Manoj Srivastava:

- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
author: Colin Watson <cjwatson@debian.org> 2005-06-17 12:44:30 +0000
committer: Colin Watson <cjwatson@debian.org> 2005-06-17 12:44:30 +0000
commit: 4c2d1c67cea075107aadaa6d81fe456687c69e67 (patch)
tree: 4f31813c8306491c908948bd75254912385ed651 /ChangeLog
parent: bed4bb0fe9380912ecb90e5f918bce8825ec0a38 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 15ce35ce7..e73b36e6d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,27 @@
+20050510
+ - (srivasta) [selinux.c] if selinux is enabled, then provide funtions to
+    initialize the pty and execution context for ssh.
+ - (srivasta) [selinux.h] if SELinux is defined, add function prototypes for
+    functions, or make them null ops.
+ - (srivasta) [sshpty.c] include selinuh.h
+   pty_setowner: set up the selinux pty correcty.
+ - (srivasta) [session.c] include selinuh.h
+   do_setusercontext: set up proper execution context for SELinux.
+ - (srivasta) [monitor_wrap.h] Add function prototype for new function to
+    inform the privileged process about role.
+ - (srivasta) [monitor_wrap.c]  (mm_inform_authrole) Inform the privileged
+    process about role.
+ - (srivasta) [monitor.h] Add a new monitor request type for auth roles.
+ - (srivasta) [monitor.c] (mm_answer_authrole) Add nre function to deal withe
+   the new authorization role, and add a new monitor request type.
+ - (srivasta) [contrib/redhat/sshd.init]  (PID_FILE)restore the proper security
+   file context of the generated public keys.
+ - (srivasta) [configure.ac]  (HAVE_HEADER_AD)Add an SELinux option
+ - (srivasta) [auth2.c]  (input_userauth_request)Handle the new role member
+ - (srivasta) [auth1.c]  (do_authentication)Handle the new role member
+ - (srivasta) [auth.h] Added a role member in struct Authctxt
+ - (srivasta) [Makefile.in (SSHDOBJS)] Add selinux.o
 20050524
 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
         [contrib/suse/openssh.spec] Update spec file versions to 4.1p1
author	Colin Watson <cjwatson@debian.org>	2005-06-17 12:44:30 +0000
committer	Colin Watson <cjwatson@debian.org>	2005-06-17 12:44:30 +0000
commit	4c2d1c67cea075107aadaa6d81fe456687c69e67 (patch)
tree	4f31813c8306491c908948bd75254912385ed651 /ChangeLog
parent	bed4bb0fe9380912ecb90e5f918bce8825ec0a38 (diff)

diff --git a/ChangeLog b/ChangeLog index 15ce35ce7..e73b36e6d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,27 @@
		1	20050510
		2	- (srivasta) [selinux.c] if selinux is enabled, then provide funtions to
		3	initialize the pty and execution context for ssh.
		4	- (srivasta) [selinux.h] if SELinux is defined, add function prototypes for
		5	functions, or make them null ops.
		6	- (srivasta) [sshpty.c] include selinuh.h
		7	pty_setowner: set up the selinux pty correcty.
		8	- (srivasta) [session.c] include selinuh.h
		9	do_setusercontext: set up proper execution context for SELinux.
		10	- (srivasta) [monitor_wrap.h] Add function prototype for new function to
		11	inform the privileged process about role.
		12	- (srivasta) [monitor_wrap.c] (mm_inform_authrole) Inform the privileged
		13	process about role.
		14	- (srivasta) [monitor.h] Add a new monitor request type for auth roles.
		15	- (srivasta) [monitor.c] (mm_answer_authrole) Add nre function to deal withe
		16	the new authorization role, and add a new monitor request type.
		17	- (srivasta) [contrib/redhat/sshd.init] (PID_FILE)restore the proper security
		18	file context of the generated public keys.
		19	- (srivasta) [configure.ac] (HAVE_HEADER_AD)Add an SELinux option
		20	- (srivasta) [auth2.c] (input_userauth_request)Handle the new role member
		21	- (srivasta) [auth1.c] (do_authentication)Handle the new role member
		22	- (srivasta) [auth.h] Added a role member in struct Authctxt
		23	- (srivasta) [Makefile.in (SSHDOBJS)] Add selinux.o
		24
1	20050524	25	20050524
2	- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]	26	- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3	[contrib/suse/openssh.spec] Update spec file versions to 4.1p1	27	[contrib/suse/openssh.spec] Update spec file versions to 4.1p1