From Fedora Project Wiki

(initial version)
 
 
Line 103: Line 103:
 
== Scope ==
 
== Scope ==
 
* Proposal owners:
 
* Proposal owners:
 +
** Update SELinux userspace packages - libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, secilc
 +
** Update setools to setools4
 
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
 
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
  
Line 140: Line 142:
 
3. What are the expected results of those actions?
 
3. What are the expected results of those actions?
 
-->
 
-->
 +
 +
1. https://fedoraproject.org/wiki/Category:Package_policycoreutils_test_cases
 +
2. seinfo, sestatus, sesearch tools
 +
  
 
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
Line 164: Line 170:
 
* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 
* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 
* Blocks product? product <!-- Applicable for Changes that blocks specific product release/Fedora.next -->
 
* Blocks product? product <!-- Applicable for Changes that blocks specific product release/Fedora.next -->
 +
 +
Revert shipped changes.
  
 
== Documentation ==
 
== Documentation ==
 
<!-- Is there upstream documentation on this change, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
 
<!-- Is there upstream documentation on this change, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
 +
 +
* https://marc.info/?l=selinux&m=147646050027049&w=4
 +
* https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3
  
 
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
Line 177: Line 188:
 
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze.  
 
Release Notes are not required for initial draft of the Change Proposal but has to be completed by the Change Freeze.  
 
-->
 
-->
 +
 +
SELinux userspace was updated to 2.6 release. SETools was updated to 4.0.1 release.
  
 
[[Category:ChangePageIncomplete]]
 
[[Category:ChangePageIncomplete]]

Latest revision as of 15:05, 5 January 2017



SELinux userspace release 2.6 and setools4

Summary

The new SELinux userspace 2.6 release and setools4 with several improvements and changes are available.

Owner

Current status

  • Targeted release: Fedora 26
  • Last updated: 2017-01-05
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

SELinux userspace release 2.6

SELinux userspace release 2.6 provides lot of fixes several improvements

  • sepolicy was converted to use setools4. setools3 is no longer being developed. setools will be updated to setools4 together with this change.
  • genhomedircon enhancements
    • supports generating home directory contexts for login mappings using the %group syntax
    • new templates %{USERID} and %{USERNAME} were added

SETools 4.0.1

SETools has been reimplemented in Python. The following tools were reimplemented:

  • apol
  • sediff
  • seinfo
  • sesearch

The following tools were added:

  • sedta (command line domain transition analysis)
  • seinfoflow (command line information flow analysis)

For an overview of the user interface changes since SETools 3.x, see the related wiki page https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3


Benefit to Fedora

It's always beneficial to have latest software in Fedora.


Scope

  • Proposal owners:
    • Update SELinux userspace packages - libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, secilc
    • Update setools to setools4
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

1. https://fedoraproject.org/wiki/Category:Package_policycoreutils_test_cases 2. seinfo, sestatus, sesearch tools


N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Revert shipped changes.

Documentation

N/A (not a System Wide Change)

Release Notes

SELinux userspace was updated to 2.6 release. SETools was updated to 4.0.1 release.