RELEASE 20191128 (3.0)

User-visible changes:

* Optional support for kernel policy optimization (enable with
optimize-policy=true in /etc/selinux/semanage.conf for modular policy or -O
option to checkpolicy/secilc for monolithic policy); this is optional because it
provides relatively small savings with non-trivial policy compile-time overhead
for some policies e.g. Android.

* New digest scheme for setfiles/restorecon -D; instead of a single hash of the
entire file contexts configuration stored in a security.restorecon_last xattr on
only the top-level directory, use a hash of all partial matches from file
contexts stored in a security.sehash xattr on each directory,

* Support for default_range glblub in source policy (.te/policy.conf and CIL)
and kernel policy version 32,

* New libselinux APIs for querying validatetrans rules,

* Unknown permissions are now handled as errors in CIL,

* security_av_string() no longer returns immediately upon encountering an
unknown permission and will log all known permissions,

* checkmodule -c support for specifying module policy version,

* mcstransd reverted to original color range matching based on dominance,

* Support for 'dccp' and 'sctp' protocols in semanage port command,

* 'checkpolicy -o -' writes policy to standard output,

* 'semodule -v' sets also cil's log level

* Python 2 code is not be supported in this project anymore and new Python code
should be written only for Python 3.

* Messages about the statement failing to resolve and the optional block being
disabled are displayed at the highest verbosity level.

* Fixed redundant console log output error in restorecond

Issues fixed:

* https://github.com/SELinuxProject/selinux/issues/61
* https://github.com/SELinuxProject/selinux/issues/137
* https://github.com/SELinuxProject/selinux/issues/138
* https://github.com/SELinuxProject/selinux/issues/167
* https://github.com/SELinuxProject/selinux/issues/169
* https://github.com/SELinuxProject/selinux/issues/170
* https://github.com/SELinuxProject/selinux/issues/176