Hello, A 3.1-rc2 release candidate for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases Please give it a test and let us know if there are any issues. If there are specific changes that you think should be called out in release notes for packagers and users in the final release announcement, let us know. Thanks to all the contributors to this release candidate! User-visible changes since 20200518 / 3.1-rc1: * New `restorecon -x` option - prevent `restorecon` from crossing file system boundaries. * Handle `semanage module` in semanage bash completion * Added section about CFLAGS to README.md, see Packaging-relevant changes * Improved man pages * Add Travis CI job to run SELinux kernel testsuite on latest Fedora cloud image * `sepolgen-ifgen` parses a gen_tunable statement as bool Packaging-relevant changes: * Setting CFLAGS during the make process will cause the omission of many defaults. While the project strives to provide a reasonable set of default flags, custom CFLAGS could break the build, or have other undesired changes on the build output. Thus, be very careful when setting CFLAGS. CFLAGS that are encouraged to be set when overriding are: - -fno-semantic-interposition for gcc or compilers that do not do this. clang does this by default. clang-10 and up will support passing this flag, but ignore it. Previous clang versions fail. Issues fixed: * https://github.com/SELinuxProject/selinux/issues/248 * https://github.com/SELinuxProject/selinux/issues/208 A shortlog of changes since the 3.1-rc1 pre-release: Andrej Shadura (1): checkpolicy: Minor tweaks to the names of the contributors to the manpages Christian Göttsche (3): sepolgen: parse gen_tunable as bool refparser: add missing newline after error message sepolgen-ifgen: refactor default policy path retrieval James Carter (8): libsepol/cil: Initialize the multiple_decls field of the cil db libsepol/cil: Return error when identifier declared as both type and attribute libsepol: Fix type alias handling in kernel_to_cil libsepol: Fix type alias handling in kernel_to_conf libsepol: Write CIL default MLS rules on separate lines libsepol: Improve writing CIL sensitivity rules libsepol: Improve writing CIL category rules libsepol: Sort portcon rules consistently Ji Qin (1): libselinux: Fix NULL pointer use in selinux_restorecon_set_sehandle Peter Whittaker (1): Add restorecon -x option to not cross FS boundaries Petr Lautrbach (2): python/sepolicy: Use xml.etree.ElementTree.Element.iter() Update VERSIONs to 3.1-rc2 for release. Stephen Smalley (1): libselinux: fix selinux_restorecon() statfs bug Topi Miettinen (3): secilc/docs: fix use of TMPDIR semanage bash completion: handle semanage module semanage-node.8: describe netmask William Roberts (3): ci: run SELinux kernel test suite ci: dont use hardcoded project name README: start a section for documenting CFLAGS
Attachment:
signature.asc
Description: PGP signature
