From Fedora Project Wiki



SELinux userspace release 2.6 and setools4

Summary

The new SELinux userspace 2.6 release and setools4 with several improvements and changes are available.

Owner

Current status

  • Targeted release: Fedora 26
  • Last updated: 2017-01-05
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

SELinux userspace release 2.6

SELinux userspace release 2.6 provides lot of fixes several improvements

  • sepolicy was converted to use setools4. setools3 is no longer being developed. setools will be updated to setools4 together with this change.
  • genhomedircon enhancements
    • supports generating home directory contexts for login mappings using the %group syntax
    • new templates %{USERID} and %{USERNAME} were added

SETools 4.0.1

SETools has been reimplemented in Python. The following tools were reimplemented:

  • apol
  • sediff
  • seinfo
  • sesearch

The following tools were added:

  • sedta (command line domain transition analysis)
  • seinfoflow (command line information flow analysis)

For an overview of the user interface changes since SETools 3.x, see the related wiki page https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3


Benefit to Fedora

It's always beneficial to have latest software in Fedora.


Scope

  • Proposal owners:
    • Update SELinux userspace packages - libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, secilc
    • Update setools to setools4
  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

1. https://fedoraproject.org/wiki/Category:Package_policycoreutils_test_cases 2. seinfo, sestatus, sesearch tools


N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Revert shipped changes.

Documentation

N/A (not a System Wide Change)

Release Notes

SELinux userspace was updated to 2.6 release. SETools was updated to 4.0.1 release.