-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Changelog and VERSION for release.
- Loading branch information
Showing
3 changed files
with
212 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,213 @@ | ||
* Sun Jan 14 2018 Chris PeBenito <[email protected]> - 2.20180114 | ||
Adam Duskett (1): | ||
fix regex escape sequence error. | ||
|
||
Anthony PERARD (1): | ||
Update for Xen 4.7 | ||
|
||
Chad Hanson (1): | ||
Fix implementation of MLS file relabel attributes | ||
|
||
Chris PeBenito (74): | ||
Module version bump for patches from Guido Trentalancia and Anthony | ||
PERARD. | ||
Rules.modular: Fix file context verification. | ||
Remove deprecated interfaces older than one year old. | ||
.travis.yml: Use git tag instead of release tarball for selinux userspace. | ||
kernel: Module version bump for patch from Nicolas Iooss. | ||
Remove complement and wildcard in allow rules. | ||
logging: Move line. | ||
Module version bump for patches from Nicolas Iooss. | ||
Module version bump for fixes from Nicolas Iooss. | ||
Update contrib. | ||
dbus: move comments out of the file context definitions | ||
Update contrib. | ||
systemd, udev: Module version bump. | ||
systemd: Whitespace fix. | ||
Module version bump for patches from Nicolas Iooss. | ||
init: Move fc lines. | ||
init: Module version bump for patch from Dave Sugar. | ||
files: Move files_check_write_pid_dirs interface. | ||
terminal: Rename term_create_devpts. | ||
Several module version bumps. | ||
init: Move init_spec_daemon_domain implementation. | ||
Module version bumps. | ||
init: Rename init_rlimit_inherit to init_inherit_rlimit. | ||
init: Whitespace fix. | ||
Module version bumps. | ||
spamassassin: Fix build error. | ||
init: Fix XML error. | ||
spamassassin: Add missing requirement in spamassassin_admin(). | ||
sysadm,fstools: Module version bump. | ||
authlogin, logging, udev: Module version bump. | ||
init: Remove sm-notify.pid fc entry which collides with the rpc module. | ||
corecommands, xserver, systemd, userdomain: Version bumps. | ||
Update contrib. | ||
Update contrib. | ||
corecommands: Module version bump. | ||
init: Module version bump. | ||
Merge pull request #125 from lalozano/master | ||
devices: Module version bump. | ||
Module version bumps. | ||
Merge branch 'master' of git:https://github.com/davidgraz/refpolicy | ||
ipsec: Module version bump. | ||
Merge branch 'master' of git:https://github.com/aduskett/refpolicy | ||
init: Clean up line placement in init_systemd blocks. | ||
files: Whitespace fix. | ||
Merge branch 'systemd-networkd' | ||
files, init, sysnetwork, systemd: Module version bumps. | ||
Merge pull request #128 from williamcroberts/fc-sort-fixups | ||
Update contrib. | ||
files, netutils: Module version bump. | ||
miscfiles: Module version bump. | ||
Update contrib. | ||
files, userdomain: Module version bump. | ||
kernel, mls, sysadm, ssh, xserver, authlogin, locallogin, userdomain: | ||
Module version bumps. | ||
Several module version bumps. | ||
Module version bumps. | ||
dmesg, locallogin, modutils: Module version bump. | ||
loadable_module.spt: Add debugging comments for tunable_policy blocks. | ||
networkmanager: Grant access to unlabeled PKeys | ||
filesystem: Rename fs_relabel_cgroup_lnk_files. | ||
corcmd, fs, xserver, init, systemd, userdomain: Module version bump. | ||
xserver, sysnetwork, systemd: Module version bump. | ||
xserver: Module version bump. | ||
init: Module version bump. | ||
Update contrib. | ||
mls, xserver, systemd, userdomain: Module version bump. | ||
storage, userdomain: Module version bump. | ||
Add new mmap permission set and pattern support macros. | ||
Add missing mmap_*_files_pattern macros. | ||
Revise mmap_file_perms deprecation warning message. | ||
Update contrib. | ||
hostname: Module version bump. | ||
Update contrib. | ||
init: Module version bump. | ||
Bump module versions for release. | ||
|
||
Christian Göttsche (6): | ||
update travis | ||
rkhunter: add interfaces for var_run and lock dir access check | ||
dphysswapfile: add interfaces and sysadm access | ||
hostname: cmdline usage + signal perms sort | ||
filesystem: add fs_rw_inherited_hugetlbfs_files for apache module | ||
init: add init_rw_inherited_stream_socket | ||
|
||
David Graziano (1): | ||
system/ipsec: Add signull access for strongSwan | ||
|
||
David Sugar (20): | ||
Strip spaces from NAME | ||
Separate read and write interface for tun_tap_device_t | ||
Label RHEL specific systemd binaries | ||
Label /etc/rsyslog.d as syslog_conf_t | ||
Add init_spec_daemon_domain interface | ||
Add status into init_startstop_service interface | ||
Add int_rlimit_inherit interface | ||
remove interface init_inherit_rlimit | ||
Fix problem labeling /run/log/journal/* | ||
Denial relabeling /run/systemd/private | ||
policy for systemd-networkd | ||
Label /var/lib/lightdm-data | ||
Change label for ~/.xsession-errors | ||
Work around systemd-logind patch not in RHEL 7.x yet | ||
RHEL 7.4 has moved the location of /usr/libexec/sesh to | ||
/usr/libexec/sudo/sesh | ||
Create interfaces to write to inherited xserver log files. | ||
label systemd-shutdown so shutdown works | ||
Make an attribute for objects in /run/user/%{USERID}/* | ||
Make xdm directories created in /run/user/%{USERID}/ xdm_runtime_t | ||
(user_runtime_content_type) | ||
Allow systemd_logind to delete user_runtime_content_type files | ||
|
||
David Sugar via refpolicy (2): | ||
label /etc/mcelog/mcelog.setup correctly (for RHEL) | ||
Allow xdm_t to read /proc/sys/crypto/fips_enabled | ||
|
||
Guido Trentalancia (4): | ||
userdomain: allow netlink_kobject_uvent_socket creation | ||
xserver: do not audit ioctl operations on log files | ||
fc_sort: memory leakages | ||
base: create a type for SSL private keys | ||
|
||
Jason Zaman (8): | ||
Allow sysadm to map all non auth files | ||
userdomain: allow admin to rw tape storage | ||
files: fcontext for /etc/zfs/zpool.cache | ||
mls mcs: Add constraints for key class | ||
Add key interfaces and perms | ||
gssproxy: Allow others to stream connect | ||
userdomain: Allow public content access | ||
storage: Add fcontexts for NVMe disks | ||
|
||
Jason Zaman via refpolicy (3): | ||
udev: map module objects to load kernel modules | ||
syslog: allow map persist file | ||
sudo: add fcontext for /run/sudo/ts/USERNAME | ||
|
||
Konrad Rzeszutek Wilk (2): | ||
kernel/xen: Update for Xen 4.6 | ||
kernel/xen: Add map permission to the dev_rw_xen | ||
|
||
Krzysztof Nowicki (2): | ||
Add policy for systemd GPT generator | ||
Allow systemd to relabel cgroupfs legacy symlinks | ||
|
||
Laurent Bigonville (2): | ||
Allow domains using sysnet_dns_name_resolve() interface to access NSS | ||
mymachines files | ||
Add private type for systemd logind inhibit files and pipes | ||
|
||
Luis A. Lozano (1): | ||
Avoid memory leak warning. | ||
|
||
Luis Ressel (15): | ||
modutils: libkmod mmap()s modules.dep and *.ko's | ||
libraries: ldconfig maps its "aux-cache" during cache updates | ||
userdomain: Add various interfaces granting the map permission | ||
files: Create files_map_usr_files interface | ||
selinuxutil: Add map permissions neccessary for semanage | ||
kernel: Add map permission to the dev_{read, write}_sound* interfaces | ||
miscfiles: Allow libfontconfig consumers to map the fonts cache | ||
userdomain: man-db needs to map its 'index.db' cache | ||
logging: Various audit tools (auditctl, ausearch, etc) map their config | ||
and logs | ||
Grant all permissions neccessary for Xorg and basic X clients | ||
libraries: Add fc entry for musl's ld.so config | ||
xserver: Allow xdm_t to map usr_t files | ||
locallogin: Grant local_login_t the dac_read_search capability | ||
dmesg: Grant read access to /usr/share/terminfo | ||
modutils: Dontaudit CAP_SYS_ADMIN checks for modprobe | ||
|
||
Luis Ressel via refpolicy (2): | ||
kernel/files.if: files_list_kernel_modules should grant read perms for | ||
symlinks | ||
netutils: Grant netutils_t map perms for the packet_socket class | ||
|
||
Nicolas Iooss (9): | ||
Add module_load permission to self when loading modules is allowed | ||
audit: allow reading /etc/localtime | ||
corecommands: label dhcpcd hook scripts bin_t | ||
Add "/usr/(.*/)?bin(/.*)?" pattern back | ||
Allow dhcpcd to use generic netlink and raw IP sockets | ||
corecommands: label Arch Linux pacman's scripts as bin_t | ||
init: allow systemd to create /dev/pts as devpts_t | ||
init: allow systemd to relabel /dev and /run | ||
corecommands: label systemd script directories bin_t | ||
|
||
Nicolas Iooss via refpolicy (1): | ||
terminal: /dev/pts exists in /dev filesystem | ||
|
||
Russell Coker (4): | ||
systemd nspawn and backlight | ||
udev and dhcpd | ||
minor nspawn, dnsmasq, and mon patches | ||
refpolicy and certs | ||
|
||
William Roberts (1): | ||
fc_sort: use calloc instead of malloc | ||
|
||
* Sat Aug 05 2017 Chris PeBenito <[email protected]> - 2.20170805 | ||
Chris PeBenito (134): | ||
Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
2.20170805 | ||
2.20180114 |