* reserve policycapability for redhat testing of ptrace child
* cosmetic changes to make the source easier to read
* prepend instead of append to filename_trans list
* Android/MacOS X build support
* allocate enough space to hold filename in trans rules
* regenerate .pc on VERSION change
* Move ebitmap_* functions from mcstrans to libsepol
* expand: do filename_trans type comparison on mapped representation
done between the unmapped type value of a new rule and the type value of
rules already in policy. This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem. It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!
* Skip writing role attributes for policy.X and
* Indicate when boolean is indeed a tunable.
* Separate tunable from boolean during compile.
* Write and read TUNABLE flags in related
* Copy and check the cond_bool_datum_t.flags during link.
* Permanently discard disabled branches of tunables in
* Skip tunable identifier and cond_node_t in expansion.
* Create a new preserve_tunables flag
* Preserve tunables when required by semodule program.
* setools expects expand_module_avrules to be an exported
* tree: default make target to all not
* Make sure selinux state is reported correctly if selinux is disabled or
fails to load by Dan Walsh.
* Fix crash if selinux_key_create was never called by Dan Walsh.
* Add new file_context.subs_dist for distro specific filecon substitutions
by Dan Walsh.
* Update man pages for selinux_color_* functions by Richard Haines.
This patch add libsepol support for filename_trans rules. These rules
allow on to make labeling decisions for new objects based partially on
the last path component. They are stored in a list. If we find that
the number of rules grows to an significant size I will likely choose to
store these in a hash, both in libsepol and in the kernel. But as long
as the number of such rules stays small, this should be good.
Fix endianness bug in the handling of network node addresses from Stephen
Smalley. Only affects big endian platforms. Bug reported by John Weeks
of Sun upon policy mismatch between x86 and sparc.
Dan Walsh
Dennis Gilmore
Fedora Release Engineering
Dan Horák
Daniel J Walsh
Bill Nottingham
Jesse Keating