* reserve policycapability for redhat testing of ptrace child
* cosmetic changes to make the source easier to read
* prepend instead of append to filename_trans list
* Android/MacOS X build support
* allocate enough space to hold filename in trans rules
* regenerate .pc on VERSION change
* Move ebitmap_* functions from mcstrans to libsepol
* expand: do filename_trans type comparison on mapped representation
* Skip writing role attributes for policy.X and
* Indicate when boolean is indeed a tunable.
* Separate tunable from boolean during compile.
* Write and read TUNABLE flags in related
* Copy and check the cond_bool_datum_t.flags during link.
* Permanently discard disabled branches of tunables in
* Skip tunable identifier and cond_node_t in expansion.
* Create a new preserve_tunables flag
* Preserve tunables when required by semodule program.
* setools expects expand_module_avrules to be an exported
* tree: default make target to all not
* Make sure selinux state is reported correctly if selinux is disabled or
fails to load by Dan Walsh.
* Fix crash if selinux_key_create was never called by Dan Walsh.
* Add new file_context.subs_dist for distro specific filecon substitutions
by Dan Walsh.
* Update man pages for selinux_color_* functions by Richard Haines.
Fix endianness bug in the handling of network node addresses from Stephen
Smalley. Only affects big endian platforms. Bug reported by John Weeks
of Sun upon policy mismatch between x86 and sparc.
Fix mls_level_convert() to gracefully handle an empty user
declaration/require from Stephen Smalley.
Belatedly merge test for policy downgrade from Todd Miller.
Accept "Flask" as an alternate identifier string in kernel policies from
Stephen Smalley.
Add support for open_perms policy capability from Eric Paris.
Reject self aliasing at link time from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
Smalley.
Fixed bug in require checking from Stephen Smalley.
Added user hierarchy checking from Todd Miller.
Moved next_entry and put_entry out-of-line to reduce code size from Ulrich
Drepper.
Fixed module_package_read_offsets bug introduced by the prior patch.
Fix sepol_context_clone to handle a NULL context correctly. This happens
for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) to set the file
context entry to "<<none>>".
- Apply patch from Joshua Brindle to disable dontaudit rules
Merged libsepol segfault fix from Stephen Smalley for when sensitivities
are required but not present in the base.
Merged patch to add errcodes.h to libsepol by Karl MacMillan.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
- Upgrade to latest from NSA
Updated version for stable branch.
Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to
prevent hitting the global offest table limit. Patch changed to include
libselinux and libsemanage in addition to libselinux.
