Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libsepol-utils | Distribution: SUSE Linux Enterprise 15 |
Version: 3.1 | Vendor: SUSE LLC <https://www.suse.com/> |
Release: 150400.1.70 | Build date: Sat May 7 22:43:56 2022 |
Group: System/Base | Build host: s390zp32 |
Size: 13639 | Source RPM: libsepol-3.1-150400.1.70.src.rpm |
Packager: https://www.suse.com/ | |
Url: https://github.com/SELinuxProject/selinux/wiki/Releases | |
Summary: SELinux binary policy manipulation tools |
libsepol provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies such as customizing policy boolean settings.
LGPL-2.1-or-later
* Tue Jul 14 2020 [email protected] - Update to version 3.1 * Add support for new polcap genfs_seclabel_symlinks * Initialize the multiple_decls field of the cil db * Return error when identifier declared as both type and attribute * Write CIL default MLS rules on separate lines * Sort portcon rules consistently * Remove leftovers of cil_mem_error_handler * Drop remove_cil_mem_error_handler.patch, is included * Mon Apr 27 2020 [email protected] - Enable -fcommon in order to fix boo#1160874. * Tue Mar 03 2020 [email protected] - Update to version 3.0 * cil: Allow validatetrans rules to be resolved * cil: Report disabling an optional block only at high verbose levels * cil: do not dereference perm_value_to_cil when it has not been allocated * cil: fix mlsconstrain segfault * Further improve binary policy optimization * Make an unknown permission an error in CIL * Remove cil_mem_error_handler() function pointer * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping * Add a function to optimize kernel policy * Add ebitmap_for_each_set_bit macro Dropped fnocommon.patch as it's included upstream * Thu Jan 30 2020 [email protected] - Add fnocommon.patch to prevent build failures on gcc10 and remove_cil_mem_error_handler.patch to prevent build failures due to leftovers from the removal of cil_mem_error_handler (bsc#1160874) * Thu Jun 20 2019 [email protected] - Disable LTO due to symbol versioning (boo#1138813). * Wed Mar 20 2019 [email protected] - Update to version 2.9 * Add two new Xen initial SIDs * Check that initial sid indexes are within the valid range * Create policydb_sort_ocontexts() * Eliminate initial sid string definitions in module_to_cil.c * Rename kernel_to_common.c stack functions * add missing ibendport port validity check * destroy the copied va_list * do not call malloc with 0 byte * do not leak memory if list_prepend fails * do not use uninitialized value for low_value * fix endianity in ibpkey range checks * ibpkeys.c: fix printf format string specifiers for subnet_prefix * mark permissive types when loading a binary policy * Thu Nov 08 2018 [email protected] - Use more %make_install. * Thu Nov 08 2018 [email protected] - Adjusted source urls (bsc#1115052) * Wed Oct 17 2018 [email protected] - Update to version 2.8 (bsc#1111732) For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt * Wed May 16 2018 [email protected] - Rebase to 2.7 For changes please see https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt * Fri Nov 24 2017 [email protected] - Update to version 2.6. Notable changes: * Add support for converting extended permissions to CIL * Create user and role caches when building binary policy * Check for too many permissions in classes and commons in CIL * Fix xperm mapping between avrule and avtab * Produce more meaningful error messages for conflicting type rules in CIL * Change which attributes CIL keeps in the binary policy * Warn instead of fail if permission is not resolved * Ignore object_r when adding userrole mappings to policydb * Correctly detect unknown classes in sepol_string_to_security_class * Fix neverallowxperm checking on attributes * Only apply bounds checking to source types in rules * Fix CIL and not add an attribute as a type in the attr_type_map * Fix extended permissions neverallow checking * Fix CIL neverallow and bounds checking * Add support for portcon dccp protocol * Fri Jul 15 2016 [email protected] - Update RPM groups, trim description and combine filelist entries. * Thu Jul 14 2016 [email protected] - Cleanup spec file with spec-cleaner - Make spec file a bit more easy - Ship new supbackage (-tools) * Thu Jul 14 2016 [email protected] - Without bug number no submit to SLE 12 SP2 is possible, so to make sle-changelog-checker happy: bsc#988977 * Thu Jul 14 2016 [email protected] - Adjusted source link * Tue Jul 05 2016 [email protected] - update version 2.5 * Fix unused variable annotations * Fix uninitialized variable in CIL * Validate extended avrules and permissionxs in CIL * Add support in CIL for neverallowx * Fully expand neverallowxperm rules * Add support for unordered classes to CIL * Add neverallow support for ioctl extended permissions * Improve CIL block and macro call recursion detection * Fix CIL uninitialized false positive in cil_binary * Provide error in CIL if classperms are empty * Add userattribute{set} functionality to CIL * fix CIL blockinherit copying segfault and add macro restrictions * fix CIL NULL pointer dereference when copying classpermission/set * Add CIL support for ioctl whitelists * Fix memory leak when destroying avtab * Replace sscanf in module_to_cil * Improve CIL resolution error messages * Fix policydb_read for policy versions < 24 * Added CIL bounds checking and refactored CIL Neverallow checking * Refactored libsepol Neverallow and bounds (hierarchy) checking * Treat types like an attribute in the attr_type_map * Add new ebitmap function named ebitmap_match_any() * switch operations to extended perms * Write auditadm_r and secadm_r roles to base module when writing CIL * Fix module to CIL to only associate declared roleattributes with in-scope types * Don't allow categories/sensitivities inside blocks in CIL * Replace fmemopen() with internal function in libsepol * Verify users prior to evaluating users in cil * Binary modules do not support ioctl rules * Add support for ioctl command whitelisting * Don't use symbol versioning for static object files * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package() * Move secilc out of libsepol * fix building Xen policy with devicetreecon, and add devicetreecon CIL documentation * bool_copy_callback set state on creation * Add device tree ocontext nodes to Xen policy * Widen Xen IOMEM context entries * Fix error path in mls_semantic_level_expand() * Update to latest CIL, includes new name resolution and fixes ordering issues with blockinherit statements, and bug fixes - changes in 2.4 * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR * Fix bugs found by hardened gcc flags * Build CIL into libsepol. libsepol can be built without CIL by setting the DISABLE_CIL flag to 'y' * Add an API function to set target_platform * Report all neverallow violations * Improve check_assertions performance * Allow libsepol C++ static library on device
/usr/bin/chkcon /usr/share/man/man8/chkcon.8.gz /usr/share/man/man8/genpolbools.8.gz /usr/share/man/man8/genpolusers.8.gz /usr/share/man/ru/man8/chkcon.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 18:25:27 2024