Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-16233

Rebase SELinux userspace to 3.6 release

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.4
    • rhel-9.3.0
    • libsepol
    • None
    • High
    • Rebase
    • 1
    • rhel-sst-security-selinux
    • ssg_security
    • 26
    • 2
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • CY24Q1
    • Enhancement
    • Hide
      .SELinux user-space components rebased to 3.6

      The SELinux user-space components `libsepol`, `libselinux`, `libsemanage`, `policycoreutils`, `checkpolicy`, and `mcstrans` library package have been rebased to 3.6. This version provides various bug fixes, optimizations and enhancements, most notably:

      * Added support for `deny` rules in CIL.
      * Added support for `notself` and `other` keywords in CIL.
      * Added the `getpolicyload` binary that prints the number of policy reloads performed on the current system.
      Show
      .SELinux user-space components rebased to 3.6 The SELinux user-space components `libsepol`, `libselinux`, `libsemanage`, `policycoreutils`, `checkpolicy`, and `mcstrans` library package have been rebased to 3.6. This version provides various bug fixes, optimizations and enhancements, most notably: * Added support for `deny` rules in CIL. * Added support for `notself` and `other` keywords in CIL. * Added the `getpolicyload` binary that prints the number of policy reloads performed on the current system.
    • Done
    • None

      Goal

      • SELinux userspace is update to the latest upstream 3.6 release

      Acceptance Criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • All SELinux userspace components are update to 3.6 version
      • selinux-policy package can be build and installed with 3.6 release

      Important changes

      • Add notself support for neverallow rules
      • dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
      • Improve man pages
      • libselinux: performance optimization for duplicate detection
      • sedismod: add options: --actions ACTIONS, --help
      • sedispol: add options: --actions ACTIONS, --help
      • checkpolicy: add the command line argument -N, --disable-neverallow
      • checkmodule: add the command line argument -N, --disable-neverallow
      • Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system
      • man pages: Remove the Russian translations
      • Add notself and other support to CIL
      • Add support for deny rules

            [RHEL-16233] Rebase SELinux userspace to 3.6 release

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (policycoreutils bug fix and enhancement update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHBA-2024:2442

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (policycoreutils bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2024:2442

            RHEL Jira bot added a comment -

            The 'blocked by' issue RHEL-16239 is transitioned to Closed.

            RHEL Jira bot added a comment - The 'blocked by' issue RHEL-16239 is transitioned to Closed.

            Jan Fiala added a comment -

            Adjusted the last bullet as per inputs from mmalik@redhat.com.

            Jan Fiala added a comment - Adjusted the last bullet as per inputs from mmalik@redhat.com .

            Petr Lautrbach added a comment -

            I'd use 'CIL' - it's common and known abbreviation in SELinux world. Its meaning - 'Common Intermediate Language' - is probably known just to core members.

            Petr Lautrbach added a comment - I'd use 'CIL' - it's common and known abbreviation in SELinux world. Its meaning - 'Common Intermediate Language' - is probably known just to core members.

            Petr Hybl added a comment - - edited

            Hi, rhn-engineering-plautrba can you look at the docs text and provide a SME review please?

            Petr Hybl added a comment - - edited Hi, rhn-engineering-plautrba can you look at the docs text and provide a SME review please?

            Gabriela Fialova added a comment -

            This ticket has been added into tickets.yaml file for RHEL 9.4 Beta Release Notes.

            Gabriela Fialova added a comment - This ticket has been added into tickets.yaml file for RHEL 9.4 Beta Release Notes.

            Milos Malik added a comment -

            All sub-tickets were successfully tested and verified. No regressions were found.

            Milos Malik added a comment - All sub-tickets were successfully tested and verified. No regressions were found.

              rhn-engineering-plautrba Petr Lautrbach
              rhn-engineering-plautrba Petr Lautrbach
              Petr Lautrbach Petr Lautrbach
              Milos Malik Milos Malik
              Petr Hybl Petr Hybl
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: