINVAL for invalid contexts from Dan Walsh. |
|
|
|
* Set errno=EINVAL for invalid contexts from Dan Walsh. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1 |
|
|
|
* Tue Mar 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.93-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Show strerror for security_getenforce() by Colin Waters. |
|
|
|
* Show strerror for security_getenforce() by Colin Waters. |
|
|
|
* Merged selabel database support by KaiGai Kohei. |
|
|
|
* Merged selabel database support by KaiGai Kohei. |
|
|
|
* Modify netlink socket blocking code by KaiGai Kohei. |
|
|
|
* Modify netlink socket blocking code by KaiGai Kohei. |
|
|
|
|
|
|
|
|
|
|
|
* Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1 |
|
|
|
* Sun Mar 7 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.92-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Fix from Eric Paris to fix leak on non-selinux systems. |
|
|
|
* Fix from Eric Paris to fix leak on non-selinux systems. |
|
|
|
* regenerate swig wrappers |
|
|
|
* regenerate swig wrappers |
|
|
|
* pkgconfig fix to respect LIBDIR from Dan Walsh. |
|
|
|
* pkgconfig fix to respect LIBDIR from Dan Walsh. |
|
|
|
|
|
|
|
|
|
|
|
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1 |
|
|
|
* Wed Feb 24 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.91-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Change the AVC to only audit the permissions specified by the |
|
|
|
* Change the AVC to only audit the permissions specified by the |
|
|
|
policy, excluding any permissions specified via dontaudit or not |
|
|
|
policy, excluding any permissions specified via dontaudit or not |
|
|
|
specified via auditallow. |
|
|
|
specified via auditallow. |
|
|
@ -958,7 +958,7 @@ pthread_key_delete, and is ignored. |
|
|
|
- Free memory on disabled selinux boxes |
|
|
|
- Free memory on disabled selinux boxes |
|
|
|
|
|
|
|
|
|
|
|
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.90-1 |
|
|
|
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.90-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>. |
|
|
|
* add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>. |
|
|
|
* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org> |
|
|
|
* Change exception.sh to be called with bash by Manoj Srivastava <srivasta@debian.org> |
|
|
|
|
|
|
|
|
|
|
@ -966,15 +966,15 @@ pthread_key_delete, and is ignored. |
|
|
|
- Fix selinuxdefcon man page |
|
|
|
- Fix selinuxdefcon man page |
|
|
|
|
|
|
|
|
|
|
|
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.89-1 |
|
|
|
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.89-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Add pkgconfig file from Eamon Walsh. |
|
|
|
* Add pkgconfig file from Eamon Walsh. |
|
|
|
|
|
|
|
|
|
|
|
* Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.88-1 |
|
|
|
* Thu Oct 29 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.88-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Rename and export selinux_reset_config() |
|
|
|
* Rename and export selinux_reset_config() |
|
|
|
|
|
|
|
|
|
|
|
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.87-1 |
|
|
|
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.87-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Add exception handling in libselinux from Dan Walsh. This uses a |
|
|
|
* Add exception handling in libselinux from Dan Walsh. This uses a |
|
|
|
shell script called exception.sh to generate a swig interface file. |
|
|
|
shell script called exception.sh to generate a swig interface file. |
|
|
|
* make swigify |
|
|
|
* make swigify |
|
|
@ -984,14 +984,14 @@ pthread_key_delete, and is ignored. |
|
|
|
- Eliminate -pthread switch in Makefile |
|
|
|
- Eliminate -pthread switch in Makefile |
|
|
|
|
|
|
|
|
|
|
|
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.86-1 |
|
|
|
* Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.86-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Removal of reference counting on userspace AVC SID's. |
|
|
|
* Removal of reference counting on userspace AVC SID's. |
|
|
|
|
|
|
|
|
|
|
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-2 |
|
|
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.85-2 |
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
|
|
|
|
|
|
|
|
|
|
|
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.85-1 |
|
|
|
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.85-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Reverted Tomas Mraz's fix for freeing thread local storage to avoid |
|
|
|
* Reverted Tomas Mraz's fix for freeing thread local storage to avoid |
|
|
|
pthread dependency. |
|
|
|
pthread dependency. |
|
|
|
* Removed fini_context_translations() altogether. |
|
|
|
* Removed fini_context_translations() altogether. |
|
|
@ -999,7 +999,7 @@ pthread_key_delete, and is ignored. |
|
|
|
by Steve Grubb. |
|
|
|
by Steve Grubb. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1 |
|
|
|
* Tue Jul 7 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.84-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Add per-service seuser support from Dan Walsh. |
|
|
|
* Add per-service seuser support from Dan Walsh. |
|
|
|
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. |
|
|
|
* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. |
|
|
|
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric |
|
|
|
* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric |
|
|
@ -1009,20 +1009,20 @@ pthread_key_delete, and is ignored. |
|
|
|
- Add provices ruby(selinux) |
|
|
|
- Add provices ruby(selinux) |
|
|
|
|
|
|
|
|
|
|
|
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-1 |
|
|
|
* Tue Jun 23 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.82-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>. |
|
|
|
* Fix improper use of thread local storage from Tomas Mraz <tmraz@redhat.com>. |
|
|
|
* Label substitution support from Dan Walsh. |
|
|
|
* Label substitution support from Dan Walsh. |
|
|
|
* Support for labeling virtual machine images from Dan Walsh. |
|
|
|
* Support for labeling virtual machine images from Dan Walsh. |
|
|
|
|
|
|
|
|
|
|
|
* Mon May 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.81-1 |
|
|
|
* Mon May 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.81-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Trim / from the end of input paths to matchpathcon from Dan Walsh. |
|
|
|
* Trim / from the end of input paths to matchpathcon from Dan Walsh. |
|
|
|
* Fix leak in process_line in label_file.c from Hiroshi Shinji. |
|
|
|
* Fix leak in process_line in label_file.c from Hiroshi Shinji. |
|
|
|
* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. |
|
|
|
* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. |
|
|
|
* getdefaultcon to print just the correct match and add verbose option from Dan Walsh. |
|
|
|
* getdefaultcon to print just the correct match and add verbose option from Dan Walsh. |
|
|
|
|
|
|
|
|
|
|
|
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.80-1 |
|
|
|
* Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.80-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* deny_unknown wrapper function from KaiGai Kohei. |
|
|
|
* deny_unknown wrapper function from KaiGai Kohei. |
|
|
|
* security_compute_av_flags API from KaiGai Kohei. |
|
|
|
* security_compute_av_flags API from KaiGai Kohei. |
|
|
|
* Netlink socket management and callbacks from KaiGai Kohei. |
|
|
|
* Netlink socket management and callbacks from KaiGai Kohei. |
|
|
@ -1040,22 +1040,22 @@ pthread_key_delete, and is ignored. |
|
|
|
- Add back in av_decision to python swig |
|
|
|
- Add back in av_decision to python swig |
|
|
|
|
|
|
|
|
|
|
|
* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-1 |
|
|
|
* Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.79-1 |
|
|
|
- Update to upstream |
|
|
|
- Update to upstream |
|
|
|
* Netlink socket handoff patch from Adam Jackson. |
|
|
|
* Netlink socket handoff patch from Adam Jackson. |
|
|
|
* AVC caching of compute_create results by Eric Paris. |
|
|
|
* AVC caching of compute_create results by Eric Paris. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-5 |
|
|
|
* Tue Mar 10 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-5 |
|
|
|
- Add patch from ajax to accellerate X SELinux |
|
|
|
- Add patch from ajax to accellerate X SELinux |
|
|
|
- Update eparis patch |
|
|
|
- Update eparis patch |
|
|
|
|
|
|
|
|
|
|
|
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-4 |
|
|
|
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-4 |
|
|
|
- Add eparis patch to accellerate Xwindows performance |
|
|
|
- Add eparis patch to accellerate Xwindows performance |
|
|
|
|
|
|
|
|
|
|
|
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-3 |
|
|
|
* Mon Mar 9 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-3 |
|
|
|
- Fix URL |
|
|
|
- Fix URL |
|
|
|
|
|
|
|
|
|
|
|
* Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-2 |
|
|
|
* Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-2 |
|
|
|
- Add substitute pattern |
|
|
|
- Add substitute pattern |
|
|
|
- matchpathcon output <<none>> on ENOENT |
|
|
|
- matchpathcon output <<none>> on ENOENT |
|
|
|
|
|
|
|
|
|
|
|
* Mon Mar 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-1 |
|
|
|
* Mon Mar 2 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.78-1 |
|
|
@ -1066,7 +1066,7 @@ pthread_key_delete, and is ignored. |
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
|
|
|
|
|
|
|
|
|
|
|
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-5 |
|
|
|
* Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> - 2.0.77-5 |
|
|
|
- Add |
|
|
|
- Add |
|
|
|
- selinux_virtual_domain_context_path |
|
|
|
- selinux_virtual_domain_context_path |
|
|
|
- selinux_virtual_image_context_path |
|
|
|
- selinux_virtual_image_context_path |
|
|
|
|
|
|
|
|
|
|
@ -1113,7 +1113,7 @@ pthread_key_delete, and is ignored. |
|
|
|
* Update flask headers from refpolicy trunk from Dan Walsh. |
|
|
|
* Update flask headers from refpolicy trunk from Dan Walsh. |
|
|
|
|
|
|
|
|
|
|
|
* Fri Sep 26 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-6 |
|
|
|
* Fri Sep 26 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-6 |
|
|
|
- Fix matchpathcon -V call |
|
|
|
- Fix matchpathcon -V call |
|
|
|
|
|
|
|
|
|
|
|
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-5 |
|
|
|
* Tue Sep 9 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.71-5 |
|
|
|
- Add flask definitions for open, X and nlmsg_tty_audit |
|
|
|
- Add flask definitions for open, X and nlmsg_tty_audit |
|
|
@ -1273,7 +1273,7 @@ pthread_key_delete, and is ignored. |
|
|
|
- smp_mflag |
|
|
|
- smp_mflag |
|
|
|
|
|
|
|
|
|
|
|
* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-2 |
|
|
|
* Thu Jan 3 2008 Dan Walsh <dwalsh@redhat.com> - 2.0.46-2 |
|
|
|
- Fix spec file caused by spec review |
|
|
|
- Fix spec file caused by spec review |
|
|
|
|
|
|
|
|
|
|
|
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1 |
|
|
|
* Fri Nov 30 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.46-1 |
|
|
|
- Upgrade to upstream |
|
|
|
- Upgrade to upstream |
|
|
@ -1315,7 +1315,7 @@ pthread_key_delete, and is ignored. |
|
|
|
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1 |
|
|
|
* Wed Sep 26 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.35-1 |
|
|
|
- Upgrade to upstream |
|
|
|
- Upgrade to upstream |
|
|
|
* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. |
|
|
|
* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh. |
|
|
|
* Pass CFLAGS when using gcc for linking from Dennis Gilmore. |
|
|
|
* Pass CFLAGS when using gcc for linking from Dennis Gilmore. |
|
|
|
|
|
|
|
|
|
|
|
* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.34-3 |
|
|
|
* Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.34-3 |
|
|
|
- Add sparc patch to from Dennis Gilmore to build on Sparc platform |
|
|
|
- Add sparc patch to from Dennis Gilmore to build on Sparc platform |
|
|
@ -1347,7 +1347,7 @@ pthread_key_delete, and is ignored. |
|
|
|
* Fix file_contexts.homedirs path from Todd Miller. |
|
|
|
* Fix file_contexts.homedirs path from Todd Miller. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 21 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-2 |
|
|
|
* Tue Aug 21 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-2 |
|
|
|
- Remove requirement on setransd, Moved to selinux-policy-mls |
|
|
|
- Remove requirement on setransd, Moved to selinux-policy-mls |
|
|
|
|
|
|
|
|
|
|
|
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1 |
|
|
|
* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.30-1 |
|
|
|
- Move libselinux.so into devel package |
|
|
|
- Move libselinux.so into devel package |
|
|
@ -1359,7 +1359,7 @@ pthread_key_delete, and is ignored. |
|
|
|
|
|
|
|
|
|
|
|
* Fri Aug 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.29-1 |
|
|
|
* Fri Aug 3 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.29-1 |
|
|
|
- Upgrade to upstream |
|
|
|
- Upgrade to upstream |
|
|
|
* Updated version for stable branch. |
|
|
|
* Updated version for stable branch. |
|
|
|
* Added x_contexts path function patch from Eamon Walsh. |
|
|
|
* Added x_contexts path function patch from Eamon Walsh. |
|
|
|
* Fix build for EMBEDDED=y from Yuichi Nakamura. |
|
|
|
* Fix build for EMBEDDED=y from Yuichi Nakamura. |
|
|
|
* Fix markup problems in selinux man pages from Dan Walsh. |
|
|
|
* Fix markup problems in selinux man pages from Dan Walsh. |
|
|
@ -1480,13 +1480,13 @@ pthread_key_delete, and is ignored. |
|
|
|
of the use of the non-standard format (original patch changed |
|
|
|
of the use of the non-standard format (original patch changed |
|
|
|
for style). |
|
|
|
for style). |
|
|
|
- Merged patch from Todd Miller to fix memory leak in matchpathcon.c. |
|
|
|
- Merged patch from Todd Miller to fix memory leak in matchpathcon.c. |
|
|
|
|
|
|
|
|
|
|
|
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2 |
|
|
|
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2 |
|
|
|
- Add context function to python to split context into 4 parts |
|
|
|
- Add context function to python to split context into 4 parts |
|
|
|
|
|
|
|
|
|
|
|
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-1 |
|
|
|
* Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-1 |
|
|
|
- Upgrade to upstream |
|
|
|
- Upgrade to upstream |
|
|
|
* Updated version for stable branch. |
|
|
|
* Updated version for stable branch. |
|
|
|
|
|
|
|
|
|
|
|
* Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.6-1 |
|
|
|
* Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.6-1 |
|
|
|
- Upgrade to upstream |
|
|
|
- Upgrade to upstream |
|
|
@ -1540,7 +1540,7 @@ Resolves: #200110 |
|
|
|
* Tue Oct 24 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-1 |
|
|
|
* Tue Oct 24 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-1 |
|
|
|
- Upgrade to latest from NSA |
|
|
|
- Upgrade to latest from NSA |
|
|
|
* Merged updated flask definitions from Darrel Goeddel. |
|
|
|
* Merged updated flask definitions from Darrel Goeddel. |
|
|
|
This adds the context security class, and also adds |
|
|
|
This adds the context security class, and also adds |
|
|
|
the string definitions for setsockcreate and polmatch. |
|
|
|
the string definitions for setsockcreate and polmatch. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.32-1 |
|
|
|
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.32-1 |
|
|
@ -1607,8 +1607,8 @@ Resolves: #200110 |
|
|
|
- only build non-fpic objects with -mno-tls-direct-seg-refs |
|
|
|
- only build non-fpic objects with -mno-tls-direct-seg-refs |
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-4 |
|
|
|
* Tue Aug 1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-4 |
|
|
|
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering |
|
|
|
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering |
|
|
|
segfaults with xen (#200783) |
|
|
|
segfaults with xen (#200783) |
|
|
|
|
|
|
|
|
|
|
|
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-3 |
|
|
|
* Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-3 |
|
|
|
- Rebuild for new gcc |
|
|
|
- Rebuild for new gcc |
|
|
@ -1660,7 +1660,7 @@ Resolves: #200110 |
|
|
|
- Check for selinux_mnt == NULL |
|
|
|
- Check for selinux_mnt == NULL |
|
|
|
|
|
|
|
|
|
|
|
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1 |
|
|
|
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1 |
|
|
|
- Merged matchmediacon and trans_to_raw_context fixes from |
|
|
|
- Merged matchmediacon and trans_to_raw_context fixes from |
|
|
|
Serge Hallyn. |
|
|
|
Serge Hallyn. |
|
|
|
|
|
|
|
|
|
|
|
* Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4 |
|
|
|
* Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4 |
|
|
@ -1704,7 +1704,7 @@ Resolves: #200110 |
|
|
|
|
|
|
|
|
|
|
|
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1 |
|
|
|
* Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1 |
|
|
|
- Upgrade to latest from NSA |
|
|
|
- Upgrade to latest from NSA |
|
|
|
* Merged fix warnings patch from Karl MacMillan. |
|
|
|
* Merged fix warnings patch from Karl MacMillan. |
|
|
|
* Merged setrans client support from Dan Walsh. |
|
|
|
* Merged setrans client support from Dan Walsh. |
|
|
|
This removes use of libsetrans. |
|
|
|
This removes use of libsetrans. |
|
|
|
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. |
|
|
|
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. |
|
|
@ -1796,7 +1796,7 @@ Resolves: #200110 |
|
|
|
allocated by libsetrans. |
|
|
|
allocated by libsetrans. |
|
|
|
|
|
|
|
|
|
|
|
* Sun Dec 11 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-3 |
|
|
|
* Sun Dec 11 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-3 |
|
|
|
- update to latest libsetrans |
|
|
|
- update to latest libsetrans |
|
|
|
- Fix potential memory leak |
|
|
|
- Fix potential memory leak |
|
|
|
|
|
|
|
|
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> |
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> |
|
|
@ -1931,7 +1931,7 @@ Resolves: #200110 |
|
|
|
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1 |
|
|
|
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1 |
|
|
|
- Update to latest from NSA |
|
|
|
- Update to latest from NSA |
|
|
|
* Changed getseuserbyname to fall back to the Linux username and |
|
|
|
* Changed getseuserbyname to fall back to the Linux username and |
|
|
|
NULL level if seusers config file doesn't exist unless |
|
|
|
NULL level if seusers config file doesn't exist unless |
|
|
|
REQUIRESEUSERS=1 is set in /etc/selinux/config. |
|
|
|
REQUIRESEUSERS=1 is set in /etc/selinux/config. |
|
|
|
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers. |
|
|
|
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers. |
|
|
|
|
|
|
|
|
|
|
@ -1939,7 +1939,7 @@ Resolves: #200110 |
|
|
|
- Update to latest from NSA |
|
|
|
- Update to latest from NSA |
|
|
|
* Added selinux_init_load_policy() function as an even higher level |
|
|
|
* Added selinux_init_load_policy() function as an even higher level |
|
|
|
interface for the initial policy load by /sbin/init. This obsoletes |
|
|
|
interface for the initial policy load by /sbin/init. This obsoletes |
|
|
|
the load_policy() function in the sysvinit-selinux.patch. |
|
|
|
the load_policy() function in the sysvinit-selinux.patch. |
|
|
|
* Added selinux_mkload_policy() function as a higher level interface |
|
|
|
* Added selinux_mkload_policy() function as a higher level interface |
|
|
|
for loading policy than the security_load_policy() interface. |
|
|
|
for loading policy than the security_load_policy() interface. |
|
|
|
|
|
|
|
|
|
|
@ -1997,7 +1997,7 @@ Resolves: #200110 |
|
|
|
|
|
|
|
|
|
|
|
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1 |
|
|
|
* Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1 |
|
|
|
- Update from NSA |
|
|
|
- Update from NSA |
|
|
|
* Hid translation-related symbols entirely and ensured that |
|
|
|
* Hid translation-related symbols entirely and ensured that |
|
|
|
raw functions have hidden definitions for internal use. |
|
|
|
raw functions have hidden definitions for internal use. |
|
|
|
* Allowed setting NULL via context_set* functions. |
|
|
|
* Allowed setting NULL via context_set* functions. |
|
|
|
* Allowed whitespace in MLS component of context. |
|
|
|
* Allowed whitespace in MLS component of context. |
|
|
@ -2021,7 +2021,7 @@ Resolves: #200110 |
|
|
|
code from Serge Hallyn (IBM). Bugs found by Coverity. |
|
|
|
code from Serge Hallyn (IBM). Bugs found by Coverity. |
|
|
|
* Removed setupns; migrated to pam. |
|
|
|
* Removed setupns; migrated to pam. |
|
|
|
* Merged patches to rename checkPasswdAccess() from Joshua Brindle. |
|
|
|
* Merged patches to rename checkPasswdAccess() from Joshua Brindle. |
|
|
|
Original symbol is temporarily retained for compatibility until |
|
|
|
Original symbol is temporarily retained for compatibility until |
|
|
|
all callers are updated. |
|
|
|
all callers are updated. |
|
|
|
|
|
|
|
|
|
|
|
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.24.2-1 |
|
|
|
* Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.24.2-1 |
|
|
@ -2035,9 +2035,9 @@ Resolves: #200110 |
|
|
|
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1 |
|
|
|
* Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1 |
|
|
|
- Update from NSA |
|
|
|
- Update from NSA |
|
|
|
* Merged avcstat and selinux man page from Dan Walsh. |
|
|
|
* Merged avcstat and selinux man page from Dan Walsh. |
|
|
|
* Changed security_load_booleans to process booleans.local |
|
|
|
* Changed security_load_booleans to process booleans.local |
|
|
|
even if booleans file doesn't exist. |
|
|
|
even if booleans file doesn't exist. |
|
|
|
|
|
|
|
|
|
|
|
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3 |
|
|
|
* Fri Apr 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3 |
|
|
|
- Fix avcstat to clear totals |
|
|
|
- Fix avcstat to clear totals |
|
|
|
|
|
|
|
|
|
|
@ -2089,7 +2089,7 @@ Resolves: #200110 |
|
|
|
- Update from NSA |
|
|
|
- Update from NSA |
|
|
|
* Added set_matchpathcon_flags() function for setting flags |
|
|
|
* Added set_matchpathcon_flags() function for setting flags |
|
|
|
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY |
|
|
|
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY |
|
|
|
means only process the base file_contexts file, not |
|
|
|
means only process the base file_contexts file, not |
|
|
|
file_contexts.homedirs or file_contexts.local, and is for use by |
|
|
|
file_contexts.homedirs or file_contexts.local, and is for use by |
|
|
|
setfiles -c. |
|
|
|
setfiles -c. |
|
|
|
* Updated matchpathcon.3 man page. |
|
|
|
* Updated matchpathcon.3 man page. |
|
|
@ -2177,7 +2177,7 @@ Resolves: #200110 |
|
|
|
|
|
|
|
|
|
|
|
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.4-1 |
|
|
|
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.4-1 |
|
|
|
- Update to latest from upstream |
|
|
|
- Update to latest from upstream |
|
|
|
* Changed matchpathcon to return -1 with errno ENOENT for |
|
|
|
* Changed matchpathcon to return -1 with errno ENOENT for |
|
|
|
<<none>> entries, and also for an empty file_contexts configuration. |
|
|
|
<<none>> entries, and also for an empty file_contexts configuration. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Dec 28 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-3 |
|
|
|
* Tue Dec 28 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-3 |
|
|
@ -2209,7 +2209,7 @@ Resolves: #200110 |
|
|
|
- Update from upstream, fix setsebool -P segfault |
|
|
|
- Update from upstream, fix setsebool -P segfault |
|
|
|
|
|
|
|
|
|
|
|
* Fri Nov 5 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-5 |
|
|
|
* Fri Nov 5 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-5 |
|
|
|
- Add a patch from upstream. Fixes signed/unsigned issues, and |
|
|
|
- Add a patch from upstream. Fixes signed/unsigned issues, and |
|
|
|
incomplete structure copy. |
|
|
|
incomplete structure copy. |
|
|
|
|
|
|
|
|
|
|
|
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-4 |
|
|
|
* Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-4 |
|
|
@ -2281,11 +2281,11 @@ Resolves: #200110 |
|
|
|
|
|
|
|
|
|
|
|
* Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1 |
|
|
|
* Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1 |
|
|
|
- Update from NSA |
|
|
|
- Update from NSA |
|
|
|
* Added set_matchpathcon_printf. |
|
|
|
* Added set_matchpathcon_printf. |
|
|
|
|
|
|
|
|
|
|
|
* Wed Sep 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1 |
|
|
|
* Wed Sep 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1 |
|
|
|
- Update from NSA |
|
|
|
- Update from NSA |
|
|
|
* Reworked av_inherit.h to allow easier re-use by kernel. |
|
|
|
* Reworked av_inherit.h to allow easier re-use by kernel. |
|
|
|
|
|
|
|
|
|
|
|
* Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1 |
|
|
|
* Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1 |
|
|
|
- Add strcasecmp in selinux_config |
|
|
|
- Add strcasecmp in selinux_config |
|
|
@ -2410,11 +2410,11 @@ Resolves: #200110 |
|
|
|
- Update with latest from NSA |
|
|
|
- Update with latest from NSA |
|
|
|
|
|
|
|
|
|
|
|
* Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1 |
|
|
|
* Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1 |
|
|
|
- Add changes for relaxed policy |
|
|
|
- Add changes for relaxed policy |
|
|
|
- Update to match NSA |
|
|
|
- Update to match NSA |
|
|
|
|
|
|
|
|
|
|
|
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1 |
|
|
|
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1 |
|
|
|
- Add relaxed policy changes |
|
|
|
- Add relaxed policy changes |
|
|
|
|
|
|
|
|
|
|
|
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4 |
|
|
|
* Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4 |
|
|
|
- Sync with NSA |
|
|
|
- Sync with NSA |
|
|
@ -2487,7 +2487,7 @@ Resolves: #200110 |
|
|
|
- Add mntpoint patch for SysVinit |
|
|
|
- Add mntpoint patch for SysVinit |
|
|
|
|
|
|
|
|
|
|
|
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2 |
|
|
|
* Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2 |
|
|
|
- Add -r -u -t to getcon |
|
|
|
- Add -r -u -t to getcon |
|
|
|
|
|
|
|
|
|
|
|
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1 |
|
|
|
* Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1 |
|
|
|
- Upgrade to latest from NSA |
|
|
|
- Upgrade to latest from NSA |
|
|
|