| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: checkpolicy | Distribution: SUSE Linux 16 |
| Version: 3.8 | Vendor: SUSE LLC <https://www.suse.com/> |
| Release: 160000.1.1 | Build date: Tue Feb 4 08:22:41 2025 |
| Group: Productivity/Security | Build host: reproducible |
| Size: 2109590 | Source RPM: checkpolicy-3.8-160000.1.1.src.rpm |
| Packager: https://www.suse.com/ | |
| Url: https://github.com/SELinuxProject/selinux | |
| Summary: SELinux policy compiler | |
checkpolicy is the SELinux policy compiler. It uses libsepol to generate the binary policy. (Security-enhanced Linux is a feature of the kernel and some utilities that implement mandatory access control policies, such as Type Enforcement, Role-based Access Control and Multi-Level Security.)
GPL-2.0-or-later
* Tue Feb 04 2025 rfrohl@suse.com
- Update to version 3.8
https://github.com/SELinuxProject/selinux/releases/tag/3.8
* Code improvements and bug fixes
- For a more in depth list of changes see
https://github.com/SELinuxProject/selinux/releases/download/3.8/shortlog-3.8.txt
- keyring: Update Petr Lautrbach <lautrbach@redhat.com>
* removed 0xBC3905F235179CF1 (expired: 2024-10-25)
* added 0xFB4C685B5DC1C13E (expires: 2026-11-04)
* Mon Jul 01 2024 cathy.hu@suse.com
- Update to version 3.7
https://github.com/SELinuxProject/selinux/releases/tag/3.7
* User-visible changes:
* checkpolicy: support CIDR notation for nodecon statements
* checkpolicy: provide more descriptive error messages and improve error handling
* Bugfixes:
* checkpolicy: handle unprintable token
* checkpolicy: avoid assigning garbage values
* checkpolicy: free temporary bounds type
* checkpolicy: perform contiguous check in host byte order
* checkpolicy: include <ctype.h> for isprint(3)
* oss-fuzz fixes:
* checkpolicy: add libfuzz based fuzzer
* checkpolicy: free complete role_allow_rule on error
* checkpolicy: free identifiers on invalid typebounds
* checkpolicy: return YYerror on invalid character
* checkpolicy: clone level only once
* Tue Dec 19 2023 cathy.hu@suse.com
- Update to version 3.6
https://github.com/SELinuxProject/selinux/releases/tag/3.6
* checkpolicy: Add the command line argument -N, --disable-neverallow
* dispol: add option to display users, drop duplicate option to display booleans,
show number of entries before listing them
* dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
* dispol: add options: --actions ACTIONS, --help
* dismod: add options: --actions ACTIONS, --help
* Add notself support for neverallow rules
* Improve man pages
* man pages: Remove the Russian translations
* Add notself and other support to CIL
* Add support for deny rules
* Translations updated from
https://translate.fedoraproject.org/projects/selinux/
* Bug fixes
- Remove keys from keyring since they expired:
- E853C1848B0185CF42864DF363A8AD4B982C4373
Petr Lautrbach <plautrba@redhat.com>
- 63191CE94183098689CAB8DB7EF137EC935B0EAF
Jason Zaman <jasonzaman@gmail.com>
- Add key to keyring:
- B8682847764DF60DF52D992CBC3905F235179CF1
Petr Lautrbach <lautrbach@redhat.com>
* Fri Feb 24 2023 jsegitz@suse.com
- Update to version 3.5
* error out if required permission would exceed limit
* Improve error message for type bounds
- Added additional developer key (Jason Zaman)
* Mon May 09 2022 jsegitz@suse.com
- Update to version 3.4
* warn on bogus IP address or netmask in nodecon statement
* allow wildcard permissions in constraints
* mention class name on invalid permission
* Thu Nov 11 2021 jsegitz@suse.com
- Update to version 3.3
* When reading a binary policy by checkpolicy, do not automatically change the version
to the max policy version supported by libsepol or, if specified, the value given
using the "-c" flag.
* Updated documentation
* Prints the reason why opening a source policy file failed
* Tue Mar 09 2021 jsegitz@suse.com
- Update to version 3.2
* Fix a memleak and an integer overflow
* Tue Jul 14 2020 jsegitz@suse.com
- Update to version 3.1
* checkpolicy treats invalid characters as an error - might break rare use
cases (intentionally)
* Drop extern_te_assert_t.patch, is upstream
* Tue Mar 03 2020 jsegitz@suse.de
- Update to version 3.0
* add flag to enable policy optimization
* allow to write policy to stdout
* remove a redundant if-condition
* Wed Jan 15 2020 jsegitz@suse.de
- Add extern_te_assert_t.patch to mark te_assert_t as extern.
Prevents build failures on gcc10 (bsc#1160259)
* Wed Mar 20 2019 jsegitz@suse.com
- Update to version 2.9
* Add option to sort contexts when creating a binary policy
* Update manpage
* check the result value of hashtable_search
* destroy the class datum if it fails to initialize
* remove extraneous policy build noise
* Sun Nov 11 2018 jengelh@inai.de
- Enable parallel build. Remove ineffective LDFLAGS="$RPM_LD_FLAGS"
(RPM_LD_FLAGS is always empty).
* Wed Nov 07 2018 jsegitz@suse.com
- Source URL was invalid (bsc#1115052)
* Wed Oct 17 2018 jsegitz@suse.com
- Update to version 2.8 (bsc#1111732).
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
- Dropped checkpolicy-build.patch, not necessary anymore
- Removed BuildRequires for byacc. It builds without and this blocks
building on SLE 15
* Mon Jun 11 2018 jsegitz@suse.com
- checkpolicy-build.patch was added in the former change to fix build
failures
* Wed May 16 2018 mcepl@suse.com
- Rebase to 2.7.
For changes please see
https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
* Fri Nov 24 2017 jsegitz@suse.com
- Update to version 2.6. Notable changes:
* Add types associated to a role in the current scope when parsing
* Extend checkpolicy pathname matching
* Set flex as default lexer
* Fix checkmodule output message
* Fail if module name different than output base filename
* Add support for portcon dccp protocol
* Thu Jun 29 2017 mpluskal@suse.com
- Use plain flex
* Thu Jul 21 2016 jengelh@inai.de
- Trim/update description
* Thu Jul 14 2016 jsegitz@novell.com
- Without bug number no submit to SLE 12 SP2 is possible, so to make
sle-changelog-checker happy: bsc#988977
* Fri Jul 08 2016 i@marguerite.su
- update version 2.5
* Add neverallow support for ioctl extended permissions
* fix double free on name-based type transitions
* switch operations to extended perms
* policy_define.c: fix compiler warnings
* Remove uses of -Wno-return-type
* Fix -Wreturn-type issues
* dispol: display operations as ranges
* dispol: Extend to display operations
* Add support for ioctl command whitelisting
* Add option to write CIL policy
* Add device tree ocontext nodes to Xen policy
* Widen Xen IOMEM context entries
* Expand allowed character set in paths
* Fix precedence between number and filesystem tokens
* dispol/dismod fgets function warnings fix
- changes in 2.4
* Fix bugs found by hardened gcc flags
* Add missing semicolon in cond_else parser rule
* Clear errno before call to strtol(3)
* Global C++11 compatibility
* Allow libsepol C++ static library on device
* Sun May 18 2014 crrodriguez@opensuse.org
- version 2.3
* Report source file and line information for neverallow failures.
* Prevent incompatible option combinations for checkmodule.
* Drop -lselinux from LDLIBS for test programs; not used.
* Add debug feature to display constraints/validatetrans from Richard Haines.
* Thu Oct 31 2013 p.drouand@gmail.com
- Update to version 2.2
* Fix hyphen usage in man pages
* handle-unknown / -U required argument fix
* Support overriding Makefile PATH and LIBDIR
* Support space and : in filenames
- Remove checkpolicy-rhat.patch; fixed on upstream
* Thu Jun 27 2013 vcizek@suse.com
- change the source url to the official 2.1.12 release tarball
* Fri Mar 29 2013 vcizek@suse.com
- update to 2.1.12
* Fix errors found by coverity
* implement default type policy syntax
* Free allocated memory when clean up / exit.
- changes in checkpolicy-rhat.patch:
* original hunk was merged upstream
* space should be allowed for file trans names
* Wed Jan 30 2013 vcizek@suse.com
- update to 2.1.11
* fd leak reading policy
* check return code on ebitmap_set_bit
* sepolgen: We need to support files that have a + in them
* implement new default labeling behaviors for usr, role, range
* Wed Jul 25 2012 meissner@suse.com
- updated to 2.1.8
- various fixes
* Sat Sep 17 2011 jengelh@medozas.de
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
* Thu Feb 25 2010 prusnak@suse.cz
- updated to 2.0.21
* Add support for building Xen policies from Paul Nuzzi.
* Add long options to checkpolicy and checkmodule by Guido
Trentalancia <guido@trentalancia.com>
* Tue Jun 23 2009 prusnak@suse.cz
- require libsepol-devel-static
* Wed May 27 2009 prusnak@suse.cz
- updated to 2.0.19
* fix alias field in module format, caused by boundary format change
from Caleb Case
* properly escape regex symbols in the lexer from Stephen Smalley
* add bounds support from KaiGai Kohei
* Mon Oct 20 2008 prusnak@suse.cz
- use flex-old for building (using flex does not build refpolicy)
* Tue Jul 15 2008 prusnak@suse.cz
- initial version 2.0.16
* based on Fedora package by Dan Walsh <dwalsh@redhat.com>
/usr/bin/checkmodule /usr/bin/checkpolicy /usr/bin/sedismod /usr/bin/sedispol /usr/share/man/man8/checkmodule.8.gz /usr/share/man/man8/checkpolicy.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 9 19:36:09 2025