Releases: SELinuxProject/selinux
Release 3.8-rc3
RELEASE 3.8-rc3
Changes
-
Always build for LFS mode on 32-bit archs.
-
libsemanage: Mute error messages from selinux_restorecon introduced in 3.8-rc1
-
Regex spec ordering is restored to pre 3.8-rc1
-
Binary fcontext files format changed, files using old format are ignored
-
Code improvements and bug fixes
Release 3.8-rc1
RELEASE 3.8-rc1
User-visible changes
-
libsemanage: Preserve file context and ownership in policy store
-
libselinux: deprecate security_disable(3)
-
libsepol: Support nlmsg extended permissions
-
libsepol: Add policy capability netlink_xperm
-
libsemanage: Optionally allow duplicate declarations
-
policycoreutils: introduce unsetfiles
-
libselinux/utils: introduce selabel_compare
-
improved selabel_lookup performance
-
libselinux: support parallel usage of selabel_lookup(3)
-
libsepol: add support for xperms in conditional policies
-
Improved man pages
-
Code improvements and bug fixes
SELinux userspace release 3.7
RELEASE 3.7
User-visible changes
-
audit2allow -C
for CIL output mode -
sepolgen: adjust parse for refpolicy
-
semanage: Allow modifying records on "add"
-
semanage: Do not sort local fcontext definitions
-
Improved man pages
-
checkpolicy: support CIDR notation for nodecon statements
-
sandbox: Add support for Wayland
-
Code improvements and bug fixes
SELinux userspace release 3.7-rc3
RELEASE 3.7-rc3
User-visible changes
- Code improvements and bug fixes
SELinux userspace release 3.7-rc2
RELEASE 3.7-rc2
User-visible changes
-
checkpolicy: support CIDR notation for nodecon statements
-
sandbox: Add support for Wayland
-
Code improvements and bug fixes
SELinux userspace release 3.7-rc1
RELEASE 3.7-rc1
User-visible changes
-
audit2allow -C
for CIL output mode -
sepolgen: adjust parse for refpolicy
-
semanage: Allow modifying records on "add"
-
semanage: Do not sort local fcontext definitions
-
Improved man pages
-
Code improvements and bug fixes
SELinux userspace release 3.6
RELEASE 3.6
User-visible changes
-
checkpolicy/dispol: add option to display users, drop duplicate option to display booleans,
show number of entries before listing them -
libsepol: struct cond_expr_t
bool
renamed toboolean
The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro -
cil: Allow IP address and mask values to be directly written
-
cil: Allow paths in filecon rules to be passed as arguments
-
Add not self support for neverallow rules
-
dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
-
Improve man pages
-
libselinux: performance optimization for duplicate detection
-
dismod: add options: --actions ACTIONS, --help
-
dispol: add options: --actions ACTIONS, --help
-
checkpolicy: Add the command line argument -N, --disable-neverallow
-
Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system
-
man pages: Remove the Russian translations
-
Add notself and other support to CIL
-
Add support for deny rules
-
Translations updated from
https://translate.fedoraproject.org/projects/selinux/ -
Bug fixes
Development-relevant changes
-
ci: bump Fedora to version 39
-
Drop LGTM.com and Travis CI configuration
SELinux userspace release 3.6-rc2
RELEASE 3.6-rc2
User-visible changes
-
cil: Allow IP address and mask values to be directly written
-
cil: Allow paths in filecon rules to be passed as arguments
-
Bug fixes
Development-relevant changes
-
ci: bump Fedora to version 39
-
Drop LGTM.com and Travis CI configuration
SELinux userspace release 3.6-rc1
RELEASE 3.6-rc1
User-visible changes
-
Add not self support for neverallow rules
-
dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
-
Improve man pages
-
libselinux: performance optimization for duplicate detection
-
dismod: add options: --actions ACTIONS, --help
-
dispol: add options: --actions ACTIONS, --help
-
checkpolicy: Add the command line argument -N, --disable-neverallow
-
Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system
-
man pages: Remove the Russian translations
-
Add notself and other support to CIL
-
Add support for deny rules
-
Translations updated from
https://translate.fedoraproject.org/projects/selinux/ -
Bug fixes
SELinux userspace release 3.5
RELEASE 3.5
User-visible changes
-
Maintainer GPG fingerprints added to /SECURITY.md
-
semodule option --rebuild-if-modules-changed was renamed to --refresh
-
Remove dependency on the deprecated Python module distutils and install via pip
-
libsepol: Stricter policy validation
-
libsepol: do not write empty class definitions to allow simpler round-trip tests
-
libsepol: reject attributes in type av rules for kernel policies
-
libselinux: add getpidprevcon()
-
libselinux: restorecon hashtable and other misc fixes
-
libselinux: Add workaround to reduce pcre2 heap memory usage
-
sepolicy: Several python and GTK updates
-
sepolicy: Add missing booleans to man pages
-
sepolicy: Cache queries to speed up manpage generation
-
mcstrans: preserve runtime directory
-
fixfiles: Unmount temporary bind mounts on SIGINT
-
Large updates to translations and better handling for unsupported languages
-
Translation updated and better handling for unsupported languages
-
Translation updated for generated descriptions
-
A lot of static code analysis issues, fuzzer issues and compiler warnings fixed
-
Bug fixes
Development-relevant changes
- Install python modules via pip instead of setup.py
- ci: Run on Fedora36 instead of F34
- ci: Run on Python3.11 and drop py3.5, py3.6