- Disable/remove neverallow options in sediff.
- Improve man pages
- seinfoflow: Add -r option to get flows into the source type.
- seinfoflow.1: Remove references to sepolgen permission map.
- AVRule/AVRuleXperm: Treat rules with no permissions as invalid policy.
- SELinuxPolicy: Add explicit cast for libspol message
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2226424
- Revised sediff method for TE rules. This drastically reduced memory and run time.
- Added infiniband context support to seinfo, sediff, and apol.
- Added apol configuration for location of Qt assistant.
- Fixed sediff issue where properties header would display when not requested.
- Fixed sediff issue with type_transition file name comparison.
- Fixed permission map socket sendto information flow direction.
- Added methods to TypeAttribute class to make it a complete Python collection.
- Genfscon now will look up classes rather than using fixed values which
were dropped from libsepol.
- Replaced the Python/SWIG/static-linked-libsepol policyrep module with
a Cython implementation. This will have performance and memory-usage
improvements and breaks the static linking to libsepol.
- Significant memory usage reduction in sediff (approximately 60%,
depending on the policies).
- Added support for SCTP portcons
- Updated permission maps
- Support for Python 2.7 was dropped
- Drop python2 subpackage (4.2.0 no longer supports python2)
- Require userspace release 2.9
- setools-gui requires python3-setools
- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
- Fixed performance regressions
- Made further memory usage improvements
- Fixed build issues with clean target and runtime_library_dirs
- Revised package structure to make policyrep a module of the setools
package
- Symbol names are now available as the name attribute
(e.g. Boolean.name, Type.name, etc.)
- Fixed some apol layouts to increase the size of text fields
- Move constraint expression to its own class
- Made Conditional.evaluate() more useful and added
BaseTERule.enabled() method to determine if a rule is enabled
- Restored missing statement() methods in some policyrep classes
- Fixed NULL pointer dereference when iterating over type attributes when the policy has none
- Added xdp_socket permission mapping
- SELinuxPolicy: Create a map of aliases on policy load
- Remove source policy references from man pages, as loading source policies
is no longer supported.
- Fix a performance regression in alias loading after alias dereferencing
fixes in 4.2.1
