ANN: SELinux userspace 3.0-rc1 release candidate

ANN: SELinux userspace 3.0-rc1 release candidate

[Petr Lautrbach]

Hello,

A 3.0-rc1 release candidate for the SELinux userspace is now 
available at:

https://github.com/SELinuxProject/selinux/wiki/Releases

Please give it a test and let us know if there are any issues.

If there are specific changes that you think should be called out 
in release notes for packagers and users in the final release
announcement, let us know. 

Thanks to all the contributors to this release candidate!

User-visible changes:

* Optional support for kernel policy optimization (enable with
optimize-policy=true in /etc/selinux/semanage.conf for modular policy or -O
option to checkpolicy/secilc for monolithic policy); this is optional because it
provides relatively small savings with non-trivial policy compile-time overhead
for some policies e.g. Android.

* New digest scheme for setfiles/restorecon -D; instead of a single hash of the
entire file contexts configuration stored in a security.restorecon_last xattr on
only the top-level directory, use a hash of all partial matches from file
contexts stored in a security.sehash xattr on each directory,

* Support for default_range glblub in source policy (.te/policy.conf and CIL)
and kernel policy version 32,

* New libselinux APIs for querying validatetrans rules,

* Unknown permissions are now handled as errors in CIL,

* security_av_string() no longer returns immediately upon encountering an
unknown permission and will log all known permissions,

* checkmodule -c support for specifying module policy version,

* mcstransd reverted to original color range matching based on dominance,

* Support for 'dccp' and 'sctp' protocols in semanage port command,

* 'checkpolicy -o -' writes policy to standard output,

* 'semodule -v' sets also cil's log level

Issues fixed:

* https://github.com/SELinuxProject/selinux/issues/61
* https://github.com/SELinuxProject/selinux/issues/137
* https://github.com/SELinuxProject/selinux/issues/138
* https://github.com/SELinuxProject/selinux/issues/167
* https://github.com/SELinuxProject/selinux/issues/169
* https://github.com/SELinuxProject/selinux/issues/176

A shortlog of changes since the 2.9 release:

Aleksei Nikiforov (1):
      Update man pages translation by Olesya Gerasimenko

Gary Tierney (2):
      checkmodule: add support for specifying module policy version
      dismod: print policy version of loaded modules

James Carter (4):
      checkpolicy: add flag to enable policy optimization
      libsepol: Make an unknown permission an error in CIL
      libsepol: Remove cil_mem_error_handler() function pointer
      libsepol: Further improve binary policy optimization

Jan Zarsky (11):
      libsemanage: add helper functions to tests
      libsemanage: test semanage_handle_* functions
      libsemanage: test semanage_bool_* functions
      libsemanage: test semanage_fcontext functions
      libsemanage: test semanage_iface_* functions
      libsemanage: test semanage_ibendport_* functions
      libsemanage: test semanage_node_* functions
      libsemanage: test semanage_port_* functions
      libsemanage: test semanage_user_* functions
      libsemanage: test semanage_context_* functions
      libsemanage: test semanage_msg_default_handler

Jason Zaman (1):
      policycoreutils: semodule: Enable CIL logging

Jokke Hämäläinen (2):
      libsepol: Check strdup() failures
      libsepol: Replace constant with sizeof()

Joshua Brindle (2):
      Add security_validatetrans support
      Add default_range glblub support

Laurent Bigonville (4):
      restorecond: Do not link against libpcre
      Add documentation key in systemd .service files
      mcstrans: Move setrans.conf manpage to section 5
      mcstrans: Add reference to setools.conf man page in the daemon one

Masatake YAMATO (3):
      checkpolicy: remove a redundant if-condition
      checkpolicy: update the description for -o option in the man page
      checkpolicy: allow to write policy to stdout

Mike Palmiotto (2):
      libsepol/cil: fix mlsconstrain segfault
      libselinux: fix string conversion of unknown perms

Nicolas Iooss (23):
      restorecond: use /run instead of /var/run
      libsepol: include module.c internal header in module_to_cil.c
      libsepol: initialize a local variable once
      libselinux: ensure that digest_len is not zero
      libsemanage: include internal header to use the hidden function prototypes
      libsepol: do not dereference a failed allocated pointer
      semodule-utils: fix comparison with argc
      libsepol: do not dereference scope if it can be NULL
      libsepol: reset *p to NULL if sepol_module_package_create fails
      libsepol/cil: do not dereference perm_value_to_cil when it has not been allocated
      python/chcat: remove unnecessary assignment
      python/sepolicy: remove unnecessary pass statement
      libsepol/tests: do not dereference a NULL pointer
      Add configuration file for lgtm.com
      Fix many misspellings
      libselinux: ensure strlen() is not called on NULL
      libselinux: do not add rc to pos twice
      CircleCI: run scan-build and publish its results automatically
      libsepol, libsemanage: add a macro to silence static analyzer warnings in tests
      libsemanage/tests: return when str is NULL
      libsemanage/tests: check that string pointers are not NULL before comparing them
      libselinux: mark all exported function "extern"
      libsemanage: mark all exported function "extern"

Ondrej Mosnacek (6):
      libsepol: add ebitmap_for_each_set_bit macro
      run_init: fix build when crypt() is not in unistd.h
      libsepol: add a function to optimize kernel policy
      libsemanage: optionally optimize policy on rebuild
      secilc: add flag to enable policy optimization
      sepolicy: generate man pages in parallel

Petr Lautrbach (12):
      gui: Install polgengui.py to /usr/bin/selinux-polgengui
      gui: Install .desktop files to /usr/share/applications by default
      semanage/semanage-boolean.8: Fix a minor typo
      Add CONTRIBUTING.md
      libselinux: Use Python distutils to install SELinux python bindings
      policycoreutils/fixfiles: Fix [-B] [-F] onboot
      policycoreutils/fixfiles: Force full relabel when SELinux is disabled
      gui: Fix remove module in system-config-selinux
      python/semanage: Do not use default s0 range in "semanage login -a"
      Switch last 2 files using /usr/bin/env to /usr/bin/python3
      libsepol: Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
      Update VERSIONs to 3.0-rc1 for release.

Richard Haines (6):
      libsepol/cil: Allow validatetrans rules to be resolved
      libselinux: Fix security_get_boolean_names build error
      libselinux: Save digest of all partial matches for directory
      setfiles: Update utilities for the new digest scheme
      selinux: Remove legacy local boolean and user code
      selinux: Update manpages after removing legacy boolean and user code

Stephen Smalley (1):
      python/sepolicy: call segenxml.py with python3

Unto Sten (9):
      Global replace exit(0) with more readable exit(EXIT_SUCCESS)
      Unify code style to preserve my sanity
      another style fix
      Check strdup() failure
      Trivial style improvements
      Trivial style fixes
      Remove unneeded int
      Remove redundant if-clause
      More accurate error messages

Vit Mojzis (8):
      Revert "mcstransd select correct colour range."
      Fix mcstrans secolor examples
      policycoreutils/fixfiles: Fix "verify" option
      python/semanage: Improve handling of "permissive" statements
      python/semanage: fix moduleRecords.customized()
      libsemanage: Add support for DCCP and SCTP protocols
      python/semanage: Add support for DCCP and SCTP protocols
      python/semanage: Document DCCP and SCTP support

xunchang (2):
      Restorecon: factor out a lookup helper for context matches
      libselinux: Ignore the stem when looking up all matches in file context

Petr

Re: ANN: SELinux userspace 3.0-rc1 release candidate

[Nicolas Iooss]

On Thu, Oct 31, 2019 at 10:43 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> Hello,
>
> A 3.0-rc1 release candidate for the SELinux userspace is now
> available at:
>
> https://github.com/SELinuxProject/selinux/wiki/Releases
>
> Please give it a test and let us know if there are any issues.
>
> If there are specific changes that you think should be called out
> in release notes for packagers and users in the final release
> announcement, let us know.

Hello, I started testing this RC on a test virtual machine (which uses
Arch Linux and refpolicy) and something changed in a quite unexpected
way: "semodule --verbose" is now a lot more noisy than 2.9. Here is an
example of what I get when rebuilding the policy:

# semodule --verbose -B
Committing changes:
Disabling optional 'ada_optional_6' at
/var/lib/selinux/refpolicy/tmp/modules/400/ada/cil:63
Failed to resolve typeattributeset statement at
/var/lib/selinux/refpolicy/tmp/modules/400/ada/cil:66
Disabling optional 'anaconda_optional_9' at
/var/lib/selinux/refpolicy/tmp/modules/400/anaconda/cil:183
Failed to resolve typeattributeset statement at
/var/lib/selinux/refpolicy/tmp/modules/400/anaconda/cil:189
Disabling optional 'apache_optional_92' at
/var/lib/selinux/refpolicy/tmp/modules/400/apache/cil:3449
Failed to resolve typeattributeset statement at
/var/lib/selinux/refpolicy/tmp/modules/400/apache/cil:3499
...

Such an output could be useful when debugging issues about optional
modules, but they may make other issues harder to find among all the
messages. Would it be possible to hide these specific messages by
default in verbose mode?

Thanks,
Nicolas

Re: [Non-DoD Source] Re: ANN: SELinux userspace 3.0-rc1 release candidate

[jwcart2]

On 11/1/19 6:54 AM, Nicolas Iooss wrote:
> On Thu, Oct 31, 2019 at 10:43 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>>
>> Hello,
>>
>> A 3.0-rc1 release candidate for the SELinux userspace is now
>> available at:
>>
>> https://github.com/SELinuxProject/selinux/wiki/Releases
>>
>> Please give it a test and let us know if there are any issues.
>>
>> If there are specific changes that you think should be called out
>> in release notes for packagers and users in the final release
>> announcement, let us know.
> 
> Hello, I started testing this RC on a test virtual machine (which uses
> Arch Linux and refpolicy) and something changed in a quite unexpected
> way: "semodule --verbose" is now a lot more noisy than 2.9. Here is an
> example of what I get when rebuilding the policy:
> 
> # semodule --verbose -B
> Committing changes:
> Disabling optional 'ada_optional_6' at
> /var/lib/selinux/refpolicy/tmp/modules/400/ada/cil:63
> Failed to resolve typeattributeset statement at
> /var/lib/selinux/refpolicy/tmp/modules/400/ada/cil:66
> Disabling optional 'anaconda_optional_9' at
> /var/lib/selinux/refpolicy/tmp/modules/400/anaconda/cil:183
> Failed to resolve typeattributeset statement at
> /var/lib/selinux/refpolicy/tmp/modules/400/anaconda/cil:189
> Disabling optional 'apache_optional_92' at
> /var/lib/selinux/refpolicy/tmp/modules/400/apache/cil:3449
> Failed to resolve typeattributeset statement at
> /var/lib/selinux/refpolicy/tmp/modules/400/apache/cil:3499
> ...
> 
> Such an output could be useful when debugging issues about optional
> modules, but they may make other issues harder to find among all the
> messages. Would it be possible to hide these specific messages by
> default in verbose mode?
> 

I can turn these into CIL_INFO messages rather than CIL_WARN messages. That will 
hide them.

Jim

> Thanks,
> Nicolas
> 


-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency