* [ANN] SELinux userspace release
@ 2013-10-30 18:08 Stephen Smalley
2013-10-30 18:33 ` Stephen Smalley
0 siblings, 1 reply; 21+ messages in thread
From: Stephen Smalley @ 2013-10-30 18:08 UTC (permalink / raw)
To: SELinux-NSA
A new release of the SELinux userspace has been posted to:
http://userspace.selinuxproject.org/trac/wiki/Releases
For git users, a new tag has been pushed for this release, 20131013.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [ANN] SELinux userspace release
2013-10-30 18:08 [ANN] SELinux userspace release Stephen Smalley
@ 2013-10-30 18:33 ` Stephen Smalley
0 siblings, 0 replies; 21+ messages in thread
From: Stephen Smalley @ 2013-10-30 18:33 UTC (permalink / raw)
To: SELinux
On 10/30/2013 02:08 PM, Stephen Smalley wrote:
> A new release of the SELinux userspace has been posted to:
> http://userspace.selinuxproject.org/trac/wiki/Releases
>
> For git users, a new tag has been pushed for this release, 20131013.
Sorry, that should be 20131030.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [ANN] SELinux userspace release
2014-05-10 12:03 ` Sven Vermeulen
@ 2014-05-12 17:10 ` Daniel J Walsh
0 siblings, 0 replies; 21+ messages in thread
From: Daniel J Walsh @ 2014-05-12 17:10 UTC (permalink / raw)
To: Sven Vermeulen, Stephen Smalley; +Cc: SELinux-NSA
On 05/10/2014 08:03 AM, Sven Vermeulen wrote:
> On Tue, May 06, 2014 at 01:57:48PM -0400, Stephen Smalley wrote:
>> A new release of the SELinux userspace has been posted to:
>> http://userspace.selinuxproject.org/trac/wiki/Releases
>>
>> For git users, a new tag has been pushed for this release, 20140506
> Thanks; I've provided it for Gentoo users already.
>
> Yesterday I got notified about a vulnerability in libcap-ng & seunshare:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3215
>
> I found quite a lot of chatter on RedHat's bugzilla and several potential
> solutions; can we expect that the "proper" solution will be pushed to
> policycoreutils soon as well?
>
> The seunshare.c file hasn't been touched in a while so I assume it isn't in
> yet.
>
> Wkr,
> Sven Vermeulen
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
I will send the patches for seunshare, although the fix was actually in
libcap-ng, which caused seunshare to break.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [ANN] SELinux userspace release
2014-05-06 17:57 Stephen Smalley
@ 2014-05-10 12:03 ` Sven Vermeulen
2014-05-12 17:10 ` Daniel J Walsh
0 siblings, 1 reply; 21+ messages in thread
From: Sven Vermeulen @ 2014-05-10 12:03 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux-NSA
On Tue, May 06, 2014 at 01:57:48PM -0400, Stephen Smalley wrote:
> A new release of the SELinux userspace has been posted to:
> http://userspace.selinuxproject.org/trac/wiki/Releases
>
> For git users, a new tag has been pushed for this release, 20140506
Thanks; I've provided it for Gentoo users already.
Yesterday I got notified about a vulnerability in libcap-ng & seunshare:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3215
I found quite a lot of chatter on RedHat's bugzilla and several potential
solutions; can we expect that the "proper" solution will be pushed to
policycoreutils soon as well?
The seunshare.c file hasn't been touched in a while so I assume it isn't in
yet.
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN] SELinux userspace release
@ 2014-05-06 17:57 Stephen Smalley
2014-05-10 12:03 ` Sven Vermeulen
0 siblings, 1 reply; 21+ messages in thread
From: Stephen Smalley @ 2014-05-06 17:57 UTC (permalink / raw)
To: SELinux-NSA
A new release of the SELinux userspace has been posted to:
http://userspace.selinuxproject.org/trac/wiki/Releases
For git users, a new tag has been pushed for this release, 20140506
sepolgen did not change in this release.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [Ann] SELinux userspace release
2013-04-26 6:36 ` Sven Vermeulen
@ 2013-04-27 7:46 ` Sven Vermeulen
0 siblings, 0 replies; 21+ messages in thread
From: Sven Vermeulen @ 2013-04-27 7:46 UTC (permalink / raw)
To: Joshua Brindle; +Cc: SELinux
On Fri, Apr 26, 2013 at 08:36:05AM +0200, Sven Vermeulen wrote:
> > semanage permissive builds a module to make a permissive domain. On
> > Fedora there is an out-of-tree policy build environment in
> > /usr/share/selinux. Without this environment it can't build a module.
> > Does Gentoo have it in a different place or just not at all?
>
> In the previous release it worked so I probably need to find where the
> location is coded and have that point to
> /usr/share/selinux/$SELINUXTYPE/include/Makefile or so. That is the
> Makefile used to build (refpolicy-style) policy modules here.
I've been able to get this to work by creating a /etc/selinux/sepolgen.conf
file that contains the following:
SELINUX_DEVEL_PATH=/usr/share/selinux/strict/include
> > > https://bugs.gentoo.org/show_bug.cgi?id=467268
> > >
> > > - policycoreutils' sepolicy command requires yum python bindings
> > >
> > > Since yum is not available on Gentoo, is this really necessary?
> > >
> >
> > Unfortunate. I'd exclude it for now and hopefully we can work out
> > making it more distro independent.
>
> Certainly. I'll see if I can draft up something when I get more familiar
> with the required functionalities.
Well, I removed the yum dependency and the __extract_rpms method (+ the
call towards it). But trying to use sepolicy still gives me stacktraces that
I am having difficulties with to debug:
~$ sepolicy communicate -s portage_t
Traceback (most recent call last):
File "/usr/bin/sepolicy-2.7", line 464, in <module>
args = parser.parse_args()
File "/usr/lib64/python2.7/argparse.py", line 1688, in parse_args
args, argv = self.parse_known_args(args, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1720, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1908, in _parse_known_args
positionals_end_index = consume_positionals(start_index)
File "/usr/lib64/python2.7/argparse.py", line 1885, in consume_positionals
take_action(action, args)
File "/usr/lib64/python2.7/argparse.py", line 1794, in take_action
action(self, namespace, argument_values, option_string)
File "/usr/lib64/python2.7/argparse.py", line 1090, in __call__
namespace, arg_strings = parser.parse_known_args(arg_strings, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1720, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1926, in _parse_known_args
start_index = consume_optional(start_index)
File "/usr/lib64/python2.7/argparse.py", line 1866, in consume_optional
take_action(action, args, option_string)
File "/usr/lib64/python2.7/argparse.py", line 1794, in take_action
action(self, namespace, argument_values, option_string)
File "/usr/bin/sepolicy-2.7", line 63, in __call__
from sepolicy.network import domains
File "/usr/lib64/python2.7/site-packages/sepolicy/network.py", line 44, in <module>
portrecs, portrecsbynum = _gen_port_dict()
File "/usr/lib64/python2.7/site-packages/sepolicy/network.py", line 31, in _gen_port_dict
for i in info(sepolicy.PORT):
File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 182, in info
dict_list = _policy.info(setype, name)
RuntimeError: No such file or directory
Any idea what this could be about?
Wkr,
Sven Vermeulen
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [Ann] SELinux userspace release
2013-04-25 23:15 ` Joshua Brindle
@ 2013-04-26 6:36 ` Sven Vermeulen
2013-04-27 7:46 ` Sven Vermeulen
0 siblings, 1 reply; 21+ messages in thread
From: Sven Vermeulen @ 2013-04-26 6:36 UTC (permalink / raw)
To: Joshua Brindle, SELinux
[-- Attachment #1: Type: text/plain, Size: 1430 bytes --]
On Apr 26, 2013 1:15 AM, "Joshua Brindle" <brindle@quarksecurity.com> wrote:
>
> On Thu, Apr 25, 2013 at 4:01 PM, Sven Vermeulen
> <sven.vermeulen@siphos.be> wrote:
> > https://bugs.gentoo.org/show_bug.cgi?id=467264
> >
> > - using semanage permissive fails with stacktrace referring to a
Makefile on
> > a non-existing location (/usr/share/selinux/default/Makefile)
> >
> > I have yet to find the culprit of this (getting late so that'll be for
> > tomorrow evening).
> >
>
> semanage permissive builds a module to make a permissive domain. On
> Fedora there is an out-of-tree policy build environment in
> /usr/share/selinux. Without this environment it can't build a module.
> Does Gentoo have it in a different place or just not at all?
In the previous release it worked so I probably need to find where the
location is coded and have that point to
/usr/share/selinux/$SELINUXTYPE/include/Makefile or so. That is the
Makefile used to build (refpolicy-style) policy modules here.
> >
> > https://bugs.gentoo.org/show_bug.cgi?id=467268
> >
> > - policycoreutils' sepolicy command requires yum python bindings
> >
> > Since yum is not available on Gentoo, is this really necessary?
> >
>
> Unfortunate. I'd exclude it for now and hopefully we can work out
> making it more distro independent.
Certainly. I'll see if I can draft up something when I get more familiar
with the required functionalities.
Wkr,
Sven Vermeulen
[-- Attachment #2: Type: text/html, Size: 2034 bytes --]
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [Ann] SELinux userspace release
2013-04-25 20:01 ` Sven Vermeulen
@ 2013-04-25 23:15 ` Joshua Brindle
2013-04-26 6:36 ` Sven Vermeulen
0 siblings, 1 reply; 21+ messages in thread
From: Joshua Brindle @ 2013-04-25 23:15 UTC (permalink / raw)
To: Sven Vermeulen; +Cc: SELinux
On Thu, Apr 25, 2013 at 4:01 PM, Sven Vermeulen
<sven.vermeulen@siphos.be> wrote:
> On Tue, Apr 23, 2013 at 10:34:52AM -0400, Joshua Brindle wrote:
>> A new release of the SELinux userspace has been posted to:
>> http://userspace.selinuxproject.org/trac/wiki/Releases
>>
>> Most of the changes were bug fixes related to leaking file descriptors and
>> memory errors reported by Coverity. The full Changelog is in each package.
>
> I had a few issues while getting this release in Gentoo.
>
I suppose this is what I get for testing on Fedora with everything
already installed...
>
> https://bugs.gentoo.org/show_bug.cgi?id=467258
>
> - libselinux does not provide selinux_current_policy_path() but this method is
> used in policycoreutils in a number of locations.
>
> I had to take the definition from this method from
> http://svnweb.mageia.org/packages/cauldron/libselinux/current/SOURCES/libselinux-rhat.patch?revision=400400&view=co&pathrev=400400
> (only included the definition in Gentoo for now). Seems that this is a
> much-needed function (otherwise tools like semanage just break).
>
>
> https://bugs.gentoo.org/show_bug.cgi?id=467264
>
> - using semanage permissive fails with stacktrace referring to a Makefile on
> a non-existing location (/usr/share/selinux/default/Makefile)
>
> I have yet to find the culprit of this (getting late so that'll be for
> tomorrow evening).
>
semanage permissive builds a module to make a permissive domain. On
Fedora there is an out-of-tree policy build environment in
/usr/share/selinux. Without this environment it can't build a module.
Does Gentoo have it in a different place or just not at all?
>
> https://bugs.gentoo.org/show_bug.cgi?id=467268
>
> - policycoreutils' sepolicy command requires yum python bindings
>
> Since yum is not available on Gentoo, is this really necessary?
>
Unfortunate. I'd exclude it for now and hopefully we can work out
making it more distro independent.
> Wkr,
> Sven Vermeulen
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [Ann] SELinux userspace release
2013-04-23 14:34 [Ann] " Joshua Brindle
@ 2013-04-25 20:01 ` Sven Vermeulen
2013-04-25 23:15 ` Joshua Brindle
0 siblings, 1 reply; 21+ messages in thread
From: Sven Vermeulen @ 2013-04-25 20:01 UTC (permalink / raw)
To: Joshua Brindle; +Cc: SELinux
On Tue, Apr 23, 2013 at 10:34:52AM -0400, Joshua Brindle wrote:
> A new release of the SELinux userspace has been posted to:
> http://userspace.selinuxproject.org/trac/wiki/Releases
>
> Most of the changes were bug fixes related to leaking file descriptors and
> memory errors reported by Coverity. The full Changelog is in each package.
I had a few issues while getting this release in Gentoo.
https://bugs.gentoo.org/show_bug.cgi?id=467258
- libselinux does not provide selinux_current_policy_path() but this method is
used in policycoreutils in a number of locations.
I had to take the definition from this method from
http://svnweb.mageia.org/packages/cauldron/libselinux/current/SOURCES/libselinux-rhat.patch?revision=400400&view=co&pathrev=400400
(only included the definition in Gentoo for now). Seems that this is a
much-needed function (otherwise tools like semanage just break).
https://bugs.gentoo.org/show_bug.cgi?id=467264
- using semanage permissive fails with stacktrace referring to a Makefile on
a non-existing location (/usr/share/selinux/default/Makefile)
I have yet to find the culprit of this (getting late so that'll be for
tomorrow evening).
https://bugs.gentoo.org/show_bug.cgi?id=467268
- policycoreutils' sepolicy command requires yum python bindings
Since yum is not available on Gentoo, is this really necessary?
Wkr,
Sven Vermeulen
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [Ann] SELinux userspace release
@ 2013-04-23 14:34 Joshua Brindle
2013-04-25 20:01 ` Sven Vermeulen
0 siblings, 1 reply; 21+ messages in thread
From: Joshua Brindle @ 2013-04-23 14:34 UTC (permalink / raw)
To: SELinux
A new release of the SELinux userspace has been posted to:
http://userspace.selinuxproject.org/trac/wiki/Releases
Most of the changes were bug fixes related to leaking file descriptors and
memory errors reported by Coverity. The full Changelog is in each package.
For git users, a new tag has been pushed for this release, 20130423.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN] SELinux userspace release
@ 2012-09-24 23:52 Joshua Brindle
0 siblings, 0 replies; 21+ messages in thread
From: Joshua Brindle @ 2012-09-24 23:52 UTC (permalink / raw)
To: SELinux
A new release of the SELinux userspace is available at
<http://userspace.selinuxproject.org/trac/wiki/Releases>.
Changes since the last release include:
Android/MacOS X build support
Boolean name substitution
PCRE for file_context labeling
Fix neverallow checking on attributes
Add always_check_network policy capability
Translations from the Fedora community
Various sandbox enhancements
Various bug fixes
Various man page updates
For git users this release has been tagged 20120924 in the repository on
userspace.selinuxproject.org.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN} SELinux Userspace Release
@ 2012-02-17 3:37 Joshua Brindle
0 siblings, 0 replies; 21+ messages in thread
From: Joshua Brindle @ 2012-02-17 3:37 UTC (permalink / raw)
To: SELinux
A new release of the SELinux userspace is available at
<http://userspace.selinuxproject.org/trac/wiki/Releases>.
Changes since the last release include:
- Various enhancements to dispol/dismod
- Many man page cleanups and updates
- Support for python3 in bindings
- Many makefile cleanups
- Support for tunables separate from booleans
- Various bug fixes
- Sandbox cgroup support
- Various Sandbox enhancements
- File context equivalence
- Various semanage enhancements and bug fixes
- Add semodule_unpackage
For git users this release has been tagged 20120216 in the repository on
userspace.selinuxproject.org.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN] SELinux Userspace release
@ 2010-12-21 20:39 Chad Sellers
0 siblings, 0 replies; 21+ messages in thread
From: Chad Sellers @ 2010-12-21 20:39 UTC (permalink / raw)
To: SELinux
The SELinux userspace project has updated a release. As usual you can find
it at http://userspace.selinuxproject.org/trac/wiki/Releases.
New features in this release include:
* Support for on-the-fly sandboxing of applications, including X
applications
* Support for MLS/MCS translations
* Improved robustness in multithreaded processes
* Support for building under GCC 4.6
* Simplification of login context computation logic
* newrole support for libcap-ng
* Improved robustness in label computation
For git users this release has been tagged 20101221 in the repository on
userspace.selinuxproject.org.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN] SELinux Userspace release
@ 2010-05-25 21:11 Chad Sellers
0 siblings, 0 replies; 21+ messages in thread
From: Chad Sellers @ 2010-05-25 21:11 UTC (permalink / raw)
To: SE Linux
The SELinux userspace project has updated a release. As usual you can find
it at http://userspace.selinuxproject.org/trac/wiki/Releases.
New features in this release include:
semodule enable/disable support
audit2allow support for generating dontaudit rules
Improved support across distributions
Improved man pages and help output
Improved handling of auditing in userspace object managers when
dontaudit/auditallow rules are involved
Support for running genhomedircon without examining /etc/passwd
For git users this release has been tagged 20100525 in the repository on
userspace.selinuxproject.org.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN] SELinux Userspace release
@ 2009-11-30 18:03 Chad Sellers
0 siblings, 0 replies; 21+ messages in thread
From: Chad Sellers @ 2009-11-30 18:03 UTC (permalink / raw)
To: SE Linux; +Cc: Stephen Smalley, Joshua Brindle
The SELinux userspace project has updated a release. As usual you can find
it at http://userspace.selinuxproject.org/trac/wiki/Releases.
New features in this release include:
Configurable bzip behavior in libsemanage
semanage dontaudit support
Proper semodule upgrade support
setfiles support for labeling when SELinux is not enabled
Support for multiple target OSes
For git users this release has been tagged 20091123 in the repository on
userspace.selinuxproject.org.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN] SELinux Userspace release
@ 2009-07-31 14:18 Joshua Brindle
0 siblings, 0 replies; 21+ messages in thread
From: Joshua Brindle @ 2009-07-31 14:18 UTC (permalink / raw)
To: SE Linux, Stephen Smalley, Chad Sellers
The SELinux userspace project has updated a release. As usual you can find it at
http://userspace.selinuxproject.org/trac/wiki/Releases.
New features in this release include:
Label substitution
Virtual machine labeling
Per-service seuser support
Persistent dontaudit flag
Btrfs labeling support
For git users this release has been tagged 20090731 in the repository on
userspace.selinuxproject.org.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [ANN] SELinux userspace release
2009-04-07 13:13 ` KaiGai Kohei
@ 2009-04-08 2:57 ` Eamon Walsh
0 siblings, 0 replies; 21+ messages in thread
From: Eamon Walsh @ 2009-04-08 2:57 UTC (permalink / raw)
To: KaiGai Kohei; +Cc: Joshua Brindle, SE Linux
KaiGai Kohei wrote:
> Joshua Brindle wrote:
>
>> KaiGai Kohei wrote:
>>
>>> Joshua Brindle wrote:
>>>
>>>> The SELinux userspace project has updated a release. As usual you can
>>>> find it at http://userspace.selinuxproject.org/trac/wiki/Releases.
>>>>
>>>> This is primarily a bug fix release. The added features are policy
>>>> module module compression support and AVC caching for compute_create
>>>> results.
>>>>
>>>> This release does not include an updated release of the stable_1_0
>>>> branch, which has not been updated since the last release.
>>>>
>>>> For git users this release has been tagged 20090403 in the repository
>>>> on userspace.selinuxproject.org.
>>>>
>>> Joshua, when the following features will be available in the libselinux?
>>>
>>> - Expose avc_netlink_loop() for applications.
>>> http://marc.info/?l=selinux&m=123838949914769&w=2
>>>
Pushed to 2.0.80.
>>> - Permissive domains in userspace.
>>> http://marc.info/?l=selinux&m=123855044416037&w=2
>>>
Pushed to 2.0.80.
>>> - selabel_lookup(3) support for database objects.
>>> http://marc.info/?l=selinux&m=123840173526150&w=2
>>>
Under review still.
>>>
>> These patches are being reviewed by Eamon AFAIK so once he acks them or
>> merges them.
>>
>
> OK, I'll wait for a while more.
>
> In addition, I've forgottn to note the patch.
> - A new API: security_deny_unknown()
> http://marc.info/?l=selinux&m=123863254719835&w=2
>
Pushed to 2.0.80.
--
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [ANN] SELinux userspace release
2009-04-06 17:09 ` Joshua Brindle
@ 2009-04-07 13:13 ` KaiGai Kohei
2009-04-08 2:57 ` Eamon Walsh
0 siblings, 1 reply; 21+ messages in thread
From: KaiGai Kohei @ 2009-04-07 13:13 UTC (permalink / raw)
To: Joshua Brindle; +Cc: SE Linux, Eamon Walsh
Joshua Brindle wrote:
> KaiGai Kohei wrote:
>> Joshua Brindle wrote:
>>> The SELinux userspace project has updated a release. As usual you can
>>> find it at http://userspace.selinuxproject.org/trac/wiki/Releases.
>>>
>>> This is primarily a bug fix release. The added features are policy
>>> module module compression support and AVC caching for compute_create
>>> results.
>>>
>>> This release does not include an updated release of the stable_1_0
>>> branch, which has not been updated since the last release.
>>>
>>> For git users this release has been tagged 20090403 in the repository
>>> on userspace.selinuxproject.org.
>>
>> Joshua, when the following features will be available in the libselinux?
>>
>> - Expose avc_netlink_loop() for applications.
>> http://marc.info/?l=selinux&m=123838949914769&w=2
>>
>> - Permissive domains in userspace.
>> http://marc.info/?l=selinux&m=123855044416037&w=2
>>
>> - selabel_lookup(3) support for database objects.
>> http://marc.info/?l=selinux&m=123840173526150&w=2
>>
>
> These patches are being reviewed by Eamon AFAIK so once he acks them or
> merges them.
OK, I'll wait for a while more.
In addition, I've forgottn to note the patch.
- A new API: security_deny_unknown()
http://marc.info/?l=selinux&m=123863254719835&w=2
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [ANN] SELinux userspace release
2009-04-05 1:02 ` KaiGai Kohei
@ 2009-04-06 17:09 ` Joshua Brindle
2009-04-07 13:13 ` KaiGai Kohei
0 siblings, 1 reply; 21+ messages in thread
From: Joshua Brindle @ 2009-04-06 17:09 UTC (permalink / raw)
To: KaiGai Kohei; +Cc: SE Linux
KaiGai Kohei wrote:
> Joshua Brindle wrote:
>> The SELinux userspace project has updated a release. As usual you can
>> find it at http://userspace.selinuxproject.org/trac/wiki/Releases.
>>
>> This is primarily a bug fix release. The added features are policy
>> module module compression support and AVC caching for compute_create
>> results.
>>
>> This release does not include an updated release of the stable_1_0
>> branch, which has not been updated since the last release.
>>
>> For git users this release has been tagged 20090403 in the repository
>> on userspace.selinuxproject.org.
>
> Joshua, when the following features will be available in the libselinux?
>
> - Expose avc_netlink_loop() for applications.
> http://marc.info/?l=selinux&m=123838949914769&w=2
>
> - Permissive domains in userspace.
> http://marc.info/?l=selinux&m=123855044416037&w=2
>
> - selabel_lookup(3) support for database objects.
> http://marc.info/?l=selinux&m=123840173526150&w=2
>
These patches are being reviewed by Eamon AFAIK so once he acks them or merges them.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* Re: [ANN] SELinux userspace release
2009-04-03 18:05 [ANN] SELinux userspace release Joshua Brindle
@ 2009-04-05 1:02 ` KaiGai Kohei
2009-04-06 17:09 ` Joshua Brindle
0 siblings, 1 reply; 21+ messages in thread
From: KaiGai Kohei @ 2009-04-05 1:02 UTC (permalink / raw)
To: Joshua Brindle; +Cc: SE Linux
Joshua Brindle wrote:
> The SELinux userspace project has updated a release. As usual you can
> find it at http://userspace.selinuxproject.org/trac/wiki/Releases.
>
> This is primarily a bug fix release. The added features are policy
> module module compression support and AVC caching for compute_create
> results.
>
> This release does not include an updated release of the stable_1_0
> branch, which has not been updated since the last release.
>
> For git users this release has been tagged 20090403 in the repository on
> userspace.selinuxproject.org.
Joshua, when the following features will be available in the libselinux?
- Expose avc_netlink_loop() for applications.
http://marc.info/?l=selinux&m=123838949914769&w=2
- Permissive domains in userspace.
http://marc.info/?l=selinux&m=123855044416037&w=2
- selabel_lookup(3) support for database objects.
http://marc.info/?l=selinux&m=123840173526150&w=2
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
* [ANN] SELinux userspace release
@ 2009-04-03 18:05 Joshua Brindle
2009-04-05 1:02 ` KaiGai Kohei
0 siblings, 1 reply; 21+ messages in thread
From: Joshua Brindle @ 2009-04-03 18:05 UTC (permalink / raw)
To: SE Linux
The SELinux userspace project has updated a release. As usual you can find it at
http://userspace.selinuxproject.org/trac/wiki/Releases.
This is primarily a bug fix release. The added features are policy module module
compression support and AVC caching for compute_create results.
This release does not include an updated release of the stable_1_0 branch, which
has not been updated since the last release.
For git users this release has been tagged 20090403 in the repository on
userspace.selinuxproject.org.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 21+ messages in thread
end of thread, other threads:[~2014-05-12 17:10 UTC | newest]
Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-30 18:08 [ANN] SELinux userspace release Stephen Smalley
2013-10-30 18:33 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2014-05-06 17:57 Stephen Smalley
2014-05-10 12:03 ` Sven Vermeulen
2014-05-12 17:10 ` Daniel J Walsh
2013-04-23 14:34 [Ann] " Joshua Brindle
2013-04-25 20:01 ` Sven Vermeulen
2013-04-25 23:15 ` Joshua Brindle
2013-04-26 6:36 ` Sven Vermeulen
2013-04-27 7:46 ` Sven Vermeulen
2012-09-24 23:52 [ANN] " Joshua Brindle
2012-02-17 3:37 [ANN} SELinux Userspace Release Joshua Brindle
2010-12-21 20:39 [ANN] SELinux Userspace release Chad Sellers
2010-05-25 21:11 Chad Sellers
2009-11-30 18:03 Chad Sellers
2009-07-31 14:18 Joshua Brindle
2009-04-03 18:05 [ANN] SELinux userspace release Joshua Brindle
2009-04-05 1:02 ` KaiGai Kohei
2009-04-06 17:09 ` Joshua Brindle
2009-04-07 13:13 ` KaiGai Kohei
2009-04-08 2:57 ` Eamon Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.