Update Changelog and VERSION for release.

Changelog

@@ -1,3 +1,189 @@
+* Wed Dec 03 2014 Chris PeBenito <[email protected]> - 2.20141203
+Artyom Smirnov (3):
+ New database object classes
+ Fixes for db_domain and db_exception
+ Renamed db_type to db_datatype, to avoid confusion with SELinux "type"
+
+Chris PeBenito (69):
+ Whitespace fix in postgresql.fc
+ Module version bump for postgresql fc entries from Luis Ressel.
+ Add symlink to contrib Changelog for easy reference.
+ Move lightdm line in xserver.fc.
+ Whitespace fix in xserver.fc.
+ Update contrib.
+ Module version bump for userdomain kernel symbol table fix from Nicolas
+ Iooss.
+ Module version bump for 2 Gentoo patches from Sven Vermeulen.
+ Update contrib.
+ Module version bump for 2 patch sets from Laurent Bigonville.
+ Update contrib.
+ Module version bump for gnome keyring fix from Laurent Bigonville.
+ Update contrib.
+ Module version bump for /sys/fs/selinux support from Sven Vermeulen.
+ Module version bump for fixes from Laurent Bigonville.
+ Update contrib.
+ Module version bumps for fc fixes from Nicolas Iooss.
+ Update contrib.
+ Add file for placing default_* statements.
+ Fix error in default_user example.
+ Module version bump for unconfined->lvm transition from Nicolas Iooss.
+ Need the __future__ import for python2 if using print().
+ Module version bump for ifconfig fc entry from Sven Vermeulen.
+ Module version bump for deprecated interface usage removal from Nicolas
+ Iooss.
+ Update contrib.
+ Module version bump for rcs2log and xserver updates from Sven Vermeulen.
+ Module version bump for shutdown transitions from Luis Ressel.
+ Remove firstboot_rw_t as FC5 has been gone for a long time.
+ Module version bump for firstboot_rw_t alias removal.
+ Module version bump for dropbox port from Sven Vermeulen.
+ Module version bump for unconfined syslog cap from Nicolas Iooss.
+ Always use the unknown permissions handling build option.
+ Merge pull request #1 from artyom-smirnov/master
+ Module version bump for zram fc entry from Jason Zaman.
+ Update contrib.
+ Module version bump for init_daemon_pid_file from Sven Vermeulen.
+ Move tumblerd fc entry
+ Module version bump for tumblerd fc entry from Jason Zaman.
+ Module version bump for libraries fc fix from Nicolas Iooss.
+ Update contrib.
+ Module version bump for fstools fc entries from Luis Ressel.
+ Module version bump for missing unlabeled interfaces from Sven Vermeulen.
+ Module version bump for ping rawip socket fix from Luis Ressel.
+ Module version bump for full IRC ports from Luis Ressel.
+ Move losetup addition in fstools.
+ Module version bump for losetup fixes from Luis Ressel.
+ Update contrib.
+ Module version bump for postgres fc revisions from Luis Ressel.
+ Module version bump for FUSE fix for mount from Luis Ressel.
+ Module version bump for misc fixes from Nicolas Iooss.
+ Move systemd fc entry.
+ Whitespace change in logging.fc.
+ Add comment for journald ring buffer reading.
+ Module version bumps for systemd/journald patches from Nicolas Iooss.
+ Update contrib.
+ /dev/log symlinks are not labeled devlog_t.
+ Module version bump for CIL fixes from Yuli Khodorkovskiy.
+ Drop RHEL4 and RHEL5 support.
+ Merge pull request #3 from bigon/arping
+ Merge pull request #4 from fishilico/minor-typo
+ Module version bump for Debian arping fc entries from Laurent Bigonville.
+ Add comment for iw generic netlink socket usage
+ Module version bump for /sbin/iw support from Nicolas Iooss.
+ Merge pull request #5 from bigon/audit_read
+ Update contrib.
+ Module version bump for misc fixes from Sven Vermeulen.
+ Update contrib.
+ Module version bump for module store move from Steve Lawrence.
+ Bump module versions for release.
+
+Elia Pinto (1):
+ Fix misspelling
+
+Jason Zaman (2):
+ File contexts for zram
+ File Context for tumbler
+
+Laurent Bigonville (14):
+ Properly label git-shell and other git commands for Debian
+ Label /usr/sbin/lightdm as xdm_exec_t
+ Create new xattrfs attribute and fs_getattr_all_xattr_fs() interface
+ Associate the new xattrfs attribute to fs_t and some pseudo-fs
+ Use new fs_getattr_all_xattr_fs interface for setfiles_t and restorecond_t
+ Add telepathy role for user_r and staff_r
+ Properly label the manpages installed by postgresql
+ Label /usr/local/share/ca-certificates(/.*)? as cert_t
+ Allow the xdm_t domain to enter all the gkeyringd ones
+ Label /etc/locale.alias as locale_t on Debian
+ Allow hugetlbfs_t to be associated to /dev
+ On Debian iputils-arping is installed in /usr/bin/arping
+ Debian also ship a different arping implementation
+ Add new audit_read access vector in capability2 class
+
+Luis Ressel (13):
+ Add two postgresql file contexts from gentoo policy
+ Allow init to execute shutdown
+ Allow xdm_t to transition to shutdown_t domain
+ Some of the fsadm tools can also be in /usr/sbin instead of /sbin
+ Label /usr/sbin/{add, del}part as fsadm_exec_t
+ Grant ping_t getattr on rawip_socket
+ kernel/corenetwork.te: Add all registered IRC ports
+ system/mount.if: Add mount_rw_loopback_files interface
+ system/fstools.if: Add fstools_use_fds interface
+ Add neccessary permissions for losetup
+ Only label administrative postgres commands as postgresql_exec_t
+ Also apply the new postgres labeling scheme on Debian
+ Grant mount permission to access /dev/fuse
+
+Nicolas Iooss (31):
+ Fix parallel build of the policy
+ fc_sort: fix typos in comments
+ fc_sort: initialize allocated memory to fix execution on an empty file
+ fc_sort: make outfile argument optional
+ userdomain: no longer allow unprivileged users to read kernel symbols
+ Label syslog-ng.pid as syslogd_var_run_t
+ filesystem: label cgroup symlinks
+ Label /usr/lib/getconf as bin_t
+ Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t
+ Make support/policyvers.py compatible with Python 3
+ Make unconfined user run lvm programs in confined domain
+ No longer use deprecated MLS interfaces
+ Allow unconfined domains to use syslog capability
+ Label /lib symlink as lib_t for every distro
+ Label /usr/lib/networkmanager/ like /usr/lib/NetworkManager/
+ Add ioctl and lock to manage_lnk_file_perms
+ Label (/var)?/tmp/systemd-private-.../tmp like /tmp
+ Fix typo in fs_getattr_all_fs description
+ Label systemd files in init module
+ Introduce init_search_run interface
+ Label systemd-journald files and directories
+ Support logging with /run/systemd/journal/dev-log
+ Allow journald to read the kernel ring buffer and to use /dev/kmsg
+ Allow journald to access to the state of all processes
+ Remove redundant Gentoo-specific term_append_unallocated_ttys(syslogd_t)
+ Fix minor typo in init.if
+ Label /sbin/iw as ifconfig_exec_t
+ Allow iw to create generic netlink sockets
+ Use create_netlink_socket_perms when allowing netlink socket creation
+ Update Python requirement in INSTALL
+ Create tmp directory when compiling a .mod.fc file in a modular way
+
+Steve Lawrence (1):
+ Update policy for selinux userspace moving the policy store to
+ /var/lib/selinux
+
+Sven Vermeulen (24):
+ Hide getattr denials upon sudo invocation
+ Support /sys/devices/system/cpu/online
+ The security_t file system can be at /sys/fs/selinux
+ Dontaudit access on security_t file system at /sys/fs/selinux
+ ifconfig can also be in /bin
+ xserver_t needs to ender dirs labeled xdm_var_run_t
+ Enable rcs2log location for all distributions
+ Add dropbox_port_t support
+ Support initrc_t generated pid files with file transition
+ Deprecate init_daemon_run_dir interface
+ Use init_daemon_pid_file instead of init_daemon_run_dir
+ Introduce kernel_delete_unlabeled_symlinks
+ Introduce kernel_delete_unlabeled_pipes
+ Introduce kernel_delete_unlabeled_sockets
+ Introduce kernel_delete_unlabeled_blk_files
+ Introduce kernel_delete_unlabeled_chr_files
+ Run grub(2)-mkconfig in bootloader domain
+ Add auth_pid_filetrans_pam_var_run
+ New sudo manages timestamp directory in /var/run/sudo
+ xfce4-notifyd is an executable
+ Mark f2fs as a SELinux capable file system
+ Add in LightDM contexts
+ Add gfisk and efibootmgr as fsadm_exec_t
+ Add /var/lib/racoon as runtime directory for ipsec
+
+Yuli Khodorkovskiy (1):
+ Remove duplicate role declarations
+
+cgarst (1):
+ Updating submodule URL to github
+
 * Tue Mar 11 2014 Chris PeBenito <[email protected]> - 2.20140311
 Chris PeBenito (96):
  Update contrib to pull in minidlna.

VERSION

@@ -1 +1 @@
-2.20140311
+2.20141203