Release SELinux userspace release 3.2-rc1 · SELinuxProject/selinux

User-visible changes

libsepol implemented a new, more space-efficient form of storing filename
transitions in the binary policy and reduced the size of the binary policy
libselinux: Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
Note: if you need to umount /sys/fs/selinux you need to use lazy umount -
umount -l /sys/fs/selinux as the kernel status page /sys/fs/selinux/status
stays mapped by processes like systemd, dbus, sshd.
Tools using sepolgen, e.g. audit2allow, print extended permissions in
hexadecimal
sepolgen sorts extended rules like normal ones
New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
Changed userspace AVC setenforce and policy load messages to audit format.
matchpathcon converted to selabel_lookup() - no more matchpathcon is
deprecated warning
libsepol and libsemanage dropped old and deprecated symbols and functions
libsepol version was bumped to libsepol.so.2
libsemanage version was bumped to libsemanage.so.2
Release version for the whole project is same as for subcomponents, e.g.
instead of 20210118 it's 3.2-rc1
Improved man pages
Bug fixes

License the CI scripts with a permissive, OSI approved license, such as MIT
Several CI improvements
Added configuration to build and run tests in GitHub Actions
CI contains configuration for a Vagrant virtual machine - instructions on how
to use it are documented at the beginning of Vagrantfile.

Both libsepol and libsemanage bumped their soname versions. Especially
libsemanage is linked to shadow-utils and direct update might cause problems to
buildroots. Also SETools needs to be rebuilt against libsepol.so.2