-
Notifications
You must be signed in to change notification settings - Fork 141
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Changelog and VERSION for release 2.20210203.
Signed-off-by: Chris PeBenito <[email protected]>
- Loading branch information
Showing
2 changed files
with
194 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,196 @@ | ||
| * Wed Feb 03 2021 Chris PeBenito <[email protected]> - 2.20210203 | ||
| (GalaxyMaster) (1): | ||
| added policy for systemd-socket-proxyd | ||
|
|
||
| 0xC0ncord (1): | ||
| userdomain, xserver: move xdg rules to userdom_xdg_user_template | ||
|
|
||
| Anthony PERARD (1): | ||
| xen: Allow xenstored to map /proc/xen/xsd_kva | ||
|
|
||
| Antoine Tenart (15): | ||
| udev: allow udevadm to retrieve xattrs | ||
| locallogin: allow login to get attributes of procfs | ||
| logging: allow systemd-journal to write messages to the audit socket | ||
| sysnetwork: allow to read network configuration files | ||
| dbus: add two interfaces to allow reading from directories and named | ||
| sockets | ||
| dbus: allow clients to list runtime dirs and named sockets | ||
| systemd: add extra systemd_generator_t rules | ||
| systemd: allow systemd-hwdb to search init runtime directories | ||
| systemd: allow systemd-network to get attributes of fs | ||
| systemd: allow systemd-resolve to read in tmpfs | ||
| corecommands: add entry for Busybox shell | ||
| systemd: allow systemd-getty-generator to read and write unallocated ttys | ||
| systemd: allow systemd-network to list the runtime directory | ||
| ntp: allow systemd-timesyn to watch dbus objects | ||
| ntp: allow systemd-timesyn to setfscreate | ||
|
|
||
| Chris PeBenito (117): | ||
| Merge branch 'acpid_shutdown' of https://github.com/jpds/refpolicy into | ||
| jpds-acpid_shutdown | ||
| .travis.yml: Point selint at only the policy dir. | ||
| corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module | ||
| version bump. | ||
| systemd: Move systemd-pstore block up in alphabetical order. | ||
| Switch to GitHub actions for CI actions. | ||
| systemd: Whitespace changes. | ||
| systemd: Rename systemd_connectto_socket_proxyd_unix_sockets() to | ||
| systemd_stream_connect_socket_proxyd(). | ||
| Drop criteria on github actions. | ||
| userdomain: Fix error in calling userdom_xdg_user_template(). | ||
| systemd: Add systemd-tty-ask watch for /run/systemd/ask-password. | ||
| Makefile: Add -E to setfiles labeling targets. | ||
| udev: Drop udev_tbl_t. | ||
| udev: Systemd 246 merged udev and udevadm executables. | ||
| devicekit: Udisks uses udevadm, it does not exec udev. | ||
| Remove modules for programs that are deprecated or no longer supported. | ||
| chromium: Whitespace changes. | ||
| chromium: Move naclhelper lines. | ||
| certbot: Whitespace changes. | ||
| certbot: Drop aliases since they have never had the old names in | ||
| refpolicy. | ||
| certbot: Reorder fc lines. | ||
| miscfiles: Rename miscfiles_manage_generic_tls_privkey_lnk_files. | ||
| userdomain: Move lines. | ||
| certbot: Fix lint issues. | ||
| memlockd: Move lines. | ||
| memlockd: Whitespace fixes. | ||
| memlockd: Fix lint issue. | ||
| file_patterns.spt: Add a mmap_manage_files_pattern(). | ||
| apache, mysql, postgrey, samba, squid: Apply new | ||
| mmap_manage_files_pattern(). | ||
| devicekit, jabber, samba: Move lines. | ||
| cron: Make backup call for system_cronjob_t optional. | ||
| samba: Fix samba_runtime_t alias use. | ||
| samba: Move service interface definitions. | ||
| sysnetwork: Merge dhcpc_manage_samba tunable block with existing samba | ||
| block. | ||
| samba: Add missing userspace class requirements in unit interfaces. | ||
| apache: Fix lint error. | ||
| apache: Really fix lint error. | ||
| aptcacher: Drop broken config interfaces. | ||
| samba: Fix lint error. | ||
| 0xC0ncord/feature/sudodomain_http_connect_boolean | ||
| 0xC0ncord/bugfix/systemd_system_custom_unit_fc | ||
| dpkg, aptcatcher, milter, mysql, systemd: Rename interfaces. | ||
| apt, bootloader: Move lines. | ||
| systemd: Move lines. | ||
| systemd: Fix lint errors. | ||
| systemd: Rename systemd_use_machined_devpts(). | ||
| Bump module versions for release. | ||
|
|
||
| Christian Göttsche (16): | ||
| postfixpolicyd: split multi-class rule | ||
| init/systemd: allow systemd to map the SELinux status page | ||
| selinux: add selinux_use_status_page and deprecate | ||
| selinux_map_security_files | ||
| genhomedircon: drop backwards compatibility section | ||
| genhomedircon: require match for home directory name | ||
| genhomedircon: drop unused functions | ||
| genhomedircon: generate file contexts for %{USERNAME} and %{USERID} | ||
| genhomedircon: misc pylint cleanup | ||
| genhomedircon: improve error messages for min uid search | ||
| Rules.monolithic: ignore version mismatch | ||
| gitignore: ignore monolithic generated files | ||
| Preset OUTPUT_POLICY to 32 | ||
| Rules.monolithic: do not suppress load_policy warning messages | ||
| Rules.monolithic: tweak checkpolicy arguments | ||
| Rules.monolithic: drop dead variable | ||
| Rules.monolithic: add missing phony declarations | ||
|
|
||
| Daniel Burgener (4): | ||
| Allow init to mount over the system bus | ||
| Allow systemd-ask-password to watch files | ||
| Use self keyword when an AV rule source type matches destination | ||
| Fix typo in comment | ||
|
|
||
| Dannick Pomerleau (1): | ||
| access_vectors: Add new capabilities to cap2 | ||
|
|
||
| Dave Sugar (9): | ||
| Looks like this got dropped in pull request #294 | ||
| Allow snmpd to read hwdata | ||
| Updates for corosync to work in enforcing | ||
| To get pacemaker working in enforcing | ||
| pacemaker systemd permissions | ||
| Allow pacemaker to map/read/write corosync shared memory files | ||
| Allow systemd-modules-load to search kernel keys | ||
| pcs_snmpd_agent_t fix denials to allow it to read needed queues | ||
| Work with xdg module disabled | ||
|
|
||
| David Schadlich (1): | ||
| add policy for pcs_snmp_agent | ||
|
|
||
| Deepak Rawat (1): | ||
| Add selinux-policy for systemd-pstore service | ||
|
|
||
| Dominick Grift (1): | ||
| bind: add a few fc specs for unbound | ||
|
|
||
| Guido Trentalancia (1): | ||
| Add LVM module permissions needed to open cryptsetup devices. | ||
|
|
||
| Jason Zaman (5): | ||
| userdomain: Add watch on home dirs | ||
| getty: allow watching file /run/agetty.reload | ||
| Add transition on gentoo init_t to openrc | ||
| init: upstream fcontexts from gentoo policy | ||
| systemd: make remaining dbus_* optional | ||
|
|
||
| Jonathan Davies (8): | ||
| acpi.te: Allow acpid_t to shutdown the system - this is required to handle | ||
| shutdown calls from libvirt. Fixes #298. | ||
| acpi.te: Removed unnecessary init_write_initctl(). | ||
| userdomain.if: Marked usbguard user modify tunable as optional so usbguard | ||
| may be excluded. | ||
| portage: Added /var/cache/distfiles path. | ||
| init: Added fcontext for openrc-init. | ||
| init: Added fcontext for openrc-shutdown. | ||
| apps/screen.fc: Added fcontext for tmux xdg directory. | ||
| apps/screen.te: Allow screen to search xdg directories. | ||
|
|
||
| Kenton Groombridge (11): | ||
| devices: add interface for IOCTL on input devices | ||
| virt: add boolean to allow evdev passthrough | ||
| stunnel: add log type and rules | ||
| fail2ban: allow reading systemd journal | ||
| spamassassin: add rspamd support and tunable | ||
| apache: add interface for list dir perms on httpd content | ||
| sudo: add tunable for HTTP connections | ||
| init: label systemd units in /etc | ||
| certbot: add support for acme.sh | ||
| lvm: add lvm_tmpfs_t type and rules | ||
| Various fixes | ||
|
|
||
| Peter Morrow (1): | ||
| selinux: add selinux_get_all_booleans() interface | ||
|
|
||
| Richard Haines (1): | ||
| Ensure correct monolithic binary policy is loaded | ||
|
|
||
| Russell Coker (11): | ||
| base chrome/chromium patch fixed | ||
| latest iteration of certbot policy as patch | ||
| yet more strict patches fixed | ||
| remove deprecated from 20190201 | ||
| more Chrome stuff | ||
| latest memlockd patch | ||
| misc services patches with changes Dominick and Chris wanted | ||
| misc network patches with Dominick's changes*2 | ||
| new version of filetrans patch | ||
| misc apps and admin patches | ||
| machined | ||
|
|
||
| Yi Zhao (1): | ||
| sysnet: allow dhcpcd to create socket file | ||
|
|
||
| bauen1 (4): | ||
| systemd: private type for /run/systemd/userdb | ||
| authlogin: connect to userdb | ||
| systemd-logind: utilize nsswitch | ||
| selint: fix S-010 | ||
|
|
||
| * Tue Aug 18 2020 Chris PeBenito <[email protected]> - 2.20200818 | ||
| Alexander Miroshnichenko (2): | ||
| openvpn: more versatile file context regex for ipp.txt | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 2.20200818 | ||
| 2.20210203 |