4.2.0

This release focused on improving performance and reducing memory usage.

A Cython-based policy representation replaced the Python/SWIG/static-linked-libsepol implemention. SETools no longer statically links to libsepol, though it is strongly suggested that users rebuild SETools after updating libsepol, in case the policy structure changes.

Building on the policy representation change, refinements in sediff yielded as much as a 90% reduction in memory use, depending on the policies.

This release of SETools has different dependencies than previous versions. See README.md for more details.
Support for Python 2.7 was dropped because all current SELinux-supporting distributions provide Python 3.

Other smaller changes included:

• Added support for SCTP portcons
• Updated permission maps
• Policy symbol names are now available as the name attribute (e.g. Boolean.name, Type.name, etc.)
• Revised some apol layouts to increase the size of text entry fields.
• Revised package structure to make policyrep a module of the setools package.
• Moved constraint expression to its own class
• Made Conditional.evaluate() more useful and added BaseTERule.enabled() method to determine if a rule is enabled

Changes since v4.2.0-rc:

• Restored missing statement() methods in some policyrep classes
• Fixed NULL pointer dereference when iterating over type attributes when the policy has none
• Added xdp_socket permission mapping

4.2.0-rc

Changes since v4.2.0-beta:

• Fixed performance regressions.
• Made further memory usage improvements.
• Fixed build issues with clean target and runtime_library_dirs.
• Revised package structure to make policyrep a module of the setools package.
• Symbol names are now available as the name attribute (e.g. Boolean.name, Type.name, etc.)
• Fixed some apol layouts to increase the size of text fields.
• Move constraint expression to its own class.
• Made Conditional.evaluate() more useful and added BaseTERule.enabled() method to determine if a rule is enabled..

Changes since v4.1.1:

• Replaced the Python/SWIG/static-linked-libsepol policyrep module with a Cython implementation. This will have performance and memory-usage improvements and breaks the static linking to libsepol.
• Significant memory usage reduction in sediff (approximately 60%, depending on the policies).
• Added support for SCTP portcons
• Updated permission maps
• Support for Python 2.7 was dropped

This release of SETools has changed dependencies since 4.1.1. See README.md for more details.

4.2.0-beta

Changes since v4.1.1:

• Replaced the Python/SWIG/static-linked-libsepol policyrep module with a Cython implementation. This will have performance and memory-usage improvements and breaks the static linking to libsepol.
• Significant memory usage reduction in sediff (approximately 60%, depending on the policies).
• Added support for SCTP portcons
• Updated permission maps
• Support for Python 2.7 was dropped

This release of SETools has changed dependencies since 4.1.1. See README.md for more details.

4.1.1

Originally released on 2017-08-05

This release has three changes since 4.1.0:

• Update for libsepol 2.7
• Update to permission maps
• Fixes for apol help files

4.1.0

Originally released on 2017-01-23

This release primarily focused on adding features to apol, but has several library enhancements. There is also one important bugfix in sediff. There were no changes since 4.1.0-rc.

Note This will not compile on the master branch of libsepol (what will be libsepol 2.7). A future release of SETools will have this support (when libsepol 2.7 is released).

Changes since 4.0.1:

Library

• Implemented support for alternate install prefixes.
• Implemented support for building setools with a locally-built libsepol.
• Fixed an sediff bug with unioning rules after expansion.
• Improved sediff memory usage.
• Patch from Nicolas Iooss to make more stable output in TE rule permission lists.
• Replaced string representations (e.g. rule types) with enumerations. Requires the enum34 (not enum) Python package if using Python < 3.4.

Apol

• Implemented context menu option for exporting the information flow and domain transition analysis tree browser views.
• Implemented CSV export of table results.
• Implemented (clipboard) copy from table results.
• Added missing "clear" button in object class query.
• Implemented save/load settings for tabs.
• Implemented save/load workspace (save all tabs settings).
• Fixed include/exclude type dialog to keep its place when adding or removing types from an analysis.
• Implemented filter on include/exclude type dialog to filter the lists by attribute.

4.1.0-rc

Originally released on 2016-12-11

This release primarily focused on adding features to apol, but has several library enhancements. There is also one important bugfix in sediff.

Changes since 4.0.1:

Library

• Implemented support for alternate install prefixes.
• Implemented support for building setools with a locally-built libsepol.
• Fixed an sediff bug with unioning rules after expansion.
• Improved sediff memory usage.
• Patch from Nicolas Iooss to make more stable output in TE rule permission lists.
• Replaced string representations (e.g. rule types) with enumerations. Requires the enum34 (not enum) Python package if using Python < 3.4.

Apol

• Implemented context menu option for exporting the information flow and domain transition analysis tree browser views.
• Implemented CSV export of table results.
• Implemented (clipboard) copy from table results.
• Added missing "clear" button in object class query.
• Implemented save/load settings for tabs.
• Implemented save/load workspace (save all tabs settings).
• Fixed include/exclude type dialog to keep its place when adding or removing types from an analysis.
• Implemented filter on include/exclude type dialog to filter the lists by attribute.

Warning: If you use the 2.5 SELinux userspace toolchain and use this to replace SETools 3.x on your system, it will break the couple of tools from sepolgen/policycoreutils that depend on SETools (e.g. sepolicy) since libqpol/libapol C libraries and their corresponding Python wrappers are no longer provided. The >=2.6 SELinux userspace toolchain has updated its support to setools4, and does not have this problem.

4.0.1

Originally released on 2016-05-17

This is primarily a bugfix release.

Changes since 4.0.0:

Library:

• Fixed a compile error on 32bit systems.
• Changed domain transition analysis output to use lists instead of generators. This fixes a display problem in apol's DTA browser.

apol:

• Replaced icons with stock Qt icons to remove license issues with some distributions.

sesearch:

• Changed xperm options to bring in line with sediff, e.g. --allowx changed to --allowxperm. Python's argument parser will still detect --allowx as an abbreviation of --allowxperm, so compatibility is preserved.
  This release requires libsepol-2.5, which is unfortunately not available yet on some distributions.

Warning: If you use this to replace SETools 3.x on your system, it will break the couple of tools from sepolgen/policycoreutils that depend on SETools (e.g. sepolicy) since libqpol/libapol C libraries and their corresponding Python wrappers are no longer provided.

4.0.0

Originally released on 2016-05-04

SETools has been reimplemented in Python. The following tools were reimplemented:

• apol
• sediff
• seinfo
• sesearch

The following tools were added:

• sedta (command line domain transition analysis)
• seinfoflow (command line information flow analysis)

For an overview of the user interface changes since SETools 3.x, please see the wiki.

This release requires libsepol-2.5, which is unfortunately not available yet on some distributions.

Warning: If you use this to replace SETools 3.x on your system, it will break the couple of tools from sepolgen/policycoreutils that depend on SETools (e.g. sepolicy) since libqpol/libapol C libraries and their corresponding Python wrappers are no longer provided.

The major changes since the 4.0.0-beta release are:

• Completed apol
• Implemented v30 policy support (xperm rules; initial contribution from Richard Haines)
• Implemented Xen policy support (initial contribution from Richard Haines)
• Added man pages

4.0.0-beta

Originally released on 2016-02-19

In this release, sediff is implemented and the analysis library is feature complete, except for pending v30 policy support. Sediff will find the differences in two policies. This version is more comprehensive than prior versions, finding differences that were missed in previous versions such as constraints and portcons. The remaining effort for the 4.0.0 final release is completing the apol GUI, plus any bugfixing.

Warning: If you use this to replace SETools 3.x on your system, it will break the couple of tools from sepolgen/policycoreutils that depend on SETools (e.g. sepolicy) since libqpol/libapol C libraries and their corresponding Python wrappers are no longer provided.

Completed CLI tools:

• seinfo
• sesearch
• sediff
• sedta
• seinfoflow

Completed apol features:

• TE rule query
• RBAC rule query
• MLS rule query
• Information flow analysis
• Domain transition analysis

4.0.0-alpha3

Originally released on 2015-12-15

In this release, the analysis library is largely completed, except for sediff functions. PyQt5 was chosen for the GUI library for SETools; apol has been started and a few rule searches and analyses have been added. The design of apol shifted towards a simpler, single-level tab design, so different types of analyses can be seen alongside each other.

Warning: If you replace the SETools 3.x on your system, it will break the couple of tools from sepolgen/policycoreutils that depend on SETools (e.g. sepolicy) since libqpol/libapol C libraries and their corresponding SWIG wrappers are no longer provided.

Completed CLI tools:

• seinfo
• sesearch
• sedta
• seinfoflow

Completed (and nearly completed) apol features:

• TE rule query
• RBAC rule query
• MLS rule query
• Information flow analysis
• Domain transition analysis