* Lets start with 3.4 userspace release
@ 2022-03-29 16:56 Petr Lautrbach
2022-03-30 15:16 ` James Carter
0 siblings, 1 reply; 4+ messages in thread
From: Petr Lautrbach @ 2022-03-29 16:56 UTC (permalink / raw)
To: SElinux list
Hello,
after 142 commits and 5 months since last SELinux userspace release,
it's time to think about another release.
The current backlog of patches is bellow. Please take a look.
This time, I'd like to release rcX every 14 days -
rc1 - 04-06-2022
rc2 - 04-20-2022
...
I'll try send patches with the release number change on Mondays before every
release.
Also when rc1 is out, please consider postponing non-bugfix patches
after the release or provide a comment that the change is not necessary
for this release.
* https://patchwork.kernel.org/patch/12617693/ New [v2] Support static-only builds
- v2 of https://lore.kernel.org/selinux/87lf1scgd6.fsf@alyssa.is/
- waits for another review
* https://patchwork.kernel.org/patch/12639767/ New libsepol: free ebitmap on end of function
* https://patchwork.kernel.org/project/selinux/list/?series=590259 add not-self neverallow support
* https://patchwork.kernel.org/patch/12672523/ New [v2] secilc: kernel policy language is infix
* https://patchwork.kernel.org/project/selinux/list/?series=604679 libsepol: Adding support for not-self rules
* https://patchwork.kernel.org/patch/12718352/ New [libselinux] libselinux: make threadsafe for discover_class_cache
* https://patchwork.kernel.org/patch/12726783/ New libselinux: Prevent cached context giving wrong results
* https://patchwork.kernel.org/project/selinux/list/?series=616731 libsepol: add sepol_av_perm_to_string |
"""
Since most of these functions are used in either checkpolicy or
audit2why (or both), it is probably fine to export these, but I would
appreciate any thoughts that Chris and others might have.
"""
* https://patchwork.kernel.org/patch/12775701/ New libsepol/cil: Write a message when a log message is truncated
* https://patchwork.kernel.org/patch/12780657/ New libsepol: Use calloc when initializing bool_val_to_struct array
* https://patchwork.kernel.org/patch/12783189/ New libsepol: Validate conditional expressions
* https://patchwork.kernel.org/patch/12790631/ New [v3] libsemanage: Fall back to semanage_copy_dir when rename() fails
Petr
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Lets start with 3.4 userspace release
2022-03-29 16:56 Lets start with 3.4 userspace release Petr Lautrbach
@ 2022-03-30 15:16 ` James Carter
2022-03-31 11:41 ` Petr Lautrbach
0 siblings, 1 reply; 4+ messages in thread
From: James Carter @ 2022-03-30 15:16 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: SElinux list
On Tue, Mar 29, 2022 at 3:06 PM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> Hello,
>
> after 142 commits and 5 months since last SELinux userspace release,
> it's time to think about another release.
>
> The current backlog of patches is bellow. Please take a look.
>
> This time, I'd like to release rcX every 14 days -
> rc1 - 04-06-2022
> rc2 - 04-20-2022
> ...
>
> I'll try send patches with the release number change on Mondays before every
> release.
>
>
> Also when rc1 is out, please consider postponing non-bugfix patches
> after the release or provide a comment that the change is not necessary
> for this release.
>
>
>
> * https://patchwork.kernel.org/patch/12617693/ New [v2] Support static-only builds
>
> - v2 of https://lore.kernel.org/selinux/87lf1scgd6.fsf@alyssa.is/
> - waits for another review
>
> * https://patchwork.kernel.org/patch/12639767/ New libsepol: free ebitmap on end of function
>
This is part of the notself patches which will not be ready for this release.
> * https://patchwork.kernel.org/project/selinux/list/?series=590259 add not-self neverallow support
>
Still working, but not for this release.
> * https://patchwork.kernel.org/patch/12672523/ New [v2] secilc: kernel policy language is infix
>
This one fell off my radar. I can ack and merge it.
> * https://patchwork.kernel.org/project/selinux/list/?series=604679 libsepol: Adding support for not-self rules
>
Still working, but not for this release.
> * https://patchwork.kernel.org/patch/12718352/ New [libselinux] libselinux: make threadsafe for discover_class_cache
>
> * https://patchwork.kernel.org/patch/12726783/ New libselinux: Prevent cached context giving wrong results
>
> * https://patchwork.kernel.org/project/selinux/list/?series=616731 libsepol: add sepol_av_perm_to_string |
>
> """
> Since most of these functions are used in either checkpolicy or
> audit2why (or both), it is probably fine to export these, but I would
> appreciate any thoughts that Chris and others might have.
> """
>
I need to think about this one.
> * https://patchwork.kernel.org/patch/12775701/ New libsepol/cil: Write a message when a log message is truncated
>
I will merge this.
> * https://patchwork.kernel.org/patch/12780657/ New libsepol: Use calloc when initializing bool_val_to_struct array
>
I will merge this.
> * https://patchwork.kernel.org/patch/12783189/ New libsepol: Validate conditional expressions
>
I will merge this.
> * https://patchwork.kernel.org/patch/12790631/ New [v3] libsemanage: Fall back to semanage_copy_dir when rename() fails
>
I don't know if Ondrej was planning on ack'ing it, but it seems like
he is satisfied.
Jim
>
>
> Petr
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Lets start with 3.4 userspace release
2022-03-30 15:16 ` James Carter
@ 2022-03-31 11:41 ` Petr Lautrbach
2022-03-31 15:15 ` Christian Göttsche
0 siblings, 1 reply; 4+ messages in thread
From: Petr Lautrbach @ 2022-03-31 11:41 UTC (permalink / raw)
To: James Carter; +Cc: SElinux list
James Carter <jwcart2@gmail.com> writes:
> On Tue, Mar 29, 2022 at 3:06 PM Petr Lautrbach <plautrba@redhat.com> wrote:
>>
>> Hello,
>>
>> after 142 commits and 5 months since last SELinux userspace release,
>> it's time to think about another release.
>>
>> The current backlog of patches is bellow. Please take a look.
>>
>> This time, I'd like to release rcX every 14 days -
>> rc1 - 04-06-2022
>> rc2 - 04-20-2022
>> ...
>>
>> I'll try send patches with the release number change on Mondays before every
>> release.
>>
>>
>> Also when rc1 is out, please consider postponing non-bugfix patches
>> after the release or provide a comment that the change is not necessary
>> for this release.
>>
>>
>>
>> * https://patchwork.kernel.org/patch/12617693/ New [v2] Support static-only builds
>>
>> - v2 of https://lore.kernel.org/selinux/87lf1scgd6.fsf@alyssa.is/
>> - waits for another review
>>
>> * https://patchwork.kernel.org/patch/12639767/ New libsepol: free ebitmap on end of function
>>
> This is part of the notself patches which will not be ready for this release.
>
>> * https://patchwork.kernel.org/project/selinux/list/?series=590259 add not-self neverallow support
>>
> Still working, but not for this release.
>
>> * https://patchwork.kernel.org/patch/12672523/ New [v2] secilc: kernel policy language is infix
>>
> This one fell off my radar. I can ack and merge it.
>
>> * https://patchwork.kernel.org/project/selinux/list/?series=604679 libsepol: Adding support for not-self rules
>>
> Still working, but not for this release.
>
>> * https://patchwork.kernel.org/patch/12718352/ New [libselinux] libselinux: make threadsafe for discover_class_cache
>>
>> * https://patchwork.kernel.org/patch/12726783/ New libselinux: Prevent cached context giving wrong results
>>
>> * https://patchwork.kernel.org/project/selinux/list/?series=616731 libsepol: add sepol_av_perm_to_string |
>>
>> """
>> Since most of these functions are used in either checkpolicy or
>> audit2why (or both), it is probably fine to export these, but I would
>> appreciate any thoughts that Chris and others might have.
>> """
>>
> I need to think about this one.
>
>> * https://patchwork.kernel.org/patch/12775701/ New libsepol/cil: Write a message when a log message is truncated
>>
> I will merge this.
>
>> * https://patchwork.kernel.org/patch/12780657/ New libsepol: Use calloc when initializing bool_val_to_struct array
>>
> I will merge this.
>
>> * https://patchwork.kernel.org/patch/12783189/ New libsepol: Validate conditional expressions
>>
> I will merge this.
>
>> * https://patchwork.kernel.org/patch/12790631/ New [v3] libsemanage: Fall back to semanage_copy_dir when rename() fails
>>
> I don't know if Ondrej was planning on ack'ing it, but it seems like
> he is satisfied.
>
Thank You!
>
>>
>>
>> Petr
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Lets start with 3.4 userspace release
2022-03-31 11:41 ` Petr Lautrbach
@ 2022-03-31 15:15 ` Christian Göttsche
0 siblings, 0 replies; 4+ messages in thread
From: Christian Göttsche @ 2022-03-31 15:15 UTC (permalink / raw)
To: Petr Lautrbach; +Cc: James Carter, SElinux list
On Thu, 31 Mar 2022 at 13:41, Petr Lautrbach <plautrba@redhat.com> wrote:
>
> James Carter <jwcart2@gmail.com> writes:
>
> > On Tue, Mar 29, 2022 at 3:06 PM Petr Lautrbach <plautrba@redhat.com> wrote:
> >>
> >> Hello,
> >>
> >> after 142 commits and 5 months since last SELinux userspace release,
> >> it's time to think about another release.
> >>
> >> The current backlog of patches is bellow. Please take a look.
> >>
> >> This time, I'd like to release rcX every 14 days -
> >> rc1 - 04-06-2022
> >> rc2 - 04-20-2022
> >> ...
> >>
> >> I'll try send patches with the release number change on Mondays before every
> >> release.
> >>
> >>
> >> Also when rc1 is out, please consider postponing non-bugfix patches
> >> after the release or provide a comment that the change is not necessary
> >> for this release.
> >>
> >>
> >>
> >> * https://patchwork.kernel.org/patch/12617693/ New [v2] Support static-only builds
> >>
> >> - v2 of https://lore.kernel.org/selinux/87lf1scgd6.fsf@alyssa.is/
> >> - waits for another review
> >>
> >> * https://patchwork.kernel.org/patch/12639767/ New libsepol: free ebitmap on end of function
> >>
> > This is part of the notself patches which will not be ready for this release.
It was not specific to the not-self patches, but it is rendered
obsolete by 3b71e516 ("libsepol: Make use of previously created
ebitmap when checking self ").
> >
> >> * https://patchwork.kernel.org/project/selinux/list/?series=590259 add not-self neverallow support
> >>
> > Still working, but not for this release.
> >
> >> * https://patchwork.kernel.org/patch/12672523/ New [v2] secilc: kernel policy language is infix
> >>
> > This one fell off my radar. I can ack and merge it.
> >
> >> * https://patchwork.kernel.org/project/selinux/list/?series=604679 libsepol: Adding support for not-self rules
> >>
> > Still working, but not for this release.
What is missing, it worked fine for me.
> >> * https://patchwork.kernel.org/patch/12718352/ New [libselinux] libselinux: make threadsafe for discover_class_cache
> >>
> >> * https://patchwork.kernel.org/patch/12726783/ New libselinux: Prevent cached context giving wrong results
> >>
> >> * https://patchwork.kernel.org/project/selinux/list/?series=616731 libsepol: add sepol_av_perm_to_string |
> >>
> >> """
> >> Since most of these functions are used in either checkpolicy or
> >> audit2why (or both), it is probably fine to export these, but I would
> >> appreciate any thoughts that Chris and others might have.
> >> """
> >>
> > I need to think about this one.
> >
> >> * https://patchwork.kernel.org/patch/12775701/ New libsepol/cil: Write a message when a log message is truncated
> >>
> > I will merge this.
> >
> >> * https://patchwork.kernel.org/patch/12780657/ New libsepol: Use calloc when initializing bool_val_to_struct array
> >>
> > I will merge this.
> >
> >> * https://patchwork.kernel.org/patch/12783189/ New libsepol: Validate conditional expressions
> >>
> > I will merge this.
> >
> >> * https://patchwork.kernel.org/patch/12790631/ New [v3] libsemanage: Fall back to semanage_copy_dir when rename() fails
> >>
> > I don't know if Ondrej was planning on ack'ing it, but it seems like
> > he is satisfied.
> >
>
> Thank You!
>
>
> >
> >>
> >>
> >> Petr
> >>
>
The Fedora fork[1] seems to contain several Coverity related fixes.
Any chance of upstreaming those?
The permission map[2], used to weight the interface permissions in the
database generated by sepolgen-ifgen used by `audit2allow(1) -R`, is
quite out of date, while the one from setools[3] is.
Could it get synced by a maintainer, as a patch would be more than
3000 lines and hard to review.
[1]: https://github.com/fedora-selinux/selinux/commits/rawhide
[2]: https://github.com/SELinuxProject/selinux/blob/master/python/sepolgen/src/share/perm_map
[3]: https://github.com/SELinuxProject/setools/blob/master/setools/perm_map
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-31 15:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-29 16:56 Lets start with 3.4 userspace release Petr Lautrbach
2022-03-30 15:16 ` James Carter
2022-03-31 11:41 ` Petr Lautrbach
2022-03-31 15:15 ` Christian Göttsche
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.