* ANN: SELinux userspace 3.2-rc1 release candidate
@ 2021-01-20 12:21 Petr Lautrbach
0 siblings, 0 replies; only message in thread
From: Petr Lautrbach @ 2021-01-20 12:21 UTC (permalink / raw)
To: selinux
Hello,
A 3.2-rc1 release candidate for the SELinux userspace is now
available at:
https://github.com/SELinuxProject/selinux/wiki/Releases
Please give it a test and let us know if there are any issues.
If there are specific changes that you think should be called out
in release notes for packagers and users in the final release
announcement, let us know.
Thanks to all the contributors to this release candidate!
User-visible changes
--------------------
* libsepol implemented a new, more space-efficient form of storing filename
transitions in the binary policy and reduced the size of the binary policy
* libselinux: Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
Note: if you need to `umount /sys/fs/selinux` you need to use lazy umount -
`umount -l /sys/fs/selinux` as the kernel status page /sys/fs/selinux/status
stays mapped by processes like systemd, dbus, sshd.
* Tools using sepolgen, e.g. audit2allow, print extended permissions in
hexadecimal
* sepolgen sorts extended rules like normal ones
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit format.
* matchpathcon converted to selabel_lookup() - no more matchpathcon is
deprecated warning
* libsepol and libsemanage dropped old and deprecated symbols and functions
libsepol version was bumped to libsepol.so.2
libsemanage version was bumped to libsemanage.so.2
* Release version for the whole project is same as for subcomponents, e.g.
instead of 20210118 it's 3.2-rc1
* Improved man pages
* Bug fixes
Development-relevant changes
----------------------------
* License the CI scripts with a permissive, OSI approved license, such as MIT
* Several CI improvements
* Added configuration to build and run tests in GitHub Actions
* CI contains configuration for a Vagrant virtual machine - instructions on how
to use it are documented at the beginning of Vagrantfile.
Packaging-relevant changes
--------------------------
* Both libsepol and libsemanage bumped their soname versions. Especially
libsemanage is linked to shadow-utils and direct update might cause problems to
buildroots. Also SETools needs to be rebuilt against libsepol.so.2
Issues fixed
------------
* https://github.com/SELinuxProject/selinux/issues/245
* https://github.com/SELinuxProject/selinux/issues/270
Shortlog of changes since the 3.1 release
-----------------------------------------------
Bernhard M. Wiedemann (1):
python/sepolicy: allow to override manpage date
Björn Bidar (2):
libselinux: Add build option to disable X11 backend
libselinux: LABEL_BACKEND_ANDROID add option to enable
Chris PeBenito (5):
libselinux: Remove trailing slash on selabel_file lookups.
libselinux: Add new log callback levels for enforcing and policy load notices.
libselinux: Fix selabel_lookup() for the root dir.
libselinux: Add additional log callback details in man page for auditing.
libselinux: Change userspace AVC setenforce and policy load messages to audit format.
Christian Göttsche (5):
sepolgen: print extended permissions in hexadecimal
sepolgen: sort extended rules like normal ones
libselinux: use full argument specifiers for security_check_context in man page
libselinux: safely access shared memory in selinux_status_updated()
libselinux: initialize last_policyload in selinux_status_open()
Dominick Grift (4):
secilc/docs: document expandtypeattribute
newrole: support cross-compilation with PAM and audit
cil_access_vector_rules: allowx, auditallowx and dontauditx fixes
cil_network_labeling_statements: fixes nodecon examples
Evgeny Vereshchagin (1):
libsepol/cil: always destroy the lexer state
Hu Keping (3):
Introduce VERSION file for selinux
Use X.Y instead of date for release tag
Simplify the tarball generating scripts
Jakub Hrozek (1):
libsemanage: Free contents of modkey in semanage_direct_remove
James Carter (10):
libsepol/cil: Validate constraint expressions before adding to binary policy
libsepol/cil: Validate conditional expressions before adding to binary policy
libsepol/cil: Fix neverallow checking involving classmaps
libsepol/cil: Give error for more than one true or false block
libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
libsepol/cil: Get rid of unnecessary check in cil_gen_node()
libsepol/cil: Remove unused field from struct cil_args_resolve
libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
libsepol/cil: Use the macro NODE() whenever possible
libsepol/cil: Use the macro FLAVOR() whenever possible
Laurent Bigonville (1):
restorecond: Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file
Mike Palmiotto (1):
libselinux: use kernel status page by default
Nicolas Iooss (18):
libselinux: convert matchpathcon to selabel_lookup()
libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
libsepol: drop confusing BUG_ON macro
libsepol: silence potential NULL pointer dereference warning
libsepol: free memory when realloc() fails
Add configuration to build and run tests in GitHub Actions
scripts/ci: add configuration for a Vagrant virtual machine
GitHub Actions: upgrade to Python 3.9
GitHub Actions: drop Ruby 2.4 from matrix
libsepol/cil: remove useless print statement
libsepol/cil: fix NULL pointer dereference when using an unused alias
libsepol/cil: do not add a stack variable to a list
libsepol/cil: propagate failure of cil_fill_list()
libsepol/cil: constify some strings
libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
libsepol/cil: fix NULL pointer dereference when parsing an improper integer
libsepol: destroy filename_trans list properly
Ondrej Mosnacek (9):
libsepol,checkpolicy: optimize storage of filename transitions
libsepol: implement POLICYDB_VERSION_COMP_FTRANS
ci: use parallel build
ci: bump Fedora image version to 33
selinux(8): mark up SELINUX values
selinux(8): explain that runtime disable is deprecated
selinux_config(5): add a note that runtime disable is deprecated
ci: add new dependencies needed by selinux-testsuite
travis: run only selinux-testsuite
Petr Lautrbach (9):
libsepol: Get rid of the old and duplicated symbols
libsepol: Drop deprecated functions
libsepol: Bump libsepol.so version
libsemanage: Remove legacy and duplicate symbols
libsemanage: Drop deprecated functions
libsemanage: Bump libsemanage.so version
Revert "libsemanage/genhomedircon: check usepasswd"
libselinux: Always close status page fd
Update VERSIONs and Python bindings version to 3.2-rc1 for release
Stephen Smalley (1):
libselinux: fix build order
Vit Mojzis (3):
libsemanage/genhomedircon: check usepasswd
python/semanage: empty stdout before exiting on BrokenPipeError
python/semanage: Sort imports in alphabetical order
W. Michael Petullo (1):
python/audit2allow: add #include <limits.h> to sepolgen-ifgen-attr-helper.c
William Roberts (2):
scripts/ci: license as MIT
ci: fix stall on git log -1
bauen1 (2):
Update the cil docs to match the current behaviour.
fixfiles: correctly restore context of mountpoints
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-01-20 12:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-20 12:21 ANN: SELinux userspace 3.2-rc1 release candidate Petr Lautrbach
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).