root/archive/mls/ChangeLog

1.27.3 2005-11-17
        * Removed the seuser policy as suggested by Kevin Carr.
        * Removed unnecessary allow rule concerning tmpfs_t in the squid
        policy as suggested by Russell Coker.
        * Merged a patch from Jonathan Kim which modified the restorecon policy
        to use the secadmin attribute.
        * Merged a patch from Dan Walsh.  Added avahi, exim, and yppasswdd
        policies.  Added the unconfinedtrans attribute for domains that
        can transistion to unconfined_t.  Added httpd_enable_ftp_server,
        allow_postgresql_use_pam, pppd_can_insmod, and allow_gssd_read_tmp
        booleans.  Created a $1_disable_trans boolean used in the
        init_service_domain macro to specify whether init should
        transition to a new domain when executing.  Included Chad Hanson's
        patch which adds the mls* attributes to more domains and makes
        other changes to support MLS.  Included Russell Coker's patch
        which makes many changes to the sendmail policy.  Added rules to
        allow initscripts to execute scripts that they generate.  Added
        dbus support to the named policy.  Made other fixes and cleanups
        to various policies including amanda, apache, bluetooth, pegasus,
        postfix, pppd, and slapd.  Removed sendmail policy from targeted.
1.27.2 2005-10-20
        * Merged patch from Chad Hanson.  Modified MLS constraints.
        Provided comments for the MLS attributes.
        * Merged two patches from Thomas Bleher which made some minor
        fixes and cleanups.
        * Merged patches from Russell Coker. Added comments to some of the
        MLS attributes.  Added the secure_mode_insmod boolean to determine
        whether the system permits loading policy, setting enforcing mode,
        and changing boolean values. Made minor fixes for the cdrecord_domain
        macro, application_domain, newrole_domain, and daemon_base_domain
        macros.  Added rules to allow the mail server to access the user
        home directories in the targeted policy and allows the postfix
        showq program to do DNS lookups.  Minor fixes for the MCS
        policy.  Made other minor fixes and cleanups.
        * Merged patch from Dan Walsh.  Added opencd, pegasus, readahead,
        and roundup policies.  Created can_access_pty macro to handle pty
        output.  Created nsswithch_domain macro for domains using
        nsswitch.  Added mcs transition rules.  Removed mqueue and added
        capifs genfscon entries.  Added dhcpd and pegasus ports.  Added
        domain transitions from login domains to pam_console and alsa
        domains.  Added rules to allow the httpd and squid domains to
        relay more protocols.  For the targeted policy, removed sysadm_r
        role from unconfined_t.  Made other fixes and cleanups.
1.27.1 2005-09-15
        * Merged small patches from Russell Coker for the apostrophe,
        dhcpc, fsadm, and setfiles policy.
        * Merged a patch from Russell Coker with some minor fixes to a
        multitude of policy files.
        * Merged patch from Dan Walsh from August 15th. Adds certwatch
        policy.  Adds mcs support to Makefile.  Adds mcs file which
        defines sensitivities and categories for the MSC policy.  Creates
        an authentication_domain macro in global_macros.te for domains
        that use pam_authentication.  Creates the anonymous_domain macro
        so that the ftpd, rsync, httpd, and smbd domains can share the
        ftpd_anon_t and ftpd_anon_rw_t types.  Removes netifcon rules to
        start isolating individual ethernet devices.  Changes vpnc from a
        daemon to an application_domain.  Adds audit_control capability to
        crond_t.  Adds dac_override and dac_read_search capabilities to
        fsadm_t to allow the manipulation of removable media.  Adds
        read_sysctl macro to the base_passwd_domain macro.  Adds rules to
        allow alsa_t to communicate with userspace.  Allows networkmanager
        to communicate with isakmp_port and to use vpnc.  For targeted
        policy, removes transitions of sysadm_t to apm_t, backup_t,
        bootloader_t, cardmgr_t, clockspeed_t, hwclock_t, and kudzu_t.
        Makes other minor cleanups and fixes.
        
1.26 2005-09-06
        * Updated version for release.

1.25.4 2005-08-10
        * Merged small patches from Russell Coker for the restorecon,
        kudzu, lvm, radvd, and spamassasin policies.
        * Added fs_use_trans rule for mqueue from Mark Gebhart to support
        the work he has done on providing SELinux support for mqueue.
        * Merged a patch from Dan Walsh. Removes the user_can_mount
        tunable.  Adds disable_evolution_trans and disable_thunderbird_trans
        booleans.  Adds the nscd_client_domain attribute to insmod_t.
        Removes the user_ping boolean from targeted policy.  Adds
        hugetlbfs, inotifyfs, and mqueue filesystems to genfs_contexts.
        Adds the isakmp_port for vpnc.  Creates the pptp daemon domain.
        Allows getty to run sbin_t for pppd.  Allows initrc to write to
        default_t for booting.  Allows Hotplug_t sys_rawio for prism54
        card at boot.  Other minor fixes.

1.25.3 2005-07-18
        * Merged patch from Dan Walsh.  Adds auth_bool attribute to allow
        domains to have read access to shadow_t.  Creates pppd_can_insmod
        boolean to control the loading of modem kernel modules.  Allows
        nfs to export noexattrfile types.  Allows unix_chpwd to access
        cert files and random devices for encryption purposes.  Other
        minor cleanups and fixes.

1.25.2 2005-07-11
        * Merged patch from Dan Walsh.  Added allow_ptrace boolean to
        allow sysadm_t to ptrace and debug apps.  Gives auth_chkpwd the
        audit_control and audit_write capabilities.  Stops targeted policy
        from transitioning from unconfined_t to netutils.  Allows cupsd to
        audit messages.  Gives prelink the execheap, execmem, and execstack
        permissions by default.  Adds can_winbind boolean and functions to
        better handle samba and winbind communications.  Eliminates
        allow_execmod checks around texrel_shlib_t libraries.  Other minor
        cleanups and fixes.
        
1.25.1 2005-07-05
        * Moved role_tty_type_change, reach_sysadm, and priv_user macros
        from user.te to user_macros.te as suggested by Steve.
        * Modified admin_domain macro so autrace would work and removed
        privuser attribute for dhcpc as suggested by Russell Coker.
        * Merged rather large patch from Dan Walsh.  Moves
        targeted/strict/mls policies closer together.  Adds local.te for
        users to customize.  Includes minor fixes to auditd, cups,
        cyrus_imapd, dhcpc, and dovecot.  Includes Russell Coker's patch
        that defines all ports in network.te.  Ports are always defined
        now, no ifdefs are used in network.te.  Also includes Ivan
        Gyurdiev's user home directory policy patches.  These patches add
        alsa, bonobo, ethereal, evolution, gconf, gnome, gnome_vfs,
        iceauth, orbit, and thunderbird policy.  They create read_content,
        write_trusted, and write_untrusted macros in content.te.  They
        create network_home, write_network_home, read_network_home,
        base_domain_ro_access, home_domain_access, home_domain, and
        home_domain_ro macros in home_macros.te.  They also create
        $3_read_content, $3_write_content, and write_untrusted booleans.
        
1.24 2005-06-20
        * Updated version for release.

1.23.18 2005-05-31
        * Merged minor fixes to pppd.fc and courier.te by Russell Coker.
        * Removed devfsd policy as suggested by Russell Coker.
        * Merged patch from Dan Walsh.  Includes beginnings of Ivan
        Gyurdiev's Font Config policy.  Don't transition to fsadm_t from
        unconfined_t (sysadm_t) in targeted policy.  Add support for
        debugfs in modutil.  Allow automount to create and delete
        directories in /root and /home dirs.  Move can_ypbind to
        chkpwd_macro.te.  Allow useradd to create additional files and
        types via the skell mechanism.  Other minor cleanups and fixes.

1.23.17 2005-05-23
        * Merged minor fixes by Petre Rodan to the daemontools, dante,
        gpg, kerberos, and ucspi-tcp policies.
        * Merged minor fixes by Russell Coker to the bluetooth, crond,
        initrc, postfix, and udev  policies.  Modifies constraints so that
        newaliases can be run.  Modifies types.fc so that objects in
        lost+found directories will not be relabled.
        * Modified fc rules for nvidia.
        * Added Chad Sellers policy for polyinstantiation support, which
        creates the polydir, polyparent, and polymember attributes.  Also
        added the support_polyinstantiation tunable.
        * Merged patch from Dan Walsh.  Includes mount_point attribute,
        read_font macros and some other policy fixes from Ivan Gyurdiev.
        Adds privkmsg and secadmfile attributes and ddcprobe policy.
        Removes the use_syslogng boolean.  Many other minor fixes.

1.23.16 2005-05-13
        * Added rdisc policy from Russell Coker.
        * Merged minor fix to named policy by Petre Rodan.
        * Merged minor fixes to policy from Russell Coker for kudzu,
        named, screen, setfiles, telnet, and xdm.
        * Merged minor fix to Makefile from Russell Coker.

1.23.15 2005-05-06
        * Added tripwire and yam policy from David Hampton.
        * Merged minor fixes to amavid and a clarification to the
        httpdcontent attribute comments from David Hampton.
        * Merged patch from Dan Walsh.  Includes fixes for restorecon,
        games, and postfix from Russell Coker.  Adds support for debugfs.
        Restores support for reiserfs.  Allows udev to work with tmpfs_t
        before /dev is labled.  Removes transition from sysadm_t
        (unconfined_t) to ifconfig_t for the targeted policy.  Other minor
        cleanups and fixes.

1.23.14 2005-04-29
        * Added afs policy from Andrew Reisse.
        * Merged patch from Lorenzo Hernández García-Hierro which defines
        execstack and execheap permissions.  The patch excludes these
        permissions from general_domain_access and updates the macros for
        X, legacy binaries, users, and unconfined domains.
        * Added nlmsg_relay permisison where netlink_audit_socket class is
        used.  Added nlmsg_readpriv permission to auditd_t and auditctl_t.
        * Merged some minor cleanups from Russell Coker and David Hampton.
        * Merged patch from Dan Walsh.  Many changes made to allow
        targeted policy to run closer to strict and now almost all of
        non-userspace is protected via SELinux.  Kernel is now in
        unconfined_domain for targeted and runs as root:system_r:kernel_t.
        Added transitionbool to daemon_sub_domain, mainly to turn off
        httpd_suexec transitioning.  Implemented web_client_domain
        name_connect rules.  Added yp support for cups.  Now the real
        hotplug, udev, initial_sid_contexts are used for the targeted
        policy.  Other minor cleanups and fixes.  Auditd fixes by Paul
        Moore.

1.23.13 2005-04-22
        * Merged more changes from Dan Walsh to initrc_t for removal of
        unconfined_domain.
        * Merged Dan Walsh's split of auditd policy into auditd_t for the
        audit daemon and auditctl_t for the autoctl program.
        * Added use of name_connect to uncond_can_ypbind macro by Dan
        Walsh.
        * Merged other cleanup and fixes by Dan Walsh.

1.23.12 2005-04-20
        * Merged Dan Walsh's Netlink changes to handle new auditing pam
        modules.
        * Merged Dan Walsh's patch removing the sysadmfile attribute from
        policy files to separate sysadm_t from secadm_t.
        * Added CVS and uucpd policy from Dan Walsh.
        * Cleanup by Dan Walsh to handle turning off unlimitedRC.
        * Merged Russell Coker's fixes to ntpd, postgrey, and named
        policy.
        * Cleanup of chkpwd_domain and added permissions to su_domain
        macro due to pam changes to support audit.
        * Added nlmsg_relay and nlmsg_readpriv permissions to the
        netlink_audit_socket class.

1.23.11 2005-04-14
        * Merged Dan Walsh's separation of the security manager and system
        administrator.
        * Removed screensaver.te as suggested by Thomas Bleher
        * Cleanup of typealiases that are no longer used by Thomas Bleher.
        * Cleanup of fc files and additional rules for SuSE by Thomas
        Bleher.
        * Merged changes to auditd and named policy by Russell Coker.
        * Merged MLS change from Darrel Goeddel to support the policy
        hierarchy patch.

1.23.10 2005-04-08
        * Removed pump.te, pump.fc, and targeted/domains/program/modutil.te

1.23.9 2005-04-07
        * Merged diffs from Dan Walsh.  Includes Ivan Gyurdiev's cleanup
        of x_client apps.
        * Added dmidecode policy from Ivan Gyurdiev.

1.23.8 2005-04-05
        * Added netlink_kobject_uevent_socket class.
        * Removed empty files pump.te and pump.fc.
        * Added NetworkManager policy from Dan Walsh.
        * Merged Dan Walsh's major restructuring of Apache's policy.

1.23.7 2005-04-04
        * Merged David Hampton's amavis and clamav cleanups.
        * Added David Hampton's dcc, pyzor, and razor policy.
        
1.23.6 2005-04-01
        * Merged cleanup of the Makefile and other stuff from Dan Walsh.
        Dan's patch includes some desktop changes from Ivan Gyurdiev.
        * Merged Thomas Bleher's patches which increase the usage of
        lock_domain() and etc_domain(), changes var_lib_DOMAIN_t usage to
        DOMAIN_var_lib_t, and removes use of notdevfile_class_set where
        possible. 
        * Merged Greg Norris's cleanup of fetchmail.
        
1.23.5 2005-03-23
        * Added name_connect support from Dan Walsh.
        * Added httpd_unconfined_t from Dan Walsh.
        * Merged cleanup of assert.te to allow unresticted full access
        from Dan Walsh.
        
1.23.4 2005-03-21
        * Merged diffs from Dan Walsh:  
        * Cleanup of x_client_macro, tvtime, mozilla, and mplayer by Ivan 
        Gyurdiev.  
        * Added syslogng support to syslog.te.
        
1.23.3 2005-03-15
        * Added policy for nx_server from Thomas Bleher.
        * Added policies for clockspeed, daemontools, djbdns, ucspi-tcp, and
        publicfile from Petre Rodan.
        
1.23.2 2005-03-14
        * Merged diffs from Dan Walsh.  Dan's patch includes Ivan Gyurdiev's 
        gift policy.
        * Made sysadm_r the first role for root, so root's home will be labled 
        as sysadm_home_dir_t instead of staff_home_dir_t.
        * Modified fs_use and Makefile to reflect jfs now supporting security 
        xattrs.

1.23.1 2005-03-10
        * Merged diffs from Dan Walsh.  Dan's patch includes Ivan
        Gyurdiev's cleanup of homedir macros and more extensive use of
        read_sysctl()

1.22 2005-03-09
        * Updated version for release.

1.21 2005-02-24
        * Added secure_file_type attribute from Dan Walsh
        * Added access_terminal() macro from Ivan Gyurdiev
        * Updated capability access vector for audit capabilities.
        * Added mlsconvert Makefile target to help generate MLS policies
          (see selinux-doc/README.MLS for instructions).
        * Changed policy Makefile to still generate policy.18 as well,
          and use it for make load if the kernel doesn't support 19.
        * Merged enhanced MLS support from Darrel Goeddel (TCS).
        * Merged diffs from Dan Walsh, Russell Coker, and Greg Norris.
        * Merged man pages from Dan Walsh.
        
1.20 2005-01-04
        * Merged diffs from Dan Walsh, Russell Coker, Thomas Bleher, and
        Petre Rodan.
        * Merged can_create() macro used for file_type_{,auto_}trans()
        from Thomas Bleher.
        * Merged dante and stunnel policy by Petre Rodan.
        * Merged $1_file_type attribute from Thomas Bleher.
        * Merged network_macros from Dan Walsh.

1.18 2004-10-25
        * Merged diffs from Russell Coker and Dan Walsh.
        * Merged mkflask and mkaccess_vector patches from Ulrich Drepper.
        * Added reserved_port_t type and portcon entries to map all other
          reserved ports to this type.
        * Added distro_ prefix to distro tunables to avoid conflicts.
        * Merged diffs from Russell Coker.

1.16 2004-08-16
        * Added nscd definitions.
        * Converted many tunables to policy booleans.
        * Added crontab permission.
        * Merged diffs from Dan Walsh.
          This included diffs from Thomas Bleher, Russell Coker, and Colin Walters as well.
        * Merged diffs from Russell Coker.
        * Adjusted constraints for crond restart.
        * Merged dbus/userspace object manager policy from Colin Walters.
        * Merged dbus definitions from Matthew Rickard.
        * Merged dnsmasq policy from Greg Norris.
        * Merged gpg-agent policy from Thomas Bleher.

1.14 2004-06-28
        * Removed vmware-config.pl from vmware.fc.
        * Added crond entry to root_default_contexts.
        * Merged patch from Dan Walsh.
        * Merged mdadm and postfix changes from Colin Walters.
        * Merged reiserfs and rpm changes from Russell Coker.
        * Merged runaway .* glob fix from Valdis Kletnieks.
        * Merged diff from Dan Walsh.
        * Merged fine-grained netlink classes and permissions.
        * Merged changes for new /etc/selinux layout. 
        * Changed mkaccess_vector.sh to provide stable order.
        * Merged diff from Dan Walsh.
        * Fix restorecon path in restorecon.fc.
        * Merged pax class and access vector definition from Joshua Brindle.

1.12 2004-05-12
        * Added targeted policy.
        * Merged atd/at into crond/crontab domains.
        * Exclude bind mounts from relabeling to avoid aliasing.
        * Removed some obsolete types and remapped their initial SIDs to unlabeled.
        * Added SE-X related security classes and policy framework.
        * Added devnull initial SID and context.
        * Merged diffs from Fedora policy.

1.10 2004-04-07
        * Merged ipv6 support from James Morris of RedHat.
        * Merged policy diffs from Dan Walsh.
        * Updated call to genhomedircon to reflect new usage.
        * Merged policy diffs from Dan Walsh and Russell Coker.
        * Removed config-users and config-services per Dan's request.

1.8 2004-03-09
        * Merged genhomedircon patch from Karl MacMillan of Tresys.
        * Added restorecon domain.
        * Added unconfined_domain macro.
        * Added default_t for /.* file_contexts entry and replaced some
          uses of file_t with default_t in the policy. 
        * Added su_restricted_domain() macro and use it for initrc_t.
        * Merged policy diffs from Dan Walsh and Russell Coker.
          These included a merge of an earlier patch by Chris PeBenito
          to rename the etc types to be consistent with other types.

1.6 2004-02-18
        * Merged xfs support from Chris PeBenito.
        * Merged conditional rules for ping.te.
        * Defined setbool permission, added can_setbool macro.
        * Partial network policy cleanup.
        * Merged with Russell Coker's policy.
        * Renamed netscape macro and domain to mozilla  and renamed
          ipchains domain to iptables for consistency with Russell.
        * Merged rhgb macro and domain from Russell Coker.
        * Merged tunable.te from Russell Coker. 
          Only define direct_sysadm_daemon by default in our copy.  
        * Added rootok permission to passwd class.
        * Merged Makefile change from Dan Walsh to generate /home 
          file_contexts entries for staff users.
        * Added automatic role and domain transitions for init scripts and
          daemons.  Added an optional third argument (nosysadm) to 
          daemon_domain to omit the direct transition from sysadm_r when
          the same executable is also used as an application, in which
          case the daemon must be restarted via the init script to obtain
          the proper security context.  Added system_r to the authorized roles
          for admin users at least until support for automatic user identity
          transitions exist so that a transition to system_u can be provided
          transparently.
        * Added support to su domain for using pam_selinux. 
          Added entries to default_contexts for the su domains to 
          provide reasonable defaults.  Removed user_su_t.
        * Tighten restriction on user identity and role transitions in constraints.
        * Merged macro for newrole-like domains from Russell Coker.
        * Merged stub dbusd domain from Russell Coker.
        * Merged stub prelink domain from Dan Walsh.
        * Merged updated userhelper and config tool domains from Dan Walsh.
        * Added send_msg/recv_msg permissions to can_network macro.
        * Merged patch by Chris PeBenito for sshd subsystems.
        * Merged patch by Chris PeBenito for passing class to var_run_domain.
        * Merged patch by Yuichi Nakamura for append_log_domain macros.
        * Merged patch by Chris PeBenito for rpc_pipefs labeling.
        * Merged patch by Colin Walters to apply m4 once so that
          source file info is preserved for checkpolicy.

1.4 2003-12-01
        * Merged patches from Russell Coker.
        * Revised networking permissions.
        * Added new node_bind permission. 
        * Added new siginh, rlimitinh, and setrlimit permissions.
        * Added proc_t:file read permission for new is_selinux_enabled logic.
        * Added failsafe_context configuration file to appconfig.
        * Moved newrules.pl to policycoreutils, renamed to audit2allow.
        * Merged newrules.pl patch from Yuichi Nakamura.

1.2 2003-09-30
        * More policy merging with Russell Coker.
        * Transferred newrules.pl script from the old SELinux. 
        * Merged MLS configuration patch from Karl MacMillan of Tresys.
        * Limit staff_t to reading /proc entries for unpriv_userdomain.
        * Updated Makefile and spec file to allow non-root builds,
          based on patch by Paul Nasrat.

1.1 2003-08-13
        * Merged Makefile check-all and te-includes patches from Colin Walters.
        * Merged x-debian-packages.patch from Colin Walters.
        * Folded read permission into domain_trans.

1.0 2003-07-11
        * Initial public release.