1 |
commit: 260446e8ef6b1f240c49482cfa7cf4f3041e14f8 |
2 |
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com> |
3 |
AuthorDate: Wed Apr 24 20:14:52 2013 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Wed May 1 18:21:02 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=260446e8 |
7 |
|
8 |
Update Changelog and VERSION for release. |
9 |
|
10 |
--- |
11 |
Changelog | 216 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
12 |
VERSION | 2 +- |
13 |
2 files changed, 217 insertions(+), 1 deletions(-) |
14 |
|
15 |
diff --git a/Changelog b/Changelog |
16 |
index 5fcca55..85be207 100644 |
17 |
--- a/Changelog |
18 |
+++ b/Changelog |
19 |
@@ -214,3 +214,219 @@ Sven Vermeulen (27): |
20 |
Introduce exec-check interfaces for passwd binaries and useradd binaries |
21 |
chfn_t reads in file context information and executes nscd |
22 |
|
23 |
+* Wed Apr 24 2013 Chris PeBenito <selinux@××××××.com> - 2.20130424 |
24 |
+Chris PeBenito (78): |
25 |
+ Mcelog update from Guido Trentalancia. |
26 |
+ Add bird contrib module from Dominick Grift. |
27 |
+ Minor whitespace fix in udev.fc |
28 |
+ Module version bump for udev binary location update from Sven Vermeulen. |
29 |
+ clarify the file_contexts.subs_dist configuration file usage from Guido |
30 |
+ Trentalancia |
31 |
+ Update contrib. |
32 |
+ Remove trailing / from paths |
33 |
+ Module version bump for fc substitutions optimizations from Sven |
34 |
+ Vermeulen. |
35 |
+ Update contrib. |
36 |
+ Module version bump for /run/dhcpc directory creation by dhcp from Sven |
37 |
+ Vermeulen. |
38 |
+ Module version bump for fc fixes in devices module from Dominick Grift. |
39 |
+ Update contrib. |
40 |
+ Module version bump for /dev/mei type and label from Dominick Grift. |
41 |
+ Module version bump for init_daemon_run_dirs usage from Sven Vermeulen. |
42 |
+ Module version bump for lost+found labeling in /var/log from Guido |
43 |
+ Trentalancia. |
44 |
+ Module version bump for loop-control patch. |
45 |
+ Turn off all tunables by default, from Guido Trentalancia. |
46 |
+ Add /usr/lib to TEST_TOOLCHAIN LD_LIBRARY_PATH. |
47 |
+ Module version bump for various changes from Sven Vermeulen. |
48 |
+ Module version bump for ports update from Dominick Grift. |
49 |
+ Module version bump for Debian file context updates from Laurent |
50 |
+ Bigonville. |
51 |
+ Update contrib. |
52 |
+ Update contrib. |
53 |
+ split kmod fc into two lines. |
54 |
+ Module version bump for kmod fc from Laurent Bigonville. |
55 |
+ Module version bump for cfengine fc change from Dominick Grift. |
56 |
+ Module verision bump for Debian cert file fc update from Laurent |
57 |
+ Bigonville. |
58 |
+ Module version bump for ipsec net sysctls reading from Miroslav Grepl. |
59 |
+ Module version bump for srvloc port definition from Dominick Grift. |
60 |
+ Rename cachefiles_dev_t to cachefiles_device_t. |
61 |
+ Module version bump for cachefiles core support. |
62 |
+ Module version bump for changes from Dominick Grift and Sven Vermeulen. |
63 |
+ Module version bump for modutils patch from Dominick Grift. |
64 |
+ Module version bump for dhcp6 ports, from Russell Coker. |
65 |
+ Rearrange new xserver interfaces. |
66 |
+ Rename new xserver interfaces. |
67 |
+ Module version bump for xserver interfaces from Dominick Grift. |
68 |
+ Move kernel_stream_connect() declaration. |
69 |
+ Module version bump for kernel_stream_connect() from Dominick Grift. |
70 |
+ Rename logging_search_all_log_dirs to logging_search_all_logs |
71 |
+ Module version bump for minor logging and sysnet changes from Sven |
72 |
+ Vermeulen. |
73 |
+ Module version bump for dovecot libs from Mika Pflueger. |
74 |
+ Rearrange interfaces in files, clock, and udev. |
75 |
+ Module version bump for interfaces used by virt from Dominick Grift. |
76 |
+ Module version bump for arping setcap from Dominick Grift. |
77 |
+ Rearrange devices interfaces. |
78 |
+ Module version bump/contrib sync. |
79 |
+ Rearrange lines. |
80 |
+ Module version bump for user home content fixes from Dominick Grift. |
81 |
+ Rearrange files interfaces. |
82 |
+ Module version bump for Gentoo openrc fixes for /run from Sven Vermeulen. |
83 |
+ Update contrib. |
84 |
+ Whitespace fix in miscfiles.fc. |
85 |
+ Adjust man cache interface names. |
86 |
+ Module version bump for man cache from Dominick Grift. |
87 |
+ Module version bump for Debian ssh-keysign location from Laurent |
88 |
+ Bigonville. |
89 |
+ Module version bump for userdomain portion of XDG updates from Dominick |
90 |
+ Grift. |
91 |
+ Module version bump for iptables fc entry from Sven Vermeulen and inn log |
92 |
+ from Dominick Grift. |
93 |
+ Module version bump for logging and tcpdump fixes from Sven Vermeulen. |
94 |
+ Move mcs_constrained() impementation. |
95 |
+ Module version bump for mcs_constrained from Dominick Grift. |
96 |
+ Update contrib. |
97 |
+ Module version bump from Debian changes from Laurent Bigonville. |
98 |
+ Module version bump for zfs labeling from Matthew Thode. |
99 |
+ Module version bump for misc updates from Sven Vermeulen. |
100 |
+ Update contrib. |
101 |
+ Module version bump for fixes from Dominick Grift. |
102 |
+ Module version bump for Debian updates from Laurent Bigonville. |
103 |
+ Fix bug in userdom_delete_all_user_home_content_files() from Kohei KaiGai. |
104 |
+ Update contrib |
105 |
+ Fix fc_sort.c warning uncovered by recent gcc |
106 |
+ Module version bump for chfn fixes from Sven Vermeulen. |
107 |
+ Add swapoff fc entry. |
108 |
+ Add conntrack fc entry. |
109 |
+ Update contrib. |
110 |
+ Update contrib |
111 |
+ Archive old Changelog for log format change. |
112 |
+ Bump module versions for release. |
113 |
+ |
114 |
+Dominick Grift (40): |
115 |
+ There can be more than a single watchdog interface |
116 |
+ Fix a suspected typo |
117 |
+ Intel® Active Management Technology |
118 |
+ Declare a loop control device node type and label /dev/loop-control |
119 |
+ accordingly |
120 |
+ Declare port types for ports used by Fedora but use /etc/services for port |
121 |
+ names rather than using fedora port names. If /etc/services does not |
122 |
+ have a port name for a port used by Fedora, skip for now. |
123 |
+ Remove var_log_t file context spec |
124 |
+ svrloc port type declaration from slpd policy module |
125 |
+ Declare a cachfiles device node type |
126 |
+ Implement files_create_all_files_as() for cachefilesd |
127 |
+ Restricted Xwindows user domains run windows managers in the windows |
128 |
+ managers domain |
129 |
+ Declare a cslistener port type for phpfpm |
130 |
+ Changes to the sysnetwork policy module |
131 |
+ Changes to the userdomain policy module |
132 |
+ Changes to the bootloader policy module |
133 |
+ Changes to the modutils policy module |
134 |
+ Changes to the xserver policy module |
135 |
+ Changes to various policy modules |
136 |
+ Changes to the kernel policy module |
137 |
+ For svirt_lxc_domain |
138 |
+ For svirt_lxc_domain |
139 |
+ For svirt_lxc_domain |
140 |
+ For virtd lxc |
141 |
+ For virtd_lxc |
142 |
+ For virtd_lxc |
143 |
+ For virtd lxc |
144 |
+ For virtd lxc |
145 |
+ For virtd |
146 |
+ Arping needs setcap to cap_set_proc |
147 |
+ For virtd |
148 |
+ Changes to the user domain policy module |
149 |
+ Samhain_admin() now requires a role for the role_transition from $1 to |
150 |
+ initrc_t via samhain_initrc_exec_t |
151 |
+ Changes to the user domain policy module |
152 |
+ Label /var/cache/man with a private man cache type for mandb |
153 |
+ Create a attribute user_home_content_type and assign it to all types that |
154 |
+ are classified userdom_user_home_content() |
155 |
+ These two attribute are unused |
156 |
+ System logger creates innd log files with a named file transition |
157 |
+ Implement mcs_constrained_type |
158 |
+ Changes to the init policy module |
159 |
+ Changes to the userdomain policy module |
160 |
+ NSCD related changes in various policy modules |
161 |
+ |
162 |
+Guido Trentalancia (1): |
163 |
+ add lost+found filesystem labels to support NSA security guidelines |
164 |
+ |
165 |
+Laurent Bigonville (21): |
166 |
+ Add Debian locations for GDM 3 |
167 |
+ Add Debian location for udisks helpers |
168 |
+ Add insmod_exec_t label for kmod executable |
169 |
+ Add Debian location for PKI files |
170 |
+ Add Debian location for ssh-keysign |
171 |
+ Properly label all the ssh host keys |
172 |
+ Allow udev_t domain to read files labeled as consolekit_var_run_t |
173 |
+ authlogin.if: Add auth_create_pam_console_data_dirs and |
174 |
+ auth_pid_filetrans_pam_var_console interfaces |
175 |
+ Label /etc/rc.d/init.d/x11-common as xdm_exec_t |
176 |
+ Drop /etc/rc.d/init.d/xfree86-common filecontext definition |
177 |
+ Label /var/run/shm as tmpfs_t for Debian |
178 |
+ Label /var/run/motd.dynamic as initrc_var_run_t |
179 |
+ Label /var/run/initctl as initctl_t |
180 |
+ udev.if: Call files_search_pid instead of files_search_var_lib in |
181 |
+ udev_manage_pid_files |
182 |
+ Label executables in /usr/lib/NetworkManager/ as bin_t |
183 |
+ Add support for rsyslog |
184 |
+ Label var_lock_t as a mountpoint |
185 |
+ Add mount_var_run_t type and allow mount_t domain to manage the files and |
186 |
+ directories |
187 |
+ Add initrc_t to use block_suspend capability |
188 |
+ Label executables under /usr/lib/gnome-settings-daemon/ as bin_t |
189 |
+ Label nut drivers that are installed in /lib/nut on Debian as bin_t |
190 |
+ |
191 |
+Matthew Thode (1): |
192 |
+ Implement zfs support |
193 |
+ |
194 |
+Mika Pflüger (2): |
195 |
+ Debian locations of gvfs and kde4 libexec binaries in /usr/lib |
196 |
+ Explicitly label dovecot libraries lib_t for debian |
197 |
+ |
198 |
+Miroslav Grepl (1): |
199 |
+ Allow ipsec to read kernel sysctl |
200 |
+ |
201 |
+Paul Moore (1): |
202 |
+ flask: add the attach_queue permission to the tun_socket object class |
203 |
+ |
204 |
+Russell Coker (1): |
205 |
+ Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for |
206 |
+ client control |
207 |
+ |
208 |
+Sven Vermeulen (27): |
209 |
+ New location for udevd binary |
210 |
+ Use substititions for /usr/local/lib and /etc/init.d |
211 |
+ DHCP client's hooks create /run/dhcpc directory |
212 |
+ Introduce init_daemon_run_dir transformation |
213 |
+ Use the init_daemon_run_dir interface for udev |
214 |
+ Allow initrc_t to create run dirs for core modules |
215 |
+ Puppet uses mount output for verification |
216 |
+ Allow syslogd to create /var/lib/syslog and |
217 |
+ /var/lib/misc/syslog-ng.persist |
218 |
+ Gentoo's openrc does not require initrc_exec_t for runscripts anymore |
219 |
+ Allow init scripts to read courier configuration |
220 |
+ Allow search within postgresql var directory for the stream connect |
221 |
+ interface |
222 |
+ Introduce logging_getattr_all_logs interface |
223 |
+ Introduce logging_search_all_log_dirs interface |
224 |
+ Support flushing routing cache |
225 |
+ Allow init to set attributes on device_t |
226 |
+ Introduce files_manage_all_pids interface |
227 |
+ Gentoo openrc migrates /var/run and /var/lock data to /run(/lock) |
228 |
+ Update files_manage_generic_locks with directory permissions |
229 |
+ Run ipset in iptables domain |
230 |
+ tcpdump chroots into /var/lib/tcpdump |
231 |
+ Remove generic log label for cron location |
232 |
+ Postgresql 9.2 connects to its unix stream socket |
233 |
+ lvscan creates the /run/lock/lvm directory if nonexisting (v2) |
234 |
+ Allow syslogger to manage cron log files (v2) |
235 |
+ Allow initrc_t to read stunnel configuration |
236 |
+ Introduce exec-check interfaces for passwd binaries and useradd binaries |
237 |
+ chfn_t reads in file context information and executes nscd |
238 |
+ |
239 |
|
240 |
diff --git a/VERSION b/VERSION |
241 |
index 37b3df8..d060af8 100644 |
242 |
--- a/VERSION |
243 |
+++ b/VERSION |
244 |
@@ -1 +1 @@ |
245 |
-2.20120725 |
246 |
+2.20130424 |