RELEASE 3.2-rc1 ====================== User-visible changes -------------------- * libsepol implemented a new, more space-efficient form of storing filename transitions in the binary policy and reduced the size of the binary policy * libselinux: Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. Note: if you need to `umount /sys/fs/selinux` you need to use lazy umount - `umount -l /sys/fs/selinux` as the kernel status page /sys/fs/selinux/status stays mapped by processes like systemd, dbus, sshd. * Tools using sepolgen, e.g. audit2allow, print extended permissions in hexadecimal * sepolgen sorts extended rules like normal ones * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. * matchpathcon converted to selabel_lookup() - no more matchpathcon is deprecated warning * libsepol and libsemanage dropped old and deprecated symbols and functions libsepol version was bumped to libsepol.so.2 libsemanage version was bumped to libsemanage.so.2 * Release version for the whole project is same as for subcomponents, e.g. instead of 20210118 it's 3.2-rc1 * Improved man pages * Bug fixes Development-relevant changes ---------------------------- * License the ci scripts with a permissive, OSI approved license, such as MIT * Several ci improvements * Added configuration to build and run tests in GitHub Actions * ci contains configuration for a Vagrant virtual machide - instructions on how to use it are documented at the beginning of Vagrantfile. Packaging-relevant changes -------------------------- * Both libsepol and libsemanage bumped their soname versions. Especially libsemanage is linked to shadow-utils and direct update might cause problems to buildroots. Also SETools needs to rebuilt against libsepol.so.ě Issues fixed ------------ * https://github.com/SELinuxProject/selinux/issues/245 * https://github.com/SELinuxProject/selinux/issues/270