* filename_trans: use some better sorting to compare and merge
* coverity fixes
* implement default type policy syntax
* Fix memory leak issues found by Klocwork
- Add CONTRAINT_NAMES to the kernel
* reserve policycapability for redhat testing of ptrace child
* cosmetic changes to make the source easier to read
* prepend instead of append to filename_trans list
* Android/MacOS X build support
* allocate enough space to hold filename in trans rules
* regenerate .pc on VERSION change
* Move ebitmap_* functions from mcstrans to libsepol
* expand: do filename_trans type comparison on mapped representation
done between the unmapped type value of a new rule and the type value of
rules already in policy. This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem. It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!
* Skip writing role attributes for policy.X and
* Indicate when boolean is indeed a tunable.
* Separate tunable from boolean during compile.
* Write and read TUNABLE flags in related
* Copy and check the cond_bool_datum_t.flags during link.
* Permanently discard disabled branches of tunables in
* Skip tunable identifier and cond_node_t in expansion.
* Create a new preserve_tunables flag
* Preserve tunables when required by semodule program.
* setools expects expand_module_avrules to be an exported
* tree: default make target to all not
This patch add libsepol support for filename_trans rules. These rules
allow on to make labeling decisions for new objects based partially on
the last path component. They are stored in a list. If we find that
the number of rules grows to an significant size I will likely choose to
store these in a hash, both in libsepol and in the kernel. But as long
as the number of such rules stays small, this should be good.
Fix mls_level_convert() to gracefully handle an empty user
declaration/require from Stephen Smalley.
Belatedly merge test for policy downgrade from Todd Miller.
Fix sepol_context_clone to handle a NULL context correctly. This happens
for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) to set the file
context entry to "<<none>>".
- Apply patch from Joshua Brindle to disable dontaudit rules
- Upgrade to latest from NSA
Merged libsepol segfault fix from Stephen Smalley for when sensitivities
are required but not present in the base.
Merged patch to add errcodes.h to libsepol by Karl MacMillan.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
- Upgrade to latest from NSA
Updated version for stable branch.
Dan Walsh
Dan Horák
Daniel J Walsh