|
|
|
|
Changelog for selinux-policy-targeted-1.27.1-2.28.noarch.rpm :
Thu Mar 23 23:00:00 2006 Russell Coker 1.27.1-2.28 - Allowed amanda_t to access inetd_t TCP sockets and allowed amanda_recover_t to bind to reserved ports. #149030 - Added boolean samba_share_nfs to allow smbd_t full access to NFS mounts.
Tue Mar 14 23:00:00 2006 Dan Walsh 1.27.1-2.27 - Allow updfstab to getattr on swapfile - Allow ypserv to communicate with ypxfr_t - File context for in.talkd
Wed Feb 15 23:00:00 2006 Dan Walsh 1.27.1-2.25 - Zebra wants to listen on router_port_t - auditctl wants to read proc
Fri Feb 10 23:00:00 2006 Dan Walsh 1.27.1-2.23 - Now zebra wants to listen on bgp
Thu Feb 9 23:00:00 2006 Dan Walsh 1.27.1-2.22 - Allow zebra to connect to bgp
Mon Feb 6 23:00:00 2006 Dan Walsh 1.27.1-2.21 - Allow zebra to use bgp - Allow spamd to connect to razor
Wed Jan 18 23:00:00 2006 Dan Walsh 1.27.1-2.20 - Add ldap support to spamd - Auditing changes
Wed Jan 18 23:00:00 2006 Dan Walsh 1.27.1-2.19 - Add support for labeled networking in upcoming kernel - Fix man page and booleans file
Mon Jan 2 23:00:00 2006 Dan Walsh 1.27.1-2.18 - Allow pam_module to work with apache
Thu Dec 1 23:00:00 2005 Dan Walsh 1.27.1-2.17 - Allow slapd to user kerberos
Thu Dec 1 23:00:00 2005 Dan Walsh 1.27.1-2.16 - Load the correct policy
Mon Nov 28 23:00:00 2005 Dan Walsh 1.27.1-2.15 - Allow privoxy to write /etc/privoxy/user.action - allow syslog to log to tty in targeted - Allow dovecot to read etc_runtime_t - Fixes for procmail and spam - Allow zebra to write routing rules
Wed Nov 9 23:00:00 2005 Dan Walsh 1.27.1-2.14 - remove lvm.static - Fix slapd - Fix innd
Thu Nov 3 23:00:00 2005 Dan Walsh 1.27.1-2.13 - Fix radius to use pam - Fix samba to add fowner
Mon Oct 31 23:00:00 2005 Dan Walsh 1.27.1-2.12 - Fix Handling of spamd, postfix
Fri Oct 28 00:00:00 2005 Dan Walsh 1.27.1-2.11 - Fix disable_postfix_trans boolean
Tue Oct 25 00:00:00 2005 Dan Walsh 1.27.1-2.10 - Update to match Rawhide
Thu Oct 20 00:00:00 2005 Dan Walsh 1.27.1-2.9 - Fix mysql - Add spamd.te
Wed Oct 19 00:00:00 2005 Dan Walsh 1.27.1-2.8 - Fix gssd
Tue Oct 18 00:00:00 2005 Dan Walsh 1.27.1-2.7 - Update to match rawhide
Thu Oct 13 00:00:00 2005 Dan Walsh 1.27.1-2.6 - Fixes for bluetooth and hal
Wed Oct 12 00:00:00 2005 Dan Walsh 1.27.1-2.5 - Update Amanda, pegusus, ftpd, apache to match upstream version - Update Bluetooth, rsync
Wed Sep 28 00:00:00 2005 Dan Walsh 1.27.1-2.3 - Fixes for postfix, amanda, bluetooth - Merge in changes from Rawhide.
Sat Sep 24 00:00:00 2005 Dan Walsh 1.27.1-2.2 - Put back in role sysadm_r unconfined_t;
Tue Sep 20 00:00:00 2005 Dan Walsh 1.27.1-2.1 - Update to match rawhide
Thu Sep 8 00:00:00 2005 Dan Walsh 1.25.4-10.1 - Fix roundup policy - Fixes for bluetooth - Change can_resolv to allow tcp_socket name_connect to dns port.
Fri Aug 26 00:00:00 2005 Dan Walsh 1.25.4-10 - Bump for FC4
Fri Aug 26 00:00:00 2005 Dan Walsh 1.25.4-9 - Allow i18n_input to read homedirs - Remove i18n_input from targeted
Tue Aug 23 00:00:00 2005 Dan Walsh 1.25.4-8 - Apply russell\'s cleanups
Tue Aug 23 00:00:00 2005 Dan Walsh 1.25.4-7 - Bump for FC-4
Tue Aug 23 00:00:00 2005 Dan Walsh 1.25.4-6 - Fix /var/lib/yp/ * file_context
Tue Aug 23 00:00:00 2005 Dan Walsh 1.25.4-5 - Add capifs - Add roundup policy - fix gdm
Thu Aug 18 00:00:00 2005 Dan Walsh 1.25.4-4.1 - Trying out postfix.te
Thu Aug 18 00:00:00 2005 Dan Walsh 1.25.4-4 - Add more access for amanda - Allow dovecot to create files in mail_spool_t
Wed Aug 17 00:00:00 2005 Dan Walsh 1.25.4-3 - add can_access_pty macro - Add nsswitch_macro for lots of ldap fixes
Mon Aug 15 00:00:00 2005 Dan Walsh 1.25.4-2 - Support for policy.20 and policy.19
Fri Aug 12 00:00:00 2005 Dan Walsh 1.25.4-1 -Update to latest from NSA * Merged small patches from Russell Coker for the restorecon, kudzu, lvm, radvd, and spamassasin policies. * Added fs_use_trans rule for mqueue from Mark Gebhart to support the work he has done on providing SELinux support for mqueue. * Merged a patch from Dan Walsh. Removes the user_can_mount tunable. Adds disable_evolution_trans and disable_thunderbird_trans booleans. Adds the nscd_client_domain attribute to insmod_t. Removes the user_ping boolean from targeted policy. Adds hugetlbfs, inotifyfs, and mqueue filesystems to genfs_contexts. Adds the isakmp_port for vpnc. Creates the pptp daemon domain. Allows getty to run sbin_t for pppd. Allows initrc to write to default_t for booting. Allows Hotplug_t sys_rawio for prism54 card at boot. Other minor fixes.
Tue Aug 9 00:00:00 2005 Dan Walsh 1.25.3-15 - Bump for FC4
Tue Aug 9 00:00:00 2005 Dan Walsh 1.25.3-14 - Allow passwd to read sysctl - Fix fsadm for zip drives
Sat Aug 6 00:00:00 2005 Dan Walsh 1.25.3-13 - Allow cvs to use kerberos - Allow sasauthd to use mysql
Wed Aug 3 00:00:00 2005 Dan Walsh 1.25.3-12 - Bump for FC4
Wed Aug 3 00:00:00 2005 Dan Walsh 1.25.3-11 - Fix NetworkManager-vpnc stuff
Tue Aug 2 00:00:00 2005 Dan Walsh 1.25.3-10 - Fixes for saslauthd, cyrus communication
Fri Jul 29 00:00:00 2005 Dan Walsh 1.25.3-9 - Bump for FC4
Fri Jul 29 00:00:00 2005 Dan Walsh 1.25.3-8 - Fixes for cups, hwclock, system_passwd, samba_net
Thu Jul 28 00:00:00 2005 Dan Walsh 1.25.3-7 - Add certwatch.te - Allow smbd to connect to smbd_port_t - Fix hugetlb and mqueue
Tue Jul 26 00:00:00 2005 Dan Walsh 1.25.3-6 - Bump for FC4
Tue Jul 26 00:00:00 2005 Dan Walsh 1.25.3-5 - Fix cyrus
Fri Jul 22 00:00:00 2005 Dan Walsh 1.25.3-4 - Bump for FC4
Wed Jul 20 00:00:00 2005 Dan Walsh 1.25.3-3 - Fix spec file for file_context.homedirs
Wed Jul 20 00:00:00 2005 Dan Walsh 1.25.3-2 - Update to latest from NSA
Sat Jul 16 00:00:00 2005 Dan Walsh 1.25.2-6 - Allow hald to run umount - Don\'t allow users to use removable_t for mls policy
Fri Jul 15 00:00:00 2005 Dan Walsh 1.25.2-5 - Fixup cyrus to read mail spool - Fix vpnc.te, NetworkManager and others for strict policy - Add isakmp port
Thu Jul 14 00:00:00 2005 Dan Walsh 1.25.2-2 - Allow klogin to read keytab file. - Allow cvs to send mail
Wed Jul 13 00:00:00 2005 Dan Walsh 1.25.2-1 - Update to latest from NSA
Tue Jul 12 00:00:00 2005 Dan Walsh 1.25.1-10 - Change file context for iiimd -> iiimd.bin
Sat Jul 9 00:00:00 2005 Dan Walsh 1.25.1-8 - Fix saslauthd policy to allow imapd and shadow.
Fri Jul 8 00:00:00 2005 Dan Walsh 1.25.1-6 - Fixes for winbind
Fri Jul 8 00:00:00 2005 Dan Walsh 1.25.1-5 - Allow cgi script to append to httpd_log_t - More fixes for samba net command
Thu Jul 7 00:00:00 2005 Dan Walsh 1.25.1-4 - Add boolean to allow sysadm_t to ptrace
Thu Jul 7 00:00:00 2005 Dan Walsh 1.25.1-1 - Update to NSA - Fix strict policy audit_write so you can login
Thu Jul 7 00:00:00 2005 Dan Walsh 1.24-5 - Add winbind_helper_t
Wed Jul 6 00:00:00 2005 Dan Walsh 1.24-4 - Allow dovecot to access cert_t - Add redhat tunable
Sun Jul 3 00:00:00 2005 Dan Walsh 1.24-2 - Allow getty to run pppd - Allow netplugd to work
Thu Jun 30 00:00:00 2005 Dan Walsh 1.24-1 - Upgrade from NSA * Updated version for release.
Tue Jun 28 00:00:00 2005 Dan Walsh 1.23.18-22 - Add additional http ports - Force make reload when sourses installed
Mon Jun 27 00:00:00 2005 Dan Walsh 1.23.18-20 - Fix hplip for cups
Sun Jun 26 00:00:00 2005 Dan Walsh 1.23.18-19 - Fix /opt
Sun Jun 26 00:00:00 2005 Dan Walsh 1.23.18-18 - Add passwd policy to targeted to maintain context on shadow file
Fri Jun 24 00:00:00 2005 Dan Walsh 1.23.18-16 - Fix postgres to allow it to connect to auth - Change cyrus-imapd to write to /var/spool/imap - Add Russell patches
Tue Jun 21 00:00:00 2005 Dan Walsh 1.23.18-15 - Fix pppd - Fix auditd
Sun Jun 19 00:00:00 2005 Dan Walsh 1.23.18-14 - Add Russell\'s patch for net_contexts
Sat Jun 18 00:00:00 2005 Dan Walsh 1.23.18-13 - Fix NetworkManager policy - Fix dovecot cert labeleing
Fri Jun 17 00:00:00 2005 Dan Walsh 1.23.18-11 - Fix NetworkManager dhcpd communications - Fix hotplug
Fri Jun 17 00:00:00 2005 Dan Walsh 1.23.18-9 - Update Ivan trusted/untrusted patch - add texrel_shlib_t to targeted
Thu Jun 16 00:00:00 2005 Dan Walsh 1.23.18-7 - Fixed for new cups domain hplip
Tue Jun 14 00:00:00 2005 Dan Walsh 1.23.18-6 - Further cleanup of user separation patches from Ivan
Sat Jun 11 00:00:00 2005 Dan Walsh 1.23.18-5 - Further cleanup of user separation patches from Ivan
Fri Jun 10 00:00:00 2005 Dan Walsh 1.23.18-3 - Add /etc/profile.d/selinux.sh /etc/profile.d/selinux.csh for strict - move ice_tmp_t definition for mls
Thu Jun 9 00:00:00 2005 Dan Walsh 1.23.18-2 - Add alsa policy - Policy cleanup from Ivan
Tue Jun 7 00:00:00 2005 Dan Walsh 1.23.18-1 - Upgrade from NSA * Merged minor fixes to pppd.fc and courier.te by Russell Coker. * Removed devfsd policy as suggested by Russell Coker. * Merged patch from Dan Walsh. Includes beginnings of Ivan Gyurdiev\'s Font Config policy. Don\'t transition to fsadm_t from unconfined_t (sysadm_t) in targeted policy. Add support for debugfs in modutil. Allow automount to create and delete directories in /root and /home dirs. Move can_ypbind to chkpwd_macro.te. Allow useradd to create additional files and types via the skell mechanism. Other minor cleanups and fixes.
Sun May 29 00:00:00 2005 Dan Walsh 1.23.17-4 - Add evolution/thunderbird support for strict policy. Including break out of orbits, fonts, and gnome. All done by Ivan G.
Sun May 29 00:00:00 2005 Dan Walsh 1.23.17-3 - Update policy, to remove crond_log_t - Fix selinuxenabled check
Fri May 27 00:00:00 2005 Dan Walsh 1.23.17-2 - Fixes to cups/ptal - Change ifconfig scripts back to etc_t
Thu May 26 00:00:00 2005 Dan Walsh 1.23.17-1 - Update from NSA * Merged minor fixes by Petre Rodan to the daemontools, dante, gpg, kerberos, and ucspi-tcp policies. * Merged minor fixes by Russell Coker to the bluetooth, crond, initrc, postfix, and udev policies. Modifies constraints so that newaliases can be run. Modifies types.fc so that objects in lost+found directories will not be relabled. * Modified fc rules for nvidia. * Added Chad Sellers policy for polyinstantiation support, which creates the polydir, polyparent, and polymember attributes. Also added the support_polyinstantiation tunable. * Merged patch from Dan Walsh. Includes mount_point attribute, read_font macros and some other policy fixes from Ivan Gyurdiev. Adds privkmsg and secadmfile attributes and ddcprobe policy. Removes the use_syslogng boolean. Many other minor fixes.
Thu May 26 00:00:00 2005 Dan Walsh 1.23.16-8 - Fixes for amanda - Add debugfs for insmod - Fixes for automount - Fixes for useradd in strict policy
Wed May 25 00:00:00 2005 Dan Walsh 1.23.16-7 - Don\'t transition from sysadm_t to fsadm_t in targeted policy - Fix sysadm_crond_tmp_t to tmpfile in targeted - Allow kernel_t to read sysfs_t
Sat May 21 00:00:00 2005 Dan Walsh 1.23.16-6 - Add firstboot to targeted policy
Fri May 20 00:00:00 2005 Dan Walsh 1.23.16-5 - Fix slapd and cups for targeted policy
Thu May 19 00:00:00 2005 Dan Walsh 1.23.16-4 - Add anaconda back in - Fix for nvidia - Fixes for acpi - Fix several \":file read\" -> \":file { getattr read }:
Tue May 17 00:00:00 2005 Dan Walsh 1.23.16-1 - Update from NSA * Added rdisc policy from Russell Coker. * Merged minor fix to named policy by Petre Rodan. * Merged minor fixes to policy from Russell Coker for kudzu, named, screen, setfiles, telnet, and xdm. * Merged minor fix to Makefile from Russell Coker.
Fri May 13 00:00:00 2005 Dan Walsh 1.23.15-5 - Remove incorrect user_ *_t from te files - Add secadmfile attribute - Allow secadm to relabel secadmfile - Add wine file_context
Thu May 12 00:00:00 2005 Dan Walsh 1.23.15-4 - Allow smbd to communicate with cups - fix some net_conf contexts - Add a bunch of / files file_context
Wed May 11 00:00:00 2005 Dan Walsh 1.23.15-3 - httpd_suexec_t needs to be able to read user_home_dir_t in targeted policy
Tue May 10 00:00:00 2005 Dan Walsh 1.23.15-2 - Add Russell Fixes. Add rdisc policy. - Add some of Ivan\'s changes. - remove syslog boolean
Sat May 7 00:00:00 2005 Dan Walsh 1.23.15-1 - Update from NSA * Added tripwire and yam policy from David Hampton. * Merged minor fixes to amavid and a clarification to the httpdcontent attribute comments from David Hampton. * Merged patch from Dan Walsh. Includes fixes for restorecon, games, and postfix from Russell Coker. Adds support for debugfs. Restores support for reiserfs. Allows udev to work with tmpfs_t before /dev is labled. Removes transition from sysadm_t (unconfined_t) to ifconfig_t for the targeted policy. Other minor cleanups and fixes.
Fri May 6 00:00:00 2005 Dan Walsh 1.23.14-4 - Add debugfs - Add Russell fixes for restorecon, games - Turn off user_canbe_sysadm
Tue May 3 00:00:00 2005 Dan Walsh 1.23.14-2 - Allow all domains on ppc execmem priv, otherwise it crashes
Tue May 3 00:00:00 2005 Dan Walsh 1.23.14-1 - Update to latest from NSA * Added afs policy from Andrew Reisse. * Merged patch from Lorenzo Hernández García-Hierro which defines execstack and execheap permissions. The patch excludes these permissions from general_domain_access and updates the macros for X, legacy binaries, users, and unconfined domains. * Added nlmsg_relay permisison where netlink_audit_socket class is used. Added nlmsg_readpriv permission to auditd_t and auditctl_t. * Merged some minor cleanups from Russell Coker and David Hampton. * Merged patch from Dan Walsh. Many changes made to allow targeted policy to run closer to strict and now almost all of non-userspace is protected via SELinux. Kernel is now in unconfined_domain for targeted and runs as root:system_r:kernel_t. Added transitionbool to daemon_sub_domain, mainly to turn off httpd_suexec transitioning. Implemented web_client_domain name_connect rules. Added yp support for cups. Now the real hotplug, udev, initial_sid_contexts are used for the targeted policy. Other minor cleanups and fixes. Auditd fixes by Paul Moore.
Sat Apr 30 00:00:00 2005 Dan Walsh 1.23.13-8 - Fixes for consoletype, kudzu reading proc_t - Add label /dev/adb - Fixes for hal
Fri Apr 29 00:00:00 2005 Dan Walsh 1.23.13-6 - Allow hal to connect to self - Fix turboprint/cups problem. - Fixes fir i18n_input errors
Thu Apr 28 00:00:00 2005 Dan Walsh 1.23.13-4 - Update to fix smtp random device access - Add i18n_input changes from Akira TAGOH
Wed Apr 27 00:00:00 2005 Dan Walsh 1.23.13-3 - Fix turboprint/cups integration
Tue Apr 26 00:00:00 2005 Dan Walsh 1.23.13-2 - Small fixes for targeted policy - Add updfstab
Tue Apr 26 00:00:00 2005 Dan Walsh 1.23.13-1 - Update to latest from NSA * Merged more changes from Dan Walsh to initrc_t for removal of unconfined_domain. * Merged Dan Walsh\'s split of auditd policy into auditd_t for the audit daemon and auditctl_t for the autoctl program. * Added use of name_connect to uncond_can_ypbind macro by Dan Walsh. * Merged other cleanup and fixes by Dan Walsh.
Mon Apr 25 00:00:00 2005 Dan Walsh 1.23.12-5 - Fix file_context conflicts for fsadm - Add Russels patches - Restore webalizer - Add transitionbool for httpd_suexec
Sat Apr 23 00:00:00 2005 Dan Walsh 1.23.12-4 - Fix consoletype - Add udev, hotplug, consoletype,restorecon to targeted
Fri Apr 22 00:00:00 2005 Dan Walsh 1.23.12-2 - Fix conflicting context files
Thu Apr 21 00:00:00 2005 Dan Walsh 1.23.12-1 - Fix dhcpc.te - fix hostname.te for targeted domain - Update from NSA * Merged Dan Walsh\'s Netlink changes to handle new auditing pam modules. * Merged Dan Walsh\'s patch removing the sysadmfile attribute from policy files to separate sysadm_t from secadm_t. * Added CVS and uucpd policy from Dan Walsh. * Cleanup by Dan Walsh to handle turning off unlimitedRC. * Merged Russell Coker\'s fixes to ntpd, postgrey, and named policy. * Cleanup of chkpwd_domain and added permissions to su_domain macro due to pam changes to support audit. * Added nlmsg_relay and nlmsg_readpriv permissions to the netlink_audit_socket class.
Wed Apr 20 00:00:00 2005 Dan Walsh 1.23.11-4 - Fix httpd_suexec_t to be able to creat log file - Add auditctl_t - Misc fixes
Sat Apr 16 00:00:00 2005 Dan Walsh 1.23.11-3 - Add additional amanda rules - Fix prelink to privowner - Fix udev startup
Fri Apr 15 00:00:00 2005 Dan Walsh 1.23.11-1 - Fix login programs handling of audit messages - Update to latest from NSA * Merged Dan Walsh\'s separation of the security manager and system administrator. * Removed screensaver.te as suggested by Thomas Bleher * Cleanup of typealiases that are no longer used by Thomas Bleher. * Cleanup of fc files and additional rules for SuSE by Thomas Bleher. * Merged changes to auditd and named policy by Russell Coker. * Merged MLS change from Darrel Goeddel to support the policy hierarchy patch.
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-6 - Add auditd policy to targeted - Fix auditd policy
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-5 - Allow NetworkManager to communicate with hal in targeted_policy
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-4 - Add Russell compat.(fc, te) for switching from strict to targeted
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-3 - Fix Makefile to load policy before installing FC - Fix patch - Remove unlimited tunables from strict
Wed Apr 13 00:00:00 2005 Dan Walsh 1.23.10-1 - Add dbusd.te - Fix adobe
Tue Apr 12 00:00:00 2005 Dan Walsh 1.23.9-2 - Add name_connect for Mozilla - Add cvs and uucpd policy - Many fixes for strict policy
Sat Apr 9 00:00:00 2005 Dan Walsh 1.23.9-1 - Create separate secadm_r/secadm_t domain
Thu Apr 7 00:00:00 2005 Dan Walsh 1.23.8-2 - Move to a later kernel version - Update from NSA * Merged diffs from Dan Walsh. Includes Ivan Gyurdiev\'s cleanup of x_client apps. * Added dmidecode policy from Ivan Gyurdiev.
Thu Apr 7 00:00:00 2005 Dan Walsh 1.23.8-1 - Update from NSA * Added netlink_kobject_uevent_socket class. * Removed empty files pump.te and pump.fc. * Added NetworkManager policy from Dan Walsh. * Merged Dan Walsh\'s major restructuring of Apache\'s policy.
Wed Apr 6 00:00:00 2005 Dan Walsh 1.23.6-4 - add NetworkManager and modutils
Tue Apr 5 00:00:00 2005 Dan Walsh 1.23.6-3 - Allow httpd to read content without builtin scripting turned on - Remove policy.18
Tue Apr 5 00:00:00 2005 Dan Walsh 1.23.6-1 - Add boolean httpd_buildin_scripting - Update to latest NSA Policy * Merged cleanup of the Makefile and other stuff from Dan Walsh. Dan\'s patch includes some desktop changes from Ivan Gyurdiev. * Merged Thomas Bleher\'s patches which increase the usage of lock_domain() and etc_domain(), changes var_lib_DOMAIN_t usage to DOMAIN_var_lib_t, and removes use of notdevfile_class_set where possible. * Merged Greg Norris\'s cleanup of fetchmail.
Fri Apr 1 00:00:00 2005 Dan Walsh 1.23.5-3 - Redesign of apache_macros. Broken into apache_user_domain and apache_domain. - Added fixes from Ivan
Wed Mar 23 23:00:00 2005 Dan Walsh 1.23.5-2 - Handle booleans.local
Wed Mar 23 23:00:00 2005 Dan Walsh 1.23.5-1 - Update to latest from NSA
Wed Mar 23 23:00:00 2005 Dan Walsh 1.23.4-4 - Allow named, nscd to log to /var/log directory - Allow cups to create ptal_var_run_t files
Tue Mar 22 23:00:00 2005 Dan Walsh 1.23.4-3 - More tightening of name_connect - Cleanups to httpd_unconfined_script_t
Mon Mar 21 23:00:00 2005 Dan Walsh 1.23.4-1 - Update from NSA - Add logfile tmpfs_t associate privs - Start adding name_connect code - Add httpd_unconfined_script_t
Fri Mar 18 23:00:00 2005 Dan Walsh 1.23.3-2 - Allow cups/lpd to bind to a port
Thu Mar 17 23:00:00 2005 Dan Walsh 1.23.3-1 - Update from NSA * Added policy for nx_server from Thomas Bleher. * Added policies for clockspeed, daemontools, djbdns, ucspi-tcp, and publicfile from Petre Rodan.
Tue Mar 15 23:00:00 2005 Dan Walsh 1.23.2-1 - Update from NSA * Merged diffs from Dan Walsh. Dan\'s patch includes Ivan Gyurdiev\'s gift policy. * Made sysadm_r the first role for root, so root\'s home will be labled as sysadm_home_dir_t instead of staff_home_dir_t. * Modified fs_use and Makefile to reflect jfs now supporting security xattrs.
Fri Mar 11 23:00:00 2005 Dan Walsh 1.23.1-1 - Update from NSA - Fixes for fs_daemon - Add gift from Ivan Gyurdiev
Thu Mar 10 23:00:00 2005 Dan Walsh 1.22.1-3 - Add consoletype.te - Fix filecontext.homedirs handling
Thu Mar 10 23:00:00 2005 Dan Walsh 1.22.1-1 - Update to latest from NSA - Dontaudit pam_timestamp calls to utmp
Wed Mar 9 23:00:00 2005 Dan Walsh 1.21.16-4 - Add in ifconfig and hostname to make dhcpc work - Add dontaudit for some net_admin calls - Add users directory to targeted
Wed Mar 9 23:00:00 2005 Dan Walsh 1.21.16-1 - Rebuild to fix bad policycoreutils - fix ftpd_selinux man page - Update to latest from NSA
Tue Mar 8 23:00:00 2005 Dan Walsh 1.21.15-8 - Add back in dhcpc.te to targeted - remove java_domain - Fix rpc_pipefs reg expression found by Eric Paris - Fix sendmail - Add ftpd_anon_rw_t
Mon Mar 7 23:00:00 2005 Dan Walsh 1.21.15-6 - Add many Ivan Gyurdiev cleanups
Wed Mar 2 23:00:00 2005 Dan Walsh 1.21.15-5 - Remove cyrus_r
Mon Feb 28 23:00:00 2005 Dan Walsh 1.21.15-4 - Add Ivans changes to cleanup writing to homedir - Update strict policy changes - Allow httpd_sys_script_t self: create_stream_socket_perms
Fri Feb 25 23:00:00 2005 Dan Walsh 1.21.15-3 - Add transitions to dhcpc - Remove serviceusers - Fixes for mta in targeted
Thu Feb 24 23:00:00 2005 Dan Walsh 1.21.15-1 - Update from NSA
Mon Feb 21 23:00:00 2005 Dan Walsh 1.21.14-2 - Lots of fix patches from Ivan
Thu Feb 17 23:00:00 2005 Dan Walsh 1.21.14-1 - Update from NSA
Mon Feb 14 23:00:00 2005 Dan Walsh 1.21.13-1 - Update from NSA - Add bin_t, sbin_t, exec_type execmod privs for targeted policy
Mon Feb 14 23:00:00 2005 Dan Walsh 1.21.12-3 - Cleanup x_client_domain - Add dontaudit net_admin for cups
Fri Feb 11 23:00:00 2005 Dan Walsh 1.21.12-2 - Allow unconfined_t to execmod on ld_so_t
Thu Feb 10 23:00:00 2005 Dan Walsh 1.21.12-1 - Use new gethomedircon
Wed Feb 9 23:00:00 2005 Dan Walsh 1.21.11-3 - Add additional texrel_shlib
Wed Feb 9 23:00:00 2005 Dan Walsh 1.21.11-1 - Eliminate lots of net_admin privs. - Add privs to useradd to create homedir correctly
Wed Feb 9 23:00:00 2005 Dan Walsh 1.21.10-1 - Fix traceroute policy for nmap - remove cap31 to prevent checkpolicy bug
Tue Feb 8 23:00:00 2005 Dan Walsh 1.21.9-1 - Update to latest from NSA * Updated capability access vector for audit capabilities. - Fix file_contexts spec
Mon Feb 7 23:00:00 2005 Dan Walsh 1.21.8-6 - Allow user apps to read event_device_t
Fri Feb 4 23:00:00 2005 Dan Walsh 1.21.8-5 - Add java plugin policy
Thu Feb 3 23:00:00 2005 Dan Walsh 1.21.8-4 - Fix postfix handling in targeted with dovecot. - Stop transitioning to httpd_sys_script_t if httpd_disable_trans is set
Wed Feb 2 23:00:00 2005 Dan Walsh 1.21.8-2 - Allow syslogd to r_netlink_route - Dontaudit samba access to $1_file_types
Tue Feb 1 23:00:00 2005 Dan Walsh 1.21.7-1 - Update to latest from NSA * Add allow_execmem boolean
Tue Feb 1 23:00:00 2005 Dan Walsh 1.21.6-1 - Fix cron transiton rules for targeted policy - Update to latest from NSA * Update access vectors
Mon Jan 31 23:00:00 2005 Dan Walsh 1.21.5-5 - Allow apache to read certs files - Add mplayer policy
Mon Jan 31 23:00:00 2005 Dan Walsh 1.21.5-3 - Change /u?dev to /dev - Add Ivan\'s smbmount patch
Fri Jan 28 23:00:00 2005 Dan Walsh 1.21.5-2 - Update to latest from NSA - Many fixes to spec file.
Thu Jan 27 23:00:00 2005 Dan Walsh 1.21.4-2 - Fix handling of local.users file
Thu Jan 27 23:00:00 2005 Dan Walsh 1.21.4-1 - Update from NSA * Changed policy Makefile to still generate policy.18 as well, and use it for make load if the kernel doesn\'t support 19. * Merged enhanced MLS support from Darrel Goeddel (TCS).
Tue Jan 25 23:00:00 2005 Dan Walsh 1.21.3-6 - Added \"role system_r types system_crond_t;\" for targeted policy - Dontaudit selinux_config_t from httpd - Dontaudit writes to mips from httpd - Change file_context on postgresql helper apps back to bin_t - Add typealias for shlib_t to lib_t
Tue Jan 25 23:00:00 2005 Dan Walsh 1.21.3-4 - Add texrel_shlib_t for execmod libraries - Add smbmount policy
Tue Jan 25 23:00:00 2005 Dan Walsh 1.21.3-3 - Fix crond to run in unconfined_domain on targeted policy - Eliminate execmod from gpg
Mon Jan 24 23:00:00 2005 Dan Walsh 1.21.3-1 - Update from NSA
Thu Jan 20 23:00:00 2005 Dan Walsh 1.21.2-7 - Allow restorecon and setfiles to read default_context_t
Thu Jan 20 23:00:00 2005 Dan Walsh 1.21.2-6 - Remove crond alias to unconfined_t in targeted
Thu Jan 20 23:00:00 2005 Dan Walsh 1.21.2-5 - More Fixes for rlogind
Wed Jan 19 23:00:00 2005 Nalin Dahyabhai 1.21.2-4 - Add a default_context entry for the remote_login_t domain, for telnet
Wed Jan 19 23:00:00 2005 Dan Walsh 1.21.2-2 - Fixed policy for telnet and rlogin
Tue Jan 18 23:00:00 2005 Dan Walsh 1.21.2-1 - Update with latest from NSA - Add Policy man pages
Wed Jan 12 23:00:00 2005 Dan Walsh 1.21.1-1 - Update to latest from NSA - Add samba home dir rules
Tue Jan 11 23:00:00 2005 Dan Walsh 1.20.1-3 - Allow samba to manipulate samba_share_t lnk files - add configurable_types - Allow mozilla to exemem - Add suck to innd.te - Fix creation of posgresql and add can_ypbind
Fri Jan 7 23:00:00 2005 Dan Walsh 1.20.1-1 - Start using typeattribute - Implement allow_samba_home_dirs
Wed Jan 5 23:00:00 2005 Dan Walsh 1.19-17-3 - change to require checkpolicy >= 1.19.2 - Change to use typeattribute - Update list of booleans - Update to latest from NSA
Tue Jan 4 23:00:00 2005 Dan Walsh 1.19-16-1 - Update to latest from NSA
Mon Jan 3 23:00:00 2005 Dan Walsh 1.19-15-14 - Have cups_config_t create files with the right context - Allow all file_types to be associated with noexettr file systems - Allow apache scripts to read fonts_t - dontaudit squid trying to read / - Allow httpd_suexec_t to read home directories
Tue Dec 28 23:00:00 2004 Dan Walsh 1.19-15-11 - Change sshd, xdm, crond, sendmail to run under different context - in targeted policy
Tue Dec 28 23:00:00 2004 Dan Walsh 1.19-15-10 - Fix transition rules for initrc->unconfined_t
Mon Dec 27 23:00:00 2004 Dan Walsh 1.19-15-9 - Try to fix certain scripts to not transition to initrc_t * sendmail, sshd, prefdm, crond
Mon Dec 27 23:00:00 2004 Dan Walsh 1.19-15-8 - Add Russell patches to udev, modutil
Thu Dec 23 23:00:00 2004 Dan Walsh 1.19-15-7 - Fix handling of udev.tdb - Fix ntpd communications with winbind
Thu Dec 23 23:00:00 2004 Dan Walsh 1.19-15-6 - Stop running sendmail, sshd, cron in initrc domain in targeted
Wed Dec 22 23:00:00 2004 Dan Walsh 1.19-15-5 - Allow reading of udev_tdb_t directory - Change /etc/init.d/sendmail to bin_t for targeted policy to make - it to run unconfined.
Wed Dec 22 23:00:00 2004 Dan Walsh 1.19-15-3 - Add sendmail
Wed Dec 22 23:00:00 2004 Dan Walsh 1.19-15-2 - Remove transition rules for unconfined_t to domains, must run initrc scripts. - Add init and initrc to targeted policy
Tue Dec 21 23:00:00 2004 Dan Walsh 1.19-15-1 - Update to latest from NSA
Mon Dec 20 23:00:00 2004 Dan Walsh 1.19-14-5 - Fix cups policy for targeted policy
Mon Dec 20 23:00:00 2004 Dan Walsh 1.19-14-4 - Allow windbind to create log files in samba. - Fix ifdef dbusd for definition of dbus directory - Allow system_mail to access urandom_device_t
Fri Dec 17 23:00:00 2004 Dan Walsh 1.19-14-3 - Fixes for ldconfig in targeted policy
Thu Dec 16 23:00:00 2004 Dan Walsh 1.19-14-2 - Changes to increase the number of daemons in targeted policy
Thu Dec 16 23:00:00 2004 Dan Walsh 1.19-14-1 - Update latest from NSA
Sat Dec 11 23:00:00 2004 Dan Walsh 1.19-13-1 - Update latest from NSA
Fri Dec 10 23:00:00 2004 Dan Walsh 1.19-12-2 - Add support for winbindd from nscd
Wed Dec 8 23:00:00 2004 Dan Walsh 1.19-12-1 - Update latest from NSA - Add single_user_file_type tunable.
Wed Dec 8 23:00:00 2004 Dan Walsh 1.19-11-3 - Fix winbindd for samba - Add some targeted_policy ifdefs.
Wed Dec 8 23:00:00 2004 Dan Walsh 1.19-11-2 - Many fixes caused by turning off unlimitedRC
Fri Dec 3 23:00:00 2004 Dan Walsh 1.19-11-1 - Merge with upstream
Thu Dec 2 23:00:00 2004 Dan Walsh 1.19-10-1 - Update to latest from NSA - Fix tty devices from IBM Platforms
Thu Dec 2 23:00:00 2004 Dan Walsh 1.19-9-1 - Update to add execmem and execmod
Wed Dec 1 23:00:00 2004 Dan Walsh 1.19-8-4 - Allow boolloader to can_exec_any
Wed Dec 1 23:00:00 2004 Dan Walsh 1.19-8-3 - Add ipx support - Fix portmap
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-8-2 - Make htdig work
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-8-1 - Cleanup several network_client calls - Update from upstream
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-7-2 - Remove root_dir_type, fix hotplug
Tue Nov 30 23:00:00 2004 Dan Walsh 1.19-7-1 - Update to Upstream
Mon Nov 29 23:00:00 2004 Dan Walsh 1.19-6-1 - Update to Upstream
Wed Nov 24 23:00:00 2004 Dan Walsh 1.19-5-1 - Update to Upstream - Convert to new network_macros.te
Tue Nov 23 23:00:00 2004 Dan Walsh 1.19-4-4 - Add proc_net for unconfined_t
Mon Nov 22 23:00:00 2004 Dan Walsh 1.19-4-3 - Fix location of selinuxenabled
Mon Nov 22 23:00:00 2004 Dan Walsh 1.19-4-2 - Add some rules to allow httpd_sys_content_t to access to httpdcontent if httpd_unified is set
o * Sun Nov 21 2004 Dan Walsh 1.19-4-1 - Upgrade to match upstream - Require policycoreutils
Fri Nov 19 23:00:00 2004 Dan Walsh 1.19-3-1 - Upgrade to upstream - Add fixes for postgres and apache
Thu Nov 18 23:00:00 2004 Dan Walsh 1.19-2-1 - Upgrade to upstream
Wed Nov 17 23:00:00 2004 Dan Walsh 1.19-1-14 Add back in zebra
Wed Nov 17 23:00:00 2004 Dan Walsh 1.19-1-13 - don\'t transition from sysadm_t (unconfined_t) to system_mail_t when executing sendmail in targeted policy
Wed Nov 17 23:00:00 2004 Dan Walsh 1.19-1-12 - Fixes for crond fifo file, httpd_unified, and cups
Tue Nov 16 23:00:00 2004 Dan Walsh 1.19-1-11 - Fixed for /dev/pmu and printconf
Tue Nov 16 23:00:00 2004 Dan Walsh 1.19-1-10 - Add boolean to allow httpd to communicate with tty
Sat Nov 13 23:00:00 2004 Dan Walsh 1.19-1-9 - Minor fixes - Add postgresql.te to targeted
Fri Nov 12 23:00:00 2004 Dan Walsh 1.19-1-8 - tighten security on squirrelmail
Fri Nov 12 23:00:00 2004 Dan Walsh 1.19-1-7 - Fixes to get squirrelmail working in targeted policy
Thu Nov 11 23:00:00 2004 Dan Walsh 1.19-1-6 - Remove unwanted te files to make policy smaller
Thu Nov 11 23:00:00 2004 Dan Walsh 1.19-1-5 - Add allow_kerberos for targeted policy and fix ntpd for targetd
Wed Nov 10 23:00:00 2004 Dan Walsh 1.19-1-4 - Fix mysql.te
Wed Nov 10 23:00:00 2004 Dan Walsh 1.19-1-3 - Cleanup of Dovecot and squirrelmail
Wed Nov 10 23:00:00 2004 Dan Walsh 1.19-1-2 - Allow httpd to read bin_t lnk_files
Tue Nov 9 23:00:00 2004 Dan Walsh 1.19-1-1 - Update from NSA
Mon Nov 8 23:00:00 2004 Dan Walsh 1.18.2-4 - Add /dev/pmu and privoxy fixes
Mon Nov 8 23:00:00 2004 Dan Walsh 1.18.2-3 - Complete lockdev and test with mincom
Sat Nov 6 23:00:00 2004 Dan Walsh 1.18.2-2 - Add preliminary lockdev defs
Sat Nov 6 23:00:00 2004 Dan Walsh 1.18.2-1 - Allow gpg to read/write user homedir files
Sat Nov 6 23:00:00 2004 Dan Walsh 1.18.2-1 - Merge with upstream - Allow users to read xdm pid files - Allow sysadm_t to communicate with xdm fifo file.
Thu Nov 4 23:00:00 2004 Dan Walsh 1.18.1-3 - ooffice is crashing because it needs to getattr on a dri device.
Wed Nov 3 23:00:00 2004 Dan Walsh 1.18.1-2 - Eliminate single user domain
Tue Nov 2 23:00:00 2004 Dan Walsh 1.18.1-1 - Update from NSA
Tue Nov 2 23:00:00 2004 Dan Walsh 1.17.37-2 - Many fixes for tighter can_network policy and nscd_client_domain
Mon Nov 1 23:00:00 2004 Dan Walsh 1.17.37-1 - Merge with upstream
Sat Oct 30 00:00:00 2004 Dan Walsh 1.17.36-3 - Eliminate ability to read tmp_t lnk_files
Fri Oct 29 00:00:00 2004 Dan Walsh 1.17.36-2 - Add ability to specify port to can_tcp_network
Thu Oct 28 00:00:00 2004 Dan Walsh 1.17.36-1 | |