The 20180524 / 2.8 release for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases A github release has also been created at: https://github.com/SELinuxProject/selinux/releases/tag/20180524 In the future, we will likely stop hosting the releases on the wiki and just have it link to the github releases. We may also alter the versioning and tagging scheme. For this release however, I have left these unchanged. Below are some notes on this release for packagers and users of the SELinux userspace. git log and git shortlog output for all changes since the 20170804 / 2.7 release are available from the release page. Thanks to all the contributors to this release! RELEASE 20180524 (2.8) User-visible changes: * semanage fcontext -l now also lists home directory entries from file_contexts.homedirs. * semodule can now enable or disable multiple modules in the same operation by specifying a list of modules after -e or -d, making them consistent with the -i/u/r/E options. * CIL now supports multiple declarations of types, attributes, and (non-conflicting) object contexts (e.g. genfscon), enabled via the -m or --multiple-decls option to secilc. * libsemanage no longer deletes the tmp directory if there is an error while committing the policy transaction, so that any temporary files can be further inspected for debugging purposes (e.g. to examine a particular line of the generated CIL module). The tmp directory will be deleted upon the next transaction, so no manual removal is needed. * Support was added for SCTP portcon statements. The corresponding kernel support was introduced in Linux 4.17, and is only active if the extended_socket_class policy capability is enabled in the policy. This support is required to build the refpolicy master branch (and thus future refpolicy releases). * sepol_polcap_getnum/name() were exported as part of the shared libsepol interface, initially for use by setools4. * semodule_deps was removed since it has long been broken and is not useful for CIL modules. Packaging-relevant changes: * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., DESTDIR has to be removed from the definition. For example on Arch Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is no longer mandatory (thanks to the switch to "-l:libsepol.a" in Makefiles). * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). * selinux-gui (i.e. system-config-selinux GUI application) is now compatible with Python 3. Doing this required migrating away from PyGTK to the supported PyGI library. This means that selinux-gui now depends on python-gobject, Gtk+ 3 and selinux-python. It no longer requires PyGtk or Python 2. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
