Add exception handling in libselinux from Dan Walsh. This uses a shell
script called exception.sh to generate a swig interface file.
make swigify
Make matchpathcon print <<none>> if path not found in fcontext file.
Reverted Tomas Mraz's fix for freeing thread local storage to avoid pthread
dependency.
Removed fini_context_translations() altogether.
Merged lazy init patch from Stephen Smalley based on original patch by
Steve Grubb.
Add per-service seuser support from Dan Walsh.
Let load_policy gracefully handle selinuxfs being mounted from Stephen
Smalley.
Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
Fix improper use of thread local storage from Tomas Mraz
<tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
Trim / from the end of input paths to matchpathcon from Dan Walsh.
Fix leak in process_line in label_file.c from Hiroshi Shinji.
Move matchpathcon to /sbin, add matchpathcon to clean target from Dan
Walsh.
getdefaultcon to print just the correct match and add verbose option from
Dan Walsh.
deny_unknown wrapper function from KaiGai Kohei.
security_compute_av_flags API from KaiGai Kohei.
Netlink socket management and callbacks from KaiGai Kohei.
Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.
Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call
matchpathcon_init_prefix if not already initialized.
Add -q qualifier for -V option of matchpathcon and change it to indicate
whether verification succeeded or failed via exit status.
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
libsepol-supported version when no manipulation of the binary policy is
needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
Disable setlocaldefs if no local boolean or users files are present from
Stephen Smalley.
Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen
Smalley.
dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
Based on a suggestion from Ulrich Drepper, defer regex compilation until we
have a stem match, by Stephen Smalley.
A further optimization would be to defer regex compilation until we have a
complete match of the constant prefix of the regex - TBD.
AVC enforcing mode override patch from Eamon Walsh.
Aligned attributes in AVC netlink code from Eamon Walsh.
- Move libselinux.so back into devel package, procps has been fixed
Merged refactored AVC netlink code from Eamon Walsh.
Merged new X label namespaces from Eamon Walsh.
Bux fix and minor refactoring in string representation code.
Class and permission mapping support patches from Eamon Walsh.
Object class discovery support patches from Chris PeBenito.
Refactoring and errno support in string representation code.
Merged patch to reduce size of libselinux and remove need for libsepol for
embedded systems from Yuichi Nakamura. This patch also turns the
link-time dependency on libsepol into a runtime (dlopen) dependency
even in the non-embedded case.
Daniel J Walsh