ANN: libseccomp v2.5.0 released

Paul Moore paul at paul-moore.com
Mon Jul 20 19:49:02 UTC 2020 

On behalf of the libseccomp project I would like to announce libseccomp v2.5.0!

* https://github.com/seccomp/libseccomp/releases/tag/v2.5.0

The libseccomp v2.5.0 release is backwards compatible with previous
v2.x releases and is a drop-in replacement; no recompilation of
applications is required. Applications will need to be restarted to
take advantage of the new libseccomp release.  While the v2.4.x
release stream will be supported for at least one more maintenance
release, all users and distributions are encouraged to upgrade to
libseccomp v2.5.0.

The core libseccomp library is the work of 56 contributors, and this
release is a significant upgrade over the libseccomp v2.4.x release
stream.  The v2.5.0 release brings new support for RISC-V and seccomp
user notifications along with a number of bug fixes and performance
improvements.  A more detailed list of changes can be seen below:

- Add support for the seccomp user notifications, see the
seccomp_notify_alloc(3), seccomp_notify_receive(3),
seccomp_notify_respond(3) manpages for more information
- Add support for new filter optimization approaches, including a
balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter
attribute for more information
- Add support for the 64-bit RISC-V architecture
- Performance improvements when adding new rules to a filter thanks to
the use of internal shadow transactions and improved syscall lookup
tables
- Properly document the libseccomp API return values and include them
in the stable API promise
- Improvements to the s390 and s390x multiplexed syscall handling
- Multiple fixes and improvements to the libseccomp manpages
- Moved from manually maintained syscall tables to an automatically
generated syscall table in CSV format
- Update the syscall tables to Linux v5.8.0-rc5
- Python bindings and build now default to Python 3.x
- Improvements to the tests have boosted code coverage to over 93%
- Enable Travis CI testing on the aarch64 and ppc64le architectures
- Add code inspection via lgtm.com

-- 
paul moore
www.paul-moore.com

More information about the Linux-security-module-archive mailing list