- Tue Nov 16 2010 Miroslav Grepl <mgrepl@redhat.com> - 1.33.4-5.7
- Removed fini_context_translations() altogether.
Resolves: #537040 - Tue Jul 20 2010 Miroslav Grepl <mgrepl@redhat.com> - 1.33.4-5.6
- Add
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
Resolves:#582612 - Fri Mar 6 2009 Dan Walsh <dwalsh@redhat.com> - 1.33.4-5.5
- Fix man pages
Resolves: #294681
- matchpathcon output <> on ENOENT
Resolves: #465935 - Sat Feb 7 2009 Dan Walsh <dwalsh@redhat.com> - 1.33.4-5.4
- Fix fsetfilecon_raw hidden call
Resolves: #479201 - Sat Feb 7 2009 Dan Walsh <dwalsh@redhat.com> - 1.33.4-5.3
- Fix ruby bindings, remove avc.h
Resolves: #479201 - Tue Jan 27 2009 Dan Walsh <dwalsh@redhat.com> - 1.33.4-5.2
- Add ruby bindings
Resolves: #479201 - Wed Sep 17 2008 Dan Walsh <dwalsh@redhat.com> - 1.33.4-5.1
- Break out utilities into separate package so rpm -V libselinux will work
- Stop writing to stderr when matchpathcon has an error
Resolves: #190314 - Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.4-5
- Fix swig implementation
- Add nscd flask definitions.
Resolves: #247814 - Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.4-4
- Rever get_default_context_with_level patch. Problem was in mcstrans
Resolves: #224637 - Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.4-3
- Fix python selinux module segfault in getfilecon
- Fix get_default_context_with_level
Resolves: #224637 - Fri Jan 12 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.4-2
- Add reference to selinux man page in all man pages to make apropos work
Resolves: # 217881 - Thu Jan 11 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.4-1
- Upstream wanted some minor changes, upgrading to keep api the same
- Upgrade to upstream
* Merged selinux_check_securetty_context() and support from Dan Walsh.
Resolves: #200110 - Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-3
- Cleanup patch
- Fri Jan 5 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-2
- Add securetty handling
Resolves: #200110 - Thu Jan 4 2007 Dan Walsh <dwalsh@redhat.com> - 1.33.3-1
- Upgrade to upstream
* Merged patch for matchpathcon utility to use file mode information
when available from Dan Walsh. - Thu Dec 7 2006 Jeremy Katz <katzj@redhat.com> - 1.33.2-4
- rebuild against python 2.5
- Wed Dec 6 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.2-3
- Fix matchpathcon to lstat files
- Thu Nov 30 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.2-2
- Update man page
- Tue Nov 14 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.2-1
- Upgrade to upstream
- Fri Nov 3 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-2
- Add James Antill patch for login verification of MLS Levels
- MLS ragnes need to be checked, Eg. login/cron. This patch adds infrastructure. - Tue Oct 24 2006 Dan Walsh <dwalsh@redhat.com> - 1.33.1-1
- Upgrade to latest from NSA
* Merged updated flask definitions from Darrel Goeddel.
This adds the context security class, and also adds
the string definitions for setsockcreate and polmatch. - Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.32-1
- Upgrade to latest from NSA
* Updated version for release. - Sun Oct 1 2006 Jesse Keating <jkeating@redhat.com> - 1.30.29-2
- rebuilt for unwind info generation, broken in gcc-4.1.1-21
- Fri Sep 29 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.29-1
- Upgrade to latest from NSA
* Merged av_permissions.h update from Steve Grubb,
adding setsockcreate and polmatch definitions. - Wed Sep 27 2006 Jeremy Katz <katzj@redhat.com> - 1.30.28-3
- really make -devel depend on libsepol-devel
- Mon Sep 25 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.28-2
- Add sgrubb patch for polmatch
- Wed Sep 13 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.28-1
- Upgrade to latest from NSA
* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client - Tue Sep 5 2006 Jeremy Katz <katzj@redhat.com> - 1.30.27-2
- have -devel require libsepol-devel
- Thu Aug 24 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.27-1
- Upgrade to latest from NSA
* Merged patch to not log avc stats upon a reset from Steve Grubb.
* Applied patch to revert compat_net setting upon policy load.
* Merged file context homedir and local path functions from
Chris PeBenito. - Fri Aug 18 2006 Jesse Keating <jkeating@redhat.com> - 1.20.26-2
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
(#203001) - Sat Aug 12 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.25-1
- Upgrade to latest from NSA
* Merged file context homedir and local path functions from
Chris PeBenito.
* Rework functions that access /proc/pid/attr to access the
per-thread nodes, and unify the code to simplify maintenance. - Fri Aug 11 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.24-1
- Upgrade to latest from NSA
* Merged return value fix for *getfilecon() from Dan Walsh.
* Merged sockcreate interfaces from Eric Paris. - Wed Aug 9 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.22-2
- Fix translation return codes to return size of buffer
- Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.22-1
- Upgrade to latest from NSA
* Merged no-tls-direct-seg-refs patch from Jeremy Katz.
* Merged netfilter_contexts support patch from Chris PeBenito. - Tue Aug 1 2006 Dan Walsh <dwalsh@redhat.com> - 1.30.20-1
- Upgrade to latest from NSA
* Merged context_*_set errno patch from Jim Meyering. - Tue Aug 1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-5
- only build non-fpic objects with -mno-tls-direct-seg-refs
- Tue Aug 1 2006 Jeremy Katz <katzj@redhat.com> - 1.30.19-4
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering
segfaults with xen (#200783) - Mon Jul 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-3
- Rebuild for new gcc
- Tue Jul 11 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-2
- Fix libselinux to not telinit during installs
- Tue Jul 4 2006 Dan Walsh <dwalsh@redhat.com> 1.30.19-1
- Upgrade to latest from NSA
* Lindent.
* Merged {get,set}procattrcon patch set from Eric Paris.
* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
* Regenerated Flask headers from refpolicy.
* Merged patch from Dan Walsh with:
- Added selinux_file_context_{cmp,verify}.
- Added selinux_lsetfilecon_default.
- Delay translation of contexts in matchpathcon. - Wed Jun 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.15-5
- Yet another change to matchpathcon
- Wed Jun 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.15-4
- Turn off error printing in library. Need to compile with DEBUG to get it back
- Wed Jun 21 2006 Dan Walsh <dwalsh@redhat.com> 1.30.15-3
- Fix error reporting of matchpathcon
- Mon Jun 19 2006 Dan Walsh <dwalsh@redhat.com> 1.30.15-2
- Add function to compare file context on disk versus contexts in file_contexts file.
- Fri Jun 16 2006 Dan Walsh <dwalsh@redhat.com> 1.30.15-1
- Upgrade to latest from NSA
* Merged patch from Dan Walsh with:
* Added selinux_getpolicytype() function.
* Modified setrans code to skip processing if !mls_enabled.
* Set errno in the !selinux_mnt case.
* Allocate large buffers from the heap, not on stack.
Affects is_context_customizable, selinux_init_load_policy,
and selinux_getenforcemode. - Thu Jun 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.12-2
- Add selinux_getpolicytype()
- Thu Jun 1 2006 Dan Walsh <dwalsh@redhat.com> 1.30.12-1
- Upgrade to latest from NSA
* Merged !selinux_mnt checks from Ian Kent. - Thu Jun 1 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-2
- Check for selinux_mnt == NULL
- Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
* Merged matchmediacon and trans_to_raw_context fixes from
Serge Hallyn. - Fri May 26 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-4
- Remove getseuser
- Thu May 25 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-3
- Bump requires to grab latest libsepol
- Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-2
- Add BuildRequires for swig
- Tue May 23 2006 Dan Walsh <dwalsh@redhat.com> 1.30.10-1
- Upgrade to latest from NSA
* Merged simple setrans client cache from Dan Walsh.
Merged avcstat patch from Russell Coker.
* Modified selinux_mkload_policy() to also set /selinux/compat_net
appropriately for the loaded policy. - Thu May 18 2006 Dan Walsh <dwalsh@redhat.com> 1.30.8-1
- More fixes for translation cache
- Upgrade to latest from NSA
* Added matchpathcon_fini() function to free memory allocated by
matchpathcon_init(). - Wed May 17 2006 Dan Walsh <dwalsh@redhat.com> 1.30.7-2
- Add simple cache to improve translation speed
- Tue May 16 2006 Dan Walsh <dwalsh@redhat.com> 1.30.7-1
- Upgrade to latest from NSA
* Merged setrans client cleanup patch from Steve Grubb. - Tue May 9 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-2
- Add Russell's AVC patch to handle large numbers
- Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.6-1
- Upgrade to latest from NSA
* Merged getfscreatecon man page fix from Dan Walsh.
* Updated booleans(8) man page to drop references to the old
booleans file and to note that setsebool can be used to set
the boot-time defaults via -P. - Mon May 8 2006 Dan Walsh <dwalsh@redhat.com> 1.30.5-1
- Upgrade to latest from NSA
* Merged fix warnings patch from Karl MacMillan.
* Merged setrans client support from Dan Walsh.
This removes use of libsetrans.
* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
* Merged swig typemap fixes from Glauber de Oliveira Costa. - Wed May 3 2006 Dan Walsh <dwalsh@redhat.com> 1.30.3-3
- Change the way translations work, Use setransd/remove libsetrans
- Tue May 2 2006 Dan Walsh <dwalsh@redhat.com> 1.30.3-2
- Add selinuxswig fixes
- Stop using PAGE_SIZE and start using sysconf(_SC_PAGE_SIZE) - Fri Apr 14 2006 Dan Walsh <dwalsh@redhat.com> 1.30.3-1
- Upgrade to latest from NSA
* Added distclean target to Makefile.
* Regenerated swig files.
* Changed matchpathcon_init to verify that the spec file is
a regular file.
* Merged python binding t_output_helper removal patch from Dan Walsh. - Tue Apr 11 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-2
- Fix python bindings for matchpathcon
- Fix booleans man page - Mon Mar 27 2006 Dan Walsh <dwalsh@redhat.com> 1.30.1-1
* Merged Makefile PYLIBVER definition patch from Dan Walsh.
- Fri Mar 10 2006 Dan Walsh <dwalsh@redhat.com> 1.30-1
- Make some fixes so it will build on RHEL4
- Upgrade to latest from NSA
* Updated version for release.
* Altered rpm_execcon fallback logic for permissive mode to also
handle case where /selinux/enforce is not available. - Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.29.7-1.2
- bump again for double-long bug on ppc(64)
- Tue Feb 7 2006 Jesse Keating <jkeating@redhat.com> - 1.29.7-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
- Fri Jan 20 2006 Dan Walsh <dwalsh@redhat.com> 1.29.7-1
- Upgrade to latest from NSA
* Merged install-pywrap Makefile patch from Joshua Brindle. - Wed Jan 18 2006 Dan Walsh <dwalsh@redhat.com> 1.29.6-1
- Upgrade to latest from NSA
* Merged pywrap Makefile patch from Dan Walsh. - Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.29.5-2
- Split out pywrap in Makefile
- Fri Jan 13 2006 Dan Walsh <dwalsh@redhat.com> 1.29.5-1
- Upgrade to latest from NSA
* Added getseuser test program. - Sat Jan 7 2006 Dan Walsh <dwalsh@redhat.com> 1.29.4-1
- Upgrade to latest from NSA
* Added format attribute to myprintf in matchpathcon.c and
removed obsoleted rootlen variable in init_selinux_config(). - Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.29.3-2
- Build with new libsepol
- Wed Jan 4 2006 Dan Walsh <dwalsh@redhat.com> 1.29.3-1
- Upgrade to latest from NSA
* Merged several fixes and improvements from Ulrich Drepper
(Red Hat), including:
- corrected use of getline
- further calls to __fsetlocking for local files
- use of strdupa and asprintf
- proper handling of dirent in booleans code
- use of -z relro
- several other optimizations
* Merged getpidcon python wrapper from Dan Walsh (Red Hat). - Sat Dec 24 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-4
- Add build requires line for libsepol-devel
- Tue Dec 20 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-3
- Fix swig call for getpidcon
- Mon Dec 19 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-2
- Move libselinux.so to base package
- Wed Dec 14 2005 Dan Walsh <dwalsh@redhat.com> 1.29.2-1
- Upgrade to latest from NSA
* Merged call to finish_context_translations from Dan Walsh.
This eliminates a memory leak from failing to release memory
allocated by libsetrans. - Sun Dec 11 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-3
- update to latest libsetrans
- Fix potential memory leak - Fri Dec 9 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
- Thu Dec 8 2005 Dan Walsh <dwalsh@redhat.com> 1.29.1-1
- Update to never version
* Merged patch for swig interfaces from Dan Walsh. - Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.28-1
- Update to never version
- Wed Dec 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-2
- Fix some of the python swig objects
- Thu Dec 1 2005 Dan Walsh <dwalsh@redhat.com> 1.27.28-1
- Update to latest from NSA
* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
modified matchpathcon implementation to make context validation/
canonicalization optional at matchpathcon_init time, deferring it
to a successful matchpathcon by default unless the new flag is set
by the caller.
* Added matchpathcon_init_prefix() interface, and
reworked matchpathcon implementation to support selective
loading of file contexts entries based on prefix matching
between the pathname regex stems and the specified path
prefix (stem must be a prefix of the specified path prefix). - Wed Nov 30 2005 Dan Walsh <dwalsh@redhat.com> 1.27.26-1
- Update to latest from NSA
* Change getsebool to return on/off instead of active/inactive - Tue Nov 29 2005 Dan Walsh <dwalsh@redhat.com> 1.27.25-1
- Update to latest from NSA
* Added -f file_contexts option to matchpathcon util.
Fixed warning message in matchpathcon_init().
* Merged Makefile python definitions patch from Dan Walsh. - Mon Nov 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.23-1
- Update to latest from NSA
* Merged swigify patch from Dan Walsh. - Mon Nov 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.22-4
- Separate out libselinux-python bindings into separate rpm
- Thu Nov 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.22-3
- Read libsetrans requirement
- Thu Nov 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.22-2
- Add python bindings
- Wed Nov 16 2005 Dan Walsh <dwalsh@redhat.com> 1.27.22-1
- Update to latest from NSA
* Merged make failure in rpm_execcon non-fatal in permissive mode
patch from Ivan Gyurdiev. - Tue Nov 15 2005 Dan Walsh <dwalsh@redhat.com> 1.27.21-2
- Remove requirement for libsetrans
- Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.21-1
- Update to latest from NSA
* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
and modified matchpathcon_init() to skip context translation
if it is set by the caller. - Tue Nov 8 2005 Dan Walsh <dwalsh@redhat.com> 1.27.20-1
- Update to latest from NSA
* Added security_canonicalize_context() interface and
set_matchpathcon_canoncon() interface for obtaining
canonical contexts. Changed matchpathcon internals
to obtain canonical contexts by default. Provided
fallback for kernels that lack extended selinuxfs context
interface.
- Patch to not translate mls when calling setfiles - Mon Nov 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.19-1
- Update to latest from NSA
* Merged seusers parser changes from Ivan Gyurdiev.
* Merged setsebool to libsemanage patch from Ivan Gyurdiev.
* Changed seusers parser to reject empty fields. - Fri Nov 4 2005 Dan Walsh <dwalsh@redhat.com> 1.27.18-1
- Update to latest from NSA
* Merged seusers empty level handling patch from Jonathan Kim (TCS). - Thu Nov 3 2005 Dan Walsh <dwalsh@redhat.com> 1.27.17-4
- Rebuild for latest libsepol
- Mon Oct 31 2005 Dan Walsh <dwalsh@redhat.com> 1.27.17-2
- Rebuild for latest libsepol
- Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.27.17-1
- Change default to __default__
- Wed Oct 26 2005 Dan Walsh <dwalsh@redhat.com> 1.27.14-3
- Change default to __default__
- Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.27.14-2
- Add selinux_translations_path
- Tue Oct 25 2005 Dan Walsh <dwalsh@redhat.com> 1.27.14-1
- Update to latest from NSA
* Merged selinux_path() and selinux_homedir_context_path()
functions from Joshua Brindle. - Fri Oct 21 2005 Dan Walsh <dwalsh@redhat.com> 1.27.13-2
- Need to check for /sbin/telinit
- Thu Oct 20 2005 Dan Walsh <dwalsh@redhat.com> 1.27.13-1
- Update to latest from NSA
* Merged fixes for make DESTDIR= builds from Joshua Brindle. - Mon Oct 17 2005 Dan Walsh <dwalsh@redhat.com> 1.27.12-1
- Update to latest from NSA
* Merged get_default_context_with_rolelevel and man pages from
Dan Walsh (Red Hat).
* Updated call to sepol_policydb_to_image for sepol changes.
* Changed getseuserbyname to ignore empty lines and to handle
no matching entry in the same manner as no seusers file. - Fri Oct 14 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-2
- Tell init to reexec itself in post script
- Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-1
- Update to latest from NSA
* Changed selinux_mkload_policy to try downgrading the
latest policy version available to the kernel-supported version.
* Changed selinux_mkload_policy to fall back to the maximum
policy version supported by libsepol if the kernel policy version
falls outside of the supported range. - Fri Oct 7 2005 Dan Walsh <dwalsh@redhat.com> 1.27.7-1
- Update to latest from NSA
* Changed getseuserbyname to fall back to the Linux username and
NULL level if seusers config file doesn't exist unless
REQUIRESEUSERS=1 is set in /etc/selinux/config.
* Moved seusers.conf under $SELINUXTYPE and renamed to seusers. - Thu Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.6-1
- Update to latest from NSA
* Added selinux_init_load_policy() function as an even higher level
interface for the initial policy load by /sbin/init. This obsoletes
the load_policy() function in the sysvinit-selinux.patch.
* Added selinux_mkload_policy() function as a higher level interface
for loading policy than the security_load_policy() interface. - Thu Oct 6 2005 Dan Walsh <dwalsh@redhat.com> 1.27.4-1
- Update to latest from NSA
* Merged fix for matchpathcon (regcomp error checking) from Johan
Fischer. Also added use of regerror to obtain the error string
for inclusion in the error message. - Tue Oct 4 2005 Dan Walsh <dwalsh@redhat.com> 1.27.3-1
- Update to latest from NSA
* Changed getseuserbyname to not require (and ignore if present)
the MLS level in seusers.conf if MLS is disabled, setting *level
to NULL in this case. - Mon Oct 3 2005 Dan Walsh <dwalsh@redhat.com> 1.27.2-1
- Update to latest from NSA
* Merged getseuserbyname patch from Dan Walsh. - Thu Sep 29 2005 Dan Walsh <dwalsh@redhat.com> 1.27.1-3
- Fix patch to satisfy upstream
- Wed Sep 28 2005 Dan Walsh <dwalsh@redhat.com> 1.27.1-2
- Update to latest from NSA
- Add getseuserbyname - Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-6
- Fix patch call
- Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-5
- Fix strip_con call
- Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-3
- Go back to original libsetrans code
- Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
- Eliminate forth param from mls context when mls is not enabled.
- Tue Sep 6 2005 Dan Walsh <dwalsh@redhat.com> 1.25.7-1
- Update from NSA
* Merged modified form of patch to avoid dlopen/dlclose by
the static libselinux from Dan Walsh. Users of the static libselinux
will not have any context translation by default. - Thu Sep 1 2005 Dan Walsh <dwalsh@redhat.com> 1.25.6-1
- Update from NSA
* Added public functions to export context translation to
users of libselinux (selinux_trans_to_raw_context,
selinux_raw_to_trans_context). - Mon Aug 29 2005 Dan Walsh <dwalsh@redhat.com> 1.25.5-1
- Update from NSA
* Remove special definition for context_range_set; use
common code. - Thu Aug 25 2005 Dan Walsh <dwalsh@redhat.com> 1.25.4-1
- Update from NSA
* Hid translation-related symbols entirely and ensured that
raw functions have hidden definitions for internal use.
* Allowed setting NULL via context_set* functions.
* Allowed whitespace in MLS component of context.
* Changed rpm_execcon to use translated functions to workaround
lack of MLS level on upgraded systems. - Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-2
- Allow set_comp on unset ranges
- Wed Aug 24 2005 Dan Walsh <dwalsh@redhat.com> 1.25.3-1
* Merged context translation patch, originally by TCS,
with modifications by Dan Walsh (Red Hat). - Wed Aug 17 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-2
- Apply translation patch
- Thu Aug 11 2005 Dan Walsh <dwalsh@redhat.com> 1.25.2-1
- Update from NSA
* Merged several fixes for error handling paths in the
AVC sidtab, matchpathcon, booleans, context, and get_context_list
code from Serge Hallyn (IBM). Bugs found by Coverity.
* Removed setupns; migrated to pam.
* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
Original symbol is temporarily retained for compatibility until
all callers are updated. - Mon Jul 18 2005 Dan Walsh <dwalsh@redhat.com> 1.24.2-1
- Update makefiles
- Wed Jun 29 2005 Dan Walsh <dwalsh@redhat.com> 1.24.1-1
- Update from NSA
* Merged security_setupns() from Chad Sellers.
- fix selinuxenabled man page - Fri May 20 2005 Dan Walsh <dwalsh@redhat.com> 1.23.11-1
- Update from NSA
* Merged avcstat and selinux man page from Dan Walsh.
* Changed security_load_booleans to process booleans.local
even if booleans file doesn't exist. - Tue Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
- Fix avcstat to clear totals
- Tue Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-2
- Add info to man page
- Tue Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-1
- Update from NSA
* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
* Rewrote get_ordered_context_list and helpers, including
changing logic to allow variable MLS fields. - Tue Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.8-1
- Update from NSA
- Thu Apr 21 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-3
- Add backin matchpathcon
- Wed Apr 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-2
- Fix selinux_policy_root man page
- Wed Apr 13 2005 Dan Walsh <dwalsh@redhat.com> 1.23.7-1
- Change assert(selinux_mnt) to if (!selinux_mnt) return -1;
- Mon Apr 11 2005 Dan Walsh <dwalsh@redhat.com> 1.23.6-1
- Update from NSA
* Fixed bug in matchpathcon_filespec_destroy. - Wed Apr 6 2005 Dan Walsh <dwalsh@redhat.com> 1.23.5-1
- Update from NSA
* Fixed bug in rpm_execcon error handling path. - Mon Apr 4 2005 Dan Walsh <dwalsh@redhat.com> 1.23.4-1
- Update from NSA
* Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
* Merged fix for getconlist utility from Andreas Steinmetz. - Tue Mar 29 2005 Dan Walsh <dwalsh@redhat.com> 1.23.2-3
- Update from NSA
- Wed Mar 23 2005 Dan Walsh <dwalsh@redhat.com> 1.23.2-2
- Better handling of booleans
- Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.2-1
- Update from NSA
* Merged destructors patch from Tomas Mraz. - Thu Mar 17 2005 Dan Walsh <dwalsh@redhat.com> 1.23.1-1
- Update from NSA
* Added set_matchpathcon_flags() function for setting flags
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
means only process the base file_contexts file, not
file_contexts.homedirs or file_contexts.local, and is for use by
setfiles -c.
* Updated matchpathcon.3 man page. - Thu Mar 10 2005 Dan Walsh <dwalsh@redhat.com> 1.22-1
- Update from NSA
- Tue Mar 8 2005 Dan Walsh <dwalsh@redhat.com> 1.21.13-1
- Update from NSA
* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. - Tue Mar 1 2005 Dan Walsh <dwalsh@redhat.com> 1.21.12-1
- Update from NSA
* Changed matchpathcon_common to ignore any non-format bits in the mode. - Mon Feb 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.11-2
- Default matchpathcon to regular files if the user specifies a mode
- Tue Feb 22 2005 Dan Walsh <dwalsh@redhat.com> 1.21.11-1
- Update from NSA
* Merged several fixes from Ulrich Drepper. - Mon Feb 21 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-3
- Fix matchpathcon on eof.
- Thu Feb 17 2005 Dan Walsh <dwalsh@redhat.com> 1.21.10-1
- Update from NSA
* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
* Added selinux_users_path() for path to directory containing
system.users and local.users. - Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.9-2
- Process file_context.homedir
- Thu Feb 10 2005 Dan Walsh <dwalsh@redhat.com> 1.21.9-1
- Update from NSA
* Changed relabel Makefile target to use restorecon. - Tue Feb 8 2005 Dan Walsh <dwalsh@redhat.com> 1.21.8-1
- Update from NSA
* Regenerated av_permissions.h. - Wed Feb 2 2005 Dan Walsh <dwalsh@redhat.com> 1.21.7-1
- Update from NSA
* Modified avc_dump_av to explicitly check for any permissions that
cannot be mapped to string names and display them as a hex value.
* Regenerated av_permissions.h. - Mon Jan 31 2005 Dan Walsh <dwalsh@redhat.com> 1.21.5-1
- Update from NSA
* Generalized matchpathcon internals, exported more interfaces,
and moved additional code from setfiles into libselinux so that
setfiles can directly use matchpathcon. - Fri Jan 28 2005 Dan Walsh <dwalsh@redhat.com> 1.21.4-1
- Update from NSA
* Prevent overflow of spec array in matchpathcon.
* Fixed several uses of internal functions to avoid relocations.
* Changed rpm_execcon to check is_selinux_enabled() and fallback to
a regular execve if not enabled (or unable to determine due to a lack
of /proc, e.g. chroot'd environment). - Wed Jan 26 2005 Dan Walsh <dwalsh@redhat.com> 1.21.2-1
- Update from NSA
* Merged minor fix for avcstat from Dan Walsh. - Mon Jan 24 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-3
- rpmexeccon should not fail in permissive mode.
- Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-2
- fix printf in avcstat
- Thu Jan 20 2005 Dan Walsh <dwalsh@redhat.com> 1.21.1-1
- Update from NSA
- Wed Jan 12 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-3
- Modify matchpathcon to also process file_contexts.local if it exists
- Wed Jan 12 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-2
- Add is_customizable_types function call
- Fri Jan 7 2005 Dan Walsh <dwalsh@redhat.com> 1.20.1-1
- Update to latest from upstream
* Just changing version number to match upstream - Wed Dec 29 2004 Dan Walsh <dwalsh@redhat.com> 1.19.4-1
- Update to latest from upstream
* Changed matchpathcon to return -1 with errno ENOENT for
<> entries, and also for an empty file_contexts configuration. - Tue Dec 28 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-3
- Fix link devel libraries
- Mon Dec 27 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-2
- Fix unitialized variable in avcstat.c
- Tue Nov 30 2004 Dan Walsh <dwalsh@redhat.com> 1.19.3-1
- Upgrade to upstream
* Removed some trivial utils that were not useful or redundant.
* Changed BINDIR default to /usr/sbin to match change in Fedora.
* Added security_compute_member.
* Added man page for setcon. - Tue Nov 30 2004 Dan Walsh <dwalsh@redhat.com> 1.19.2-1
- Upgrade to upstream
- Thu Nov 18 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-6
- Add avcstat program
- Mon Nov 15 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-4
- Add lots of missing man pages
- Fri Nov 12 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-2
- Fix output of getsebool.
- Tue Nov 9 2004 Dan Walsh <dwalsh@redhat.com> 1.19.1-1
- Update from upstream, fix setsebool -P segfault
- Fri Nov 5 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-5
- Add a patch from upstream. Fixes signed/unsigned issues, and
incomplete structure copy. - Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-4
- More fixes from sgrubb, better syslog
- Thu Nov 4 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-3
- Have setsebool and togglesebool log changes to syslog
- Wed Nov 3 2004 Steve Grubb <sgrubb@redhat.com> 1.18.1-2
- Add patch to make setsebool update bool on disk
- Make togglesebool have a rollback capability in case it blows up inflight - Tue Nov 2 2004 Dan Walsh <dwalsh@redhat.com> 1.18.1-1
- Upgrade to latest from NSA
- Thu Oct 28 2004 Steve Grubb <sgrubb@redhat.com> 1.17.15-2
- Changed the location of the utilities to /usr/sbin since
normal users can't use them anyways. - Wed Oct 27 2004 Steve Grubb <sgrubb@redhat.com> 1.17.15-2
- Updated various utilities, removed utilities that are for testing,
added man pages. - Fri Oct 15 2004 Dan Walsh <dwalsh@redhat.com> 1.17.15-1
- Add -g flag to make
- Upgrade to latest from NSA
* Added rpm_execcon. - Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.14-1
- Upgrade to latest from NSA
* Merged setenforce and removable context patch from Dan Walsh.
* Merged build fix for alpha from Ulrich Drepper.
* Removed copyright/license from selinux_netlink.h - definitions only. - Fri Oct 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.13-3
- Change setenforce to accept Enforcing and Permissive
- Wed Sep 22 2004 Dan Walsh <dwalsh@redhat.com> 1.17.13-2
- Add alpha patch
- Mon Sep 20 2004 Dan Walsh <dwalsh@redhat.com> 1.17.13-1
- Upgrade to latest from NSA
- Thu Sep 16 2004 Dan Walsh <dwalsh@redhat.com> 1.17.12-2
- Add selinux_removable_context_path
- Tue Sep 14 2004 Dan Walsh <dwalsh@redhat.com> 1.17.12-1
- Update from NSA
* Add matchmediacon - Tue Sep 14 2004 Dan Walsh <dwalsh@redhat.com> 1.17.11-1
- Update from NSA
* Merged in matchmediacon changes. - Fri Sep 10 2004 Dan Walsh <dwalsh@redhat.com> 1.17.10-1
- Update from NSA
* Regenerated headers for new nscd permissions. - Wed Sep 8 2004 Dan Walsh <dwalsh@redhat.com> 1.17.9-2
- Add matchmediacon
- Wed Sep 8 2004 Dan Walsh <dwalsh@redhat.com> 1.17.9-1
- Update from NSA
* Added get_default_context_with_role. - Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-2
- Clean up spec file
* Patch from Matthias Saou - Thu Sep 2 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1
- Update from NSA
* Added set_matchpathcon_printf. - Wed Sep 1 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
- Update from NSA
* Reworked av_inherit.h to allow easier re-use by kernel. - Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
- Add strcasecmp in selinux_config
- Update from NSA
* Changed avc_has_perm_noaudit to not fail on netlink errors.
* Changed avc netlink code to check pid based on patch by Steve Grubb.
* Merged second optimization patch from Ulrich Drepper.
* Changed matchpathcon to skip invalid file_contexts entries.
* Made string tables private to libselinux.
* Merged strcat->stpcpy patch from Ulrich Drepper.
* Merged matchpathcon man page from Dan Walsh.
* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
* Autobind netlink socket.
* Dropped compatibility code from security_compute_user.
* Merged fix for context_range_set from Chad Hanson.
* Merged allocation failure checking patch from Chad Hanson.
* Merged avc netlink error message patch from Colin Walters. - Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.5-1
- Update from NSA
* Merged second optimization patch from Ulrich Drepper.
* Changed matchpathcon to skip invalid file_contexts entries.
* Made string tables private to libselinux.
* Merged strcat->stpcpy patch from Ulrich Drepper.
* Merged matchpathcon man page from Dan Walsh.
* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
* Autobind netlink socket.
* Dropped compatibility code from security_compute_user.
* Merged fix for context_range_set from Chad Hanson.
* Merged allocation failure checking patch from Chad Hanson.
* Merged avc netlink error message patch from Colin Walters. - Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
- Update from NSA
- Add optflags - Thu Aug 26 2004 Dan Walsh <dwalsh@redhat.com> 1.17.3-1
- Update from NSA
- Thu Aug 26 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
- Add matchpathcon man page
- Latest from NSA
* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
* Autobind netlink socket.
* Dropped compatibility code from security_compute_user.
* Merged fix for context_range_set from Chad Hanson.
* Merged allocation failure checking patch from Chad Hanson.
* Merged avc netlink error message patch from Colin Walters. - Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.1-1
- Latest from NSA
* Autobind netlink socket.
* Dropped compatibility code from security_compute_user.
* Merged fix for context_range_set from Chad Hanson.
* Merged allocation failure checking patch from Chad Hanson.
* Merged avc netlink error message patch from Colin Walters. - Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.16.1-1
- Latest from NSA
- Thu Aug 19 2004 Colin Walters <walters@redhat.com> 1.16-1
- New upstream version
- Tue Aug 17 2004 Dan Walsh <dwalsh@redhat.com> 1.15.7-1
- Latest from Upstream
- Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.6-1
- Fix man pages
- Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.5-1
- Latest from Upstream
- Fri Aug 13 2004 Dan Walsh <dwalsh@redhat.com> 1.15.4-1
- Latest from Upstream
- Thu Aug 12 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-2
- Add man page for boolean functions and SELinux
- Sun Aug 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
- Latest from NSA
- Mon Jul 19 2004 Dan Walsh <dwalsh@redhat.com> 1.15.2-1
- Latest from NSA
- Mon Jul 19 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-3
- uppercase getenforce returns, to make them match system-config-securitylevel
- Thu Jul 15 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-2
- Remove old path patch
- Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
- Update to latest from NSA
- Add fix to only get old path if file_context file exists in old location - Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
- Update to latest from NSA
- Wed Jun 16 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
- add nlclass patch
- Update to latest from NSA - Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
- Sun Jun 13 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
- Fix selinux_config to break once it finds SELINUXTYPE.
- Fri May 28 2004 Dan Walsh <dwalsh@redhat.com> 1.13.2-1
-Update with latest from NSA
- Thu May 27 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-1
- Change to use new policy mechanism
- Mon May 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
- add man patch
- Fri May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
- Update with latest from NSA
- Wed May 5 2004 Dan Walsh <dwalsh@redhat.com> 1.11.4-1
- Update with latest from NSA
- Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1
- Add changes for relaxed policy
- Update to match NSA - Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1
- Add relaxed policy changes
- Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
- Sync with NSA
- Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-3
- Remove requires glibc>2.3.4
- Wed Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 1.11-2
- Fix selinuxenabled man page.
- Wed Apr 7 2004 Dan Walsh <dwalsh@redhat.com> 1.11-1
- Upgrade to 1.11
- Wed Apr 7 2004 Dan Walsh <dwalsh@redhat.com> 1.10-2
- Add memleaks patch
- Wed Apr 7 2004 Dan Walsh <dwalsh@redhat.com> 1.10-1
- Upgrade to latest from NSA and add more man pages
- Thu Apr 1 2004 Dan Walsh <dwalsh@redhat.com> 1.9-1
- Update to match NSA
- Cleanup some man pages - Tue Mar 30 2004 Dan Walsh <dwalsh@redhat.com> 1.8-1
- Upgrade to latest from NSA
- Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-6
- Add Russell's Man pages
- Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-5
- Change getenforce to also check is_selinux_enabled
- Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-4
- Add ownership to /usr/include/selinux
- Wed Mar 10 2004 Dan Walsh <dwalsh@redhat.com> 1.6-3
- fix location of file_contexts file.
- Wed Mar 10 2004 Dan Walsh <dwalsh@redhat.com> 1.6-2
- Fix matchpathcon to use BUFSIZ
- Tue Mar 2 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
- Mon Feb 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-11
- add matchpathcon
- Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
- Fri Jan 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-9
- Add rootok patch
- Wed Jan 14 2004 Dan Walsh <dwalsh@redhat.com> 1.4-8
- Updated getpeernam patch
- Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.4-7
- Add getpeernam patch
- Thu Dec 18 2003 Dan Walsh <dwalsh@redhat.com> 1.4-6
- Add getpeercon patch
- Thu Dec 18 2003 Dan Walsh <dwalsh@redhat.com> 1.4-5
- Put mntpoint patch, because found fix for SysVinit
- Wed Dec 17 2003 Dan Walsh <dwalsh@redhat.com> 1.4-4
- Add remove mntpoint patch, because it breaks SysVinit
- Wed Dec 17 2003 Dan Walsh <dwalsh@redhat.com> 1.4-3
- Add mntpoint patch for SysVinit
- Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Add -r -u -t to getcon
- Sat Dec 6 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
- Upgrade to latest from NSA
- Mon Oct 27 2003 Dan Walsh <dwalsh@redhat.com> 1.3-2
- Fix x86_64 build
- Tue Oct 21 2003 Dan Walsh <dwalsh@redhat.com> 1.3-1
- Latest tarball from NSA.
- Tue Oct 21 2003 Dan Walsh <dwalsh@redhat.com> 1.2-9
- Update with latest changes from NSA
- Mon Oct 20 2003 Dan Walsh <dwalsh@redhat.com> 1.2-8
- Change location of .so file
- Wed Oct 8 2003 Dan Walsh <dwalsh@redhat.com> 1.2-7
- Break out into development library
- Wed Oct 8 2003 Dan Walsh <dwalsh@redhat.com> 1.2-6
- Move location of libselinux.so to /lib
- Fri Oct 3 2003 Dan Walsh <dwalsh@redhat.com> 1.2-5
- Add selinuxenabled patch
- Wed Oct 1 2003 Dan Walsh <dwalsh@redhat.com> 1.2-4
- Update with final NSA 1.2 sources.
- Fri Sep 12 2003 Dan Walsh <dwalsh@redhat.com> 1.2-3
- Update with latest from NSA.
- Thu Aug 28 2003 Dan Walsh <dwalsh@redhat.com> 1.2-2
- Fix to build on x86_64
- Thu Aug 21 2003 Dan Walsh <dwalsh@redhat.com> 1.2-1
- update for version 1.2
- Tue May 27 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version