-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Changelog and VERSION for release.
- Loading branch information
Showing
3 changed files
with
188 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,189 @@ | ||
* Wed Dec 03 2014 Chris PeBenito <[email protected]> - 2.20141203 | ||
Artyom Smirnov (3): | ||
New database object classes | ||
Fixes for db_domain and db_exception | ||
Renamed db_type to db_datatype, to avoid confusion with SELinux "type" | ||
|
||
Chris PeBenito (69): | ||
Whitespace fix in postgresql.fc | ||
Module version bump for postgresql fc entries from Luis Ressel. | ||
Add symlink to contrib Changelog for easy reference. | ||
Move lightdm line in xserver.fc. | ||
Whitespace fix in xserver.fc. | ||
Update contrib. | ||
Module version bump for userdomain kernel symbol table fix from Nicolas | ||
Iooss. | ||
Module version bump for 2 Gentoo patches from Sven Vermeulen. | ||
Update contrib. | ||
Module version bump for 2 patch sets from Laurent Bigonville. | ||
Update contrib. | ||
Module version bump for gnome keyring fix from Laurent Bigonville. | ||
Update contrib. | ||
Module version bump for /sys/fs/selinux support from Sven Vermeulen. | ||
Module version bump for fixes from Laurent Bigonville. | ||
Update contrib. | ||
Module version bumps for fc fixes from Nicolas Iooss. | ||
Update contrib. | ||
Add file for placing default_* statements. | ||
Fix error in default_user example. | ||
Module version bump for unconfined->lvm transition from Nicolas Iooss. | ||
Need the __future__ import for python2 if using print(). | ||
Module version bump for ifconfig fc entry from Sven Vermeulen. | ||
Module version bump for deprecated interface usage removal from Nicolas | ||
Iooss. | ||
Update contrib. | ||
Module version bump for rcs2log and xserver updates from Sven Vermeulen. | ||
Module version bump for shutdown transitions from Luis Ressel. | ||
Remove firstboot_rw_t as FC5 has been gone for a long time. | ||
Module version bump for firstboot_rw_t alias removal. | ||
Module version bump for dropbox port from Sven Vermeulen. | ||
Module version bump for unconfined syslog cap from Nicolas Iooss. | ||
Always use the unknown permissions handling build option. | ||
Merge pull request #1 from artyom-smirnov/master | ||
Module version bump for zram fc entry from Jason Zaman. | ||
Update contrib. | ||
Module version bump for init_daemon_pid_file from Sven Vermeulen. | ||
Move tumblerd fc entry | ||
Module version bump for tumblerd fc entry from Jason Zaman. | ||
Module version bump for libraries fc fix from Nicolas Iooss. | ||
Update contrib. | ||
Module version bump for fstools fc entries from Luis Ressel. | ||
Module version bump for missing unlabeled interfaces from Sven Vermeulen. | ||
Module version bump for ping rawip socket fix from Luis Ressel. | ||
Module version bump for full IRC ports from Luis Ressel. | ||
Move losetup addition in fstools. | ||
Module version bump for losetup fixes from Luis Ressel. | ||
Update contrib. | ||
Module version bump for postgres fc revisions from Luis Ressel. | ||
Module version bump for FUSE fix for mount from Luis Ressel. | ||
Module version bump for misc fixes from Nicolas Iooss. | ||
Move systemd fc entry. | ||
Whitespace change in logging.fc. | ||
Add comment for journald ring buffer reading. | ||
Module version bumps for systemd/journald patches from Nicolas Iooss. | ||
Update contrib. | ||
/dev/log symlinks are not labeled devlog_t. | ||
Module version bump for CIL fixes from Yuli Khodorkovskiy. | ||
Drop RHEL4 and RHEL5 support. | ||
Merge pull request #3 from bigon/arping | ||
Merge pull request #4 from fishilico/minor-typo | ||
Module version bump for Debian arping fc entries from Laurent Bigonville. | ||
Add comment for iw generic netlink socket usage | ||
Module version bump for /sbin/iw support from Nicolas Iooss. | ||
Merge pull request #5 from bigon/audit_read | ||
Update contrib. | ||
Module version bump for misc fixes from Sven Vermeulen. | ||
Update contrib. | ||
Module version bump for module store move from Steve Lawrence. | ||
Bump module versions for release. | ||
|
||
Elia Pinto (1): | ||
Fix misspelling | ||
|
||
Jason Zaman (2): | ||
File contexts for zram | ||
File Context for tumbler | ||
|
||
Laurent Bigonville (14): | ||
Properly label git-shell and other git commands for Debian | ||
Label /usr/sbin/lightdm as xdm_exec_t | ||
Create new xattrfs attribute and fs_getattr_all_xattr_fs() interface | ||
Associate the new xattrfs attribute to fs_t and some pseudo-fs | ||
Use new fs_getattr_all_xattr_fs interface for setfiles_t and restorecond_t | ||
Add telepathy role for user_r and staff_r | ||
Properly label the manpages installed by postgresql | ||
Label /usr/local/share/ca-certificates(/.*)? as cert_t | ||
Allow the xdm_t domain to enter all the gkeyringd ones | ||
Label /etc/locale.alias as locale_t on Debian | ||
Allow hugetlbfs_t to be associated to /dev | ||
On Debian iputils-arping is installed in /usr/bin/arping | ||
Debian also ship a different arping implementation | ||
Add new audit_read access vector in capability2 class | ||
|
||
Luis Ressel (13): | ||
Add two postgresql file contexts from gentoo policy | ||
Allow init to execute shutdown | ||
Allow xdm_t to transition to shutdown_t domain | ||
Some of the fsadm tools can also be in /usr/sbin instead of /sbin | ||
Label /usr/sbin/{add, del}part as fsadm_exec_t | ||
Grant ping_t getattr on rawip_socket | ||
kernel/corenetwork.te: Add all registered IRC ports | ||
system/mount.if: Add mount_rw_loopback_files interface | ||
system/fstools.if: Add fstools_use_fds interface | ||
Add neccessary permissions for losetup | ||
Only label administrative postgres commands as postgresql_exec_t | ||
Also apply the new postgres labeling scheme on Debian | ||
Grant mount permission to access /dev/fuse | ||
|
||
Nicolas Iooss (31): | ||
Fix parallel build of the policy | ||
fc_sort: fix typos in comments | ||
fc_sort: initialize allocated memory to fix execution on an empty file | ||
fc_sort: make outfile argument optional | ||
userdomain: no longer allow unprivileged users to read kernel symbols | ||
Label syslog-ng.pid as syslogd_var_run_t | ||
filesystem: label cgroup symlinks | ||
Label /usr/lib/getconf as bin_t | ||
Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t | ||
Make support/policyvers.py compatible with Python 3 | ||
Make unconfined user run lvm programs in confined domain | ||
No longer use deprecated MLS interfaces | ||
Allow unconfined domains to use syslog capability | ||
Label /lib symlink as lib_t for every distro | ||
Label /usr/lib/networkmanager/ like /usr/lib/NetworkManager/ | ||
Add ioctl and lock to manage_lnk_file_perms | ||
Label (/var)?/tmp/systemd-private-.../tmp like /tmp | ||
Fix typo in fs_getattr_all_fs description | ||
Label systemd files in init module | ||
Introduce init_search_run interface | ||
Label systemd-journald files and directories | ||
Support logging with /run/systemd/journal/dev-log | ||
Allow journald to read the kernel ring buffer and to use /dev/kmsg | ||
Allow journald to access to the state of all processes | ||
Remove redundant Gentoo-specific term_append_unallocated_ttys(syslogd_t) | ||
Fix minor typo in init.if | ||
Label /sbin/iw as ifconfig_exec_t | ||
Allow iw to create generic netlink sockets | ||
Use create_netlink_socket_perms when allowing netlink socket creation | ||
Update Python requirement in INSTALL | ||
Create tmp directory when compiling a .mod.fc file in a modular way | ||
|
||
Steve Lawrence (1): | ||
Update policy for selinux userspace moving the policy store to | ||
/var/lib/selinux | ||
|
||
Sven Vermeulen (24): | ||
Hide getattr denials upon sudo invocation | ||
Support /sys/devices/system/cpu/online | ||
The security_t file system can be at /sys/fs/selinux | ||
Dontaudit access on security_t file system at /sys/fs/selinux | ||
ifconfig can also be in /bin | ||
xserver_t needs to ender dirs labeled xdm_var_run_t | ||
Enable rcs2log location for all distributions | ||
Add dropbox_port_t support | ||
Support initrc_t generated pid files with file transition | ||
Deprecate init_daemon_run_dir interface | ||
Use init_daemon_pid_file instead of init_daemon_run_dir | ||
Introduce kernel_delete_unlabeled_symlinks | ||
Introduce kernel_delete_unlabeled_pipes | ||
Introduce kernel_delete_unlabeled_sockets | ||
Introduce kernel_delete_unlabeled_blk_files | ||
Introduce kernel_delete_unlabeled_chr_files | ||
Run grub(2)-mkconfig in bootloader domain | ||
Add auth_pid_filetrans_pam_var_run | ||
New sudo manages timestamp directory in /var/run/sudo | ||
xfce4-notifyd is an executable | ||
Mark f2fs as a SELinux capable file system | ||
Add in LightDM contexts | ||
Add gfisk and efibootmgr as fsadm_exec_t | ||
Add /var/lib/racoon as runtime directory for ipsec | ||
|
||
Yuli Khodorkovskiy (1): | ||
Remove duplicate role declarations | ||
|
||
cgarst (1): | ||
Updating submodule URL to github | ||
|
||
* Tue Mar 11 2014 Chris PeBenito <[email protected]> - 2.20140311 | ||
Chris PeBenito (96): | ||
Update contrib to pull in minidlna. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
2.20140311 | ||
2.20141203 |