|
|
|
|
Changelog for libselinux-2.6-6.fc26.i686.rpm :
* Fri Apr 28 2017 Petr Lautrbach - 2.6-6- Don\'t finalize mount state in selinux_set_policy_root()- Follow upstream and rename _selinux.so to _selinux.cpython-36m-x86_64-linux-gnu.so * Thu Apr 06 2017 Petr Lautrbach - 2.6-5- Fix setfiles progress indicator * Wed Mar 22 2017 Petr Lautrbach - 2.6-4- Fix segfault in selinux_restorecon_sb() (#1433577)- Change matchpathcon usage to match with matchpathcon manpage- Fix a corner case getsebool return value * Tue Mar 14 2017 Petr Lautrbach - 2.6-3- Fix \'semanage boolean -m\' to modify active value * Thu Mar 02 2017 Petr Lautrbach - 2.6-2- Fix FTBFS - fatal error (#1427902) * Sun Feb 12 2017 Petr Lautrbach - 2.6-1- Update to upstream release 2016-10-14 * Fri Feb 10 2017 Fedora Release Engineering - 2.5-18- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Wed Feb 01 2017 Stephen Gallagher - 2.5-17- Add missing %license macro * Fri Jan 13 2017 Vít Ondruch - 2.5-16- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.4 * Wed Jan 11 2017 Petr Lautrbach - 2.5-15- Rewrite restorecon() python method * Fri Dec 09 2016 Charalampos Stratakis - 2.5-14- Rebuild for Python 3.6 * Tue Nov 22 2016 Petr Lautrbach - 2.5-13- Fix pointer handling in realpath_not_final (#1376598) * Mon Oct 03 2016 Petr Lautrbach 2.5-12- Fix -Wsign-compare warnings- Drop unused stdio_ext.h header file- Kill logging check for selinux_enabled()- Drop usage of _D_ALLOC_NAMLEN- Add openrc_contexts functions- Fix redefinition of XATTR_NAME_SELINUX- Correct error path to always try text- Clean up process_file()- Handle NULL pcre study data- Fix in tree compilation of utils that depend on libsepol * Mon Aug 01 2016 Petr Lautrbach 2.5-11- Rebuilt with libsepol-2.5-9 * Tue Jul 19 2016 Fedora Release Engineering - 2.5-10- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages * Mon Jun 27 2016 Petr Lautrbach - 2.5-9- Clarify is_selinux_mls_enabled() description- Explain how to free policy type from selinux_getpolicytype()- Compare absolute pathname in matchpathcon -V- Add selinux_snapperd_contexts_path() * Fri Jun 24 2016 Petr Lautrbach - 2.5-8- Move _selinux.so to /usr/lib64/python */site-packages * Thu Jun 23 2016 Petr Lautrbach - 2.5-7- Modify audit2why analyze function to use loaded policy- Sort object files for deterministic linking order- Respect CC and PKG_CONFIG environment variable- Avoid mounting /proc outside of selinux_init_load_policy() * Fri May 06 2016 Petr Lautrbach - 2.5-6- Fix multiple spelling errors * Mon May 02 2016 Petr Lautrbach - 2.5-5- Rebuilt with libsepol-2.5-5 * Fri Apr 29 2016 Petr Lautrbach - 2.5-4- Fix typo in sefcontext_compile.8 * Fri Apr 08 2016 Petr Lautrbach - 2.5-3- Fix location of selinuxfs mount point- Only mount /proc if necessary- procattr: return einval for <= 0 pid args- procattr: return error on invalid pid_t input * Sat Feb 27 2016 Petr Lautrbach 2.5-2- Use fully versioned arch-specific requires * Tue Feb 23 2016 Petr Lautrbach 2.5-1- Update to upstream release 2016-02-23 * Sun Feb 21 2016 Petr Lautrbach 2.5-0.1.rc1- Update to upstream rc1 release 2016-01-07 * Thu Feb 04 2016 Fedora Release Engineering - 2.4-8- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Tue Jan 12 2016 Vít Ondruch - 2.4-7- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3 * Thu Dec 10 2015 Petr Lautrbach - 2.4-6- Build libselinux without rpm_execcon() (#1284019) * Thu Oct 15 2015 Robert Kuska - 2.4-5- Rebuilt for Python3.5 rebuild * Wed Sep 30 2015 Petr Lautrbach 2.4-4- Flush the class/perm string mapping cache on policy reload (#1264051)- Fix restorecon when path has no context * Wed Sep 02 2015 Petr Lautrbach 2.4-3- Simplify procattr cache (#1257157,#1232371) * Fri Aug 14 2015 Adam Jackson 2.4-2- Export ldflags into the build so hardening works * Tue Jul 21 2015 Petr Lautrbach 2.4-1.1- Update to 2.4 release * Wed Jun 17 2015 Fedora Release Engineering - 2.3-11- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Tue May 12 2015 Petr Lautrbach 2.3-10- is_selinux_enabled: Add /etc/selinux/config test (#1219045)- matchpathcon/selabel_file: Fix man pages (#1219718) * Thu Apr 23 2015 Petr Lautrbach 2.3-9- revert support for policy compressed with xv (#1185266) * Tue Apr 21 2015 Petr Lautrbach 2.3-8- selinux.py - use os.walk() instead of os.path.walk() (#1195004)- is_selinux_enabled(): drop no-policy-loaded test (#1195074)- fix -Wformat errors and remove deprecated mudflap option * Mon Mar 16 2015 Than Ngo - 2.3-7- bump release and rebuild so that koji-shadow can rebuild it against new gcc on secondary arch * Mon Jan 19 2015 Vít Ondruch - 2.3-6- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.2 * Thu Aug 21 2014 Miroslav Grepl - 2.3-5- Compiled file context files and the original should have the same permissions from dwalshAATTredhat.com- Add selinux_openssh_contexts_path() to get a path to /contexts/openssh_contexts * Sun Aug 17 2014 Fedora Release Engineering - 2.3-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 07 2014 Fedora Release Engineering - 2.3-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 28 2014 Kalev Lember - 2.3-2- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 * Tue May 06 2014 Dan Walsh - 2.3-1- Update to upstream * Get rid of security_context_t and fix const declarations. * Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover. * Tue May 06 2014 Miroslav Grepl - 2.2.2-8- Add selinux_openssh_contexts_path() * Thu Apr 24 2014 Vít Ondruch - 2.2.2-7- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 * Mon Feb 24 2014 Dan Walsh - 2.2.2-6- Fix spelling mistake in man page * Thu Feb 20 2014 Dan Walsh - 2.2.2-5- More go bindings- restorecon, getpidcon, setexeccon * Fri Feb 14 2014 Dan Walsh - 2.2.2-4- Add additional go bindings for get *con calls- Add go bindings test command- Modify man pages of set *con calls to mention that they are thread specific * Fri Jan 24 2014 Dan Walsh - 2.2.2-3- Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go- Add Int_to_mcs function to generate MCS labels from integers. * Tue Jan 14 2014 Dan Walsh - 2.2.2-2- Add ghost flag for /var/run/setrans * Mon Jan 06 2014 Dan Walsh - 2.2.2-1- Update to upstream * Fix userspace AVC handling of per-domain permissive mode.- Verify context is not null when passed into *setfilecon_raw * Fri Dec 27 2013 Adam Williamson - 2.2.1-6- revert unexplained change to rhat.patch which broke SELinux disablement * Mon Dec 23 2013 Dan Walsh - 2.2.1-5- Verify context is not null when passed into lsetfilecon_raw * Wed Dec 18 2013 Dan Walsh - 2.2.1-4- Mv selinux.go to /usr/share/gocode/src/selinux * Tue Dec 17 2013 Dan Walsh - 2.2.1-3- Add golang support to selinux. * Thu Dec 05 2013 Dan Walsh - 2.2.1-2- Remove togglesebool man page * Mon Nov 25 2013 Dan Walsh - 2.2.1-1- Update to upstream * Remove -lpthread from pkg-config file; it is not required.- Add support for policy compressed with xv * Thu Oct 31 2013 Dan Walsh - 2.2-1- Update to upstream * Fix avc_has_perm() returns -1 even when SELinux is in permissive mode. * Support overriding Makefile RANLIB from Sven Vermeulen. * Update pkgconfig definition from Sven Vermeulen. * Mount sysfs before trying to mount selinuxfs from Sven Vermeulen. * Fix man pages from Laurent Bigonville. * Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville. * Fix LDFLAGS usage from Laurent Bigonville * Avoid shadowing stat in load_mmap from Joe MacDonald. * Support building on older PCRE libraries from Joe MacDonald. * Fix handling of temporary file in sefcontext_compile from Dan Walsh. * Fix procattr cache from Dan Walsh. * Define python constants for getenforce result from Dan Walsh. * Fix label substitution handling of / from Dan Walsh. * Add selinux_current_policy_path from Dan Walsh. * Change get_context_list to only return good matches from Dan Walsh. * Support udev-197 and higher from Sven Vermeulen and Dan Walsh. * Add support for local substitutions from Dan Walsh. * Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh. * Python wrapper leak fixes from Dan Walsh. * Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh. * Add selinux_systemd_contexts_path from Dan Walsh. * Add selinux_set_policy_root from Dan Walsh. * Add man page for sefcontext_compile from Dan Walsh. * Fri Oct 04 2013 Dan Walsh - 2.1.13-21- Add systemd_contexts support- Do substitutions on a local sub followed by a dist sub * Thu Oct 03 2013 Dan Walsh - 2.1.13-20- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek Resolves #1013801 * Mon Sep 16 2013 Dan Walsh - 2.1.13-19- Fix handling of libselinux getconlist with only one entry * Tue Sep 03 2013 Dan Walsh - 2.1.13-17- Add Python constants for SELinux enforcing modes * Sat Aug 03 2013 Fedora Release Engineering - 2.1.13-17- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Fri Jun 28 2013 Dan Walsh - 2.1.13-16- Add sefcontext_compile.8 man page- Add Russell Coker patch to fix man pages- Add patches from Laurent Bigonville to fix Makefiles for debian.- modify spec file to use /usr/lib * Mon May 06 2013 Dan Walsh - 2.1.13-15- Fix patch that Handles substitutions for / * Wed Apr 17 2013 Dan Walsh - 2.1.13-14- Handle substitutions for /- semanage fcontext -a -e / /opt/rh/devtoolset-2/root * Tue Apr 09 2013 Dan Walsh - 2.1.13-13- Add Eric Paris patch to fix procattr calls after a fork. * Tue Mar 26 2013 Dan Walsh - 2.1.13-12- Move secolor.conf.5 into mcstrans package and out of libselinux * Wed Mar 20 2013 Dan Walsh - 2.1.13-11- Fix python bindings for selinux_check_access * Tue Mar 19 2013 Dan Walsh - 2.1.13-10- Fix reseting the policy root in matchpathcon * Wed Mar 06 2013 Dan Walsh - 2.1.13-9- Cleanup setfcontext_compile atomic patch- Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root- Make sure we set exit codes from selinux_label calls to ENOENT or SUCCESS * Wed Mar 06 2013 Dan Walsh - 2.1.13-8- Make setfcontext_compile atomic * Wed Mar 06 2013 Dan Walsh - 2.1.13-7- Fix memory leak in set *con calls. * Thu Feb 28 2013 Dan Walsh - 2.1.13-6- Move matchpathcon to -utils package- Remove togglesebool * Thu Feb 21 2013 Dan Walsh - 2.1.13-5- Fix selinux man page to reflect what current selinux policy is. * Fri Feb 15 2013 Dan Walsh - 2.1.13-4- Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files. * Fri Feb 15 2013 Dan Walsh - 2.1.13-3- Bring back selinux_current_policy_path * Thu Feb 14 2013 Dan Walsh - 2.1.13-2- Revert some changes which are causing the wrong policy version file to be created * Thu Feb 07 2013 Dan Walsh - 2.1.13-1- Update to upstream * audit2why: make sure path is nul terminated * utils: new file context regex compiler * label_file: use precompiled filecontext when possible * do not leak mmapfd * sefcontontext_compile: Add error handling to help debug problems in libsemanage. * man: make selinux.8 mention service man pages * audit2why: Fix segfault if finish() called twice * audit2why: do not leak on multiple init() calls * mode_to_security_class: interface to translate a mode_t in to a security class * audit2why: Cleanup audit2why analysys function * man: Fix program synopsis and function prototypes in man pages * man: Fix man pages formatting * man: Fix typo in man page * man: Add references and man page links to _raw function variants * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions * man: context_new(3): fix the return value description * selinux_status_open: handle error from sysconf * selinux_status_open: do not leak statusfd on exec * Fix errors found by coverity * Change boooleans.subs to booleans.subs_dist. * optimize set *con functions * pkg-config do not specifc ruby version * unmap file contexts on selabel_close() * do not leak file contexts with mmap\'d backend * sefcontext_compile: do not leak fd on error * matchmediacon: do not leak fd * src/label_android_property: do not leak fd on error * Sun Jan 27 2013 Dan Walsh - 2.1.12-20- Update to latest patches from eparis/Upstream * Fri Jan 25 2013 Dan Walsh - 2.1.12-19- Update to latest patches from eparis/Upstream * Wed Jan 23 2013 Dan Walsh - 2.1.12-18- Try procatt speedup patch again * Wed Jan 23 2013 Dan Walsh - 2.1.12-17- Roll back procattr speedups since it seems to be screwing up systemd labeling. * Tue Jan 22 2013 Dan Walsh - 2.1.12-16- Fix tid handling for setfscreatecon, old patch still broken in libvirt * Wed Jan 16 2013 Dan Walsh - 2.1.12-15- Fix tid handling for setfscreatecon, old patch still broken in libvirt * Mon Jan 14 2013 Dan Walsh - 2.1.12-14- setfscreatecon after fork was broken by the Set *con patch.- We needed to reset the thread variables after a fork. * Thu Jan 10 2013 Dan Walsh - 2.1.12-13- Fix setfscreatecon call to handle failure mode, which was breaking udev * Wed Jan 09 2013 Dan Walsh - 2.1.12-12- Ondrej Oprala patch to optimize set *con functions- Set *con now caches the security context and only re-sets it if it changes. * Tue Jan 08 2013 Dan Walsh - 2.1.12-11- Rebuild against latest libsepol * Fri Jan 04 2013 Dan Walsh - 2.1.12-10- Update to latest patches from eparis/Upstream- Fix errors found by coverity- set the sepol_compute_av_reason_buffer flag to 0. This means calculate denials only?- audit2why: remove a useless policy vers variable- audit2why: use the new constraint information * Mon Nov 19 2012 Dan Walsh - 2.1.12-9- Rebuild with latest libsepol * Fri Nov 16 2012 Dan Walsh - 2.1.12-8- Return EPERM if login program can not reach default label for user- Attempt to return container info from audit2why * Thu Nov 01 2012 Dan Walsh - 2.1.12-7- Apply patch from eparis to fix leaked file descriptor in new labeling code * Fri Oct 19 2012 Dan Walsh - 2.1.12-6- Add new function mode_to_security_class which takes mode instead of a string.- Possibly will be used with coreutils. * Mon Oct 15 2012 Dan Walsh - 2.1.12-5- Add back selinuxconlist and selinuxdefcon man pages * Mon Oct 15 2012 Dan Walsh - 2.1.12-4- Fix segfault from calling audit2why.finish() multiple times * Fri Oct 12 2012 Dan Walsh - 2.1.12-3- Fix up selinux man page to reference service man pages * Wed Sep 19 2012 Dan Walsh - 2.1.12-2- Rebuild with fixed libsepol * Thu Sep 13 2012 Dan Walsh - 2.1.12-1- Update to upstream * Add support for lxc_contexts_path * utils: add service to getdefaultcon * libsemanage: do not set soname needlessly * libsemanage: remove PYTHONLIBDIR and ruby equivalent * boolean name equivalency * getsebool: support boolean name substitution * Add man page for new selinux_boolean_sub function. * expose selinux_boolean_sub * matchpathcon: add -m option to force file type check * utils: avcstat: clear sa_mask set * seusers: Check for strchr failure * booleans: initialize pointer to silence coveriety * stop messages when SELinux disabled * label_file: use PCRE instead of glibc regex functions * label_file: remove all typedefs * label_file: move definitions to include file * label_file: do string to mode_t conversion in a helper function * label_file: move error reporting back into caller * label_file: move stem/spec handling to header * label_file: drop useless ncomp field from label_file data * label_file: move spec_hasMetaChars to header * label_file: fix potential read past buffer in spec_hasMetaChars * label_file: move regex sorting to the header * label_file: add accessors for the pcre extra data * label_file: only run regex files one time * label_file: new process_file function * label_file: break up find_stem_from_spec * label_file: struct reorg * label_file: only run array once when sorting * Ensure that we only close the selinux netlink socket once. * improve the file_contexts.5 manual page * Fri Aug 03 2012 David Malcolm - 2.1.11-6- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 * Wed Aug 01 2012 David Malcolm - 2.1.11-5- make with_python3 be conditional on fedora * Thu Jul 19 2012 Fedora Release Engineering - 2.1.11-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Mon Jul 16 2012 Dan Walsh - 2.1.11-3- Move the tmpfiles.d content from /etc/tmpfiles.d to /usr/lib/tmpfiles.d * Fri Jul 13 2012 Dan Walsh - 2.1.11-2- Revert Eric Paris Patch for selinux_binary_policy_path * Wed Jul 04 2012 Dan Walsh - 2.1.11-1- Update to upstream * Fortify source now requires all code to be compiled with -O flag * asprintf return code must be checked * avc_netlink_recieve handle EINTR * audit2why: silence -Wmissing-prototypes warning * libsemanage: remove build warning when build swig c files * matchpathcon: bad handling of symlinks in / * seusers: remove unused lineno * seusers: getseuser: gracefully handle NULL service * New Android property labeling backend * label_android_property whitespace cleanups * additional makefile support for rubywrap * Mon Jun 11 2012 Dan Walsh - 2.1.10-5- Fix booleans.subs name, change function name to selinux_boolean_sub, add man page, minor fixes to the function * Fri May 25 2012 Dan Walsh - 2.1.10-4- Fix to compile with Fortify source * Add -O compiler flag * Check return code from asprintf- Fix handling of symbolic links in / by realpath_not_final * Tue Apr 17 2012 Dan Walsh - 2.1.10-3- Add support for lxc contexts file * Fri Mar 30 2012 Dan Walsh - 2.1.10-2- Add support fot boolean subs file * Thu Mar 29 2012 Dan Walsh - 2.1.10-1- Update to upstream * Fix dead links to www.nsa.gov/selinux * Remove jump over variable declaration * Fix old style function definitions * Fix const-correctness * Remove unused flush_class_cache method * Add prototype decl for destructor * Add more printf format annotations * Add printf format attribute annotation to die() method * Fix const-ness of parameters & make usage() methods static * Enable many more gcc warnings for libselinux/src/ builds * utils: Enable many more gcc warnings for libselinux/utils builds * Change annotation on include/selinux/avc.h to avoid upsetting SWIG * Ensure there is a prototype for \'matchpathcon_lib_destructor\' * Update Makefiles to handle /usrmove * utils: Stop separating out matchpathcon as something special * pkg-config to figure out where ruby include files are located * build with either ruby 1.9 or ruby 1.8 * assert if avc_init() not called * take security_deny_unknown into account * security_compute_create_name(3) * Do not link against python library, this is considered * bad practice in debian * Hide unnecessarily-exported library destructors * Thu Feb 16 2012 Dan Walsh - 2.1.9-9- Add selinux_current_policy_path to return /sys/fs/selinux/policy if it exists- Otherwise search for policy on disk * Wed Feb 15 2012 Dan Walsh - 2.1.9-8- Change selinux_binary_policy_path to return /sys/fs/selinux/policy- Add selinux_installed_policy_path to return what selinux_binary_policy_path used to return- avc_has_perm will now return yes if the machine is in permissive mode- Make work with ruby-1.9 * Fri Feb 03 2012 Dan Walsh - 2.1.9-7- avc_netlink_recieve should continue to poll if it receinves an EINTR rather * Sun Jan 29 2012 Kay Sievers - 2.1.9-6- use /sbin/ldconfig, glibc does not provide /usr/sbin/ldconfig in the RPM database for now * Fri Jan 27 2012 Dan Walsh - 2.1.9-5- Rebuild with cleaned up upstream to work in /usr * Wed Jan 25 2012 Harald Hoyer 2.1.9-4- install everything in /usr https://fedoraproject.org/wiki/Features/UsrMove * Mon Jan 23 2012 Dan Walsh - 2.1.9-3- Add Dan Berrange code cleanup patches. * Wed Jan 04 2012 Dan Walsh - 2.1.9-2- Fix selabal_open man page to refer to proper selinux_opt structure * Wed Dec 21 2011 Dan Walsh - 2.1.9-1-Update to upstream * Fix setenforce man page to refer to selinux man page * Cleanup Man pages * merge freecon with getcon man page * Mon Dec 19 2011 Dan Walsh - 2.1.8-5- Add patch from Richard Haines When selabel_lookup found an invalid context with validation enabled, it always stated it was \'file_contexts\' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults.- Fix setenforce manage page. * Thu Dec 15 2011 Dan Walsh - 2.1.8-4- Rebuild with new libsepol * Tue Dec 06 2011 Dan Walsh - 2.1.8-2- Fix setenforce man page, from Miroslav Grepl * Tue Dec 06 2011 Dan Walsh - 2.1.8-1- Upgrade to upstream * selinuxswig_python.i: don\'t make syscall if it won\'t change anything * Remove assert in security_get_boolean_names(3) * Mapped compute functions now obey deny_unknown flag * get_default_type now sets EINVAL if no entry. * return EINVAL if invalid role selected * Updated selabel_file(5) man page * Updated selabel_db(5) man page * Updated selabel_media(5) man page * Updated selabel_x(5) man page * Add man/man5 man pages * Add man/man5 man pages * Add man/man5 man pages * use -W and -Werror in utils * Tue Nov 29 2011 Dan Walsh - 2.1.7-2- Change python binding for restorecon to check if the context matches.- If it does do not reset * Fri Nov 04 2011 Dan Walsh - 2.1.7-1- Upgrade to upstream * Makefiles: syntax, convert all ${VAR} to $(VAR) * load_policy: handle selinux=0 and /sys/fs/selinux not exist * regenerate .pc on VERSION change * label: cosmetic cleanups * simple interface for access checks * Don\'t reinitialize avc_init if it has been called previously * seusers: fix to handle large sets of groups * audit2why: close fd on enomem * rename and export symlink_realpath * label_file: style changes to make Eric happy. * Mon Oct 24 2011 Dan Walsh - 2.1.6-4- Apply libselinux patch to handle large groups in seusers. * Wed Oct 19 2011 Dan Walsh - 2.1.6-3- Add selinux_check_access function. Needed for passwd, chfn, chsh * Thu Sep 22 2011 Dan Walsh - 2.1.6-2- Handle situation where selinux=0 passed to the kernel and both /selinux and * Mon Sep 19 2011 Dan Walsh - 2.1.6-1-Update to upstream * utils: matchpathcon: remove duplicate declaration * src: matchpathcon: use myprintf not fprintf * src: matchpathcon: make sure resolved path starts * put libselinux.so.1 in /lib not /usr/lib * tree: default make target to all not * Wed Sep 14 2011 Dan Walsh - 2.1.5-5- Switch to use \":\" as prefix separator rather then \";\" * Thu Sep 08 2011 Ville Skyttä - 2.1.5-4- Avoid unnecessary shell invocation in %post. * Tue Sep 06 2011 Dan Walsh - 2.1.5-3- Fix handling of subset labeling that is causing segfault in restorecon * Fri Sep 02 2011 Dan Walsh - 2.1.5-2- Change matchpathcon_init_prefix and selabel_open to allow multiple initial prefixes. Now you can specify a \";\" separated list of prefixes and the labeling system will only load regular expressions that match these prefixes. * Tue Aug 30 2011 Dan Walsh - 2.1.5-1- Change matchpatcon to use proper myprintf- Fix symlink_realpath to always include \"/\"- Update to upstream * selinux_file_context_verify function returns wrong value. * move realpath helper to matchpathcon library * python wrapper makefile changes * Mon Aug 22 2011 Dan Walsh - 2.1.4-2- Move to new Makefile that can build with or without PYTHON being set * Thu Aug 18 2011 Dan Walsh - 2.1.4-1-Update to upstream2.1.4 2011-0817 * mapping fix for invalid class/perms after selinux_set_mapping * audit2why: work around python bug not defining * resolv symlinks and dot directories before matching2.1.2 2011-0803 * audit2allow: do not print statistics * make python bindings for restorecon work on relative path * fix python audit2why binding error * support new python3 functions * do not check fcontext duplicates on use * Patch for python3 for libselinux2.1.1 2011-08-02 * move .gitignore into utils * new setexecon utility * selabel_open fix processing of substitution files * mountpoint changing patch. * simplify SRCS in Makefile2.1.1 2011-08-01 * Remove generated files, introduce more .gitignore * Thu Jul 28 2011 Dan Walsh - 2.1.0-1-Update to upstream * Release, minor version bump * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_ * functions by Richard Haines. * Mon Jun 13 2011 Dan Walsh - 2.0.102-6- Only call dups check within selabel/matchpathcon if you are validating the context- This seems to speed the loading of labels by 4 times. * Fri Apr 29 2011 Dan Walsh - 2.0.102-5- Move /selinux to /sys/fs/selinux- Add selinuxexeccon- Add realpath to matchpathcon to handle matchpathcon * type queries. * Thu Apr 21 2011 Dan Walsh - 2.0.102-4- Update for latest libsepol * Mon Apr 18 2011 Dan Walsh - 2.0.102-3- Update for latest libsepol * Wed Apr 13 2011 Dan Walsh - 2.0.102-2- Fix restorecon python binding to accept relative paths * Tue Apr 12 2011 Dan Walsh - 2.0.102-1-Update to upstream * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_ * functions by Richard Haines. * Wed Apr 06 2011 Dan Walsh - 2.0.101-1- Clean up patch to make handling of constructor cleanup more portable * db_language object class support for selabel_lookup from KaiGai Kohei. * Library destructors for thread local storage keys from Eamon Walsh. * Tue Apr 05 2011 Dan Walsh - 2.0.99-5- Add distribution subs path * Tue Apr 05 2011 Dan Walsh - 2.0.99-4Add patch from dbholeAATTredhat.com to initialize thread keys to -1Errors were being seen in libpthread/libdl that were relatedto corrupt thread specific keys. Global destructors that are called on dl unload. During destruction delete a thread specific key without checking if it has been initialized. Since the constructor is not called each time (i.e. key is not initialized with pthread_key_create each time), and the default is 0, there is a possibility that key 0 for an active thread gets deleted. This is exactly what is happening in case of OpenJDK.Workaround patch that initializes the key to -1. Thus if the constructor is notcalled, the destructor tries to delete key -1 which is deemed invalid by pthread_key_delete, and is ignored. * Tue Apr 05 2011 Dan Walsh - 2.0.99-3- Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data * Fri Apr 01 2011 Dan Walsh - 2.0.99-2- Change mount source options to use \"proc\" and \"selinuxfs\" * Tue Mar 01 2011 Dan Walsh - 2.0.99-1- Update to upstream * Turn off default user handling when computing user contexts by Dan Walsh * Tue Feb 08 2011 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Feb 01 2011 Dan Walsh - 2.0.98-3- Fixup selinux man page * Tue Jan 18 2011 Dan Walsh - 2.0.98-2- Fix Makefile to use pkg-config --cflags python3 to discover include paths * Tue Dec 21 2010 Dan Walsh - 2.0.98-1- Update to upstream - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list * Mon Dec 06 2010 Dan Walsh - 2.0.97-1- Update to upstream * Thread local storage fixes from Eamon Walsh. * Sat Dec 04 2010 Dan Walsh - 2.0.96-9- Add /etc/tmpfiles.d support for /var/run/setrans * Wed Nov 24 2010 Dan Walsh - 2.0.96-8- Ghost /var/run/setrans * Wed Sep 29 2010 jkeating - 2.0.96-7- Rebuilt for gcc bug 634757 * Thu Sep 16 2010 Adam Tkac - 2.0.96-6- rebuild via updated swig (#624674) * Sun Aug 22 2010 Dan Walsh - 2.0.96-5- Update for python 3.2a1 * Tue Jul 27 2010 Dan Walsh - 2.0.96-4- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list * Wed Jul 21 2010 David Malcolm - 2.0.96-3- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild * Fri Jun 25 2010 Dan Walsh - 2.0.96-2- Turn off messages in audit2why * Wed Mar 24 2010 Dan Walsh - 2.0.96-1- Update to upstream * Add const qualifiers to public API where appropriate by KaiGai Kohei.2.0.95 2010-06-10 * Remove duplicate slashes in paths in selabel_lookup from Chad Sellers * Adds a chcon method to the libselinux python bindings from Steve Lawrence- add python3 subpackage from David Malcolm * Wed Mar 24 2010 Dan Walsh - 2.0.94-1 * Set errno=EINVAL for invalid contexts from Dan Walsh. * Tue Mar 16 2010 Dan Walsh - 2.0.93-1- Update to upstream * Show strerror for security_getenforce() by Colin Waters. * Merged selabel database support by KaiGai Kohei. * Modify netlink socket blocking code by KaiGai Kohei. * Sun Mar 07 2010 Dan Walsh - 2.0.92-1- Update to upstream * Fix from Eric Paris to fix leak on non-selinux systems. * regenerate swig wrappers * pkgconfig fix to respect LIBDIR from Dan Walsh. * Wed Feb 24 2010 Dan Walsh - 2.0.91-1- Update to upstream * Change the AVC to only audit the permissions specified by the policy, excluding any permissions specified via dontaudit or not specified via auditallow. * Fix compilation of label_file.c with latest glibc headers. * Mon Feb 22 2010 Dan Walsh - 2.0.90-5- Fix potential doublefree on init * Thu Feb 18 2010 Dan Walsh - 2.0.90-4- Fix libselinux.pc * Mon Jan 18 2010 Dan Walsh - 2.0.90-3- Fix man page for selinuxdefcon * Mon Jan 04 2010 Dan Walsh - 2.0.90-2- Free memory on disabled selinux boxes * Tue Dec 01 2009 Dan Walsh - 2.0.90-1- Update to upstream * add/reformat man pages by Guido Trentalancia . * Change exception.sh to be called with bash by Manoj Srivastava * Mon Nov 02 2009 Dan Walsh - 2.0.89-2- Fix selinuxdefcon man page * Mon Nov 02 2009 Dan Walsh - 2.0.89-1- Update to upstream * Add pkgconfig file from Eamon Walsh. * Thu Oct 29 2009 Dan Walsh - 2.0.88-1- Update to upstream * Rename and export selinux_reset_config() * Tue Sep 08 2009 Dan Walsh - 2.0.87-1- Update to upstream * Add exception handling in libselinux from Dan Walsh. This uses a shell script called exception.sh to generate a swig interface file. * make swigify * Make matchpathcon print <> if path not found in fcontext file. * Tue Sep 08 2009 Dan Walsh - 2.0.86-2- Eliminate -pthread switch in Makefile * Tue Sep 08 2009 Dan Walsh - 2.0.86-1- Update to upstream * Removal of reference counting on userspace AVC SID\'s. * Sat Jul 25 2009 Fedora Release Engineering - 2.0.85-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue Jul 07 2009 Dan Walsh - 2.0.85-1- Update to upstream * Reverted Tomas Mraz\'s fix for freeing thread local storage to avoid pthread dependency. * Removed fini_context_translations() altogether. * Merged lazy init patch from Stephen Smalley based on original patch by Steve Grubb. * Tue Jul 07 2009 Dan Walsh - 2.0.84-1- Update to upstream * Add per-service seuser support from Dan Walsh. * Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley. * Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris. * Wed Jun 24 2009 Dan Walsh - 2.0.82-2- Add provices ruby(selinux) * Tue Jun 23 2009 Dan Walsh - 2.0.82-1- Update to upstream * Fix improper use of thread local storage from Tomas Mraz . * Label substitution support from Dan Walsh. * Support for labeling virtual machine images from Dan Walsh. * Mon May 18 2009 Dan Walsh - 2.0.81-1- Update to upstream * Trim / from the end of input paths to matchpathcon from Dan Walsh. * Fix leak in process_line in label_file.c from Hiroshi Shinji. * Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh. * getdefaultcon to print just the correct match and add verbose option from Dan Walsh. * Wed Apr 08 2009 Dan Walsh - 2.0.80-1- Update to upstream * deny_unknown wrapper function from KaiGai Kohei. * security_compute_av_flags API from KaiGai Kohei. * Netlink socket management and callbacks from KaiGai Kohei. * Fri Apr 03 2009 Dan Walsh - 2.0.79-6- Fix Memory Leak * Thu Apr 02 2009 Dan Walsh - 2.0.79-5- Fix crash in python * Sun Mar 29 2009 Dan Walsh - 2.0.79-4- Add back in additional interfaces * Fri Mar 27 2009 Dan Walsh - 2.0.79-3- Add back in av_decision to python swig * Thu Mar 12 2009 Dan Walsh - 2.0.79-1- Update to upstream * Netlink socket handoff patch from Adam Jackson. * AVC caching of compute_create results by Eric Paris. * Tue Mar 10 2009 Dan Walsh - 2.0.78-5- Add patch from ajax to accellerate X SELinux - Update eparis patch * Mon Mar 09 2009 Dan Walsh - 2.0.78-4- Add eparis patch to accellerate Xwindows performance * Mon Mar 09 2009 Dan Walsh - 2.0.78-3- Fix URL * Fri Mar 06 2009 Dan Walsh - 2.0.78-2- Add substitute pattern - matchpathcon output <> on ENOENT * Mon Mar 02 2009 Dan Walsh - 2.0.78-1- Update to upstream * Fix incorrect conversion in discover_class code. * Wed Feb 25 2009 Fedora Release Engineering - 2.0.77-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Wed Feb 18 2009 Dan Walsh - 2.0.77-5- Add - selinux_virtual_domain_context_path - selinux_virtual_image_context_path * Tue Jan 06 2009 Dan Walsh - 2.0.77-3- Throw exeptions in python swig bindings on failures * Tue Jan 06 2009 Dan Walsh - 2.0.77-2- Fix restorecon python code * Tue Jan 06 2009 Dan Walsh - 2.0.77-1- Update to upstream * Tue Dec 16 2008 Dan Walsh - 2.0.76-6- Strip trailing / for matchpathcon * Tue Dec 16 2008 Dan Walsh l - 2.0.76-5- Fix segfault if seusers file does not work * Fri Dec 12 2008 Dan Walsh - 2.0.76-4- Add new function getseuser which will take username and service and return- seuser and level. ipa will populate file in future.- Change selinuxdefcon to return just the context by default * Sat Nov 29 2008 Ignacio Vazquez-Abrams - 2.0.76-2- Rebuild for Python 2.6 * Mon Nov 17 2008 Dan Walsh - 2.0.76-1- Update to Upstream * Allow shell-style wildcards in x_contexts file. * Mon Nov 17 2008 Dan Walsh - 2.0.75-2- Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names- Add Restorecon/Install python functions from Luke Macken * Fri Nov 07 2008 Dan Walsh - 2.0.75-1- Update to Upstream * Correct message types in AVC log messages. * Make matchpathcon -V pass mode from Dan Walsh. * Add man page for selinux_file_context_cmp from Dan Walsh. * Tue Sep 30 2008 Dan Walsh - 2.0.73-1- Update to Upstream * New man pages from Dan Walsh. * Update flask headers from refpolicy trunk from Dan Walsh. * Fri Sep 26 2008 Dan Walsh - 2.0.71-6- Fix matchpathcon -V call * Tue Sep 09 2008 Dan Walsh - 2.0.71-5- Add flask definitions for open, X and nlmsg_tty_audit * Tue Sep 09 2008 Dan Walsh - 2.0.71-4- Add missing get/setkeycreatecon man pages * Tue Sep 09 2008 Dan Walsh - 2.0.71-3- Split out utilities * Tue Sep 09 2008 Dan Walsh - 2.0.71-2- Add missing man page links for [lf]getfilecon * Tue Aug 05 2008 Dan Walsh - 2.0.71-1- Update to Upstream * Add group support to seusers using %groupname syntax from Dan Walsh. * Mark setrans socket close-on-exec from Stephen Smalley. * Only apply nodups checking to base file contexts from Stephen Smalley. * Fri Aug 01 2008 Dan Walsh - 2.0.70-1- Update to Upstream * Merge ruby bindings from Dan Walsh.- Add support for Linux groups to getseuserbyname * Fri Aug 01 2008 Dan Walsh - 2.0.69-2- Allow group handling in getseuser call * Tue Jul 29 2008 Dan Walsh - 2.0.69-1- Update to Upstream * Handle duplicate file context regexes as a fatal error from Stephen Smalley. This prevents adding them via semanage. * Fix audit2why shadowed variables from Stephen Smalley. * Note that freecon NULL is legal in man page from Karel Zak. * Wed Jul 09 2008 Dan Walsh - 2.0.67-4- Add ruby support for puppet * Tue Jul 08 2008 Dan Walsh - 2.0.67-3- Rebuild for new libsepol * Sun Jun 29 2008 Dan Walsh - 2.0.67-2- Add Karel Zak patch for freecon man page * Sun Jun 22 2008 Dan Walsh - 2.0.67-1- Update to Upstream * New and revised AVC, label, and mapping man pages from Eamon Walsh. * Add swig python bindings for avc interfaces from Dan Walsh. * Sun Jun 22 2008 Dan Walsh - 2.0.65-1- Update to Upstream * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized. * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status. * Fri May 16 2008 Dan Walsh - 2.0.64-3- libselinux no longer neets to telnet -u in post install * Wed May 07 2008 Dan Walsh - 2.0.64-2- Add sedefaultcon and setconlist commands to dump login context * Tue Apr 22 2008 Dan Walsh - 2.0.64-1- Update to Upstream * Fixed selinux_set_callback man page. * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley. * Fix memory leaks in matchpathcon from Eamon Walsh. * Wed Apr 16 2008 Dan Walsh - 2.0.61-4- Add Xavior Toth patch for security_id_t in swig * Thu Apr 10 2008 Dan Walsh - 2.0.61-3- Add avc.h to swig code * Wed Apr 09 2008 Dan Walsh - 2.0.61-2- Grab the latest policy for the kernel * Tue Apr 01 2008 Dan Walsh - 2.0.61-1- Update to Upstream * Man page typo fix from Jim Meyering. * Sun Mar 23 2008 Dan Walsh - 2.0.60-1- Update to Upstream * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel. * Thu Mar 13 2008 Dan Walsh - 2.0.59-2- Fix matchpathcon memory leak * Fri Feb 29 2008 Dan Walsh - 2.0.59-1- Update to Upstream * Merged new X label \"poly_selection\" namespace from Eamon Walsh. * Thu Feb 28 2008 Dan Walsh - 2.0.58-1- Update to Upstream * Merged reset_selinux_config() for load policy from Dan Walsh. * Thu Feb 28 2008 Dan Walsh - 2.0.57-2- Reload library on loading of policy to handle chroot * Mon Feb 25 2008 Dan Walsh - 2.0.57-1- Update to Upstream * Merged avc_has_perm() errno fix from Eamon Walsh. * Fri Feb 22 2008 Dan Walsh - 2.0.56-1- Update to Upstream * Regenerated Flask headers from refpolicy flask definitions. * Wed Feb 13 2008 Dan Walsh - 2.0.55-1- Update to Upstream * Merged compute_member AVC function and manpages from Eamon Walsh. * Provide more error reporting on load policy failures from Stephen Smalley. * Fri Feb 08 2008 Dan Walsh - 2.0.53-1- Update to Upstream * Merged new X label \"poly_prop\" namespace from Eamon Walsh. * Wed Feb 06 2008 Dan Walsh - 2.0.52-1- Update to Upstream * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley. * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley. * Tue Jan 29 2008 Dan Walsh - 2.0.50-1- Update to Upstream | |