On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > Hi, > > If you have encountered any unreported problems with the 2.8-rcX releases or > have any > pending patches you believe should be included in the 2.8 release, please > post them soon. > Also, let us know of any additions or changes that should be made to the > release notes; > the current draft is as follows. > > User-visible changes:
One might see processes "validate_context" where they didnt before
Generally processes that use lgetfilecon/lsetfilecon i suspect (like lvm,
various systemd components etc)
>
> * semanage fcontext -l now also lists home directory entries from
> file_contexts.homedirs.
>
> * semodule can now enable or disable multiple modules in the same
> operation by specifying a list of modules after -e or -d, making them
> consistent with the -i/u/r/E options.
>
> * CIL now supports multiple declarations of types, attributes, and
> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m
> or --multiple-decls option to secilc.
>
> * libsemanage no longer deletes the tmp directory if there is an error
> while committing the policy transaction, so that any temporary files
> can be further inspected for debugging purposes (e.g. to examine a
> particular line of the generated CIL module). The tmp directory will
> be deleted upon the next transaction, so no manual removal is needed.
>
> * Support was added for SCTP portcon statements. The corresponding
> kernel support was introduced in Linux 4.17, and is only active if the
> extended_socket_class policy capability is enabled in the policy.
>
> * sepol_polcap_getnum/name() were exported as part of the shared libsepol
> interface, initially for use by setools4.
>
> * semodule_deps was removed since it has long been broken and is not useful
> for CIL modules.
>
> Packaging-relevant changes:
>
> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc.,
> DESTDIR has to be removed from the definition. For example on Arch
> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin".
>
> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is
> no longer mandatory (thanks to the switch to "-l:libsepol.a" in
> Makefiles).
>
> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed).
>
> * selinux-gui (i.e. system-config-selinux GUI application) is now
> compatible with Python 3. Doing this required migrating away from
> PyGTK to the supported PyGI library. This means that selinux-gui now
> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer
> requires PyGtk or Python 2.
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
signature.asc
Description: PGP signature
