On Fri, May 04, 2018 at 03:16:43PM +0200, Dominick Grift wrote: > On Fri, May 04, 2018 at 09:09:20AM -0400, Stephen Smalley wrote: > > On 05/04/2018 08:19 AM, Dominick Grift wrote: > > > On Thu, May 03, 2018 at 10:52:24AM -0400, Stephen Smalley wrote: > > >> Hi, > > >> > > >> If you have encountered any unreported problems with the 2.8-rcX > > >> releases or have any > > >> pending patches you believe should be included in the 2.8 release, > > >> please post them soon. > > >> Also, let us know of any additions or changes that should be made to the > > >> release notes; > > >> the current draft is as follows. > > >> > > >> User-visible changes: > > > > > > One might see processes "validate_context" where they didnt before > > > > > > Generally processes that use lgetfilecon/lsetfilecon i suspect (like lvm, > > > various systemd components etc) > > > > That should no longer be true as of -rc2 since I reverted the libselinux: > > verify file_contexts when using restorecon change. > > Oh thanks, yes fedora is still on RC1.
I've just built the following packages in Rawhide: libselinux-2.8-0.rc2.1.fc29 - https://koji.fedoraproject.org/koji/taskinfo?taskID=26767629 libsemanage-2.8-0.rc2.1.fc29 - https://koji.fedoraproject.org/koji/taskinfo?taskID=26767782 policycoreutils-2.8-0.rc2.1.fc29 - https://koji.fedoraproject.org/koji/taskinfo?taskID=26767903 > > > > > > > >> > > >> * semanage fcontext -l now also lists home directory entries from > > >> file_contexts.homedirs. > > >> > > >> * semodule can now enable or disable multiple modules in the same > > >> operation by specifying a list of modules after -e or -d, making them > > >> consistent with the -i/u/r/E options. > > >> > > >> * CIL now supports multiple declarations of types, attributes, and > > >> (non-conflicting) object contexts (e.g. genfscon), enabled via the -m > > >> or --multiple-decls option to secilc. > > >> > > >> * libsemanage no longer deletes the tmp directory if there is an error > > >> while committing the policy transaction, so that any temporary files > > >> can be further inspected for debugging purposes (e.g. to examine a > > >> particular line of the generated CIL module). The tmp directory will > > >> be deleted upon the next transaction, so no manual removal is needed. > > >> > > >> * Support was added for SCTP portcon statements. The corresponding > > >> kernel support was introduced in Linux 4.17, and is only active if the > > >> extended_socket_class policy capability is enabled in the policy. > > >> > > >> * sepol_polcap_getnum/name() were exported as part of the shared libsepol > > >> interface, initially for use by setools4. > > >> > > >> * semodule_deps was removed since it has long been broken and is not > > >> useful > > >> for CIL modules. > > >> > > >> Packaging-relevant changes: > > >> > > >> * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., > > >> DESTDIR has to be removed from the definition. For example on Arch > > >> Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". > > >> > > >> * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is > > >> no longer mandatory (thanks to the switch to "-l:libsepol.a" in > > >> Makefiles). > > >> > > >> * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). > > >> > > >> * selinux-gui (i.e. system-config-selinux GUI application) is now > > >> compatible with Python 3. Doing this required migrating away from > > >> PyGTK to the supported PyGI library. This means that selinux-gui now > > >> depends on python-gobject, Gtk+ 3 and selinux-python. It no longer > > >> requires PyGtk or Python 2. > > > > > > > -- > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > Dominick Grift
signature.asc
Description: PGP signature
