* ANN: SELinux userspace 2.8-rc1 release candidate
@ 2018-04-19 15:07 Stephen Smalley
2018-04-20 12:31 ` Petr Lautrbach
` (2 more replies)
0 siblings, 3 replies; 25+ messages in thread
From: Stephen Smalley @ 2018-04-19 15:07 UTC (permalink / raw)
To: SELinux
A 2.8-rc1 release candidate for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
If there are specific changes that you think should be called out in
release notes for packagers and users in the final release announcement, let us know.
Thanks to all the contributors to this release candidate!
A shortlog of changes since the 2.7 release is below.
Dan Cashman (1):
libsepol: cil: Add ability to redeclare types[attributes]
Dominick Grift (1):
Describe multiple-decls in secilc.8.xml
Grégoire Colbert (1):
Fixed bad reference in roleattribute
James Carter (4):
libsepol/cil: Keep attributes used by generated attributes in neverallow rules
libsepol/cil: Create new keep field for type attribute sets
libsepol: Prevent freeing unitialized value in ibendport handling
libsepol/cil: Improve processing of context rules
Jan Zarsky (6):
libsepol: reset pointer after free
libsepol: fix memory leak in sepol_bool_query()
libsepol: free ibendport device names
libsemanage: free genhomedircon fallback user
libsemanage: properly check return value of iterate function
python/sepolgen: fix typo in PolicyGenerator
Lee Stubbs (1):
Minor update for bash completion. Bash completion for ports is missing '-' for type. Based on documentation, it should be --type, not -type.
Lukas Vrabec (1):
python/sepolicy: Fix sepolicy manpage.
Marcus Folkesson (15):
libsepol: build: follow standard semantics for DESTDIR and PREFIX
libselinux: build: follow standard semantics for DESTDIR and PREFIX
libsemanage: build: follow standard semantics for DESTDIR and PREFIX
checkpolicy: build: follow standard semantics for DESTDIR and PREFIX
gui: build: follow standard semantics for DESTDIR and PREFIX
mcstrans: build: follow standard semantics for DESTDIR and PREFIX
policycoreutils: build: follow standard semantics for DESTDIR and PREFIX
python: build: follow standard semantics for DESTDIR and PREFIX
python: build: move modules from platform-specific to platform-shared
restorecond: build: follow standard semantics for DESTDIR and PREFIX
sandbox: build: follow standard semantics for DESTDIR and PREFIX
secilc: build: follow standard semantics for DESTDIR and PREFIX
semodule-utils: build: follow standard semantics for DESTDIR and PREFIX
dbus: build: follow standard semantics for DESTDIR and PREFIX
build: setup buildpaths if DESTDIR is specified
Nicolas Iooss (36):
Travis-CI: use sugulite environment
Travis-CI: do not test gold linkers with clang
sepolicy: fix Python3 syntax in manpage
sepolicy: do not fail when file_contexts.local does not exist
sepolicy: fix misspelling of _ra_content_t suffix
sepolicy: support non-MLS policy in manpage
sepolicy: support non-MCS policy in manpage
sepolicy: remove stray space in section "SEE ALSO"
libsepol: use IN6ADDR_ANY_INIT to initialize IPv6 addresses
libsepol/cil: __cil_post_db_neverallow_attr_helper() does not use extra_args
libsepol/cil: fix -Wwrite-strings warning
libsepol/cil: drop wrong unused attribute
restorecond: check write() and daemon() results
Makefile: define a default value for CFLAGS
sepolicy: do not fail when file_contexts.local or .subs do not exist
gui: port to Python 3 by migrating to PyGI
Travis-CI: fix configuration after September's update
sepolicy: ignore comments and empty lines in file_contexts.subs_dist
sepolicy: support non-MLS policy in gui
gui: remove the status bar
gui: fix parsing of "semodule -lfull" in tab Modules
gui: delete overridden definition of usersPage.delete()
gui: remove mappingsPage
Travis-CI: try working around network issues by retrying downloads
Travis-CI: do not duplicate $DESTDIR in $PYSITEDIR
python/sepolicy: Fix translated strings with parameters
python/sepolicy: Support non-MLS policy
python/sepolicy: Initialize policy.ports as a dict in generate.py
libsepol: cil: show an error when cil_expr_to_string() fails
libsemanage: silence clang static analyzer report
libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
libsepol: do not dereference NULL if stack_init fails
libsepol: ensure the level context is not empty
libselinux: label_file: fix memory management in store_stem()
libselinux: fix memory leak in getconlist
libselinux: remove unused variable usercon
Petr Lautrbach (12):
libselinux: Add support for pcre2 to pkgconfig definition
python/semanage: drop *_ini functions
python/semanage: Don't use global setup variable
python/semanage: Enforce noreload only if it's requested by -N option
libsemanage: Use umask(0077) for fopen() write operations
python/semanage: make seobject.py backward compatible
python/semanage: bring semanageRecords.set_reload back
gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
python/sepolicy: Use list instead of map
python/sepolicy: Do not use types.BooleanType
gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
Richard Haines (3):
libselinux: Correct manpages regarding removable_context
libsemanage: Return commit number if save-previous false
libsemanage: Allow tmp files to be kept if a compile fails
Richard Haines via Selinux (1):
selinux: Add support for the SCTP portcon keyword
Stephen Smalley (4):
checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
semodule-utils: remove semodule_deps
libsepol: Export sepol_polcap_getnum/name functions
Update VERSION files to 2.8-rc1
Tri Vo (1):
Resolve conflicts in expandattribute.
Vit Mojzis (18):
libsemanage: Keep copy of file_contexts.homedirs in policy store
libsemanage: Add support for listing fcontext.homedirs file
python/semanage: Enable listing file_contexts.homedirs
python/semanage: Fix export of ibendport entries
python/semanage: Update Infiniband code to work on python3
python/semanage: Remove redundant and broken moduleRecords.modify()
semodule-utils/semodule_package: fix semodule_unpackage man page
libsemanage: Improve warning for installing disabled module
gui/semanagePage: Close "edit" and "add" dialogues when successfull
gui/fcontextPage: Set default object class in addDialog
libsemanage: remove access() check to make setuid programs work
libsemanage: remove access() check to make setuid programs work
libsemanage: replace access() checks to make setuid programs work
libsemanage/direct_api.c: Fix iterating over array
policycoreutils/semodule: Improve man page and unify it with --help
policycoreutils/semodule: Allow enabling/disabling multiple modules at once
python/sepolgen: Try to translate SELinux contexts to raw
libsemanage: do not change file mode of seusers and users_extra
Yuli Khodorkovskiy (3):
secilc: Fix documentation build for OS X systems
libselinux: verify file_contexts when using restorecon
libselinux: echo line number of bad label in selabel_fini()
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc1 release candidate
2018-04-19 15:07 ANN: SELinux userspace 2.8-rc1 release candidate Stephen Smalley
@ 2018-04-20 12:31 ` Petr Lautrbach
2018-04-20 12:49 ` Stephen Smalley
2018-04-23 20:00 ` Nicolas Iooss
2018-04-26 17:35 ` ANN: SELinux userspace 2.8-rc2 " Stephen Smalley
2 siblings, 1 reply; 25+ messages in thread
From: Petr Lautrbach @ 2018-04-20 12:31 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
[-- Attachment #1: Type: text/plain, Size: 9713 bytes --]
On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote:
> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
> https://github.com/SELinuxProject/selinux/wiki/Releases
>
> Please give it a test and let us know if there are any issues.
I've built in my Fedora COPR repo [1] and I'm running Fedora CI [2] tests on it.
So far there's one problem found by libselinux/selabel-function [3] test. It
looks like commit 814631d3aebaa changed the behavior of selabel_open() when
SELABEL_OPT_VALIDATE is null - a context should not be validated, but it is.
The reproducer code:
#include <errno.h>
#include <stdio.h>
#include <selinux/selinux.h>
#include <selinux/label.h>
int main() {
struct selabel_handle *hnd = NULL;
security_context_t selabel_context;
struct selinux_opt selabel_option [] = {
{ SELABEL_OPT_PATH, "my_contexts" },
{ SELABEL_OPT_SUBSET, NULL },
{ SELABEL_OPT_VALIDATE, (char *) 0 },
{ SELABEL_OPT_BASEONLY, (char *) 0 }
};
int result = 0;
if ((hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 4)) == NULL) {
return 1;
}
if ((result = selabel_lookup_raw(hnd, &selabel_context, "/tmp/mypath", 0)) == -1) {
perror("selabel_lookup_raw - ERROR");
return 1;
}
printf("%s\n", selabel_context);
return 0;
}
---
$ gcc -o selabel_reproducer selabel_reproducer.c -lselinux
$ echo '/tmp/mypath my_user_u:my_role_r:my_type_t:s' > my_contexts
Before:
$ ./selabel_reproducer
my_user_u:my_role_r:my_type_t:s
After:
$ ./selabel_reproducer
my_contexts: line 1 has invalid context my_user_u:my_role_r:my_type_t:s
selabel_lookup_raw - ERROR: Invalid argument
[1] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/packages/
[2] https://src.fedoraproject.org/tests/selinux/tree/master
[3] https://src.fedoraproject.org/tests/selinux/blob/master/f/libselinux/selabel-functions
> If there are specific changes that you think should be called out in
> release notes for packagers and users in the final release announcement, let us know.
>
> Thanks to all the contributors to this release candidate!
>
> A shortlog of changes since the 2.7 release is below.
>
> Dan Cashman (1):
> libsepol: cil: Add ability to redeclare types[attributes]
>
> Dominick Grift (1):
> Describe multiple-decls in secilc.8.xml
>
> Grégoire Colbert (1):
> Fixed bad reference in roleattribute
>
> James Carter (4):
> libsepol/cil: Keep attributes used by generated attributes in neverallow rules
> libsepol/cil: Create new keep field for type attribute sets
> libsepol: Prevent freeing unitialized value in ibendport handling
> libsepol/cil: Improve processing of context rules
>
> Jan Zarsky (6):
> libsepol: reset pointer after free
> libsepol: fix memory leak in sepol_bool_query()
> libsepol: free ibendport device names
> libsemanage: free genhomedircon fallback user
> libsemanage: properly check return value of iterate function
> python/sepolgen: fix typo in PolicyGenerator
>
> Lee Stubbs (1):
> Minor update for bash completion. Bash completion for ports is missing '-' for type. Based on documentation, it should be --type, not -type.
>
> Lukas Vrabec (1):
> python/sepolicy: Fix sepolicy manpage.
>
> Marcus Folkesson (15):
> libsepol: build: follow standard semantics for DESTDIR and PREFIX
> libselinux: build: follow standard semantics for DESTDIR and PREFIX
> libsemanage: build: follow standard semantics for DESTDIR and PREFIX
> checkpolicy: build: follow standard semantics for DESTDIR and PREFIX
> gui: build: follow standard semantics for DESTDIR and PREFIX
> mcstrans: build: follow standard semantics for DESTDIR and PREFIX
> policycoreutils: build: follow standard semantics for DESTDIR and PREFIX
> python: build: follow standard semantics for DESTDIR and PREFIX
> python: build: move modules from platform-specific to platform-shared
> restorecond: build: follow standard semantics for DESTDIR and PREFIX
> sandbox: build: follow standard semantics for DESTDIR and PREFIX
> secilc: build: follow standard semantics for DESTDIR and PREFIX
> semodule-utils: build: follow standard semantics for DESTDIR and PREFIX
> dbus: build: follow standard semantics for DESTDIR and PREFIX
> build: setup buildpaths if DESTDIR is specified
>
> Nicolas Iooss (36):
> Travis-CI: use sugulite environment
> Travis-CI: do not test gold linkers with clang
> sepolicy: fix Python3 syntax in manpage
> sepolicy: do not fail when file_contexts.local does not exist
> sepolicy: fix misspelling of _ra_content_t suffix
> sepolicy: support non-MLS policy in manpage
> sepolicy: support non-MCS policy in manpage
> sepolicy: remove stray space in section "SEE ALSO"
> libsepol: use IN6ADDR_ANY_INIT to initialize IPv6 addresses
> libsepol/cil: __cil_post_db_neverallow_attr_helper() does not use extra_args
> libsepol/cil: fix -Wwrite-strings warning
> libsepol/cil: drop wrong unused attribute
> restorecond: check write() and daemon() results
> Makefile: define a default value for CFLAGS
> sepolicy: do not fail when file_contexts.local or .subs do not exist
> gui: port to Python 3 by migrating to PyGI
> Travis-CI: fix configuration after September's update
> sepolicy: ignore comments and empty lines in file_contexts.subs_dist
> sepolicy: support non-MLS policy in gui
> gui: remove the status bar
> gui: fix parsing of "semodule -lfull" in tab Modules
> gui: delete overridden definition of usersPage.delete()
> gui: remove mappingsPage
> Travis-CI: try working around network issues by retrying downloads
> Travis-CI: do not duplicate $DESTDIR in $PYSITEDIR
> python/sepolicy: Fix translated strings with parameters
> python/sepolicy: Support non-MLS policy
> python/sepolicy: Initialize policy.ports as a dict in generate.py
> libsepol: cil: show an error when cil_expr_to_string() fails
> libsemanage: silence clang static analyzer report
> libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
> libsepol: do not dereference NULL if stack_init fails
> libsepol: ensure the level context is not empty
> libselinux: label_file: fix memory management in store_stem()
> libselinux: fix memory leak in getconlist
> libselinux: remove unused variable usercon
>
> Petr Lautrbach (12):
> libselinux: Add support for pcre2 to pkgconfig definition
> python/semanage: drop *_ini functions
> python/semanage: Don't use global setup variable
> python/semanage: Enforce noreload only if it's requested by -N option
> libsemanage: Use umask(0077) for fopen() write operations
> python/semanage: make seobject.py backward compatible
> python/semanage: bring semanageRecords.set_reload back
> gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
> gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
> python/sepolicy: Use list instead of map
> python/sepolicy: Do not use types.BooleanType
> gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
>
> Richard Haines (3):
> libselinux: Correct manpages regarding removable_context
> libsemanage: Return commit number if save-previous false
> libsemanage: Allow tmp files to be kept if a compile fails
>
> Richard Haines via Selinux (1):
> selinux: Add support for the SCTP portcon keyword
>
> Stephen Smalley (4):
> checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
> semodule-utils: remove semodule_deps
> libsepol: Export sepol_polcap_getnum/name functions
> Update VERSION files to 2.8-rc1
>
> Tri Vo (1):
> Resolve conflicts in expandattribute.
>
> Vit Mojzis (18):
> libsemanage: Keep copy of file_contexts.homedirs in policy store
> libsemanage: Add support for listing fcontext.homedirs file
> python/semanage: Enable listing file_contexts.homedirs
> python/semanage: Fix export of ibendport entries
> python/semanage: Update Infiniband code to work on python3
> python/semanage: Remove redundant and broken moduleRecords.modify()
> semodule-utils/semodule_package: fix semodule_unpackage man page
> libsemanage: Improve warning for installing disabled module
> gui/semanagePage: Close "edit" and "add" dialogues when successfull
> gui/fcontextPage: Set default object class in addDialog
> libsemanage: remove access() check to make setuid programs work
> libsemanage: remove access() check to make setuid programs work
> libsemanage: replace access() checks to make setuid programs work
> libsemanage/direct_api.c: Fix iterating over array
> policycoreutils/semodule: Improve man page and unify it with --help
> policycoreutils/semodule: Allow enabling/disabling multiple modules at once
> python/sepolgen: Try to translate SELinux contexts to raw
> libsemanage: do not change file mode of seusers and users_extra
>
> Yuli Khodorkovskiy (3):
> secilc: Fix documentation build for OS X systems
> libselinux: verify file_contexts when using restorecon
> libselinux: echo line number of bad label in selabel_fini()
>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc1 release candidate
2018-04-20 12:31 ` Petr Lautrbach
@ 2018-04-20 12:49 ` Stephen Smalley
2018-04-20 13:31 ` Petr Lautrbach
0 siblings, 1 reply; 25+ messages in thread
From: Stephen Smalley @ 2018-04-20 12:49 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: SELinux, Yuli Khodorkovskiy
On 04/20/2018 08:31 AM, Petr Lautrbach wrote:
> On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote:
>> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
>> https://github.com/SELinuxProject/selinux/wiki/Releases
>>
>> Please give it a test and let us know if there are any issues.
>
>
> I've built in my Fedora COPR repo [1] and I'm running Fedora CI [2] tests on it.
>
> So far there's one problem found by libselinux/selabel-function [3] test. It
> looks like commit 814631d3aebaa changed the behavior of selabel_open() when
> SELABEL_OPT_VALIDATE is null - a context should not be validated, but it is.
So, is this a bug in the test or a bug in libselinux? As noted in that commit description,
failing to verify contexts at all before use can lead to applying an invalid label (if the system is permissive).
Are there real users of libselinux that rely on the current behavior or is there some use case where
it is desirable?
>
> The reproducer code:
>
> #include <errno.h>
> #include <stdio.h>
>
> #include <selinux/selinux.h>
> #include <selinux/label.h>
>
> int main() {
> struct selabel_handle *hnd = NULL;
> security_context_t selabel_context;
>
> struct selinux_opt selabel_option [] = {
> { SELABEL_OPT_PATH, "my_contexts" },
> { SELABEL_OPT_SUBSET, NULL },
> { SELABEL_OPT_VALIDATE, (char *) 0 },
> { SELABEL_OPT_BASEONLY, (char *) 0 }
> };
> int result = 0;
>
> if ((hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 4)) == NULL) {
> return 1;
> }
>
> if ((result = selabel_lookup_raw(hnd, &selabel_context, "/tmp/mypath", 0)) == -1) {
> perror("selabel_lookup_raw - ERROR");
> return 1;
> }
>
> printf("%s\n", selabel_context);
>
> return 0;
> }
>
> ---
>
> $ gcc -o selabel_reproducer selabel_reproducer.c -lselinux
> $ echo '/tmp/mypath my_user_u:my_role_r:my_type_t:s' > my_contexts
>
> Before:
>
> $ ./selabel_reproducer
> my_user_u:my_role_r:my_type_t:s
>
> After:
>
> $ ./selabel_reproducer
> my_contexts: line 1 has invalid context my_user_u:my_role_r:my_type_t:s
> selabel_lookup_raw - ERROR: Invalid argument
>
>
>
>
> [1] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/packages/
> [2] https://src.fedoraproject.org/tests/selinux/tree/master
> [3] https://src.fedoraproject.org/tests/selinux/blob/master/f/libselinux/selabel-functions
>
>> If there are specific changes that you think should be called out in
>> release notes for packagers and users in the final release announcement, let us know.
>>
>> Thanks to all the contributors to this release candidate!
>>
>> A shortlog of changes since the 2.7 release is below.
>>
>> Dan Cashman (1):
>> libsepol: cil: Add ability to redeclare types[attributes]
>>
>> Dominick Grift (1):
>> Describe multiple-decls in secilc.8.xml
>>
>> Grégoire Colbert (1):
>> Fixed bad reference in roleattribute
>>
>> James Carter (4):
>> libsepol/cil: Keep attributes used by generated attributes in neverallow rules
>> libsepol/cil: Create new keep field for type attribute sets
>> libsepol: Prevent freeing unitialized value in ibendport handling
>> libsepol/cil: Improve processing of context rules
>>
>> Jan Zarsky (6):
>> libsepol: reset pointer after free
>> libsepol: fix memory leak in sepol_bool_query()
>> libsepol: free ibendport device names
>> libsemanage: free genhomedircon fallback user
>> libsemanage: properly check return value of iterate function
>> python/sepolgen: fix typo in PolicyGenerator
>>
>> Lee Stubbs (1):
>> Minor update for bash completion. Bash completion for ports is missing '-' for type. Based on documentation, it should be --type, not -type.
>>
>> Lukas Vrabec (1):
>> python/sepolicy: Fix sepolicy manpage.
>>
>> Marcus Folkesson (15):
>> libsepol: build: follow standard semantics for DESTDIR and PREFIX
>> libselinux: build: follow standard semantics for DESTDIR and PREFIX
>> libsemanage: build: follow standard semantics for DESTDIR and PREFIX
>> checkpolicy: build: follow standard semantics for DESTDIR and PREFIX
>> gui: build: follow standard semantics for DESTDIR and PREFIX
>> mcstrans: build: follow standard semantics for DESTDIR and PREFIX
>> policycoreutils: build: follow standard semantics for DESTDIR and PREFIX
>> python: build: follow standard semantics for DESTDIR and PREFIX
>> python: build: move modules from platform-specific to platform-shared
>> restorecond: build: follow standard semantics for DESTDIR and PREFIX
>> sandbox: build: follow standard semantics for DESTDIR and PREFIX
>> secilc: build: follow standard semantics for DESTDIR and PREFIX
>> semodule-utils: build: follow standard semantics for DESTDIR and PREFIX
>> dbus: build: follow standard semantics for DESTDIR and PREFIX
>> build: setup buildpaths if DESTDIR is specified
>>
>> Nicolas Iooss (36):
>> Travis-CI: use sugulite environment
>> Travis-CI: do not test gold linkers with clang
>> sepolicy: fix Python3 syntax in manpage
>> sepolicy: do not fail when file_contexts.local does not exist
>> sepolicy: fix misspelling of _ra_content_t suffix
>> sepolicy: support non-MLS policy in manpage
>> sepolicy: support non-MCS policy in manpage
>> sepolicy: remove stray space in section "SEE ALSO"
>> libsepol: use IN6ADDR_ANY_INIT to initialize IPv6 addresses
>> libsepol/cil: __cil_post_db_neverallow_attr_helper() does not use extra_args
>> libsepol/cil: fix -Wwrite-strings warning
>> libsepol/cil: drop wrong unused attribute
>> restorecond: check write() and daemon() results
>> Makefile: define a default value for CFLAGS
>> sepolicy: do not fail when file_contexts.local or .subs do not exist
>> gui: port to Python 3 by migrating to PyGI
>> Travis-CI: fix configuration after September's update
>> sepolicy: ignore comments and empty lines in file_contexts.subs_dist
>> sepolicy: support non-MLS policy in gui
>> gui: remove the status bar
>> gui: fix parsing of "semodule -lfull" in tab Modules
>> gui: delete overridden definition of usersPage.delete()
>> gui: remove mappingsPage
>> Travis-CI: try working around network issues by retrying downloads
>> Travis-CI: do not duplicate $DESTDIR in $PYSITEDIR
>> python/sepolicy: Fix translated strings with parameters
>> python/sepolicy: Support non-MLS policy
>> python/sepolicy: Initialize policy.ports as a dict in generate.py
>> libsepol: cil: show an error when cil_expr_to_string() fails
>> libsemanage: silence clang static analyzer report
>> libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
>> libsepol: do not dereference NULL if stack_init fails
>> libsepol: ensure the level context is not empty
>> libselinux: label_file: fix memory management in store_stem()
>> libselinux: fix memory leak in getconlist
>> libselinux: remove unused variable usercon
>>
>> Petr Lautrbach (12):
>> libselinux: Add support for pcre2 to pkgconfig definition
>> python/semanage: drop *_ini functions
>> python/semanage: Don't use global setup variable
>> python/semanage: Enforce noreload only if it's requested by -N option
>> libsemanage: Use umask(0077) for fopen() write operations
>> python/semanage: make seobject.py backward compatible
>> python/semanage: bring semanageRecords.set_reload back
>> gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
>> gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
>> python/sepolicy: Use list instead of map
>> python/sepolicy: Do not use types.BooleanType
>> gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
>>
>> Richard Haines (3):
>> libselinux: Correct manpages regarding removable_context
>> libsemanage: Return commit number if save-previous false
>> libsemanage: Allow tmp files to be kept if a compile fails
>>
>> Richard Haines via Selinux (1):
>> selinux: Add support for the SCTP portcon keyword
>>
>> Stephen Smalley (4):
>> checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
>> semodule-utils: remove semodule_deps
>> libsepol: Export sepol_polcap_getnum/name functions
>> Update VERSION files to 2.8-rc1
>>
>> Tri Vo (1):
>> Resolve conflicts in expandattribute.
>>
>> Vit Mojzis (18):
>> libsemanage: Keep copy of file_contexts.homedirs in policy store
>> libsemanage: Add support for listing fcontext.homedirs file
>> python/semanage: Enable listing file_contexts.homedirs
>> python/semanage: Fix export of ibendport entries
>> python/semanage: Update Infiniband code to work on python3
>> python/semanage: Remove redundant and broken moduleRecords.modify()
>> semodule-utils/semodule_package: fix semodule_unpackage man page
>> libsemanage: Improve warning for installing disabled module
>> gui/semanagePage: Close "edit" and "add" dialogues when successfull
>> gui/fcontextPage: Set default object class in addDialog
>> libsemanage: remove access() check to make setuid programs work
>> libsemanage: remove access() check to make setuid programs work
>> libsemanage: replace access() checks to make setuid programs work
>> libsemanage/direct_api.c: Fix iterating over array
>> policycoreutils/semodule: Improve man page and unify it with --help
>> policycoreutils/semodule: Allow enabling/disabling multiple modules at once
>> python/sepolgen: Try to translate SELinux contexts to raw
>> libsemanage: do not change file mode of seusers and users_extra
>>
>> Yuli Khodorkovskiy (3):
>> secilc: Fix documentation build for OS X systems
>> libselinux: verify file_contexts when using restorecon
>> libselinux: echo line number of bad label in selabel_fini()
>>
>>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc1 release candidate
2018-04-20 12:49 ` Stephen Smalley
@ 2018-04-20 13:31 ` Petr Lautrbach
2018-04-20 14:09 ` Stephen Smalley
0 siblings, 1 reply; 25+ messages in thread
From: Petr Lautrbach @ 2018-04-20 13:31 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux, Yuli Khodorkovskiy
[-- Attachment #1: Type: text/plain, Size: 11371 bytes --]
On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote:
> On 04/20/2018 08:31 AM, Petr Lautrbach wrote:
> > On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote:
> >> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
> >> https://github.com/SELinuxProject/selinux/wiki/Releases
> >>
> >> Please give it a test and let us know if there are any issues.
> >
> >
> > I've built in my Fedora COPR repo [1] and I'm running Fedora CI [2] tests on it.
> >
> > So far there's one problem found by libselinux/selabel-function [3] test. It
> > looks like commit 814631d3aebaa changed the behavior of selabel_open() when
> > SELABEL_OPT_VALIDATE is null - a context should not be validated, but it is.
>
> So, is this a bug in the test or a bug in libselinux? As noted in that commit description,
> failing to verify contexts at all before use can lead to applying an invalid label (if the system is permissive).
selabel_open(3) states that "an invalid context may not be treated as an
error unless it is actually encountered during a lookup operation ". So at
least, it's some disproportion between the code and the documentation.
I read the commit message as that a context should be validated before it's
applied. But now it's validated during lookup.
> Are there real users of libselinux that rely on the current behavior or is there some use case where
> it is desirable?
I don't know. I was thinking about setfiles but it always validate. There might be 3rd party users who
lookups for labels in chroot.
> >
> > The reproducer code:
> >
> > #include <errno.h>
> > #include <stdio.h>
> >
> > #include <selinux/selinux.h>
> > #include <selinux/label.h>
> >
> > int main() {
> > struct selabel_handle *hnd = NULL;
> > security_context_t selabel_context;
> >
> > struct selinux_opt selabel_option [] = {
> > { SELABEL_OPT_PATH, "my_contexts" },
> > { SELABEL_OPT_SUBSET, NULL },
> > { SELABEL_OPT_VALIDATE, (char *) 0 },
> > { SELABEL_OPT_BASEONLY, (char *) 0 }
> > };
> > int result = 0;
> >
> > if ((hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 4)) == NULL) {
> > return 1;
> > }
> >
> > if ((result = selabel_lookup_raw(hnd, &selabel_context, "/tmp/mypath", 0)) == -1) {
> > perror("selabel_lookup_raw - ERROR");
> > return 1;
> > }
> >
> > printf("%s\n", selabel_context);
> >
> > return 0;
> > }
> >
> > ---
> >
> > $ gcc -o selabel_reproducer selabel_reproducer.c -lselinux
> > $ echo '/tmp/mypath my_user_u:my_role_r:my_type_t:s' > my_contexts
> >
> > Before:
> >
> > $ ./selabel_reproducer
> > my_user_u:my_role_r:my_type_t:s
> >
> > After:
> >
> > $ ./selabel_reproducer
> > my_contexts: line 1 has invalid context my_user_u:my_role_r:my_type_t:s
> > selabel_lookup_raw - ERROR: Invalid argument
> >
> >
> >
> >
> > [1] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/packages/
> > [2] https://src.fedoraproject.org/tests/selinux/tree/master
> > [3] https://src.fedoraproject.org/tests/selinux/blob/master/f/libselinux/selabel-functions
> >
> >> If there are specific changes that you think should be called out in
> >> release notes for packagers and users in the final release announcement, let us know.
> >>
> >> Thanks to all the contributors to this release candidate!
> >>
> >> A shortlog of changes since the 2.7 release is below.
> >>
> >> Dan Cashman (1):
> >> libsepol: cil: Add ability to redeclare types[attributes]
> >>
> >> Dominick Grift (1):
> >> Describe multiple-decls in secilc.8.xml
> >>
> >> Grégoire Colbert (1):
> >> Fixed bad reference in roleattribute
> >>
> >> James Carter (4):
> >> libsepol/cil: Keep attributes used by generated attributes in neverallow rules
> >> libsepol/cil: Create new keep field for type attribute sets
> >> libsepol: Prevent freeing unitialized value in ibendport handling
> >> libsepol/cil: Improve processing of context rules
> >>
> >> Jan Zarsky (6):
> >> libsepol: reset pointer after free
> >> libsepol: fix memory leak in sepol_bool_query()
> >> libsepol: free ibendport device names
> >> libsemanage: free genhomedircon fallback user
> >> libsemanage: properly check return value of iterate function
> >> python/sepolgen: fix typo in PolicyGenerator
> >>
> >> Lee Stubbs (1):
> >> Minor update for bash completion. Bash completion for ports is missing '-' for type. Based on documentation, it should be --type, not -type.
> >>
> >> Lukas Vrabec (1):
> >> python/sepolicy: Fix sepolicy manpage.
> >>
> >> Marcus Folkesson (15):
> >> libsepol: build: follow standard semantics for DESTDIR and PREFIX
> >> libselinux: build: follow standard semantics for DESTDIR and PREFIX
> >> libsemanage: build: follow standard semantics for DESTDIR and PREFIX
> >> checkpolicy: build: follow standard semantics for DESTDIR and PREFIX
> >> gui: build: follow standard semantics for DESTDIR and PREFIX
> >> mcstrans: build: follow standard semantics for DESTDIR and PREFIX
> >> policycoreutils: build: follow standard semantics for DESTDIR and PREFIX
> >> python: build: follow standard semantics for DESTDIR and PREFIX
> >> python: build: move modules from platform-specific to platform-shared
> >> restorecond: build: follow standard semantics for DESTDIR and PREFIX
> >> sandbox: build: follow standard semantics for DESTDIR and PREFIX
> >> secilc: build: follow standard semantics for DESTDIR and PREFIX
> >> semodule-utils: build: follow standard semantics for DESTDIR and PREFIX
> >> dbus: build: follow standard semantics for DESTDIR and PREFIX
> >> build: setup buildpaths if DESTDIR is specified
> >>
> >> Nicolas Iooss (36):
> >> Travis-CI: use sugulite environment
> >> Travis-CI: do not test gold linkers with clang
> >> sepolicy: fix Python3 syntax in manpage
> >> sepolicy: do not fail when file_contexts.local does not exist
> >> sepolicy: fix misspelling of _ra_content_t suffix
> >> sepolicy: support non-MLS policy in manpage
> >> sepolicy: support non-MCS policy in manpage
> >> sepolicy: remove stray space in section "SEE ALSO"
> >> libsepol: use IN6ADDR_ANY_INIT to initialize IPv6 addresses
> >> libsepol/cil: __cil_post_db_neverallow_attr_helper() does not use extra_args
> >> libsepol/cil: fix -Wwrite-strings warning
> >> libsepol/cil: drop wrong unused attribute
> >> restorecond: check write() and daemon() results
> >> Makefile: define a default value for CFLAGS
> >> sepolicy: do not fail when file_contexts.local or .subs do not exist
> >> gui: port to Python 3 by migrating to PyGI
> >> Travis-CI: fix configuration after September's update
> >> sepolicy: ignore comments and empty lines in file_contexts.subs_dist
> >> sepolicy: support non-MLS policy in gui
> >> gui: remove the status bar
> >> gui: fix parsing of "semodule -lfull" in tab Modules
> >> gui: delete overridden definition of usersPage.delete()
> >> gui: remove mappingsPage
> >> Travis-CI: try working around network issues by retrying downloads
> >> Travis-CI: do not duplicate $DESTDIR in $PYSITEDIR
> >> python/sepolicy: Fix translated strings with parameters
> >> python/sepolicy: Support non-MLS policy
> >> python/sepolicy: Initialize policy.ports as a dict in generate.py
> >> libsepol: cil: show an error when cil_expr_to_string() fails
> >> libsemanage: silence clang static analyzer report
> >> libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
> >> libsepol: do not dereference NULL if stack_init fails
> >> libsepol: ensure the level context is not empty
> >> libselinux: label_file: fix memory management in store_stem()
> >> libselinux: fix memory leak in getconlist
> >> libselinux: remove unused variable usercon
> >>
> >> Petr Lautrbach (12):
> >> libselinux: Add support for pcre2 to pkgconfig definition
> >> python/semanage: drop *_ini functions
> >> python/semanage: Don't use global setup variable
> >> python/semanage: Enforce noreload only if it's requested by -N option
> >> libsemanage: Use umask(0077) for fopen() write operations
> >> python/semanage: make seobject.py backward compatible
> >> python/semanage: bring semanageRecords.set_reload back
> >> gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
> >> gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
> >> python/sepolicy: Use list instead of map
> >> python/sepolicy: Do not use types.BooleanType
> >> gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
> >>
> >> Richard Haines (3):
> >> libselinux: Correct manpages regarding removable_context
> >> libsemanage: Return commit number if save-previous false
> >> libsemanage: Allow tmp files to be kept if a compile fails
> >>
> >> Richard Haines via Selinux (1):
> >> selinux: Add support for the SCTP portcon keyword
> >>
> >> Stephen Smalley (4):
> >> checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
> >> semodule-utils: remove semodule_deps
> >> libsepol: Export sepol_polcap_getnum/name functions
> >> Update VERSION files to 2.8-rc1
> >>
> >> Tri Vo (1):
> >> Resolve conflicts in expandattribute.
> >>
> >> Vit Mojzis (18):
> >> libsemanage: Keep copy of file_contexts.homedirs in policy store
> >> libsemanage: Add support for listing fcontext.homedirs file
> >> python/semanage: Enable listing file_contexts.homedirs
> >> python/semanage: Fix export of ibendport entries
> >> python/semanage: Update Infiniband code to work on python3
> >> python/semanage: Remove redundant and broken moduleRecords.modify()
> >> semodule-utils/semodule_package: fix semodule_unpackage man page
> >> libsemanage: Improve warning for installing disabled module
> >> gui/semanagePage: Close "edit" and "add" dialogues when successfull
> >> gui/fcontextPage: Set default object class in addDialog
> >> libsemanage: remove access() check to make setuid programs work
> >> libsemanage: remove access() check to make setuid programs work
> >> libsemanage: replace access() checks to make setuid programs work
> >> libsemanage/direct_api.c: Fix iterating over array
> >> policycoreutils/semodule: Improve man page and unify it with --help
> >> policycoreutils/semodule: Allow enabling/disabling multiple modules at once
> >> python/sepolgen: Try to translate SELinux contexts to raw
> >> libsemanage: do not change file mode of seusers and users_extra
> >>
> >> Yuli Khodorkovskiy (3):
> >> secilc: Fix documentation build for OS X systems
> >> libselinux: verify file_contexts when using restorecon
> >> libselinux: echo line number of bad label in selabel_fini()
> >>
> >>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc1 release candidate
2018-04-20 13:31 ` Petr Lautrbach
@ 2018-04-20 14:09 ` Stephen Smalley
2018-04-25 14:11 ` Yuli Khodorkovskiy
0 siblings, 1 reply; 25+ messages in thread
From: Stephen Smalley @ 2018-04-20 14:09 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: SELinux, Yuli Khodorkovskiy
On 04/20/2018 09:31 AM, Petr Lautrbach wrote:
> On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote:
>> On 04/20/2018 08:31 AM, Petr Lautrbach wrote:
>>> On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote:
>>>> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
>>>> https://github.com/SELinuxProject/selinux/wiki/Releases
>>>>
>>>> Please give it a test and let us know if there are any issues.
>>>
>>>
>>> I've built in my Fedora COPR repo [1] and I'm running Fedora CI [2] tests on it.
>>>
>>> So far there's one problem found by libselinux/selabel-function [3] test. It
>>> looks like commit 814631d3aebaa changed the behavior of selabel_open() when
>>> SELABEL_OPT_VALIDATE is null - a context should not be validated, but it is.
>>
>> So, is this a bug in the test or a bug in libselinux? As noted in that commit description,
>> failing to verify contexts at all before use can lead to applying an invalid label (if the system is permissive).
>
> selabel_open(3) states that "an invalid context may not be treated as an
> error unless it is actually encountered during a lookup operation ". So at
> least, it's some disproportion between the code and the documentation.
>
> I read the commit message as that a context should be validated before it's
> applied. But now it's validated during lookup.
I guess it would be an API change given the way SELABEL_OPT_VALIDATE is documented in the man page,
although that description doesn't quite match the current code either.
I was thinking that {SELABEL_OPT_VALIDATE,1} was intended to mean "validate all contexts during selabel_open() and fail the open on any errors". Which is good for setfiles (particularly when invoked by libsemanage to check file_contexts against the policy) but was considered problematic for restorecon, as it meant that a single typo in file_contexts could prevent your system from booting (e.g. restorecon -R /dev or similar during boot may fail even if the error has nothing to do with /dev entries). I thought {SELABEL_OPT_VALIDATE,0} was intended to mean "don't validate during selabel_open(); instead, lazily validate just before returning from selabel_lookup()". That makes more sense to me.
However, if it is an API change, I guess we have to revert it. In which case maybe we should just change restorecon itself
to validate the context it gets from selabel_lookup (which might have been Yuli's original approach; I don't remember -
I think I sent him down this path instead).
On a separate but related note, I have seen situations where people really wanted setfiles to have an option to suppress validation for use when labeling in a chroot with a policy that differs from the host policy.
>
>
>
>> Are there real users of libselinux that rely on the current behavior or is there some use case where
>> it is desirable?
>
> I don't know. I was thinking about setfiles but it always validate. There might be 3rd party users who
> lookups for labels in chroot.
>
>
>>>
>>> The reproducer code:
>>>
>>> #include <errno.h>
>>> #include <stdio.h>
>>>
>>> #include <selinux/selinux.h>
>>> #include <selinux/label.h>
>>>
>>> int main() {
>>> struct selabel_handle *hnd = NULL;
>>> security_context_t selabel_context;
>>>
>>> struct selinux_opt selabel_option [] = {
>>> { SELABEL_OPT_PATH, "my_contexts" },
>>> { SELABEL_OPT_SUBSET, NULL },
>>> { SELABEL_OPT_VALIDATE, (char *) 0 },
>>> { SELABEL_OPT_BASEONLY, (char *) 0 }
>>> };
>>> int result = 0;
>>>
>>> if ((hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 4)) == NULL) {
>>> return 1;
>>> }
>>>
>>> if ((result = selabel_lookup_raw(hnd, &selabel_context, "/tmp/mypath", 0)) == -1) {
>>> perror("selabel_lookup_raw - ERROR");
>>> return 1;
>>> }
>>>
>>> printf("%s\n", selabel_context);
>>>
>>> return 0;
>>> }
>>>
>>> ---
>>>
>>> $ gcc -o selabel_reproducer selabel_reproducer.c -lselinux
>>> $ echo '/tmp/mypath my_user_u:my_role_r:my_type_t:s' > my_contexts
>>>
>>> Before:
>>>
>>> $ ./selabel_reproducer
>>> my_user_u:my_role_r:my_type_t:s
>>>
>>> After:
>>>
>>> $ ./selabel_reproducer
>>> my_contexts: line 1 has invalid context my_user_u:my_role_r:my_type_t:s
>>> selabel_lookup_raw - ERROR: Invalid argument
>>>
>>>
>>>
>>>
>>> [1] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/packages/
>>> [2] https://src.fedoraproject.org/tests/selinux/tree/master
>>> [3] https://src.fedoraproject.org/tests/selinux/blob/master/f/libselinux/selabel-functions
>>>
>>>> If there are specific changes that you think should be called out in
>>>> release notes for packagers and users in the final release announcement, let us know.
>>>>
>>>> Thanks to all the contributors to this release candidate!
>>>>
>>>> A shortlog of changes since the 2.7 release is below.
>>>>
>>>> Dan Cashman (1):
>>>> libsepol: cil: Add ability to redeclare types[attributes]
>>>>
>>>> Dominick Grift (1):
>>>> Describe multiple-decls in secilc.8.xml
>>>>
>>>> Grégoire Colbert (1):
>>>> Fixed bad reference in roleattribute
>>>>
>>>> James Carter (4):
>>>> libsepol/cil: Keep attributes used by generated attributes in neverallow rules
>>>> libsepol/cil: Create new keep field for type attribute sets
>>>> libsepol: Prevent freeing unitialized value in ibendport handling
>>>> libsepol/cil: Improve processing of context rules
>>>>
>>>> Jan Zarsky (6):
>>>> libsepol: reset pointer after free
>>>> libsepol: fix memory leak in sepol_bool_query()
>>>> libsepol: free ibendport device names
>>>> libsemanage: free genhomedircon fallback user
>>>> libsemanage: properly check return value of iterate function
>>>> python/sepolgen: fix typo in PolicyGenerator
>>>>
>>>> Lee Stubbs (1):
>>>> Minor update for bash completion. Bash completion for ports is missing '-' for type. Based on documentation, it should be --type, not -type.
>>>>
>>>> Lukas Vrabec (1):
>>>> python/sepolicy: Fix sepolicy manpage.
>>>>
>>>> Marcus Folkesson (15):
>>>> libsepol: build: follow standard semantics for DESTDIR and PREFIX
>>>> libselinux: build: follow standard semantics for DESTDIR and PREFIX
>>>> libsemanage: build: follow standard semantics for DESTDIR and PREFIX
>>>> checkpolicy: build: follow standard semantics for DESTDIR and PREFIX
>>>> gui: build: follow standard semantics for DESTDIR and PREFIX
>>>> mcstrans: build: follow standard semantics for DESTDIR and PREFIX
>>>> policycoreutils: build: follow standard semantics for DESTDIR and PREFIX
>>>> python: build: follow standard semantics for DESTDIR and PREFIX
>>>> python: build: move modules from platform-specific to platform-shared
>>>> restorecond: build: follow standard semantics for DESTDIR and PREFIX
>>>> sandbox: build: follow standard semantics for DESTDIR and PREFIX
>>>> secilc: build: follow standard semantics for DESTDIR and PREFIX
>>>> semodule-utils: build: follow standard semantics for DESTDIR and PREFIX
>>>> dbus: build: follow standard semantics for DESTDIR and PREFIX
>>>> build: setup buildpaths if DESTDIR is specified
>>>>
>>>> Nicolas Iooss (36):
>>>> Travis-CI: use sugulite environment
>>>> Travis-CI: do not test gold linkers with clang
>>>> sepolicy: fix Python3 syntax in manpage
>>>> sepolicy: do not fail when file_contexts.local does not exist
>>>> sepolicy: fix misspelling of _ra_content_t suffix
>>>> sepolicy: support non-MLS policy in manpage
>>>> sepolicy: support non-MCS policy in manpage
>>>> sepolicy: remove stray space in section "SEE ALSO"
>>>> libsepol: use IN6ADDR_ANY_INIT to initialize IPv6 addresses
>>>> libsepol/cil: __cil_post_db_neverallow_attr_helper() does not use extra_args
>>>> libsepol/cil: fix -Wwrite-strings warning
>>>> libsepol/cil: drop wrong unused attribute
>>>> restorecond: check write() and daemon() results
>>>> Makefile: define a default value for CFLAGS
>>>> sepolicy: do not fail when file_contexts.local or .subs do not exist
>>>> gui: port to Python 3 by migrating to PyGI
>>>> Travis-CI: fix configuration after September's update
>>>> sepolicy: ignore comments and empty lines in file_contexts.subs_dist
>>>> sepolicy: support non-MLS policy in gui
>>>> gui: remove the status bar
>>>> gui: fix parsing of "semodule -lfull" in tab Modules
>>>> gui: delete overridden definition of usersPage.delete()
>>>> gui: remove mappingsPage
>>>> Travis-CI: try working around network issues by retrying downloads
>>>> Travis-CI: do not duplicate $DESTDIR in $PYSITEDIR
>>>> python/sepolicy: Fix translated strings with parameters
>>>> python/sepolicy: Support non-MLS policy
>>>> python/sepolicy: Initialize policy.ports as a dict in generate.py
>>>> libsepol: cil: show an error when cil_expr_to_string() fails
>>>> libsemanage: silence clang static analyzer report
>>>> libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
>>>> libsepol: do not dereference NULL if stack_init fails
>>>> libsepol: ensure the level context is not empty
>>>> libselinux: label_file: fix memory management in store_stem()
>>>> libselinux: fix memory leak in getconlist
>>>> libselinux: remove unused variable usercon
>>>>
>>>> Petr Lautrbach (12):
>>>> libselinux: Add support for pcre2 to pkgconfig definition
>>>> python/semanage: drop *_ini functions
>>>> python/semanage: Don't use global setup variable
>>>> python/semanage: Enforce noreload only if it's requested by -N option
>>>> libsemanage: Use umask(0077) for fopen() write operations
>>>> python/semanage: make seobject.py backward compatible
>>>> python/semanage: bring semanageRecords.set_reload back
>>>> gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
>>>> gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
>>>> python/sepolicy: Use list instead of map
>>>> python/sepolicy: Do not use types.BooleanType
>>>> gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
>>>>
>>>> Richard Haines (3):
>>>> libselinux: Correct manpages regarding removable_context
>>>> libsemanage: Return commit number if save-previous false
>>>> libsemanage: Allow tmp files to be kept if a compile fails
>>>>
>>>> Richard Haines via Selinux (1):
>>>> selinux: Add support for the SCTP portcon keyword
>>>>
>>>> Stephen Smalley (4):
>>>> checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
>>>> semodule-utils: remove semodule_deps
>>>> libsepol: Export sepol_polcap_getnum/name functions
>>>> Update VERSION files to 2.8-rc1
>>>>
>>>> Tri Vo (1):
>>>> Resolve conflicts in expandattribute.
>>>>
>>>> Vit Mojzis (18):
>>>> libsemanage: Keep copy of file_contexts.homedirs in policy store
>>>> libsemanage: Add support for listing fcontext.homedirs file
>>>> python/semanage: Enable listing file_contexts.homedirs
>>>> python/semanage: Fix export of ibendport entries
>>>> python/semanage: Update Infiniband code to work on python3
>>>> python/semanage: Remove redundant and broken moduleRecords.modify()
>>>> semodule-utils/semodule_package: fix semodule_unpackage man page
>>>> libsemanage: Improve warning for installing disabled module
>>>> gui/semanagePage: Close "edit" and "add" dialogues when successfull
>>>> gui/fcontextPage: Set default object class in addDialog
>>>> libsemanage: remove access() check to make setuid programs work
>>>> libsemanage: remove access() check to make setuid programs work
>>>> libsemanage: replace access() checks to make setuid programs work
>>>> libsemanage/direct_api.c: Fix iterating over array
>>>> policycoreutils/semodule: Improve man page and unify it with --help
>>>> policycoreutils/semodule: Allow enabling/disabling multiple modules at once
>>>> python/sepolgen: Try to translate SELinux contexts to raw
>>>> libsemanage: do not change file mode of seusers and users_extra
>>>>
>>>> Yuli Khodorkovskiy (3):
>>>> secilc: Fix documentation build for OS X systems
>>>> libselinux: verify file_contexts when using restorecon
>>>> libselinux: echo line number of bad label in selabel_fini()
>>>>
>>>>
>>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc1 release candidate
2018-04-19 15:07 ANN: SELinux userspace 2.8-rc1 release candidate Stephen Smalley
2018-04-20 12:31 ` Petr Lautrbach
@ 2018-04-23 20:00 ` Nicolas Iooss
2018-04-26 17:35 ` ANN: SELinux userspace 2.8-rc2 " Stephen Smalley
2 siblings, 0 replies; 25+ messages in thread
From: Nicolas Iooss @ 2018-04-23 20:00 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
On Thu, Apr 19, 2018 at 5:07 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
> https://github.com/SELinuxProject/selinux/wiki/Releases
>
> Please give it a test and let us know if there are any issues.
>
> If there are specific changes that you think should be called out in
> release notes for packagers and users in the final release announcement, let us know.
>
> Thanks to all the contributors to this release candidate!
Thanks for this release! I have built and installed Arch Linux
packages for it and have not experimented any noticeable issue.
Here are some notes which could be useful for packagers:
* Important notice: when overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR,
LIBEXECDIR, etc., DESTDIR has to be removed from the definition. For
example on Arch Linux, I had to change SBINDIR="${pkgdir}/usr/bin" to
SBINDIR="/usr/bin".
* Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
no longer mandatory (thanks to the switch to "-l:libsepol.a" in
Makefiles).
* Still in Makfiles, PYSITEDIR has been renamed PYTHONLIBDIR (and its
definition changed).
* selinux-gui (ie. system-config-selinux GUI application) is now
compatible with Python 3. Doing this required migrating away from
PyGTK to the supported PyGI library. This means that selinux-gui now
depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
requires PyGtk or Python 2.
By the way, for Arch Linux users who want to test the RC, I have
published the PKGBUILDs I have written on branch "selinux-2.8-rc" of
https://github.com/archlinuxhardened/selinux/commits/selinux-2.8-rc .
Cheers,
Nicolas
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc1 release candidate
2018-04-20 14:09 ` Stephen Smalley
@ 2018-04-25 14:11 ` Yuli Khodorkovskiy
2018-04-25 14:32 ` Stephen Smalley
0 siblings, 1 reply; 25+ messages in thread
From: Yuli Khodorkovskiy @ 2018-04-25 14:11 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Petr Lautrbach, SELinux
On Fri, Apr 20, 2018 at 10:09 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On 04/20/2018 09:31 AM, Petr Lautrbach wrote:
>> On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote:
>>> On 04/20/2018 08:31 AM, Petr Lautrbach wrote:
>>>> On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote:
>>>>> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
>>>>> https://github.com/SELinuxProject/selinux/wiki/Releases
>>>>>
>>>>> Please give it a test and let us know if there are any issues.
>>>>
>>>>
>>>> I've built in my Fedora COPR repo [1] and I'm running Fedora CI [2] tests on it.
>>>>
>>>> So far there's one problem found by libselinux/selabel-function [3] test. It
>>>> looks like commit 814631d3aebaa changed the behavior of selabel_open() when
>>>> SELABEL_OPT_VALIDATE is null - a context should not be validated, but it is.
>>>
>>> So, is this a bug in the test or a bug in libselinux? As noted in that commit description,
>>> failing to verify contexts at all before use can lead to applying an invalid label (if the system is permissive).
>>
>> selabel_open(3) states that "an invalid context may not be treated as an
>> error unless it is actually encountered during a lookup operation ". So at
>> least, it's some disproportion between the code and the documentation.
>>
>> I read the commit message as that a context should be validated before it's
>> applied. But now it's validated during lookup.
>
> I guess it would be an API change given the way SELABEL_OPT_VALIDATE is documented in the man page,
> although that description doesn't quite match the current code either.
>
> I was thinking that {SELABEL_OPT_VALIDATE,1} was intended to mean "validate all contexts during selabel_open() and fail the open on any errors". Which is good for setfiles (particularly when invoked by libsemanage to check file_contexts against the policy) but was considered problematic for restorecon, as it meant that a single typo in file_contexts could prevent your system from booting (e.g. restorecon -R /dev or similar during boot may fail even if the error has nothing to do with /dev entries). I thought {SELABEL_OPT_VALIDATE,0} was intended to mean "don't validate during selabel_open(); instead, lazily validate just before returning from selabel_lookup()". That makes more sense to me.
>
> However, if it is an API change, I guess we have to revert it. In which case maybe we should just change restorecon itself
> to validate the context it gets from selabel_lookup (which might have been Yuli's original approach; I don't remember -
> I think I sent him down this path instead).
Iirc, my original patch did not do lazy validation, which is why we
went down this path. Is the right approach to change restorecon or to
update the API and maintain compatibility?
>
> On a separate but related note, I have seen situations where people really wanted setfiles to have an option to suppress validation for use when labeling in a chroot with a policy that differs from the host policy.
>
>>
>>
>>
>>> Are there real users of libselinux that rely on the current behavior or is there some use case where
>>> it is desirable?
>>
>> I don't know. I was thinking about setfiles but it always validate. There might be 3rd party users who
>> lookups for labels in chroot.
>>
>>
>>>>
>>>> The reproducer code:
>>>>
>>>> #include <errno.h>
>>>> #include <stdio.h>
>>>>
>>>> #include <selinux/selinux.h>
>>>> #include <selinux/label.h>
>>>>
>>>> int main() {
>>>> struct selabel_handle *hnd = NULL;
>>>> security_context_t selabel_context;
>>>>
>>>> struct selinux_opt selabel_option [] = {
>>>> { SELABEL_OPT_PATH, "my_contexts" },
>>>> { SELABEL_OPT_SUBSET, NULL },
>>>> { SELABEL_OPT_VALIDATE, (char *) 0 },
>>>> { SELABEL_OPT_BASEONLY, (char *) 0 }
>>>> };
>>>> int result = 0;
>>>>
>>>> if ((hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 4)) == NULL) {
>>>> return 1;
>>>> }
>>>>
>>>> if ((result = selabel_lookup_raw(hnd, &selabel_context, "/tmp/mypath", 0)) == -1) {
>>>> perror("selabel_lookup_raw - ERROR");
>>>> return 1;
>>>> }
>>>>
>>>> printf("%s\n", selabel_context);
>>>>
>>>> return 0;
>>>> }
>>>>
>>>> ---
>>>>
>>>> $ gcc -o selabel_reproducer selabel_reproducer.c -lselinux
>>>> $ echo '/tmp/mypath my_user_u:my_role_r:my_type_t:s' > my_contexts
>>>>
>>>> Before:
>>>>
>>>> $ ./selabel_reproducer
>>>> my_user_u:my_role_r:my_type_t:s
>>>>
>>>> After:
>>>>
>>>> $ ./selabel_reproducer
>>>> my_contexts: line 1 has invalid context my_user_u:my_role_r:my_type_t:s
>>>> selabel_lookup_raw - ERROR: Invalid argument
>>>>
>>>>
>>>>
>>>>
>>>> [1] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-fedora/packages/
>>>> [2] https://src.fedoraproject.org/tests/selinux/tree/master
>>>> [3] https://src.fedoraproject.org/tests/selinux/blob/master/f/libselinux/selabel-functions
>>>>
>>>>> If there are specific changes that you think should be called out in
>>>>> release notes for packagers and users in the final release announcement, let us know.
>>>>>
>>>>> Thanks to all the contributors to this release candidate!
>>>>>
>>>>> A shortlog of changes since the 2.7 release is below.
>>>>>
>>>>> Dan Cashman (1):
>>>>> libsepol: cil: Add ability to redeclare types[attributes]
>>>>>
>>>>> Dominick Grift (1):
>>>>> Describe multiple-decls in secilc.8.xml
>>>>>
>>>>> Grégoire Colbert (1):
>>>>> Fixed bad reference in roleattribute
>>>>>
>>>>> James Carter (4):
>>>>> libsepol/cil: Keep attributes used by generated attributes in neverallow rules
>>>>> libsepol/cil: Create new keep field for type attribute sets
>>>>> libsepol: Prevent freeing unitialized value in ibendport handling
>>>>> libsepol/cil: Improve processing of context rules
>>>>>
>>>>> Jan Zarsky (6):
>>>>> libsepol: reset pointer after free
>>>>> libsepol: fix memory leak in sepol_bool_query()
>>>>> libsepol: free ibendport device names
>>>>> libsemanage: free genhomedircon fallback user
>>>>> libsemanage: properly check return value of iterate function
>>>>> python/sepolgen: fix typo in PolicyGenerator
>>>>>
>>>>> Lee Stubbs (1):
>>>>> Minor update for bash completion. Bash completion for ports is missing '-' for type. Based on documentation, it should be --type, not -type.
>>>>>
>>>>> Lukas Vrabec (1):
>>>>> python/sepolicy: Fix sepolicy manpage.
>>>>>
>>>>> Marcus Folkesson (15):
>>>>> libsepol: build: follow standard semantics for DESTDIR and PREFIX
>>>>> libselinux: build: follow standard semantics for DESTDIR and PREFIX
>>>>> libsemanage: build: follow standard semantics for DESTDIR and PREFIX
>>>>> checkpolicy: build: follow standard semantics for DESTDIR and PREFIX
>>>>> gui: build: follow standard semantics for DESTDIR and PREFIX
>>>>> mcstrans: build: follow standard semantics for DESTDIR and PREFIX
>>>>> policycoreutils: build: follow standard semantics for DESTDIR and PREFIX
>>>>> python: build: follow standard semantics for DESTDIR and PREFIX
>>>>> python: build: move modules from platform-specific to platform-shared
>>>>> restorecond: build: follow standard semantics for DESTDIR and PREFIX
>>>>> sandbox: build: follow standard semantics for DESTDIR and PREFIX
>>>>> secilc: build: follow standard semantics for DESTDIR and PREFIX
>>>>> semodule-utils: build: follow standard semantics for DESTDIR and PREFIX
>>>>> dbus: build: follow standard semantics for DESTDIR and PREFIX
>>>>> build: setup buildpaths if DESTDIR is specified
>>>>>
>>>>> Nicolas Iooss (36):
>>>>> Travis-CI: use sugulite environment
>>>>> Travis-CI: do not test gold linkers with clang
>>>>> sepolicy: fix Python3 syntax in manpage
>>>>> sepolicy: do not fail when file_contexts.local does not exist
>>>>> sepolicy: fix misspelling of _ra_content_t suffix
>>>>> sepolicy: support non-MLS policy in manpage
>>>>> sepolicy: support non-MCS policy in manpage
>>>>> sepolicy: remove stray space in section "SEE ALSO"
>>>>> libsepol: use IN6ADDR_ANY_INIT to initialize IPv6 addresses
>>>>> libsepol/cil: __cil_post_db_neverallow_attr_helper() does not use extra_args
>>>>> libsepol/cil: fix -Wwrite-strings warning
>>>>> libsepol/cil: drop wrong unused attribute
>>>>> restorecond: check write() and daemon() results
>>>>> Makefile: define a default value for CFLAGS
>>>>> sepolicy: do not fail when file_contexts.local or .subs do not exist
>>>>> gui: port to Python 3 by migrating to PyGI
>>>>> Travis-CI: fix configuration after September's update
>>>>> sepolicy: ignore comments and empty lines in file_contexts.subs_dist
>>>>> sepolicy: support non-MLS policy in gui
>>>>> gui: remove the status bar
>>>>> gui: fix parsing of "semodule -lfull" in tab Modules
>>>>> gui: delete overridden definition of usersPage.delete()
>>>>> gui: remove mappingsPage
>>>>> Travis-CI: try working around network issues by retrying downloads
>>>>> Travis-CI: do not duplicate $DESTDIR in $PYSITEDIR
>>>>> python/sepolicy: Fix translated strings with parameters
>>>>> python/sepolicy: Support non-MLS policy
>>>>> python/sepolicy: Initialize policy.ports as a dict in generate.py
>>>>> libsepol: cil: show an error when cil_expr_to_string() fails
>>>>> libsemanage: silence clang static analyzer report
>>>>> libselinux,libsemanage: Replace PYSITEDIR with PYTHONLIBDIR
>>>>> libsepol: do not dereference NULL if stack_init fails
>>>>> libsepol: ensure the level context is not empty
>>>>> libselinux: label_file: fix memory management in store_stem()
>>>>> libselinux: fix memory leak in getconlist
>>>>> libselinux: remove unused variable usercon
>>>>>
>>>>> Petr Lautrbach (12):
>>>>> libselinux: Add support for pcre2 to pkgconfig definition
>>>>> python/semanage: drop *_ini functions
>>>>> python/semanage: Don't use global setup variable
>>>>> python/semanage: Enforce noreload only if it's requested by -N option
>>>>> libsemanage: Use umask(0077) for fopen() write operations
>>>>> python/semanage: make seobject.py backward compatible
>>>>> python/semanage: bring semanageRecords.set_reload back
>>>>> gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
>>>>> gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
>>>>> python/sepolicy: Use list instead of map
>>>>> python/sepolicy: Do not use types.BooleanType
>>>>> gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
>>>>>
>>>>> Richard Haines (3):
>>>>> libselinux: Correct manpages regarding removable_context
>>>>> libsemanage: Return commit number if save-previous false
>>>>> libsemanage: Allow tmp files to be kept if a compile fails
>>>>>
>>>>> Richard Haines via Selinux (1):
>>>>> selinux: Add support for the SCTP portcon keyword
>>>>>
>>>>> Stephen Smalley (4):
>>>>> checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
>>>>> semodule-utils: remove semodule_deps
>>>>> libsepol: Export sepol_polcap_getnum/name functions
>>>>> Update VERSION files to 2.8-rc1
>>>>>
>>>>> Tri Vo (1):
>>>>> Resolve conflicts in expandattribute.
>>>>>
>>>>> Vit Mojzis (18):
>>>>> libsemanage: Keep copy of file_contexts.homedirs in policy store
>>>>> libsemanage: Add support for listing fcontext.homedirs file
>>>>> python/semanage: Enable listing file_contexts.homedirs
>>>>> python/semanage: Fix export of ibendport entries
>>>>> python/semanage: Update Infiniband code to work on python3
>>>>> python/semanage: Remove redundant and broken moduleRecords.modify()
>>>>> semodule-utils/semodule_package: fix semodule_unpackage man page
>>>>> libsemanage: Improve warning for installing disabled module
>>>>> gui/semanagePage: Close "edit" and "add" dialogues when successfull
>>>>> gui/fcontextPage: Set default object class in addDialog
>>>>> libsemanage: remove access() check to make setuid programs work
>>>>> libsemanage: remove access() check to make setuid programs work
>>>>> libsemanage: replace access() checks to make setuid programs work
>>>>> libsemanage/direct_api.c: Fix iterating over array
>>>>> policycoreutils/semodule: Improve man page and unify it with --help
>>>>> policycoreutils/semodule: Allow enabling/disabling multiple modules at once
>>>>> python/sepolgen: Try to translate SELinux contexts to raw
>>>>> libsemanage: do not change file mode of seusers and users_extra
>>>>>
>>>>> Yuli Khodorkovskiy (3):
>>>>> secilc: Fix documentation build for OS X systems
>>>>> libselinux: verify file_contexts when using restorecon
>>>>> libselinux: echo line number of bad label in selabel_fini()
>>>>>
>>>>>
>>>
>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc1 release candidate
2018-04-25 14:11 ` Yuli Khodorkovskiy
@ 2018-04-25 14:32 ` Stephen Smalley
0 siblings, 0 replies; 25+ messages in thread
From: Stephen Smalley @ 2018-04-25 14:32 UTC (permalink / raw)
To: Yuli Khodorkovskiy; +Cc: Petr Lautrbach, SELinux
On 04/25/2018 10:11 AM, Yuli Khodorkovskiy wrote:
> On Fri, Apr 20, 2018 at 10:09 AM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On 04/20/2018 09:31 AM, Petr Lautrbach wrote:
>>> On Fri, Apr 20, 2018 at 08:49:41AM -0400, Stephen Smalley wrote:
>>>> On 04/20/2018 08:31 AM, Petr Lautrbach wrote:
>>>>> On Thu, Apr 19, 2018 at 11:07:39AM -0400, Stephen Smalley wrote:
>>>>>> A 2.8-rc1 release candidate for the SELinux userspace is now available at:
>>>>>> https://github.com/SELinuxProject/selinux/wiki/Releases
>>>>>>
>>>>>> Please give it a test and let us know if there are any issues.
>>>>>
>>>>>
>>>>> I've built in my Fedora COPR repo [1] and I'm running Fedora CI [2] tests on it.
>>>>>
>>>>> So far there's one problem found by libselinux/selabel-function [3] test. It
>>>>> looks like commit 814631d3aebaa changed the behavior of selabel_open() when
>>>>> SELABEL_OPT_VALIDATE is null - a context should not be validated, but it is.
>>>>
>>>> So, is this a bug in the test or a bug in libselinux? As noted in that commit description,
>>>> failing to verify contexts at all before use can lead to applying an invalid label (if the system is permissive).
>>>
>>> selabel_open(3) states that "an invalid context may not be treated as an
>>> error unless it is actually encountered during a lookup operation ". So at
>>> least, it's some disproportion between the code and the documentation.
>>>
>>> I read the commit message as that a context should be validated before it's
>>> applied. But now it's validated during lookup.
>>
>> I guess it would be an API change given the way SELABEL_OPT_VALIDATE is documented in the man page,
>> although that description doesn't quite match the current code either.
>>
>> I was thinking that {SELABEL_OPT_VALIDATE,1} was intended to mean "validate all contexts during selabel_open() and fail the open on any errors". Which is good for setfiles (particularly when invoked by libsemanage to check file_contexts against the policy) but was considered problematic for restorecon, as it meant that a single typo in file_contexts could prevent your system from booting (e.g. restorecon -R /dev or similar during boot may fail even if the error has nothing to do with /dev entries). I thought {SELABEL_OPT_VALIDATE,0} was intended to mean "don't validate during selabel_open(); instead, lazily validate just before returning from selabel_lookup()". That makes more sense to me.
>>
>> However, if it is an API change, I guess we have to revert it. In which case maybe we should just change restorecon itself
>> to validate the context it gets from selabel_lookup (which might have been Yuli's original approach; I don't remember -
>> I think I sent him down this path instead).
>
> Iirc, my original patch did not do lazy validation, which is why we
> went down this path. Is the right approach to change restorecon or to
> update the API and maintain compatibility?
I reverted the change because technically it breaks the documented semantics of SELABEL_OPT_VALIDATE and thus could
break existing external users, particularly ones that do not specify SELABEL_OPT_VALIDATE at all or specify it as 0. Use case example is for labeling filesystem images where the file contexts aren't defined in the host policy.
If we want to address the problem with restorecon potentially setting an invalid context when run in permissive mode,
then we would likely need to introduce yet another SELABEL_OPT_* value, e.g. SELABEL_OPT_VALIDATE_LAZILY, and have restorecon explicitly specify that as part of its selabel_open() call, in order to cause the lazy validation to occur
before returning from selabel_lookup(). This would avoid any compatibility breakage with existing callers of selabel_open(). restorecon (and setfiles) would still need an option to disable such validation for use cases where it isn't desirable.
^ permalink raw reply [flat|nested] 25+ messages in thread
* ANN: SELinux userspace 2.8-rc2 release candidate
2018-04-19 15:07 ANN: SELinux userspace 2.8-rc1 release candidate Stephen Smalley
2018-04-20 12:31 ` Petr Lautrbach
2018-04-23 20:00 ` Nicolas Iooss
@ 2018-04-26 17:35 ` Stephen Smalley
2018-05-03 14:52 ` Last call for selinux userspace 2.8 release Stephen Smalley
2018-05-10 15:20 ` ANN: SELinux userspace 2.8-rc3 release candidate Stephen Smalley
2 siblings, 2 replies; 25+ messages in thread
From: Stephen Smalley @ 2018-04-26 17:35 UTC (permalink / raw)
To: SELinux
A 2.8-rc2 release candidate for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
A draft of the release notes is now available from the Releases page,
as is the full git log output and git shortlog output since the 2.7
release. If there are further items we should mention or if something
should be amended in the release notes, let us know.
Thanks to all the contributors to this release candidate!
A shortlog of changes since the 2.8-rc1 release candidate is below.
Nicolas Iooss (3):
sestatus: resolve symlinks in path when looking for a process
sestatus: free process and file contexts which are checked
libsemanage: always check append_arg return value
Stephen Smalley (2):
Revert "libselinux: verify file_contexts when using restorecon"
Update VERSION files to 2.8-rc2.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Last call for selinux userspace 2.8 release
2018-04-26 17:35 ` ANN: SELinux userspace 2.8-rc2 " Stephen Smalley
@ 2018-05-03 14:52 ` Stephen Smalley
2018-05-04 7:55 ` Jason Zaman
2018-05-04 12:19 ` Dominick Grift
2018-05-10 15:20 ` ANN: SELinux userspace 2.8-rc3 release candidate Stephen Smalley
1 sibling, 2 replies; 25+ messages in thread
From: Stephen Smalley @ 2018-05-03 14:52 UTC (permalink / raw)
To: SELinux
Hi,
If you have encountered any unreported problems with the 2.8-rcX releases or have any
pending patches you believe should be included in the 2.8 release, please post them soon.
Also, let us know of any additions or changes that should be made to the release notes;
the current draft is as follows.
User-visible changes:
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* semodule can now enable or disable multiple modules in the same
operation by specifying a list of modules after -e or -d, making them
consistent with the -i/u/r/E options.
* CIL now supports multiple declarations of types, attributes, and
(non-conflicting) object contexts (e.g. genfscon), enabled via the -m
or --multiple-decls option to secilc.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* Support was added for SCTP portcon statements. The corresponding
kernel support was introduced in Linux 4.17, and is only active if the
extended_socket_class policy capability is enabled in the policy.
* sepol_polcap_getnum/name() were exported as part of the shared libsepol
interface, initially for use by setools4.
* semodule_deps was removed since it has long been broken and is not useful
for CIL modules.
Packaging-relevant changes:
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
no longer mandatory (thanks to the switch to "-l:libsepol.a" in
Makefiles).
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
* selinux-gui (i.e. system-config-selinux GUI application) is now
compatible with Python 3. Doing this required migrating away from
PyGTK to the supported PyGI library. This means that selinux-gui now
depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
requires PyGtk or Python 2.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-03 14:52 ` Last call for selinux userspace 2.8 release Stephen Smalley
@ 2018-05-04 7:55 ` Jason Zaman
2018-05-04 13:08 ` Stephen Smalley
2018-05-04 12:19 ` Dominick Grift
1 sibling, 1 reply; 25+ messages in thread
From: Jason Zaman @ 2018-05-04 7:55 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> Hi,
>
> If you have encountered any unreported problems with the 2.8-rcX releases or have any
> pending patches you believe should be included in the 2.8 release, please post them soon.
the rc2 release has been fine for me for several days now. And I havent
heard any issues from any gentoo users either so we're probably good to
go. -rc1 failed to boot properly for me because some important things in
/run or /dev didnt get labeled but that was fixed in rc2.
> Also, let us know of any additions or changes that should be made to the release notes;
> the current draft is as follows.
>
> User-visible changes:
>
> * semanage fcontext -l now also lists home directory entries from
> file_contexts.homedirs.
>
> * semodule can now enable or disable multiple modules in the same
> operation by specifying a list of modules after -e or -d, making them
> consistent with the -i/u/r/E options.
>
> * CIL now supports multiple declarations of types, attributes, and
> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
> or --multiple-decls option to secilc.
>
> * libsemanage no longer deletes the tmp directory if there is an error
> while committing the policy transaction, so that any temporary files
> can be further inspected for debugging purposes (e.g. to examine a
> particular line of the generated CIL module). The tmp directory will
> be deleted upon the next transaction, so no manual removal is needed.
>
> * Support was added for SCTP portcon statements. The corresponding
> kernel support was introduced in Linux 4.17, and is only active if the
> extended_socket_class policy capability is enabled in the policy.
Perhaps also note that the sctp stuff is in refpolicy and this 2.8
release is required to compile it.
I tried doing a release of the gentoo policy (we merge from HEAD fairly
frequently not only the big releases) and it fails to compile. I will
add the sctp stuff back into gentoo's policy later then make the
policies require >=2.8.
-- Jason
> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
> interface, initially for use by setools4.
>
> * semodule_deps was removed since it has long been broken and is not useful
> for CIL modules.
>
> Packaging-relevant changes:
>
> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
> DESTDIR has to be removed from the definition. For example on Arch
> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
>
> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
> Makefiles).
>
> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
>
> * selinux-gui (i.e. system-config-selinux GUI application) is now
> compatible with Python 3. Doing this required migrating away from
> PyGTK to the supported PyGI library. This means that selinux-gui now
> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
> requires PyGtk or Python 2.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-03 14:52 ` Last call for selinux userspace 2.8 release Stephen Smalley
2018-05-04 7:55 ` Jason Zaman
@ 2018-05-04 12:19 ` Dominick Grift
2018-05-04 13:09 ` Stephen Smalley
1 sibling, 1 reply; 25+ messages in thread
From: Dominick Grift @ 2018-05-04 12:19 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 2858 bytes --]
On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> Hi,
>
> If you have encountered any unreported problems with the 2.8-rcX releases or have any
> pending patches you believe should be included in the 2.8 release, please post them soon.
> Also, let us know of any additions or changes that should be made to the release notes;
> the current draft is as follows.
>
> User-visible changes:
One might see processes "validate_context" where they didnt before
Generally processes that use lgetfilecon/lsetfilecon i suspect (like lvm, various systemd components etc)
>
> * semanage fcontext -l now also lists home directory entries from
> file_contexts.homedirs.
>
> * semodule can now enable or disable multiple modules in the same
> operation by specifying a list of modules after -e or -d, making them
> consistent with the -i/u/r/E options.
>
> * CIL now supports multiple declarations of types, attributes, and
> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
> or --multiple-decls option to secilc.
>
> * libsemanage no longer deletes the tmp directory if there is an error
> while committing the policy transaction, so that any temporary files
> can be further inspected for debugging purposes (e.g. to examine a
> particular line of the generated CIL module). The tmp directory will
> be deleted upon the next transaction, so no manual removal is needed.
>
> * Support was added for SCTP portcon statements. The corresponding
> kernel support was introduced in Linux 4.17, and is only active if the
> extended_socket_class policy capability is enabled in the policy.
>
> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
> interface, initially for use by setools4.
>
> * semodule_deps was removed since it has long been broken and is not useful
> for CIL modules.
>
> Packaging-relevant changes:
>
> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
> DESTDIR has to be removed from the definition. For example on Arch
> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
>
> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
> Makefiles).
>
> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
>
> * selinux-gui (i.e. system-config-selinux GUI application) is now
> compatible with Python 3. Doing this required migrating away from
> PyGTK to the supported PyGI library. This means that selinux-gui now
> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
> requires PyGtk or Python 2.
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 7:55 ` Jason Zaman
@ 2018-05-04 13:08 ` Stephen Smalley
2018-05-04 13:26 ` Dominick Grift
0 siblings, 1 reply; 25+ messages in thread
From: Stephen Smalley @ 2018-05-04 13:08 UTC (permalink / raw)
To: Jason Zaman; +Cc: SELinux
On 05/04/2018 03:55 AM, Jason Zaman wrote:
> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
>> Hi,
>>
>> If you have encountered any unreported problems with the 2.8-rcX releases or have any
>> pending patches you believe should be included in the 2.8 release, please post them soon.
>
> the rc2 release has been fine for me for several days now. And I havent
> heard any issues from any gentoo users either so we're probably good to
> go. -rc1 failed to boot properly for me because some important things in
> /run or /dev didnt get labeled but that was fixed in rc2.
Hmm...I'd like to understand that better. The change was verifying file_contexts when using restorecon,
which was reverted in -rc2. But the fact that it prevented labeling files in -rc1 means that either
you have a bug in your file_contexts configuration or there is some other bug there.
>
>> Also, let us know of any additions or changes that should be made to the release notes;
>> the current draft is as follows.
>>
>> User-visible changes:
>>
>> * semanage fcontext -l now also lists home directory entries from
>> file_contexts.homedirs.
>>
>> * semodule can now enable or disable multiple modules in the same
>> operation by specifying a list of modules after -e or -d, making them
>> consistent with the -i/u/r/E options.
>>
>> * CIL now supports multiple declarations of types, attributes, and
>> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
>> or --multiple-decls option to secilc.
>>
>> * libsemanage no longer deletes the tmp directory if there is an error
>> while committing the policy transaction, so that any temporary files
>> can be further inspected for debugging purposes (e.g. to examine a
>> particular line of the generated CIL module). The tmp directory will
>> be deleted upon the next transaction, so no manual removal is needed.
>>
>> * Support was added for SCTP portcon statements. The corresponding
>> kernel support was introduced in Linux 4.17, and is only active if the
>> extended_socket_class policy capability is enabled in the policy.
>
> Perhaps also note that the sctp stuff is in refpolicy and this 2.8
> release is required to compile it.
>
> I tried doing a release of the gentoo policy (we merge from HEAD fairly
> frequently not only the big releases) and it fails to compile. I will
> add the sctp stuff back into gentoo's policy later then make the
> policies require >=2.8.
>
> -- Jason
>
>> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
>> interface, initially for use by setools4.
>>
>> * semodule_deps was removed since it has long been broken and is not useful
>> for CIL modules.
>>
>> Packaging-relevant changes:
>>
>> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
>> DESTDIR has to be removed from the definition. For example on Arch
>> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
>>
>> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
>> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
>> Makefiles).
>>
>> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
>>
>> * selinux-gui (i.e. system-config-selinux GUI application) is now
>> compatible with Python 3. Doing this required migrating away from
>> PyGTK to the supported PyGI library. This means that selinux-gui now
>> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
>> requires PyGtk or Python 2.
>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 12:19 ` Dominick Grift
@ 2018-05-04 13:09 ` Stephen Smalley
2018-05-04 13:16 ` Dominick Grift
0 siblings, 1 reply; 25+ messages in thread
From: Stephen Smalley @ 2018-05-04 13:09 UTC (permalink / raw)
To: selinux
On 05/04/2018 08:19 AM, Dominick Grift wrote:
> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
>> Hi,
>>
>> If you have encountered any unreported problems with the 2.8-rcX releases or have any
>> pending patches you believe should be included in the 2.8 release, please post them soon.
>> Also, let us know of any additions or changes that should be made to the release notes;
>> the current draft is as follows.
>>
>> User-visible changes:
>
> One might see processes "validate_context" where they didnt before
>
> Generally processes that use lgetfilecon/lsetfilecon i suspect (like lvm, various systemd components etc)
That should no longer be true as of -rc2 since I reverted the libselinux: verify file_contexts when using restorecon change.
>
>>
>> * semanage fcontext -l now also lists home directory entries from
>> file_contexts.homedirs.
>>
>> * semodule can now enable or disable multiple modules in the same
>> operation by specifying a list of modules after -e or -d, making them
>> consistent with the -i/u/r/E options.
>>
>> * CIL now supports multiple declarations of types, attributes, and
>> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
>> or --multiple-decls option to secilc.
>>
>> * libsemanage no longer deletes the tmp directory if there is an error
>> while committing the policy transaction, so that any temporary files
>> can be further inspected for debugging purposes (e.g. to examine a
>> particular line of the generated CIL module). The tmp directory will
>> be deleted upon the next transaction, so no manual removal is needed.
>>
>> * Support was added for SCTP portcon statements. The corresponding
>> kernel support was introduced in Linux 4.17, and is only active if the
>> extended_socket_class policy capability is enabled in the policy.
>>
>> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
>> interface, initially for use by setools4.
>>
>> * semodule_deps was removed since it has long been broken and is not useful
>> for CIL modules.
>>
>> Packaging-relevant changes:
>>
>> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
>> DESTDIR has to be removed from the definition. For example on Arch
>> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
>>
>> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
>> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
>> Makefiles).
>>
>> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
>>
>> * selinux-gui (i.e. system-config-selinux GUI application) is now
>> compatible with Python 3. Doing this required migrating away from
>> PyGTK to the supported PyGI library. This means that selinux-gui now
>> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
>> requires PyGtk or Python 2.
>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 13:09 ` Stephen Smalley
@ 2018-05-04 13:16 ` Dominick Grift
2018-05-04 14:30 ` Petr Lautrbach
0 siblings, 1 reply; 25+ messages in thread
From: Dominick Grift @ 2018-05-04 13:16 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 3332 bytes --]
On Fri, May 04, 2018 at 09:09:20AM -0400, Stephen Smalley wrote:
> On 05/04/2018 08:19 AM, Dominick Grift wrote:
> > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> >> Hi,
> >>
> >> If you have encountered any unreported problems with the 2.8-rcX releases or have any
> >> pending patches you believe should be included in the 2.8 release, please post them soon.
> >> Also, let us know of any additions or changes that should be made to the release notes;
> >> the current draft is as follows.
> >>
> >> User-visible changes:
> >
> > One might see processes "validate_context" where they didnt before
> >
> > Generally processes that use lgetfilecon/lsetfilecon i suspect (like lvm, various systemd components etc)
>
> That should no longer be true as of -rc2 since I reverted the libselinux: verify file_contexts when using restorecon change.
Oh thanks, yes fedora is still on RC1.
>
> >
> >>
> >> * semanage fcontext -l now also lists home directory entries from
> >> file_contexts.homedirs.
> >>
> >> * semodule can now enable or disable multiple modules in the same
> >> operation by specifying a list of modules after -e or -d, making them
> >> consistent with the -i/u/r/E options.
> >>
> >> * CIL now supports multiple declarations of types, attributes, and
> >> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
> >> or --multiple-decls option to secilc.
> >>
> >> * libsemanage no longer deletes the tmp directory if there is an error
> >> while committing the policy transaction, so that any temporary files
> >> can be further inspected for debugging purposes (e.g. to examine a
> >> particular line of the generated CIL module). The tmp directory will
> >> be deleted upon the next transaction, so no manual removal is needed.
> >>
> >> * Support was added for SCTP portcon statements. The corresponding
> >> kernel support was introduced in Linux 4.17, and is only active if the
> >> extended_socket_class policy capability is enabled in the policy.
> >>
> >> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
> >> interface, initially for use by setools4.
> >>
> >> * semodule_deps was removed since it has long been broken and is not useful
> >> for CIL modules.
> >>
> >> Packaging-relevant changes:
> >>
> >> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
> >> DESTDIR has to be removed from the definition. For example on Arch
> >> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
> >>
> >> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
> >> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
> >> Makefiles).
> >>
> >> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
> >>
> >> * selinux-gui (i.e. system-config-selinux GUI application) is now
> >> compatible with Python 3. Doing this required migrating away from
> >> PyGTK to the supported PyGI library. This means that selinux-gui now
> >> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
> >> requires PyGtk or Python 2.
> >
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 13:08 ` Stephen Smalley
@ 2018-05-04 13:26 ` Dominick Grift
2018-05-04 13:36 ` Stephen Smalley
0 siblings, 1 reply; 25+ messages in thread
From: Dominick Grift @ 2018-05-04 13:26 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 5444 bytes --]
On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote:
> On 05/04/2018 03:55 AM, Jason Zaman wrote:
> > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> >> Hi,
> >>
> >> If you have encountered any unreported problems with the 2.8-rcX releases or have any
> >> pending patches you believe should be included in the 2.8 release, please post them soon.
> >
> > the rc2 release has been fine for me for several days now. And I havent
> > heard any issues from any gentoo users either so we're probably good to
> > go. -rc1 failed to boot properly for me because some important things in
> > /run or /dev didnt get labeled but that was fixed in rc2.
>
> Hmm...I'd like to understand that better. The change was verifying file_contexts when using restorecon,
> which was reverted in -rc2. But the fact that it prevented labeling files in -rc1 means that either
> you have a bug in your file_contexts configuration or there is some other bug there.
If it cannot validate_context then it will be unhappy:
[root@julius ~]# dnf history info last
Transaction ID : 364
Begin time : Fri 04 May 2018 01:12:36 PM CEST
Begin rpmdb : 1404:e739a03c49fec80ed41a1ea4c599d8f877b01d76
End time : Fri 04 May 2018 01:14:01 PM CEST (85 seconds)
End rpmdb : 1404:27bd40dce7edbf226ffad80f482cd75231f1b6ab **
User : kcinimod <kcinimod>
Return-Code : Success
Command Line : update --exclude efi-filesystem
Transaction performed with:
Installed dnf-2.7.5-12.fc29.noarch @rawhide
Installed rpm-4.14.1-8.fc28.x86_64 @tmp-rawhide
Packages Altered:
Upgraded cockpit-166-1.fc29.x86_64 @rawhide
... snip ...
Scriptlet output:
1 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
2 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
3 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
4 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
5 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
>
> >
> >> Also, let us know of any additions or changes that should be made to the release notes;
> >> the current draft is as follows.
> >>
> >> User-visible changes:
> >>
> >> * semanage fcontext -l now also lists home directory entries from
> >> file_contexts.homedirs.
> >>
> >> * semodule can now enable or disable multiple modules in the same
> >> operation by specifying a list of modules after -e or -d, making them
> >> consistent with the -i/u/r/E options.
> >>
> >> * CIL now supports multiple declarations of types, attributes, and
> >> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
> >> or --multiple-decls option to secilc.
> >>
> >> * libsemanage no longer deletes the tmp directory if there is an error
> >> while committing the policy transaction, so that any temporary files
> >> can be further inspected for debugging purposes (e.g. to examine a
> >> particular line of the generated CIL module). The tmp directory will
> >> be deleted upon the next transaction, so no manual removal is needed.
> >>
> >> * Support was added for SCTP portcon statements. The corresponding
> >> kernel support was introduced in Linux 4.17, and is only active if the
> >> extended_socket_class policy capability is enabled in the policy.
> >
> > Perhaps also note that the sctp stuff is in refpolicy and this 2.8
> > release is required to compile it.
> >
> > I tried doing a release of the gentoo policy (we merge from HEAD fairly
> > frequently not only the big releases) and it fails to compile. I will
> > add the sctp stuff back into gentoo's policy later then make the
> > policies require >=2.8.
> >
> > -- Jason
> >
> >> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
> >> interface, initially for use by setools4.
> >>
> >> * semodule_deps was removed since it has long been broken and is not useful
> >> for CIL modules.
> >>
> >> Packaging-relevant changes:
> >>
> >> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
> >> DESTDIR has to be removed from the definition. For example on Arch
> >> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
> >>
> >> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
> >> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
> >> Makefiles).
> >>
> >> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
> >>
> >> * selinux-gui (i.e. system-config-selinux GUI application) is now
> >> compatible with Python 3. Doing this required migrating away from
> >> PyGTK to the supported PyGI library. This means that selinux-gui now
> >> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
> >> requires PyGtk or Python 2.
> >
>
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 13:26 ` Dominick Grift
@ 2018-05-04 13:36 ` Stephen Smalley
2018-05-04 14:26 ` Jason Zaman
2018-05-04 14:43 ` Dominick Grift
0 siblings, 2 replies; 25+ messages in thread
From: Stephen Smalley @ 2018-05-04 13:36 UTC (permalink / raw)
To: selinux
On 05/04/2018 09:26 AM, Dominick Grift wrote:
> On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote:
>> On 05/04/2018 03:55 AM, Jason Zaman wrote:
>>> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
>>>> Hi,
>>>>
>>>> If you have encountered any unreported problems with the 2.8-rcX releases or have any
>>>> pending patches you believe should be included in the 2.8 release, please post them soon.
>>>
>>> the rc2 release has been fine for me for several days now. And I havent
>>> heard any issues from any gentoo users either so we're probably good to
>>> go. -rc1 failed to boot properly for me because some important things in
>>> /run or /dev didnt get labeled but that was fixed in rc2.
>>
>> Hmm...I'd like to understand that better. The change was verifying file_contexts when using restorecon,
>> which was reverted in -rc2. But the fact that it prevented labeling files in -rc1 means that either
>> you have a bug in your file_contexts configuration or there is some other bug there.
>
> If it cannot validate_context then it will be unhappy:
>
> [root@julius ~]# dnf history info last
> Transaction ID : 364
> Begin time : Fri 04 May 2018 01:12:36 PM CEST
> Begin rpmdb : 1404:e739a03c49fec80ed41a1ea4c599d8f877b01d76
> End time : Fri 04 May 2018 01:14:01 PM CEST (85 seconds)
> End rpmdb : 1404:27bd40dce7edbf226ffad80f482cd75231f1b6ab **
> User : kcinimod <kcinimod>
> Return-Code : Success
> Command Line : update --exclude efi-filesystem
> Transaction performed with:
> Installed dnf-2.7.5-12.fc29.noarch @rawhide
> Installed rpm-4.14.1-8.fc28.x86_64 @tmp-rawhide
> Packages Altered:
> Upgraded cockpit-166-1.fc29.x86_64 @rawhide
> ... snip ...
> Scriptlet output:
> 1 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> 2 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> 3 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> 4 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> 5 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
So, just to be clear: these contexts are in fact valid but the lack of permission to use the /sys/fs/selinux/context interface (for security_check_context) causes it to think the context is invalid and therefore fails? If so, then
that makes sense and would be another reason for reverting that change. In any case, -rc2 should have the fix.
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 13:36 ` Stephen Smalley
@ 2018-05-04 14:26 ` Jason Zaman
2018-05-04 14:43 ` Dominick Grift
1 sibling, 0 replies; 25+ messages in thread
From: Jason Zaman @ 2018-05-04 14:26 UTC (permalink / raw)
To: Stephen Smalley; +Cc: selinux
On Fri, May 04, 2018 at 09:36:12AM -0400, Stephen Smalley wrote:
> On 05/04/2018 09:26 AM, Dominick Grift wrote:
> > On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote:
> >> On 05/04/2018 03:55 AM, Jason Zaman wrote:
> >>> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> >>>> Hi,
> >>>>
> >>>> If you have encountered any unreported problems with the 2.8-rcX releases or have any
> >>>> pending patches you believe should be included in the 2.8 release, please post them soon.
> >>>
> >>> the rc2 release has been fine for me for several days now. And I havent
> >>> heard any issues from any gentoo users either so we're probably good to
> >>> go. -rc1 failed to boot properly for me because some important things in
> >>> /run or /dev didnt get labeled but that was fixed in rc2.
> >>
> >> Hmm...I'd like to understand that better. The change was verifying file_contexts when using restorecon,
> >> which was reverted in -rc2. But the fact that it prevented labeling files in -rc1 means that either
> >> you have a bug in your file_contexts configuration or there is some other bug there.
> >
> > If it cannot validate_context then it will be unhappy:
> >
> > [root@julius ~]# dnf history info last
> > Transaction ID : 364
> > Begin time : Fri 04 May 2018 01:12:36 PM CEST
> > Begin rpmdb : 1404:e739a03c49fec80ed41a1ea4c599d8f877b01d76
> > End time : Fri 04 May 2018 01:14:01 PM CEST (85 seconds)
> > End rpmdb : 1404:27bd40dce7edbf226ffad80f482cd75231f1b6ab **
> > User : kcinimod <kcinimod>
> > Return-Code : Success
> > Command Line : update --exclude efi-filesystem
> > Transaction performed with:
> > Installed dnf-2.7.5-12.fc29.noarch @rawhide
> > Installed rpm-4.14.1-8.fc28.x86_64 @tmp-rawhide
> > Packages Altered:
> > Upgraded cockpit-166-1.fc29.x86_64 @rawhide
> > ... snip ...
> > Scriptlet output:
> > 1 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 2 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 3 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 4 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 5 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
>
> So, just to be clear: these contexts are in fact valid but the lack of permission to use the /sys/fs/selinux/context interface (for security_check_context) causes it to think the context is invalid and therefore fails? If so, then
> that makes sense and would be another reason for reverting that change. In any case, -rc2 should have the fix.
Yeah im pretty sure this is what happened. The issues off the top of my
head were some relabelling very early on in boot of /dev/ and /run so
those ended up with completely wrong contexts so nothing afterwards
worked either. There wasnt much output cuz /dev/console was mislabelled.
Dbus and Udev stuff in /run was wrong too so X kind of started but I had
no keyboard or mouse and everything using dbus died too.
It apeared to mostly work if i booted in permissive and then force
relabelled a bunch of stuff then switched to enforcing. I only bumped to
-rc1 a day before -rc2 came out so I pretty much just updated again
immediately as soon as I saw the validation issues and everything was
fine again.
I could try out -rc1 in a VM again if you want to be certain but pretty
sure this is it.
-- Jason
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 13:16 ` Dominick Grift
@ 2018-05-04 14:30 ` Petr Lautrbach
0 siblings, 0 replies; 25+ messages in thread
From: Petr Lautrbach @ 2018-05-04 14:30 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 3887 bytes --]
On Fri, May 04, 2018 at 03:16:43PM +0200, Dominick Grift wrote:
> On Fri, May 04, 2018 at 09:09:20AM -0400, Stephen Smalley wrote:
> > On 05/04/2018 08:19 AM, Dominick Grift wrote:
> > > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> > >> Hi,
> > >>
> > >> If you have encountered any unreported problems with the 2.8-rcX releases or have any
> > >> pending patches you believe should be included in the 2.8 release, please post them soon.
> > >> Also, let us know of any additions or changes that should be made to the release notes;
> > >> the current draft is as follows.
> > >>
> > >> User-visible changes:
> > >
> > > One might see processes "validate_context" where they didnt before
> > >
> > > Generally processes that use lgetfilecon/lsetfilecon i suspect (like lvm, various systemd components etc)
> >
> > That should no longer be true as of -rc2 since I reverted the libselinux: verify file_contexts when using restorecon change.
>
> Oh thanks, yes fedora is still on RC1.
I've just built the following packages in Rawhide:
libselinux-2.8-0.rc2.1.fc29 - https://koji.fedoraproject.org/koji/taskinfo?taskID=26767629
libsemanage-2.8-0.rc2.1.fc29 - https://koji.fedoraproject.org/koji/taskinfo?taskID=26767782
policycoreutils-2.8-0.rc2.1.fc29 - https://koji.fedoraproject.org/koji/taskinfo?taskID=26767903
> >
> > >
> > >>
> > >> * semanage fcontext -l now also lists home directory entries from
> > >> file_contexts.homedirs.
> > >>
> > >> * semodule can now enable or disable multiple modules in the same
> > >> operation by specifying a list of modules after -e or -d, making them
> > >> consistent with the -i/u/r/E options.
> > >>
> > >> * CIL now supports multiple declarations of types, attributes, and
> > >> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
> > >> or --multiple-decls option to secilc.
> > >>
> > >> * libsemanage no longer deletes the tmp directory if there is an error
> > >> while committing the policy transaction, so that any temporary files
> > >> can be further inspected for debugging purposes (e.g. to examine a
> > >> particular line of the generated CIL module). The tmp directory will
> > >> be deleted upon the next transaction, so no manual removal is needed.
> > >>
> > >> * Support was added for SCTP portcon statements. The corresponding
> > >> kernel support was introduced in Linux 4.17, and is only active if the
> > >> extended_socket_class policy capability is enabled in the policy.
> > >>
> > >> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
> > >> interface, initially for use by setools4.
> > >>
> > >> * semodule_deps was removed since it has long been broken and is not useful
> > >> for CIL modules.
> > >>
> > >> Packaging-relevant changes:
> > >>
> > >> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
> > >> DESTDIR has to be removed from the definition. For example on Arch
> > >> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
> > >>
> > >> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
> > >> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
> > >> Makefiles).
> > >>
> > >> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
> > >>
> > >> * selinux-gui (i.e. system-config-selinux GUI application) is now
> > >> compatible with Python 3. Doing this required migrating away from
> > >> PyGTK to the supported PyGI library. This means that selinux-gui now
> > >> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
> > >> requires PyGtk or Python 2.
> > >
> >
>
> --
> Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
> https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
> Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: Last call for selinux userspace 2.8 release
2018-05-04 13:36 ` Stephen Smalley
2018-05-04 14:26 ` Jason Zaman
@ 2018-05-04 14:43 ` Dominick Grift
1 sibling, 0 replies; 25+ messages in thread
From: Dominick Grift @ 2018-05-04 14:43 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 3368 bytes --]
On Fri, May 04, 2018 at 09:36:12AM -0400, Stephen Smalley wrote:
> On 05/04/2018 09:26 AM, Dominick Grift wrote:
> > On Fri, May 04, 2018 at 09:08:36AM -0400, Stephen Smalley wrote:
> >> On 05/04/2018 03:55 AM, Jason Zaman wrote:
> >>> On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote:
> >>>> Hi,
> >>>>
> >>>> If you have encountered any unreported problems with the 2.8-rcX releases or have any
> >>>> pending patches you believe should be included in the 2.8 release, please post them soon.
> >>>
> >>> the rc2 release has been fine for me for several days now. And I havent
> >>> heard any issues from any gentoo users either so we're probably good to
> >>> go. -rc1 failed to boot properly for me because some important things in
> >>> /run or /dev didnt get labeled but that was fixed in rc2.
> >>
> >> Hmm...I'd like to understand that better. The change was verifying file_contexts when using restorecon,
> >> which was reverted in -rc2. But the fact that it prevented labeling files in -rc1 means that either
> >> you have a bug in your file_contexts configuration or there is some other bug there.
> >
> > If it cannot validate_context then it will be unhappy:
> >
> > [root@julius ~]# dnf history info last
> > Transaction ID : 364
> > Begin time : Fri 04 May 2018 01:12:36 PM CEST
> > Begin rpmdb : 1404:e739a03c49fec80ed41a1ea4c599d8f877b01d76
> > End time : Fri 04 May 2018 01:14:01 PM CEST (85 seconds)
> > End rpmdb : 1404:27bd40dce7edbf226ffad80f482cd75231f1b6ab **
> > User : kcinimod <kcinimod>
> > Return-Code : Success
> > Command Line : update --exclude efi-filesystem
> > Transaction performed with:
> > Installed dnf-2.7.5-12.fc29.noarch @rawhide
> > Installed rpm-4.14.1-8.fc28.x86_64 @tmp-rawhide
> > Packages Altered:
> > Upgraded cockpit-166-1.fc29.x86_64 @rawhide
> > ... snip ...
> > Scriptlet output:
> > 1 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 2 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 3 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 4 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
> > 5 restorecon: /etc/selinux/dssp2-standard/contexts/files/file_contexts: has invalid context sys.id:sys.role:files.generic_boot.boot_file:s0
>
> So, just to be clear: these contexts are in fact valid but the lack of permission to use the /sys/fs/selinux/context interface (for security_check_context) causes it to think the context is invalid and therefore fails? If so, then
> that makes sense and would be another reason for reverting that change. In any case, -rc2 should have the fix.
Yes contexts are valid but since validate_context was blocked this happened. By allowing validate_context this works fine
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 25+ messages in thread
* ANN: SELinux userspace 2.8-rc3 release candidate
2018-04-26 17:35 ` ANN: SELinux userspace 2.8-rc2 " Stephen Smalley
2018-05-03 14:52 ` Last call for selinux userspace 2.8 release Stephen Smalley
@ 2018-05-10 15:20 ` Stephen Smalley
2018-05-16 17:31 ` Jason Zaman
2018-05-24 19:21 ` ANN: SELinux userspace release 20180524 / 2.8 Stephen Smalley
1 sibling, 2 replies; 25+ messages in thread
From: Stephen Smalley @ 2018-05-10 15:20 UTC (permalink / raw)
To: SELinux
A 2.8-rc3 release candidate for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
A draft of the release notes is available from the Releases page, as
is the full git log output and git shortlog output since the 2.7
release. If there are further items we should mention or if something
should be amended in the release notes, let us know.
Thanks to all the contributors to this release candidate!
A shortlog of changes since the 2.8-rc2 release candidate is below.
Stephen Smalley (7):
libsepol: remove unused function and type
libselinux: fix build warning in save_booleans()
libselinux: avcstat: fix build warning
libselinux: audit2why: fix build warnings
libsemanage: prevent string overflow on final paths
libsepol: cil: prevent stack buffer overflow in cil_expr_to_string
Update VERSION files to 2.8-rc3
Vit Mojzis (1):
python/semanage/seobject.py: Fix undefined store check
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc3 release candidate
2018-05-10 15:20 ` ANN: SELinux userspace 2.8-rc3 release candidate Stephen Smalley
@ 2018-05-16 17:31 ` Jason Zaman
2018-05-23 17:16 ` Stephen Smalley
2018-05-24 19:21 ` ANN: SELinux userspace release 20180524 / 2.8 Stephen Smalley
1 sibling, 1 reply; 25+ messages in thread
From: Jason Zaman @ 2018-05-16 17:31 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
Just a quick note in case the release is soon.
I have a couple patches to make everything work on
Musl libc that im gonna clean them up and post in the morning.
On Thu, May 10, 2018 at 11:20:01AM -0400, Stephen Smalley wrote:
> A 2.8-rc3 release candidate for the SELinux userspace is now available at:
> https://github.com/SELinuxProject/selinux/wiki/Releases
>
> Please give it a test and let us know if there are any issues.
>
> A draft of the release notes is available from the Releases page, as
> is the full git log output and git shortlog output since the 2.7
> release. If there are further items we should mention or if something
> should be amended in the release notes, let us know.
>
> Thanks to all the contributors to this release candidate!
>
> A shortlog of changes since the 2.8-rc2 release candidate is below.
>
> Stephen Smalley (7):
> libsepol: remove unused function and type
> libselinux: fix build warning in save_booleans()
> libselinux: avcstat: fix build warning
> libselinux: audit2why: fix build warnings
> libsemanage: prevent string overflow on final paths
> libsepol: cil: prevent stack buffer overflow in cil_expr_to_string
> Update VERSION files to 2.8-rc3
>
> Vit Mojzis (1):
> python/semanage/seobject.py: Fix undefined store check
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc3 release candidate
2018-05-16 17:31 ` Jason Zaman
@ 2018-05-23 17:16 ` Stephen Smalley
2018-05-23 17:45 ` Jason Zaman
0 siblings, 1 reply; 25+ messages in thread
From: Stephen Smalley @ 2018-05-23 17:16 UTC (permalink / raw)
To: Jason Zaman; +Cc: SELinux
On 05/16/2018 01:31 PM, Jason Zaman wrote:
> Just a quick note in case the release is soon.
> I have a couple patches to make everything work on
> Musl libc that im gonna clean them up and post in the morning.
Given that these have been merged and I've seen no other activity, I assume we can make a final 2.8 release anytime.
If anyone objects, speak up now.
>
> On Thu, May 10, 2018 at 11:20:01AM -0400, Stephen Smalley wrote:
>> A 2.8-rc3 release candidate for the SELinux userspace is now available at:
>> https://github.com/SELinuxProject/selinux/wiki/Releases
>>
>> Please give it a test and let us know if there are any issues.
>>
>> A draft of the release notes is available from the Releases page, as
>> is the full git log output and git shortlog output since the 2.7
>> release. If there are further items we should mention or if something
>> should be amended in the release notes, let us know.
>>
>> Thanks to all the contributors to this release candidate!
>>
>> A shortlog of changes since the 2.8-rc2 release candidate is below.
>>
>> Stephen Smalley (7):
>> libsepol: remove unused function and type
>> libselinux: fix build warning in save_booleans()
>> libselinux: avcstat: fix build warning
>> libselinux: audit2why: fix build warnings
>> libsemanage: prevent string overflow on final paths
>> libsepol: cil: prevent stack buffer overflow in cil_expr_to_string
>> Update VERSION files to 2.8-rc3
>>
>> Vit Mojzis (1):
>> python/semanage/seobject.py: Fix undefined store check
>
>
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: ANN: SELinux userspace 2.8-rc3 release candidate
2018-05-23 17:16 ` Stephen Smalley
@ 2018-05-23 17:45 ` Jason Zaman
0 siblings, 0 replies; 25+ messages in thread
From: Jason Zaman @ 2018-05-23 17:45 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
On Wed, May 23, 2018 at 01:16:18PM -0400, Stephen Smalley wrote:
> On 05/16/2018 01:31 PM, Jason Zaman wrote:
> > Just a quick note in case the release is soon.
> > I have a couple patches to make everything work on
> > Musl libc that im gonna clean them up and post in the morning.
>
> Given that these have been merged and I've seen no other activity, I assume we can make a final 2.8 release anytime.
> If anyone objects, speak up now.
No objections here. I just merged the travis.yml ruby patch too.
(although that isnt in a release so doesnt matter)
>
> >
> > On Thu, May 10, 2018 at 11:20:01AM -0400, Stephen Smalley wrote:
> >> A 2.8-rc3 release candidate for the SELinux userspace is now available at:
> >> https://github.com/SELinuxProject/selinux/wiki/Releases
> >>
> >> Please give it a test and let us know if there are any issues.
> >>
> >> A draft of the release notes is available from the Releases page, as
> >> is the full git log output and git shortlog output since the 2.7
> >> release. If there are further items we should mention or if something
> >> should be amended in the release notes, let us know.
> >>
> >> Thanks to all the contributors to this release candidate!
> >>
> >> A shortlog of changes since the 2.8-rc2 release candidate is below.
> >>
> >> Stephen Smalley (7):
> >> libsepol: remove unused function and type
> >> libselinux: fix build warning in save_booleans()
> >> libselinux: avcstat: fix build warning
> >> libselinux: audit2why: fix build warnings
> >> libsemanage: prevent string overflow on final paths
> >> libsepol: cil: prevent stack buffer overflow in cil_expr_to_string
> >> Update VERSION files to 2.8-rc3
> >>
> >> Vit Mojzis (1):
> >> python/semanage/seobject.py: Fix undefined store check
> >
> >
>
^ permalink raw reply [flat|nested] 25+ messages in thread
* ANN: SELinux userspace release 20180524 / 2.8
2018-05-10 15:20 ` ANN: SELinux userspace 2.8-rc3 release candidate Stephen Smalley
2018-05-16 17:31 ` Jason Zaman
@ 2018-05-24 19:21 ` Stephen Smalley
1 sibling, 0 replies; 25+ messages in thread
From: Stephen Smalley @ 2018-05-24 19:21 UTC (permalink / raw)
To: SELinux
The 20180524 / 2.8 release for the SELinux userspace is now available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
A github release has also been created at:
https://github.com/SELinuxProject/selinux/releases/tag/20180524
In the future, we will likely stop hosting the releases on the wiki and
just have it link to the github releases. We may also alter the versioning
and tagging scheme. For this release however, I have left these unchanged.
Below are some notes on this release for packagers and users of the
SELinux userspace. git log and git shortlog output for all changes
since the 20170804 / 2.7 release are available from the release page.
Thanks to all the contributors to this release!
RELEASE 20180524 (2.8)
User-visible changes:
* semanage fcontext -l now also lists home directory entries from
file_contexts.homedirs.
* semodule can now enable or disable multiple modules in the same
operation by specifying a list of modules after -e or -d, making them
consistent with the -i/u/r/E options.
* CIL now supports multiple declarations of types, attributes, and
(non-conflicting) object contexts (e.g. genfscon), enabled via the -m
or --multiple-decls option to secilc.
* libsemanage no longer deletes the tmp directory if there is an error
while committing the policy transaction, so that any temporary files
can be further inspected for debugging purposes (e.g. to examine a
particular line of the generated CIL module). The tmp directory will
be deleted upon the next transaction, so no manual removal is needed.
* Support was added for SCTP portcon statements. The corresponding
kernel support was introduced in Linux 4.17, and is only active if the
extended_socket_class policy capability is enabled in the policy. This
support is required to build the refpolicy master branch (and thus future
refpolicy releases).
* sepol_polcap_getnum/name() were exported as part of the shared libsepol
interface, initially for use by setools4.
* semodule_deps was removed since it has long been broken and is not useful
for CIL modules.
Packaging-relevant changes:
* When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
DESTDIR has to be removed from the definition. For example on Arch
Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
* Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
no longer mandatory (thanks to the switch to "-l:libsepol.a" in
Makefiles).
* PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
* selinux-gui (i.e. system-config-selinux GUI application) is now
compatible with Python 3. Doing this required migrating away from
PyGTK to the supported PyGI library. This means that selinux-gui now
depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
requires PyGtk or Python 2.
^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2018-05-24 19:19 UTC | newest]
Thread overview: 25+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-19 15:07 ANN: SELinux userspace 2.8-rc1 release candidate Stephen Smalley
2018-04-20 12:31 ` Petr Lautrbach
2018-04-20 12:49 ` Stephen Smalley
2018-04-20 13:31 ` Petr Lautrbach
2018-04-20 14:09 ` Stephen Smalley
2018-04-25 14:11 ` Yuli Khodorkovskiy
2018-04-25 14:32 ` Stephen Smalley
2018-04-23 20:00 ` Nicolas Iooss
2018-04-26 17:35 ` ANN: SELinux userspace 2.8-rc2 " Stephen Smalley
2018-05-03 14:52 ` Last call for selinux userspace 2.8 release Stephen Smalley
2018-05-04 7:55 ` Jason Zaman
2018-05-04 13:08 ` Stephen Smalley
2018-05-04 13:26 ` Dominick Grift
2018-05-04 13:36 ` Stephen Smalley
2018-05-04 14:26 ` Jason Zaman
2018-05-04 14:43 ` Dominick Grift
2018-05-04 12:19 ` Dominick Grift
2018-05-04 13:09 ` Stephen Smalley
2018-05-04 13:16 ` Dominick Grift
2018-05-04 14:30 ` Petr Lautrbach
2018-05-10 15:20 ` ANN: SELinux userspace 2.8-rc3 release candidate Stephen Smalley
2018-05-16 17:31 ` Jason Zaman
2018-05-23 17:16 ` Stephen Smalley
2018-05-23 17:45 ` Jason Zaman
2018-05-24 19:21 ` ANN: SELinux userspace release 20180524 / 2.8 Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.