Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2160] tags
|
From: <mad...@us...> - 2007-01-08 20:45:20
|
Revision: 2160
http://svn.sourceforge.net/selinux/?rev=2160&view=rev
Author: madmethod
Date: 2007-01-08 12:45:13 -0800 (Mon, 08 Jan 2007)
Log Message:
-----------
tag for policycoreutils 1.33.10
Added Paths:
-----------
tags/policycoreutils_1_33_10/
tags/policycoreutils_1_33_10/policycoreutils/
tags/policycoreutils_1_33_10/policycoreutils/ChangeLog
tags/policycoreutils_1_33_10/policycoreutils/VERSION
tags/policycoreutils_1_33_10/policycoreutils/semanage/seobject.py
Removed Paths:
-------------
tags/policycoreutils_1_33_10/policycoreutils/ChangeLog
tags/policycoreutils_1_33_10/policycoreutils/VERSION
tags/policycoreutils_1_33_10/policycoreutils/semanage/seobject.py
Copied: tags/policycoreutils_1_33_10/policycoreutils (from rev 2153, trunk/policycoreutils)
Deleted: tags/policycoreutils_1_33_10/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2007-01-05 19:15:46 UTC (rev 2153)
+++ tags/policycoreutils_1_33_10/policycoreutils/ChangeLog 2007-01-08 20:45:13 UTC (rev 2160)
@@ -1,700 +0,0 @@
-1.33.9 2007-01-05
- * Merged patch to fix seobject role modification from Dan Walsh.
-
-1.33.8 2007-01-04
- * Merged patches from Dan Walsh to:
- - omit the optional name from audit2allow
- - use the installed python version in the Makefiles
- - re-open the tty with O_RDWR in newrole
-
-1.33.7 2007-01-03
- * Patch from Dan Walsh to correctly suppress warnings in load_policy.
-
-1.33.6 2006-11-29
- * Patch from Dan Walsh to add an pam_acct_msg call to run_init
- * Patch from Dan Walsh to fix error code returns in newrole
- * Patch from Dan Walsh to remove verbose flag from semanage man page
- * Patch from Dan Walsh to make audit2allow use refpolicy Makefile
- in /usr/share/selinux/<SELINUXTYPE>
-
-1.33.5 2006-11-27
- * Merged patch from Micheal C Thompson to clean up genhomedircon
- error handling.
-1.33.4 2006-11-21
- * Merged po file updates from Dan Walsh.
-
-1.33.3 2006-11-21
- * Merged setsebool patch from Karl MacMillan.
- This fixes a bug reported by Yuichi Nakamura with
- always setting booleans persistently on an unmanaged system.
-
-1.33.2 2006-11-20
- * Merged patch from Dan Walsh (via Karl MacMillan):
- * Added newrole audit message on login failure
- * Add /var/log/wtmp to restorecond.conf watch list
- * Fix genhomedircon, semanage, semodule_expand man pages.
-
-1.33.1 2006-11-13
- * Merged newrole patch set from Michael Thompson.
-
-1.32 2006-10-17
- * Updated version for release.
-
-1.30.31 2006-10-17
- * Merged audit2allow -l fix from Yuichi Nakamura.
- * Merged restorecon -i and -o - support from Karl MacMillan.
- * Merged semanage/seobject fix from Dan Walsh.
- * Merged fixfiles -R and verify changes from Dan Walsh.
-
-1.30.30 2006-09-29
- * Merged newrole auditing of failures due to user actions from
- Michael Thompson.
-
-1.30.29 2006-09-13
- * Man page corrections from Dan Walsh
- * Change all python invocations to /usr/bin/python -E
- * Add missing getopt flags to genhomedircon
-
-1.30.28 2006-09-01
- * Merged fix for restorecon // handling from Erich Schubert.
- * Merged translations update and fixfiles fix from Dan Walsh.
-
-1.30.27 2006-08-24
- * Merged fix for restorecon symlink handling from Erich Schubert.
-
-1.30.26 2006-08-11
- * Merged semanage local file contexts patch from Chris PeBenito.
-
-1.30.25 2006-08-03
- * Merged patch from Dan Walsh with:
- * audit2allow: process MAC_POLICY_LOAD events
- * newrole: run shell with - prefix to start a login shell
- * po: po file updates
- * restorecond: bail if SELinux not enabled
- * fixfiles: omit -q
- * genhomedircon: fix exit code if non-root
- * semodule_deps: install man page
-
-1.30.24 2006-08-03
- * Merged secon Makefile fix from Joshua Brindle.
-
-1.30.23 2006-08-03
- * Merged netfilter contexts support patch from Chris PeBenito.
-
-1.30.22 2006-07-28
- * Merged restorecond size_t fix from Joshua Brindle.
-
-1.30.21 2006-07-28
- * Merged secon keycreate patch from Michael LeMay.
-
-1.30.20 2006-07-26
- * Merged restorecond fixes from Dan Walsh.
- Merged updated po files from Dan Walsh.
-
-1.30.19 2006-07-26
- * Merged python gettext patch from Stephen Bennett.
-
-1.30.18 2006-07-25
- * Merged semodule_deps from Karl MacMillan.
-
-1.30.17 2006-06-29
- * Lindent.
-
-1.30.16 2006-06-26
- * Merged patch from Dan Walsh with:
- * -p option (progress) for setfiles and restorecon.
- * disable context translation for setfiles and restorecon.
- * on/off values for setsebool.
-
-1.30.15 2006-06-26
- * Merged setfiles and semodule_link fixes from Joshua Brindle.
-
-1.30.14 2006-06-16
- * Merged fix for setsebool error path from Serge Hallyn.
-
-1.30.13 2006-06-16
- * Merged patch from Dan Walsh with:
- * Updated po files.
- * Fixes for genhomedircon and seobject.
- * Audit message for mass relabel by setfiles.
-
-1.30.12 2006-06-02
- * Updated fixfiles script for new setfiles location in /sbin.
-
-1.30.11 2006-05-26
- * Merged more translations from Dan Walsh.
- * Merged patch to relocate setfiles to /sbin for early relabel
- when /usr might not be mounted from Dan Walsh.
- * Merged semanage/seobject patch to preserve fcontext ordering in list.
- * Merged secon patch from James Antill.
-
-1.30.10 2006-05-22
- * Merged patch with updates to audit2allow, secon, genhomedircon,
- and semanage from Dan Walsh.
-
-1.30.9 2006-05-08
- * Fixed audit2allow and po Makefiles for DESTDIR= builds.
- * Merged .po file patch from Dan Walsh.
- * Merged bug fix for genhomedircon.
-
-1.30.8 2006-05-08
- * Merged patch from Dan Walsh.
- This includes audit2allow changes for analysis plugins,
- internationalization support for several additional programs
- and added po files, some fixes for semanage, and several cleanups.
- It also adds a new secon utility.
-
-1.30.7 2006-05-05
- * Merged fix warnings patch from Karl MacMillan.
-
-1.30.6 2006-04-14
- * Merged semanage prefix support from Russell Coker.
-
-1.30.5 2006-04-11
- * Added a test to setfiles to check that the spec file is
- a regular file.
-
-1.30.4 2006-03-29
- * Merged audit2allow fixes for refpolicy from Dan Walsh.
- * Merged fixfiles patch from Dan Walsh.
- * Merged restorecond daemon from Dan Walsh.
-
-1.30.3 2006-03-29
- * Merged semanage non-MLS fixes from Chris PeBenito.
-
-1.30.2 2006-03-29
- * Merged semanage and semodule man page examples from Thomas Bleher.
-
-1.30.1 2006-03-20
- * Merged semanage labeling prefix patch from Ivan Gyurdiev.
-
-1.30 2006-03-14
- * Updated version for release.
-
-1.29.28 2006-03-13
- * Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
-
-1.29.27 2006-03-08
- * Merged audit2allow -R support, chcat fix, semanage MLS checks
- and semanage audit calls from Dan Walsh.
-
-1.29.26 2006-02-15
- * Merged semanage bug fix patch from Ivan Gyurdiev.
-
-1.29.25 2006-02-14
- * Merged improve bindings patch from Ivan Gyurdiev.
-
-1.29.24 2006-02-14
- * Merged semanage usage patch from Ivan Gyurdiev.
- * Merged use PyList patch from Ivan Gyurdiev.
-
-1.29.23 2006-02-13
- * Merged newrole -V/--version support from Glauber de Oliveira Costa.
-
-1.29.22 2006-02-13
- * Merged genhomedircon prefix patch from Dan Walsh.
-
-1.29.21 2006-02-13
- * Merged optionals in base patch from Joshua Brindle.
-
-1.29.20 2006-02-07
- * Merged seuser/user_extra support patch to semodule_package
- from Joshua Brindle.
-
-1.29.19 2006-02-06
- * Merged getopt type fix for semodule_link/expand and sestatus
- from Chris PeBenito.
-
-1.29.18 2006-02-02
- * Merged clone record on set_con patch from Ivan Gyurdiev.
-
-1.29.17 2006-01-30
- * Merged genhomedircon fix from Dan Walsh.
-
-1.29.16 2006-01-30
- * Merged seusers.system patch from Ivan Gyurdiev.
- * Merged improve port/fcontext API patch from Ivan Gyurdiev.
- * Merged genhomedircon patch from Dan Walsh.
-
-1.29.15 2006-01-27
- * Merged newrole audit patch from Steve Grubb.
-
-1.29.14 2006-01-27
- * Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
-
-1.29.13 2006-01-27
- * Merged semanage and semodule access check patches from Joshua Brindle.
-
-1.29.12 2006-01-26
- * Merged restorecon, chcat, and semanage patches from Dan Walsh.
-
-1.29.11 2006-01-25
- * Modified newrole and run_init to use the loginuid when
- supported to obtain the Linux user identity to re-authenticate,
- and to fall back to real uid. Dropped the use of the SELinux
- user identity, as Linux users are now mapped to SELinux users
- via seusers and the SELinux user identity space is separate.
-
-1.29.10 2006-01-20
- * Merged semanage bug fixes from Ivan Gyurdiev.
- * Merged semanage fixes from Russell Coker.
- * Merged chcat.8 and genhomedircon patches from Dan Walsh.
-
-1.29.9 2006-01-19
- * Merged chcat, semanage, and setsebool patches from Dan Walsh.
-
-1.29.8 2006-01-18
- * Merged semanage fixes from Ivan Gyurdiev.
- * Merged semanage fixes from Russell Coker.
- * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
-
-1.29.7 2006-01-13
- * Merged newrole cleanup patch from Steve Grubb.
- * Merged setfiles/restorecon performance patch from Russell Coker.
- * Merged genhomedircon and semanage patches from Dan Walsh.
-
-1.29.6 2006-01-12
- * Merged remove add_local/set_local patch from Ivan Gyurdiev.
-
-1.29.5 2006-01-05
- * Added filename to semodule error reporting.
-
-1.29.4 2006-01-05
- * Merged genhomedircon and semanage patch from Dan Walsh.
- * Changed semodule error reporting to include argv[0].
-
-1.29.3 2006-01-04
- * Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
- * Merged patch series from Ivan Gyurdiev.
- This includes patches to:
- - cleanup setsebool
- - update setsebool to apply active booleans through libsemanage
- - update semodule to use the new semanage_set_rebuild() interface
- - fix various bugs in semanage
- * Merged patch from Dan Walsh (Red Hat).
- This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
- and semanage.
-
-1.29.2 2005-12-14
- * Merged patch for chcat script from Dan Walsh.
-
-1.29.1 2005-12-08
- * Merged fix for audit2allow long option list from Dan Walsh.
- * Merged -r option for restorecon (alias for -R) from Dan Walsh.
- * Merged chcat script and man page from Dan Walsh.
-
-1.28 2005-12-07
- * Updated version for release.
-
-1.27.37 2005-12-07
- * Clarified the genhomedircon warning message.
-
-1.27.36 2005-12-05
- * Changed genhomedircon to warn on use of ROLE in homedir_template
- if using managed policy, as libsemanage does not yet support it.
-
-1.27.35 2005-12-02
- * Merged genhomedircon bug fix from Dan Walsh.
-
-1.27.34 2005-12-02
- * Revised semodule* man pages to refer to checkmodule and
- to include example sections.
-
-1.27.33 2005-12-01
- * Merged audit2allow --tefile and --fcfile support from Dan Walsh.
- * Merged genhomedircon fix from Dan Walsh.
- * Merged semodule* man pages from Dan Walsh, and edited them.
-
-1.27.32 2005-12-01
- * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
- retain validation/canonicalization of contexts during init.
-
-1.27.31 2005-11-29
- * Changed genhomedircon to always use user_r for the role in the
- managed case since user_get_defrole is broken.
-
-1.27.30 2005-11-29
- * Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
- * Fixed semodule -v option.
-
-1.27.29 2005-11-28
- * Merged audit2allow python script from Dan Walsh.
- (old script moved to audit2allow.perl, will be removed later).
- * Merged genhomedircon fixes from Dan Walsh.
- * Merged semodule quieting patch from Dan Walsh
- (inverts default, use -v to restore original behavior).
-
-1.27.28 2005-11-15
- * Merged genhomedircon rewrite from Dan Walsh.
-
-1.27.27 2005-11-09
- * Merged setsebool cleanup patch from Ivan Gyurdiev.
-
-1.27.26 2005-11-09
- * Added -B (--build) option to semodule to force a rebuild.
-
-1.27.25 2005-11-08
- * Reverted setsebool patch to call semanage_set_reload_bools().
- * Changed setsebool to disable policy reload and to call
- security_set_boolean_list to update the runtime booleans.
-
-1.27.24 2005-11-08
- * Changed setfiles -c to use new flag to set_matchpathcon_flags()
- to disable context translation by matchpathcon_init().
-
-1.27.23 2005-11-07
- * Changed setfiles for the context canonicalization support.
-
-1.27.22 2005-11-07
- * Changed setsebool to call semanage_is_managed() interface
- and fall back to security_set_boolean_list() if policy is
- not managed.
-
-1.27.21 2005-11-07
- * Merged setsebool memory leak fix from Ivan Gyurdiev.
- * Merged setsebool patch to call semanage_set_reload_bools()
- interface from Ivan Gyurdiev.
-
-1.27.20 2005-11-04
- * Merged setsebool patch from Ivan Gyurdiev.
- This moves setsebool from libselinux/utils to policycoreutils,
- and rewrites it to use libsemanage for permanent boolean changes.
-
-1.27.19 2005-10-25
- * Merged semodule support for reload, noreload, and store options
- from Joshua Brindle.
- * Merged semodule_package rewrite from Joshua Brindle.
-
-1.27.18 2005-10-20
- * Cleaned up usage and error messages and releasing of memory by
- semodule_* utilities.
-
-1.27.17 2005-10-20
- * Corrected error reporting by semodule.
-
-1.27.16 2005-10-19
- * Updated semodule_expand for change to sepol interface.
-
-1.27.15 2005-10-19
- * Merged fixes for make DESTDIR= builds from Joshua Brindle.
-
-1.27.14 2005-10-18
- * Updated semodule_package for sepol interface changes.
-
-1.27.13 2005-10-17
- * Updated semodule_expand/link for sepol interface changes.
-
-1.27.12 2005-10-14
- * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
-
-1.27.11 2005-10-13
- * Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
-
-1.27.10 2005-10-13
- * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
-
-1.27.9 2005-10-13
- * Merged fixfiles patch from Dan Walsh (Red Hat).
-
-1.27.8 2005-10-13
- * Updated semodule for removal of semanage_strerror.
-
-1.27.7 2005-10-11
- * Updated semodule_link and semodule_expand to use shared libsepol.
- Fixed audit2why to call policydb_init prior to policydb_read (still
- uses the static libsepol).
-
-1.27.6 2005-10-07
- * Updated for changes to libsepol.
- Changed semodule and semodule_package to use the shared libsepol.
- Disabled build of semodule_link and semodule_expand for now.
- Updated audit2why for relocated policydb internal headers,
- still needs to be converted to a shared lib interface.
-
-1.27.5 2005-10-06
- * Fixed warnings in load_policy.
-
-1.27.4 2005-10-06
- * Rewrote load_policy to use the new selinux_mkload_policy()
- interface provided by libselinux.
-
-1.27.3 2005-09-28
- * Merged patch to update semodule to the new libsemanage API
- and improve the user interface from Karl MacMillan (Tresys).
- * Modified semodule for the create/connect API split.
-
-1.27.2 2005-09-20
- * Merged run_init open_init_pty bug fix from Manoj Srivastava
- (unblock SIGCHLD). Bug reported by Erich Schubert.
-
-1.27.1 2005-09-20
- * Merged error shadowing bug fix for restorecon from Dan Walsh.
- * Merged setfiles usage/man page update for -r option from Dan Walsh.
- * Merged fixfiles -C patch to ignore :s0 addition on update
- to a MCS/MLS policy from Dan Walsh.
-
-1.26 2005-09-06
- * Updated version for release.
-
-1.25.9 2005-08-31
- * Changed setfiles -c to translate the context to raw format
- prior to calling libsepol.
-
-1.25.8 2005-08-31
- * Changed semodule to report errors even without -v,
- to detect extraneous arguments, and corrected usage message.
-
-1.25.7 2005-08-25
- * Merged patch for fixfiles -C from Dan Walsh.
-
-1.25.6 2005-08-22
- * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
- Bugs found by Coverity.
-
-1.25.5 2005-08-02
- * Merged patch to move module read/write code from libsemanage
- to libsepol from Jason Tang (Tresys).
-
-1.25.4 2005-07-27
- * Changed semodule* to link with libsemanage.
-
-1.25.3 2005-07-26
- * Merged restorecon patch from Ivan Gyurdiev.
-
-1.25.2 2005-07-11
- * Merged load_policy, newrole, and genhomedircon patches from Red Hat.
-
-1.25.1 2005-07-06
- * Merged loadable module support from Tresys Technology.
-
-1.24 2005-06-20
- * Updated version for release.
-
-1.23.11 2005-05-19
- * Merged fixfiles and newrole patch from Dan Walsh.
- * Merged audit2why man page from Dan Walsh.
-
-1.23.10 2005-05-16
- * Extended audit2why to incorporate booleans and local user
- settings when analyzing audit messages.
-
-1.23.9 2005-05-13
- * Updated audit2why for sepol_ prefixes on Flask types to
- avoid namespace collision with libselinux, and to
- include <selinux/selinux.h> now.
-
-1.23.8 2005-05-13
- * Added audit2why utility.
-
-1.23.7 2005-04-29
- * Merged patch for fixfiles from Dan Walsh.
- Allow passing -F to force reset of customizable contexts.
-
-1.23.6 2005-04-13
- * Fixed signed/unsigned pointer bug in load_policy.
- * Reverted context validation patch for genhomedircon.
-
-1.23.5 2005-04-12
- * Reverted load_policy is_selinux_enabled patch from Dan Walsh.
- Otherwise, an initial policy load cannot be performed using
- load_policy, e.g. for anaconda.
-
-1.23.4 2005-04-08
- * Merged load_policy is_selinux_enabled patch from Dan Walsh.
- * Merged restorecon verbose output patch from Dan Walsh.
- * Merged setfiles altroot patch from Chris PeBenito.
-
-1.23.3 2005-03-17
- * Merged context validation patch for genhomedircon from Eric Paris.
-
-1.23.2 2005-03-16
- * Changed setfiles -c to call set_matchpathcon_flags(3) to
- turn off processing of .homedirs and .local.
-
-1.23.1 2005-03-14
- * Merged rewrite of genhomedircon by Eric Paris.
- * Changed fixfiles to relabel jfs since it now supports security xattrs
- (as of 2.6.11). Removed reiserfs until 2.6.12 is released with
- fixed support for reiserfs and selinux.
-
-1.22 2005-03-09
- * Updated version for release.
-
-1.21.22 2005-03-07
- * Merged restorecon and genhomedircon patch from Dan Walsh.
-
-1.21.21 2005-02-28
- * Merged load_policy and genhomedircon patch from Dan Walsh.
-
-1.21.20 2005-02-24
- * Merged fixfiles and genhomedircon patch from Dan Walsh.
-
-1.21.19 2005-02-22
- * Merged several fixes from Ulrich Drepper.
-
-1.21.18 2005-02-18
- * Changed load_policy to fall back to the original policy upon
- an error from sepol_genusers().
-
-1.21.17 2005-02-17
- * Merged new genhomedircon script from Dan Walsh.
-
-1.21.16 2005-02-17
- * Changed load_policy to call sepol_genusers().
-
-1.21.15 2005-02-09
- * Changed relabel Makefile target to use restorecon.
-
-1.21.14 2005-02-08
- * Merged restorecon patch from Dan Walsh.
-
-1.21.13 2005-02-07
- * Merged sestatus patch from Dan Walsh.
- * Merged further change to fixfiles -C from Dan Walsh.
-
-1.21.12 2005-02-02
- * Merged further patches for restorecon/setfiles -e and fixfiles -C.
-
-1.21.11 2005-02-02
- * Merged patch for fixfiles -C option from Dan Walsh.
- * Merged patch -e support for restorecon from Dan Walsh.
- * Merged updated -e support for setfiles from Dan Walsh.
-
-1.21.10 2005-01-31
- * Merged patch for open_init_pty from Manoj Srivastava.
-
-1.21.9 2005-01-28
- * Merged updated fixfiles script from Dan Walsh.
- * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
- * Reverted fixfiles patch for file_contexts.local;
- obsoleted by setfiles rewrite.
- * Merged error handling patch for restorecon from Dan Walsh.
- * Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
-
-1.21.8 2005-01-28
- * Rewrote setfiles to use matchpathcon and the new interfaces
- exported by libselinux (>= 1.21.5).
-
-1.21.7 2005-01-27
- * Prevent overflow of spec array in setfiles.
-
-1.21.6 2005-01-27
- * Merged genhomedircon STARTING_UID bug fix from Dan Walsh.
-
-1.21.5 2005-01-26
- * Merged newrole -l support from Darrel Goeddel (TCS).
-
-1.21.4 2005-01-25
- * Merged fixfiles patch for file_contexts.local from Dan Walsh.
-
-1.21.3 2005-01-21
- * Fixed restorecon to not treat errors from is_context_customizable()
- as a customizable context.
- * Merged setfiles/restorecon patch to not reset user field unless
- -F option is specified from Dan Walsh.
-
-1.21.2 2005-01-21
- * Merged open_init_pty helper for run_init from Manoj Srivastava.
- * Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
-
-1.21.1 2005-01-19
- * Merged customizable contexts patch for restorecon/setfiles from Dan Walsh.
-
-1.20 2005-01-06
- * Merged fixfiles rewrite from Dan Walsh.
- * Merged restorecon patch from Dan Walsh.
- * Merged fixfiles and restorecon patches from Dan Walsh.
- * Changed restorecon to ignore ENOENT errors from matchpathcon.
- * Merged nonls patch from Chris PeBenito.
- * Removed fixfiles.cron.
- * Merged run_init.8 patch from Dan Walsh.
-
-1.18 2004-11-01
- * Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh.
- * Merged sestatus patch from Steve Grubb.
- * Merged fixfiles patch from Dan Walsh.
- * Added -l option to setfiles to log changes via syslog.
- * Merged -e option to setfiles to exclude directories.
- * Merged -R option to restorecon for recursive descent.
- * Merged sestatus patch from Steve Grubb via Dan Walsh.
- * Merged load_policy and fixfiles.cron patches from Dan Walsh.
- * Merged fix for setfiles context validation patch from Colin Walters.
- * Merged setfiles context validation patch from Colin Walters.
- * Merged genhomedircon patch from Russell Coker.
- * Merged restorecon patch from Russell Coker.
-
-1.16 2004-08-13
- * Merged audit2allow fix from Tom London.
- * Merged load_policy man page from Dan Walsh.
- * Merged newrole bug fix from Chad Hanson.
- * Changed load_policy to preserve booleans by default.
- * Changed load_policy to invoke sepol_genbools() instead.
- * Changed load_policy to also invoke security_load_booleans().
- * Merged genhomedircon fixes from Dan Walsh.
- * Changed restorecon to use realpath.
- * Merged fixfiles patch from Dan Walsh.
- * Merged genhomedircon patch from Russell Coker and Dan Walsh.
- * Merged fixfiles patch and fixfiles.cron script from Dan Walsh.
- * Merged stat fix for setfiles -s from Russell Coker.
-
-1.14 2004-06-25
- * Merged fix for fixfiles.
- * Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh.
- * Merged updated genhomedircon script from Russell Coker.
- * Merged run_init patch to find initrc_context from Dan Walsh.
- * Merged fixfiles patch for /etc/selinux from Dan Walsh.
- * Merged restorecon patch from Dan Walsh.
- * Merged fixfiles patch from Dan Walsh.
-
-1.12 2004-05-10
- * Merged newrole patch from Colin Walters.
- * Merged fixfiles from Dan Walsh.
-
-1.10 2004-04-05
- * Changed setfiles to not abort upon lsetfilecon failures.
- * Merged sestatus from Chris PeBenito.
- * Merged fixes for restorecon.
- * Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie.
- * Merged restorecon patch from Dan Walsh.
- * Revert add_assoc change from setfiles.
- * Moved restorecon to /sbin.
- * Disable add_assoc in setfiles by default, use -a to enable.
- * Merged genhomedircon patch from Dan Walsh.
- * Merged restorecon patch from Dan Walsh.
- * Merged setfiles buffer size change from Dan Walsh.
- * Merged genhomedircon fix from Karl MacMillan of Tresys.
- This generates separate lines for each prefix.
-
-1.8 2004-03-09
- * Merged genhomedircon patch from Karl MacMillan of Tresys.
- * Removed checkcon script (obsoleted by restorecon -nv).
- * Replaced restorecon script with C program from Dan Walsh.
- Uses the new matchpathcon function from libselinux.
-
-1.6 2004-02-18
- * Fixed setfiles sorting problem reported by Colin Walters.
- * Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker.
- * Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh.
- * Quiet warning about duplicate same specifications if -q is used.
- * Fixed usage message of audit2allow.
-
-1.4 2003-12-01
- * Merged patch from Russell Coker.
- * Added audit2allow (formerly newrules.pl from policy).
- * Dropped -lattr from Makefiles.
- * Merged setfiles check type first patch by Russell Coker.
-
-1.2 2003-09-30
- * Merged run_init close file patch from Chris PeBenito.
- * Merged setfiles stem compression patch by Russell Coker.
- * Merged setfiles usage/getopt/err patch by Russell Coker.
- * Merged setfiles altroot patch by Hardened Gentoo team.
- * Merged i18n patch by Dan Walsh.
- * Changed Makefiles to allow non-root rpm builds.
-
-1.1 2003-08-13
- * Dropped obsolete psid code from setfiles.
-
-1.0 2003-07-11
- * Initial public release.
-
Copied: tags/policycoreutils_1_33_10/policycoreutils/ChangeLog (from rev 2158, trunk/policycoreutils/ChangeLog)
===================================================================
--- tags/policycoreutils_1_33_10/policycoreutils/ChangeLog (rev 0)
+++ tags/policycoreutils_1_33_10/policycoreutils/ChangeLog 2007-01-08 20:45:13 UTC (rev 2160)
@@ -0,0 +1,704 @@
+1.33.10 2007-01-08
+ * Merged patch to correctly handle a failure during semanage handle
+ creation from Karl MacMillan.
+
+1.33.9 2007-01-05
+ * Merged patch to fix seobject role modification from Dan Walsh.
+
+1.33.8 2007-01-04
+ * Merged patches from Dan Walsh to:
+ - omit the optional name from audit2allow
+ - use the installed python version in the Makefiles
+ - re-open the tty with O_RDWR in newrole
+
+1.33.7 2007-01-03
+ * Patch from Dan Walsh to correctly suppress warnings in load_policy.
+
+1.33.6 2006-11-29
+ * Patch from Dan Walsh to add an pam_acct_msg call to run_init
+ * Patch from Dan Walsh to fix error code returns in newrole
+ * Patch from Dan Walsh to remove verbose flag from semanage man page
+ * Patch from Dan Walsh to make audit2allow use refpolicy Makefile
+ in /usr/share/selinux/<SELINUXTYPE>
+
+1.33.5 2006-11-27
+ * Merged patch from Micheal C Thompson to clean up genhomedircon
+ error handling.
+1.33.4 2006-11-21
+ * Merged po file updates from Dan Walsh.
+
+1.33.3 2006-11-21
+ * Merged setsebool patch from Karl MacMillan.
+ This fixes a bug reported by Yuichi Nakamura with
+ always setting booleans persistently on an unmanaged system.
+
+1.33.2 2006-11-20
+ * Merged patch from Dan Walsh (via Karl MacMillan):
+ * Added newrole audit message on login failure
+ * Add /var/log/wtmp to restorecond.conf watch list
+ * Fix genhomedircon, semanage, semodule_expand man pages.
+
+1.33.1 2006-11-13
+ * Merged newrole patch set from Michael Thompson.
+
+1.32 2006-10-17
+ * Updated version for release.
+
+1.30.31 2006-10-17
+ * Merged audit2allow -l fix from Yuichi Nakamura.
+ * Merged restorecon -i and -o - support from Karl MacMillan.
+ * Merged semanage/seobject fix from Dan Walsh.
+ * Merged fixfiles -R and verify changes from Dan Walsh.
+
+1.30.30 2006-09-29
+ * Merged newrole auditing of failures due to user actions from
+ Michael Thompson.
+
+1.30.29 2006-09-13
+ * Man page corrections from Dan Walsh
+ * Change all python invocations to /usr/bin/python -E
+ * Add missing getopt flags to genhomedircon
+
+1.30.28 2006-09-01
+ * Merged fix for restorecon // handling from Erich Schubert.
+ * Merged translations update and fixfiles fix from Dan Walsh.
+
+1.30.27 2006-08-24
+ * Merged fix for restorecon symlink handling from Erich Schubert.
+
+1.30.26 2006-08-11
+ * Merged semanage local file contexts patch from Chris PeBenito.
+
+1.30.25 2006-08-03
+ * Merged patch from Dan Walsh with:
+ * audit2allow: process MAC_POLICY_LOAD events
+ * newrole: run shell with - prefix to start a login shell
+ * po: po file updates
+ * restorecond: bail if SELinux not enabled
+ * fixfiles: omit -q
+ * genhomedircon: fix exit code if non-root
+ * semodule_deps: install man page
+
+1.30.24 2006-08-03
+ * Merged secon Makefile fix from Joshua Brindle.
+
+1.30.23 2006-08-03
+ * Merged netfilter contexts support patch from Chris PeBenito.
+
+1.30.22 2006-07-28
+ * Merged restorecond size_t fix from Joshua Brindle.
+
+1.30.21 2006-07-28
+ * Merged secon keycreate patch from Michael LeMay.
+
+1.30.20 2006-07-26
+ * Merged restorecond fixes from Dan Walsh.
+ Merged updated po files from Dan Walsh.
+
+1.30.19 2006-07-26
+ * Merged python gettext patch from Stephen Bennett.
+
+1.30.18 2006-07-25
+ * Merged semodule_deps from Karl MacMillan.
+
+1.30.17 2006-06-29
+ * Lindent.
+
+1.30.16 2006-06-26
+ * Merged patch from Dan Walsh with:
+ * -p option (progress) for setfiles and restorecon.
+ * disable context translation for setfiles and restorecon.
+ * on/off values for setsebool.
+
+1.30.15 2006-06-26
+ * Merged setfiles and semodule_link fixes from Joshua Brindle.
+
+1.30.14 2006-06-16
+ * Merged fix for setsebool error path from Serge Hallyn.
+
+1.30.13 2006-06-16
+ * Merged patch from Dan Walsh with:
+ * Updated po files.
+ * Fixes for genhomedircon and seobject.
+ * Audit message for mass relabel by setfiles.
+
+1.30.12 2006-06-02
+ * Updated fixfiles script for new setfiles location in /sbin.
+
+1.30.11 2006-05-26
+ * Merged more translations from Dan Walsh.
+ * Merged patch to relocate setfiles to /sbin for early relabel
+ when /usr might not be mounted from Dan Walsh.
+ * Merged semanage/seobject patch to preserve fcontext ordering in list.
+ * Merged secon patch from James Antill.
+
+1.30.10 2006-05-22
+ * Merged patch with updates to audit2allow, secon, genhomedircon,
+ and semanage from Dan Walsh.
+
+1.30.9 2006-05-08
+ * Fixed audit2allow and po Makefiles for DESTDIR= builds.
+ * Merged .po file patch from Dan Walsh.
+ * Merged bug fix for genhomedircon.
+
+1.30.8 2006-05-08
+ * Merged patch from Dan Walsh.
+ This includes audit2allow changes for analysis plugins,
+ internationalization support for several additional programs
+ and added po files, some fixes for semanage, and several cleanups.
+ It also adds a new secon utility.
+
+1.30.7 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.30.6 2006-04-14
+ * Merged semanage prefix support from Russell Coker.
+
+1.30.5 2006-04-11
+ * Added a test to setfiles to check that the spec file is
+ a regular file.
+
+1.30.4 2006-03-29
+ * Merged audit2allow fixes for refpolicy from Dan Walsh.
+ * Merged fixfiles patch from Dan Walsh.
+ * Merged restorecond daemon from Dan Walsh.
+
+1.30.3 2006-03-29
+ * Merged semanage non-MLS fixes from Chris PeBenito.
+
+1.30.2 2006-03-29
+ * Merged semanage and semodule man page examples from Thomas Bleher.
+
+1.30.1 2006-03-20
+ * Merged semanage labeling prefix patch from Ivan Gyurdiev.
+
+1.30 2006-03-14
+ * Updated version for release.
+
+1.29.28 2006-03-13
+ * Merged German translations (de.po) by Debian translation team from Manoj Srivastava.
+
+1.29.27 2006-03-08
+ * Merged audit2allow -R support, chcat fix, semanage MLS checks
+ and semanage audit calls from Dan Walsh.
+
+1.29.26 2006-02-15
+ * Merged semanage bug fix patch from Ivan Gyurdiev.
+
+1.29.25 2006-02-14
+ * Merged improve bindings patch from Ivan Gyurdiev.
+
+1.29.24 2006-02-14
+ * Merged semanage usage patch from Ivan Gyurdiev.
+ * Merged use PyList patch from Ivan Gyurdiev.
+
+1.29.23 2006-02-13
+ * Merged newrole -V/--version support from Glauber de Oliveira Costa.
+
+1.29.22 2006-02-13
+ * Merged genhomedircon prefix patch from Dan Walsh.
+
+1.29.21 2006-02-13
+ * Merged optionals in base patch from Joshua Brindle.
+
+1.29.20 2006-02-07
+ * Merged seuser/user_extra support patch to semodule_package
+ from Joshua Brindle.
+
+1.29.19 2006-02-06
+ * Merged getopt type fix for semodule_link/expand and sestatus
+ from Chris PeBenito.
+
+1.29.18 2006-02-02
+ * Merged clone record on set_con patch from Ivan Gyurdiev.
+
+1.29.17 2006-01-30
+ * Merged genhomedircon fix from Dan Walsh.
+
+1.29.16 2006-01-30
+ * Merged seusers.system patch from Ivan Gyurdiev.
+ * Merged improve port/fcontext API patch from Ivan Gyurdiev.
+ * Merged genhomedircon patch from Dan Walsh.
+
+1.29.15 2006-01-27
+ * Merged newrole audit patch from Steve Grubb.
+
+1.29.14 2006-01-27
+ * Merged seuser -> seuser local rename patch from Ivan Gyurdiev.
+
+1.29.13 2006-01-27
+ * Merged semanage and semodule access check patches from Joshua Brindle.
+
+1.29.12 2006-01-26
+ * Merged restorecon, chcat, and semanage patches from Dan Walsh.
+
+1.29.11 2006-01-25
+ * Modified newrole and run_init to use the loginuid when
+ supported to obtain the Linux user identity to re-authenticate,
+ and to fall back to real uid. Dropped the use of the SELinux
+ user identity, as Linux users are now mapped to SELinux users
+ via seusers and the SELinux user identity space is separate.
+
+1.29.10 2006-01-20
+ * Merged semanage bug fixes from Ivan Gyurdiev.
+ * Merged semanage fixes from Russell Coker.
+ * Merged chcat.8 and genhomedircon patches from Dan Walsh.
+
+1.29.9 2006-01-19
+ * Merged chcat, semanage, and setsebool patches from Dan Walsh.
+
+1.29.8 2006-01-18
+ * Merged semanage fixes from Ivan Gyurdiev.
+ * Merged semanage fixes from Russell Coker.
+ * Merged chcat, genhomedircon, and semanage diffs from Dan Walsh.
+
+1.29.7 2006-01-13
+ * Merged newrole cleanup patch from Steve Grubb.
+ * Merged setfiles/restorecon performance patch from Russell Coker.
+ * Merged genhomedircon and semanage patches from Dan Walsh.
+
+1.29.6 2006-01-12
+ * Merged remove add_local/set_local patch from Ivan Gyurdiev.
+
+1.29.5 2006-01-05
+ * Added filename to semodule error reporting.
+
+1.29.4 2006-01-05
+ * Merged genhomedircon and semanage patch from Dan Walsh.
+ * Changed semodule error reporting to include argv[0].
+
+1.29.3 2006-01-04
+ * Merged semanage getpwnam bug fix from Serge Hallyn (IBM).
+ * Merged patch series from Ivan Gyurdiev.
+ This includes patches to:
+ - cleanup setsebool
+ - update setsebool to apply active booleans through libsemanage
+ - update semodule to use the new semanage_set_rebuild() interface
+ - fix various bugs in semanage
+ * Merged patch from Dan Walsh (Red Hat).
+ This includes fixes for restorecon, chcat, fixfiles, genhomedircon,
+ and semanage.
+
+1.29.2 2005-12-14
+ * Merged patch for chcat script from Dan Walsh.
+
+1.29.1 2005-12-08
+ * Merged fix for audit2allow long option list from Dan Walsh.
+ * Merged -r option for restorecon (alias for -R) from Dan Walsh.
+ * Merged chcat script and man page from Dan Walsh.
+
+1.28 2005-12-07
+ * Updated version for release.
+
+1.27.37 2005-12-07
+ * Clarified the genhomedircon warning message.
+
+1.27.36 2005-12-05
+ * Changed genhomedircon to warn on use of ROLE in homedir_template
+ if using managed policy, as libsemanage does not yet support it.
+
+1.27.35 2005-12-02
+ * Merged genhomedircon bug fix from Dan Walsh.
+
+1.27.34 2005-12-02
+ * Revised semodule* man pages to refer to checkmodule and
+ to include example sections.
+
+1.27.33 2005-12-01
+ * Merged audit2allow --tefile and --fcfile support from Dan Walsh.
+ * Merged genhomedircon fix from Dan Walsh.
+ * Merged semodule* man pages from Dan Walsh, and edited them.
+
+1.27.32 2005-12-01
+ * Changed setfiles to set the MATCHPATHCON_VALIDATE flag to
+ retain validation/canonicalization of contexts during init.
+
+1.27.31 2005-11-29
+ * Changed genhomedircon to always use user_r for the role in the
+ managed case since user_get_defrole is broken.
+
+1.27.30 2005-11-29
+ * Merged sestatus, audit2allow, and semanage patch from Dan Walsh.
+ * Fixed semodule -v option.
+
+1.27.29 2005-11-28
+ * Merged audit2allow python script from Dan Walsh.
+ (old script moved to audit2allow.perl, will be removed later).
+ * Merged genhomedircon fixes from Dan Walsh.
+ * Merged semodule quieting patch from Dan Walsh
+ (inverts default, use -v to restore original behavior).
+
+1.27.28 2005-11-15
+ * Merged genhomedircon rewrite from Dan Walsh.
+
+1.27.27 2005-11-09
+ * Merged setsebool cleanup patch from Ivan Gyurdiev.
+
+1.27.26 2005-11-09
+ * Added -B (--build) option to semodule to force a rebuild.
+
+1.27.25 2005-11-08
+ * Reverted setsebool patch to call semanage_set_reload_bools().
+ * Changed setsebool to disable policy reload and to call
+ security_set_boolean_list to update the runtime booleans.
+
+1.27.24 2005-11-08
+ * Changed setfiles -c to use new flag to set_matchpathcon_flags()
+ to disable context translation by matchpathcon_init().
+
+1.27.23 2005-11-07
+ * Changed setfiles for the context canonicalization support.
+
+1.27.22 2005-11-07
+ * Changed setsebool to call semanage_is_managed() interface
+ and fall back to security_set_boolean_list() if policy is
+ not managed.
+
+1.27.21 2005-11-07
+ * Merged setsebool memory leak fix from Ivan Gyurdiev.
+ * Merged setsebool patch to call semanage_set_reload_bools()
+ interface from Ivan Gyurdiev.
+
+1.27.20 2005-11-04
+ * Merged setsebool patch from Ivan Gyurdiev.
+ This moves setsebool from libselinux/utils to policycoreutils,
+ and rewrites it to use libsemanage for permanent boolean changes.
+
+1.27.19 2005-10-25
+ * Merged semodule support for reload, noreload, and store options
+ from Joshua Brindle.
+ * Merged semodule_package rewrite from Joshua Brindle.
+
+1.27.18 2005-10-20
+ * Cleaned up usage and error messages and releasing of memory by
+ semodule_* utilities.
+
+1.27.17 2005-10-20
+ * Corrected error reporting by semodule.
+
+1.27.16 2005-10-19
+ * Updated semodule_expand for change to sepol interface.
+
+1.27.15 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.27.14 2005-10-18
+ * Updated semodule_package for sepol interface changes.
+
+1.27.13 2005-10-17
+ * Updated semodule_expand/link for sepol interface changes.
+
+1.27.12 2005-10-14
+ * Merged non-PAM Makefile support for newrole and run_init from Timothy Wood.
+
+1.27.11 2005-10-13
+ * Updated semodule_expand to use get interfaces for hidden sepol_module_package type.
+
+1.27.10 2005-10-13
+ * Merged newrole and run_init pam config patches from Dan Walsh (Red Hat).
+
+1.27.9 2005-10-13
+ * Merged fixfiles patch from Dan Walsh (Red Hat).
+
+1.27.8 2005-10-13
+ * Updated semodule for removal of semanage_strerror.
+
+1.27.7 2005-10-11
+ * Updated semodule_link and semodule_expand to use shared libsepol.
+ Fixed audit2why to call policydb_init prior to policydb_read (still
+ uses the static libsepol).
+
+1.27.6 2005-10-07
+ * Updated for changes to libsepol.
+ Changed semodule and semodule_package to use the shared libsepol.
+ Disabled build of semodule_link and semodule_expand for now.
+ Updated audit2why for relocated policydb internal headers,
+ still needs to be converted to a shared lib interface.
+
+1.27.5 2005-10-06
+ * Fixed warnings in load_policy.
+
+1.27.4 2005-10-06
+ * Rewrote load_policy to use the new selinux_mkload_policy()
+ interface provided by libselinux.
+
+1.27.3 2005-09-28
+ * Merged patch to update semodule to the new libsemanage API
+ and improve the user interface from Karl MacMillan (Tresys).
+ * Modified semodule for the create/connect API split.
+
+1.27.2 2005-09-20
+ * Merged run_init open_init_pty bug fix from Manoj Srivastava
+ (unblock SIGCHLD). Bug reported by Erich Schubert.
+
+1.27.1 2005-09-20
+ * Merged error shadowing bug fix for restorecon from Dan Walsh.
+ * Merged setfiles usage/man page update for -r option from Dan Walsh.
+ * Merged fixfiles -C patch to ignore :s0 addition on update
+ to a MCS/MLS policy from Dan Walsh.
+
+1.26 2005-09-06
+ * Updated version for release.
+
+1.25.9 2005-08-31
+ * Changed setfiles -c to translate the context to raw format
+ prior to calling libsepol.
+
+1.25.8 2005-08-31
+ * Changed semodule to report errors even without -v,
+ to detect extraneous arguments, and corrected usage message.
+
+1.25.7 2005-08-25
+ * Merged patch for fixfiles -C from Dan Walsh.
+
+1.25.6 2005-08-22
+ * Merged fixes for semodule_link and sestatus from Serge Hallyn (IBM).
+ Bugs found by Coverity.
+
+1.25.5 2005-08-02
+ * Merged patch to move module read/write code from libsemanage
+ to libsepol from Jason Tang (Tresys).
+
+1.25.4 2005-07-27
+ * Changed semodule* to link with libsemanage.
+
+1.25.3 2005-07-26
+ * Merged restorecon patch from Ivan Gyurdiev.
+
+1.25.2 2005-07-11
+ * Merged load_policy, newrole, and genhomedircon patches from Red Hat.
+
+1.25.1 2005-07-06
+ * Merged loadable module support from Tresys Technology.
+
+1.24 2005-06-20
+ * Updated version for release.
+
+1.23.11 2005-05-19
+ * Merged fixfiles and newrole patch from Dan Walsh.
+ * Merged audit2why man page from Dan Walsh.
+
+1.23.10 2005-05-16
+ * Extended audit2why to incorporate booleans and local user
+ settings when analyzing audit messages.
+
+1.23.9 2005-05-13
+ * Updated audit2why for sepol_ prefixes on Flask types to
+ avoid namespace collision with libselinux, and to
+ include <selinux/selinux.h> now.
+
+1.23.8 2005-05-13
+ * Added audit2why utility.
+
+1.23.7 2005-04-29
+ * Merged patch for fixfiles from Dan Walsh.
+ Allow passing -F to force reset of customizable contexts.
+
+1.23.6 2005-04-13
+ * Fixed signed/unsigned pointer bug in load_policy.
+ * Reverted context validation patch for genhomedircon.
+
+1.23.5 2005-04-12
+ * Reverted load_policy is_selinux_enabled patch from Dan Walsh.
+ Otherwise, an initial policy load cannot be performed using
+ load_policy, e.g. for anaconda.
+
+1.23.4 2005-04-08
+ * Merged load_policy is_selinux_enabled patch from Dan Walsh.
+ * Merged restorecon verbose output patch from Dan Walsh.
+ * Merged setfiles altroot patch from Chris PeBenito.
+
+1.23.3 2005-03-17
+ * Merged context validation patch for genhomedircon from Eric Paris.
+
+1.23.2 2005-03-16
+ * Changed setfiles -c to call set_matchpathcon_flags(3) to
+ turn off processing of .homedirs and .local.
+
+1.23.1 2005-03-14
+ * Merged rewrite of genhomedircon by Eric Paris.
+ * Changed fixfiles to relabel jfs since it now supports security xattrs
+ (as of 2.6.11). Removed reiserfs until 2.6.12 is released with
+ fixed support for reiserfs and selinux.
+
+1.22 2005-03-09
+ * Updated version for release.
+
+1.21.22 2005-03-07
+ * Merged restorecon and genhomedircon patch from Dan Walsh.
+
+1.21.21 2005-02-28
+ * Merged load_policy and genhomedircon patch from Dan Walsh.
+
+1.21.20 2005-02-24
+ * Merged fixfiles and genhomedircon patch from Dan Walsh.
+
+1.21.19 2005-02-22
+ * Merged several fixes from Ulrich Drepper.
+
+1.21.18 2005-02-18
+ * Changed load_policy to fall back to the original policy upon
+ an error from sepol_genusers().
+
+1.21.17 2005-02-17
+ * Merged new genhomedircon script from Dan Walsh.
+
+1.21.16 2005-02-17
+ * Changed load_policy to call sepol_genusers().
+
+1.21.15 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.21.14 2005-02-08
+ * Merged restorecon patch from Dan Walsh.
+
+1.21.13 2005-02-07
+ * Merged sestatus patch from Dan Walsh.
+ * Merged further change to fixfiles -C from Dan Walsh.
+
+1.21.12 2005-02-02
+ * Merged further patches for restorecon/setfiles -e and fixfiles -C.
+
+1.21.11 2005-02-02
+ * Merged patch for fixfiles -C option from Dan Walsh.
+ * Merged patch -e support for restorecon from Dan Walsh.
+ * Merged updated -e support for setfiles from Dan Walsh.
+
+1.21.10 2005-01-31
+ * Merged patch for open_init_pty from Manoj Srivastava.
+
+1.21.9 2005-01-28
+ * Merged updated fixfiles script from Dan Walsh.
+ * Merged updated man page for fixfiles from Dan Walsh and re-added unzipped.
+ * Reverted fixfiles patch for file_contexts.local;
+ obsoleted by setfiles rewrite.
+ * Merged error handling patch for restorecon from Dan Walsh.
+ * Merged semi raw mode for open_init_pty helper from Manoj Srivastava.
+
+1.21.8 2005-01-28
+ * Rewrote setfiles to use matchpathcon and the new interfaces
+ exported by libselinux (>= 1.21.5).
+
+1.21.7 2005-01-27
+ * Prevent overflow of spec array in setfiles.
+
+1.21.6 2005-01-27
+ * Merged genhomedircon STARTING_UID bug fix from Dan Walsh.
+
+1.21.5 2005-01-26
+ * Merged newrole -l support from Darrel Goeddel (TCS).
+
+1.21.4 2005-01-25
+ * Merged fixfiles patch for file_contexts.local from Dan Walsh.
+
+1.21.3 2005-01-21
+ * Fixed restorecon to not treat errors from is_context_customizable()
+ as a customizable context.
+ * Merged setfiles/restorecon patch to not reset user field unless
+ -F option is specified from Dan Walsh.
+
+1.21.2 2005-01-21
+ * Merged open_init_pty helper for run_init from Manoj Srivastava.
+ * Merged audit2allow and genhomedircon man pages from Manoj Srivastava.
+
+1.21.1 2005-01-19
+ * Merged customizable contexts patch for restorecon/setfiles from Dan Walsh.
+
+1.20 2005-01-06
+ * Merged fixfiles rewrite from Dan Walsh.
+ * Merged restorecon patch from Dan Walsh.
+ * Merged fixfiles and restorecon patches from Dan Walsh.
+ * Changed restorecon to ignore ENOENT errors from matchpathcon.
+ * Merged nonls patch from Chris PeBenito.
+ * Removed fixfiles.cron.
+ * Merged run_init.8 patch from Dan Walsh.
+
+1.18 2004-11-01
+ * Merged audit2allow patch from Thomas Bleher, with mods by Dan Walsh.
+ * Merged sestatus patch from Steve Grubb.
+ * Merged fixfiles patch from Dan Walsh.
+ * Added -l option to setfiles to log changes via syslog.
+ * Merged -e option to setfiles to exclude directories.
+ * Merged -R option to restorecon for recursive descent.
+ * Merged sestatus patch from Steve Grubb via Dan Walsh.
+ * Merged load_policy and fixfiles.cron patches from Dan Walsh.
+ * Merged fix for setfiles context validation patch from Colin Walters.
+ * Merged setfiles context validation patch from Colin Walters.
+ * Merged genhomedircon patch from Russell Coker.
+ * Merged restorecon patch from Russell Coker.
+
+1.16 2004-08-13
+ * Merged audit2allow fix from Tom London.
+ * Merged load_policy man page from Dan Walsh.
+ * Merged newrole bug fix from Chad Hanson.
+ * Changed load_policy to preserve booleans by default.
+ * Changed load_policy to invoke sepol_genbools() instead.
+ * Changed load_policy to also invoke security_load_booleans().
+ * Merged genhomedircon fixes from Dan Walsh.
+ * Changed restorecon to use realpath.
+ * Merged fixfiles patch from Dan Walsh.
+ * Merged genhomedircon patch from Russell Coker and Dan Walsh.
+ * Merged fixfiles patch and fixfiles.cron script from Dan Walsh.
+ * Merged stat fix for setfiles -s from Russell Coker.
+
+1.14 2004-06-25
+ * Merged fix for fixfiles.
+ * Merged enhancements to setfiles, fixfiles and restorecon from Dan Walsh.
+ * Merged updated genhomedircon script from Russell Coker.
+ * Merged run_init patch to find initrc_context from Dan Walsh.
+ * Merged fixfiles patch for /etc/selinux from Dan Walsh.
+ * Merged restorecon patch from Dan Walsh.
+ * Merged fixfiles patch from Dan Walsh.
+
+1.12 2004-05-10
+ * Merged newrole patch from Colin Walters.
+ * Merged fixfiles from Dan Walsh.
+
+1.10 2004-04-05
+ * Changed setfiles to not abort upon lsetfilecon failures.
+ * Merged sestatus from Chris PeBenito.
+ * Merged fixes for restorecon.
+ * Merged setfiles verbosity patch from Dan Walsh and Stephen Tweedie.
+ * Merged restorecon patch from Dan Walsh.
+ * Revert add_assoc change from setfiles.
+ * Moved restorecon to /sbin.
+ * Disable add_assoc in setfiles by default, use -a to enable.
+ * Merged genhomedircon patch from Dan Walsh.
+ * Merged restorecon patch from Dan Walsh.
+ * Merged setfiles buffer size change from Dan Walsh.
+ * Merged genhomedircon fix from Karl MacMillan of Tresys.
+ This generates separate lines for each prefix.
+
+1.8 2004-03-09
+ * Merged genhomedircon patch from Karl MacMillan of Tresys.
+ * Removed checkcon script (obsoleted by restorecon -nv).
+ * Replaced restorecon script with C program from Dan Walsh.
+ Uses the new matchpathcon function from libselinux.
+
+1.6 2004-02-18
+ * Fixed setfiles sorting problem reported by Colin Walters.
+ * Merged setfiles patch from Robert Bihlmeyer, amended by Russell Coker.
+ * Added scripts (checkcon, restorecon, genhomedircon) from Dan Walsh.
+ * Quiet warning about duplicate same specifications if -q is used.
+ * Fixed usage message of audit2allow.
+
+1.4 2003-12-01
+ * Merged patch from Russell Coker.
+ * Added audit2allow (formerly newrules.pl from policy).
+ * Dropped -lattr from Makefiles.
+ * Merged setfiles check type first patch by Russell Coker.
+
+1.2 2003-09-30
+ * Merged run_init close file patch from Chris PeBenito.
+ * Merged setfiles stem compression patch by Russell Coker.
+ * Merged setfiles usage/getopt/err patch by Russell Coker.
+ * Merged setfiles altroot patch by Hardened Gentoo team.
+ * Merged i18n patch by Dan Walsh.
+ * Changed Makefiles to allow non-root rpm builds.
+
+1.1 2003-08-13
+ * Dropped obsolete psid code from setfiles.
+
+1.0 2003-07-11
+ * Initial public release.
+
Deleted: tags/policycoreutils_1_33_10/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2007-01-05 19:15:46 UTC (rev 2153)
+++ tags/policycoreutils_1_33_10/policycoreutils/VERSION 2007-01-08 20:45:13 UTC (rev 2160)
@@ -1 +0,0 @@
-1.33.9
Copied: tags/policycoreutils_1_33_10/policycoreutils/VERSION (from rev 2158, trunk/policycoreutils/VERSION)
===================================================================
--- tags/policycoreutils_1_33_10/policycoreutils/VERSION (rev 0)
+++ tags/policycoreutils_1_33_10/policycoreutils/VERSION 2007-01-08 20:45:13 UTC (rev 2160)
@@ -0,0 +1 @@
+1.33.10
Deleted: tags/policycoreutils_1_33_10/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2007-01-05 19:15:46 UTC (rev 2153)
+++ tags/policycoreutils_1_33_10/policycoreutils/semanage/seobject.py 2007-01-08 20:45:13 UTC (rev 2160)
@@ -1,1287 +0,0 @@
-#! /usr/bin/python -E
-# Copyright (C) 2005 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# semanage is a tool for managing SELinux configuration files
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2 of
-# the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-# 02111-1307 USA
-#
-#
-
-import pwd, string, selinux, tempfile, os, re, sys
-from semanage import *;
-import gettext
-
-try:
- t = gettext.translation('policycoreutils', '/usr/share/locale')
- _ = t.ugettext
-except:
- pass
-
-is_mls_enabled = selinux.is_selinux_mls_enabled()
-
-import syslog
-
-file_types = {}
-file_types[""] = SEMANAGE_FCONTEXT_ALL;
-file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
-file_types["--"] = SEMANAGE_FCONTEXT_REG;
-file_types["regular file"] = SEMANAGE_FCONTEXT_REG;
-file_types["-d"] = SEMANAGE_FCONTEXT_DIR;
-file_types["directory"] = SEMANAGE_FCONTEXT_DIR;
-file_types["-c"] = SEMANAGE_FCONTEXT_CHAR;
-file_types["character device"] = SEMANAGE_FCONTEXT_CHAR;
-file_types["-b"] = SEMANAGE_FCONTEXT_BLOCK;
-file_types["block device"] = SEMANAGE_FCONTEXT_BLOCK;
-file_types["-s"] = SEMANAGE_FCONTEXT_SOCK;
-file_types["socket"] = SEMANAGE_FCONTEXT_SOCK;
-file_types["-l"] = SEMANAGE_FCONTEXT_LINK;
-file_types["symbolic link"] = SEMANAGE_FCONTEXT_LINK;
-file_types["-p"] = SEMANAGE_FCONTEXT_PIPE;
-file_types["named pipe"] = SEMANAGE_FCONTEXT_PIPE;
-
-try:
- import audit
- class logger:
- def __init__(self):
- self.audit_fd = audit.audit_open()
-
- def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
- audit.audit_log_semanage_message(self.audit_fd, audit.AUDIT_USER_ROLE_CHANGE, sys.argv[0],msg, name, 0, sename, serole, serange, old_sename, old_serole, old_serange, "", "", "", success);
-except:
- class logger:
- def log(self, success, msg, name = "", sename = "", serole = "", serange = "", old_sename = "", old_serole = "", old_serange = ""):
- if success == 1:
- message = "Successful: "
- else:
- message = "Failed: "
- message += " %s name=%s" % (msg,name)
- if sename != "":
- message += " sename=" + sename
- if old_sename != "":
- message += " old_sename=" + old_sename
- if serole != "":
- message += " role=" + serole
- if old_serole != "":
- message += " old_role=" + old_serole
- if serange != "" and serange != None:
- message += " MLSRange=" + serange
- if old_serange != "" and old_serange != None:
- message += " old_MLSRange=" + old_serange
- syslog.syslog(message);
-
-mylog = logger()
-
-def validate_level(raw):
- sensitivity = "s[0-9]*"
- category = "c[0-9]*"
- cat_range = category + "(\." + category +")?"
- categories = cat_range + "(\," + cat_range + ")*"
- reg = sensitivity + "(-" + sensitivity + ")?" + "(:" + categories + ")?"
- return re.search("^" + reg +"$",raw)
-
-def translate(raw, prepend = 1):
- if prepend == 1:
- context = "a:b:c:%s" % raw
- else:
- context = raw
- (rc, trans) = selinux.selinux_raw_to_trans_context(context)
- if rc != 0:
- return raw
- if prepend:
- trans = trans.strip("a:b:c")
- if trans == "":
- return raw
- else:
- return trans
-
-def untranslate(trans, prepend = 1):
- if prepend == 1:
- context = "a:b:c:%s" % trans
- else:
- context = trans
-
- (rc, raw) = selinux.selinux_trans_to_raw_context(context)
- if rc != 0:
- return trans
- if prepend:
- raw = raw.strip("a:b:c")
- if raw == "":
- return trans
- else:
- return raw
-
-class setransRecords:
- def __init__(self):
- if not is_mls_enabled:
- raise ValueError(_("translations not supported on non-MLS machines"))
- self.filename = selinux.selinux_translations_path()
- try:
- fd = open(self.filename, "r")
- translations = fd.readlines()
- fd.close()
- except IOError, e:
- raise ValueError(_("Unable to open %s: translations not supported on non-MLS machines") % (self.filename, e) )
-
- self.ddict = {}
- self.comments = []
- for r in translations:
- if len(r) == 0:
- continue
- i = r.strip()
- if i == "" or i[0] == "#":
- self.comments.append(r)
- continue
- i = i.split("=")
- if len(i) != 2:
- self.comments.append(r)
- continue
- self.ddict[i[0]] = i[1]
-
- def get_all(self):
- return self.ddict
-
- def out(self):
- rec = ""
- for c in self.comments:
- rec += c +"\n"
- keys = self.ddict.keys()
- keys.sort()
- for k in keys:
- rec += "%s=%s\n" % (k, self.ddict[k])
- return rec
-
- def list(self,heading = 1):
- if heading:
- print "\n%-25s %s\n" % ("Level", "Translation")
- keys = self.ddict.keys()
- keys.sort()
- for k in keys:
- print "%-25s %s" % (k, self.ddict[k])
-
- def add(self, raw, trans):
- if trans.find(" ") >= 0:
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
-
- if validate_level(raw) == None:
- raise ValueError(_("Invalid Level '%s' ") % raw)
-
- if self.ddict.has_key(raw):
- raise ValueError(_("%s already defined in translations") % raw)
- else:
- self.ddict[raw] = trans
- self.save()
-
- def modify(self, raw, trans):
- if trans.find(" ") >= 0:
-
- raise ValueError(_("Translations can not contain spaces '%s' ") % trans)
- if self.ddict.has_key(raw):
- self.ddict[raw] = trans
- else:
- raise ValueError(_("%s not defined in translations") % raw)
- self.save()
-
- def delete(self, raw):
- self.ddict.pop(raw)
- self.save()
-
- def save(self):
- (fd, newfilename) = tempfile.mkstemp('', self.filename)
- os.write(fd, self.out())
- os.close(fd)
- os.rename(newfilename, self.filename)
-
-class semanageRecords:
- def __init__(self):
- self.sh = semanage_handle_create()
- self.semanaged = semanage_is_managed(self.sh)
-
- if not self.semanaged:
- semanage_handle_destroy(self.sh)
- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
-
- rc = semanage_access_check(self.sh)
- if rc < SEMANAGE_CAN_READ:
- semanage_handle_destroy(self.sh)
- raise ValueError(_("Cannot read policy store."))
-
- rc = semanage_connect(self.sh)
- if rc < 0:
- semanage_handle_destroy(self.sh)
- raise ValueError(_("Could not establish semanage connection"))
-
-class loginRecords(semanageRecords):
- def __init__(self):
- semanageRecords.__init__(self)
-
- def add(self, name, sename, serange):
- if is_mls_enabled == 1:
- if serange == "":
- serange = "s0"
- else:
- serange = untranslate(serange)
-
- if sename == "":
- sename = "user_u"
-
- try:
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
- if exists:
- raise ValueError(_("Login mapping for %s is already defined") % name)
- try:
- pwd.getpwnam(name)
- except:
- raise ValueError(_("Linux User %s does not exist") % name)
-
- (rc,u) = semanage_seuser_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create login mapping for %s") % name)
-
- rc = semanage_seuser_set_name(self.sh, u, name)
- if rc < 0:
- raise ValueError(_("Could not set name for %s") % name)
-
- if serange != "":
- rc = semanage_seuser_set_mlsrange(self.sh, u, serange)
- if rc < 0:
- raise ValueError(_("Could not set MLS range for %s") % name)
-
- rc = semanage_seuser_set_sename(self.sh, u, sename)
- if rc < 0:
- raise ValueError(_("Could not set SELinux user for %s") % name)
-
- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
- raise ValueError(_("Could not start semanage transaction"))
-
- rc = semanage_seuser_modify_local(self.sh, k, u)
- if rc < 0:
- raise ValueError(_("Could not add login mapping for %s") % name)
-
- rc = semanage_commit(self.sh)
- if rc < 0:
- raise ValueError(_("Could not add login mapping for %s") % name)
-
- except ValueError, error:
- mylog.log(0, "add SELinux user mapping", name, sename, "", serange);
- raise error
-
- mylog.log(1, "add SELinux user mapping", name, sename, "", serange);
- semanage_seuser_key_free(k)
- semanage_seuser_free(u)
-
- def modify(self, name, sename = "", serange = ""):
- oldsename = ""
- oldserange = ""
- try:
- if sename == "" and serange == "":
- raise ValueError(_("Requires seuser or serange"))
-
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if login mapping for %s is defined") % name)
- if not exists:
- raise ValueError(_("Login mapping for %s is not defined") % name)
-
- (rc,u) = semanage_seuser_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query seuser for %s") % name)
-
- oldserange = semanage_seuser_get_mlsrange(u)
- oldsename = semanage_seuser_get_sename(u)
- if serange != "":
- semanage_seuser_set_mlsrange(self.sh, u, untranslate(serange))
- else:
- serange = oldserange
- if sename != "":
- semanage_seuser_set_sename(self.sh, u, sename)
- else:
- sename = oldsename
-
- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
- raise ValueError(_("Could not start semanage transaction"))
-
- rc = semanage_seuser_modify_local(self.sh, k, u)
- if rc < 0:
- raise ValueError(_("Could not modify login mapping for %s") % name)
-
- rc = semanage_commit(self.sh)
- if rc < 0:
- raise ValueError(_("Could not modify login mapping for %s") % name)
-
- except ValueError, error:
- mylog.log(0,"modify selinux user mapping", name, sename,"", serange, oldsename, "", oldserange);
- raise error
-
- mylog.log(1,"modify selinux user mapping", name, sename, "", serange, oldsename, "", oldserange);
- semanage_seuser_key_free(k)
- semanage_seuser_free(u)
-
- def delete(self, name):
- try:
- (rc,k) = semanage_seuser_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % name)
-
- (rc,exists) = semanage_seuser_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check ...
[truncated message content] |
