Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-69451

Rebase SELinux userspace to 3.8 release

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • policycoreutils-3.8-1.el10
    • None
    • Rebase
    • 2
    • rhel-security-selinux
    • ssg_security
    • 26
    • 3
    • QE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • SELINUX 241127 - 241218, SELINUX 250219: 2
    • Rebase
    • Hide
      .SELinux userspace provided in version 3.8

      RHEL 10 contains the SELinux user-space components in version 3.8. This version introduces enhancements and fixes over the previous version, most importantly, the following:

      * A new `audit2allow -C` option has been added to the CIL output mode.
      * The `semanage` utility allows modifying records on `add`.
      * The `semanage` utility no longer sorts local `fcontext` definitions.
      * The `checkpolicy` program supports the CIDR notation for `nodecon` statements.
      * The SELinux `sandbox` utility supports the Wayland display protocol.
      * File context and ownership in the policy store are preserved during SELinux policy rebuild.
      * The format of the binary `file_contexts.bin` file has been changed, and files that use the old format are ignored. The new format is optimized and not architecture-dependent. You can create the binary `file_contexts.bin` file in the new format by rebuilding the SELinux policy.
      * The performance of the `selabel_lookup` library call has been improved significantly.
      Show
      .SELinux userspace provided in version 3.8 RHEL 10 contains the SELinux user-space components in version 3.8. This version introduces enhancements and fixes over the previous version, most importantly, the following: * A new `audit2allow -C` option has been added to the CIL output mode. * The `semanage` utility allows modifying records on `add`. * The `semanage` utility no longer sorts local `fcontext` definitions. * The `checkpolicy` program supports the CIDR notation for `nodecon` statements. * The SELinux `sandbox` utility supports the Wayland display protocol. * File context and ownership in the policy store are preserved during SELinux policy rebuild. * The format of the binary `file_contexts.bin` file has been changed, and files that use the old format are ignored. The new format is optimized and not architecture-dependent. You can create the binary `file_contexts.bin` file in the new format by rebuilding the SELinux policy. * The performance of the `selabel_lookup` library call has been improved significantly.
    • Done
    • None

      Goal

      • All SELinux userspace components are updated to the latest upstream 3.8 release

      Acceptance criteria

      A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

      • All SELinux userspace components are update to 3.8 version
      • selinux-policy package can be build and installed with 3.8 release

              rhn-engineering-plautrba Petr Lautrbach
              rhn-engineering-plautrba Petr Lautrbach
              Petr Lautrbach Petr Lautrbach
              Milos Malik Milos Malik
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: