- Replaced the Python/SWIG/static-linked-libsepol policyrep module with
a Cython implementation. This will have performance and memory-usage
improvements and breaks the static linking to libsepol.
- Significant memory usage reduction in sediff (approximately 60%,
depending on the policies).
- Added support for SCTP portcons
- Updated permission maps
- Support for Python 2.7 was dropped
- Drop python2 subpackage (4.2.0 no longer supports python2)
- Require userspace release 2.9
- setools-gui requires python3-setools
- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
- Fixed performance regressions
- Made further memory usage improvements
- Fixed build issues with clean target and runtime_library_dirs
- Revised package structure to make policyrep a module of the setools
package
- Symbol names are now available as the name attribute
(e.g. Boolean.name, Type.name, etc.)
- Fixed some apol layouts to increase the size of text fields
- Move constraint expression to its own class
- Made Conditional.evaluate() more useful and added
BaseTERule.enabled() method to determine if a rule is enabled
- Restored missing statement() methods in some policyrep classes
- Fixed NULL pointer dereference when iterating over type attributes when the policy has none
- Added xdp_socket permission mapping
- SELinuxPolicy: Create a map of aliases on policy load
- Remove source policy references from man pages, as loading source policies
is no longer supported.
- Fix a performance regression in alias loading after alias dereferencing
fixes in 4.2.1
Fixes:
>>> import setools
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python2.7/site-packages/setools/__init__.py", line 31, in <module>
from . import policyrep
File "/usr/lib64/python2.7/site-packages/setools/policyrep/__init__.py", line 26, in <module>
from .bounds import BoundsRuletype
File "/usr/lib64/python2.7/site-packages/setools/policyrep/bounds.py", line 24, in <module>
from .util import PolicyEnum
File "/usr/lib64/python2.7/site-packages/setools/policyrep/util.py", line 21, in <module>
from enum import Enum
ImportError: No module named enum
- bswap_* macros are defined in byteswap.h
Fixes ImportError on s390x:
/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
dta and infoflow modules require networkx which brings lot of dependencies.
These dependencies are not necessary for setools module itself as it's
used in policycoreutils.
Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
setools.dta.DomainTransitionAnalysis and let the package containing
sedta and seinfoflow to require python3-networkx
Added new subpackage setools-console-analyses
There are new warnings when setools are built with gcc 7 therefore we
want to suppress -Werror for now
Fixes:
libqpol/policy_extend.c: In function ‘policy_extend’:
libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
snprintf(buff, 9, "@ttr%04zd", i + 1);
^~~~~~~~~~~
In file included from /usr/include/stdio.h:939:0,
from /usr/include/sepol/policydb/policydb.h:53,
from libqpol/policy_extend.c:29:
/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
error: command 'gcc' failed with exit status 1
- drop %{with python3}
- build python3 sources in setools-x.y.z and python2 in
setools-x.y.z-python2
- clean %{buildroot}%{_bindir} before installing python3 sources