1 |
commit: 8ba3d32077cb80df69133ea44ab31a39992427c8 |
2 |
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com> |
3 |
AuthorDate: Tue Dec 8 14:53:02 2015 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Dec 17 15:25:22 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8ba3d320 |
7 |
|
8 |
Update Changelog and VERSION for release. |
9 |
|
10 |
Changelog | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
11 |
VERSION | 2 +- |
12 |
2 files changed, 88 insertions(+), 1 deletion(-) |
13 |
|
14 |
diff --git a/Changelog b/Changelog |
15 |
index 1f53185..617f49e 100644 |
16 |
--- a/Changelog |
17 |
+++ b/Changelog |
18 |
@@ -1,3 +1,90 @@ |
19 |
+* Tue Dec 08 2015 Chris PeBenito <selinux@××××××.com> - 2.20151208 |
20 |
+Alexander Wetzel (1): |
21 |
+ adds vfio device support to base policy |
22 |
+ |
23 |
+Chris PeBenito (48): |
24 |
+ Module version bump for optional else block removal from Steve Lawrence. |
25 |
+ Add always_check_network policy capability. |
26 |
+ Update contrib. |
27 |
+ Fix domain_mmap_low() to be a proper tunable. |
28 |
+ Add initial Travis CI configuration. |
29 |
+ Travis CI already exports variables. |
30 |
+ Add validate target for monolithic policy. |
31 |
+ Update contrib. |
32 |
+ Use matrix keyword to simplify travis-ci build definitions. |
33 |
+ Undo last commit. |
34 |
+ Simplify travis-ci build handling of SELinux toolchain. |
35 |
+ Update contrib. |
36 |
+ Module version bump for fstools blkid fix from Jason Zaman |
37 |
+ Update contrib. |
38 |
+ Module version bump for debufs mount point fc entry from Laurent |
39 |
+ Bigonville. |
40 |
+ Module version bump for updated netlink sockets from Stephen Smalley |
41 |
+ Update contrib. |
42 |
+ Module version bump for init_startstop_service from Jason Zaman. |
43 |
+ Update contrib. |
44 |
+ Change CI tests to drop DIRECT_INITRC. |
45 |
+ Module version bumps for further init_startstop_service() changes from |
46 |
+ Jason Zaman. |
47 |
+ Module version bump for admin interface changes from Jason Zaman. |
48 |
+ Update contrib. |
49 |
+ Module version bumps for admin interfaces from Jason Zaman. |
50 |
+ Module version bump for cron_admin for sysadm from Jason Zaman. |
51 |
+ Module version bump for ssh-agent -k fix from Luis Ressel. |
52 |
+ Module version bump for APR build script labeling from Luis Ressel. |
53 |
+ Module version bump for vfio device from Alexander Wetzel. |
54 |
+ Update contrib. |
55 |
+ Rearrange lines in ipsec.te. |
56 |
+ Module version bump for patches from Jason Zaman/Matthias Dahl. |
57 |
+ Add systemd build option. |
58 |
+ Add systemd access vectors. |
59 |
+ Implement core systemd policy. |
60 |
+ Add supporting rules for domains tightly-coupled with systemd. |
61 |
+ Add rules for sysadm_r to manage the services. |
62 |
+ Add systemd units for core refpolicy services. |
63 |
+ Add sysfs_types attribute. |
64 |
+ Add refpolicy core socket-activated services. |
65 |
+ Change policy_config_t to a security file type. |
66 |
+ Merge branch 'pebenito-master' |
67 |
+ Module version bump for systemd additions. |
68 |
+ Update contrib for dbus systemd fix. |
69 |
+ Revise selinux module interfaces for perms protected by neverallows. |
70 |
+ Remove bad interface in systemd.if. |
71 |
+ Module version bump for utempter Debian helper from Laurent Bigonville. |
72 |
+ Update contrib. |
73 |
+ Bump module versions for release. |
74 |
+ |
75 |
+Jason Zaman (13): |
76 |
+ fstools: add in filetrans for /run dir |
77 |
+ Introduce init_startstop_service interface |
78 |
+ logging: use init_startstop_service in _admin interface |
79 |
+ postgresql: use init_startstop_service in _admin interface |
80 |
+ Add openrc support to init_startstop_service |
81 |
+ Introduce iptables_admin |
82 |
+ Add all the missing _admin interfaces to sysadm |
83 |
+ Introduce lvm_admin interface |
84 |
+ Introduce ipsec_admin interface |
85 |
+ Introduce setrans_admin interface |
86 |
+ add new cron_admin interface to sysadm |
87 |
+ Add overlayfs as an XATTR capable fs |
88 |
+ system/ipsec: Add policy for StrongSwan |
89 |
+ |
90 |
+Laurent Bigonville (4): |
91 |
+ Add fc for /sys/kernel/debug as debugfs_t |
92 |
+ Add "binder" security class and access vectors |
93 |
+ Properly label utempter helper on debian |
94 |
+ Allow the user cronjobs to run in their userdomain |
95 |
+ |
96 |
+Luis Ressel (2): |
97 |
+ Allow ssh-agent to send signals to itself |
98 |
+ Mark APR build scripts as bin_t |
99 |
+ |
100 |
+Stephen Smalley (1): |
101 |
+ Update netlink socket classes. |
102 |
+ |
103 |
+Steve Lawrence (1): |
104 |
+ Remove optional else block for dhcp ping |
105 |
+ |
106 |
* Wed Dec 03 2014 Chris PeBenito <selinux@××××××.com> - 2.20141203 |
107 |
Artyom Smirnov (3): |
108 |
New database object classes |
109 |
|
110 |
diff --git a/VERSION b/VERSION |
111 |
index a9e4840..382483e 100644 |
112 |
--- a/VERSION |
113 |
+++ b/VERSION |
114 |
@@ -1 +1 @@ |
115 |
-2.20141203 |
116 |
+2.20151208 |