File: ChangeLog

package info (click to toggle)
selinux-small 2002031409-4
  • links: PTS
  • area: main
  • in suites: woody
  • size: 2,228 kB
  • ctags: 964
  • sloc: ansic: 10,352; yacc: 2,902; makefile: 519; lex: 132; sh: 106; perl: 76
file content (324 lines) | stat: -rw-r--r-- 15,487 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
03-14-2002
	A summary of updates to LSM and SELinux since the 1-18-2002
	release of SELinux follows.  Many of the LSM updates and some of 
	the SELinux updates were contributed by others.  See the BitKeeper 
	tree at lsm.immunix.org for more information about the LSM updates.

	Updates to LSM:
	  Merged 2.5.3 (lsm-2.5).
	  Inserted setgroups hook call into sys_setgroups16 (both).
	  Eliminated dup fd lookup on fcntl(F_*LK) code paths (both).
	  Inserted lock hook call into fcntl*lk operations for consistency (both).
	  Added hooks for extended attribute operations (lsm-2.5).
	  Merged 2.5.4 (lsm-2.5).
	  Added binprm check_security hook (both).
	  Merged 2.5.5 (lsm-2.5).
	  Merged 2.4.18 (lsm-2.4).
	  Merged 2.5.6 (lsm-2.5).

	Updates to SELinux:
	  Minor policy revisions based on feedback.
	  Merged snort domain (Shaun Savage).
	  Merged devfs_context changes, new pppd domain, new nscd domain, new squid domain (Russell Coker).
	  Updated findutils, psmisc, stat, and tar patches to RH7.2 SRPMS
	    (initial update by Shaun Savage, some revisions by Bede McCall).
	  Added rpm utility domain.
	  Removed immutable/append restriction from chsid.
	  Fixed avc_audit to check the skb->protocol value.
	  Fixed bug in runas (Russell Coker).
	  Added initial permission checks for extended attribute operations.
	  Merged Selopt (James Morris).
	  Revised SELinux socket/network access controls to use Selopt. 
	  Added domains for Selopt daemon (scmpd) and utilities.
	  Merged default user (user_u) for unspecified Linux users (Mark Westerman).
	  Fixed setfiles to support large files.
	  Added minimal support for usbdevfs labeling.
	  Added -R option to setfiles and reset target to Makefile.
	  Renamed gdm* to xdm* in the policy and added type aliases.
	  Fixed a bug in checkpolicy related to type aliases.
	  Deprecated clone statements and role transition statements.
	  Made TE assertions order-independent.
	  Moved every.te rules into every_domain macro.  Started partitioning.
	  Removed general read access to home directory types.
	  Partitioned role declarations.
	  Partitioned domain transitions for big "multiplexor" domains:
	     init_t, initrc_t, userdomain (user_t/sysadm_t), inetd_t, tcpd_t
	  Partitioned terminal access rules via type attributes.
	  Added consistent transitions from sysadm_t to admin program domains.
	  Moved all macro definitions to new macros hierarchy, use includes
	    for non-global macros, eliminate ordering dependencies.
          Reorganized domains hierarchy; merge system into program, move
	    user and admin up one level. 
	  Started cleaning up domains to provide better encapsulation.
	  Fixed function prototypes for new syscalls (Russell Coker).
	  Merged bug fix for channel code of openssh (OpenSSH).
	  Updated openssh patch to openssh-3.1p1-2 from RedHat.
	  Moved *stat64* calls and test program into arch/i386 subdirectories.

01-18-2002
	A summary of updates to LSM and SELinux since the 12-10-2001
	release of SELinux follows.  Many of the LSM updates and some of 
	the SELinux updates were contributed by others.  See the BitKeeper 
	tree at lsm.immunix.org for more information about the LSM updates.

	Updates to LSM:
	  Merged 2.5.1 (lsm-2.5).
	  Removed the super_block parameter from the post_mountroot hook (both).
	  Reverted the kill-1 change (lsm-2.5).
	  Moved the super_block alloc_security and free_security hook calls (both).
	  Moved the super_block check_sb and post_addmount hook calls into
	    graft_tree to cover all mounts, including bind and move mounts (both).
	  Merged 2.4.17 (lsm-2.4).
	  Added support for kbuild-2.5 (both).
	  Merged 2.5.2 (lsm-2.5).
          Swap and scheduler fixes for 2.5.2 (lsm-2.5).
	
	Updates to SELinux:
	  Updated util-linux-2.11f patch to util-linux-2.11f-17.
	  Fixed bug in selinux_file_send_sigiotask hook function.
	  Minor policy revisions.
	  Added contributed scripts/newrules.pl script (Justin Smith).  
	  Fixed a bug in the SID table code.
	  Revised SELinux module initialization code.
	    Dealt with initialization changes in 2.5.1.
	    Permit deferred loading of policy if development module.
	  Fixed the symlinks target in the module Makefile.
	  Changed lsm-patch to set the Netlink option defaults.
	  Generalized README, Makefile, module/Makefile for 2.5 build.
	  Fixed bug in ipc_precondition calls.
	  Added avc_enforcing system call and program.
	  Revised the access vector table structure and code.
	  Fixed a bug in newrole's handling of descriptors.

12-10-2001
	A summary of updates to LSM and SELinux since the 11-19-2001
	release of SELinux follows.  Many of the LSM updates and some of 
	the SELinux updates were contributed by others.  See the BitKeeper 
	tree at lsm.immunix.org for more information about the LSM updates.

	Updates to LSM:
	  No longer export capability_ops.
	  Changed swapon and swapoff hooks to take the swap_info_struct.
	  Merged 2.4.16.
	  Synchronized with lsm-2001_11_26-2.4.16 (LSM only).
	  Synchronized with lsm-full-2001_11_26-2.4.16 (LSM + modules).
	  Merged the SELinux module.
	  Synchronized with lsm-full-2001_12_10-2.4.16 (LSM + modules).

	Updates to SELinux:
	  Regenerated lsm-patch for updated security/Makefile.
	  Updated swapon and swapoff hook functions.
	  Fixed bug in selinux_inode_delete hook.
	  Updated procps patch to RH7.2 procps-2.0.7 SRPM.
	  Updated sh-utils patch to RH7.2 sh-utils-2.0.11 SRPM.
	  Updated and revised utils/Makefile.
	  Added Configure.help, defconfig, Makefile patches to lsm-patch.
	    (includes change to -selinux suffix for kernel)
	  Changed AVC auditing to only impose ratelimit if enforcing.
	  Moved share and ptrace permission checks from compute_creds
	     to set_security and changed so that the exec will fail 
	     rather than merely continuing under the old SID.
	  Added stat64 versions for stat_secure system calls,
	     with the usual transparent redirection if desired.
	  Started updating policy for RH7.2.
	  Minor policy updates based on feedback.
	  Merged ipchains domain (Justin Smith).
	  Changed AVC auditing to put each message on a single line.
	  Added "quick install" instructions and Makefile.
	  Updated fileutils patch to RH7.2 fileutils-4.1 SRPM.
	  Updated openssh patch to RH7.2 openssh-2.9p2-12 SRPM.
	  More code cleanup and bug fixes for newrole.
	  Changed newrole and run_init PAM files to omit pam_rootok.so. 
	  Moved the SELinux module into the LSM tree.

11-19-2001
	Fourth public release of the LSM-based SELinux prototype.

	A summary of updates to LSM and SELinux since the 10-16-2001
	release of SELinux follows.  Many of the LSM updates and some of 
	the SELinux updates were contributed by others.  See the BitKeeper 
	tree at lsm.immunix.org for more information about the LSM updates.

	Updates to LSM:
	  Minor cleanup of kernel/capability.c.
	  Added check_sb hook.
	  Merged 2.4.13.  
	  Synchronized with lsm-2001_10_24 against 2.4.13.
	  Improved verification of security_operations structure.
	  Removed version field from security_operations. 
	  Renamed all configuration options to use CONFIG_SECURITY prefix.
	  Renamed and modified capabilities module to drop the _plug suffix.
	  Changed inline hook documentation to kernel-doc format.
	  Merged 2.4.14.
	  Applied loopback driver fix.
	  Synchronized with lsm-2001_11_05 against 2.4.14.

	Updates to SELinux:
	  Fixed newrole and run_init shadow password support.
	  Updated openssh patch to latest RedHat openssh-2.9p2 SRPM.
	  Updated util-linux patch to latest RedHat util-linux-2.11f SRPM.
	  Merged miscellaneous policy updates.
	  Merged contributed sound domain and types (Mark Westerman).
	  Added ext3 as a recognized type for persistent labeling.
	  Added getscheduler hook function.
	  Added check_sb hook function and updated post_addmount.
	  Removed the separately loaded module discussion from README. 
	  Fixed Makefile.kernel files for module configuration.
	  Added a new initial SID and type for /proc/sys/net/unix.
	  Changed quotactl hook function to correctly work with -ac series.
	  Fixed IPC alloc_security hooks to free if create check fails.
	  Moved checkpolicy-specific files to separate directory, and
	    separated from module build.
	  Minor cleanup of socket hook functions.
	  Fixed a bug in load_policy when in permissive mode. 
	  Fixed calls to avc_audit to only audit the denied permissions. 
	  Removed version field from security_operations.
	  Changed extern inline to static inline (SubmittingPatches).
	  Renamed SELinux configuration option to CONFIG_SECURITY_SELINUX.
	  Dropped use of _plug suffix when inserted into the kernel tree.
	  Started eliminating #ifdefs from module code (SubmittingPatches).
	  Incremented policydb version to reflect elimination of 
	    CONFIG_FLASK_AUDIT (mainstreamed) and CONFIG_FLASK_NOTIFY (dropped).
	  Reimplemented execve_secure using the security syscall.
	  Added a separate Config.in file for SELinux.
	  Renamed CONFIG_FLASK_DEVELOP to CONFIG_SECURITY_SELINUX_DEVELOP
	    and moved into kernel configuration.  Cleaned up #ifdefs.
	  Renamed CONFIG_FLASK_MLS to CONFIG_SECURITY_SELINUX_MLS
	    and moved into kernel configuration.  Cleaned up #ifdefs. 
	    Still experimental and not configured for use.
	  Extended MLS code to provide default behavior for contexts that lack
	    a level or range component.  Ease policy transition to MLS.
	  Restored conditional support for MLS to checkpolicy and policy 
	    Makefiles.
	  Added README.MLS.
	  Updated vixie-cron patch to vixie-cron-3.0.1-63.
	  Added logrotate-3.5.9 and ported patch from logrotate-3.5.4.
	  Fixed several bugs in newrole.

10-16-2001
        Third public release of the LSM-based SELinux prototype.
	
	A summary of updates to LSM and SELinux since the 9-26-2001
	release of SELinux follows.  Many of the LSM updates and some of 
	the SELinux updates were contributed by others.  See the BitKeeper 
	tree at lsm.immunix.org for more information about the LSM updates.

	Updates to LSM:
	  Added comment to security.h about GPL controversy.
	  Synchronized with lsm-2001_09_26 against 2.4.10.
	  Added skb_set_owner_w hook.
	  Fixed a bug in the dummy netlink_send hook.
	  Changed the delete_module hook to take module prameter,
	  and added hook call in the automatic reaping case.
	  Removed name parameter from init_module hook (redundant with module).
	  Merged 2.4.11.
	  Changed security/Makefile to export capability_plug.o symbols.
	  Synchronized with lsm-2001_10_10 against 2.4.11. 
	  Merged 2.4.12.
	  Applied parport bug fix patch.
	  Synchronized with lsm-2001_10_11 against 2.4.12.
	  
	Updates to SELinux:
	  Added support for stacking the capability plug.
	  Added domain for the ssh client program.
	  Added explicit modes to install commands in the Makefiles.
	  Merged contributed named domain (Yuichi Nakamura).
	  Added more permissions related to logrotate and crond.
	  Added init_var_run_t derived type for /var/run/shutdown.pid.
	  Added auditdeny rules relating to su by user_t.
	  Added checkpc to file_contexts (oversight from earlier).
	  Pruned apostrophes from policy comments - not handled well by m4.
	  Fixed a bug in the netlink_send hook.
	  Updated delete_module and init_module hooks.
	  Merged contributed gdm domain (Mark Westerman).
	  Fixed extended IPC syscalls to use sys_ipc.
	  Moved creation of arch symlinks to selinux_plug Makefiles.
	  Added run_init utility and policy.

09-26-2001
        Second public release of the LSM-based SELinux prototype.
	
	A summary of updates to LSM and SELinux since the 08-23-2001
	release of SELinux follows.  Many of the LSM updates and some of 
	the SELinux updates were contributed by others.  See the BitKeeper 
	tree at lsm.immunix.org for more information about the LSM updates.
	
        Updates to LSM:
          Fixed bug in Documentation/DocBook/Makefile.
          Added hooks for controlling Unix domain socket IPC.
          Changed int to unsigned int for sys_security parameters.
          Renamed the syscall hook to sys_security.
          Fixed bug in lsm/net/ipv4/netfilter/ip_queue.c.
	  Synchronized with lsm-2001_08_23 against 2.4.9.
	  Fixed bug in lsm/kernel/acct.c.
	  Reworked message queue hooks to address pipelined IPC.
	  Added hooks for quotactl and quota_on.
	  Moved IPC associate hook calls to calculate id only once.
	  Added hooks for syslog and bdflush.
	  Fixed error handling of ip_decode_options hook.	
	  Added hook for prctl.
	  Moved IPC alloc_security hook calls to make key and flags available.
	  Split dummy security module from base framework.
	  Synchronized with lsm-2001_09_04 against 2.4.9.
	  Moved mkdir hook so that mode is sanitized prior to call.
	  Fixed bug in lsm/fs/file_table.c.
	  Fixed various failures to initially clear security field.
	  Fixed call to post_addmount to only occur on success.
	  Fixed placement of unix_may_send hook.
	  Added missing call to shm free_security hook.
	  Moved mount-related hooks into super_block_security_ops.
	  Changed skb_clone to return an error status.
	  Documented the hook function prototypes in security.h.
	  Synchronized with lsm-2001_09_20 against 2.4.9.
	  Merged 2.4.10.
	  Synchronized with lsm-2001_09_23 against 2.4.10.
	  Fixed initialization.
	  Removed capable hook from must_not_trace_exec.
	  Added a draft overview document for LSM to Documentation/DocBook.

        Updates to SELinux:
	  Added access controls for Unix domain socket IPC.
	  Updated permissions in policy for Unix domain socket IPC.
	  Updated sys_security call and hook function.
	  Fixed bug in selinux_sock_rcv_skb.
	  Removed permissions in policy to generic socket class.
	  Added separate security class for PF_KEY sockets.
	  Removed obsolete pipe class.
	  Updated message queue hook functions.
	  Merged contributed IPSEC domain (Mark Westerman).
	  Added configurable support for labeling devfs entries.
	  Implemented msgsid, shmsid, and semsid calls.
	  Fixed performance bug in inode-to-PSID mapping code.
	  Fixed bug in selinux_ip_postroute.
	  Revised policy based on feedback.
	  Added fd use permission to newrole_t.
	  Added permission checks and updated policy for nfsservctl, 
	  quotactl, quota_on, bdflush, and syslog.
	  Restored the avc_ratelimit mechanism.
	  Merged contributed fix (SAFE_ALLOC) for memory allocation 
	  in netdev_alloc_security and security server (James Morris).
	  Changed remaining allocations to also use SAFE_ALLOC.
	  Added safe_down/up for interrupt-safe semaphores.
	  Added semaphores for allocator functions.
	  Added in_interrupt tests to precondition functions.
	  Changed the initializing tests to use atomic bitops.
	  Added per-inode and per-filesystem semaphores for relabels.
	  Added per-filesystem semaphore for PSID->context mapping updates.
	  Added semaphores for SID table insertions.
	  Added write memory barriers for list insertions into 
	  PSID and SID tables.
	  Moved mounton into common file permissions.
	  Removed mountassociate permission.
	  Added semaphores and interrupt handling for policy reloads.
	  Fixed a bug in flush_unauthorized_files and file_receive.
	  Updated for 2.4.10.
	  Merged contributed updates to the policy configuration (David Wheeler,Mark Westerman).

08-23-2001
	Initial public release of the LSM-based SELinux prototype.

	This release was based on the lsm-2001_08_16 patch against kernel
	2.4.9, but also incorporated several changes made between 8/16 and
	8/22 to LSM.