RPM Search

Changelog for policycoreutils-2.1.13-59.fc18.i686.rpm :
Mon Mar 25 13:00:00 2013 Dan Walsh - 2.1.12-59
- Can not unshare IPC in sandbox, since it blows up Xephyr
- Remove bogus error message sandbox about reseting setfsuid
- Allow sandbox to mount on symboliclinked homedirs

Tue Mar 19 13:00:00 2013 Dan Walsh - 2.1.12-58
- Fix handling of semanage boolean missing booleans
- Back more sepolicy fixes from Rawhide

Fri Feb 8 13:00:00 2013 Dan Walsh - 2.1.12-57
- Back more sepolicy fixes from Rawhide

Fri Feb 8 13:00:00 2013 Dan Walsh - 2.1.12-56
- Back port lots of fixes from Rawhide

* Cleanup python problems

* setfiles: estimate percent progress

* sandbox: use sepolicy to look for sandbox_t

* gui: switch to use sepolicy

* gui: sepolgen: use sepolicy to generate

* semanage: use sepolicy for boolean dictionary

* semanage: seobject verify policy types before allowing you to assign them.

* semanage: good error message is sepolgen python module missing

* restorecond: remove /etc/mtab from default list

* restorecond: Add /etc/udpatedb.conf to restorecond.conf

* sandbox: seunshare: do not reassign realloc value

* seunshare: do checking on setfsuid

Tue Jan 15 13:00:00 2013 Dan Walsh - 2.1.12-55
- Update Translations
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
- This fixes the spec file and script file getting wrong names for modules and types.

Wed Jan 9 13:00:00 2013 Dan Walsh - 2.1.12-54
- Additional patch from Miroslav to handle role attributes

Wed Jan 9 13:00:00 2013 Dan Walsh - 2.1.12-53
- Update with Miroslav patch to handle role attributes
- Update Translations
- import sepolicy will only throw exception on missing policy iff selinux is enabled

Sat Jan 5 13:00:00 2013 Dan Walsh - 2.1.12-52
- Update to latest patches from eparis/Upstream
- secon: add support for setrans color information in prompt output
- Update translations

Fri Jan 4 13:00:00 2013 Dan Walsh - 2.1.12-51
- Update translations
- Fix sepolicy booleans to handle autogenerated booleans descriptions
- Cleanups of sepolicy manpage
- Fix crash on git_shell man page generation

Thu Jan 3 13:00:00 2013 Dan Walsh - 2.1.12-50
- Update translations
- update sepolicy manpage to generate fcontext equivalence data and to list
default file context paths.
- Add ability to generate policy for confined admins and domains like puppet.

Thu Dec 20 13:00:00 2012 Dan Walsh - 2.1.12-49
- Fix semanage permissive , this time with the patch.
- Update translations

Wed Dec 19 13:00:00 2012 Dan Walsh - 2.1.12-48
- Fix semanage permissive
- Change to use correct gtk forward button
- Update po

Mon Dec 17 13:00:00 2012 Dan Walsh - 2.1.12-47
- Move audit2why to -devel package

Mon Dec 17 13:00:00 2012 Dan Walsh - 2.1.12-46
- sepolicy transition was blowing up. Also cleanup output when only source is specified.
- sepolicy generate should allow policy modules names that include - or _

Mon Dec 10 13:00:00 2012 Dan Walsh - 2.1.12-45
- Apply patch from Miroslav to display proper range description in man pages g
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description

Thu Dec 6 13:00:00 2012 Dan Walsh - 2.1.12-44
- Additional fixes for disabled SELinux Box
- system-config-selinux no longer relies on lokkit for /etc/selinux/config

Thu Dec 6 13:00:00 2012 Dan Walsh - 2.1.12-43
- sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.

Wed Dec 5 13:00:00 2012 Dan Walsh - 2.1.12-42
- Update Translations
- sepolicy network -d needs to accept multiple domains

Fri Nov 30 13:00:00 2012 Dan Walsh - 2.1.12-41
- Add --path as a parameter to sepolicy generate
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
- Fix sepolicy generate -T to not take an argument, and supress the help message
- Since this is really just a testing tool

Fri Nov 30 13:00:00 2012 Dan Walsh - 2.1.12-40
- Fix sepolicy communicate to handle invalid input

Thu Nov 29 13:00:00 2012 Dan Walsh - 2.1.12-39
- Fix sepolicy network -p to handle high ports

Thu Nov 29 13:00:00 2012 Dan Walsh - 2.1.12-38
- Fix handling of manpages without entrypoints, nsswitch domains
- Update Translations

Wed Nov 28 13:00:00 2012 Dan Walsh - 2.1.12-37
- Move sepogen python bindings back into policycoreutils-python out of -devel, since sepolicy is using the

Tue Nov 27 13:00:00 2012 Dan Walsh - 2.1.12-36
- Fix sepolicy/__init__.py to handle _()

Wed Nov 21 13:00:00 2012 Dan Walsh - 2.1.12-35
- Add Miroslav Grepl patch to create etc_rw_t sock files policy

Fri Nov 16 13:00:00 2012 Dan Walsh - 2.1.12-34
- Fix semanage to work without policycoreutils-devel installed
- Update translations

Tue Nov 13 13:00:00 2012 Dan Walsh - 2.1.12-33
- Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory

Tue Nov 13 13:00:00 2012 Dan Walsh - 2.1.12-32
- Fix booleansPage not showing booleans
- Fix audit2allow -b

Tue Nov 13 13:00:00 2012 Dan Walsh - 2.1.12-31
- Fix sepolicy booleans again
- Fix man page

Mon Nov 12 13:00:00 2012 Dan Walsh - 2.1.12-30
- Move policy generation tools into policycoreutils-devel

Mon Nov 12 13:00:00 2012 Dan Walsh - 2.1.12-29
- Document and fix sepolicy booleans
- Update Translations
- Fix several spelling mistakes

Wed Nov 7 13:00:00 2012 Dan Walsh - 2.1.12-27
- Only report restorecon warning for missing default label, if not running
recusively
- Update translations

Mon Nov 5 13:00:00 2012 Dan Walsh - 2.1.12-26
- Fix semanage booleans -l, move more boolean_dict handling into sepolicy
- Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer

Mon Nov 5 13:00:00 2012 Dan Walsh - 2.1.12-25
- Remove run_init, no longer needed with systemd.
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)

Sat Nov 3 13:00:00 2012 Dan Walsh - 2.1.12-24
- Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir

Thu Nov 1 13:00:00 2012 Dan Walsh - 2.1.12-23
- Fix some build problems in sepolicy manpage and sepolicy transition

Tue Oct 30 13:00:00 2012 Dan Walsh - 2.1.12-22
- Add alias man pages to sepolicy manpage

Mon Oct 29 13:00:00 2012 Dan Walsh - 2.1.12-21
- Redesign sepolicy to only read the policy file once, not for every call

Mon Oct 29 13:00:00 2012 Dan Walsh - 2.1.12-20
- Fixes to sepolicy transition, allow it to list all transitions from a domain

Sat Oct 27 14:00:00 2012 Dan Walsh - 2.1.12-19
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network

Fri Oct 26 14:00:00 2012 Dan Walsh - 2.1.12-18
- Allow sepolicy to specify the policy to generate content from

Thu Oct 25 14:00:00 2012 Dan Walsh - 2.1.12-17
- Fix semanage boolean -F to handle boolean subs

Thu Oct 25 14:00:00 2012 Dan Walsh - 2.1.12-16
- Add Miroslav Grepl patch to generate html man pages
- Update Translations
- Add option to sandbox to shred files before deleting

Mon Oct 22 14:00:00 2012 Dan Walsh - 2.1.12-15
- Add Requires(post) PKGNAME to sepolicy generate /usr/bin/pkg

Fri Oct 19 14:00:00 2012 Dan Walsh - 2.1.12-14
- Add role_allow to sepolicy.search python bindings, this allows us to remove last requirement for setools-cmdline in gui tools.
- Fix man page generator.

Wed Oct 17 14:00:00 2012 Dan Walsh - 2.1.12-13
- Remove dwalshAATTredhat.com from man pages
- Fix spec file for sepolicy generate

Wed Oct 17 14:00:00 2012 Dan Walsh - 2.1.12-12
- Add missing spec.py from templates directory needed for sepolicy generate
- Add /var/tmp as collection point for sandbox apps.

Tue Oct 16 14:00:00 2012 Dan Walsh - 2.1.12-11
- Handle audit2allow -b in foreign locales

Tue Oct 16 14:00:00 2012 Dan Walsh - 2.1.12-10
- Update sepolicy generate with patch to create spec file and man page.
- Patch initiated by Miroslav Grepl

Wed Oct 10 14:00:00 2012 Dan Walsh - 2.1.12-9
- Fix semanage to verify that types are appropriate for commands.

* Patch initiated by mgrepl

* Fixes problem of specifying non file_types for fcontext, or not port_types for semanage port

Tue Oct 9 14:00:00 2012 Dan Walsh - 2.1.12-8
- Fix typo in preunstall line for restorecond
- Add mgrepl patch to consolidate file context generated by sepolicy generate

Mon Oct 8 14:00:00 2012 Dan Walsh - 2.1.12-7
- Fix manpage generation, missing import
- Add equiv_dict to get samba booleans into smbd_selinux
- Add proper translations for booleans and remove selinux.tbl

Sat Oct 6 14:00:00 2012 Dan Walsh - 2.1.12-6
- Fix system-config-selinux to use sepolicy.generate instead of sepolgen

Thu Oct 4 14:00:00 2012 Dan Walsh - 2.1.12-5
- Add sepolicy commands, and change tools to use them.

Tue Sep 25 14:00:00 2012 Dan Walsh - 2.1.12-4
- Rebuild without bogus prebuild 64 bit seunshare app

Sun Sep 16 14:00:00 2012 Dan Walsh - 2.1.12-3
- Allow fixfiles to specify -v, so they can get verbosity rather then progress.
- Fix load_file Makefile to use SBINDIR rather then real OS.
- Fix man pages in setfiles and restorecon to reflect what happens when you relabel the entire OS.

Sun Sep 16 14:00:00 2012 Dan Walsh - 2.1.12-2
- Use systemd post install scriptlets

Thu Sep 13 14:00:00 2012 Dan Walsh - 2.1.12-1
- Update to upstream

* genhomedircon: manual page improvements

* setfiles/restorecon minor improvements

* run_init: If open_init_pty is not available then just use exec

* newrole: do not drop capabilities when newrole is run as

* restorecon: only update type by default

* scripts: Don\'t syslog setfiles changes on a fixfiles restore

* setfiles: do not syslog if no changes

* Disable user restorecond by default

* Make restorecon return 0 when a file has changed context

* setfiles: Fix process_glob error handling

* semanage: allow enable/disable under -m

* add .tx to gitignore

* translations: commit translations from Fedora community

* po: silence build process

* gui: Checking in policy to support polgengui and sepolgen.

* gui: polgen: search for systemd subpackage when generating policy

* gui: for exploring booleans

* gui: system-config-selinux gui

* Add Makefiles to support new gui code

* gui: remove lockdown wizard

* return equivalency records in fcontext customized

* semanage: option to not load new policy into kernel after

* sandbox: manpage update to describe standard types

* setsebool: -N should not reload policy on changes

* semodule: Add -N qualifier to no reload kernel policy

* gui: polgen: sort selinux types of user controls

* gui: polgen: follow symlinks and get the real path to

* gui: Fix missing error function

* setfiles: return errors when bad paths are given

* fixfiles: tell restorecon to ignore missing paths

* setsebool: error when setting multiple options

* semanage: use boolean subs.

* sandbox: Make sure Xephyr never listens on tcp ports

* sepolgen: return and output constraint violation information

* semanage: skip comments while reading external configuration files

* restorecond: relabel all mount runtime files in the restorecond example

* genhomedircon: dynamically create genhomedircon

* Allow returning of bastard matches

* sepolgen: return and output constraint violation information

* audit2allow: one role/type pair per line

Wed Aug 8 14:00:00 2012 Dan Walsh - 2.1.11-6
- Change polgen to generate dbus apps as optional so they can compile on minimal policy system, patch from Miroslav Grepl

Fri Jul 27 14:00:00 2012 Dan Walsh - 2.1.11-5
- Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly

Thu Jul 19 14:00:00 2012 Dan Walsh - 2.1.11-4
- Fix restorecon to generate a better percentage of completion on restorecon -R /.
- Have audit2allow look at the constaint violation and tell the user whether it
- is because of user,role or level

Wed Jul 11 14:00:00 2012 Dan Walsh - 2.1.11-3
- userapps is generating sandbox code in polgengui

Thu Jul 5 14:00:00 2012 Dan Walsh - 2.1.11-2
- Remove load_policy symbolic link on usrmove systems this breaks the system

Wed Jul 4 14:00:00 2012 Dan Walsh - 2.1.11-1
- Update to upstream
- policycoreutils

* restorecond: wrong options should exit with non-zero error code

* restorecond: Add -h option to get usage command

* resorecond: user: fix fd leak

* mcstrans: add -f to run in foreground

* semanage: fix man page range and level defaults

* semanage: bash completion for modules should include -a,-m, -d

* semanage: manpage update for -e

* semanage: dontaudit off should work

* semanage: locallist option does not take an argument

* sepolgen: Make use of setools optional within sepolgen
- sepolgen

* Make use of setools optional within sepolgen

* We need to support files that have a + in them

Thu May 24 14:00:00 2012 Dan Walsh - 2.1.11-18
- Make restorecon exit with an error on a bad path

Thu May 24 14:00:00 2012 Dan Walsh - 2.1.11-17
- Fix setsebool command, handling of = broken.
- Add missing error option in booleansPage

Sun May 20 14:00:00 2012 Dan Walsh - 2.1.11-16
- Fix sepolgen to use realpath on executables handed to it. - Brian Bickford

Fri May 18 14:00:00 2012 Dan Walsh - 2.1.11-15
- Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
- Trigger on selinux-policy needs to change to selinux-policy-devel
- Update translations
- Fix semanage dontaudit off/on exception

Tue May 8 14:00:00 2012 Dan Walsh - 2.1.11-12
- Add -N qualifier to semanage, setsebool and semodule to allow you to update
- policy without reloading it into the kernel.

Thu May 3 14:00:00 2012 Dan Walsh - 2.1.11-11
- add some definition to the standard types available for sandboxes

Tue May 1 14:00:00 2012 Dan Walsh - 2.1.11-10
- Remove lockdown wizard

Mon Apr 30 14:00:00 2012 Dan Walsh - 2.1.11-9
- Fix semanage fcontext -E to extract the equivalance customizations.

Thu Apr 26 14:00:00 2012 Dan Walsh - 2.1.11-8
- Add mgrepl patch to have sepolgen search for -systemd rpm packages

Tue Apr 24 14:00:00 2012 Dan Walsh - 2.1.11-7
- Apply Stef Walter patch for semanage man page

Mon Apr 23 14:00:00 2012 Dan Walsh - 2.1.11-6
- Rebuild to get latest libsepol which fixes the file_name transition problems
- Update translations
- Fix calls to close fd for restorecond

Fri Apr 13 14:00:00 2012 Dan Walsh - 2.1.11-5
- Update translations
- Fix sepolgen to discover unit files in /lib/systemd/

Tue Apr 3 14:00:00 2012 Dan Walsh - 2.1.11-4
- Update translations
- Fix segfault on restorecon

Tue Apr 3 14:00:00 2012 Dan Walsh - 2.1.11-3
- Allow filename transitions to use + in a file name

Fri Mar 30 14:00:00 2012 Dan Walsh - 2.1.11-2
- Change policycoreutils-python to require selinux-policy-devel package

Thu Mar 29 14:00:00 2012 Dan Walsh - 2.1.11-1
- Update to upstream
- policycoreutils

* sandbox: do not propogate inside mounts outside

* sandbox: Removing sandbox init script, should no longer be necessary

* restorecond: Stop using deprecated interfaces for g_io

* semanage: proper auditting of user changes for LSPP

* semanage: audit message to show what record(s) and item(s) have chaged

* scripts: Update Makefiles to handle /usrmove

* mcstrans: Version should have been bumped on last check in

* seunshare: Only drop caps not the Bounding Set from seunshare

* Add bash-completion scripts for setsebool and semanage

* newrole: Use correct capng calls in newrole

* Fix infinite loop with inotify on 2.6.31 kernels

* fix ftbfs with hardening flags

* Only run setfiles if we found read-write filesystems to run it on

* update .po files

* remove empty po files

* do not fail to install if unable to make load_policy lnk file

- sepolgen

* Fix dead links to www.nsa.gov/selinux

* audit.py Dont crash if empty data is passed to sepolgen

* do not use md5 when calculating hash signatures

* fix detection of policy loads

Wed Mar 28 14:00:00 2012 Dan Walsh - 2.1.10-30
- Have sepolgen script specify the pp file with the make command. From mgrepl.

Wed Mar 21 13:00:00 2012 Dan Walsh - 2.1.10-29
- Fix sepolgen handling of unit files.

Thu Mar 8 13:00:00 2012 Dan Walsh - 2.1.10-28
- Require selinux-policy-doc

Thu Mar 8 13:00:00 2012 Dan Walsh - 2.1.10-27
- Fix unit file handling in sepolgen

Wed Feb 29 13:00:00 2012 Dan Walsh - 2.1.10-26
- Add bash_command completion for setsebool/getsebool

Mon Feb 27 13:00:00 2012 Dan Walsh - 2.1.10-25
- Disable restorecond on desktop by default
- Change seunshare to not modify the bounding set

Mon Feb 20 13:00:00 2012 Dan Walsh - 2.1.10-24
- Stop using sandbox init in post install since it no longer exists.

Thu Feb 16 13:00:00 2012 Dan Walsh - 2.1.10-23
- Change to use new selinux_current_policy_path()

Wed Feb 15 13:00:00 2012 Dan Walsh - 2.1.10-22
- Change to use new selinux_binary_policy_path()
- Add systemd_passwd_agent_exec($1), and systemd_read_fifo_file_passwd_run($1) to templates for _admin interface

Fri Feb 3 13:00:00 2012 Dan Walsh - 2.1.10-21
- On full relabels we will now show a estimated percent complete rather then
just
*s.

Wed Feb 1 13:00:00 2012 Dan Walsh - 2.1.10-20
- Add unit_file.py for sepolgen

Tue Jan 31 13:00:00 2012 Dan Walsh - 2.1.10-19
- Change sepolgen to use sha256 instead of md5

Mon Jan 30 13:00:00 2012 Dan Walsh - 2.1.10-18
- Stop syslogging on full restore
- Stop syslogging when restorecon is not changing values

Fri Jan 27 13:00:00 2012 Dan Walsh - 2.1.10-17
- Change semanage to produce proper audit records for Common Criteria
- Cleanup packaging for usrmove

Thu Jan 26 13:00:00 2012 Harald Hoyer 2.1.10-16
- fixed load_policy location

Thu Jan 26 13:00:00 2012 Harald Hoyer 2.1.10-15
- fixed load_policy location

Thu Jan 26 13:00:00 2012 Harald Hoyer 2.1.10-14
- fixed load_policy location

Wed Jan 25 13:00:00 2012 Harald Hoyer 2.1.10-13
- add filesystem guard

Wed Jan 25 13:00:00 2012 Harald Hoyer 2.1.10-12
- install everything in /usr
https://fedoraproject.org/wiki/Features/UsrMove

Tue Jan 24 13:00:00 2012 Dan Walsh - 2.1.10-11
- restorecond fixes:
Stop using depracated g_io interfaces
Exit with non zero exit code if wrong options given
Add -h option

Thu Jan 19 13:00:00 2012 Dan Walsh - 2.1.10-10
- Eliminate not needed Requires

Wed Jan 18 13:00:00 2012 Dan Walsh - 2.1.10-9
- fix sepolgen to not crash on echo \"\" | audit2allow

Mon Jan 16 13:00:00 2012 Dan Walsh - 2.1.10-8
- Remove sandbox init script, should no longer be necessary

Sun Jan 15 13:00:00 2012 Dan Walsh - 2.1.10-7
- Add unit file support to sepolgen, and cleanup some of the output.

Mon Jan 9 13:00:00 2012 Dan Walsh - 2.1.10-5
- Fix English in templates for sepolgen

Fri Dec 23 13:00:00 2011 Dan Walsh - 2.1.10-4
- Fix the handling of namespaces in seunshare/sandbox.
- Currently mounting of directories within sandbox is propogating to the
- parent namesspace.

Thu Dec 22 13:00:00 2011 Dan Walsh - 2.1.10-3
- Add umount code to seunshare to cleanup left over mounts of /var/tmp

Wed Dec 21 13:00:00 2011 Dan Walsh - 2.1.10-2
- Remove open_init_pty

Wed Dec 21 13:00:00 2011 Dan Walsh - 2.1.10-1
-Update to upstream
- sepolgen

* better analysis of why things broke
- policycoreutils

* Remove excess whitespace

* sandbox: Add back in . functions to sandbox.init script

* Fix Makefile to match other policycoreutils Makefiles

* semanage: drop unused translation getopt

Thu Dec 15 13:00:00 2011 Dan Walsh - 2.1.9-3
- Bump libsepol version requires rebuild

Wed Dec 7 13:00:00 2011 Dan Walsh - 2.1.9-2
- Add back accidently dropped patches for semanage

Tue Dec 6 13:00:00 2011 Dan Walsh - 2.1.9-1
- Upgrade to upstream

* sandbox: move sandbox.conf.5 to just sandbox.5

* po: Makefile use -p to preserve times to allow multilib simultatious installs

* of po files

* sandbox: Allow user to specify the DPI value for X in a sandbox

* sandbox: make sure the domain launching sandbox has at least 100 categories

* sandbox: do not try forever to find available category set

* sandbox: only complain if sandbox unable to launch

* sandbox: init script run twice is still successful

* semanage: print local and dristo equiv rules

* semanage: check file equivalence rules for conflict

* semanage: Make sure semanage fcontext -l -C prints even if local keys

* are not defined

* semanage: change src,dst to target,substitute for equivalency

* sestatus: Updated sestatus and man pages.

* Added SELinux config file man page.

* add clean target to man Makefile

Wed Nov 30 13:00:00 2011 Dan Walsh - 2.1.8-8
- Fix semange fcontext -a to check for more conflicts on equivalency

Tue Nov 29 13:00:00 2011 Dan Walsh - 2.1.8-7
- Fix dpi handling in sandbox
- Make sure semanage fcontext -l -C prints if only local equiv have changed

Wed Nov 16 13:00:00 2011 Dan Walsh - 2.1.8-6
- Add listing of distribution equivalence class from semanage fcontext -l
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence

Wed Nov 16 13:00:00 2011 Dan Walsh - 2.1.8-5
- Allow ~ as a valid part of a filename in sepolgen

Fri Nov 11 13:00:00 2011 Dan Walsh - 2.1.8-4
- sandbox init script should always return 0
- sandbox command needs to check range of categories and report error if not big enough

Mon Nov 7 13:00:00 2011 Dan Walsh - 2.1.8-3
- Allow user to specify DPI when running sandbox

Mon Nov 7 13:00:00 2011 Dan Walsh - 2.1.8-2
- Add Miroslav patch to return all attributes

Fri Nov 4 13:00:00 2011 Dan Walsh - 2.1.8-1
- Upgrade to policycoreutils upstream

* sandbox: Maintain the LANG environment into the sandbox

* audit2allow: use audit2why internally

* fixfiles: label /root but not /var/lib/BackupPC

* semanage: update local boolean settings is dealing with localstore

* semanage: missing modify=True

* semanage: set modified correctly

* restorecond: make restorecond dbuss-able

* restorecon: Always check return code on asprintf

* restorecond: make restorecond -u exit when terminal closes

* sandbox: introduce package name and language stuff

* semodule_package: remove semodule_unpackage on clean

* fix sandbox Makefile to support DESTDIR

* semanage: Add -o description to the semanage man page

* make use of the new realpath_not_final function

* setfiles: close /proc/mounts file when finished

* semodule: Document semodule -p in man page

* setfiles: fix use before initialized

* restorecond: Add .local/share as a directory to watch
- Upgrade to sepolgen upstream

* Ignore permissive qualifier if found in an interface

* Return name field in avc data

Mon Oct 31 13:00:00 2011 Dan Walsh - 2.1.7-6
- Rebuild versus newer libsepol

Fri Oct 28 14:00:00 2011 Dan Walsh - 2.1.7-5
- A couple of minor coverity fixes for a potential leaked file descriptor
- An an unchecked return code.
- Add ~/.local/share/
* to restorecond_user watches

Thu Oct 13 14:00:00 2011 Dan Walsh - 2.1.7-4
- Have sepolgen return name field in AVC

Thu Oct 6 14:00:00 2011 Dan Walsh - 2.1.7-3
- restorecond -u needs to watch terminal for exit if run outside of dbus.

Tue Oct 4 14:00:00 2011 Dan Walsh - 2.1.7-2
- Do not drop capabilities if running newrole as root

Fri Sep 30 14:00:00 2011 Dan Walsh - 2.1.7-1
-Update to upstream

* semanage: fix indentation error in seobject

Thu Sep 29 14:00:00 2011 Dan Walsh - 2.1.6-3
- Ignore permissive commands in interfaces

Thu Sep 29 14:00:00 2011 Dan Walsh - 2.1.6-2
- Remove gnome requirement from polgengui

Mon Sep 19 14:00:00 2011 Dan Walsh - 2.1.6-1
-Update to upstream
policycoreutils-2.1.6

* sepolgen-ifgen: new attr-helper does something

* audit2allow: use alternate policy file

* audit2allow: sepolgen-ifgen use the attr helper

* setfiles: switch from stat to stat64

* setfiles: Fix potential crash using dereferenced ftsent

* setfiles: do not wrap
* output at 80 characters

* sandbox: add -Wall and -Werror to makefile

* sandbox: add sandbox cgroup support

* sandbox: rewrite /tmp handling

* sandbox: do not bind mount so much

* sandbox: add level based kill option

* sandbox: cntrl-c should kill entire process control group

* Create a new preserve_tunables flag in sepol_handle_t.

* semanage: show running and disk setting for booleans

* semanage: Dont print heading if no items selected

* sepolgen: audit2allow is mistakakenly not allowing valid module names

* semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled

* More files to ignore

* tree: default make target to all not install

* sandbox: do not load unused generic init functions
sepolgen-1.1.2

* src: sepolgen: add attribute storing infrastructure

* Change perm-map and add open to try to get better results on

* look for booleans that might solve problems

* sepolgen: audit2allow is mistakakenly not allowing valid module names

* tree: default make target to all not install

Wed Sep 14 14:00:00 2011 Dan Walsh - 2.1.5-6
- Change separator on -L from ; to :

Thu Sep 8 14:00:00 2011 Dan Walsh - 2.1.5-5
- Add back lockdown wizard for booleans using pywebkitgtk

Wed Sep 7 14:00:00 2011 Dan Walsh - 2.1.5-4
- Maintain the LANG environment Variable into the sandbox
- Change restorecon/setfiles to only change type part of the context unless
-f qualifier is given

Tue Sep 6 14:00:00 2011 Dan Walsh - 2.1.5-3
- Remove lockdown wizard, since gtkhtml2 is no longer supported.

Fri Sep 2 14:00:00 2011 Dan Walsh - 2.1.5-2
- Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.

Tue Aug 30 14:00:00 2011 Dan Walsh - 2.1.5-1
-Update to upstream

* policycoreutils

* setfiles: Fix process_glob to handle error situations

* sandbox: Allow seunshare to run as root

* sandbox: trap sigterm to make sure sandbox

* sandbox: pass DPI from the desktop

* sandbox: seunshare: introduce helper spawn_command

* sandbox: seunshare: introduce new filesystem helpers

* sandbox: add -C option to not drop

* sandbox: split seunshare caps dropping

* sandbox: use dbus-launch

* sandbox: numerous simple updates to sandbox

* sandbox: do not require selinux context

* sandbox: Makefile: new man pages

* sandbox: rename dir to srcdir

* sandbox: allow users specify sandbox window size

* sandbox: check for paths up front

* sandbox: use defined values for paths rather

* sandbox: move seunshare globals to the top

* sandbox: whitespace fix

* semodule_package: Add semodule_unpackage executable

* setfiles: get rid of some stupid globals

* setfiles: move exclude_non_seclabel_mounts to a generic location

* sepolgen

* refparser: include open among valid permissions

* refparser: add support for filename_trans rules

Thu Aug 18 14:00:00 2011 Dan Walsh - 2.1.4-2
- Fix bug in glob handling for restorecon

Thu Aug 18 14:00:00 2011 Dan Walsh - 2.1.4-1
-Update to upstream
2.1.4 2011-08-17

* run_init: clarification of the usage in the

* semanage: fix usage header around booleans

* semanage: remove useless empty lines

* semanage: update man page with new examples

* semanage: update usage text

* semanage: introduce file context equivalencies

* semanage: enable and disable modules

* semanage: output all local modifications

* semanage: introduce extraction of local configuration

* semanage: cleanup error on invalid operation

* semanage: handle being called with no arguments

* semanage: return sooner to save CPU time

* semanage: surround getopt with try/except

* semanage: use define/raise instead of lots of

* semanage: some options are only valid for

* semanage: introduce better deleteall support

* semanage: do not allow spaces in file

* semanage: distinguish between builtin and local permissive

* semanage: centralized ip node handling

* setfiles: make the restore function exclude() non-static

* setfiles: use glob to handle ~ and

* fixfiles: do not hard code types

* fixfiles: stop trying to be smart about

* fixfiles: use new kernel seclabel option

* fixfiles: pipe everything to cat before sending

* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs

* semodule: support for alternative root paths

2.1.3 2011-08-03

* semanage: fix indention

* semodule_package: fix man page typo

* semodule_expand: update man page with -a

* semanage: handle os errors

* semanage: fix traceback with bad options

* semanage: show usage on -h or --help

* semanage: introduce more deleteall options

* semanage: verify ports < 65536

* transaction into semanageRecords

* make get_handle a method of semanageRecords

* remove a needless blank line

* make process_one error if not initialized correctly

* fixfiles: correct usage for r_opts.rootpath

* put -p in help for restorecon and

* fixfiles: do not try to only label

* fixfiles clean up /var/run and /var/lib/debug

* fixfiles delete tmp sockets and pipes rather

* fixfile use find -delete instead of pipe

* chcat man page typo

* add man page for genhomedircon

* setfiles fix typo

* setsebool should inform users they need to

* setsebool typos

* open_init_tty man page typos

* Don\'t add user site directory to sys.path

* newrole retain CAP_SETPCAP

2.1.2 2011-08-02

* seunshare: define _GNU_SOURCE earlier

* make ignore_enoent do something

* restorecond: first user logged in is not noticed

* Repo: update .gitignore

2.1.1 2011-08-01

* Man page updates

* restorecon fix for bad inotify assumptions

2.1.0 2011-07-27

* Release, minor version bump

Tue Jul 26 14:00:00 2011 Dan Walsh 2.0.86-20
- Fix sepolgen usage statement
- Stop using -k insandbox
- Fix seunshare usage statement

Thu Jul 7 14:00:00 2011 Dan Walsh 2.0.86-18
- Change seunshare to send kill signals to the childs session.
- Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.

Wed Jul 6 14:00:00 2011 Dan Walsh 2.0.86-17
- Add -k qualifier to seunshare to have it attempt to kill all processes with
the matching MCS label.

Tue Jul 5 14:00:00 2011 Dan Walsh 2.0.86-16
- Add -C option to sandbox and seunshare to maintain capabilities, otherwise
the bounding set will be dropped.
- Change --cgroups short name -c rather then -C for consistancy
- Fix memory and fd leaks in seunshare

Wed Jun 29 14:00:00 2011 Jóhann B. Guðmundsson - 2.0.86-15
- Introduce systemd unit file for restorecond drop SysV support

Mon Jun 13 14:00:00 2011 Dan Walsh 2.0.86-14
- Do not drop capability bounding set in seunshare, this allows sandbox to
- run setuid apps.

Fri Jun 10 14:00:00 2011 Dan Walsh 2.0.86-13
- Add semanage-bash-completion.sh script

Tue Jun 7 14:00:00 2011 Dan Walsh 2.0.86-12
- Remove mount -o bind calls from sandbox init script
- pam_namespace now has this built in.

Tue Jun 7 14:00:00 2011 Dan Walsh 2.0.86-11
- Pass desktop dpi to sandbox Xephyr window

Mon Jun 6 14:00:00 2011 Dan Walsh 2.0.86-10
- Allow semodule to pick alternate root for selinux files
- Add ~/.config/
* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.

Wed May 25 14:00:00 2011 Dan Walsh 2.0.86-9
- Fix var_spool template read_spool_files
- Fix sepolgen to handle filename transitions

Mon May 23 14:00:00 2011 Dan Walsh 2.0.86-8
- Templates cleanedup by Dominic Grift

Fri Apr 29 14:00:00 2011 Dan Walsh 2.0.86-7
- Clean up some of the templates for sepolgen

Fri Apr 22 14:00:00 2011 Dan Walsh 2.0.86-6
- Apply patches from Christoph A.

* fix sandbox title

* stop xephyr from li
- Also ignore errors on sandbox include of directory missing files

Thu Apr 21 14:00:00 2011 Dan Walsh 2.0.86-5
- rebuild versus latest libsepol

Mon Apr 18 14:00:00 2011 Dan Walsh 2.0.86-4
- Change fixfiles restore to delete unlabeled sockets in /tmp

Mon Apr 18 14:00:00 2011 Dan Walsh 2.0.86-2
- rebuild versus latest libsepol

Tue Apr 12 14:00:00 2011 Dan Walsh 2.0.86-1
- Update to upstream

* Use correct color range in mcstrand by Richard Haines.

Mon Apr 11 14:00:00 2011 Dan Walsh 2.0.85-30
- Add Elia Pinto patches to allow user to specify directories to ignore

Tue Apr 5 14:00:00 2011 Dan Walsh 2.0.85-29
- Fix policycoreutils-sandbox description

Tue Mar 29 14:00:00 2011 Dan Walsh 2.0.85-28
- rsynccmd should run outside of execcon

Thu Mar 24 13:00:00 2011 Dan Walsh 2.0.85-27
- Fix semange node handling of ipv6 addresses

Wed Mar 23 13:00:00 2011 Dan Walsh 2.0.85-26
- Fix sepolgen-ifgen call, add -p option

Wed Mar 23 13:00:00 2011 Dan Walsh 2.0.85-25
- Fix sepolgen-ifgen call

Fri Mar 18 13:00:00 2011 Dan Walsh 2.0.85-24
- Fix rsync command to work if the directory is old.
- Fix all tests

Wed Mar 16 13:00:00 2011 Dan Walsh 2.0.85-23
- Fix sepolgen to generate network polcy using generic_if and genric_node versus all_if and all_node

Wed Mar 16 13:00:00 2011 Dan Walsh 2.0.85-22
- Return to original seunshare man page

Fri Mar 11 13:00:00 2011 Dan Walsh 2.0.85-21
- change default location of HOMEDIR in sandbox to /tmp/.sandbox_home_
*
- This will allow default sandboxes to work on NFS homedirs without allowing
access to homedir data

Fri Mar 11 13:00:00 2011 Dan Walsh 2.0.85-20
- Change sepolgen-ifgen to search all available policy files
- Exit in restorecond if it can not find a UID in the passwd database

Wed Mar 9 13:00:00 2011 Dan Walsh 2.0.85-19
- Fix portspage in system-config-selinux to not crash
- More fixes for seunshare from Tomas Hoger

Tue Mar 8 13:00:00 2011 Dan Walsh 2.0.85-18
- put back in old handling of -T in sandbox command
- Put back setsid in seunshare
- Fix rsync to maintain times

Tue Mar 8 13:00:00 2011 Dan Walsh 2.0.85-17
- Use rewritten seunshare from thoger

Mon Mar 7 13:00:00 2011 Dan Walsh 2.0.85-16
- Require python-IPy for policycoreutils-python package
- Fixes for sepologen
- Usage statement needs -n name
- Names with _ are being prevented
- dbus apps should get _chat interface

Thu Mar 3 13:00:00 2011 Dan Walsh 2.0.85-15
- Fix error message in seunshare, check for tmpdir existance before unlink.

Fri Feb 25 13:00:00 2011 Dan Walsh 2.0.85-13
- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
- Only allow names in polgengui that contain letters and numbers
- Fix up node handling in semanage command
- Update translations

Wed Feb 9 13:00:00 2011 Fedora Release Engineering - 2.0.85-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

Thu Feb 3 13:00:00 2011 Dan Walsh 2.0.85-11
- Fix sandbox policy creation with udp connect ports

Thu Feb 3 13:00:00 2011 Dan Walsh 2.0.85-10
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
- Cleanup chcat man page

Wed Feb 2 13:00:00 2011 Dan Walsh 2.0.85-9
- Report full errors on OSError on Sandbox

Fri Jan 21 13:00:00 2011 Dan Walsh 2.0.85-8
- Fix newrole hanlding of pcap

Wed Jan 19 13:00:00 2011 Dan Walsh 2.0.85-7
- Have restorecond watch more directories in homedir

Fri Jan 14 13:00:00 2011 Dan Walsh 2.0.85-6
- Add sandbox to sepolgen

Thu Jan 6 13:00:00 2011 Dan Walsh 2.0.85-4
- Fix proper handling of getopt errors
- Do not allow modules names to contain spaces

Wed Jan 5 13:00:00 2011 Dan Walsh 2.0.85-3
- Polgengui raises the wrong type of exception. #471078
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure

Wed Dec 22 13:00:00 2010 Dan Walsh 2.0.85-2
- Fix restorecond watching utmp file for people logging in our out

Tue Dec 21 13:00:00 2010 Dan Walsh 2.0.85-1
- Update to upstream

Thu Dec 16 13:00:00 2010 Dan Walsh 2.0.84-5
- Change to allow sandbox to run on nfs homedirs, add start python script

Wed Dec 15 13:00:00 2010 Dan Walsh 2.0.84-4
- Move seunshare to sandbox package

Mon Nov 29 13:00:00 2010 Dan Walsh 2.0.84-3
- Fix sandbox to show correct types in usage statement

Mon Nov 29 13:00:00 2010 Dan Walsh 2.0.84-2
- Stop fixfiles from complaining about missing dirs

Mon Nov 22 13:00:00 2010 Dan Walsh 2.0.84-1
- Update to upstream
- List types available for sandbox in usage statement

Mon Nov 22 13:00:00 2010 Dan Walsh 2.0.83-37
- Don\'t report error on load_policy when system is disabled.

Mon Nov 8 13:00:00 2010 Dan Walsh 2.0.83-36
- Fix up problems pointed out by solar designer on dropping capabilities

Mon Nov 1 13:00:00 2010 Dan Walsh 2.0.83-35
- Check if you have full privs and reset otherwise dont drop caps

Mon Nov 1 13:00:00 2010 Dan Walsh 2.0.83-34
- Fix setools require line

Fri Oct 29 14:00:00 2010 Dan Walsh 2.0.83-33
- Move /etc/pam.d/newrole in to polcicycoreutils-newrole
- Additiona capability checking in sepolgen

Mon Oct 25 14:00:00 2010 Dan Walsh 2.0.83-32
- Remove setuid flag and replace with file capabilities
- Fix sandbox handling of files with spaces in them

Wed Sep 29 14:00:00 2010 jkeating - 2.0.83-31
- Rebuilt for gcc bug 634757

Thu Sep 23 14:00:00 2010 Dan Walsh 2.0.83-30
- Move restorecond into its own subpackage

Thu Sep 23 14:00:00 2010 Dan Walsh 2.0.83-29
- Fix semanage man page

Mon Sep 13 14:00:00 2010 Dan Walsh 2.0.83-28
- Add seremote, to allow the execution of command inside the sandbox from outside the sandbox.

Mon Sep 13 14:00:00 2010 Dan Walsh 2.0.83-27
- Fix sandbox copyfile when copying a dir with a socket, print error

Fri Sep 10 14:00:00 2010 Dan Walsh 2.0.83-26
- Stop polgengui from crashing if selinux policy is not installed

Thu Sep 9 14:00:00 2010 Dan Walsh 2.0.83-25
- Fix bug preventing sandbox from using -l

Tue Sep 7 14:00:00 2010 Dan Walsh 2.0.83-24
- Eliminate quotes fro desktop files

Mon Aug 30 14:00:00 2010 Dan Walsh 2.0.83-23
- Add -w windowsize patch from Christoph A.

Mon Aug 30 14:00:00 2010 Dan Walsh 2.0.83-22
- Update po

Wed Aug 25 14:00:00 2010 Dan Walsh 2.0.83-21
- Update po

Tue Aug 24 14:00:00 2010 Dan Walsh 2.0.83-20
- Tighten down seunshare to create /tmp dir with sticky bit and MS_NODEV | MS_NOSUID | MS_NOEXEC;
- Remove setsid on seunshare so ^c on sandbox will cause apps to exit
- Add dbus-launch --exit-with-session so all processes launched within the sandbox exit with the sandbox
- Clean up error handling so error will get sent back to sandbox tool

Mon Aug 23 14:00:00 2010 Dan Walsh 2.0.83-19
- Fix translation handling in file context page of system-config-selinux

Fri Aug 13 14:00:00 2010 Dan Walsh 2.0.83-18
- Fix sandbox error handling

Fri Aug 13 14:00:00 2010 Dan Walsh 2.0.83-17
- Apply patch to restorecond from Chris Adams, which will cause restorecond
- to watch first user that logs in.

Thu Aug 12 14:00:00 2010 Dan Walsh 2.0.83-16
- Add COPYING file to doc dir

Thu Aug 5 14:00:00 2010 Dan Walsh 2.0.83-15
- Update po and translations
Resolves: #610473

Thu Aug 5 14:00:00 2010 Dan Walsh 2.0.83-14
- More fixes for polgen tools

Thu Aug 5 14:00:00 2010 Dan Walsh 2.0.83-13
- Remove requirement to run selinux-polgen as root

Thu Aug 5 14:00:00 2010 Dan Walsh 2.0.83-12
- Update po and translations
- Fix gui policy generation tools

Wed Aug 4 14:00:00 2010 Dan Walsh 2.0.83-11
- Update po and translations

Sat Jul 31 14:00:00 2010 David Malcolm - 2.0.83-10
- rebuild against python 2.7

Wed Jul 28 14:00:00 2010 Dan Walsh 2.0.83-9
- Update selinux-polgengui to sepolgen policy generation

Wed Jul 28 14:00:00 2010 Dan Walsh 2.0.83-8
- Fix invalid free in seunshare and fix man page

Tue Jul 27 14:00:00 2010 Dan Walsh 2.0.83-7
- Update translations

Mon Jul 26 14:00:00 2010 Dan Walsh 2.0.83-6
- Fix sandbox man page

Wed Jul 21 14:00:00 2010 David Malcolm - 2.0.83-5
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

Tue Jul 20 14:00:00 2010 Dan Walsh 2.0.83-4
- Add translations for menus
- Fixup man page from Russell Coker

Tue Jun 15 14:00:00 2010 Dan Walsh 2.0.83-3
- Change python scripts to use -s flag
- Update po

Tue Jun 15 14:00:00 2010 Dan Walsh 2.0.83-1
- Update to upstream

* Add sandbox support from Dan Walsh with modifications from Steve Lawrence.

Tue Jun 15 14:00:00 2010 Dan Walsh 2.0.82-31
- Fix sepolgen code generation
Resolve: #603001

Tue Jun 8 14:00:00 2010 Dan Walsh 2.0.82-30
- Add cgroup support for sandbox

Mon Jun 7 14:00:00 2010 Dan Walsh 2.0.82-29
- Allow creation of /var/cache/DOMAIN from sepolgen

Thu Jun 3 14:00:00 2010 Dan Walsh 2.0.82-28
- Fix sandbox init script
- Add dbus-launch to sandbox -X
Resolve: #599599

Thu Jun 3 14:00:00 2010 Dan Walsh 2.0.82-27
- Move genhomedircon.8 to same package as genhomedircon
- Fix sandbox to pass unit test
Resolves: #595796

Wed Jun 2 14:00:00 2010 Dan Walsh 2.0.82-26
- Fix listing of booleans from audit2allow

Wed Jun 2 14:00:00 2010 Dan Walsh 2.0.82-25
- Fix audit2allow to output if the current policy has avc
- Update translations
- Fix icon

Thu May 27 14:00:00 2010 Dan Walsh 2.0.82-24
- Man page fixes
- sandbox fixes
- Move seunshare to base package

Fri May 21 14:00:00 2010 Dan Walsh 2.0.82-23
- Fix seunshare translations
- Fix seunshare to work on all arches
- Fix icon for system-config-selinux
Resolves: #595276

Fri May 21 14:00:00 2010 Dan Walsh 2.0.82-22
- Fix can_exec definition in sepolgen

Fri May 21 14:00:00 2010 Dan Walsh 2.0.82-21
- Add man page for seunshare and genhomedircon
Resolves: #594303
- Fix node management via semanage

Wed May 19 14:00:00 2010 Dan Walsh 2.0.82-20
- Fixes from upstream for sandbox command
Resolves: #580938

Thu May 13 14:00:00 2010 Dan Walsh 2.0.82-18
- Fix sandbox error handling on copyfile
- Fix desktop files

Tue May 11 14:00:00 2010 Dan Walsh 2.0.82-17
- Fix policy tool to have correct name in menus
- Fix seunshare to handle /tmp being in ~/home
- Fix saving of altered files
- Update translations

Tue May 4 14:00:00 2010 Dan Walsh 2.0.82-15
- Allow audit2allow to specify alternative policy file for analysis

Mon May 3 14:00:00 2010 Dan Walsh 2.0.82-14
- Update po
- Fix sepolgen --no_attrs
Resolves: #588280

Thu Apr 29 14:00:00 2010 Dan Walsh 2.0.82-13
- Make semanage boolean work on disabled machines and during livecd xguest
- Fix homedir and tmpdir handling in sandbox
Resolves: #587263

Wed Apr 28 14:00:00 2010 Dan Walsh 2.0.82-11
- Make semanage boolean work on disabled machines

Tue Apr 27 14:00:00 2010 Dan Walsh 2.0.82-10
- Make sepolgen-ifgen be quiet

Wed Apr 21 14:00:00 2010 Dan Walsh 2.0.82-8
- Make sepolgen report on more interfaces
- Fix system-config-selinux display of modules

Thu Apr 15 14:00:00 2010 Dan Walsh 2.0.82-7
- Fix crash when args are empty
Resolves: #582542
- Fix semange to exit on bad options
- Fix semanage dontaudit man page section
Resolves: #582533

Wed Apr 14 14:00:00 2010 Dan Walsh 2.0.82-6
- Remove debug line from semanage
- Update po

Tue Apr 13 14:00:00 2010 Dan Walsh 2.0.82-5
- Fix sandbox comment on HOMEDIRS
- Fix sandbox to throw error on bad executable

Tue Apr 6 14:00:00 2010 Dan Walsh 2.0.82-4
- Fix spacing in templates

Wed Mar 31 14:00:00 2010 Dan Walsh 2.0.82-3
- Fix semanage return codes

Tue Mar 30 14:00:00 2010 Dan Walsh 2.0.82-2
- Fix sepolgen to confirm to the \"Reference Policy Style Guide\"

Tue Mar 23 13:00:00 2010 Dan Walsh 2.0.82-1
- Update to upstream

* Add avc\'s since boot from Dan Walsh.

* Fix unit tests from Dan Walsh.

Tue Mar 23 13:00:00 2010 Dan Walsh 2.0.81-4
- Update to upstream - sepolgen

* Add since-last-boot option to audit2allow from Dan Walsh.

* Fix sepolgen output to match what Chris expects for upstream
refpolicy from Dan Walsh.

Mon Mar 22 13:00:00 2010 Dan Walsh 2.0.81-3
- Allow restorecon on > 2 Gig files

Tue Mar 16 13:00:00 2010 Dan Walsh 2.0.81-2
- Fix semanage handling of boolean options
- Update translations

Fri Mar 12 13:00:00 2010 Dan Walsh 2.0.81-1
- Update to upstream

* Add dontaudit flag to audit2allow from Dan Walsh.

Thu Mar 11 13:00:00 2010 Dan Walsh 2.0.80-2
- Use --rbind in sandbox init scripts

Mon Mar 8 13:00:00 2010 Dan Walsh 2.0.80-1
- Update to upstream

* Module enable/disable support from Dan Walsh.

Mon Mar 1 13:00:00 2010 Dan Walsh 2.0.79-5
- Rewrite of sandbox script, add unit test for sandbox
- Update translations

Mon Mar 1 13:00:00 2010 Dan Walsh 2.0.79-4
- Fix patch for dontaudit rules from audit2allow for upstream acceptance

Fri Feb 26 13:00:00 2010 Dan Walsh 2.0.79-3
- Fixes for fixfiles

Wed Feb 17 13:00:00 2010 Dan Walsh 2.0.79-2
- Fix sandbox to complain if mount-shared has not been run
- Fix to use /etc/sysconfig/sandbox

Tue Feb 16 13:00:00 2010 Dan Walsh 2.0.79-1
- Update to upstream

* Fix double-free in newrole
- Fix python language handling

Thu Feb 11 13:00:00 2010 Dan Walsh 2.0.78-21
- Fix display of command in sandbox

Fri Feb 5 13:00:00 2010 Dan Walsh 2.0.78-20
- Catch OSError in semanage

Wed Feb 3 13:00:00 2010 Dan Walsh 2.0.78-19
- Fix seobject and fixfiles

Fri Jan 29 13:00:00 2010 Dan Walsh 2.0.78-17
- Change seobject to use translations properly

Thu Jan 28 13:00:00 2010 Dan Walsh 2.0.78-16
- Cleanup spec file
Resolves: 555835

Thu Jan 28 13:00:00 2010 Dan Walsh 2.0.78-15
- Add use_resolve to sepolgen

Wed Jan 27 13:00:00 2010 Dan Walsh 2.0.78-14
- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession

Thu Jan 21 13:00:00 2010 Dan Walsh 2.0.78-13
- Fix executable template for fifo files

Tue Jan 19 13:00:00 2010 Dan Walsh 2.0.78-12
- Fix patch xod xmodmap
- Exit 0 from script

Thu Jan 14 13:00:00 2010 Dan Walsh 2.0.78-11
- Run with the same xdmodmap in sandbox as outside
- Patch from Josh Cogliati

Fri Jan 8 13:00:00 2010 Dan Walsh 2.0.78-10
- Fix sepolgen to not generate user sh section on non user policy

Fri Jan 8 13:00:00 2010 Dan Walsh 2.0.78-9
- Add -e to semanage man page
- Add -D qualifier to audit2allow to generate dontaudit rules

Wed Jan 6 13:00:00 2010 Dan Walsh 2.0.78-8
- Speed up audit2allow processing of audit2why comments

Fri Dec 18 13:00:00 2009 Dan Walsh 2.0.78-7
- Fixes to sandbox man page

Thu Dec 17 13:00:00 2009 Dan Walsh 2.0.78-6
- Add setools-libs-python to requires for gui

Wed Dec 16 13:00:00 2009 Dan Walsh 2.0.78-5
- If restorecond running as a user has no files to watch then it should exit. (NFS Homedirs)

Thu Dec 10 13:00:00 2009 Dan Walsh 2.0.78-4
- Move sandbox man page to base package

Tue Dec 8 13:00:00 2009 Dan Walsh 2.0.78-3
- Fix audit2allow to report constraints, dontaudits, types, booleans

Fri Dec 4 13:00:00 2009 Dan Walsh 2.0.78-2
- Fix restorecon -i to ignore enoent

Tue Dec 1 13:00:00 2009 Dan Walsh 2.0.78-1
- Update to upstream

* Remove non-working OUTFILE from fixfiles from Dan Walsh.

* Additional exception handling in chcat from Dan Walsh.

* fix sepolgen to read a \"type 1403\" msg as a policy load by Stephen
Smalley

* Add support for Xen ocontexts from Paul Nuzzi.

Tue Nov 24 13:00:00 2009 Dan Walsh 2.0.77-1
- Update to upstream

* Fixed bug preventing semanage node -a from working
from Chad Sellers

* Fixed bug preventing semanage fcontext -l from working
from Chad Sellers
- Change semanage to use unicode

Wed Nov 18 13:00:00 2009 Dan Walsh 2.0.76-1
- Update to upstream

* Remove setrans management from semanage, as it does not work
from Dan Walsh.

* Move load_policy from /usr/sbin to /sbin from Dan Walsh.

Mon Nov 16 13:00:00 2009 Dan Walsh 2.0.75-3
- Raise exception if user tries to add file context with an embedded space

Wed Nov 11 13:00:00 2009 Dan Walsh 2.0.75-2
- Fix sandbox to setsid so it can run under mozilla without crashing the session

Mon Nov 2 13:00:00 2009 Dan Walsh 2.0.75-1
- Update to upstream

* Factor out restoring logic from setfiles.c into restore.c

Fri Oct 30 13:00:00 2009 Dan Walsh 2.0.74-15
- Fix typo in seobject.py

Fri Oct 30 13:00:00 2009 Dan Walsh 2.0.74-14
- Allow semanage -i and semanage -o to generate customization files.
- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration

Tue Oct 20 14:00:00 2009 Dan Walsh 2.0.74-13
- Fix restorecond man page

Mon Oct 19 14:00:00 2009 Dan Walsh 2.0.74-12
- Add generation of the users context file to polgengui

Fri Oct 16 14:00:00 2009 Dan Walsh 2.0.74-11
- Remove tabs from system-config-selinux glade file

Thu Oct 15 14:00:00 2009 Dan Walsh 2.0.74-10
- Remove translations screen from system-config-selinux

Wed Oct 14 14:00:00 2009 Dan Walsh 2.0.74-9
- Move fixfiles man pages into the correct package
- Add genhomedircon to fixfiles restore

Tue Oct 6 14:00:00 2009 Dan Walsh 2.0.74-8
- Add check to sandbox to verify save changes - Chris Pardy
- Fix memory leak in restorecond - Steve Grubb

Thu Oct 1 14:00:00 2009 Dan Walsh 2.0.74-7
- Fixes Templates

Thu Oct 1 14:00:00 2009 Dan Walsh 2.0.74-6
- Fixes for polgengui to handle tcp ports correctly
- Fix semanage node -a

Wed Sep 30 14:00:00 2009 Dan Walsh 2.0.74-5
- Fixes for semanage -equiv, readded modules, --enable, --disable

Sun Sep 20 14:00:00 2009 Dan Walsh 2.0.74-4
- Close sandbox when eclipse exits

Fri Sep 18 14:00:00 2009 Dan Walsh 2.0.74-3
- Security fixes for seunshare
- Fix Sandbox to handle non file input to command.

Thu Sep 17 14:00:00 2009 Dan Walsh 2.0.74-2
- Security fixes for seunshare

Thu Sep 17 14:00:00 2009 Dan Walsh 2.0.74-1
- Update to upstream

* Change semodule upgrade behavior to install even if the module
is not present from Dan Walsh.

* Make setfiles label if selinux is disabled and a seclabel aware
kernel is running from Caleb Case.

* Clarify forkpty() error message in run_init from Manoj Srivastava.

Mon Sep 14 14:00:00 2009 Dan Walsh 2.0.73-5
- Fix sandbox to handle relative paths

Mon Sep 14 14:00:00 2009 Dan Walsh 2.0.73-4
- Add symbolic link to load_policy

Mon Sep 14 14:00:00 2009 Dan Walsh 2.0.73-3
- Fix restorecond script to use force-reload

Tue Sep 8 14:00:00 2009 Dan Walsh 2.0.73-2
- Fix init script to show status in usage message

Tue Sep 8 14:00:00 2009 Dan Walsh 2.0.73-1
- Update to upstream

* Add semanage dontaudit to turn off dontaudits from Dan Walsh.

* Fix semanage to set correct mode for setrans file from Dan Walsh.

* Fix malformed dictionary in portRecord from Dan Walsh.

* Restore symlink handling support to restorecon based on a patch by
Martin Orr. This fixes the restorecon /dev/stdin performed by Debian
udev scripts that was broken by policycoreutils 2.0.70.

Thu Sep 3 14:00:00 2009 Dan Walsh 2.0.71-15
- Add DAC_OVERRIED to seunshare

Wed Sep 2 14:00:00 2009 Bill Nottingham 2.0.71-15
- Fix typo

Fri Aug 28 14:00:00 2009 Dan Walsh 2.0.71-14
- Add enable/disable patch

Thu Aug 27 14:00:00 2009 Tomas Mraz - 2.0.71-13
- rebuilt with new audit

Wed Aug 26 14:00:00 2009 Dan Walsh 2.0.71-12
- Tighten up controls on seunshare.c

Wed Aug 26 14:00:00 2009 Dan Walsh 2.0.71-11
- Add sandboxX

Sat Aug 22 14:00:00 2009 Dan Walsh 2.0.71-10
- Fix realpath usage to only happen on argv input from user

Fri Aug 21 14:00:00 2009 Ville Skyttä - 2.0.71-9
- Don\'t try to remove restorecond after last erase (done already in %preun).
- Ensure scriptlets exit with status 0.
- Fix %post and %pr

Thu Aug 20 14:00:00 2009 Dan Walsh 2.0.71-7
- Fix glob handling of /..

Wed Aug 19 14:00:00 2009 Dan Walsh 2.0.71-6
- Redesign restorecond to use setfiles/restore functionality

Wed Aug 19 14:00:00 2009 Dan Walsh 2.0.71-5
- Fix sepolgen again

Tue Aug 18 14:00:00 2009 Dan Walsh 2.0.71-4
- Add --boot flag to audit2allow to get all AVC messages since last boot

Tue Aug 18 14:00:00 2009 Dan Walsh 2.0.71-3
- Fix semanage command

Thu Aug 13 14:00:00 2009 Dan Walsh 2.0.71-2
- exclude unconfined.if from sepolgen

Thu Aug 13 14:00:00 2009 Dan Walsh 2.0.71-1
- Fix chcat to report error on non existing file
- Update to upstream

* Modify setfiles/restorecon checking of exclude paths. Only check
user-supplied exclude paths (not automatically generated ones based on
lack of seclabel support), don\'t require them to be directories, and
ignore permission denied errors on them (it is ok to exclude a path to
which the caller lacks permission).

Mon Aug 10 14:00:00 2009 Dan Walsh 2.0.70-2
- Don\'t warn if the user did not specify the exclude if root can not stat file system

Wed Aug 5 14:00:00 2009 Dan Walsh 2.0.70-1
- Update to upstream

* Modify restorecon to only call realpath() on user-supplied pathnames
from Stephen Smalley.

* Fix typo in fixfiles that prevented it from relabeling btrfs
filesystems from Dan Walsh.

Wed Jul 29 14:00:00 2009 Dan Walsh 2.0.68-1
- Fix location of man pages
- Update to upstream

* Modify setfiles to exclude mounts without seclabel option in
/proc/mounts on kernels >= 2.6.30 from Thomas Liu.

* Re-enable disable_dontaudit rules upon semodule -B from Christopher
Pardy and Dan Walsh.

* setfiles converted to fts from Thomas Liu.

Sun Jul 26 14:00:00 2009 Fedora Release Engineering - 2.0.64-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Tue Jul 7 14:00:00 2009 Tom \"spot\" Callaway 2.0.64-2
- fix multiple directory ownership of mandirs

Fri Jun 26 14:00:00 2009 Dan Walsh 2.0.64-1
- Update to upstream

* Keep setfiles from spamming console from Dan Walsh.

* Fix chcat\'s category expansion for users from Dan Walsh.
- Update po files
- Fix sepolgen

Thu Jun 4 14:00:00 2009 Dan Walsh 2.0.63-5
- Add sepolgen executable

Mon Jun 1 14:00:00 2009 Dan Walsh 2.0.63-4
- Fix Sandbox option handling
- Fix fixfiles handling of btrfs

Tue May 26 14:00:00 2009 Dan Walsh 2.0.63-3
- Fix sandbox to be able to execute files in homedir

Fri May 22 14:00:00 2009 Dan Walsh 2.0.63-2
- Change polgen.py to be able to generate policy

Wed May 20 14:00:00 2009 Dan Walsh 2.0.63-1
- Update to upstream

* Fix transaction checking from Dan Walsh.

* Make fixfiles -R (for rpm) recursive.

* Make semanage permissive clean up after itself from Dan Walsh.

* add /root/.ssh/
* to restorecond.conf

Wed Apr 22 14:00:00 2009 Dan Walsh 2.0.62-14
- Fix audit2allow -a to retun /var/log/messages

Wed Apr 22 14:00:00 2009 Dan Walsh 2.0.62-13
- Run restorecond as a user service

Thu Apr 16 14:00:00 2009 Dan Walsh 2.0.62-12
- Add semanage module support

Tue Apr 14 14:00:00 2009 Dan Walsh 2.0.62-10
- Do not print \
, if count < 1000;

Sat Apr 11 14:00:00 2009 Dan Walsh 2.0.62-9
- Handle case where subs file does not exist

Wed Apr 8 14:00:00 2009 Dan Walsh 2.0.62-8
- Update po files
- Add --equiv command for semanage

Tue Mar 31 14:00:00 2009 Dan Walsh 2.0.62-7
- Cleanup creation of permissive domains
- Update po files

Mon Mar 23 13:00:00 2009 Dan Walsh 2.0.62-6
- Update po files

Thu Mar 12 13:00:00 2009 Dan Walsh 2.0.62-5
- Fix semanage transations

Sat Mar 7 13:00:00 2009 Dan Walsh 2.0.62-4
- Update polgengui templates to match current upstream policy

Thu Feb 26 13:00:00 2009 Fedora Release Engineering - 2.0.62-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Mon Feb 23 13:00:00 2009 Dan Walsh 2.0.62-2
- Add /root/.ssh to restorecond.conf
- fixfiles -R package should recursively fix files

Wed Feb 18 13:00:00 2009 Dan Walsh 2.0.62-1
- Update to upstream

* Add btrfs to fixfiles from Dan Walsh.

* Remove restorecond error for matching globs with multiple hard links
and fix some error messages from Dan Walsh.

* Make removing a non-existant module a warning rather than an error
from Dan Walsh.

* Man page fixes from Dan Walsh.

Mon Feb 16 13:00:00 2009 Dan Walsh 2.0.61-10
- Fix script created by polgengui to not refer to selinux-policy-devel

Mon Feb 9 13:00:00 2009 Dan Walsh 2.0.61-9
- Change initc scripts to use proper labeling on gui

Mon Feb 9 13:00:00 2009 Dan Walsh 2.0.61-8
- Add obsoletes to cause policycoreuils to update both python and non python version

Fri Jan 30 13:00:00 2009 Dan Walsh 2.0.61-7
- Dont report errors on glob match and multiple links

Thu Jan 22 13:00:00 2009 Dan Walsh 2.0.61-6
- Move sepolgen-ifgen to post python

Wed Jan 21 13:00:00 2009 Dan Walsh 2.0.61-4
- Fix Translations

Tue Jan 20 13:00:00 2009 Dan Walsh 2.0.61-3
- Add Domains Page to system-config-selinux
- Add ability to create dbus confined applications to polgen

Wed Jan 14 13:00:00 2009 Dan Walsh 2.0.61-2
- Split python into a separate package

Tue Jan 13 13:00:00 2009 Dan Walsh 2.0.61-1
- Update to upstream

* chcat: cut categories at arbitrary point (25) from Dan Walsh

* semodule: use new interfaces in libsemanage for compressed files
from Dan Walsh

* audit2allow: string changes for usage

Tue Jan 6 13:00:00 2009 Dan Walsh 2.0.60-7
- Don\'t error out when removing a non existing module

Mon Dec 15 13:00:00 2008 Dan Walsh 2.0.60-6
- fix audit2allow man page

Wed Dec 10 13:00:00 2008 Dan Walsh 2.0.60-5
- Fix Japanese translations

Sat Dec 6 13:00:00 2008 Dan Walsh 2.0.60-4
- Change md5 to hashlib.md5 in sepolgen

Thu Dec 4 13:00:00 2008 Ignacio Vazquez-Abrams - 2.0.60-3
- Rebuild for Python 2.6

Tue Dec 2 13:00:00 2008 Dan Walsh 2.0.60-2
- Fix error checking in restorecond, for inotify_add_watch

Mon Dec 1 13:00:00 2008 Dan Walsh 2.0.60-1
- Update to upstream

* semanage: use semanage_mls_enabled() from Stephen Smalley.

Sat Nov 29 13:00:00 2008 Ignacio Vazquez-Abrams - 2.0.59-2
- Rebuild for Python 2.6

Tue Nov 11 13:00:00 2008 Dan Walsh 2.0.59-1
- Update to upstream

* fcontext add checked local records twice, fix from Dan Walsh.

Mon Nov 10 13:00:00 2008 Dan Walsh 2.0.58-1
- Update to upstream

* Allow local file context entries to override policy entries in
semanage from Dan Walsh.

* Newrole error message corrections from Dan Walsh.

* Add exception to audit2why call in audit2allow from Dan Walsh.

Fri Nov 7 13:00:00 2008 Dan Walsh 2.0.57-12
- add compression

Tue Nov 4 13:00:00 2008 Jesse Keating - 2.0.57-11
- Move the usermode-gtk requires to the -gui subpackage.

Thu Oct 30 13:00:00 2008 Dan Walsh 2.0.57-10
- Fix traceback in audit2why

Wed Oct 29 13:00:00 2008 Dan Walsh 2.0.57-9
- Make GUI use translations

Wed Oct 29 13:00:00 2008 Dan Walsh 2.0.57-8
- Fix typo in man page

Tue Oct 28 13:00:00 2008 Dan Walsh 2.0.57-7
- Handle selinux disabled correctly
- Handle manipulation of fcontext file correctly

Mon Oct 27 13:00:00 2008 Dan Walsh 2.0.57-6
- Add usermode-gtk requires

Thu Oct 23 14:00:00 2008 Dan Walsh 2.0.57-5
- Allow addition of local modifications of fcontext policy.

Mon Oct 20 14:00:00 2008 Dan Walsh 2.0.57-4
- Fix system-config-selinux booleanspage throwing and exception
- Update po files

Fri Oct 17 14:00:00 2008 Dan Walsh 2.0.57-3
- Fix text in newrole
- Fix revertbutton on booleans page in system-config-selinux

Wed Oct 1 14:00:00 2008 Dan Walsh 2.0.57-2
- Change semodule calls for libsemanage

Wed Oct 1 14:00:00 2008 Dan Walsh 2.0.57-1
- Update to upstream

* Update po files from Dan Walsh.

Fri Sep 12 14:00:00 2008 Dan Walsh 2.0.56-1
- Fix semanage help display
- Update to upstream

* fixfiles will now remove all files in /tmp and will check for
unlabeled_t in /tmp and /var/tmp from Dan Walsh.

* add glob support to restorecond from Dan Walsh.

* allow semanage to handle multi-line commands in a single transaction
from Dan Walsh.

Thu Sep 11 14:00:00 2008 Dan Walsh 2.0.55-8
- Only call gen_requires once in sepolgen

Tue Sep 9 14:00:00 2008 Dan Walsh 2.0.55-7
- Change Requires line to gnome-python2-gnome
- Fix spelling mistakes
- Require libselinux-utils

Mon Sep 8 14:00:00 2008 Dan Walsh 2.0.55-5
- Add node support to semanage

Mon Sep 8 14:00:00 2008 Dan Walsh 2.0.55-4
- Fix fixfiles to correct unlabeled_t files and remove .? files

Wed Sep 3 14:00:00 2008 Dan Walsh 2.0.55-2
- Add glob support to restorecond so it can check every file in the homedir

Thu Aug 28 14:00:00 2008 Dan Walsh 2.0.55-1
- Update to upstream

* Merged semanage node support from Christian Kuester.

Fri Aug 15 14:00:00 2008 Dan Walsh 2.0.54-7
- Add require libsemanage-python

Mon Aug 11 14:00:00 2008 Dan Walsh 2.0.54-6
- Add missing html_util.py file

Thu Aug 7 14:00:00 2008 Dan Walsh 2.0.54-5
- Fixes for multiple transactions

Wed Aug 6 14:00:00 2008 Dan Walsh 2.0.54-2
- Allow multiple transactions in one semanage command

Tue Aug 5 14:00:00 2008 Dan Walsh 2.0.54-1
- Update to upstream

* Add support for boolean files and group support for seusers from Dan Walsh.

* Ensure that setfiles -p output is newline terminated from Russell Coker.

Fri Aug 1 14:00:00 2008 Dan Walsh 2.0.53-3
- Allow semanage user to add group lists % groupname

Tue Jul 29 14:00:00 2008 Dan Walsh 2.0.53-2
- Fix help

Tue Jul 29 14:00:00 2008 Dan Walsh 2.0.53-1
- Update to upstream

* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.

Tue Jul 29 14:00:00 2008 Dan Walsh 2.0.52-6
- Fix boolean handling
- Upgrade to latest sepolgen
- Update po patch

Wed Jul 9 14:00:00 2008 Dan Walsh 2.0.52-5
- Additial cleanup of boolean handling for semanage

Tue Jul 8 14:00:00 2008 Dan Walsh 2.0.52-4
- Handle ranges of ports in gui

Tue Jul 8 14:00:00 2008 Dan Walsh 2.0.52-3
- Fix indent problems in seobject

Wed Jul 2 14:00:00 2008 Dan Walsh 2.0.52-2
- Add lockdown wizard
- Allow semanage booleans to take an input file an process lots of booleans at once.

Wed Jul 2 14:00:00 2008 Dan Walsh 2.0.52-1
- Default prefix to \"user\"

Tue Jul 1 14:00:00 2008 Dan Walsh 2.0.50-2
- Remove semodule use within semanage
- Fix launching of polgengui from toolbar

Mon Jun 30 14:00:00 2008 Dan Walsh 2.0.50-1
- Update to upstream

* Fix audit2allow generation of role-type rules from Karl MacMillan.

Tue Jun 24 14:00:00 2008 Dan Walsh