Hello! The 3.2 release for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases Thanks to all the contributors to this release! User-visible changes -------------------- * libsepol implemented a new, more space-efficient form of storing filename transitions in the binary policy and reduced the size of the binary policy * libselinux: Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. Note: if you need to `umount /sys/fs/selinux` you need to use lazy umount - `umount -l /sys/fs/selinux` as the kernel status page /sys/fs/selinux/status stays mapped by processes like systemd, dbus, sshd. * Tools using sepolgen, e.g. audit2allow, print extended permissions in hexadecimal * sepolgen sorts extended rules like normal ones * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. * matchpathcon converted to selabel_lookup() - no more matchpathcon is deprecated warning * libsepol and libsemanage dropped old and deprecated symbols and functions libsepol version was bumped to libsepol.so.2 libsemanage version was bumped to libsemanage.so.2 * Release version for the whole project is same as for subcomponents, e.g. instead of 20210118 it's 3.2-rc1 * Improved usability of `getseuser` * Fixed several issues in cil code found by OSS-FUZZ * `setfiles` doesn't abort on labeling errors * libsemanage tries to sync data to prevent empty files in SELinux module store * Improved secilc documentation - fenced code blocks, syntax highlighting, custom color theme, ... * Better error reporting in getconlist * libsepol implemented a new, more space-efficient form of storing filename transitions in the binary policy and reduced the size of the binary policy * libselinux: Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. Note: if you need to `umount /sys/fs/selinux` you need to use lazy umount - `umount -l /sys/fs/selinux` as the kernel status page /sys/fs/selinux/status stays mapped by processes like systemd, dbus, sshd. * Tools using sepolgen, e.g. audit2allow, print extended permissions in hexadecimal * sepolgen sorts extended rules like normal ones * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. * matchpathcon converted to selabel_lookup() - no more matchpathcon is deprecated warning * libsepol and libsemanage dropped old and deprecated symbols and functions libsepol version was bumped to libsepol.so.2 libsemanage version was bumped to libsemanage.so.2 * Release version for the whole project is same as for subcomponents, e.g. instead of 20210304 it's 3.2 * Improved man pages * Bug fixes Development-relevant changes ---------------------------- * License the CI scripts with a permissive, OSI approved license, such as MIT * Several CI improvements * Added configuration to build and run tests in GitHub Actions * CI contains configuration for a Vagrant virtual machine - instructions on how to use it are documented at the beginning of Vagrantfile. * `scripts/release` was improved to be more robust and release a source repository Packaging-relevant changes -------------------------- * Both libsepol and libsemanage bumped their soname versions. Especially libsemanage is linked to shadow-utils and direct update might cause problems to buildroots. Also SETools needs to be rebuilt against libsepol.so.2 * Source repository snapshot selinux-3.2-rc2.tar.gz is available on the release page * sestatus is installed as /usr/bin/sestatus by default. Original /usr/sbin/sestatus is a relative symlink to the /usr/bin/sestatus. Issues fixed ------------ * https://github.com/SELinuxProject/selinux/issues/245 * https://github.com/SELinuxProject/selinux/issues/270 Shortlog of changes since the 3.1 release ----------------------------------------- Antoine Tenart (1): policycoreutils: setfiles: do not restrict checks against a binary policy Bernhard M. Wiedemann (1): python/sepolicy: allow to override manpage date Björn Bidar (2): libselinux: Add build option to disable X11 backend libselinux: LABEL_BACKEND_ANDROID add option to enable Chris PeBenito (5): libselinux: Remove trailing slash on selabel_file lookups. libselinux: Add new log callback levels for enforcing and policy load notices. libselinux: Fix selabel_lookup() for the root dir. libselinux: Add additional log callback details in man page for auditing. libselinux: Change userspace AVC setenforce and policy load messages to audit format. Christian Göttsche (10): sepolgen: print extended permissions in hexadecimal sepolgen: sort extended rules like normal ones libselinux: use full argument specifiers for security_check_context in man page libselinux: safely access shared memory in selinux_status_updated() libselinux: initialize last_policyload in selinux_status_open() libselinux: accept const fromcon in get_context API libselinux: update getseuser libselinux/getconlist: report failures policycoreutils/fixfiles.8: add missing file systems and merge check and verify libsepol/cil: handle SID without assigned context when writing policy.conf Dominick Grift (5): secilc/docs: document expandtypeattribute newrole: support cross-compilation with PAM and audit cil_access_vector_rules: allowx, auditallowx and dontauditx fixes cil_network_labeling_statements: fixes nodecon examples secilc: fixes cil_role_statements.md example Evgeny Vereshchagin (1): libsepol/cil: always destroy the lexer state Hu Keping (3): Introduce VERSION file for selinux Use X.Y instead of date for release tag Simplify the tarball generating scripts Jakub Hrozek (1): libsemanage: Free contents of modkey in semanage_direct_remove James Carter (17): libsepol/cil: Validate constraint expressions before adding to binary policy libsepol/cil: Validate conditional expressions before adding to binary policy libsepol/cil: Fix neverallow checking involving classmaps libsepol/cil: Give error for more than one true or false block libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* libsepol/cil: Get rid of unnecessary check in cil_gen_node() libsepol/cil: Remove unused field from struct cil_args_resolve libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() libsepol/cil: Use the macro NODE() whenever possible libsepol/cil: Use the macro FLAVOR() whenever possible libsepol/cil: Update symtab nprim field when adding or removing datums libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() libsepol/cil: Fix heap-use-after-free when using optional blockinherit libsepol/cil: Fix integer overflow in the handling of hll line marks libsepol/cil: Destroy disabled optional blocks after pass is complete libsepol: Create function ebitmap_highest_set_bit() libsepol: Validate policydb values when reading binary policy Laurent Bigonville (1): restorecond: Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file Mike Palmiotto (1): libselinux: use kernel status page by default Nicolas Iooss (31): libselinux: convert matchpathcon to selabel_lookup() libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 libsepol: drop confusing BUG_ON macro libsepol: silence potential NULL pointer dereference warning libsepol: free memory when realloc() fails Add configuration to build and run tests in GitHub Actions scripts/ci: add configuration for a Vagrant virtual machine GitHub Actions: upgrade to Python 3.9 GitHub Actions: drop Ruby 2.4 from matrix libsepol/cil: remove useless print statement libsepol/cil: fix NULL pointer dereference when using an unused alias libsepol/cil: do not add a stack variable to a list libsepol/cil: propagate failure of cil_fill_list() libsepol/cil: constify some strings libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit libsepol/cil: destroy perm_datums when __cil_resolve_perms fails libsepol/cil: fix NULL pointer dereference when parsing an improper integer libsepol: destroy filename_trans list properly GitHub Actions: run SELinux testsuite in Fedora virtual machine libsepol/cil: fix memory leak when a constraint expression is too deep libsepol/cil: unlink blockinherit->block link when destroying a block scripts/release: make the script more robust, and release a source repository snapshot libsepol: remove unused files libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check libsepol: include header files in source files when matching declarations libsepol/cil: fix NULL pointer dereference with empty macro argument libsepol/cil: be more robust when encountering <src_info> libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast libselinux: rename gettid() to something which never conflicts with the libc libsepol: invalidate the pointer to the policydb if policydb_init fails restorecond: invalidate local_lock_fd properly when closing it Ondrej Mosnacek (9): libsepol,checkpolicy: optimize storage of filename transitions libsepol: implement POLICYDB_VERSION_COMP_FTRANS ci: use parallel build ci: bump Fedora image version to 33 selinux(8): mark up SELINUX values selinux(8): explain that runtime disable is deprecated selinux_config(5): add a note that runtime disable is deprecated ci: add new dependencies needed by selinux-testsuite travis: run only selinux-testsuite Petr Lautrbach (20): Update VERSIONs and Python bindings version to 3.1 for release libsepol: Get rid of the old and duplicated symbols libsepol: Drop deprecated functions libsepol: Bump libsepol.so version libsemanage: Remove legacy and duplicate symbols libsemanage: Drop deprecated functions libsemanage: Bump libsemanage.so version Revert "libsemanage/genhomedircon: check usepasswd" libselinux: Always close status page fd Update VERSIONs and Python bindings version to 3.2-rc1 for release setfiles: Do not abort on labeling error setfiles: drop ABORT_ON_ERRORS and related code libsemanage: sync filesystem with sandbox policycoreutils/setfiles: Drop unused nerr variable Update VERSIONs to 3.2-rc2 for release. libselinux: fix segfault in add_xattr_entry() policycoreutils: Resolve path in restorecon_xattr Update VERSIONs to 3.2-rc3 for release. sepolicy: Do not try to load policy on import Update VERSIONs to 3.2 for release. Stephen Smalley (1): libselinux: fix build order Vit Mojzis (6): libsemanage/genhomedircon: check usepasswd python/semanage: empty stdout before exiting on BrokenPipeError python/semanage: Sort imports in alphabetical order python/sepolgen: allow any policy statement in if(n)def selinux(8,5): Describe fcontext regular expressions gui: fix "file type" selection in fcontextPage W. Michael Petullo (1): python/audit2allow: add #include <limits.h> to sepolgen-ifgen-attr-helper.c William Roberts (2): scripts/ci: license as MIT ci: fix stall on git log -1 bauen1 (6): Update the cil docs to match the current behaviour. fixfiles: correctly restore context of mountpoints secilc/docs: use fenced code blocks for cil examples secilc/docs: add syntax highlighting for secil secilc/docs: add custom color theme policycoreutils: sestatus belongs to bin not sbin lutianxiong (1): libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr