-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Changelog and VERSION for release.
- Loading branch information
Showing
3 changed files
with
236 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,237 @@ | ||
| * Sun Oct 23 2016 Chris PeBenito <[email protected]> - 2.20161023 | ||
| Chris PeBenito (94): | ||
| Module version bump for systemd-user-sessions fc entry from Dominick Grift | ||
| Module version bumps for 2 patches from Dominick Grift. | ||
| Module version bump for vm overcommit sysctl interfaces from Laurent | ||
| Bigonville. | ||
| Update contrib. | ||
| Module version bump for Xorg and SSH patches from Nicolas Iooss. | ||
| Add neverallow for mac_override capability. It is not used by SELinux. | ||
| Merge branch 'overcommit-1' of git:https://github.com/bigon/refpolicy into | ||
| bigon-overcommit-1 | ||
| Merge branch 'bigon-overcommit-1' | ||
| Merge branch 'systemd-1' of git:https://github.com/bigon/refpolicy into | ||
| bigon-systemd-1 | ||
| Merge branch 'bigon-systemd-1' | ||
| Module version bump for syslog and systemd changes from Laurent Bigonville | ||
| Merge pull request #19 from shootingatshadow/fc_sort | ||
| Merge branch 'xorg-1' of git:https://github.com/bigon/refpolicy into | ||
| bigon-xorg-1 | ||
| Merge branch 'bigon-xorg-1' | ||
| Module version bump for Debian Xorg fc fixes from Laurent Bigonville | ||
| Add a type and genfscon for nsfs. | ||
| Module version bump for systemd PrivateNetwork patch from Nicolas Iooss | ||
| Module version bump for systemd audit_read capability from Laurent | ||
| Bigonville | ||
| Merge pull request #21 from fishilico/typos | ||
| Module version bump for patches from Nicolas Iooss and Grant Ridder. | ||
| Update contrib. | ||
| Module version bump for efivarfs patches from Dan Walsh, Vit Mojzis, and | ||
| Laurent Bigonville | ||
| Module version bump for ipset fc entry from Laurent Bigonville. | ||
| Update contrib. | ||
| Whitespace fix in iptables.fc. | ||
| Module version bump for iptables fc entries from Laurent Bigonville and | ||
| Lukas Vrabec. | ||
| Update contrib. | ||
| Module version bump for iptables/firewalld patch from Laurent Bigonville. | ||
| Merge pull request #29 from bigon/appconfig-lxc | ||
| Module version bump for getty patch from Luis Ressel. | ||
| Module version bump for tboot utils from Luis Ressel and systemd fix from | ||
| Jason Zaman. | ||
| Merge branch 'corecommands-archlinux' of | ||
| https://github.com/fishilico/selinux-refpolicy-patched | ||
| Merge branch 'dev_setattr_dlm_control-typo' of | ||
| https://github.com/fishilico/selinux-refpolicy-patched | ||
| Merge branch 'kdevtmpfs-unlink' of | ||
| https://github.com/fishilico/selinux-refpolicy-patched | ||
| Module version bump for several Arch fixes from Nicolas Iooss. | ||
| Update contrib. | ||
| Reduce broad entrypoints for unconfined domains. | ||
| Update Travis-CI build to newest SELinux userspace release. | ||
| Update su for libselinux-2.5 changes. | ||
| Merge branch 'selinux-1' of https://github.com/bigon/refpolicy | ||
| Module version bump for Debian fc entries from Laurent Bigonville. | ||
| Module version bump for patches from Dominick Grift and Lukas Vrabec. | ||
| Add user namespace capability object classes. | ||
| Module version bump for hwloc-dump-hwdata from Dominick Grift and Grzegorz | ||
| Andrejczuk. | ||
| Module version bump for nftables fc entry from Jason Zaman. | ||
| Update contrib. | ||
| Module version bump for LMNR port from Laurent Bigonville. | ||
| Module version bump for systemd-resolved patch from Laurent BIgonville. | ||
| Merge branch 'master' of https://github.com/qqo/refpolicy into qqo-master | ||
| Merge branch 'qqo-master' | ||
| Module version bump for mlstrustedsocket from qqo. | ||
| Module version bumps + contrib update for user_runtime from Jason Zaman. | ||
| Update contrib. | ||
| Module version bump for corecommands update from Garrett Holmstrom. | ||
| Module version bump for MLS relabeling patch from Lukas Vrabec. | ||
| Get attributes of generic ptys, from Russell Coker. | ||
| Module version bump for user_udp_server tunable from Russell Coker. | ||
| libraries: Move libsystemd fc entry. | ||
| libraries: Module version bump for libsystemd fc entry from Lukas Vrabec. | ||
| Update contrib. | ||
| Systemd units from Russell Coker. | ||
| corenetwork: Add port labeling for Global Catalog over LDAPS. | ||
| corenetwork: Missed version bump for previous commit. | ||
| Update contrib. | ||
| Allow the system user domains to chat over dbus with a few other domains | ||
| (e.g. gnome session). | ||
| Update alsa module use from Guido Trentalancia. | ||
| Update the sysnetwork module to add some permissions needed by the dhcp | ||
| client (another separate patch makes changes to the ifconfig part). | ||
| Ifconfig should be able to read firmware files in /lib (i.e. some network | ||
| cards need to load their firmware) and it should not audit attempts to | ||
| load kernel modules directly. | ||
| Remove redundant libs_read_lib_files() for ifconfig_t. | ||
| Module version bump for various patches from Guido Trentalancia. | ||
| Update contrib. | ||
| Update for the xserver module: | ||
| userdomain: Fix compile errors. | ||
| Update contrib. | ||
| Merge pull request #38 from fishilico/travis-nosudo | ||
| Module version bump for module_load perm use from Guido Trentalancia. | ||
| Update contrib. | ||
| Merge pull request #39 from rfkrocktk/feature/vagrant | ||
| Merge pull request #40 from jer-gentoo/patch-1 | ||
| userdomain: Move enable_mls block in userdom_common_user_template(). | ||
| Module version bumps for LVM and useromain patches from Guido | ||
| Trentalancia. | ||
| Update contrib. | ||
| Additional change from Guido Trentalancia related to evolution. | ||
| Module version bump for selinuxutil fix from Jason Zaman. | ||
| Update contrib. | ||
| Update contrib. | ||
| Merge branch 'feature/syncthing' of https://github.com/rfkrocktk/refpolicy | ||
| into rfkrocktk-feature/syncthing | ||
| Merge branch 'rfkrocktk-feature/syncthing' | ||
| Module version bumps for syncthing from Naftuli Tzvi Kay. | ||
| Merge pull request #41 from SeanPlacchetti/patch-1 | ||
| Merge pull request #42 from SeanPlacchetti/patch-1 | ||
| Merge pull request #43 from williamcroberts/google-patch | ||
| Update contrib. | ||
| Bump module versions for release. | ||
|
|
||
| Dan Walsh (1): | ||
| Add label for efivarfs | ||
|
|
||
| Dominick Grift (5): | ||
| systemd: add missing file context spec for systemd-user-sessions | ||
| executable file | ||
| authlogin: remove duplicate files_list_var_lib(nsswitch_domain) | ||
| kernel: implement sysctl_vm_overcommit_t for | ||
| /proc/sys/vm/overcommit_memory | ||
| systemd: Add support for --log-target | ||
| Update refpolicy to handle hwloc | ||
|
|
||
| Garrett Holmstrom (1): | ||
| corecmd: Remove fcontext for /etc/sysconfig/libvirtd | ||
|
|
||
| Grant Ridder (1): | ||
| Add redis-sentinel port to redis network_port def | ||
|
|
||
| Guido Trentalancia (6): | ||
| Add module_load permission to class system | ||
| Add module_load permission to can_load_kernmodule | ||
| Remove deprecated semodule options from Makefile | ||
| Update the lvm module | ||
| Improve tunable support for rw operations on noxattr fs / removable media | ||
| userdomain: introduce the user certificate file context (was miscfiles: | ||
| introduce the user certificate file context) | ||
|
|
||
| Jason Zaman (6): | ||
| system/init: move systemd_ interfaces into optional_policy | ||
| iptables: add fcontext for nftables | ||
| authlogin: remove fcontext for /var/run/user | ||
| userdomain: Introduce types for /run/user | ||
| userdomain: user_tmp requires searching /run/user | ||
| userdomain: introduce interfaces for user runtime | ||
|
|
||
| Jason Zaman via refpolicy (1): | ||
| selinuxutil: allow setfiles to read semanage store | ||
|
|
||
| Jeroen Roovers (1): | ||
| Use $(AWK) not plain awk | ||
|
|
||
| Laurent Bigonville (15): | ||
| Add interfaces to read/write /proc/sys/vm/overcommit_memory | ||
| Give some systemd domain access to /proc/sys/kernel/random/boot_id | ||
| On Debian, systemd binaries are installed in / not /usr | ||
| Allow syslogd_t to read sysctl_vm_overcommit_t | ||
| Label Xorg server binary correctly on Debian | ||
| Allow systemd the audit_read capability | ||
| Allow logind to read efivarfs files | ||
| Add label for /sbin/ipset | ||
| Label /var/run/ebtables.lock as iptables_var_run_t. | ||
| Allow {eb,ip,ip6}tables-restore to read files in /run/firewalld | ||
| Add lxc_contexts config file | ||
| Add some labels for SELinux tools path in Debian | ||
| Add the validate_trans access vector to the security class | ||
| Add llmnr/5355 (Link-local Multicast Name Resolution) | ||
| Add policy for systemd-resolved | ||
|
|
||
| Luis Ressel (2): | ||
| Allow getty the sys_admin capability | ||
| Allow sysadm to run txt-stat. | ||
|
|
||
| Lukas Vrabec (4): | ||
| Label /var/run/xtables.lock as iptables_var_run_t. | ||
| SELinux support for cgroup2 filesystem. | ||
| Add new MLS attribute to allow relabeling objects higher than system low. | ||
| This exception is needed for package managers when processing sensitive | ||
| data. | ||
| Systemd by version 231 starts using shared library and systemd daemons | ||
| execute it. For this reason lib_t type is needed. | ||
|
|
||
| Mike Palmiotto (1): | ||
| Add mls support for some db classes | ||
|
|
||
| Naftuli Tzvi Kay (2): | ||
| Add Syncthing Support to Policy | ||
| Add Vagrant box for development. | ||
|
|
||
| Nicolas Iooss (18): | ||
| Label Xorg server binary correctly on Arch Linux | ||
| Label OpenSSH files correctly on Arch Linux | ||
| Label OpenSSH systemd unit files | ||
| Allow systemd services to use PrivateNetwork feature | ||
| Fix typo in init_dbus_chat requirements | ||
| Fix typos in comments from corenetwork module | ||
| man: Spelling fixes | ||
| Fix interface descriptions when duplicate ones are found | ||
| Label /sys/kernel/debug/tracing filesystem | ||
| Label TexLive scripts bin_t | ||
| Label system-config-printer applet properly on Arch Linux | ||
| Label gedit plugins properly on Arch Linux | ||
| Label some user session DBus services as bin_t | ||
| Do not label /usr/lib/gvfs/libgvfscommon.so as bin_t | ||
| Fix typo in dev_setattr_dlm_control interface requirements | ||
| Allow kdevtmpfs to unlink fixed disk devices | ||
| Fix typo in module compilation message | ||
| Make Travis-CI build without using sudo | ||
|
|
||
| Rahul Chaudhry (1): | ||
| fc_sort: cleanup warnings caught by clang tidy / static analyzer. | ||
|
|
||
| Russell Coker (2): | ||
| user_udp_server tunable | ||
| getattr on unlabeled blk devs | ||
|
|
||
| Sean Placchetti (2): | ||
| Update to refpolicy spec file | ||
| Update specfile | ||
|
|
||
| Vit Mojzis (1): | ||
| Add interface to allow reading files in efivarfs - contains Linux Kernel | ||
| configuration options for UEFI systems (UEFI Runtime Variables) | ||
|
|
||
| William Roberts (1): | ||
| fc_sort: strip whitespace errors | ||
|
|
||
| qqo (1): | ||
| Adds attribute mlstrustedsocket, along with the interface. | ||
|
|
||
| * Tue Dec 08 2015 Chris PeBenito <[email protected]> - 2.20151208 | ||
| Alexander Wetzel (1): | ||
| adds vfio device support to base policy | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 2.20151208 | ||
| 2.20161023 |