SETools 4.3.0 release

- Revised sediff method for TE rules. This drastically reduced memory and run time.
- Added infiniband context support to seinfo, sediff, and apol.
- Added apol configuration for location of Qt assistant.
- Fixed sediff issue where properties header would display when not requested.
- Fixed sediff issue with type_transition file name comparison.
- Fixed permission map socket sendto information flow direction.
- Added methods to TypeAttribute class to make it a complete Python collection.
- Genfscon now will look up classes rather than using fixed values which
    were dropped from libsepol.
This commit is contained in:
Petr Lautrbach 2020-04-02 16:13:04 +02:00
parent bb087c8236
commit 7a283c335f
5 changed files with 62 additions and 19 deletions

1
.gitignore vendored
View File

@ -8,3 +8,4 @@ setools-3.3.8-f1e5b20.tar.bz2
/4.2.0.tar.gz /4.2.0.tar.gz
/4.2.1.tar.gz /4.2.1.tar.gz
/4.2.2.tar.gz /4.2.2.tar.gz
/4.3.0.tar.gz

View File

@ -1,7 +1,7 @@
From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001 From 0575455a0abda5ee63c442433384268a959c4fbc Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com> From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 26 Apr 2019 15:27:25 +0200 Date: Fri, 26 Apr 2019 15:27:25 +0200
Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
setools.DomainTransitionAnalysis setools.DomainTransitionAnalysis
dta and infoflow modules require networkx which brings lot of dependencies. dta and infoflow modules require networkx which brings lot of dependencies.
@ -22,7 +22,7 @@ sedta and seinfoflow to require python3-networkx
7 files changed, 8 insertions(+), 12 deletions(-) 7 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/sedta b/sedta diff --git a/sedta b/sedta
index 60861ca..41e38a2 100755 index 60861ca630a5..41e38a237b42 100755
--- a/sedta --- a/sedta
+++ b/sedta +++ b/sedta
@@ -22,7 +22,7 @@ import argparse @@ -22,7 +22,7 @@ import argparse
@ -44,7 +44,7 @@ index 60861ca..41e38a2 100755
if args.shortest_path or args.all_paths: if args.shortest_path or args.all_paths:
if args.shortest_path: if args.shortest_path:
diff --git a/seinfoflow b/seinfoflow diff --git a/seinfoflow b/seinfoflow
index 97b14ba..e7f965d 100755 index f10c39de4d8e..fee749a83bb5 100755
--- a/seinfoflow --- a/seinfoflow
+++ b/seinfoflow +++ b/seinfoflow
@@ -17,7 +17,7 @@ @@ -17,7 +17,7 @@
@ -56,20 +56,20 @@ index 97b14ba..e7f965d 100755
import argparse import argparse
import sys import sys
import logging import logging
@@ -81,7 +81,7 @@ else: @@ -101,7 +101,7 @@ elif args.booleans is not None:
try: try:
p = setools.SELinuxPolicy(args.policy) p = setools.SELinuxPolicy(args.policy)
m = setools.PermissionMap(args.map) m = setools.PermissionMap(args.map)
- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) - g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) + g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
booleans=booleans)
if args.shortest_path or args.all_paths: if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/setools/__init__.py b/setools/__init__.py diff --git a/setools/__init__.py b/setools/__init__.py
index 7b70f5e..5a5f7fe 100644 index 26fa5aa34a19..b7e51c43c4bb 100644
--- a/setools/__init__.py --- a/setools/__init__.py
+++ b/setools/__init__.py +++ b/setools/__init__.py
@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery @@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery
from .devicetreeconquery import DevicetreeconQuery from .devicetreeconquery import DevicetreeconQuery
# Information Flow Analysis # Information Flow Analysis
@ -83,7 +83,7 @@ index 7b70f5e..5a5f7fe 100644
from .diff import PolicyDifference from .diff import PolicyDifference
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
index 4608b9d..2cde44c 100644 index 4608b9dbf34e..2cde44c142e9 100644
--- a/setoolsgui/apol/dta.py --- a/setoolsgui/apol/dta.py
+++ b/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py
@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
@ -96,7 +96,7 @@ index 4608b9d..2cde44c 100644
from ..logtosignal import LogHandlerToSignal from ..logtosignal import LogHandlerToSignal
from .analysistab import AnalysisTab from .analysistab import AnalysisTab
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
index 7bca299..7fee277 100644 index 7bca299d23fc..7fee2778f35f 100644
--- a/setoolsgui/apol/infoflow.py --- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py
@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
@ -109,7 +109,7 @@ index 7bca299..7fee277 100644
from ..logtosignal import LogHandlerToSignal from ..logtosignal import LogHandlerToSignal
diff --git a/tests/dta.py b/tests/dta.py diff --git a/tests/dta.py b/tests/dta.py
index a0cc938..177e6fb 100644 index a0cc9381469c..177e6fb0b961 100644
--- a/tests/dta.py --- a/tests/dta.py
+++ b/tests/dta.py +++ b/tests/dta.py
@@ -18,7 +18,7 @@ @@ -18,7 +18,7 @@
@ -122,7 +122,7 @@ index a0cc938..177e6fb 100644
from setools.exception import InvalidType from setools.exception import InvalidType
from setools.policyrep import Type from setools.policyrep import Type
diff --git a/tests/infoflow.py b/tests/infoflow.py diff --git a/tests/infoflow.py b/tests/infoflow.py
index aa0e44a..fca2848 100644 index aa0e44a7e4f8..fca2848aeca5 100644
--- a/tests/infoflow.py --- a/tests/infoflow.py
+++ b/tests/infoflow.py +++ b/tests/infoflow.py
@@ -18,7 +18,7 @@ @@ -18,7 +18,7 @@
@ -135,5 +135,5 @@ index aa0e44a..fca2848 100644
from setools.exception import InvalidType from setools.exception import InvalidType
from setools.permmap import PermissionMap from setools.permmap import PermissionMap
-- --
2.17.2 2.26.0.rc2

View File

@ -0,0 +1,24 @@
From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 2 Apr 2020 16:06:14 +0200
Subject: [PATCH] Require networkx on package level
It allows us to ship python3-setools without dependency on python3-networkx
---
setup.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
index 457c83049ca5..4bfd438002bb 100644
--- a/setup.py
+++ b/setup.py
@@ -170,5 +170,5 @@ setup(name='setools',
# setup also requires libsepol and libselinux
# C libraries and headers to compile.
setup_requires=['setuptools', 'Cython>=0.27'],
- install_requires=['setuptools', 'networkx>=2.0']
+ install_requires=['setuptools']
)
--
2.26.0.rc2

View File

@ -6,8 +6,8 @@
Name: setools Name: setools
Version: 4.2.2 Version: 4.3.0
Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
Summary: Policy analysis tools for SELinux Summary: Policy analysis tools for SELinux
License: GPLv2 License: GPLv2
@ -17,7 +17,7 @@ Source1: setools.pam
Source2: apol.desktop Source2: apol.desktop
Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1001: 1001-Do-not-use-Werror-during-build.patch
Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
Patch1003: 1003-Require-networkx-on-package-level.patch
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
BuildRequires: flex, bison BuildRequires: flex, bison
BuildRequires: glibc-devel, gcc, git BuildRequires: glibc-devel, gcc, git
@ -120,12 +120,17 @@ Python modules designed to facilitate SELinux policy analysis.
%{_mandir}/man1/sediff* %{_mandir}/man1/sediff*
%{_mandir}/man1/seinfo* %{_mandir}/man1/seinfo*
%{_mandir}/man1/sesearch* %{_mandir}/man1/sesearch*
%{_mandir}/ru/man1/sediff*
%{_mandir}/ru/man1/seinfo*
%{_mandir}/ru/man1/sesearch*
%files console-analyses %files console-analyses
%{_bindir}/sedta %{_bindir}/sedta
%{_bindir}/seinfoflow %{_bindir}/seinfoflow
%{_mandir}/man1/sedta* %{_mandir}/man1/sedta*
%{_mandir}/man1/seinfoflow* %{_mandir}/man1/seinfoflow*
%{_mandir}/ru/man1/sedta*
%{_mandir}/ru/man1/seinfoflow*
%files -n python3-setools %files -n python3-setools
%license COPYING COPYING.GPL COPYING.LGPL %license COPYING COPYING.GPL COPYING.LGPL
@ -136,8 +141,21 @@ Python modules designed to facilitate SELinux policy analysis.
%{_bindir}/apol %{_bindir}/apol
%{python3_sitearch}/setoolsgui %{python3_sitearch}/setoolsgui
%{_mandir}/man1/apol* %{_mandir}/man1/apol*
%{_mandir}/ru/man1/apol*
%changelog %changelog
* Thu Apr 2 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-1
- SETools 4.3.0 release
- Revised sediff method for TE rules. This drastically reduced memory and run time.
- Added infiniband context support to seinfo, sediff, and apol.
- Added apol configuration for location of Qt assistant.
- Fixed sediff issue where properties header would display when not requested.
- Fixed sediff issue with type_transition file name comparison.
- Fixed permission map socket sendto information flow direction.
- Added methods to TypeAttribute class to make it a complete Python collection.
- Genfscon now will look up classes rather than using fixed values which
were dropped from libsepol.
* Mon Mar 23 2020 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-5 * Mon Mar 23 2020 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-5
- setools requires -console, -console-analyses and -gui packages (#1794314) - setools requires -console, -console-analyses and -gui packages (#1794314)

View File

@ -1 +1 @@
SHA512 (4.2.2.tar.gz) = 5044b04d0895ffe31557b3b71bb277ab49710a6066485c8f204ce7858abab259f973000f1fcfde0149ed4e33a50103984939dcc68ce322d70e9e927e81d4f798 SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a