# ChangeLog for sec-policy/selinux-base-policy # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.33 2005/01/20 01:00:48 pebenito Exp $ 19 Jan 2005; Chris PeBenito selinux-base-policy-20041123.ebuild: Mark stable. *selinux-base-policy-20041123 (23 Nov 2004) 23 Nov 2004; Chris PeBenito +selinux-base-policy-20041123.ebuild: New release with 1.18 merge. *selinux-base-policy-20041023 (23 Oct 2004) 23 Oct 2004; Chris PeBenito +selinux-base-policy-20041023.ebuild: New release with 1.16 merge. Tcpd and inetd have been deprecated since they are not in the base system anymore, and probably no one uses them anyway. *selinux-base-policy-20040906 (06 Sep 2004) 06 Sep 2004; Chris PeBenito +selinux-base-policy-20040906.ebuild: New release with 1.14 merge, which has policy 18 (fine-grained netlink) features. 05 Sep 2004; Chris PeBenito selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild, -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild, selinux-base-policy-20040702.ebuild: Remove old builds, switch to epause and ebeep in remaining builds. *selinux-base-policy-20040702 (02 Jul 2004) 02 Jul 2004; Chris PeBenito +selinux-base-policy-20040702.ebuild: Same as 20040629, except with updated flask headers, which will come out in 2.6.8. *selinux-base-policy-20040629 (29 Jun 2004) 29 Jun 2004; Chris PeBenito +selinux-base-policy-20040629.ebuild: Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its ablility to modify all files. Minor fixes: portage_r works again, syslog-ng breakage fixed, put back manual PaX policy for pageexec/segmexec. 16 Jun 2004; Chris PeBenito selinux-base-policy-20040604.ebuild: Mark stable. 10 Jun 2004; Chris PeBenito selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild, selinux-base-policy-20040604.ebuild: Add src_compile() stub *selinux-base-policy-20040604 (04 Jun 2004) 04 Jun 2004; Chris PeBenito +selinux-base-policy-20040604.ebuild: New release including 1.12 NSA policy, and experimental sesandbox. 15 May 2004; Chris PeBenito selinux-base-policy-20040509.ebuild: Mark stable. *selinux-base-policy-20040509 (09 May 2004) 09 May 2004; Chris PeBenito +selinux-base-policy-20040509.ebuild: A few small cleanups. Make PaX non exec pages macro based on arch. Large portage update, get rid of portage_exec_fetch_t, portage will setexec. Add global_ssp tunable. *selinux-base-policy-20040418 (18 Apr 2004) 18 Apr 2004; Chris PeBenito +selinux-base-policy-20040418.ebuild: New release for checkpolicy 1.10 *selinux-base-policy-20040414 (14 Apr 2004) 14 Apr 2004; Chris PeBenito -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild: Minor updates *selinux-base-policy-20040408 (08 Apr 2004) 08 Apr 2004; Chris PeBenito selinux-base-policy-20040408.ebuild: New update. Users.fc is now deprecated, as the contexts for user directories is now automatically generated. Portage fetching of distfiles now has a subdomain, for dropping priviledges. 28 Feb 2004; Chris PeBenito selinux-base-policy-20040225.ebuild: Mark stable. *selinux-base-policy-20040225 (25 Feb 2004) 25 Feb 2004; Chris PeBenito selinux-base-policy-20040225.ebuild: New support for PaX ACL hooks. Addition of tunable.te for configurable policy options. Rewrite of portage.te. Now auto-transition for sysadm is default, can reenable portage_r by tunable.te. Makefile update from NSA CVS. *selinux-base-policy-20040209 (09 Feb 2004) 09 Feb 2004; Chris PeBenito selinux-base-policy-20040209.ebuild: Minor revision to add XFS labeling and policy for integrated runscript-run_init. 07 Feb 2004; Chris PeBenito selinux-base-policy-20040202.ebuild: Mark x86 stable. *selinux-base-policy-20040202 (02 Feb 2004) 02 Feb 2004; Chris PeBenito selinux-base-policy-20040202.ebuild: A few misc fixes. Allow portage to update bootloader code, such as in lilo or grub postinst. This requires checkpolicy 1.4-r1. *selinux-base-policy-20031225 (25 Dec 2003) 25 Dec 2003; Chris PeBenito selinux-base-policy-20031225.ebuild: New release, with merged NSA 1.4 policy. One critical note, this policy requires pam 0.77. Much work has been done to minimize access to /etc/shadow, and one requirement is in the patch for pam 0.77. If you do not use this pam version or newer, you will be unable to authenticate in enforcing. Since devfs no longer is usable in SELinux, it's policy has been removed. You should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc), load the policy, and relabel. 27 Nov 2003; Chris PeBenito selinux-base-policy-20031010-r1.ebuild: Mark stable. Add build USE flag for stage building. *selinux-base-policy-20031010-r1 (12 Nov 2003) 12 Nov 2003; Chris PeBenito selinux-base-policy-20031010-r1.ebuild, files/selinux-base-policy-20031010-cvs.diff: Add fixes from policy cvs for compilers, so non x86 and ppc compilers can work. Also portage update as a side effect of updated setfiles code in portage, from bug 31748. 28 Oct 2003; Chris PeBenito selinux-base-policy-20031010.ebuild: Mark stable *selinux-base-policy-20031010 (10 Oct 2003) 10 Oct 2003; Chris PeBenito selinux-base-policy-20031010.ebuild: New release for new API. Massive cleanups all over the place. *selinux-base-policy-20030817 (17 Aug 2003) 17 Aug 2003; Chris PeBenito selinux-base-policy-20030817.ebuild: Initial commit of new API policy 10 Aug 2003; Chris PeBenito selinux-base-policy-20030729-r1.ebuild: Mark stable *selinux-base-policy-20030729-r1 (31 Jul 2003) 31 Jul 2003; Chris PeBenito selinux-base-policy-20030729-r1.ebuild: New rev that handles an empty POLICYDIR sanely. *selinux-base-policy-20030729 (29 Jul 2003) 29 Jul 2003; Chris PeBenito selinux-base-policy-20030729.ebuild: Make the ebuild use POLICYDIR. Important fix so portage can load policy so selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when merging baselayout. *selinux-base-policy-20030720 (20 Jul 2003) 20 Jul 2003; Chris PeBenito selinux-base-policy-20030720.ebuild: Many fixes, including the syslog fix. File contexts have changed, so a relabel is needed. You may encounter problems relabeling /usr/portage, as its file context has changed, as files should not have the same type as a domain. Relabelling in permissive will fix this, or temporarily give portage_t a file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to users.fc, since all users with SELinux identities should have their home directories have the correct identity, not the generic identity. 06 Jun 2003; Chris PeBenito selinux-base-policy-20030604.ebuild: Mark stable *selinux-base-policy-20030604 (04 Jun 2003) 04 Jun 2003; Chris PeBenito selinux-base-policy-20030604.ebuild: Fix broken 20030603 04 Jun 2003; Chris PeBenito selinux-base-policy-20030603.ebuild: Pulling 20030603, as there are problems, 20030604 later today *selinux-base-policy-20030603 (03 Jun 2003) 03 Jun 2003; Chris PeBenito selinux-base-policy-20030603.ebuild: Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies as they are not appropriate for the base policy, and untested. *selinux-base-policy-20030522 (22 May 2003) 22 May 2003; Chris PeBenito selinux-base-policy-20030522.ebuild: The policy is in pretty good shape now. I've been able to run in enforcing mode with little problem. I've also been able to successfully merge and unmerge packages in enforcing mode, with few exceptions (why does mysql need to run ps during configure?). *selinux-base-policy-20030514 (14 May 2003) 14 May 2003; Chris PeBenito selinux-base-policy-20030514.ebuild: Many improvements in many areas. Of note, rlogind policies were removed. Klogd is being merged into syslogd. The portage policy is much more complete, but still needs work. Its suggested that all changes be merged in, policy reloaded, then relabel. *selinux-base-policy-20030419 (19 Apr 2003) 23 Apr 2003; Chris PeBenito selinux-base-policy-20030419.ebuild: Marking stable for selinux-small stable usage 19 Apr 2003; Chris PeBenito Manifest, selinux-base-policy-20030419.ebuild: Initial commit. Base policies for SELinux, with Gentoo-specifics