Source: libsepol Version: 3.2-1 Severity: serious Please cherry-pick commit f7431d0e0ed9 ("libsepol: Expand role attributes in constraint expressions") [1], as it fixes a regression using role attributes in constraints reported at [2]. Otherwise role attributes in constraints are not validated, introduced with [3].
[1]: https://github.com/SELinuxProject/selinux/commit/f7431d0e0ed9f695a6a8af74c3f239f80649a167 [2]: https://lore.kernel.org/selinux/CAJ2a_Dd_tccbWwA_S8nnRvpAVJW8EcrU3t3R7e=mcthsx0l...@mail.gmail.com/t/#u [3]: https://github.com/SELinuxProject/selinux/commit/0861c659b59cb106bad1b1d0c9f511a7140a1023