Hello! The 3.8 release for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases I signed all tarballs using my gpg key, see .asc files. You can download the public key from https://github.com/bachradsusi.gpg Thanks to all the contributors, reviewers, testers and reporters! Important change: -------------------- The internal representation of file_contexts.*.bin files is completely rewritten and new format stores all multi-byte data in network byte-order, so that such compiled files can be cross-compiled, e.g. for embedded devices with read-only filesystems. User-visible changes -------------------- * libsemanage: Preserve file context and ownership in policy store * libselinux: deprecate security_disable(3) * libsepol: Support nlmsg extended permissions * libsepol: Add policy capability netlink_xperm * libsemanage: Optionally allow duplicate declarations * policycoreutils: introduce unsetfiles * libselinux/utils: introduce selabel_compare * improved selabel_lookup performance * libselinux: support parallel usage of selabel_lookup(3) * libsepol: add support for xperms in conditional policies * Improved man pages * Code improvements and bug fixes * Always build for LFS mode on 32-bit archs. * libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1 * Regex spec ordering is restored to pre 3.8-rc1 * Binary fcontext files format changed, files using old format are ignored * Code improvements and bug fixes Shortlog of the changes since 3.7 release ----------------------------------------- Christian Göttsche (95): libselinux: deprecate security_disable(3) libselinux: avoid errno modification by fclose(3) selinux: free memory in error branch libsemanage: check for rewind(3) failure selinux: set missing errno in failure branch checkpolicy/fuzz: fix setjmp condition policycoreutils: introduce unsetfiles libselinux/utils: introduce selabel_compare libselinux: use more appropriate types in sidtab libselinux: add unique id to sidtab entries libselinux: sidtab updates libselinux: rework selabel_file(5) database libselinux: remove unused hashtab code libselinux: add selabel_file(5) fuzzer libselinux: support parallel selabel_lookup(3) checkpolicy: avoid memory leaks on redeclarations checkpolicy: avoid leak of identifier on required attribute libsepol: misc assertion cleanup libsepol: add support for xperms in conditional policies checkpolicy: add support for xperms in conditional policies libsepol/cil: add support for xperms in conditional policies libsepol: indent printed allow rule on assertion failure libsepol/tests: add cond xperm neverallow tests libsemanage: white space cleanup libsemanage: fix typo libsemanage: drop unused macro libsemanage: drop dead assignments libsemanage: drop dead variable libsemanage: drop unnecessary declarations libsemanage: drop unnecessary return statements libsemanage: drop duplicate include libsemanage: drop const from function declaration libsemanage: check memory allocations libsemanage: use unlink on non directory libsemanage: free resources on failed connect attempt libsemanage: declare file local function tables static libsemanage: avoid const dropping casts libsemanage: cast to unsigned char for character checking functions libsemanage: drop casts to same type libsemanage: fix asprintf error branch libsemanage: avoid leak on realloc failure libsemanage: use strtok_r for thread safety libsemanage: free ibdev names in semanage_ibendport_validate_local() libsemanage: simplify malloc plus strcpy via strndup libsemanage: check for path formatting failures libsemanage: introduce write_full wrapper libsemanage: more strict value parsing libsemanage: constify function pointer structures libsemanage: simplify loop exit libsemanage: constify read only parameters and variables libsemanage: avoid misc function pointer casts libsemanage: adjust sizes to avoid implicit truncations libsemanage: use asprintf(3) to simplify code libsemanage: use size_t for hash input sizes libsemanage: drop macros used once libsemanage: drop dead code libsemanage: preserve errno during internal logging libsemanage: avoid strerror(3) libsemanage: avoid writing directly to stderr libsemanage: skip sort of empty arrays libsemanage/tests: misc cleanup libsemanage: set O_CLOEXEC flag for file descriptors libsemanage: handle cil_set_handle_unknown() failure libsemanage: handle shell allocation failure libsemanage: drop duplicate newlines and error descriptions in error messages libsemanage: check closing written files libsemanage: simplify file deletion libsemanage: optimize policy by default libsemanage/man: add documentation for command overrides libsemanage: respect shell paths with /usr prefix libselinux: make use of calloc(3) libselinux: avoid dynamic allocation in openattr() libselinux: move functions out of header file libsepol: harden availability check against user CFLAGS libselinux: harden availability check against user CFLAGS libselinux: avoid memory allocation in common file label lookup libselinux: use vector instead of linked list for substitutions libselinux: simplify string formatting libselinux/utils: use correct error handling libsepol: avoid unnecessary memset(3) calls in hashtab checkpolicy: drop host bits in IPv6 CIDR address libselinux/utils: drop reachable assert in sefcontext_compile libsepol: add missing word separators in error message libselinux/fuzz: update for lookup_all() change libselinux: restore previous regex spec ordering libselinux/fuzz: readjust load_mmap() update libsepol/cil: free nlmsg hashtable on error libselinux/fuzz: handle inputs with trailing data libsepol: fix typos python: fix typos libselinux: set errno in failure case checkpolicy: check identifier before copying checkpolicy: remove unneeded queue_head() checkpolicy: do not consume unmatched identifiers checkpolicy: clear queue between parser passes Daniel Burgener (1): CONTRIBUTING.md: Drop dependency and build instructions Dmitry Sharshakov (2): sepolgen: initialize gen_cil policygen: respect CIL option when generating comments Fabian Vogt (2): restorecond: Set GLib IO channels to binary mode restorecond: Set GLib IO channels to nonblocking James Carter (9): checkpolicy: Check the right bits of an ibpkeycon rule subnet prefix libselinux: Fix integer comparison issues when compiling for 32-bit libsepol/cil: Allow dotted names in aliasactual rules checkpolicy: Fix MLS users in optional blocks libsepol/cil: Optionally allow duplicate role declarations libsemanage: Optionally allow duplicate declarations libsepol: Remove special handling of roles in module_to_cil.c libselinux: Close old selabel handle when setting a new one libsemanage: Set new restorecon handle before doing restorecon Ondrej Mosnacek (5): ci: use Testing Farm for running the testsuite ci: update Python versions ci: add missing libbz2-dev dependency ci: fix pypy conditional README: fix broken testsuite run status badge Petr Lautrbach (11): libselinux: set free'd data to NULL libselinux: fix swig bindings for 4.3.0 libsemanage: fix swig bindings for 4.3.0 libsemanage: open lock_file with O_RDWR fixfiles: use `grep -F` when search in mounts Update VERSIONs to 3.8-rc1 for release. Update VERSIONs to 3.8-rc2 for release. sepolgen-ifgen: allow M4 escaped filenames Update VERSIONs to 3.8-rc3 for release. Update VERSIONs to 3.8-rc4 for release. Update VERSIONs to 3.8 for release. Stephen Smalley (1): libselinux: formally deprecate security_compute_user() Steve Langasek (1): Always build for LFS mode on 32-bit archs. Thiébaud Weksteen (5): libsepol: Rename ioctl xperms structures and functions libsepol: Support nlmsg extended permissions libsepol: Add policy capability netlink_xperm libselinux: rename hashtab functions libsepol: Support nlmsg xperms in assertions Vit Mojzis (12): libselinux/restorecon: Include <selinux/label.h> libsemanage: Preserve file context and ownership in policy store libsepol/sepol_compute_sid: Do not destroy uninitialized context libsepol/cil: Check that sym_index is within bounds libsepol/cil: Initialize avtab_datum on declaration libsepol/mls: Do not destroy context on memory error libsepol/cil/cil_post: Initialize tmp on declaration libsepol: Initialize "strs" on declaration libselinux/setexecfilecon: Remove useless rc check libselinux/matchpathcon: RESOURCE_LEAK: Variable "con" libsemanage/direct_api: INTEGER_OVERFLOW read_len = read() libsemanage: Mute error messages from selinux_restorecon
