RELEASE 20180524 (2.8) User-visible changes: * semanage fcontext -l now also lists home directory entries from file_contexts.homedirs. * semodule can now enable or disable multiple modules in the same operation by specifying a list of modules after -e or -d, making them consistent with the -i/u/r/E options. * CIL now supports multiple declarations of types, attributes, and (non-conflicting) object contexts (e.g. genfscon), enabled via the -m or --multiple-decls option to secilc. * libsemanage no longer deletes the tmp directory if there is an error while committing the policy transaction, so that any temporary files can be further inspected for debugging purposes (e.g. to examine a particular line of the generated CIL module). The tmp directory will be deleted upon the next transaction, so no manual removal is needed. * Support was added for SCTP portcon statements. The corresponding kernel support was introduced in Linux 4.17, and is only active if the extended_socket_class policy capability is enabled in the policy. This support is required to build the refpolicy master branch (and thus future refpolicy releases). * sepol_polcap_getnum/name() were exported as part of the shared libsepol interface, initially for use by setools4. * semodule_deps was removed since it has long been broken and is not useful for CIL modules. Packaging-relevant changes: * When overriding PREFIX, BINDIR, SBINDIR, SHLIBDIR, LIBEXECDIR, etc., DESTDIR has to be removed from the definition. For example on Arch Linux, SBINDIR="${pkgdir}/usr/bin" was changed to SBINDIR="/usr/bin". * Defining variable LIBSEPOLA (to /usr/lib/libsepol.a, for example) is no longer mandatory (thanks to the switch to "-l:libsepol.a" in Makefiles). * PYSITEDIR has been renamed PYTHONLIBDIR (and its definition changed). * selinux-gui (i.e. system-config-selinux GUI application) is now compatible with Python 3. Doing this required migrating away from PyGTK to the supported PyGI library. This means that selinux-gui now depends on python-gobject, Gtk+ 3 and selinux-python. It no longer requires PyGtk or Python 2.