Hi,
a couple nits below...
On Thu, Jul 9, 2020 at 11:45 AM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote:
[...]
>
> * Support for new polcap genfs_seclabel_symlinks
s/polcap/policy capability/ ?
>
> * New `setfiles -E` option - treat conflicting specifications as errors, such
> as where two hardlinks for the same inode have different contexts.
>
> * `restorecond_user.service` - new systemd user service which runs `restorecond -u`
>
> * `setsebool -V` reports errors from commit phase
>
> * Improved man pages
>
> * `semanage` uses ipaddress Python module instead of IPy
>
> * matchpathcon related interfaces are deprecated
>
> * selinuxfs is mounted with noexec and nosuid
>
> * Improved README which was renamed to README.md and converted to markdown.
This is more of a developer/packager/builder visible change rather
than user visible IMHO. Maybe move it to a "Development-related
changes" section?
>
> * `setup.py` builds can be customized using PYTHON_SETUP_ARGS, e.g. to for
> Debian Python layout use: `make PYTHON_SETUP_ARGS=--install-layout=deb ...`
Ditto. Maybe the "Packaging-relevant changes" would fit better for this one?
>
> * the dso wrappers for internal calls were removed and it is now strongly recommended to CFLAGS with
> `-fno-semantic-interposition`
>
> * `security_compute_user()` was deprecated - usage of /sys/fs/selinux/user { security:compute_user } might be revisited
>
> * checkpolicy treats invalid characters as an error - it might break (but intentional) rare use cases
I'd reword this to "might break rare use cases (intentionally)".
>
> * New `restorecon -x` option - prevent `restorecon` from crossing file system
> boundaries.
"New `restorecon -x` option, which prevents it from crossing file
system boundaries"?
>
> * Handle `semanage module` in semanage bash completion
>
> * Added section about CFLAGS to README.md, see Packaging-relevant changes
Also mainly devel/packager-related.
>
> * Improved man pages
This one is already listed further above .
>
> * Add Travis CI job to run SELinux kernel testsuite on latest Fedora cloud image
Another purely development-related change.
>
> * `sepolgen-ifgen` parses a gen_tunable statement as bool
>
> * `semanage` handles getprotobyname() failure case on Debian where /etc/protocols does not contain an entry for "ipv4"
>
> Packaging-relevant changes:
[...]
Thank you for working on the release!
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
