# ChangeLog for sec-policy/selinux-base-policy # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.93 2012/01/14 19:59:58 swift Exp $ *selinux-base-policy-2.20110726-r11 (14 Jan 2012) 14 Jan 2012; +selinux-base-policy-2.20110726-r11.ebuild: Bumping to rev 11 19 Dec 2011; selinux-base-policy-2.20110726-r6.ebuild: Stabilize rev6 *selinux-base-policy-2.20110726-r8 (17 Dec 2011) 17 Dec 2011; +selinux-base-policy-2.20110726-r8.ebuild: Bumping to rev8, list of changes available at http://archives.gentoo.org/gentoo-hardened/msg_b11ef32142076034abd0616e373361 da.xml *selinux-base-policy-2.20110726-r7 (04 Dec 2011) 04 Dec 2011; +selinux-base-policy-2.20110726-r7.ebuild: Bumping to rev 7 27 Nov 2011; selinux-base-policy-2.20110726-r4.ebuild, selinux-base-policy-2.20110726-r5.ebuild, selinux-base-policy-2.20110726-r6.ebuild, files/modules.conf: Put XDG selection (for base) in modules.conf instead of ebuild hocus-pocus 27 Nov 2011; selinux-base-policy-2.20110726-r5.ebuild: Stable on x86/amd64 *selinux-base-policy-2.20110726-r6 (15 Nov 2011) 15 Nov 2011; +selinux-base-policy-2.20110726-r6.ebuild: Fixing #389579, #389917, #388875 and #389569. Also improves support for gcc-config and updates VDE patch with upstream feedback 12 Nov 2011; -selinux-base-policy-2.20090730.ebuild, -selinux-base-policy-2.20090814.ebuild, -selinux-base-policy-2.20091215.ebuild, -selinux-base-policy-2.20101213-r16.ebuild, -selinux-base-policy-2.20101213-r17.ebuild, -selinux-base-policy-2.20101213-r18.ebuild, -selinux-base-policy-2.20101213-r20.ebuild, -selinux-base-policy-2.20101213-r21.ebuild, -selinux-base-policy-2.20101213-r22.ebuild, -selinux-base-policy-2.20110726-r3.ebuild, -files/modules.conf.strict.20090730, -files/modules.conf.targeted.20090730: Removing old policies 23 Oct 2011; selinux-base-policy-2.20110726-r4.ebuild: Stabilization (tracker #384231) *selinux-base-policy-2.20110726-r5 (23 Oct 2011) 23 Oct 2011; +selinux-base-policy-2.20110726-r5.ebuild: Update patches with XDG support, clean up patches with upstream feedback, include asterisk fix *selinux-base-policy-2.20110726-r4 (17 Sep 2011) 17 Sep 2011; +selinux-base-policy-2.20110726-r4.ebuild: Update on portage and portage_fetch domains, fix puppet issues, normalize patches with refpolicy *selinux-base-policy-2.20110726-r3 (28 Aug 2011) 28 Aug 2011; +selinux-base-policy-2.20110726-r3.ebuild: Introduce policy based on refpolicy 20110726 *selinux-base-policy-2.20101213-r22 (07 Aug 2011) 07 Aug 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r22.ebuild: Fix patchbundle issue with portage patch *selinux-base-policy-2.20101213-r21 (25 Jul 2011) *selinux-base-policy-2.20101213-r20 (25 Jul 2011) 25 Jul 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r20.ebuild, +selinux-base-policy-2.20101213-r21.ebuild, +files/modules.conf, files/config: Support unattended use of portage/emerge-webrsync, add layman in its own domain, fix a firefox context mismatch, allow cron to call portage, mark semanage as being an eselect wrapper too (fixes /etc/selinux labeling mismatches). Bugs fixed: #376005, #375835 (workaround) 11 Jul 2011; Anthony G. Basile -files/selinux-base-policy-20070329.diff, -selinux-base-policy-20080525.ebuild, -selinux-base-policy-20080525-r1.ebuild, -files/modules.conf.strict, -files/modules.conf.strict.20070928, -files/modules.conf.strict.20080525, -files/modules.conf.targeted, -files/modules.conf.targeted.20070928, -files/modules.conf.targeted.20080525: Removed all pre 2.20xx base policies *selinux-base-policy-2.20101213-r18 (10 Jul 2011) 10 Jul 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r18.ebuild: Bump to r18, improve support for openrc, allow portage to work with NFS-mounted locations, fix firefox plugin support, fix postgres init script support, fix syslog startup issue 03 Jul 2011; Anthony G. Basile selinux-base-policy-2.20101213-r16.ebuild, selinux-base-policy-2.20101213-r17.ebuild, -files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, -files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2: Moved patchbundles out of ${FILESDIR}, bug #370927 30 Jun 2011; Anthony G. Basile -selinux-base-policy-2.20101213-r11.ebuild, -selinux-base-policy-2.20101213-r12.ebuild, -files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2, -files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2: Removed deprecated versions *selinux-base-policy-2.20101213-r17 (30 Jun 2011) 30 Jun 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r17.ebuild, +files/patchbundle-selinux-base-policy-2.20101213-r17.tar.bz2: Add support for zabbix 02 Jun 2011; Anthony G. Basile selinux-base-policy-2.20101213-r16.ebuild: Stable amd64 x86 20 May 2011; Anthony G. Basile -selinux-base-policy-2.20101213-r5.ebuild, -selinux-base-policy-2.20101213-r6.ebuild, -selinux-base-policy-2.20101213-r7.ebuild, -selinux-base-policy-2.20101213-r9.ebuild, -selinux-base-policy-2.20101213-r10.ebuild, -files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2, -files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2, -files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2, -files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2, -files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2: Removed deprecated revisions of base policy 2.20101213 *selinux-base-policy-2.20101213-r16 (20 May 2011) 20 May 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r16.ebuild, +files/patchbundle-selinux-base-policy-2.20101213-r16.tar.bz2, metadata.xml: Drop obsoleted policy builds, add openrc support (rc-update, rc-status), correct file contexts for /lib64, make UBAC optional (#257111 and #306393), use portage_srcrepo_t for live ebuilds and match mdadm policy with upstream *selinux-base-policy-2.20101213-r12 (16 Apr 2011) *selinux-base-policy-2.20101213-r11 (16 Apr 2011) 16 Apr 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r11.ebuild, +selinux-base-policy-2.20101213-r12.ebuild, +files/patchbundle-selinux-base-policy-2.20101213-r11.tar.bz2, +files/patchbundle-selinux-base-policy-2.20101213-r12.tar.bz2: Added new patchbundles for rev bumps to base policy 2.20101213 *selinux-base-policy-2.20101213-r10 (07 Mar 2011) *selinux-base-policy-2.20101213-r9 (07 Mar 2011) 07 Mar 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r9.ebuild, +selinux-base-policy-2.20101213-r10.ebuild, +files/patchbundle-selinux-base-policy-2.20101213-r10.tar.bz2, +files/patchbundle-selinux-base-policy-2.20101213-r9.tar.bz2: Added new patchbundles for rev bumps to base policy 2.20101213 05 Feb 2011; Anthony G. Basile +files/patchbundle-selinux-base-policy-2.20101213-r5.tar.bz2, +files/patchbundle-selinux-base-policy-2.20101213-r6.tar.bz2, +files/patchbundle-selinux-base-policy-2.20101213-r7.tar.bz2: Added patchbundle for base policy 2.20101213. *selinux-base-policy-2.20101213-r7 (05 Feb 2011) *selinux-base-policy-2.20101213-r6 (05 Feb 2011) *selinux-base-policy-2.20101213-r5 (05 Feb 2011) 05 Feb 2011; Anthony G. Basile +selinux-base-policy-2.20101213-r5.ebuild, +selinux-base-policy-2.20101213-r6.ebuild, +selinux-base-policy-2.20101213-r7.ebuild: New upstream policy. *selinux-base-policy-2.20091215 (16 Dec 2009) 16 Dec 2009; Chris PeBenito +selinux-base-policy-2.20091215.ebuild: New upstream release. *selinux-base-policy-20080525-r1 (14 Sep 2009) 14 Sep 2009; Chris PeBenito +selinux-base-policy-20080525-r1.ebuild: Update old base policy to support ext4. 14 Aug 2009; Chris PeBenito -selinux-base-policy-20070329.ebuild, -selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild: Mark 20080525 stable, clear old ebuilds. *selinux-base-policy-2.20090814 (14 Aug 2009) 14 Aug 2009; Chris PeBenito +selinux-base-policy-2.20090814.ebuild: Git version of refpolicy for misc fixes including some cron problems. *selinux-base-policy-2.20090730 (03 Aug 2009) 03 Aug 2009; Chris PeBenito +selinux-base-policy-2.20090730.ebuild: New upstream release. 18 Jul 2009; Chris PeBenito selinux-base-policy-20070329.ebuild, selinux-base-policy-20070928.ebuild, selinux-base-policy-20080525.ebuild: Drop alpha, mips, ppc, sparc selinux support. *selinux-base-policy-20080525 (25 May 2008) 25 May 2008; Chris PeBenito +selinux-base-policy-20080525.ebuild: New SVN snapshot. 16 Mar 2008; Chris PeBenito -selinux-base-policy-20051022-r1.ebuild, -selinux-base-policy-20061114.ebuild: Remove old ebuilds. 03 Feb 2008; Chris PeBenito selinux-base-policy-20070928.ebuild: Mark stable. *selinux-base-policy-20070928 (26 Nov 2007) 26 Nov 2007; Chris PeBenito +selinux-base-policy-20070928.ebuild: New SVN snapshot. 04 Jun 2007; Chris PeBenito selinux-base-policy-20070329.ebuild: Mark stable. 30 Mar 2007; Chris PeBenito +files/selinux-base-policy-20070329.diff, selinux-base-policy-20070329.ebuild: Compile fix. *selinux-base-policy-20070329 (29 Mar 2007) 29 Mar 2007; Chris PeBenito +selinux-base-policy-20070329.ebuild: New SVN snapshot. 22 Feb 2007; Markus Ullmann ChangeLog: Redigest for Manifest2 *selinux-base-policy-20061114 (15 Nov 2006) 15 Nov 2006; Chris PeBenito +selinux-base-policy-20061114.ebuild: New SVN snapshot. 25 Oct 2006; Chris PeBenito selinux-base-policy-20061015.ebuild: Fix to have default POLICY_TYPES if it is empty. 21 Oct 2006; Chris PeBenito selinux-base-policy-20061015.ebuild: Fix xml generation failure to die. *selinux-base-policy-20061015 (15 Oct 2006) 15 Oct 2006; Chris PeBenito -selinux-base-policy-20061008.ebuild, +selinux-base-policy-20061015.ebuild: Update for testing fixes. *selinux-base-policy-20061008 (08 Oct 2006) 08 Oct 2006; Chris PeBenito -files/semanage.conf, +selinux-base-policy-20061008.ebuild, -selinux-base-policy-99999999.ebuild: First mainstream reference policy testing release. 29 Sep 2006; Chris PeBenito selinux-base-policy-99999999.ebuild: Fix for new SVN location. Fixes 147781. 22 Feb 2006; Stephen Bennett selinux-base-policy-20051022-r1.ebuild: Alpha stable *selinux-base-policy-99999999 (02 Feb 2006) 02 Feb 2006; Chris PeBenito +files/config, +files/modules.conf.strict, +files/modules.conf.targeted, +files/semanage.conf, +selinux-base-policy-99999999.ebuild: Add experimental policy for testing reference policy. Requires portage fix from bug #110857. 02 Feb 2006; Chris PeBenito -selinux-base-policy-20050322.ebuild, -selinux-base-policy-20050618.ebuild, -selinux-base-policy-20050821.ebuild, -selinux-base-policy-20051022.ebuild: Clean out old ebuilds. 14 Jan 2006; Stephen Bennett selinux-base-policy-20051022-r1.ebuild: Added ~alpha *selinux-base-policy-20051022-r1 (08 Dec 2005) 08 Dec 2005; Chris PeBenito +selinux-base-policy-20051022-r1.ebuild: Change to use compatability genhomedircon. Newer policycoreutils (1.28) breaks the backwards compatability this policy uses. *selinux-base-policy-20051022 (22 Oct 2005) 22 Oct 2005; Chris PeBenito +selinux-base-policy-20051022.ebuild: Very trivial fixes. 08 Sep 2005; Chris PeBenito selinux-base-policy-20050821.ebuild: Mark stable. *selinux-base-policy-20050821 (21 Aug 2005) 21 Aug 2005; Chris PeBenito +selinux-base-policy-20050821.ebuild: Minor updates for 2.6.12. 21 Jun 2005; Chris PeBenito selinux-base-policy-20050618.ebuild: Mark stable. *selinux-base-policy-20050618 (18 Jun 2005) 18 Jun 2005; Chris PeBenito -selinux-base-policy-20041123.ebuild, -selinux-base-policy-20050306.ebuild, +selinux-base-policy-20050618.ebuild: New release to support 2.6.12 features. 10 May 2005; Stephen Bennett selinux-base-policy-20050322.ebuild: mips stable 01 May 2005; Stephen Bennett selinux-base-policy-20050322.ebuild: Added ~mips. *selinux-base-policy-20050322 (23 Mar 2005) 23 Mar 2005; Chris PeBenito +selinux-base-policy-20050322.ebuild: New release. *selinux-base-policy-20050306 (06 Mar 2005) 06 Mar 2005; Chris PeBenito +selinux-base-policy-20050306.ebuild: Fix bad samba_domain dummy macro. Add policies needed for udev support. *selinux-base-policy-20050224 (24 Feb 2005) 24 Feb 2005; Chris PeBenito +selinux-base-policy-20050224.ebuild: New release. 19 Jan 2005; Chris PeBenito selinux-base-policy-20041123.ebuild: Mark stable. *selinux-base-policy-20041123 (23 Nov 2004) 23 Nov 2004; Chris PeBenito +selinux-base-policy-20041123.ebuild: New release with 1.18 merge. *selinux-base-policy-20041023 (23 Oct 2004) 23 Oct 2004; Chris PeBenito +selinux-base-policy-20041023.ebuild: New release with 1.16 merge. Tcpd and inetd have been deprecated since they are not in the base system anymore, and probably no one uses them anyway. *selinux-base-policy-20040906 (06 Sep 2004) 06 Sep 2004; Chris PeBenito +selinux-base-policy-20040906.ebuild: New release with 1.14 merge, which has policy 18 (fine-grained netlink) features. 05 Sep 2004; Chris PeBenito selinux-base-policy-20040225.ebuild, -selinux-base-policy-20040509.ebuild, -selinux-base-policy-20040604.ebuild, selinux-base-policy-20040629.ebuild, selinux-base-policy-20040702.ebuild: Remove old builds, switch to epause and ebeep in remaining builds. *selinux-base-policy-20040702 (02 Jul 2004) 02 Jul 2004; Chris PeBenito +selinux-base-policy-20040702.ebuild: Same as 20040629, except with updated flask headers, which will come out in 2.6.8. *selinux-base-policy-20040629 (29 Jun 2004) 29 Jun 2004; Chris PeBenito +selinux-base-policy-20040629.ebuild: Large sysadmfile cleanup: disable admin_separation to give sysadm_r back its ablility to modify all files. Minor fixes: portage_r works again, syslog-ng breakage fixed, put back manual PaX policy for pageexec/segmexec. 16 Jun 2004; Chris PeBenito selinux-base-policy-20040604.ebuild: Mark stable. 10 Jun 2004; Chris PeBenito selinux-base-policy-20040225.ebuild, selinux-base-policy-20040509.ebuild, selinux-base-policy-20040604.ebuild: Add src_compile() stub *selinux-base-policy-20040604 (04 Jun 2004) 04 Jun 2004; Chris PeBenito +selinux-base-policy-20040604.ebuild: New release including 1.12 NSA policy, and experimental sesandbox. 15 May 2004; Chris PeBenito selinux-base-policy-20040509.ebuild: Mark stable. *selinux-base-policy-20040509 (09 May 2004) 09 May 2004; Chris PeBenito +selinux-base-policy-20040509.ebuild: A few small cleanups. Make PaX non exec pages macro based on arch. Large portage update, get rid of portage_exec_fetch_t, portage will setexec. Add global_ssp tunable. *selinux-base-policy-20040418 (18 Apr 2004) 18 Apr 2004; Chris PeBenito +selinux-base-policy-20040418.ebuild: New release for checkpolicy 1.10 *selinux-base-policy-20040414 (14 Apr 2004) 14 Apr 2004; Chris PeBenito -selinux-base-policy-20040408.ebuild, +selinux-base-policy-20040414.ebuild: Minor updates *selinux-base-policy-20040408 (08 Apr 2004) 08 Apr 2004; Chris PeBenito selinux-base-policy-20040408.ebuild: New update. Users.fc is now deprecated, as the contexts for user directories is now automatically generated. Portage fetching of distfiles now has a subdomain, for dropping priviledges. 28 Feb 2004; Chris PeBenito selinux-base-policy-20040225.ebuild: Mark stable. *selinux-base-policy-20040225 (25 Feb 2004) 25 Feb 2004; Chris PeBenito selinux-base-policy-20040225.ebuild: New support for PaX ACL hooks. Addition of tunable.te for configurable policy options. Rewrite of portage.te. Now auto-transition for sysadm is default, can reenable portage_r by tunable.te. Makefile update from NSA CVS. *selinux-base-policy-20040209 (09 Feb 2004) 09 Feb 2004; Chris PeBenito selinux-base-policy-20040209.ebuild: Minor revision to add XFS labeling and policy for integrated runscript-run_init. 07 Feb 2004; Chris PeBenito selinux-base-policy-20040202.ebuild: Mark x86 stable. *selinux-base-policy-20040202 (02 Feb 2004) 02 Feb 2004; Chris PeBenito selinux-base-policy-20040202.ebuild: A few misc fixes. Allow portage to update bootloader code, such as in lilo or grub postinst. This requires checkpolicy 1.4-r1. *selinux-base-policy-20031225 (25 Dec 2003) 25 Dec 2003; Chris PeBenito selinux-base-policy-20031225.ebuild: New release, with merged NSA 1.4 policy. One critical note, this policy requires pam 0.77. Much work has been done to minimize access to /etc/shadow, and one requirement is in the patch for pam 0.77. If you do not use this pam version or newer, you will be unable to authenticate in enforcing. Since devfs no longer is usable in SELinux, it's policy has been removed. You should merge the changes, remove the devfsd policy (devfsd.te and devfsd.fc), load the policy, and relabel. 27 Nov 2003; Chris PeBenito selinux-base-policy-20031010-r1.ebuild: Mark stable. Add build USE flag for stage building. *selinux-base-policy-20031010-r1 (12 Nov 2003) 12 Nov 2003; Chris PeBenito selinux-base-policy-20031010-r1.ebuild, files/selinux-base-policy-20031010-cvs.diff: Add fixes from policy cvs for compilers, so non x86 and ppc compilers can work. Also portage update as a side effect of updated setfiles code in portage, from bug 31748. 28 Oct 2003; Chris PeBenito selinux-base-policy-20031010.ebuild: Mark stable *selinux-base-policy-20031010 (10 Oct 2003) 10 Oct 2003; Chris PeBenito selinux-base-policy-20031010.ebuild: New release for new API. Massive cleanups all over the place. *selinux-base-policy-20030817 (17 Aug 2003) 17 Aug 2003; Chris PeBenito selinux-base-policy-20030817.ebuild: Initial commit of new API policy 10 Aug 2003; Chris PeBenito selinux-base-policy-20030729-r1.ebuild: Mark stable *selinux-base-policy-20030729-r1 (31 Jul 2003) 31 Jul 2003; Chris PeBenito selinux-base-policy-20030729-r1.ebuild: New rev that handles an empty POLICYDIR sanely. *selinux-base-policy-20030729 (29 Jul 2003) 29 Jul 2003; Chris PeBenito selinux-base-policy-20030729.ebuild: Make the ebuild use POLICYDIR. Important fix so portage can load policy so selinux-policy.eclass works. update_modules_t cleanup. Fix for an access when merging baselayout. *selinux-base-policy-20030720 (20 Jul 2003) 20 Jul 2003; Chris PeBenito selinux-base-policy-20030720.ebuild: Many fixes, including the syslog fix. File contexts have changed, so a relabel is needed. You may encounter problems relabeling /usr/portage, as its file context has changed, as files should not have the same type as a domain. Relabelling in permissive will fix this, or temporarily give portage_t a file_type attribute. Tightened the can_exec_any() macro. Moved staff.fc to users.fc, since all users with SELinux identities should have their home directories have the correct identity, not the generic identity. 06 Jun 2003; Chris PeBenito selinux-base-policy-20030604.ebuild: Mark stable *selinux-base-policy-20030604 (04 Jun 2003) 04 Jun 2003; Chris PeBenito selinux-base-policy-20030604.ebuild: Fix broken 20030603 04 Jun 2003; Chris PeBenito selinux-base-policy-20030603.ebuild: Pulling 20030603, as there are problems, 20030604 later today *selinux-base-policy-20030603 (03 Jun 2003) 03 Jun 2003; Chris PeBenito selinux-base-policy-20030603.ebuild: Numerous various fixes. Added staff role. Removed ipsec, gpm and gpg policies as they are not appropriate for the base policy, and untested. *selinux-base-policy-20030522 (22 May 2003) 22 May 2003; Chris PeBenito selinux-base-policy-20030522.ebuild: The policy is in pretty good shape now. I've been able to run in enforcing mode with little problem. I've also been able to successfully merge and unmerge packages in enforcing mode, with few exceptions (why does mysql need to run ps during configure?). *selinux-base-policy-20030514 (14 May 2003) 14 May 2003; Chris PeBenito selinux-base-policy-20030514.ebuild: Many improvements in many areas. Of note, rlogind policies were removed. Klogd is being merged into syslogd. The portage policy is much more complete, but still needs work. Its suggested that all changes be merged in, policy reloaded, then relabel. *selinux-base-policy-20030419 (19 Apr 2003) 23 Apr 2003; Chris PeBenito selinux-base-policy-20030419.ebuild: Marking stable for selinux-small stable usage 19 Apr 2003; Chris PeBenito Manifest, selinux-base-policy-20030419.ebuild: Initial commit. Base policies for SELinux, with Gentoo-specifics