Changelog

* Mon Feb 26 2024 Chris PeBenito <pebenito@ieee.org> - 2.20240226
Chris PeBenito (174):
      tests.yml: Pin ubuntu 20.04.
      tests.yml: Pin ubuntu 20.04.
      fstools: Move lines.
      munin: Move munin_rw_tcp_sockets() implementation.
      munin: Whitespace change.
      systemd: Tmpfilesd can correct seusers on files.
      iscsi: Read initiatorname.iscsi.
      lvm: Add fc entry for /etc/multipath/*
      sysnetwork: Rename sysnet_dontaudit_rw_dhcpc_unix_dgram_sockets()
      Define user_namespace object class.
      chromium: Allow user namespace creation.
      mozilla: Allow user namespace creation.
      systemd: Allow user namespace creation.
      container: Allow user namespace creation for all container engines.
      Update eg25manager.te
      switcheroo: Whitespace fix.
      unconfined: Keys are linkable by systemd.
      postgresql: Move lines
      Add append to rw and manage lnk_file permission sets for consistency.
      domain: Manage own fds.
      systemd: systemd-cgroups reads kernel.cap_last_cap sysctl.
      kernel: hv_utils shutdown on systemd systems.
      Container: Minor fixes from interactive container use.
      systemd: Minor coredump fixes.
      rpm: Minor fixes
      init: Allow nnp/nosuid transitions from systemd initrc_t.
      selinuxutil: Semanage reads policy for export.
      sysnetwork: ifconfig searches debugfs.
      usermanage: Add sysctl access for groupadd to get number of groups.
      files: Handle symlinks for /media and /srv.
      cloudinit: Add support for installing RPMs and setting passwords.
      kdump: Fixes from testing kdumpctl.
      usermanage: Handle symlinks in /usr/share/cracklib.
      unconfined: Add remaining watch_* permissions.
      chronyd: Read /dev/urandom.
      cloud-init: Allow use of sudo in runcmd.
      cloud-init: Add systemd permissions.
      cloud-init: Change udev rules
      systemd: Updates for systemd-locale.
      cloudinit: Add permissions derived from sysadm.

Christian Göttsche (28):
      git: add fcontext for default binary
      init: only grant getattr in init_getattr_generic_units_files()
      ci: bump SELint version to 1.5.0
      SELint userspace class tweaks
      systemd: reorder optional block
      devicedisk: reorder optional block
      access_vectors: define io_uring { cmd }
      support/genhomedircon: support usr prefixed paths
      fix misc typos
      Support multi-line interface calls
      policy_capabilities: remove estimated from released versions
      Rules.monolithic: pre-compile fcontexts on install
      Rules.modular: use temporary file to not ignore error
      Makefile: use sepolgen-ifgen-attr-helper from test toolchain
      Makefile: set PYTHONPATH for test toolchain
      virt: label qemu configuration directory
      selinuxutil: setfiles updates
      selinuxutil: ignore getattr proc in newrole
      userdom: permit reading PSI as admin
      fs: mark memory pressure type as file
      systemd: binfmt updates
      vnstatd: update
      fs: add support for virtiofs
      systemd: generator updates
      udev: update
      systemd: logind update
      consolesetup: update
      libraries: drop space in empty line

Christian Schneider (1):
      systemd-generator: systemd_generator_t load kernel modules used for e.g.
         zram-generator

Corentin LABBE (20):
      udev: permit to read hwdb
      fstools: handle gentoo place for drivedb.h
      mount: dbus interface must be optional
      mcelog: add missing file context for triggers
      munin: add file context for common functions file
      rsyslog: add label for /var/empty/dev/log
      munin: disk-plugin: transition to fsadm
      munin: add fc for munin-node plugin state
      usermanage: permit groupadd to read kernel sysctl
      portage: Remove old binary location
      portage: add go/hg source control files
      portage: add new location for portage commands
      portage: add missing go/hg context in new distfiles location
      mandb: permit to read inherited cron files
      selinuxutil: do not audit load_policy trying to use portage ptys
      selinuxutil: permit run_init to read kernel sysctl
      portage: add misc mising rules
      smartmon: allow smartd to read fsadm_db_t files
      smartmon: add domain for update-smart-drivedb
      dovecot: add missing permissions

Dave Sugar (46):
      rng-tools updated to 6.15 (on RHEL9) seeing the following denials:
      Allow local login to read /run/motd
      Label pwhistory_helper
      If domain can read system_dbusd_var_lib_t files, also allow symlinks
      systemd-rfkill.socket reads /dev/rfkill (with ListenSocket=) option.
      To allow setting for net.netfilter.nf_* in /etc/sysctl.d/*.conf
      Allow iceauth write to xsession log
      Allow system_dbusd_t to start/stop all units
      Updates for utempter
      Allow display manager to read hwdata
      Allow search xdm_var_run_t directories along with reading files.
      Solve issue with no keyboard/mouse on X login screen
      separate label for /etc/security/opasswd
      Fix some ssh agent denials
      For systemd-hostnamed service to run
      Allow rsyslog to drop capabilities
      /var/lib/sddm should be xdm_var_lib_t
      resolve lvm_t issues at shutdown with LUKS encrypted devices
      Allow all users to (optionally) send syslog messages
      Resolve some denials with colord
      separate domain for journalctl during init
      Use interface that already exists.
      Separate label for /run/systemd/notify (#710)
      Changes needed for dbus-broker-launch
      Allow dbus-broker-launch to execute in same domain
      dbus changes
      Firewalld need to relabel direct.xml file
      xguest ues systemd --user
      Needed to allow environment variable to process started (for cockpit)
      SELinux policy for cockpit
      Fix denial while cleaning up pidfile symlink
      allow system --user to execute systemd-tmpfiles in
         <user>_systemd_tmpfiles_t domain
      cockpit ssh as user
      Allow sudo dbus chat w/sysemd-logind
      The L+ tmpfiles option needs to read the symlink
      Signal during logout
      This seems important for administrative access
      This works instead of allow exec on user_tmpfs_t!
      admin can read/write web socket
      Allow key manipulation
      Add dontaudit to quiet down a bit
      Add watches
      Additional access for systemctl
      Denial during cockpit use
      Fix password changing from cockpit login screen
      Resolve error when cockpit initiate shutdown

David Sommerseth (1):
      openvpn: Allow netlink genl

Fabrice Fontaine (1):
      policy/modules/services/smartmon.te: make fstools optional

Florian Schmidt (1):
      Add label and interfaces for kernel PSI files

George Zenner (1):
      Signed-off-by: George Zenner <zen@pyl.onl>

Grzegorz Filo (3):
      Shell functions used during boot by initrc_t shall be bin_t and defined in
         corecommands.fc
      Dir transition goes with dir create perms.
      Keep context of blkid file/dir when created by zpool.

Guido Trentalancia (53):
      The pulseaudio daemon and client do not normally need to use the network
         for most computer systems that need to play and record audio.
      The kernel domain should be able to mounton runtime directories during
         switch_root, otherwise parts of the boot process might fail on some
         systems (for example, the udev daemon).
      The kernel domain should be able to mounton default directories during
         switch_root.
      The pulseaudio module should be able to read alsa library directories.
      Fix the pulseaudio module file transition for named sockets in tmp
         directories.
      Fix the dbus module so that automatic file type transitions are used not
         only for files and directories, but also for named sockets.
      Fix the dbus module so that temporary session named sockets can be read
         and written in the role template and by system and session bus clients.
      Update the dbus role template so that permissions to get the attributes of
         the proc filesystem are included.
      Let pulseaudio search debugfs directories, as currently done with other
         modules.
      Separate the tunable permissions to write xserver tmpfs files from the
         tunable permissions to write X server shared memory.
      Fix a security bug in the xserver module (interfaces) which was wrongly
         allowing an interface to bypass existing tunable policy logic related
         to X shared memory and xserver tmpfs files write permissions.
      Add missing permissions to execute binary files for the evolution_alarm_t
         domain.
      Add the permissions to manage the fonts cache (fontconfig) to the window
         manager role template.
      Add permissions to watch libraries directories to the userdomain login
         user template interface.
      Update the xscreensaver module in order to work with the latest version
         (tested with version 6.06).
      Include the X server tmpfs rw permissions in the X shared memory write
         access tunable policy under request from Christoper PeBenito.
      Revert the following commit (ability to read /usr files), as it is no
         longer needed, after the database file got its own label:
      Update the kernel module to remove misplaced or at least really obsolete
         permissions during kernel module loading.
      Introduce a new "logging_syslog_can_network" boolean and make the
         net_admin capability as well as all corenetwork permissions previously
         granted to the syslog daemon conditional upon such boolean being true.
      Let the openoffice domain manage fonts cache (fontconfig).
      Update the openoffice module so that it can create Unix stream sockets
         with its own label and use them both as a client and a server.
      Let mplayer to act as a dbus session bus client (needed by the vlc media
         player).
      Add permissions to read device sysctls to mplayer.
      Remove misplaced permission from mount interface mount_exec.
      Remove a vulnerability introduced by a logging interface which allows to
         execute log files.
      Improved wording for the new xserver tunable policy booleans introduced
         with the previous three commits.
      Fix another security bug companion of the one fixed in the following
         previous commit:
      Fix another security bug similar to the ones that have been recently fixed
         in the following two commits:
      Remove duplicate permissions in the xserver module
         xserver_restricted_role() interface.
      Dbus creates Unix domain sockets (in addition to listening on and
         connecting to them), so its policy module is modified accordingly.
      Remove a logging interface from the userdomain module since it has now
         been moved to the xscreensaver domain.
      Create a new specific file label for the random seed file saved before
         shutting down or rebooting the system and rework the interface needed
         to manage such file.
      Fix the shutdown policy in order to make use of the newly created file
         label and interface needed to manage the random seed file.
      Update the gpg module so that the application is able to fetch new keys
         from the network.
      Dbus creates Unix domain sockets not only for the system bus, but also for
         the session bus (in addition to connecting to them), so its policy
         module is modified accordingly.
      Update the gnome module so that the gconf daemon is able to create Unix
         domain sockets and accept or listen connections on them.
      Fix the recently introduced "logging_syslog_can_network" tunable policy,
         by including TCP/IP socket creation permissions.
      Introduce a new interface in the mta module to manage the mail transport
         agent configuration directories and files.
      Add new gpg interfaces for gpg_agent execution and to avoid auditing
         search operations on files and directories that are not strictly needed
         and might pose a security risk.
      Extend the scope of the "spamassassin_can_network" tunable policy boolean
         to all network access (except the relative dontaudit rules).
      Update the spamassassin module in order to better support the rules
         updating script; this achieved by employing two distinct domains for
         increased security and network isolation: a first domain is used for
         fetching the updated rules from the network and second domain is used
         for verifying the GPG signatures of the received rules.
      Under request from Christopher PeBenito, merge the two spamassassin rules
         updating SELinux domains introduced in the previous change in order to
         reduce the non-swappable kernel memory used by the policy.
      Introduce a new "dbus_can_network" boolean which controls whether or not
         the dbus daemon can act as a server over TCP/IP networks and defaults
         to false, as this is generally insecure, except when using the local
         loopback interface.
      Introduce two new booleans for the X server and X display manager domains
         which control whether or not the respective domains allow the TCP/IP
         server networking functionality.
      The X display manager uses an authentication mechanism based on an
         authorization file which is critical for X security.
      Merge branch 'main' into x_fixes_pr2
      Let openoffice perform temporary file transitions and manage link files.
      Modify the gpg module so that gpg and the gpg_agent can manage
         gpg_runtime_t socket files.
      The LDAP server only needs to read generic certificate files, not manage
         them.
      Create new TLS Private Keys file contexts for the Apache HTTP server
         according to the default locations:
      Let the webadm role manage Private Keys and CSR for SSL Certificates used
         by the HTTP daemon.
      Let the certmonger module manage SSL Private Keys and CSR used for example
         by the HTTP and/or Mail Transport daemons.
      Additional file context fix for:

Kai Meng (1):
      devices:Add genfscon context for functionfs to mount

Kenton Groombridge (106):
      corenet: add portcon for kubernetes
      kubernetes: initial policy module
      sysadm: allow running kubernetes
      crio: new policy module
      crio, kubernetes: allow k8s admins to run CRI-O
      container: add type for container plugins
      various: fixes for kubernetes
      kubernetes: add policy for kubectl
      various: fixes for kubernetes
      container, kernel: add tunable to allow spc to create NFS servers
      container: add tunable to allow containers to use huge pages
      container, kubernetes: add private type for generic container devices
      container: add tunable to use dri devices
      container, kubernetes: add rules for device plugins running as spc
      various: allow using glusterfs as backing storage for k8s
      container, miscfiles: transition to s0 for public content created by
         containers
      container: add tunable to allow spc to use tun-tap devices
      container: correct admin_pattern() usage
      systemd: add policy for systemd-pcrphase
      hddtemp: add missing rules for interactive usage
      netutils: minor fixes for nmap and traceroute
      container: add rules required for metallb BGP speakers
      filesystem, init: allow systemd to setattr on ramfs dirs
      logging: allow domains sending syslog messages to connect to kernel unix
         stream sockets
      init, sysadm: allow sysadm to manage systemd runtime units
      podman: allow podman to stop systemd transient units
      userdom: allow admin users to use tcpdiag netlink sockets
      container: allow container admins the sysadm capability in user namespaces
      postfix: allow postfix master to map data files
      sasl: add filecon for /etc/sasl2 keytab
      obj_perm_sets: add mmap_manage_file_perms
      various: use mmap_manage_file_perms
      postfix, sasl: allow postfix smtp daemon to read SASL keytab
      various: fixes for libvirtd and systemd-machined
      portage: label eix cache as portage_cache_t
      container: add missing filetrans and filecon for containerd/docker
      container, init, systemd: add policy for quadlet
      container: fixes for podman 4.4.0
      container: fixes for podman run --log-driver=passthrough
      node_exporter: various fixes
      redis: add missing rules for runtime filetrans
      podman, selinux: move lines, add missing rules for --network=host
      netutils: fixes for iftop
      kernel, zfs: add filetrans for kernel creating zpool cache file
      zfs: allow sending signals to itself
      zfs: add runtime filetrans for dirs
      init: make init_runtime_t useable for systemd units
      various: make /etc/machine-id etc_runtime_t
      init, systemd: allow init to create userdb runtime symlinks
      init: allow initrc_t to getcap
      systemd: allow systemd-userdbd to getcap
      logging: allow systemd-journald to list cgroups
      fs, udev: allow systemd-udevd various cgroup perms
      logging, systemd: allow relabelfrom,relabelto on systemd journal files by
         systemd-journald
      files, systemd: allow systemd-tmpfiles to relabel config file symlinks
      systemd: add rules for systemd-zram-generator
      systemd: allow systemd-pcrphase to read generic certs
      fs, init: allow systemd-init to set the attributes of efivarfs files
      init: allow systemd-init to set the attributes of unallocated terminals
      systemd: allow systemd-resolved to bind to UDP port 5353
      init: allow initrc_t to create netlink_kobject_uevent_sockets
      raid: allow mdadm to read udev runtime files
      raid: allow mdadm to create generic links in /dev/md
      fstools: allow fsadm to read utab
      glusterfs: allow glusterd to bind to all TCP unreserved ports
      kubernetes: allow kubelet to read etc runtime files
      chromium: allow chromium-naclhelper to create user namespaces
      container: rework capabilities
      container: allow watching FUSEFS dirs and files
      glusterfs: add tunable to allow managing unlabeled files
      sysadm: allow using networkctl
      container: various fixes
      container, kubernetes: add support for cilium
      kubernetes: allow container engines to mount on DRI devices if enabled
      init, systemd: label systemd-executor as init_exec_t
      udev: allow reading kernel fs sysctls
      init: allow all daemons to write to init runtime sockets
      systemd: fixes for systemd-pcrphase
      systemd: allow networkd to use netlink netfilter sockets
      rpc: add filecon for /etc/exports.d
      zed: allow managing /etc/exports.d/zfs.exports
      zfs: dontaudit net_admin capability by zed
      su: various fixes
      kernel: allow delete and setattr on generic SCSI and USB devices
      mount: make mount_runtime_t a kubernetes mountpoint
      fstools: allow fsadm to ioctl cgroup dirs
      fstools: allow reading container device blk files
      container, kubernetes: add support for rook-ceph
      kernel: dontaudit read fixed disk devices
      container: add filecons for rook-ceph
      init, systemd: allow systemd-pcrphase to write TPM measurements
      systemd: add policy for systemd-machine-id-setup
      container, kubernetes: allow kubernetes to use fuse-overlayfs
      kubernetes: fix kubelet accounting
      systemd: label systemd-pcrlock as systemd-pcrphase
      zfs: allow zfs to write to exports
      kernel: allow managing mouse devices
      init: allow using system bus anon pidfs
      systemd: label systemd-tpm2-setup as systemd-pcrphase
      bootloader, init, udev: misc minor fixes
      rpc: fix not labeling exports.d directory
      dbus: allow the system bus to get the status of generic units
      systemd: allow systemd generator to list exports
      crio: allow reading container home content
      container: allow spc to map kubernetes runtime files
      kubernetes: allow kubelet to apply fsGroup to persistent volumes

Luca Boccassi (4):
      Set label systemd-oomd
      Add separate label for cgroup's memory.pressure files
      systemd: also allow to mounton memory.pressure
      systemd: allow daemons to access memory.pressure

Mathieu Tortuyaux (1):
      container: fix cilium denial

Oleksii Miroshko (1):
      Fix templates parsing in gentemplates.sh

Pat Riehecky (1):
      container: set default context for local-path-provisioner

Renato Caldas (1):
      kubernetes: allow kubelet to read /proc/sys/vm files.

Russell Coker (28):
      This patch removes deprecated interfaces that were deprecated in the
         20210203 release.  I think that 2 years of support for a deprecated
         interface is enough and by the time we have the next release out it
         will probably be more than 2 years since 20210203.
      This patch removes deprecated interfaces that were deprecated in the
         20210203 release.  I think that 2 years of support for a deprecated
         interface is enough and by the time we have the next release out it
         will probably be more than 2 years since 20210203.
      eg25-manager (Debian package eg25-manager) is a daemon aimed at
         configuring and monitoring the Quectel EG25 modem on a running system.
         It is used on the PinePhone (Pro) and performs the following functions:
           * power on/off   * startup configuration using AT commands   * AGPS
         data upload   * status monitoring (and restart if it becomes
         unavailable) Homepage: https://gitlab.com/mobian1/eg25-manager
      iio-sensor-proxy (Debian package iio-sensor-proxy)  IIO sensors to D-Bus
         proxy  Industrial I/O subsystem is intended to provide support for
         devices  that in some sense are analog to digital or digital to analog
         convertors  .  Devices that fall into this category are:   * ADCs   *
         Accelerometers   * Gyros   * IMUs   * Capacitance to Digital Converters
         (CDCs)   * Pressure Sensors   * Color, Light and Proximity Sensors   *
         Temperature Sensors   * Magnetometers   * DACs   * DDS (Direct Digital
         Synthesis)   * PLLs (Phase Locked Loops)   * Variable/Programmable Gain
         Amplifiers (VGA, PGA)
      Fixed dependency on unconfined_t
      Comment sysfs better
      Daemon to control authentication for Thunderbolt.
      Daemon to monitor memory pressure and notify applications and change …
         (#670)
      switcheroo is a daemon to manage discrete vs integrated GPU use for apps
      policy for power profiles daemon, used to change power settings
      some misc userdomain fixes
      debian motd.d directory (#689)
      policy for the Reliability Availability servicability daemon (#690)
      policy patches for anti-spam daemons (#698)
      Added tmpfs file type for postgresql Small mysql stuff including
         anon_inode
      small ntp and dns changes (#703)
      small network patches (#707)
      small storage changes (#706)
      allow jabbers to create sock file and allow matrixd to read sysfs (#705)
      small systemd patches (#708)
      misc small patches for cron policy (#701)
      mon.te patches as well as some fstools patches related to it (#697)
      misc small email changes (#704)
      https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
      Label checkarray as mdadm_exec_t, allow it to read/write temp files
         inherited from cron, and dontaudit ps type operations from it
      Changes to eg25manager and modemmanager needed for firmware upload on
         pinephonepro
      patches for nspawn policy (#721)
      Simple patch for Brother printer drivers as described in:
         https://etbe.coker.com.au/2023/10/22/brother-mfc-j4440dw-printer/

Yi Zhao (15):
      systemd: add capability sys_resource to systemd_userdbd_t
      systemd: allow systemd-sysctl to search directories on ramfs
      systemd: allow systemd-resolved to search directories on tmpfs and ramfs
      mount: allow mount_t to get attributes for all directories
      loadkeys: do not audit attempts to get attributes for all directories
      systemd: allow systemd-networkd to create file in /run/systemd directory
      systemd: allow journalctl to create /var/lib/systemd/catalog
      bind: fix for named service
      systemd: use init_daemon_domain instead of init_system_domain for
         systemd-networkd and systemd-resolved
      rpm: fixes for dnf
      lvm: set context for /run/cryptsetup
      container: set context for /run/crun
      systemd: allow systemd-hostnamed to read machine-id and localization files
      systemd: allow systemd-rfkill to getopt from uevent sockets
      udev: fix for systemd-udevd

freedom1b2830 (1):
      mplayer:vlc paths

* Sat Dec 23 2023 Yunchuan "Winslow" Hu <i@winsloweric.com> - 2.20231223
See git commit info. Starting on Arch Linux enhancement from refpolicy.

* Tue Nov 01 2022 Chris PeBenito <pebenito@ieee.org> - 2.20221101
Chris PeBenito (46):
      systemd: Drop systemd_detect_virt_t.
      fstools: Handle resizes of the root filesystem.
      mount: Get the attributes of all filesystems.
      rpm: Add dnf and tdnf labeling.
      logging: Change to systemd interface for tmpfilesd.
      systemd: Remove systemd-run domain.
      unconfined: Add missing capability2 perms.
      lvm: Updates for multipath LVM.
      locallogin: Use init file descriptors.
      systemd: Misc fixes.
      isns: Updates from testing.
      container, docker: Fixes for containerd and kubernetes testing.
      devices: Add type for SAS management devices.
      devices: Add file context for /dev/vhost-vsock.
      iptables: Ioctl cgroup dirs.
      devices: Add type for infiniband devices.
      storage: Add fc for /dev/ng*n* devices.
      files: Add prerequisite access for files_mounton_non_security().
      files: Make etc_runtime_t a config file.
      systemd: Fixes for coredumps in containers.
      container: Allow container engines to connect to http cache ports.
      container: Getattr generic device nodes.
      application: Allow apps to use init fds.
      systemd: Misc updates.
      filesystem: Move ecryptfs interface definitions.
      mcs: Add additional SysV IPC constraints.
      mcs: Collapse constraints.
      mcs: Add additional socket constraints.
      mcs: Add missing process permission constraints.
      mcs: Remove duplicate node_bind constraint.
      mcs: Reorganize file.
      mls: Add setsockcreate constraint.
      systemd: Add interface for systemctl exec.
      Add cloud-init.
      hypervkvp: Port updated module from Fedora policy.
      init: Add tunable for systemd to create all its mountpoints.
      Run Ci tests in parallel.
      Revise userspace and SELint versions in CI
      fapolicyd: Fix selint issue.
      tests.yml: Remove irrelevant comment.
      Drop audit_access allows.
      sympa: Move lines.
      sympa: Drop module version.
      sympa, mta, exim: Revise interfaces.
      sympa, logging; Fix lint errors.
      container: Add missing UDP node bind access on container engines.

Christian Göttsche (3):
      Replace deprecated egrep usage
      ci: update dependencies
      ci: build SELint from source

Daniel Burgener (1):
      Drop explicit calls to seutil and kernel module interfaces in broad files
         interfaces

Dave Sugar (20):
      ssh: allow ssh_keygen to read /usr/share/crypto-policies/
      chronyd: Allow to read fips_enabled sysctl
      chronyd: allow chronyd to read /usr/share/crypto-policies
      systemd: init_t creates systemd-logind 'linger' directory
      systemd: systemd-update-done fix startup issue
      usbguard: Allow to read fips_enabled sysctl
      firewalld: read to read fips_enabled sysctl
      firewalld: create netfilter socket
      firewalld: allow to load kernel modules
      firewalld: write tmpfs files
      firewalld: firewalld-cmd uses dbus
      tpm2-abrmd: allow to send syslog messages
      domain: move kernel_read_crypto_sysctls to a common location
      fapolicyd: Initial SELinux policy
      networkmanager: allow watch etc_t and lib_t
      firewalld: allow watch on firewalld files
      Seeing long delay during shutdown saying: 'A stop job is running for
         Restore /run/initramfs on shutdown'
      fix: issue #550 - compile failed when DIRECT_INITRC=y
      fapolicyd: fagenrules chgrp's the compiled.rules
      Add 'DIRECT_INITRC' config to automated tests

Kenton Groombridge (95):
      systemd: add separate type for user transient units
      systemd: rename user runtime unit interfaces
      docker, podman: use renamed user runtime unit status interface
      systemd: rename status user mananger units interface
      systemd: systemd-resolved is linked to libselinux
      systemd: dontaudit systemd-generator getattr on all dirs
      raid: allow mdadm to use user ptys
      bootloader, files: allow bootloader to getattr on boot_t filesystems
      matrixd: various fixes
      container: add unconfined role
      unconfined: use unconfined container role
      podman: add interface to rangetrans when executing conmon
      podman: rework conmon rules
      podman: add file context for podman in /usr/libexec
      container: rework combined role interfaces
      podman: typealias podman_user_conmon_t to podman_conmon_user_t
      fail2ban: allow fail2ban to getsched on its processes
      modutils: allow kmod to write to kmsg
      postfix: allow postfix-map to read certbot certs
      postfix: allow postfix master to get the state of init
      postfix: allow postfix master fsetid capability
      bind: fixes for named working on dnssec files
      sudo: allow sudo domains to create netlink selinux sockets
      sysnetwork, systemd: allow DNS resolution over io.systemd.Resolve
      container: allow containers to manipulate own fds
      container: allow container engines to manage tmp symlinks
      ssh: add tunable to allow sshd to use remote port forwarding
      systemd: minor fixes to systemd user domains
      init, systemd: allow unpriv users to read the catalog
      container: add separate type for container engine units
      container, podman: allow podman to restart container units
      spamassassin: add file context for rspamd log directory
      term, init: allow systemd to watch and watch reads on unallocated ttys
      certbot: various fixes
      systemd: add file transition for systemd-networkd runtime
      systemd: add missing file context for /run/systemd/network
      systemd: add file contexts for systemd-network-generator
      systemd, udev: allow udev to read systemd-networkd runtime
      systemd: allow systemd-networkd to read init runtime files
      podman: add alias for conmon executable
      systemd: ensure connecting to resolved allows searching init runtime
      ssh: allow sshd to run setfiles when polyinstantiation is enabled
      sudo: allow sudo domains to access caller's /proc/pid/stat
      container: add file contexts for docker home config
      files, init: allow systemd to remount etc filesystems
      systemd: allow systemd-logind to read localization
      init: fix possible typo
      corecmd: label dracut lib as bin_t
      sudo: various fixes
      udev: various fixes for udevadm
      bootloader, init: various fixes for systemd-boot
      systemd: allow systemd-generator to read etc runtime files
      systemd: add interface to read userdb runtime files
      logging: various fixes for auditctl
      screen: add interface to dontaudit runtime sock file
      systemd: dontaudit systemd-tmpfiles getattr on screen sock file
      systemd: dontaudit systemd-tmpfiles getattr on all dirs
      fstools: fixes for fsadm with nfs
      various: fixes for nfs
      init: dontaudit initrc creating /dev/console during initrd
      storage: include chr_files in fixed_disk_dev interfaces
      systemd: allow systemd-userdbd to search default contexts
      logging, systemd: allow auditctl to list userdb runtime dirs
      bootloader, userdom: minor fixes for systemd-boot
      systemd: allow systemd-resolved to read generic certs
      sysadm: allow sysadm to rw ipmi devices
      zfs: initial policy module
      fstools, mount: remove legacy zfs rules
      files, mount: remove legacy ZFS file contexts
      sysadm: allow admin access to zfs
      kernel: allow kthreads to read and write the zpool cache
      systemd, zfs: allow systemd-generator to read zfs config
      udev: allow reading ZFS config
      zfs: various fixes
      mta: add support for nullmailer
      devices: add interface to rw infiniband devices
      xdg: add interface to dontaudit searching xdg data dirs
      opensm: initial policy
      sysadm: allow opensm access
      corenet: add portcon for glusterfs
      glusterfs: various fixes
      glusterfs: add type for gluster bricks
      mount: allow mounting glusterfs volumes
      selinuxutil: allow semanage, setfiles to inherit gluster fds
      glusterfs, selinuxutil: make modifying fcontexts a tunable
      glusterfs: add type for glusterd hooks
      usermanage: add file context for chpasswd in /usr/bin
      node_exporter: add file context for node_exporter in /usr/bin
      usbguard: add file context for usbguard in /usr/bin
      init: add file context for systemd units in dracut modules
      git: add file contexts for other git utilities
      dbus, init, mount, rpc: minor fixes for mount.nfs
      zfs: allow reading exports
      systemd: allow systemd-generator to use dns resolution
      rpc: allow rpc admins to rw nfsd fs

Pat Riehecky (2):
      container: Boolean for ecryptfs
      Clone `xguest_connect_network` for guest role

Russell Coker (1):
      Sympa list server

Yi Zhao (16):
      systemd: allow systemd user to watch /etc directories
      logwatch: fixes for logwatch
      postfix: allow postfix_local_t to search logwatch_cache_t
      sysnetwork: allow systemd_networkd_t to read link file
      logging: allow systemd-journal to manage syslogd_runtime_t sock_file
      radius: fixes for freeradius
      udev: allow udev_read_runtime_files to read link files
      watchdog: allow watchdog to create /var/log/watchdog directory
      systemd: allow systemd-resolved to manage link files
      sysnetwork: fix privilege separation functionality of dhcpcd
      sysnetwork: allow dhcpcd to send and receive messages from systemd
         resolved
      rpm: add label for dnf-automatic and dnf-3
      systemd: allow systemd-backlight to read kernel sysctl settings
      systemd: allow systemd-rfkill to get attributes of all fs
      systemd: allow systemd-hostnamed to read selinux configuration files
      systemd: add capability sys_admin to systemd_generator_t

* Fri May 20 2022 Chris PeBenito <pebenito@ieee.org> - 2.20220520
Björn Esser (1):
      authlogin: add fcontext for tcb

Chris PeBenito (118):
         0xC0ncord/bugfix/systemd-user-exec-apps-hookup
      systemd, ssh, ntp: Read fips_enabled crypto sysctl.
      systemd: Unit generator fixes.
      systemd: Revise tmpfiles factory to allow writing all configs.
      systemd: User runtime reads user cgroup files.
      logging: Add audit_control for journald.
      udev: Manage EFI variables.
      ntp: Handle symlink to drift directory.
      logging: Allow auditd to stat() dispatcher executables.
      Drop module versioning.
      tests.yml: Disable policy_module() selint checks.
      systemd: Change journal file context to MLS system high.
      Revert "users: remove MCS categories from default users"
      systemd: Add systemd-homed and systemd-userdbd.
      systemd, ssh: Crypto sysctl use.
      systemd: Additional fixes for fs getattrs.
      systemd: Updates for generators and kmod-static-nodes.service.
      domain: Allow lockdown for all domains.
      postfix, spamassassin: Fix missed type renames after alias removals.
      cron, dbus, policykit, postfix: Minor style fixes.
      Make hide_broken_symptoms unconditional.
      puppet: Style fixes.
      matrixd: Cleanups.
      matrixd: SELint fixes.
      mailmain: Fix check_fc_files issue.
      mailmain: Fix SELint issues.
      postfix: Move lines.
      apache: Remove unnecessary require in apache_exec().
      seusers: Remove sddm.
      Add a vulnerability handling process.

Christian Goettsche (1):
      check_fc_files: allow optional @ character

Christian Göttsche (11):
      filesystem: add fs_use_trans for ramfs
      Ignore umask on when installing headers
      Revert "tests.yml: Disable policy_module() selint checks."
      build.conf: bump policy version in comment
      flask: add new kernel security classes
      policy_capabilities: add ioctl_skip_cloexec
      policy.dtd: more strict bool/tunable and infoflow validation
      Makefile: invoke python with -bb
      Rules.monolithic: add target to generate CIL policy
      Makefile: use override for adding options
      Rules.modular: add pure-load target

Dave Sugar (4):
      Allow iscsid to request kernel module load
      Allow iscsid to check fips_enabled
      sshd: allow to run /usr/bin/fipscheck (to check fips state)
      systemd: resolve error with systemd-sysctl

Fabrice Fontaine (2):
      policy/modules/services/samba.te: make crack optional
      policy/modules/services/wireguard.te: make iptables optional

Gao Xiang (1):
      Add erofs as a SELinux capable file system

Henrik Grindal Bakken (1):
      snmp: Fix typo in /var/net-snmp rule

Jonathan Davies (12):
      chronyd.te: Added chronyd_hwtimestamp boolean for chronyd_t to access
         net_admin capability, this is required for its `hwtimestamp` option,
         which otherwise returns:
      virt.te: Fixed typo in virtlogd_t virt_common_runtime_t
         manage_files_pattern.
      obfs4proxy: Added policy.
      tor: Added interfaces and types for obfs4proxy support.
      corenetwork.te.in: Added ntske port.
      chronyd.te: Added support for bind/connect/recv/send NTS packets.
      chronyd: Allow access to read certs.
      obj_perm_sets.spt: Fixed typo in rw_netlink_socket_perms.
      policy/*: Replaced rw_netlink_socket_perms with
         create_netlink_socket_perms.
      node_exporter: Added initial policy.
      systemd.te: Added boolean for allowing dhcpd server packets.
      systemd.if: Allowed reading systemd_userdbd_runtime_t symlinks in
         systemd_stream_connect_userdb().

Kenton Groombridge (174):
      userdomain: add user exec domain attribute and interface
      systemd: assign user exec attribute to systemd --user instances
      systemd: add interface to support monitoring and output capturing of child
         processes
      wm: add user exec domain attribute to wm domains
      ssh: add interface to execute and transition to ssh client
      userdomain: add interface to allow mapping all user home content
      git, roles: add policy for git client
      apache, roles: use user exec domain attribute
      screen, roles: use user exec domain attribute
      git, roles: use user exec domain attribute
      postgresql, roles: use user exec domain attribute
      ssh, roles: use user exec domain attribute
      sudo, roles: use user exec domain attribute
      syncthing, roles: use user exec domain attribute
      xscreensaver, roles: use user exec domain attribute
      xserver, roles, various: use user exec domain attribute
      authlogin, roles: use user exec domain attribute
      bluetooth, roles: use user exec domain attribute
      cdrecord, roles: use user exec domain attribute
      chromium, roles: use user exec domain attribute
      cron, roles: use user exec domain attribute
      dirmngr, roles: use user exec domain attribute
      evolution, roles: use user exec domain attribute
      games, roles: use user exec domain attribute
      gnome, roles: use user exec domain attribute
      gpg, roles: use user exec domain attribute
      irc, roles: use user exec domain attribute
      java, roles: use user exec domain attribute
      libmtp, roles: use user exec domain attribute
      lpd, roles: use user exec domain attribute
      mozilla, roles: use user exec domain attribute
      mplayer, roles: use user exec domain attribute
      mta, roles: use user exec domain attribute
      openoffice, roles: use user exec domain attribute
      pulseaudio, roles: use user exec domain attribute
      pyzor, roles: use user exec domain attribute
      razor, roles: use user exec domain attribute
      rssh, roles: use user exec domain attribute
      spamassassin, roles: use user exec domain attribute
      su, roles: use user exec domain attribute
      telepathy, roles: use user exec domain attribute
      thunderbird, roles: use user exec domain attribute
      tvtime, roles: use user exec domain attribute
      uml, roles: use user exec domain attribute
      userhelper, roles: use user exec domain attribute
      vmware, roles: use user exec domain attribute
      wireshark, roles: use user exec domain attribute
      wm, roles: use user exec domain attribute
      hadoop, roles: use user exec domain attribute
      shutdown, roles: use user exec domain attribute
      cryfs, roles: use user exec domain attribute
      wine: use user exec domain attribute
      mono: use user exec domain attribute
      sudo: add tunable to control user exec domain access
      su: add tunable to control user exec domain access
      shutdown: add tunable to control user exec domain access
      mpd, pulseaudio: split domtrans and client access
      mcs: deprecate mcs overrides
      mcs: restrict create, relabelto on mcs files
      fs: add pseudofs attribute and interfaces
      devices: make usbfs pseudofs instead of noxattrfs
      git: fix typo in git hook exec access
      dovecot, spamassassin: allow dovecot to execute spamc
      mta, spamassassin: fixes for rspamd
      certbot, various: allow various services to read certbot certs
      usbguard, sysadm: misc fixes
      ssh: fix for polyinstantiation
      sysadm, systemd: fixes for systemd-networkd
      asterisk: allow reading generic certs
      bind: fixes for unbound
      netutils: fix ping
      policykit, systemd: allow policykit to watch systemd logins and sessions
      spamassassin: fix file contexts for rspamd symlinks
      mcs: add additional constraints to databases
      mcs: constrain misc IPC objects
      mcs: combine single-level object creation constraints
      various: deprecate mcs override interfaces
      corenet: make netlabel_peer_t mcs constrained
      mcs: constrain context contain access
      mcs: only constrain mcs_constrained_type for db accesses
      guest, xguest: remove apache role access
      wine: fix roleattribute statement
      testing: accept '@' as a valid ending character in filecon checker
      users: remove MCS categories from default users
      various: remove various mcs ranged transitions
      kernel: add various supporting interfaces for containers
      kernel, rpc, systemd: deprecate kernel_mounton_proc
      devices, kernel: deprecate dev_mounton_sysfs
      devices: add interfaces to remount sysfs and device filesystems
      init: add interface to run init bpf programs
      systemd: add interface to dbus chat with systemd-machined
      userdom: add interfaces to relabel generic user home content
      init: add interface to setsched on init
      init: allow systemd to renice all other domains
      sysnetwork: add interfaces for /run/netns
      container, virt: move svirt lxc domains to new container module
      container: svirt_lxc_net_t is now container_t
      container: fixup rules
      container: add interface to identify container mountpoints
      various: make various types a mountpoint for containers
      container: add base attributes for containers and container engines
      container: initial support for container engines
      container, gpg, userdom: allow container engines to execute gpg
      container: allow containers to use container ptys
      container, mount: allow mount to getattr on container fs
      various: various userns capability permissions
      container: allow containers the chroot capability
      container: allow containers various userns capabilities
      container: allow containers to watch all container files
      container, podman: initial support for podman
      filesystem: add supporting FUSEFS interfaces
      dbus: add supporting interfaces and rules for rootless podman
      systemd: add private type for systemd user manager units
      container: add role access templates
      container, podman, systemd: initial support for rootless podman
      container: add required admin rules
      sysadm: allow container admin access
      container: call podman access in container access
      staff, unconfined: allow container user access
      container: add policy for privileged containers
      container: allow containers to read read-only container files
      container: add tunable for containers to manage cgroups
      container: add tunables for containers to use nfs and cifs
      container: add tunable to allow engines to mounton non security
      container, iptables: dontaudit iptables rw on /ptmx
      xdg: add interface to search xdg data directories
      container, podman: add policy for conmon
      kernel: add filetrans interface for unlabeled dirs
      container, docker: add initial support for docker
      container: call docker access in container access
      userdomain: add type for user bin files
      systemd: allow systemd user managers to execute user bin files
      systemd: use stream socket perms in systemd_user_app_status
      systemd: add supporting interfaces for user daemons
      rootlesskit: new policy module
      container, docker, rootlesskit: add support for rootless docker
      docker: call rootlesskit access in docker access
      container: drop old commented rules
      lxc_contexts: add ro_file and sandbox_lxc_process contexts
      container: allow containers to getsession
      docker: make rootlesskit optional
      docker: add missing call to init_daemon_domain()
      podman: add explicit range transition for conmon
      init: split access for systemd runtime units
      dbus: fixes for dbus-broker
      dbus, policykit: add tunables for dbus-broker access
      docker, podman: container units now have the runtime unit type
      init: allow systemd to nnp_transition and nosuid_transition to daemon
         domains
      files, init: allow init to remount filesystems mounted on /boot
      sudo: fixes for polyinstantiation
      locallogin: fix for polyinstantiation
      authlogin: dontaudit getcap chkpwd
      systemd: various fixes
      systemd: add support for systemd-resolved stubs
      getty, locallogin: cgroup fixes
      unconfined: fixes for bluetooth dbus chat and systemd
      udev: allow udev to start the systemd system object
      networkmanager: allow getting systemd system status
      container, podman: allow podman to create and write config files
      podman: allow system podman to interact with container transient units
      podman: fix role associations
      container, podman: allow containers to interact with conmon
      podman: add rules for systemd container units
      container, init: allow init to remount container filesystems
      container: allow generic containers to read the vm_overcommit sysctl
      container: add tunables to allow containers to access public content
      container: add missing capabilities
      container: also allow containers to watch public content
      podman: allow podman to watch journal dirs
      sysadm: allow sysadm to watch journal directories
      git: add missing file contexts
      udica-templates: initial commit of udica templates
      makefile: add install target for udica templates
      github: test install of udica templates

Laurent Bigonville (2):
      docker: On debian dockerd and docker-proxy are in /usr/sbin
      container: On Debian, runc is installed in /usr/sbin

Pedro (1):
      File context for nginx cache files

Russell Coker (8):
      remove aliases from 20210203
      dontaudit net_admin without hide_broken_symptoms
      puppet V3
      matrixd-synapse policy V3
      mailman3 V3
      certbot V3
      init dbus patch for GetDynamicUsers with systemd_use_nss() V2
      new sddm V2

Vit Mojzis (1):
      Improve error message on duplicate definition of interface

Yi Zhao (24):
      rpc: remove obsolete comment line
      secadm: allow secadm to read selinux policy
      rpcbind: allow sysadm to run rpcinfo
      samba: allow smbd_t to send and receive messages from avahi over dbus
      rpc: add dac_read_search capability for rpcd_t
      bluetooth: fixes for bluetoothd
      avahi: allow avahi_t to watch /etc/avahi directory
      udev: allow udev_t to watch udev_rules_t dir
      rpc: allow rpc.mountd to list/watch NFS server directory
      usermanage: do not audit attempts to getattr of proc for passwd_t and
         useradd_t
      selinuxutil: allow setfiles_t to read kernel sysctl
      rngd: fixes for rngd
      dbus: allow dbus-daemon to map SELinux status page
      bind: fixes for bind
      passwd: allow passwd to map SELinux status page
      ipsec: fixes for strongswan
      samba: fixes for smbd/nmbd
      ntp: allow ntpd to set rlimit_memlock
      ssh: do not audit attempts by ssh-keygen to read proc
      acpid: allow acpid to watch the directories in /dev
      bluetooth: allow bluetoothd to create alg_socket
      systemd: allow systemd-hostnamed to read udev runtime files
      su: allow su to map SELinux status page
      modutils: allow kmod_t to write keys

* Wed Sep 08 2021 Chris PeBenito <pebenito@ieee.org> - 2.20210908
Andreas Freimuth (2):
      Prefer user_fonts_config_t over xdg_config_t
      Set user_fonts_config_t for conf.d

Chris PeBenito (76):
      rpc: Move lines.
      selinux: Add a secure_mode_setbool Boolean.
      Remove additional unused modules
      Rules.modular/Rules.monolithic: Fix intdented labeling statement moves.
      selinux: Change generic Boolean type to boolean_t.
      selinux: Set regular file for labeled Booleans genfscons.
      selinux: Add dontaudits when secure mode Booleans are enabled.
      kernel: Add dontaudits when secure_mode_insmod is enabled.
      authlogin: Add tunable for allowing shadow access on non-PAM systems.
      authlogin: Remove redundant rule in auth_domtrans_chk_passwd().
      Create stale.yml
      stale.yml: Fix labels with spaces.
      authlogin: Deprecate auth_domtrans_chk_passwd().
      init: Add support for systemd StandardInputText.
      .gitignore: Ignore vscode data dir.
      .gitignore: Remove duplicate lines.
      Revert "systemd.if minor fix"
      systemd: Drop second parameter in systemd_tmpfilesd_managed().
      staff, sysadm, unprivuser: Move lines.
      xserver: Move fc lines.
      radvd: Whitespace fix.
      virt: Move lines.
      Bump module versions for release.

Christian Göttsche (1):
      Use correct interface or template declaration

Dave Sugar (2):
      systemd.if minor fix
      Resolve when building monolithic on RHEL7

Fabrice Fontaine (5):
      policy/modules/services/minidlna.te: make xdg optional
      policy/modules/services/ftp.te: make ssh optional
      policy/modules/services/cvs.te: make inetd optional
      policy/modules/services/ifplugd.te: make netutils optional
      policy/modules/apps/wireshark.te: make xdg optional

Jonathan Davies (13):
      staff.te: Allow staff access to the virt stream, needed for when the
         sockets are access remotely over SSH.
      logging.if: Added interfaces for watching all and audit logs.
      roles: Added log watching permissions to secadm and sysadm.
      irc.te: Allow irc_t access to unix_dgram_socket sendto to allow clients to
         connect to a SOCKS proxy.
      screen.if: Added interface to allow executing sock file.
      irc.te: Allowed client access to screen runtime sock file.
      dmesg.te: Added files_read_etc_files() as some distros store terminfo
         files in /etc/.
      devices.fc: Added missing Xen character files.
      sysadm.te: Allow sysadm_t to read/write Xen character devices so userspace
         tooling works.
      sysnetwork: dhcpc_t: Added corenet_sendrecv_icmp_packets()
      radvd.te: Added corenet_sendrecv_icmp_packets().
      dhcp.te: Added corenet_sendrecv_icmp_packets().
      virt: Defined a virt_common_runtime_t type for the new common/system.token
         file and added permissions to virtd_t and virtlogd_t.

Kenton Groombridge (36):
      dovecot, postfix: add missing accesses
      various: systemd user fixes and additional support
      systemd, fail2ban: allow fail2ban to watch journal
      fail2ban: allow reading vm overcommit sysctl
      usbguard: various fixes
      redis: allow reading certs
      rngd: allow reading sysfs
      getty: various fixes
      modutils: allow kmod to read src_t symlinks
      devices, userdomain: dontaudit userdomain setattr on null device nodes
      spamassassin: allow rspamd to read network sysctls
      redis: allow reading net and vm overcommit sysctls
      devices, userdomain: dontaudit userdomain setattr on null device nodes
      files, init, systemd: various fixes
      ssh: allow ssh_keygen_t to read localization
      devicekit: allow devicekit_disk_t to setsched
      udev: various fixes
      init: modify interface to allow reading all pipes
      iptables: allow reading initrc pipes
      wireguard: allow running iptables
      bootloader, filesystem: various fixes for grub
      mount: allow getattr on dos filesystems
      init, mount: allow systemd to watch utab
      init, systemd: allow logind to watch utmp
      logging: allow auditd to use nsswitch
      logging: allow auditd to getattr on audisp-remote binary
      systemd: allow systemd-resolved to manage its own sock files
      systemd: add policy for systemd-sysctl
      init, udev: various fixes for systemd
      udev: allow systemd-vconsole-setup to sys_tty_config
      various: several dontaudits
      sysadm, systemd: various fixes
      authlogin: add new type for pwd.lock and others
      init: allow systemd to rw shadow lock files
      filesystem, init: allow systemd to create pstore dirs
      bootloader, devices: dontaudit grub writing on legacy efi variables

Krzysztof Nowicki (15):
      Fix interface naming convention (plural predicates)
      Allow systemd to relabel startup-important directories
      Allow execution of shell-scripted systemd generators
      Also grant directory permissions in sysnet_manage_config
      Allow use of systemd UNIX sockets created at initrd execution
      Fix systemd-journal-flush service
      Allow systemd-tmpfilesd populating of /var/lib/dbus
      When using systemd_tmpfilesd_managed also grant directory permissions
      Enable factory directory support in systemd-tmpfilesd
      Allow systemd-tmpfilesd to relabel generic files inside /etc
      Allow systemd-tmpfilesd to set attributes of /var/lock
      Mark lvm_lock_t as systemd_tmpfilesd-managed
      Allow systemd-tmpfilesd handle faillog directory
      Fix setting-up sandbox environment for systemd-networkd
      Allow systemd-tmpfilesd to access nsswitch information

Markus Linnala (13):
      policy: init: there is no enabled_mls, it is enable_mls
      policy: files: files_spool_filetrans: doc: change param from file to
         file_type
      policy devices: dev_filetrans: doc: change param from file to file_type
      policy gnome: gnome_dbus_chat_gconfd: doc: does not have 1st param of
         role_prefix
      policy chromium: chromium_tmp_filetrans: doc: add missing 2nd param
         documentation
      policy gpg: doc: add documents for all *filterans parameters
      policy seunshare: seunshare_role: parameters usage partially mixed
      policy kismet: kismer_role: parameter order mixed in kismet_run
      policy: interfaces: doc: indent param blocks consistently
      policy avahi: avahi_filetrans_pid: doc: add missing params
      policy: xserver: xserver_dbus_chat: fix require
      policy:ssh: ssh_server_template: fix require
      policy: files: files_get_etc_unit_status/files_{start,stop}_etc_service:
         fix require

Russell Coker (1):
      blkmapd

Xiongwei Song (1):
      Add ubifs to filesystem policy

Yi Zhao (1):
      roles: move dbus_role_template to userdom_common_user_template

* Wed Feb 03 2021 Chris PeBenito <pebenito@ieee.org> - 2.20210203
(GalaxyMaster) (1):
      added policy for systemd-socket-proxyd

0xC0ncord (1):
      userdomain, xserver: move xdg rules to userdom_xdg_user_template

Anthony PERARD (1):
      xen: Allow xenstored to map /proc/xen/xsd_kva

Antoine Tenart (15):
      udev: allow udevadm to retrieve xattrs
      locallogin: allow login to get attributes of procfs
      logging: allow systemd-journal to write messages to the audit socket
      sysnetwork: allow to read network configuration files
      dbus: add two interfaces to allow reading from directories and named
         sockets
      dbus: allow clients to list runtime dirs and named sockets
      systemd: add extra systemd_generator_t rules
      systemd: allow systemd-hwdb to search init runtime directories
      systemd: allow systemd-network to get attributes of fs
      systemd: allow systemd-resolve to read in tmpfs
      corecommands: add entry for Busybox shell
      systemd: allow systemd-getty-generator to read and write unallocated ttys
      systemd: allow systemd-network to list the runtime directory
      ntp: allow systemd-timesyn to watch dbus objects
      ntp: allow systemd-timesyn to setfscreate

Chris PeBenito (117):
      Merge branch 'acpid_shutdown' of https://github.com/jpds/refpolicy into
         jpds-acpid_shutdown
      .travis.yml: Point selint at only the policy dir.
      corecommands, dbus, locallogin, logging, sysnetwork, systemd, udev: Module
         version bump.
      systemd: Move systemd-pstore block up in alphabetical order.
      Switch to GitHub actions for CI actions.
      systemd: Whitespace changes.
      systemd: Rename systemd_connectto_socket_proxyd_unix_sockets() to
         systemd_stream_connect_socket_proxyd().
      Drop criteria on github actions.
      userdomain: Fix error in calling userdom_xdg_user_template().
      systemd: Add systemd-tty-ask watch for /run/systemd/ask-password.
      Makefile: Add -E to setfiles labeling targets.
      udev: Drop udev_tbl_t.
      udev: Systemd 246 merged udev and udevadm executables.
      devicekit: Udisks uses udevadm, it does not exec udev.
      Remove modules for programs that are deprecated or no longer supported.
      chromium: Whitespace changes.
      chromium: Move naclhelper lines.
      certbot: Whitespace changes.
      certbot: Drop aliases since they have never had the old names in
         refpolicy.
      certbot: Reorder fc lines.
      miscfiles: Rename miscfiles_manage_generic_tls_privkey_lnk_files.
      userdomain: Move lines.
      certbot: Fix lint issues.
      memlockd: Move lines.
      memlockd: Whitespace fixes.
      memlockd: Fix lint issue.
      file_patterns.spt: Add a mmap_manage_files_pattern().
      apache, mysql, postgrey, samba, squid: Apply new
         mmap_manage_files_pattern().
      devicekit, jabber, samba: Move lines.
      cron: Make backup call for system_cronjob_t optional.
      samba: Fix samba_runtime_t alias use.
      samba: Move service interface definitions.
      sysnetwork: Merge dhcpc_manage_samba tunable block with existing samba
         block.
      samba: Add missing userspace class requirements in unit interfaces.
      apache: Fix lint error.
      apache: Really fix lint error.
      aptcacher: Drop broken config interfaces.
      samba: Fix lint error.
         0xC0ncord/feature/sudodomain_http_connect_boolean
         0xC0ncord/bugfix/systemd_system_custom_unit_fc
      dpkg, aptcatcher, milter, mysql, systemd: Rename interfaces.
      apt, bootloader: Move lines.
      systemd: Move lines.
      systemd: Fix lint errors.
      systemd: Rename systemd_use_machined_devpts().
      Bump module versions for release.

Christian Göttsche (16):
      postfixpolicyd: split multi-class rule
      init/systemd: allow systemd to map the SELinux status page
      selinux: add selinux_use_status_page and deprecate
         selinux_map_security_files
      genhomedircon: drop backwards compatibility section
      genhomedircon: require match for home directory name
      genhomedircon: drop unused functions
      genhomedircon: generate file contexts for %{USERNAME} and %{USERID}
      genhomedircon: misc pylint cleanup
      genhomedircon: improve error messages for min uid search
      Rules.monolithic: ignore version mismatch
      gitignore: ignore monolithic generated files
      Preset OUTPUT_POLICY to 32
      Rules.monolithic: do not suppress load_policy warning messages
      Rules.monolithic: tweak checkpolicy arguments
      Rules.monolithic: drop dead variable
      Rules.monolithic: add missing phony declarations

Daniel Burgener (4):
      Allow init to mount over the system bus
      Allow systemd-ask-password to watch files
      Use self keyword when an AV rule source type matches destination
      Fix typo in comment

Dannick Pomerleau (1):
      access_vectors: Add new capabilities to cap2

Dave Sugar (9):
      Looks like this got dropped in pull request #294
      Allow snmpd to read hwdata
      Updates for corosync to work in enforcing
      To get pacemaker working in enforcing
      pacemaker systemd permissions
      Allow pacemaker to map/read/write corosync shared memory files
      Allow systemd-modules-load to search kernel keys
      pcs_snmpd_agent_t fix denials to allow it to read needed queues
      Work with xdg module disabled

David Schadlich (1):
      add policy for pcs_snmp_agent

Deepak Rawat (1):
      Add selinux-policy for systemd-pstore service

Dominick Grift (1):
      bind: add a few fc specs for unbound

Guido Trentalancia (1):
      Add LVM module permissions needed to open cryptsetup devices.

Jason Zaman (5):
      userdomain: Add watch on home dirs
      getty: allow watching file /run/agetty.reload
      Add transition on gentoo init_t to openrc
      init: upstream fcontexts from gentoo policy
      systemd: make remaining dbus_* optional

Jonathan Davies (8):
      acpi.te: Allow acpid_t to shutdown the system - this is required to handle
         shutdown calls from libvirt. Fixes #298.
      acpi.te: Removed unnecessary init_write_initctl().
      userdomain.if: Marked usbguard user modify tunable as optional so usbguard
         may be excluded.
      portage: Added /var/cache/distfiles path.
      init: Added fcontext for openrc-init.
      init: Added fcontext for openrc-shutdown.
      apps/screen.fc: Added fcontext for tmux xdg directory.
      apps/screen.te: Allow screen to search xdg directories.

Kenton Groombridge (11):
      devices: add interface for IOCTL on input devices
      virt: add boolean to allow evdev passthrough
      stunnel: add log type and rules
      fail2ban: allow reading systemd journal
      spamassassin: add rspamd support and tunable
      apache: add interface for list dir perms on httpd content
      sudo: add tunable for HTTP connections
      init: label systemd units in /etc
      certbot: add support for acme.sh
      lvm: add lvm_tmpfs_t type and rules
      Various fixes

Peter Morrow (1):
      selinux: add selinux_get_all_booleans() interface

Richard Haines (1):
      Ensure correct monolithic binary policy is loaded

Russell Coker (11):
      base chrome/chromium patch fixed
      latest iteration of certbot policy as patch
      yet more strict patches fixed
      remove deprecated from 20190201
      more Chrome stuff
      latest memlockd patch
      misc services patches with changes Dominick and Chris wanted
      misc network patches with Dominick's changes*2
      new version of filetrans patch
      misc apps and admin patches
      machined

Yi Zhao (1):
      sysnet: allow dhcpcd to create socket file

bauen1 (4):
      systemd: private type for /run/systemd/userdb
      authlogin: connect to userdb
      systemd-logind: utilize nsswitch
      selint: fix S-010

* Tue Aug 18 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200818
Alexander Miroshnichenko (2):
      openvpn: more versatile file context regex for ipp.txt
      openvpn: update file context regex for ipp.txt

Chris PeBenito (153):
      Makefile: Warn if policy.xml xmllint check does not run.
      networkmanager: Fix interface commenting.
      Makefile: Remove shell brace expansion in ctags target.
      dbus: Rename tunable to dbus_pass_tuntap_fd.
      spamassassin: Move systemd interfaces.
      spamassassin: Rename systemd interfaces.
      spamassassin: Add missing class requires in systemd interfaces.
      spamassassin: Remove unnecessary brackets in type alias.
      pulseaudio: Drop call to nonexistant interface.
      genhomedircon: Drop Python 2 compatibility code.
      systemd: Merge generator domains.
      .travis.yml: Add CI tests with no unconfined.
      Rename "pid" interfaces to "runtime" interfaces.
      Update callers for "pid" to "runtime" interface rename.
      Move user definitions to the right place during compilation.
      Makefile: Give a value to build options so they can be used in ifelse.
      init: Revise init_startstop_service() build option blocks.
      kernel: Drop unlabeled_t as a files_mountpoint().
      selinuxuntil, userdomain: Restore relabelfrom access for unlabeled files.
      files: Restore mounton access to files_mounton_all_mountpoints().
      filesystem: Create a filesystem image concept.
      kernel, fstools, lvm, mount: Update to use filesystem image interfaces.
      Bump module versions for release.

Christian Göttsche (29):
      Rules: allow the usage of class sets in context_defaults
      Correct estimate kernel version for polcap genfs_seclabel_symlinks
      Makefile: generate temporary documentation files in separate directory
      Ignore temporary documentation file directory in git
      Override old all_interfaces.conf.tmp file
      samba: fix wrong interface context smbd_runtime_t
      chromium: drop dead conditional block
      example: use module name matching file name
      consolesetup: drop unused requires
      unconfined: clarify unconfined_t stub usage in unconfined_domain_noaudit()
      portage: drop bizarre conditional TODO blocks
      init/systemd: move systemd_manage_all_units to init_manage_all_units
      tpm2: small fixes
      files/logging: move var_run_t filecontext to defining module
      files/miscfiles: move usr_t filecontext to defining module
      chromium/libraries: move lib_t filecontext to defining module
      apache: use correct content types in apache_manage_all_user_content()
      can_exec(): move from misc_macros to misc_patterns
      Makefile: remove obsolete .SUFFIXES
      Makefile: add target build-interface-db
      devices/storage: quote arguments to tunable_policy
      apache: quote gen_tunable name argument
      Correct some misspellings
      Fix several misspellings
      whitespace cleanup
      travis-ci: add SELint
      work on SELint issues
      files/modutils: unify modules_object_t usage into files module
      travis: resolve Linter tags

Daniel Burgener (10):
      Add dnl to end of interface declaration.  This reduces the number of blank
         lines in intermediate files and matches the way templates are defined.
      Allow systemd-coredump to stat mountpoints.
      Change incorrect template definitions into interface definitions
      Add divert to generated_definitions creation, and fix all_interfaces.conf
         divert creation.
      Fix mismatches between object class and permission macro.
      Switch pipe reading on domtrans to inherited only
      Simplify collection of ssh rules to domtrans_pattern macro
      Fix a few places where command line applications were only granted one of
         tty or pty permissions and could be used from either
      Remove the second copy of a permission in instances where the exact same
         permission is repeated twice in a row
      Remove out of date "hack" from stunnel.  The underlying problem needing a
         require was fixed back in 2011, so using corenet_tcp_bind_stunnel_port
         would be an option now, but stunnel_t already has
         corenet_tcp_bind_all_ports, so this access is redundant.

Dave Sugar (8):
      Add interface to read/write /dev/ipmi
      Update labeling in /dev/
      Setup generic generator attribute and change generator types.
      fix require from 5b78c1c86bedf322fa6a08e5d68e7e8a6b85f026
      Setup domain for tpm2_* binaries
      Interfaces needed to support IMA/EVM keys
      Resolve neverallow failure introduced in #273
      Interfaces for tpm2

David Sommerseth (1):
      dbus: Add tunable - dbus_can_pass_tuntap_fd

Florian Schmidt (1):
      corenetwork: fix winshadow port number

Guido Trentalancia (5):
      This patch improves a previous commit by restricting down the permissions
         to write the wireless device in order to prevent a possible Denial of
         Service (DoS) attack from an unprivileged process bringing down the
         wireless interfaces.
      mozilla: add watch perms
      wm: add watch perms
      getty: add watch perms
      userdomain: add watch perms

Laurent Bigonville (5):
      Add an interface to allow the specified domain to mmap the general network
         configuration files
      Add policy for apt-cacher-ng
      Add policy for acngtool
      Label bluetooth daemon as bluetooth_exec_t
      Label /usr/libexec/packagekitd as apt_exec_t on debian

McSim85 (1):
      add rule for the management socket file fixed comments from  @bauen1

Nicolas Iooss (5):
      Vagrantfile: remove older installed modules before "make install"
      systemd: make systemd --user run generators without transition
      systemd: allow sd-executor to manage its memfd files
      devices: label /dev/sysdig0
      sysnetwork: allow using "ip netns"

Russell Coker (2):
      pulseaudio patch
      latest ver of trivial mail server patch

Topi Miettinen (13):
      Make raw memory access tunable
      Add usbguard
      Don't allow creating regular files in /dev
      Python string fix
      gennetfilter: generate nft tables with --nft
      gennetfilter: handle port ranges
      Allow systemd-networkd to handle ICMP and DHCP packets
      gennetfilter: add rules for ICMP/ICMPv6 packets
      wm: add KWin
      Build and install Netfilter rules
      bootloader: add rEFInd and systemd-boot
      netutils: allow ping to send and receive ICMP packets
      Remove unlabeled packet access

Vilgot (1):
      Portage update

Vilgot Fredenberg (1):
      Remove old exception

Yi Zhao (2):
      Remove duplicated rules
      xserver: allow xserver_t to connect to resmgrd

bauen1 (59):
      logging: allow syslogd to remove stale socket file
      systemd-user-runtime-dir: add required permissions
      mozilla: allow firefox to use user namespaces for sandboxing
      modutils: allow init to execute kmod with nnp
      fix unescaped dot introduced by 47b44a0fc720cecf6df576e274f610514203a5da
      allow init_t access to own keyring
      allow init_t to link kernel_t key
      allow normal users to use 'systemd-run'
      ssh: fix for debian wrapper script
      bird: fixes for bird 2.0
      apache: add nginx to policy
      ntpd: fixes for systemd-timesyncd after linux 5.4
      define lockdown class and access
      dirmngr: allow to probe for tor
      dirmngr: also requires access to /dev/urandom
      dirmngr: ~/.gnupg/crls.d might not exist
      application: applications can be executed from ssh without pty
      systemd: allow regular users to run systemd-analyze
      quota: allow quota to modify /aquota even if immutable
      init: read default context during boot
      lvm: create /etc/lvm/archive if it doesn't exist
      corecommands: fix atrild label
      systemd-fstab-generator needs to know about all mountpoints
      semanage: create directories for new policies
      dnsmasq: watch for new dns resolvers
      init: allow systemd to setup mount namespaces
      init: make initrc_t a init_domain to simplify the policy
      init: allow systemd to activate journald-audit.socket
      setrans: allow label translation for all domains.
      files: add files_watch_etc_symlinks interface
      init: watch /etc/localtime even if it's a symlink
      corecommands: proper label for unattended-upgrades helpers
      filesystem: pathcon for matching tracefs mount
      lvm-activation-generator also needs to execute lvm
      systemd: allow systemd-user-runtime-dir to do its job
      init: fix init_manage_pid_symlinks to grant more than just create
         permissions
      init: replace call to init_domtrans_script
      systemd-sysusers: add policy
      allow most common permissions for systemd sandboxing options
      terminal: cleanup term_create interfaces
      logrotate.service sandbox required permissions
      udev.service sandbox required permissions
      systemd-timesyncd.service sandbox requried permissions
      systemd-logind.service sandbox required permissions
      init: fix systemd boot
      postfix: add filetrans for sendmail and postfix for aliases db operations
      systemd: fixed systemd_rfkill_t denial spam
      thunderbird: label files under /tmp
      init: systemd will run chkpwd to start user@1000
      authlogin: unix_chkpwd is linked to libselinux
      systemd: maintain /memfd:systemd-state
      dpkg: allow dpkg frontends to acquire lock by labeling it correctly
      systemd: systemd --user add essential permissions
      dpkg: dpkg scripts are part of dpkg and therefor also an application
         domain
      gpg: don't allow gpg-agent to read /proc/kcore
      corecommands: correct label for debian ssh-agent helper script
      systemd: systemd-tempfiles will relabel tmpfs if mounted over e.g. /tmp
      Remove the ada module, it is unecessary and not touched since ~2008
      dpkg: domaintrans to sysusers if necessary

* Sat Feb 29 2020 Chris PeBenito <pebenito@ieee.org> - 2.20200229
Alexander Miroshnichenko (1):
      Add knot module

Chris PeBenito (174):
      knot: Whitespace changes.
      knot: Move lines.
      devices, storage: Add fc entries for mtd char devices and ndctl devices.
      devices: Add types for trusted execution environment interfaces.
      ulogd: Rename ulogd_var_run_t to ulogd_runtime_t.
      INSTALL: Fix build requirements.
         fishilico/systemd-read-netlink_kobject_uevent_socket
      Rename *_var_run_t types to *_runtime_t.
      Reorder declarations based on *_runtime_t renaming.
      Remove old aliases.
         fishilico/filesystem-fs_rw_cgroup_files-follow-symlink
      fc_sort.py: Use "==" for comparing integers.
      xserver: Remove duplicate colord rule.
      xserver: Move XDM dbus chats under main dbus optional.
      Move open, audit_access, and execmod to file common.
      Add file and filesystem watch access vectors.
      Fix file common ordering and kernel version from previous commit.
      init: Whitespace change.
      unconfined: Add namespaced capabilities.
      unconfined: Fix systemd --user rule.
      Remove incorrect usages of "is" operator from Python scripts.
      logging: Reorder lines.
      systemd: Logind removes /run/user/* user temp files.
      unconfined: Add watch permission for files.
      systemd: Add filesystem watches.
      dbus: Add directory watches.
      udev: Watch devices.
      init: Revise systemd bind mounts.
      Add perf_event access vectors.
      systemd: Whitespace fix.
      logging: Whitespace fix.
      Bump module versions for release.

Christian Göttsche (6):
      fix Makefile for policy-module directories with same ending
      segenxml.py: fix format usage in warning message
      travis: force the use of python3.5
      travis: run check_fc_files linter with python 3.7
      re-implement fc_sort in python
      Add genfs_seclabel_symlinks policy capability

Daniel Burgener (4):
      Add requires to interfaces that reference types or attributes without
         requiring them
      Remove uneeded types from interfaces where types were added
      Fix situations where require blocks in interfaces listed types not
         actually referenced by that interface
      Remove unneeded semicolons after interface and macro calls

Dominick Grift (2):
      domain: unconfined access to bpf
      Remove shell automatic domain transitions to unconfined_t from various pam
         login programs

Guido Trentalancia (4):
      Update the pulseaudio application module with a few user domain file read
         and management permissions.
      Allow userdomain to read and write the wireless devices (for example for
         querying their state, enabling and/or disabling them using userspace
         tools such as "rfkill" from util-linux).
      Add an interface to allow watch permission on generic device directories.
      Allow pulseaudio to watch generic device directories.

Jason Zaman (16):
      udev: Allow udevadm access to udev_tbl_t
      xserver: ICEauthority can be in /run/user
      devicekit: udisks needs access to /run/mount/utab.lock
      dirmngr: accept unix stream socket
      chromium: allow dbus chat to inhibit power
      virt: Add unix socket for virtlogd/virtlockd
      virt: allow lvm_control access
      fstools: add zfs-auto-snapshot
      udev: Add watch perms
      accountsd: Add watch perms
      cron: watch cron spool
      colord: add watch perms
      policykit devicekit: Add watch perms
      dbus: add watch perms
      chromium: watch etc dirs
      gpg: add watch perms for agent

Laurent Bigonville (9):
      Makefile: Avoid regenerating the iftemplates at everyrun
      Allow systemd_modules_load_t to module_request and map modules_object_t
         files
      Allow udevadm to read files in /run/udev/data
      Allow udevadm_t to use dac_read_search capability
      Allow the systemd dbus-daemon to talk to systemd
      Allow geoclue to log in syslog
      Allow realmd_t to read localization files
      Allow alsa_t to create alsa_runtime_t file as well
      Allow alsa_t to set scheduling priority and send signal to itself

Luca Boccassi (2):
      journald: allow to remove /run/log/journal
      logging: add interface to start/stop syslog units

Nicolas Iooss (75):
      ulogd: add Debian's log directory
      ulogd: allow creating a netlink-netfilter socket
      ulogd: allow starting on a Debian system
      entropyd: label the unit file of haveged
      entropyd: allow haveged to create a Unix socket to received commands
      ulogd: fix pattern for /run/ulog directory
      monit: use s0 instead of s9
      java: reduce the scope of the pattern in for java entry points
      libraries: match a digit in Adobe Reader directories
      drbd: fix pattern for /usr/lib/ocf/resource.d/linbit/drbd
      rpcbind: remove redundant file context for /run/rpc.statd.pid
      files: reduce the scope of the pattern matching /usr/include
      Remove unescaped single dot from the policy
      Fix use of buggy pattern (.*)?
      libraries: drop a pattern specific to Python 2.4
      systemd: introduce an interface for services using PrivateDevices=yes
      Vagrantfile: upgrade VM to Fedora 30
      Allow Debian to generate a dynamic motd when users log in
      entropyd: haveged service uses PrivateDevices=yes
      Check the .fc files for common typos
      corecommands: no longer use \d
      libraries: fix some misspellings in patterns
      java: remove unnecessary parentheses in pattern
      cups: add a slash to match /opt/brother/Printers/
      Vagrantfile: build and install refpolicy on Fedora VM
      Vagrantfile: add a Debian virtual machine
      ntp: allow systemd-timesyncd to read network status
      cups: use ([^/]+/)? to match a subdirectory of CUPS configuration
      portage: really make consoletype module optional
      Label programs in /usr/bin like /usr/sbin
      apt: allow transition from apt_t to dpkg_t with NNP
      apt: allow preventing shutdown by calling a systemd-logind D-Bus method
      authlogin: label utempter correctly on Debian
      irc: add WeeChat policy
      systemd: allow systemd --user to receive messages from
         netlink_kobject_uevent_socket
      Add a policy module for WireGuard VPN
      modutils: allow depmod to read /boot/System.map
      modutils: allow depmod and modprobe to use the I/O provided by apt
      systemd: allow systemd-modules-load.service to read sysfs
      sudo: allow using use_pty flag
      Allow using /([^/]+/)? and (/[^/]+)?/ in patterns
      ulogd: adjust policy for Debian
      bitlbee: allow using GetDynamicUser on Debian
      chromium: remove distro-specific ifdef
      systemd-networkd: allow creating a generic netlink socket
      systemd-networkd: allow communicating with hostnamed
      sudo: allow transmitting SIGWINCH to its child
      sudo: allow using CAP_KILL for SIGWINCH
      systemd: allow detecting Windows Subsystem for Linux
      systemd: allow more accesses to systemd --user
      systemd: remove unnecessary init_write_runtime_socket()
      .travis.yml: update distro to Ubuntu 18.04 LTS (Bionic Beaver)
      filesystem: allow following symlinks with fs_rw_cgroup_files()
      systemd: allow user environment helpers to communicate with systemd --user
      .travis.yml: check the .fc files in CI
      systemd: make the kernel spawn systemd-coredump with a context transition
      gpg: allow gpg-agent to read crypto.fips_enabled sysctl
      testing/check_fc_files: allow @ character in file context patterns
      mount: allow callers of mount to search /usr/bin
      sysadm: allow using hostnamectl
      init: allow systemd to mount over /dev/kmsg and /proc/kmsg
      Add policy for CryFS, encfs and gocryptfs
      Vagrantfile: fix configuration
      Vagrantfile: remove sudo
      Vagrantfile: add a specific SELinux policy module
      systemd: allow reading options from EFI variable SystemdOptions
      virt: allow more accesses to libvirt_leaseshelper
      systemd-logind: allow using BootLoaderEntries DBUS property
      storage: introduce storage_raw_read_fixed_disk_cond
      Vagrantfile: allow unconfined and sysadm SSH login
      Vagrant: allow VirtualBox provisionning to use dhclient and ip
      Associate role unconfined_r to wine_t
      systemd: add an interface to use nss-systemd
      usermanage: allow groupadd to lookup dynamic users from systemd
      mount: label fusermount3 like fusermount

Peter Morrow (1):
      systemd_tmpfiles_t: Allow systemd_tempfiles_t to change permissions in
         sysfs

Petr Lautrbach (1):
      newrole: allow newrole to use setcap to drop capabilities

Stephen Smalley (4):
      access_vectors: Remove unused permissions
      access_vectors: Remove entrypoint and execute_no_trans from chr_file
      access_vectors: remove flow_in and flow_out permissions from packet class
      Rename obsolete netlink_firewall_socket and netlink_ip6fw_socket classes

Sugar, David (13):
      grant rpm permission to map rpm_var_lib_t
      grant permission for rpm to write to audit log
      grant rpm permissions to map locale_t
      Allow rpm to map file contexts
      Allow rpm scripts to alter systemd services
      grant rpm_t permission to map security_t
      Module for tpm2
      Add missing gen_require for init_t in init_script_domain
      resolve syslog imuxsock denial
      Add interface to read efivarfs_t directory
      Fix indent to match the rest of the file (space -> tab)
      Allow systemd to getattr all files
      audit daemon can halt system, allow this to happen.

Topi Miettinen (2):
      Consider jitterentropy to belong to entropyd family
      Consider iwd equivalent to NetworkManager etc.

Vilgot Fredenberg (1):
      Remove obsolete gentoo specific rule

bauen1 (16):
      fix: sudo can't determine default type for sysadm_r
      fix ifupdown2 executable mislabeled as lib_t
      added bpf_t filesystem label
      netutils: allow mtr to communicate with mtr-packet
      kernel/corecommands: fix the label of xfce4 helpers (on debian)
      systemd: remove whitespace
      init: add interfaces for managing /run/systemd
      systemd: add policy for systemd-fstab-generator
      udev: remove console-setup
      consolesetup: add policy for console-setup
      udev: run consolesetup
      loadkeys: remove redundant ifdef
      init: split init_create_pid_files interface
      ntp: watch systemd networkd runtime dirs This is required for correct
         function after linux 5.4
      systemd-user-runtime-dir: add policy
      sysadm: add sysadm_allow_rw_inherited_fifo tunable to allow writing to
         fifo_files inherited from domains allowed to change role to sysadm_r.

* Sun Jun 09 2019 Chris PeBenito <pebenito@ieee.org> - 2.20190609
Chris PeBenito (70):
      systemd: Module version bump.
      Merge branch 'sysadm-dynamic-users' of
         git://github.com/fishilico/selinux-refpolicy
      sysadm: Module version bump.
      Merge branch 'stubby-daemon' of
         git://github.com/fishilico/selinux-refpolicy
      corenetwork: Module version bump.
      systemd: Remove unnecessary brackets.
      init, systemd, cdrecord: Module version bump.
      logging, miscfiles, authlogin: Module version bump.
      Merge branch 'systemd-journald-signull' of
         git://github.com/fishilico/selinux-refpolicy
      Merge branch 'restorecond-no-read-all' of
         git://github.com/fishilico/selinux-refpolicy
      logging, selinuxutil: Module version bump.
      Merge branch 'systemd-update-done' of
         git://github.com/fishilico/selinux-refpolicy
      systemd: Module version bump.
      aide, clamav: Module version bump.
      filesystem, cron, authlogin: Module version bump.
      Remove incorrect comment about capability2:mac_admin.
      usermanage: Move kernel_dgram_send(passwd_t) to systemd block.
      systemd, udev, usermanage: Module version bump.
      genhomedircon.py: Fix top-level exception handling.
      udev: Whitespace fix.
      udev: Move one line and remove a redundant line.
      sysadm, udev: Module version bump.
      Merge pull request #35 from pebenito/master
      systemd: Drop unconfined kernel access for systemd_nspawn.
      udev: Drop write by udev to its executable.
      init: Remove duplicate setenforce rule for init scripts.
      authlogin, dbus, ntp: Module version bump.
      ntp, init, lvm: Module version bump.
      Merge pull request #37 from pebenito/master
      kernel, init, systemd, udev: Module version bump.
      init: Revise conditions in init_startstop_service().
      Merge pull request #39 from pebenito/revise-init-stopstart
      init: Module version bump.
      kernel: Module version bump.
      Merge pull request #40 from gtrentalancia/master
      xserver: Module version bump.
      various: Module version bump
      apache: Make MTA optional.
      systemd: Remove unnecessary names in systemd-update-done filetrans.
      Merge pull request #42 from dsugar100/master
      kernel, devices, plymouthd, xserver: Module version bump.
      storage: Label /dev/mmcblk* character nodes.
      devices: Label /dev/tpmrm[0-9].
      devices: Add type for GPIO chips, /dev/gpiochip[0-9]
      devices: Change netcontrol devices to pmqos.
      systemd: Add initial policy for systemd --user.
      Merge pull request #43 from pebenito/various-device-labels
      Merge pull request #44 from pebenito/http-mta-optional
      Merge pull request #45 from pebenito/systemd-update-done-tweak
      Merge pull request #46 from pebenito/systemd-user
      various: Module version bump.
      Merge pull request #47 from dsugar100/master
      Merge pull request #48 from bigon/dovecot_lmtp
      Merge pull request #49 from bigon/fail2ban_logrotate
      dovecot, logrotate: Module version bump.
      logrotate: Make MTA optional.
      Merge pull request #51 from pebenito/logrotate-optional-mta
      Merge pull request #53 from WOnder93/makefile-fix
      logrotate: Module version bump.
      init: Add systemd block to init_script_domain().
      systemd: modules-load updates.
      apache: Web content rules simplification.
      storage: Add fc entry for /dev/pmem*
      devices: Add type for /dev/daxX.Y.
      Merge pull request #54 from pebenito/init-script-systemd
      Merge pull request #55 from pebenito/modules-load
      Merge pull request #56 from pebenito/apache-simplify
      Merge pull request #57 from pebenito/pmem-dax
      various: Module version bump.
      Bump module versions for release.

Dave Sugar (3):
      Allow xdm (lightdm) start plymouth
      Changes to support plymouth working in enforcing
      create interfaces for NetworkManager units

Guido Trentalancia (1):
      The Qt library version 5 requires to write xserver_tmp_t files upon
         starting up applications (tested on version 5.12.1).

Laurent Bigonville (2):
      Add dovecot to listen to LMTP port
      Allow logrotate to execute fail2ban-client

Lukas Vrabec (1):
      Label /sys/kernel/ns_last_pid as sysctl_kernel_ns_last_pid_t

Nicolas Iooss (6):
      sysadm: allow resolving dynamic users
      Add policy for stubby DNS resolver
      Allow systemd-journald to use kill(pid, 0) on its clients
      Allow restorecond to read customizable_types
      Remove a broad read-files rule for restorecond
      Update systemd-update-done policy

Ondrej Mosnacek (1):
      Fix find commands in Makefiles

Sugar, David (26):
      Allow systemd-networkd to get IP address from dhcp server
      Separate domain for systemd-modules-load
      Allow init_t to read net_conf_t
      Allow systemd-hostnamed to set the hostname
      Add interface to run cdrecord in caller domain
      Add interface to get status of rsyslog service
      New interface to dontaudit access to cert_t
      Fix incorrect type in clamav_enableddisable_clamd interface
      Allow freshclam to read sysctl_crypto_t
      Add interfaces to run freshclam
      Allow AIDE to sendto kernel datagram socket
      Allow AIDE to read kernel sysctl_crypto_t
      Allow AIDE to mmap files
      Add interface to allow relabeling of iso 9660 filesystems.
      Update cron use to pam interface
      Allow additional map permission when reading hwdb
      Resolve denial while changing password
      Separate out udevadm into a new domain
      Add interface ntp_dbus_chat
      Allow ntpd to update chronyd service
      Allow ntpd to update timezone symlink
      Resolve denial about logging to journal from chkpwd
      Resolve denial about logging to journal from dbus
      Allow ntpd to read unit files
      Denial of cryptsetup reading cracklib database
      Add kernel_dgram_send() into logging_send_syslog_msg()

* Fri Feb 01 2019 Chris PeBenito <pebenito@ieee.org> - 2.20190201
Alexander Miroshnichenko (16):
      Add signal_perms setpgid setsched permissions to syncthing_t.
      Add corecmd_exec_bin permissions to syncthing_t.
      Allow syncthing_t to read network state.
      Allow syncthing_t to execute ifconfig/iproute2.
      Add required permissions for nsd_t to be able running.
      Add nsd_admin interface to sysadm.te.
      Add map permission to lvm_t on lvm_metadata_t.
      Add comment for map on lvm_metadata_t.
      Remove syncthing tunable_policy.
      Remove unneeded braces from nsd.te.
      Add new interface fs_rmw_hugetlbfs_files.
      Add map permission for postgresql_t to postgresql_tmp_t files.
      Add dovecot_can_connect_db boolean.
      fs_mmap_rw_hugetlbfs_files is a more appropriate name for the interface
      Add hostapd service module
      minor updates redis module to be able to start the app

Chris PeBenito (85):
      mozilla, devices, selinux, xserver, init, iptables: Module version bump.
      devices: Module version bump.
      misc_patterns.spt: Remove unnecessary brackets.
      ipsec: Module version bump.
      fstools: Module version bump.
      corecommands: Module version bump.
      xserver: Module version bump.
      Merge pull request #1 from bigon/fix-sepolgen-ifgen
      Remove unused translate permission in context userspace class.
      logrotate: Module version bump.
      miscfiles: Module version bump.
      Merge pull request #3 from bigon/xdp-socket
      obj_perm_sets.spt: Add xdp_socket to socket_class_set.
      clamav, ssh, init: Module version bump.
      amavis, apache, clamav, exim, mta, udev: Module version bump.
      dnsmasq: Whitespace fix in file contexts.
      dnsmasq: Reorder lines in file contexts.
      Merge branch 'master' of https://github.com/bigon/refpolicy
      Merge branch 'resolved' of https://github.com/bigon/refpolicy
      Merge branch 'iscsi' of https://github.com/bigon/refpolicy
      Various modules: Version bump.
      dnsmasq: Module version bump.
      Merge branch 'minissdpd' of https://github.com/bigon/refpolicy
      cron, minissdpd, ntp, systemd: Module version bump.
      dbus, xserver, init, logging, modutils: Module version bump.
      Merge branch 'syncthing' of https://github.com/alexminder/refpolicy
      syncthing: Whitespace change
      Merge branch 'lvm' of https://github.com/alexminder/refpolicy
      lvm, syncthing: Module version bump.
      sigrok: Remove extra comments.
      networkmanager: Add ICMPv6 comment
      sysnetwork: Move optional block in sysnet_dns_name_resolve().
      sysnetwork: Move lines.
      dpkg: Rename dpkg_read_script_tmp_links().
      apt, rpm: Remove and move lines to fix fc conflicts.
      sudo: Whitespace fix.
      many: Module version bumps for changes from Russell Coker.
      systemd: Rename systemd_list_netif() to systemd_list_networkd_runtime().
      init: Remove inadvertent merge.
      Merge branch 'nsd' of https://github.com/alexminder/refpolicy
      nsd: Merge two rules into one.
      Merge branch 'ssh_dac_read_search' of
         git://github.com/fishilico/selinux-refpolicy
      Merge branch 'restorecond_getattr_cgroupfs' of
         git://github.com/fishilico/selinux-refpolicy
      Merge branch 'systemd-logind-getutxent' of
         git://github.com/fishilico/selinux-refpolicy
      various: Module version bump.
      iptables: Module version bump.
      Add CONTRIBUTING file.
      kernel, systemd: Move lines.
      kernel, jabber, ntp, init, logging, systemd: Module version bump.
      Merge branch 'systemd-journald_units_symlinks' of
         git://github.com/fishilico/selinux-refpolicy
      init, logging: Module version bump.
      Merge branch 'services_single_usr_bin' of
         git://github.com/fishilico/selinux-refpolicy
      Merge branch 'init_rename_pid_interfaces' of
         git://github.com/fishilico/selinux-refpolicy
      various: Module name bump.
      Merge branch 'systemd-rfkill' of
         git://github.com/fishilico/selinux-refpolicy
      systemd: Whitespace change
      systemd: Module version bump.
      Merge branch 'restorecond-symlinks' of
         git://github.com/fishilico/selinux-refpolicy
      Merge branch 'add_comment' of git://github.com/DefenSec/refpolicy
      usermanage, cron, selinuxutil: Module version bump.
      logging, sysnetwork, systemd: Module version bump.
      Merge branch 'restorecond-dontaudit-symlinks' of
         git://github.com/fishilico/selinux-refpolicy
      selinuxutil: Module version bump.
      Merge branch 'dbus-dynamic-uid' of
         git://github.com/fishilico/selinux-refpolicy
      xserver: Move line
      systemd: Move interface implementation.
      various: Module version bump.
      dpkg: Rename dpkg_nnp_transition() to dpkg_nnp_domtrans().
      dpkg: Move interface implementations.
      init: Rename init_read_generic_units_links() to
         init_read_generic_units_symlinks().
      init: Drop unnecessary userspace class dependence in
         init_read_generic_units_symlinks().
      chromium: Whitespace fixes.
      chromium: Move line.
      Merge branch 'dovecot' of git://github.com/alexminder/refpolicy
      dovecot: Move lines.
      various: Module version bump.
      Merge branch 'postgres' of git://github.com/alexminder/refpolicy
      filesystem, postgresql: Module version bump.
      hostapd: Whitespace change.
      hostapd: Move line.
      various: Module version bump.
      redis: Move line.
      redis: Module version bump.
      corecommands, staff, unprivuser, ssh, locallogin, systemd: Module version
         bump.
      Bump module versions for release.

David Sugar (15):
      Interface to allow reading of virus signature files.
      Update CUSTOM_BUILDOPT
      Add interface udev_run_domain
      Allow clamd_t to read /proc/sys/crypt/fips_enabled
      Interface to add domain allowed to be read by ClamAV for scanning.
      Add interfaces to control clamav_unit_t systemd services
      Allow clamd to use sent file descriptor
      Add interfaces to control ntpd_unit_t systemd services
      interface to enable/disable systemd_networkd service
      Interface to read cron_system_spool_t
      Allow X (xserver_t) to read /proc/sys/crypto/fips_enabled
      Allow kmod to read /proc/sys/crypto/fips_enabled
      Allow dbus to access /proc/sys/crypto/fips_enabled
      Add missing require for 'daemon' attribute.
      Allow auditctl_t to read bin_t symlinks.

Dominick Grift (1):
      unconfined: add a note about DBUS

Guido Trentalancia (1):
      Add sigrok contrib module

Jagannathan Raman (1):
      vhost: Add /dev/vhost-scsi device of type vhost_device_t.

Jason Zaman (10):
      selinux: compute_access_vector requires creating netlink_selinux_sockets
      mozilla: xdg updates
      xserver: label .cache/fontconfig as user_fonts_cache_t
      Allow map xserver_misc_device_t for nvidia driver
      iptables: fcontexts for 1.8.0
      devices: introduce dev_dontaudit_read_sysfs
      files: introduce files_dontaudit_read_etc_files
      kernel: introduce kernel_dontaudit_read_kernel_sysctl
      userdomain: introduce userdom_user_home_dir_filetrans_user_cert
      Add chromium policy upstreamed from Gentoo

Laurent Bigonville (10):
      policy/support/obj_perm_sets.spt: modify indentation of mmap_file_perms to
         make sepolgen-ifgen happy
      Add xdp_socket security class and access vectors
      irqbalance now creates an abstract socket
      Allow semanage_t to connect to system D-Bus bus
      Allow ntpd_t to read init state
      Add systemd_dbus_chat_resolved() interface
      Allow sysnet_dns_name_resolve() to use resolved to resolve DNS names
      Allow systemd_resolved_t to bind to port 53 and use net_raw
      Allow iscsid_t to create a netlink_iscsi_socket
      Allow minissdpd_t to create a unix_stream_socket

Luis Ressel (7):
      corecommands: Fix /usr/share/apr* fc
      xserver: Allow user fonts (and caches) to be mmap()ed.
      Add fc for /var/lib/misc/logrotate.status
      Realign logrotate.fc, remove an obvious comment
      miscfiles: Label /usr/share/texmf*/fonts/ as fonts_t
      services/ssh: Don't audit accesses from ssh_t to /dev/random
      system/init: Give init_spec_daemon_domain()s the "daemon" attribute

Lukas Vrabec (1):
      Improve domain_transition_pattern to allow mmap entrypoint bin file.

Nicolas Iooss (11):
      fstools: label e2mmpstatus as fsadm_exec_t
      ssh: use dac_read_search instead of dac_override
      selinuxutil: allow restorecond to try counting the number of files in
         cgroup fs
      systemd: allow systemd-logind to use getutxent()
      Allow systemd-journald to read systemd unit symlinks
      Label service binaries in /usr/bin like /usr/sbin
      init: rename *_pid_* interfaces to use "runtime"
      systemd: add policy for systemd-rfkill
      selinuxutil: allow restorecond to read symlinks
      selinuxutil: restorecond is buggy when it dereferencies symlinks
      dbus: allow using dynamic UID

Petr Vorel (1):
      dnsmasq: Require log files to have .log suffix

Russell Coker (19):
      misc services patches
      misc interfaces
      last misc stuff
      systemd related interfaces
      systemd misc
      missing from previous
      cron trivial
      mls stuff
      logging
      some little stuff
      trivial system cronjob
      another trivial
      more tiny stuff
      map systemd private dirs
      tiny stuff for today
      yet more tiny stuff
      yet another little patch
      chromium
      more misc stuff

Sugar, David (9):
      Allow greeter to start dbus
      pam_faillock creates files in /run/faillock
      Add interface to get status of iptables service
      Add interface to start/stop iptables service
      label journald configuraiton files syslog_conf_t
      Interface with systemd_hostnamed over dbus to set hostname
      Modify type for /etc/hostname
      Add interface clamav_run
      Add interface to read journal files

Yuli Khodorkovskiy (1):
      ipsec: add missing permissions for pluto

* Sun Jul 01 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180701
Chris PeBenito (28):
      Enable cgroup_seclabel and nnp_nosuid_transition.
      Misc dbus fixes from Russell Coker.
      Simple map patch from Russell Coker.
      another trivial dbus patch from Russell Coker.
      Merge branch 'xtable-proc' of https://github.com/bigon/refpolicy
      iptables: Module version bump.
      Update contrib.
      .travis.yml: Change to master branch for sctp support.
      corenetwork, init: Module version bump.
      Module version bumps for patches from James Carter.
      Update contrib.
      init, logging, sysnetwork, systemd, udev: Module version bump.
      sysnetwork: Move lines in sysnet_read_config().
      sysnetwork: Module version bump.
      init: Module version bump.
      Remove deprecated flask.py script.
      Switch all remaining Python references to the Python 3 interpreter.
      systemd: Move lines.
      corecommands: Module version bump.
      Makefile: Tweak cli output.
      XDG: Module version bump.
      Remove refpolicy-contrib submodule.
      Re-add policy modules from old refpolicy-contrib submodule.
      Move all files out of the old contrib directory.
      Changelog.contrib: Add note about refpolicy-contrib removal.
      sysnetwork: Module version bump.
      xdg, xserver, mplayer, games: Module version bump.
      Bump module versions for release.

Christian Göttsche (1):
      add definition of bpf class and systemd perms

Dave Sugar (8):
      Fix problems booting with fips=1
      Interface to read /run/systemd/resolve/resolv.conf
      Allow systemd-resolved to read sysctl
      Allow systemd_resolved to read systemd_networkd runtime files
      Allow systemd-resolved to connect to system dbusd
      systemd-resolved uses notify to indicate status
      policy for systemd-update-done
      policy for systemd-hwdb

James Carter (8):
      Removed unnecessary semicolons
      Mark unused parameters as unused
      Move the use of var_log_t from authlogin.fc to logging.fc
      Move the use of initrc_var_run_t from files.fc to init.fc
      Move use of systemd_unit_t from systemd.fc to init.fc
      Move use of user_devpts_t from terminal.fc to userdomain.fc
      Remove undeclared identifiers from interfaces
      Remove undeclared identifiers from xserver interface

Jason Zaman (9):
      sysnetwork: put systemd_read_resolved_runtime in an ifdef
      init: Add filetrans for /run/initctl
      corecommands: adjust gcc fcontext to also work on musl
      userdom: remove filetrans from userdom_user_content_access_template
      xdg: Add map perms, also make lnk_file, dirs consistent
      xdg: filetrans should not add filetrans from user_home_dir
      xdg: Introduce xdg_search_cache_dirs
      xserver: Add mesa_shader_cache for GLSL in ~/.cache/mesa_shader_cache/
      apps: rw mesa_shader_cache

Laurent Bigonville (1):
      Label /etc/hosts.allow as net_conf_t

Miroslav Grepl (1):
      xtables-multi wants to getattr of the proc fs

Richard Haines (1):
      refpolicy: Update for kernel sctp support

Sven Vermeulen (7):
      Add gentemplates.sh to extract template content
      Update segenxml to include support for templated booleans and tunables
      Generate template code and update genxml call for documentation generation
      freedesktop location support
      Allow X server users to manage all xdg resources
      helper interfaces to read/manage all user content
      tunable-managed user content access template

* Sun Jan 14 2018 Chris PeBenito <pebenito@ieee.org> - 2.20180114
Adam Duskett (1):
      fix regex escape sequence error.

Anthony PERARD (1):
      Update for Xen 4.7

Chad Hanson (1):
      Fix implementation of MLS file relabel attributes

Chris PeBenito (74):
      Module version bump for patches from Guido Trentalancia and Anthony
         PERARD.
      Rules.modular: Fix file context verification.
      Remove deprecated interfaces older than one year old.
      .travis.yml: Use git tag instead of release tarball for selinux userspace.
      kernel: Module version bump for patch from Nicolas Iooss.
      Remove complement and wildcard in allow rules.
      logging: Move line.
      Module version bump for patches from Nicolas Iooss.
      Module version bump for fixes from Nicolas Iooss.
      Update contrib.
      dbus: move comments out of the file context definitions
      Update contrib.
      systemd, udev: Module version bump.
      systemd: Whitespace fix.
      Module version bump for patches from Nicolas Iooss.
      init: Move fc lines.
      init: Module version bump for patch from Dave Sugar.
      files: Move files_check_write_pid_dirs interface.
      terminal: Rename term_create_devpts.
      Several module version bumps.
      init: Move init_spec_daemon_domain implementation.
      Module version bumps.
      init: Rename init_rlimit_inherit to init_inherit_rlimit.
      init: Whitespace fix.
      Module version bumps.
      spamassassin: Fix build error.
      init: Fix XML error.
      spamassassin: Add missing requirement in spamassassin_admin().
      sysadm,fstools: Module version bump.
      authlogin, logging, udev: Module version bump.
      init: Remove sm-notify.pid fc entry which collides with the rpc module.
      corecommands, xserver, systemd, userdomain: Version bumps.
      Update contrib.
      Update contrib.
      corecommands: Module version bump.
      init: Module version bump.
      Merge pull request #125 from lalozano/master
      devices: Module version bump.
      Module version bumps.
      Merge branch 'master' of git://github.com/davidgraz/refpolicy
      ipsec: Module version bump.
      Merge branch 'master' of git://github.com/aduskett/refpolicy
      init: Clean up line placement in init_systemd blocks.
      files: Whitespace fix.
      Merge branch 'systemd-networkd'
      files, init, sysnetwork, systemd: Module version bumps.
      Merge pull request #128 from williamcroberts/fc-sort-fixups
      Update contrib.
      files, netutils: Module version bump.
      miscfiles: Module version bump.
      Update contrib.
      files, userdomain: Module version bump.
      kernel, mls, sysadm, ssh, xserver, authlogin, locallogin, userdomain:
         Module version bumps.
      Several module version bumps.
      Module version bumps.
      dmesg, locallogin, modutils: Module version bump.
      loadable_module.spt: Add debugging comments for tunable_policy blocks.
      networkmanager: Grant access to unlabeled PKeys
      filesystem: Rename fs_relabel_cgroup_lnk_files.
      corcmd, fs, xserver, init, systemd, userdomain: Module version bump.
      xserver, sysnetwork, systemd: Module version bump.
      xserver: Module version bump.
      init: Module version bump.
      Update contrib.
      mls, xserver, systemd, userdomain: Module version bump.
      storage, userdomain: Module version bump.
      Add new mmap permission set and pattern support macros.
      Add missing mmap_*_files_pattern macros.
      Revise mmap_file_perms deprecation warning message.
      Update contrib.
      hostname: Module version bump.
      Update contrib.
      init: Module version bump.
      Bump module versions for release.

Christian Göttsche (6):
      update travis
      rkhunter: add interfaces for var_run and lock dir access check
      dphysswapfile: add interfaces and sysadm access
      hostname: cmdline usage + signal perms sort
      filesystem: add fs_rw_inherited_hugetlbfs_files for apache module
      init: add init_rw_inherited_stream_socket

David Graziano (1):
      system/ipsec: Add signull access for strongSwan

David Sugar (20):
      Strip spaces from NAME
      Separate read and write interface for tun_tap_device_t
      Label RHEL specific systemd binaries
      Label /etc/rsyslog.d as syslog_conf_t
      Add init_spec_daemon_domain interface
      Add status into init_startstop_service interface
      Add int_rlimit_inherit interface
      remove interface init_inherit_rlimit
      Fix problem labeling /run/log/journal/*
      Denial relabeling /run/systemd/private
      policy for systemd-networkd
      Label /var/lib/lightdm-data
      Change label for ~/.xsession-errors
      Work around systemd-logind patch not in RHEL 7.x yet
      RHEL 7.4 has moved the location of /usr/libexec/sesh to
         /usr/libexec/sudo/sesh
      Create interfaces to write to inherited xserver log files.
      label systemd-shutdown so shutdown works
      Make an attribute for objects in /run/user/%{USERID}/*
      Make xdm directories created in /run/user/%{USERID}/ xdm_runtime_t
         (user_runtime_content_type)
      Allow systemd_logind to delete user_runtime_content_type files

David Sugar via refpolicy (2):
      label /etc/mcelog/mcelog.setup correctly (for RHEL)
      Allow xdm_t to read /proc/sys/crypto/fips_enabled

Guido Trentalancia (4):
      userdomain: allow netlink_kobject_uvent_socket creation
      xserver: do not audit ioctl operations on log files
      fc_sort: memory leakages
      base: create a type for SSL private keys

Jason Zaman (8):
      Allow sysadm to map all non auth files
      userdomain: allow admin to rw tape storage
      files: fcontext for /etc/zfs/zpool.cache
      mls mcs: Add constraints for key class
      Add key interfaces and perms
      gssproxy: Allow others to stream connect
      userdomain: Allow public content access
      storage: Add fcontexts for NVMe disks

Jason Zaman via refpolicy (3):
      udev: map module objects to load kernel modules
      syslog: allow map persist file
      sudo: add fcontext for /run/sudo/ts/USERNAME

Konrad Rzeszutek Wilk (2):
      kernel/xen: Update for Xen 4.6
      kernel/xen: Add map permission to the dev_rw_xen

Krzysztof Nowicki (2):
      Add policy for systemd GPT generator
      Allow systemd to relabel cgroupfs legacy symlinks

Laurent Bigonville (2):
      Allow domains using sysnet_dns_name_resolve() interface to access NSS
         mymachines files
      Add private type for systemd logind inhibit files and pipes

Luis A. Lozano (1):
      Avoid memory leak warning.

Luis Ressel (15):
      modutils: libkmod mmap()s modules.dep and *.ko's
      libraries: ldconfig maps its "aux-cache" during cache updates
      userdomain: Add various interfaces granting the map permission
      files: Create files_map_usr_files interface
      selinuxutil: Add map permissions neccessary for semanage
      kernel: Add map permission to the dev_{read, write}_sound* interfaces
      miscfiles: Allow libfontconfig consumers to map the fonts cache
      userdomain: man-db needs to map its 'index.db' cache
      logging: Various audit tools (auditctl, ausearch, etc) map their config
         and logs
      Grant all permissions neccessary for Xorg and basic X clients
      libraries: Add fc entry for musl's ld.so config
      xserver: Allow xdm_t to map usr_t files
      locallogin: Grant local_login_t the dac_read_search capability
      dmesg: Grant read access to /usr/share/terminfo
      modutils: Dontaudit CAP_SYS_ADMIN checks for modprobe

Luis Ressel via refpolicy (2):
      kernel/files.if: files_list_kernel_modules should grant read perms for
         symlinks
      netutils: Grant netutils_t map perms for the packet_socket class

Nicolas Iooss (9):
      Add module_load permission to self when loading modules is allowed
      audit: allow reading /etc/localtime
      corecommands: label dhcpcd hook scripts bin_t
      Add "/usr/(.*/)?bin(/.*)?" pattern back
      Allow dhcpcd to use generic netlink and raw IP sockets
      corecommands: label Arch Linux pacman's scripts as bin_t
      init: allow systemd to create /dev/pts as devpts_t
      init: allow systemd to relabel /dev and /run
      corecommands: label systemd script directories bin_t

Nicolas Iooss via refpolicy (1):
      terminal: /dev/pts exists in /dev filesystem

Russell Coker (4):
      systemd nspawn and backlight
      udev and dhcpd
      minor nspawn, dnsmasq, and mon patches
      refpolicy and certs

William Roberts (1):
      fc_sort: use calloc instead of malloc

* Sat Aug 05 2017 Chris PeBenito <pebenito@ieee.org> - 2.20170805
Chris PeBenito (134):
      Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker.
      usrmerge FC fixes from Russell Coker.
      Systemd tmpfiles fix for kmod.conf from Russell Coker.
      Update contrib.
      mon policy from Russell Coker.
      Fix contrib commit.
      Revert "bootloader: stricter permissions and more tailored file contexts"
      Module version bump for bootloader patch revert.  Plus compat alias.
      Update contrib.
      Sort capabilities permissions from Russell Coker.
      Update contrib.
      Little misc patches from Russell Coker.
      Implement WERROR build option to treat warnings as errors.
      Fix Travis-CI WERROR support.
      Travis-CI: Terminate build immediately on error.
      mon: Fix deprecated interface usage.
      Merge branch 'setfiles_getattr' of git://github.com/cgzones/refpolicy
      Merge branch 'sysadm_fixes' of git://github.com/cgzones/refpolicy
      Merge branch 'corecmd_module' of git://github.com/cgzones/refpolicy
      Merge branch 'var_and_run' of git://github.com/cgzones/refpolicy
      Module version bump for changes from cgzones.
      Merge pull request #98 from cgzones/admin_process_pattern
      Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy
      Module version bump for hostname fix from cgzones.
      Only display the WERROR notice if there actually are errors.
      Merge branch 'master' of github.com:TresysTechnology/refpolicy
      dpkg: Updates from Russell Coker.
      Monit policy from Russell Coker and cgzones.
      monit: Fix build error.
      fetchmail, mysql, tor: Misc fixes from Russell Coker.
      Merge branch 'systemd_transient' of git://github.com/cgzones/refpolicy
      Merge branch 'selinuxutil_module' of git://github.com/cgzones/refpolicy
      Module version bump for selinuxutil and systmd changes from cgzones.
      Merge branch 'cgroups_fix' of git://github.com/cgzones/refpolicy
      Module version bump for cgroups systemd fix from cgzones.
      alsa, vnstat: Updates from cgzones.
      Merge branch 'init_ntp_interface' of git://github.com/cgzones/refpolicy
      Module version bump for ntp fixes from cgzones.
      Systemd fixes from Russell Coker.
      Fix CI errors.
      Module version bump for CI fixes.
      Xen fixes from Russell Coker.
      mailman: Fixes from Russell Coker.
      init: Rename init_search_pid_dirs() to init_search_pids().
      init: Move interface and whitespace change.
      systemd: Further revisions from Russell Coker.
      Fix typo in README.
      Network daemon patches from Russell Coker.
      apache: Fix CI error.
      devices: Fix docs for dev_write_generic_sock_files().
      Merge branch 'su_module' of git://github.com/cgzones/refpolicy
      Merge branch 'newrole_fixes' of git://github.com/cgzones/refpolicy
      auth: Move optional out of auth_use_pam_systemd() to callers.
      Merge branch 'locallogin_module' of git://github.com/cgzones/refpolicy
      Module version bump for patches from cgzones.
      Merge branch 'userdom_terminals_permit_open' of
         git://github.com/cgzones/refpolicy
      Module version bump for user terminal improvments from cgzones.
      Merge branch 'monit_depend' of git://github.com/cgzones/refpolicy
      Module version bump for misc fixes from cgzones.
      Merge pull request #103 from fishilico/validate_modular_fc
      Merge branch 'getty_module' of git://github.com/cgzones/refpolicy
      Module version bump for getty patch from cgzones.
      Merge branch 'modutils_module' of git://github.com/cgzones/refpolicy
      Merge branch 'fix_usr_bin_merge' of git://github.com/cgzones/refpolicy
      Module version bumps for fixes from cgzones.
      Merge branch 'lvm' of git://github.com/cgzones/refpolicy
      Merge branch 'macros' of git://github.com/cgzones/refpolicy
      Module version bump for fixes from cgzones.
      Module version bump for fixes from cgzones.
      dontaudit net_admin for SO_SNDBUFFORCE
      /var/run -> /run again
      Merge branch 'var_run' of git://github.com/cgzones/refpolicy
      Module version bump from /var/run fixes from cgzones.
      Merge branch 'monit' of git://github.com/cgzones/refpolicy
      Module version bump for monit patch from cgzones
      another version of systemd cgroups hostnamed and logind
      Merge pull request #109 from cgzones/python3
      systemd-resolvd, sessions, and tmpfiles take2
      systemd-nspawn again
      Merge pull request #112 from cgzones/remove_support/pyplate
      Misc fc changes from Russell Coker.
      Systemd-related changes from Russell Coker.
      Merge pull request #115 from fishilico/python_raw_strings
      Module version bump for misc fixes from Guido Trentalancia.
      systemd init from Russell Coker
      more systemd stuff from Russell Coker
      misc daemons from Russell Coker.
      bootloader from Russell Coker.
      kmod, lvm, brctl patches from Russell Coker
      devicekit, mount, xserver, and selinuxutil from Russell Coker
      another bootloader patch from Russell Coker
      some userdomain patches from Russell Coker
      corecommands: Add fc escaping for previous patch.
      Module version bump for patch from Guido Trentalancia
      Module version bump from fixes from Guido Trentalancia.
      xdm sigchld interface from Russell Coker.
      Further strict systemd fixes from Russell Coker.
      Update contrib.
      locallogin: Move two sulogin lines.
      Login take 4 from Russell Coker.
      Rename apm to acpi from Russell Coker.
      Module version bump for patches from Russell Coker and Guido Trentalancia.
      some little misc things from Russell Coker.
      apt/dpkg strict patches from Russell Coker.
      little misc strict from Russell Coker.
      locallogin: Move one line.
      Module version bump for locallogin patch from Guido Trentalancia.
      Module version bump for minor fixes from Guido Trentalancia.
      Merge branch 'usr_bin_fc' of
         git://github.com/fishilico/selinux-refpolicy-patched
      Module version bump for /usr/bin fc fixes from Nicolas Iooss.
      Module version bump for changes from Jason Zaman and Luis Ressel.
      init: add comment for ProtectSystem.
      Module version bump for systemd fix from Krzysztof Nowicki.
      Update contrib
      Module version bump for libmtp from Guido Trentalancia.
      corenet/sysadm: Move lines.
      Module version bump for infiniband policy from Daniel Jurgens.
      Module version bump for mmap fixes from Stephen Smalley.
      Update contrib.
      Module version bumps for patches from Jason Zaman.
      filesystem: Fix error in fs_cgroup_filetrans().
      Module version bumps for patches from Jason Zaman.
      gpg: Module version bump for patch from Guido Trentalancia.
      miscfiles: Module version bump for patch from Luis Ressel.
      Module version bump for patches from cgzones.
      Module version bump for patches from cgzones.
      netutils: Module version bump for patch from Luis Ressel.
      README: Update build requirements.
      travis-ci: Update to 2.7 userspace release.
      Enable extended_socket_class policy capability;
      Add nnp_nosuid_transition policycap and related class/perm definitions.
      Add cgroup_seclabel policycap.
      init: Add NoNewPerms support for systemd.
      Bump module versions for release.

Daniel Jurgens (1):
      refpolicy: Infiniband pkeys and endports

Guido Trentalancia (8):
      userdomain: do not audit netlink socket creation attempts
      corecommands: new file contexts for Gnome applications
      locallogin: fix the sulogin submodule (emergency shell!)
      locallogin: fine tune DAC override permissions
      kernel: low-priority update
      init: smoother system boot
      base: role changes for the new libmtp module
      fc_sort: avoid compiler warning/error

Guido Trentalancia via refpolicy (1):
      xserver: fix iceauth_home_t file context creation

Jason Zaman (6):
      authlogin: put interface properly inside optional
      libraries: update wildcard /usr/lib fcontext
      appconfig: Add openrc_contexts file
      corecommands: add consolekit fcontexts
      dirmngr: add to roles
      filesystem: introduce fs_cgroup_filetrans interface

Krzysztof Nowicki (1):
      Enable /etc directory protection using ProtectSystem

Luis Ressel (5):
      system/selinuxutil: Allow semanage to execute its tmp files
      system/miscfiles: Generalize the man_t fc's
      netutils: Mix nmap perms in with the other traceroute_t perms
      netutils: Add some permissions required by nmap to traceroute_t
      netutils: Allow tcpdump to reduce its capability bounding set

Nicolas Iooss (5):
      Make "validate" target verify file contexts
      devices: fix Debian file contexts
      Use raw strings in regular expressions
      Synchronize file patterns for /usr/bin/mount... and /usr/sbin/mount...
      Support systems with a single /usr/bin directory

Russell Coker (4):
      inherited file and fifo perms
      tiny mon patch
      rw_inherited_file_perms
      new init interfaces for systemd

Stephen Smalley (3):
      refpolicy: Define getrlimit permission for class process
      refpolicy: Define smc_socket security class
      refpolicy: Define and allow map permission

cgzones (40):
      systemd: label /run/systemd/transient as systemd_unit_t
      setfiles: allow getattr to kernel pseudo fs
      sysadm: fix denials
      hostname: small adjustments
      selinuxutil: adjustments
      corecommands: label some binaries as bin_t
      files: no default types for /run and /var/lock
      add admin_process_pattern macro
      systemd_cgroups_t: fix denials
      locallogin: adjustments
      authlogin: introduce auth_use_pam_systemd
      su: some adjustments
      newrole: fix denials
      add corecmd_check_exec_bin_files()
      add fs_getattr_dos_dirs()
      update init_ACTION_all_units
      add init_daemon_lock_file()
      improve documentation for user_user_(inherited_)?user_terminals
      getty: overlook module
      modutils: format filecontexts
      modutils: adjust interfaces after recent binaries merge
      systemd-tmpfiles: refactor runtime configs
      corecommands: fix corecmd_*_bin() for usr merged systems
      corecmd_read_bin_symlinks(): remove deprecated and redundant calls
      modutils: adopt callers to new interfaces
      m4 errprint: add __program__ info
      domtrans_pattern: use inherited fifo perms
      sysadm: add monit admin permissions
      lvm: small adjustments
      convert build scripts to python3
      travis: run make xml, html and install(-.*)? targets
      fix travis and genhomedircon
      remove /var/run file context leftovers
      travis: move after_success tests into script section
      clean up python3 cache on make bare
      rkhunter: add interfaces for rkhunter module and sysadm permit
      iptables: align file contexts
      chkrootkit: add interfaces and sysadm permit
      netutils: update
      iptables: update

* Sat Feb 04 2017 Chris PeBenito <pebenito@ieee.org> - 2.20170204
Chris PeBenito (55):
      Module version bumps for patches from Guido Trentalancia.
      Update contrib.
      Remove unneeded system_u seusers mapping.
      Update contrib.
      Merge pull request #45 from cgzones/travis2
      Merge pull request #46 from cgzones/update_readme
      Merge pull request #47 from cgzones/spelling
      Module version bump for xserver patch from Guido Trentalancia
      Update contrib.
      Merge pull request #50 from cgzones/macros
      Merge pull request #48 from cgzones/makefile
      xserver: Rearrange lines
      Module version bump for xserver changes from Guido Trentalancia.
      Merge branch 'dhcp_avahi' of https://github.com/cgzones/refpolicy
      Module version bumps for patches from cgzones.
      Update contrib.
      Merge branch 'syslogd' of git://github.com/cgzones/refpolicy
      Module version bump for journald fixes from cgzones.
      Merge pull request #57 from cgzones/trailing_whitespaces
      modutils: Move lines.
      Module version bumps for openoffice patches from Guido Trentalancia.
      Module version bump for kernel sysctl patch from Luis Ressel
      Update contrib.
      Module version bump for netutils patch from Luis Ressel.
      Module version bump for xserver patch from Guido Trentalancia.
      Module version bumps for patches from Guido Trentalancia.
      rtkit: enable dbus chat with xdm
      xserver: Move interface definition.
      Module version bump for patches from Guido Trentalancia.
      Module version bump for xscreensaver patch from Guido Trentalancia.
      Merge branch 'run_transition' of git://github.com/cgzones/refpolicy
      Module version bumps for /run fc changes from cgzones.
      Module version bump for patches from Guido Trentalancia.
      Merge branch '2016-12-27_systemd' of
         git://github.com/fishilico/selinux-refpolicy-patched
      Module version bump for systemd patch from Nicolas Iooss.
      Merge branch 'usr-fc' of
         git://github.com/fishilico/selinux-refpolicy-patched
      Module version bump for fc updates from Nicolas Iooss.
      Module version bump for patches from Guido Trentalancia.
      xserver: Update from Russell Coker for boinc.
      Module version bump for patches from Guido Trentalancia.
      Merge pull request #62 from cgzones/fix_permission_segenxml
      Merge pull request #94 from cgzones/travis
      Merge branch 'corenetork_module' of git://github.com/cgzones/refpolicy
      Merge branch 'mount_module' of git://github.com/cgzones/refpolicy
      Merge branch 'terminal_module' of git://github.com/cgzones/refpolicy
      Merge branch 'files_search_src' of git://github.com/cgzones/refpolicy
      Merge branch 'unconfined_module' of git://github.com/cgzones/refpolicy
      Merge branch 'auditd_fixes' of git://github.com/cgzones/refpolicy
      Module version bumps for patches from cgzones.
      Module version bump for cpu_online genfscon from Laurent Bigonville.
      Update contrib.
      Fix contrib.
      Module version bump for cups patch from Guido Trentalancia.
      Module version bump for xkb fix from Jason Zaman.
      Bump module versions for release.

Guido Trentalancia (19):
      xserver: remove unneeded user content permissions
      xserver: remove unneeded user content permissions
      Apache OpenOffice module (base policy part)
      xserver: enable dbus messaging with devicekit power
      authlogin: indentation/whitespace fix
      wm: update the window manager (wm) module and enable its role template
         (v7)
      userdomain: separate optional conditionals for gnome and wm role templates
      udev: manage tmpfs files and directories
      udev: always enable kernel module loading
      base: enable the xscreensaver role
      bootloader: stricter permissions and more tailored file contexts
      modutils: update to run in confined mode
      base: use new genhomedircon template for username
      kernel: missing permissions for confined execution
      xserver: introduce new fc and interface to manage X session logs
      kernel: add missing plymouth interface
      xserver: restrict executable memory permissions
      init: support sysvinit
      udev: execute HPLIP applications in their own domain

Guido Trentalancia via refpolicy (4):
      Let users read/manage symlinks on fs that do not support xattr
      Let unprivileged users list mounted filesystems
      Let the user list noxattr fs directories
      sysadm: add the shutdown role

Jason Zaman (1):
      xserver: allow X roles to read xkb libs to set keymaps

Laurent Bigonville (1):
      Use genfscon to label /sys/devices/system/cpu/online as cpu_online_t

Luis Ressel (3):
      system/modutils: Add kernel_search_key(kmod_t)
      kernel.if: Allow listing /proc/sys/net/unix
      netutils: Label iptstate as netutils_t

Nicolas Iooss (4):
      systemd: add systemd-backlight policy
      systemd: add systemd-binfmt policy
      Allow searching /proc/sys/fs when using /proc/sys/fs/binfmt_misc
      Add file contexts in /usr for /bin, /usr/sbin and /usr/lib

Russell Coker (1):
      single binary modutils

Stephen Smalley (2):
      refpolicy: Define extended_socket_class policy capability and socket
         classes
      refpolicy: drop unused socket security classes

cgzones (21):
      update .travis.yml
      update README
      fix spelling
      update Makefile
      update policy/support macros
      review
      keep 2 empty lines in front of a new section
      using intermediate target instead of splitting up conf files generation
      define filecontext for /run/agetty.reload
      allow dhcp_t to domtrans into avahi
      fix syslogd audits
      remove trailing whitespaces
      transition file contexts to /run
      fix permission of installed segenxml.py by install-headers
      auditd / auditctl: fix audits
      add files_search_src()
      update unconfined module * grant capability2:wake_alarm * remove
         deprecated interfaces
      update terminal module
      update corenetwork module
      use travis cache
      update mount module

* Sun Oct 23 2016 Chris PeBenito <pebenito@ieee.org> - 2.20161023
Chris PeBenito (94):
      Module version bump for systemd-user-sessions fc entry from Dominick Grift
      Module version bumps for 2 patches from Dominick Grift.
      Module version bump for vm overcommit sysctl interfaces from Laurent
         Bigonville.
      Update contrib.
      Module version bump for Xorg and SSH patches from Nicolas Iooss.
      Add neverallow for mac_override capability. It is not used by SELinux.
      Merge branch 'overcommit-1' of git://github.com/bigon/refpolicy into
         bigon-overcommit-1
      Merge branch 'bigon-overcommit-1'
      Merge branch 'systemd-1' of git://github.com/bigon/refpolicy into
         bigon-systemd-1
      Merge branch 'bigon-systemd-1'
      Module version bump for syslog and systemd changes from Laurent Bigonville
      Merge pull request #19 from shootingatshadow/fc_sort
      Merge branch 'xorg-1' of git://github.com/bigon/refpolicy into
         bigon-xorg-1
      Merge branch 'bigon-xorg-1'
      Module version bump for Debian Xorg fc fixes from Laurent Bigonville
      Add a type and genfscon for nsfs.
      Module version bump for systemd PrivateNetwork patch from Nicolas Iooss
      Module version bump for systemd audit_read capability from Laurent
         Bigonville
      Merge pull request #21 from fishilico/typos
      Module version bump for patches from Nicolas Iooss and Grant Ridder.
      Update contrib.
      Module version bump for efivarfs patches from Dan Walsh, Vit Mojzis, and
         Laurent Bigonville
      Module version bump for ipset fc entry from Laurent Bigonville.
      Update contrib.
      Whitespace fix in iptables.fc.
      Module version bump for iptables fc entries from Laurent Bigonville and
         Lukas Vrabec.
      Update contrib.
      Module version bump for iptables/firewalld patch from Laurent Bigonville.
      Merge pull request #29 from bigon/appconfig-lxc
      Module version bump for getty patch from Luis Ressel.
      Module version bump for tboot utils from Luis Ressel and systemd fix from
         Jason Zaman.
      Merge branch 'corecommands-archlinux' of
         https://github.com/fishilico/selinux-refpolicy-patched
      Merge branch 'dev_setattr_dlm_control-typo' of
         https://github.com/fishilico/selinux-refpolicy-patched
      Merge branch 'kdevtmpfs-unlink' of
         https://github.com/fishilico/selinux-refpolicy-patched
      Module version bump for several Arch fixes from Nicolas Iooss.
      Update contrib.
      Reduce broad entrypoints for unconfined domains.
      Update Travis-CI build to newest SELinux userspace release.
      Update su for libselinux-2.5 changes.
      Merge branch 'selinux-1' of https://github.com/bigon/refpolicy
      Module version bump for Debian fc entries from Laurent Bigonville.
      Module version bump for patches from Dominick Grift and Lukas Vrabec.
      Add user namespace capability object classes.
      Module version bump for hwloc-dump-hwdata from Dominick Grift and Grzegorz
         Andrejczuk.
      Module version bump for nftables fc entry from Jason Zaman.
      Update contrib.
      Module version bump for LMNR port from Laurent Bigonville.
      Module version bump for systemd-resolved patch from Laurent BIgonville.
      Merge branch 'master' of https://github.com/qqo/refpolicy into qqo-master
      Merge branch 'qqo-master'
      Module version bump for mlstrustedsocket from qqo.
      Module version bumps + contrib update for user_runtime from Jason Zaman.
      Update contrib.
      Module version bump for corecommands update from Garrett Holmstrom.
      Module version bump for MLS relabeling patch from Lukas Vrabec.
      Get attributes of generic ptys, from Russell Coker.
      Module version bump for user_udp_server tunable from Russell Coker.
      libraries: Move libsystemd fc entry.
      libraries: Module version bump for libsystemd fc entry from Lukas Vrabec.
      Update contrib.
      Systemd units from Russell Coker.
      corenetwork: Add port labeling for Global Catalog over LDAPS.
      corenetwork: Missed version bump for previous commit.
      Update contrib.
      Allow the system user domains to chat over dbus with a few other domains
         (e.g. gnome session).
      Update alsa module use from Guido Trentalancia.
      Update the sysnetwork module to add some permissions needed by the dhcp
         client (another separate patch makes changes to the ifconfig part).
      Ifconfig should be able to read firmware files in /lib (i.e. some network
         cards need to load their firmware) and it should not audit attempts to
         load kernel modules directly.
      Remove redundant libs_read_lib_files() for ifconfig_t.
      Module version bump for various patches from Guido Trentalancia.
      Update contrib.
      Update for the xserver module:
      userdomain: Fix compile errors.
      Update contrib.
      Merge pull request #38 from fishilico/travis-nosudo
      Module version bump for module_load perm use from Guido Trentalancia.
      Update contrib.
      Merge pull request #39 from rfkrocktk/feature/vagrant
      Merge pull request #40 from jer-gentoo/patch-1
      userdomain: Move enable_mls block in userdom_common_user_template().
      Module version bumps for LVM and useromain patches from Guido
         Trentalancia.
      Update contrib.
      Additional change from Guido Trentalancia related to evolution.
      Module version bump for selinuxutil fix from Jason Zaman.
      Update contrib.
      Update contrib.
      Merge branch 'feature/syncthing' of https://github.com/rfkrocktk/refpolicy
         into rfkrocktk-feature/syncthing
      Merge branch 'rfkrocktk-feature/syncthing'
      Module version bumps for syncthing from Naftuli Tzvi Kay.
      Merge pull request #41 from SeanPlacchetti/patch-1
      Merge pull request #42 from SeanPlacchetti/patch-1
      Merge pull request #43 from williamcroberts/google-patch
      Update contrib.
      Bump module versions for release.

Dan Walsh (1):
      Add label for efivarfs

Dominick Grift (5):
      systemd: add missing file context spec for systemd-user-sessions
         executable file
      authlogin: remove duplicate files_list_var_lib(nsswitch_domain)
      kernel: implement sysctl_vm_overcommit_t for
         /proc/sys/vm/overcommit_memory
      systemd: Add support for --log-target
      Update refpolicy to handle hwloc

Garrett Holmstrom (1):
      corecmd: Remove fcontext for /etc/sysconfig/libvirtd

Grant Ridder (1):
      Add redis-sentinel port to redis network_port def

Guido Trentalancia (6):
      Add module_load permission to class system
      Add module_load permission to can_load_kernmodule
      Remove deprecated semodule options from Makefile
      Update the lvm module
      Improve tunable support for rw operations on noxattr fs / removable media
      userdomain: introduce the user certificate file context (was miscfiles:
         introduce the user certificate file context)

Jason Zaman (6):
      system/init: move systemd_ interfaces into optional_policy
      iptables: add fcontext for nftables
      authlogin: remove fcontext for /var/run/user
      userdomain: Introduce types for /run/user
      userdomain: user_tmp requires searching /run/user
      userdomain: introduce interfaces for user runtime

Jason Zaman via refpolicy (1):
      selinuxutil: allow setfiles to read semanage store

Jeroen Roovers (1):
      Use $(AWK) not plain awk

Laurent Bigonville (15):
      Add interfaces to read/write /proc/sys/vm/overcommit_memory
      Give some systemd domain access to /proc/sys/kernel/random/boot_id
      On Debian, systemd binaries are installed in / not /usr
      Allow syslogd_t to read sysctl_vm_overcommit_t
      Label Xorg server binary correctly on Debian
      Allow systemd the audit_read capability
      Allow logind to read efivarfs files
      Add label for /sbin/ipset
      Label /var/run/ebtables.lock as iptables_var_run_t.
      Allow {eb,ip,ip6}tables-restore to read files in /run/firewalld
      Add lxc_contexts config file
      Add some labels for SELinux tools path in Debian
      Add the validate_trans access vector to the security class
      Add llmnr/5355 (Link-local Multicast Name Resolution)
      Add policy for systemd-resolved

Luis Ressel (2):
      Allow getty the sys_admin capability
      Allow sysadm to run txt-stat.

Lukas Vrabec (4):
      Label /var/run/xtables.lock as iptables_var_run_t.
      SELinux support for cgroup2 filesystem.
      Add new MLS attribute to allow relabeling objects higher than system low.
         This exception is needed for package managers when processing sensitive
         data.
      Systemd by version 231 starts using shared library and systemd daemons
         execute it. For this reason lib_t type is needed.

Mike Palmiotto (1):
      Add mls support for some db classes

Naftuli Tzvi Kay (2):
      Add Syncthing Support to Policy
      Add Vagrant box for development.

Nicolas Iooss (18):
      Label Xorg server binary correctly on Arch Linux
      Label OpenSSH files correctly on Arch Linux
      Label OpenSSH systemd unit files
      Allow systemd services to use PrivateNetwork feature
      Fix typo in init_dbus_chat requirements
      Fix typos in comments from corenetwork module
      man: Spelling fixes
      Fix interface descriptions when duplicate ones are found
      Label /sys/kernel/debug/tracing filesystem
      Label TexLive scripts bin_t
      Label system-config-printer applet properly on Arch Linux
      Label gedit plugins properly on Arch Linux
      Label some user session DBus services as bin_t
      Do not label /usr/lib/gvfs/libgvfscommon.so as bin_t
      Fix typo in dev_setattr_dlm_control interface requirements
      Allow kdevtmpfs to unlink fixed disk devices
      Fix typo in module compilation message
      Make Travis-CI build without using sudo

Rahul Chaudhry (1):
      fc_sort: cleanup warnings caught by clang tidy / static analyzer.

Russell Coker (2):
      user_udp_server tunable
      getattr on unlabeled blk devs

Sean Placchetti (2):
      Update to refpolicy spec file
      Update specfile

Vit Mojzis (1):
      Add interface to allow reading files in efivarfs - contains Linux Kernel
         configuration options for UEFI systems (UEFI Runtime Variables)

William Roberts (1):
      fc_sort: strip whitespace errors

qqo (1):
      Adds attribute mlstrustedsocket, along with the interface.

* Tue Dec 08 2015 Chris PeBenito <selinux@tresys.com> - 2.20151208
Alexander Wetzel (1):
      adds vfio device support to base policy

Chris PeBenito (48):
      Module version bump for optional else block removal from Steve Lawrence.
      Add always_check_network policy capability.
      Update contrib.
      Fix domain_mmap_low() to be a proper tunable.
      Add initial Travis CI configuration.
      Travis CI already exports variables.
      Add validate target for monolithic policy.
      Update contrib.
      Use matrix keyword to simplify travis-ci build definitions.
      Undo last commit.
      Simplify travis-ci build handling of SELinux toolchain.
      Update contrib.
      Module version bump for fstools blkid fix from Jason Zaman
      Update contrib.
      Module version bump for debufs mount point fc entry from Laurent
         Bigonville.
      Module version bump for updated netlink sockets from Stephen Smalley
      Update contrib.
      Module version bump for init_startstop_service from Jason Zaman.
      Update contrib.
      Change CI tests to drop DIRECT_INITRC.
      Module version bumps for further init_startstop_service() changes from
         Jason Zaman.
      Module version bump for admin interface changes from Jason Zaman.
      Update contrib.
      Module version bumps for admin interfaces from Jason Zaman.
      Module version bump for cron_admin for sysadm from Jason Zaman.
      Module version bump for ssh-agent -k fix from Luis Ressel.
      Module version bump for APR build script labeling from Luis Ressel.
      Module version bump for vfio device from Alexander Wetzel.
      Update contrib.
      Rearrange lines in ipsec.te.
      Module version bump for patches from Jason Zaman/Matthias Dahl.
      Add systemd build option.
      Add systemd access vectors.
      Implement core systemd policy.
      Add supporting rules for domains tightly-coupled with systemd.
      Add rules for sysadm_r to manage the services.
      Add systemd units for core refpolicy services.
      Add sysfs_types attribute.
      Add refpolicy core socket-activated services.
      Change policy_config_t to a security file type.
      Merge branch 'pebenito-master'
      Module version bump for systemd additions.
      Update contrib for dbus systemd fix.
      Revise selinux module interfaces for perms protected by neverallows.
      Remove bad interface in systemd.if.
      Module version bump for utempter Debian helper from Laurent Bigonville.
      Update contrib.
      Bump module versions for release.

Jason Zaman (13):
      fstools: add in filetrans for /run dir
      Introduce init_startstop_service interface
      logging: use init_startstop_service in _admin interface
      postgresql: use init_startstop_service in _admin interface
      Add openrc support to init_startstop_service
      Introduce iptables_admin
      Add all the missing _admin interfaces to sysadm
      Introduce lvm_admin interface
      Introduce ipsec_admin interface
      Introduce setrans_admin interface
      add new cron_admin interface to sysadm
      Add overlayfs as an XATTR capable fs
      system/ipsec: Add policy for StrongSwan

Laurent Bigonville (4):
      Add fc for /sys/kernel/debug as debugfs_t
      Add "binder" security class and access vectors
      Properly label utempter helper on debian
      Allow the user cronjobs to run in their userdomain

Luis Ressel (2):
      Allow ssh-agent to send signals to itself
      Mark APR build scripts as bin_t

Stephen Smalley (1):
      Update netlink socket classes.

Steve Lawrence (1):
      Remove optional else block for dhcp ping

* Wed Dec 03 2014 Chris PeBenito <selinux@tresys.com> - 2.20141203
Artyom Smirnov (3):
      New database object classes
      Fixes for db_domain and db_exception
      Renamed db_type to db_datatype, to avoid confusion with SELinux "type"

Chris PeBenito (69):
      Whitespace fix in postgresql.fc
      Module version bump for postgresql fc entries from Luis Ressel.
      Add symlink to contrib Changelog for easy reference.
      Move lightdm line in xserver.fc.
      Whitespace fix in xserver.fc.
      Update contrib.
      Module version bump for userdomain kernel symbol table fix from Nicolas
         Iooss.
      Module version bump for 2 Gentoo patches from Sven Vermeulen.
      Update contrib.
      Module version bump for 2 patch sets from Laurent Bigonville.
      Update contrib.
      Module version bump for gnome keyring fix from Laurent Bigonville.
      Update contrib.
      Module version bump for /sys/fs/selinux support from Sven Vermeulen.
      Module version bump for fixes from Laurent Bigonville.
      Update contrib.
      Module version bumps for fc fixes from Nicolas Iooss.
      Update contrib.
      Add file for placing default_* statements.
      Fix error in default_user example.
      Module version bump for unconfined->lvm transition from Nicolas Iooss.
      Need the __future__ import for python2 if using print().
      Module version bump for ifconfig fc entry from Sven Vermeulen.
      Module version bump for deprecated interface usage removal from Nicolas
         Iooss.
      Update contrib.
      Module version bump for rcs2log and xserver updates from Sven Vermeulen.
      Module version bump for shutdown transitions from Luis Ressel.
      Remove firstboot_rw_t as FC5 has been gone for a long time.
      Module version bump for firstboot_rw_t alias removal.
      Module version bump for dropbox port from Sven Vermeulen.
      Module version bump for unconfined syslog cap from Nicolas Iooss.
      Always use the unknown permissions handling build option.
      Merge pull request #1 from artyom-smirnov/master
      Module version bump for zram fc entry from Jason Zaman.
      Update contrib.
      Module version bump for init_daemon_pid_file from Sven Vermeulen.
      Move tumblerd fc entry
      Module version bump for tumblerd fc entry from Jason Zaman.
      Module version bump for libraries fc fix from Nicolas Iooss.
      Update contrib.
      Module version bump for fstools fc entries from Luis Ressel.
      Module version bump for missing unlabeled interfaces from Sven Vermeulen.
      Module version bump for ping rawip socket fix from Luis Ressel.
      Module version bump for full IRC ports from Luis Ressel.
      Move losetup addition in fstools.
      Module version bump for losetup fixes from Luis Ressel.
      Update contrib.
      Module version bump for postgres fc revisions from Luis Ressel.
      Module version bump for FUSE fix for mount from Luis Ressel.
      Module version bump for misc fixes from Nicolas Iooss.
      Move systemd fc entry.
      Whitespace change in logging.fc.
      Add comment for journald ring buffer reading.
      Module version bumps for systemd/journald patches from Nicolas Iooss.
      Update contrib.
      /dev/log symlinks are not labeled devlog_t.
      Module version bump for CIL fixes from Yuli Khodorkovskiy.
      Drop RHEL4 and RHEL5 support.
      Merge pull request #3 from bigon/arping
      Merge pull request #4 from fishilico/minor-typo
      Module version bump for Debian arping fc entries from Laurent Bigonville.
      Add comment for iw generic netlink socket usage
      Module version bump for /sbin/iw support from Nicolas Iooss.
      Merge pull request #5 from bigon/audit_read
      Update contrib.
      Module version bump for misc fixes from Sven Vermeulen.
      Update contrib.
      Module version bump for module store move from Steve Lawrence.
      Bump module versions for release.

Elia Pinto (1):
      Fix misspelling

Jason Zaman (2):
      File contexts for zram
      File Context for tumbler

Laurent Bigonville (14):
      Properly label git-shell and other git commands for Debian
      Label /usr/sbin/lightdm as xdm_exec_t
      Create new xattrfs attribute and fs_getattr_all_xattr_fs() interface
      Associate the new xattrfs attribute to fs_t and some pseudo-fs
      Use new fs_getattr_all_xattr_fs interface for setfiles_t and restorecond_t
      Add telepathy role for user_r and staff_r
      Properly label the manpages installed by postgresql
      Label /usr/local/share/ca-certificates(/.*)? as cert_t
      Allow the xdm_t domain to enter all the gkeyringd ones
      Label /etc/locale.alias as locale_t on Debian
      Allow hugetlbfs_t to be associated to /dev
      On Debian iputils-arping is installed in /usr/bin/arping
      Debian also ship a different arping implementation
      Add new audit_read access vector in capability2 class

Luis Ressel (13):
      Add two postgresql file contexts from gentoo policy
      Allow init to execute shutdown
      Allow xdm_t to transition to shutdown_t domain
      Some of the fsadm tools can also be in /usr/sbin instead of /sbin
      Label /usr/sbin/{add, del}part as fsadm_exec_t
      Grant ping_t getattr on rawip_socket
      kernel/corenetwork.te: Add all registered IRC ports
      system/mount.if: Add mount_rw_loopback_files interface
      system/fstools.if: Add fstools_use_fds interface
      Add neccessary permissions for losetup
      Only label administrative postgres commands as postgresql_exec_t
      Also apply the new postgres labeling scheme on Debian
      Grant mount permission to access /dev/fuse

Nicolas Iooss (31):
      Fix parallel build of the policy
      fc_sort: fix typos in comments
      fc_sort: initialize allocated memory to fix execution on an empty file
      fc_sort: make outfile argument optional
      userdomain: no longer allow unprivileged users to read kernel symbols
      Label syslog-ng.pid as syslogd_var_run_t
      filesystem: label cgroup symlinks
      Label /usr/lib/getconf as bin_t
      Label /usr/share/virtualbox/VBoxCreateUSBNode.sh as udev_helper_exec_t
      Make support/policyvers.py compatible with Python 3
      Make unconfined user run lvm programs in confined domain
      No longer use deprecated MLS interfaces
      Allow unconfined domains to use syslog capability
      Label /lib symlink as lib_t for every distro
      Label /usr/lib/networkmanager/ like /usr/lib/NetworkManager/
      Add ioctl and lock to manage_lnk_file_perms
      Label (/var)?/tmp/systemd-private-.../tmp like /tmp
      Fix typo in fs_getattr_all_fs description
      Label systemd files in init module
      Introduce init_search_run interface
      Label systemd-journald files and directories
      Support logging with /run/systemd/journal/dev-log
      Allow journald to read the kernel ring buffer and to use /dev/kmsg
      Allow journald to access to the state of all processes
      Remove redundant Gentoo-specific term_append_unallocated_ttys(syslogd_t)
      Fix minor typo in init.if
      Label /sbin/iw as ifconfig_exec_t
      Allow iw to create generic netlink sockets
      Use create_netlink_socket_perms when allowing netlink socket creation
      Update Python requirement in INSTALL
      Create tmp directory when compiling a .mod.fc file in a modular way

Steve Lawrence (1):
      Update policy for selinux userspace moving the policy store to
         /var/lib/selinux

Sven Vermeulen (24):
      Hide getattr denials upon sudo invocation
      Support /sys/devices/system/cpu/online
      The security_t file system can be at /sys/fs/selinux
      Dontaudit access on security_t file system at /sys/fs/selinux
      ifconfig can also be in /bin
      xserver_t needs to ender dirs labeled xdm_var_run_t
      Enable rcs2log location for all distributions
      Add dropbox_port_t support
      Support initrc_t generated pid files with file transition
      Deprecate init_daemon_run_dir interface
      Use init_daemon_pid_file instead of init_daemon_run_dir
      Introduce kernel_delete_unlabeled_symlinks
      Introduce kernel_delete_unlabeled_pipes
      Introduce kernel_delete_unlabeled_sockets
      Introduce kernel_delete_unlabeled_blk_files
      Introduce kernel_delete_unlabeled_chr_files
      Run grub(2)-mkconfig in bootloader domain
      Add auth_pid_filetrans_pam_var_run
      New sudo manages timestamp directory in /var/run/sudo
      xfce4-notifyd is an executable
      Mark f2fs as a SELinux capable file system
      Add in LightDM contexts
      Add gfisk and efibootmgr as fsadm_exec_t
      Add /var/lib/racoon as runtime directory for ipsec

Yuli Khodorkovskiy (1):
      Remove duplicate role declarations

cgarst (1):
      Updating submodule URL to github

* Tue Mar 11 2014 Chris PeBenito <selinux@tresys.com> - 2.20140311
Chris PeBenito (96):
      Update contrib to pull in minidlna.
      Remove general unlabeled packet usage.
      Update contrib.
      Use python libselinux bindings to determine policy version.
      Add MLS constraints for x_pointer and x_keyboard.
      Add label for parted.
      Fix support/policyvers.py not to error if building policy on a
         SELinux-disabled system.
      Module version bump for kerberos keytab changes for ssh from Dominick
         Grift.
      Module version bump for pstore filesystem support from Dominick Grift.
      Module version bump for redis port from Dominick Grift.
      Update contrib.
      Add comment for setfiles using /dev/console when it needs to be relabeled.
      Module version bump for xserver and selinuxutil updates from Dominick
         Grift.
      Module version bump for tmpfs associate to device_t from Dominick Grift.
      Module version bump for syslog reading overcommit_memory from Dominick
         Grift.
      Module version bump for ethtool reading pm-powersave.lock from Dominick
         Grift.
      Module version bump for sysadm fix for git role usage from Dominick Grift.
      Module version bump for lvm update from Dominick Grift.
      Module version bump for fc fix in authlogin from Dominick Grift.
      Module version bump for restricted x user template fix from Dominick
         Grift.
      Add comment for debian avahi-daemon-check-dns.sh usage by udev
      Module version bump for udev Debian fixes from Dominick Grift.
      Module version bump for selinuxfs location change from Dominick Grift.
      Update contrib.
      Module version bump for unconfined dbus fixes from Dominick Grift.
      Whitespace fix in terminal.te.
      Module version bump for virtio console from Dominick Grift.
      Module version bump for init interface and corecommand fc from Dominick
         Grift.
      Module version bump for ping capabilities from Sven Vermeulen.
      Module version bump for slim fc entries from Sven Vermeulen.
      Module version bump for xdm dbus access from Dominick Grift.
      Rearrange sysnet if blocks.
      Module version bump for debian ifstate changes from Dominick Grift.
      Module version bump for xserver console and fc fixes from Dominick Grift.
      Module version bump for gdomap port from Dominick Grift.
      Module version bumps for dhcpc leaked fds to hostname.
      Module version bump for ssh server caps for Debian from Dominick Grift.
      Move stray Debian rule in udev.
      Update contrib
      Module version bumps for Debian udev updates from Dominick Grift.
      Module version bump for mount updates from Dominick Grift.
      Silence symlink reading by setfiles since it doesn't follow symlinks
         anyway.
      Reorder dhcpc additions.
      Module version bump for dhcpc fixes from Dominick Grift.
      Add comments about new capabilities for syslogd_t.
      Module version bumps for syslog-ng and semodule updates.
      Update contrib.
      Module version bump for first batch of patches from Dominick Grift.
      Update contrib.
      Rearrage userdom_delete_user_tmpfs_files() interface.
      setrans: needs to be able to get attributes of selinuxfs, else fails to
         start in Debian
      Whitespace fix in fstools.
      Add comment in policy for lvm sysfs write.
      Module version bump for second lot of patches from Dominick Grift.
      Whitespace fix in usermanage.
      Whitespace fix in libraries.
      Module version bump for patches from Dominick Grift.
      Whitespace fix in init.te.
      init: init_script_domain() allow system_r role the init script domain type
      init: creates /run/utmp
      Module version bump for 4 init patches from Dominick Grift.
      Fix Debian compile issue.
      Module version bump for 2 patches from Dominick Grift.
      Module version bump for patch from Laurent Bigonville.
      Update contrib.
      Module version bump for patch from Laurent Bigonville.
      Module version bump for xserver change from Dominick Grift.
      Merge file_t into unlabeled_t, as they are security equivalent.
      Update modules for file_t merge into unlabeled_t.
      Make the QUIET build option apply to clean and bare targets.
      Module version bump for direct initrc fixes from Dominick Grift.
      Module version bump for module store labeling fixes from Laurent
         Bigonville.
      Remove ZFS symlink labeling.
      Fix ZFS fc escaping in mount.
      Rearrange ZFS fc entries.
      Module version bump for ZFS tools fc entries from Matthew Thode.
      Module version bump for unconfined transition to dpkg from Laurent
         Bigonville.
      Module version bump for logging fc patch from Laurent Bigonville.
      Update contrib.
      Module version bump for pid file directory from Russell Coker/Laurent
         Bigonville.
      Rename gpg_agent_connect to gpg_stream_connect_agent.
      Rearrange gpg agent calls.
      Module version bump for ssh use of gpg-agent from Luis Ressel.
      Module version bump for files_dontaudit_list_var() interface from Luis
         Ressel.
      Move bin_t fc from couchdb to corecommands.
      Update contrib.
      Module version bump for sesh fc from Nicolas Iooss.
      Move loop control interface definition.
      Rename mount_read_mount_loopback() to mount_read_loopback_file().
      Module version bump for loopback file mounting fixes from Luis Ressel.
      Fix read loopback file interface.
      Update contrib.
      Module version bump for bootloader fc fixes from Luis Ressel.
      Update contrib.
      Update contrib.
      Bump module versions for release.

Dominick Grift (58):
      The kerberos_keytab_template() template is deprecated: Breaks monolithic
         built (out-of-scope)
      Initial pstore support
      Support redis port tcp,6379
      These regular expressions were not matched
      Restorecon reads, and writes /dev/console before it is properly labeled
      filesystem: associate tmpfs_t (shm) to device_t (devtmpfs) file systems
      logging: syslog (rs:main Q:Reg) reading sysctl_vm files
         (overcommit_memory) in Debian
      sysnetwork: ethtool reads /run/pm-utils/locks/pm-powersave.lock
      sysadm: Doesnt work with direct_initrc = y
      lvm: lvm and udisks-lvm-pv-e read /run/udev/queue.bin
      authlogin: Sudo file context specification did not catch paths (squash me)
      userdomain: restricted xwindows user (squash me)
      udev: This is specific to debian i think. Some how the
         /usr/lib/avahi/avahi-daemon-check-dns\.sh ends up in the udev_t domain
      selinux: selinuxfs is now mounted under /sys/fs/selinux instead of
         /selinux, so we need to allow domains that use selinuxfs to interface
         with SELinux to traverse /sys/fs to be able to get to /sys/fs/selinux
      Unconfined domains have unconfined access to all of dbus rather than only
         system bus
      Initial virtio console device
      init: create init_use_inherited_script_ptys() for tmpreaper (Debian)
      corecmd: avahi-daemon executes /usr/lib/avahi/avahi-daemon-check-dns.sh
      xdm: is a system bus client and acquires service on the system bus xdm:
         dbus chat with accounts-daemon
      sysnetwork: Debian stores network interface configuration in /run/network
         (ifstate), That directory is created by the /etc/init.d/networking
         script.
      xserver: catch /run/gdm3
      xserver: associate xconsole_device_t (/dev/xconsole) to device_t
         (devtmpfs)
      corenetwork: Declare gdomap port, tcp/udp:538
      hostname: do not audit attempts by hostname to read and write dhcpc udp
         sockets (looks like a leaked fd)
      ssh: Debian sshd is configured to use capabilities
      udev-acl.ck lists /run/udev/tags/udev-acl udev blocks suspend, and
         compromises kernel
      udev: runs: /usr/lib/avahi/avahi-daemon-check-dns.sh which creates
         /run/avahi-daemon directory
      mount: sets kernel thread priority mount: mount reads
         /lib/modules/3.10-2-amd64/modules.dep mount: mount lists all mount
         points
      sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not
         audit attempts by ifconfig to read, and write dhcpc udp sockets (looks
         like a leaked fd)
      mount: fs_list_auto_mountpoint() is now redundant because autofs_t is
         covered by files_list_all_mountpoints()
      udev: this fc spec does not make sense, as there is no corresponding file
         type transition for it
      udev: the avahi dns check script run by udev in Debian chmods
         /run/avahi-daemon
      authlogin: unix_chkpwd traverses / on sysfs device on Debian
      setrans: mcstransd reads filesystems file in /proc
      udev: reads modules config: /etc/modprobe.d/alsa-base-blacklist.conf
      fstools: hdparm append (what seems inherited from devicekit )
         /var/log/pm-powersave.log fstools: hdparm reads
         /run/pm-utils/locks/pm-powersave.lock
      sysnetwork: dhcpc: networkmanager interface calls from Fedora. In Debian i
         was able to confirm the need for
         networkmanager_manage_lib_files(dhcpc_t) since dhclient reads
         /var/lib/NetworkManager/dhclient-eth0.conf
      sysbnetwork: dhclient searches /var/lib/ntp
      sshd/setrans: make respective init scripts create pid dirs with proper
         contexts
      kernel: cryptomgr_test (kernel_t) requests kernel to load
         cryptd(__driver-ecb-aes-aesni
      xserver: already allowed by auth_login_pgm_domain(xdm_t)
      unconfined: Do not domain transition to xserver_t (unconfined_t is
         xserver_unconfined)
      userdomain: add userdom_delete_user_tmpfs_files() for pulseaudio clients
      These { read write } tty_device_t chr files on boot up in Debian
      udev: udevd executable location changed
      lvm: lvm writes read_ahead_kb
      udev: in debian udevadm is located in /bin/udevadm
      usermanage: Run /etc/cron\.daily/cracklib-runtime in the crack_t domain in
         Debian
      iptables: calls to firewalld interfaces from Fedora. The
         firewalld_dontaudit_rw_tmp_files(iptables_t) was confirmed on Debian.
      libraries: for now i can only confirm mmap, might need to be changed to
         bin_t later if it turns out to need execute_no_trans
      users: calls pulseaudio_role() for restricted xwindows users and
         staff_t/user_t
      init: for a specified automatic role transition to work. the source role
         must be allowed to change manually to the target role
      init: this is a bug in debian where tmpfs is mounted on /run, and so early
         on in the boot process init creates /run/utmp and /run/initctl in a
         tmpfs directory (/) tmpfs
      init: exim init script runs various helper apps that create and manage
         /var/lib/exim4/config.autogenerated.tmp file
      init: the gdomap and minissdpd init scripts read the respective environ
         files in /etc/default. We need to give them a private type so that we
         can give the gdomap_admin() and minissdpd_admin() access to it, but it
         seems overengineering to create private environ types for these files
      xserver: These are no longer needed
      Change behavior of init_run_daemon()
      Apply direct_initrc to unconfined_r:unconfined_t

Laurent Bigonville (7):
      Label /bin/fusermount like /usr/bin/fusermount
      Allow udev to write in /etc/udev/rules.d
      Label /etc/selinux/([^/]*/)?modules(/.*)? as semanage_store_t
      Allow unconfined users to transition to dpkg_t domain
      Add fcontext for rsyslog pidfile
      Add fcontext for sshd pidfile and directory used for privsep
      Move the ifdef at the end of the declaration block

Luis Ressel (10):
      Conditionally allow ssh to use gpg-agent
      kernel/files.if: Add files_dontaudit_list_var interface
      kernel/devices.if: Add dev_rw_loop_control interface
      system/mount.if: Add mount_read_mount_loopback interface
      Allow mount_t usage of /dev/loop-control
      Grant kernel_t necessary permissions for loopback mounts
      Use xattr-labeling for squashfs.
      Label fatsort as fsadm_exec_t.
      Generalize grub2 pattern
      Label grub2-install as bootloader_exec_t

Matthew Thode (1):
      Extending support for SELinux on ZFS

Nicolas Iooss (2):
      Label /usr/lib/sudo/sesh as shell_exec_t
      Create .gitignore

Sven Vermeulen (7):
      Add trivnet1 port (8200)
      Get grub2-install to work properly
      Support named file transition for fixed_disk_device_t
      Allow ping to get/set capabilities
      Extend slim /var/run expression
      Allow semodule to create symlink in semanage_store_t
      Allow capabilities for syslog-ng

* Wed Apr 24 2013 Chris PeBenito <selinux@tresys.com> - 2.20130424
Chris PeBenito (78):
      Mcelog update from Guido Trentalancia.
      Add bird contrib module from Dominick Grift.
      Minor whitespace fix in udev.fc
      Module version bump for udev binary location update from Sven Vermeulen.
      clarify the file_contexts.subs_dist configuration file usage from Guido
         Trentalancia
      Update contrib.
      Remove trailing / from paths
      Module version bump for fc substitutions optimizations from Sven
         Vermeulen.
      Update contrib.
      Module version bump for /run/dhcpc directory creation by dhcp from Sven
         Vermeulen.
      Module version bump for fc fixes in devices module from Dominick Grift.
      Update contrib.
      Module version bump for /dev/mei type and label from Dominick Grift.
      Module version bump for init_daemon_run_dirs usage from Sven Vermeulen.
      Module version bump for lost+found labeling in /var/log from Guido
         Trentalancia.
      Module version bump for loop-control patch.
      Turn off all tunables by default, from Guido Trentalancia.
      Add /usr/lib to TEST_TOOLCHAIN LD_LIBRARY_PATH.
      Module version bump for various changes from Sven Vermeulen.
      Module version bump for ports update from Dominick Grift.
      Module version bump for Debian file context updates from Laurent
         Bigonville.
      Update contrib.
      Update contrib.
      split kmod fc into two lines.
      Module version bump for kmod fc from Laurent Bigonville.
      Module version bump for cfengine fc change from Dominick Grift.
      Module verision bump for Debian cert file fc update from Laurent
         Bigonville.
      Module version bump for ipsec net sysctls reading from Miroslav Grepl.
      Module version bump for srvloc port definition from Dominick Grift.
      Rename cachefiles_dev_t to cachefiles_device_t.
      Module version bump for cachefiles core support.
      Module version bump for changes from Dominick Grift and Sven Vermeulen.
      Module version bump for modutils patch from Dominick Grift.
      Module version bump for dhcp6 ports, from Russell Coker.
      Rearrange new xserver interfaces.
      Rename new xserver interfaces.
      Module version bump for xserver interfaces from Dominick Grift.
      Move kernel_stream_connect() declaration.
      Module version bump for kernel_stream_connect() from Dominick Grift.
      Rename logging_search_all_log_dirs to logging_search_all_logs
      Module version bump for minor logging and sysnet changes from Sven
         Vermeulen.
      Module version bump for dovecot libs from Mika Pflueger.
      Rearrange interfaces in files, clock, and udev.
      Module version bump for interfaces used by virt from Dominick Grift.
      Module version bump for arping setcap from Dominick Grift.
      Rearrange devices interfaces.
      Module version bump/contrib sync.
      Rearrange lines.
      Module version bump for user home content fixes from Dominick Grift.
      Rearrange files interfaces.
      Module version bump for Gentoo openrc fixes for /run from Sven Vermeulen.
      Update contrib.
      Whitespace fix in miscfiles.fc.
      Adjust man cache interface names.
      Module version bump for man cache from Dominick Grift.
      Module version bump for Debian ssh-keysign location from Laurent
         Bigonville.
      Module version bump for userdomain portion of XDG updates from Dominick
         Grift.
      Module version bump for iptables fc entry from Sven Vermeulen and inn log
         from Dominick Grift.
      Module version bump for logging and tcpdump fixes from Sven Vermeulen.
      Move mcs_constrained() impementation.
      Module version bump for mcs_constrained from Dominick Grift.
      Update contrib.
      Module version bump from Debian changes from Laurent Bigonville.
      Module version bump for zfs labeling from Matthew Thode.
      Module version bump for misc updates from Sven Vermeulen.
      Update contrib.
      Module version bump for fixes from Dominick Grift.
      Module version bump for Debian updates from Laurent Bigonville.
      Fix bug in userdom_delete_all_user_home_content_files() from Kohei KaiGai.
      Update contrib
      Fix fc_sort.c warning uncovered by recent gcc
      Module version bump for chfn fixes from Sven Vermeulen.
      Add swapoff fc entry.
      Add conntrack fc entry.
      Update contrib.
      Update contrib
      Archive old Changelog for log format change.
      Bump module versions for release.

Dominick Grift (40):
      There can be more than a single watchdog interface
      Fix a suspected typo
      Intel® Active Management Technology
      Declare a loop control device node type and label /dev/loop-control
         accordingly
      Declare port types for ports used by Fedora but use /etc/services for port
         names rather than using fedora port names. If /etc/services does not
         have a port name for a port used by Fedora, skip for now.
      Remove var_log_t file context spec
      svrloc port type declaration from slpd policy module
      Declare a cachfiles device node type
      Implement files_create_all_files_as() for cachefilesd
      Restricted Xwindows user domains run windows managers in the windows
         managers domain
      Declare a cslistener port type for phpfpm
      Changes to the sysnetwork policy module
      Changes to the userdomain policy module
      Changes to the bootloader policy module
      Changes to the modutils policy module
      Changes to the xserver policy module
      Changes to various policy modules
      Changes to the kernel policy module
      For svirt_lxc_domain
      For svirt_lxc_domain
      For svirt_lxc_domain
      For virtd lxc
      For virtd_lxc
      For virtd_lxc
      For virtd lxc
      For virtd lxc
      For virtd
      Arping needs setcap to cap_set_proc
      For virtd
      Changes to the user domain policy module
      Samhain_admin() now requires a role for the role_transition from $1 to
         initrc_t via samhain_initrc_exec_t
      Changes to the user domain policy module
      Label /var/cache/man with a private man cache type for mandb
      Create a attribute user_home_content_type and assign it to all types that
         are classified userdom_user_home_content()
      These two attribute are unused
      System logger creates innd log files with a named file transition
      Implement mcs_constrained_type
      Changes to the init policy module
      Changes to the userdomain policy module
      NSCD related changes in various policy modules

Guido Trentalancia (1):
      add lost+found filesystem labels to support NSA security guidelines

Laurent Bigonville (21):
      Add Debian locations for GDM 3
      Add Debian location for udisks helpers
      Add insmod_exec_t label for kmod executable
      Add Debian location for PKI files
      Add Debian location for ssh-keysign
      Properly label all the ssh host keys
      Allow udev_t domain to read files labeled as consolekit_var_run_t
      authlogin.if: Add auth_create_pam_console_data_dirs and
         auth_pid_filetrans_pam_var_console interfaces
      Label /etc/rc.d/init.d/x11-common as xdm_exec_t
      Drop /etc/rc.d/init.d/xfree86-common filecontext definition
      Label /var/run/shm as tmpfs_t for Debian
      Label /var/run/motd.dynamic as initrc_var_run_t
      Label /var/run/initctl as initctl_t
      udev.if: Call files_search_pid instead of files_search_var_lib in
         udev_manage_pid_files
      Label executables in /usr/lib/NetworkManager/ as bin_t
      Add support for rsyslog
      Label var_lock_t as a mountpoint
      Add mount_var_run_t type and allow mount_t domain to manage the files and
         directories
      Add initrc_t to use block_suspend capability
      Label executables under /usr/lib/gnome-settings-daemon/ as bin_t
      Label nut drivers that are installed in /lib/nut on Debian as bin_t

Matthew Thode (1):
      Implement zfs support

Mika Pflüger (2):
      Debian locations of gvfs and kde4 libexec binaries in /usr/lib
      Explicitly label dovecot libraries lib_t for debian

Miroslav Grepl (1):
      Allow ipsec to read kernel sysctl

Paul Moore (1):
      flask: add the attach_queue permission to the tun_socket object class

Russell Coker (1):
      Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for
         client control

Sven Vermeulen (27):
      New location for udevd binary
      Use substititions for /usr/local/lib and /etc/init.d
      DHCP client's hooks create /run/dhcpc directory
      Introduce init_daemon_run_dir transformation
      Use the init_daemon_run_dir interface for udev
      Allow initrc_t to create run dirs for core modules
      Puppet uses mount output for verification
      Allow syslogd to create /var/lib/syslog and
         /var/lib/misc/syslog-ng.persist
      Gentoo's openrc does not require initrc_exec_t for runscripts anymore
      Allow init scripts to read courier configuration
      Allow search within postgresql var directory for the stream connect
         interface
      Introduce logging_getattr_all_logs interface
      Introduce logging_search_all_log_dirs interface
      Support flushing routing cache
      Allow init to set attributes on device_t
      Introduce files_manage_all_pids interface
      Gentoo openrc migrates /var/run and /var/lock data to /run(/lock)
      Update files_manage_generic_locks with directory permissions
      Run ipset in iptables domain
      tcpdump chroots into /var/lib/tcpdump
      Remove generic log label for cron location
      Postgresql 9.2 connects to its unix stream socket
      lvscan creates the /run/lock/lvm directory if nonexisting (v2)
      Allow syslogger to manage cron log files (v2)
      Allow initrc_t to read stunnel configuration
      Introduce exec-check interfaces for passwd binaries and useradd binaries
      chfn_t reads in file context information and executes nscd