|
|
 |
|
|
Changelog for selinux-policy-targeted-1.23.16-6.noarch.rpm :
Sat May 21 00:00:00 2005 Dan Walsh 1.23.16-6
- Add firstboot to targeted policy
Fri May 20 00:00:00 2005 Dan Walsh 1.23.16-5
- Fix slapd and cups for targeted policy
Thu May 19 00:00:00 2005 Dan Walsh 1.23.16-4
- Add anaconda back in
- Fix for nvidia
- Fixes for acpi
- Fix several \":file read\" -> \":file { getattr read }:
Tue May 17 00:00:00 2005 Dan Walsh 1.23.16-1
- Update from NSA
* Added rdisc policy from Russell Coker.
* Merged minor fix to named policy by Petre Rodan.
* Merged minor fixes to policy from Russell Coker for kudzu,
named, screen, setfiles, telnet, and xdm.
* Merged minor fix to Makefile from Russell Coker.
Fri May 13 00:00:00 2005 Dan Walsh 1.23.15-5
- Remove incorrect user_
*_t from te files
- Add secadmfile attribute
- Allow secadm to relabel secadmfile
- Add wine file_context
Thu May 12 00:00:00 2005 Dan Walsh 1.23.15-4
- Allow smbd to communicate with cups
- fix some net_conf contexts
- Add a bunch of / files file_context
Wed May 11 00:00:00 2005 Dan Walsh 1.23.15-3
- httpd_suexec_t needs to be able to read user_home_dir_t in targeted policy
Tue May 10 00:00:00 2005 Dan Walsh 1.23.15-2
- Add Russell Fixes. Add rdisc policy.
- Add some of Ivan\'s changes.
- remove syslog boolean
Sat May 7 00:00:00 2005 Dan Walsh 1.23.15-1
- Update from NSA
* Added tripwire and yam policy from David Hampton.
* Merged minor fixes to amavid and a clarification to the
httpdcontent attribute comments from David Hampton.
* Merged patch from Dan Walsh. Includes fixes for restorecon,
games, and postfix from Russell Coker. Adds support for debugfs.
Restores support for reiserfs. Allows udev to work with tmpfs_t
before /dev is labled. Removes transition from sysadm_t
(unconfined_t) to ifconfig_t for the targeted policy. Other minor
cleanups and fixes.
Fri May 6 00:00:00 2005 Dan Walsh 1.23.14-4
- Add debugfs
- Add Russell fixes for restorecon, games
- Turn off user_canbe_sysadm
Tue May 3 00:00:00 2005 Dan Walsh 1.23.14-2
- Allow all domains on ppc execmem priv, otherwise it crashes
Tue May 3 00:00:00 2005 Dan Walsh 1.23.14-1
- Update to latest from NSA
* Added afs policy from Andrew Reisse.
* Merged patch from Lorenzo Hernández García-Hierro which defines
execstack and execheap permissions. The patch excludes these
permissions from general_domain_access and updates the macros for
X, legacy binaries, users, and unconfined domains.
* Added nlmsg_relay permisison where netlink_audit_socket class is
used. Added nlmsg_readpriv permission to auditd_t and auditctl_t.
* Merged some minor cleanups from Russell Coker and David Hampton.
* Merged patch from Dan Walsh. Many changes made to allow
targeted policy to run closer to strict and now almost all of
non-userspace is protected via SELinux. Kernel is now in
unconfined_domain for targeted and runs as root:system_r:kernel_t.
Added transitionbool to daemon_sub_domain, mainly to turn off
httpd_suexec transitioning. Implemented web_client_domain
name_connect rules. Added yp support for cups. Now the real
hotplug, udev, initial_sid_contexts are used for the targeted
policy. Other minor cleanups and fixes. Auditd fixes by Paul
Moore.
Sat Apr 30 00:00:00 2005 Dan Walsh 1.23.13-8
- Fixes for consoletype, kudzu reading proc_t
- Add label /dev/adb
- Fixes for hal
Fri Apr 29 00:00:00 2005 Dan Walsh 1.23.13-6
- Allow hal to connect to self
- Fix turboprint/cups problem.
- Fixes fir i18n_input errors
Thu Apr 28 00:00:00 2005 Dan Walsh 1.23.13-4
- Update to fix smtp random device access
- Add i18n_input changes from Akira TAGOH
Wed Apr 27 00:00:00 2005 Dan Walsh 1.23.13-3
- Fix turboprint/cups integration
Tue Apr 26 00:00:00 2005 Dan Walsh 1.23.13-2
- Small fixes for targeted policy
- Add updfstab
Tue Apr 26 00:00:00 2005 Dan Walsh 1.23.13-1
- Update to latest from NSA
* Merged more changes from Dan Walsh to initrc_t for removal of
unconfined_domain.
* Merged Dan Walsh\'s split of auditd policy into auditd_t for the
audit daemon and auditctl_t for the autoctl program.
* Added use of name_connect to uncond_can_ypbind macro by Dan
Walsh.
* Merged other cleanup and fixes by Dan Walsh.
Mon Apr 25 00:00:00 2005 Dan Walsh 1.23.12-5
- Fix file_context conflicts for fsadm
- Add Russels patches
- Restore webalizer
- Add transitionbool for httpd_suexec
Sat Apr 23 00:00:00 2005 Dan Walsh 1.23.12-4
- Fix consoletype
- Add udev, hotplug, consoletype,restorecon to targeted
Fri Apr 22 00:00:00 2005 Dan Walsh 1.23.12-2
- Fix conflicting context files
Thu Apr 21 00:00:00 2005 Dan Walsh 1.23.12-1
- Fix dhcpc.te
- fix hostname.te for targeted domain
- Update from NSA
* Merged Dan Walsh\'s Netlink changes to handle new auditing pam
modules.
* Merged Dan Walsh\'s patch removing the sysadmfile attribute from
policy files to separate sysadm_t from secadm_t.
* Added CVS and uucpd policy from Dan Walsh.
* Cleanup by Dan Walsh to handle turning off unlimitedRC.
* Merged Russell Coker\'s fixes to ntpd, postgrey, and named
policy.
* Cleanup of chkpwd_domain and added permissions to su_domain
macro due to pam changes to support audit.
* Added nlmsg_relay and nlmsg_readpriv permissions to the
netlink_audit_socket class.
Wed Apr 20 00:00:00 2005 Dan Walsh 1.23.11-4
- Fix httpd_suexec_t to be able to creat log file
- Add auditctl_t
- Misc fixes
Sat Apr 16 00:00:00 2005 Dan Walsh 1.23.11-3
- Add additional amanda rules
- Fix prelink to privowner
- Fix udev startup
Fri Apr 15 00:00:00 2005 Dan Walsh 1.23.11-1
- Fix login programs handling of audit messages
- Update to latest from NSA
* Merged Dan Walsh\'s separation of the security manager and system
administrator.
* Removed screensaver.te as suggested by Thomas Bleher
* Cleanup of typealiases that are no longer used by Thomas Bleher.
* Cleanup of fc files and additional rules for SuSE by Thomas
Bleher.
* Merged changes to auditd and named policy by Russell Coker.
* Merged MLS change from Darrel Goeddel to support the policy
hierarchy patch.
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-6
- Add auditd policy to targeted
- Fix auditd policy
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-5
- Allow NetworkManager to communicate with hal in targeted_policy
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-4
- Add Russell compat.(fc, te) for switching from strict to targeted
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-3
- Fix Makefile to load policy before installing FC
- Fix patch
- Remove unlimited tunables from strict
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-1
- Add dbusd.te
- Fix adobe
Tue Apr 12 00:00:00 2005 Dan Walsh 1.23.9-2
- Add name_connect for Mozilla
- Add cvs and uucpd policy
- Many fixes for strict policy
Sat Apr 9 00:00:00 2005 Dan Walsh 1.23.9-1
- Create separate secadm_r/secadm_t domain
Thu Apr 7 00:00:00 2005 Dan Walsh 1.23.8-2
- Move to a later kernel version
- Update from NSA
* Merged diffs from Dan Walsh. Includes Ivan Gyurdiev\'s cleanup
of x_client apps.
* Added dmidecode policy from Ivan Gyurdiev.
Thu Apr 7 00:00:00 2005 Dan Walsh 1.23.8-1
- Update from NSA
* Added netlink_kobject_uevent_socket class.
* Removed empty files pump.te and pump.fc.
* Added NetworkManager policy from Dan Walsh.
* Merged Dan Walsh\'s major restructuring of Apache\'s policy.
Wed Apr 6 00:00:00 2005 Dan Walsh 1.23.6-4
- add NetworkManager and modutils
Tue Apr 5 00:00:00 2005 Dan Walsh 1.23.6-3
- Allow httpd to read content without builtin scripting turned on
- Remove policy.18
Tue Apr 5 00:00:00 2005 Dan Walsh 1.23.6-1
- Add boolean httpd_buildin_scripting
- Update to latest NSA Policy
* Merged cleanup of the Makefile and other stuff from Dan Walsh.
Dan\'s patch includes some desktop changes from Ivan Gyurdiev.
* Merged Thomas Bleher\'s patches which increase the usage of
lock_domain() and etc_domain(), changes var_lib_DOMAIN_t usage to
DOMAIN_var_lib_t, and removes use of notdevfile_class_set where
possible.
* Merged Greg Norris\'s cleanup of fetchmail.
Fri Apr 1 00:00:00 2005 Dan Walsh 1.23.5-3
- Redesign of apache_macros. Broken into apache_user_domain and apache_domain.
- Added fixes from Ivan
Wed Mar 23 23:00:00 2005 Dan Walsh 1.23.5-2
- Handle booleans.local
Wed Mar 23 23:00:00 2005 Dan Walsh 1.23.5-1
- Update to latest from NSA
Wed Mar 23 23:00:00 2005 Dan Walsh 1.23.4-4
- Allow named, nscd to log to /var/log directory
- Allow cups to create ptal_var_run_t files
Tue Mar 22 23:00:00 2005 Dan Walsh 1.23.4-3
- More tightening of name_connect
- Cleanups to httpd_unconfined_script_t
Mon Mar 21 23:00:00 2005 Dan Walsh 1.23.4-1
- Update from NSA
- Add logfile tmpfs_t associate privs
- Start adding name_connect code
- Add httpd_unconfined_script_t
Fri Mar 18 23:00:00 2005 Dan Walsh 1.23.3-2
- Allow cups/lpd to bind to a port
Thu Mar 17 23:00:00 2005 Dan Walsh 1.23.3-1
- Update from NSA
* Added policy for nx_server from Thomas Bleher.
* Added policies for clockspeed, daemontools, djbdns, ucspi-tcp, and
publicfile from Petre Rodan.
Tue Mar 15 23:00:00 2005 Dan Walsh 1.23.2-1
- Update from NSA
* Merged diffs from Dan Walsh. Dan\'s patch includes Ivan Gyurdiev\'s
gift policy.
* Made sysadm_r the first role for root, so root\'s home will be labled
as sysadm_home_dir_t instead of staff_home_dir_t.
* Modified fs_use and Makefile to reflect jfs now supporting security
xattrs.
Fri Mar 11 23:00:00 2005 Dan Walsh 1.23.1-1
- Update from NSA
- Fixes for fs_daemon
- Add gift from Ivan Gyurdiev
Thu Mar 10 23:00:00 2005 Dan Walsh 1.22.1-3
- Add consoletype.te
- Fix filecontext.homedirs handling
Thu Mar 10 23:00:00 2005 Dan Walsh 1.22.1-1
- Update to latest from NSA
- Dontaudit pam_timestamp calls to utmp
Wed Mar 9 23:00:00 2005 Dan Walsh 1.21.16-4
- Add in ifconfig and hostname to make dhcpc work
- Add dontaudit for some net_admin calls
- Add users directory to targeted
Wed Mar 9 23:00:00 2005 Dan Walsh 1.21.16-1
- Rebuild to fix bad policycoreutils
- fix ftpd_selinux man page
- Update to latest from NSA
Tue Mar 8 23:00:00 2005 Dan Walsh 1.21.15-8
- Add back in dhcpc.te to targeted
- remove java_domain
- Fix rpc_pipefs reg expression found by Eric Paris
- Fix sendmail
- Add ftpd_anon_rw_t
Mon Mar 7 23:00:00 2005 Dan Walsh 1.21.15-6
- Add many Ivan Gyurdiev cleanups
Wed Mar 2 23:00:00 2005 Dan Walsh 1.21.15-5
- Remove cyrus_r
Mon Feb 28 23:00:00 2005 Dan Walsh 1.21.15-4
- Add Ivans changes to cleanup writing to homedir
- Update strict policy changes
- Allow httpd_sys_script_t self: create_stream_socket_perms
Fri Feb 25 23:00:00 2005 Dan Walsh 1.21.15-3
- Add transitions to dhcpc
- Remove serviceusers
- Fixes for mta in targeted
Thu Feb 24 23:00:00 2005 Dan Walsh 1.21.15-1
- Update from NSA
Mon Feb 21 23:00:00 2005 Dan Walsh 1.21.14-2
- Lots of fix patches from Ivan
Thu Feb 17 23:00:00 2005 Dan Walsh 1.21.14-1
- Update from NSA
Mon Feb 14 23:00:00 2005 Dan Walsh 1.21.13-1
- Update from NSA
- Add bin_t, sbin_t, exec_type execmod privs for targeted policy
Mon Feb 14 23:00:00 2005 Dan Walsh 1.21.12-3
- Cleanup x_client_domain
- Add dontaudit net_admin for cups
Fri Feb 11 23:00:00 2005 Dan Walsh 1.21.12-2
- Allow unconfined_t to execmod on ld_so_t
Thu Feb 10 23:00:00 2005 Dan Walsh 1.21.12-1
- Use new gethomedircon
Wed Feb 9 23:00:00 2005 Dan Walsh 1.21.11-3
- Add additional texrel_shlib
Wed Feb 9 23:00:00 2005 Dan Walsh 1.21.11-1
- Eliminate lots of net_admin privs.
- Add privs to useradd to create homedir correctly
Wed Feb 9 23:00:00 2005 Dan Walsh 1.21.10-1
- Fix traceroute policy for nmap
- remove cap31 to prevent checkpolicy bug
Tue Feb 8 23:00:00 2005 Dan Walsh 1.21.9-1
- Update to latest from NSA
* Updated capability access vector for audit capabilities.
- Fix file_contexts spec
Mon Feb 7 23:00:00 2005 Dan Walsh 1.21.8-6
- Allow user apps to read event_device_t
Fri Feb 4 23:00:00 2005 Dan Walsh 1.21.8-5
- Add java plugin policy
Thu Feb 3 23:00:00 2005 Dan Walsh 1.21.8-4
- Fix postfix handling in targeted with dovecot.
- Stop transitioning to httpd_sys_script_t if httpd_disable_trans is set
Wed Feb 2 23:00:00 2005 Dan Walsh 1.21.8-2
- Allow syslogd to r_netlink_route
- Dontaudit samba access to $1_file_types
Tue Feb 1 23:00:00 2005 Dan Walsh 1.21.7-1
- Update to latest from NSA
* Add allow_execmem boolean
Tue Feb 1 23:00:00 2005 Dan Walsh 1.21.6-1
- Fix cron transiton rules for targeted policy
- Update to latest from NSA
* Update access vectors
Mon Jan 31 23:00:00 2005 Dan Walsh 1.21.5-5
- Allow apache to read certs files
- Add mplayer policy
Mon Jan 31 23:00:00 2005 Dan Walsh 1.21.5-3
- Change /u?dev to /dev
- Add Ivan\'s smbmount patch
Fri Jan 28 23:00:00 2005 Dan Walsh 1.21.5-2
- Update to latest from NSA
- Many fixes to spec file.
Thu Jan 27 23:00:00 2005 Dan Walsh 1.21.4-2
- Fix handling of local.users file
Thu Jan 27 23:00:00 2005 Dan Walsh 1.21.4-1
- Update from NSA
* Changed policy Makefile to still generate policy.18 as well,
and use it for make load if the kernel doesn\'t support 19.
* Merged enhanced MLS support from Darrel Goeddel (TCS).
Tue Jan 25 23:00:00 2005 Dan Walsh 1.21.3-6
- Added \"role system_r types system_crond_t;\" for targeted policy
- Dontaudit selinux_config_t from httpd
- Dontaudit writes to mips from httpd
- Change file_context on postgresql helper apps back to bin_t
- Add typealias for shlib_t to lib_t
Tue Jan 25 23:00:00 2005 Dan Walsh 1.21.3-4
- Add texrel_shlib_t for execmod libraries
- Add smbmount policy
Tue Jan 25 23:00:00 2005 Dan Walsh 1.21.3-3
- Fix crond to run in unconfined_domain on targeted policy
- Eliminate execmod from gpg
Mon Jan 24 23:00:00 2005 Dan Walsh 1.21.3-1
- Update from NSA
Thu Jan 20 23:00:00 2005 Dan Walsh 1.21.2-7
- Allow restorecon and setfiles to read default_context_t
Thu Jan 20 23:00:00 2005 Dan Walsh 1.21.2-6
- Remove crond alias to unconfined_t in targeted
Thu Jan 20 23:00:00 2005 Dan Walsh 1.21.2-5
- More Fixes for rlogind
Wed Jan 19 23:00:00 2005 Nalin Dahyabhai 1.21.2-4
- Add a default_context entry for the remote_login_t domain, for telnet
Wed Jan 19 23:00:00 2005 Dan Walsh 1.21.2-2
- Fixed policy for telnet and rlogin
Tue Jan 18 23:00:00 2005 Dan Walsh 1.21.2-1
- Update with latest from NSA
- Add Policy man pages
Wed Jan 12 23:00:00 2005 Dan Walsh 1.21.1-1
- Update to latest from NSA
- Add samba home dir rules
Tue Jan 11 23:00:00 2005 Dan Walsh 1.20.1-3
- Allow samba to manipulate samba_share_t lnk files
- add configurable_types
- Allow mozilla to exemem
- Add suck to innd.te
- Fix creation of posgresql and add can_ypbind
Fri Jan 7 23:00:00 2005 Dan Walsh 1.20.1-1
- Start using typeattribute
- Implement allow_samba_home_dirs
Wed Jan 5 23:00:00 2005 Dan Walsh 1.19-17-3
- change to require checkpolicy >= 1.19.2
- Change to use typeattribute
- Update list of booleans
- Update to latest from NSA
Tue Jan 4 23:00:00 2005 Dan Walsh 1.19-16-1
- Update to latest from NSA
Mon Jan 3 23:00:00 2005 Dan Walsh 1.19-15-14
- Have cups_config_t create files with the right context
- Allow all file_types to be associated with noexettr file systems
- Allow apache scripts to read fonts_t
- dontaudit squid trying to read /
- Allow httpd_suexec_t to read home directories
Tue Dec 28 23:00:00 2004 Dan Walsh 1.19-15-11
- Change sshd, xdm, crond, sendmail to run under different context
- in targeted policy
Tue Dec 28 23:00:00 2004 Dan Walsh 1.19-15-10
- Fix transition rules for initrc->unconfined_t
Mon Dec 27 23:00:00 2004 Dan Walsh 1.19-15-9
- Try to fix certain scripts to not transition to initrc_t
* sendmail, sshd, prefdm, crond
Mon Dec 27 23:00:00 2004 Dan Walsh 1.19-15-8
- Add Russell patches to udev, modutil
Thu Dec 23 23:00:00 2004 Dan Walsh 1.19-15-7
- Fix handling of udev.tdb
- Fix ntpd communications with winbind
Thu Dec 23 23:00:00 2004 Dan Walsh 1.19-15-6
- Stop running sendmail, sshd, cron in initrc domain in targeted
Wed Dec 22 23:00:00 2004 Dan Walsh 1.19-15-5
- Allow reading of udev_tdb_t directory
- Change /etc/init.d/sendmail to bin_t for targeted policy to make
- it to run unconfined.
Wed Dec 22 23:00:00 2004 Dan Walsh 1.19-15-3
- Add sendmail
Wed Dec 22 23:00:00 2004 Dan Walsh 1.19-15-2
- Remove transition rules for unconfined_t to domains, must run initrc scripts.
- Add init and initrc to targeted policy
Tue Dec 21 23:00:00 2004 Dan Walsh 1.19-15-1
- Update to latest from NSA
Mon Dec 20 23:00:00 2004 Dan Walsh 1.19-14-5
- Fix cups policy for targeted policy
Mon Dec 20 23:00:00 2004 Dan Walsh 1.19-14-4
- Allow windbind to create log files in samba.
- Fix ifdef dbusd for definition of dbus directory
- Allow system_mail to access urandom_device_t
Fri Dec 17 23:00:00 2004 Dan Walsh 1.19-14-3
- Fixes for ldconfig in targeted policy
Thu Dec 16 23:00:00 2004 Dan Walsh 1.19-14-2
- Changes to increase the number of daemons in targeted policy
Thu Dec 16 23:00:00 2004 Dan Walsh 1.19-14-1
- Update latest from NSA
Sat Dec 11 23:00:00 2004 Dan Walsh 1.19-13-1
- Update latest from NSA
Fri Dec 10 23:00:00 2004 Dan Walsh 1.19-12-2
- Add support for winbindd from nscd
Wed Dec 8 23:00:00 2004 Dan Walsh 1.19-12-1
- Update latest from NSA
- Add single_user_file_type tunable.
Wed Dec 8 23:00:00 2004 Dan Walsh 1.19-11-3
- Fix winbindd for samba
- Add some targeted_policy ifdefs.
Wed Dec 8 23:00:00 2004 Dan Walsh 1.19-11-2
- Many fixes caused by turning off unlimitedRC
Fri Dec 3 23:00:00 2004 Dan Walsh 1.19-11-1
- Merge with upstream
Thu Dec 2 23:00:00 2004 Dan Walsh 1.19-10-1
- Update to latest from NSA
- Fix tty devices from IBM Platforms
Thu Dec 2 23:00:00 2004 Dan Walsh 1.19-9-1
- Update to add execmem and execmod
Wed Dec 1 23:00:00 2004 Dan Walsh 1.19-8-4
- Allow boolloader to can_exec_any
Wed Dec 1 23:00:00 2004 Dan Walsh 1.19-8-3
- Add ipx support
- Fix portmap
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-8-2
- Make htdig work
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-8-1
- Cleanup several network_client calls
- Update from upstream
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-7-2
- Remove root_dir_type, fix hotplug
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-7-1
- Update to Upstream
Mon Nov 29 23:00:00 2004 Dan Walsh 1.19-6-1
- Update to Upstream
Wed Nov 24 23:00:00 2004 Dan Walsh 1.19-5-1
- Update to Upstream
- Convert to new network_macros.te
Tue Nov 23 23:00:00 2004 Dan Walsh 1.19-4-4
- Add proc_net for unconfined_t
Mon Nov 22 23:00:00 2004 Dan Walsh 1.19-4-3
- Fix location of selinuxenabled
Mon Nov 22 23:00:00 2004 Dan Walsh 1.19-4-2
- Add some rules to allow httpd_sys_content_t to access to httpdcontent if httpd_unified is set
o
* Sun Nov 21 2004 Dan Walsh 1.19-4-1
- Upgrade to match upstream
- Require policycoreutils
Fri Nov 19 23:00:00 2004 Dan Walsh 1.19-3-1
- Upgrade to upstream
- Add fixes for postgres and apache
Thu Nov 18 23:00:00 2004 Dan Walsh 1.19-2-1
- Upgrade to upstream
Wed Nov 17 23:00:00 2004 Dan Walsh 1.19-1-14
Add back in zebra
Wed Nov 17 23:00:00 2004 Dan Walsh 1.19-1-13
- don\'t transition from sysadm_t (unconfined_t) to system_mail_t when
executing sendmail in targeted policy
Wed Nov 17 23:00:00 2004 Dan Walsh 1.19-1-12
- Fixes for crond fifo file, httpd_unified, and cups
Tue Nov 16 23:00:00 2004 Dan Walsh 1.19-1-11
- Fixed for /dev/pmu and printconf
Tue Nov 16 23:00:00 2004 Dan Walsh 1.19-1-10
- Add boolean to allow httpd to communicate with tty
Sat Nov 13 23:00:00 2004 Dan Walsh 1.19-1-9
- Minor fixes
- Add postgresql.te to targeted
Fri Nov 12 23:00:00 2004 Dan Walsh 1.19-1-8
- tighten security on squirrelmail
Fri Nov 12 23:00:00 2004 Dan Walsh 1.19-1-7
- Fixes to get squirrelmail working in targeted policy
Thu Nov 11 23:00:00 2004 Dan Walsh 1.19-1-6
- Remove unwanted te files to make policy smaller
Thu Nov 11 23:00:00 2004 Dan Walsh 1.19-1-5
- Add allow_kerberos for targeted policy and fix ntpd for targetd
Wed Nov 10 23:00:00 2004 Dan Walsh 1.19-1-4
- Fix mysql.te
Wed Nov 10 23:00:00 2004 Dan Walsh 1.19-1-3
- Cleanup of Dovecot and squirrelmail
Wed Nov 10 23:00:00 2004 Dan Walsh 1.19-1-2
- Allow httpd to read bin_t lnk_files
Tue Nov 9 23:00:00 2004 Dan Walsh 1.19-1-1
- Update from NSA
Mon Nov 8 23:00:00 2004 Dan Walsh 1.18.2-4
- Add /dev/pmu and privoxy fixes
Mon Nov 8 23:00:00 2004 Dan Walsh 1.18.2-3
- Complete lockdev and test with mincom
Sat Nov 6 23:00:00 2004 Dan Walsh 1.18.2-2
- Add preliminary lockdev defs
Sat Nov 6 23:00:00 2004 Dan Walsh 1.18.2-1
- Allow gpg to read/write user homedir files
Sat Nov 6 23:00:00 2004 Dan Walsh 1.18.2-1
- Merge with upstream
- Allow users to read xdm pid files
- Allow sysadm_t to communicate with xdm fifo file.
Thu Nov 4 23:00:00 2004 Dan Walsh 1.18.1-3
- ooffice is crashing because it needs to getattr on a dri device.
Wed Nov 3 23:00:00 2004 Dan Walsh 1.18.1-2
- Eliminate single user domain
Tue Nov 2 23:00:00 2004 Dan Walsh 1.18.1-1
- Update from NSA
Tue Nov 2 23:00:00 2004 Dan Walsh 1.17.37-2
- Many fixes for tighter can_network policy and nscd_client_domain
Mon Nov 1 23:00:00 2004 Dan Walsh 1.17.37-1
- Merge with upstream
Sat Oct 30 00:00:00 2004 Dan Walsh 1.17.36-3
- Eliminate ability to read tmp_t lnk_files
Fri Oct 29 00:00:00 2004 Dan Walsh 1.17.36-2
- Add ability to specify port to can_tcp_network
Thu Oct 28 00:00:00 2004 Dan Walsh 1.17.36-1
- Break out can_network in to can_tcp_network and can_udp_network
- Add lots of nscd_client_domain
Wed Oct 27 00:00:00 2004 Dan Walsh 1.17.35-2
- Add russells patch for ntpdate
- Add Colins batch for dbus_macro
Wed Oct 27 00:00:00 2004 Dan Walsh 1.17.35-1
- New fixes for fowner in setfiles and restorecon
Tue Oct 26 00:00:00 2004 Dan Walsh 1.17.34-2
- Fix spec file
Tue Oct 26 00:00:00 2004 Dan Walsh 1.17.34-1
- Update to latest from NSA
Thu Oct 21 00:00:00 2004 Dan Walsh 1.17.33-2
- Add some squid fixes and add disable_games boolean
Wed Oct 20 00:00:00 2004 Dan Walsh 1.17.33-1
- Update to latest from NSA
- Add apache unified patch
Tue Oct 19 00:00:00 2004 Dan Walsh 1.17.32-2
- fixes for nscd
- Fixes for /var/run file contexts
Thu Oct 14 00:00:00 2004 Dan Walsh 1.17.32-1
- Latest from NSA
Thu Oct 14 00:00:00 2004 Dan Walsh 1.17.31-2
- Begin fixing bugs when turning off unlimitedinitrc
Thu Oct 14 00:00:00 2004 Dan Walsh 1.17.31-1
- Small fixes to cleanup reboot
- FTP RLOGIN RSH
- Update with NSA
Thu Oct 14 00:00:00 2004 Dan Walsh 1.17.30-3
- Small fixes to cleanup reboot
Wed Oct 13 00:00:00 2004 Dan Walsh 1.17.30-2
- Cleanup patch
- Add removable_t associate
Sun Oct 10 00:00:00 2004 Dan Walsh 1.17.30-1
- Upstream merge from NSA
- Add arpwatch.
- Turned on every service on machine and got multiple avc messages.
Sat Oct 9 00:00:00 2004 Dan Walsh 1.17.29-4
- Change allow_ypbind to be a boolean.
Fri Oct 8 00:00:00 2004 Dan Walsh 1.17.29-3
- Add reserved_port_type
Fri Oct 8 00:00:00 2004 Dan Walsh 1.17.29-2
- minor fixes
- Fix nfsd and ypbind
Fri Oct 8 00:00:00 2004 Dan Walsh 1.17.29-1
- Update for latest from NSA
Thu Oct 7 00:00:00 2004 Dan Walsh 1.17.28-2
- Add reiser fix
- allow syslog_t to access tmpfs_t for minilog
Thu Oct 7 00:00:00 2004 Dan Walsh 1.17.28-1
- Update from NSA
- Rearrange rpm.te file for targeted policy
Wed Oct 6 00:00:00 2004 Dan Walsh 1.17.27-1
- Update from NSA
Tue Oct 5 00:00:00 2004 Dan Walsh 1.17.26-3
- Fix inetd_child stuff.
Tue Oct 5 00:00:00 2004 Dan Walsh 1.17.26-2
- Cleanup sendmail policy.
Sat Oct 2 00:00:00 2004 Dan Walsh 1.17.26-1
- Update with NSA
Fri Oct 1 00:00:00 2004 Dan Walsh 1.17.25-1
- Update from NSA
- more inetd fixes, mozilla fixes
Fri Oct 1 00:00:00 2004 Dan Walsh 1.17.24-4
- Minor fixes
- Fix snmpd.te to allow creation of /var/net-snmp
Thu Sep 30 00:00:00 2004 Dan Walsh 1.17.24-3
- Add tvtime
Thu Sep 30 00:00:00 2004 Dan Walsh 1.17.24-2
- New fixes for comsat
- Add removable_context
Thu Sep 30 00:00:00 2004 Dan Walsh 1.17.24-1
- New location for mailman
- Update from NSA
- Fixes for ktalkd
Wed Sep 29 00:00:00 2004 Dan Walsh 1.17.23-2
- Add vpnc policy
Tue Sep 28 00:00:00 2004 Dan Walsh 1.17.23-1
- Add changes for homedir
- Update to latest from NSA
Tue Sep 28 00:00:00 2004 Dan Walsh 1.17.22-2
- added ktalkd and other patches form Russell
Tue Sep 28 00:00:00 2004 Dan Walsh 1.17.22-1
- Remove screensaver stuff
Sat Sep 25 00:00:00 2004 Dan Walsh 1.17.21-1
- Latest from NSA
- Added inetd_macros.te and swat, in.comcast, ktalkd, rsync policy
- Many fixes for strict policy
Fri Sep 24 00:00:00 2004 Dan Walsh 1.17.20-3
- Apply Russell\'s patch
Fri Sep 24 00:00:00 2004 Dan Walsh 1.17.20-2
- Change nfs tunables into booleans for reading exported file systems
Fri Sep 24 00:00:00 2004 Dan Walsh 1.17.20-1
- Update with NSA fixes.
Wed Sep 22 00:00:00 2004 Dan Walsh 1.17.19-2
- Many fixes for nscd
Wed Sep 22 00:00:00 2004 Dan Walsh 1.17.19-1
- Update to latest from NSA
Sat Sep 18 00:00:00 2004 Dan Walsh 1.17.18-3
- Add associate file_type nfs_t for mv command
Sat Sep 18 00:00:00 2004 Dan Walsh 1.17.18-2
- Change targeted policy to use devfs.
Fri Sep 17 00:00:00 2004 Dan Walsh 1.17.18-1
- Fix rhgb and console
Fri Sep 17 00:00:00 2004 Dan Walsh 1.17.17-3
- Allow nscd to read context files
Fri Sep 17 00:00:00 2004 Dan Walsh 1.17.17-2
- Add removable_t for all removable media
Fri Sep 17 00:00:00 2004 Dan Walsh 1.17.17-1
- Update from NSA
Thu Sep 16 00:00:00 2004 Dan Walsh 1.17.16-3
- add context for /lib/tls/i486
- Fix /etc/mozpluggerrc
Thu Sep 16 00:00:00 2004 Dan Walsh 1.17.16-2
- Cleanup patch
Thu Sep 16 00:00:00 2004 Dan Walsh 1.17.16-1
- Update to match NSA Policy
- Added proc_fs attributes
Wed Sep 15 00:00:00 2004 Dan Walsh 1.17.15-3
- More nscd fixes
Wed Sep 15 00:00:00 2004 Dan Walsh 1.17.15-2
- New changes for nscd in targeted policy. Small cleanup of can_ypbind
Wed Sep 15 00:00:00 2004 Dan Walsh 1.17.15-1
- Update from NSA
Sat Sep 11 00:00:00 2004 Dan Walsh 1.17.14-1
- Update from NSA
Sat Sep 11 00:00:00 2004 Dan Walsh 1.17.13-1
- Update from NSA
- Fixed for dbus
Fri Sep 10 00:00:00 2004 Dan Walsh 1.17.12-1
- Add media context file
- Add ncsd.te to targeted policy
Thu Sep 9 00:00:00 2004 Dan Walsh 1.17.11-2
- Many changes to get X and dbus to work with /dev on tmpfs
Thu Sep 9 00:00:00 2004 Dan Walsh 1.17.11-1
- Update from NSA
Wed Sep 8 00:00:00 2004 Dan Walsh 1.17.10-2
- Fix named file context and add dbus patch from Colin
- Fix udev and tmpfs boot problems
Sun Sep 5 00:00:00 2004 Dan Walsh 1.17.10-1
- Update from NSA
Fri Sep 3 00:00:00 2004 Dan Walsh 1.17.9-2
- Clean up patch
Fri Sep 3 00:00:00 2004 Dan Walsh 1.17.9-1
- Latest from NSA
- Merge in Russell Changes
Thu Sep 2 00:00:00 2004 Jeremy Katz - 1.17.8-2
- use underlying context for tmpfs
Wed Sep 1 00:00:00 2004 Dan Walsh 1.17.8-1
- Update from NSA
* Added reserved_port_t type and portcon entries to map all other
reserved ports to this type.
* Added distro_ prefix to distro tunables to avoid conflicts.
* Merged diffs from Russell Coker.
Tue Aug 31 00:00:00 2004 Dan Walsh 1.17.7-1
- Update with uli\'s fixes
Tue Aug 31 00:00:00 2004 Dan Walsh 1.17.6-1
- Update for NSA
- Add ssh policy fixes
Sat Aug 28 00:00:00 2004 Dan Walsh 1.17.5-2
- Fix spec file
Sat Aug 28 00:00:00 2004 Dan Walsh 1.17.5-1
- Update from NSA
- Add ftpd_is_daemon=1 boolean
Sat Aug 28 00:00:00 2004 Dan Walsh 1.17.4-5
- Fix patch and spec file
Fri Aug 27 00:00:00 2004 Dan Walsh 1.17.4-4
- Add cdrom check for makefile
- Add some patches from Russell
Thu Aug 26 00:00:00 2004 Dan Walsh 1.17.4-3
- Fix directory ownership
Thu Aug 26 00:00:00 2004 Dan Walsh 1.17.4-2
- Fix portmap name_bind to reserved_port_t
Thu Aug 26 00:00:00 2004 Dan Walsh 1.17.4-1
- More changes to make named work
- Added can_ypbind to several te files
Wed Aug 25 00:00:00 2004 Dan Walsh 1.17.3-2
- Russell Changes to Named
- Add unrestricted attribute
Wed Aug 25 00:00:00 2004 Dan Walsh 1.17.3-1
- Latest from NSA
- Portmap change
Tue Aug 24 00:00:00 2004 Dan Walsh 1.17.2-1
- Colin patch to check file_contexts
- Add rssh policy
- Latest from NSA
Mon Aug 23 00:00:00 2004 Dan Walsh 1.17.1-1
- Update from NSA
Fri Aug 20 00:00:00 2004 Colin Walters 1.15.16-2
- Add printer_device_t to types/devices.te, remove from lpd.te.
Thu Aug 19 00:00:00 2004 Dan Walsh 1.15.16-1
- Update from NSA, fixes for udev
Wed Aug 18 00:00:00 2004 Dan Walsh 1.15.15-1
- Update from NSA, remove unused te files
Sat Aug 14 00:00:00 2004 Dan Walsh 1.15.14-1
- Update from NSA
Thu Aug 12 00:00:00 2004 Dan Walsh 1.15.13-4
- Make booleans specific to policy type
Thu Aug 12 00:00:00 2004 Dan Walsh 1.15.13-3
- Fix booleans
Thu Aug 12 00:00:00 2004 Dan Walsh 1.15.13-2
- Fix bind to work in targeted policy
Mon Aug 9 00:00:00 2004 Dan Walsh 1.15.13-1
- Latest changes from NSA including more booleans changes.
Wed Aug 4 00:00:00 2004 Dan Walsh 1.15.12-1
- Update to latest from NSA
- Major rewrite to use booleans
Wed Aug 4 00:00:00 2004 Dan Walsh 1.15.11-2
- Fix targeted policy to create tun file
Sun Aug 1 00:00:00 2004 Dan Walsh 1.15.11-1
- Update to latest from NSA
- Rename tunables to .tun
Fri Jul 30 00:00:00 2004 Dan Walsh 1.15.10-1 | |
