Update Changelog and VERSION for release 2.20210908.

Signed-off-by: Chris PeBenito <pebenito@ieee.org>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>

1 files changed, 147 insertions, 0 deletions

diff --git a/Changelog b/Changelog
index 50cd31fc1..fc2635ba2 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,150 @@
+* Wed Sep 08 2021 Chris PeBenito <pebenito@ieee.org> - 2.20210908
+Andreas Freimuth (2):
+      Prefer user_fonts_config_t over xdg_config_t
+      Set user_fonts_config_t for conf.d
+
+Chris PeBenito (76):
+      rpc: Move lines.
+      selinux: Add a secure_mode_setbool Boolean.
+      Remove additional unused modules
+      Rules.modular/Rules.monolithic: Fix intdented labeling statement moves.
+      selinux: Change generic Boolean type to boolean_t.
+      selinux: Set regular file for labeled Booleans genfscons.
+      selinux: Add dontaudits when secure mode Booleans are enabled.
+      kernel: Add dontaudits when secure_mode_insmod is enabled.
+      authlogin: Add tunable for allowing shadow access on non-PAM systems.
+      authlogin: Remove redundant rule in auth_domtrans_chk_passwd().
+      Create stale.yml
+      stale.yml: Fix labels with spaces.
+      authlogin: Deprecate auth_domtrans_chk_passwd().
+      init: Add support for systemd StandardInputText.
+      .gitignore: Ignore vscode data dir.
+      .gitignore: Remove duplicate lines.
+      Revert "systemd.if minor fix"
+      systemd: Drop second parameter in systemd_tmpfilesd_managed().
+      staff, sysadm, unprivuser: Move lines.
+      xserver: Move fc lines.
+      radvd: Whitespace fix.
+      virt: Move lines.
+      Bump module versions for release.
+
+Christian Göttsche (1):
+      Use correct interface or template declaration
+
+Dave Sugar (2):
+      systemd.if minor fix
+      Resolve when building monolithic on RHEL7
+
+Fabrice Fontaine (5):
+      policy/modules/services/minidlna.te: make xdg optional
+      policy/modules/services/ftp.te: make ssh optional
+      policy/modules/services/cvs.te: make inetd optional
+      policy/modules/services/ifplugd.te: make netutils optional
+      policy/modules/apps/wireshark.te: make xdg optional
+
+Jonathan Davies (13):
+      staff.te: Allow staff access to the virt stream, needed for when the
+         sockets are access remotely over SSH.
+      logging.if: Added interfaces for watching all and audit logs.
+      roles: Added log watching permissions to secadm and sysadm.
+      irc.te: Allow irc_t access to unix_dgram_socket sendto to allow clients to
+         connect to a SOCKS proxy.
+      screen.if: Added interface to allow executing sock file.
+      irc.te: Allowed client access to screen runtime sock file.
+      dmesg.te: Added files_read_etc_files() as some distros store terminfo
+         files in /etc/.
+      devices.fc: Added missing Xen character files.
+      sysadm.te: Allow sysadm_t to read/write Xen character devices so userspace
+         tooling works.
+      sysnetwork: dhcpc_t: Added corenet_sendrecv_icmp_packets()
+      radvd.te: Added corenet_sendrecv_icmp_packets().
+      dhcp.te: Added corenet_sendrecv_icmp_packets().
+      virt: Defined a virt_common_runtime_t type for the new common/system.token
+         file and added permissions to virtd_t and virtlogd_t.
+
+Kenton Groombridge (36):
+      dovecot, postfix: add missing accesses
+      various: systemd user fixes and additional support
+      systemd, fail2ban: allow fail2ban to watch journal
+      fail2ban: allow reading vm overcommit sysctl
+      usbguard: various fixes
+      redis: allow reading certs
+      rngd: allow reading sysfs
+      getty: various fixes
+      modutils: allow kmod to read src_t symlinks
+      devices, userdomain: dontaudit userdomain setattr on null device nodes
+      spamassassin: allow rspamd to read network sysctls
+      redis: allow reading net and vm overcommit sysctls
+      devices, userdomain: dontaudit userdomain setattr on null device nodes
+      files, init, systemd: various fixes
+      ssh: allow ssh_keygen_t to read localization
+      devicekit: allow devicekit_disk_t to setsched
+      udev: various fixes
+      init: modify interface to allow reading all pipes
+      iptables: allow reading initrc pipes
+      wireguard: allow running iptables
+      bootloader, filesystem: various fixes for grub
+      mount: allow getattr on dos filesystems
+      init, mount: allow systemd to watch utab
+      init, systemd: allow logind to watch utmp
+      logging: allow auditd to use nsswitch
+      logging: allow auditd to getattr on audisp-remote binary
+      systemd: allow systemd-resolved to manage its own sock files
+      systemd: add policy for systemd-sysctl
+      init, udev: various fixes for systemd
+      udev: allow systemd-vconsole-setup to sys_tty_config
+      various: several dontaudits
+      sysadm, systemd: various fixes
+      authlogin: add new type for pwd.lock and others
+      init: allow systemd to rw shadow lock files
+      filesystem, init: allow systemd to create pstore dirs
+      bootloader, devices: dontaudit grub writing on legacy efi variables
+
+Krzysztof Nowicki (15):
+      Fix interface naming convention (plural predicates)
+      Allow systemd to relabel startup-important directories
+      Allow execution of shell-scripted systemd generators
+      Also grant directory permissions in sysnet_manage_config
+      Allow use of systemd UNIX sockets created at initrd execution
+      Fix systemd-journal-flush service
+      Allow systemd-tmpfilesd populating of /var/lib/dbus
+      When using systemd_tmpfilesd_managed also grant directory permissions
+      Enable factory directory support in systemd-tmpfilesd
+      Allow systemd-tmpfilesd to relabel generic files inside /etc
+      Allow systemd-tmpfilesd to set attributes of /var/lock
+      Mark lvm_lock_t as systemd_tmpfilesd-managed
+      Allow systemd-tmpfilesd handle faillog directory
+      Fix setting-up sandbox environment for systemd-networkd
+      Allow systemd-tmpfilesd to access nsswitch information
+
+Markus Linnala (13):
+      policy: init: there is no enabled_mls, it is enable_mls
+      policy: files: files_spool_filetrans: doc: change param from file to
+         file_type
+      policy devices: dev_filetrans: doc: change param from file to file_type
+      policy gnome: gnome_dbus_chat_gconfd: doc: does not have 1st param of
+         role_prefix
+      policy chromium: chromium_tmp_filetrans: doc: add missing 2nd param
+         documentation
+      policy gpg: doc: add documents for all *filterans parameters
+      policy seunshare: seunshare_role: parameters usage partially mixed
+      policy kismet: kismer_role: parameter order mixed in kismet_run
+      policy: interfaces: doc: indent param blocks consistently
+      policy avahi: avahi_filetrans_pid: doc: add missing params
+      policy: xserver: xserver_dbus_chat: fix require
+      policy:ssh: ssh_server_template: fix require
+      policy: files: files_get_etc_unit_status/files_{start,stop}_etc_service:
+         fix require
+
+Russell Coker (1):
+      blkmapd
+
+Xiongwei Song (1):
+      Add ubifs to filesystem policy
+
+Yi Zhao (1):
+      roles: move dbus_role_template to userdom_common_user_template
+
 * Wed Feb 03 2021 Chris PeBenito <pebenito@ieee.org> - 2.20210203
 (GalaxyMaster) (1):
       added policy for systemd-socket-proxyd