Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-16233

Rebase SELinux userspace to 3.6 release

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.4
    • rhel-9.3.0
    • libsepol
    • None
    • Major
    • Rebase
    • 1
    • sst_security_selinux
    • ssg_security
    • 26
    • 2
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • CY24Q1
    • Enhancement
    • Hide
      .SELinux user-space components rebased to 3.6

      The SELinux user-space components `libsepol`, `libselinux`, `libsemanage`, `policycoreutils`, `checkpolicy`, and `mcstrans` library package have been rebased to 3.6. This version provides various bug fixes, optimizations and enhancements, most notably:

      * Added support for `deny` rules in CIL.
      * Added support for `notself` and `other` keywords in CIL.
      * Added the `getpolicyload` binary that prints the number of policy reloads performed on the current system.
      Show
      .SELinux user-space components rebased to 3.6 The SELinux user-space components `libsepol`, `libselinux`, `libsemanage`, `policycoreutils`, `checkpolicy`, and `mcstrans` library package have been rebased to 3.6. This version provides various bug fixes, optimizations and enhancements, most notably: * Added support for `deny` rules in CIL. * Added support for `notself` and `other` keywords in CIL. * Added the `getpolicyload` binary that prints the number of policy reloads performed on the current system.
    • Done
    • None

      Goal

      • SELinux userspace is update to the latest upstream 3.6 release

      Acceptance Criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • All SELinux userspace components are update to 3.6 version
      • selinux-policy package can be build and installed with 3.6 release

      Important changes

      • Add notself support for neverallow rules
      • dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
      • Improve man pages
      • libselinux: performance optimization for duplicate detection
      • sedismod: add options: --actions ACTIONS, --help
      • sedispol: add options: --actions ACTIONS, --help
      • checkpolicy: add the command line argument -N, --disable-neverallow
      • checkmodule: add the command line argument -N, --disable-neverallow
      • Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system
      • man pages: Remove the Russian translations
      • Add notself and other support to CIL
      • Add support for deny rules

            rhn-engineering-plautrba Petr Lautrbach
            rhn-engineering-plautrba Petr Lautrbach
            Petr Lautrbach Petr Lautrbach
            Milos Malik Milos Malik
            Petr Hybl Petr Hybl
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: