ANN: SELinux userspace release 3.2

[Petr Lautrbach <plautrba@redhat.com>]

Hello!

The 3.2 release for the SELinux userspace is now available at:

https://github.com/SELinuxProject/selinux/wiki/Releases

Thanks to all the contributors to this release!

User-visible changes
--------------------

* libsepol implemented a new, more space-efficient form of storing filename
  transitions in the binary policy and reduced the size of the binary policy
  
* libselinux: Use mmap()'ed kernel status page instead of netlink by default.
  See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
  Note: if you need to `umount /sys/fs/selinux` you need to use lazy umount -
  `umount -l /sys/fs/selinux` as the kernel status page /sys/fs/selinux/status
  stays mapped by processes like systemd, dbus, sshd.
  
* Tools using sepolgen, e.g. audit2allow, print extended permissions in
  hexadecimal
  
* sepolgen sorts extended rules like normal ones

* New log callback levels for enforcing and policy load notices -
  SELINUX_POLICYLOAD, SELINUX_SETENFORCE 

* Changed userspace AVC setenforce and policy load messages to audit format.

* matchpathcon converted to selabel_lookup() - no more matchpathcon is
  deprecated warning
  
* libsepol and libsemanage dropped old and deprecated symbols and functions
  libsepol version was bumped to libsepol.so.2
  libsemanage version was bumped to libsemanage.so.2
  
* Release version for the whole project is same as for subcomponents, e.g.
  instead of 20210118 it's 3.2-rc1

* Improved usability of `getseuser`

* Fixed several issues in cil code found by OSS-FUZZ

* `setfiles` doesn't abort on labeling errors

* libsemanage tries to sync data to prevent empty files in SELinux module store

* Improved secilc documentation - fenced code blocks, syntax highlighting, custom
  color theme, ...

* Better error reporting in getconlist


* libsepol implemented a new, more space-efficient form of storing filename
  transitions in the binary policy and reduced the size of the binary policy

* libselinux: Use mmap()'ed kernel status page instead of netlink by default.
  See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
  Note: if you need to `umount /sys/fs/selinux` you need to use lazy umount -
  `umount -l /sys/fs/selinux` as the kernel status page /sys/fs/selinux/status
  stays mapped by processes like systemd, dbus, sshd.

* Tools using sepolgen, e.g. audit2allow, print extended permissions in
  hexadecimal

* sepolgen sorts extended rules like normal ones

* New log callback levels for enforcing and policy load notices -
  SELINUX_POLICYLOAD, SELINUX_SETENFORCE

* Changed userspace AVC setenforce and policy load messages to audit format.

* matchpathcon converted to selabel_lookup() - no more matchpathcon is
  deprecated warning

* libsepol and libsemanage dropped old and deprecated symbols and functions
  libsepol version was bumped to libsepol.so.2
  libsemanage version was bumped to libsemanage.so.2

* Release version for the whole project is same as for subcomponents, e.g.
  instead of 20210304 it's 3.2

* Improved man pages

* Bug fixes


Development-relevant changes
----------------------------

* License the CI scripts with a permissive, OSI approved license, such as MIT

* Several CI improvements

* Added configuration to build and run tests in GitHub Actions

* CI contains configuration for a Vagrant virtual machine - instructions on how
  to use it are documented at the beginning of Vagrantfile.
  
* `scripts/release` was improved to be more robust and release a source repository

Packaging-relevant changes
--------------------------

* Both libsepol and libsemanage bumped their soname versions. Especially
libsemanage is linked to shadow-utils and direct update might cause problems to
buildroots. Also SETools needs to be rebuilt against libsepol.so.2

* Source repository snapshot selinux-3.2-rc2.tar.gz is available on the release page

* sestatus is installed as /usr/bin/sestatus by default. Original /usr/sbin/sestatus is
  a relative symlink to the /usr/bin/sestatus.

Issues fixed
------------

* https://github.com/SELinuxProject/selinux/issues/245
* https://github.com/SELinuxProject/selinux/issues/270


Shortlog of changes since the 3.1 release
-----------------------------------------
Antoine Tenart (1):
      policycoreutils: setfiles: do not restrict checks against a binary policy

Bernhard M. Wiedemann (1):
      python/sepolicy: allow to override manpage date

Björn Bidar (2):
      libselinux: Add build option to disable X11 backend
      libselinux: LABEL_BACKEND_ANDROID add option to enable

Chris PeBenito (5):
      libselinux: Remove trailing slash on selabel_file lookups.
      libselinux: Add new log callback levels for enforcing and policy load notices.
      libselinux: Fix selabel_lookup() for the root dir.
      libselinux: Add additional log callback details in man page for auditing.
      libselinux: Change userspace AVC setenforce and policy load messages to audit format.

Christian Göttsche (10):
      sepolgen: print extended permissions in hexadecimal
      sepolgen: sort extended rules like normal ones
      libselinux: use full argument specifiers for security_check_context in man page
      libselinux: safely access shared memory in selinux_status_updated()
      libselinux: initialize last_policyload in selinux_status_open()
      libselinux: accept const fromcon in get_context API
      libselinux: update getseuser
      libselinux/getconlist: report failures
      policycoreutils/fixfiles.8: add missing file systems and merge check and verify
      libsepol/cil: handle SID without assigned context when writing policy.conf

Dominick Grift (5):
      secilc/docs: document expandtypeattribute
      newrole: support cross-compilation with PAM and audit
      cil_access_vector_rules: allowx, auditallowx and dontauditx fixes
      cil_network_labeling_statements: fixes nodecon examples
      secilc: fixes cil_role_statements.md example

Evgeny Vereshchagin (1):
      libsepol/cil: always destroy the lexer state

Hu Keping (3):
      Introduce VERSION file for selinux
      Use X.Y instead of date for release tag
      Simplify the tarball generating scripts

Jakub Hrozek (1):
      libsemanage: Free contents of modkey in semanage_direct_remove

James Carter (17):
      libsepol/cil: Validate constraint expressions before adding to binary policy
      libsepol/cil: Validate conditional expressions before adding to binary policy
      libsepol/cil: Fix neverallow checking involving classmaps
      libsepol/cil: Give error for more than one true or false block
      libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
      libsepol/cil: Get rid of unnecessary check in cil_gen_node()
      libsepol/cil: Remove unused field from struct cil_args_resolve
      libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
      libsepol/cil: Use the macro NODE() whenever possible
      libsepol/cil: Use the macro FLAVOR() whenever possible
      libsepol/cil: Update symtab nprim field when adding or removing datums
      libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
      libsepol/cil: Fix heap-use-after-free when using optional blockinherit
      libsepol/cil: Fix integer overflow in the handling of hll line marks
      libsepol/cil: Destroy disabled optional blocks after pass is complete
      libsepol: Create function ebitmap_highest_set_bit()
      libsepol: Validate policydb values when reading binary policy

Laurent Bigonville (1):
      restorecond: Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file

Mike Palmiotto (1):
      libselinux: use kernel status page by default

Nicolas Iooss (31):
      libselinux: convert matchpathcon to selabel_lookup()
      libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
      libsepol: drop confusing BUG_ON macro
      libsepol: silence potential NULL pointer dereference warning
      libsepol: free memory when realloc() fails
      Add configuration to build and run tests in GitHub Actions
      scripts/ci: add configuration for a Vagrant virtual machine
      GitHub Actions: upgrade to Python 3.9
      GitHub Actions: drop Ruby 2.4 from matrix
      libsepol/cil: remove useless print statement
      libsepol/cil: fix NULL pointer dereference when using an unused alias
      libsepol/cil: do not add a stack variable to a list
      libsepol/cil: propagate failure of cil_fill_list()
      libsepol/cil: constify some strings
      libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
      libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
      libsepol/cil: fix NULL pointer dereference when parsing an improper integer
      libsepol: destroy filename_trans list properly
      GitHub Actions: run SELinux testsuite in Fedora virtual machine
      libsepol/cil: fix memory leak when a constraint expression is too deep
      libsepol/cil: unlink blockinherit->block link when destroying a block
      scripts/release: make the script more robust, and release a source repository snapshot
      libsepol: remove unused files
      libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
      libsepol: include header files in source files when matching declarations
      libsepol/cil: fix NULL pointer dereference with empty macro argument
      libsepol/cil: be more robust when encountering <src_info>
      libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
      libselinux: rename gettid() to something which never conflicts with the libc
      libsepol: invalidate the pointer to the policydb if policydb_init fails
      restorecond: invalidate local_lock_fd properly when closing it

Ondrej Mosnacek (9):
      libsepol,checkpolicy: optimize storage of filename transitions
      libsepol: implement POLICYDB_VERSION_COMP_FTRANS
      ci: use parallel build
      ci: bump Fedora image version to 33
      selinux(8): mark up SELINUX values
      selinux(8): explain that runtime disable is deprecated
      selinux_config(5): add a note that runtime disable is deprecated
      ci: add new dependencies needed by selinux-testsuite
      travis: run only selinux-testsuite

Petr Lautrbach (20):
      Update VERSIONs and Python bindings version to 3.1 for release
      libsepol: Get rid of the old and duplicated symbols
      libsepol: Drop deprecated functions
      libsepol: Bump libsepol.so version
      libsemanage: Remove legacy and duplicate symbols
      libsemanage: Drop deprecated functions
      libsemanage: Bump libsemanage.so version
      Revert "libsemanage/genhomedircon: check usepasswd"
      libselinux: Always close status page fd
      Update VERSIONs and Python bindings version to 3.2-rc1 for release
      setfiles: Do not abort on labeling error
      setfiles: drop ABORT_ON_ERRORS and related code
      libsemanage: sync filesystem with sandbox
      policycoreutils/setfiles: Drop unused nerr variable
      Update VERSIONs to 3.2-rc2 for release.
      libselinux: fix segfault in add_xattr_entry()
      policycoreutils: Resolve path in restorecon_xattr
      Update VERSIONs to 3.2-rc3 for release.
      sepolicy: Do not try to load policy on import
      Update VERSIONs to 3.2 for release.

Stephen Smalley (1):
      libselinux: fix build order

Vit Mojzis (6):
      libsemanage/genhomedircon: check usepasswd
      python/semanage: empty stdout before exiting on BrokenPipeError
      python/semanage: Sort imports in alphabetical order
      python/sepolgen: allow any policy statement in if(n)def
      selinux(8,5): Describe fcontext regular expressions
      gui: fix "file type" selection in fcontextPage

W. Michael Petullo (1):
      python/audit2allow: add #include <limits.h> to sepolgen-ifgen-attr-helper.c

William Roberts (2):
      scripts/ci: license as MIT
      ci: fix stall on git log -1

bauen1 (6):
      Update the cil docs to match the current behaviour.
      fixfiles: correctly restore context of mountpoints
      secilc/docs: use fenced code blocks for cil examples
      secilc/docs: add syntax highlighting for secil
      secilc/docs: add custom color theme
      policycoreutils: sestatus belongs to bin not sbin

lutianxiong (1):
      libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr