diff --git a/policycoreutils.spec b/policycoreutils.spec index f50ab2f..2d68b6b 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,17 +1,17 @@ -%global libauditver 2.1.3-4 -%global libsepolver 2.7-3 -%global libsemanagever 2.7-5 -%global libselinuxver 2.7-6 -%global sepolgenver 2.7 +%global libauditver 2.1.3-4 +%global libsepolver 2.7-3 +%global libsemanagever 2.7-5 +%global libselinuxver 2.7-6 +%global sepolgenver 2.7 %global generatorsdir %{_prefix}/lib/systemd/system-generators Summary: SELinux policy core utilities -Name: policycoreutils +Name: policycoreutils Version: 2.7 Release: 6%{?dist} License: GPLv2 -Group: System Environment/Base +Group: System Environment/Base # https://github.com/SELinuxProject/selinux/wiki/Releases Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/policycoreutils-2.7.tar.gz Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-python-2.7.tar.gz @@ -20,7 +20,7 @@ Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/rel Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/selinux-dbus-2.7.tar.gz Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/semodule-utils-2.7.tar.gz Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/restorecond-2.7.tar.gz -URL: http://www.selinuxproject.org +URL: https://github.com/SELinuxProject Source12: policycoreutils_man_ru2.tar.bz2 Source13: system-config-selinux.png Source14: sepolicy-icons.tgz @@ -35,7 +35,7 @@ Source19: selinux-autorelabel-generator.sh # $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do # ./make-fedora-selinux-patch.sh $i # done -Patch: policycoreutils-fedora.patch +Patch: policycoreutils-fedora.patch Patch1: selinux-python-fedora.patch Patch2: selinux-gui-fedora.patch Patch3: selinux-sandbox-fedora.patch @@ -49,7 +49,7 @@ Conflicts: initscripts < 9.66 Provides: /sbin/fixfiles Provides: /sbin/restorecon -BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext +BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel BuildRequires: python-devel python3-devel BuildRequires: systemd @@ -73,20 +73,18 @@ load_policy to load policies, setfiles to label filesystems, newrole to switch roles. %prep -# create selinux/ directory and extract %{SOURCE0} there +# create selinux/ directory and extract sources %setup -q -c -n selinux -%setup -T -D -a 1 -n selinux -%setup -T -D -a 2 -n selinux -%setup -T -D -a 3 -n selinux -%setup -T -D -a 4 -n selinux -%setup -T -D -a 5 -n selinux -%setup -T -D -a 6 -n selinux +%setup -q -T -D -a 1 -n selinux +%setup -q -T -D -a 2 -n selinux +%setup -q -T -D -a 3 -n selinux +%setup -q -T -D -a 4 -n selinux +%setup -q -T -D -a 5 -n selinux +%setup -q -T -D -a 6 -n selinux %patch -p0 -b .policycoreutils-fedora cp %{SOURCE13} selinux-gui-%{version}/ tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/ -# extract {%SOURCE1} in selinux/ directory -# %setup -T -D -a 1 -n selinux %patch1 -p0 -b .selinux-python %patch2 -p0 -b .selinux-gui %patch3 -p0 -b .selinux-sandbox @@ -144,16 +142,14 @@ rm -f %{buildroot}/etc/pam.d/run_init* ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui -desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ - --add-category Settings \ -%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop +desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications --add-category Settings \ + %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop -desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ - --add-category Settings \ +desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications --add-category Settings \ %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop -desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ -%{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop +desktop-file-install --dir ${RPM_BUILD_ROOT}%{_datadir}/applications \ + %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop @@ -171,24 +167,24 @@ ln -s ../selinux-autorelabel-mark.service %{buildroot}/%{_unitdir}/basic.target. # change /usr/bin/python3 to /usr/bin/python in policycoreutils-python find %{buildroot}%{python_sitelib} %{buildroot}%{python_sitearch} -type f | xargs \ - sed -i '1s%\(#! */usr/bin/python\)3%\1%' + sed -i '1s%\(#! */usr/bin/python\)3%\1%' -# change /usr/bin/python to %{__python3} in policycoreutils-python3 +# change /usr/bin/python to %%{__python3} in policycoreutils-python3 find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} -type f | xargs \ - sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%' + sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%' -# change /usr/bin/python to /usr/bin/python3 in python-utils +# change /usr/bin/python to %%{__python3} in python-utils sed -i '1s%\(#! *\)/usr/bin/python\([^3].*\|\)$%\1%{__python3}\2%' \ - %{buildroot}%{_sbindir}/semanage \ - %{buildroot}%{_bindir}/chcat \ - %{buildroot}%{_bindir}/sandbox \ - %{buildroot}%{_bindir}/audit2allow \ - %{buildroot}%{_bindir}/audit2why \ - %{buildroot}%{_bindir}/sepolicy \ - %{buildroot}%{_bindir}/sepolgen{,-ifgen} \ - %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \ - %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \ - %nil + %{buildroot}%{_sbindir}/semanage \ + %{buildroot}%{_bindir}/chcat \ + %{buildroot}%{_bindir}/sandbox \ + %{buildroot}%{_bindir}/audit2allow \ + %{buildroot}%{_bindir}/audit2why \ + %{buildroot}%{_bindir}/sepolicy \ + %{buildroot}%{_bindir}/sepolgen{,-ifgen} \ + %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \ + %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \ + %nil %find_lang %{name} @@ -240,7 +236,7 @@ an SELinux environment. %package python3 Summary: SELinux policy core python3 interfaces -Group: System Environment/Base +Group: System Environment/Base Requires:policycoreutils = %{version}-%{release} Requires:libsemanage-python3 >= %{libsemanagever} libselinux-python3 libcgroup Requires:audit-libs-python3 >= %{libauditver} @@ -279,7 +275,7 @@ Provides: %{name}-python = %{version}-%{release} Provides: %{name}-python%{?_isa} = %{version}-%{release} Obsoletes: %{name}-python < %{version}-%{release} Summary: SELinux policy core python utilities -Group: System Environment/Base +Group: System Environment/Base Requires:policycoreutils = %{version}-%{release} Requires:libsemanage-python >= %{libsemanagever} libselinux-python libcgroup Requires:audit-libs-python >= %{libauditver} @@ -310,7 +306,7 @@ an SELinux environment. %package devel Summary: SELinux policy core policy devel utilities -Group: System Environment/Base +Group: System Environment/Base Requires: policycoreutils-python-utils = %{version}-%{release} Requires: /usr/bin/make dnf Requires: selinux-policy-devel @@ -346,7 +342,7 @@ The policycoreutils-devel package contains the management tools use to develop p %package sandbox Summary: SELinux sandbox utilities -Group: System Environment/Base +Group: System Environment/Base Requires: policycoreutils-python3 = %{version}-%{release} Requires: xorg-x11-server-Xephyr >= 1.14.1-2 /usr/bin/rsync /usr/bin/xmodmap Requires: openbox @@ -477,8 +473,8 @@ fi %package restorecond Summary: SELinux restorecond utilities -Group: System Environment/Base -BuildRequires: systemd-units +Group: System Environment/Base +BuildRequires: systemd-units %description restorecond The policycoreutils-restorecond package contains the restorecond service. @@ -507,7 +503,7 @@ The policycoreutils-restorecond package contains the restorecond service. %changelog * Wed Dec 13 2017 Petr Lautrbach - 2.7-6 - semanage: make seobject.py backward compatible -- Own %{pythonX_sitelib}/site-packages/sepolicy directories (#1522942) +- Own %%{pythonX_sitelib}/site-packages/sepolicy directories (#1522942) * Wed Nov 22 2017 Petr Lautrbach - 2.7-5 - sepolicy: Fix sepolicy manpage @@ -589,7 +585,7 @@ The policycoreutils-restorecond package contains the restorecond service. - Fix several issues in gui and 'sepolicy manpage' (#1416372) * Thu Feb 23 2017 Petr Lautrbach - 2.6-2 -- Use %{__python3} instead of python3 +- Use %%{__python3} instead of python3 * Mon Feb 20 2017 Petr Lautrbach - 2.6-1.1 - Fix pp crash when processing base module (#1417200) @@ -848,18 +844,18 @@ The policycoreutils-restorecond package contains the restorecond service. * Tue May 6 2014 Dan Walsh - 2.3-1 - Update to upstream - * Add -P semodule option to man page from Dan Walsh. - * selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh. - * Add new icons for sepolicy gui from Dan Walsh. - * Only return writeable files that are enabled from Dan Walsh. - * Add domain to short list of domains, when -t and -d from Dan Walsh. - * Fix up desktop files to match current standards from Dan Walsh. - * Add support to return sensitivities and categories for python from Dan Walsh. - * Cleanup whitespace from Dan Walsh. - * Add message to tell user to install sandbox policy from Dan Walsh. - * Add systemd unit file for mcstrans from Laurent Bigonville. - * Improve restorecond systemd unit file from Laurent Bigonville. - * Minor man pages improvements from Laurent Bigonville. + * Add -P semodule option to man page from Dan Walsh. + * selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh. + * Add new icons for sepolicy gui from Dan Walsh. + * Only return writeable files that are enabled from Dan Walsh. + * Add domain to short list of domains, when -t and -d from Dan Walsh. + * Fix up desktop files to match current standards from Dan Walsh. + * Add support to return sensitivities and categories for python from Dan Walsh. + * Cleanup whitespace from Dan Walsh. + * Add message to tell user to install sandbox policy from Dan Walsh. + * Add systemd unit file for mcstrans from Laurent Bigonville. + * Improve restorecond systemd unit file from Laurent Bigonville. + * Minor man pages improvements from Laurent Bigonville. * Tue May 6 2014 Miroslav Grepl - 2.2.5-15 - Apply patch to use setcon in seunshare from luto@mit.edu @@ -914,7 +910,7 @@ The policycoreutils-restorecond package contains the restorecond service. * Mon Jan 6 2014 Dan Walsh - 2.2.5-1 - Update to upstream - * Ignore selevel/serange if MLS is disabled from Sven Vermeulen. + * Ignore selevel/serange if MLS is disabled from Sven Vermeulen. * Fri Jan 3 2014 Dan Walsh - 2.2.4-8 - Update Tranlations @@ -944,7 +940,7 @@ The policycoreutils-restorecond package contains the restorecond service. * Tue Dec 3 2013 Dan Walsh - 2.2.4-1 - Update to upstream - * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems. + * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems. - Add patches for sepolicy gui from mgrepl to Fix advanced_item_button_push() to allow to select an application in advanced search menu Fix previously_modified_initialize() to show modified changes properly for all selections @@ -952,8 +948,8 @@ The policycoreutils-restorecond package contains the restorecond service. * Fri Nov 22 2013 Dan Walsh - 2.2.3-1 - Update to upstream - * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh. - * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh. + * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh. + * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh. - Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate * Wed Nov 20 2013 Dan Walsh - 2.2.2-2 @@ -963,62 +959,62 @@ The policycoreutils-restorecond package contains the restorecond service. - Speed up startup time of sepolicy gui - Clean up ports screen to only show enabled ports. - Update to upstream - * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. - * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. - * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh. + * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. + * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. + * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh. * Thu Oct 31 2013 Dan Walsh - 2.2-2 - Shift around some of the files to more appropriate packages. * semodule_* packages are required for devel. * Thu Oct 31 2013 Dan Walsh - 2.2-1 - Update to upstream - * Properly build the swig exception file from Laurent Bigonville. - * Fix man pages from Laurent Bigonville. - * Support overriding PATH and INITDIR in Makefile from Laurent Bigonville. - * Fix LDFLAGS usage from Laurent Bigonville. - * Fix init_policy warning from Laurent Bigonville. - * Fix semanage logging from Laurent Bigonville. - * Open newrole stdin as read/write from Sven Vermeulen. - * Fix sepolicy transition from Sven Vermeulen. - * Support overriding CFLAGS from Simon Ruderich. - * Create correct man directory for run_init from Russell Coker. - * restorecon GLOB_BRACE change from Michal Trunecka. - * Extend audit2why to report additional constraint information. - * Catch IOError errors within audit2allow from Dan Walsh. - * semanage export/import fixes from Dan Walsh. - * Improve setfiles progress reporting from Dan Walsh. - * Document setfiles -o option in usage from Dan Walsh. - * Change setfiles to always return -1 on failure from Dan Walsh. - * Improve setsebool error r eporting from Dan Walsh. - * Major overhaul of gui from Dan Walsh. - * Fix sepolicy handling of non-MLS policy from Dan Walsh. - * Support returning type aliases from Dan Walsh. - * Add sepolicy tests from Dan Walsh. - * Add org.selinux.config.policy from Dan Walsh. - * Improve range and user input checking by semanage from Dan Walsh. - * Prevent source or target arguments that end with / for substitutions from Dan Walsh. - * Allow use of <> for semanage fcontext from Dan Walsh. + * Properly build the swig exception file from Laurent Bigonville. + * Fix man pages from Laurent Bigonville. + * Support overriding PATH and INITDIR in Makefile from Laurent Bigonville. + * Fix LDFLAGS usage from Laurent Bigonville. + * Fix init_policy warning from Laurent Bigonville. + * Fix semanage logging from Laurent Bigonville. + * Open newrole stdin as read/write from Sven Vermeulen. + * Fix sepolicy transition from Sven Vermeulen. + * Support overriding CFLAGS from Simon Ruderich. + * Create correct man directory for run_init from Russell Coker. + * restorecon GLOB_BRACE change from Michal Trunecka. + * Extend audit2why to report additional constraint information. + * Catch IOError errors within audit2allow from Dan Walsh. + * semanage export/import fixes from Dan Walsh. + * Improve setfiles progress reporting from Dan Walsh. + * Document setfiles -o option in usage from Dan Walsh. + * Change setfiles to always return -1 on failure from Dan Walsh. + * Improve setsebool error r eporting from Dan Walsh. + * Major overhaul of gui from Dan Walsh. + * Fix sepolicy handling of non-MLS policy from Dan Walsh. + * Support returning type aliases from Dan Walsh. + * Add sepolicy tests from Dan Walsh. + * Add org.selinux.config.policy from Dan Walsh. + * Improve range and user input checking by semanage from Dan Walsh. + * Prevent source or target arguments that end with / for substitutions from Dan Walsh. + * Allow use of <> for semanage fcontext from Dan Walsh. * Report customized user levels from Dan Walsh. - * Support deleteall for restoring disabled modules from Dan Walsh. - * Improve semanage error reporting from Dan Walsh. - * Only list disabled modules for module locallist from Dan Walsh. - * Fix logging from Dan Walsh. - * Define new constants for file type character codes from Dan Walsh. - * Improve bash completions from Dan Walsh. - * Convert semanage to argparse from Dan Walsh (originally by Dave Quigley). - * Add semanage tests from Dan Walsh. - * Split semanage man pages from Dan Walsh. - * Move bash completion scripts from Dan Walsh. - * Replace genhomedircon script with a link to semodule from Dan Walsh. - * Fix fixfiles from Dan Walsh. - * Add support for systemd service for restorecon from Dan Walsh. - * Spelling corrections from Dan Walsh. - * Improve sandbox support for home dir symlinks and file caps from Dan Walsh. - * Switch sandbox to openbox window manager from Dan Walsh. - * Coalesce audit2why and audit2allow from Dan Walsh. - * Change audit2allow to append to output file from Dan Walsh. - * Update translations from Dan Walsh. - * Change audit2why to use selinux_current_policy_path from Dan Walsh. + * Support deleteall for restoring disabled modules from Dan Walsh. + * Improve semanage error reporting from Dan Walsh. + * Only list disabled modules for module locallist from Dan Walsh. + * Fix logging from Dan Walsh. + * Define new constants for file type character codes from Dan Walsh. + * Improve bash completions from Dan Walsh. + * Convert semanage to argparse from Dan Walsh (originally by Dave Quigley). + * Add semanage tests from Dan Walsh. + * Split semanage man pages from Dan Walsh. + * Move bash completion scripts from Dan Walsh. + * Replace genhomedircon script with a link to semodule from Dan Walsh. + * Fix fixfiles from Dan Walsh. + * Add support for systemd service for restorecon from Dan Walsh. + * Spelling corrections from Dan Walsh. + * Improve sandbox support for home dir symlinks and file caps from Dan Walsh. + * Switch sandbox to openbox window manager from Dan Walsh. + * Coalesce audit2why and audit2allow from Dan Walsh. + * Change audit2allow to append to output file from Dan Walsh. + * Update translations from Dan Walsh. + * Change audit2why to use selinux_current_policy_path from Dan Walsh. * Fri Oct 25 2013 Dan Walsh - 2.1.14-89 - Fix handling of man pages. @@ -1398,39 +1394,39 @@ do not drop capabilities when run as root. * Thu Feb 7 2013 Dan Walsh - 2.1.14-1 - Update to upstream - * setfiles: estimate percent progress - * load_policy: make link at the destination directory - * Rebuild polgen.glade with glade-3 - * sepolicy: new command to unite small utilities - * sepolicy: Update Makefiles and po files - * sandbox: use sepolicy to look for sandbox_t - * gui: switch to use sepolicy - * gui: sepolgen: use sepolicy to generate - * semanage: use sepolicy for boolean dictionary - * add po file configuration information - * po: stop running update-po on all - * semanage: seobject verify policy types before allowing you to assign them. - * gui: Start using Popen, instead of os.spawnl - * sandbox: Copy /var/tmp to /tmp as they are the same inside - * qualifier to shred content - * semanage: Fix handling of boolean_sub names when using the -F flag - * semanage: man: roles instead of role - * gui: system-config-selinux: Catch no DISPLAY= error - * setfiles: print error if no default label found - * semanage: list logins file entries in semanage login -l - * semanage: good error message is sepolgen python module missing - * gui: system-config-selinux: do not use lokkit - * secon: add support for setrans color information in prompt output - * restorecond: remove /etc/mtab from default list - * gui: If you are not able to read enforcemode set it to False - * genhomedircon: regenerate genhomedircon more often - * restorecond: Add /etc/udpatedb.conf to restorecond.conf - * genhomedircon generation to allow spec file to pass in SEMODULE_PATH - * fixfiles: relabel only after specific date - * po: update translations - * sandbox: seunshare: do not reassign realloc value - * seunshare: do checking on setfsuid - * sestatus: rewrite to shut up coverity + * setfiles: estimate percent progress + * load_policy: make link at the destination directory + * Rebuild polgen.glade with glade-3 + * sepolicy: new command to unite small utilities + * sepolicy: Update Makefiles and po files + * sandbox: use sepolicy to look for sandbox_t + * gui: switch to use sepolicy + * gui: sepolgen: use sepolicy to generate + * semanage: use sepolicy for boolean dictionary + * add po file configuration information + * po: stop running update-po on all + * semanage: seobject verify policy types before allowing you to assign them. + * gui: Start using Popen, instead of os.spawnl + * sandbox: Copy /var/tmp to /tmp as they are the same inside + * qualifier to shred content + * semanage: Fix handling of boolean_sub names when using the -F flag + * semanage: man: roles instead of role + * gui: system-config-selinux: Catch no DISPLAY= error + * setfiles: print error if no default label found + * semanage: list logins file entries in semanage login -l + * semanage: good error message is sepolgen python module missing + * gui: system-config-selinux: do not use lokkit + * secon: add support for setrans color information in prompt output + * restorecond: remove /etc/mtab from default list + * gui: If you are not able to read enforcemode set it to False + * genhomedircon: regenerate genhomedircon more often + * restorecond: Add /etc/udpatedb.conf to restorecond.conf + * genhomedircon generation to allow spec file to pass in SEMODULE_PATH + * fixfiles: relabel only after specific date + * po: update translations + * sandbox: seunshare: do not reassign realloc value + * seunshare: do checking on setfsuid + * sestatus: rewrite to shut up coverity * Thu Jan 31 2013 Dan Walsh - 2.1.12-58 - Reorginize sepolicy so all get_all functions are in main module @@ -1671,46 +1667,46 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir * Thu Sep 13 2012 Dan Walsh - 2.1.12-1 - Update to upstream - * genhomedircon: manual page improvements - * setfiles/restorecon minor improvements - * run_init: If open_init_pty is not available then just use exec - * newrole: do not drop capabilities when newrole is run as - * restorecon: only update type by default - * scripts: Don't syslog setfiles changes on a fixfiles restore - * setfiles: do not syslog if no changes - * Disable user restorecond by default - * Make restorecon return 0 when a file has changed context - * setfiles: Fix process_glob error handling - * semanage: allow enable/disable under -m - * add .tx to gitignore - * translations: commit translations from Fedora community - * po: silence build process - * gui: Checking in policy to support polgengui and sepolgen. - * gui: polgen: search for systemd subpackage when generating policy - * gui: for exploring booleans - * gui: system-config-selinux gui - * Add Makefiles to support new gui code - * gui: remove lockdown wizard - * return equivalency records in fcontext customized - * semanage: option to not load new policy into kernel after - * sandbox: manpage update to describe standard types - * setsebool: -N should not reload policy on changes - * semodule: Add -N qualifier to no reload kernel policy - * gui: polgen: sort selinux types of user controls - * gui: polgen: follow symlinks and get the real path to - * gui: Fix missing error function - * setfiles: return errors when bad paths are given - * fixfiles: tell restorecon to ignore missing paths - * setsebool: error when setting multiple options - * semanage: use boolean subs. - * sandbox: Make sure Xephyr never listens on tcp ports - * sepolgen: return and output constraint violation information - * semanage: skip comments while reading external configuration files - * restorecond: relabel all mount runtime files in the restorecond example - * genhomedircon: dynamically create genhomedircon - * Allow returning of bastard matches - * sepolgen: return and output constraint violation information - * audit2allow: one role/type pair per line + * genhomedircon: manual page improvements + * setfiles/restorecon minor improvements + * run_init: If open_init_pty is not available then just use exec + * newrole: do not drop capabilities when newrole is run as + * restorecon: only update type by default + * scripts: Don't syslog setfiles changes on a fixfiles restore + * setfiles: do not syslog if no changes + * Disable user restorecond by default + * Make restorecon return 0 when a file has changed context + * setfiles: Fix process_glob error handling + * semanage: allow enable/disable under -m + * add .tx to gitignore + * translations: commit translations from Fedora community + * po: silence build process + * gui: Checking in policy to support polgengui and sepolgen. + * gui: polgen: search for systemd subpackage when generating policy + * gui: for exploring booleans + * gui: system-config-selinux gui + * Add Makefiles to support new gui code + * gui: remove lockdown wizard + * return equivalency records in fcontext customized + * semanage: option to not load new policy into kernel after + * sandbox: manpage update to describe standard types + * setsebool: -N should not reload policy on changes + * semodule: Add -N qualifier to no reload kernel policy + * gui: polgen: sort selinux types of user controls + * gui: polgen: follow symlinks and get the real path to + * gui: Fix missing error function + * setfiles: return errors when bad paths are given + * fixfiles: tell restorecon to ignore missing paths + * setsebool: error when setting multiple options + * semanage: use boolean subs. + * sandbox: Make sure Xephyr never listens on tcp ports + * sepolgen: return and output constraint violation information + * semanage: skip comments while reading external configuration files + * restorecond: relabel all mount runtime files in the restorecond example + * genhomedircon: dynamically create genhomedircon + * Allow returning of bastard matches + * sepolgen: return and output constraint violation information + * audit2allow: one role/type pair per line * Wed Aug 8 2012 Dan Walsh - 2.1.11-6 - Change polgen to generate dbus apps as optional so they can compile on minimal policy system, patch from Miroslav Grepl @@ -1733,19 +1729,19 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir * Wed Jul 4 2012 Dan Walsh - 2.1.11-1 - Update to upstream - policycoreutils - * restorecond: wrong options should exit with non-zero error code - * restorecond: Add -h option to get usage command - * resorecond: user: fix fd leak - * mcstrans: add -f to run in foreground - * semanage: fix man page range and level defaults - * semanage: bash completion for modules should include -a,-m, -d - * semanage: manpage update for -e - * semanage: dontaudit off should work - * semanage: locallist option does not take an argument - * sepolgen: Make use of setools optional within sepolgen + * restorecond: wrong options should exit with non-zero error code + * restorecond: Add -h option to get usage command + * resorecond: user: fix fd leak + * mcstrans: add -f to run in foreground + * semanage: fix man page range and level defaults + * semanage: bash completion for modules should include -a,-m, -d + * semanage: manpage update for -e + * semanage: dontaudit off should work + * semanage: locallist option does not take an argument + * sepolgen: Make use of setools optional within sepolgen - sepolgen - * Make use of setools optional within sepolgen - * We need to support files that have a + in them + * Make use of setools optional within sepolgen + * We need to support files that have a + in them * Thu May 24 2012 Dan Walsh - 2.1.11-18 - Make restorecon exit with an error on a bad path @@ -1804,28 +1800,28 @@ I pull the policy, policy.xml and file_contexts and file_contexts.homedir * Thu Mar 29 2012 Dan Walsh - 2.1.11-1 - Update to upstream - policycoreutils - * sandbox: do not propogate inside mounts outside - * sandbox: Removing sandbox init script, should no longer be necessary - * restorecond: Stop using deprecated interfaces for g_io - * semanage: proper auditting of user changes for LSPP - * semanage: audit message to show what record(s) and item(s) have chaged - * scripts: Update Makefiles to handle /usrmove - * mcstrans: Version should have been bumped on last check in - * seunshare: Only drop caps not the Bounding Set from seunshare - * Add bash-completion scripts for setsebool and semanage - * newrole: Use correct capng calls in newrole - * Fix infinite loop with inotify on 2.6.31 kernels - * fix ftbfs with hardening flags - * Only run setfiles if we found read-write filesystems to run it on - * update .po files - * remove empty po files - * do not fail to install if unable to make load_policy lnk file + * sandbox: do not propogate inside mounts outside + * sandbox: Removing sandbox init script, should no longer be necessary + * restorecond: Stop using deprecated interfaces for g_io + * semanage: proper auditting of user changes for LSPP + * semanage: audit message to show what record(s) and item(s) have chaged + * scripts: Update Makefiles to handle /usrmove + * mcstrans: Version should have been bumped on last check in + * seunshare: Only drop caps not the Bounding Set from seunshare + * Add bash-completion scripts for setsebool and semanage + * newrole: Use correct capng calls in newrole + * Fix infinite loop with inotify on 2.6.31 kernels + * fix ftbfs with hardening flags + * Only run setfiles if we found read-write filesystems to run it on + * update .po files + * remove empty po files + * do not fail to install if unable to make load_policy lnk file - sepolgen - * Fix dead links to www.nsa.gov/selinux - * audit.py Dont crash if empty data is passed to sepolgen - * do not use md5 when calculating hash signatures - * fix detection of policy loads + * Fix dead links to www.nsa.gov/selinux + * audit.py Dont crash if empty data is passed to sepolgen + * do not use md5 when calculating hash signatures + * fix detection of policy loads * Wed Mar 28 2012 Dan Walsh - 2.1.10-30 - Have sepolgen script specify the pp file with the make command. From mgrepl. @@ -1925,12 +1921,12 @@ just *s. * Wed Dec 21 2011 Dan Walsh - 2.1.10-1 -Update to upstream - sepolgen - * better analysis of why things broke + * better analysis of why things broke - policycoreutils - * Remove excess whitespace - * sandbox: Add back in . functions to sandbox.init script - * Fix Makefile to match other policycoreutils Makefiles - * semanage: drop unused translation getopt + * Remove excess whitespace + * sandbox: Add back in . functions to sandbox.init script + * Fix Makefile to match other policycoreutils Makefiles + * semanage: drop unused translation getopt * Thu Dec 15 2011 Dan Walsh - 2.1.9-3 - Bump libsepol version requires rebuild @@ -1940,22 +1936,22 @@ just *s. * Tue Dec 6 2011 Dan Walsh - 2.1.9-1 - Upgrade to upstream - * sandbox: move sandbox.conf.5 to just sandbox.5 - * po: Makefile use -p to preserve times to allow multilib simultatious installs - * of po files - * sandbox: Allow user to specify the DPI value for X in a sandbox - * sandbox: make sure the domain launching sandbox has at least 100 categories - * sandbox: do not try forever to find available category set - * sandbox: only complain if sandbox unable to launch - * sandbox: init script run twice is still successful - * semanage: print local and dristo equiv rules - * semanage: check file equivalence rules for conflict - * semanage: Make sure semanage fcontext -l -C prints even if local keys - * are not defined - * semanage: change src,dst to target,substitute for equivalency - * sestatus: Updated sestatus and man pages. - * Added SELinux config file man page. - * add clean target to man Makefile + * sandbox: move sandbox.conf.5 to just sandbox.5 + * po: Makefile use -p to preserve times to allow multilib simultatious installs + * of po files + * sandbox: Allow user to specify the DPI value for X in a sandbox + * sandbox: make sure the domain launching sandbox has at least 100 categories + * sandbox: do not try forever to find available category set + * sandbox: only complain if sandbox unable to launch + * sandbox: init script run twice is still successful + * semanage: print local and dristo equiv rules + * semanage: check file equivalence rules for conflict + * semanage: Make sure semanage fcontext -l -C prints even if local keys + * are not defined + * semanage: change src,dst to target,substitute for equivalency + * sestatus: Updated sestatus and man pages. + * Added SELinux config file man page. + * add clean target to man Makefile * Wed Nov 30 2011 Dan Walsh - 2.1.8-8 - Fix semange fcontext -a to check for more conflicts on equivalency @@ -1983,27 +1979,27 @@ just *s. * Fri Nov 4 2011 Dan Walsh - 2.1.8-1 - Upgrade to policycoreutils upstream - * sandbox: Maintain the LANG environment into the sandbox - * audit2allow: use audit2why internally - * fixfiles: label /root but not /var/lib/BackupPC - * semanage: update local boolean settings is dealing with localstore - * semanage: missing modify=True - * semanage: set modified correctly - * restorecond: make restorecond dbuss-able - * restorecon: Always check return code on asprintf - * restorecond: make restorecond -u exit when terminal closes - * sandbox: introduce package name and language stuff - * semodule_package: remove semodule_unpackage on clean - * fix sandbox Makefile to support DESTDIR - * semanage: Add -o description to the semanage man page - * make use of the new realpath_not_final function - * setfiles: close /proc/mounts file when finished - * semodule: Document semodule -p in man page - * setfiles: fix use before initialized - * restorecond: Add .local/share as a directory to watch + * sandbox: Maintain the LANG environment into the sandbox + * audit2allow: use audit2why internally + * fixfiles: label /root but not /var/lib/BackupPC + * semanage: update local boolean settings is dealing with localstore + * semanage: missing modify=True + * semanage: set modified correctly + * restorecond: make restorecond dbuss-able + * restorecon: Always check return code on asprintf + * restorecond: make restorecond -u exit when terminal closes + * sandbox: introduce package name and language stuff + * semodule_package: remove semodule_unpackage on clean + * fix sandbox Makefile to support DESTDIR + * semanage: Add -o description to the semanage man page + * make use of the new realpath_not_final function + * setfiles: close /proc/mounts file when finished + * semodule: Document semodule -p in man page + * setfiles: fix use before initialized + * restorecond: Add .local/share as a directory to watch - Upgrade to sepolgen upstream - * Ignore permissive qualifier if found in an interface - * Return name field in avc data + * Ignore permissive qualifier if found in an interface + * Return name field in avc data * Mon Oct 31 2011 Dan Walsh - 2.1.7-6 - Rebuild versus newer libsepol @@ -2024,7 +2020,7 @@ just *s. * Fri Sep 30 2011 Dan Walsh - 2.1.7-1 -Update to upstream - * semanage: fix indentation error in seobject + * semanage: fix indentation error in seobject * Thu Sep 29 2011 Dan Walsh - 2.1.6-3 - Ignore permissive commands in interfaces @@ -2035,32 +2031,32 @@ just *s. * Mon Sep 19 2011 Dan Walsh - 2.1.6-1 -Update to upstream policycoreutils-2.1.6 - * sepolgen-ifgen: new attr-helper does something - * audit2allow: use alternate policy file - * audit2allow: sepolgen-ifgen use the attr helper - * setfiles: switch from stat to stat64 - * setfiles: Fix potential crash using dereferenced ftsent - * setfiles: do not wrap * output at 80 characters - * sandbox: add -Wall and -Werror to makefile - * sandbox: add sandbox cgroup support - * sandbox: rewrite /tmp handling - * sandbox: do not bind mount so much - * sandbox: add level based kill option - * sandbox: cntrl-c should kill entire process control group - * Create a new preserve_tunables flag in sepol_handle_t. - * semanage: show running and disk setting for booleans - * semanage: Dont print heading if no items selected - * sepolgen: audit2allow is mistakakenly not allowing valid module names - * semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled - * More files to ignore - * tree: default make target to all not install - * sandbox: do not load unused generic init functions + * sepolgen-ifgen: new attr-helper does something + * audit2allow: use alternate policy file + * audit2allow: sepolgen-ifgen use the attr helper + * setfiles: switch from stat to stat64 + * setfiles: Fix potential crash using dereferenced ftsent + * setfiles: do not wrap * output at 80 characters + * sandbox: add -Wall and -Werror to makefile + * sandbox: add sandbox cgroup support + * sandbox: rewrite /tmp handling + * sandbox: do not bind mount so much + * sandbox: add level based kill option + * sandbox: cntrl-c should kill entire process control group + * Create a new preserve_tunables flag in sepol_handle_t. + * semanage: show running and disk setting for booleans + * semanage: Dont print heading if no items selected + * sepolgen: audit2allow is mistakakenly not allowing valid module names + * semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled + * More files to ignore + * tree: default make target to all not install + * sandbox: do not load unused generic init functions sepolgen-1.1.2 - * src: sepolgen: add attribute storing infrastructure - * Change perm-map and add open to try to get better results on - * look for booleans that might solve problems - * sepolgen: audit2allow is mistakakenly not allowing valid module names - * tree: default make target to all not install + * src: sepolgen: add attribute storing infrastructure + * Change perm-map and add open to try to get better results on + * look for booleans that might solve problems + * sepolgen: audit2allow is mistakakenly not allowing valid module names + * tree: default make target to all not install * Wed Sep 14 2011 Dan Walsh - 2.1.5-6 - Change separator on -L from ; to : @@ -2083,30 +2079,30 @@ and limit memory. * Tue Aug 30 2011 Dan Walsh - 2.1.5-1 -Update to upstream * policycoreutils - * setfiles: Fix process_glob to handle error situations - * sandbox: Allow seunshare to run as root - * sandbox: trap sigterm to make sure sandbox - * sandbox: pass DPI from the desktop - * sandbox: seunshare: introduce helper spawn_command - * sandbox: seunshare: introduce new filesystem helpers - * sandbox: add -C option to not drop - * sandbox: split seunshare caps dropping - * sandbox: use dbus-launch - * sandbox: numerous simple updates to sandbox - * sandbox: do not require selinux context - * sandbox: Makefile: new man pages - * sandbox: rename dir to srcdir - * sandbox: allow users specify sandbox window size - * sandbox: check for paths up front - * sandbox: use defined values for paths rather - * sandbox: move seunshare globals to the top - * sandbox: whitespace fix - * semodule_package: Add semodule_unpackage executable - * setfiles: get rid of some stupid globals - * setfiles: move exclude_non_seclabel_mounts to a generic location + * setfiles: Fix process_glob to handle error situations + * sandbox: Allow seunshare to run as root + * sandbox: trap sigterm to make sure sandbox + * sandbox: pass DPI from the desktop + * sandbox: seunshare: introduce helper spawn_command + * sandbox: seunshare: introduce new filesystem helpers + * sandbox: add -C option to not drop + * sandbox: split seunshare caps dropping + * sandbox: use dbus-launch + * sandbox: numerous simple updates to sandbox + * sandbox: do not require selinux context + * sandbox: Makefile: new man pages + * sandbox: rename dir to srcdir + * sandbox: allow users specify sandbox window size + * sandbox: check for paths up front + * sandbox: use defined values for paths rather + * sandbox: move seunshare globals to the top + * sandbox: whitespace fix + * semodule_package: Add semodule_unpackage executable + * setfiles: get rid of some stupid globals + * setfiles: move exclude_non_seclabel_mounts to a generic location * sepolgen - * refparser: include open among valid permissions - * refparser: add support for filename_trans rules + * refparser: include open among valid permissions + * refparser: add support for filename_trans rules * Thu Aug 18 2011 Dan Walsh - 2.1.4-2 - Fix bug in glob handling for restorecon @@ -2114,74 +2110,74 @@ and limit memory. * Thu Aug 18 2011 Dan Walsh - 2.1.4-1 -Update to upstream 2.1.4 2011-08-17 - * run_init: clarification of the usage in the - * semanage: fix usage header around booleans - * semanage: remove useless empty lines - * semanage: update man page with new examples - * semanage: update usage text - * semanage: introduce file context equivalencies - * semanage: enable and disable modules - * semanage: output all local modifications - * semanage: introduce extraction of local configuration - * semanage: cleanup error on invalid operation - * semanage: handle being called with no arguments - * semanage: return sooner to save CPU time - * semanage: surround getopt with try/except - * semanage: use define/raise instead of lots of - * semanage: some options are only valid for - * semanage: introduce better deleteall support - * semanage: do not allow spaces in file - * semanage: distinguish between builtin and local permissive - * semanage: centralized ip node handling - * setfiles: make the restore function exclude() non-static - * setfiles: use glob to handle ~ and - * fixfiles: do not hard code types - * fixfiles: stop trying to be smart about - * fixfiles: use new kernel seclabel option - * fixfiles: pipe everything to cat before sending - * fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs - * semodule: support for alternative root paths + * run_init: clarification of the usage in the + * semanage: fix usage header around booleans + * semanage: remove useless empty lines + * semanage: update man page with new examples + * semanage: update usage text + * semanage: introduce file context equivalencies + * semanage: enable and disable modules + * semanage: output all local modifications + * semanage: introduce extraction of local configuration + * semanage: cleanup error on invalid operation + * semanage: handle being called with no arguments + * semanage: return sooner to save CPU time + * semanage: surround getopt with try/except + * semanage: use define/raise instead of lots of + * semanage: some options are only valid for + * semanage: introduce better deleteall support + * semanage: do not allow spaces in file + * semanage: distinguish between builtin and local permissive + * semanage: centralized ip node handling + * setfiles: make the restore function exclude() non-static + * setfiles: use glob to handle ~ and + * fixfiles: do not hard code types + * fixfiles: stop trying to be smart about + * fixfiles: use new kernel seclabel option + * fixfiles: pipe everything to cat before sending + * fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs + * semodule: support for alternative root paths 2.1.3 2011-08-03 - * semanage: fix indention - * semodule_package: fix man page typo - * semodule_expand: update man page with -a - * semanage: handle os errors - * semanage: fix traceback with bad options - * semanage: show usage on -h or --help - * semanage: introduce more deleteall options - * semanage: verify ports < 65536 - * transaction into semanageRecords - * make get_handle a method of semanageRecords - * remove a needless blank line - * make process_one error if not initialized correctly - * fixfiles: correct usage for r_opts.rootpath - * put -p in help for restorecon and - * fixfiles: do not try to only label - * fixfiles clean up /var/run and /var/lib/debug - * fixfiles delete tmp sockets and pipes rather - * fixfile use find -delete instead of pipe - * chcat man page typo - * add man page for genhomedircon - * setfiles fix typo - * setsebool should inform users they need to - * setsebool typos - * open_init_tty man page typos - * Don't add user site directory to sys.path - * newrole retain CAP_SETPCAP + * semanage: fix indention + * semodule_package: fix man page typo + * semodule_expand: update man page with -a + * semanage: handle os errors + * semanage: fix traceback with bad options + * semanage: show usage on -h or --help + * semanage: introduce more deleteall options + * semanage: verify ports < 65536 + * transaction into semanageRecords + * make get_handle a method of semanageRecords + * remove a needless blank line + * make process_one error if not initialized correctly + * fixfiles: correct usage for r_opts.rootpath + * put -p in help for restorecon and + * fixfiles: do not try to only label + * fixfiles clean up /var/run and /var/lib/debug + * fixfiles delete tmp sockets and pipes rather + * fixfile use find -delete instead of pipe + * chcat man page typo + * add man page for genhomedircon + * setfiles fix typo + * setsebool should inform users they need to + * setsebool typos + * open_init_tty man page typos + * Don't add user site directory to sys.path + * newrole retain CAP_SETPCAP 2.1.2 2011-08-02 - * seunshare: define _GNU_SOURCE earlier - * make ignore_enoent do something - * restorecond: first user logged in is not noticed - * Repo: update .gitignore + * seunshare: define _GNU_SOURCE earlier + * make ignore_enoent do something + * restorecond: first user logged in is not noticed + * Repo: update .gitignore 2.1.1 2011-08-01 - * Man page updates - * restorecon fix for bad inotify assumptions + * Man page updates + * restorecon fix for bad inotify assumptions 2.1.0 2011-07-27 - * Release, minor version bump + * Release, minor version bump * Tue Jul 26 2011 Dan Walsh 2.0.86-20 - Fix sepolgen usage statement @@ -2250,7 +2246,7 @@ the bounding set will be dropped. * Tue Apr 12 2011 Dan Walsh 2.0.86-1 - Update to upstream - * Use correct color range in mcstrand by Richard Haines. + * Use correct color range in mcstrand by Richard Haines. * Mon Apr 11 2011 Dan Walsh 2.0.85-30 - Add Elia Pinto patches to allow user to specify directories to ignore @@ -2487,7 +2483,7 @@ Resolves: #610473 * Tue Jun 15 2010 Dan Walsh 2.0.83-1 - Update to upstream - * Add sandbox support from Dan Walsh with modifications from Steve Lawrence. + * Add sandbox support from Dan Walsh with modifications from Steve Lawrence. * Tue Jun 15 2010 Dan Walsh 2.0.82-31 - Fix sepolgen code generation @@ -2599,14 +2595,14 @@ Resolves: #582533 * Tue Mar 23 2010 Dan Walsh 2.0.82-1 - Update to upstream - * Add avc's since boot from Dan Walsh. - * Fix unit tests from Dan Walsh. + * Add avc's since boot from Dan Walsh. + * Fix unit tests from Dan Walsh. * Tue Mar 23 2010 Dan Walsh 2.0.81-4 - Update to upstream - sepolgen - * Add since-last-boot option to audit2allow from Dan Walsh. - * Fix sepolgen output to match what Chris expects for upstream - refpolicy from Dan Walsh. + * Add since-last-boot option to audit2allow from Dan Walsh. + * Fix sepolgen output to match what Chris expects for upstream + refpolicy from Dan Walsh. * Mon Mar 22 2010 Dan Walsh 2.0.81-3 - Allow restorecon on > 2 Gig files @@ -2617,14 +2613,14 @@ Resolves: #582533 * Fri Mar 12 2010 Dan Walsh 2.0.81-1 - Update to upstream - * Add dontaudit flag to audit2allow from Dan Walsh. + * Add dontaudit flag to audit2allow from Dan Walsh. * Thu Mar 11 2010 Dan Walsh 2.0.80-2 - Use --rbind in sandbox init scripts * Mon Mar 8 2010 Dan Walsh 2.0.80-1 - Update to upstream - * Module enable/disable support from Dan Walsh. + * Module enable/disable support from Dan Walsh. * Mon Mar 1 2010 Dan Walsh 2.0.79-5 - Rewrite of sandbox script, add unit test for sandbox @@ -2642,7 +2638,7 @@ Resolves: #582533 * Tue Feb 16 2010 Dan Walsh 2.0.79-1 - Update to upstream - * Fix double-free in newrole + * Fix double-free in newrole - Fix python language handling * Thu Feb 11 2010 Dan Walsh 2.0.78-21 @@ -2709,26 +2705,26 @@ Resolves: 555835 * Tue Dec 1 2009 Dan Walsh 2.0.78-1 - Update to upstream - * Remove non-working OUTFILE from fixfiles from Dan Walsh. - * Additional exception handling in chcat from Dan Walsh. + * Remove non-working OUTFILE from fixfiles from Dan Walsh. + * Additional exception handling in chcat from Dan Walsh. - * fix sepolgen to read a "type 1403" msg as a policy load by Stephen - Smalley - * Add support for Xen ocontexts from Paul Nuzzi. + * fix sepolgen to read a "type 1403" msg as a policy load by Stephen + Smalley + * Add support for Xen ocontexts from Paul Nuzzi. * Tue Nov 24 2009 Dan Walsh 2.0.77-1 - Update to upstream - * Fixed bug preventing semanage node -a from working - from Chad Sellers - * Fixed bug preventing semanage fcontext -l from working - from Chad Sellers + * Fixed bug preventing semanage node -a from working + from Chad Sellers + * Fixed bug preventing semanage fcontext -l from working + from Chad Sellers - Change semanage to use unicode * Wed Nov 18 2009 Dan Walsh 2.0.76-1 - Update to upstream - * Remove setrans management from semanage, as it does not work - from Dan Walsh. - * Move load_policy from /usr/sbin to /sbin from Dan Walsh. + * Remove setrans management from semanage, as it does not work + from Dan Walsh. + * Move load_policy from /usr/sbin to /sbin from Dan Walsh. * Mon Nov 16 2009 Dan Walsh 2.0.75-3 - Raise exception if user tries to add file context with an embedded space @@ -2738,7 +2734,7 @@ Resolves: 555835 * Mon Nov 2 2009 Dan Walsh 2.0.75-1 - Update to upstream - * Factor out restoring logic from setfiles.c into restore.c + * Factor out restoring logic from setfiles.c into restore.c * Fri Oct 30 2009 Dan Walsh 2.0.74-15 - Fix typo in seobject.py @@ -2789,11 +2785,11 @@ Resolves: 555835 * Thu Sep 17 2009 Dan Walsh 2.0.74-1 - Update to upstream - * Change semodule upgrade behavior to install even if the module - is not present from Dan Walsh. - * Make setfiles label if selinux is disabled and a seclabel aware - kernel is running from Caleb Case. - * Clarify forkpty() error message in run_init from Manoj Srivastava. + * Change semodule upgrade behavior to install even if the module + is not present from Dan Walsh. + * Make setfiles label if selinux is disabled and a seclabel aware + kernel is running from Caleb Case. + * Clarify forkpty() error message in run_init from Manoj Srivastava. * Mon Sep 14 2009 Dan Walsh 2.0.73-5 - Fix sandbox to handle relative paths @@ -2809,12 +2805,12 @@ Resolves: 555835 * Tue Sep 8 2009 Dan Walsh 2.0.73-1 - Update to upstream - * Add semanage dontaudit to turn off dontaudits from Dan Walsh. - * Fix semanage to set correct mode for setrans file from Dan Walsh. - * Fix malformed dictionary in portRecord from Dan Walsh. - * Restore symlink handling support to restorecon based on a patch by - Martin Orr. This fixes the restorecon /dev/stdin performed by Debian - udev scripts that was broken by policycoreutils 2.0.70. + * Add semanage dontaudit to turn off dontaudits from Dan Walsh. + * Fix semanage to set correct mode for setrans file from Dan Walsh. + * Fix malformed dictionary in portRecord from Dan Walsh. + * Restore symlink handling support to restorecon based on a patch by + Martin Orr. This fixes the restorecon /dev/stdin performed by Debian + udev scripts that was broken by policycoreutils 2.0.70. * Thu Sep 3 2009 Dan Walsh 2.0.71-15 - Add DAC_OVERRIED to seunshare @@ -2863,30 +2859,30 @@ Resolves: 555835 * Thu Aug 13 2009 Dan Walsh 2.0.71-1 - Fix chcat to report error on non existing file - Update to upstream - * Modify setfiles/restorecon checking of exclude paths. Only check - user-supplied exclude paths (not automatically generated ones based on - lack of seclabel support), don't require them to be directories, and - ignore permission denied errors on them (it is ok to exclude a path to - which the caller lacks permission). + * Modify setfiles/restorecon checking of exclude paths. Only check + user-supplied exclude paths (not automatically generated ones based on + lack of seclabel support), don't require them to be directories, and + ignore permission denied errors on them (it is ok to exclude a path to + which the caller lacks permission). * Mon Aug 10 2009 Dan Walsh 2.0.70-2 - Don't warn if the user did not specify the exclude if root can not stat file system * Wed Aug 5 2009 Dan Walsh 2.0.70-1 - Update to upstream - * Modify restorecon to only call realpath() on user-supplied pathnames - from Stephen Smalley. - * Fix typo in fixfiles that prevented it from relabeling btrfs - filesystems from Dan Walsh. + * Modify restorecon to only call realpath() on user-supplied pathnames + from Stephen Smalley. + * Fix typo in fixfiles that prevented it from relabeling btrfs + filesystems from Dan Walsh. * Wed Jul 29 2009 Dan Walsh 2.0.68-1 - Fix location of man pages - Update to upstream - * Modify setfiles to exclude mounts without seclabel option in - /proc/mounts on kernels >= 2.6.30 from Thomas Liu. - * Re-enable disable_dontaudit rules upon semodule -B from Christopher - Pardy and Dan Walsh. - * setfiles converted to fts from Thomas Liu. + * Modify setfiles to exclude mounts without seclabel option in + /proc/mounts on kernels >= 2.6.30 from Thomas Liu. + * Re-enable disable_dontaudit rules upon semodule -B from Christopher + Pardy and Dan Walsh. + * setfiles converted to fts from Thomas Liu. * Sun Jul 26 2009 Fedora Release Engineering - 2.0.64-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild @@ -2896,8 +2892,8 @@ Resolves: 555835 * Fri Jun 26 2009 Dan Walsh 2.0.64-1 - Update to upstream - * Keep setfiles from spamming console from Dan Walsh. - * Fix chcat's category expansion for users from Dan Walsh. + * Keep setfiles from spamming console from Dan Walsh. + * Fix chcat's category expansion for users from Dan Walsh. - Update po files - Fix sepolgen @@ -2916,10 +2912,10 @@ Resolves: 555835 * Wed May 20 2009 Dan Walsh 2.0.63-1 - Update to upstream - * Fix transaction checking from Dan Walsh. - * Make fixfiles -R (for rpm) recursive. - * Make semanage permissive clean up after itself from Dan Walsh. - * add /root/.ssh/* to restorecond.conf + * Fix transaction checking from Dan Walsh. + * Make fixfiles -R (for rpm) recursive. + * Make semanage permissive clean up after itself from Dan Walsh. + * add /root/.ssh/* to restorecond.conf * Wed Apr 22 2009 Dan Walsh 2.0.62-14 - Fix audit2allow -a to retun /var/log/messages @@ -2962,12 +2958,12 @@ Resolves: 555835 * Wed Feb 18 2009 Dan Walsh 2.0.62-1 - Update to upstream - * Add btrfs to fixfiles from Dan Walsh. - * Remove restorecond error for matching globs with multiple hard links - and fix some error messages from Dan Walsh. - * Make removing a non-existant module a warning rather than an error - from Dan Walsh. - * Man page fixes from Dan Walsh. + * Add btrfs to fixfiles from Dan Walsh. + * Remove restorecond error for matching globs with multiple hard links + and fix some error messages from Dan Walsh. + * Make removing a non-existant module a warning rather than an error + from Dan Walsh. + * Man page fixes from Dan Walsh. * Mon Feb 16 2009 Dan Walsh 2.0.61-10 - Fix script created by polgengui to not refer to selinux-policy-devel @@ -2996,10 +2992,10 @@ Resolves: 555835 * Tue Jan 13 2009 Dan Walsh 2.0.61-1 - Update to upstream - * chcat: cut categories at arbitrary point (25) from Dan Walsh - * semodule: use new interfaces in libsemanage for compressed files - from Dan Walsh - * audit2allow: string changes for usage + * chcat: cut categories at arbitrary point (25) from Dan Walsh + * semodule: use new interfaces in libsemanage for compressed files + from Dan Walsh + * audit2allow: string changes for usage * Tue Jan 6 2009 Dan Walsh 2.0.60-7 - Don't error out when removing a non existing module @@ -3021,21 +3017,21 @@ Resolves: 555835 * Mon Dec 1 2008 Dan Walsh 2.0.60-1 - Update to upstream - * semanage: use semanage_mls_enabled() from Stephen Smalley. + * semanage: use semanage_mls_enabled() from Stephen Smalley. * Sat Nov 29 2008 Ignacio Vazquez-Abrams - 2.0.59-2 - Rebuild for Python 2.6 * Tue Nov 11 2008 Dan Walsh 2.0.59-1 - Update to upstream - * fcontext add checked local records twice, fix from Dan Walsh. + * fcontext add checked local records twice, fix from Dan Walsh. * Mon Nov 10 2008 Dan Walsh 2.0.58-1 - Update to upstream - * Allow local file context entries to override policy entries in - semanage from Dan Walsh. - * Newrole error message corrections from Dan Walsh. - * Add exception to audit2why call in audit2allow from Dan Walsh. + * Allow local file context entries to override policy entries in + semanage from Dan Walsh. + * Newrole error message corrections from Dan Walsh. + * Add exception to audit2why call in audit2allow from Dan Walsh. * Fri Nov 7 2008 Dan Walsh 2.0.57-12 - add compression @@ -3075,16 +3071,16 @@ Resolves: 555835 * Wed Oct 1 2008 Dan Walsh 2.0.57-1 - Update to upstream - * Update po files from Dan Walsh. + * Update po files from Dan Walsh. * Fri Sep 12 2008 Dan Walsh 2.0.56-1 - Fix semanage help display - Update to upstream - * fixfiles will now remove all files in /tmp and will check for - unlabeled_t in /tmp and /var/tmp from Dan Walsh. - * add glob support to restorecond from Dan Walsh. - * allow semanage to handle multi-line commands in a single transaction - from Dan Walsh. + * fixfiles will now remove all files in /tmp and will check for + unlabeled_t in /tmp and /var/tmp from Dan Walsh. + * add glob support to restorecond from Dan Walsh. + * allow semanage to handle multi-line commands in a single transaction + from Dan Walsh. * Thu Sep 11 2008 Dan Walsh 2.0.55-8 - Only call gen_requires once in sepolgen @@ -3105,7 +3101,7 @@ Resolves: 555835 * Thu Aug 28 2008 Dan Walsh 2.0.55-1 - Update to upstream - * Merged semanage node support from Christian Kuester. + * Merged semanage node support from Christian Kuester. * Fri Aug 15 2008 Dan Walsh 2.0.54-7 - Add require libsemanage-python @@ -3121,8 +3117,8 @@ Resolves: 555835 * Tue Aug 5 2008 Dan Walsh 2.0.54-1 - Update to upstream - * Add support for boolean files and group support for seusers from Dan Walsh. - * Ensure that setfiles -p output is newline terminated from Russell Coker. + * Add support for boolean files and group support for seusers from Dan Walsh. + * Ensure that setfiles -p output is newline terminated from Russell Coker. * Fri Aug 1 2008 Dan Walsh 2.0.53-3 - Allow semanage user to add group lists % groupname @@ -3132,7 +3128,7 @@ Resolves: 555835 * Tue Jul 29 2008 Dan Walsh 2.0.53-1 - Update to upstream - * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley. + * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley. * Tue Jul 29 2008 Dan Walsh 2.0.52-6 - Fix boolean handling @@ -3161,7 +3157,7 @@ Resolves: 555835 * Mon Jun 30 2008 Dan Walsh 2.0.50-1 - Update to upstream - * Fix audit2allow generation of role-type rules from Karl MacMillan. + * Fix audit2allow generation of role-type rules from Karl MacMillan. * Tue Jun 24 2008 Dan Walsh 2.0.49-10 - Fix spelling of enforcement @@ -3189,8 +3185,8 @@ Resolves: 555835 * Mon May 12 2008 Dan Walsh 2.0.49-1 - Update to upstream - * Remove security_check_context calls for prefix validation from semanage. - * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified. + * Remove security_check_context calls for prefix validation from semanage. + * Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified. * Mon May 12 2008 Dan Walsh 2.0.47-3 - Remove /usr/share/locale/sr@Latn/LC_MESSAGES/policycoreutils.mo @@ -3225,19 +3221,19 @@ Resolves: 555835 * Tue Mar 18 2008 Dan Walsh 2.0.46-1 - Update to upstream - * Update audit2allow to report dontaudit cases from Dan Walsh. - * Fix semanage port to use --proto from Caleb Case. + * Update audit2allow to report dontaudit cases from Dan Walsh. + * Fix semanage port to use --proto from Caleb Case. * Fri Feb 22 2008 Dan Walsh 2.0.44-1 - Update to upstream - * Fix for segfault when conf file parse error occurs. + * Fix for segfault when conf file parse error occurs. * Wed Feb 13 2008 Dan Walsh 2.0.43-2 - Don't show tabs on polgengui * Wed Feb 13 2008 Dan Walsh 2.0.43-1 - Update to upstream - * Merged fix fixfiles option processing from Vaclav Ovsik. + * Merged fix fixfiles option processing from Vaclav Ovsik. - Added existing users, staff and user_t users to polgengui * Fri Feb 8 2008 Dan Walsh 2.0.42-3 @@ -3248,19 +3244,19 @@ Resolves: 555835 * Sat Feb 2 2008 Dan Walsh 2.0.42-1 - Update to upstream - * Make semodule_expand use sepol_set_expand_consume_base to reduce - peak memory usage. + * Make semodule_expand use sepol_set_expand_consume_base to reduce + peak memory usage. * Tue Jan 29 2008 Dan Walsh 2.0.41-1 - Update to upstream - * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh. - * Merged a second fixfiles -C fix from Marshall Miller. + * Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh. + * Merged a second fixfiles -C fix from Marshall Miller. * Thu Jan 24 2008 Dan Walsh 2.0.39-1 - Don't initialize audit2allow for audit2why call. Use default - Update to upstream - * Merged fixfiles -C fix from Marshall Miller. + * Merged fixfiles -C fix from Marshall Miller. * Thu Jan 24 2008 Dan Walsh 2.0.38-1 - Update to upstream @@ -3277,8 +3273,8 @@ Resolves: 555835 * Wed Jan 23 2008 Dan Walsh 2.0.36-1 - Update to upstream - * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh. - * Merged sepolgen fixes from Dan Walsh. + * Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh. + * Merged sepolgen fixes from Dan Walsh. * Tue Jan 22 2008 Dan Walsh 2.0.35-5 - handle files with spaces on upgrades @@ -3294,7 +3290,7 @@ Resolves: 555835 * Fri Jan 11 2008 Dan Walsh 2.0.35-1 - Update to upstream - * Merged support for non-interactive newrole command invocation from Tim Reed. + * Merged support for non-interactive newrole command invocation from Tim Reed. * Thu Jan 10 2008 Dan Walsh 2.0.34-8 - Change to use selinux bindings to audit2why @@ -3317,8 +3313,8 @@ Resolves: 555835 * Wed Dec 19 2007 Dan Walsh 2.0.34-1 - Update to upstream - * Update Makefile to not build restorecond if - /usr/include/sys/inotify.h is not present + * Update Makefile to not build restorecond if + /usr/include/sys/inotify.h is not present * Wed Dec 19 2007 Dan Walsh 2.0.33-4 - Fix sepolgen to be able to parse Fedora 9 policy @@ -3335,9 +3331,9 @@ Resolves: 555835 * Mon Dec 10 2007 Dan Walsh 2.0.33-1 - Upgrade from NSA - * Drop verbose output on fixfiles -C from Dan Walsh. - * Fix argument handling in fixfiles from Dan Walsh. - * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh. + * Drop verbose output on fixfiles -C from Dan Walsh. + * Fix argument handling in fixfiles from Dan Walsh. + * Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh. - Fix handling of final screen in polgengui * Sun Dec 2 2007 Dan Walsh 2.0.32-2 @@ -3345,7 +3341,7 @@ Resolves: 555835 * Mon Nov 19 2007 Dan Walsh 2.0.32-1 - Upgrade from NSA - * load_policy initial load option from Chad Sellers. + * load_policy initial load option from Chad Sellers. * Mon Nov 19 2007 Dan Walsh 2.0.31-20 - Don't show error on missing policy.xml @@ -3409,21 +3405,21 @@ Resolves: 555835 * Mon Oct 15 2007 Dan Walsh 2.0.31-1 - Remove no.po - Update to upstream - * Fix semodule option handling from Dan Walsh. - * Add deleteall support for ports and fcontexts in semanage from Dan Walsh. + * Fix semodule option handling from Dan Walsh. + * Add deleteall support for ports and fcontexts in semanage from Dan Walsh. * Thu Oct 11 2007 Dan Walsh 2.0.29-2 - Fix semodule parameter checking * Sun Oct 7 2007 Dan Walsh 2.0.29-1 - Update to upstream - * Add genhomedircon script to invoke semodule -Bn from Dan Walsh. + * Add genhomedircon script to invoke semodule -Bn from Dan Walsh. - Add deleteall for ports and fcontext * Fri Oct 5 2007 Dan Walsh 2.0.28-1 - Update to upstream - * Update semodule man page for -D from Dan Walsh. - * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh. + * Update semodule man page for -D from Dan Walsh. + * Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh. * Tue Oct 2 2007 Dan Walsh 2.0.27-7 - Add genhomedircon script to rebuild file_context for shadow-utils @@ -3443,7 +3439,7 @@ Resolves: 555835 * Wed Sep 26 2007 Dan Walsh 2.0.27-1 - Update to upstream - * Improve semodule reporting of system errors from Stephen Smalley. + * Improve semodule reporting of system errors from Stephen Smalley. * Mon Sep 24 2007 Dan Walsh 2.0.26-3 - Show local changes with semanage @@ -3464,8 +3460,8 @@ Resolves: 555835 * Thu Sep 13 2007 Dan Walsh 2.0.25-13 - Upgrade version of sepolgen from NSA - * Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan. - * Suppress generation of rules for non-denials from Karl MacMillan (take 3). + * Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan. + * Suppress generation of rules for non-denials from Karl MacMillan (take 3). * Tue Sep 11 2007 Dan Walsh 2.0.25-12 - Remove bogus import libxml2 @@ -3503,19 +3499,19 @@ Resolves: 555835 * Thu Aug 23 2007 Dan Walsh 2.0.25-1 - Update semodule man page - * Fix genhomedircon searching for USER from Todd Miller - * Install run_init with mode 0755 from Dan Walsh. - * Fix chcat from Dan Walsh. - * Fix fixfiles pattern expansion and error reporting from Dan Walsh. - * Optimize genhomedircon to compile regexes once from Dan Walsh. - * Fix semanage gettext call from Dan Walsh. + * Fix genhomedircon searching for USER from Todd Miller + * Install run_init with mode 0755 from Dan Walsh. + * Fix chcat from Dan Walsh. + * Fix fixfiles pattern expansion and error reporting from Dan Walsh. + * Optimize genhomedircon to compile regexes once from Dan Walsh. + * Fix semanage gettext call from Dan Walsh. * Thu Aug 23 2007 Dan Walsh 2.0.23-2 - Update semodule man page * Mon Aug 20 2007 Dan Walsh 2.0.23-1 - Update to match NSA - * Disable dontaudits via semodule -D + * Disable dontaudits via semodule -D * Wed Aug 1 2007 Dan Walsh 2.0.22-13 - Speed up genhomedircon by an order of magnitude by compiling regex @@ -3554,21 +3550,21 @@ Resolves: 555835 * Thu Jun 21 2007 Dan Walsh 2.0.22-1 - Update to match NSA - * Rebase setfiles to use new labeling interface. + * Rebase setfiles to use new labeling interface. * Wed Jun 13 2007 Dan Walsh 2.0.21-2 - Add filter to all system-config-selinux lists * Wed Jun 13 2007 Dan Walsh 2.0.21-1 - Update to match NSA - * Fixed setsebool (falling through to error path on success). + * Fixed setsebool (falling through to error path on success). * Mon Jun 11 2007 Dan Walsh 2.0.20-1 - Update to match NSA - * Merged genhomedircon fixes from Dan Walsh. - * Merged setfiles -c usage fix from Dan Walsh. - * Merged restorecon fix from Yuichi Nakamura. - * Dropped -lsepol where no longer needed. + * Merged genhomedircon fixes from Dan Walsh. + * Merged setfiles -c usage fix from Dan Walsh. + * Merged restorecon fix from Yuichi Nakamura. + * Dropped -lsepol where no longer needed. * Mon Jun 11 2007 Dan Walsh 2.0.19-5 - Fix translations code, Add more filters to gui @@ -3590,12 +3586,12 @@ Resolves: 555835 * Fri May 4 2007 Dan Walsh 2.0.16-1 - Updated version of policycoreutils - * Merged support for modifying the prefix via semanage from Dan Walsh. + * Merged support for modifying the prefix via semanage from Dan Walsh. - Fixed genhomedircon to find homedirs correctly. * Tue May 1 2007 Dan Walsh 2.0.15-1 - Updated version of policycoreutils - * Merged po file updates from Dan Walsh. + * Merged po file updates from Dan Walsh. - Fix semanage to be able to modify prefix in user record * Mon Apr 30 2007 Dan Walsh 2.0.14-2 @@ -3603,20 +3599,20 @@ Resolves: 555835 * Wed Apr 25 2007 Dan Walsh 2.0.14-1 - Updated version of policycoreutils - * Build fix for setsebool. + * Build fix for setsebool. * Wed Apr 25 2007 Dan Walsh 2.0.13-1 - Updated version of policycoreutils - * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley. - * Merged genhomedircon patch to use the __default__ setting from Dan Walsh. - * Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel. + * Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley. + * Merged genhomedircon patch to use the __default__ setting from Dan Walsh. + * Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel. * Tue Apr 24 2007 Dan Walsh 2.0.10-2 - Fixes for polgengui * Tue Apr 24 2007 Dan Walsh 2.0.10-1 - Updated version of policycoreutils - * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh. + * Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh. * Fri Apr 20 2007 Dan Walsh 2.0.9-10 - Fix genhomedircon to handle non user_u for the default user @@ -3647,15 +3643,15 @@ Resolves: 555835 * Thu Apr 12 2007 Dan Walsh 2.0.9-1 - Updated version of sepolgen - * Merged seobject setransRecords patch to return the first alias from Xavier Toth. + * Merged seobject setransRecords patch to return the first alias from Xavier Toth. * Wed Apr 11 2007 Dan Walsh 2.0.8-1 - Updated version of sepolgen - * Merged updates to sepolgen-ifgen from Karl MacMillan. - * Merged updates to sepolgen parser and tools from Karl MacMillan. - This includes improved debugging support, handling of interface - calls with list parameters, support for role transition rules, - updated range transition rule support, and looser matching. + * Merged updates to sepolgen-ifgen from Karl MacMillan. + * Merged updates to sepolgen parser and tools from Karl MacMillan. + This includes improved debugging support, handling of interface + calls with list parameters, support for role transition rules, + updated range transition rule support, and looser matching. * Mon Apr 9 2007 Dan Walsh 2.0.7-11 - Don't generate invalid context with genhomedircon @@ -3675,12 +3671,12 @@ Resolves: 555835 * Fri Mar 23 2007 Dan Walsh 2.0.7-6 - Updated version of sepolgen - * Merged patch to discard self from types when generating requires from Karl MacMillan. + * Merged patch to discard self from types when generating requires from Karl MacMillan. * Fri Mar 23 2007 Dan Walsh 2.0.7-5 - Change location of audit2allow and sepol-ifgen to sbin - Updated version of sepolgen - * Merged patch to move the sepolgen runtime data from /usr/share to /var/lib to facilitate a read-only /usr from Karl MacMillan. + * Merged patch to move the sepolgen runtime data from /usr/share to /var/lib to facilitate a read-only /usr from Karl MacMillan. * Mon Mar 19 2007 Dan Walsh 2.0.7-4 - Add polgen gui @@ -3694,16 +3690,16 @@ Resolves: 555835 * Thu Mar 1 2007 Dan Walsh 2.0.7-1 - Update to upstream - * Merged restorecond init script LSB compliance patch from Steve Grubb. + * Merged restorecond init script LSB compliance patch from Steve Grubb. -sepolgen - * Merged better matching for refpolicy style from Karl MacMillan - * Merged support for extracting interface paramaters from interface calls from Karl MacMillan - * Merged support for parsing USER_AVC audit messages from Karl MacMillan. + * Merged better matching for refpolicy style from Karl MacMillan + * Merged support for extracting interface paramaters from interface calls from Karl MacMillan + * Merged support for parsing USER_AVC audit messages from Karl MacMillan. * Tue Feb 27 2007 Dan Walsh 2.0.6-3 - Update to upstream -sepolgen - * Merged support for enabling parser debugging from Karl MacMillan. + * Merged support for enabling parser debugging from Karl MacMillan. - Add sgrupp cleanup of restorcon init script * Mon Feb 26 2007 Dan Walsh 2.0.6-2 @@ -3712,27 +3708,27 @@ Resolves: 555835 * Fri Feb 23 2007 Dan Walsh 2.0.6-1 - Update to upstream - policycoreutils - * Merged newrole O_NONBLOCK fix from Linda Knippers. - * Merged sepolgen and audit2allow patches to leave generated files - in the current directory from Karl MacMillan. - * Merged restorecond memory leak fix from Steve Grubb. + * Merged newrole O_NONBLOCK fix from Linda Knippers. + * Merged sepolgen and audit2allow patches to leave generated files + in the current directory from Karl MacMillan. + * Merged restorecond memory leak fix from Steve Grubb. -sepolgen - * Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan. - * Merged patch to make run-tests.py use unittest.main from Karl MacMillan. - * Merged patch to update PLY from Karl MacMillan. - * Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan. + * Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan. + * Merged patch to make run-tests.py use unittest.main from Karl MacMillan. + * Merged patch to update PLY from Karl MacMillan. + * Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan. * Thu Feb 22 2007 Dan Walsh 2.0.3-2 - Do not fail on sepolgen-ifgen * Thu Feb 22 2007 Dan Walsh 2.0.3-1 - Update to upstream - * Merged translations update from Dan Walsh. - * Merged chcat fixes from Dan Walsh. - * Merged man page fixes from Dan Walsh. - * Merged seobject prefix validity checking from Dan Walsh. - * Merged Makefile and refparser.py patch from Dan Walsh. - Fixes PYTHONLIBDIR definition and error handling on interface files. + * Merged translations update from Dan Walsh. + * Merged chcat fixes from Dan Walsh. + * Merged man page fixes from Dan Walsh. + * Merged seobject prefix validity checking from Dan Walsh. + * Merged Makefile and refparser.py patch from Dan Walsh. + Fixes PYTHONLIBDIR definition and error handling on interface files. * Tue Feb 20 2007 Dan Walsh 2.0.2-3 - Updated newrole NONBlOCK patch @@ -3742,8 +3738,8 @@ Resolves: 555835 * Tue Feb 20 2007 Dan Walsh 2.0.2-1 - Update to upstream - * Merged seobject exception handler fix from Caleb Case. - * Merged setfiles memory leak patch from Todd Miller. + * Merged seobject exception handler fix from Caleb Case. + * Merged setfiles memory leak patch from Todd Miller. * Thu Feb 15 2007 Dan Walsh 2.0.1-2 - Cleanup man pages syntax @@ -3751,15 +3747,15 @@ Resolves: 555835 * Mon Feb 12 2007 Dan Walsh 2.0.1-1 - Update to upstream - * Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh. + * Merged small fix to correct include of errcodes.h in semodule_deps from Dan Walsh. * Wed Feb 7 2007 Dan Walsh 2.0.0-1 - Update to upstream - * Merged new audit2allow from Karl MacMillan. - This audit2allow depends on the new sepolgen python module. - Note that you must run the sepolgen-ifgen tool to generate - the data needed by audit2allow to generate refpolicy. - * Fixed newrole non-pam build. + * Merged new audit2allow from Karl MacMillan. + This audit2allow depends on the new sepolgen python module. + Note that you must run the sepolgen-ifgen tool to generate + the data needed by audit2allow to generate refpolicy. + * Fixed newrole non-pam build. - Fix Changelog and spelling error in man page * Thu Feb 1 2007 Dan Walsh 1.34.1-4 @@ -3774,16 +3770,16 @@ Resolves: 555835 * Wed Jan 24 2007 Dan Walsh 1.34.1-1 - Fix system-config-selinux ports view - Update to upstream - * Fixed newrole non-pam build. - * Updated version for stable branch. + * Fixed newrole non-pam build. + * Updated version for stable branch. * Wed Jan 17 2007 Dan Walsh 1.33.15-1 - Update to upstream - * Merged unicode-to-string fix for seobject audit from Dan Walsh. - * Merged man page updates to make "apropos selinux" work from Dan Walsh. + * Merged unicode-to-string fix for seobject audit from Dan Walsh. + * Merged man page updates to make "apropos selinux" work from Dan Walsh. * Tue Jan 16 2007 Dan Walsh 1.33.14-1 - * Merged newrole man page patch from Michael Thompson. - * Merged patch to fix python unicode problem from Dan Walsh. + * Merged newrole man page patch from Michael Thompson. + * Merged patch to fix python unicode problem from Dan Walsh. * Tue Jan 16 2007 Dan Walsh 1.33.12-3 - Fix handling of audit messages for useradd change @@ -3796,20 +3792,20 @@ Resolves: #217881 * Tue Jan 9 2007 Dan Walsh 1.33.12-1 - Want to update to match api - Update to upstream - * Merged newrole securetty check from Dan Walsh. - * Merged semodule patch to generalize list support from Karl MacMillan. + * Merged newrole securetty check from Dan Walsh. + * Merged semodule patch to generalize list support from Karl MacMillan. Resolves: #200110 * Tue Jan 9 2007 Dan Walsh 1.33.11-1 - Update to upstream - * Merged fixfiles and seobject fixes from Dan Walsh. - * Merged semodule support for list of modules after -i from Karl MacMillan. + * Merged fixfiles and seobject fixes from Dan Walsh. + * Merged semodule support for list of modules after -i from Karl MacMillan. * Tue Jan 9 2007 Dan Walsh 1.33.10-1 - Update to upstream - * Merged patch to correctly handle a failure during semanage handle - creation from Karl MacMillan. - * Merged patch to fix seobject role modification from Dan Walsh. + * Merged patch to correctly handle a failure during semanage handle + creation from Karl MacMillan. + * Merged patch to fix seobject role modification from Dan Walsh. * Fri Jan 5 2007 Dan Walsh 1.33.8-2 - Stop newrole -l from working on non secure ttys @@ -3817,14 +3813,14 @@ Resolves: #200110 * Thu Jan 4 2007 Dan Walsh 1.33.8-1 - Update to upstream - * Merged patches from Dan Walsh to: - - omit the optional name from audit2allow - - use the installed python version in the Makefiles - - re-open the tty with O_RDWR in newrole + * Merged patches from Dan Walsh to: + - omit the optional name from audit2allow + - use the installed python version in the Makefiles + - re-open the tty with O_RDWR in newrole * Wed Jan 3 2007 Dan Walsh 1.33.7-1 - Update to upstream - * Patch from Dan Walsh to correctly suppress warnings in load_policy. + * Patch from Dan Walsh to correctly suppress warnings in load_policy. * Tue Jan 2 2007 Dan Walsh 1.33.6-9 - Fix fixfiles script to use tty command correctly. If this command fails, it @@ -3861,11 +3857,11 @@ Resolves: #216920 * Wed Nov 29 2006 Dan Walsh 1.33.6-1 - Update to upstream - * Patch from Dan Walsh to add an pam_acct_msg call to run_init - * Patch from Dan Walsh to fix error code returns in newrole - * Patch from Dan Walsh to remove verbose flag from semanage man page - * Patch from Dan Walsh to make audit2allow use refpolicy Makefile - in /usr/share/selinux/ + * Patch from Dan Walsh to add an pam_acct_msg call to run_init + * Patch from Dan Walsh to fix error code returns in newrole + * Patch from Dan Walsh to remove verbose flag from semanage man page + * Patch from Dan Walsh to make audit2allow use refpolicy Makefile + in /usr/share/selinux/ * Wed Nov 29 2006 Dan Walsh 1.33.5-4 - Fixing the Makefile line again to build with LSPP support @@ -3890,9 +3886,9 @@ Resolves: #208838 * Wed Nov 22 2006 Dan Walsh 1.33.4-1 - Upstream accepted my patches - * Merged setsebool patch from Karl MacMillan. - This fixes a bug reported by Yuichi Nakamura with - always setting booleans persistently on an unmanaged system. + * Merged setsebool patch from Karl MacMillan. + This fixes a bug reported by Yuichi Nakamura with + always setting booleans persistently on an unmanaged system. * Mon Nov 20 2006 Dan Walsh 1.33.2-2 - Fixes for the gui @@ -3927,7 +3923,7 @@ Resolves: #208838 * Tue Nov 14 2006 Dan Walsh 1.33.1-1 - Update to upstream - * Merged newrole patch set from Michael Thompson. + * Merged newrole patch set from Michael Thompson. - Add policycoreutils-gui * Thu Nov 9 2006 Dan Walsh 1.32-3 @@ -3939,18 +3935,18 @@ Resolves: #208838 * Mon Oct 9 2006 Dan Walsh 1.32-1 - Add newrole audit patch from sgrubb - Update to upstream - * Merged audit2allow -l fix from Yuichi Nakamura. - * Merged restorecon -i and -o - support from Karl MacMillan. - * Merged semanage/seobject fix from Dan Walsh. - * Merged fixfiles -R and verify changes from Dan Walsh. + * Merged audit2allow -l fix from Yuichi Nakamura. + * Merged restorecon -i and -o - support from Karl MacMillan. + * Merged semanage/seobject fix from Dan Walsh. + * Merged fixfiles -R and verify changes from Dan Walsh. * Fri Oct 6 2006 Dan Walsh 1.30.30-2 - Separate out newrole into its own package * Fri Sep 29 2006 Dan Walsh 1.30.30-1 - Update to upstream - * Merged newrole auditing of failures due to user actions from - Michael Thompson. + * Merged newrole auditing of failures due to user actions from + Michael Thompson. * Thu Sep 21 2006 Dan Walsh 1.30.29-6 - Pass -i qualifier to restorecon for fixfiles -R @@ -4004,8 +4000,8 @@ Resolves: #208838 - Security fixes to run python in a more locked down manner - More Translations - Update to upstream - * Merged fix for restorecon // handling from Erich Schubert. - * Merged translations update and fixfiles fix from Dan Walsh. + * Merged fix for restorecon // handling from Erich Schubert. + * Merged translations update and fixfiles fix from Dan Walsh. * Thu Aug 31 2006 Dan Walsh 1.30.27-5 - Change scripts to use /usr/sbin/python @@ -4022,26 +4018,26 @@ Resolves: #208838 * Thu Aug 24 2006 Dan Walsh 1.30.27-1 - Update to upstream - * Merged fix for restorecon symlink handling from Erich Schubert. + * Merged fix for restorecon symlink handling from Erich Schubert. * Sat Aug 12 2006 Dan Walsh 1.30.26-1 - Update to upstream - * Merged semanage local file contexts patch from Chris PeBenito. + * Merged semanage local file contexts patch from Chris PeBenito. - Fix fixfiles log creation - More translations * Thu Aug 3 2006 Dan Walsh 1.30.25-1 - Update to upstream - * Merged patch from Dan Walsh with: - * audit2allow: process MAC_POLICY_LOAD events - * newrole: run shell with - prefix to start a login shell - * po: po file updates - * restorecond: bail if SELinux not enabled - * fixfiles: omit -q - * genhomedircon: fix exit code if non-root - * semodule_deps: install man page - * Merged secon Makefile fix from Joshua Brindle. - * Merged netfilter contexts support patch from Chris PeBenito. + * Merged patch from Dan Walsh with: + * audit2allow: process MAC_POLICY_LOAD events + * newrole: run shell with - prefix to start a login shell + * po: po file updates + * restorecond: bail if SELinux not enabled + * fixfiles: omit -q + * genhomedircon: fix exit code if non-root + * semodule_deps: install man page + * Merged secon Makefile fix from Joshua Brindle. + * Merged netfilter contexts support patch from Chris PeBenito. * Wed Aug 2 2006 Dan Walsh 1.30.22-3 - Fix audit2allow to handle reload of policy @@ -4051,12 +4047,12 @@ Resolves: #208838 * Tue Aug 1 2006 Dan Walsh 1.30.22-1 - Update to upstream - * Merged restorecond size_t fix from Joshua Brindle. - * Merged secon keycreate patch from Michael LeMay. - * Merged restorecond fixes from Dan Walsh. - Merged updated po files from Dan Walsh. - * Merged python gettext patch from Stephen Bennett. - * Merged semodule_deps from Karl MacMillan. + * Merged restorecond size_t fix from Joshua Brindle. + * Merged secon keycreate patch from Michael LeMay. + * Merged restorecond fixes from Dan Walsh. + Merged updated po files from Dan Walsh. + * Merged python gettext patch from Stephen Bennett. + * Merged semodule_deps from Karl MacMillan. * Thu Jul 27 2006 Dan Walsh 1.30.17-7 - Change newrole to exec a login shell to prevent suspend. @@ -4079,12 +4075,12 @@ Resolves: #208838 * Tue Jul 4 2006 Dan Walsh 1.30.17-1 - Update to upstream - * Lindent. - * Merged patch from Dan Walsh with: - * -p option (progress) for setfiles and restorecon. - * disable context translation for setfiles and restorecon. - * on/off values for setsebool. - * Merged setfiles and semodule_link fixes from Joshua Brindle. + * Lindent. + * Merged patch from Dan Walsh with: + * -p option (progress) for setfiles and restorecon. + * disable context translation for setfiles and restorecon. + * on/off values for setsebool. + * Merged setfiles and semodule_link fixes from Joshua Brindle. * Thu Jun 22 2006 Dan Walsh 1.30.14-5 - Add progress indicator on fixfiles/setfiles/restorecon @@ -4101,11 +4097,11 @@ Resolves: #208838 * Fri Jun 16 2006 Dan Walsh 1.30.14-1 - Update to upstream - * Merged fix for setsebool error path from Serge Hallyn. - * Merged patch from Dan Walsh with: - * Updated po files. - * Fixes for genhomedircon and seobject. - * Audit message for mass relabel by setfiles. + * Merged fix for setsebool error path from Serge Hallyn. + * Merged patch from Dan Walsh with: + * Updated po files. + * Fixes for genhomedircon and seobject. + * Audit message for mass relabel by setfiles. * Tue Jun 13 2006 James Antill 1.30.12-5 - Update audit mass relabel to only compile in when audit is installed. @@ -4121,15 +4117,15 @@ Resolves: #208838 - Add BuildRequires for gettext * Mon Jun 5 2006 Dan Walsh 1.30.12-1 - * Updated fixfiles script for new setfiles location in /sbin. + * Updated fixfiles script for new setfiles location in /sbin. * Tue May 30 2006 Dan Walsh 1.30.11-1 - Update to upstream - * Merged more translations from Dan Walsh. - * Merged patch to relocate setfiles to /sbin for early relabel - when /usr might not be mounted from Dan Walsh. - * Merged semanage/seobject patch to preserve fcontext ordering in list. - * Merged secon patch from James Antill. + * Merged more translations from Dan Walsh. + * Merged patch to relocate setfiles to /sbin for early relabel + when /usr might not be mounted from Dan Walsh. + * Merged semanage/seobject patch to preserve fcontext ordering in list. + * Merged secon patch from James Antill. * Fri May 26 2006 Dan Walsh 1.30.10-4 - Fix seobject.py to not sort the file_context file. @@ -4146,8 +4142,8 @@ Resolves: #208838 * Tue May 23 2006 Dan Walsh 1.30.10-1 - Update to upstream - * Merged patch with updates to audit2allow, secon, genhomedircon, - and semanage from Dan Walsh. + * Merged patch with updates to audit2allow, secon, genhomedircon, + and semanage from Dan Walsh. * Sat May 20 2006 Dan Walsh 1.30.9-4 - Fix exception in genhomedircon @@ -4160,21 +4156,21 @@ Resolves: #208838 * Mon May 15 2006 Dan Walsh 1.30.9-1 - Update to upstream - * Fixed audit2allow and po Makefiles for DESTDIR= builds. - * Merged .po file patch from Dan Walsh. - * Merged bug fix for genhomedircon. + * Fixed audit2allow and po Makefiles for DESTDIR= builds. + * Merged .po file patch from Dan Walsh. + * Merged bug fix for genhomedircon. * Wed May 10 2006 Dan Walsh 1.30.8-2 - Fix exception on bad file_context * Mon May 8 2006 Dan Walsh 1.30.8-1 - Update to upstream - * Merged fix warnings patch from Karl MacMillan. - * Merged patch from Dan Walsh. - This includes audit2allow changes for analysis plugins, - internationalization support for several additional programs - and added po files, some fixes for semanage, and several cleanups. - It also adds a new secon utility. + * Merged fix warnings patch from Karl MacMillan. + * Merged patch from Dan Walsh. + This includes audit2allow changes for analysis plugins, + internationalization support for several additional programs + and added po files, some fixes for semanage, and several cleanups. + It also adds a new secon utility. * Sun May 7 2006 Dan Walsh 1.30.6-5 - Fix genhomedircon to catch duplicate homedir problem @@ -4192,9 +4188,9 @@ Resolves: #208838 * Fri Apr 14 2006 Dan Walsh 1.30.6-1 - Add /etc/samba/secrets.tdb to restorecond.conf - Update from upstream - * Merged semanage prefix support from Russell Coker. - * Added a test to setfiles to check that the spec file is - a regular file. + * Merged semanage prefix support from Russell Coker. + * Added a test to setfiles to check that the spec file is + a regular file. * Thu Apr 06 2006 Karsten Hopp 1.30.4-4 - added some missing buildrequires @@ -4210,11 +4206,11 @@ Resolves: #208838 * Wed Mar 29 2006 Dan Walsh 1.30.4-1 - Update from upstream - * Merged audit2allow fixes for refpolicy from Dan Walsh. - * Merged fixfiles patch from Dan Walsh. - * Merged restorecond daemon from Dan Walsh. - * Merged semanage non-MLS fixes from Chris PeBenito. - * Merged semanage and semodule man page examples from Thomas Bleher. + * Merged audit2allow fixes for refpolicy from Dan Walsh. + * Merged fixfiles patch from Dan Walsh. + * Merged restorecond daemon from Dan Walsh. + * Merged semanage non-MLS fixes from Chris PeBenito. + * Merged semanage and semodule man page examples from Thomas Bleher. * Tue Mar 28 2006 Dan Walsh 1.30.1-4 - Clean up reference policy generation in audit2allow @@ -4228,7 +4224,7 @@ Resolves: #208838 * Tue Mar 21 2006 Dan Walsh 1.30.1-1 - Make audit2allow translate dontaudit as well as allow rules - Update from upstream - * Merged semanage labeling prefix patch from Ivan Gyurdiev. + * Merged semanage labeling prefix patch from Ivan Gyurdiev. * Tue Mar 21 2006 Dan Walsh 1.30-5 - Fix audit2allow to retrieve dontaudit rules @@ -4266,16 +4262,16 @@ Resolves: #208838 * Mon Feb 20 2006 Dan Walsh 1.29.26-1 - Update from upstream - * Merged semanage bug fix patch from Ivan Gyurdiev. - * Merged improve bindings patch from Ivan Gyurdiev. - * Merged semanage usage patch from Ivan Gyurdiev. - * Merged use PyList patch from Ivan Gyurdiev. + * Merged semanage bug fix patch from Ivan Gyurdiev. + * Merged improve bindings patch from Ivan Gyurdiev. + * Merged semanage usage patch from Ivan Gyurdiev. + * Merged use PyList patch from Ivan Gyurdiev. * Mon Feb 13 2006 Dan Walsh 1.29.23-1 - Update from upstream - * Merged newrole -V/--version support from Glauber de Oliveira Costa. - * Merged genhomedircon prefix patch from Dan Walsh. - * Merged optionals in base patch from Joshua Brindle. + * Merged newrole -V/--version support from Glauber de Oliveira Costa. + * Merged genhomedircon prefix patch from Dan Walsh. + * Merged optionals in base patch from Joshua Brindle. * Fri Feb 10 2006 Jesse Keating - 1.29.20-2.1 - bump again for double-long bug on ppc(64) @@ -4286,10 +4282,10 @@ Resolves: #208838 * Tue Feb 07 2006 Dan Walsh 1.29.20-1 - Update from upstream - * Merged seuser/user_extra support patch to semodule_package - from Joshua Brindle. - * Merged getopt type fix for semodule_link/expand and sestatus - from Chris PeBenito. + * Merged seuser/user_extra support patch to semodule_package + from Joshua Brindle. + * Merged getopt type fix for semodule_link/expand and sestatus + from Chris PeBenito. - Fix genhomedircon output * Tue Feb 07 2006 Jesse Keating - 1.29.18-2.1 @@ -4300,20 +4296,20 @@ Resolves: #208838 * Thu Feb 2 2006 Dan Walsh 1.29.18-1 - Update from upstream - * Merged clone record on set_con patch from Ivan Gyurdiev. + * Merged clone record on set_con patch from Ivan Gyurdiev. * Mon Jan 30 2006 Dan Walsh 1.29.17-1 - Update from upstream - * Merged genhomedircon fix from Dan Walsh. - * Merged seusers.system patch from Ivan Gyurdiev. - * Merged improve port/fcontext API patch from Ivan Gyurdiev. - * Merged genhomedircon patch from Dan Walsh. + * Merged genhomedircon fix from Dan Walsh. + * Merged seusers.system patch from Ivan Gyurdiev. + * Merged improve port/fcontext API patch from Ivan Gyurdiev. + * Merged genhomedircon patch from Dan Walsh. * Fri Jan 27 2006 Dan Walsh 1.29.15-1 - Update from upstream - * Merged newrole audit patch from Steve Grubb. - * Merged seuser -> seuser local rename patch from Ivan Gyurdiev. - * Merged semanage and semodule access check patches from Joshua Brindle. + * Merged newrole audit patch from Steve Grubb. + * Merged seuser -> seuser local rename patch from Ivan Gyurdiev. + * Merged semanage and semodule access check patches from Joshua Brindle. * Wed Jan 25 2006 Dan Walsh 1.29.12-1 - Add a default of /export/home @@ -4326,21 +4322,21 @@ Resolves: #208838 * Wed Jan 25 2006 Dan Walsh 1.29.11-1 - Added translation support to semanage - Update from upstream - * Modified newrole and run_init to use the loginuid when - supported to obtain the Linux user identity to re-authenticate, - and to fall back to real uid. Dropped the use of the SELinux - user identity, as Linux users are now mapped to SELinux users - via seusers and the SELinux user identity space is separate. - * Merged semanage bug fixes from Ivan Gyurdiev. - * Merged semanage fixes from Russell Coker. - * Merged chcat.8 and genhomedircon patches from Dan Walsh. + * Modified newrole and run_init to use the loginuid when + supported to obtain the Linux user identity to re-authenticate, + and to fall back to real uid. Dropped the use of the SELinux + user identity, as Linux users are now mapped to SELinux users + via seusers and the SELinux user identity space is separate. + * Merged semanage bug fixes from Ivan Gyurdiev. + * Merged semanage fixes from Russell Coker. + * Merged chcat.8 and genhomedircon patches from Dan Walsh. * Thu Jan 19 2006 Dan Walsh 1.29.9-2 - Fix genhomedircon to work on MLS policy * Thu Jan 19 2006 Dan Walsh 1.29.9-1 - Update to match NSA - * Merged chcat, semanage, and setsebool patches from Dan Walsh. + * Merged chcat, semanage, and setsebool patches from Dan Walsh. * Thu Jan 19 2006 Dan Walsh 1.29.8-4 - Fixes for "add"-"modify" error messages @@ -4354,9 +4350,9 @@ Resolves: #208838 * Wed Jan 18 2006 Dan Walsh 1.29.8-1 - Update to match NSA - * Merged semanage fixes from Ivan Gyurdiev. - * Merged semanage fixes from Russell Coker. - * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh. + * Merged semanage fixes from Ivan Gyurdiev. + * Merged semanage fixes from Russell Coker. + * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh. * Tue Jan 17 2006 Dan Walsh 1.29.7-4 - Update chcat to manage user categories also @@ -4369,10 +4365,10 @@ Resolves: #208838 * Fri Jan 13 2006 Dan Walsh 1.29.7-1 - Update to match NSA - * Merged newrole cleanup patch from Steve Grubb. - * Merged setfiles/restorecon performance patch from Russell Coker. - * Merged genhomedircon and semanage patches from Dan Walsh. - * Merged remove add_local/set_local patch from Ivan Gyurdiev. + * Merged newrole cleanup patch from Steve Grubb. + * Merged setfiles/restorecon performance patch from Russell Coker. + * Merged genhomedircon and semanage patches from Dan Walsh. + * Merged remove add_local/set_local patch from Ivan Gyurdiev. * Tue Jan 10 2006 Dan Walsh 1.29.5-3 - Fixes for mls policy @@ -4383,25 +4379,25 @@ Resolves: #208838 * Thu Jan 5 2006 Dan Walsh 1.29.5-1 - Update to match NSA - * Added filename to semodule error reporting. + * Added filename to semodule error reporting. * Thu Jan 5 2006 Dan Walsh 1.29.4-1 - Update to match NSA - * Merged genhomedircon and semanage patch from Dan Walsh. - * Changed semodule error reporting to include argv[0]. + * Merged genhomedircon and semanage patch from Dan Walsh. + * Changed semodule error reporting to include argv[0]. * Wed Jan 4 2006 Dan Walsh 1.29.3-1 - Update to match NSA - * Merged semanage getpwnam bug fix from Serge Hallyn (IBM). - * Merged patch series from Ivan Gyurdiev. - This includes patches to: - - cleanup setsebool - - update setsebool to apply active booleans through libsemanage - - update semodule to use the new semanage_set_rebuild() interface - - fix various bugs in semanage - * Merged patch from Dan Walsh (Red Hat). - This includes fixes for restorecon, chcat, fixfiles, genhomedircon, - and semanage. + * Merged semanage getpwnam bug fix from Serge Hallyn (IBM). + * Merged patch series from Ivan Gyurdiev. + This includes patches to: + - cleanup setsebool + - update setsebool to apply active booleans through libsemanage + - update semodule to use the new semanage_set_rebuild() interface + - fix various bugs in semanage + * Merged patch from Dan Walsh (Red Hat). + This includes fixes for restorecon, chcat, fixfiles, genhomedircon, + and semanage. * Mon Jan 2 2006 Dan Walsh 1.29.2-10 - Fix restorecon to not say it is changing user section when -vv is specified @@ -4430,7 +4426,7 @@ Resolves: #208838 * Wed Dec 14 2005 Dan Walsh 1.29.2-1 - Fix genhomedircon to work in installer - Update to match NSA - * Merged patch for chcat script from Dan Walsh. + * Merged patch for chcat script from Dan Walsh. * Fri Dec 9 2005 Dan Walsh 1.29.1-2 - More fixes to chcat @@ -4440,9 +4436,9 @@ Resolves: #208838 * Thu Dec 8 2005 Dan Walsh 1.29.1-1 - Update to match NSA - * Merged fix for audit2allow long option list from Dan Walsh. - * Merged -r option for restorecon (alias for -R) from Dan Walsh. - * Merged chcat script and man page from Dan Walsh. + * Merged fix for audit2allow long option list from Dan Walsh. + * Merged -r option for restorecon (alias for -R) from Dan Walsh. + * Merged chcat script and man page from Dan Walsh. * Wed Dec 7 2005 Dan Walsh 1.28-1 - Update to match NSA @@ -4457,52 +4453,52 @@ Resolves: #208838 * Mon Dec 5 2005 Dan Walsh 1.27.36-1 - Update to match NSA - * Changed genhomedircon to warn on use of ROLE in homedir_template - if using managed policy, as libsemanage does not yet support it. + * Changed genhomedircon to warn on use of ROLE in homedir_template + if using managed policy, as libsemanage does not yet support it. * Sun Dec 4 2005 Dan Walsh 1.27.35-1 - Update to match NSA - * Merged genhomedircon bug fix from Dan Walsh. - * Revised semodule* man pages to refer to checkmodule and - to include example sections. + * Merged genhomedircon bug fix from Dan Walsh. + * Revised semodule* man pages to refer to checkmodule and + to include example sections. * Thu Dec 1 2005 Dan Walsh 1.27.33-1 - Update to match NSA - * Merged audit2allow --tefile and --fcfile support from Dan Walsh. - * Merged genhomedircon fix from Dan Walsh. - * Merged semodule* man pages from Dan Walsh, and edited them. - * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to - retain validation/canonicalization of contexts during init. + * Merged audit2allow --tefile and --fcfile support from Dan Walsh. + * Merged genhomedircon fix from Dan Walsh. + * Merged semodule* man pages from Dan Walsh, and edited them. + * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to + retain validation/canonicalization of contexts during init. * Wed Nov 30 2005 Dan Walsh 1.27.31-1 - Update to match NSA - * Changed genhomedircon to always use user_r for the role in the - managed case since user_get_defrole is broken. + * Changed genhomedircon to always use user_r for the role in the + managed case since user_get_defrole is broken. - Add te file capabilities to audit2allow - Add man pages for semodule * Tue Nov 29 2005 Dan Walsh 1.27.30-1 - Update to match NSA - * Merged sestatus, audit2allow, and semanage patch from Dan Walsh. - * Fixed semodule -v option. + * Merged sestatus, audit2allow, and semanage patch from Dan Walsh. + * Fixed semodule -v option. * Mon Nov 28 2005 Dan Walsh 1.27.29-1 - Update to match NSA - * Merged audit2allow python script from Dan Walsh. - (old script moved to audit2allow.perl, will be removed later). - * Merged genhomedircon fixes from Dan Walsh. - * Merged semodule quieting patch from Dan Walsh - (inverts default, use -v to restore original behavior). + * Merged audit2allow python script from Dan Walsh. + (old script moved to audit2allow.perl, will be removed later). + * Merged genhomedircon fixes from Dan Walsh. + * Merged semodule quieting patch from Dan Walsh + (inverts default, use -v to restore original behavior). * Thu Nov 17 2005 Dan Walsh 1.27.28-3 - Audit2allow - * Add more error checking - * Add gen policy package - * Add gen requires + * Add more error checking + * Add gen policy package + * Add gen requires * Wed Nov 16 2005 Dan Walsh 1.27.28-2 - Update to match NSA - * Merged genhomedircon rewrite from Dan Walsh. + * Merged genhomedircon rewrite from Dan Walsh. - Rewrite audit2allow to python * Mon Nov 14 2005 Dan Walsh 1.27.27-5 @@ -4513,70 +4509,70 @@ Resolves: #208838 * Wed Nov 9 2005 Dan Walsh 1.27.27-1 - Update to match NSA - * Merged setsebool cleanup patch from Ivan Gyurdiev. + * Merged setsebool cleanup patch from Ivan Gyurdiev. * Wed Nov 9 2005 Dan Walsh 1.27.26-4 - Fix genhomedircon to use seusers file, temporary fix until swigified semanage * Tue Nov 8 2005 Dan Walsh 1.27.26-1 - * Added -B (--build) option to semodule to force a rebuild. - * Reverted setsebool patch to call semanage_set_reload_bools(). - * Changed setsebool to disable policy reload and to call - security_set_boolean_list to update the runtime booleans. - * Changed setfiles -c to use new flag to set_matchpathcon_flags() - to disable context translation by matchpathcon_init(). + * Added -B (--build) option to semodule to force a rebuild. + * Reverted setsebool patch to call semanage_set_reload_bools(). + * Changed setsebool to disable policy reload and to call + security_set_boolean_list to update the runtime booleans. + * Changed setfiles -c to use new flag to set_matchpathcon_flags() + to disable context translation by matchpathcon_init(). * Tue Nov 8 2005 Dan Walsh 1.27.23-1 - Update to match NSA - * Changed setfiles for the context canonicalization support. - * Changed setsebool to call semanage_is_managed() interface - and fall back to security_set_boolean_list() if policy is - not managed. - * Merged setsebool memory leak fix from Ivan Gyurdiev. - * Merged setsebool patch to call semanage_set_reload_bools() - interface from Ivan Gyurdiev. + * Changed setfiles for the context canonicalization support. + * Changed setsebool to call semanage_is_managed() interface + and fall back to security_set_boolean_list() if policy is + not managed. + * Merged setsebool memory leak fix from Ivan Gyurdiev. + * Merged setsebool patch to call semanage_set_reload_bools() + interface from Ivan Gyurdiev. * Mon Nov 7 2005 Dan Walsh 1.27.20-1 - Update to match NSA - * Merged setsebool patch from Ivan Gyurdiev. - This moves setsebool from libselinux/utils to policycoreutils, - and rewrites it to use libsemanage for permanent boolean changes. + * Merged setsebool patch from Ivan Gyurdiev. + This moves setsebool from libselinux/utils to policycoreutils, + and rewrites it to use libsemanage for permanent boolean changes. * Tue Oct 25 2005 Dan Walsh 1.27.19-2 - Rebuild to use latest libselinux, libsemanage, and libsepol * Tue Oct 25 2005 Dan Walsh 1.27.19-1 - Update to match NSA - * Merged semodule support for reload, noreload, and store options - from Joshua Brindle. - * Merged semodule_package rewrite from Joshua Brindle. + * Merged semodule support for reload, noreload, and store options + from Joshua Brindle. + * Merged semodule_package rewrite from Joshua Brindle. * Thu Oct 20 2005 Dan Walsh 1.27.18-1 - Update to match NSA - * Cleaned up usage and error messages and releasing of memory by - semodule utilities. - * Corrected error reporting by semodule. - * Updated semodule_expand for change to sepol interface. - * Merged fixes for make DESTDIR= builds from Joshua Brindle. + * Cleaned up usage and error messages and releasing of memory by + semodule utilities. + * Corrected error reporting by semodule. + * Updated semodule_expand for change to sepol interface. + * Merged fixes for make DESTDIR= builds from Joshua Brindle. * Tue Oct 18 2005 Dan Walsh 1.27.14-1 - Update to match NSA - * Updated semodule_package for sepol interface changes. + * Updated semodule_package for sepol interface changes. * Tue Oct 18 2005 Dan Walsh 1.27.13-1 - Update to match NSA - * Updated semodule_expand/link for sepol interface changes. + * Updated semodule_expand/link for sepol interface changes. * Sat Oct 15 2005 Dan Walsh 1.27.12-1 - Update to match NSA - * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood. + * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood. * Fri Oct 14 2005 Dan Walsh 1.27.11-1 - Update to match NSA - * Updated semodule_expand to use get interfaces for hidden sepol_module_package type. - * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat). - * Merged fixfiles patch from Dan Walsh (Red Hat). - * Updated semodule for removal of semanage_strerror. + * Updated semodule_expand to use get interfaces for hidden sepol_module_package type. + * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat). + * Merged fixfiles patch from Dan Walsh (Red Hat). + * Updated semodule for removal of semanage_strerror. * Thu Oct 13 2005 Dan Walsh 1.27.7-2 @@ -4584,17 +4580,17 @@ Resolves: #208838 * Wed Oct 12 2005 Dan Walsh 1.27.7-1 - Update to match NSA - * Updated semodule_link and semodule_expand to use shared libsepol. - Fixed audit2why to call policydb_init prior to policydb_read (still - uses the static libsepol). + * Updated semodule_link and semodule_expand to use shared libsepol. + Fixed audit2why to call policydb_init prior to policydb_read (still + uses the static libsepol). * Mon Oct 10 2005 Dan Walsh 1.27.6-1 - Update to match NSA - * Updated for changes to libsepol. - Changed semodule and semodule_package to use the shared libsepol. - Disabled build of semodule_link and semodule_expand for now. - Updated audit2why for relocated policydb internal headers, - still needs to be converted to a shared lib interface. + * Updated for changes to libsepol. + Changed semodule and semodule_package to use the shared libsepol. + Disabled build of semodule_link and semodule_expand for now. + Updated audit2why for relocated policydb internal headers, + still needs to be converted to a shared lib interface. * Fri Oct 7 2005 Dan Walsh 1.27.5-3 - Update newrole pam file to remove pam-stack @@ -4602,33 +4598,33 @@ Resolves: #208838 * Thu Oct 6 2005 Dan Walsh 1.27.5-1 - Update to match NSA - * Fixed warnings in load_policy. - * Rewrote load_policy to use the new selinux_mkload_policy() - interface provided by libselinux. + * Fixed warnings in load_policy. + * Rewrote load_policy to use the new selinux_mkload_policy() + interface provided by libselinux. * Wed Oct 5 2005 Dan Walsh 1.27.3-2 - Rebuild with newer libararies * Wed Sep 28 2005 Dan Walsh 1.27.3-1 - Update to match NSA - * Merged patch to update semodule to the new libsemanage API - and improve the user interface from Karl MacMillan (Tresys). - * Modified semodule for the create/connect API split. + * Merged patch to update semodule to the new libsemanage API + and improve the user interface from Karl MacMillan (Tresys). + * Modified semodule for the create/connect API split. * Wed Sep 28 2005 Dan Walsh 1.27.2-2 - More fixes to stop find from following nfs paths * Wed Sep 21 2005 Dan Walsh 1.27.2-1 - Update to match NSA - * Merged run_init open_init_pty bug fix from Manoj Srivastava - (unblock SIGCHLD). Bug reported by Erich Schubert. + * Merged run_init open_init_pty bug fix from Manoj Srivastava + (unblock SIGCHLD). Bug reported by Erich Schubert. * Tue Sep 20 2005 Dan Walsh 1.27.1-1 - Update to match NSA - * Merged error shadowing bug fix for restorecon from Dan Walsh. - * Merged setfiles usage/man page update for -r option from Dan Walsh. - * Merged fixfiles -C patch to ignore :s0 addition on update - to a MCS/MLS policy from Dan Walsh. + * Merged error shadowing bug fix for restorecon from Dan Walsh. + * Merged setfiles usage/man page update for -r option from Dan Walsh. + * Merged fixfiles -C patch to ignore :s0 addition on update + to a MCS/MLS policy from Dan Walsh. * Thu Sep 15 2005 Dan Walsh 1.26-3 - Add chcat script for use with chcon. @@ -4637,15 +4633,15 @@ Resolves: #208838 - Fix restorecon to exit with error code * Mon Sep 12 2005 Dan Walsh 1.26-1 - * Updated version for release. + * Updated version for release. * Tue Sep 6 2005 Dan Walsh 1.25.9-2 - Add prereq for mount command * Thu Sep 1 2005 Dan Walsh 1.25.9-1 - Update to match NSA - * Changed setfiles -c to translate the context to raw format - prior to calling libsepol. + * Changed setfiles -c to translate the context to raw format + prior to calling libsepol. * Fri Aug 26 2005 Dan Walsh 1.25.7-3 - Use new version of libsemange and require it for install @@ -4655,12 +4651,12 @@ Resolves: #208838 * Thu Aug 25 2005 Dan Walsh 1.25.7-1 - Update to match NSA - * Merged patch for fixfiles -C from Dan Walsh. + * Merged patch for fixfiles -C from Dan Walsh. * Tue Aug 23 2005 Dan Walsh 1.25.6-1 - Update to match NSA - * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM). - Bugs found by Coverity. + * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM). + Bugs found by Coverity. * Mon Aug 22 2005 Dan Walsh 1.25.5-3 - Fix fixfiles to call sort -u followed by sort -d. @@ -4670,28 +4666,28 @@ Resolves: #208838 * Fri Aug 5 2005 Dan Walsh 1.25.5-1 - Update to match NSA - * Merged patch to move module read/write code from libsemanage - to libsepol from Jason Tang (Tresys). + * Merged patch to move module read/write code from libsemanage + to libsepol from Jason Tang (Tresys). * Thu Jul 28 2005 Dan Walsh 1.25.4-1 - Update to match NSA - * Changed semodule* to link with libsemanage. + * Changed semodule* to link with libsemanage. * Wed Jul 27 2005 Dan Walsh 1.25.3-1 - Update to match NSA - * Merged restorecon patch from Ivan Gyurdiev. + * Merged restorecon patch from Ivan Gyurdiev. * Mon Jul 18 2005 Dan Walsh 1.25.2-1 - Update to match NSA - * Merged load_policy, newrole, and genhomedircon patches from Red Hat. + * Merged load_policy, newrole, and genhomedircon patches from Red Hat. * Thu Jul 7 2005 Dan Walsh 1.25.1-1 - Update to match NSA - * Merged loadable module support from Tresys Technology. + * Merged loadable module support from Tresys Technology. * Wed Jun 29 2005 Dan Walsh 1.24-1 - Update to match NSA - * Updated version for release. + * Updated version for release. * Tue Jun 14 2005 Dan Walsh 1.23.11-4 - Fix Ivan's patch for user role changes @@ -4705,27 +4701,27 @@ Resolves: #208838 * Fri May 20 2005 Dan Walsh 1.23.11-1 - Update to match NSA - * Merged fixfiles and newrole patch from Dan Walsh. - * Merged audit2why man page from Dan Walsh. + * Merged fixfiles and newrole patch from Dan Walsh. + * Merged audit2why man page from Dan Walsh. * Thu May 19 2005 Dan Walsh 1.23.10-2 - Add call to pam_acct_mgmt in newrole. * Tue May 17 2005 Dan Walsh 1.23.10-1 - Update to match NSA - * Extended audit2why to incorporate booleans and local user - settings when analyzing audit messages. + * Extended audit2why to incorporate booleans and local user + settings when analyzing audit messages. * Mon May 16 2005 Dan Walsh 1.23.9-1 - Update to match NSA - * Updated audit2why for sepol_ prefixes on Flask types to - avoid namespace collision with libselinux, and to - include now. + * Updated audit2why for sepol_ prefixes on Flask types to + avoid namespace collision with libselinux, and to + include now. * Fri May 13 2005 Dan Walsh 1.23.8-1 - Fix fixfiles to accept -f - Update to match NSA - * Added audit2why utility. + * Added audit2why utility. * Fri Apr 29 2005 Dan Walsh 1.23.7-1 - Change -f flag in fixfiles to remove stuff from /tmp @@ -4733,14 +4729,14 @@ Resolves: #208838 * Thu Apr 14 2005 Dan Walsh 1.23.6-1 - Update to match NSA - * Fixed signed/unsigned pointer bug in load_policy. - * Reverted context validation patch for genhomedircon. + * Fixed signed/unsigned pointer bug in load_policy. + * Reverted context validation patch for genhomedircon. * Wed Apr 13 2005 Dan Walsh 1.23.5-1 - Update to match NSA - * Reverted load_policy is_selinux_enabled patch from Dan Walsh. - Otherwise, an initial policy load cannot be performed using - load_policy, e.g. for anaconda. + * Reverted load_policy is_selinux_enabled patch from Dan Walsh. + Otherwise, an initial policy load cannot be performed using + load_policy, e.g. for anaconda. * Mon Apr 11 2005 Dan Walsh 1.23.4-3 @@ -4748,29 +4744,29 @@ Resolves: #208838 * Mon Apr 11 2005 Dan Walsh 1.23.4-1 - Update to version from NSA - * Merged load_policy is_selinux_enabled patch from Dan Walsh. - * Merged restorecon verbose output patch from Dan Walsh. - * Merged setfiles altroot patch from Chris PeBenito. + * Merged load_policy is_selinux_enabled patch from Dan Walsh. + * Merged restorecon verbose output patch from Dan Walsh. + * Merged setfiles altroot patch from Chris PeBenito. * Thu Apr 7 2005 Dan Walsh 1.23.3-2 - Don't run load_policy on a non SELinux kernel. * Wed Apr 6 2005 Dan Walsh 1.23.3-1 - Update to version from NSA - * Merged context validation patch for genhomedircon from Eric Paris. + * Merged context validation patch for genhomedircon from Eric Paris. - Fix verbose output of restorecon * Thu Mar 17 2005 Dan Walsh 1.23.2-1 - Update to version from NSA - * Changed setfiles -c to call set_matchpathcon_flags(3) to - turn off processing of .homedirs and .local. + * Changed setfiles -c to call set_matchpathcon_flags(3) to + turn off processing of .homedirs and .local. * Tue Mar 15 2005 Dan Walsh 1.23.1-1 - Update to released version from NSA - * Merged rewrite of genhomedircon by Eric Paris. - * Changed fixfiles to relabel jfs since it now supports security xattrs - (as of 2.6.11). Removed reiserfs until 2.6.12 is released with - fixed support for reiserfs and selinux. + * Merged rewrite of genhomedircon by Eric Paris. + * Changed fixfiles to relabel jfs since it now supports security xattrs + (as of 2.6.11). Removed reiserfs until 2.6.12 is released with + fixed support for reiserfs and selinux. * Thu Mar 10 2005 Dan Walsh 1.22-2 - Update to released version from NSA @@ -4783,7 +4779,7 @@ Resolves: #208838 - Cleanup error reporting * Tue Mar 1 2005 Dan Walsh 1.21.21-1 - * Merged load_policy and genhomedircon patch from Dan Walsh. + * Merged load_policy and genhomedircon patch from Dan Walsh. * Mon Feb 28 2005 Dan Walsh 1.21.20-3 - Fix genhomedircon to add extr "\n" @@ -4804,35 +4800,35 @@ Resolves: #208838 * Tue Feb 22 2005 Dan Walsh 1.21.19-1 - Update to latest from NSA - * Merged several fixes from Ulrich Drepper. + * Merged several fixes from Ulrich Drepper. * Mon Feb 21 2005 Dan Walsh 1.21.18-2 - Apply Uli patch - * The Makefiles should use the -Wall option even if compiled in beehive - * Add -W, too - * use -Werror when used outside of beehive. This could also be used unconditionally - * setfiles/setfiles.c: fix resulting warning - * restorecon/restorecon.c: Likewise - * run_init/open_init_pty.c: argc hasn't been checked, the program would crash if + * The Makefiles should use the -Wall option even if compiled in beehive + * Add -W, too + * use -Werror when used outside of beehive. This could also be used unconditionally + * setfiles/setfiles.c: fix resulting warning + * restorecon/restorecon.c: Likewise + * run_init/open_init_pty.c: argc hasn't been checked, the program would crash if called without parameters. ignore the return value of nice properly. - * run_init: don't link with -ldl lutil - * load_policy: that's the bad bug. pointer to unsigned int is passed, size_t is + * run_init: don't link with -ldl lutil + * load_policy: that's the bad bug. pointer to unsigned int is passed, size_t is written to. fails on 64-bit archs - * sestatus: signed vs unsigned problem - * newrole: don't link with -ldl + * sestatus: signed vs unsigned problem + * newrole: don't link with -ldl * Sat Feb 19 2005 Dan Walsh 1.21.18-1 - Update to latest from NSA - * Changed load_policy to fall back to the original policy upon - an error from sepol_genusers(). + * Changed load_policy to fall back to the original policy upon + an error from sepol_genusers(). * Thu Feb 17 2005 Dan Walsh 1.21.17-2 - Only restorecon on ext[23], reiser and xfs * Thu Feb 17 2005 Dan Walsh 1.21.17-1 - Update to latest from NSA - * Merged new genhomedircon script from Dan Walsh. - * Changed load_policy to call sepol_genusers(). + * Merged new genhomedircon script from Dan Walsh. + * Changed load_policy to call sepol_genusers(). * Thu Feb 17 2005 Dan Walsh 1.21.15-9 - Remove Red Hat rhpl usage @@ -4850,16 +4846,16 @@ written to. fails on 64-bit archs * Thu Feb 10 2005 Dan Walsh 1.21.15-1 - Update from NSA - * Changed relabel Makefile target to use restorecon. + * Changed relabel Makefile target to use restorecon. * Wed Feb 9 2005 Dan Walsh 1.21.14-1 - Update from NSA - * Merged restorecon patch from Dan Walsh. + * Merged restorecon patch from Dan Walsh. * Tue Feb 8 2005 Dan Walsh 1.21.13-1 - Update from NSA - * Merged further change to fixfiles -C from Dan Walsh. - * Merged updated fixfiles script from Dan Walsh. + * Merged further change to fixfiles -C from Dan Walsh. + * Merged updated fixfiles script from Dan Walsh. - Fix error handling of restorecon @@ -4868,7 +4864,7 @@ written to. fails on 64-bit archs * Wed Feb 2 2005 Dan Walsh 1.21.12-1 - More cleanup of fixfiles sed patch - * Merged further patches for restorecon/setfiles -e and fixfiles -C. + * Merged further patches for restorecon/setfiles -e and fixfiles -C. * Wed Feb 2 2005 Dan Walsh 1.21.10-2 - More cleanup of fixfiles sed patch @@ -4876,48 +4872,48 @@ written to. fails on 64-bit archs * Mon Jan 31 2005 Dan Walsh 1.21.10-1 - More cleanup of fixfiles sed patch - Upgrade to latest from NSA - * Merged patch for open_init_pty from Manoj Srivastava. + * Merged patch for open_init_pty from Manoj Srivastava. * Fri Jan 28 2005 Dan Walsh 1.21.9-1 - More cleanup of sed patch - Upgrade to latest from NSA - * Merged updated fixfiles script from Dan Walsh. - * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped. - * Reverted fixfiles patch for file_contexts.local; - obsoleted by setfiles rewrite. - * Merged error handling patch for restorecon from Dan Walsh. - * Merged semi raw mode for open_init_pty helper from Manoj Srivastava. - * Rewrote setfiles to use matchpathcon and the new interfaces - exported by libselinux (>= 1.21.5). + * Merged updated fixfiles script from Dan Walsh. + * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped. + * Reverted fixfiles patch for file_contexts.local; + obsoleted by setfiles rewrite. + * Merged error handling patch for restorecon from Dan Walsh. + * Merged semi raw mode for open_init_pty helper from Manoj Srivastava. + * Rewrote setfiles to use matchpathcon and the new interfaces + exported by libselinux (>= 1.21.5). * Fri Jan 28 2005 Dan Walsh 1.21.7-3 - Fix fixfiles patch - Upgrade to latest from NSA - * Prevent overflow of spec array in setfiles. + * Prevent overflow of spec array in setfiles. - Add diff comparason between file_contexts to fixfiles - Allow restorecon to give an warning on file not found instead of exiting * Thu Jan 27 2005 Dan Walsh 1.21.5-1 - Upgrade to latest from NSA - * Merged newrole -l support from Darrel Goeddel (TCS). + * Merged newrole -l support from Darrel Goeddel (TCS). - Fix genhomedircon STARTING_UID * Wed Jan 26 2005 Dan Walsh 1.21.4-1 - Upgrade to latest from NSA - * Merged fixfiles patch for file_contexts.local from Dan Walsh. + * Merged fixfiles patch for file_contexts.local from Dan Walsh. * Fri Jan 21 2005 Dan Walsh 1.21.3-2 - Temp file needs to be created in /etc/selinux/POLICYTYPE/contexts/files/ directory. * Fri Jan 21 2005 Dan Walsh 1.21.3-1 - Upgrade to latest from NSA - * Fixed restorecon to not treat errors from is_context_customizable() - as a customizable context. - * Merged setfiles/restorecon patch to not reset user field unless - -F option is specified from Dan Walsh. - * Merged open_init_pty helper for run_init from Manoj Srivastava. - * Merged audit2allow and genhomedircon man pages from Manoj Srivastava. + * Fixed restorecon to not treat errors from is_context_customizable() + as a customizable context. + * Merged setfiles/restorecon patch to not reset user field unless + -F option is specified from Dan Walsh. + * Merged open_init_pty helper for run_init from Manoj Srivastava. + * Merged audit2allow and genhomedircon man pages from Manoj Srivastava. * Fri Jan 21 2005 Dan Walsh 1.21.1-3 - Don't change user componant if it is all that changed unless forced. @@ -4931,13 +4927,13 @@ written to. fails on 64-bit archs * Mon Jan 3 2005 Dan Walsh 1.20.1-1 - Update to latest from NSA - * Merged fixfiles rewrite from Dan Walsh. - * Merged restorecon patch from Dan Walsh. + * Merged fixfiles rewrite from Dan Walsh. + * Merged restorecon patch from Dan Walsh. * Mon Jan 3 2005 Dan Walsh 1.19.3-1 - Update to latest from NSA - * Merged fixfiles and restorecon patches from Dan Walsh. - * Don't display change if only user part changed. + * Merged fixfiles and restorecon patches from Dan Walsh. + * Don't display change if only user part changed. * Mon Jan 3 2005 Dan Walsh 1.19.2-4 - Fix fixfiles handling of rpm @@ -4946,13 +4942,13 @@ written to. fails on 64-bit archs * Wed Dec 29 2004 Dan Walsh 1.19.2-1 - Update to latest from NSA - * Changed restorecon to ignore ENOENT errors from matchpathcon. - * Merged nonls patch from Chris PeBenito. + * Changed restorecon to ignore ENOENT errors from matchpathcon. + * Merged nonls patch from Chris PeBenito. * Mon Dec 20 2004 Dan Walsh 1.19.1-1 - Update to latest from NSA - * Removed fixfiles.cron. - * Merged run_init.8 patch from Dan Walsh. + * Removed fixfiles.cron. + * Merged run_init.8 patch from Dan Walsh. * Thu Nov 18 2004 Dan Walsh 1.18.1-3 - Fix run_init.8 to refer to correct location of initrc_context @@ -4975,9 +4971,9 @@ written to. fails on 64-bit archs * Fri Oct 1 2004 Dan Walsh 1.17.6-1 - Update with NSA - * Added -l option to setfiles to log changes via syslog. - * Merged -e option to setfiles to exclude directories. - * Merged -R option to restorecon for recursive descent. + * Added -l option to setfiles to log changes via syslog. + * Merged -e option to setfiles to exclude directories. + * Merged -R option to restorecon for recursive descent. * Fri Oct 1 2004 Dan Walsh 1.17.5-6 - Add -e (exclude directory) switch to setfiles - Add syslog to setfiles @@ -5003,8 +4999,8 @@ written to. fails on 64-bit archs * Wed Aug 25 2004 Dan Walsh 1.17.3-4 - Add Steve Grub patches for - * Fix fixfiles.cron MAILTO - * Several problems in sestatus + * Fix fixfiles.cron MAILTO + * Several problems in sestatus * Wed Aug 25 2004 Dan Walsh 1.17.3-3 - Add -q (quiet) qualifier to load_policy to not report warnings