|
|
|
@ -1,13 +1,13 @@
|
|
|
|
|
%define libauditver 2.1.3-4
|
|
|
|
|
%define libsepolver 2.1.5-3
|
|
|
|
|
%define libsemanagever 2.1.7-1
|
|
|
|
|
%define libselinuxver 2.1.10-1
|
|
|
|
|
%define sepolgenver 1.1.7
|
|
|
|
|
%define libsepolver 2.1.8-2
|
|
|
|
|
%define libsemanagever 2.1.9-1
|
|
|
|
|
%define libselinuxver 2.1.12-7
|
|
|
|
|
%define sepolgenver 1.1.8
|
|
|
|
|
|
|
|
|
|
Summary: SELinux policy core utilities
|
|
|
|
|
Name: policycoreutils
|
|
|
|
|
Version: 2.1.12
|
|
|
|
|
Release: 5%{?dist}
|
|
|
|
|
Version: 2.1.13
|
|
|
|
|
Release: 60%{?dist}
|
|
|
|
|
License: GPLv2
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
# Based on git repository with tag 20101221
|
|
|
|
@ -19,11 +19,11 @@ Source3: system-config-selinux.desktop
|
|
|
|
|
Source4: system-config-selinux.pam
|
|
|
|
|
Source5: system-config-selinux.console
|
|
|
|
|
Source6: selinux-polgengui.desktop
|
|
|
|
|
Source7: selinux-polgengui.console
|
|
|
|
|
Source8: policycoreutils_man_ru2.tar.bz2
|
|
|
|
|
Source10: restorecond.service
|
|
|
|
|
Patch: policycoreutils-rhat.patch
|
|
|
|
|
Patch4: policycoreutils-sepolgen.patch
|
|
|
|
|
Patch1: policycoreutils-sepolgen.patch
|
|
|
|
|
Patch2: policycoreutils-f19.patch
|
|
|
|
|
Obsoletes: policycoreutils < 2.0.61-2
|
|
|
|
|
Conflicts: filesystem < 3
|
|
|
|
|
Provides: /sbin/fixfiles
|
|
|
|
@ -35,7 +35,7 @@ Provides: /sbin/restorecon
|
|
|
|
|
|
|
|
|
|
BuildRequires: pam-devel libcgroup-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
|
|
|
|
|
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
|
|
|
|
|
BuildRequires: python-devel
|
|
|
|
|
BuildRequires: python-devel setools-devel >= 3.3.7-14
|
|
|
|
|
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
|
|
|
|
|
BuildRequires: systemd-units
|
|
|
|
|
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
|
|
|
|
@ -58,13 +58,13 @@ Control, and Multi-level Security.
|
|
|
|
|
policycoreutils contains the policy core utilities that are required
|
|
|
|
|
for basic operation of a SELinux system. These utilities include
|
|
|
|
|
load_policy to load policies, setfiles to label filesystems, newrole
|
|
|
|
|
to switch roles, and run_init to run /etc/init.d scripts in the proper
|
|
|
|
|
context.
|
|
|
|
|
to switch roles.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%setup -q -a 1
|
|
|
|
|
%patch -p2 -b .rhat
|
|
|
|
|
%patch4 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
|
|
|
|
|
%patch1 -p2 -b .sepolgen -d sepolgen-%{sepolgenver}
|
|
|
|
|
%patch2 -p1 -b .f19
|
|
|
|
|
|
|
|
|
|
%build
|
|
|
|
|
make LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE" LDFLAGS="-pie -Wl,-z,relro" all
|
|
|
|
@ -98,13 +98,16 @@ install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
|
|
|
|
|
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
|
|
|
|
|
install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux
|
|
|
|
|
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
|
|
|
|
|
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
|
|
|
|
|
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
|
|
|
|
|
tar -jxf %{SOURCE8} -C %{buildroot}/
|
|
|
|
|
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
|
|
|
|
|
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
|
|
|
|
|
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
|
|
|
|
|
rm -f %{buildroot}/usr/sbin/open_init_pty
|
|
|
|
|
rm -f %{buildroot}/usr/sbin/run_init
|
|
|
|
|
rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
|
|
|
|
|
rm -f %{buildroot}/usr/share/man/man8/run_init.8*
|
|
|
|
|
rm -f %{buildroot}/etc/pam.d/run_init*
|
|
|
|
|
|
|
|
|
|
ln -sf consolehelper %{buildroot}%{_bindir}/system-config-selinux
|
|
|
|
|
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
|
|
|
|
@ -125,12 +128,9 @@ Group: System Environment/Base
|
|
|
|
|
Requires: policycoreutils = %{version}-%{release}
|
|
|
|
|
Requires: libsemanage-python >= %{libsemanagever} libselinux-python libcgroup
|
|
|
|
|
Requires: audit-libs-python >= %{libauditver}
|
|
|
|
|
Requires: /usr/bin/make
|
|
|
|
|
Requires(pre): python >= 2.6
|
|
|
|
|
Obsoletes: policycoreutils < 2.0.61-2
|
|
|
|
|
Requires: setools-libs-python >= 3.3.7-14
|
|
|
|
|
Requires: python-IPy checkpolicy
|
|
|
|
|
Requires: selinux-policy-devel
|
|
|
|
|
Requires: python-IPy
|
|
|
|
|
|
|
|
|
|
%description python
|
|
|
|
|
The policycoreutils-python package contains the management tools use to manage an SELinux environment.
|
|
|
|
@ -138,35 +138,59 @@ The policycoreutils-python package contains the management tools use to manage a
|
|
|
|
|
%files python
|
|
|
|
|
%defattr(-,root,root,-)
|
|
|
|
|
%{_sbindir}/semanage
|
|
|
|
|
%{_bindir}/audit2allow
|
|
|
|
|
%{_bindir}/audit2why
|
|
|
|
|
%{_bindir}/chcat
|
|
|
|
|
%{_bindir}/sandbox
|
|
|
|
|
%{_bindir}/sepolgen-ifgen
|
|
|
|
|
%{_bindir}/sepolgen-ifgen-attr-helper
|
|
|
|
|
%{_bindir}/sepolicy
|
|
|
|
|
%{python_sitelib}/seobject.py*
|
|
|
|
|
%{python_sitelib}/sepolgen
|
|
|
|
|
%{python_sitelib}/sepolicy
|
|
|
|
|
%{python_sitelib}/%{name}*.egg-info
|
|
|
|
|
%{python_sitelib}/sepolicy*.egg-info
|
|
|
|
|
%{pkgpythondir}
|
|
|
|
|
%dir /var/lib/sepolgen
|
|
|
|
|
%dir /var/lib/selinux
|
|
|
|
|
/var/lib/sepolgen/perm_map
|
|
|
|
|
%{_mandir}/man1/audit2allow.1*
|
|
|
|
|
%{_mandir}/ru/man1/audit2allow.1*
|
|
|
|
|
%{_mandir}/man1/audit2why.1*
|
|
|
|
|
%{_mandir}/man8/chcat.8*
|
|
|
|
|
%{_mandir}/ru/man8/chcat.8*
|
|
|
|
|
%{_mandir}/man8/sandbox.8*
|
|
|
|
|
%{_mandir}/man8/semanage.8*
|
|
|
|
|
%{_mandir}/man8/sepolicy*.8*
|
|
|
|
|
%{_mandir}/ru/man8/semanage.8*
|
|
|
|
|
%dir %{_sysconfdir}/bash_completion.d
|
|
|
|
|
%{_sysconfdir}/bash_completion.d/semanage-bash-completion.sh
|
|
|
|
|
%{_sysconfdir}/bash_completion.d/sepolicy-bash-completion.sh
|
|
|
|
|
%{_sysconfdir}/bash_completion.d/setsebool-bash-completion.sh
|
|
|
|
|
|
|
|
|
|
%post python
|
|
|
|
|
%package devel
|
|
|
|
|
Summary: SELinux policy core policy devel utilities
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
Requires: policycoreutils-python = %{version}-%{release}
|
|
|
|
|
Requires: /usr/bin/make
|
|
|
|
|
Requires: checkpolicy
|
|
|
|
|
Requires: selinux-policy-devel selinux-policy-doc
|
|
|
|
|
|
|
|
|
|
%description devel
|
|
|
|
|
The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment.
|
|
|
|
|
|
|
|
|
|
%files devel
|
|
|
|
|
%defattr(-,root,root,-)
|
|
|
|
|
%{_bindir}/audit2allow
|
|
|
|
|
%{_bindir}/audit2why
|
|
|
|
|
%{_bindir}/sepolgen
|
|
|
|
|
%{_bindir}/sepolgen-ifgen
|
|
|
|
|
%{_bindir}/sepolgen-ifgen-attr-helper
|
|
|
|
|
%dir /var/lib/sepolgen
|
|
|
|
|
/var/lib/sepolgen/perm_map
|
|
|
|
|
%{_mandir}/man1/audit2allow.1*
|
|
|
|
|
%{_mandir}/ru/man1/audit2allow.1*
|
|
|
|
|
|
|
|
|
|
%post devel
|
|
|
|
|
selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
|
|
|
|
|
exit 0
|
|
|
|
|
|
|
|
|
|
%triggerin devel -- selinux-policy-devel
|
|
|
|
|
selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
|
|
|
|
|
exit 0
|
|
|
|
|
|
|
|
|
|
%package sandbox
|
|
|
|
|
Summary: SELinux sandbox utilities
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
@ -188,10 +212,6 @@ The policycoreutils-sandbox package contains the scripts to create graphical san
|
|
|
|
|
%{_mandir}/man8/seunshare.8*
|
|
|
|
|
%{_mandir}/man5/sandbox.5*
|
|
|
|
|
|
|
|
|
|
%triggerin python -- selinux-policy-devel
|
|
|
|
|
selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
|
|
|
|
|
exit 0
|
|
|
|
|
|
|
|
|
|
%package newrole
|
|
|
|
|
Summary: The newrole application for RBAC/MLS
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
@ -211,11 +231,9 @@ or level of a logged in user.
|
|
|
|
|
%package gui
|
|
|
|
|
Summary: SELinux configuration GUI
|
|
|
|
|
Group: System Environment/Base
|
|
|
|
|
Requires: policycoreutils-python = %{version}-%{release}
|
|
|
|
|
Requires: policycoreutils-devel = %{version}-%{release}
|
|
|
|
|
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
|
|
|
|
Requires: usermode-gtk
|
|
|
|
|
Requires: setools-console
|
|
|
|
|
Requires: selinux-policy-doc
|
|
|
|
|
Requires: python >= 2.6
|
|
|
|
|
BuildRequires: desktop-file-utils
|
|
|
|
|
|
|
|
|
@ -226,20 +244,15 @@ system-config-selinux is a utility for managing the SELinux environment
|
|
|
|
|
%defattr(-,root,root)
|
|
|
|
|
%{_bindir}/system-config-selinux
|
|
|
|
|
%{_bindir}/selinux-polgengui
|
|
|
|
|
%{_bindir}/sepolgen
|
|
|
|
|
%{_datadir}/applications/fedora-system-config-selinux.desktop
|
|
|
|
|
%{_datadir}/applications/fedora-selinux-polgengui.desktop
|
|
|
|
|
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
|
|
|
|
|
%{_datadir}/pixmaps/system-config-selinux.png
|
|
|
|
|
%dir %{_datadir}/system-config-selinux
|
|
|
|
|
%dir %{_datadir}/system-config-selinux/templates
|
|
|
|
|
%{_datadir}/system-config-selinux/system-config-selinux.png
|
|
|
|
|
%{_datadir}/system-config-selinux/*.py*
|
|
|
|
|
%{_datadir}/system-config-selinux/selinux.tbl
|
|
|
|
|
%{_datadir}/system-config-selinux/*.glade
|
|
|
|
|
%{_datadir}/system-config-selinux/templates/*.py*
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/pam.d/selinux-polgengui
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
|
|
|
|
|
|
|
|
|
|
%clean
|
|
|
|
@ -255,15 +268,12 @@ rm -rf %{buildroot}
|
|
|
|
|
%{_sbindir}/setsebool
|
|
|
|
|
%{_sbindir}/semodule
|
|
|
|
|
%{_sbindir}/sestatus
|
|
|
|
|
%{_sbindir}/run_init
|
|
|
|
|
%{_sbindir}/restorecon
|
|
|
|
|
%{_bindir}/secon
|
|
|
|
|
%{_bindir}/semodule_deps
|
|
|
|
|
%{_bindir}/semodule_expand
|
|
|
|
|
%{_bindir}/semodule_link
|
|
|
|
|
%{_bindir}/semodule_package
|
|
|
|
|
%{_bindir}/semodule_unpackage
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/pam.d/run_init
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/sestatus.conf
|
|
|
|
|
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
|
|
|
|
|
%{_mandir}/man5/selinux_config.5.gz
|
|
|
|
@ -274,8 +284,6 @@ rm -rf %{buildroot}
|
|
|
|
|
%{_mandir}/ru/man8/load_policy.8*
|
|
|
|
|
%{_mandir}/man8/restorecon.8*
|
|
|
|
|
%{_mandir}/ru/man8/restorecon.8*
|
|
|
|
|
%{_mandir}/man8/run_init.8*
|
|
|
|
|
%{_mandir}/ru/man8/run_init.8*
|
|
|
|
|
%{_mandir}/man8/semodule.8*
|
|
|
|
|
%{_mandir}/ru/man8/semodule.8*
|
|
|
|
|
%{_mandir}/man8/semodule_deps.8*
|
|
|
|
@ -317,21 +325,13 @@ The policycoreutils-restorecond package contains the restorecond service.
|
|
|
|
|
%{_mandir}/ru/man8/restorecond.8*
|
|
|
|
|
|
|
|
|
|
%post restorecond
|
|
|
|
|
if [ $1 -eq 1 ] ; then
|
|
|
|
|
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
|
|
fi
|
|
|
|
|
%systemd_post restorecond.service
|
|
|
|
|
|
|
|
|
|
%preun restorecond
|
|
|
|
|
if [ $1 = 0 ]; then
|
|
|
|
|
/usr/bin/systemctl --no-reload restorecond.service > /dev/null 2>&1 || :
|
|
|
|
|
/usr/bin/systemctl stop restorecond.service > /dev/null 2>&1 || :
|
|
|
|
|
fi
|
|
|
|
|
%systemd_preun restorecond.service
|
|
|
|
|
|
|
|
|
|
%postun restorecond
|
|
|
|
|
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
|
|
if [ $1 -ge 1 ] ; then
|
|
|
|
|
/usr/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
|
|
|
|
fi
|
|
|
|
|
%systemd_postun_with_restart restorecond.service
|
|
|
|
|
|
|
|
|
|
%triggerun -- restorecond < 2.0.86-13
|
|
|
|
|
%{_bindir}/systemd-sysv-convert --save restorecond >/dev/null 2>&1 ||:
|
|
|
|
@ -340,6 +340,293 @@ fi
|
|
|
|
|
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
|
* Tue Apr 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-60
|
|
|
|
|
- Add FILENAME support to sepolgen
|
|
|
|
|
- Add back support for '<<none>>' in semanage fcontext.
|
|
|
|
|
|
|
|
|
|
* Mon Mar 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-59
|
|
|
|
|
- Can not unshare IPC in sandbox, since it blows up Xephyr
|
|
|
|
|
- Remove bogus error message sandbox about reseting setfsuid
|
|
|
|
|
- Allow sandbox to mount on symboliclinked homedirs
|
|
|
|
|
|
|
|
|
|
* Tue Mar 19 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-58
|
|
|
|
|
- Fix handling of semanage boolean missing booleans
|
|
|
|
|
- Back more sepolicy fixes from Rawhide
|
|
|
|
|
|
|
|
|
|
* Fri Feb 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-57
|
|
|
|
|
- Back more sepolicy fixes from Rawhide
|
|
|
|
|
|
|
|
|
|
* Fri Feb 8 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-56
|
|
|
|
|
- Back port lots of fixes from Rawhide
|
|
|
|
|
* Cleanup python problems
|
|
|
|
|
* setfiles: estimate percent progress
|
|
|
|
|
* sandbox: use sepolicy to look for sandbox_t
|
|
|
|
|
* gui: switch to use sepolicy
|
|
|
|
|
* gui: sepolgen: use sepolicy to generate
|
|
|
|
|
* semanage: use sepolicy for boolean dictionary
|
|
|
|
|
* semanage: seobject verify policy types before allowing you to assign them.
|
|
|
|
|
* semanage: good error message is sepolgen python module missing
|
|
|
|
|
* restorecond: remove /etc/mtab from default list
|
|
|
|
|
* restorecond: Add /etc/udpatedb.conf to restorecond.conf
|
|
|
|
|
* sandbox: seunshare: do not reassign realloc value
|
|
|
|
|
* seunshare: do checking on setfsuid
|
|
|
|
|
|
|
|
|
|
* Tue Jan 15 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-55
|
|
|
|
|
- Update Translations
|
|
|
|
|
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
|
|
|
|
|
- This fixes the spec file and script file getting wrong names for modules and types.
|
|
|
|
|
|
|
|
|
|
* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-54
|
|
|
|
|
- Additional patch from Miroslav to handle role attributes
|
|
|
|
|
|
|
|
|
|
* Wed Jan 9 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-53
|
|
|
|
|
- Update with Miroslav patch to handle role attributes
|
|
|
|
|
- Update Translations
|
|
|
|
|
- import sepolicy will only throw exception on missing policy iff selinux is enabled
|
|
|
|
|
|
|
|
|
|
* Sat Jan 5 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-52
|
|
|
|
|
- Update to latest patches from eparis/Upstream
|
|
|
|
|
- secon: add support for setrans color information in prompt output
|
|
|
|
|
- Update translations
|
|
|
|
|
|
|
|
|
|
* Fri Jan 4 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-51
|
|
|
|
|
- Update translations
|
|
|
|
|
- Fix sepolicy booleans to handle autogenerated booleans descriptions
|
|
|
|
|
- Cleanups of sepolicy manpage
|
|
|
|
|
- Fix crash on git_shell man page generation
|
|
|
|
|
|
|
|
|
|
* Thu Jan 3 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-50
|
|
|
|
|
- Update translations
|
|
|
|
|
- update sepolicy manpage to generate fcontext equivalence data and to list
|
|
|
|
|
default file context paths.
|
|
|
|
|
- Add ability to generate policy for confined admins and domains like puppet.
|
|
|
|
|
|
|
|
|
|
* Thu Dec 20 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-49
|
|
|
|
|
- Fix semanage permissive , this time with the patch.
|
|
|
|
|
- Update translations
|
|
|
|
|
|
|
|
|
|
* Wed Dec 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-48
|
|
|
|
|
- Fix semanage permissive
|
|
|
|
|
- Change to use correct gtk forward button
|
|
|
|
|
- Update po
|
|
|
|
|
|
|
|
|
|
* Mon Dec 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-47
|
|
|
|
|
- Move audit2why to -devel package
|
|
|
|
|
|
|
|
|
|
* Mon Dec 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-46
|
|
|
|
|
- sepolicy transition was blowing up. Also cleanup output when only source is specified.
|
|
|
|
|
- sepolicy generate should allow policy modules names that include - or _
|
|
|
|
|
|
|
|
|
|
* Mon Dec 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-45
|
|
|
|
|
- Apply patch from Miroslav to display proper range description in man pages g
|
|
|
|
|
- Should print warning on missing default label when run in recusive mode iff
|
|
|
|
|
- Remove extra -R description, and fix recursive description
|
|
|
|
|
|
|
|
|
|
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-44
|
|
|
|
|
- Additional fixes for disabled SELinux Box
|
|
|
|
|
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
|
|
|
|
|
|
|
|
|
|
* Thu Dec 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-43
|
|
|
|
|
- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
|
|
|
|
|
|
|
|
|
|
* Wed Dec 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-42
|
|
|
|
|
- Update Translations
|
|
|
|
|
- sepolicy network -d needs to accept multiple domains
|
|
|
|
|
|
|
|
|
|
* Fri Nov 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-41
|
|
|
|
|
- Add --path as a parameter to sepolicy generate
|
|
|
|
|
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
|
|
|
|
|
- Fix sepolicy generate -T to not take an argument, and supress the help message
|
|
|
|
|
- Since this is really just a testing tool
|
|
|
|
|
|
|
|
|
|
* Fri Nov 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-40
|
|
|
|
|
- Fix sepolicy communicate to handle invalid input
|
|
|
|
|
|
|
|
|
|
* Thu Nov 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-39
|
|
|
|
|
- Fix sepolicy network -p to handle high ports
|
|
|
|
|
|
|
|
|
|
* Thu Nov 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-38
|
|
|
|
|
- Fix handling of manpages without entrypoints, nsswitch domains
|
|
|
|
|
- Update Translations
|
|
|
|
|
|
|
|
|
|
* Wed Nov 28 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-37
|
|
|
|
|
- Move sepogen python bindings back into policycoreutils-python out of -devel, since sepolicy is using the
|
|
|
|
|
|
|
|
|
|
* Tue Nov 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-36
|
|
|
|
|
- Fix sepolicy/__init__.py to handle _()
|
|
|
|
|
|
|
|
|
|
* Wed Nov 21 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-35
|
|
|
|
|
- Add Miroslav Grepl patch to create etc_rw_t sock files policy
|
|
|
|
|
|
|
|
|
|
* Fri Nov 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-34
|
|
|
|
|
- Fix semanage to work without policycoreutils-devel installed
|
|
|
|
|
- Update translations
|
|
|
|
|
|
|
|
|
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-33
|
|
|
|
|
- Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
|
|
|
|
|
|
|
|
|
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-32
|
|
|
|
|
- Fix booleansPage not showing booleans
|
|
|
|
|
- Fix audit2allow -b
|
|
|
|
|
|
|
|
|
|
* Tue Nov 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-31
|
|
|
|
|
- Fix sepolicy booleans again
|
|
|
|
|
- Fix man page
|
|
|
|
|
|
|
|
|
|
* Mon Nov 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-30
|
|
|
|
|
- Move policy generation tools into policycoreutils-devel
|
|
|
|
|
|
|
|
|
|
* Mon Nov 12 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-29
|
|
|
|
|
- Document and fix sepolicy booleans
|
|
|
|
|
- Update Translations
|
|
|
|
|
- Fix several spelling mistakes
|
|
|
|
|
|
|
|
|
|
* Wed Nov 7 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-27
|
|
|
|
|
- Only report restorecon warning for missing default label, if not running
|
|
|
|
|
recusively
|
|
|
|
|
- Update translations
|
|
|
|
|
|
|
|
|
|
* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-26
|
|
|
|
|
- Fix semanage booleans -l, move more boolean_dict handling into sepolicy
|
|
|
|
|
- Update translations
|
|
|
|
|
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
|
|
|
|
|
- Fix kill function call should indicate signal_perms not kill capability
|
|
|
|
|
- Error out cleanly in system-config-selinux, if it can not contact XServer
|
|
|
|
|
|
|
|
|
|
* Mon Nov 5 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-25
|
|
|
|
|
- Remove run_init, no longer needed with systemd.
|
|
|
|
|
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
|
|
|
|
|
|
|
|
|
|
* Sat Nov 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-24
|
|
|
|
|
- Fix manpage to generate proper man pages for alternate policy,
|
|
|
|
|
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
|
|
|
|
|
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
|
|
|
|
|
|
|
|
|
|
* Thu Nov 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-23
|
|
|
|
|
- Fix some build problems in sepolicy manpage and sepolicy transition
|
|
|
|
|
|
|
|
|
|
* Tue Oct 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-22
|
|
|
|
|
- Add alias man pages to sepolicy manpage
|
|
|
|
|
|
|
|
|
|
* Mon Oct 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-21
|
|
|
|
|
- Redesign sepolicy to only read the policy file once, not for every call
|
|
|
|
|
|
|
|
|
|
* Mon Oct 29 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-20
|
|
|
|
|
- Fixes to sepolicy transition, allow it to list all transitions from a domain
|
|
|
|
|
|
|
|
|
|
* Sat Oct 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-19
|
|
|
|
|
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
|
|
|
|
|
|
|
|
|
|
* Fri Oct 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
|
|
|
|
|
- Allow sepolicy to specify the policy to generate content from
|
|
|
|
|
|
|
|
|
|
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-17
|
|
|
|
|
- Fix semanage boolean -F to handle boolean subs
|
|
|
|
|
|
|
|
|
|
* Thu Oct 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-16
|
|
|
|
|
- Add Miroslav Grepl patch to generate html man pages
|
|
|
|
|
- Update Translations
|
|
|
|
|
- Add option to sandbox to shred files before deleting
|
|
|
|
|
|
|
|
|
|
* Mon Oct 22 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-15
|
|
|
|
|
- Add Requires(post) PKGNAME to sepolicy generate /usr/bin/pkg
|
|
|
|
|
|
|
|
|
|
* Fri Oct 19 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-14
|
|
|
|
|
- Add role_allow to sepolicy.search python bindings, this allows us to remove last requirement for setools-cmdline in gui tools.
|
|
|
|
|
- Fix man page generator.
|
|
|
|
|
|
|
|
|
|
* Wed Oct 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-13
|
|
|
|
|
- Remove dwalsh@redhat.com from man pages
|
|
|
|
|
- Fix spec file for sepolicy generate
|
|
|
|
|
|
|
|
|
|
* Wed Oct 17 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-12
|
|
|
|
|
- Add missing spec.py from templates directory needed for sepolicy generate
|
|
|
|
|
- Add /var/tmp as collection point for sandbox apps.
|
|
|
|
|
|
|
|
|
|
* Tue Oct 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-11
|
|
|
|
|
- Handle audit2allow -b in foreign locales
|
|
|
|
|
|
|
|
|
|
* Tue Oct 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-10
|
|
|
|
|
- Update sepolicy generate with patch to create spec file and man page.
|
|
|
|
|
- Patch initiated by Miroslav Grepl
|
|
|
|
|
|
|
|
|
|
* Wed Oct 10 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-9
|
|
|
|
|
- Fix semanage to verify that types are appropriate for commands.
|
|
|
|
|
* Patch initiated by mgrepl
|
|
|
|
|
* Fixes problem of specifying non file_types for fcontext, or not port_types for semanage port
|
|
|
|
|
|
|
|
|
|
* Tue Oct 9 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-8
|
|
|
|
|
- Fix typo in preunstall line for restorecond
|
|
|
|
|
- Add mgrepl patch to consolidate file context generated by sepolicy generate
|
|
|
|
|
|
|
|
|
|
* Mon Oct 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-7
|
|
|
|
|
- Fix manpage generation, missing import
|
|
|
|
|
- Add equiv_dict to get samba booleans into smbd_selinux
|
|
|
|
|
- Add proper translations for booleans and remove selinux.tbl
|
|
|
|
|
|
|
|
|
|
* Sat Oct 6 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-6
|
|
|
|
|
- Fix system-config-selinux to use sepolicy.generate instead of sepolgen
|
|
|
|
|
|
|
|
|
|
* Thu Oct 4 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-5
|
|
|
|
|
- Add sepolicy commands, and change tools to use them.
|
|
|
|
|
|
|
|
|
|
* Tue Sep 25 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-4
|
|
|
|
|
- Rebuild without bogus prebuild 64 bit seunshare app
|
|
|
|
|
|
|
|
|
|
* Sun Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-3
|
|
|
|
|
- Allow fixfiles to specify -v, so they can get verbosity rather then progress.
|
|
|
|
|
- Fix load_file Makefile to use SBINDIR rather then real OS.
|
|
|
|
|
- Fix man pages in setfiles and restorecon to reflect what happens when you relabel the entire OS.
|
|
|
|
|
|
|
|
|
|
* Sun Sep 16 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-2
|
|
|
|
|
- Use systemd post install scriptlets
|
|
|
|
|
|
|
|
|
|
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
|
|
|
|
|
- Update to upstream
|
|
|
|
|
* genhomedircon: manual page improvements
|
|
|
|
|
* setfiles/restorecon minor improvements
|
|
|
|
|
* run_init: If open_init_pty is not available then just use exec
|
|
|
|
|
* newrole: do not drop capabilities when newrole is run as
|
|
|
|
|
* restorecon: only update type by default
|
|
|
|
|
* scripts: Don't syslog setfiles changes on a fixfiles restore
|
|
|
|
|
* setfiles: do not syslog if no changes
|
|
|
|
|
* Disable user restorecond by default
|
|
|
|
|
* Make restorecon return 0 when a file has changed context
|
|
|
|
|
* setfiles: Fix process_glob error handling
|
|
|
|
|
* semanage: allow enable/disable under -m
|
|
|
|
|
* add .tx to gitignore
|
|
|
|
|
* translations: commit translations from Fedora community
|
|
|
|
|
* po: silence build process
|
|
|
|
|
* gui: Checking in policy to support polgengui and sepolgen.
|
|
|
|
|
* gui: polgen: search for systemd subpackage when generating policy
|
|
|
|
|
* gui: for exploring booleans
|
|
|
|
|
* gui: system-config-selinux gui
|
|
|
|
|
* Add Makefiles to support new gui code
|
|
|
|
|
* gui: remove lockdown wizard
|
|
|
|
|
* return equivalency records in fcontext customized
|
|
|
|
|
* semanage: option to not load new policy into kernel after
|
|
|
|
|
* sandbox: manpage update to describe standard types
|
|
|
|
|
* setsebool: -N should not reload policy on changes
|
|
|
|
|
* semodule: Add -N qualifier to no reload kernel policy
|
|
|
|
|
* gui: polgen: sort selinux types of user controls
|
|
|
|
|
* gui: polgen: follow symlinks and get the real path to
|
|
|
|
|
* gui: Fix missing error function
|
|
|
|
|
* setfiles: return errors when bad paths are given
|
|
|
|
|
* fixfiles: tell restorecon to ignore missing paths
|
|
|
|
|
* setsebool: error when setting multiple options
|
|
|
|
|
* semanage: use boolean subs.
|
|
|
|
|
* sandbox: Make sure Xephyr never listens on tcp ports
|
|
|
|
|
* sepolgen: return and output constraint violation information
|
|
|
|
|
* semanage: skip comments while reading external configuration files
|
|
|
|
|
* restorecond: relabel all mount runtime files in the restorecond example
|
|
|
|
|
* genhomedircon: dynamically create genhomedircon
|
|
|
|
|
* Allow returning of bastard matches
|
|
|
|
|
* sepolgen: return and output constraint violation information
|
|
|
|
|
* audit2allow: one role/type pair per line
|
|
|
|
|
|
|
|
|
|
* Wed Aug 8 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-6
|
|
|
|
|
- Change polgen to generate dbus apps as optional so they can compile on minimal policy system, patch from Miroslav Grepl
|
|
|
|
|
|
|
|
|
|
* Fri Jul 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-5
|
|
|
|
|
- Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly
|
|
|
|
|
|
|
|
|
@ -395,13 +682,13 @@ fi
|
|
|
|
|
* Thu May 3 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-11
|
|
|
|
|
- add some definition to the standard types available for sandboxes
|
|
|
|
|
|
|
|
|
|
* Mon May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
|
|
|
|
|
* Tue May 1 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-10
|
|
|
|
|
- Remove lockdown wizard
|
|
|
|
|
|
|
|
|
|
* Mon Apr 30 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-9
|
|
|
|
|
- Fix semanage fcontext -E to extract the equivalance customizations.
|
|
|
|
|
|
|
|
|
|
* Tue Apr 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-8
|
|
|
|
|
* Thu Apr 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-8
|
|
|
|
|
- Add mgrepl patch to have sepolgen search for -systemd rpm packages
|
|
|
|
|
|
|
|
|
|
* Tue Apr 24 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-7
|
|
|
|
@ -495,7 +782,7 @@ just *s.
|
|
|
|
|
- Stop syslogging on full restore
|
|
|
|
|
- Stop syslogging when restorecon is not changing values
|
|
|
|
|
|
|
|
|
|
* Fri Jan 26 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
|
|
|
|
|
* Fri Jan 27 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.10-17
|
|
|
|
|
- Change semanage to produce proper audit records for Common Criteria
|
|
|
|
|
- Cleanup packaging for usrmove
|
|
|
|
|
|
|
|
|
@ -955,7 +1242,7 @@ the bounding set will be dropped.
|
|
|
|
|
* Wed Feb 2 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-9
|
|
|
|
|
- Report full errors on OSError on Sandbox
|
|
|
|
|
|
|
|
|
|
* Wed Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8
|
|
|
|
|
* Fri Jan 21 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-8
|
|
|
|
|
- Fix newrole hanlding of pcap
|
|
|
|
|
|
|
|
|
|
* Wed Jan 19 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-7
|
|
|
|
@ -1361,7 +1648,7 @@ Resolves: 555835
|
|
|
|
|
* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
|
|
|
|
|
- Fix sandbox to setsid so it can run under mozilla without crashing the session
|
|
|
|
|
|
|
|
|
|
* Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
|
|
|
|
|
* Mon Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
|
|
|
|
|
- Update to upstream
|
|
|
|
|
* Factor out restoring logic from setfiles.c into restore.c
|
|
|
|
|
|
|
|
|
@ -1388,7 +1675,7 @@ Resolves: 555835
|
|
|
|
|
- Move fixfiles man pages into the correct package
|
|
|
|
|
- Add genhomedircon to fixfiles restore
|
|
|
|
|
|
|
|
|
|
* Thu Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
|
|
|
|
|
* Tue Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
|
|
|
|
|
- Add check to sandbox to verify save changes - Chris Pardy
|
|
|
|
|
- Fix memory leak in restorecond - Steve Grubb
|
|
|
|
|
|
|
|
|
@ -1504,7 +1791,7 @@ Resolves: 555835
|
|
|
|
|
* Fix typo in fixfiles that prevented it from relabeling btrfs
|
|
|
|
|
filesystems from Dan Walsh.
|
|
|
|
|
|
|
|
|
|
* Sun Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
|
|
|
|
|
* Wed Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
|
|
|
|
|
- Fix location of man pages
|
|
|
|
|
- Update to upstream
|
|
|
|
|
* Modify setfiles to exclude mounts without seclabel option in
|
|
|
|
@ -1677,14 +1964,14 @@ Resolves: 555835
|
|
|
|
|
* Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-8
|
|
|
|
|
- Fix typo in man page
|
|
|
|
|
|
|
|
|
|
* Mon Oct 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-7
|
|
|
|
|
* Tue Oct 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-7
|
|
|
|
|
- Handle selinux disabled correctly
|
|
|
|
|
- Handle manipulation of fcontext file correctly
|
|
|
|
|
|
|
|
|
|
* Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-6
|
|
|
|
|
- Add usermode-gtk requires
|
|
|
|
|
|
|
|
|
|
* Tue Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-5
|
|
|
|
|
* Thu Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-5
|
|
|
|
|
- Allow addition of local modifications of fcontext policy.
|
|
|
|
|
|
|
|
|
|
* Mon Oct 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-4
|
|
|
|
@ -1921,7 +2208,7 @@ Resolves: 555835
|
|
|
|
|
- Update to upstream
|
|
|
|
|
* Merged support for non-interactive newrole command invocation from Tim Reed.
|
|
|
|
|
|
|
|
|
|
* Thu Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-8
|
|
|
|
|
* Thu Jan 10 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-8
|
|
|
|
|
- Change to use selinux bindings to audit2why
|
|
|
|
|
|
|
|
|
|
* Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-7
|
|
|
|
@ -2087,7 +2374,7 @@ Resolves: 555835
|
|
|
|
|
* Fri Sep 14 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-14
|
|
|
|
|
- Fix calls to _admin interfaces
|
|
|
|
|
|
|
|
|
|
* Tue Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-13
|
|
|
|
|
* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-13
|
|
|
|
|
- Upgrade version of sepolgen from NSA
|
|
|
|
|
* Expand the sepolgen parser to parse all current refpolicy modules from Karl MacMillan.
|
|
|
|
|
* Suppress generation of rules for non-denials from Karl MacMillan (take 3).
|
|
|
|
@ -2165,10 +2452,10 @@ Resolves: 555835
|
|
|
|
|
* Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-6
|
|
|
|
|
- Clean up spec file
|
|
|
|
|
|
|
|
|
|
* Thu Jul 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-5
|
|
|
|
|
* Fri Jul 13 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-5
|
|
|
|
|
- Require newer libselinux version
|
|
|
|
|
|
|
|
|
|
* Fri Jul 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-4
|
|
|
|
|
* Sat Jul 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-4
|
|
|
|
|
- Fix checking for conflicting directory specification in genhomedircon
|
|
|
|
|
|
|
|
|
|
* Mon Jun 25 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-3
|
|
|
|
@ -2207,13 +2494,13 @@ Resolves: 555835
|
|
|
|
|
* Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-2
|
|
|
|
|
- Fix genhomedircon to work in stage2 builds of anaconda
|
|
|
|
|
|
|
|
|
|
* Fri May 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
|
|
|
|
|
* Sat May 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
|
|
|
|
|
- Update to match NSA
|
|
|
|
|
|
|
|
|
|
* Thu May 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-2
|
|
|
|
|
- Fixes for polgentool templates file
|
|
|
|
|
|
|
|
|
|
* Tue May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
|
|
|
|
|
* Fri May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
|
|
|
|
|
- Updated version of policycoreutils
|
|
|
|
|
* Merged support for modifying the prefix via semanage from Dan Walsh.
|
|
|
|
|
- Fixed genhomedircon to find homedirs correctly.
|
|
|
|
@ -2258,7 +2545,7 @@ Resolves: 555835
|
|
|
|
|
* Wed Apr 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-6
|
|
|
|
|
- Change polgengui to a druid
|
|
|
|
|
|
|
|
|
|
* Tue Apr 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-5
|
|
|
|
|
* Tue Apr 17 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-5
|
|
|
|
|
- Fully path script.py
|
|
|
|
|
|
|
|
|
|
* Mon Apr 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-4
|
|
|
|
@ -2558,10 +2845,10 @@ Resolves: #208838
|
|
|
|
|
* Thu Nov 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-3
|
|
|
|
|
- No longer requires rhpl
|
|
|
|
|
|
|
|
|
|
* Fri Nov 6 2006 Dan Walsh <dwalsh@redhat.com> 1.32-2
|
|
|
|
|
* Mon Nov 6 2006 Dan Walsh <dwalsh@redhat.com> 1.32-2
|
|
|
|
|
- Fix genhomedircon man page
|
|
|
|
|
|
|
|
|
|
* Fri Oct 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-1
|
|
|
|
|
* Mon Oct 9 2006 Dan Walsh <dwalsh@redhat.com> 1.32-1
|
|
|
|
|
- Add newrole audit patch from sgrubb
|
|
|
|
|
- Update to upstream
|
|
|
|
|
* Merged audit2allow -l fix from Yuichi Nakamura.
|
|
|
|
@ -2577,15 +2864,15 @@ Resolves: #208838
|
|
|
|
|
* Merged newrole auditing of failures due to user actions from
|
|
|
|
|
Michael Thompson.
|
|
|
|
|
|
|
|
|
|
* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-6
|
|
|
|
|
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-6
|
|
|
|
|
- Pass -i qualifier to restorecon for fixfiles -R
|
|
|
|
|
- Update translations
|
|
|
|
|
|
|
|
|
|
* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
|
|
|
|
|
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-5
|
|
|
|
|
- Remove recursion from fixfiles -R calls
|
|
|
|
|
- Fix semanage to verify prefix
|
|
|
|
|
|
|
|
|
|
* Tue Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
|
|
|
|
|
* Thu Sep 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.29-4
|
|
|
|
|
- More translations
|
|
|
|
|
- Compile with -pie
|
|
|
|
|
|
|
|
|
@ -2769,7 +3056,7 @@ Resolves: #208838
|
|
|
|
|
- secon change from level => sensitivity, add clearance.
|
|
|
|
|
- Add mass relabel AUDIT patch, but disable it until kernel problem solved.
|
|
|
|
|
|
|
|
|
|
* Tue May 24 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-1
|
|
|
|
|
* Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-1
|
|
|
|
|
- Update to upstream
|
|
|
|
|
* Merged patch with updates to audit2allow, secon, genhomedircon,
|
|
|
|
|
and semanage from Dan Walsh.
|
|
|
|
@ -2883,7 +3170,7 @@ Resolves: #208838
|
|
|
|
|
* Fri Mar 3 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-4
|
|
|
|
|
- Minor fixes to chcat and semanage
|
|
|
|
|
|
|
|
|
|
* Sat Feb 24 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-3
|
|
|
|
|
* Fri Feb 24 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-3
|
|
|
|
|
- Add missing setsebool man page
|
|
|
|
|
|
|
|
|
|
* Thu Feb 23 2006 Dan Walsh <dwalsh@redhat.com> 1.29.26-2
|
|
|
|
@ -2983,7 +3270,7 @@ Resolves: #208838
|
|
|
|
|
* Merged semanage fixes from Russell Coker.
|
|
|
|
|
* Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
|
|
|
|
|
|
|
|
|
|
* Tue Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-4
|
|
|
|
|
* Tue Jan 17 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-4
|
|
|
|
|
- Update chcat to manage user categories also
|
|
|
|
|
|
|
|
|
|
* Sat Jan 14 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-3
|
|
|
|
@ -3221,7 +3508,7 @@ Resolves: #208838
|
|
|
|
|
Updated audit2why for relocated policydb internal headers,
|
|
|
|
|
still needs to be converted to a shared lib interface.
|
|
|
|
|
|
|
|
|
|
* Fri Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-3
|
|
|
|
|
* Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.5-3
|
|
|
|
|
- Update newrole pam file to remove pam-stack
|
|
|
|
|
- Update run_init pam file to remove pam-stack
|
|
|
|
|
|
|
|
|
@ -3413,14 +3700,14 @@ Resolves: #208838
|
|
|
|
|
* Mon Feb 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-3
|
|
|
|
|
- Fix genhomedircon to add extr "\n"
|
|
|
|
|
|
|
|
|
|
* Fri Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-2
|
|
|
|
|
* Fri Feb 25 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-2
|
|
|
|
|
- Fix genhomedircon to handle blank users
|
|
|
|
|
|
|
|
|
|
* Fri Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-1
|
|
|
|
|
* Fri Feb 25 2005 Dan Walsh <dwalsh@redhat.com> 1.21.20-1
|
|
|
|
|
- Update to latest from NSA
|
|
|
|
|
- Add call to libsepol
|
|
|
|
|
|
|
|
|
|
* Thu Feb 23 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-4
|
|
|
|
|
* Thu Feb 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.19-4
|
|
|
|
|
- Fix genhomedircon to handle root
|
|
|
|
|
- Fix fixfiles to better handle file system types
|
|
|
|
|
|
|
|
|
@ -3532,10 +3819,10 @@ written to. fails on 64-bit archs
|
|
|
|
|
- Upgrade to latest from NSA
|
|
|
|
|
* Merged fixfiles patch for file_contexts.local from Dan Walsh.
|
|
|
|
|
|
|
|
|
|
* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-2
|
|
|
|
|
* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-2
|
|
|
|
|
- Temp file needs to be created in /etc/selinux/POLICYTYPE/contexts/files/ directory.
|
|
|
|
|
|
|
|
|
|
* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-1
|
|
|
|
|
* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.3-1
|
|
|
|
|
- Upgrade to latest from NSA
|
|
|
|
|
* Fixed restorecon to not treat errors from is_context_customizable()
|
|
|
|
|
as a customizable context.
|
|
|
|
@ -3544,7 +3831,7 @@ written to. fails on 64-bit archs
|
|
|
|
|
* Merged open_init_pty helper for run_init from Manoj Srivastava.
|
|
|
|
|
* Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
|
|
|
|
|
|
|
|
|
|
* Fri Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
|
|
|
|
|
* Fri Jan 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
|
|
|
|
|
- Don't change user componant if it is all that changed unless forced.
|
|
|
|
|
- Change fixfiles to concatinate file_context.local for setfiles
|
|
|
|
|
|
|
|
|
@ -3569,7 +3856,7 @@ written to. fails on 64-bit archs
|
|
|
|
|
- Fix restorecon to not warn on symlinks unless -v -v
|
|
|
|
|
- Fix output of verbose to show old context as well as new context
|
|
|
|
|
|
|
|
|
|
* Mon Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
|
|
|
|
|
* Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
|
|
|
|
|
- Update to latest from NSA
|
|
|
|
|
* Changed restorecon to ignore ENOENT errors from matchpathcon.
|
|
|
|
|
* Merged nonls patch from Chris PeBenito.
|
|
|
|
@ -3616,22 +3903,22 @@ written to. fails on 64-bit archs
|
|
|
|
|
* Tue Sep 21 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-3
|
|
|
|
|
- Only display to stdout if logfile not specified
|
|
|
|
|
|
|
|
|
|
* Mon Sep 9 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-2
|
|
|
|
|
* Thu Sep 9 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-2
|
|
|
|
|
- Add Steve Grubb patch to cleanup log files.
|
|
|
|
|
|
|
|
|
|
* Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-1
|
|
|
|
|
- Add optargs
|
|
|
|
|
- Update to match NSA
|
|
|
|
|
|
|
|
|
|
* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
|
|
|
|
|
* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
|
|
|
|
|
- Add fix to get cdrom info from /proc/media in fixfiles.
|
|
|
|
|
|
|
|
|
|
* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-4
|
|
|
|
|
* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-4
|
|
|
|
|
- Add Steve Grub patches for
|
|
|
|
|
* Fix fixfiles.cron MAILTO
|
|
|
|
|
* Several problems in sestatus
|
|
|
|
|
|
|
|
|
|
* Wed Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-3
|
|
|
|
|
* Wed Aug 25 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-3
|
|
|
|
|
- Add -q (quiet) qualifier to load_policy to not report warnings
|
|
|
|
|
|
|
|
|
|
* Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-2
|
|
|
|
@ -3730,7 +4017,7 @@ written to. fails on 64-bit archs
|
|
|
|
|
- have restorecon ingnore <<none>>
|
|
|
|
|
- Hand matchpathcon the file status
|
|
|
|
|
|
|
|
|
|
* Thu May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
|
|
|
|
|
* Thu May 13 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
|
|
|
|
|
- Update to match NSA
|
|
|
|
|
|
|
|
|
|
* Mon May 10 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
|
|
|
|
@ -3790,13 +4077,13 @@ written to. fails on 64-bit archs
|
|
|
|
|
- Remove setfiles-assoc patch
|
|
|
|
|
- Fix restorecon to not crash on missing dir
|
|
|
|
|
|
|
|
|
|
* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-11
|
|
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-11
|
|
|
|
|
- Eliminate trailing / in restorecon
|
|
|
|
|
|
|
|
|
|
* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-10
|
|
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-10
|
|
|
|
|
- Add Verbosity check
|
|
|
|
|
|
|
|
|
|
* Thu Mar 17 2004 Dan Walsh <dwalsh@redhat.com> 1.9-9
|
|
|
|
|
* Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.9-9
|
|
|
|
|
- Change restorecon to not follow symlinks. It is too difficult and confusing
|
|
|
|
|
- to figure out the file context for the file pointed to by a symlink.
|
|
|
|
|
|
|
|
|
|