Changelog

Revision 2878, 23.7 kB (checked in by cpebenito, 5 days ago)
trunk: Xserver MLS fix from Eamon Walsh.

Line
1	- Xserver MLS fix from Eamon Walsh.
2	- Add omapi port for dhcpcd.
3	- Deprecate per-role templates and rolemap support.
4	- Implement user-based access control for use as role separations.
5	- Move shared library calls from individual modules to the domain module.
6	- Enable open permission checks policy capability.
7	- Remove hierarchy from portage module as it is not a good example of
8	hieararchy.
9	- Remove enableaudit target from modular build as semodule -DB supplants it.
10
11	* Tue Oct 14 2008 Chris PeBenito <selinux@tresys.com> - 20081014
12	- Debian update for NetworkManager/wpa_supplicant from Martin Orr.
13	- Logrotate and Bind updates from Vaclav Ovsik.
14	- Init script file and domain support.
15	- Glibc 2.7 fix from Vaclav Ovsik.
16	- Samba/winbind update from Mike Edenfield.
17	- Policy size optimization with a non-security file attribute from James
18	Carter.
19	- Database labeled networking update from KaiGai Kohei.
20	- Several misc changes from the Fedora policy, cherry picked by David
21	Hardeman.
22	- Large whitespace fix from Dominick Grift.
23	- Pam_mount fix for local login from Stefan Schulze Frielinghaus.
24	- Issuing commands to upstart is over a datagram socket, not the initctl
25	named pipe. Updated init_telinit() to match.
26	- Added modules:
27	cyphesis (Dan Walsh)
28	memcached (Dan Walsh)
29	oident (Dominick Grift)
30	w3c (Dan Walsh)
31
32	* Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
33	- Fix httpd_enable_homedirs to actually provide the access it is supposed to
34	provide.
35	- Add unused interface/template parameter metadata in XML.
36	- Patch to handle postfix data_directory from Vaclav Ovsik.
37	- SE-Postgresql policy from KaiGai Kohei.
38	- Patch for X.org dbus support from Martin Orr.
39	- Patch for labeled networking controls in 2.6.25 from Paul Moore.
40	- Module loading now requires setsched on kernel threads.
41	- Patch to allow gpg agent --write-env-file option from Vaclav Ovsik.
42	- X application data class from Eamon Walsh and Ted Toth.
43	- Move user roles into individual modules.
44	- Make hald_log_t a log file.
45	- Cryptsetup runs shell scripts. Patch from Martin Orr.
46	- Add file for enabling policy capabilities.
47	- Patch to fix leaky interface/template call depth calculator from Vaclav
48	Ovsik.
49	- Added modules:
50	kerneloops (Dan Walsh)
51	kismet (Dan Walsh)
52	podsleuth (Dan Walsh)
53	prelude (Dan Walsh)
54	qemu (Dan Walsh)
55	virt (Dan Walsh)
56
57	* Wed Apr 02 2008 Chris PeBenito <selinux@tresys.com> - 20080402
58	- Add core Security Enhanced X Windows support.
59	- Fix winbind socket connection interface for default location of the
60	sock_file.
61	- Add wireshark module based on ethereal module.
62	- Revise upstart support in init module to use a tunable, as upstart is now
63	used in Fedora too.
64	- Add iferror.m4 rather generate it out of the Makefiles.
65	- Definitions for open permisson on file and similar objects from Eric
66	Paris.
67	- Apt updates for ptys and logs, from Martin Orr.
68	- RPC update from Vaclav Ovsik.
69	- Exim updates on Debian from Devin Carrawy.
70	- Pam and samba updates from Stefan Schulze Frielinghaus.
71	- Backup update on Debian from Vaclav Ovsik.
72	- Cracklib update on Debian from Vaclav Ovsik.
73	- Label /proc/kallsyms with system_map_t.
74	- 64-bit capabilities from Stephen Smalley.
75	- Labeled networking peer object class updates.
76
77	* Fri Dec 14 2007 Chris PeBenito <selinux@tresys.com> - 20071214
78	- Patch for debian logrotate to handle syslogd-listfiles, from Vaclav Ovsik.
79	- Improve several tunables descriptions from Dan Walsh.
80	- Patch to clean up ns switch usage in the policy from Dan Walsh.
81	- More complete labeled networking infrastructure from KaiGai Kohei.
82	- Add interface for libselinux constructor, for libselinux-linked
83	SELinux-enabled programs.
84	- Patch to restructure user role templates to create restricted user roles
85	from Dan Walsh.
86	- Russian man page translations from Andrey Markelov.
87	- Remove unused types from dbus.
88	- Add infrastructure for managing all user web content.
89	- Deprecate some old file and dir permission set macros in favor of the
90	newer, more consistently-named macros.
91	- Patch to clean up unescaped periods in several file context entries from
92	Jan-Frode Myklebust.
93	- Merge shlib_t into lib_t.
94	- Merge strict and targeted policies. The policy will now behave like the
95	strict policy if the unconfined module is not present. If it is, it will
96	behave like the targeted policy. Added an unconfined role to have a mix
97	of confined and unconfined users.
98	- Added modules:
99	exim (Dan Walsh)
100	postfixpolicyd (Jan-Frode Myklebust)
101
102	* Fri Sep 28 2007 Chris PeBenito <selinux@tresys.com> - 20070928
103	- Add support for setting the unknown permissions handling.
104	- Fix XML building for external reference builds and headers builds.
105	- Patch to add missing requirements in userdomain interfaces from Shintaro
106	Fujiwara.
107	- Add tcpd_wrapped_domain() for services that use tcp wrappers.
108	- Update MLS constraints from LSPP evaluated policy.
109	- Allow initrc_t file descriptors to be inherited regardless of MLS level.
110	Accordingly drop MLS permissions from daemons that inherit from any level.
111	- Files and radvd updates from Stefan Schulze Frielinghaus.
112	- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
113	mls_write_all_levels() and mls_read_all_levels(), for consistency.
114	- Add make kernel and init ranged interfaces pass the range transition MLS
115	constraints. Also remove calls to mls_rangetrans_target() in modules that use
116	the kernel and init interfaces, since its redundant.
117	- Add interfaces for all MLS attributes except X object classes.
118	- Require all sensitivities and categories for MLS and MCS policies, not just
119	the low and high sensitivity and category.
120	- Database userspace object manager classes from KaiGai Kohei.
121	- Add third-party interface for Apache CGI.
122	- Add getserv and shmemserv nscd permissions.
123	- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
124	- Added modules:
125	application
126	awstats (Stefan Schulze Frielinghaus)
127	bitlbee (Devin Carraway)
128	brctl (Dan Walsh)
129
130	* Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
131	- Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
132	libraries module.
133	- Unified labeled networking policy from Paul Moore.
134	- Use netmsg initial SID for MLS-only Netlabel packets, from Paul Moore.
135	- Xen updates from Dan Walsh.
136	- Filesystem updates from Dan Walsh.
137	- Large samba update from Dan Walsh.
138	- Drop snmpd_etc_t.
139	- Confine sendmail and logrotate on targeted.
140	- Tunable connection to postgresql for users from KaiGai Kohei.
141	- Memprotect support patch from Stephen Smalley.
142	- Add logging_send_audit_msgs() interface and deprecate
143	send_audit_msgs_pattern().
144	- Openct updates patch from Dan Walsh.
145	- Merge restorecon into setfiles.
146	- Patch to begin separating out hald helper programs from Dan Walsh.
147	- Fixes for squid, dovecot, and snmp from Dan Walsh.
148	- Miscellaneous consolekit fixes from Dan Walsh.
149	- Patch to have avahi use the nsswitch interface rather than individual
150	permissions from Dan Walsh.
151	- Patch to dontaudit logrotate searching avahi pid directory from Dan Walsh.
152	- Patch to allow insmod to mount kvmfs and dontaudit rw unconfined_t pipes
153	to handle usage from userhelper from Dan Walsh.
154	- Patch to allow amavis to read spamassassin libraries from Dan Walsh.
155	- Patch to allow slocate to getattr other filesystems and directories on those
156	filesystems from Dan Walsh.
157	- Fixes for RHEL4 from the CLIP project.
158	- Replace the old lrrd fc entries with munin ones.
159	- Move program admin template usage out of userdom_admin_user_template() to
160	sysadm policy in userdomain.te to fix usage of the template for third
161	parties.
162	- Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
163	template instead of an interface.
164	- Added modules:
165	amtu (Dan Walsh)
166	apcupsd (Dan Walsh)
167	rpcbind (Dan Walsh)
168	rwho (Nalin Dahyabhai)
169
170	* Tue Apr 17 2007 Chris PeBenito <selinux@tresys.com> - 20070417
171	- Patch for sasl's use of kerberos from Dan Walsh.
172	- Patches to confine ldconfig, udev, and insmod in the targeted policy from Dan Walsh.
173	- Man page updates from Dan Walsh.
174	- Two patches from Paul Moore to for ipsec to remove redundant rules and
175	have setkey read the config file.
176	- Move booleans and tunables to modules when it is only used in a single
177	module.
178	- Add support for tunables and booleans local to a module.
179	- Merge sbin_t and ls_exec_t into bin_t.
180	- Remove disable_trans booleans.
181	- Output different header sets for kernel and userland from flask headers.
182	- Marked the pax class as deprecated, changed it to userland so
183	it will be removed from the kernel.
184	- Stop including netfilter contexts by default.
185	- Add dontaudits for init fds and console to init_daemon_domain().
186	- Patch to allow gpg to create user keys dir.
187	- Patch to support kvmfs from Dan Walsh.
188	- Patch for misc fixes in sudo from Dan Walsh.
189	- Patch to fix netlabel recvfrom MLS constraint from Paul Moore.
190	- Patch for handling restart of nscd when ran from useradd, groupadd, and
191	admin passwd, from Dan Walsh.
192	- Patch for procmail, spamassassin, and pyzor updates from Dan Walsh.
193	- Patch for setroubleshoot for validating file contexts from Dan Walsh.
194	- Patch for gssd fixes from Dan Walsh.
195	- Patch for lvm fixes from Dan Walsh.
196	- Patch for ricci fixes from Dan Walsh.
197	- Patch for postfix lmtp labeling and pickup rule fix from Dan Walsh.
198	- Patch for kerberized telnet fixes from Dan Walsh.
199	- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
200	- Patch for an additional wine executable from Dan Walsh.
201	- Eight patches for file contexts in games, wine, networkmanager, miscfiles,
202	corecommands, devices, and java from Dan Walsh.
203	- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
204	- Patch for misc fixes to bluetooth from Dan Walsh.
205	- Patch for misc fixes to kerberos from Dan Walsh.
206	- Patch to start deprecating usercanread attribute from Ryan Bradetich.
207	- Add dccp_socket object class which was added in kernel 2.6.20.
208	- Patch for prelink relabefrom it's temp files from Dan Walsh.
209	- Patch for capability fix for auditd and networking fix for syslogd from
210	Dan Walsh.
211	- Patch to remove redundant mls_trusted_object() call from Dan Walsh.
212	- Patch for misc fixes to nis ypxfr policy from Dan Walsh.
213	- Patch to allow apmd to telinit from Dan Walsh.
214	- Patch for additional labeling of samba files from Stefan Schulze
215	Frielinghaus.
216	- Patch to remove incorrect cron labeling in apache.fc from Ryan Bradetich.
217	- Fix ptys and ttys to be device nodes.
218	- Fix explicit use of httpd_t in openca_domtrans().
219	- Clean up file context regexes in apache and java, from Eamon Walsh.
220	- Patches from Dan Walsh:
221	Thu, 25 Jan 2007
222	- Added modules:
223	consolekit (Dan Walsh)
224	fail2ban (Dan Walsh)
225	zabbix (Dan Walsh)
226
227	* Tue Dec 12 2006 Chris PeBenito <selinux@tresys.com> - 20061212
228	- Add policy patterns support macros. This changes the behavior of
229	the create_dir_perms and create_file_perms permission sets.
230	- Association polmatch MLS constraint making unlabeled_t an exception
231	is no longer needed, patch from Venkat Yekkirala.
232	- Context contains checking for PAM and cron from James Antill.
233	- Add a reload target to Modules.devel and change the load
234	target to only insert modules that were changed.
235	- Allow semanage to read from /root on strict non-MLS for
236	local policy modules.
237	- Gentoo init script fixes for udev.
238	- Allow udev to read kernel modules.inputmap.
239	- Dnsmasq fixes from testing.
240	- Allow kernel NFS server to getattr filesystems so df can work
241	on clients.
242	- Patch from Matt Anderson for a MLS constraint exemption on a
243	file that can be written to from a subject whose range is
244	within the object's range.
245	- Enhanced setransd support from Darrel Goeddel.
246	- Patches from Dan Walsh:
247	Tue, 24 Oct 2006
248	Wed, 29 Nov 2006
249	- Added modules:
250	aide (Matt Anderson)
251	ccs (Dan Walsh)
252	iscsi (Dan Walsh)
253	ricci (Dan Walsh)
254
255	* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018
256	- Patch from Russell Coker Thu, 5 Oct 2006
257	- Move range transitions to modules.
258	- Make number of MLS sensitivities, and number of MLS and MCS
259	categories configurable as build options.
260	- Add role infrastructure.
261	- Debian updates from Erich Schubert.
262	- Add nscd_socket_use() to auth_use_nsswitch().
263	- Remove old selopt rules.
264	- Full support for netfilter_contexts.
265	- MRTG patch for daemon operation from Stefan.
266	- Add authlogin interface to abstract common access for login programs.
267	- Remove setbool auditallow, except for RHEL4.
268	- Change eventpollfs to task SID labeling.
269	- Add key support from Michael LeMay.
270	- Add ftpdctl domain to ftp, from Paul Howarth.
271	- Fix build system to not move type declarations out of optionals.
272	- Add gcc-config domain to portage.
273	- Add packet object class and support in corenetwork.
274	- Add a copy of genhomedircon for monolithic policy building, so that a
275	policycoreutils package update is not required for RHEL4 systems.
276	- Add appletalk sockets for use in cups.
277	- Add Make target to validate module linking.
278	- Make duplicate template and interface declarations a fatal error.
279	- Patch to stabilize modules.conf `make conf` output, from Erich Schubert.
280	- Move xconsole_device_t from devices to xserver since it is
281	not actually a device, it is a named pipe.
282	- Handle nonexistant .fc and .if files in devel Makefile by
283	automatically creating empty files.
284	- Remove unused devfs_control_t.
285	- Add rhel4 distro, which also implies redhat distro.
286	- Remove unneeded range_transition for su_exec_t and move the
287	type declaration back to the su module.
288	- Constrain transitions in MCS so unconfined_t cannot have
289	arbitrary category sets.
290	- Change reiserfs from xattr filesystem to genfscon as it's xattrs
291	are currently nonfunctional.
292	- Change files and filesystem modules to use their own interfaces.
293	- Add user fonts to xserver.
294	- Additional interfaces in corecommands, miscfiles, and userdomain
295	from Joy Latten.
296	- Miscellaneous fixes from Thomas Bleher.
297	- Deprecate module name as first parameter of optional_policy()
298	now that optionals are allowed everywhere.
299	- Enable optional blocks in base module and monolithic policy.
300	This requires checkpolicy 1.30.1.
301	- Fix vpn module declaration.
302	- Numerous fixes from Dan Walsh.
303	- Change build order to preserve m4 line number information so policy
304	compile errors are useful again.
305	- Additional MLS interfaces from Chad Hanson.
306	- Move some rules out of domain_type() and domain_base_type()
307	to the TE file, to use the domain attribute to take advantage
308	of space savings from attribute use.
309	- Add global stack smashing protector rule for urandom access from
310	Petre Rodan.
311	- Fix temporary rules at the bottom of portmap.
312	- Updated comments in mls file from Chad Hanson.
313	- Patches from Dan Walsh:
314	Fri, 17 Mar 2006
315	Wed, 29 Mar 2006
316	Tue, 11 Apr 2006
317	Fri, 14 Apr 2006
318	Tue, 18 Apr 2006
319	Thu, 20 Apr 2006
320	Tue, 02 May 2006
321	Mon, 15 May 2006
322	Thu, 18 May 2006
323	Tue, 06 Jun 2006
324	Mon, 12 Jun 2006
325	Tue, 20 Jun 2006
326	Wed, 26 Jul 2006
327	Wed, 23 Aug 2006
328	Thu, 31 Aug 2006
329	Fri, 01 Sep 2006
330	Tue, 05 Sep 2006
331	Wed, 20 Sep 2006
332	Fri, 22 Sep 2006
333	Mon, 25 Sep 2006
334	- Added modules:
335	afs
336	amavis (Erich Schubert)
337	apt (Erich Schubert)
338	asterisk
339	audioentropy
340	authbind
341	backup
342	calamaris
343	cipe
344	clamav (Erich Schubert)
345	clockspeed (Petre Rodan)
346	courier
347	dante
348	dcc
349	ddclient
350	dpkg (Erich Schubert)
351	dnsmasq
352	ethereal
353	evolution
354	games
355	gatekeeper
356	gift
357	gnome (James Carter)
358	imaze
359	ircd
360	jabber
361	monop
362	mozilla
363	mplayer
364	munin
365	nagios
366	nessus
367	netlabel (Paul Moore)
368	nsd
369	ntop
370	nx
371	oav
372	oddjob (Dan Walsh)
373	openca
374	openvpn (Petre Rodan)
375	perdition
376	portslave
377	postgrey
378	pxe
379	pyzor (Dan Walsh)
380	qmail (Petre Rodan)
381	razor
382	resmgr
383	rhgb
384	rssh
385	snort
386	soundserver
387	speedtouch
388	sxid
389	thunderbird
390	tor (Erich Schubert)
391	transproxy
392	tripwire
393	uptime
394	uwimap
395	vmware
396	watchdog
397	xen (Dan Walsh)
398	xprint
399	yam
400
401	* Tue Mar 07 2006 Chris PeBenito <selinux@tresys.com> - 20060307
402	- Make all interface parameters required.
403	- Move boot_t, system_map_t, and modules_object_t to files module,
404	and move bootloader to admin layer.
405	- Add semanage policy for semodule from Dan Walsh.
406	- Remove allow_execmem from targeted policy domain_base_type().
407	- Add users_extra and seusers support.
408	- Postfix fixes from Serge Hallyn.
409	- Run python and shell directly to interpret scripts so policy
410	sources need not be executable.
411	- Add desc tag XML to booleans and tunables, and add summary
412	to param XML tag, to make future translations possible.
413	- Remove unused lvm_vg_t.
414	- Many interface renames to improve naming consistency.
415	- Merge xdm into xserver.
416	- Remove kernel module reversed interfaces.
417	- Add filename attribute to module XML tag and lineno attribute to
418	interface XML tag.
419	- Changed QUIET build option to a yes or no option.
420	- Add a Makefile used for compiling loadable modules in a
421	user's development environment, building against policy headers.
422	- Add Make target for installing policy headers.
423	- Separate per-userdomain template expansion from the userdomain
424	module and add infrastructure to expand templates in the modules
425	that own the template.
426	- Enable secadm only for MLS policies.
427	- Remove role change rules in su and sudo since this functionality has been
428	removed from these programs.
429	- Add ctags Make target from Thomas Bleher.
430	- Collapse commands with grep piped to sed into one sed command.
431	- Fix type_change bug in term_user_pty().
432	- Move ice_tmp_t from miscfiles to xserver.
433	- Login fixes from Serge Hallyn.
434	- Move xserver_log_t from xdm to xserver.
435	- Add lpr per-userdomain policy to lpd.
436	- Miscellaneous fixes from Dan Walsh.
437	- Change initrc_var_run_t interface noun from script_pid to utmp,
438	for greater clarity.
439	- Added modules:
440	certwatch
441	mono (Dan Walsh)
442	mrtg
443	portage
444	tvtime
445	userhelper
446	usernetctl
447	wine (Dan Walsh)
448	xserver
449
450	* Tue Jan 17 2006 Chris PeBenito <selinux@tresys.com> - 20060117
451	- Adds support for generating corenetwork interfaces based on attributes
452	in addition to types.
453	- Permits the listing of multiple nodes in a network_node() that will be
454	given the same type.
455	- Add two new permission sets for stream sockets.
456	- Rename file type transition interfaces verb from create to
457	filetrans to differentiate it from create interfaces without
458	type transitions.
459	- Fix expansion of interfaces from disabled modules.
460	- Rsync can be long running from init,
461	added rules to allow this.
462	- Add polyinstantiation build option.
463	- Add setcontext to the association object class.
464	- Add apache relay and db connect tunables.
465	- Rename texrel_shlib_t to textrel_shlib_t.
466	- Add swat to samba module.
467	- Numerous miscellaneous fixes from Dan Walsh.
468	- Added modules:
469	alsa
470	automount
471	cdrecord
472	daemontools (Petre Rodan)
473	ddcprobe
474	djbdns (Petre Rodan)
475	fetchmail
476	irc
477	java
478	lockdev
479	logwatch (Dan Walsh)
480	openct
481	prelink (Dan Walsh)
482	publicfile (Petre Rodan)
483	readahead
484	roundup
485	screen
486	slocate (Dan Walsh)
487	slrnpull
488	smartmon
489	sysstat
490	ucspitcp (Petre Rodan)
491	usbmodules
492	vbetool (Dan Walsh)
493
494	* Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
495	- Add unlabeled IPSEC association rule to domains with
496	networking permissions.
497	- Merge systemuser back in to users, as these files
498	do not need to be split.
499	- Add check for duplicate interface/template definitions.
500	- Move domain, files, and corecommands modules to kernel
501	layer to resolve some layering inconsistencies.
502	- Move policy build options out of Makefile into build.conf.
503	- Add yppasswd to nis module.
504	- Change optional_policy() to refer to the module name
505	rather than modulename.te.
506	- Fix labeling targets to use installed file_contexts rather
507	than partial file_contexts in the policy source directory.
508	- Fix build process to use make's internal vpath functions
509	to detect modules rather than using subshells and find.
510	- Add install target for modular policy.
511	- Add load target for modular policy.
512	- Add appconfig dependency to the load target.
513	- Miscellaneous fixes from Dan Walsh.
514	- Fix corenetwork gen_context()'s to expand during the policy
515	build phase instead of during the generation phase.
516	- Added policies:
517	amanda
518	avahi
519	canna
520	cyrus
521	dbskk
522	dovecot
523	distcc
524	i18n_input
525	irqbalance
526	lpd
527	networkmanager
528	pegasus
529	postfix
530	procmail
531	radius
532	rdisc
533	rpc
534	spamassassin
535	timidity
536	xdm
537	xfs
538
539	* Wed Oct 19 2005 Chris PeBenito <selinux@tresys.com> - 20051019
540	- Many fixes to make loadable modules build.
541	- Add targets for sechecker.
542	- Updated to sedoctool to read bool files and tunable
543	files separately.
544	- Changed the xml tag of <boolean> to <bool> to be consistent
545	with gen_bool().
546	- Modified the implementation of segenxml to use regular
547	expressions.
548	- Rename context_template() to gen_context() to clarify
549	that its not a Reference Policy template, but a support
550	macro.
551	- Add disable_*_trans bool support for targeted policy.
552	- Add MLS module to handle MLS constraint exceptions,
553	such as reading up and writing down.
554	- Fix errors uncovered by sediff.
555	- Added policies:
556	anaconda
557	apache
558	apm
559	arpwatch
560	bluetooth
561	dmidecode
562	finger
563	ftp
564	kudzu
565	mailman
566	ppp
567	radvd
568	sasl
569	webalizer
570
571	* Thu Sep 22 2005 Chris PeBenito <selinux@tresys.com> - 20050922
572	- Make logrotate, sendmail, sshd, and rpm policies
573	unconfined in the targeted policy so no special
574	modules.conf is required.
575	- Add experimental MCS support.
576	- Add appconfig for MLS.
577	- Add equivalents for old can_resolve(), can_ldap(), and
578	can_portmap() to sysnetwork.
579	- Fix base module compile issues.
580	- Added policies:
581	cpucontrol
582	cvs
583	ktalk
584	portmap
585	postgresql
586	rlogin
587	samba
588	snmp
589	stunnel
590	telnet
591	tftp
592	uucp
593	vpn
594	zebra
595
596	* Wed Sep 07 2005 Chris PeBenito <selinux@tresys.com> - 20050907
597	- Fix errors uncovered by sediff.
598	- Doc tool will explicitly say a module does not have interfaces
599	or templates on the module page.
600	- Added policies:
601	comsat
602	dbus
603	dhcp
604	dictd
605	hal
606	inn
607	ntp
608	squid
609
610	* Fri Aug 26 2005 Chris PeBenito <selinux@tresys.com> - 20050826
611	- Add Makefile support for building loadable modules.
612	- Add genclassperms.py tool to add require blocks
613	for loadable modules.
614	- Change sedoctool to make required modules part of base
615	by default, otherwise make as modules, in modules.conf.
616	- Fix segenxml to handle modules with no interfaces.
617	- Rename ipsec connect interface for consistency.
618	- Add missing parts of unix stream socket connect interface
619	of ipsec.
620	- Rename inetd connect interface for consistency.
621	- Rename interface for purging contents of tmp, for clarity,
622	since it allows deletion of classes other than file.
623	- Misc. cleanups.
624	- Added policies:
625	acct
626	bind
627	firstboot
628	gpm
629	howl
630	ldap
631	loadkeys
632	mysql
633	privoxy
634	quota
635	rshd
636	rsync
637	su
638	sudo
639	tcpd
640	tmpreaper
641	updfstab
642
643	* Tue Aug 2 2005 Chris PeBenito <selinux@tresys.com> - 20050802
644	- Fix comparison bug in fc_sort.
645	- Fix handling of ordered and unordered HTML lists.
646	- Corenetwork now supports multiple network interfaces having the
647	same type.
648	- Doc tool now creates pages for global Booleans and global tunables.
649	- Doc tool now links directly to the interface/template in the
650	module page when it is selected in the interface/template index.
651	- Added support for layer summaries.
652	- Added policies:
653	ipsec
654	nscd
655	pcmcia
656	raid
657
658	* Thu Jul 7 2005 Chris PeBenito <selinux@tresys.com> - 20050707
659	- Changed xml to have modules encapsulated by layer tags, rather
660	than putting layer="foo" in the module tags. Also in the future
661	we can put a summary and description for each layer.
662	- Added tool to infer interface, module, and layer tags. This will
663	now list all interfaces, even if they are missing xml docs.
664	- Shortened xml tag names.
665	- Added macros to declare interfaces and templates.
666	- Added interface call trace.
667	- Updated all xml documentation for shorter and inferred tags.
668	- Doc tool now displays templates in the web pages.
669	- Doc tool retains the user's settings in modules.conf and
670	tunables.conf if the files already exist.
671	- Modules.conf behavior has been changed to be a list of all
672	available modules, and the user can specify if the module is
673	built as a loadable module, included in the monolithic policy,
674	or excluded.
675	- Added policies:
676	fstools (fsck, mkfs, swapon, etc. tools)
677	logrotate
678	inetd
679	kerberos
680	nis (ypbind and ypserv)
681	ssh (server, client, and agent)
682	unconfined
683	- Added infrastructure for targeted policy support, only missing
684	transition boolean support.
685
686	* Wed Jun 15 2005 Chris PeBenito <selinux@tresys.com> - 20050615
687	- Initial release

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format

* Generating other formats may take time.