SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libselinux-static-2.5-6.el7.i686.rpm :
Fri Aug 26 14:00:00 2016 Petr Lautrbach 2.5-6
- Handle NULL pcre study data

Wed Aug 10 14:00:00 2016 Petr Lautrbach 2.5-5
- Fix in tree compilation of utils that depend on libsepol

Mon Jun 27 14:00:00 2016 Petr Lautrbach - 2.5-4
- Clarify is_selinux_mls_enabled() description
- Explain how to free policy type from selinux_getpolicytype()
- Compare absolute pathname in matchpathcon -V
- Add selinux_snapperd_contexts_path()
- Modify audit2why analyze function to use loaded policy
- Sort object files for deterministic linking order
- Respect CC and PKG_CONFIG environment variable
- Avoid mounting /proc outside of selinux_init_load_policy()
- Fix multiple spelling errors

Wed Apr 27 14:00:00 2016 Petr Lautrbach - 2.5-3
- Fix setexecfilecon() to work better in a chroot (#1329931)
- Fix typo in sefcontext_compile.8 (#1320062)

Mon Apr 11 14:00:00 2016 Petr Lautrbach - 2.5-2
- Fix location of selinuxfs mount point (#1321086)
- Only mount /proc if necessary
- procattr: return einval for <= 0 pid args
- procattr: return error on invalid pid_t inpu

Tue Feb 23 13:00:00 2016 Petr Lautrbach 2.5-1
- Update to upstream release 2016-02-23

Fri Feb 14 13:00:00 2014 Dan Walsh - 2.2.2-6
- Add additional go bindings for get
*con calls
- Add go bindings test command
- Modify man pages of set
*con calls to mention that they are thread specific
Resolves:#1053122

Fri Jan 31 13:00:00 2014 Dan Walsh - 2.2.2-5
- Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go
- Add Int_to_mcs function to generate MCS labels from integers.

Fri Jan 31 13:00:00 2014 Miroslav Grepl - 2.2.2-4
- Fix libselinux.spec file
- Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go
- Add Int_to_mcs function to generate MCS labels from integers.

Tue Jan 28 13:00:00 2014 Daniel Mach - 2.2.2-3
- Mass rebuild 2014-01-24

Tue Jan 14 13:00:00 2014 Dan Walsh - 2.2.2-2
- Add ghost flag for /var/run/setrans
Resolves: #1053122

Mon Jan 6 13:00:00 2014 Dan Walsh - 2.2.2-1
- Update to upstream

* Fix userspace AVC handling of per-domain permissive mode.
- Verify context is not null when passed into
*setfilecon_raw

Fri Dec 27 13:00:00 2013 Adam Williamson - 2.2.1-6
- revert unexplained change to rhat.patch which broke SELinux disablement

Mon Dec 23 13:00:00 2013 Dan Walsh - 2.2.1-5
- Verify context is not null when passed into lsetfilecon_raw

Wed Dec 18 13:00:00 2013 Dan Walsh - 2.2.1-4
- Mv selinux.go to /usr/share/gocode/src/selinux
- Add golang support to selinux.

Tue Dec 17 13:00:00 2013 Daniel Mach - 2.2.1-3
- Mass rebuild 2013-12-27

Thu Dec 5 13:00:00 2013 Dan Walsh - 2.2.1-2
- Remove togglesebool man page
Resolves: #1038606

Mon Nov 25 13:00:00 2013 Dan Walsh - 2.2.1-1
- Update to upstream

* Remove -lpthread from pkg-config file; it is not required.
- Add support for policy compressed with xv

Thu Oct 31 13:00:00 2013 Dan Walsh - 2.2-1
- Update to upstream

* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.

* Support overriding Makefile RANLIB from Sven Vermeulen.

* Update pkgconfig definition from Sven Vermeulen.

* Mount sysfs before trying to mount selinuxfs from Sven Vermeulen.

* Fix man pages from Laurent Bigonville.

* Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville.

* Fix LDFLAGS usage from Laurent Bigonville

* Avoid shadowing stat in load_mmap from Joe MacDonald.

* Support building on older PCRE libraries from Joe MacDonald.

* Fix handling of temporary file in sefcontext_compile from Dan Walsh.

* Fix procattr cache from Dan Walsh.

* Define python constants for getenforce result from Dan Walsh.

* Fix label substitution handling of / from Dan Walsh.

* Add selinux_current_policy_path from Dan Walsh.

* Change get_context_list to only return good matches from Dan Walsh.

* Support udev-197 and higher from Sven Vermeulen and Dan Walsh.

* Add support for local substitutions from Dan Walsh.

* Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh.

* Python wrapper leak fixes from Dan Walsh.

* Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh.

* Add selinux_systemd_contexts_path from Dan Walsh.

* Add selinux_set_policy_root from Dan Walsh.

* Add man page for sefcontext_compile from Dan Walsh.

Fri Oct 4 14:00:00 2013 Dan Walsh - 2.1.13-21
- Add systemd_contexts support
- Do substitutions on a local sub followed by a dist sub
Resolves: #971425

Thu Oct 3 14:00:00 2013 Dan Walsh - 2.1.13-20
- Eliminate requirement on pthread library, by applying patch for Jakub Jelinek
Resolves: #1013801

Mon Sep 16 14:00:00 2013 Dan Walsh - 2.1.13-19
- Fix handling of libselinux getconlist with only one entry

Tue Sep 3 14:00:00 2013 Dan Walsh - 2.1.13-17
- Add Python constants for SELinux enforcing modes

Sat Aug 3 14:00:00 2013 Fedora Release Engineering - 2.1.13-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

Fri Jun 28 14:00:00 2013 Dan Walsh - 2.1.13-16
- Add sefcontext_compile.8 man page
- Add Russell Coker patch to fix man pages
- Add patches from Laurent Bigonville to fix Makefiles for debian.
- modify spec file to use /usr/lib

Mon May 6 14:00:00 2013 Dan Walsh - 2.1.13-15
- Fix patch that Handles substitutions for /

Wed Apr 17 14:00:00 2013 Dan Walsh - 2.1.13-14
- Handle substitutions for /
- semanage fcontext -a -e / /opt/rh/devtoolset-2/root

Tue Apr 9 14:00:00 2013 Dan Walsh - 2.1.13-13
- Add Eric Paris patch to fix procattr calls after a fork.

Tue Mar 26 13:00:00 2013 Dan Walsh - 2.1.13-12
- Move secolor.conf.5 into mcstrans package and out of libselinux

Wed Mar 20 13:00:00 2013 Dan Walsh - 2.1.13-11
- Fix python bindings for selinux_check_access

Tue Mar 19 13:00:00 2013 Dan Walsh - 2.1.13-10
- Fix reseting the policy root in matchpathcon

Wed Mar 6 13:00:00 2013 Dan Walsh - 2.1.13-9
- Cleanup setfcontext_compile atomic patch
- Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root
- Make sure we set exit codes from selinux_label calls to ENOENT or SUCCESS

Wed Mar 6 13:00:00 2013 Dan Walsh - 2.1.13-8
- Make setfcontext_compile atomic

Wed Mar 6 13:00:00 2013 Dan Walsh - 2.1.13-7
- Fix memory leak in set
*con calls.

Thu Feb 28 13:00:00 2013 Dan Walsh - 2.1.13-6
- Move matchpathcon to -utils package
- Remove togglesebool

Thu Feb 21 13:00:00 2013 Dan Walsh - 2.1.13-5
- Fix selinux man page to reflect what current selinux policy is.

Fri Feb 15 13:00:00 2013 Dan Walsh - 2.1.13-4
- Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files.

Fri Feb 15 13:00:00 2013 Dan Walsh - 2.1.13-3
- Bring back selinux_current_policy_path

Thu Feb 14 13:00:00 2013 Dan Walsh - 2.1.13-2
- Revert some changes which are causing the wrong policy version file to be created

Thu Feb 7 13:00:00 2013 Dan Walsh - 2.1.13-1
- Update to upstream

* audit2why: make sure path is nul terminated

* utils: new file context regex compiler

* label_file: use precompiled filecontext when possible

* do not leak mmapfd

* sefcontontext_compile: Add error handling to help debug problems in libsemanage.

* man: make selinux.8 mention service man pages

* audit2why: Fix segfault if finish() called twice

* audit2why: do not leak on multiple init() calls

* mode_to_security_class: interface to translate a mode_t in to a security class

* audit2why: Cleanup audit2why analysys function

* man: Fix program synopsis and function prototypes in man pages

* man: Fix man pages formatting

* man: Fix typo in man page

* man: Add references and man page links to _raw function variants

* Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions

* man: context_new(3): fix the return value description

* selinux_status_open: handle error from sysconf

* selinux_status_open: do not leak statusfd on exec

* Fix errors found by coverity

* Change boooleans.subs to booleans.subs_dist.

* optimize set
*con functions

* pkg-config do not specifc ruby version

* unmap file contexts on selabel_close()

* do not leak file contexts with mmap\'d backend

* sefcontext_compile: do not leak fd on error

* matchmediacon: do not leak fd

* src/label_android_property: do not leak fd on error

Sun Jan 27 13:00:00 2013 Dan Walsh - 2.1.12-20
- Update to latest patches from eparis/Upstream

Fri Jan 25 13:00:00 2013 Dan Walsh - 2.1.12-19
- Update to latest patches from eparis/Upstream

Wed Jan 23 13:00:00 2013 Dan Walsh - 2.1.12-18
- Try procatt speedup patch again

Wed Jan 23 13:00:00 2013 Dan Walsh - 2.1.12-17
- Roll back procattr speedups since it seems to be screwing up systemd labeling.

Tue Jan 22 13:00:00 2013 Dan Walsh - 2.1.12-16
- Fix tid handling for setfscreatecon, old patch still broken in libvirt

Wed Jan 16 13:00:00 2013 Dan Walsh - 2.1.12-15
- Fix tid handling for setfscreatecon, old patch still broken in libvirt

Mon Jan 14 13:00:00 2013 Dan Walsh - 2.1.12-14
- setfscreatecon after fork was broken by the Set
*con patch.
- We needed to reset the thread variables after a fork.

Thu Jan 10 13:00:00 2013 Dan Walsh - 2.1.12-13
- Fix setfscreatecon call to handle failure mode, which was breaking udev

Wed Jan 9 13:00:00 2013 Dan Walsh - 2.1.12-12
- Ondrej Oprala patch to optimize set
*con functions
- Set
*con now caches the security context and only re-sets it if it changes.

Tue Jan 8 13:00:00 2013 Dan Walsh - 2.1.12-11
- Rebuild against latest libsepol

Fri Jan 4 13:00:00 2013 Dan Walsh - 2.1.12-10
- Update to latest patches from eparis/Upstream
- Fix errors found by coverity
- set the sepol_compute_av_reason_buffer flag to 0. This means calculate denials only?
- audit2why: remove a useless policy vers variable
- audit2why: use the new constraint information

Mon Nov 19 13:00:00 2012 Dan Walsh - 2.1.12-9
- Rebuild with latest libsepol

Fri Nov 16 13:00:00 2012 Dan Walsh - 2.1.12-8
- Return EPERM if login program can not reach default label for user
- Attempt to return container info from audit2why

Thu Nov 1 13:00:00 2012 Dan Walsh - 2.1.12-7
- Apply patch from eparis to fix leaked file descriptor in new labeling code

Fri Oct 19 14:00:00 2012 Dan Walsh - 2.1.12-6
- Add new function mode_to_security_class which takes mode instead of a string.
- Possibly will be used with coreutils.

Mon Oct 15 14:00:00 2012 Dan Walsh - 2.1.12-5
- Add back selinuxconlist and selinuxdefcon man pages

Mon Oct 15 14:00:00 2012 Dan Walsh - 2.1.12-4
- Fix segfault from calling audit2why.finish() multiple times

Fri Oct 12 14:00:00 2012 Dan Walsh - 2.1.12-3
- Fix up selinux man page to reference service man pages

Wed Sep 19 14:00:00 2012 Dan Walsh - 2.1.12-2
- Rebuild with fixed libsepol

Thu Sep 13 14:00:00 2012 Dan Walsh - 2.1.12-1
- Update to upstream

* Add support for lxc_contexts_path

* utils: add service to getdefaultcon

* libsemanage: do not set soname needlessly

* libsemanage: remove PYTHONLIBDIR and ruby equivalent

* boolean name equivalency

* getsebool: support boolean name substitution

* Add man page for new selinux_boolean_sub function.

* expose selinux_boolean_sub

* matchpathcon: add -m option to force file type check

* utils: avcstat: clear sa_mask set

* seusers: Check for strchr failure

* booleans: initialize pointer to silence coveriety

* stop messages when SELinux disabled

* label_file: use PCRE instead of glibc regex functions

* label_file: remove all typedefs

* label_file: move definitions to include file

* label_file: do string to mode_t conversion in a helper function

* label_file: move error reporting back into caller

* label_file: move stem/spec handling to header

* label_file: drop useless ncomp field from label_file data

* label_file: move spec_hasMetaChars to header

* label_file: fix potential read past buffer in spec_hasMetaChars

* label_file: move regex sorting to the header

* label_file: add accessors for the pcre extra data

* label_file: only run regex files one time

* label_file: new process_file function

* label_file: break up find_stem_from_spec

* label_file: struct reorg

* label_file: only run array once when sorting

* Ensure that we only close the selinux netlink socket once.

* improve the file_contexts.5 manual page

Fri Aug 3 14:00:00 2012 David Malcolm - 2.1.11-6
- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3

Wed Aug 1 14:00:00 2012 David Malcolm - 2.1.11-5
- make with_python3 be conditional on fedora

Thu Jul 19 14:00:00 2012 Fedora Release Engineering - 2.1.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

Mon Jul 16 14:00:00 2012 Dan Walsh - 2.1.11-3
- Move the tmpfiles.d content from /etc/tmpfiles.d to /usr/lib/tmpfiles.d

Fri Jul 13 14:00:00 2012 Dan Walsh - 2.1.11-2
- Revert Eric Paris Patch for selinux_binary_policy_path

Wed Jul 4 14:00:00 2012 Dan Walsh - 2.1.11-1
- Update to upstream

* Fortify source now requires all code to be compiled with -O flag

* asprintf return code must be checked

* avc_netlink_recieve handle EINTR

* audit2why: silence -Wmissing-prototypes warning

* libsemanage: remove build warning when build swig c files

* matchpathcon: bad handling of symlinks in /

* seusers: remove unused lineno

* seusers: getseuser: gracefully handle NULL service

* New Android property labeling backend

* label_android_property whitespace cleanups

* additional makefile support for rubywrap

Mon Jun 11 14:00:00 2012 Dan Walsh - 2.1.10-5
- Fix booleans.subs name, change function name to selinux_boolean_sub,
add man page, minor fixes to the function

Fri May 25 14:00:00 2012 Dan Walsh - 2.1.10-4
- Fix to compile with Fortify source

* Add -O compiler flag

* Check return code from asprintf
- Fix handling of symbolic links in / by realpath_not_final

Tue Apr 17 14:00:00 2012 Dan Walsh - 2.1.10-3
- Add support for lxc contexts file

Fri Mar 30 14:00:00 2012 Dan Walsh - 2.1.10-2
- Add support fot boolean subs file

Thu Mar 29 14:00:00 2012 Dan Walsh - 2.1.10-1
- Update to upstream

* Fix dead links to www.nsa.gov/selinux

* Remove jump over variable declaration

* Fix old style function definitions

* Fix const-correctness

* Remove unused flush_class_cache method

* Add prototype decl for destructor

* Add more printf format annotations

* Add printf format attribute annotation to die() method

* Fix const-ness of parameters & make usage() methods static

* Enable many more gcc warnings for libselinux/src/ builds

* utils: Enable many more gcc warnings for libselinux/utils builds

* Change annotation on include/selinux/avc.h to avoid upsetting SWIG

* Ensure there is a prototype for \'matchpathcon_lib_destructor\'

* Update Makefiles to handle /usrmove

* utils: Stop separating out matchpathcon as something special

* pkg-config to figure out where ruby include files are located

* build with either ruby 1.9 or ruby 1.8

* assert if avc_init() not called

* take security_deny_unknown into account

* security_compute_create_name(3)

* Do not link against python library, this is considered

* bad practice in debian

* Hide unnecessarily-exported library destructors

Thu Feb 16 13:00:00 2012 Dan Walsh - 2.1.9-9
- Add selinux_current_policy_path to return /sys/fs/selinux/policy if it exists
- Otherwise search for policy on disk

Wed Feb 15 13:00:00 2012 Dan Walsh - 2.1.9-8
- Change selinux_binary_policy_path to return /sys/fs/selinux/policy
- Add selinux_installed_policy_path to return what selinux_binary_policy_path used to return
- avc_has_perm will now return yes if the machine is in permissive mode
- Make work with ruby-1.9

Fri Feb 3 13:00:00 2012 Dan Walsh - 2.1.9-7
- avc_netlink_recieve should continue to poll if it receinves an EINTR rather

Sun Jan 29 13:00:00 2012 Kay Sievers - 2.1.9-6
- use /sbin/ldconfig, glibc does not provide
/usr/sbin/ldconfig in the RPM database for now

Fri Jan 27 13:00:00 2012 Dan Walsh - 2.1.9-5
- Rebuild with cleaned up upstream to work in /usr

Wed Jan 25 13:00:00 2012 Harald Hoyer 2.1.9-4
- install everything in /usr
https://fedoraproject.org/wiki/Features/UsrMove

Mon Jan 23 13:00:00 2012 Dan Walsh - 2.1.9-3
- Add Dan Berrange code cleanup patches.

Wed Jan 4 13:00:00 2012 Dan Walsh - 2.1.9-2
- Fix selabal_open man page to refer to proper selinux_opt structure

Wed Dec 21 13:00:00 2011 Dan Walsh - 2.1.9-1
-Update to upstream

* Fix setenforce man page to refer to selinux man page

* Cleanup Man pages

* merge freecon with getcon man page

Mon Dec 19 13:00:00 2011 Dan Walsh - 2.1.8-5
- Add patch from Richard Haines
When selabel_lookup found an invalid context with validation enabled, it
always stated it was \'file_contexts\' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.
- Fix setenforce manage page.

Thu Dec 15 13:00:00 2011 Dan Walsh - 2.1.8-4
- Rebuild with new libsepol

Tue Dec 6 13:00:00 2011 Dan Walsh - 2.1.8-2
- Fix setenforce man page, from Miroslav Grepl

Tue Dec 6 13:00:00 2011 Dan Walsh - 2.1.8-1
- Upgrade to upstream

* selinuxswig_python.i: don\'t make syscall if it won\'t change anything

* Remove assert in security_get_boolean_names(3)

* Mapped compute functions now obey deny_unknown flag

* get_default_type now sets EINVAL if no entry.

* return EINVAL if invalid role selected

* Updated selabel_file(5) man page

* Updated selabel_db(5) man page

* Updated selabel_media(5) man page

* Updated selabel_x(5) man page

* Add man/man5 man pages

* Add man/man5 man pages

* Add man/man5 man pages

* use -W and -Werror in utils

Tue Nov 29 13:00:00 2011 Dan Walsh - 2.1.7-2
- Change python binding for restorecon to check if the context matches.
- If it does do not reset

Fri Nov 4 13:00:00 2011 Dan Walsh - 2.1.7-1
- Upgrade to upstream

* Makefiles: syntax, convert all ${VAR} to $(VAR)

* load_policy: handle selinux=0 and /sys/fs/selinux not exist

* regenerate .pc on VERSION change

* label: cosmetic cleanups

* simple interface for access checks

* Don\'t reinitialize avc_init if it has been called previously

* seusers: fix to handle large sets of groups

* audit2why: close fd on enomem

* rename and export symlink_realpath

* label_file: style changes to make Eric happy.

Mon Oct 24 14:00:00 2011 Dan Walsh - 2.1.6-4
- Apply libselinux patch to handle large groups in seusers.

Wed Oct 19 14:00:00 2011 Dan Walsh - 2.1.6-3
- Add selinux_check_access function. Needed for passwd, chfn, chsh

Thu Sep 22 14:00:00 2011 Dan Walsh - 2.1.6-2
- Handle situation where selinux=0 passed to the kernel and both /selinux and

Mon Sep 19 14:00:00 2011 Dan Walsh - 2.1.6-1
-Update to upstream

* utils: matchpathcon: remove duplicate declaration

* src: matchpathcon: use myprintf not fprintf

* src: matchpathcon: make sure resolved path starts

* put libselinux.so.1 in /lib not /usr/lib

* tree: default make target to all not

Wed Sep 14 14:00:00 2011 Dan Walsh - 2.1.5-5
- Switch to use \":\" as prefix separator rather then \";\"

Thu Sep 8 14:00:00 2011 Ville Skyttä - 2.1.5-4
- Avoid unnecessary shell invocation in %post.

Tue Sep 6 14:00:00 2011 Dan Walsh - 2.1.5-3
- Fix handling of subset labeling that is causing segfault in restorecon

Fri Sep 2 14:00:00 2011 Dan Walsh - 2.1.5-2
- Change matchpathcon_init_prefix and selabel_open to allow multiple initial
prefixes. Now you can specify a \";\" separated list of prefixes and the
labeling system will only load regular expressions that match these prefixes.

Tue Aug 30 14:00:00 2011 Dan Walsh - 2.1.5-1
- Change matchpatcon to use proper myprintf
- Fix symlink_realpath to always include \"/\"
- Update to upstream

* selinux_file_context_verify function returns wrong value.

* move realpath helper to matchpathcon library

* python wrapper makefile changes

Mon Aug 22 14:00:00 2011 Dan Walsh - 2.1.4-2
- Move to new Makefile that can build with or without PYTHON being set

Thu Aug 18 14:00:00 2011 Dan Walsh - 2.1.4-1
-Update to upstream
2.1.4 2011-0817

* mapping fix for invalid class/perms after selinux_set_mapping

* audit2why: work around python bug not defining

* resolv symlinks and dot directories before matching

2.1.2 2011-0803

* audit2allow: do not print statistics

* make python bindings for restorecon work on relative path

* fix python audit2why binding error

* support new python3 functions

* do not check fcontext duplicates on use

* Patch for python3 for libselinux

2.1.1 2011-08-02

* move .gitignore into utils

* new setexecon utility

* selabel_open fix processing of substitution files

* mountpoint changing patch.

* simplify SRCS in Makefile

2.1.1 2011-08-01

* Remove generated files, introduce more .gitignore

Thu Jul 28 14:00:00 2011 Dan Walsh - 2.1.0-1
-Update to upstream

* Release, minor version bump

* Give correct names to mount points in load_policy by Dan Walsh.

* Make sure selinux state is reported correctly if selinux is disabled or
fails to load by Dan Walsh.

* Fix crash if selinux_key_create was never called by Dan Walsh.

* Add new file_context.subs_dist for distro specific filecon substitutions
by Dan Walsh.

* Update man pages for selinux_color_
* functions by Richard Haines.

Mon Jun 13 14:00:00 2011 Dan Walsh - 2.0.102-6
- Only call dups check within selabel/matchpathcon if you are validating the
context
- This seems to speed the loading of labels by 4 times.

Fri Apr 29 14:00:00 2011 Dan Walsh - 2.0.102-5
- Move /selinux to /sys/fs/selinux
- Add selinuxexeccon
- Add realpath to matchpathcon to handle matchpathcon
* type queries.

Thu Apr 21 14:00:00 2011 Dan Walsh - 2.0.102-4
- Update for latest libsepol

Mon Apr 18 14:00:00 2011 Dan Walsh - 2.0.102-3
- Update for latest libsepol

Wed Apr 13 14:00:00 2011 Dan Walsh - 2.0.102-2
- Fix restorecon python binding to accept relative paths

Tue Apr 12 14:00:00 2011 Dan Walsh - 2.0.102-1
-Update to upstream

* Give correct names to mount points in load_policy by Dan Walsh.

* Make sure selinux state is reported correctly if selinux is disabled or
fails to load by Dan Walsh.

* Fix crash if selinux_key_create was never called by Dan Walsh.

* Add new file_context.subs_dist for distro specific filecon substitutions
by Dan Walsh.

* Update man pages for selinux_color_
* functions by Richard Haines.

Wed Apr 6 14:00:00 2011 Dan Walsh - 2.0.101-1
- Clean up patch to make handling of constructor cleanup more portable

* db_language object class support for selabel_lookup from KaiGai Kohei.

* Library destructors for thread local storage keys from Eamon Walsh.

Tue Apr 5 14:00:00 2011 Dan Walsh - 2.0.99-5
- Add distribution subs path

Tue Apr 5 14:00:00 2011 Dan Walsh - 2.0.99-4
Add patch from dbholeAATTredhat.com to initialize thread keys to -1
Errors were being seen in libpthread/libdl that were related
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
deleted. This is exactly what is happening in case of OpenJDK.

Workaround patch that initializes the key to -1. Thus if the constructor is not
called, the destructor tries to delete key -1 which is deemed invalid by
pthread_key_delete, and is ignored.

Tue Apr 5 14:00:00 2011 Dan Walsh - 2.0.99-3
- Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data

Fri Apr 1 14:00:00 2011 Dan Walsh - 2.0.99-2
- Change mount source options to use \"proc\" and \"selinuxfs\"

Tue Mar 1 13:00:00 2011 Dan Walsh - 2.0.99-1
- Update to upstream

* Turn off default user handling when computing user contexts by Dan Walsh

Tue Feb 8 13:00:00 2011 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

Tue Feb 1 13:00:00 2011 Dan Walsh - 2.0.98-3
- Fixup selinux man page

Tue Jan 18 13:00:00 2011 Dan Walsh - 2.0.98-2
- Fix Makefile to use pkg-config --cflags python3 to discover include paths

Tue Dec 21 13:00:00 2010 Dan Walsh - 2.0.98-1
- Update to upstream
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list

Mon Dec 6 13:00:00 2010 Dan Walsh - 2.0.97-1
- Update to upstream

* Thread local storage fixes from Eamon Walsh.

Sat Dec 4 13:00:00 2010 Dan Walsh - 2.0.96-9
- Add /etc/tmpfiles.d support for /var/run/setrans

Wed Nov 24 13:00:00 2010 Dan Walsh - 2.0.96-8
- Ghost /var/run/setrans

Wed Sep 29 14:00:00 2010 jkeating - 2.0.96-7
- Rebuilt for gcc bug 634757

Thu Sep 16 14:00:00 2010 Adam Tkac - 2.0.96-6
- rebuild via updated swig (#624674)

Sun Aug 22 14:00:00 2010 Dan Walsh - 2.0.96-5
- Update for python 3.2a1

Tue Jul 27 14:00:00 2010 Dan Walsh - 2.0.96-4
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list

Wed Jul 21 14:00:00 2010 David Malcolm - 2.0.96-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

Fri Jun 25 14:00:00 2010 Dan Walsh - 2.0.96-2
- Turn off messages in audit2why

Wed Mar 24 13:00:00 2010 Dan Walsh - 2.0.96-1
- Update to upstream

* Add const qualifiers to public API where appropriate by KaiGai Kohei.

2.0.95 2010-06-10

* Remove duplicate slashes in paths in selabel_lookup from Chad Sellers

* Adds a chcon method to the libselinux python bindings from Steve Lawrence
- add python3 subpackage from David Malcolm

Wed Mar 24 13:00:00 2010 Dan Walsh - 2.0.94-1

* Set errno=EINVAL for invalid contexts from Dan Walsh.

Tue Mar 16 13:00:00 2010 Dan Walsh - 2.0.93-1
- Update to upstream

* Show strerror for security_getenforce() by Colin Waters.

* Merged selabel database support by KaiGai Kohei.

* Modify netlink socket blocking code by KaiGai Kohei.

Sun Mar 7 13:00:00 2010 Dan Walsh - 2.0.92-1
- Update to upstream

* Fix from Eric Paris to fix leak on non-selinux systems.

* regenerate swig wrappers

* pkgconfig fix to respect LIBDIR from Dan Walsh.

Wed Feb 24 13:00:00 2010 Dan Walsh - 2.0.91-1
- Update to upstream

* Change the AVC to only audit the permissions specified by the
policy, excluding any permissions specified via dontaudit or not
specified via auditallow.

* Fix compilation of label_file.c with latest glibc headers.

Mon Feb 22 13:00:00 2010 Dan Walsh - 2.0.90-5
- Fix potential doublefree on init

Thu Feb 18 13:00:00 2010 Dan Walsh - 2.0.90-4
- Fix libselinux.pc

Mon Jan 18 13:00:00 2010 Dan Walsh - 2.0.90-3
- Fix man page for selinuxdefcon

Mon Jan 4 13:00:00 2010 Dan Walsh - 2.0.90-2
- Free memory on disabled selinux boxes

Tue Dec 1 13:00:00 2009 Dan Walsh - 2.0.90-1
- Update to upstream

* add/reformat man pages by Guido Trentalancia .

* Change exception.sh to be called with bash by Manoj Srivastava

Mon Nov 2 13:00:00 2009 Dan Walsh - 2.0.89-2
- Fix selinuxdefcon man page

Mon Nov 2 13:00:00 2009 Dan Walsh - 2.0.89-1
- Update to upstream

* Add pkgconfig file from Eamon Walsh.

Thu Oct 29 13:00:00 2009 Dan Walsh - 2.0.88-1
- Update to upstream

* Rename and export selinux_reset_config()

Tue Sep 8 14:00:00 2009 Dan Walsh - 2.0.87-1
- Update to upstream

* Add exception handling in libselinux from Dan Walsh. This uses a
shell script called exception.sh to generate a swig interface file.

* make swigify

* Make matchpathcon print <> if path not found in fcontext file.

Tue Sep 8 14:00:00 2009 Dan Walsh - 2.0.86-2
- Eliminate -pthread switch in Makefile

Tue Sep 8 14:00:00 2009 Dan Walsh - 2.0.86-1
- Update to upstream

* Removal of reference counting on userspace AVC SID\'s.

Sat Jul 25 14:00:00 2009 Fedora Release Engineering - 2.0.85-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Tue Jul 7 14:00:00 2009 Dan Walsh - 2.0.85-1
- Update to upstream

* Reverted Tomas Mraz\'s fix for freeing thread local storage to avoid
pthread dependency.

* Removed fini_context_translations() altogether.

* Merged lazy init patch from Stephen Smalley based on original patch
by Steve Grubb.

Tue Jul 7 14:00:00 2009 Dan Walsh - 2.0.84-1
- Update to upstream

* Add per-service seuser support from Dan Walsh.

* Let load_policy gracefully handle selinuxfs being mounted from Stephen Smalley.

* Check /proc/filesystems before /proc/mounts for selinuxfs from Eric
Paris.

Wed Jun 24 14:00:00 2009 Dan Walsh - 2.0.82-2
- Add provices ruby(selinux)

Tue Jun 23 14:00:00 2009 Dan Walsh - 2.0.82-1
- Update to upstream

* Fix improper use of thread local storage from Tomas Mraz .

* Label substitution support from Dan Walsh.

* Support for labeling virtual machine images from Dan Walsh.

Mon May 18 14:00:00 2009 Dan Walsh - 2.0.81-1
- Update to upstream

* Trim / from the end of input paths to matchpathcon from Dan Walsh.

* Fix leak in process_line in label_file.c from Hiroshi Shinji.

* Move matchpathcon to /sbin, add matchpathcon to clean target from Dan Walsh.

* getdefaultcon to print just the correct match and add verbose option from Dan Walsh.

Wed Apr 8 14:00:00 2009 Dan Walsh - 2.0.80-1
- Update to upstream

* deny_unknown wrapper function from KaiGai Kohei.

* security_compute_av_flags API from KaiGai Kohei.

* Netlink socket management and callbacks from KaiGai Kohei.

Fri Apr 3 14:00:00 2009 Dan Walsh - 2.0.79-6
- Fix Memory Leak

Thu Apr 2 14:00:00 2009 Dan Walsh - 2.0.79-5
- Fix crash in python

Sun Mar 29 14:00:00 2009 Dan Walsh - 2.0.79-4
- Add back in additional interfaces

Fri Mar 27 13:00:00 2009 Dan Walsh - 2.0.79-3
- Add back in av_decision to python swig

Thu Mar 12 13:00:00 2009 Dan Walsh - 2.0.79-1
- Update to upstream

* Netlink socket handoff patch from Adam Jackson.

* AVC caching of compute_create results by Eric Paris.

Tue Mar 10 13:00:00 2009 Dan Walsh - 2.0.78-5
- Add patch from ajax to accellerate X SELinux
- Update eparis patch

Mon Mar 9 13:00:00 2009 Dan Walsh - 2.0.78-4
- Add eparis patch to accellerate Xwindows performance

Mon Mar 9 13:00:00 2009 Dan Walsh - 2.0.78-3
- Fix URL

Fri Mar 6 13:00:00 2009 Dan Walsh - 2.0.78-2
- Add substitute pattern
- matchpathcon output <> on ENOENT

Mon Mar 2 13:00:00 2009 Dan Walsh - 2.0.78-1
- Update to upstream

* Fix incorrect conversion in discover_class code.

Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 2.0.77-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Wed Feb 18 13:00:00 2009 Dan Walsh - 2.0.77-5
- Add
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path

Tue Jan 6 13:00:00 2009 Dan Walsh - 2.0.77-3
- Throw exeptions in python swig bindings on failures

Tue Jan 6 13:00:00 2009 Dan Walsh - 2.0.77-2
- Fix restorecon python code

Tue Jan 6 13:00:00 2009 Dan Walsh - 2.0.77-1
- Update to upstream

Tue Dec 16 13:00:00 2008 Dan Walsh - 2.0.76-6
- Strip trailing / for matchpathcon

Tue Dec 16 13:00:00 2008 Dan Walsh l - 2.0.76-5
- Fix segfault if seusers file does not work

Fri Dec 12 13:00:00 2008 Dan Walsh - 2.0.76-4
- Add new function getseuser which will take username and service and return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default

Sat Nov 29 13:00:00 2008 Ignacio Vazquez-Abrams - 2.0.76-2
- Rebuild for Python 2.6

Mon Nov 17 13:00:00 2008 Dan Walsh - 2.0.76-1
- Update to Upstream

* Allow shell-style wildcards in x_contexts file.

Mon Nov 17 13:00:00 2008 Dan Walsh - 2.0.75-2
- Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names
- Add Restorecon/Install python functions from Luke Macken

Fri Nov 7 13:00:00 2008 Dan Walsh - 2.0.75-1
- Update to Upstream

* Correct message types in AVC log messages.

* Make matchpathcon -V pass mode from Dan Walsh.

* Add man page for selinux_file_context_cmp from Dan Walsh.

Tue Sep 30 14:00:00 2008 Dan Walsh - 2.0.73-1
- Update to Upstream

* New man pages from Dan Walsh.

* Update flask headers from refpolicy trunk from Dan Walsh.

Fri Sep 26 14:00:00 2008 Dan Walsh - 2.0.71-6
- Fix matchpathcon -V call

Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-5
- Add flask definitions for open, X and nlmsg_tty_audit

Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-4
- Add missing get/setkeycreatecon man pages

Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-3
- Split out utilities

Tue Sep 9 14:00:00 2008 Dan Walsh - 2.0.71-2
- Add missing man page links for [lf]getfilecon

Tue Aug 5 14:00:00 2008 Dan Walsh - 2.0.71-1
- Update to Upstream

* Add group support to seusers using %groupname syntax from Dan Walsh.

* Mark setrans socket close-on-exec from Stephen Smalley.

* Only apply nodups checking to base file contexts from Stephen Smalley.

Fri Aug 1 14:00:00 2008 Dan Walsh - 2.0.70-1
- Update to Upstream

* Merge ruby bindings from Dan Walsh.
- Add support for Linux groups to getseuserbyname

Fri Aug 1 14:00:00 2008 Dan Walsh - 2.0.69-2
- Allow group handling in getseuser call

Tue Jul 29 14:00:00 2008 Dan Walsh - 2.0.69-1
- Update to Upstream

* Handle duplicate file context regexes as a fatal error from Stephen Smalley.
This prevents adding them via semanage.

* Fix audit2why shadowed variables from Stephen Smalley.

* Note that freecon NULL is legal in man page from Karel Zak.

Wed Jul 9 14:00:00 2008 Dan Walsh - 2.0.67-4
- Add ruby support for puppet

Tue Jul 8 14:00:00 2008 Dan Walsh - 2.0.67-3
- Rebuild for new libsepol

Sun Jun 29 14:00:00 2008 Dan Walsh - 2.0.67-2
- Add Karel Zak patch for freecon man page

Sun Jun 22 14:00:00 2008 Dan Walsh - 2.0.67-1
- Update to Upstream

* New and revised AVC, label, and mapping man pages from Eamon Walsh.

* Add swig python bindings for avc interfaces from Dan Walsh.

Sun Jun 22 14:00:00 2008 Dan Walsh - 2.0.65-1
- Update to Upstream

* Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.

* Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.

Fri May 16 14:00:00 2008 Dan Walsh - 2.0.64-3
- libselinux no longer neets to telnet -u in post install

Wed May 7 14:00:00 2008 Dan Walsh - 2.0.64-2
- Add sedefaultcon and setconlist commands to dump login context

Tue Apr 22 14:00:00 2008 Dan Walsh - 2.0.64-1
- Update to Upstream

* Fixed selinux_set_callback man page.

* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.

* Fix memory leaks in matchpathcon from Eamon Walsh.

Wed Apr 16 14:00:00 2008 Dan Walsh - 2.0.61-4
- Add Xavior Toth patch for security_id_t in swig

Thu Apr 10 14:00:00 2008 Dan Walsh - 2.0.61-3
- Add avc.h to swig code

Wed Apr 9 14:00:00 2008 Dan Walsh - 2.0.61-2
- Grab the latest policy for the kernel

Tue Apr 1 14:00:00 2008 Dan Walsh - 2.0.61-1
- Update to Upstream

* Man page typo fix from Jim Meyering.

Sun Mar 23 13:00:00 2008 Dan Walsh - 2.0.60-1
- Update to Upstream

* Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.

Thu Mar 13 13:00:00 2008 Dan Walsh - 2.0.59-2
- Fix matchpathcon memory leak

Fri Feb 29 13:00:00 2008 Dan Walsh - 2.0.59-1
- Update to Upstream

* Merged new X label \"poly_selection\" namespace from Eamon Walsh.

Thu Feb 28 13:00:00 2008 Dan Walsh - 2.0.58-1
- Update to Upstream

* Merged reset_selinux_config() for load policy from Dan Walsh.

Thu Feb 28 13:00:00 2008 Dan Walsh - 2.0.57-2
- Reload library on loading of policy to handle chroot

Mon Feb 25 13:00:00 2008 Dan Walsh - 2.0.57-1
- Update to Upstream

* Merged avc_has_perm() errno fix from Eamon Walsh.

Fri Feb 22 13:00:00 2008 Dan Walsh - 2.0.56-1
- Update to Upstream

* Regenerated Flask headers from refpolicy flask definitions.

Wed Feb 13 13:00:00 2008 Dan Walsh - 2.0.55-1
- Update to Upstream

* Merged compute_member AVC function and manpages from Eamon Walsh.

* Provide more error reporting on load policy failures from Stephen Smalley.

Fri Feb 8 13:00:00 2008 Dan Walsh - 2.0.53-1
- Update to Upstream

* Merged new X label \"poly_prop\" namespace from Eamon Walsh.

Wed Feb 6 13:00:00 2008 Dan Walsh - 2.0.52-1
- Update to Upstream

* Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.

* Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.

Tue Jan 29 13:00:00 2008 Dan Walsh - 2.0.50-1
- Update to Upstream

* Merged fix for audit2why from Dan Walsh.

Fri Jan 25 13:00:00 2008 Dan Walsh - 2.0.49-2
- Fix audit2why to grab latest policy versus the one selected by the kernel

Wed Jan 23 13:00:00 2008 Dan Walsh - 2.0.49-1

* Merged audit2why python binding from Dan Walsh.

Wed Jan 23 13:00:00 2008 Dan Walsh - 2.0.48-1

* Merged updated swig bindings from Dan Walsh, including typemap for pid_t.

Mon Jan 21 13:00:00 2008 Dan Walsh - 2.0.47-4
- Update to use libsepol-static library

Wed Jan 16 13:00:00 2008 Adel Gadllah - 2.0.47-3
- Move libselinux.a to -static package
- Spec cleanups

Tue Jan 15 13:00:00 2008 Dan Walsh - 2.0.47-2
- Put back libselinux.a

Fri Jan 11 13:00:00 2008 Dan Walsh - 2.0.47-1
- Fix memory references in audit2why and change to use tuples
- Update to Upstream

* Fix for the avc: granted null message bug from Stephen Smalley.

Fri Jan 11 13:00:00 2008 Dan Walsh - 2.0.46-6
- Fix __init__.py specification

Tue Jan 8 13:00:00 2008 Dan Walsh - 2.0.46-5
- Add audit2why python bindings

Tue Jan 8 13:00:00 2008 Dan Walsh - 2.0.46-4
- Add pid_t typemap for swig bindings

Thu Jan 3 13:00:00 2008 Dan Walsh - 2.0.46-3
- smp_mflag

Thu Jan 3 13:00:00 2008 Dan Walsh - 2.0.46-2
- Fix spec file caused by spec review

Fri Nov 30 13:00:00 2007 Dan Walsh - 2.0.46-1
- Upgrade to upstream

* matchpathcon(8) man page update from Dan Walsh.

Fri Nov 30 13:00:00 2007 Dan Walsh - 2.0.45-1
- Upgrade to upstream

* dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.

* Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.

* A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.

Thu Nov 15 13:00:00 2007 Dan Walsh - 2.0.43-1
- Upgrade to upstream

* Regenerated Flask headers from policy.

Thu Nov 15 13:00:00 2007 Dan Walsh - 2.0.42-1
- Upgrade to upstream

* AVC enforcing mode override patch from Eamon Walsh.

* Aligned attributes in AVC netlink code from Eamon Walsh.
- Move libselinux.so back into devel package, procps has been fixed

Tue Nov 6 13:00:00 2007 Dan Walsh - 2.0.40-1
- Upgrade to upstream

* Merged refactored AVC netlink code from Eamon Walsh.

* Merged new X label namespaces from Eamon Walsh.

* Bux fix and minor refactoring in string representation code.

Fri Oct 5 14:00:00 2007 Dan Walsh - 2.0.37-1
- Upgrade to upstream

* Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.

Fri Sep 28 14:00:00 2007 Dan Walsh - 2.0.36-1
- Upgrade to upstream

* Fix segfault resulting from missing file_contexts file.

Thu Sep 27 14:00:00 2007 Dan Walsh - 2.0.35-2
- Fix segfault on missing file_context file

Wed Sep 26 14:00:00 2007 Dan Walsh - 2.0.35-1
- Upgrade to upstream

* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.

* Pass CFLAGS when using gcc for linking from Dennis Gilmore.

Mon Sep 24 14:00:00 2007 Dan Walsh - 2.0.34-3
- Add sparc patch to from Dennis Gilmore to build on Sparc platform

Mon Sep 24 14:00:00 2007 Dan Walsh - 2.0.34-2
- Remove leaked file descriptor

Tue Sep 18 14:00:00 2007 Dan Walsh - 2.0.34-1
- Upgrade to latest from NSA

* Fix selabel option flag setting for 64-bit from Stephen Smalley.

Tue Sep 18 14:00:00 2007 Dan Walsh - 2.0.33-2
- Change matchpatcon to use syslog instead of syserror

Thu Sep 13 14:00:00 2007 Dan Walsh - 2.0.33-1
- Upgrade to latest from NSA

* Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.

* Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.

* Fix swig binding for rpm_execcon from James Athey.

Thu Sep 6 14:00:00 2007 Dan Walsh - 2.0.31-4
- Apply James Athway patch to fix rpm_execcon python binding

Tue Aug 28 14:00:00 2007 Dan Walsh - 2.0.31-3
- Move libselinux.so back into main package, breaks procps

Thu Aug 23 14:00:00 2007 Dan Walsh - 2.0.31-2
- Upgrade to upstream

* Fix file_contexts.homedirs path from Todd Miller.

Tue Aug 21 14:00:00 2007 Dan Walsh - 2.0.30-2
- Remove requirement on setransd, Moved to selinux-policy-mls

Fri Aug 10 14:00:00 2007 Dan Walsh - 2.0.30-1
- Move libselinux.so into devel package
- Upgrade to upstream

* Fix segfault resulting from uninitialized print-callback pointer.

* Added x_contexts path function patch from Eamon Walsh.

* Fix build for EMBEDDED=y from Yuichi Nakamura.

* Fix markup problems in selinux man pages from Dan Walsh.

Fri Aug 3 14:00:00 2007 Dan Walsh - 2.0.29-1
- Upgrade to upstream

* Updated version for stable branch.

* Added x_contexts path function patch from Eamon Walsh.

* Fix build for EMBEDDED=y from Yuichi Nakamura.

* Fix markup problems in selinux man pages from Dan Walsh.

* Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.

* Added swigify to top-level Makefile from Dan Walsh.

* Fix for string_to_security_class segfault on x86_64 from Stephen
Smalley.

Mon Jul 23 14:00:00 2007 Dan Walsh - 2.0.24-3
- Apply Steven Smalley patch to fix segfault in string_to_security_class

Wed Jul 18 14:00:00 2007 Dan Walsh - 2.0.24-2
- Fix matchpathcon to set default myprintf

Mon Jul 16 14:00:00 2007 Dan Walsh - 2.0.24-1
- Upgrade to upstream

* Fix for getfilecon() for zero-length contexts from Stephen Smalley.

Wed Jul 11 14:00:00 2007 Dan Walsh - 2.0.23-3
- Update to match flask/access_vectors in policy

Tue Jul 10 14:00:00 2007 Dan Walsh - 2.0.23-2
- Fix man page markup lanquage for translations

Tue Jun 26 14:00:00 2007 Dan Walsh - 2.0.23-1
- Fix semanage segfault on x86 platform

Thu Jun 21 14:00:00 2007 Dan Walsh - 2.0.22-1
- Upgrade to upstream

* Labeling and callback interface patches from Eamon Walsh.

Tue Jun 19 14:00:00 2007 Dan Walsh - 2.0.21-2
- Refactored swig

Mon Jun 11 14:00:00 2007 Dan Walsh - 2.0.21-1
- Upgrade to upstream

* Class and permission mapping support patches from Eamon Walsh.

* Object class discovery support patches from Chris PeBenito.

* Refactoring and errno support in string representation code.

Fri Jun 1 14:00:00 2007 Dan Walsh - 2.0.18-1
- Upgrade to upstream
- Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.

2.0.17 2007-05-31

* Updated Lindent script and reindented two header files.

Fri May 4 14:00:00 2007 Dan Walsh - 2.0.16-1
- Upgrade to upstream

* Merged additional swig python bindings from Dan Walsh.

* Merged helpful message when selinuxfs mount fails patch from Dax Kelson.

Tue Apr 24 14:00:00 2007 Dan Walsh - 2.0.14-1
- Upgrade to upstream

* Merged build fix for avc_internal.c from Joshua Brindle.

Mon Apr 23 14:00:00 2007 Dan Walsh - 2.0.13-2
- Add get_context_list funcitions to swig file

Thu Apr 12 14:00:00 2007 Dan Walsh - 2.0.13-1
- Upgrade to upstream

* Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.

Thu Apr 12 14:00:00 2007 Dan Walsh - 2.0.12-2
- Add missing interface

Wed Apr 11 14:00:00 2007 Dan Walsh - 2.0.12-1
- Upgrade to upstream

* Merged support for getting initial contexts from James Carter.

Mon Apr 9 14:00:00 2007 Dan Walsh - 2.0.11-1
- Upgrade to upstream

* Merged userspace AVC patch to follow kernel\'s behavior for permissive mode in caching previous denials from Eamon Walsh.

* Merged sidput(NULL) patch from Eamon Walsh.

Thu Apr 5 14:00:00 2007 Dan Walsh - 2.0.9-2
- Make rpm_exec swig work

Tue Mar 27 14:00:00 2007 Dan Walsh - 2.0.9-1
- Upgrade to upstream

* Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.

Tue Mar 27 14:00:00 2007 Dan Walsh - 2.0.8-1
- Upgrade to upstream

* Merged fix for avc.h #include\'s from Eamon Walsh.

Thu Mar 22 13:00:00 2007 Dan Walsh - 2.0.7-2
- Add stdint.h to avc.h

Mon Mar 12 13:00:00 2007 Dan Walsh - 2.0.7-1
- Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
- Merged patch to drop support for old /etc/sysconfig/selinux and
- /etc/security policy file layout from Steve Grubb.

Thu Mar 8 13:00:00 2007 Dan Walsh - 2.0.5-2
- Do not fail on permission denied in getsebool

Tue Feb 27 13:00:00 2007 Dan Walsh - 2.0.5-1
- Upgrade to upstream

* Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.

Wed Feb 21 13:00:00 2007 Dan Walsh - 2.0.4-1
- Upgrade to upstream

* Removed sending of setrans init message.

* Merged matchpathcon memory leak fix from Steve Grubb.

Tue Feb 20 13:00:00 2007 Dan Walsh - 2.0.2-1
- Upgrade to upstream

* Merged more swig initializers from Dan Walsh.

Sun Feb 18 13:00:00 2007 Dan Walsh - 2.0.1-1
- Upgrade to upstream

* Merged patch from Todd Miller to convert int types over to C99 style.

Wed Feb 7 13:00:00 2007 Dan Walsh - 2.0.0-1
- Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
of the use of the non-standard format (original patch changed
for style).
- Merged patch from Todd Miller to fix memory leak in matchpathcon.c.

Fri Jan 19 13:00:00 2007 Dan Walsh - 1.34.0-2
- Add context function to python to split context into 4 parts

Fri Jan 19 13:00:00 2007 Dan Walsh - 1.34.0-1
- Upgrade to upstream

* Updated version for stable branch.

Wed Jan 17 13:00:00 2007 Dan Walsh - 1.33.6-1
- Upgrade to upstream

* Merged man page updates to make \"apropos selinux\" work from Dan Walsh.

Wed Jan 17 13:00:00 2007 Dan Walsh - 1.33.5-1
- Upgrade to upstream

* Merged getdefaultcon utility from Dan Walsh.

Mon Jan 15 13:00:00 2007 Dan Walsh - 1.33.4-3
- Add Ulrich NSCD__GETSERV and NSCD__SHMEMGRP for Uli

Fri Jan 12 13:00:00 2007 Dan Walsh - 1.33.4-2
- Add reference to selinux man page in all man pages to make apropos work
Resolves: # 217881

Thu Jan 11 13:00:00 2007 Dan Walsh - 1.33.4-1
- Upstream wanted some minor changes, upgrading to keep api the same
- Upgrade to upstream

* Merged selinux_check_securetty_context() and support from Dan Walsh.
Resolves: #200110

Fri Jan 5 13:00:00 2007 Dan Walsh - 1.33.3-3
- Cleanup patch

Fri Jan 5 13:00:00 2007 Dan Walsh - 1.33.3-2
- Add securetty handling
Resolves: #200110

Thu Jan 4 13:00:00 2007 Dan Walsh - 1.33.3-1
- Upgrade to upstream

* Merged patch for matchpathcon utility to use file mode information
when available from Dan Walsh.

Thu Dec 7 13:00:00 2006 Jeremy Katz - 1.33.2-4
- rebuild against python 2.5

Wed Dec 6 13:00:00 2006 Dan Walsh - 1.33.2-3
- Fix matchpathcon to lstat files

Thu Nov 30 13:00:00 2006 Dan Walsh - 1.33.2-2
- Update man page

Tue Nov 14 13:00:00 2006 Dan Walsh - 1.33.2-1
- Upgrade to upstream

Fri Nov 3 13:00:00 2006 Dan Walsh - 1.33.1-2
- Add James Antill patch for login verification of MLS Levels
- MLS ragnes need to be checked, Eg. login/cron. This patch adds infrastructure.

Tue Oct 24 14:00:00 2006 Dan Walsh - 1.33.1-1
- Upgrade to latest from NSA

* Merged updated flask definitions from Darrel Goeddel.
This adds the context security class, and also adds
the string definitions for setsockcreate and polmatch.

Tue Oct 17 14:00:00 2006 Dan Walsh - 1.32-1
- Upgrade to latest from NSA

* Updated version for release.

Sun Oct 1 14:00:00 2006 Jesse Keating - 1.30.29-2
- rebuilt for unwind info generation, broken in gcc-4.1.1-21

Fri Sep 29 14:00:00 2006 Dan Walsh - 1.30.29-1
- Upgrade to latest from NSA

* Merged av_permissions.h update from Steve Grubb,
adding setsockcreate and polmatch definitions.

Wed Sep 27 14:00:00 2006 Jeremy Katz - 1.30.28-3
- really make -devel depend on libsepol-devel

Wed Sep 27 14:00:00 2006 Dan Walsh - 1.30.28-2
- Add sgrubb patch for polmatch

Wed Sep 13 14:00:00 2006 Dan Walsh - 1.30.28-1
- Upgrade to latest from NSA

* Merged patch from Steve Smalley to fix SIGPIPE in setrans_client

Tue Sep 5 14:00:00 2006 Jeremy Katz - 1.30.27-2
- have -devel require libsepol-devel

Thu Aug 24 14:00:00 2006 Dan Walsh - 1.30.27-1
- Upgrade to latest from NSA

* Merged patch to not log avc stats upon a reset from Steve Grubb.

* Applied patch to revert compat_net setting upon policy load.

* Merged file context homedir and local path functions from
Chris PeBenito.

Fri Aug 18 14:00:00 2006 Jesse Keating - 1.20.26-2
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc
*
(#203001)

Sat Aug 12 14:00:00 2006 Dan Walsh - 1.30.25-1
- Upgrade to latest from NSA

* Merged file context homedir and local path functions from
Chris PeBenito.

* Rework functions that access /proc/pid/attr to access the
per-thread nodes, and unify the code to simplify maintenance.

Fri Aug 11 14:00:00 2006 Dan Walsh - 1.30.24-1
- Upgrade to latest from NSA

* Merged return value fix for
*getfilecon() from Dan Walsh.

* Merged sockcreate interfaces from Eric Paris.

Wed Aug 9 14:00:00 2006 Dan Walsh - 1.30.22-2
- Fix translation return codes to return size of buffer

Tue Aug 1 14:00:00 2006 Dan Walsh - 1.30.22-1
- Upgrade to latest from NSA

* Merged no-tls-direct-seg-refs patch from Jeremy Katz.

* Merged netfilter_contexts support patch from Chris PeBenito.

Tue Aug 1 14:00:00 2006 Dan Walsh - 1.30.20-1
- Upgrade to latest from NSA

* Merged context_
*_set errno patch from Jim Meyering.

Tue Aug 1 14:00:00 2006 Jeremy Katz - 1.30.19-5
- only build non-fpic objects with -mno-tls-direct-seg-refs

Tue Aug 1 14:00:00 2006 Jeremy Katz - 1.30.19-4
- build with -mno-tls-direct-seg-refs on x86 to avoid triggering
segfaults with xen (#200783)

Mon Jul 17 14:00:00 2006 Dan Walsh 1.30.19-3
- Rebuild for new gcc

Tue Jul 11 14:00:00 2006 Dan Walsh 1.30.19-2
- Fix libselinux to not telinit during installs

Tue Jul 4 14:00:00 2006 Dan Walsh 1.30.19-1
- Upgrade to latest from NSA

* Lindent.

* Merged {get,set}procattrcon patch set from Eric Paris.

* Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.

* Regenerated Flask headers from refpolicy.

* Merged patch from Dan Walsh with:
- Added selinux_file_context_{cmp,verify}.
- Added selinux_lsetfilecon_default.
- Delay translation of contexts in matchpathcon.

Wed Jun 21 14:00:00 2006 Dan Walsh 1.30.15-5
- Yet another change to matchpathcon

Wed Jun 21 14:00:00 2006 Dan Walsh 1.30.15-4
- Turn off error printing in library. Need to compile with DEBUG to get it back

Wed Jun 21 14:00:00 2006 Dan Walsh 1.30.15-3
- Fix error reporting of matchpathcon

Mon Jun 19 14:00:00 2006 Dan Walsh 1.30.15-2
- Add function to compare file context on disk versus contexts in file_contexts file.

Fri Jun 16 14:00:00 2006 Dan Walsh 1.30.15-1
- Upgrade to latest from NSA

* Merged patch from Dan Walsh with:

* Added selinux_getpolicytype() function.

* Modified setrans code to skip processing if !mls_enabled.

* Set errno in the !selinux_mnt case.

* Allocate large buffers from the heap, not on stack.
Affects is_context_customizable, selinux_init_load_policy,
and selinux_getenforcemode.

Thu Jun 8 14:00:00 2006 Dan Walsh 1.30.12-2
- Add selinux_getpolicytype()

Thu Jun 1 14:00:00 2006 Dan Walsh 1.30.12-1
- Upgrade to latest from NSA

* Merged !selinux_mnt checks from Ian Kent.

Thu Jun 1 14:00:00 2006 Dan Walsh 1.30.11-2
- Check for selinux_mnt == NULL

Tue May 30 14:00:00 2006 Dan Walsh 1.30.11-1
- Merged matchmediacon and trans_to_raw_context fixes from
Serge Hallyn.

Fri May 26 14:00:00 2006 Dan Walsh 1.30.10-4
- Remove getseuser

Thu May 25 14:00:00 2006 Dan Walsh 1.30.10-3
- Bump requires to grab latest libsepol

Tue May 23 14:00:00 2006 Dan Walsh 1.30.10-2
- Add BuildRequires for swig

Tue May 23 14:00:00 2006 Dan Walsh 1.30.10-1
- Upgrade to latest from NSA

* Merged simple setrans client cache from Dan Walsh.
Merged avcstat patch from Russell Coker.

* Modified selinux_mkload_policy() to also set /selinux/compat_net
appropriately for the loaded policy.

Thu May 18 14:00:00 2006 Dan Walsh 1.30.8-1
- More fixes for translation cache
- Upgrade to latest from NSA

* Added matchpathcon_fini() function to free memory allocated by
matchpathcon_init().

Wed May 17 14:00:00 2006 Dan Walsh 1.30.7-2
- Add simple cache to improve translation speed

Tue May 16 14:00:00 2006 Dan Walsh 1.30.7-1
- Upgrade to latest from NSA

* Merged setrans client cleanup patch from Steve Grubb.

Tue May 9 14:00:00 2006 Dan Walsh 1.30.6-2
- Add Russell\'s AVC patch to handle large numbers

Mon May 8 14:00:00 2006 Dan Walsh 1.30.6-1
- Upgrade to latest from NSA

* Merged getfscreatecon man page fix from Dan Walsh.

* Updated booleans(8) man page to drop references to the old
booleans file and to note that setsebool can be used to set
the boot-time defaults via -P.

Mon May 8 14:00:00 2006 Dan Walsh 1.30.5-1
- Upgrade to latest from NSA

* Merged fix warnings patch from Karl MacMillan.

* Merged setrans client support from Dan Walsh.
This removes use of libsetrans.

* Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.

* Merged swig typemap fixes from Glauber de Oliveira Costa.

Wed May 3 14:00:00 2006 Dan Walsh 1.30.3-3
- Change the way translations work, Use setransd/remove libsetrans

Tue May 2 14:00:00 2006 Dan Walsh 1.30.3-2
- Add selinuxswig fixes
- Stop using PAGE_SIZE and start using sysconf(_SC_PAGE_SIZE)

Fri Apr 14 14:00:00 2006 Dan Walsh 1.30.3-1
- Upgrade to latest from NSA

* Added distclean target to Makefile.

* Regenerated swig files.

* Changed matchpathcon_init to verify that the spec file is
a regular file.

* Merged python binding t_output_helper removal patch from Dan Walsh.

Tue Apr 11 14:00:00 2006 Dan Walsh 1.30.1-2
- Fix python bindings for matchpathcon
- Fix booleans man page

Mon Mar 27 14:00:00 2006 Dan Walsh 1.30.1-1
- Merged Makefile PYLIBVER definition patch from Dan Walsh.

Fri Mar 10 13:00:00 2006 Dan Walsh 1.30-1
- Make some fixes so it will build on RHEL4
- Upgrade to latest from NSA

* Updated version for release.

* Altered rpm_execcon fallback logic for permissive mode to also
handle case where /selinux/enforce is not available.

Fri Feb 10 13:00:00 2006 Jesse Keating - 1.29.7-1.2
- bump again for double-long bug on ppc(64)

Tue Feb 7 13:00:00 2006 Jesse Keating - 1.29.7-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes

Fri Jan 20 13:00:00 2006 Dan Walsh 1.29.7-1
- Upgrade to latest from NSA

* Merged install-pywrap Makefile patch from Joshua Brindle.

Wed Jan 18 13:00:00 2006 Dan Walsh 1.29.6-1
- Upgrade to latest from NSA

* Merged pywrap Makefile patch from Dan Walsh.

Fri Jan 13 13:00:00 2006 Dan Walsh 1.29.5-2
- Split out pywrap in Makefile

Fri Jan 13 13:00:00 2006 Dan Walsh 1.29.5-1
- Upgrade to latest from NSA

* Added getseuser test program.

Fri Jan 6 13:00:00 2006 Dan Walsh 1.29.4-1
- Upgrade to latest from NSA

* Added format attribute to myprintf in matchpathcon.c and
removed obsoleted rootlen variable in init_selinux_config().

Wed Jan 4 13:00:00 2006 Dan Walsh 1.29.3-2
- Build with new libsepol

Wed Jan 4 13:00:00 2006 Dan Walsh 1.29.3-1
- Upgrade to latest from NSA

* Merged several fixes and improvements from Ulrich Drepper
(Red Hat), including:
- corrected use of getline
- further calls to __fsetlocking for local files
- use of strdupa and asprintf
- proper handling of dirent in booleans code
- use of -z relro
- several other optimizations

* Merged getpidcon python wrapper from Dan Walsh (Red Hat).

Sat Dec 24 13:00:00 2005 Dan Walsh 1.29.2-4
- Add build requires line for libsepol-devel

Tue Dec 20 13:00:00 2005 Dan Walsh 1.29.2-3
- Fix swig call for getpidcon

Mon Dec 19 13:00:00 2005 Dan Walsh 1.29.2-2
- Move libselinux.so to base package

Wed Dec 14 13:00:00 2005 Dan Walsh 1.29.2-1
- Upgrade to latest from NSA

* Merged call to finish_context_translations from Dan Walsh.
This eliminates a memory leak from failing to release memory
allocated by libsetrans.

Sun Dec 11 13:00:00 2005 Dan Walsh 1.29.1-3
- update to latest libsetrans
- Fix potential memory leak

Fri Dec 9 13:00:00 2005 Jesse Keating
- rebuilt

Thu Dec 8 13:00:00 2005 Dan Walsh 1.29.1-1
- Update to never version

* Merged patch for swig interfaces from Dan Walsh.

Wed Dec 7 13:00:00 2005 Dan Walsh 1.28-1
- Update to never version

Wed Dec 7 13:00:00 2005 Dan Walsh 1.27.28-2
- Fix some of the python swig objects

Thu Dec 1 13:00:00 2005 Dan Walsh 1.27.28-1
- Update to latest from NSA

* Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
modified matchpathcon implementation to make context validation/
canonicalization optional at matchpathcon_init time, deferring it
to a successful matchpathcon by default unless the new flag is set
by the caller.

* Added matchpathcon_init_prefix() interface, and
reworked matchpathcon implementation to support selective
loading of file contexts entries based on prefix matching
between the pathname regex stems and the specified path
prefix (stem must be a prefix of the specified path prefix).

Wed Nov 30 13:00:00 2005 Dan Walsh 1.27.26-1
- Update to latest from NSA

* Change getsebool to return on/off instead of active/inactive

Tue Nov 29 13:00:00 2005 Dan Walsh 1.27.25-1
- Update to latest from NSA

* Added -f file_contexts option to matchpathcon util.
Fixed warning message in matchpathcon_init().

* Merged Makefile python definitions patch from Dan Walsh.

Mon Nov 28 13:00:00 2005 Dan Walsh 1.27.23-1
- Update to latest from NSA

* Merged swigify patch from Dan Walsh.

Mon Nov 28 13:00:00 2005 Dan Walsh 1.27.22-4
- Separate out libselinux-python bindings into separate rpm

Thu Nov 17 13:00:00 2005 Dan Walsh 1.27.22-3
- Read libsetrans requirement

Thu Nov 17 13:00:00 2005 Dan Walsh 1.27.22-2
- Add python bindings

Wed Nov 16 13:00:00 2005 Dan Walsh 1.27.22-1
- Update to latest from NSA

* Merged make failure in rpm_execcon non-fatal in permissive mode
patch from Ivan Gyurdiev.

Tue Nov 15 13:00:00 2005 Dan Walsh 1.27.21-2
- Remove requirement for libsetrans

Tue Nov 8 13:00:00 2005 Dan Walsh 1.27.21-1
- Update to latest from NSA

* Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
and modified matchpathcon_init() to skip context translation
if it is set by the caller.

Tue Nov 8 13:00:00 2005 Dan Walsh 1.27.20-1
- Update to latest from NSA

* Added security_canonicalize_context() interface and
set_matchpathcon_canoncon() interface for obtaining
canonical contexts. Changed matchpathcon internals
to obtain canonical contexts by default. Provided
fallback for kernels that lack extended selinuxfs context
interface.
- Patch to not translate mls when calling setfiles

Mon Nov 7 13:00:00 2005 Dan Walsh 1.27.19-1
- Update to latest from NSA

* Merged seusers parser changes from Ivan Gyurdiev.

* Merged setsebool to libsemanage patch from Ivan Gyurdiev.

* Changed seusers parser to reject empty fields.

Fri Nov 4 13:00:00 2005 Dan Walsh 1.27.18-1
- Update to latest from NSA

* Merged seusers empty level handling patch from Jonathan Kim (TCS).

Thu Nov 3 13:00:00 2005 Dan Walsh 1.27.17-4
- Rebuild for latest libsepol

Mon Oct 31 13:00:00 2005 Dan Walsh 1.27.17-2
- Rebuild for latest libsepol

Wed Oct 26 14:00:00 2005 Dan Walsh 1.27.17-1
- Change default to __default__

Wed Oct 26 14:00:00 2005 Dan Walsh 1.27.14-3
- Change default to __default__

Tue Oct 25 14:00:00 2005 Dan Walsh 1.27.14-2
- Add selinux_translations_path

Tue Oct 25 14:00:00 2005 Dan Walsh 1.27.14-1
- Update to latest from NSA

* Merged selinux_path() and selinux_homedir_context_path()
functions from Joshua Brindle.

Fri Oct 21 14:00:00 2005 Dan Walsh 1.27.13-2
- Need to check for /sbin/telinit

Thu Oct 20 14:00:00 2005 Dan Walsh 1.27.13-1
- Update to latest from NSA

* Merged fixes for make DESTDIR= builds from Joshua Brindle.

Mon Oct 17 14:00:00 2005 Dan Walsh 1.27.12-1
- Update to latest from NSA

* Merged get_default_context_with_rolelevel and man pages from
Dan Walsh (Red Hat).

* Updated call to sepol_policydb_to_image for sepol changes.

* Changed getseuserbyname to ignore empty lines and to handle
no matching entry in the same manner as no seusers file.

Fri Oct 14 14:00:00 2005 Dan Walsh 1.27.9-2
- Tell init to reexec itself in post script

Fri Oct 7 14:00:00 2005 Dan Walsh 1.27.9-1
- Update to latest from NSA

* Changed selinux_mkload_policy to try downgrading the
latest policy version available to the kernel-supported version.

* Changed selinux_mkload_policy to fall back to the maximum
policy version supported by libsepol if the kernel policy version
falls outside of the supported range.

Fri Oct 7 14:00:00 2005 Dan Walsh 1.27.7-1
- Update to latest from NSA

* Changed getseuserbyname to fall back to the Linux username and
NULL level if seusers config file doesn\'t exist unless
REQUIRESEUSERS=1 is set in /etc/selinux/config.

* Moved seusers.conf under $SELINUXTYPE and renamed to seusers.

Thu Oct 6 14:00:00 2005 Dan Walsh 1.27.6-1
- Update to latest from NSA

* Added selinux_init_load_policy() function as an even higher level
interface for the initial policy load by /sbin/init. This obsoletes
the load_policy() function in the sysvinit-selinux.patch.

* Added selinux_mkload_policy() function as a higher level interface
for loading policy than the security_load_policy() interface.

Thu Oct 6 14:00:00 2005 Dan Walsh 1.27.4-1
- Update to latest from NSA

* Merged fix for matchpathcon (regcomp error checking) from Johan
Fischer. Also added use of regerror to obtain the error string
for inclusion in the error message.

Tue Oct 4 14:00:00 2005 Dan Walsh 1.27.3-1
- Update to latest from NSA

* Changed getseuserbyname to not require (and ignore if present)
the MLS level in seusers.conf if MLS is disabled, setting
*level
to NULL in this case.

Mon Oct 3 14:00:00 2005 Dan Walsh 1.27.2-1
- Update to latest from NSA

* Merged getseuserbyname patch from Dan Walsh.

Thu Sep 29 14:00:00 2005 Dan Walsh 1.27.1-3
- Fix patch to satisfy upstream

Wed Sep 28 14:00:00 2005 Dan Walsh 1.27.1-2
- Update to latest from NSA
- Add getseuserbyname

Fri Sep 16 14:00:00 2005 Dan Walsh 1.26-6
- Fix patch call

Tue Sep 13 14:00:00 2005 Dan Walsh 1.26-5
- Fix strip_con call

Tue Sep 13 14:00:00 2005 Dan Walsh 1.26-3
- Go back to original libsetrans code

Mon Sep 12 14:00:00 2005 Dan Walsh 1.26-2
- Eliminate forth param from mls context when mls is not enabled.

Tue Sep 6 14:00:00 2005 Dan Walsh 1.25.7-1
- Update from NSA

* Merged modified form of patch to avoid dlopen/dlclose by
the static libselinux from Dan Walsh. Users of the static libselinux
will not have any context translation by default.

Thu Sep 1 14:00:00 2005 Dan Walsh 1.25.6-1
- Update from NSA

* Added public functions to export context translation to
users of libselinux (selinux_trans_to_raw_context,
selinux_raw_to_trans_context).

Mon Aug 29 14:00:00 2005 Dan Walsh 1.25.5-1
- Update from NSA

* Remove special definition for context_range_set; use
common code.

Thu Aug 25 14:00:00 2005 Dan Walsh 1.25.4-1
- Update from NSA

* Hid translation-related symbols entirely and ensured that
raw functions have hidden definitions for internal use.

* Allowed setting NULL via context_set
* functions.

* Allowed whitespace in MLS component of context.

* Changed rpm_execcon to use translated functions to workaround
lack of MLS level on upgraded systems.

Wed Aug 24 14:00:00 2005 Dan Walsh 1.25.3-2
- Allow set_comp on unset ranges

Wed Aug 24 14:00:00 2005 Dan Walsh 1.25.3-1
- Merged context translation patch, originally by TCS,
with modifications by Dan Walsh (Red Hat).

Wed Aug 17 14:00:00 2005 Dan Walsh 1.25.2-2
- Apply translation patch

Thu Aug 11 14:00:00 2005 Dan Walsh 1.25.2-1
- Update from NSA

* Merged several fixes for error handling paths in the
AVC sidtab, matchpathcon, booleans, context, and get_context_list
code from Serge Hallyn (IBM). Bugs found by Coverity.

* Removed setupns; migrated to pam.

* Merged patches to rename checkPasswdAccess() from Joshua Brindle.
Original symbol is temporarily retained for compatibility until
all callers are updated.

Mon Jul 18 14:00:00 2005 Dan Walsh 1.24.2-1
- Update makefiles

Wed Jun 29 14:00:00 2005 Dan Walsh 1.24.1-1
- Update from NSA

* Merged security_setupns() from Chad Sellers.
- fix selinuxenabled man page

Fri May 20 14:00:00 2005 Dan Walsh 1.23.11-1
- Update from NSA

* Merged avcstat and selinux man page from Dan Walsh.

* Changed security_load_booleans to process booleans.local
even if booleans file doesn\'t exist.

Fri Apr 29 14:00:00 2005 Dan Walsh 1.23.10-3
- Fix avcstat to clear totals

Fri Apr 29 14:00:00 2005 Dan Walsh 1.23.10-2
- Add info to man page

Fri Apr 29 14:00:00 2005 Dan Walsh 1.23.10-1
- Update from NSA

* Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).

* Rewrote get_ordered_context_list and helpers, including
changing logic to allow variable MLS fields.

Tue Apr 26 14:00:00 2005 Dan Walsh 1.23.8-1
- Update from NSA

Thu Apr 21 14:00:00 2005 Dan Walsh 1.23.7-3
- Add backin matchpathcon

Wed Apr 13 14:00:00 2005 Dan Walsh 1.23.7-2
- Fix selinux_policy_root man page

Wed Apr 13 14:00:00 2005 Dan Walsh 1.23.7-1
- Change assert(selinux_mnt) to if (!selinux_mnt) return -1;

Mon Apr 11 14:00:00 2005 Dan Walsh 1.23.6-1
- Update from NSA

* Fixed bug in matchpathcon_filespec_destroy.

Wed Apr 6 14:00:00 2005 Dan Walsh 1.23.5-1
- Update from NSA

* Fixed bug in rpm_execcon error handling path.

Mon Apr 4 14:00:00 2005 Dan Walsh 1.23.4-1
- Update from NSA

* Merged fix for set_matchpathcon
* functions from Andreas Steinmetz.

* Merged fix for getconlist utility from Andreas Steinmetz.

Tue Mar 29 14:00:00 2005 Dan Walsh 1.23.2-3
- Update from NSA

Wed Mar 23 13:00:00 2005 Dan Walsh 1.23.2-2
- Better handling of booleans

Thu Mar 17 13:00:00 2005 Dan Walsh 1.23.2-1
- Update from NSA

* Merged destructors patch from Tomas Mraz.

Thu Mar 17 13:00:00 2005 Dan Walsh 1.23.1-1
- Update from NSA

* Added set_matchpathcon_flags() function for setting flags
controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
means only process the base file_contexts file, not
file_contexts.homedirs or file_contexts.local, and is for use by
setfiles -c.

* Updated matchpathcon.3 man page.

Thu Mar 10 13:00:00 2005 Dan Walsh 1.22-1
- Update from NSA

Tue Mar 8 13:00:00 2005 Dan Walsh 1.21.13-1
- Update from NSA

* Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.

Tue Mar 1 13:00:00 2005 Dan Walsh 1.21.12-1
- Update from NSA

* Changed matchpathcon_common to ignore any non-format bits in the mode.

Mon Feb 28 13:00:00 2005 Dan Walsh 1.21.11-2
- Default matchpathcon to regular files if the user specifies a mode

Tue Feb 22 13:00:00 2005 Dan Walsh 1.21.11-1
- Update from NSA

* Merged several fixes from Ulrich Drepper.

Mon Feb 21 13:00:00 2005 Dan Walsh 1.21.10-3
- Fix matchpathcon on eof.

Thu Feb 17 13:00:00 2005 Dan Walsh 1.21.10-1
- Update from NSA

* Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.

* Added selinux_users_path() for path to directory containing
system.users and local.users.

Thu Feb 10 13:00:00 2005 Dan Walsh 1.21.9-2
- Process file_context.homedir

Thu Feb 10 13:00:00 2005 Dan Walsh 1.21.9-1
- Update from NSA

* Changed relabel Makefile target to use restorecon.

Tue Feb 8 13:00:00 2005 Dan Walsh 1.21.8-1
- Update from NSA

* Regenerated av_permissions.h.

Wed Feb 2 13:00:00 2005 Dan Walsh 1.21.7-1
- Update from NSA

* Modified avc_dump_av to explicitly check for any permissions that
cannot be mapped to string names and display them as a hex value.

* Regenerated av_permissions.h.

Mon Jan 31 13:00:00 2005 Dan Walsh 1.21.5-1
- Update from NSA

* Generalized matchpathcon internals, exported more interfaces,
and moved additional code from setfiles into libselinux so that
setfiles can directly use matchpathcon.

Fri Jan 28 13:00:00 2005 Dan Walsh 1.21.4-1
- Update from NSA

* Prevent overflow of spec array in matchpathcon.

* Fixed several uses of internal functions to avoid relocations.

* Changed rpm_execcon to check is_selinux_enabled() and fallback to
a regular execve if not enabled (or unable to determine due to a lack
of /proc, e.g. chroot\'d environment).

Wed Jan 26 13:00:00 2005 Dan Walsh 1.21.2-1
- Update from NSA

* Merged minor fix for avcstat from Dan Walsh.

Mon Jan 24 13:00:00 2005 Dan Walsh 1.21.1-3
- rpmexeccon should not fail in permissive mode.

Fri Jan 21 13:00:00 2005 Dan Walsh 1.21.1-2
- fix printf in avcstat

Thu Jan 20 13:00:00 2005 Dan Walsh 1.21.1-1
- Update from NSA

Wed Jan 12 13:00:00 2005 Dan Walsh 1.20.1-3
- Modify matchpathcon to also process file_contexts.local if it exists

Wed Jan 12 13:00:00 2005 Dan Walsh 1.20.1-2
- Add is_customizable_types function call

Fri Jan 7 13:00:00 2005 Dan Walsh 1.20.1-1
- Update to latest from upstream

* Just changing version number to match upstream

Wed Dec 29 13:00:00 2004 Dan Walsh 1.19.4-1
- Update to latest from upstream

* Changed matchpathcon to return -1 with errno ENOENT for
<> entries, and also for an empty file_contexts configuration.

Tue Dec 28 13:00:00 2004 Dan Walsh 1.19.3-3
- Fix link devel libraries

Mon Dec 27 13:00:00 2004 Dan Walsh 1.19.3-2
- Fix unitialized variable in avcstat.c

Tue Nov 30 13:00:00 2004 Dan Walsh 1.19.3-1
- Upgrade to upstream

* Removed some trivial utils that were not useful or redundant.

* Changed BINDIR default to /usr/sbin to match change in Fedora.

* Added security_compute_member.

* Added man page for setcon.

Tue Nov 30 13:00:00 2004 Dan Walsh 1.19.2-1
- Upgrade to upstream

Thu Nov 18 13:00:00 2004 Dan Walsh 1.19.1-6
- Add avcstat program

Mon Nov 15 13:00:00 2004 Dan Walsh 1.19.1-4
- Add lots of missing man pages

Fri Nov 12 13:00:00 2004 Dan Walsh 1.19.1-2
- Fix output of getsebool.

Tue Nov 9 13:00:00 2004 Dan Walsh 1.19.1-1
- Update from upstream, fix setsebool -P segfault

Fri Nov 5 13:00:00 2004 Steve Grubb 1.18.1-5
- Add a patch from upstream. Fixes signed/unsigned issues, and
incomplete structure copy.

Thu Nov 4 13:00:00 2004 Dan Walsh 1.18.1-4
- More fixes from sgrubb, better syslog

Thu Nov 4 13:00:00 2004 Dan Walsh 1.18.1-3
- Have setsebool and togglesebool log changes to syslog

Wed Nov 3 13:00:00 2004 Steve Grubb 1.18.1-2
- Add patch to make setsebool update bool on disk
- Make togglesebool have a rollback capability in case it blows up inflight

Tue Nov 2 13:00:00 2004 Dan Walsh 1.18.1-1
- Upgrade to latest from NSA

Thu Oct 28 14:00:00 2004 Steve Grubb 1.17.15-2
- Changed the location of the utilities to /usr/sbin since
normal users can\'t use them anyways.

Wed Oct 27 14:00:00 2004 Steve Grubb 1.17.15-2
- Updated various utilities, removed utilities that are for testing,
added man pages.

Fri Oct 15 14:00:00 2004 Dan Walsh 1.17.15-1
- Add -g flag to make
- Upgrade to latest from NSA

* Added rpm_execcon.

Fri Oct 1 14:00:00 2004 Dan Walsh 1.17.14-1
- Upgrade to latest from NSA

* Merged setenforce and removable context patch from Dan Walsh.

* Merged build fix for alpha from Ulrich Drepper.

* Removed copyright/license from selinux_netlink.h - definitions only.

Fri Oct 1 14:00:00 2004 Dan Walsh 1.17.13-3
- Change setenforce to accept Enforcing and Permissive

Wed Sep 22 14:00:00 2004 Dan Walsh 1.17.13-2
- Add alpha patch

Mon Sep 20 14:00:00 2004 Dan Walsh 1.17.13-1
- Upgrade to latest from NSA

Thu Sep 16 14:00:00 2004 Dan Walsh 1.17.12-2
- Add selinux_removable_context_path

Tue Sep 14 14:00:00 2004 Dan Walsh 1.17.12-1
- Update from NSA

* Add matchmediacon

Tue Sep 14 14:00:00 2004 Dan Walsh 1.17.11-1
- Update from NSA

* Merged in matchmediacon changes.

Fri Sep 10 14:00:00 2004 Dan Walsh 1.17.10-1
- Update from NSA

* Regenerated headers for new nscd permissions.

Wed Sep 8 14:00:00 2004 Dan Walsh 1.17.9-2
- Add matchmediacon

Wed Sep 8 14:00:00 2004 Dan Walsh 1.17.9-1
- Update from NSA

* Added get_default_context_with_role.

Thu Sep 2 14:00:00 2004 Dan Walsh 1.17.8-2
- Clean up spec file

* Patch from Matthias Saou

Thu Sep 2 14:00:00 2004 Dan Walsh 1.17.8-1
- Update from NSA

* Added set_matchpathcon_printf.

Wed Sep 1 14:00:00 2004 Dan Walsh 1.17.7-1
- Update from NSA

* Reworked av_inherit.h to allow easier re-use by kernel.

Tue Aug 31 14:00:00 2004 Dan Walsh 1.17.6-1
- Add strcasecmp in selinux_config
- Update from NSA

* Changed avc_has_perm_noaudit to not fail on netlink errors.

* Changed avc netlink code to check pid based on patch by Steve Grubb.

* Merged second optimization patch from Ulrich Drepper.

* Changed matchpathcon to skip invalid file_contexts entries.

* Made string tables private to libselinux.

* Merged strcat->stpcpy patch from Ulrich Drepper.

* Merged matchpathcon man page from Dan Walsh.

* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.

* Autobind netlink socket.

* Dropped compatibility code from security_compute_user.

* Merged fix for context_range_set from Chad Hanson.

* Merged allocation failure checking patch from Chad Hanson.

* Merged avc netlink error message patch from Colin Walters.

Mon Aug 30 14:00:00 2004 Dan Walsh 1.17.5-1
- Update from NSA

* Merged second optimization patch from Ulrich Drepper.

* Changed matchpathcon to skip invalid file_contexts entries.

* Made string tables private to libselinux.

* Merged strcat->stpcpy patch from Ulrich Drepper.

* Merged matchpathcon man page from Dan Walsh.

* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.

* Autobind netlink socket.

* Dropped compatibility code from security_compute_user.

* Merged fix for context_range_set from Chad Hanson.

* Merged allocation failure checking patch from Chad Hanson.

* Merged avc netlink error message patch from Colin Walters.

Mon Aug 30 14:00:00 2004 Dan Walsh 1.17.4-1
- Update from NSA
- Add optflags

Fri Aug 27 14:00:00 2004 Dan Walsh 1.17.3-1
- Update from NSA

Thu Aug 26 14:00:00 2004 Dan Walsh 1.17.2-1
- Add matchpathcon man page
- Latest from NSA

* Merged patch to eliminate PLTs for local syms from Ulrich Drepper.

* Autobind netlink socket.

* Dropped compatibility code from security_compute_user.

* Merged fix for context_range_set from Chad Hanson.

* Merged allocation failure checking patch from Chad Hanson.

* Merged avc netlink error message patch from Colin Walters.

Tue Aug 24 14:00:00 2004 Dan Walsh 1.17.1-1
- Latest from NSA

* Autobind netlink socket.

* Dropped compatibility code from security_compute_user.

* Merged fix for context_range_set from Chad Hanson.

* Merged allocation failure checking patch from Chad Hanson.

* Merged avc netlink error message patch from Colin Walters.

Sun Aug 22 14:00:00 2004 Dan Walsh 1.16.1-1
- Latest from NSA

Thu Aug 19 14:00:00 2004 Colin Walters 1.16-1
- New upstream version

Tue Aug 17 14:00:00 2004 Dan Walsh 1.15.7-1
- Latest from Upstream

Mon Aug 16 14:00:00 2004 Dan Walsh 1.15.6-1
- Fix man pages

Mon Aug 16 14:00:00 2004 Dan Walsh 1.15.5-1
- Latest from Upstream

Fri Aug 13 14:00:00 2004 Dan Walsh 1.15.4-1
- Latest from Upstream

Thu Aug 12 14:00:00 2004 Dan Walsh 1.15.3-2
- Add man page for boolean functions and SELinux

Sun Aug 8 14:00:00 2004 Dan Walsh 1.15.3-1
- Latest from NSA

Mon Jul 19 14:00:00 2004 Dan Walsh 1.15.2-1
- Latest from NSA

Mon Jul 19 14:00:00 2004 Dan Walsh 1.15.1-3
- uppercase getenforce returns, to make them match system-config-securitylevel

Thu Jul 15 14:00:00 2004 Dan Walsh 1.15.1-2
- Remove old path patch

Thu Jul 8 14:00:00 2004 Dan Walsh 1.15.1-1
- Update to latest from NSA
- Add fix to only get old path if file_context file exists in old location

Wed Jun 30 14:00:00 2004 Dan Walsh 1.14.1-1
- Update to latest from NSA

Wed Jun 16 14:00:00 2004 Dan Walsh 1.13.4-1
- add nlclass patch
- Update to latest from NSA

Tue Jun 15 14:00:00 2004 Elliot Lee
- rebuilt

Sun Jun 13 14:00:00 2004 Dan Walsh 1.13.3-2
- Fix selinux_config to break once it finds SELINUXTYPE.

Fri May 28 14:00:00 2004 Dan Walsh 1.13.2-1
-Update with latest from NSA

Thu May 27 14:00:00 2004 Dan Walsh 1.13.1-1
- Change to use new policy mechanism

Mon May 17 14:00:00 2004 Dan Walsh 1.12-2
- add man patch

Fri May 14 14:00:00 2004 Dan Walsh 1.12-1
- Update with latest from NSA

Wed May 5 14:00:00 2004 Dan Walsh 1.11.4-1
- Update with latest from NSA

Thu Apr 22 14:00:00 2004 Dan Walsh 1.11.3-1
- Add changes for relaxed policy
- Update to match NSA

Thu Apr 15 14:00:00 2004 Dan Walsh 1.11.2-1
- Add relaxed policy changes

Thu Apr 15 14:00:00 2004 Dan Walsh 1.11-4
- Sync with NSA

Thu Apr 15 14:00:00 2004 Dan Walsh 1.11-3
- Remove requires glibc>2.3.4

Wed Apr 14 14:00:00 2004 Dan Walsh 1.11-2
- Fix selinuxenabled man page.

Wed Apr 7 14:00:00 2004 Dan Walsh 1.11-1
- Upgrade to 1.11

Wed Apr 7 14:00:00 2004 Dan Walsh 1.10-2
- Add memleaks patch

Wed Apr 7 14:00:00 2004 Dan Walsh 1.10-1
- Upgrade to latest from NSA and add more man pages

Thu Apr 1 14:00:00 2004 Dan Walsh 1.9-1
- Update to match NSA
- Cleanup some man pages

Tue Mar 30 14:00:00 2004 Dan Walsh 1.8-1
- Upgrade to latest from NSA

Thu Mar 25 13:00:00 2004 Dan Walsh 1.6-6
- Add Russell\'s Man pages

Thu Mar 25 13:00:00 2004 Dan Walsh 1.6-5
- Change getenforce to also check is_selinux_enabled

Thu Mar 25 13:00:00 2004 Dan Walsh 1.6-4
- Add ownership to /usr/include/selinux

Wed Mar 10 13:00:00 2004 Dan Walsh 1.6-3
- fix location of file_contexts file.

Wed Mar 10 13:00:00 2004 Dan Walsh 1.6-2
- Fix matchpathcon to use BUFSIZ

Tue Mar 2 13:00:00 2004 Elliot Lee
- rebuilt

Mon Feb 23 13:00:00 2004 Dan Walsh 1.4-11
- add matchpathcon

Fri Feb 13 13:00:00 2004 Elliot Lee
- rebuilt

Fri Jan 23 13:00:00 2004 Dan Walsh 1.4-9
- Add rootok patch

Wed Jan 14 13:00:00 2004 Dan Walsh 1.4-8
- Updated getpeernam patch

Tue Jan 13 13:00:00 2004 Dan Walsh 1.4-7
- Add getpeernam patch

Thu Dec 18 13:00:00 2003 Dan Walsh 1.4-6
- Add getpeercon patch

Thu Dec 18 13:00:00 2003 Dan Walsh 1.4-5
- Put mntpoint patch, because found fix for SysVinit

Wed Dec 17 13:00:00 2003 Dan Walsh 1.4-4
- Add remove mntpoint patch, because it breaks SysVinit

Wed Dec 17 13:00:00 2003 Dan Walsh 1.4-3
- Add mntpoint patch for SysVinit

Fri Dec 12 13:00:00 2003 Dan Walsh 1.4-2
- Add -r -u -t to getcon

Sat Dec 6 13:00:00 2003 Dan Walsh 1.4-1
- Upgrade to latest from NSA

Mon Oct 27 13:00:00 2003 Dan Walsh 1.3-2
- Fix x86_64 build

Wed Oct 22 14:00:00 2003 Dan Walsh 1.3-1
- Latest tarball from NSA.

Tue Oct 21 14:00:00 2003 Dan Walsh 1.2-9
- Update with latest changes from NSA

Mon Oct 20 14:00:00 2003 Dan Walsh 1.2-8
- Change location of .so file

Wed Oct 8 14:00:00 2003 Dan Walsh 1.2-7
- Break out into development library

Wed Oct 8 14:00:00 2003 Dan Walsh 1.2-6
- Move location of libselinux.so to /lib

Fri Oct 3 14:00:00 2003 Dan Walsh 1.2-5
- Add selinuxenabled patch

Wed Oct 1 14:00:00 2003 Dan Walsh 1.2-4
- Update with final NSA 1.2 sources.

Fri Sep 12 14:00:00 2003 Dan Walsh 1.2-3
- Update with latest from NSA.

Thu Aug 28 14:00:00 2003 Dan Walsh 1.2-2
- Fix to build on x86_64

Thu Aug 21 14:00:00 2003 Dan Walsh 1.2-1
- update for version 1.2

Tue May 27 14:00:00 2003 Dan Walsh 1.0-1
- Initial version


 
ICM