ANN: SETools 4.0.0-alpha2

All of lore.kernel.org
 help / color / mirror / Atom feed

* ANN: SETools 4.0.0-alpha2
@ 2015-02-11 15:48 Christopher J. PeBenito
  2015-05-29 12:45 ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2015-02-11 15:48 UTC (permalink / raw)
  To: SELinux List

Tresys has released SETools 4.0.0-alpha2:

https://github.com/TresysTechnology/setools/releases/tag/4.0.0-alpha2

In this release, SETools has been updated to support Python 3 (tested
with 3.3 and 3.4) and includes travis-ci testing[1].  Many features are
complete or nearly complete (full list at the end of the email) and
available for use via the CLI tools.  The GUI tools have not yet been
started.

Warning: If you replace the SETools 3.x on your system, it will break
the couple of tools from sepolgen/policycoreutils that depend on SETools
(e.g. sepolicy) since libqpol/libapol C libraries and their
corresponding SWIG wrappers are no longer provided.

If you are interested in contributing, GitHub's pull request feature is
preferred for submitting patches.  Please include unit tests.

SETools requires the following development packages for building:
  Python 2.7 or 3.3+
  setuptools
  gcc
  bison
  flex
  libselinux
  libsepol 2.4+
  libbz2
  SWIG 2.0.12+ or 3.0+

To run SETools, the following packages are required:
  Python 2.7 or 3.3+
  NetworkX 1.8+
  setuptools
  libselinux
  libsepol 2.4+
  libbz2

Completed (and nearly completed) features:
* TE rule query
* RBAC rule query
* MLS rule query (range_transition; except for range criteria)
* Type query
* Role query
* User query (except level/range criteria)
* Object class query
* Common query
* Boolean query
* Policy capability query
* All context queries (portcon, genfscon, etc, except range criteria)
* Information flow analysis
* Domain transition analysis

[1] https://travis-ci.org/TresysTechnology/setools

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ANN: SETools 4.0.0-alpha2
  2015-02-11 15:48 ANN: SETools 4.0.0-alpha2 Christopher J. PeBenito
@ 2015-05-29 12:45 ` Stephen Smalley
  2015-05-29 14:42   ` Christopher J. PeBenito
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2015-05-29 12:45 UTC (permalink / raw)
  To: Christopher J. PeBenito, SELinux List, Steve Lawrence,
	Joshua Brindle, Eric Paris, Daniel J Walsh

On 02/11/2015 10:48 AM, Christopher J. PeBenito wrote:
> Tresys has released SETools 4.0.0-alpha2:
> 
> https://github.com/TresysTechnology/setools/releases/tag/4.0.0-alpha2
> 
> In this release, SETools has been updated to support Python 3 (tested
> with 3.3 and 3.4) and includes travis-ci testing[1].  Many features are
> complete or nearly complete (full list at the end of the email) and
> available for use via the CLI tools.  The GUI tools have not yet been
> started.
> 
> Warning: If you replace the SETools 3.x on your system, it will break
> the couple of tools from sepolgen/policycoreutils that depend on SETools
> (e.g. sepolicy) since libqpol/libapol C libraries and their
> corresponding SWIG wrappers are no longer provided.

Should we then import libqpol and libapol into the upstream selinux?
We never should have added dependencies on setools to the core selinux
userspace in the first place, as it creates a cyclic dependency.
Doesn't look like libapol and libqpol have other dependencies themselves
beyond what we already require for selinux userspace unless I am missing
something.

> 
> If you are interested in contributing, GitHub's pull request feature is
> preferred for submitting patches.  Please include unit tests.
> 
> SETools requires the following development packages for building:
>   Python 2.7 or 3.3+
>   setuptools
>   gcc
>   bison
>   flex
>   libselinux
>   libsepol 2.4+
>   libbz2
>   SWIG 2.0.12+ or 3.0+
> 
> To run SETools, the following packages are required:
>   Python 2.7 or 3.3+
>   NetworkX 1.8+
>   setuptools
>   libselinux
>   libsepol 2.4+
>   libbz2
> 
> Completed (and nearly completed) features:
> * TE rule query
> * RBAC rule query
> * MLS rule query (range_transition; except for range criteria)
> * Type query
> * Role query
> * User query (except level/range criteria)
> * Object class query
> * Common query
> * Boolean query
> * Policy capability query
> * All context queries (portcon, genfscon, etc, except range criteria)
> * Information flow analysis
> * Domain transition analysis
> 
> [1] https://travis-ci.org/TresysTechnology/setools
> 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: ANN: SETools 4.0.0-alpha2
  2015-05-29 12:45 ` Stephen Smalley
@ 2015-05-29 14:42   ` Christopher J. PeBenito
  0 siblings, 0 replies; 3+ messages in thread
From: Christopher J. PeBenito @ 2015-05-29 14:42 UTC (permalink / raw)
  To: Stephen Smalley, SELinux List, Steve Lawrence, Joshua Brindle,
	Eric Paris, Daniel J Walsh

On 5/29/2015 8:45 AM, Stephen Smalley wrote:
> On 02/11/2015 10:48 AM, Christopher J. PeBenito wrote:
>> Tresys has released SETools 4.0.0-alpha2:
>>
>> https://github.com/TresysTechnology/setools/releases/tag/4.0.0-alpha2
>>
>> In this release, SETools has been updated to support Python 3 (tested
>> with 3.3 and 3.4) and includes travis-ci testing[1].  Many features are
>> complete or nearly complete (full list at the end of the email) and
>> available for use via the CLI tools.  The GUI tools have not yet been
>> started.
>>
>> Warning: If you replace the SETools 3.x on your system, it will break
>> the couple of tools from sepolgen/policycoreutils that depend on SETools
>> (e.g. sepolicy) since libqpol/libapol C libraries and their
>> corresponding SWIG wrappers are no longer provided.
> 
> Should we then import libqpol and libapol into the upstream selinux?

You could, but I think it would be an overkill (particularly libapol),
based on what I can understand of sepolicy's needs, which is iterating
over policy objects plus a little basic avtab searching.  It's also
CIL-ignorant (not that SETools 4 is CIL-aware).  You'll also need to
iron out the autotools usage.

A library that replaced only the needed functions might be pretty easily
doable by leveraging existing dispol code.  A longer term, more
comprehensive solution would be having a CIL-aware query library
upstream (something that provides iteration over the policy contents,
symbol lookups, etc.), which would be broadly useful for sepolicy,
SETools, admin tools, etc. since libsepol isn't really designed with
policy query in mind (which is why we created libqpol).

> We never should have added dependencies on setools to the core selinux
> userspace in the first place, as it creates a cyclic dependency.

Hopefully it would easy to port sepolicy to SETools 4 since both are
Python, which would be a solution until the dependency cycle can be
broken.  I haven't fully looked to see what that would take, since I
haven't dissected sepolicy's C Python extension.

> Doesn't look like libapol and libqpol have other dependencies themselves
> beyond what we already require for selinux userspace unless I am missing
> something.

I don't think it has any additional dependencies on top of what SELinux
userspace already has (unless you don't rip out autotools).

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-05-29 14:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-11 15:48 ANN: SETools 4.0.0-alpha2 Christopher J. PeBenito
2015-05-29 12:45 ` Stephen Smalley
2015-05-29 14:42   ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.