-
Notifications
You must be signed in to change notification settings - Fork 17
/
CHANGELOG
151 lines (125 loc) · 5.1 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# SELint Changelog
## [1.5] 2024-01-09
### Changed
- Checks about requires now support userspace classperm requires
- Various CI improvements
- Clearer message for W-011
### Fixed
- Support quoted genfscon paths
- Compile with gcc 14
## [1.4.0] 2023-02-03
### Added (checks)
- W-013 for audit_access permissions in allow and auditallow rules
### Changed
- Warn if duplicate configuration files are detected in a policy
- selint-disable commands now work on tunable blocks
### Fixed
- Support ifn?def blocks in .if files
- Various bug fixes
## [1.3.0] 2022-09-17
### Added (checks)
- New check level: eXtra. Checks intended to be run on occasion for code
inspection, not regularly
- X-001 for unused interfaces
- X-002 for av rule exclusions
- C-008 for valid conditional identifiers
### Changed
- Improve ordering to be more permissive in line with user expectations
- Parser errors now display the full path to the unparsed file
### Fixed
- Various parser fixes
- Support anonymous inodes
- Handle selint-disable correctly with require blocks
- Avoid false positive W-002 warnings in the presence of S-004
- Various bug fixes
## [1.2.1] 2022-01-10
### Changed
- Checks referencing attributes now see attributes assigned to a type as part
of a type declaration
### Fixed
- Various parser fixes and enhancements
- Support IVv4 address embedding
## [1.2.0] 2021-01-18
### Added (general features)
- New ./configure option --enable-werror to compile treating errors as
warnings.
- Parse errors now display info about exactly where in the line the failure occurred
- spec file for building on rpm based distros
### Added (checks)
- C-006 for unordered declarations in require blocks
- C-007 for missing use of the self keyword
- E-009 for empty optional and require blocks
- E-010 for stray bare words
### Changed
- New C-001 ordering option refpolicy-light (see sample selint.conf for details)
- Extend S-009 to support multi-class av rules
- Improved error messages for various error cases
- selint-disable now allows a space before check ids
- You can now use multiple --context arguments
### Fixed
- Support object class specifications in role transitions
- Lots of cleanup and fixes for C-001 ordering checks
- Support extended permission class av rules (allowxperm etc)
- Internal cleanup and improvements
- Allow multiple roles in role allow statements
## [1.1.0] 2020-05-19
### Added (general features)
- -S flag to print a summary of issue found following an analysis
- --context flag to specify additional files to parse but not scan.
This is primarily helpful if you want to only scan your modified files
in a full source repository. (If you are planning on loading your local
modules into your already installed policy and have local development
headers in a standard location, selint should find them by default and you
don't need to use this option)
- -F flag to return an error code on issues found
- --summary-only flag to output a summary of issues found without displaying
the actual issues
- ./configure flag to disable unit testing. This can be used on systems with
older versions of libcheck.
- Colored output
### Added (checks)
- C-005 for permission ordering
- S-003 for unneeded semicolons
- S-004 for template calls from interfaces
- S-005 for declarations in an interface
- S-006 for the use of a bare module statement instead of policy_module() macro
- S-007 for the use of a gen_context() macro with no mls component specified
- S-008 for gen_require() macro calls with unquoted arguments
- S-009 for permission macros that don't match object class
- S-010 suggestiong usage of permission macros
- W-006 for interface call with empty arguments
- W-007 for unexpected spaces in interface arguments
- W-008 for permission lists with * or ~
- W-009 for module name not matching file name
- E-006 for declaration/interface name clash
- E-007 for usage of unknown permission macros
### Changed
- Turn C-001 off by default.
- Assume the presence of system_u user and object_r role if no config is loaded.
- SELint will no longer scan file_contexts file that are probably generated by the build system.
This behavior can be turned off by setting skip_checking_generated_fcs=false in the config
- W-001 and W-002 check additional types of rules
### Fixed
- Man page generation in distribution tarballs now works after make clean
- documentation cleanup
- Various parser fixes
- Clean up of check C-001
## [1.0.2] - 2020-01-30
### Fixed
- (Issue #11) Include CHANGELOG, LICENSE and testing input files in release tarballs
## [1.0.1] - 2020-01-28
### Added
- Warning for invalid check ids in config or on command line
- CI for github pushes
- Enabled many warnings in build system
- Changelog
### Fixed
- Check W-002 now handles multiple requires in the same interface correctly
- (Issue #2) Handle types prefixed with "-" correctly in checks
- Handle type aliases correctly in checks W-002 and W-003
- Fix double free in certain parse error corner cases
- Look at role transitions in relevant checks (C-001, W-002, W-003)
- Fix false positives on W-004 when a regex character is in square brackets
- General Code Cleanup
## [1.0.0] - 2020-01-15
Initial Release