On Thu, 31 Mar 2022 at 13:41, Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: > > James Carter <jwcart2@xxxxxxxxx> writes: > > > On Tue, Mar 29, 2022 at 3:06 PM Petr Lautrbach <plautrba@xxxxxxxxxx> wrote: > >> > >> Hello, > >> > >> after 142 commits and 5 months since last SELinux userspace release, > >> it's time to think about another release. > >> > >> The current backlog of patches is bellow. Please take a look. > >> > >> This time, I'd like to release rcX every 14 days - > >> rc1 - 04-06-2022 > >> rc2 - 04-20-2022 > >> ... > >> > >> I'll try send patches with the release number change on Mondays before every > >> release. > >> > >> > >> Also when rc1 is out, please consider postponing non-bugfix patches > >> after the release or provide a comment that the change is not necessary > >> for this release. > >> > >> > >> > >> * https://patchwork.kernel.org/patch/12617693/ New [v2] Support static-only builds > >> > >> - v2 of https://lore.kernel.org/selinux/87lf1scgd6.fsf@xxxxxxxxx/ > >> - waits for another review > >> > >> * https://patchwork.kernel.org/patch/12639767/ New libsepol: free ebitmap on end of function > >> > > This is part of the notself patches which will not be ready for this release. It was not specific to the not-self patches, but it is rendered obsolete by 3b71e516 ("libsepol: Make use of previously created ebitmap when checking self "). > > > >> * https://patchwork.kernel.org/project/selinux/list/?series=590259 add not-self neverallow support > >> > > Still working, but not for this release. > > > >> * https://patchwork.kernel.org/patch/12672523/ New [v2] secilc: kernel policy language is infix > >> > > This one fell off my radar. I can ack and merge it. > > > >> * https://patchwork.kernel.org/project/selinux/list/?series=604679 libsepol: Adding support for not-self rules > >> > > Still working, but not for this release. What is missing, it worked fine for me. > >> * https://patchwork.kernel.org/patch/12718352/ New [libselinux] libselinux: make threadsafe for discover_class_cache > >> > >> * https://patchwork.kernel.org/patch/12726783/ New libselinux: Prevent cached context giving wrong results > >> > >> * https://patchwork.kernel.org/project/selinux/list/?series=616731 libsepol: add sepol_av_perm_to_string | > >> > >> """ > >> Since most of these functions are used in either checkpolicy or > >> audit2why (or both), it is probably fine to export these, but I would > >> appreciate any thoughts that Chris and others might have. > >> """ > >> > > I need to think about this one. > > > >> * https://patchwork.kernel.org/patch/12775701/ New libsepol/cil: Write a message when a log message is truncated > >> > > I will merge this. > > > >> * https://patchwork.kernel.org/patch/12780657/ New libsepol: Use calloc when initializing bool_val_to_struct array > >> > > I will merge this. > > > >> * https://patchwork.kernel.org/patch/12783189/ New libsepol: Validate conditional expressions > >> > > I will merge this. > > > >> * https://patchwork.kernel.org/patch/12790631/ New [v3] libsemanage: Fall back to semanage_copy_dir when rename() fails > >> > > I don't know if Ondrej was planning on ack'ing it, but it seems like > > he is satisfied. > > > > Thank You! > > > > > >> > >> > >> Petr > >> > The Fedora fork[1] seems to contain several Coverity related fixes. Any chance of upstreaming those? The permission map[2], used to weight the interface permissions in the database generated by sepolgen-ifgen used by `audit2allow(1) -R`, is quite out of date, while the one from setools[3] is. Could it get synced by a maintainer, as a patch would be more than 3000 lines and hard to review. [1]: https://github.com/fedora-selinux/selinux/commits/rawhide [2]: https://github.com/SELinuxProject/selinux/blob/master/python/sepolgen/src/share/perm_map [3]: https://github.com/SELinuxProject/setools/blob/master/setools/perm_map
