%define libsepolver 1.11.20-1 %define libsetransver 0.1.18-1 Summary: SELinux library and simple utilities Name: libselinux Version: 1.30 Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Patch: libselinux-rhat.patch BuildRequires: libsepol-devel >= %{libsepolver} Requires: libsepol >= %{libsepolver} Requires: libsetrans >= %{libsetransver} BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot %description Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security. libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API. %package python Summary: python bindings for libselinux Group: Development/Libraries Requires: libselinux = %{version}-%{release} BuildRequires: python-devel %description python The libselinux-python package contains the python bindings for developing SELinux applications. %package devel Summary: Header files and libraries used to build SELinux Group: Development/Libraries Requires: libselinux = %{version}-%{release} %description devel The libselinux-devel package contains the static libraries and header files needed for developing SELinux applications. %prep %setup -q %patch -p1 -b .rhat %build make clean make CFLAGS="-g %{optflags}" all pywrap %install rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}/%{_lib} mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_includedir} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" BINDIR="${RPM_BUILD_ROOT}%{_sbindir}" install install-pywrap # Nuke the files we don't want to distribute rm -f ${RPM_BUILD_ROOT}%{_sbindir}/compute_* rm -f ${RPM_BUILD_ROOT}%{_sbindir}/deftype rm -f ${RPM_BUILD_ROOT}%{_sbindir}/execcon rm -f ${RPM_BUILD_ROOT}%{_sbindir}/getcon rm -f ${RPM_BUILD_ROOT}%{_sbindir}/getconlist rm -f ${RPM_BUILD_ROOT}%{_sbindir}/getenforcemode rm -f ${RPM_BUILD_ROOT}%{_sbindir}/getfilecon rm -f ${RPM_BUILD_ROOT}%{_sbindir}/getpidcon rm -f ${RPM_BUILD_ROOT}%{_sbindir}/mkdircon rm -f ${RPM_BUILD_ROOT}%{_sbindir}/policyvers rm -f ${RPM_BUILD_ROOT}%{_sbindir}/setfilecon rm -f ${RPM_BUILD_ROOT}%{_sbindir}/selinuxconfig rm -f ${RPM_BUILD_ROOT}%{_sbindir}/selinuxdisable rm -f ${RPM_BUILD_ROOT}%{_sbindir}/sgetseuser %clean rm -rf ${RPM_BUILD_ROOT} %post /sbin/ldconfig [ -x /sbin/telinit ] && /sbin/telinit U exit 0 %postun -p /sbin/ldconfig %files %defattr(-,root,root,0755) /%{_lib}/libselinux.so.* %{_libdir}/libselinux.so %{_sbindir}/* %{_mandir}/man8/* %files devel %defattr(-,root,root) %{_libdir}/libselinux.a %dir %{_includedir}/selinux %{_includedir}/selinux/ %{_mandir}/man3/* %files python %defattr(-,root,root,0755) %{_libdir}/python*/site-packages/_selinux.so %{_libdir}/python*/site-packages/selinux.py* %changelog * Fri Mar 10 2006 Dan Walsh 1.30-1 - Make some fixes so it will build on RHEL4 - Upgrade to latest from NSA * Updated version for release. * Altered rpm_execcon fallback logic for permissive mode to also handle case where /selinux/enforce is not available. * Fri Feb 10 2006 Jesse Keating - 1.29.7-1.2 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating - 1.29.7-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Fri Jan 20 2006 Dan Walsh 1.29.7-1 - Upgrade to latest from NSA * Merged install-pywrap Makefile patch from Joshua Brindle. * Wed Jan 18 2006 Dan Walsh 1.29.6-1 - Upgrade to latest from NSA * Merged pywrap Makefile patch from Dan Walsh. * Fri Jan 13 2006 Dan Walsh 1.29.5-2 - Split out pywrap in Makefile * Fri Jan 13 2006 Dan Walsh 1.29.5-1 - Upgrade to latest from NSA * Added getseuser test program. * Fri Jan 7 2006 Dan Walsh 1.29.4-1 - Upgrade to latest from NSA * Added format attribute to myprintf in matchpathcon.c and removed obsoleted rootlen variable in init_selinux_config(). * Wed Jan 4 2006 Dan Walsh 1.29.3-2 - Build with new libsepol * Wed Jan 4 2006 Dan Walsh 1.29.3-1 - Upgrade to latest from NSA * Merged several fixes and improvements from Ulrich Drepper (Red Hat), including: - corrected use of getline - further calls to __fsetlocking for local files - use of strdupa and asprintf - proper handling of dirent in booleans code - use of -z relro - several other optimizations * Merged getpidcon python wrapper from Dan Walsh (Red Hat). * Sat Dec 24 2005 Dan Walsh 1.29.2-4 - Add build requires line for libsepol-devel * Tue Dec 20 2005 Dan Walsh 1.29.2-3 - Fix swig call for getpidcon * Mon Dec 19 2005 Dan Walsh 1.29.2-2 - Move libselinux.so to base package * Wed Dec 14 2005 Dan Walsh 1.29.2-1 - Upgrade to latest from NSA * Merged call to finish_context_translations from Dan Walsh. This eliminates a memory leak from failing to release memory allocated by libsetrans. * Sun Dec 11 2005 Dan Walsh 1.29.1-3 - update to latest libsetrans - Fix potential memory leak * Fri Dec 09 2005 Jesse Keating - rebuilt * Thu Dec 8 2005 Dan Walsh 1.29.1-1 - Update to never version * Merged patch for swig interfaces from Dan Walsh. * Wed Dec 7 2005 Dan Walsh 1.28-1 - Update to never version * Wed Dec 7 2005 Dan Walsh 1.27.28-2 - Fix some of the python swig objects * Thu Dec 1 2005 Dan Walsh 1.27.28-1 - Update to latest from NSA * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and modified matchpathcon implementation to make context validation/ canonicalization optional at matchpathcon_init time, deferring it to a successful matchpathcon by default unless the new flag is set by the caller. * Added matchpathcon_init_prefix() interface, and reworked matchpathcon implementation to support selective loading of file contexts entries based on prefix matching between the pathname regex stems and the specified path prefix (stem must be a prefix of the specified path prefix). * Wed Nov 30 2005 Dan Walsh 1.27.26-1 - Update to latest from NSA * Change getsebool to return on/off instead of active/inactive * Tue Nov 29 2005 Dan Walsh 1.27.25-1 - Update to latest from NSA * Added -f file_contexts option to matchpathcon util. Fixed warning message in matchpathcon_init(). * Merged Makefile python definitions patch from Dan Walsh. * Mon Nov 28 2005 Dan Walsh 1.27.23-1 - Update to latest from NSA * Merged swigify patch from Dan Walsh. * Mon Nov 28 2005 Dan Walsh 1.27.22-4 - Separate out libselinux-python bindings into separate rpm * Thu Nov 17 2005 Dan Walsh 1.27.22-3 - Read libsetrans requirement * Thu Nov 17 2005 Dan Walsh 1.27.22-2 - Add python bindings * Wed Nov 16 2005 Dan Walsh 1.27.22-1 - Update to latest from NSA * Merged make failure in rpm_execcon non-fatal in permissive mode patch from Ivan Gyurdiev. * Tue Nov 15 2005 Dan Walsh 1.27.21-2 - Remove requirement for libsetrans * Tue Nov 8 2005 Dan Walsh 1.27.21-1 - Update to latest from NSA * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() and modified matchpathcon_init() to skip context translation if it is set by the caller. * Tue Nov 8 2005 Dan Walsh 1.27.20-1 - Update to latest from NSA * Added security_canonicalize_context() interface and set_matchpathcon_canoncon() interface for obtaining canonical contexts. Changed matchpathcon internals to obtain canonical contexts by default. Provided fallback for kernels that lack extended selinuxfs context interface. - Patch to not translate mls when calling setfiles * Mon Nov 7 2005 Dan Walsh 1.27.19-1 - Update to latest from NSA * Merged seusers parser changes from Ivan Gyurdiev. * Merged setsebool to libsemanage patch from Ivan Gyurdiev. * Changed seusers parser to reject empty fields. * Fri Nov 4 2005 Dan Walsh 1.27.18-1 - Update to latest from NSA * Merged seusers empty level handling patch from Jonathan Kim (TCS). * Thu Nov 3 2005 Dan Walsh 1.27.17-4 - Rebuild for latest libsepol * Mon Oct 31 2005 Dan Walsh 1.27.17-2 - Rebuild for latest libsepol * Wed Oct 26 2005 Dan Walsh 1.27.17-1 - Change default to __default__ * Wed Oct 26 2005 Dan Walsh 1.27.14-3 - Change default to __default__ * Tue Oct 25 2005 Dan Walsh 1.27.14-2 - Add selinux_translations_path * Tue Oct 25 2005 Dan Walsh 1.27.14-1 - Update to latest from NSA * Merged selinux_path() and selinux_homedir_context_path() functions from Joshua Brindle. * Fri Oct 21 2005 Dan Walsh 1.27.13-2 - Need to check for /sbin/telinit * Thu Oct 20 2005 Dan Walsh 1.27.13-1 - Update to latest from NSA * Merged fixes for make DESTDIR= builds from Joshua Brindle. * Mon Oct 17 2005 Dan Walsh 1.27.12-1 - Update to latest from NSA * Merged get_default_context_with_rolelevel and man pages from Dan Walsh (Red Hat). * Updated call to sepol_policydb_to_image for sepol changes. * Changed getseuserbyname to ignore empty lines and to handle no matching entry in the same manner as no seusers file. * Fri Oct 14 2005 Dan Walsh 1.27.9-2 - Tell init to reexec itself in post script * Fri Oct 7 2005 Dan Walsh 1.27.9-1 - Update to latest from NSA * Changed selinux_mkload_policy to try downgrading the latest policy version available to the kernel-supported version. * Changed selinux_mkload_policy to fall back to the maximum policy version supported by libsepol if the kernel policy version falls outside of the supported range. * Fri Oct 7 2005 Dan Walsh 1.27.7-1 - Update to latest from NSA * Changed getseuserbyname to fall back to the Linux username and NULL level if seusers config file doesn't exist unless REQUIRESEUSERS=1 is set in /etc/selinux/config. * Moved seusers.conf under $SELINUXTYPE and renamed to seusers. * Thu Oct 6 2005 Dan Walsh 1.27.6-1 - Update to latest from NSA * Added selinux_init_load_policy() function as an even higher level interface for the initial policy load by /sbin/init. This obsoletes the load_policy() function in the sysvinit-selinux.patch. * Added selinux_mkload_policy() function as a higher level interface for loading policy than the security_load_policy() interface. * Thu Oct 6 2005 Dan Walsh 1.27.4-1 - Update to latest from NSA * Merged fix for matchpathcon (regcomp error checking) from Johan Fischer. Also added use of regerror to obtain the error string for inclusion in the error message. * Tue Oct 4 2005 Dan Walsh 1.27.3-1 - Update to latest from NSA * Changed getseuserbyname to not require (and ignore if present) the MLS level in seusers.conf if MLS is disabled, setting *level to NULL in this case. * Mon Oct 3 2005 Dan Walsh 1.27.2-1 - Update to latest from NSA * Merged getseuserbyname patch from Dan Walsh. * Thu Sep 29 2005 Dan Walsh 1.27.1-3 - Fix patch to satisfy upstream * Wed Sep 28 2005 Dan Walsh 1.27.1-2 - Update to latest from NSA - Add getseuserbyname * Fri Sep 12 2005 Dan Walsh 1.26-6 - Fix patch call * Tue Sep 12 2005 Dan Walsh 1.26-5 - Fix strip_con call * Tue Sep 12 2005 Dan Walsh 1.26-3 - Go back to original libsetrans code * Mon Sep 12 2005 Dan Walsh 1.26-2 - Eliminate forth param from mls context when mls is not enabled. * Tue Sep 6 2005 Dan Walsh 1.25.7-1 - Update from NSA * Merged modified form of patch to avoid dlopen/dlclose by the static libselinux from Dan Walsh. Users of the static libselinux will not have any context translation by default. * Thu Sep 1 2005 Dan Walsh 1.25.6-1 - Update from NSA * Added public functions to export context translation to users of libselinux (selinux_trans_to_raw_context, selinux_raw_to_trans_context). * Mon Aug 29 2005 Dan Walsh 1.25.5-1 - Update from NSA * Remove special definition for context_range_set; use common code. * Thu Aug 25 2005 Dan Walsh 1.25.4-1 - Update from NSA * Hid translation-related symbols entirely and ensured that raw functions have hidden definitions for internal use. * Allowed setting NULL via context_set* functions. * Allowed whitespace in MLS component of context. * Changed rpm_execcon to use translated functions to workaround lack of MLS level on upgraded systems. * Wed Aug 24 2005 Dan Walsh 1.25.3-2 - Allow set_comp on unset ranges * Wed Aug 24 2005 Dan Walsh 1.25.3-1 * Merged context translation patch, originally by TCS, with modifications by Dan Walsh (Red Hat). * Wed Aug 17 2005 Dan Walsh 1.25.2-2 - Apply translation patch * Thu Aug 11 2005 Dan Walsh 1.25.2-1 - Update from NSA * Merged several fixes for error handling paths in the AVC sidtab, matchpathcon, booleans, context, and get_context_list code from Serge Hallyn (IBM). Bugs found by Coverity. * Removed setupns; migrated to pam. * Merged patches to rename checkPasswdAccess() from Joshua Brindle. Original symbol is temporarily retained for compatibility until all callers are updated. * Mon Jul 18 2005 Dan Walsh 1.24.2-1 - Update makefiles * Wed Jun 29 2005 Dan Walsh 1.24.1-1 - Update from NSA * Merged security_setupns() from Chad Sellers. - fix selinuxenabled man page * Fri May 20 2005 Dan Walsh 1.23.11-1 - Update from NSA * Merged avcstat and selinux man page from Dan Walsh. * Changed security_load_booleans to process booleans.local even if booleans file doesn't exist. * Fri Apr 26 2005 Dan Walsh 1.23.10-3 - Fix avcstat to clear totals * Fri Apr 26 2005 Dan Walsh 1.23.10-2 - Add info to man page * Fri Apr 26 2005 Dan Walsh 1.23.10-1 - Update from NSA * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). * Rewrote get_ordered_context_list and helpers, including changing logic to allow variable MLS fields. * Tue Apr 26 2005 Dan Walsh 1.23.8-1 - Update from NSA * Thu Apr 21 2005 Dan Walsh 1.23.7-3 - Add backin matchpathcon * Wed Apr 13 2005 Dan Walsh 1.23.7-2 - Fix selinux_policy_root man page * Wed Apr 13 2005 Dan Walsh 1.23.7-1 - Change assert(selinux_mnt) to if (!selinux_mnt) return -1; * Mon Apr 11 2005 Dan Walsh 1.23.6-1 - Update from NSA * Fixed bug in matchpathcon_filespec_destroy. * Wed Apr 6 2005 Dan Walsh 1.23.5-1 - Update from NSA * Fixed bug in rpm_execcon error handling path. * Mon Apr 4 2005 Dan Walsh 1.23.4-1 - Update from NSA * Merged fix for set_matchpathcon* functions from Andreas Steinmetz. * Merged fix for getconlist utility from Andreas Steinmetz. * Tue Mar 29 2005 Dan Walsh 1.23.2-3 - Update from NSA * Wed Mar 23 2005 Dan Walsh 1.23.2-2 - Better handling of booleans * Thu Mar 17 2005 Dan Walsh 1.23.2-1 - Update from NSA * Merged destructors patch from Tomas Mraz. * Thu Mar 17 2005 Dan Walsh 1.23.1-1 - Update from NSA * Added set_matchpathcon_flags() function for setting flags controlling operation of matchpathcon. MATCHPATHCON_BASEONLY means only process the base file_contexts file, not file_contexts.homedirs or file_contexts.local, and is for use by setfiles -c. * Updated matchpathcon.3 man page. * Thu Mar 10 2005 Dan Walsh 1.22-1 - Update from NSA * Tue Mar 8 2005 Dan Walsh 1.21.13-1 - Update from NSA * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. * Tue Mar 1 2005 Dan Walsh 1.21.12-1 - Update from NSA * Changed matchpathcon_common to ignore any non-format bits in the mode. * Mon Feb 28 2005 Dan Walsh 1.21.11-2 - Default matchpathcon to regular files if the user specifies a mode * Tue Feb 22 2005 Dan Walsh 1.21.11-1 - Update from NSA * Merged several fixes from Ulrich Drepper. * Mon Feb 21 2005 Dan Walsh 1.21.10-3 - Fix matchpathcon on eof. * Thu Feb 17 2005 Dan Walsh 1.21.10-1 - Update from NSA * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh. * Added selinux_users_path() for path to directory containing system.users and local.users. * Thu Feb 10 2005 Dan Walsh 1.21.9-2 - Process file_context.homedir * Thu Feb 10 2005 Dan Walsh 1.21.9-1 - Update from NSA * Changed relabel Makefile target to use restorecon. * Tue Feb 8 2005 Dan Walsh 1.21.8-1 - Update from NSA * Regenerated av_permissions.h. * Wed Feb 2 2005 Dan Walsh 1.21.7-1 - Update from NSA * Modified avc_dump_av to explicitly check for any permissions that cannot be mapped to string names and display them as a hex value. * Regenerated av_permissions.h. * Mon Jan 31 2005 Dan Walsh 1.21.5-1 - Update from NSA * Generalized matchpathcon internals, exported more interfaces, and moved additional code from setfiles into libselinux so that setfiles can directly use matchpathcon. * Fri Jan 28 2005 Dan Walsh 1.21.4-1 - Update from NSA * Prevent overflow of spec array in matchpathcon. * Fixed several uses of internal functions to avoid relocations. * Changed rpm_execcon to check is_selinux_enabled() and fallback to a regular execve if not enabled (or unable to determine due to a lack of /proc, e.g. chroot'd environment). * Wed Jan 26 2005 Dan Walsh 1.21.2-1 - Update from NSA * Merged minor fix for avcstat from Dan Walsh. * Mon Jan 24 2005 Dan Walsh 1.21.1-3 - rpmexeccon should not fail in permissive mode. * Fri Jan 20 2005 Dan Walsh 1.21.1-2 - fix printf in avcstat * Thu Jan 20 2005 Dan Walsh 1.21.1-1 - Update from NSA * Wed Jan 12 2005 Dan Walsh 1.20.1-3 - Modify matchpathcon to also process file_contexts.local if it exists * Wed Jan 12 2005 Dan Walsh 1.20.1-2 - Add is_customizable_types function call * Fri Jan 7 2005 Dan Walsh 1.20.1-1 - Update to latest from upstream * Just changing version number to match upstream * Wed Dec 29 2004 Dan Walsh 1.19.4-1 - Update to latest from upstream * Changed matchpathcon to return -1 with errno ENOENT for <> entries, and also for an empty file_contexts configuration. * Tue Dec 28 2004 Dan Walsh 1.19.3-3 - Fix link devel libraries * Mon Dec 27 2004 Dan Walsh 1.19.3-2 - Fix unitialized variable in avcstat.c * Tue Nov 30 2004 Dan Walsh 1.19.3-1 - Upgrade to upstream * Removed some trivial utils that were not useful or redundant. * Changed BINDIR default to /usr/sbin to match change in Fedora. * Added security_compute_member. * Added man page for setcon. * Tue Nov 30 2004 Dan Walsh 1.19.2-1 - Upgrade to upstream * Thu Nov 18 2004 Dan Walsh 1.19.1-6 - Add avcstat program * Mon Nov 15 2004 Dan Walsh 1.19.1-4 - Add lots of missing man pages * Fri Nov 12 2004 Dan Walsh 1.19.1-2 - Fix output of getsebool. * Tue Nov 9 2004 Dan Walsh 1.19.1-1 - Update from upstream, fix setsebool -P segfault * Fri Nov 5 2004 Steve Grubb 1.18.1-5 - Add a patch from upstream. Fixes signed/unsigned issues, and incomplete structure copy. * Thu Nov 4 2004 Dan Walsh 1.18.1-4 - More fixes from sgrubb, better syslog * Thu Nov 4 2004 Dan Walsh 1.18.1-3 - Have setsebool and togglesebool log changes to syslog * Wed Nov 3 2004 Steve Grubb 1.18.1-2 - Add patch to make setsebool update bool on disk - Make togglesebool have a rollback capability in case it blows up inflight * Tue Nov 2 2004 Dan Walsh 1.18.1-1 - Upgrade to latest from NSA * Thu Oct 28 2004 Steve Grubb 1.17.15-2 - Changed the location of the utilities to /usr/sbin since normal users can't use them anyways. * Wed Oct 27 2004 Steve Grubb 1.17.15-2 - Updated various utilities, removed utilities that are for testing, added man pages. * Fri Oct 15 2004 Dan Walsh 1.17.15-1 - Add -g flag to make - Upgrade to latest from NSA * Added rpm_execcon. * Fri Oct 1 2004 Dan Walsh 1.17.14-1 - Upgrade to latest from NSA * Merged setenforce and removable context patch from Dan Walsh. * Merged build fix for alpha from Ulrich Drepper. * Removed copyright/license from selinux_netlink.h - definitions only. * Fri Oct 1 2004 Dan Walsh 1.17.13-3 - Change setenforce to accept Enforcing and Permissive * Wed Sep 22 2004 Dan Walsh 1.17.13-2 - Add alpha patch * Mon Sep 20 2004 Dan Walsh 1.17.13-1 - Upgrade to latest from NSA * Thu Sep 16 2004 Dan Walsh 1.17.12-2 - Add selinux_removable_context_path * Tue Sep 14 2004 Dan Walsh 1.17.12-1 - Update from NSA * Add matchmediacon * Tue Sep 14 2004 Dan Walsh 1.17.11-1 - Update from NSA * Merged in matchmediacon changes. * Fri Sep 10 2004 Dan Walsh 1.17.10-1 - Update from NSA * Regenerated headers for new nscd permissions. * Wed Sep 8 2004 Dan Walsh 1.17.9-2 - Add matchmediacon * Wed Sep 8 2004 Dan Walsh 1.17.9-1 - Update from NSA * Added get_default_context_with_role. * Thu Sep 2 2004 Dan Walsh 1.17.8-2 - Clean up spec file * Patch from Matthias Saou * Thu Sep 2 2004 Dan Walsh 1.17.8-1 - Update from NSA * Added set_matchpathcon_printf. * Wed Sep 1 2004 Dan Walsh 1.17.7-1 - Update from NSA * Reworked av_inherit.h to allow easier re-use by kernel. * Tue Aug 31 2004 Dan Walsh 1.17.6-1 - Add strcasecmp in selinux_config - Update from NSA * Changed avc_has_perm_noaudit to not fail on netlink errors. * Changed avc netlink code to check pid based on patch by Steve Grubb. * Merged second optimization patch from Ulrich Drepper. * Changed matchpathcon to skip invalid file_contexts entries. * Made string tables private to libselinux. * Merged strcat->stpcpy patch from Ulrich Drepper. * Merged matchpathcon man page from Dan Walsh. * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. * Autobind netlink socket. * Dropped compatibility code from security_compute_user. * Merged fix for context_range_set from Chad Hanson. * Merged allocation failure checking patch from Chad Hanson. * Merged avc netlink error message patch from Colin Walters. * Mon Aug 30 2004 Dan Walsh 1.17.5-1 - Update from NSA * Merged second optimization patch from Ulrich Drepper. * Changed matchpathcon to skip invalid file_contexts entries. * Made string tables private to libselinux. * Merged strcat->stpcpy patch from Ulrich Drepper. * Merged matchpathcon man page from Dan Walsh. * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. * Autobind netlink socket. * Dropped compatibility code from security_compute_user. * Merged fix for context_range_set from Chad Hanson. * Merged allocation failure checking patch from Chad Hanson. * Merged avc netlink error message patch from Colin Walters. * Mon Aug 30 2004 Dan Walsh 1.17.4-1 - Update from NSA - Add optflags * Fri Aug 26 2004 Dan Walsh 1.17.3-1 - Update from NSA * Thu Aug 26 2004 Dan Walsh 1.17.2-1 - Add matchpathcon man page - Latest from NSA * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. * Autobind netlink socket. * Dropped compatibility code from security_compute_user. * Merged fix for context_range_set from Chad Hanson. * Merged allocation failure checking patch from Chad Hanson. * Merged avc netlink error message patch from Colin Walters. * Tue Aug 24 2004 Dan Walsh 1.17.1-1 - Latest from NSA * Autobind netlink socket. * Dropped compatibility code from security_compute_user. * Merged fix for context_range_set from Chad Hanson. * Merged allocation failure checking patch from Chad Hanson. * Merged avc netlink error message patch from Colin Walters. * Sun Aug 22 2004 Dan Walsh 1.16.1-1 - Latest from NSA * Thu Aug 19 2004 Colin Walters 1.16-1 - New upstream version * Tue Aug 17 2004 Dan Walsh 1.15.7-1 - Latest from Upstream * Mon Aug 16 2004 Dan Walsh 1.15.6-1 - Fix man pages * Mon Aug 16 2004 Dan Walsh 1.15.5-1 - Latest from Upstream * Fri Aug 13 2004 Dan Walsh 1.15.4-1 - Latest from Upstream * Thu Aug 12 2004 Dan Walsh 1.15.3-2 - Add man page for boolean functions and SELinux * Sat Aug 8 2004 Dan Walsh 1.15.3-1 - Latest from NSA * Mon Jul 19 2004 Dan Walsh 1.15.2-1 - Latest from NSA * Mon Jul 19 2004 Dan Walsh 1.15.1-3 - uppercase getenforce returns, to make them match system-config-securitylevel * Thu Jul 15 2004 Dan Walsh 1.15.1-2 - Remove old path patch * Thu Jul 8 2004 Dan Walsh 1.15.1-1 - Update to latest from NSA - Add fix to only get old path if file_context file exists in old location * Wed Jun 30 2004 Dan Walsh 1.14.1-1 - Update to latest from NSA * Wed Jun 16 2004 Dan Walsh 1.13.4-1 - add nlclass patch - Update to latest from NSA * Tue Jun 15 2004 Elliot Lee - rebuilt * Sat Jun 13 2004 Dan Walsh 1.13.3-2 - Fix selinux_config to break once it finds SELINUXTYPE. * Fri May 28 2004 Dan Walsh 1.13.2-1 -Update with latest from NSA * Thu May 27 2004 Dan Walsh 1.13.1-1 - Change to use new policy mechanism * Mon May 17 2004 Dan Walsh 1.12-2 - add man patch * Thu May 14 2004 Dan Walsh 1.12-1 - Update with latest from NSA * Wed May 5 2004 Dan Walsh 1.11.4-1 - Update with latest from NSA * Thu Apr 22 2004 Dan Walsh 1.11.3-1 - Add changes for relaxed policy - Update to match NSA * Thu Apr 15 2004 Dan Walsh 1.11.2-1 - Add relaxed policy changes * Thu Apr 15 2004 Dan Walsh 1.11-4 - Sync with NSA * Thu Apr 15 2004 Dan Walsh 1.11-3 - Remove requires glibc>2.3.4 * Wed Apr 14 2004 Dan Walsh 1.11-2 - Fix selinuxenabled man page. * Wed Apr 7 2004 Dan Walsh 1.11-1 - Upgrade to 1.11 * Wed Apr 7 2004 Dan Walsh 1.10-2 - Add memleaks patch * Wed Apr 7 2004 Dan Walsh 1.10-1 - Upgrade to latest from NSA and add more man pages * Thu Apr 1 2004 Dan Walsh 1.9-1 - Update to match NSA - Cleanup some man pages * Tue Mar 30 2004 Dan Walsh 1.8-1 - Upgrade to latest from NSA * Thu Mar 25 2004 Dan Walsh 1.6-6 - Add Russell's Man pages * Thu Mar 25 2004 Dan Walsh 1.6-5 - Change getenforce to also check is_selinux_enabled * Thu Mar 25 2004 Dan Walsh 1.6-4 - Add ownership to /usr/include/selinux * Wed Mar 10 2004 Dan Walsh 1.6-3 - fix location of file_contexts file. * Wed Mar 10 2004 Dan Walsh 1.6-2 - Fix matchpathcon to use BUFSIZ * Tue Mar 02 2004 Elliot Lee - rebuilt * Mon Feb 23 2004 Dan Walsh 1.4-11 - add matchpathcon * Fri Feb 13 2004 Elliot Lee - rebuilt * Fri Jan 23 2004 Dan Walsh 1.4-9 - Add rootok patch * Wed Jan 14 2004 Dan Walsh 1.4-8 - Updated getpeernam patch * Tue Jan 13 2004 Dan Walsh 1.4-7 - Add getpeernam patch * Thu Dec 18 2003 Dan Walsh 1.4-6 - Add getpeercon patch * Thu Dec 18 2003 Dan Walsh 1.4-5 - Put mntpoint patch, because found fix for SysVinit * Wed Dec 17 2003 Dan Walsh 1.4-4 - Add remove mntpoint patch, because it breaks SysVinit * Wed Dec 17 2003 Dan Walsh 1.4-3 - Add mntpoint patch for SysVinit * Fri Dec 12 2003 Dan Walsh 1.4-2 - Add -r -u -t to getcon * Sat Dec 6 2003 Dan Walsh 1.4-1 - Upgrade to latest from NSA * Mon Oct 27 2003 Dan Walsh 1.3-2 - Fix x86_64 build * Wed Oct 21 2003 Dan Walsh 1.3-1 - Latest tarball from NSA. * Tue Oct 21 2003 Dan Walsh 1.2-9 - Update with latest changes from NSA * Mon Oct 20 2003 Dan Walsh 1.2-8 - Change location of .so file * Wed Oct 8 2003 Dan Walsh 1.2-7 - Break out into development library * Wed Oct 8 2003 Dan Walsh 1.2-6 - Move location of libselinux.so to /lib * Fri Oct 3 2003 Dan Walsh 1.2-5 - Add selinuxenabled patch * Wed Oct 1 2003 Dan Walsh 1.2-4 - Update with final NSA 1.2 sources. * Fri Sep 12 2003 Dan Walsh 1.2-3 - Update with latest from NSA. * Fri Aug 28 2003 Dan Walsh 1.2-2 - Fix to build on x86_64 * Thu Aug 21 2003 Dan Walsh 1.2-1 - update for version 1.2 * Wed May 27 2003 Dan Walsh 1.0-1 - Initial version