* ANN: SETools 4.0.0-alpha2 @ 2015-02-11 15:48 Christopher J. PeBenito 2015-05-29 12:45 ` Stephen Smalley 0 siblings, 1 reply; 3+ messages in thread From: Christopher J. PeBenito @ 2015-02-11 15:48 UTC (permalink / raw) To: SELinux List Tresys has released SETools 4.0.0-alpha2: https://github.com/TresysTechnology/setools/releases/tag/4.0.0-alpha2 In this release, SETools has been updated to support Python 3 (tested with 3.3 and 3.4) and includes travis-ci testing[1]. Many features are complete or nearly complete (full list at the end of the email) and available for use via the CLI tools. The GUI tools have not yet been started. Warning: If you replace the SETools 3.x on your system, it will break the couple of tools from sepolgen/policycoreutils that depend on SETools (e.g. sepolicy) since libqpol/libapol C libraries and their corresponding SWIG wrappers are no longer provided. If you are interested in contributing, GitHub's pull request feature is preferred for submitting patches. Please include unit tests. SETools requires the following development packages for building: Python 2.7 or 3.3+ setuptools gcc bison flex libselinux libsepol 2.4+ libbz2 SWIG 2.0.12+ or 3.0+ To run SETools, the following packages are required: Python 2.7 or 3.3+ NetworkX 1.8+ setuptools libselinux libsepol 2.4+ libbz2 Completed (and nearly completed) features: * TE rule query * RBAC rule query * MLS rule query (range_transition; except for range criteria) * Type query * Role query * User query (except level/range criteria) * Object class query * Common query * Boolean query * Policy capability query * All context queries (portcon, genfscon, etc, except range criteria) * Information flow analysis * Domain transition analysis [1] https://travis-ci.org/TresysTechnology/setools -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ANN: SETools 4.0.0-alpha2 2015-02-11 15:48 ANN: SETools 4.0.0-alpha2 Christopher J. PeBenito @ 2015-05-29 12:45 ` Stephen Smalley 2015-05-29 14:42 ` Christopher J. PeBenito 0 siblings, 1 reply; 3+ messages in thread From: Stephen Smalley @ 2015-05-29 12:45 UTC (permalink / raw) To: Christopher J. PeBenito, SELinux List, Steve Lawrence, Joshua Brindle, Eric Paris, Daniel J Walsh On 02/11/2015 10:48 AM, Christopher J. PeBenito wrote: > Tresys has released SETools 4.0.0-alpha2: > > https://github.com/TresysTechnology/setools/releases/tag/4.0.0-alpha2 > > In this release, SETools has been updated to support Python 3 (tested > with 3.3 and 3.4) and includes travis-ci testing[1]. Many features are > complete or nearly complete (full list at the end of the email) and > available for use via the CLI tools. The GUI tools have not yet been > started. > > Warning: If you replace the SETools 3.x on your system, it will break > the couple of tools from sepolgen/policycoreutils that depend on SETools > (e.g. sepolicy) since libqpol/libapol C libraries and their > corresponding SWIG wrappers are no longer provided. Should we then import libqpol and libapol into the upstream selinux? We never should have added dependencies on setools to the core selinux userspace in the first place, as it creates a cyclic dependency. Doesn't look like libapol and libqpol have other dependencies themselves beyond what we already require for selinux userspace unless I am missing something. > > If you are interested in contributing, GitHub's pull request feature is > preferred for submitting patches. Please include unit tests. > > SETools requires the following development packages for building: > Python 2.7 or 3.3+ > setuptools > gcc > bison > flex > libselinux > libsepol 2.4+ > libbz2 > SWIG 2.0.12+ or 3.0+ > > To run SETools, the following packages are required: > Python 2.7 or 3.3+ > NetworkX 1.8+ > setuptools > libselinux > libsepol 2.4+ > libbz2 > > Completed (and nearly completed) features: > * TE rule query > * RBAC rule query > * MLS rule query (range_transition; except for range criteria) > * Type query > * Role query > * User query (except level/range criteria) > * Object class query > * Common query > * Boolean query > * Policy capability query > * All context queries (portcon, genfscon, etc, except range criteria) > * Information flow analysis > * Domain transition analysis > > [1] https://travis-ci.org/TresysTechnology/setools > ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ANN: SETools 4.0.0-alpha2 2015-05-29 12:45 ` Stephen Smalley @ 2015-05-29 14:42 ` Christopher J. PeBenito 0 siblings, 0 replies; 3+ messages in thread From: Christopher J. PeBenito @ 2015-05-29 14:42 UTC (permalink / raw) To: Stephen Smalley, SELinux List, Steve Lawrence, Joshua Brindle, Eric Paris, Daniel J Walsh On 5/29/2015 8:45 AM, Stephen Smalley wrote: > On 02/11/2015 10:48 AM, Christopher J. PeBenito wrote: >> Tresys has released SETools 4.0.0-alpha2: >> >> https://github.com/TresysTechnology/setools/releases/tag/4.0.0-alpha2 >> >> In this release, SETools has been updated to support Python 3 (tested >> with 3.3 and 3.4) and includes travis-ci testing[1]. Many features are >> complete or nearly complete (full list at the end of the email) and >> available for use via the CLI tools. The GUI tools have not yet been >> started. >> >> Warning: If you replace the SETools 3.x on your system, it will break >> the couple of tools from sepolgen/policycoreutils that depend on SETools >> (e.g. sepolicy) since libqpol/libapol C libraries and their >> corresponding SWIG wrappers are no longer provided. > > Should we then import libqpol and libapol into the upstream selinux? You could, but I think it would be an overkill (particularly libapol), based on what I can understand of sepolicy's needs, which is iterating over policy objects plus a little basic avtab searching. It's also CIL-ignorant (not that SETools 4 is CIL-aware). You'll also need to iron out the autotools usage. A library that replaced only the needed functions might be pretty easily doable by leveraging existing dispol code. A longer term, more comprehensive solution would be having a CIL-aware query library upstream (something that provides iteration over the policy contents, symbol lookups, etc.), which would be broadly useful for sepolicy, SETools, admin tools, etc. since libsepol isn't really designed with policy query in mind (which is why we created libqpol). > We never should have added dependencies on setools to the core selinux > userspace in the first place, as it creates a cyclic dependency. Hopefully it would easy to port sepolicy to SETools 4 since both are Python, which would be a solution until the dependency cycle can be broken. I haven't fully looked to see what that would take, since I haven't dissected sepolicy's C Python extension. > Doesn't look like libapol and libqpol have other dependencies themselves > beyond what we already require for selinux userspace unless I am missing > something. I don't think it has any additional dependencies on top of what SELinux userspace already has (unless you don't rip out autotools). -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-05-29 14:42 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-02-11 15:48 ANN: SETools 4.0.0-alpha2 Christopher J. PeBenito 2015-05-29 12:45 ` Stephen Smalley 2015-05-29 14:42 ` Christopher J. PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.